npm - @openvtc/trust-tasks - Versions diffs - 0.2.0 → 0.2.2 - Mend

@openvtc/trust-tasks 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/dist/_framework/0.2/framework.d.ts +11 -0
package/dist/_framework/0.2/framework.d.ts.map +1 -0
package/dist/_framework/0.2/framework.js +6 -0
package/dist/_framework/0.2/framework.js.map +1 -0
package/dist/acl/grant/0.1/payload.d.ts +13 -0
package/dist/acl/grant/0.1/payload.d.ts.map +1 -1
package/dist/acl/grant/0.1/payload.js.map +1 -1
package/dist/auth/passkey/login/finish/0.2/payload.d.ts +42 -0
package/dist/auth/passkey/login/finish/0.2/payload.d.ts.map +1 -0
package/dist/auth/passkey/login/finish/0.2/payload.js +9 -0
package/dist/auth/passkey/login/finish/0.2/payload.js.map +1 -0
package/dist/auth/passkey/login/start/0.2/payload.d.ts +29 -0
package/dist/auth/passkey/login/start/0.2/payload.d.ts.map +1 -0
package/dist/auth/passkey/login/start/0.2/payload.js +9 -0
package/dist/auth/passkey/login/start/0.2/payload.js.map +1 -0
package/dist/auth/step-up/approve-request/0.2/payload.d.ts +73 -0
package/dist/auth/step-up/approve-request/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/approve-request/0.2/payload.js +9 -0
package/dist/auth/step-up/approve-request/0.2/payload.js.map +1 -0
package/dist/auth/step-up/approve-response/0.2/payload.d.ts +76 -0
package/dist/auth/step-up/approve-response/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/approve-response/0.2/payload.js +9 -0
package/dist/auth/step-up/approve-response/0.2/payload.js.map +1 -0
package/dist/auth/step-up/policy/0.1/payload.d.ts +43 -0
package/dist/auth/step-up/policy/0.1/payload.d.ts.map +1 -0
package/dist/auth/step-up/policy/0.1/payload.js +9 -0
package/dist/auth/step-up/policy/0.1/payload.js.map +1 -0
package/dist/auth/step-up/policy/0.2/payload.d.ts +43 -0
package/dist/auth/step-up/policy/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/policy/0.2/payload.js +9 -0
package/dist/auth/step-up/policy/0.2/payload.js.map +1 -0
package/dist/device/_shared/0.2/device-binding.d.ts +11 -0
package/dist/device/_shared/0.2/device-binding.d.ts.map +1 -0
package/dist/device/_shared/0.2/device-binding.js +6 -0
package/dist/device/_shared/0.2/device-binding.js.map +1 -0
package/dist/device/heartbeat/0.2/payload.d.ts +29 -0
package/dist/device/heartbeat/0.2/payload.d.ts.map +1 -0
package/dist/device/heartbeat/0.2/payload.js +9 -0
package/dist/device/heartbeat/0.2/payload.js.map +1 -0
package/dist/device/list/0.2/payload.d.ts +37 -0
package/dist/device/list/0.2/payload.d.ts.map +1 -0
package/dist/device/list/0.2/payload.js +9 -0
package/dist/device/list/0.2/payload.js.map +1 -0
package/dist/device/register/0.1/payload.d.ts +18 -0
package/dist/device/register/0.1/payload.d.ts.map +1 -1
package/dist/device/register/0.1/payload.js.map +1 -1
package/dist/device/register/0.2/payload.d.ts +97 -0
package/dist/device/register/0.2/payload.d.ts.map +1 -0
package/dist/device/register/0.2/payload.js +9 -0
package/dist/device/register/0.2/payload.js.map +1 -0
package/dist/device/set-wake/0.1/payload.d.ts +43 -0
package/dist/device/set-wake/0.1/payload.d.ts.map +1 -0
package/dist/device/set-wake/0.1/payload.js +9 -0
package/dist/device/set-wake/0.1/payload.js.map +1 -0
package/dist/device/set-wake/0.2/payload.d.ts +43 -0
package/dist/device/set-wake/0.2/payload.d.ts.map +1 -0
package/dist/device/set-wake/0.2/payload.js +9 -0
package/dist/device/set-wake/0.2/payload.js.map +1 -0
package/dist/device/wipe/0.2/payload.d.ts +37 -0
package/dist/device/wipe/0.2/payload.d.ts.map +1 -0
package/dist/device/wipe/0.2/payload.js +9 -0
package/dist/device/wipe/0.2/payload.js.map +1 -0
package/dist/did-management/did/check-name/0.1/payload.d.ts +5 -2
package/dist/did-management/did/check-name/0.1/payload.d.ts.map +1 -1
package/dist/did-management/did/check-name/0.1/payload.js.map +1 -1
package/dist/index.d.ts +63 -17
package/dist/index.d.ts.map +1 -1
package/dist/index.js +63 -17
package/dist/index.js.map +1 -1
package/dist/policy/_shared/0.2/policy.d.ts +11 -0
package/dist/policy/_shared/0.2/policy.d.ts.map +1 -0
package/dist/policy/_shared/0.2/policy.js +6 -0
package/dist/policy/_shared/0.2/policy.js.map +1 -0
package/dist/policy/evaluate/0.2/payload.d.ts +99 -0
package/dist/policy/evaluate/0.2/payload.d.ts.map +1 -0
package/dist/policy/evaluate/0.2/payload.js +9 -0
package/dist/policy/evaluate/0.2/payload.js.map +1 -0
package/dist/policy/list/0.2/payload.d.ts +22 -0
package/dist/policy/list/0.2/payload.d.ts.map +1 -0
package/dist/policy/list/0.2/payload.js +9 -0
package/dist/policy/list/0.2/payload.js.map +1 -0
package/dist/policy/upsert/0.2/payload.d.ts +29 -0
package/dist/policy/upsert/0.2/payload.d.ts.map +1 -0
package/dist/policy/upsert/0.2/payload.js +9 -0
package/dist/policy/upsert/0.2/payload.js.map +1 -0
package/dist/provision/integration/0.2/payload.d.ts +178 -0
package/dist/provision/integration/0.2/payload.d.ts.map +1 -0
package/dist/provision/integration/0.2/payload.js +9 -0
package/dist/provision/integration/0.2/payload.js.map +1 -0
package/dist/push/provision/0.1/payload.d.ts +35 -0
package/dist/push/provision/0.1/payload.d.ts.map +1 -0
package/dist/push/provision/0.1/payload.js +9 -0
package/dist/push/provision/0.1/payload.js.map +1 -0
package/dist/push/provision/0.2/payload.d.ts +35 -0
package/dist/push/provision/0.2/payload.d.ts.map +1 -0
package/dist/push/provision/0.2/payload.js +9 -0
package/dist/push/provision/0.2/payload.js.map +1 -0
package/dist/push/register/0.1/payload.d.ts +72 -0
package/dist/push/register/0.1/payload.d.ts.map +1 -0
package/dist/push/register/0.1/payload.js +9 -0
package/dist/push/register/0.1/payload.js.map +1 -0
package/dist/push/register/0.2/payload.d.ts +72 -0
package/dist/push/register/0.2/payload.d.ts.map +1 -0
package/dist/push/register/0.2/payload.js +9 -0
package/dist/push/register/0.2/payload.js.map +1 -0
package/dist/push/wake/0.1/payload.d.ts +41 -0
package/dist/push/wake/0.1/payload.d.ts.map +1 -0
package/dist/push/wake/0.1/payload.js +9 -0
package/dist/push/wake/0.1/payload.js.map +1 -0
package/dist/push/wake/0.2/payload.d.ts +41 -0
package/dist/push/wake/0.2/payload.d.ts.map +1 -0
package/dist/push/wake/0.2/payload.js +9 -0
package/dist/push/wake/0.2/payload.js.map +1 -0
package/dist/sync/_shared/0.2/sync-event.d.ts +11 -0
package/dist/sync/_shared/0.2/sync-event.d.ts.map +1 -0
package/dist/sync/_shared/0.2/sync-event.js +6 -0
package/dist/sync/_shared/0.2/sync-event.js.map +1 -0
package/dist/sync/event/0.2/payload.d.ts +208 -0
package/dist/sync/event/0.2/payload.d.ts.map +1 -0
package/dist/sync/event/0.2/payload.js +9 -0
package/dist/sync/event/0.2/payload.js.map +1 -0
package/dist/trust-task-error/0.2/payload.d.ts +36 -0
package/dist/trust-task-error/0.2/payload.d.ts.map +1 -0
package/dist/trust-task-error/0.2/payload.js +9 -0
package/dist/trust-task-error/0.2/payload.js.map +1 -0
package/dist/vault/_shared/0.2/consumer-context.d.ts +11 -0
package/dist/vault/_shared/0.2/consumer-context.d.ts.map +1 -0
package/dist/vault/_shared/0.2/consumer-context.js +6 -0
package/dist/vault/_shared/0.2/consumer-context.js.map +1 -0
package/dist/vault/_shared/0.2/sealed-envelope.d.ts +15 -0
package/dist/vault/_shared/0.2/sealed-envelope.d.ts.map +1 -0
package/dist/vault/_shared/0.2/sealed-envelope.js +6 -0
package/dist/vault/_shared/0.2/sealed-envelope.js.map +1 -0
package/dist/vault/_shared/0.2/session-blob.d.ts +13 -0
package/dist/vault/_shared/0.2/session-blob.d.ts.map +1 -0
package/dist/vault/_shared/0.2/session-blob.js +6 -0
package/dist/vault/_shared/0.2/session-blob.js.map +1 -0
package/dist/vault/_shared/0.2/vault-entry.d.ts +13 -0
package/dist/vault/_shared/0.2/vault-entry.d.ts.map +1 -0
package/dist/vault/_shared/0.2/vault-entry.js +6 -0
package/dist/vault/_shared/0.2/vault-entry.js.map +1 -0
package/dist/vault/_shared/0.2/vault-secret.d.ts +15 -0
package/dist/vault/_shared/0.2/vault-secret.d.ts.map +1 -0
package/dist/vault/_shared/0.2/vault-secret.js +6 -0
package/dist/vault/_shared/0.2/vault-secret.js.map +1 -0
package/dist/vault/get/0.2/payload.d.ts +25 -0
package/dist/vault/get/0.2/payload.d.ts.map +1 -0
package/dist/vault/get/0.2/payload.js +9 -0
package/dist/vault/get/0.2/payload.js.map +1 -0
package/dist/vault/list/0.2/payload.d.ts +74 -0
package/dist/vault/list/0.2/payload.d.ts.map +1 -0
package/dist/vault/list/0.2/payload.js +9 -0
package/dist/vault/list/0.2/payload.js.map +1 -0
package/dist/vault/proxy-login/0.2/payload.d.ts +109 -0
package/dist/vault/proxy-login/0.2/payload.d.ts.map +1 -0
package/dist/vault/proxy-login/0.2/payload.js +9 -0
package/dist/vault/proxy-login/0.2/payload.js.map +1 -0
package/dist/vault/release/0.2/payload.d.ts +102 -0
package/dist/vault/release/0.2/payload.d.ts.map +1 -0
package/dist/vault/release/0.2/payload.js +9 -0
package/dist/vault/release/0.2/payload.js.map +1 -0
package/dist/vault/sign-trust-task/0.2/payload.d.ts +99 -0
package/dist/vault/sign-trust-task/0.2/payload.d.ts.map +1 -0
package/dist/vault/sign-trust-task/0.2/payload.js +9 -0
package/dist/vault/sign-trust-task/0.2/payload.js.map +1 -0
package/dist/vault/sync/0.2/payload.d.ts +33 -0
package/dist/vault/sync/0.2/payload.d.ts.map +1 -0
package/dist/vault/sync/0.2/payload.js +9 -0
package/dist/vault/sync/0.2/payload.js.map +1 -0
package/dist/vault/upsert/0.2/payload.d.ts +150 -0
package/dist/vault/upsert/0.2/payload.d.ts.map +1 -0
package/dist/vault/upsert/0.2/payload.js +9 -0
package/dist/vault/upsert/0.2/payload.js.map +1 -0
package/dist/vault/usage/0.2/payload.d.ts +38 -0
package/dist/vault/usage/0.2/payload.d.ts.map +1 -0
package/dist/vault/usage/0.2/payload.js +9 -0
package/dist/vault/usage/0.2/payload.js.map +1 -0
package/dist/vta/_shared/0.1/passkey-vm.d.ts +11 -0
package/dist/vta/_shared/0.1/passkey-vm.d.ts.map +1 -0
package/dist/vta/_shared/0.1/passkey-vm.js +6 -0
package/dist/vta/_shared/0.1/passkey-vm.js.map +1 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts +29 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts +61 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/list/0.1/payload.d.ts +25 -0
package/dist/vta/passkey-vms/list/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/list/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/list/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts +29 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.js.map +1 -0
package/package.json +1 -1
package/src/chat/message/1.0/payload.ts +87 -0
package/src/index.ts +32 -26
package/src/vta/_shared/0.1/passkey-vm.ts +11 -0
package/src/vta/passkey-vms/enroll-challenge/0.1/payload.ts +31 -0
package/src/vta/passkey-vms/enroll-submit/0.1/payload.ts +63 -0
package/src/vta/passkey-vms/list/0.1/payload.ts +27 -0
package/src/vta/passkey-vms/revoke/0.1/payload.ts +31 -0

package/dist/vault/usage/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vault/usage/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vault/usage/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vault/usage/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/vault/usage/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/vault/usage/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAgCH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,6CAAsD,CAAC;AAE/E,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,sDAA+D,CAAC"}

package/dist/vta/_shared/0.1/passkey-vm.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/_shared/0.1/passkey-vm.schema.json
+ */
+/**
+ * A WebAuthn passkey published as a Multikey verificationMethod (purpose `authentication`) on a VTA-managed DID. Any verifier that resolves the DID can validate a WebAuthn assertion against the embedded public key — no callback to the VTA and no shared secret. Returned by vta/passkey-vms/enroll-submit (the single VM just created) and vta/passkey-vms/list (every VM on the DID). The shape mirrors the wallet-side `@pnm/core` PasskeyVerificationMethod and the VTA-side `vta_sdk::protocols::did_management::passkey_vms::PasskeyVerificationMethod`.
+ */
+export interface PasskeyVerificationMethodSharedDefinitionForTheVtaPasskeyVmsSpecFamily {
+    [k: string]: unknown | undefined;
+}
+//# sourceMappingURL=passkey-vm.d.ts.map

package/dist/vta/_shared/0.1/passkey-vm.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"passkey-vm.d.ts","sourceRoot":"","sources":["../../../../src/vta/_shared/0.1/passkey-vm.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,sEAAsE;IACrF,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC"}

package/dist/vta/_shared/0.1/passkey-vm.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/_shared/0.1/passkey-vm.schema.json
+ */
+export {};
+//# sourceMappingURL=passkey-vm.js.map

package/dist/vta/_shared/0.1/passkey-vm.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"passkey-vm.js","sourceRoot":"","sources":["../../../../src/vta/_shared/0.1/passkey-vm.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-challenge/0.1/payload.schema.json
+ */
+/**
+ * Request a fresh WebAuthn registration challenge for adding a passkey verificationMethod to a VTA-managed DID. Step 1 of the two-step enrolment ceremony (challenge → submit). The producer must hold the admin role on the target DID's context.
+ */
+export interface VTAPasskeyVMEnrollChallengePayload {
+    /**
+     * The DID the new passkey verificationMethod will be added to. The producer MUST hold the admin role on this DID's context.
+     */
+    did: string;
+    /**
+     * Optional operator-supplied label for the new passkey (e.g. "MacBook Touch ID"). Carried through to the WebAuthn user name and, if the ceremony completes, to the published verificationMethod.
+     */
+    label?: string;
+    ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/enroll-challenge/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,kEAA2E,CAAC;AAEpG,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,2EAAoF,CAAC"}

package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-challenge/0.1/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1#response";
+//# sourceMappingURL=payload.js.map

package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/enroll-challenge/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,kEAA2E,CAAC;AAEpG,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,2EAAoF,CAAC"}

package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-submit/0.1/payload.schema.json
+ */
+/**
+ * Finalise passkey enrolment by submitting the WebAuthn registration result for a ceremony opened by vta/passkey-vms/enroll-challenge. The VTA re-derives the Multikey from attestationObject.authData and rejects on mismatch with the browser-claimed publicKeyMultibase — the browser's value is NOT trusted as authoritative. On success the VTA appends the verificationMethod to the DID document via a WebVH log entry. All byte-valued fields are base64url-encoded (no padding).
+ */
+export interface VTAPasskeyVMEnrollSubmitPayload {
+    /**
+     * The DID the new verificationMethod is to be added to. MUST match the DID bound to `ceremonyId` at challenge time — a mismatch is rejected as a cross-DID replay.
+     */
+    did: string;
+    /**
+     * The `ceremonyId` returned by vta/passkey-vms/enroll-challenge. Single-use; consumed by this submission.
+     */
+    ceremonyId: string;
+    /**
+     * WebAuthn `credential.id` (base64url, no padding). The published verificationMethod `id` fragment is derived as `passkey-<base64url(sha256(credentialId))>`.
+     */
+    credentialId: string;
+    /**
+     * Browser-computed W3C Multikey for the credential public key. ADVISORY: the VTA re-derives the Multikey from `attestationObject.authData` and rejects this submission if the values differ (anti-tamper gate). The re-derived key — not this one — is what gets published.
+     */
+    publicKeyMultibase: string;
+    /**
+     * COSE algorithm identifier of the credential key (e.g. -7 for ES256, -8 for EdDSA). Must be an algorithm the VTA can convert to a Multikey.
+     */
+    coseAlgorithm: number;
+    /**
+     * Raw WebAuthn `attestationObject` — base64url-encoded CBOR. The VTA parses `authData` from this to re-derive the authoritative public key.
+     */
+    attestationObject: string;
+    /**
+     * Raw WebAuthn `clientDataJSON` (base64url, no padding). Bound to the ceremony `challenge` during WebAuthn verification.
+     */
+    clientDataJson: string;
+    /**
+     * Raw WebAuthn `authenticatorData` (base64url, no padding).
+     */
+    authenticatorData: string;
+    /**
+     * Transport hints reported by the authenticator (e.g. `internal`, `hybrid`). Advisory; carried through to the published verificationMethod's `webauthnTransports`.
+     */
+    transports?: string[];
+    /**
+     * Optional operator-supplied label (e.g. "MacBook Touch ID"), carried through to the published verificationMethod.
+     */
+    label?: string;
+    ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/enroll-submit/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,wEAAiF,CAAC"}

package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-submit/0.1/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1#response";
+//# sourceMappingURL=payload.js.map

package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/enroll-submit/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuDH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,wEAAiF,CAAC"}

package/dist/vta/passkey-vms/list/0.1/payload.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/list/0.1/payload.schema.json
+ */
+/**
+ * List every passkey verificationMethod currently published on a VTA-managed DID. Admin-gated read. The returned entries are the same Multikey verificationMethods that appear in the DID document.
+ */
+export interface VTAPasskeyVMListPayload {
+    /**
+     * The DID whose passkey verificationMethods to enumerate. The producer MUST hold the admin role on this DID's context.
+     */
+    did: string;
+    ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/list/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/list/0.1#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/vta/passkey-vms/list/0.1/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/list/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,sDAA+D,CAAC;AAExF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,+DAAwE,CAAC"}

package/dist/vta/passkey-vms/list/0.1/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/list/0.1/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/list/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/list/0.1#response";
+//# sourceMappingURL=payload.js.map

package/dist/vta/passkey-vms/list/0.1/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/list/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,sDAA+D,CAAC;AAExF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,+DAAwE,CAAC"}

package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/revoke/0.1/payload.schema.json
+ */
+/**
+ * Remove a passkey verificationMethod from a VTA-managed DID document via a WebVH log entry. Admin-gated. The VM is identified by its URL fragment (everything after `#` in the verificationMethod id). The success response is an empty object — modelled as an object so future additive fields do not bump the version.
+ */
+export interface VTAPasskeyVMRevokePayload {
+    /**
+     * The DID the verificationMethod lives on. The producer MUST hold the admin role on this DID's context.
+     */
+    did: string;
+    /**
+     * The verificationMethod URL fragment — everything after `#` in the VM id (e.g. `passkey-3q2r1s0tUvWxYz`). MUST NOT include the leading `#`.
+     */
+    fragment: string;
+    ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/revoke/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/vta/passkey-vms/revoke/0.1#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/revoke/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,wDAAiE,CAAC;AAE1F,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,iEAA0E,CAAC"}

package/dist/vta/passkey-vms/revoke/0.1/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/revoke/0.1/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/revoke/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/revoke/0.1#response";
+//# sourceMappingURL=payload.js.map

package/dist/vta/passkey-vms/revoke/0.1/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/vta/passkey-vms/revoke/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,wDAAiE,CAAC;AAE1F,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,iEAA0E,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openvtc/trust-tasks",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Generated TypeScript bindings for the Trust Tasks framework registry.",
   "type": "module",
   "main": "./dist/index.js",

package/src/chat/message/1.0/payload.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/chat/message/1.0/payload.schema.json
+ */
+/**
+ * A conversational message exchanged between an AI agent and a messaging-platform bridge. Signed by its author (via the document `proof`) and hash-linked to the previous message in the conversation (`prev`), so a third party can verify each message's author and ordering after the transport has closed — for audit and dispute resolution. Conversations and contacts are referenced by opaque, bridge-issued handles, never raw platform addresses.
+ */
+export interface ChatMessagePayload {
+  /**
+   * Opaque, bridge-issued conversation handle. MUST NOT be a raw platform address (phone number, chat id).
+   */
+  conversationId: string;
+  /**
+   * `inbound` = platform → agent (the bridge attests what it received and normalized); `outbound` = agent → platform (authored by the agent).
+   */
+  direction: "inbound" | "outbound";
+  /**
+   * OPTIONAL. Platform key the message belongs to (e.g. `signal`, `whatsapp`). Advisory.
+   */
+  platform?: string;
+  /**
+   * OPTIONAL. Plain-text body. Absent for attachment-only messages.
+   */
+  text?: string;
+  /**
+   * OPTIONAL. Attachments carried by reference, never inline.
+   */
+  attachments?: AttachmentRef[];
+  /**
+   * OPTIONAL. The `id` of the message this one replies to.
+   */
+  replyToId?: string;
+  prev?: ChainLink;
+  /**
+   * RFC 3339 timestamp the author asserts for this message.
+   */
+  sentAt: string;
+  ext?: Ext;
+}
+export interface AttachmentRef {
+  /**
+   * Opaque attachment id, resolvable via the bridge's attachment fetch.
+   */
+  id: string;
+  /**
+   * OPTIONAL. Suggested filename.
+   */
+  filename?: string;
+  /**
+   * IANA media type (e.g. `image/jpeg`).
+   */
+  mediaType: string;
+  /**
+   * OPTIONAL. Size in bytes, if known ahead of fetch.
+   */
+  sizeBytes?: number;
+  /**
+   * OPTIONAL. Multihash digest of the attachment bytes, so the reference is itself verifiable and tamper-evident.
+   */
+  digest?: string;
+}
+/**
+ * OPTIONAL on the first message in a conversation; present on every message thereafter. Links to the previous message so the conversation forms a verifiable, ordered chain.
+ */
+export interface ChainLink {
+  /**
+   * The `id` of the previous `chat/message` Trust Task document in this conversation.
+   */
+  id: string;
+  /**
+   * Multihash digest (e.g. `sha-256`) over the previous document, so a gap, reorder, or removal in the chain is detectable.
+   */
+  digest: string;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+  [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/chat/message/1.0" as const;
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/chat/message/1.0#response" as const;

package/src/index.ts CHANGED Viewed

@@ -1,17 +1,17 @@
 /** Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND. */
-export * as FrameworkShared from "./_framework/0.1/framework";
-export * as FrameworkShared from "./_framework/0.2/framework";
-export * as AclEntryShared from "./acl/_shared/0.1/acl-entry";
+export * as FrameworkShared_v0_1 from "./_framework/0.1/framework";
+export * as FrameworkShared_v0_2 from "./_framework/0.2/framework";
+export * as AclEntryShared_v0_1 from "./acl/_shared/0.1/acl-entry";
 export * as AclChangeRole_v0_1 from "./acl/change-role/0.1/payload";
 export * as AclGrant_v0_1 from "./acl/grant/0.1/payload";
 export * as AclList_v0_1 from "./acl/list/0.1/payload";
 export * as AclRevoke_v0_1 from "./acl/revoke/0.1/payload";
 export * as AclShow_v0_1 from "./acl/show/0.1/payload";
 export * as AclSwapKey_v0_1 from "./acl/swap-key/0.1/payload";
-export * as SessionShared from "./auth/_shared/0.1/session";
-export * as TokensShared from "./auth/_shared/0.1/tokens";
-export * as WebauthnShared from "./auth/_shared/0.1/webauthn";
+export * as SessionShared_v0_1 from "./auth/_shared/0.1/session";
+export * as TokensShared_v0_1 from "./auth/_shared/0.1/tokens";
+export * as WebauthnShared_v0_1 from "./auth/_shared/0.1/webauthn";
 export * as AuthAuthenticate_v0_1 from "./auth/authenticate/0.1/payload";
 export * as AuthChallenge_v0_1 from "./auth/challenge/0.1/payload";
 export * as AuthPasskeyEnrollFinish_v0_1 from "./auth/passkey/enroll/finish/0.1/payload";
@@ -31,10 +31,11 @@ export * as AuthStepUpApproveResponse_v0_2 from "./auth/step-up/approve-response
 export * as AuthStepUpPolicy_v0_1 from "./auth/step-up/policy/0.1/payload";
 export * as AuthStepUpPolicy_v0_2 from "./auth/step-up/policy/0.2/payload";
 export * as AuthWhoami_v0_1 from "./auth/whoami/0.1/payload";
+export * as ChatMessage_v1_0 from "./chat/message/1.0/payload";
 export * as ConfirmRequest_v0_1 from "./confirm/request/0.1/payload";
 export * as ConfirmResponse_v0_1 from "./confirm/response/0.1/payload";
-export * as DeviceBindingShared from "./device/_shared/0.1/device-binding";
-export * as DeviceBindingShared from "./device/_shared/0.2/device-binding";
+export * as DeviceBindingShared_v0_1 from "./device/_shared/0.1/device-binding";
+export * as DeviceBindingShared_v0_2 from "./device/_shared/0.2/device-binding";
 export * as DeviceDisable_v0_1 from "./device/disable/0.1/payload";
 export * as DeviceHeartbeat_v0_1 from "./device/heartbeat/0.1/payload";
 export * as DeviceHeartbeat_v0_2 from "./device/heartbeat/0.2/payload";
@@ -46,10 +47,10 @@ export * as DeviceSetWake_v0_1 from "./device/set-wake/0.1/payload";
 export * as DeviceSetWake_v0_2 from "./device/set-wake/0.2/payload";
 export * as DeviceWipe_v0_1 from "./device/wipe/0.1/payload";
 export * as DeviceWipe_v0_2 from "./device/wipe/0.2/payload";
-export * as WebvhShared from "./did-management/_shared/0.1/did-method-extensions/webvh";
-export * as DidRecordShared from "./did-management/_shared/0.1/did-record";
-export * as DomainEntryShared from "./did-management/_shared/0.1/domain-entry";
-export * as ServiceInstanceShared from "./did-management/_shared/0.1/service-instance";
+export * as WebvhShared_v0_1 from "./did-management/_shared/0.1/did-method-extensions/webvh";
+export * as DidRecordShared_v0_1 from "./did-management/_shared/0.1/did-record";
+export * as DomainEntryShared_v0_1 from "./did-management/_shared/0.1/domain-entry";
+export * as ServiceInstanceShared_v0_1 from "./did-management/_shared/0.1/service-instance";
 export * as DidManagementDidChangeOwner_v0_1 from "./did-management/did/change-owner/0.1/payload";
 export * as DidManagementDidCheckName_v0_1 from "./did-management/did/check-name/0.1/payload";
 export * as DidManagementDidDelete_v0_1 from "./did-management/did/delete/0.1/payload";
@@ -75,8 +76,8 @@ export * as DidManagementRegistryDeregister_v0_1 from "./did-management/registry
 export * as DidManagementServerHealth_v0_1 from "./did-management/server/health/0.1/payload";
 export * as DidManagementServerRegister_v0_1 from "./did-management/server/register/0.1/payload";
 export * as DidManagementServerStatsSync_v0_1 from "./did-management/server/stats-sync/0.1/payload";
-export * as PolicyShared from "./policy/_shared/0.1/policy";
-export * as PolicyShared from "./policy/_shared/0.2/policy";
+export * as PolicyShared_v0_1 from "./policy/_shared/0.1/policy";
+export * as PolicyShared_v0_2 from "./policy/_shared/0.2/policy";
 export * as PolicyDelete_v0_1 from "./policy/delete/0.1/payload";
 export * as PolicyEvaluate_v0_1 from "./policy/evaluate/0.1/payload";
 export * as PolicyEvaluate_v0_2 from "./policy/evaluate/0.2/payload";
@@ -92,23 +93,23 @@ export * as PushRegister_v0_1 from "./push/register/0.1/payload";
 export * as PushRegister_v0_2 from "./push/register/0.2/payload";
 export * as PushWake_v0_1 from "./push/wake/0.1/payload";
 export * as PushWake_v0_2 from "./push/wake/0.2/payload";
-export * as SyncEventShared from "./sync/_shared/0.1/sync-event";
-export * as SyncEventShared from "./sync/_shared/0.2/sync-event";
+export * as SyncEventShared_v0_1 from "./sync/_shared/0.1/sync-event";
+export * as SyncEventShared_v0_2 from "./sync/_shared/0.2/sync-event";
 export * as SyncEvent_v0_1 from "./sync/event/0.1/payload";
 export * as SyncEvent_v0_2 from "./sync/event/0.2/payload";
 export * as TrustTaskDiscovery_v0_1 from "./trust-task-discovery/0.1/payload";
 export * as TrustTaskError_v0_1 from "./trust-task-error/0.1/payload";
 export * as TrustTaskError_v0_2 from "./trust-task-error/0.2/payload";
-export * as ConsumerContextShared from "./vault/_shared/0.1/consumer-context";
-export * as SealedEnvelopeShared from "./vault/_shared/0.1/sealed-envelope";
-export * as SessionBlobShared from "./vault/_shared/0.1/session-blob";
-export * as VaultEntryShared from "./vault/_shared/0.1/vault-entry";
-export * as VaultSecretShared from "./vault/_shared/0.1/vault-secret";
-export * as ConsumerContextShared from "./vault/_shared/0.2/consumer-context";
-export * as SealedEnvelopeShared from "./vault/_shared/0.2/sealed-envelope";
-export * as SessionBlobShared from "./vault/_shared/0.2/session-blob";
-export * as VaultEntryShared from "./vault/_shared/0.2/vault-entry";
-export * as VaultSecretShared from "./vault/_shared/0.2/vault-secret";
+export * as ConsumerContextShared_v0_1 from "./vault/_shared/0.1/consumer-context";
+export * as SealedEnvelopeShared_v0_1 from "./vault/_shared/0.1/sealed-envelope";
+export * as SessionBlobShared_v0_1 from "./vault/_shared/0.1/session-blob";
+export * as VaultEntryShared_v0_1 from "./vault/_shared/0.1/vault-entry";
+export * as VaultSecretShared_v0_1 from "./vault/_shared/0.1/vault-secret";
+export * as ConsumerContextShared_v0_2 from "./vault/_shared/0.2/consumer-context";
+export * as SealedEnvelopeShared_v0_2 from "./vault/_shared/0.2/sealed-envelope";
+export * as SessionBlobShared_v0_2 from "./vault/_shared/0.2/session-blob";
+export * as VaultEntryShared_v0_2 from "./vault/_shared/0.2/vault-entry";
+export * as VaultSecretShared_v0_2 from "./vault/_shared/0.2/vault-secret";
 export * as VaultDelete_v0_1 from "./vault/delete/0.1/payload";
 export * as VaultGet_v0_1 from "./vault/get/0.1/payload";
 export * as VaultGet_v0_2 from "./vault/get/0.2/payload";
@@ -126,6 +127,11 @@ export * as VaultUpsert_v0_1 from "./vault/upsert/0.1/payload";
 export * as VaultUpsert_v0_2 from "./vault/upsert/0.2/payload";
 export * as VaultUsage_v0_1 from "./vault/usage/0.1/payload";
 export * as VaultUsage_v0_2 from "./vault/usage/0.2/payload";
+export * as PasskeyVmShared_v0_1 from "./vta/_shared/0.1/passkey-vm";
+export * as VtaPasskeyVmsEnrollChallenge_v0_1 from "./vta/passkey-vms/enroll-challenge/0.1/payload";
+export * as VtaPasskeyVmsEnrollSubmit_v0_1 from "./vta/passkey-vms/enroll-submit/0.1/payload";
+export * as VtaPasskeyVmsList_v0_1 from "./vta/passkey-vms/list/0.1/payload";
+export * as VtaPasskeyVmsRevoke_v0_1 from "./vta/passkey-vms/revoke/0.1/payload";
 export * as WebvhSyncDelete_v0_1 from "./webvh/sync/delete/0.1/payload";
 export * as WebvhSyncUpdate_v0_1 from "./webvh/sync/update/0.1/payload";
 export * as WebvhWitnessPublish_v0_1 from "./webvh/witness/publish/0.1/payload";

package/src/vta/_shared/0.1/passkey-vm.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/_shared/0.1/passkey-vm.schema.json
+ */
+/**
+ * A WebAuthn passkey published as a Multikey verificationMethod (purpose `authentication`) on a VTA-managed DID. Any verifier that resolves the DID can validate a WebAuthn assertion against the embedded public key — no callback to the VTA and no shared secret. Returned by vta/passkey-vms/enroll-submit (the single VM just created) and vta/passkey-vms/list (every VM on the DID). The shape mirrors the wallet-side `@pnm/core` PasskeyVerificationMethod and the VTA-side `vta_sdk::protocols::did_management::passkey_vms::PasskeyVerificationMethod`.
+ */
+export interface PasskeyVerificationMethodSharedDefinitionForTheVtaPasskeyVmsSpecFamily {
+  [k: string]: unknown | undefined;
+}

package/src/vta/passkey-vms/enroll-challenge/0.1/payload.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-challenge/0.1/payload.schema.json
+ */
+/**
+ * Request a fresh WebAuthn registration challenge for adding a passkey verificationMethod to a VTA-managed DID. Step 1 of the two-step enrolment ceremony (challenge → submit). The producer must hold the admin role on the target DID's context.
+ */
+export interface VTAPasskeyVMEnrollChallengePayload {
+  /**
+   * The DID the new passkey verificationMethod will be added to. The producer MUST hold the admin role on this DID's context.
+   */
+  did: string;
+  /**
+   * Optional operator-supplied label for the new passkey (e.g. "MacBook Touch ID"). Carried through to the WebAuthn user name and, if the ceremony completes, to the published verificationMethod.
+   */
+  label?: string;
+  ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+  [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1" as const;
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-challenge/0.1#response" as const;

package/src/vta/passkey-vms/enroll-submit/0.1/payload.ts ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/enroll-submit/0.1/payload.schema.json
+ */
+/**
+ * Finalise passkey enrolment by submitting the WebAuthn registration result for a ceremony opened by vta/passkey-vms/enroll-challenge. The VTA re-derives the Multikey from attestationObject.authData and rejects on mismatch with the browser-claimed publicKeyMultibase — the browser's value is NOT trusted as authoritative. On success the VTA appends the verificationMethod to the DID document via a WebVH log entry. All byte-valued fields are base64url-encoded (no padding).
+ */
+export interface VTAPasskeyVMEnrollSubmitPayload {
+  /**
+   * The DID the new verificationMethod is to be added to. MUST match the DID bound to `ceremonyId` at challenge time — a mismatch is rejected as a cross-DID replay.
+   */
+  did: string;
+  /**
+   * The `ceremonyId` returned by vta/passkey-vms/enroll-challenge. Single-use; consumed by this submission.
+   */
+  ceremonyId: string;
+  /**
+   * WebAuthn `credential.id` (base64url, no padding). The published verificationMethod `id` fragment is derived as `passkey-<base64url(sha256(credentialId))>`.
+   */
+  credentialId: string;
+  /**
+   * Browser-computed W3C Multikey for the credential public key. ADVISORY: the VTA re-derives the Multikey from `attestationObject.authData` and rejects this submission if the values differ (anti-tamper gate). The re-derived key — not this one — is what gets published.
+   */
+  publicKeyMultibase: string;
+  /**
+   * COSE algorithm identifier of the credential key (e.g. -7 for ES256, -8 for EdDSA). Must be an algorithm the VTA can convert to a Multikey.
+   */
+  coseAlgorithm: number;
+  /**
+   * Raw WebAuthn `attestationObject` — base64url-encoded CBOR. The VTA parses `authData` from this to re-derive the authoritative public key.
+   */
+  attestationObject: string;
+  /**
+   * Raw WebAuthn `clientDataJSON` (base64url, no padding). Bound to the ceremony `challenge` during WebAuthn verification.
+   */
+  clientDataJson: string;
+  /**
+   * Raw WebAuthn `authenticatorData` (base64url, no padding).
+   */
+  authenticatorData: string;
+  /**
+   * Transport hints reported by the authenticator (e.g. `internal`, `hybrid`). Advisory; carried through to the published verificationMethod's `webauthnTransports`.
+   */
+  transports?: string[];
+  /**
+   * Optional operator-supplied label (e.g. "MacBook Touch ID"), carried through to the published verificationMethod.
+   */
+  label?: string;
+  ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+  [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1" as const;
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/enroll-submit/0.1#response" as const;

package/src/vta/passkey-vms/list/0.1/payload.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/vta/passkey-vms/list/0.1/payload.schema.json
+ */
+/**
+ * List every passkey verificationMethod currently published on a VTA-managed DID. Admin-gated read. The returned entries are the same Multikey verificationMethods that appear in the DID document.
+ */
+export interface VTAPasskeyVMListPayload {
+  /**
+   * The DID whose passkey verificationMethods to enumerate. The producer MUST hold the admin role on this DID's context.
+   */
+  did: string;
+  ext?: Ext;
+}
+/**
+ * Ecosystem-defined extension members per SPEC.md §4.5.1.
+ */
+export interface Ext {
+  [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/list/0.1" as const;
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/vta/passkey-vms/list/0.1#response" as const;