npm - @peac/kernel - Versions diffs - 0.10.14 → 0.11.1 - Mend

@peac/kernel 0.10.14 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/__tests__/carrier.test.d.ts +2 -0
package/dist/__tests__/carrier.test.d.ts.map +1 -0
package/dist/carrier.d.ts +99 -0
package/dist/carrier.d.ts.map +1 -0
package/dist/error-categories.generated.d.ts +1 -1
package/dist/errors.cjs +63 -0
package/dist/errors.cjs.map +1 -1
package/dist/errors.generated.d.ts +8 -1
package/dist/errors.generated.d.ts.map +1 -1
package/dist/errors.mjs +63 -0
package/dist/errors.mjs.map +1 -1
package/dist/index.cjs +67 -0
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.mjs +67 -1
package/dist/index.mjs.map +1 -1
package/dist/types.cjs.map +1 -1
package/dist/types.mjs.map +1 -1
package/package.json +1 -1

package/dist/__tests__/carrier.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=carrier.test.d.ts.map

package/dist/__tests__/carrier.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"carrier.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/carrier.test.ts"],"names":[],"mappings":""}

package/dist/carrier.d.ts ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * Evidence Carrier Contract types (DD-124)
+ *
+ * Pure TypeScript types for the universal evidence carry interface.
+ * Zero runtime dependencies: this module exports only types.
+ *
+ * The Evidence Carrier Contract defines how any protocol (MCP, A2A, ACP,
+ * UCP, x402, HTTP) carries PEAC receipts without kernel changes.
+ */
+/**
+ * Canonical HTTP header name for PEAC receipts (DD-127).
+ *
+ * The wire token is exactly "PEAC-Receipt" (mixed-case, hyphenated).
+ * This is the only valid spelling in conformance fixtures and attach() output.
+ * HTTP header lookups SHOULD be case-insensitive per RFC 9110, but conformance
+ * fixtures and attach() output MUST use this exact spelling.
+ */
+export declare const PEAC_RECEIPT_HEADER: "PEAC-Receipt";
+/** Content-addressed receipt reference: SHA-256 of the compact JWS bytes */
+export type ReceiptRef = `sha256:${string}`;
+/** Carrier format: embed (inline) or reference (URL/pointer) */
+export type CarrierFormat = 'embed' | 'reference';
+/**
+ * Universal evidence carrier.
+ *
+ * Every protocol-specific adapter produces and consumes this shape.
+ * Fields marked optional are SHOULD or MAY per the carrier contract spec.
+ */
+export interface PeacEvidenceCarrier {
+    /** Content-addressed receipt reference (MUST): sha256:<hex64> */
+    receipt_ref: ReceiptRef;
+    /** Compact JWS of the signed receipt (SHOULD for embed format) */
+    receipt_jws?: string;
+    /** Policy binding hash for verification (MAY) */
+    policy_binding?: string;
+    /** Actor binding identifier (MAY) */
+    actor_binding?: string;
+    /** Request nonce for replay protection (MAY) */
+    request_nonce?: string;
+    /** Reference to a verification report (MAY) */
+    verification_report_ref?: string;
+    /** Reference to a use policy (MAY) */
+    use_policy_ref?: string;
+    /** Reference to a representation (MAY) */
+    representation_ref?: string;
+    /** Reference to an attestation (MAY) */
+    attestation_ref?: string;
+}
+/**
+ * Transport-level metadata describing how a carrier is placed.
+ *
+ * Used by validateConstraints() to enforce transport-specific size limits
+ * and format requirements (DD-127).
+ */
+export interface CarrierMeta {
+    /** Transport identifier (e.g. 'mcp', 'a2a', 'acp', 'ucp', 'x402', 'http') */
+    transport: string;
+    /** Carrier format: embed or reference */
+    format: CarrierFormat;
+    /** Maximum carrier size in bytes for this transport */
+    max_size: number;
+    /** Fields that have been redacted (MAY) */
+    redaction?: string[];
+}
+/** Result of carrier constraint validation */
+export interface CarrierValidationResult {
+    valid: boolean;
+    violations: string[];
+}
+/**
+ * Protocol-specific carrier adapter (DD-124).
+ *
+ * Each protocol mapping implements this interface to attach/extract
+ * PEAC evidence carriers in the protocol's native format.
+ *
+ * @typeParam TInput - The protocol-specific input type (e.g. A2A TaskStatus)
+ * @typeParam TOutput - The protocol-specific output type
+ */
+export interface CarrierAdapter<TInput, TOutput> {
+    /**
+     * Extract PEAC evidence carriers from a protocol message.
+     * Returns null if no carrier is present.
+     */
+    extract(input: TInput): {
+        receipts: PeacEvidenceCarrier[];
+        meta: CarrierMeta;
+    } | null;
+    /**
+     * Attach PEAC evidence carriers to a protocol message.
+     * Returns the modified output with carriers placed per protocol conventions.
+     */
+    attach(output: TOutput, carriers: PeacEvidenceCarrier[], meta?: CarrierMeta): TOutput;
+    /**
+     * Validate a carrier against transport-specific constraints (DD-127, DD-129).
+     * Takes CarrierMeta for transport-aware size and format validation.
+     */
+    validateConstraints(carrier: PeacEvidenceCarrier, meta: CarrierMeta): CarrierValidationResult;
+}
+//# sourceMappingURL=carrier.d.ts.map

package/dist/carrier.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"carrier.d.ts","sourceRoot":"","sources":["../src/carrier.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,EAAG,cAAuB,CAAC;AAM3D,4EAA4E;AAC5E,MAAM,MAAM,UAAU,GAAG,UAAU,MAAM,EAAE,CAAC;AAE5C,gEAAgE;AAChE,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,WAAW,CAAC;AAMlD;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,iEAAiE;IACjE,WAAW,EAAE,UAAU,CAAC;IACxB,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qCAAqC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sCAAsC;IACtC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wCAAwC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAMD;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,6EAA6E;IAC7E,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,MAAM,EAAE,aAAa,CAAC;IACtB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAMD,8CAA8C;AAC9C,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAMD;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc,CAAC,MAAM,EAAE,OAAO;IAC7C;;;OAGG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,QAAQ,EAAE,mBAAmB,EAAE,CAAC;QAAC,IAAI,EAAE,WAAW,CAAA;KAAE,GAAG,IAAI,CAAC;IAEtF;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC;IAEtF;;;OAGG;IACH,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,WAAW,GAAG,uBAAuB,CAAC;CAC/F"}

package/dist/error-categories.generated.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@
  *
  * AUTO-GENERATED from specs/kernel/errors.json
  * DO NOT EDIT MANUALLY - run: npx tsx scripts/codegen-errors.ts
- * Spec version: 0.10.7
+ * Spec version: 0.11.0
  */
 /**
  * Canonical error categories derived from specs/kernel/errors.json.

package/dist/errors.cjs CHANGED Viewed

@@ -107,6 +107,7 @@ var ERROR_CODES = {
   E_UCP_SIGNATURE_MISSING: "E_UCP_SIGNATURE_MISSING",
   E_UCP_VERIFICATION_FAILED: "E_UCP_VERIFICATION_FAILED",
   // Validation error codes
+  E_CONSTRAINT_VIOLATION: "E_CONSTRAINT_VIOLATION",
   E_EVIDENCE_NOT_JSON: "E_EVIDENCE_NOT_JSON",
   E_EXPIRED: "E_EXPIRED",
   E_INVALID_AMOUNT: "E_INVALID_AMOUNT",
@@ -128,10 +129,16 @@ var ERROR_CODES = {
   E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
   // Verifier error codes
   E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
+  E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
   E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
+  E_VERIFY_ISSUER_CONFIG_INVALID: "E_VERIFY_ISSUER_CONFIG_INVALID",
+  E_VERIFY_ISSUER_CONFIG_MISSING: "E_VERIFY_ISSUER_CONFIG_MISSING",
+  E_VERIFY_ISSUER_MISMATCH: "E_VERIFY_ISSUER_MISMATCH",
   E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
+  E_VERIFY_JWKS_INVALID: "E_VERIFY_JWKS_INVALID",
   E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
   E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
+  E_VERIFY_JWKS_URI_INVALID: "E_VERIFY_JWKS_URI_INVALID",
   E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
   E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
   E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
@@ -932,6 +939,14 @@ var ERRORS = {
     category: "ucp"
   },
   // Validation error codes
+  E_CONSTRAINT_VIOLATION: {
+    code: "E_CONSTRAINT_VIOLATION",
+    http_status: 400,
+    title: "Kernel Constraint Violation",
+    description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
+    retriable: false,
+    category: "validation"
+  },
   E_EVIDENCE_NOT_JSON: {
     code: "E_EVIDENCE_NOT_JSON",
     http_status: 400,
@@ -1086,6 +1101,14 @@ var ERRORS = {
     retriable: false,
     category: "verifier"
   },
+  E_VERIFY_INSECURE_SCHEME_BLOCKED: {
+    code: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
+    http_status: 403,
+    title: "Insecure Scheme Blocked",
+    description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
+    retriable: false,
+    category: "verifier"
+  },
   E_VERIFY_INVALID_TRANSPORT: {
     code: "E_VERIFY_INVALID_TRANSPORT",
     http_status: 400,
@@ -1094,6 +1117,30 @@ var ERRORS = {
     retriable: false,
     category: "verifier"
   },
+  E_VERIFY_ISSUER_CONFIG_INVALID: {
+    code: "E_VERIFY_ISSUER_CONFIG_INVALID",
+    http_status: 502,
+    title: "Issuer Config Invalid",
+    description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_ISSUER_CONFIG_MISSING: {
+    code: "E_VERIFY_ISSUER_CONFIG_MISSING",
+    http_status: 502,
+    title: "Issuer Config Missing",
+    description: "peac-issuer.json not found or not fetchable at issuer origin",
+    retriable: true,
+    category: "verifier"
+  },
+  E_VERIFY_ISSUER_MISMATCH: {
+    code: "E_VERIFY_ISSUER_MISMATCH",
+    http_status: 403,
+    title: "Issuer Mismatch",
+    description: "issuer field in peac-issuer.json does not match the expected issuer origin",
+    retriable: false,
+    category: "verifier"
+  },
   E_VERIFY_ISSUER_NOT_ALLOWED: {
     code: "E_VERIFY_ISSUER_NOT_ALLOWED",
     http_status: 403,
@@ -1102,6 +1149,14 @@ var ERRORS = {
     retriable: false,
     category: "verifier"
   },
+  E_VERIFY_JWKS_INVALID: {
+    code: "E_VERIFY_JWKS_INVALID",
+    http_status: 502,
+    title: "JWKS Invalid",
+    description: "JWKS response is not valid JSON or missing required keys array",
+    retriable: false,
+    category: "verifier"
+  },
   E_VERIFY_JWKS_TOO_LARGE: {
     code: "E_VERIFY_JWKS_TOO_LARGE",
     http_status: 400,
@@ -1118,6 +1173,14 @@ var ERRORS = {
     retriable: false,
     category: "verifier"
   },
+  E_VERIFY_JWKS_URI_INVALID: {
+    code: "E_VERIFY_JWKS_URI_INVALID",
+    http_status: 502,
+    title: "JWKS URI Invalid",
+    description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
+    retriable: false,
+    category: "verifier"
+  },
   E_VERIFY_KEY_FETCH_BLOCKED: {
     code: "E_VERIFY_KEY_FETCH_BLOCKED",
     http_status: 403,