@qlever-llc/trellis 0.6.1 → 0.7.0-rc.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -2
- package/esm/auth/device_activation.d.ts +194 -0
- package/esm/auth/device_activation.d.ts.map +1 -0
- package/esm/auth/{workload_activation.js → device_activation.js} +85 -60
- package/esm/auth/mod.d.ts +2 -2
- package/esm/auth/mod.d.ts.map +1 -1
- package/esm/auth/mod.js +2 -2
- package/esm/auth/protocol.d.ts +175 -72
- package/esm/auth/protocol.d.ts.map +1 -1
- package/esm/auth/protocol.js +126 -78
- package/esm/contracts/mod.d.ts +19 -3
- package/esm/contracts/mod.d.ts.map +1 -1
- package/esm/contracts/mod.js +28 -4
- package/esm/contracts/protocol.d.ts +34 -0
- package/esm/contracts/protocol.d.ts.map +1 -1
- package/esm/contracts/protocol.js +15 -0
- package/esm/server/deno.d.ts +1 -6
- package/esm/server/deno.d.ts.map +1 -1
- package/esm/server/deno.js +1 -16
- package/esm/server/mod.d.ts +3 -2
- package/esm/server/mod.d.ts.map +1 -1
- package/esm/server/mod.js +2 -2
- package/esm/server/node.d.ts +1 -6
- package/esm/server/node.d.ts.map +1 -1
- package/esm/server/node.js +1 -16
- package/esm/server/service.d.ts +32 -10
- package/esm/server/service.d.ts.map +1 -1
- package/esm/server/service.js +188 -41
- package/esm/server/transfer.d.ts +41 -0
- package/esm/server/transfer.d.ts.map +1 -0
- package/esm/server/transfer.js +418 -0
- package/esm/telemetry/init.d.ts +4 -0
- package/esm/telemetry/init.d.ts.map +1 -0
- package/esm/telemetry/init.js +7 -0
- package/esm/telemetry/mod.d.ts +1 -2
- package/esm/telemetry/mod.d.ts.map +1 -1
- package/esm/telemetry/mod.js +1 -2
- package/esm/telemetry/runtime.d.ts.map +1 -1
- package/esm/telemetry/runtime.js +9 -5
- package/esm/telemetry/trellis.d.ts +0 -1
- package/esm/telemetry/trellis.d.ts.map +1 -1
- package/esm/telemetry/trellis.js +0 -6
- package/esm/trellis/_sdk/auth/api.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/api.js +132 -110
- package/esm/trellis/_sdk/auth/contract.d.ts +1 -1
- package/esm/trellis/_sdk/auth/contract.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/contract.js +2 -2
- package/esm/trellis/_sdk/auth/schemas.d.ts +4212 -3069
- package/esm/trellis/_sdk/auth/schemas.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/schemas.js +144 -125
- package/esm/trellis/_sdk/auth/types.d.ts +417 -267
- package/esm/trellis/_sdk/auth/types.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/types.js +1 -1
- package/esm/trellis/_sdk/core/contract.d.ts +1 -1
- package/esm/trellis/_sdk/core/contract.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/contract.js +2 -2
- package/esm/trellis/_sdk/core/schemas.d.ts +122 -0
- package/esm/trellis/_sdk/core/schemas.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/schemas.js +4 -4
- package/esm/trellis/_sdk/core/types.d.ts +18 -1
- package/esm/trellis/_sdk/core/types.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/types.js +1 -1
- package/esm/trellis/_sdk/state/_dnt.polyfills.d.ts +12 -0
- package/esm/trellis/_sdk/state/_dnt.polyfills.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/_dnt.polyfills.js +15 -0
- package/esm/trellis/_sdk/state/api.d.ts +10 -0
- package/esm/trellis/_sdk/state/api.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/api.js +71 -0
- package/esm/trellis/_sdk/state/contract.d.ts +8 -0
- package/esm/trellis/_sdk/state/contract.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/contract.js +59 -0
- package/esm/trellis/_sdk/state/mod.d.ts +7 -0
- package/esm/trellis/_sdk/state/mod.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/mod.js +5 -0
- package/esm/trellis/_sdk/state/package.json +3 -0
- package/esm/trellis/_sdk/state/schemas.d.ts +1437 -0
- package/esm/trellis/_sdk/state/schemas.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/schemas.js +62 -0
- package/esm/trellis/_sdk/state/types.d.ts +206 -0
- package/esm/trellis/_sdk/state/types.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/types.js +3 -0
- package/esm/trellis/client_connect.d.ts +53 -0
- package/esm/trellis/client_connect.d.ts.map +1 -0
- package/esm/trellis/client_connect.js +300 -0
- package/esm/trellis/contract.d.ts +1 -7
- package/esm/trellis/contract.d.ts.map +1 -1
- package/esm/trellis/contract.js +1 -12
- package/esm/trellis/device.d.ts +41 -0
- package/esm/trellis/device.d.ts.map +1 -0
- package/esm/trellis/device.js +209 -0
- package/esm/trellis/errors/AuthError.d.ts +1 -1
- package/esm/trellis/errors/AuthError.js +9 -9
- package/esm/trellis/errors/StoreError.d.ts +22 -0
- package/esm/trellis/errors/StoreError.d.ts.map +1 -0
- package/esm/trellis/errors/StoreError.js +41 -0
- package/esm/trellis/errors/TransferError.d.ts +22 -0
- package/esm/trellis/errors/TransferError.d.ts.map +1 -0
- package/esm/trellis/errors/TransferError.js +41 -0
- package/esm/trellis/errors/index.d.ts +8 -0
- package/esm/trellis/errors/index.d.ts.map +1 -1
- package/esm/trellis/errors/index.js +8 -0
- package/esm/trellis/index.d.ts +10 -4
- package/esm/trellis/index.d.ts.map +1 -1
- package/esm/trellis/index.js +6 -4
- package/esm/trellis/kv.d.ts +2 -0
- package/esm/trellis/kv.d.ts.map +1 -1
- package/esm/trellis/kv.js +6 -0
- package/esm/trellis/models/trellis/TrellisError.d.ts +15 -1
- package/esm/trellis/models/trellis/TrellisError.d.ts.map +1 -1
- package/esm/trellis/models/trellis/TrellisError.js +4 -0
- package/esm/trellis/runtime_transport.d.ts +12 -0
- package/esm/trellis/runtime_transport.d.ts.map +1 -0
- package/esm/trellis/runtime_transport.js +35 -0
- package/esm/trellis/sdk/state.d.ts +4 -0
- package/esm/trellis/sdk/state.d.ts.map +1 -0
- package/esm/trellis/sdk/state.js +3 -0
- package/esm/trellis/store.d.ts +51 -0
- package/esm/trellis/store.d.ts.map +1 -0
- package/esm/trellis/store.js +310 -0
- package/esm/trellis/tracing.js +1 -1
- package/esm/trellis/transfer.d.ts +118 -0
- package/esm/trellis/transfer.d.ts.map +1 -0
- package/esm/trellis/transfer.js +357 -0
- package/esm/trellis/trellis.d.ts +3 -0
- package/esm/trellis/trellis.d.ts.map +1 -1
- package/esm/trellis/trellis.js +48 -17
- package/package.json +7 -2
- package/script/auth/device_activation.d.ts +194 -0
- package/script/auth/device_activation.d.ts.map +1 -0
- package/script/auth/{workload_activation.js → device_activation.js} +99 -74
- package/script/auth/mod.d.ts +2 -2
- package/script/auth/mod.d.ts.map +1 -1
- package/script/auth/mod.js +84 -76
- package/script/auth/protocol.d.ts +175 -72
- package/script/auth/protocol.d.ts.map +1 -1
- package/script/auth/protocol.js +129 -81
- package/script/contracts/mod.d.ts +19 -3
- package/script/contracts/mod.d.ts.map +1 -1
- package/script/contracts/mod.js +30 -4
- package/script/contracts/protocol.d.ts +34 -0
- package/script/contracts/protocol.d.ts.map +1 -1
- package/script/contracts/protocol.js +16 -1
- package/script/telemetry/init.d.ts +4 -0
- package/script/telemetry/init.d.ts.map +1 -0
- package/script/telemetry/init.js +11 -0
- package/script/telemetry/mod.d.ts +1 -2
- package/script/telemetry/mod.d.ts.map +1 -1
- package/script/telemetry/mod.js +1 -4
- package/script/telemetry/runtime.d.ts.map +1 -1
- package/script/telemetry/runtime.js +9 -28
- package/script/telemetry/trellis.d.ts +0 -1
- package/script/telemetry/trellis.d.ts.map +1 -1
- package/script/telemetry/trellis.js +0 -7
- package/script/trellis/_sdk/auth/api.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/api.js +132 -110
- package/script/trellis/_sdk/auth/contract.d.ts +1 -1
- package/script/trellis/_sdk/auth/contract.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/contract.js +2 -2
- package/script/trellis/_sdk/auth/schemas.d.ts +4212 -3069
- package/script/trellis/_sdk/auth/schemas.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/schemas.js +144 -125
- package/script/trellis/_sdk/auth/types.d.ts +417 -267
- package/script/trellis/_sdk/auth/types.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/types.js +1 -1
- package/script/trellis/_sdk/core/contract.d.ts +1 -1
- package/script/trellis/_sdk/core/contract.d.ts.map +1 -1
- package/script/trellis/_sdk/core/contract.js +2 -2
- package/script/trellis/_sdk/core/schemas.d.ts +122 -0
- package/script/trellis/_sdk/core/schemas.d.ts.map +1 -1
- package/script/trellis/_sdk/core/schemas.js +4 -4
- package/script/trellis/_sdk/core/types.d.ts +18 -1
- package/script/trellis/_sdk/core/types.d.ts.map +1 -1
- package/script/trellis/_sdk/core/types.js +1 -1
- package/script/trellis/_sdk/state/_dnt.polyfills.d.ts +12 -0
- package/script/trellis/_sdk/state/_dnt.polyfills.d.ts.map +1 -0
- package/script/trellis/_sdk/state/_dnt.polyfills.js +16 -0
- package/script/trellis/_sdk/state/api.d.ts +10 -0
- package/script/trellis/_sdk/state/api.d.ts.map +1 -0
- package/script/trellis/_sdk/state/api.js +74 -0
- package/script/trellis/_sdk/state/contract.d.ts +8 -0
- package/script/trellis/_sdk/state/contract.d.ts.map +1 -0
- package/script/trellis/_sdk/state/contract.js +62 -0
- package/script/trellis/_sdk/state/mod.d.ts +7 -0
- package/script/trellis/_sdk/state/mod.d.ts.map +1 -0
- package/script/trellis/_sdk/state/mod.js +30 -0
- package/script/trellis/_sdk/state/package.json +3 -0
- package/script/trellis/_sdk/state/schemas.d.ts +1437 -0
- package/script/trellis/_sdk/state/schemas.d.ts.map +1 -0
- package/script/trellis/_sdk/state/schemas.js +65 -0
- package/script/trellis/_sdk/state/types.d.ts +206 -0
- package/script/trellis/_sdk/state/types.d.ts.map +1 -0
- package/script/trellis/_sdk/state/types.js +6 -0
- package/script/trellis/client_connect.d.ts +53 -0
- package/script/trellis/client_connect.d.ts.map +1 -0
- package/script/trellis/client_connect.js +304 -0
- package/script/trellis/contract.d.ts +1 -7
- package/script/trellis/contract.d.ts.map +1 -1
- package/script/trellis/contract.js +1 -12
- package/script/trellis/device.d.ts +41 -0
- package/script/trellis/device.d.ts.map +1 -0
- package/script/trellis/device.js +213 -0
- package/script/trellis/errors/AuthError.d.ts +1 -1
- package/script/trellis/errors/AuthError.js +9 -9
- package/script/trellis/errors/StoreError.d.ts +22 -0
- package/script/trellis/errors/StoreError.d.ts.map +1 -0
- package/script/trellis/errors/StoreError.js +48 -0
- package/script/trellis/errors/TransferError.d.ts +22 -0
- package/script/trellis/errors/TransferError.d.ts.map +1 -0
- package/script/trellis/errors/TransferError.js +48 -0
- package/script/trellis/errors/index.d.ts +8 -0
- package/script/trellis/errors/index.d.ts.map +1 -1
- package/script/trellis/errors/index.js +13 -1
- package/script/trellis/index.d.ts +10 -4
- package/script/trellis/index.d.ts.map +1 -1
- package/script/trellis/index.js +17 -6
- package/script/trellis/kv.d.ts +2 -0
- package/script/trellis/kv.d.ts.map +1 -1
- package/script/trellis/kv.js +6 -0
- package/script/trellis/models/trellis/TrellisError.d.ts +15 -1
- package/script/trellis/models/trellis/TrellisError.d.ts.map +1 -1
- package/script/trellis/models/trellis/TrellisError.js +4 -0
- package/script/trellis/runtime_transport.d.ts +12 -0
- package/script/trellis/runtime_transport.d.ts.map +1 -0
- package/script/trellis/runtime_transport.js +37 -0
- package/script/trellis/store.d.ts +51 -0
- package/script/trellis/store.d.ts.map +1 -0
- package/script/trellis/store.js +316 -0
- package/script/trellis/tracing.js +1 -1
- package/script/trellis/transfer.d.ts +118 -0
- package/script/trellis/transfer.d.ts.map +1 -0
- package/script/trellis/transfer.js +367 -0
- package/script/trellis/trellis.d.ts +3 -0
- package/script/trellis/trellis.d.ts.map +1 -1
- package/script/trellis/trellis.js +48 -17
- package/esm/auth/workload_activation.d.ts +0 -192
- package/esm/auth/workload_activation.d.ts.map +0 -1
- package/esm/trellis/workload.d.ts +0 -45
- package/esm/trellis/workload.d.ts.map +0 -1
- package/esm/trellis/workload.js +0 -144
- package/script/auth/workload_activation.d.ts +0 -192
- package/script/auth/workload_activation.d.ts.map +0 -1
- package/script/trellis/workload.d.ts +0 -45
- package/script/trellis/workload.d.ts.map +0 -1
- package/script/trellis/workload.js +0 -172
package/README.md
CHANGED
|
@@ -3,7 +3,8 @@
|
|
|
3
3
|
JavaScript Trellis client runtime. Provides contract-driven client helpers and runtime error types.
|
|
4
4
|
|
|
5
5
|
```typescript
|
|
6
|
-
import {
|
|
6
|
+
import { TrellisClient } from "@qlever-llc/trellis";
|
|
7
|
+
import { defineContract } from "@qlever-llc/trellis/contracts";
|
|
7
8
|
import { auth } from "@qlever-llc/trellis/sdk/auth";
|
|
8
9
|
|
|
9
10
|
const app = defineContract({
|
|
@@ -16,7 +17,10 @@ const app = defineContract({
|
|
|
16
17
|
},
|
|
17
18
|
});
|
|
18
19
|
|
|
19
|
-
const client =
|
|
20
|
+
const client = await TrellisClient.connect({
|
|
21
|
+
trellisUrl: "https://trellis.example.com",
|
|
22
|
+
contract: app,
|
|
23
|
+
});
|
|
20
24
|
const me = await client.requestOrThrow("Auth.Me", {});
|
|
21
25
|
```
|
|
22
26
|
|
|
@@ -0,0 +1,194 @@
|
|
|
1
|
+
import type { StaticDecode } from "typebox";
|
|
2
|
+
import { Type } from "typebox";
|
|
3
|
+
import type { NatsAuthTokenV1 } from "./schemas.js";
|
|
4
|
+
import { AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthGetDeviceActivationStatusResponseSchema, AuthGetDeviceActivationStatusSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, WaitForDeviceActivationResponseSchema } from "./protocol.js";
|
|
5
|
+
export declare const DeviceActivationPayloadSchema: Type.TObject<{
|
|
6
|
+
v: Type.TLiteral<1>;
|
|
7
|
+
publicIdentityKey: Type.TString;
|
|
8
|
+
nonce: Type.TString;
|
|
9
|
+
qrMac: Type.TString;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const DeviceActivationWaitRequestSchema: Type.TObject<{
|
|
12
|
+
publicIdentityKey: Type.TString;
|
|
13
|
+
nonce: Type.TString;
|
|
14
|
+
contractDigest: Type.TOptional<Type.TString>;
|
|
15
|
+
iat: Type.TNumber;
|
|
16
|
+
sig: Type.TString;
|
|
17
|
+
}>;
|
|
18
|
+
export type DeviceActivationPayload = StaticDecode<typeof DeviceActivationPayloadSchema>;
|
|
19
|
+
export type DeviceActivationWaitRequest = StaticDecode<typeof DeviceActivationWaitRequestSchema>;
|
|
20
|
+
export type WaitForDeviceActivationResponse = StaticDecode<typeof WaitForDeviceActivationResponseSchema>;
|
|
21
|
+
export type AuthActivateDeviceInput = StaticDecode<typeof AuthActivateDeviceSchema>;
|
|
22
|
+
export type AuthActivateDeviceOutput = StaticDecode<typeof AuthActivateDeviceResponseSchema>;
|
|
23
|
+
export type AuthGetDeviceActivationStatusInput = StaticDecode<typeof AuthGetDeviceActivationStatusSchema>;
|
|
24
|
+
export type AuthGetDeviceActivationStatusOutput = StaticDecode<typeof AuthGetDeviceActivationStatusResponseSchema>;
|
|
25
|
+
export type AuthListDeviceActivationsInput = StaticDecode<typeof AuthListDeviceActivationsSchema>;
|
|
26
|
+
export type AuthListDeviceActivationsOutput = StaticDecode<typeof AuthListDeviceActivationsResponseSchema>;
|
|
27
|
+
export type AuthRevokeDeviceActivationInput = StaticDecode<typeof AuthRevokeDeviceActivationSchema>;
|
|
28
|
+
export type AuthRevokeDeviceActivationResponse = StaticDecode<typeof AuthRevokeDeviceActivationResponseSchema>;
|
|
29
|
+
export type GetDeviceConnectInfoInput = StaticDecode<typeof AuthGetDeviceConnectInfoSchema>;
|
|
30
|
+
export type GetDeviceConnectInfoOutput = StaticDecode<typeof AuthGetDeviceConnectInfoResponseSchema>;
|
|
31
|
+
export type DeviceIdentity = {
|
|
32
|
+
identitySeed: Uint8Array;
|
|
33
|
+
identitySeedBase64url: string;
|
|
34
|
+
publicIdentityKey: string;
|
|
35
|
+
activationKey: Uint8Array;
|
|
36
|
+
activationKeyBase64url: string;
|
|
37
|
+
};
|
|
38
|
+
type DeviceActivationRpcMethod = "Auth.ActivateDevice" | "Auth.GetDeviceActivationStatus" | "Auth.ListDeviceActivations" | "Auth.RevokeDeviceActivation" | "Auth.GetDeviceConnectInfo";
|
|
39
|
+
type DeviceActivationRpcInputMap = {
|
|
40
|
+
"Auth.ActivateDevice": AuthActivateDeviceInput;
|
|
41
|
+
"Auth.GetDeviceActivationStatus": AuthGetDeviceActivationStatusInput;
|
|
42
|
+
"Auth.ListDeviceActivations": AuthListDeviceActivationsInput;
|
|
43
|
+
"Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationInput;
|
|
44
|
+
"Auth.GetDeviceConnectInfo": GetDeviceConnectInfoInput;
|
|
45
|
+
};
|
|
46
|
+
type DeviceActivationRpcOutputMap = {
|
|
47
|
+
"Auth.ActivateDevice": AuthActivateDeviceOutput;
|
|
48
|
+
"Auth.GetDeviceActivationStatus": AuthGetDeviceActivationStatusOutput;
|
|
49
|
+
"Auth.ListDeviceActivations": AuthListDeviceActivationsOutput;
|
|
50
|
+
"Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationResponse;
|
|
51
|
+
"Auth.GetDeviceConnectInfo": GetDeviceConnectInfoOutput;
|
|
52
|
+
};
|
|
53
|
+
type RequestClient = {
|
|
54
|
+
requestOrThrow<M extends DeviceActivationRpcMethod>(method: M, input: DeviceActivationRpcInputMap[M], opts?: unknown): Promise<DeviceActivationRpcOutputMap[M]>;
|
|
55
|
+
};
|
|
56
|
+
export type DeviceActivationTransport = RequestClient;
|
|
57
|
+
export declare function deriveDeviceIdentity(deviceRootSecret: Uint8Array): Promise<DeviceIdentity>;
|
|
58
|
+
export declare function deriveDeviceQrMac(input: {
|
|
59
|
+
activationKey: Uint8Array | string;
|
|
60
|
+
publicIdentityKey: string;
|
|
61
|
+
nonce: string;
|
|
62
|
+
}): Promise<string>;
|
|
63
|
+
export declare function buildDeviceActivationPayload(input: {
|
|
64
|
+
activationKey: Uint8Array | string;
|
|
65
|
+
publicIdentityKey: string;
|
|
66
|
+
nonce: string;
|
|
67
|
+
}): Promise<DeviceActivationPayload>;
|
|
68
|
+
export declare function encodeDeviceActivationPayload(payload: DeviceActivationPayload): string;
|
|
69
|
+
export declare function parseDeviceActivationPayload(value: string): DeviceActivationPayload;
|
|
70
|
+
export declare function buildDeviceActivationUrl(args: {
|
|
71
|
+
trellisUrl: string;
|
|
72
|
+
payload: DeviceActivationPayload | string;
|
|
73
|
+
}): string;
|
|
74
|
+
export declare function deriveDeviceConfirmationCode(input: {
|
|
75
|
+
activationKey: Uint8Array | string;
|
|
76
|
+
publicIdentityKey: string;
|
|
77
|
+
nonce: string;
|
|
78
|
+
}): Promise<string>;
|
|
79
|
+
export declare function verifyDeviceConfirmationCode(input: {
|
|
80
|
+
activationKey: Uint8Array | string;
|
|
81
|
+
publicIdentityKey: string;
|
|
82
|
+
nonce: string;
|
|
83
|
+
confirmationCode: string;
|
|
84
|
+
}): Promise<boolean>;
|
|
85
|
+
export declare function buildDeviceWaitProofInput(publicIdentityKey: string, nonce: string, iat: number): Uint8Array;
|
|
86
|
+
export declare function signDeviceWaitRequest(args: {
|
|
87
|
+
publicIdentityKey: string;
|
|
88
|
+
nonce: string;
|
|
89
|
+
identitySeed: Uint8Array | string;
|
|
90
|
+
contractDigest?: string;
|
|
91
|
+
iat?: number;
|
|
92
|
+
}): Promise<DeviceActivationWaitRequest>;
|
|
93
|
+
export declare function createDeviceNatsAuthToken(args: {
|
|
94
|
+
publicIdentityKey: string;
|
|
95
|
+
identitySeed: Uint8Array | string;
|
|
96
|
+
contractDigest: string;
|
|
97
|
+
iat?: number;
|
|
98
|
+
}): Promise<NatsAuthTokenV1 & {
|
|
99
|
+
contractDigest: string;
|
|
100
|
+
}>;
|
|
101
|
+
export declare function waitForDeviceActivation(args: {
|
|
102
|
+
trellisUrl: string;
|
|
103
|
+
publicIdentityKey: string;
|
|
104
|
+
nonce: string;
|
|
105
|
+
identitySeed: Uint8Array | string;
|
|
106
|
+
contractDigest: string;
|
|
107
|
+
signal?: AbortSignal;
|
|
108
|
+
pollIntervalMs?: number;
|
|
109
|
+
}): Promise<Extract<WaitForDeviceActivationResponse, {
|
|
110
|
+
status: "activated";
|
|
111
|
+
}>>;
|
|
112
|
+
export declare function getDeviceConnectInfo(args: {
|
|
113
|
+
trellisUrl: string;
|
|
114
|
+
publicIdentityKey: string;
|
|
115
|
+
identitySeed: Uint8Array | string;
|
|
116
|
+
contractDigest: string;
|
|
117
|
+
iat?: number;
|
|
118
|
+
}): Promise<GetDeviceConnectInfoOutput>;
|
|
119
|
+
export declare function createDeviceActivationClient(client: DeviceActivationTransport): {
|
|
120
|
+
activateDevice(input: AuthActivateDeviceInput): Promise<{
|
|
121
|
+
confirmationCode?: string | undefined;
|
|
122
|
+
status: "activated";
|
|
123
|
+
profileId: string;
|
|
124
|
+
instanceId: string;
|
|
125
|
+
activatedAt: string;
|
|
126
|
+
} | {
|
|
127
|
+
status: "pending_review";
|
|
128
|
+
profileId: string;
|
|
129
|
+
instanceId: string;
|
|
130
|
+
reviewId: string;
|
|
131
|
+
linkRequestId: string;
|
|
132
|
+
requestedAt: string;
|
|
133
|
+
} | {
|
|
134
|
+
reason?: string | undefined;
|
|
135
|
+
status: "rejected";
|
|
136
|
+
}>;
|
|
137
|
+
getDeviceActivationStatus(input: AuthGetDeviceActivationStatusInput): Promise<{
|
|
138
|
+
confirmationCode?: string | undefined;
|
|
139
|
+
status: "activated";
|
|
140
|
+
profileId: string;
|
|
141
|
+
instanceId: string;
|
|
142
|
+
activatedAt: string;
|
|
143
|
+
} | {
|
|
144
|
+
status: "pending_review";
|
|
145
|
+
profileId: string;
|
|
146
|
+
instanceId: string;
|
|
147
|
+
reviewId: string;
|
|
148
|
+
linkRequestId: string;
|
|
149
|
+
requestedAt: string;
|
|
150
|
+
} | {
|
|
151
|
+
reason?: string | undefined;
|
|
152
|
+
status: "rejected";
|
|
153
|
+
}>;
|
|
154
|
+
listDeviceActivations(input?: AuthListDeviceActivationsInput): Promise<{
|
|
155
|
+
activations: {
|
|
156
|
+
activatedBy?: {
|
|
157
|
+
origin: string;
|
|
158
|
+
id: string;
|
|
159
|
+
} | undefined;
|
|
160
|
+
profileId: string;
|
|
161
|
+
instanceId: string;
|
|
162
|
+
publicIdentityKey: string;
|
|
163
|
+
state: "activated" | "revoked";
|
|
164
|
+
activatedAt: string;
|
|
165
|
+
revokedAt: string | null;
|
|
166
|
+
}[];
|
|
167
|
+
}>;
|
|
168
|
+
revokeDeviceActivation(input: AuthRevokeDeviceActivationInput): Promise<{
|
|
169
|
+
success: boolean;
|
|
170
|
+
}>;
|
|
171
|
+
getDeviceConnectInfo(input: GetDeviceConnectInfoInput): Promise<{
|
|
172
|
+
status: "ready";
|
|
173
|
+
connectInfo: {
|
|
174
|
+
contractDigest: string;
|
|
175
|
+
contractId: string;
|
|
176
|
+
profileId: string;
|
|
177
|
+
instanceId: string;
|
|
178
|
+
transport: {
|
|
179
|
+
sentinel: {
|
|
180
|
+
jwt: string;
|
|
181
|
+
seed: string;
|
|
182
|
+
};
|
|
183
|
+
natsServers: string[];
|
|
184
|
+
};
|
|
185
|
+
auth: {
|
|
186
|
+
mode: "device_identity";
|
|
187
|
+
iatSkewSeconds: number;
|
|
188
|
+
};
|
|
189
|
+
};
|
|
190
|
+
}>;
|
|
191
|
+
};
|
|
192
|
+
export declare function verifyDeviceWaitSignature(input: DeviceActivationWaitRequest): Promise<boolean>;
|
|
193
|
+
export {};
|
|
194
|
+
//# sourceMappingURL=device_activation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"device_activation.d.ts","sourceRoot":"","sources":["../../src/auth/device_activation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAQ/B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EACL,gCAAgC,EAChC,wBAAwB,EACxB,2CAA2C,EAC3C,mCAAmC,EACnC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,+BAA+B,EAC/B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACtC,MAAM,eAAe,CAAC;AAgBvB,eAAO,MAAM,6BAA6B;;;;;EAKP,CAAC;AAEpC,eAAO,MAAM,iCAAiC;;;;;;EAMX,CAAC;AAEpC,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,2BAA2B,GAAG,YAAY,CACpD,OAAO,iCAAiC,CACzC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,qCAAqC,CAC7C,CAAC;AACF,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,wBAAwB,CAChC,CAAC;AACF,MAAM,MAAM,wBAAwB,GAAG,YAAY,CACjD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,mCAAmC,CAC3C,CAAC;AACF,MAAM,MAAM,mCAAmC,GAAG,YAAY,CAC5D,OAAO,2CAA2C,CACnD,CAAC;AACF,MAAM,MAAM,8BAA8B,GAAG,YAAY,CACvD,OAAO,+BAA+B,CACvC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,uCAAuC,CAC/C,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,wCAAwC,CAChD,CAAC;AACF,MAAM,MAAM,yBAAyB,GAAG,YAAY,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,YAAY,CACnD,OAAO,sCAAsC,CAC9C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,UAAU,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,KAAK,yBAAyB,GAC1B,qBAAqB,GACrB,gCAAgC,GAChC,4BAA4B,GAC5B,6BAA6B,GAC7B,2BAA2B,CAAC;AAEhC,KAAK,2BAA2B,GAAG;IACjC,qBAAqB,EAAE,uBAAuB,CAAC;IAC/C,gCAAgC,EAAE,kCAAkC,CAAC;IACrE,4BAA4B,EAAE,8BAA8B,CAAC;IAC7D,6BAA6B,EAAE,+BAA+B,CAAC;IAC/D,2BAA2B,EAAE,yBAAyB,CAAC;CACxD,CAAC;AAEF,KAAK,4BAA4B,GAAG;IAClC,qBAAqB,EAAE,wBAAwB,CAAC;IAChD,gCAAgC,EAAE,mCAAmC,CAAC;IACtE,4BAA4B,EAAE,+BAA+B,CAAC;IAC9D,6BAA6B,EAAE,kCAAkC,CAAC;IAClE,2BAA2B,EAAE,0BAA0B,CAAC;CACzD,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,cAAc,CAAC,CAAC,SAAS,yBAAyB,EAChD,MAAM,EAAE,CAAC,EACT,KAAK,EAAE,2BAA2B,CAAC,CAAC,CAAC,EACrC,IAAI,CAAC,EAAE,OAAO,GACb,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;CAC7C,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,aAAa,CAAC;AA6HtD,wBAAsB,oBAAoB,CACxC,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,cAAc,CAAC,CA8BzB;AAED,wBAAsB,iBAAiB,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAQnC;AAED,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,uBAAuB,GAC/B,MAAM,CAER;AAED,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,MAAM,GACZ,uBAAuB,CAOzB;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,uBAAuB,GAAG,MAAM,CAAC;CAC3C,GAAG,MAAM,CAUT;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,OAAO,CAAC,CAInB;AAED,wBAAgB,yBAAyB,CACvC,iBAAiB,EAAE,MAAM,EACzB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,GACV,UAAU,CAwBZ;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE;IAChD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,2BAA2B,CAAC,CA0BvC;AAED,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,eAAe,GAAG;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CAoBxD;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CACT,OAAO,CAAC,+BAA+B,EAAE;IAAE,MAAM,EAAE,WAAW,CAAA;CAAE,CAAC,CAClE,CAoCA;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,0BAA0B,CAAC,CA8BtC;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,yBAAyB;0BAGT,uBAAuB;;;;;;;;;;;;;;;;;qCAGZ,kCAAkC;;;;;;;;;;;;;;;;;kCAGtC,8BAA8B;;;;;;;;;;;;;;kCAG7B,+BAA+B;;;gCAGjC,yBAAyB;;;;;;;;;;;;;;;;;;;;EAIxD;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,OAAO,CAAC,CAiBlB"}
|
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
import { Type } from "typebox";
|
|
2
2
|
import { Value } from "typebox/value";
|
|
3
3
|
import { importEd25519PrivateKeyFromSeedBase64url, importEd25519PublicKeyFromBase64url, publicKeyBase64urlFromPrivateKey, } from "./keys.js";
|
|
4
|
-
import {
|
|
5
|
-
import { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8 } from "./utils.js";
|
|
6
|
-
const
|
|
7
|
-
const
|
|
8
|
-
const
|
|
9
|
-
const
|
|
4
|
+
import { AuthGetDeviceConnectInfoResponseSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
5
|
+
import { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8, } from "./utils.js";
|
|
6
|
+
const DEVICE_IDENTITY_HKDF_INFO = "trellis/device-identity/v1";
|
|
7
|
+
const DEVICE_ACTIVATION_HKDF_INFO = "trellis/device-activate/v1";
|
|
8
|
+
const DEVICE_QR_MAC_DOMAIN = "trellis-device-qr/v1";
|
|
9
|
+
const DEVICE_CONFIRMATION_DOMAIN = "trellis-device-confirm/v1";
|
|
10
10
|
const CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
|
|
11
11
|
const DEFAULT_WAIT_POLL_INTERVAL_MS = 1_000;
|
|
12
|
-
export const
|
|
12
|
+
export const DeviceActivationPayloadSchema = Type.Object({
|
|
13
13
|
v: Type.Literal(1),
|
|
14
14
|
publicIdentityKey: Type.String({ minLength: 1 }),
|
|
15
15
|
nonce: Type.String({ minLength: 1 }),
|
|
16
16
|
qrMac: Type.String({ minLength: 1 }),
|
|
17
17
|
}, { additionalProperties: false });
|
|
18
|
-
export const
|
|
18
|
+
export const DeviceActivationWaitRequestSchema = Type.Object({
|
|
19
19
|
publicIdentityKey: Type.String({ minLength: 1 }),
|
|
20
20
|
nonce: Type.String({ minLength: 1 }),
|
|
21
21
|
contractDigest: Type.Optional(Type.String({ minLength: 1 })),
|
|
@@ -78,8 +78,9 @@ function normalizeCrockford(value) {
|
|
|
78
78
|
return value.trim().toUpperCase().replace(/O/g, "0").replace(/[IL]/g, "1");
|
|
79
79
|
}
|
|
80
80
|
async function sleep(ms, signal) {
|
|
81
|
-
if (signal?.aborted)
|
|
81
|
+
if (signal?.aborted) {
|
|
82
82
|
throw signal.reason ?? new DOMException("Aborted", "AbortError");
|
|
83
|
+
}
|
|
83
84
|
await new Promise((resolve, reject) => {
|
|
84
85
|
const timer = setTimeout(() => {
|
|
85
86
|
signal?.removeEventListener("abort", onAbort);
|
|
@@ -92,12 +93,30 @@ async function sleep(ms, signal) {
|
|
|
92
93
|
signal?.addEventListener("abort", onAbort, { once: true });
|
|
93
94
|
});
|
|
94
95
|
}
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
96
|
+
async function responseErrorDetail(response) {
|
|
97
|
+
const text = await response.text();
|
|
98
|
+
if (!text)
|
|
99
|
+
return null;
|
|
100
|
+
try {
|
|
101
|
+
const parsed = JSON.parse(text);
|
|
102
|
+
if (typeof parsed.reason === "string" && parsed.reason.length > 0) {
|
|
103
|
+
return parsed.reason;
|
|
104
|
+
}
|
|
105
|
+
if (typeof parsed.message === "string" && parsed.message.length > 0) {
|
|
106
|
+
return parsed.message;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
catch {
|
|
110
|
+
// Fall through to raw text below.
|
|
111
|
+
}
|
|
112
|
+
return text;
|
|
113
|
+
}
|
|
114
|
+
export async function deriveDeviceIdentity(deviceRootSecret) {
|
|
115
|
+
if (deviceRootSecret.length !== 32) {
|
|
116
|
+
throw new Error(`Invalid device root secret length: ${deviceRootSecret.length} (expected 32)`);
|
|
98
117
|
}
|
|
99
|
-
const identitySeed = await hkdfSha256(
|
|
100
|
-
const activationKey = await hkdfSha256(
|
|
118
|
+
const identitySeed = await hkdfSha256(deviceRootSecret, DEVICE_IDENTITY_HKDF_INFO, 32);
|
|
119
|
+
const activationKey = await hkdfSha256(deviceRootSecret, DEVICE_ACTIVATION_HKDF_INFO, 32);
|
|
101
120
|
const identitySeedBase64url = base64urlEncode(identitySeed);
|
|
102
121
|
const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(identitySeedBase64url);
|
|
103
122
|
const publicIdentityKey = await publicKeyBase64urlFromPrivateKey(identityPrivateKey);
|
|
@@ -109,17 +128,17 @@ export async function deriveWorkloadIdentity(workloadRootSecret) {
|
|
|
109
128
|
activationKeyBase64url: base64urlEncode(activationKey),
|
|
110
129
|
};
|
|
111
130
|
}
|
|
112
|
-
export async function
|
|
131
|
+
export async function deriveDeviceQrMac(input) {
|
|
113
132
|
const activationKey = normalizeSecretBytes(input.activationKey, "activationKey");
|
|
114
133
|
const mac = await hmacSha256(activationKey, concatBytes([
|
|
115
|
-
utf8(
|
|
134
|
+
utf8(DEVICE_QR_MAC_DOMAIN),
|
|
116
135
|
utf8(input.publicIdentityKey),
|
|
117
136
|
utf8(input.nonce),
|
|
118
137
|
]));
|
|
119
138
|
return base64urlEncode(mac.slice(0, 8));
|
|
120
139
|
}
|
|
121
|
-
export async function
|
|
122
|
-
const qrMac = await
|
|
140
|
+
export async function buildDeviceActivationPayload(input) {
|
|
141
|
+
const qrMac = await deriveDeviceQrMac(input);
|
|
123
142
|
return {
|
|
124
143
|
v: 1,
|
|
125
144
|
publicIdentityKey: input.publicIdentityKey,
|
|
@@ -127,37 +146,40 @@ export async function buildWorkloadActivationPayload(input) {
|
|
|
127
146
|
qrMac,
|
|
128
147
|
};
|
|
129
148
|
}
|
|
130
|
-
export function
|
|
149
|
+
export function encodeDeviceActivationPayload(payload) {
|
|
131
150
|
return base64urlEncode(utf8(JSON.stringify(payload)));
|
|
132
151
|
}
|
|
133
|
-
export function
|
|
152
|
+
export function parseDeviceActivationPayload(value) {
|
|
134
153
|
const decoded = new TextDecoder().decode(base64urlDecode(value));
|
|
135
154
|
const parsed = JSON.parse(decoded);
|
|
136
|
-
if (!Value.Check(
|
|
137
|
-
throw new Error("Invalid
|
|
155
|
+
if (!Value.Check(DeviceActivationPayloadSchema, parsed)) {
|
|
156
|
+
throw new Error("Invalid device activation payload");
|
|
138
157
|
}
|
|
139
158
|
return parsed;
|
|
140
159
|
}
|
|
141
|
-
export function
|
|
160
|
+
export function buildDeviceActivationUrl(args) {
|
|
142
161
|
const baseUrl = new URL(args.trellisUrl);
|
|
143
|
-
baseUrl.pathname = "/auth/
|
|
144
|
-
baseUrl.searchParams.set("payload", typeof args.payload === "string"
|
|
162
|
+
baseUrl.pathname = "/auth/devices/activate";
|
|
163
|
+
baseUrl.searchParams.set("payload", typeof args.payload === "string"
|
|
164
|
+
? args.payload
|
|
165
|
+
: encodeDeviceActivationPayload(args.payload));
|
|
145
166
|
return baseUrl.toString();
|
|
146
167
|
}
|
|
147
|
-
export async function
|
|
168
|
+
export async function deriveDeviceConfirmationCode(input) {
|
|
148
169
|
const activationKey = normalizeSecretBytes(input.activationKey, "activationKey");
|
|
149
170
|
const mac = await hmacSha256(activationKey, concatBytes([
|
|
150
|
-
utf8(
|
|
171
|
+
utf8(DEVICE_CONFIRMATION_DOMAIN),
|
|
151
172
|
utf8(input.publicIdentityKey),
|
|
152
173
|
utf8(input.nonce),
|
|
153
174
|
]));
|
|
154
175
|
return crockfordEncode(mac.slice(0, 5)).slice(0, 8);
|
|
155
176
|
}
|
|
156
|
-
export async function
|
|
157
|
-
const expected = await
|
|
158
|
-
return normalizeCrockford(expected) ===
|
|
177
|
+
export async function verifyDeviceConfirmationCode(input) {
|
|
178
|
+
const expected = await deriveDeviceConfirmationCode(input);
|
|
179
|
+
return normalizeCrockford(expected) ===
|
|
180
|
+
normalizeCrockford(input.confirmationCode);
|
|
159
181
|
}
|
|
160
|
-
export function
|
|
182
|
+
export function buildDeviceWaitProofInput(publicIdentityKey, nonce, iat) {
|
|
161
183
|
const enc = new TextEncoder();
|
|
162
184
|
const publicIdentityKeyBytes = enc.encode(publicIdentityKey);
|
|
163
185
|
const nonceBytes = enc.encode(nonce);
|
|
@@ -180,11 +202,11 @@ export function buildWorkloadWaitProofInput(publicIdentityKey, nonce, iat) {
|
|
|
180
202
|
buf.set(iatBytes, offset);
|
|
181
203
|
return buf;
|
|
182
204
|
}
|
|
183
|
-
export async function
|
|
205
|
+
export async function signDeviceWaitRequest(args) {
|
|
184
206
|
const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
|
|
185
207
|
const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(base64urlEncode(identitySeed));
|
|
186
208
|
const iat = args.iat ?? Math.floor(Date.now() / 1_000);
|
|
187
|
-
const proofInput =
|
|
209
|
+
const proofInput = buildDeviceWaitProofInput(args.publicIdentityKey, args.nonce, iat);
|
|
188
210
|
const proofHash = await sha256(proofInput);
|
|
189
211
|
const signature = new Uint8Array(await crypto.subtle.sign("Ed25519", identityPrivateKey, toArrayBuffer(proofHash)));
|
|
190
212
|
return {
|
|
@@ -195,7 +217,7 @@ export async function signWorkloadWaitRequest(args) {
|
|
|
195
217
|
sig: base64urlEncode(signature),
|
|
196
218
|
};
|
|
197
219
|
}
|
|
198
|
-
export async function
|
|
220
|
+
export async function createDeviceNatsAuthToken(args) {
|
|
199
221
|
const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
|
|
200
222
|
const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(base64urlEncode(identitySeed));
|
|
201
223
|
const iat = args.iat ?? Math.floor(Date.now() / 1_000);
|
|
@@ -209,35 +231,38 @@ export async function createWorkloadNatsAuthToken(args) {
|
|
|
209
231
|
contractDigest: args.contractDigest,
|
|
210
232
|
};
|
|
211
233
|
}
|
|
212
|
-
export async function
|
|
234
|
+
export async function waitForDeviceActivation(args) {
|
|
213
235
|
const pollIntervalMs = args.pollIntervalMs ?? DEFAULT_WAIT_POLL_INTERVAL_MS;
|
|
214
236
|
while (true) {
|
|
215
|
-
const request = await
|
|
216
|
-
const response = await fetch(new URL("/auth/
|
|
237
|
+
const request = await signDeviceWaitRequest(args);
|
|
238
|
+
const response = await fetch(new URL("/auth/devices/activate/wait", args.trellisUrl), {
|
|
217
239
|
method: "POST",
|
|
218
240
|
headers: { "Content-Type": "application/json" },
|
|
219
241
|
body: JSON.stringify(request),
|
|
220
242
|
signal: args.signal,
|
|
221
243
|
});
|
|
222
244
|
if (!response.ok) {
|
|
223
|
-
|
|
245
|
+
const detail = await responseErrorDetail(response);
|
|
246
|
+
throw new Error(detail
|
|
247
|
+
? `device activation wait failed: ${response.status} ${detail}`
|
|
248
|
+
: `device activation wait failed: ${response.status}`);
|
|
224
249
|
}
|
|
225
250
|
const body = await response.json();
|
|
226
|
-
if (!Value.Check(
|
|
227
|
-
throw new Error("Invalid
|
|
251
|
+
if (!Value.Check(WaitForDeviceActivationResponseSchema, body)) {
|
|
252
|
+
throw new Error("Invalid device activation wait response");
|
|
228
253
|
}
|
|
229
254
|
if (body.status === "pending") {
|
|
230
255
|
await sleep(pollIntervalMs, args.signal);
|
|
231
256
|
continue;
|
|
232
257
|
}
|
|
233
258
|
if (body.status === "rejected") {
|
|
234
|
-
throw new Error(`
|
|
259
|
+
throw new Error(`device activation rejected: ${body.reason ?? "unknown_reason"}`);
|
|
235
260
|
}
|
|
236
261
|
return body;
|
|
237
262
|
}
|
|
238
263
|
}
|
|
239
|
-
export async function
|
|
240
|
-
const request = await
|
|
264
|
+
export async function getDeviceConnectInfo(args) {
|
|
265
|
+
const request = await signDeviceWaitRequest({
|
|
241
266
|
publicIdentityKey: args.publicIdentityKey,
|
|
242
267
|
identitySeed: args.identitySeed,
|
|
243
268
|
contractDigest: args.contractDigest,
|
|
@@ -250,41 +275,41 @@ export async function getWorkloadConnectInfo(args) {
|
|
|
250
275
|
iat: request.iat,
|
|
251
276
|
sig: request.sig,
|
|
252
277
|
};
|
|
253
|
-
const response = await fetch(new URL("/auth/
|
|
278
|
+
const response = await fetch(new URL("/auth/devices/connect-info", args.trellisUrl), {
|
|
254
279
|
method: "POST",
|
|
255
280
|
headers: { "Content-Type": "application/json" },
|
|
256
281
|
body: JSON.stringify(payload),
|
|
257
282
|
});
|
|
258
283
|
if (!response.ok) {
|
|
259
|
-
throw new Error(`
|
|
284
|
+
throw new Error(`device connect info failed: ${response.status}`);
|
|
260
285
|
}
|
|
261
286
|
const body = await response.json();
|
|
262
|
-
if (!Value.Check(
|
|
263
|
-
throw new Error("Invalid
|
|
287
|
+
if (!Value.Check(AuthGetDeviceConnectInfoResponseSchema, body)) {
|
|
288
|
+
throw new Error("Invalid device connect info response");
|
|
264
289
|
}
|
|
265
290
|
return body;
|
|
266
291
|
}
|
|
267
|
-
export function
|
|
292
|
+
export function createDeviceActivationClient(client) {
|
|
268
293
|
return {
|
|
269
|
-
|
|
270
|
-
return client.requestOrThrow("Auth.
|
|
294
|
+
activateDevice(input) {
|
|
295
|
+
return client.requestOrThrow("Auth.ActivateDevice", input);
|
|
271
296
|
},
|
|
272
|
-
|
|
273
|
-
return client.requestOrThrow("Auth.
|
|
297
|
+
getDeviceActivationStatus(input) {
|
|
298
|
+
return client.requestOrThrow("Auth.GetDeviceActivationStatus", input);
|
|
274
299
|
},
|
|
275
|
-
|
|
276
|
-
return client.requestOrThrow("Auth.
|
|
300
|
+
listDeviceActivations(input = {}) {
|
|
301
|
+
return client.requestOrThrow("Auth.ListDeviceActivations", input);
|
|
277
302
|
},
|
|
278
|
-
|
|
279
|
-
return client.requestOrThrow("Auth.
|
|
303
|
+
revokeDeviceActivation(input) {
|
|
304
|
+
return client.requestOrThrow("Auth.RevokeDeviceActivation", input);
|
|
280
305
|
},
|
|
281
|
-
|
|
282
|
-
return client.requestOrThrow("Auth.
|
|
306
|
+
getDeviceConnectInfo(input) {
|
|
307
|
+
return client.requestOrThrow("Auth.GetDeviceConnectInfo", input);
|
|
283
308
|
},
|
|
284
309
|
};
|
|
285
310
|
}
|
|
286
|
-
export async function
|
|
311
|
+
export async function verifyDeviceWaitSignature(input) {
|
|
287
312
|
const publicKey = await importEd25519PublicKeyFromBase64url(input.publicIdentityKey);
|
|
288
|
-
const proofHash = await sha256(
|
|
313
|
+
const proofHash = await sha256(buildDeviceWaitProofInput(input.publicIdentityKey, input.nonce, input.iat));
|
|
289
314
|
return await crypto.subtle.verify("Ed25519", publicKey, toArrayBuffer(base64urlDecode(input.sig)), toArrayBuffer(proofHash));
|
|
290
315
|
}
|
package/esm/auth/mod.d.ts
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
* - Proofs are Ed25519 signatures over SHA-256(buildProofInput(...)).
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
|
-
export {
|
|
10
|
+
export { type AuthActivateDeviceInput, type AuthActivateDeviceOutput, type AuthGetDeviceActivationStatusInput, type AuthGetDeviceActivationStatusOutput, type AuthListDeviceActivationsInput, type AuthListDeviceActivationsOutput, type AuthRevokeDeviceActivationInput, type AuthRevokeDeviceActivationResponse, buildDeviceActivationPayload, buildDeviceActivationUrl, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, encodeDeviceActivationPayload, getDeviceConnectInfo, type GetDeviceConnectInfoInput, type GetDeviceConnectInfoOutput, parseDeviceActivationPayload, signDeviceWaitRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, type DeviceActivationPayload, type DeviceActivationWaitRequest, type WaitForDeviceActivationResponse, type DeviceActivationTransport, type DeviceIdentity, } from "./device_activation.js";
|
|
11
11
|
export { type AuthConfig, bindFlow, bindSession, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForBindingToken, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, signBytes, submitPortalApproval, } from "./browser.js";
|
|
12
12
|
export { buildProofInput, createProof, type ProofParams, verifyProof, } from "./proof.js";
|
|
13
|
-
export { ApprovalRecordViewSchema,
|
|
13
|
+
export { ApprovalRecordViewSchema, AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthClearDevicePortalSelectionResponseSchema, AuthClearDevicePortalSelectionSchema, AuthClearLoginPortalSelectionResponseSchema, AuthClearLoginPortalSelectionSchema, AuthCreateDeviceProfileResponseSchema, AuthCreateDeviceProfileSchema, AuthCreatePortalResponseSchema, AuthCreatePortalSchema, AuthDecideDeviceActivationReviewResponseSchema, AuthDecideDeviceActivationReviewSchema, AuthDeviceActivationReviewRequestedEventSchema, AuthDisableDeviceInstanceResponseSchema, AuthDisableDeviceInstanceSchema, AuthDisableInstanceGrantPolicyResponseSchema, AuthDisableInstanceGrantPolicySchema, AuthDisableDeviceProfileResponseSchema, AuthDisableDeviceProfileSchema, AuthDisablePortalResponseSchema, AuthDisablePortalSchema, type AuthenticatedDevice, AuthenticatedDeviceSchema, type AuthenticatedService, type AuthenticatedUser, AuthGetDeviceActivationStatusResponseSchema, AuthGetDeviceActivationStatusSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthGetDevicePortalDefaultResponseSchema, AuthGetDevicePortalDefaultSchema, AuthGetInstalledContractResponseSchema, AuthGetInstalledContractSchema, AuthGetLoginPortalDefaultResponseSchema, AuthGetLoginPortalDefaultSchema, AuthInstallServiceResponseSchema, AuthInstallServiceSchema, AuthListApprovalsResponseSchema, AuthListApprovalsSchema, AuthListDeviceActivationReviewsResponseSchema, AuthListDeviceActivationReviewsSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthListDeviceInstancesResponseSchema, AuthListDeviceInstancesSchema, AuthListInstanceGrantPoliciesResponseSchema, AuthListInstanceGrantPoliciesSchema, AuthListDevicePortalSelectionsResponseSchema, AuthListDevicePortalSelectionsSchema, AuthListDeviceProfilesResponseSchema, AuthListDeviceProfilesSchema, AuthListInstalledContractsResponseSchema, AuthListInstalledContractsSchema, AuthListLoginPortalSelectionsResponseSchema, AuthListLoginPortalSelectionsSchema, AuthListPortalsResponseSchema, AuthListPortalsSchema, AuthListServicesResponseSchema, AuthListServicesSchema, AuthListUsersResponseSchema, AuthListUsersSchema, type AuthMeResponse, AuthMeResponseSchema, AuthMeSchema, AuthProvisionDeviceInstanceResponseSchema, AuthProvisionDeviceInstanceSchema, AuthRevokeApprovalResponseSchema, AuthRevokeApprovalSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, AuthSetDevicePortalDefaultResponseSchema, AuthSetDevicePortalDefaultSchema, AuthSetDevicePortalSelectionResponseSchema, AuthSetDevicePortalSelectionSchema, AuthUpsertInstanceGrantPolicyResponseSchema, AuthUpsertInstanceGrantPolicySchema, AuthSetLoginPortalDefaultResponseSchema, AuthSetLoginPortalDefaultSchema, AuthSetLoginPortalSelectionResponseSchema, AuthSetLoginPortalSelectionSchema, AuthUpdateUserResponseSchema, AuthUpdateUserSchema, AuthUpgradeServiceContractResponseSchema, AuthUpgradeServiceContractSchema, AuthValidateRequestResponseSchema, AuthValidateRequestSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, type DeviceActivationRecord, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, type DevicePortalDefault, DevicePortalDefaultSchema, type DevicePortalSelection, DevicePortalSelectionSchema, DeviceProfileSchema, DeviceSchema, DigestSchema, InstalledContractDetailSchema, InstalledContractSchema, type InstanceGrantPolicy, InstanceGrantPolicySchema, LoginPortalDefaultSchema, LoginPortalSelectionSchema, OpenObjectSchema, type PortalFlowApp, type PortalFlowApproval, type PortalFlowApprovalDeniedState, type PortalFlowApprovalRequiredState, type PortalFlowChooseProviderState, type PortalFlowExpiredState, type PortalFlowInsufficientCapabilitiesState, type PortalFlowProvider, type PortalFlowRedirectState, type PortalFlowState, PortalFlowStateSchema, type PortalFlowUser, PortalSchema, ServiceViewSchema, UserViewSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
14
14
|
export { type ApprovalDecision, ApprovalDecisionSchema, type BindRequest, BindRequestSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, type ContractApproval, ContractApprovalSchema, type LoginQuery, LoginQuerySchema, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, } from "./schemas.js";
|
|
15
15
|
export { createAuth, type NatsConnectOptions, type TrellisAuth, } from "./session_auth.js";
|
|
16
16
|
export { trellisIdFromOriginId } from "./trellis_id.js";
|
package/esm/auth/mod.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,4BAA4B,EAC5B,wBAAwB,EACxB,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,EACpC,KAAK,yBAAyB,EAC9B,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,WAAW,EACX,aAAa,EACb,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,SAAS,EACT,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,4CAA4C,EAC5C,oCAAoC,EACpC,2CAA2C,EAC3C,mCAAmC,EACnC,qCAAqC,EACrC,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,8CAA8C,EAC9C,sCAAsC,EACtC,8CAA8C,EAC9C,uCAAuC,EACvC,+BAA+B,EAC/B,4CAA4C,EAC5C,oCAAoC,EACpC,sCAAsC,EACtC,8BAA8B,EAC9B,+BAA+B,EAC/B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,2CAA2C,EAC3C,mCAAmC,EACnC,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6CAA6C,EAC7C,qCAAqC,EACrC,uCAAuC,EACvC,+BAA+B,EAC/B,qCAAqC,EACrC,6BAA6B,EAC7B,2CAA2C,EAC3C,mCAAmC,EACnC,4CAA4C,EAC5C,oCAAoC,EACpC,oCAAoC,EACpC,4BAA4B,EAC5B,wCAAwC,EACxC,gCAAgC,EAChC,2CAA2C,EAC3C,mCAAmC,EACnC,6BAA6B,EAC7B,qBAAqB,EACrB,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,mBAAmB,EACnB,KAAK,cAAc,EACnB,oBAAoB,EACpB,YAAY,EACZ,yCAAyC,EACzC,iCAAiC,EACjC,gCAAgC,EAChC,wBAAwB,EACxB,wCAAwC,EACxC,gCAAgC,EAChC,wCAAwC,EACxC,gCAAgC,EAChC,0CAA0C,EAC1C,kCAAkC,EAClC,2CAA2C,EAC3C,mCAAmC,EACnC,uCAAuC,EACvC,+BAA+B,EAC/B,yCAAyC,EACzC,iCAAiC,EACjC,4BAA4B,EAC5B,oBAAoB,EACpB,wCAAwC,EACxC,gCAAgC,EAChC,iCAAiC,EACjC,yBAAyB,EACzB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,6BAA6B,EAC7B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,EAC1B,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,WAAW,EAChB,iBAAiB,EACjB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,UAAU,EACf,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
package/esm/auth/mod.js
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
* - Proofs are Ed25519 signatures over SHA-256(buildProofInput(...)).
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
|
-
export {
|
|
10
|
+
export { buildDeviceActivationPayload, buildDeviceActivationUrl, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, encodeDeviceActivationPayload, getDeviceConnectInfo, parseDeviceActivationPayload, signDeviceWaitRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, } from "./device_activation.js";
|
|
11
11
|
export { bindFlow, bindSession, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForBindingToken, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, signBytes, submitPortalApproval, } from "./browser.js";
|
|
12
12
|
export { buildProofInput, createProof, verifyProof, } from "./proof.js";
|
|
13
|
-
export { ApprovalRecordViewSchema,
|
|
13
|
+
export { ApprovalRecordViewSchema, AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthClearDevicePortalSelectionResponseSchema, AuthClearDevicePortalSelectionSchema, AuthClearLoginPortalSelectionResponseSchema, AuthClearLoginPortalSelectionSchema, AuthCreateDeviceProfileResponseSchema, AuthCreateDeviceProfileSchema, AuthCreatePortalResponseSchema, AuthCreatePortalSchema, AuthDecideDeviceActivationReviewResponseSchema, AuthDecideDeviceActivationReviewSchema, AuthDeviceActivationReviewRequestedEventSchema, AuthDisableDeviceInstanceResponseSchema, AuthDisableDeviceInstanceSchema, AuthDisableInstanceGrantPolicyResponseSchema, AuthDisableInstanceGrantPolicySchema, AuthDisableDeviceProfileResponseSchema, AuthDisableDeviceProfileSchema, AuthDisablePortalResponseSchema, AuthDisablePortalSchema, AuthenticatedDeviceSchema, AuthGetDeviceActivationStatusResponseSchema, AuthGetDeviceActivationStatusSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthGetDevicePortalDefaultResponseSchema, AuthGetDevicePortalDefaultSchema, AuthGetInstalledContractResponseSchema, AuthGetInstalledContractSchema, AuthGetLoginPortalDefaultResponseSchema, AuthGetLoginPortalDefaultSchema, AuthInstallServiceResponseSchema, AuthInstallServiceSchema, AuthListApprovalsResponseSchema, AuthListApprovalsSchema, AuthListDeviceActivationReviewsResponseSchema, AuthListDeviceActivationReviewsSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthListDeviceInstancesResponseSchema, AuthListDeviceInstancesSchema, AuthListInstanceGrantPoliciesResponseSchema, AuthListInstanceGrantPoliciesSchema, AuthListDevicePortalSelectionsResponseSchema, AuthListDevicePortalSelectionsSchema, AuthListDeviceProfilesResponseSchema, AuthListDeviceProfilesSchema, AuthListInstalledContractsResponseSchema, AuthListInstalledContractsSchema, AuthListLoginPortalSelectionsResponseSchema, AuthListLoginPortalSelectionsSchema, AuthListPortalsResponseSchema, AuthListPortalsSchema, AuthListServicesResponseSchema, AuthListServicesSchema, AuthListUsersResponseSchema, AuthListUsersSchema, AuthMeResponseSchema, AuthMeSchema, AuthProvisionDeviceInstanceResponseSchema, AuthProvisionDeviceInstanceSchema, AuthRevokeApprovalResponseSchema, AuthRevokeApprovalSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, AuthSetDevicePortalDefaultResponseSchema, AuthSetDevicePortalDefaultSchema, AuthSetDevicePortalSelectionResponseSchema, AuthSetDevicePortalSelectionSchema, AuthUpsertInstanceGrantPolicyResponseSchema, AuthUpsertInstanceGrantPolicySchema, AuthSetLoginPortalDefaultResponseSchema, AuthSetLoginPortalDefaultSchema, AuthSetLoginPortalSelectionResponseSchema, AuthSetLoginPortalSelectionSchema, AuthUpdateUserResponseSchema, AuthUpdateUserSchema, AuthUpgradeServiceContractResponseSchema, AuthUpgradeServiceContractSchema, AuthValidateRequestResponseSchema, AuthValidateRequestSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, DevicePortalDefaultSchema, DevicePortalSelectionSchema, DeviceProfileSchema, DeviceSchema, DigestSchema, InstalledContractDetailSchema, InstalledContractSchema, InstanceGrantPolicySchema, LoginPortalDefaultSchema, LoginPortalSelectionSchema, OpenObjectSchema, PortalFlowStateSchema, PortalSchema, ServiceViewSchema, UserViewSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
14
14
|
export { ApprovalDecisionSchema, BindRequestSchema, BindResponseSchema, BindSuccessResponseSchema, ContractApprovalSchema, LoginQuerySchema, NatsAuthTokenV1Schema, SentinelCredsSchema, } from "./schemas.js";
|
|
15
15
|
export { createAuth, } from "./session_auth.js";
|
|
16
16
|
export { trellisIdFromOriginId } from "./trellis_id.js";
|