@qnsp/tenant-sdk 0.1.1 → 0.2.0

package/CHANGELOG.md

@@ -1,5 +1,53 @@
 # @qnsp/tenant-sdk
 
+## 0.2.0
+
+### Minor Changes
+
+- Add tenant crypto policy integration and PQC algorithm utilities to all SDKs.
+
+  ### @qnsp/tenant-sdk
+
+  - Added crypto policy management APIs: `getTenantCryptoPolicy()`, `upsertTenantCryptoPolicy()`
+  - Added algorithm query methods: `getAllowedKemAlgorithms()`, `getAllowedSignatureAlgorithms()`, `getDefaultKemAlgorithm()`, `getDefaultSignatureAlgorithm()`
+  - Added `CRYPTO_POLICY_ALGORITHMS` tier configurations
+  - Added `toNistAlgorithmName()` and `ALGORITHM_TO_NIST` utilities
+
+  ### @qnsp/storage-sdk
+
+  - Added `PqcMetadata` interface with `algorithmNist` field
+  - `initiateUpload()` now returns NIST algorithm name
+  - Added `toNistAlgorithmName()` utility
+
+  ### @qnsp/auth-sdk
+
+  - Added `PqcSignatureMetadata` interface
+  - Added `toNistAlgorithmName()` and `ALGORITHM_TO_NIST` for signature algorithms
+
+  ### @qnsp/vault-sdk
+
+  - Enhanced `VaultSecretPqcMetadata` with `algorithmNist` field
+  - Added `toNistAlgorithmName()` utility
+
+  ### @qnsp/kms-client
+
+  - Added `KmsPqcMetadata` interface
+  - `wrapKey()` now returns `algorithmNist` field
+  - Added `toNistAlgorithmName()` utility
+
+  ### @qnsp/audit-sdk
+
+  - Added `toNistAlgorithmName()` and `ALGORITHM_TO_NIST` for signature algorithms
+
+  ### @qnsp/access-control-sdk
+
+  - Added `toNistAlgorithmName()` and `ALGORITHM_TO_NIST` for signature algorithms
+
+  ### Documentation
+
+  - Updated all SDK documentation with crypto policy integration examples
+  - Added algorithm naming conventions (internal vs NIST)
+
 ## 0.1.1
 
 ### Patch Changes

package/dist/index.d.ts

@@ -14,6 +14,62 @@ export interface TenantClientConfig {
     readonly retryDelayMs?: number;
 }
 export type TenantStatus = "active" | "suspended" | "pending" | "deleted";
+/**
+ * Crypto policy tier determines which PQC algorithms are allowed.
+ * Maps to tenant_crypto_policies.policy_tier in tenant-service.
+ */
+export type CryptoPolicyTier = "default" | "strict" | "maximum" | "government";
+/**
+ * Tenant crypto policy configuration.
+ */
+export interface TenantCryptoPolicy {
+    readonly tenantId: string;
+    readonly policyTier: CryptoPolicyTier;
+    readonly customAllowedKemAlgorithms: readonly string[] | null;
+    readonly customAllowedSignatureAlgorithms: readonly string[] | null;
+    readonly customAllowedSymmetricAlgorithms?: readonly string[] | null;
+    readonly customForbiddenAlgorithms?: readonly string[] | null;
+    readonly requireHsmForRootKeys: boolean;
+    readonly maxKeyAgeDays: number;
+    readonly enforcementMode?: "audit" | "enforce";
+    readonly createdAt: string;
+    readonly updatedAt: string;
+}
+/**
+ * Input for creating or updating a tenant crypto policy.
+ */
+export interface TenantCryptoPolicyInput {
+    readonly policyTier: CryptoPolicyTier;
+    readonly customAllowedKemAlgorithms?: readonly string[] | null;
+    readonly customAllowedSignatureAlgorithms?: readonly string[] | null;
+    readonly requireHsmForRootKeys?: boolean;
+    readonly maxKeyAgeDays?: number;
+}
+/**
+ * Algorithm configuration per crypto policy tier.
+ */
+export interface TierAlgorithmConfig {
+    readonly kemAlgorithms: readonly string[];
+    readonly signatureAlgorithms: readonly string[];
+    readonly defaultKemAlgorithm: string;
+    readonly defaultSignatureAlgorithm: string;
+}
+/**
+ * Default algorithms per crypto policy tier.
+ */
+export declare const CRYPTO_POLICY_ALGORITHMS: Record<CryptoPolicyTier, TierAlgorithmConfig>;
+/**
+ * Mapping from internal algorithm names to NIST standardized names.
+ */
+export declare const ALGORITHM_TO_NIST: Record<string, string>;
+/**
+ * Convert internal algorithm name to NIST standardized name.
+ */
+export declare function toNistAlgorithmName(internal: string): string;
+/**
+ * Get algorithm config for a crypto policy tier.
+ */
+export declare function getAlgorithmConfigForTier(tier: CryptoPolicyTier): TierAlgorithmConfig;
 export interface TenantSecurityEnvelope {
     readonly controlPlaneTokenSha256: string | null;
     readonly pqcSignatures: readonly {
@@ -110,6 +166,35 @@ export declare class TenantClient {
         readonly limit?: number;
         readonly cursor?: string;
     }): Promise<ListTenantsResponse>;
+    /**
+     * Get the crypto policy for a tenant.
+     * Returns the tenant's crypto policy configuration including allowed algorithms.
+     * If no policy exists, a default policy is created and returned.
+     */
+    getTenantCryptoPolicy(tenantId: string): Promise<TenantCryptoPolicy>;
+    /**
+     * Create or update the crypto policy for a tenant.
+     * Sets the policy tier and optional custom algorithm restrictions.
+     */
+    upsertTenantCryptoPolicy(tenantId: string, policy: TenantCryptoPolicyInput): Promise<TenantCryptoPolicy>;
+    /**
+     * Get the allowed KEM algorithms for a tenant based on their crypto policy.
+     * Convenience method that fetches the policy and returns the allowed algorithms.
+     */
+    getAllowedKemAlgorithms(tenantId: string): Promise<readonly string[]>;
+    /**
+     * Get the allowed signature algorithms for a tenant based on their crypto policy.
+     * Convenience method that fetches the policy and returns the allowed algorithms.
+     */
+    getAllowedSignatureAlgorithms(tenantId: string): Promise<readonly string[]>;
+    /**
+     * Get the default KEM algorithm for a tenant based on their crypto policy tier.
+     */
+    getDefaultKemAlgorithm(tenantId: string): Promise<string>;
+    /**
+     * Get the default signature algorithm for a tenant based on their crypto policy tier.
+     */
+    getDefaultSignatureAlgorithm(tenantId: string): Promise<string>;
 }
 export * from "./observability.js";
 export * from "./validation.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACX,qBAAqB,EACrB,2BAA2B,EAE3B,MAAM,oBAAoB,CAAC;AAI5B;;;;;GAKG;AAEH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,qBAAqB,GAAG,2BAA2B,CAAC;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAC/B;AAUD,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E,MAAM,WAAW,sBAAsB;IACtC,QAAQ,CAAC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC3B,EAAE,CAAC;IACJ,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;KAC5B,EAAE,CAAC;IACJ,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAWD,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA+B;IACzD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,kBAAkB;YAqCxB,OAAO;YAIP,gBAAgB;IA6G9B,OAAO,CAAC,oBAAoB;IAO5B;;;OAGG;IACG,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBjE;;;OAGG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB7E;;;OAGG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQ5C;;;OAGG;IACG,WAAW,CAAC,OAAO,CAAC,EAAE;QAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAehC;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACX,qBAAqB,EACrB,2BAA2B,EAE3B,MAAM,oBAAoB,CAAC;AAI5B;;;;;GAKG;AAEH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,qBAAqB,GAAG,2BAA2B,CAAC;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAC/B;AAUD,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,0BAA0B,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC9D,QAAQ,CAAC,gCAAgC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACpE,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACrE,QAAQ,CAAC,yBAAyB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC9D,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC/C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/D,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACrE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IAChD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,yBAAyB,EAAE,MAAM,CAAC;CAC3C;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAyBlF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAWpD,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,GAAG,mBAAmB,CAErF;AAED,MAAM,WAAW,sBAAsB;IACtC,QAAQ,CAAC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC3B,EAAE,CAAC;IACJ,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;KAC5B,EAAE,CAAC;IACJ,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAWD,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA+B;IACzD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,kBAAkB;YAqCxB,OAAO;YAIP,gBAAgB;IA6G9B,OAAO,CAAC,oBAAoB;IAO5B;;;OAGG;IACG,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBjE;;;OAGG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB7E;;;OAGG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQ5C;;;OAGG;IACG,WAAW,CAAC,OAAO,CAAC,EAAE;QAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAgBhC;;;;OAIG;IACG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAQ1E;;;OAGG;IACG,wBAAwB,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAqB9B;;;OAGG;IACG,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC;IAQ3E;;;OAGG;IACG,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC;IAWjF;;OAEG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK/D;;OAEG;IACG,4BAA4B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAIrE;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}

package/dist/index.js

@@ -1,6 +1,62 @@
 import { performance } from "node:perf_hooks";
 import { createTenantClientTelemetry, isTenantClientTelemetry } from "./observability.js";
 import { validateUUID } from "./validation.js";
+/**
+ * Default algorithms per crypto policy tier.
+ */
+export const CRYPTO_POLICY_ALGORITHMS = {
+    default: {
+        kemAlgorithms: ["kyber-512", "kyber-768", "kyber-1024"],
+        signatureAlgorithms: ["dilithium-2", "dilithium-3", "dilithium-5"],
+        defaultKemAlgorithm: "kyber-768",
+        defaultSignatureAlgorithm: "dilithium-3",
+    },
+    strict: {
+        kemAlgorithms: ["kyber-768", "kyber-1024"],
+        signatureAlgorithms: ["dilithium-3", "dilithium-5", "falcon-1024"],
+        defaultKemAlgorithm: "kyber-768",
+        defaultSignatureAlgorithm: "dilithium-3",
+    },
+    maximum: {
+        kemAlgorithms: ["kyber-1024"],
+        signatureAlgorithms: ["dilithium-5", "falcon-1024", "sphincs-shake-256f-simple"],
+        defaultKemAlgorithm: "kyber-1024",
+        defaultSignatureAlgorithm: "dilithium-5",
+    },
+    government: {
+        kemAlgorithms: ["kyber-1024"],
+        signatureAlgorithms: ["dilithium-5", "sphincs-shake-256f-simple"],
+        defaultKemAlgorithm: "kyber-1024",
+        defaultSignatureAlgorithm: "dilithium-5",
+    },
+};
+/**
+ * Mapping from internal algorithm names to NIST standardized names.
+ */
+export const ALGORITHM_TO_NIST = {
+    "kyber-512": "ML-KEM-512",
+    "kyber-768": "ML-KEM-768",
+    "kyber-1024": "ML-KEM-1024",
+    "dilithium-2": "ML-DSA-44",
+    "dilithium-3": "ML-DSA-65",
+    "dilithium-5": "ML-DSA-87",
+    "falcon-512": "FN-DSA-512",
+    "falcon-1024": "FN-DSA-1024",
+    "sphincs-shake-128f-simple": "SLH-DSA-SHAKE-128f",
+    "sphincs-shake-256f-simple": "SLH-DSA-SHAKE-256f",
+};
+/**
+ * Convert internal algorithm name to NIST standardized name.
+ */
+export function toNistAlgorithmName(internal) {
+    return ALGORITHM_TO_NIST[internal] ?? internal;
+}
+/**
+ * Get algorithm config for a crypto policy tier.
+ */
+export function getAlgorithmConfigForTier(tier) {
+    return CRYPTO_POLICY_ALGORITHMS[tier];
+}
 export class TenantClient {
     config;
     telemetry;
@@ -201,6 +257,77 @@ export class TenantClient {
             operation: "listTenants",
         });
     }
+    /**
+     * Get the crypto policy for a tenant.
+     * Returns the tenant's crypto policy configuration including allowed algorithms.
+     * If no policy exists, a default policy is created and returned.
+     */
+    async getTenantCryptoPolicy(tenantId) {
+        validateUUID(tenantId, "tenantId");
+        return this.request("GET", `/tenant/v1/tenants/${tenantId}/crypto-policy`, {
+            operation: "getTenantCryptoPolicy",
+        });
+    }
+    /**
+     * Create or update the crypto policy for a tenant.
+     * Sets the policy tier and optional custom algorithm restrictions.
+     */
+    async upsertTenantCryptoPolicy(tenantId, policy) {
+        validateUUID(tenantId, "tenantId");
+        return this.request("PUT", `/tenant/v1/tenants/${tenantId}/crypto-policy`, {
+            body: {
+                policyTier: policy.policyTier,
+                ...(policy.customAllowedKemAlgorithms !== undefined
+                    ? { customAllowedKemAlgorithms: policy.customAllowedKemAlgorithms }
+                    : {}),
+                ...(policy.customAllowedSignatureAlgorithms !== undefined
+                    ? { customAllowedSignatureAlgorithms: policy.customAllowedSignatureAlgorithms }
+                    : {}),
+                ...(policy.requireHsmForRootKeys !== undefined
+                    ? { requireHsmForRootKeys: policy.requireHsmForRootKeys }
+                    : {}),
+                ...(policy.maxKeyAgeDays !== undefined ? { maxKeyAgeDays: policy.maxKeyAgeDays } : {}),
+            },
+            operation: "upsertTenantCryptoPolicy",
+        });
+    }
+    /**
+     * Get the allowed KEM algorithms for a tenant based on their crypto policy.
+     * Convenience method that fetches the policy and returns the allowed algorithms.
+     */
+    async getAllowedKemAlgorithms(tenantId) {
+        const policy = await this.getTenantCryptoPolicy(tenantId);
+        if (policy.customAllowedKemAlgorithms && policy.customAllowedKemAlgorithms.length > 0) {
+            return policy.customAllowedKemAlgorithms;
+        }
+        return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].kemAlgorithms;
+    }
+    /**
+     * Get the allowed signature algorithms for a tenant based on their crypto policy.
+     * Convenience method that fetches the policy and returns the allowed algorithms.
+     */
+    async getAllowedSignatureAlgorithms(tenantId) {
+        const policy = await this.getTenantCryptoPolicy(tenantId);
+        if (policy.customAllowedSignatureAlgorithms &&
+            policy.customAllowedSignatureAlgorithms.length > 0) {
+            return policy.customAllowedSignatureAlgorithms;
+        }
+        return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].signatureAlgorithms;
+    }
+    /**
+     * Get the default KEM algorithm for a tenant based on their crypto policy tier.
+     */
+    async getDefaultKemAlgorithm(tenantId) {
+        const policy = await this.getTenantCryptoPolicy(tenantId);
+        return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].defaultKemAlgorithm;
+    }
+    /**
+     * Get the default signature algorithm for a tenant based on their crypto policy tier.
+     */
+    async getDefaultSignatureAlgorithm(tenantId) {
+        const policy = await this.getTenantCryptoPolicy(tenantId);
+        return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].defaultSignatureAlgorithm;
+    }
 }
 export * from "./observability.js";
 export * from "./validation.js";

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAO9C,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AA6G/C,MAAM,OAAO,YAAY;IACP,MAAM,CAA6B;IACnC,SAAS,CAA+B;IACxC,aAAa,CAAS;IAEvC,YAAY,MAA0B;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAElD,6EAA6E;QAC7E,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAClF,MAAM,aAAa,GAClB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC;YACjF,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CACd,0FAA0F,CAC1F,CAAC;YACH,CAAC;QACF,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACb,OAAO;YACP,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM;YACrC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;YAClC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,KAAK;SAC1C,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1C,CAAC,CAAC,MAAM,CAAC,SAAS;gBAClB,CAAC,CAAC,2BAA2B,CAAC,MAAM,CAAC,SAAS,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC;QAER,IAAI,CAAC;YACJ,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACR,IAAI,CAAC,aAAa,GAAG,gBAAgB,CAAC;QACvC,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,OAAwB;QAC9E,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC7B,MAAc,EACd,IAAY,EACZ,OAAmC,EACnC,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAC5C,MAAM,OAAO,GAA2B;YACvC,cAAc,EAAE,kBAAkB;YAClC,GAAG,OAAO,EAAE,OAAO;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC;QACpD,MAAM,KAAK,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACrF,MAAM,MAAM,GAAG,OAAO,EAAE,eAAe,IAAI,IAAI,CAAC,aAAa,CAAC;QAC9D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,IAAI,MAAM,GAAmB,IAAI,CAAC;QAClC,IAAI,UAA8B,CAAC;QACnC,IAAI,YAAgC,CAAC;QAErC,IAAI,CAAC;YACJ,MAAM,IAAI,GAAgB;gBACzB,MAAM;gBACN,OAAO;gBACP,MAAM;aACN,CAAC;YAEF,IAAI,OAAO,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAExC,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;YAE7B,8CAA8C;YAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBAC7D,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;oBAEvC,IAAI,gBAAgB,EAAE,CAAC;wBACtB,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;wBAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;4BAC/D,OAAO,GAAG,iBAAiB,GAAG,KAAK,CAAC;wBACrC,CAAC;oBACF,CAAC;yBAAM,CAAC;wBACP,mEAAmE;wBACnE,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;oBACrE,CAAC;oBAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;gBACrE,CAAC;gBAED,MAAM,GAAG,OAAO,CAAC;gBACjB,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CACd,+CAA+C,IAAI,CAAC,MAAM,CAAC,UAAU,UAAU,CAC/E,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,GAAG,OAAO,CAAC;gBACjB,2DAA2D;gBAC3D,4EAA4E;gBAC5E,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YAChF,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,OAAO,SAAc,CAAC;YACvB,CAAC;YAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,MAAM,GAAG,OAAO,CAAC;YACjB,IAAI,CAAC,YAAY,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC7C,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;YAC9B,CAAC;YACD,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3D,YAAY,GAAG,iBAAiB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;gBAAS,CAAC;YACV,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAC7C,MAAM,KAAK,GAA+B;gBACzC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,GAAG,MAAM,IAAI,KAAK,EAAE;gBACrD,MAAM;gBACN,KAAK;gBACL,MAAM;gBACN,MAAM;gBACN,UAAU;gBACV,GAAG,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzD,GAAG,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtE,CAAC;YACF,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;IACF,CAAC;IAEO,oBAAoB,CAAC,KAAiC;QAC7D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO;QACR,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC9C,uFAAuF;QACvF,OAAO,IAAI,CAAC,OAAO,CAAS,MAAM,EAAE,oBAAoB,EAAE;YACzD,IAAI,EAAE;gBACL,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,EAAU,EAAE,OAA4B;QAC1D,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,OAAO,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAChE,IAAI,EAAE;gBACL,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,EAAU;QACzB,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,KAAK,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAC9D,SAAS,EAAE,WAAW;SACtB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,OAGjB;QACA,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,OAAO,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,sBAAsB,WAAW,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAEtF,OAAO,IAAI,CAAC,OAAO,CAAsB,KAAK,EAAE,IAAI,EAAE;YACrD,SAAS,EAAE,aAAa;SACxB,CAAC,CAAC;IACJ,CAAC;CACD;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAO9C,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAwE/C;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAkD;IACtF,OAAO,EAAE;QACR,aAAa,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC;QACvD,mBAAmB,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC;QAClE,mBAAmB,EAAE,WAAW;QAChC,yBAAyB,EAAE,aAAa;KACxC;IACD,MAAM,EAAE;QACP,aAAa,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;QAC1C,mBAAmB,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC;QAClE,mBAAmB,EAAE,WAAW;QAChC,yBAAyB,EAAE,aAAa;KACxC;IACD,OAAO,EAAE;QACR,aAAa,EAAE,CAAC,YAAY,CAAC;QAC7B,mBAAmB,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,2BAA2B,CAAC;QAChF,mBAAmB,EAAE,YAAY;QACjC,yBAAyB,EAAE,aAAa;KACxC;IACD,UAAU,EAAE;QACX,aAAa,EAAE,CAAC,YAAY,CAAC;QAC7B,mBAAmB,EAAE,CAAC,aAAa,EAAE,2BAA2B,CAAC;QACjE,mBAAmB,EAAE,YAAY;QACjC,yBAAyB,EAAE,aAAa;KACxC;CACD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2B;IACxD,WAAW,EAAE,YAAY;IACzB,WAAW,EAAE,YAAY;IACzB,YAAY,EAAE,aAAa;IAC3B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,YAAY,EAAE,YAAY;IAC1B,aAAa,EAAE,aAAa;IAC5B,2BAA2B,EAAE,oBAAoB;IACjD,2BAA2B,EAAE,oBAAoB;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IACnD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAsB;IAC/D,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAmFD,MAAM,OAAO,YAAY;IACP,MAAM,CAA6B;IACnC,SAAS,CAA+B;IACxC,aAAa,CAAS;IAEvC,YAAY,MAA0B;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAElD,6EAA6E;QAC7E,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAClF,MAAM,aAAa,GAClB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC;YACjF,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CACd,0FAA0F,CAC1F,CAAC;YACH,CAAC;QACF,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACb,OAAO;YACP,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM;YACrC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;YAClC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,KAAK;SAC1C,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1C,CAAC,CAAC,MAAM,CAAC,SAAS;gBAClB,CAAC,CAAC,2BAA2B,CAAC,MAAM,CAAC,SAAS,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC;QAER,IAAI,CAAC;YACJ,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACR,IAAI,CAAC,aAAa,GAAG,gBAAgB,CAAC;QACvC,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,OAAwB;QAC9E,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC7B,MAAc,EACd,IAAY,EACZ,OAAmC,EACnC,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAC5C,MAAM,OAAO,GAA2B;YACvC,cAAc,EAAE,kBAAkB;YAClC,GAAG,OAAO,EAAE,OAAO;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC;QACpD,MAAM,KAAK,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACrF,MAAM,MAAM,GAAG,OAAO,EAAE,eAAe,IAAI,IAAI,CAAC,aAAa,CAAC;QAC9D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,IAAI,MAAM,GAAmB,IAAI,CAAC;QAClC,IAAI,UAA8B,CAAC;QACnC,IAAI,YAAgC,CAAC;QAErC,IAAI,CAAC;YACJ,MAAM,IAAI,GAAgB;gBACzB,MAAM;gBACN,OAAO;gBACP,MAAM;aACN,CAAC;YAEF,IAAI,OAAO,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAExC,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;YAE7B,8CAA8C;YAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBAC7D,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;oBAEvC,IAAI,gBAAgB,EAAE,CAAC;wBACtB,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;wBAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;4BAC/D,OAAO,GAAG,iBAAiB,GAAG,KAAK,CAAC;wBACrC,CAAC;oBACF,CAAC;yBAAM,CAAC;wBACP,mEAAmE;wBACnE,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;oBACrE,CAAC;oBAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;gBACrE,CAAC;gBAED,MAAM,GAAG,OAAO,CAAC;gBACjB,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CACd,+CAA+C,IAAI,CAAC,MAAM,CAAC,UAAU,UAAU,CAC/E,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,GAAG,OAAO,CAAC;gBACjB,2DAA2D;gBAC3D,4EAA4E;gBAC5E,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YAChF,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,OAAO,SAAc,CAAC;YACvB,CAAC;YAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,MAAM,GAAG,OAAO,CAAC;YACjB,IAAI,CAAC,YAAY,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC7C,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;YAC9B,CAAC;YACD,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3D,YAAY,GAAG,iBAAiB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;gBAAS,CAAC;YACV,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAC7C,MAAM,KAAK,GAA+B;gBACzC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,GAAG,MAAM,IAAI,KAAK,EAAE;gBACrD,MAAM;gBACN,KAAK;gBACL,MAAM;gBACN,MAAM;gBACN,UAAU;gBACV,GAAG,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzD,GAAG,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtE,CAAC;YACF,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;IACF,CAAC;IAEO,oBAAoB,CAAC,KAAiC;QAC7D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO;QACR,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC9C,uFAAuF;QACvF,OAAO,IAAI,CAAC,OAAO,CAAS,MAAM,EAAE,oBAAoB,EAAE;YACzD,IAAI,EAAE;gBACL,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,EAAU,EAAE,OAA4B;QAC1D,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,OAAO,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAChE,IAAI,EAAE;gBACL,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,EAAU;QACzB,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,KAAK,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAC9D,SAAS,EAAE,WAAW;SACtB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,OAGjB;QACA,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,OAAO,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,sBAAsB,WAAW,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAEtF,OAAO,IAAI,CAAC,OAAO,CAAsB,KAAK,EAAE,IAAI,EAAE;YACrD,SAAS,EAAE,aAAa;SACxB,CAAC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,qBAAqB,CAAC,QAAgB;QAC3C,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAqB,KAAK,EAAE,sBAAsB,QAAQ,gBAAgB,EAAE;YAC9F,SAAS,EAAE,uBAAuB;SAClC,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,wBAAwB,CAC7B,QAAgB,EAChB,MAA+B;QAE/B,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEnC,OAAO,IAAI,CAAC,OAAO,CAAqB,KAAK,EAAE,sBAAsB,QAAQ,gBAAgB,EAAE;YAC9F,IAAI,EAAE;gBACL,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,GAAG,CAAC,MAAM,CAAC,0BAA0B,KAAK,SAAS;oBAClD,CAAC,CAAC,EAAE,0BAA0B,EAAE,MAAM,CAAC,0BAA0B,EAAE;oBACnE,CAAC,CAAC,EAAE,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,gCAAgC,KAAK,SAAS;oBACxD,CAAC,CAAC,EAAE,gCAAgC,EAAE,MAAM,CAAC,gCAAgC,EAAE;oBAC/E,CAAC,CAAC,EAAE,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,qBAAqB,KAAK,SAAS;oBAC7C,CAAC,CAAC,EAAE,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE;oBACzD,CAAC,CAAC,EAAE,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtF;YACD,SAAS,EAAE,0BAA0B;SACrC,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAAC,QAAgB;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,MAAM,CAAC,0BAA0B,IAAI,MAAM,CAAC,0BAA0B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvF,OAAO,MAAM,CAAC,0BAA0B,CAAC;QAC1C,CAAC;QACD,OAAO,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,aAAa,CAAC;IAClE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,6BAA6B,CAAC,QAAgB;QACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC1D,IACC,MAAM,CAAC,gCAAgC;YACvC,MAAM,CAAC,gCAAgC,CAAC,MAAM,GAAG,CAAC,EACjD,CAAC;YACF,OAAO,MAAM,CAAC,gCAAgC,CAAC;QAChD,CAAC;QACD,OAAO,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,QAAgB;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,4BAA4B,CAAC,QAAgB;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,yBAAyB,CAAC;IAC9E,CAAC;CACD;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@qnsp/tenant-sdk",
-	"version": "0.1.1",
+	"version": "0.2.0",
 	"publishConfig": {
 		"access": "public"
 	},
@@ -30,9 +30,9 @@
 		"zod": "^4.1.12"
 	},
 	"devDependencies": {
-		"@types/node": "^22.13.14",
-		"tsx": "^4.20.6",
-		"vitest": "^4.0.10"
+		"@types/node": "^24.10.4",
+		"tsx": "^4.21.0",
+		"vitest": "4.0.16"
 	},
 	"engines": {
 		"node": "24.12.0"

package/src/index.ts

@@ -34,6 +34,110 @@ type InternalTenantClientConfig = {
 
 export type TenantStatus = "active" | "suspended" | "pending" | "deleted";
 
+/**
+ * Crypto policy tier determines which PQC algorithms are allowed.
+ * Maps to tenant_crypto_policies.policy_tier in tenant-service.
+ */
+export type CryptoPolicyTier = "default" | "strict" | "maximum" | "government";
+
+/**
+ * Tenant crypto policy configuration.
+ */
+export interface TenantCryptoPolicy {
+	readonly tenantId: string;
+	readonly policyTier: CryptoPolicyTier;
+	readonly customAllowedKemAlgorithms: readonly string[] | null;
+	readonly customAllowedSignatureAlgorithms: readonly string[] | null;
+	readonly customAllowedSymmetricAlgorithms?: readonly string[] | null;
+	readonly customForbiddenAlgorithms?: readonly string[] | null;
+	readonly requireHsmForRootKeys: boolean;
+	readonly maxKeyAgeDays: number;
+	readonly enforcementMode?: "audit" | "enforce";
+	readonly createdAt: string;
+	readonly updatedAt: string;
+}
+
+/**
+ * Input for creating or updating a tenant crypto policy.
+ */
+export interface TenantCryptoPolicyInput {
+	readonly policyTier: CryptoPolicyTier;
+	readonly customAllowedKemAlgorithms?: readonly string[] | null;
+	readonly customAllowedSignatureAlgorithms?: readonly string[] | null;
+	readonly requireHsmForRootKeys?: boolean;
+	readonly maxKeyAgeDays?: number;
+}
+
+/**
+ * Algorithm configuration per crypto policy tier.
+ */
+export interface TierAlgorithmConfig {
+	readonly kemAlgorithms: readonly string[];
+	readonly signatureAlgorithms: readonly string[];
+	readonly defaultKemAlgorithm: string;
+	readonly defaultSignatureAlgorithm: string;
+}
+
+/**
+ * Default algorithms per crypto policy tier.
+ */
+export const CRYPTO_POLICY_ALGORITHMS: Record<CryptoPolicyTier, TierAlgorithmConfig> = {
+	default: {
+		kemAlgorithms: ["kyber-512", "kyber-768", "kyber-1024"],
+		signatureAlgorithms: ["dilithium-2", "dilithium-3", "dilithium-5"],
+		defaultKemAlgorithm: "kyber-768",
+		defaultSignatureAlgorithm: "dilithium-3",
+	},
+	strict: {
+		kemAlgorithms: ["kyber-768", "kyber-1024"],
+		signatureAlgorithms: ["dilithium-3", "dilithium-5", "falcon-1024"],
+		defaultKemAlgorithm: "kyber-768",
+		defaultSignatureAlgorithm: "dilithium-3",
+	},
+	maximum: {
+		kemAlgorithms: ["kyber-1024"],
+		signatureAlgorithms: ["dilithium-5", "falcon-1024", "sphincs-shake-256f-simple"],
+		defaultKemAlgorithm: "kyber-1024",
+		defaultSignatureAlgorithm: "dilithium-5",
+	},
+	government: {
+		kemAlgorithms: ["kyber-1024"],
+		signatureAlgorithms: ["dilithium-5", "sphincs-shake-256f-simple"],
+		defaultKemAlgorithm: "kyber-1024",
+		defaultSignatureAlgorithm: "dilithium-5",
+	},
+};
+
+/**
+ * Mapping from internal algorithm names to NIST standardized names.
+ */
+export const ALGORITHM_TO_NIST: Record<string, string> = {
+	"kyber-512": "ML-KEM-512",
+	"kyber-768": "ML-KEM-768",
+	"kyber-1024": "ML-KEM-1024",
+	"dilithium-2": "ML-DSA-44",
+	"dilithium-3": "ML-DSA-65",
+	"dilithium-5": "ML-DSA-87",
+	"falcon-512": "FN-DSA-512",
+	"falcon-1024": "FN-DSA-1024",
+	"sphincs-shake-128f-simple": "SLH-DSA-SHAKE-128f",
+	"sphincs-shake-256f-simple": "SLH-DSA-SHAKE-256f",
+};
+
+/**
+ * Convert internal algorithm name to NIST standardized name.
+ */
+export function toNistAlgorithmName(internal: string): string {
+	return ALGORITHM_TO_NIST[internal] ?? internal;
+}
+
+/**
+ * Get algorithm config for a crypto policy tier.
+ */
+export function getAlgorithmConfigForTier(tier: CryptoPolicyTier): TierAlgorithmConfig {
+	return CRYPTO_POLICY_ALGORITHMS[tier];
+}
+
 export interface TenantSecurityEnvelope {
 	readonly controlPlaneTokenSha256: string | null;
 	readonly pqcSignatures: readonly {
@@ -353,6 +457,90 @@ export class TenantClient {
 			operation: "listTenants",
 		});
 	}
+
+	/**
+	 * Get the crypto policy for a tenant.
+	 * Returns the tenant's crypto policy configuration including allowed algorithms.
+	 * If no policy exists, a default policy is created and returned.
+	 */
+	async getTenantCryptoPolicy(tenantId: string): Promise<TenantCryptoPolicy> {
+		validateUUID(tenantId, "tenantId");
+
+		return this.request<TenantCryptoPolicy>("GET", `/tenant/v1/tenants/${tenantId}/crypto-policy`, {
+			operation: "getTenantCryptoPolicy",
+		});
+	}
+
+	/**
+	 * Create or update the crypto policy for a tenant.
+	 * Sets the policy tier and optional custom algorithm restrictions.
+	 */
+	async upsertTenantCryptoPolicy(
+		tenantId: string,
+		policy: TenantCryptoPolicyInput,
+	): Promise<TenantCryptoPolicy> {
+		validateUUID(tenantId, "tenantId");
+
+		return this.request<TenantCryptoPolicy>("PUT", `/tenant/v1/tenants/${tenantId}/crypto-policy`, {
+			body: {
+				policyTier: policy.policyTier,
+				...(policy.customAllowedKemAlgorithms !== undefined
+					? { customAllowedKemAlgorithms: policy.customAllowedKemAlgorithms }
+					: {}),
+				...(policy.customAllowedSignatureAlgorithms !== undefined
+					? { customAllowedSignatureAlgorithms: policy.customAllowedSignatureAlgorithms }
+					: {}),
+				...(policy.requireHsmForRootKeys !== undefined
+					? { requireHsmForRootKeys: policy.requireHsmForRootKeys }
+					: {}),
+				...(policy.maxKeyAgeDays !== undefined ? { maxKeyAgeDays: policy.maxKeyAgeDays } : {}),
+			},
+			operation: "upsertTenantCryptoPolicy",
+		});
+	}
+
+	/**
+	 * Get the allowed KEM algorithms for a tenant based on their crypto policy.
+	 * Convenience method that fetches the policy and returns the allowed algorithms.
+	 */
+	async getAllowedKemAlgorithms(tenantId: string): Promise<readonly string[]> {
+		const policy = await this.getTenantCryptoPolicy(tenantId);
+		if (policy.customAllowedKemAlgorithms && policy.customAllowedKemAlgorithms.length > 0) {
+			return policy.customAllowedKemAlgorithms;
+		}
+		return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].kemAlgorithms;
+	}
+
+	/**
+	 * Get the allowed signature algorithms for a tenant based on their crypto policy.
+	 * Convenience method that fetches the policy and returns the allowed algorithms.
+	 */
+	async getAllowedSignatureAlgorithms(tenantId: string): Promise<readonly string[]> {
+		const policy = await this.getTenantCryptoPolicy(tenantId);
+		if (
+			policy.customAllowedSignatureAlgorithms &&
+			policy.customAllowedSignatureAlgorithms.length > 0
+		) {
+			return policy.customAllowedSignatureAlgorithms;
+		}
+		return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].signatureAlgorithms;
+	}
+
+	/**
+	 * Get the default KEM algorithm for a tenant based on their crypto policy tier.
+	 */
+	async getDefaultKemAlgorithm(tenantId: string): Promise<string> {
+		const policy = await this.getTenantCryptoPolicy(tenantId);
+		return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].defaultKemAlgorithm;
+	}
+
+	/**
+	 * Get the default signature algorithm for a tenant based on their crypto policy tier.
+	 */
+	async getDefaultSignatureAlgorithm(tenantId: string): Promise<string> {
+		const policy = await this.getTenantCryptoPolicy(tenantId);
+		return CRYPTO_POLICY_ALGORITHMS[policy.policyTier].defaultSignatureAlgorithm;
+	}
 }
 
 export * from "./observability.js";