@vess-id/ai-identity 0.11.0 → 0.12.0

package/dist/internal-signature/__tests__/canonical.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=canonical.spec.d.ts.map

package/dist/internal-signature/__tests__/canonical.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.spec.d.ts","sourceRoot":"","sources":["../../../src/internal-signature/__tests__/canonical.spec.ts"],"names":[],"mappings":""}

package/dist/internal-signature/__tests__/signer-roundtrip.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signer-roundtrip.spec.d.ts.map

package/dist/internal-signature/__tests__/signer-roundtrip.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer-roundtrip.spec.d.ts","sourceRoot":"","sources":["../../../src/internal-signature/__tests__/signer-roundtrip.spec.ts"],"names":[],"mappings":""}

package/dist/internal-signature/__tests__/signer.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signer.spec.d.ts.map

package/dist/internal-signature/__tests__/signer.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.spec.d.ts","sourceRoot":"","sources":["../../../src/internal-signature/__tests__/signer.spec.ts"],"names":[],"mappings":""}

package/dist/internal-signature/canonical.d.ts

@@ -0,0 +1,80 @@
+/**
+ * P1-A14a-1 / Threat Model S4 — canonical-string + signature-header
+ * helpers for HMAC body signing of internal HTTP requests.
+ *
+ * Pure module: no NestJS, no I/O, no side effects. SDK is the
+ * single source of truth (P1-A14a-2d) — api / remote-mcp /
+ * slack-bot all import from `@vess-id/ai-identity`.
+ *
+ * Header format (Q1 = A, Stripe-style versioned):
+ *   X-Internal-Signature: v1=<keyId>:<unixSeconds>:<base64(hmac)>
+ *
+ * Canonical string (Q2 = A, no header inclusion):
+ *   ${METHOD.toUpperCase()}\n${path}\n${unixSeconds}\n${sha256Hex(rawBody)}
+ *
+ * Replay window (Q3 = A): 300 seconds — enforced by the api guard,
+ * not here. This module is responsible for *constructing* the
+ * canonical string and *parsing* the header; freshness is policy.
+ */
+export declare const SIGNATURE_HEADER = "x-internal-signature";
+export declare const SIGNATURE_VERSION_PREFIX = "v1=";
+/**
+ * SHA-256 hex digest of an arbitrary buffer or string. Hex (not
+ * base64) so the canonical string is URL-safe and grep-friendly in
+ * logs if a future debug session ever needs to reconstruct it
+ * server-side.
+ */
+export declare function sha256Hex(input: Buffer | string): string;
+/**
+ * Build the canonical string that gets HMAC'd. The components are
+ * separated by `\n` because no legitimate input contains `\n` (the
+ * method is uppercase ASCII, the path is URL-encoded by the caller,
+ * the timestamp is digits, the body hash is hex). Using `\n` as
+ * separator avoids ambiguity that delimiters like `:` would
+ * introduce when the path contains a colon.
+ *
+ * Whitespace is NOT trimmed — input must be exactly what will land
+ * on the wire. Caller controls case and encoding.
+ */
+export declare function buildCanonicalString(args: {
+    method: string;
+    path: string;
+    unixSeconds: number;
+    rawBody: Buffer | string;
+}): string;
+/** Shape of a parsed `X-Internal-Signature` header. */
+export interface ParsedSignature {
+    /** Identifier of the signing key (e.g. `'mcp-v2'`). */
+    keyId: string;
+    /** Unix epoch seconds at signing time. */
+    unixSeconds: number;
+    /** Base64-encoded HMAC-SHA256 digest. */
+    signature: string;
+}
+/**
+ * Parse a `X-Internal-Signature` header value. Returns `null` for
+ * any malformed shape rather than throwing — the api guard converts
+ * `null` to a `401 Unauthorized` so a malformed header never
+ * triggers a `500`.
+ *
+ * Accepted: `v1=<keyId>:<digits>:<base64>`
+ *
+ * Defensive checks:
+ *   - Must start with `v1=` (Q1: explicit version prefix)
+ *   - keyId / signature must be non-empty after split
+ *   - timestamp must parse to a finite, non-negative integer
+ *   - keyId must be ASCII identifier-safe ([A-Za-z0-9_-]+) so a
+ *     malicious header cannot smuggle control chars or whitespace
+ *     into log lines / metric labels
+ *   - signature must be valid base64 (only base64 alphabet chars)
+ */
+export declare function parseSignatureHeader(headerValue: string | undefined): ParsedSignature | null;
+/**
+ * Format a ParsedSignature back into a header string. Round-trips
+ * with `parseSignatureHeader` for any validly-shaped input.
+ *
+ * Used by the signing side (HTTP client). Keeping it next to the
+ * parser pins the format in one place.
+ */
+export declare function formatSignatureHeader(parsed: ParsedSignature): string;
+//# sourceMappingURL=canonical.d.ts.map

package/dist/internal-signature/canonical.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.d.ts","sourceRoot":"","sources":["../../src/internal-signature/canonical.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;GAiBG;AAEH,eAAO,MAAM,gBAAgB,yBAAyB,CAAA;AACtD,eAAO,MAAM,wBAAwB,QAAQ,CAAA;AAE7C;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAExD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,GAAG,MAAM,CAAA;CACzB,GAAG,MAAM,CAGT;AAED,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,KAAK,EAAE,MAAM,CAAA;IACb,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAA;IACnB,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,GAAG,eAAe,GAAG,IAAI,CA4B5F;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAErE"}

package/dist/internal-signature/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Public API of `@vess-id/ai-identity/internal-signature` (P1-A14a-2d).
+ *
+ * Re-exported via the SDK barrel (`packages/sdk/src/index.ts`) so
+ * consumers can write:
+ *
+ *   import { signRequest, SIGNATURE_HEADER } from '@vess-id/ai-identity'
+ *
+ * SDK is the single source of truth — api / remote-mcp / slack-bot
+ * all import from here. The api side keeps verifier-only types
+ * (`HmacKeyset`, `InternalSignatureGuard`) in
+ * `packages/api/src/common/internal-signature/` so the SDK avoids
+ * a NestJS dependency.
+ */
+export { buildCanonicalString, formatSignatureHeader, parseSignatureHeader, sha256Hex, SIGNATURE_HEADER, SIGNATURE_VERSION_PREFIX, type ParsedSignature, } from './canonical';
+export { signRequest, MIN_SIGNER_KEY_BYTES, type InternalHmacSignerKey, type SignRequestArgs, } from './signer';
+//# sourceMappingURL=index.d.ts.map

package/dist/internal-signature/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/internal-signature/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,oBAAoB,EACpB,SAAS,EACT,gBAAgB,EAChB,wBAAwB,EACxB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,GACrB,MAAM,UAAU,CAAA"}

package/dist/internal-signature/signer.d.ts

@@ -0,0 +1,76 @@
+/**
+ * P1-A14a-2d — pure HMAC signer for outbound /api/internal/**
+ * requests. Lives in SDK so remote-mcp and slack-bot (both of which
+ * already depend on `@vess-id/ai-identity`) can attach
+ * `X-Internal-Signature` to every request without dragging the
+ * api package into their dependency graph.
+ *
+ * Pure (no I/O, no Nest). Mirrors the `utils/crypto.ts` profile:
+ * the only Node-builtin used is `crypto.createHmac`.
+ *
+ * Pairing with the verifier
+ * -------------------------
+ * The verifier (api side, `HmacKeyset.verify` →
+ * `buildCanonicalString` → constant-time compare) reads the same
+ * `buildCanonicalString` from this module by construction. As long
+ * as both sides pass the same `(method, path, unixSeconds, rawBody)`
+ * the HMACs match by definition.
+ *
+ * Body bytes
+ * ----------
+ * The caller MUST pass the exact bytes that go on the wire as
+ * `rawBody`. Re-running `JSON.stringify(...)` on each side would
+ * risk a byte mismatch (object key order is implementation-defined
+ * in spec, even though V8 preserves insertion order in practice).
+ * The api-client `makeRequest` helper computes `JSON.stringify`
+ * once, hands the same string to both `signRequest` and `fetch`.
+ */
+/**
+ * Minimum signer key length in raw bytes. 32 bytes = 256 bits
+ * matches HMAC-SHA256's natural block size and the verifier's
+ * `MIN_KEY_BYTES`. A truncated env var (accidental newline,
+ * copy-paste error) is the realistic failure mode this guards
+ * against.
+ */
+export declare const MIN_SIGNER_KEY_BYTES = 32;
+export interface InternalHmacSignerKey {
+    /** Stable identifier for the key, e.g. `'mcp-v1'`. Embedded in
+     *  the X-Internal-Signature header so the verifier can pick the
+     *  right key. Must match `/^[A-Za-z0-9_-]+$/`. */
+    keyId: string;
+    /** Raw HMAC secret. >= MIN_SIGNER_KEY_BYTES bytes. */
+    secret: Buffer;
+}
+export interface SignRequestArgs {
+    /** HTTP method. Will be upper-cased by `buildCanonicalString`,
+     *  but callers should pass the uppercase form they use on the
+     *  wire so signer and `fetch()` stay in lockstep. */
+    method: string;
+    /** URL path with query string already stripped (verifier does
+     *  `request.originalUrl?.split('?')[0]`; signer must mirror).
+     *  Path encoding (e.g. `%2F` vs `/`) is caller's responsibility
+     *  — the canonical string treats them as different bytes. */
+    path: string;
+    /** Wire bytes. The same string/buffer passed to `fetch({body})`
+     *  must be passed here — `JSON.stringify` runs ONCE per request
+     *  in the caller. */
+    rawBody: Buffer | string;
+    /** Optional fixed timestamp for testing. Defaults to
+     *  `Math.floor(Date.now() / 1000)`. */
+    unixSeconds?: number;
+}
+/**
+ * Sign an outbound request and return a fully-formatted
+ * `X-Internal-Signature` header value. The caller sets the header
+ * on the outbound request directly:
+ *
+ * ```ts
+ * headers[SIGNATURE_HEADER] = signRequest(key, { method, path, rawBody })
+ * ```
+ *
+ * Throws if key material is invalid (bad keyId or short secret) —
+ * surfacing misconfiguration loudly at request time rather than
+ * silently producing a header the verifier will reject.
+ */
+export declare function signRequest(key: InternalHmacSignerKey, args: SignRequestArgs): string;
+//# sourceMappingURL=signer.d.ts.map

package/dist/internal-signature/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/internal-signature/signer.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,KAAK,CAAA;AAEtC,MAAM,WAAW,qBAAqB;IACpC;;sDAEkD;IAClD,KAAK,EAAE,MAAM,CAAA;IACb,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,eAAe;IAC9B;;yDAEqD;IACrD,MAAM,EAAE,MAAM,CAAA;IACd;;;iEAG6D;IAC7D,IAAI,EAAE,MAAM,CAAA;IACZ;;yBAEqB;IACrB,OAAO,EAAE,MAAM,GAAG,MAAM,CAAA;IACxB;2CACuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,eAAe,GAAG,MAAM,CAgBrF"}

package/dist/registry/index.d.ts

@@ -6,4 +6,6 @@ export { CanonicalProvider, AnyProvider, CANONICAL_PROVIDERS, PROVIDER_ALIASES,
 export { RESOURCE_TYPES, UnifiedResourceType, LEGACY_RESOURCE_TYPE_MAP, resolveResourceType, } from './resource-types';
 export { canonicalizeAction, getActionAliases, getAllActionForms, isActionEquivalent, } from './action-aliases';
 export { VALID_MCP_ACTIONS, VALID_MCP_TOOLS, getAllValidMcpActionNames, getValidMcpActionNames, normalizeMcpActionName, } from './action-normalizer';
+export { REAUTH_REQUIRED_ACTION, GATEWAY_ERROR_CODE, } from './reauth-constants';
+export type { GatewayErrorCode } from './reauth-constants';
 //# sourceMappingURL=index.d.ts.map

package/dist/registry/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/registry/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,gBAAgB,EAChB,SAAS,EACT,YAAY,EACZ,eAAe,EACf,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,GAChB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,UAAU,EACV,cAAc,EACd,cAAc,EACd,SAAS,EACT,sBAAsB,EACtB,0BAA0B,EAC1B,4BAA4B,EAC5B,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,mBAAmB,CAAA;AAC1B,cAAc,wBAAwB,CAAA;AAGtC,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,eAAe,GAChB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,yBAAyB,EACzB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/registry/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,gBAAgB,EAChB,SAAS,EACT,YAAY,EACZ,eAAe,EACf,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,GAChB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,UAAU,EACV,cAAc,EACd,cAAc,EACd,SAAS,EACT,sBAAsB,EACtB,0BAA0B,EAC1B,4BAA4B,EAC5B,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,mBAAmB,CAAA;AAC1B,cAAc,wBAAwB,CAAA;AAGtC,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,eAAe,GAChB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,yBAAyB,EACzB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAG5B,OAAO,EACL,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA"}

package/dist/registry/reauth-constants.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Cross-package constants for the reauth pipeline.
+ *
+ * These string literals are contract-level identifiers shared between:
+ *   - api (`tool-auth.service.ts`, `token-refresh.service.ts`)
+ *   - remote-mcp (`mcp-format-result.ts`)
+ *   - agentd (`gateway-client.ts`, `credential-errors.ts`, `execution-engine.ts`)
+ *
+ * Hard-coding them at each site made typo bugs silent. Centralizing here
+ * means any renames surface as a compile error on every import site.
+ */
+/**
+ * Value for `ToolInvokeResponse.metadata.action` when the api signals a
+ * revoked/expired OAuth token. Consumers branch on this to render a reauth
+ * prompt (Slack DM card, CLI authUrl, etc.) instead of treating the response
+ * as a normal error.
+ */
+export declare const REAUTH_REQUIRED_ACTION: "reauth_required";
+/**
+ * Error codes emitted by agentd's `gateway-client.invokeTool` to classify
+ * failure modes for the ExecutionEngine to branch on. Kept as a const object
+ * rather than an enum so it serializes cleanly across the wire and in logs.
+ */
+export declare const GATEWAY_ERROR_CODE: {
+    /** Upstream OAuth token is revoked — the user must re-auth at the SaaS provider. */
+    readonly REAUTH_REQUIRED: "REAUTH_REQUIRED";
+    /** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
+    readonly CREDENTIAL_INVALID: "CREDENTIAL_INVALID";
+    /** VC allowed a different resource than the request targeted. Try a new approval. */
+    readonly RESOURCE_MISMATCH: "RESOURCE_MISMATCH";
+};
+export type GatewayErrorCode = (typeof GATEWAY_ERROR_CODE)[keyof typeof GATEWAY_ERROR_CODE];
+//# sourceMappingURL=reauth-constants.d.ts.map

package/dist/registry/reauth-constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reauth-constants.d.ts","sourceRoot":"","sources":["../../src/registry/reauth-constants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,EAAG,iBAA0B,CAAA;AAEhE;;;;GAIG;AACH,eAAO,MAAM,kBAAkB;IAC7B,oFAAoF;;IAEpF,0FAA0F;;IAE1F,qFAAqF;;CAE7E,CAAA;AAEV,MAAM,MAAM,gBAAgB,GAC1B,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAA"}

package/dist/vp/kb-jwt-builder.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Single source of truth for Key Binding JWT (KB-JWT) issuance shared across
+ * the AIdentity stack. Four production code paths build KB-JWTs and they
+ * MUST stay byte-for-byte equivalent so a presentation built on one side is
+ * accepted by the verifier on the other:
+ *
+ *   - SDK clients via `VPManager.create()` (this package)
+ *   - API service via `packages/api/src/vp/vp-creation.service.ts`
+ *   - Remote MCP via `packages/remote-mcp/src/services/vp-creation.service.ts`
+ *   - agentd (`@vess-id/vess`) via `VPBuilder.buildVP()`
+ *     (`packages/agentd/src/wallet/vp-builder.ts`)
+ *
+ * Historically each path had its own copy of this logic. PR #391 (the
+ * commit that made `exp` REQUIRED on the verifier side) updated only two of
+ * the three issuer paths known at the time; the SDK was missed and every
+ * SDK-built VP started failing at verification time. The follow-up
+ * consolidation (commit 02b169aa) brought the SDK in line, but agentd —
+ * which had its own KB-JWT literal in `wallet/vp-builder.ts` — was not
+ * recognized as a fourth issuer. Staging then rejected every VP from
+ * `@vess-id/vess` agentd alpha builds with `KB-JWT missing exp` until the
+ * agentd hotfix (this commit's cohort) wired its VPBuilder through
+ * `buildKbJwtPayload()`. This module exists so that a future verifier
+ * change cannot drift from the issuer side: any update lands in one place
+ * and all four paths inherit it.
+ */
+/**
+ * Default KB-JWT lifetime in seconds. Mirrors the cap enforced by the API's
+ * `KeyBindingVerifierService.MAX_KB_JWT_LIFETIME_SECONDS` (also 300).
+ *
+ * The KB-JWT `exp` is the smaller of:
+ *   - `iat + KB_JWT_DEFAULT_LIFETIME_SECONDS`
+ *   - the parent VC's `exp` (so the bearer's freshness window cannot outlive
+ *     the underlying credential's validity, which is itself bounded by
+ *     `grant.expiresAt` at issuance time).
+ */
+export declare const KB_JWT_DEFAULT_LIFETIME_SECONDS = 300;
+export interface KbJwtPayload {
+    iss: string;
+    aud: string;
+    nonce: string;
+    iat: number;
+    exp: number;
+}
+export interface BuildKbJwtPayloadArgs {
+    /** Holder DID — becomes the KB-JWT `iss` claim. */
+    holderDid: string;
+    /** Verifier audience (URL or hostname). Will be normalized via {@link normalizeDomain}. */
+    audience: string;
+    /** Verifier-supplied nonce / challenge. */
+    nonce: string;
+    /** The parent SD-JWT VC string. Its `exp` (if any) caps the KB-JWT lifetime. */
+    vcCredential: string;
+}
+export interface BuildKbJwtPayloadDeps {
+    /** Returns the current time in milliseconds. Defaults to `Date.now`. */
+    now?: () => number;
+}
+/**
+ * Build a Key Binding JWT payload for an SD-JWT VC presentation.
+ *
+ * Throws when the parent VC is already expired (`vc.exp <= now`). The error
+ * message intentionally contains the substring `"VC has expired"` so that
+ * downstream catchers (notably remote-mcp's `isCredentialInvalidError`) can
+ * detect a stale-credential condition and trigger a re-approval flow rather
+ * than surface an opaque issuance failure to the user.
+ */
+export declare function buildKbJwtPayload(args: BuildKbJwtPayloadArgs, deps?: BuildKbJwtPayloadDeps): KbJwtPayload;
+/**
+ * Best-effort read of the VC's `exp` claim from the SD-JWT outer payload.
+ * Returns undefined when the VC is malformed, missing exp, or the field is
+ * not a number — callers fall back to {@link KB_JWT_DEFAULT_LIFETIME_SECONDS}
+ * in that case so issuance does not break for VCs without an explicit expiry.
+ */
+export declare function readVcExpSeconds(sdJwtVc: string): number | undefined;
+/**
+ * Normalize a domain string for consistent use as a JWT `aud` claim.
+ *
+ * The API verifier compares the KB-JWT `aud` against the expected domain by
+ * exact string match, so issuer and verifier must agree on the canonical
+ * form. We delegate to the URL parser, which strips paths and lowercases
+ * the host, then return the resulting `origin`.
+ *
+ * Inputs without a scheme are assumed to be hostnames; `localhost` (with or
+ * without a port) defaults to `http://`, everything else to `https://`. If
+ * URL parsing fails, the input is returned unchanged so a caller can still
+ * detect the mismatch downstream rather than silently swallowing a typo.
+ */
+export declare function normalizeDomain(domain: string): string;
+//# sourceMappingURL=kb-jwt-builder.d.ts.map

package/dist/vp/kb-jwt-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kb-jwt-builder.d.ts","sourceRoot":"","sources":["../../src/vp/kb-jwt-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,MAAM,CAAA;AAElD,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,qBAAqB;IACpC,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAA;IACjB,2FAA2F;IAC3F,QAAQ,EAAE,MAAM,CAAA;IAChB,2CAA2C;IAC3C,KAAK,EAAE,MAAM,CAAA;IACb,gFAAgF;IAChF,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,qBAAqB,EAC3B,IAAI,GAAE,qBAA0B,GAC/B,YAAY,CAqBd;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAUpE;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAgBtD"}

package/dist/vp/vp-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vp-manager.d.ts","sourceRoot":"","sources":["../../src/vp/vp-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAE5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAK/C,qBAAa,SAAS;IACpB,OAAO,CAAC,UAAU,CAAY;gBAElB,UAAU,CAAC,EAAE,UAAU;IAMnC;;;OAGG;IACG,MAAM,CACV,GAAG,EAAE,MAAM,EAAE,EAAE,6BAA6B;IAC5C,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,CAAC,EAAE,MAAM,CAAA;KACjB,GACA,OAAO,CAAC,MAAM,CAAC;IA8ClB;;OAEG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;QACP,iBAAiB,EAAE,MAAM,CAAA;QACzB,cAAc,EAAE,MAAM,CAAA;QACtB,cAAc,CAAC,EAAE,MAAM,CAAA;KACxB,GACA,OAAO,CAAC,sBAAsB,CAAC;IAwClC;;OAEG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE;QACN,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,eAAe,CAAC,EAAE,GAAG,CAAA;KACtB,GACA,SAAS;IAQZ;;OAEG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;CAehD"}
+{"version":3,"file":"vp-manager.d.ts","sourceRoot":"","sources":["../../src/vp/vp-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAE5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAM/C,qBAAa,SAAS;IACpB,OAAO,CAAC,UAAU,CAAY;gBAElB,UAAU,CAAC,EAAE,UAAU;IAMnC;;;OAGG;IACG,MAAM,CACV,GAAG,EAAE,MAAM,EAAE,EAAE,6BAA6B;IAC5C,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,CAAC,EAAE,MAAM,CAAA;KACjB,GACA,OAAO,CAAC,MAAM,CAAC;IA6ClB;;OAEG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;QACP,iBAAiB,EAAE,MAAM,CAAA;QACzB,cAAc,EAAE,MAAM,CAAA;QACtB,cAAc,CAAC,EAAE,MAAM,CAAA;KACxB,GACA,OAAO,CAAC,sBAAsB,CAAC;IAwClC;;OAEG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE;QACN,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,eAAe,CAAC,EAAE,GAAG,CAAA;KACtB,GACA,SAAS;IAQZ;;OAEG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;CAehD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vess-id/ai-identity",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "TypeScript SDK for AI Identity Layer",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -21,40 +21,34 @@
     "url": "https://github.com/cvoxelprotocol/aidentity.git",
     "directory": "packages/sdk"
   },
-  "scripts": {
-    "build": "tsup && tsc --declaration --emitDeclarationOnly --outDir dist",
-    "dev": "tsup --watch",
-    "test": "jest",
-    "typecheck": "tsc --noEmit",
-    "clean": "rm -rf dist node_modules",
-    "semantic-release": "semantic-release"
-  },
   "dependencies": {
     "@sd-jwt/crypto-nodejs": "^0.15.0",
     "@sd-jwt/sd-jwt-vc": "^0.15.1",
     "@sd-jwt/types": "^0.15.0",
-    "ajv": "^8.17.1",
+    "ajv": "^8.18.0",
     "ajv-formats": "^3.0.1",
-    "jose": "^5.1.0",
-    "uuid": "^9.0.0"
+    "jose": "^5.10.0",
+    "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.0",
-    "@types/node": "^20.10.0",
-    "@types/uuid": "^9.0.0",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^20.19.39",
+    "@types/uuid": "^9.0.8",
     "jest": "^29.7.0",
-    "ts-jest": "^29.1.0",
-    "tsup": "^8.0.0",
-    "typescript": "^5.3.0",
-    "@semantic-release/commit-analyzer": "^13.0.1",
-    "@semantic-release/github": "^12.0.6",
-    "@semantic-release/npm": "^13.0.0",
-    "@semantic-release/release-notes-generator": "^14.1.0",
-    "conventional-changelog-conventionalcommits": "^9.3.0",
-    "semantic-release": "^25.0.3"
+    "ts-jest": "^29.4.9",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3"
   },
   "publishConfig": {
     "access": "public"
   },
-  "license": "MIT"
-}
+  "license": "MIT",
+  "scripts": {
+    "build": "tsup && tsc --declaration --emitDeclarationOnly --outDir dist",
+    "dev": "tsup --watch --no-clean",
+    "test": "jest",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist node_modules",
+    "assert:publish-surface": "node scripts/assert-publish-surface.js"
+  }
+}

package/dist/memory/memory-manager.d.ts

@@ -1,77 +0,0 @@
-import { VPManager } from '../vp/vp-manager';
-/**
- * NOTE: MemoryManager is currently DORMANT (as of 2026-03-29).
- * The API memory endpoints exist but are not actively called in production.
- * The server-side implementation (InMemoryProvider) is volatile and not shared across instances.
- * Do not rely on this in production until a persistent backend is introduced.
- */
-export interface MemoryDocument {
-    id: string;
-    namespace: string;
-    content: string;
-    metadata?: Record<string, any>;
-    embedding?: number[];
-    createdAt: string;
-    updatedAt: string;
-}
-export interface MemoryQuery {
-    query: string;
-    namespace?: string;
-    limit?: number;
-    filter?: Record<string, any>;
-    includeEmbedding?: boolean;
-}
-export interface MemoryQueryResult {
-    documents: MemoryDocument[];
-    scores?: number[];
-    total: number;
-}
-export declare class MemoryManager {
-    private vpManager;
-    private proxyApiUrl;
-    constructor(vpManager?: VPManager);
-    /**
-     * Write a document to memory
-     */
-    write(content: string, options: {
-        namespace: string;
-        metadata?: Record<string, any>;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryDocument>;
-    /**
-     * Query memory with vector search
-     */
-    query(query: string, options: {
-        namespace?: string;
-        limit?: number;
-        filter?: Record<string, any>;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryQueryResult>;
-    /**
-     * Delete a document from memory
-     */
-    delete(documentId: string, options: {
-        namespace: string;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<void>;
-    /**
-     * List documents in a namespace
-     */
-    list(options: {
-        namespace: string;
-        limit?: number;
-        offset?: number;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryQueryResult>;
-    /**
-     * Check if VCs authorize memory access
-     */
-    checkAuthorization(vcs: string[], action: 'read' | 'write' | 'delete', resource: string): Promise<boolean>;
-    private matchResource;
-    private generateChallenge;
-}
-//# sourceMappingURL=memory-manager.d.ts.map

package/dist/memory/memory-manager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"memory-manager.d.ts","sourceRoot":"","sources":["../../src/memory/memory-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AAG5C;;;;;GAKG;AAEH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC9B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC5B,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,cAAc,EAAE,CAAA;IAC3B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAW;IAC5B,OAAO,CAAC,WAAW,CAAQ;gBAEf,SAAS,CAAC,EAAE,SAAS;IAMjC;;OAEG;IACG,KAAK,CACT,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAC9B,GAAG,EAAE,MAAM,EAAE,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,GACA,OAAO,CAAC,cAAc,CAAC;IAkC1B;;OAEG;IACG,KAAK,CACT,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;QACP,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAC5B,GAAG,EAAE,MAAM,EAAE,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,GACA,OAAO,CAAC,iBAAiB,CAAC;IA0C7B;;OAEG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,GAAG,EAAE,MAAM,EAAE,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,GACA,OAAO,CAAC,IAAI,CAAC;IA8BhB;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE;QAClB,SAAS,EAAE,MAAM,CAAA;QACjB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,GAAG,EAAE,MAAM,EAAE,CAAA;QACb,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAoC9B;;OAEG;IACG,kBAAkB,CACtB,GAAG,EAAE,MAAM,EAAE,EACb,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,EACnC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC;IAwBnB,OAAO,CAAC,aAAa;IASrB,OAAO,CAAC,iBAAiB;CAG1B"}