@vess-id/ai-identity 0.14.0-alpha.1 → 0.14.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.d.mts +7 -0
  2. package/dist/index.js +8 -1
  3. package/dist/index.js.map +1 -1
  4. package/dist/index.mjs +8 -1
  5. package/dist/index.mjs.map +1 -1
  6. package/dist/registry/reauth-constants.d.ts +7 -0
  7. package/dist/registry/reauth-constants.d.ts.map +1 -1
  8. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -9088,6 +9088,13 @@ declare const GATEWAY_ERROR_CODE: {
9088
9088
  readonly CREDENTIAL_INVALID: "CREDENTIAL_INVALID";
9089
9089
  /** VC allowed a different resource than the request targeted. Try a new approval. */
9090
9090
  readonly RESOURCE_MISMATCH: "RESOURCE_MISMATCH";
9091
+ /**
9092
+ * Cedar `forbid` rule fired (HTTP 403 `policy_forbidden`) — a HARD deny that
9093
+ * approval CANNOT lift (e.g. a timeWindow forbid outside business hours).
9094
+ * The ExecutionEngine surfaces this as a TERMINAL denial with NO approval
9095
+ * prompt, unlike CREDENTIAL_INVALID / RESOURCE_MISMATCH which re-request.
9096
+ */
9097
+ readonly POLICY_FORBIDDEN: "POLICY_FORBIDDEN";
9091
9098
  };
9092
9099
  type GatewayErrorCode = (typeof GATEWAY_ERROR_CODE)[keyof typeof GATEWAY_ERROR_CODE];
9093
9100
 
package/dist/index.js CHANGED
@@ -5902,7 +5902,14 @@ var GATEWAY_ERROR_CODE = {
5902
5902
  /** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
5903
5903
  CREDENTIAL_INVALID: "CREDENTIAL_INVALID",
5904
5904
  /** VC allowed a different resource than the request targeted. Try a new approval. */
5905
- RESOURCE_MISMATCH: "RESOURCE_MISMATCH"
5905
+ RESOURCE_MISMATCH: "RESOURCE_MISMATCH",
5906
+ /**
5907
+ * Cedar `forbid` rule fired (HTTP 403 `policy_forbidden`) — a HARD deny that
5908
+ * approval CANNOT lift (e.g. a timeWindow forbid outside business hours).
5909
+ * The ExecutionEngine surfaces this as a TERMINAL denial with NO approval
5910
+ * prompt, unlike CREDENTIAL_INVALID / RESOURCE_MISMATCH which re-request.
5911
+ */
5912
+ POLICY_FORBIDDEN: "POLICY_FORBIDDEN"
5906
5913
  };
5907
5914
 
5908
5915
  // src/registry/action-summary.ts