npm - @vess-id/ai-identity - Versions diffs - 0.5.0-alpha.11 → 0.5.0-alpha.13 - Mend

@vess-id/ai-identity 0.5.0-alpha.11 → 0.5.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.d.mts +34 -1
package/dist/index.js +21 -0
package/dist/index.js.map +1 -1
package/dist/index.mjs +19 -0
package/dist/index.mjs.map +1 -1
package/dist/registry/index.d.ts +2 -0
package/dist/registry/index.d.ts.map +1 -1
package/dist/registry/reauth-constants.d.ts +33 -0
package/dist/registry/reauth-constants.d.ts.map +1 -0
package/package.json +14 -14

package/dist/index.d.mts CHANGED Viewed

@@ -8235,6 +8235,39 @@ declare function getValidMcpActionNames(toolName: string): string[];
  */
 declare function normalizeMcpActionName(toolName: string, actionName: string): string;
+/**
+ * Cross-package constants for the reauth pipeline.
+ *
+ * These string literals are contract-level identifiers shared between:
+ *   - api (`tool-auth.service.ts`, `token-refresh.service.ts`)
+ *   - remote-mcp (`mcp-format-result.ts`)
+ *   - agentd (`gateway-client.ts`, `credential-errors.ts`, `execution-engine.ts`)
+ *
+ * Hard-coding them at each site made typo bugs silent. Centralizing here
+ * means any renames surface as a compile error on every import site.
+ */
+/**
+ * Value for `ToolInvokeResponse.metadata.action` when the api signals a
+ * revoked/expired OAuth token. Consumers branch on this to render a reauth
+ * prompt (Slack DM card, CLI authUrl, etc.) instead of treating the response
+ * as a normal error.
+ */
+declare const REAUTH_REQUIRED_ACTION: "reauth_required";
+/**
+ * Error codes emitted by agentd's `gateway-client.invokeTool` to classify
+ * failure modes for the ExecutionEngine to branch on. Kept as a const object
+ * rather than an enum so it serializes cleanly across the wire and in logs.
+ */
+declare const GATEWAY_ERROR_CODE: {
+    /** Upstream OAuth token is revoked — the user must re-auth at the SaaS provider. */
+    readonly REAUTH_REQUIRED: "REAUTH_REQUIRED";
+    /** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
+    readonly CREDENTIAL_INVALID: "CREDENTIAL_INVALID";
+    /** VC allowed a different resource than the request targeted. Try a new approval. */
+    readonly RESOURCE_MISMATCH: "RESOURCE_MISMATCH";
+};
+type GatewayErrorCode = (typeof GATEWAY_ERROR_CODE)[keyof typeof GATEWAY_ERROR_CODE];
 interface ActionParamDisplay {
     label: string;
     value: string;
@@ -8574,4 +8607,4 @@ declare function getTierLimits(tier: string | undefined | null): TierLimits;
 declare const version = "0.0.1";
-export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GatewayClient, GatewayError, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, ScopeUnmatchedError, type SecondaryBinding, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, signJWT, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };
+export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GATEWAY_ERROR_CODE, GatewayClient, GatewayError, type GatewayErrorCode, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, REAUTH_REQUIRED_ACTION, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, ScopeUnmatchedError, type SecondaryBinding, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, signJWT, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };

package/dist/index.js CHANGED Viewed

@@ -52,6 +52,7 @@ __export(index_exports, {
   DummyCreds: () => DummyCreds,
   DummyVpVerifier: () => DummyVpVerifier,
   FilesystemKeyStorage: () => FilesystemKeyStorage,
+  GATEWAY_ERROR_CODE: () => GATEWAY_ERROR_CODE,
   GatewayClient: () => GatewayClient,
   GatewayError: () => GatewayError,
   GrantResourceType: () => GrantResourceType,
@@ -67,6 +68,7 @@ __export(index_exports, {
   NetworkError: () => NetworkError,
   OAuthProvider: () => OAuthProvider,
   PROVIDER_ALIASES: () => PROVIDER_ALIASES,
+  REAUTH_REQUIRED_ACTION: () => REAUTH_REQUIRED_ACTION,
   RESOURCE_TYPES: () => RESOURCE_TYPES,
   ReceiptStatus: () => ReceiptStatus,
   SDJwtClient: () => SDJwtClient,
@@ -2930,6 +2932,8 @@ var AIdentityError = class extends Error {
     this.name = this.constructor.name;
     Object.setPrototypeOf(this, new.target.prototype);
   }
+  code;
+  details;
 };
 var VCExpiredError = class extends AIdentityError {
   constructor(message = "Verifiable Credential has expired", details) {
@@ -4090,6 +4094,8 @@ var GatewayError = class extends Error {
     this.responseBody = responseBody;
     this.name = "GatewayError";
   }
+  statusCode;
+  responseBody;
 };
 // src/auth/auth-provider.ts
@@ -4569,6 +4575,7 @@ var SimpleRebac = class {
   constructor(allowRelations = ["viewer", "editor", "admin", "owner", "act_as"]) {
     this.allowRelations = allowRelations;
   }
+  allowRelations;
   async check(_sub, relations) {
     return relations.some((r) => this.allowRelations.includes(r));
   }
@@ -4583,6 +4590,7 @@ var DummyVpVerifier = class {
   constructor(vc) {
     this.vc = vc;
   }
+  vc;
   async verifyAndExtractClaims() {
     return this.vc;
   }
@@ -5911,6 +5919,17 @@ function normalizeMcpActionName(toolName, actionName) {
   return actionName;
 }
+// src/registry/reauth-constants.ts
+var REAUTH_REQUIRED_ACTION = "reauth_required";
+var GATEWAY_ERROR_CODE = {
+  /** Upstream OAuth token is revoked — the user must re-auth at the SaaS provider. */
+  REAUTH_REQUIRED: "REAUTH_REQUIRED",
+  /** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
+  CREDENTIAL_INVALID: "CREDENTIAL_INVALID",
+  /** VC allowed a different resource than the request targeted. Try a new approval. */
+  RESOURCE_MISMATCH: "RESOURCE_MISMATCH"
+};
 // src/registry/action-summary.ts
 var ACTION_DISPLAY_CONFIGS = {
   "slack.message.post": {
@@ -6191,6 +6210,7 @@ var version = "0.0.1";
   DummyCreds,
   DummyVpVerifier,
   FilesystemKeyStorage,
+  GATEWAY_ERROR_CODE,
   GatewayClient,
   GatewayError,
   GrantResourceType,
@@ -6206,6 +6226,7 @@ var version = "0.0.1";
   NetworkError,
   OAuthProvider,
   PROVIDER_ALIASES,
+  REAUTH_REQUIRED_ACTION,
   RESOURCE_TYPES,
   ReceiptStatus,
   SDJwtClient,