@vess-id/ai-identity 0.5.0-alpha.13 → 0.5.0-alpha.14

package/dist/index.d.mts

@@ -8605,6 +8605,162 @@ declare function resolveUserTier(tier: string | undefined | null): UserTier;
  */
 declare function getTierLimits(tier: string | undefined | null): TierLimits;
 
+/**
+ * P1-A14a-1 / Threat Model S4 — canonical-string + signature-header
+ * helpers for HMAC body signing of internal HTTP requests.
+ *
+ * Pure module: no NestJS, no I/O, no side effects. SDK is the
+ * single source of truth (P1-A14a-2d) — api / remote-mcp /
+ * slack-bot all import from `@vess-id/ai-identity`.
+ *
+ * Header format (Q1 = A, Stripe-style versioned):
+ *   X-Internal-Signature: v1=<keyId>:<unixSeconds>:<base64(hmac)>
+ *
+ * Canonical string (Q2 = A, no header inclusion):
+ *   ${METHOD.toUpperCase()}\n${path}\n${unixSeconds}\n${sha256Hex(rawBody)}
+ *
+ * Replay window (Q3 = A): 300 seconds — enforced by the api guard,
+ * not here. This module is responsible for *constructing* the
+ * canonical string and *parsing* the header; freshness is policy.
+ */
+declare const SIGNATURE_HEADER = "x-internal-signature";
+declare const SIGNATURE_VERSION_PREFIX = "v1=";
+/**
+ * SHA-256 hex digest of an arbitrary buffer or string. Hex (not
+ * base64) so the canonical string is URL-safe and grep-friendly in
+ * logs if a future debug session ever needs to reconstruct it
+ * server-side.
+ */
+declare function sha256Hex(input: Buffer | string): string;
+/**
+ * Build the canonical string that gets HMAC'd. The components are
+ * separated by `\n` because no legitimate input contains `\n` (the
+ * method is uppercase ASCII, the path is URL-encoded by the caller,
+ * the timestamp is digits, the body hash is hex). Using `\n` as
+ * separator avoids ambiguity that delimiters like `:` would
+ * introduce when the path contains a colon.
+ *
+ * Whitespace is NOT trimmed — input must be exactly what will land
+ * on the wire. Caller controls case and encoding.
+ */
+declare function buildCanonicalString(args: {
+    method: string;
+    path: string;
+    unixSeconds: number;
+    rawBody: Buffer | string;
+}): string;
+/** Shape of a parsed `X-Internal-Signature` header. */
+interface ParsedSignature {
+    /** Identifier of the signing key (e.g. `'mcp-v2'`). */
+    keyId: string;
+    /** Unix epoch seconds at signing time. */
+    unixSeconds: number;
+    /** Base64-encoded HMAC-SHA256 digest. */
+    signature: string;
+}
+/**
+ * Parse a `X-Internal-Signature` header value. Returns `null` for
+ * any malformed shape rather than throwing — the api guard converts
+ * `null` to a `401 Unauthorized` so a malformed header never
+ * triggers a `500`.
+ *
+ * Accepted: `v1=<keyId>:<digits>:<base64>`
+ *
+ * Defensive checks:
+ *   - Must start with `v1=` (Q1: explicit version prefix)
+ *   - keyId / signature must be non-empty after split
+ *   - timestamp must parse to a finite, non-negative integer
+ *   - keyId must be ASCII identifier-safe ([A-Za-z0-9_-]+) so a
+ *     malicious header cannot smuggle control chars or whitespace
+ *     into log lines / metric labels
+ *   - signature must be valid base64 (only base64 alphabet chars)
+ */
+declare function parseSignatureHeader(headerValue: string | undefined): ParsedSignature | null;
+/**
+ * Format a ParsedSignature back into a header string. Round-trips
+ * with `parseSignatureHeader` for any validly-shaped input.
+ *
+ * Used by the signing side (HTTP client). Keeping it next to the
+ * parser pins the format in one place.
+ */
+declare function formatSignatureHeader(parsed: ParsedSignature): string;
+
+/**
+ * P1-A14a-2d — pure HMAC signer for outbound /api/internal/**
+ * requests. Lives in SDK so remote-mcp and slack-bot (both of which
+ * already depend on `@vess-id/ai-identity`) can attach
+ * `X-Internal-Signature` to every request without dragging the
+ * api package into their dependency graph.
+ *
+ * Pure (no I/O, no Nest). Mirrors the `utils/crypto.ts` profile:
+ * the only Node-builtin used is `crypto.createHmac`.
+ *
+ * Pairing with the verifier
+ * -------------------------
+ * The verifier (api side, `HmacKeyset.verify` →
+ * `buildCanonicalString` → constant-time compare) reads the same
+ * `buildCanonicalString` from this module by construction. As long
+ * as both sides pass the same `(method, path, unixSeconds, rawBody)`
+ * the HMACs match by definition.
+ *
+ * Body bytes
+ * ----------
+ * The caller MUST pass the exact bytes that go on the wire as
+ * `rawBody`. Re-running `JSON.stringify(...)` on each side would
+ * risk a byte mismatch (object key order is implementation-defined
+ * in spec, even though V8 preserves insertion order in practice).
+ * The api-client `makeRequest` helper computes `JSON.stringify`
+ * once, hands the same string to both `signRequest` and `fetch`.
+ */
+/**
+ * Minimum signer key length in raw bytes. 32 bytes = 256 bits
+ * matches HMAC-SHA256's natural block size and the verifier's
+ * `MIN_KEY_BYTES`. A truncated env var (accidental newline,
+ * copy-paste error) is the realistic failure mode this guards
+ * against.
+ */
+declare const MIN_SIGNER_KEY_BYTES = 32;
+interface InternalHmacSignerKey {
+    /** Stable identifier for the key, e.g. `'mcp-v1'`. Embedded in
+     *  the X-Internal-Signature header so the verifier can pick the
+     *  right key. Must match `/^[A-Za-z0-9_-]+$/`. */
+    keyId: string;
+    /** Raw HMAC secret. >= MIN_SIGNER_KEY_BYTES bytes. */
+    secret: Buffer;
+}
+interface SignRequestArgs {
+    /** HTTP method. Will be upper-cased by `buildCanonicalString`,
+     *  but callers should pass the uppercase form they use on the
+     *  wire so signer and `fetch()` stay in lockstep. */
+    method: string;
+    /** URL path with query string already stripped (verifier does
+     *  `request.originalUrl?.split('?')[0]`; signer must mirror).
+     *  Path encoding (e.g. `%2F` vs `/`) is caller's responsibility
+     *  — the canonical string treats them as different bytes. */
+    path: string;
+    /** Wire bytes. The same string/buffer passed to `fetch({body})`
+     *  must be passed here — `JSON.stringify` runs ONCE per request
+     *  in the caller. */
+    rawBody: Buffer | string;
+    /** Optional fixed timestamp for testing. Defaults to
+     *  `Math.floor(Date.now() / 1000)`. */
+    unixSeconds?: number;
+}
+/**
+ * Sign an outbound request and return a fully-formatted
+ * `X-Internal-Signature` header value. The caller sets the header
+ * on the outbound request directly:
+ *
+ * ```ts
+ * headers[SIGNATURE_HEADER] = signRequest(key, { method, path, rawBody })
+ * ```
+ *
+ * Throws if key material is invalid (bad keyId or short secret) —
+ * surfacing misconfiguration loudly at request time rather than
+ * silently producing a header the verifier will reject.
+ */
+declare function signRequest(key: InternalHmacSignerKey, args: SignRequestArgs): string;
+
 declare const version = "0.0.1";
 
-export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GATEWAY_ERROR_CODE, GatewayClient, GatewayError, type GatewayErrorCode, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, REAUTH_REQUIRED_ACTION, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, ScopeUnmatchedError, type SecondaryBinding, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, signJWT, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };
+export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GATEWAY_ERROR_CODE, GatewayClient, GatewayError, type GatewayErrorCode, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, type InternalHmacSignerKey, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, MIN_SIGNER_KEY_BYTES, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type ParsedSignature, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, REAUTH_REQUIRED_ACTION, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, SIGNATURE_HEADER, SIGNATURE_VERSION_PREFIX, ScopeUnmatchedError, type SecondaryBinding, type SignRequestArgs, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildCanonicalString, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, formatSignatureHeader, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, parseSignatureHeader, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, sha256Hex, signJWT, signRequest, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };

package/dist/index.d.ts

@@ -31,5 +31,6 @@ export { TargetResolver, extractProjectKey } from './resolver/target-resolver';
 export * from './types';
 export { isWriteAction, WRITE_ACTION_NAMES } from './utils/action-classifier';
 export { resolveUserTier, getTierLimits, isUnlimited } from './utils/tier-utils';
+export * from './internal-signature';
 export declare const version = "0.0.1";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAA;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,YAAY,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAA;AAC/E,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,EACL,aAAa,EACb,cAAc,EACd,WAAW,EACX,iBAAiB,GAClB,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EACL,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,mBAAmB,EACnB,0BAA0B,EAC1B,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,mCAAmC,CAAA;AAG1C,cAAc,WAAW,CAAA;AAGzB,YAAY,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAGzD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACtE,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAErD,cAAc,YAAY,CAAA;AAG1B,OAAO,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAA;AACtH,YAAY,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAGnE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAGlD,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EACvB,aAAa,EACb,eAAe,EACf,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAA;AAG9E,cAAc,SAAS,CAAA;AAGvB,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAG7E,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAGhF,eAAO,MAAM,OAAO,UAAU,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAA;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,YAAY,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAA;AAC/E,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,EACL,aAAa,EACb,cAAc,EACd,WAAW,EACX,iBAAiB,GAClB,MAAM,yBAAyB,CAAA;AAEhC,OAAO,EACL,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,mBAAmB,EACnB,0BAA0B,EAC1B,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,mCAAmC,CAAA;AAG1C,cAAc,WAAW,CAAA;AAGzB,YAAY,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAGzD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACtE,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAErD,cAAc,YAAY,CAAA;AAG1B,OAAO,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAA;AACtH,YAAY,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAGnE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAGlD,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EACvB,aAAa,EACb,eAAe,EACf,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAA;AAG9E,cAAc,SAAS,CAAA;AAGvB,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAG7E,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAKhF,cAAc,sBAAsB,CAAA;AAGpC,eAAO,MAAM,OAAO,UAAU,CAAA"}

package/dist/index.js

@@ -63,6 +63,7 @@ __export(index_exports, {
   JsonStateStore: () => JsonStateStore,
   KeyManager: () => KeyManager,
   LEGACY_RESOURCE_TYPE_MAP: () => LEGACY_RESOURCE_TYPE_MAP,
+  MIN_SIGNER_KEY_BYTES: () => MIN_SIGNER_KEY_BYTES,
   MemoryKeyStorage: () => MemoryKeyStorage,
   MemoryManager: () => MemoryManager,
   NetworkError: () => NetworkError,
@@ -72,6 +73,8 @@ __export(index_exports, {
   RESOURCE_TYPES: () => RESOURCE_TYPES,
   ReceiptStatus: () => ReceiptStatus,
   SDJwtClient: () => SDJwtClient,
+  SIGNATURE_HEADER: () => SIGNATURE_HEADER,
+  SIGNATURE_VERSION_PREFIX: () => SIGNATURE_VERSION_PREFIX,
   ScopeUnmatchedError: () => ScopeUnmatchedError,
   SimpleRebac: () => SimpleRebac,
   StandardActionCategory: () => StandardActionCategory,
@@ -89,6 +92,7 @@ __export(index_exports, {
   VCType: () => VCType,
   VPManager: () => VPManager,
   WRITE_ACTION_NAMES: () => WRITE_ACTION_NAMES,
+  buildCanonicalString: () => buildCanonicalString,
   buildGrantIdFields: () => buildGrantIdFields,
   canonicalizeAction: () => canonicalizeAction,
   checkPermissionWithVP: () => checkPermissionWithVP,
@@ -101,6 +105,7 @@ __export(index_exports, {
   extractProjectKey: () => extractProjectKey,
   extractPublicKey: () => extractPublicKey,
   extractPublicKeyFromDid: () => extractPublicKeyFromDid,
+  formatSignatureHeader: () => formatSignatureHeader,
   generateActionParamsDisplay: () => generateActionParamsDisplay,
   generateActionSummary: () => generateActionSummary,
   generateKeyPair: () => generateKeyPair,
@@ -130,13 +135,16 @@ __export(index_exports, {
   normalizeMcpActionName: () => normalizeMcpActionName,
   parseGrantAction: () => parseGrantAction,
   parseGrantResourceType: () => parseGrantResourceType,
+  parseSignatureHeader: () => parseSignatureHeader,
   planDelegationForVC: () => planDelegationForVC,
   publicKeysMatch: () => publicKeysMatch,
   resolveActionsFromSelection: () => resolveActionsFromSelection,
   resolveProvider: () => resolveProvider,
   resolveResourceType: () => resolveResourceType,
   resolveUserTier: () => resolveUserTier,
+  sha256Hex: () => sha256Hex,
   signJWT: () => signJWT,
+  signRequest: () => signRequest,
   validateRegistryObject: () => validateRegistryObject,
   vcStatusToCredentialStatus: () => vcStatusToCredentialStatus,
   verifyJWT: () => verifyJWT,
@@ -6184,6 +6192,70 @@ function getTierLimits(tier) {
   return TIER_LIMITS[resolveUserTier(tier)];
 }
 
+// src/internal-signature/canonical.ts
+var import_crypto3 = require("crypto");
+var SIGNATURE_HEADER = "x-internal-signature";
+var SIGNATURE_VERSION_PREFIX = "v1=";
+function sha256Hex(input) {
+  return (0, import_crypto3.createHash)("sha256").update(input).digest("hex");
+}
+function buildCanonicalString(args) {
+  const { method, path: path4, unixSeconds, rawBody } = args;
+  return [method.toUpperCase(), path4, String(unixSeconds), sha256Hex(rawBody)].join("\n");
+}
+function parseSignatureHeader(headerValue) {
+  if (typeof headerValue !== "string" || !headerValue.startsWith(SIGNATURE_VERSION_PREFIX)) {
+    return null;
+  }
+  const payload = headerValue.slice(SIGNATURE_VERSION_PREFIX.length);
+  const parts = payload.split(":");
+  if (parts.length !== 3) return null;
+  const [keyId, tsStr, signature] = parts;
+  if (!keyId || !tsStr || !signature) return null;
+  if (!/^[A-Za-z0-9_-]+$/.test(keyId)) return null;
+  if (!/^\d+$/.test(tsStr)) return null;
+  const unixSeconds = Number(tsStr);
+  if (!Number.isFinite(unixSeconds) || unixSeconds < 0) return null;
+  if (!/^[A-Za-z0-9+/]+=*$/.test(signature)) return null;
+  return { keyId, unixSeconds, signature };
+}
+function formatSignatureHeader(parsed) {
+  return `${SIGNATURE_VERSION_PREFIX}${parsed.keyId}:${parsed.unixSeconds}:${parsed.signature}`;
+}
+
+// src/internal-signature/signer.ts
+var import_crypto4 = require("crypto");
+var MIN_SIGNER_KEY_BYTES = 32;
+function signRequest(key, args) {
+  assertKeyMaterial(key);
+  const unixSeconds = args.unixSeconds ?? Math.floor(Date.now() / 1e3);
+  const canonical = buildCanonicalString({
+    method: args.method,
+    path: args.path,
+    unixSeconds,
+    rawBody: args.rawBody
+  });
+  const signature = (0, import_crypto4.createHmac)("sha256", key.secret).update(canonical).digest("base64");
+  const parsed = {
+    keyId: key.keyId,
+    unixSeconds,
+    signature
+  };
+  return formatSignatureHeader(parsed);
+}
+function assertKeyMaterial(k) {
+  if (!k.keyId || !/^[A-Za-z0-9_-]+$/.test(k.keyId)) {
+    throw new Error(
+      `internal-signature signer: invalid keyId ${JSON.stringify(k.keyId)} (must match /^[A-Za-z0-9_-]+$/)`
+    );
+  }
+  if (!Buffer.isBuffer(k.secret) || k.secret.length < MIN_SIGNER_KEY_BYTES) {
+    throw new Error(
+      `internal-signature signer: secret too short for keyId=${k.keyId} (${Buffer.isBuffer(k.secret) ? k.secret.length : "not a Buffer"} bytes; minimum ${MIN_SIGNER_KEY_BYTES} required)`
+    );
+  }
+}
+
 // src/index.ts
 var version = "0.0.1";
 // Annotate the CommonJS export names for ESM import in node:
@@ -6221,6 +6293,7 @@ var version = "0.0.1";
   JsonStateStore,
   KeyManager,
   LEGACY_RESOURCE_TYPE_MAP,
+  MIN_SIGNER_KEY_BYTES,
   MemoryKeyStorage,
   MemoryManager,
   NetworkError,
@@ -6230,6 +6303,8 @@ var version = "0.0.1";
   RESOURCE_TYPES,
   ReceiptStatus,
   SDJwtClient,
+  SIGNATURE_HEADER,
+  SIGNATURE_VERSION_PREFIX,
   ScopeUnmatchedError,
   SimpleRebac,
   StandardActionCategory,
@@ -6247,6 +6322,7 @@ var version = "0.0.1";
   VCType,
   VPManager,
   WRITE_ACTION_NAMES,
+  buildCanonicalString,
   buildGrantIdFields,
   canonicalizeAction,
   checkPermissionWithVP,
@@ -6259,6 +6335,7 @@ var version = "0.0.1";
   extractProjectKey,
   extractPublicKey,
   extractPublicKeyFromDid,
+  formatSignatureHeader,
   generateActionParamsDisplay,
   generateActionSummary,
   generateKeyPair,
@@ -6288,13 +6365,16 @@ var version = "0.0.1";
   normalizeMcpActionName,
   parseGrantAction,
   parseGrantResourceType,
+  parseSignatureHeader,
   planDelegationForVC,
   publicKeysMatch,
   resolveActionsFromSelection,
   resolveProvider,
   resolveResourceType,
   resolveUserTier,
+  sha256Hex,
   signJWT,
+  signRequest,
   validateRegistryObject,
   vcStatusToCredentialStatus,
   verifyJWT,