@vorionsys/contracts 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (219) hide show
  1. package/CHANGELOG.md +44 -0
  2. package/LICENSE +190 -0
  3. package/README.md +435 -0
  4. package/dist/aci/index.d.ts +6 -62
  5. package/dist/aci/index.d.ts.map +1 -1
  6. package/dist/aci/index.js +22 -152
  7. package/dist/aci/index.js.map +1 -1
  8. package/dist/canonical/agent.d.ts +2 -2
  9. package/dist/canonical/agent.d.ts.map +1 -1
  10. package/dist/canonical/agent.js +146 -130
  11. package/dist/canonical/agent.js.map +1 -1
  12. package/dist/canonical/governance.d.ts +1 -1
  13. package/dist/canonical/governance.js +134 -120
  14. package/dist/canonical/governance.js.map +1 -1
  15. package/dist/canonical/index.d.ts +1 -0
  16. package/dist/canonical/index.d.ts.map +1 -1
  17. package/dist/canonical/index.js +26 -8
  18. package/dist/canonical/index.js.map +1 -1
  19. package/dist/canonical/intent.d.ts +8 -15
  20. package/dist/canonical/intent.d.ts.map +1 -1
  21. package/dist/canonical/intent.js +91 -82
  22. package/dist/canonical/intent.js.map +1 -1
  23. package/dist/canonical/middleware.d.ts +513 -0
  24. package/dist/canonical/middleware.d.ts.map +1 -0
  25. package/dist/canonical/middleware.js +218 -0
  26. package/dist/canonical/middleware.js.map +1 -0
  27. package/dist/canonical/risk-level.d.ts +1 -1
  28. package/dist/canonical/risk-level.js +66 -46
  29. package/dist/canonical/risk-level.js.map +1 -1
  30. package/dist/canonical/trust-band.d.ts +1 -1
  31. package/dist/canonical/trust-band.js +39 -28
  32. package/dist/canonical/trust-band.js.map +1 -1
  33. package/dist/canonical/trust-score.d.ts +1 -1
  34. package/dist/canonical/trust-score.js +46 -29
  35. package/dist/canonical/trust-score.js.map +1 -1
  36. package/dist/canonical/trust-signal.d.ts +13 -13
  37. package/dist/canonical/trust-signal.js +91 -78
  38. package/dist/canonical/trust-signal.js.map +1 -1
  39. package/dist/canonical/validation.js +148 -102
  40. package/dist/canonical/validation.js.map +1 -1
  41. package/dist/{aci → car}/attestation.d.ts +73 -73
  42. package/dist/{aci → car}/attestation.d.ts.map +1 -1
  43. package/dist/{aci → car}/attestation.js +69 -59
  44. package/dist/car/attestation.js.map +1 -0
  45. package/dist/car/car-string.d.ts +846 -0
  46. package/dist/car/car-string.d.ts.map +1 -0
  47. package/dist/car/car-string.js +734 -0
  48. package/dist/car/car-string.js.map +1 -0
  49. package/dist/{aci → car}/domains.d.ts +3 -3
  50. package/dist/{aci → car}/domains.d.ts.map +1 -1
  51. package/dist/{aci → car}/domains.js +57 -39
  52. package/dist/car/domains.js.map +1 -0
  53. package/dist/{aci → car}/effective-permission.d.ts +8 -8
  54. package/dist/{aci → car}/effective-permission.d.ts.map +1 -1
  55. package/dist/{aci → car}/effective-permission.js +59 -46
  56. package/dist/car/effective-permission.js.map +1 -0
  57. package/dist/{aci → car}/identity.d.ts +235 -129
  58. package/dist/car/identity.d.ts.map +1 -0
  59. package/dist/{aci → car}/identity.js +125 -105
  60. package/dist/car/identity.js.map +1 -0
  61. package/dist/car/index.d.ts +104 -0
  62. package/dist/car/index.d.ts.map +1 -0
  63. package/dist/car/index.js +401 -0
  64. package/dist/car/index.js.map +1 -0
  65. package/dist/car/jwt-claims.d.ts +1364 -0
  66. package/dist/car/jwt-claims.d.ts.map +1 -0
  67. package/dist/car/jwt-claims.js +388 -0
  68. package/dist/car/jwt-claims.js.map +1 -0
  69. package/dist/{aci → car}/levels.d.ts +5 -5
  70. package/dist/{aci → car}/levels.d.ts.map +1 -1
  71. package/dist/{aci → car}/levels.js +81 -62
  72. package/dist/car/levels.js.map +1 -0
  73. package/dist/{aci → car}/mapping.d.ts +5 -5
  74. package/dist/{aci → car}/mapping.d.ts.map +1 -1
  75. package/dist/{aci → car}/mapping.js +96 -76
  76. package/dist/car/mapping.js.map +1 -0
  77. package/dist/{aci → car}/skills.d.ts +4 -4
  78. package/dist/{aci → car}/skills.d.ts.map +1 -1
  79. package/dist/{aci → car}/skills.js +72 -50
  80. package/dist/car/skills.js.map +1 -0
  81. package/dist/{aci → car}/tiers.d.ts +3 -3
  82. package/dist/{aci → car}/tiers.d.ts.map +1 -1
  83. package/dist/{aci → car}/tiers.js +140 -113
  84. package/dist/car/tiers.js.map +1 -0
  85. package/dist/common/index.d.ts +1 -0
  86. package/dist/common/index.d.ts.map +1 -1
  87. package/dist/common/index.js +18 -1
  88. package/dist/common/index.js.map +1 -1
  89. package/dist/common/primitives.d.ts +9 -7
  90. package/dist/common/primitives.d.ts.map +1 -1
  91. package/dist/common/primitives.js +30 -25
  92. package/dist/common/primitives.js.map +1 -1
  93. package/dist/common/types.d.ts +328 -0
  94. package/dist/common/types.d.ts.map +1 -0
  95. package/dist/common/types.js +61 -0
  96. package/dist/common/types.js.map +1 -0
  97. package/dist/db/agents.d.ts +1914 -0
  98. package/dist/db/agents.d.ts.map +1 -0
  99. package/dist/db/agents.js +283 -0
  100. package/dist/db/agents.js.map +1 -0
  101. package/dist/db/api-keys.d.ts +506 -0
  102. package/dist/db/api-keys.d.ts.map +1 -0
  103. package/dist/db/api-keys.js +101 -0
  104. package/dist/db/api-keys.js.map +1 -0
  105. package/dist/db/escalations.d.ts +554 -0
  106. package/dist/db/escalations.d.ts.map +1 -0
  107. package/dist/db/escalations.js +100 -0
  108. package/dist/db/escalations.js.map +1 -0
  109. package/dist/db/index.d.ts +20 -0
  110. package/dist/db/index.d.ts.map +1 -0
  111. package/dist/db/index.js +47 -0
  112. package/dist/db/index.js.map +1 -0
  113. package/dist/db/intents.d.ts +535 -0
  114. package/dist/db/intents.d.ts.map +1 -0
  115. package/dist/db/intents.js +93 -0
  116. package/dist/db/intents.js.map +1 -0
  117. package/dist/db/merkle.d.ts +475 -0
  118. package/dist/db/merkle.d.ts.map +1 -0
  119. package/dist/db/merkle.js +103 -0
  120. package/dist/db/merkle.js.map +1 -0
  121. package/dist/db/operations.d.ts +256 -0
  122. package/dist/db/operations.d.ts.map +1 -0
  123. package/dist/db/operations.js +68 -0
  124. package/dist/db/operations.js.map +1 -0
  125. package/dist/db/policy-versions.d.ts +149 -0
  126. package/dist/db/policy-versions.d.ts.map +1 -0
  127. package/dist/db/policy-versions.js +44 -0
  128. package/dist/db/policy-versions.js.map +1 -0
  129. package/dist/db/proofs.d.ts +412 -0
  130. package/dist/db/proofs.d.ts.map +1 -0
  131. package/dist/db/proofs.js +66 -0
  132. package/dist/db/proofs.js.map +1 -0
  133. package/dist/db/rbac.d.ts +882 -0
  134. package/dist/db/rbac.d.ts.map +1 -0
  135. package/dist/db/rbac.js +189 -0
  136. package/dist/db/rbac.js.map +1 -0
  137. package/dist/db/service-accounts.d.ts +783 -0
  138. package/dist/db/service-accounts.d.ts.map +1 -0
  139. package/dist/db/service-accounts.js +179 -0
  140. package/dist/db/service-accounts.js.map +1 -0
  141. package/dist/db/trust.d.ts +603 -0
  142. package/dist/db/trust.d.ts.map +1 -0
  143. package/dist/db/trust.js +111 -0
  144. package/dist/db/trust.js.map +1 -0
  145. package/dist/db/webhooks.d.ts +382 -0
  146. package/dist/db/webhooks.d.ts.map +1 -0
  147. package/dist/db/webhooks.js +94 -0
  148. package/dist/db/webhooks.js.map +1 -0
  149. package/dist/flags.d.ts +214 -0
  150. package/dist/flags.d.ts.map +1 -0
  151. package/dist/flags.js +443 -0
  152. package/dist/flags.js.map +1 -0
  153. package/dist/index.d.ts +3 -1
  154. package/dist/index.d.ts.map +1 -1
  155. package/dist/index.js +47 -4
  156. package/dist/index.js.map +1 -1
  157. package/dist/v2/canary-probe.js +10 -7
  158. package/dist/v2/canary-probe.js.map +1 -1
  159. package/dist/v2/component.js +2 -1
  160. package/dist/v2/component.js.map +1 -1
  161. package/dist/v2/decision.js +5 -2
  162. package/dist/v2/decision.js.map +1 -1
  163. package/dist/v2/enums.js +28 -25
  164. package/dist/v2/enums.js.map +1 -1
  165. package/dist/v2/evidence.js +75 -72
  166. package/dist/v2/evidence.js.map +1 -1
  167. package/dist/v2/execution.js +2 -1
  168. package/dist/v2/execution.js.map +1 -1
  169. package/dist/v2/index.js +29 -13
  170. package/dist/v2/index.js.map +1 -1
  171. package/dist/v2/intent.js +2 -1
  172. package/dist/v2/intent.js.map +1 -1
  173. package/dist/v2/policy-bundle.js +5 -2
  174. package/dist/v2/policy-bundle.js.map +1 -1
  175. package/dist/v2/pre-action-gate.js +10 -7
  176. package/dist/v2/pre-action-gate.js.map +1 -1
  177. package/dist/v2/proof-event.d.ts +3 -1
  178. package/dist/v2/proof-event.d.ts.map +1 -1
  179. package/dist/v2/proof-event.js +2 -1
  180. package/dist/v2/proof-event.js.map +1 -1
  181. package/dist/v2/retention.js +104 -101
  182. package/dist/v2/retention.js.map +1 -1
  183. package/dist/v2/trust-delta.js +5 -2
  184. package/dist/v2/trust-delta.js.map +1 -1
  185. package/dist/v2/trust-profile.js +12 -9
  186. package/dist/v2/trust-profile.js.map +1 -1
  187. package/dist/validators/decision.d.ts +2 -2
  188. package/dist/validators/decision.js +49 -46
  189. package/dist/validators/decision.js.map +1 -1
  190. package/dist/validators/enums.js +14 -11
  191. package/dist/validators/enums.js.map +1 -1
  192. package/dist/validators/index.js +30 -9
  193. package/dist/validators/index.js.map +1 -1
  194. package/dist/validators/intent.js +40 -37
  195. package/dist/validators/intent.js.map +1 -1
  196. package/dist/validators/proof-event.d.ts +3 -0
  197. package/dist/validators/proof-event.d.ts.map +1 -1
  198. package/dist/validators/proof-event.js +103 -99
  199. package/dist/validators/proof-event.js.map +1 -1
  200. package/dist/validators/trust-profile.js +40 -37
  201. package/dist/validators/trust-profile.js.map +1 -1
  202. package/package.json +81 -15
  203. package/dist/aci/aci-string.d.ts +0 -539
  204. package/dist/aci/aci-string.d.ts.map +0 -1
  205. package/dist/aci/aci-string.js +0 -563
  206. package/dist/aci/aci-string.js.map +0 -1
  207. package/dist/aci/attestation.js.map +0 -1
  208. package/dist/aci/domains.js.map +0 -1
  209. package/dist/aci/effective-permission.js.map +0 -1
  210. package/dist/aci/identity.d.ts.map +0 -1
  211. package/dist/aci/identity.js.map +0 -1
  212. package/dist/aci/jwt-claims.d.ts +0 -756
  213. package/dist/aci/jwt-claims.d.ts.map +0 -1
  214. package/dist/aci/jwt-claims.js +0 -335
  215. package/dist/aci/jwt-claims.js.map +0 -1
  216. package/dist/aci/levels.js.map +0 -1
  217. package/dist/aci/mapping.js.map +0 -1
  218. package/dist/aci/skills.js.map +0 -1
  219. package/dist/aci/tiers.js.map +0 -1
package/dist/db/api-keys.d.ts ADDED
@@ -0,0 +1,506 @@
1
+ /**
2
+ * API Keys Schema
3
+ *
4
+ * Database schema for API key storage using Drizzle ORM.
5
+ * Includes tables for API keys and rate limit state tracking.
6
+ *
7
+ * @packageDocumentation
8
+ */
9
+ /**
10
+ * API key status enum
11
+ */
12
+ export declare const apiKeyStatusEnum: import("drizzle-orm/pg-core").PgEnum<["active", "revoked", "expired"]>;
13
+ /**
14
+ * API keys table - stores API key records with all metadata
15
+ */
16
+ export declare const apiKeys: import("drizzle-orm/pg-core").PgTableWithColumns<{
17
+ name: "api_keys";
18
+ schema: undefined;
19
+ columns: {
20
+ id: import("drizzle-orm/pg-core").PgColumn<{
21
+ name: "id";
22
+ tableName: "api_keys";
23
+ dataType: "string";
24
+ columnType: "PgUUID";
25
+ data: string;
26
+ driverParam: string;
27
+ notNull: true;
28
+ hasDefault: true;
29
+ isPrimaryKey: true;
30
+ isAutoincrement: false;
31
+ hasRuntimeDefault: false;
32
+ enumValues: undefined;
33
+ baseColumn: never;
34
+ identity: undefined;
35
+ generated: undefined;
36
+ }, {}, {}>;
37
+ name: import("drizzle-orm/pg-core").PgColumn<{
38
+ name: "name";
39
+ tableName: "api_keys";
40
+ dataType: "string";
41
+ columnType: "PgText";
42
+ data: string;
43
+ driverParam: string;
44
+ notNull: true;
45
+ hasDefault: false;
46
+ isPrimaryKey: false;
47
+ isAutoincrement: false;
48
+ hasRuntimeDefault: false;
49
+ enumValues: [string, ...string[]];
50
+ baseColumn: never;
51
+ identity: undefined;
52
+ generated: undefined;
53
+ }, {}, {}>;
54
+ prefix: import("drizzle-orm/pg-core").PgColumn<{
55
+ name: "prefix";
56
+ tableName: "api_keys";
57
+ dataType: "string";
58
+ columnType: "PgText";
59
+ data: string;
60
+ driverParam: string;
61
+ notNull: true;
62
+ hasDefault: false;
63
+ isPrimaryKey: false;
64
+ isAutoincrement: false;
65
+ hasRuntimeDefault: false;
66
+ enumValues: [string, ...string[]];
67
+ baseColumn: never;
68
+ identity: undefined;
69
+ generated: undefined;
70
+ }, {}, {}>;
71
+ hashedKey: import("drizzle-orm/pg-core").PgColumn<{
72
+ name: "hashed_key";
73
+ tableName: "api_keys";
74
+ dataType: "string";
75
+ columnType: "PgText";
76
+ data: string;
77
+ driverParam: string;
78
+ notNull: true;
79
+ hasDefault: false;
80
+ isPrimaryKey: false;
81
+ isAutoincrement: false;
82
+ hasRuntimeDefault: false;
83
+ enumValues: [string, ...string[]];
84
+ baseColumn: never;
85
+ identity: undefined;
86
+ generated: undefined;
87
+ }, {}, {}>;
88
+ tenantId: import("drizzle-orm/pg-core").PgColumn<{
89
+ name: "tenant_id";
90
+ tableName: "api_keys";
91
+ dataType: "string";
92
+ columnType: "PgText";
93
+ data: string;
94
+ driverParam: string;
95
+ notNull: true;
96
+ hasDefault: false;
97
+ isPrimaryKey: false;
98
+ isAutoincrement: false;
99
+ hasRuntimeDefault: false;
100
+ enumValues: [string, ...string[]];
101
+ baseColumn: never;
102
+ identity: undefined;
103
+ generated: undefined;
104
+ }, {}, {}>;
105
+ createdBy: import("drizzle-orm/pg-core").PgColumn<{
106
+ name: "created_by";
107
+ tableName: "api_keys";
108
+ dataType: "string";
109
+ columnType: "PgText";
110
+ data: string;
111
+ driverParam: string;
112
+ notNull: true;
113
+ hasDefault: false;
114
+ isPrimaryKey: false;
115
+ isAutoincrement: false;
116
+ hasRuntimeDefault: false;
117
+ enumValues: [string, ...string[]];
118
+ baseColumn: never;
119
+ identity: undefined;
120
+ generated: undefined;
121
+ }, {}, {}>;
122
+ scopes: import("drizzle-orm/pg-core").PgColumn<{
123
+ name: "scopes";
124
+ tableName: "api_keys";
125
+ dataType: "json";
126
+ columnType: "PgJsonb";
127
+ data: string[];
128
+ driverParam: unknown;
129
+ notNull: true;
130
+ hasDefault: true;
131
+ isPrimaryKey: false;
132
+ isAutoincrement: false;
133
+ hasRuntimeDefault: false;
134
+ enumValues: undefined;
135
+ baseColumn: never;
136
+ identity: undefined;
137
+ generated: undefined;
138
+ }, {}, {
139
+ $type: string[];
140
+ }>;
141
+ rateLimitRequestsPerMinute: import("drizzle-orm/pg-core").PgColumn<{
142
+ name: "rate_limit_requests_per_minute";
143
+ tableName: "api_keys";
144
+ dataType: "number";
145
+ columnType: "PgInteger";
146
+ data: number;
147
+ driverParam: string | number;
148
+ notNull: true;
149
+ hasDefault: true;
150
+ isPrimaryKey: false;
151
+ isAutoincrement: false;
152
+ hasRuntimeDefault: false;
153
+ enumValues: undefined;
154
+ baseColumn: never;
155
+ identity: undefined;
156
+ generated: undefined;
157
+ }, {}, {}>;
158
+ rateLimitRequestsPerHour: import("drizzle-orm/pg-core").PgColumn<{
159
+ name: "rate_limit_requests_per_hour";
160
+ tableName: "api_keys";
161
+ dataType: "number";
162
+ columnType: "PgInteger";
163
+ data: number;
164
+ driverParam: string | number;
165
+ notNull: true;
166
+ hasDefault: true;
167
+ isPrimaryKey: false;
168
+ isAutoincrement: false;
169
+ hasRuntimeDefault: false;
170
+ enumValues: undefined;
171
+ baseColumn: never;
172
+ identity: undefined;
173
+ generated: undefined;
174
+ }, {}, {}>;
175
+ rateLimitBurstLimit: import("drizzle-orm/pg-core").PgColumn<{
176
+ name: "rate_limit_burst_limit";
177
+ tableName: "api_keys";
178
+ dataType: "number";
179
+ columnType: "PgInteger";
180
+ data: number;
181
+ driverParam: string | number;
182
+ notNull: true;
183
+ hasDefault: true;
184
+ isPrimaryKey: false;
185
+ isAutoincrement: false;
186
+ hasRuntimeDefault: false;
187
+ enumValues: undefined;
188
+ baseColumn: never;
189
+ identity: undefined;
190
+ generated: undefined;
191
+ }, {}, {}>;
192
+ status: import("drizzle-orm/pg-core").PgColumn<{
193
+ name: "status";
194
+ tableName: "api_keys";
195
+ dataType: "string";
196
+ columnType: "PgEnumColumn";
197
+ data: "active" | "revoked" | "expired";
198
+ driverParam: string;
199
+ notNull: true;
200
+ hasDefault: true;
201
+ isPrimaryKey: false;
202
+ isAutoincrement: false;
203
+ hasRuntimeDefault: false;
204
+ enumValues: ["active", "revoked", "expired"];
205
+ baseColumn: never;
206
+ identity: undefined;
207
+ generated: undefined;
208
+ }, {}, {}>;
209
+ expiresAt: import("drizzle-orm/pg-core").PgColumn<{
210
+ name: "expires_at";
211
+ tableName: "api_keys";
212
+ dataType: "date";
213
+ columnType: "PgTimestamp";
214
+ data: Date;
215
+ driverParam: string;
216
+ notNull: false;
217
+ hasDefault: false;
218
+ isPrimaryKey: false;
219
+ isAutoincrement: false;
220
+ hasRuntimeDefault: false;
221
+ enumValues: undefined;
222
+ baseColumn: never;
223
+ identity: undefined;
224
+ generated: undefined;
225
+ }, {}, {}>;
226
+ createdAt: import("drizzle-orm/pg-core").PgColumn<{
227
+ name: "created_at";
228
+ tableName: "api_keys";
229
+ dataType: "date";
230
+ columnType: "PgTimestamp";
231
+ data: Date;
232
+ driverParam: string;
233
+ notNull: true;
234
+ hasDefault: true;
235
+ isPrimaryKey: false;
236
+ isAutoincrement: false;
237
+ hasRuntimeDefault: false;
238
+ enumValues: undefined;
239
+ baseColumn: never;
240
+ identity: undefined;
241
+ generated: undefined;
242
+ }, {}, {}>;
243
+ lastUsedAt: import("drizzle-orm/pg-core").PgColumn<{
244
+ name: "last_used_at";
245
+ tableName: "api_keys";
246
+ dataType: "date";
247
+ columnType: "PgTimestamp";
248
+ data: Date;
249
+ driverParam: string;
250
+ notNull: false;
251
+ hasDefault: false;
252
+ isPrimaryKey: false;
253
+ isAutoincrement: false;
254
+ hasRuntimeDefault: false;
255
+ enumValues: undefined;
256
+ baseColumn: never;
257
+ identity: undefined;
258
+ generated: undefined;
259
+ }, {}, {}>;
260
+ description: import("drizzle-orm/pg-core").PgColumn<{
261
+ name: "description";
262
+ tableName: "api_keys";
263
+ dataType: "string";
264
+ columnType: "PgText";
265
+ data: string;
266
+ driverParam: string;
267
+ notNull: false;
268
+ hasDefault: false;
269
+ isPrimaryKey: false;
270
+ isAutoincrement: false;
271
+ hasRuntimeDefault: false;
272
+ enumValues: [string, ...string[]];
273
+ baseColumn: never;
274
+ identity: undefined;
275
+ generated: undefined;
276
+ }, {}, {}>;
277
+ allowedIps: import("drizzle-orm/pg-core").PgColumn<{
278
+ name: "allowed_ips";
279
+ tableName: "api_keys";
280
+ dataType: "json";
281
+ columnType: "PgJsonb";
282
+ data: string[];
283
+ driverParam: unknown;
284
+ notNull: false;
285
+ hasDefault: false;
286
+ isPrimaryKey: false;
287
+ isAutoincrement: false;
288
+ hasRuntimeDefault: false;
289
+ enumValues: undefined;
290
+ baseColumn: never;
291
+ identity: undefined;
292
+ generated: undefined;
293
+ }, {}, {
294
+ $type: string[];
295
+ }>;
296
+ metadata: import("drizzle-orm/pg-core").PgColumn<{
297
+ name: "metadata";
298
+ tableName: "api_keys";
299
+ dataType: "json";
300
+ columnType: "PgJsonb";
301
+ data: Record<string, unknown>;
302
+ driverParam: unknown;
303
+ notNull: false;
304
+ hasDefault: true;
305
+ isPrimaryKey: false;
306
+ isAutoincrement: false;
307
+ hasRuntimeDefault: false;
308
+ enumValues: undefined;
309
+ baseColumn: never;
310
+ identity: undefined;
311
+ generated: undefined;
312
+ }, {}, {
313
+ $type: Record<string, unknown>;
314
+ }>;
315
+ };
316
+ dialect: "pg";
317
+ }>;
318
+ /**
319
+ * Rate limit state table - tracks rate limiting state per API key
320
+ *
321
+ * Note: This is designed for database persistence when Redis is unavailable.
322
+ * For high-performance rate limiting, Redis should be preferred.
323
+ * This table includes TTL-based cleanup support.
324
+ */
325
+ export declare const apiKeyRateLimits: import("drizzle-orm/pg-core").PgTableWithColumns<{
326
+ name: "api_key_rate_limits";
327
+ schema: undefined;
328
+ columns: {
329
+ id: import("drizzle-orm/pg-core").PgColumn<{
330
+ name: "id";
331
+ tableName: "api_key_rate_limits";
332
+ dataType: "string";
333
+ columnType: "PgUUID";
334
+ data: string;
335
+ driverParam: string;
336
+ notNull: true;
337
+ hasDefault: true;
338
+ isPrimaryKey: true;
339
+ isAutoincrement: false;
340
+ hasRuntimeDefault: false;
341
+ enumValues: undefined;
342
+ baseColumn: never;
343
+ identity: undefined;
344
+ generated: undefined;
345
+ }, {}, {}>;
346
+ keyId: import("drizzle-orm/pg-core").PgColumn<{
347
+ name: "key_id";
348
+ tableName: "api_key_rate_limits";
349
+ dataType: "string";
350
+ columnType: "PgUUID";
351
+ data: string;
352
+ driverParam: string;
353
+ notNull: true;
354
+ hasDefault: false;
355
+ isPrimaryKey: false;
356
+ isAutoincrement: false;
357
+ hasRuntimeDefault: false;
358
+ enumValues: undefined;
359
+ baseColumn: never;
360
+ identity: undefined;
361
+ generated: undefined;
362
+ }, {}, {}>;
363
+ secondCount: import("drizzle-orm/pg-core").PgColumn<{
364
+ name: "second_count";
365
+ tableName: "api_key_rate_limits";
366
+ dataType: "number";
367
+ columnType: "PgInteger";
368
+ data: number;
369
+ driverParam: string | number;
370
+ notNull: true;
371
+ hasDefault: true;
372
+ isPrimaryKey: false;
373
+ isAutoincrement: false;
374
+ hasRuntimeDefault: false;
375
+ enumValues: undefined;
376
+ baseColumn: never;
377
+ identity: undefined;
378
+ generated: undefined;
379
+ }, {}, {}>;
380
+ secondResetAt: import("drizzle-orm/pg-core").PgColumn<{
381
+ name: "second_reset_at";
382
+ tableName: "api_key_rate_limits";
383
+ dataType: "number";
384
+ columnType: "PgBigInt53";
385
+ data: number;
386
+ driverParam: string | number;
387
+ notNull: true;
388
+ hasDefault: false;
389
+ isPrimaryKey: false;
390
+ isAutoincrement: false;
391
+ hasRuntimeDefault: false;
392
+ enumValues: undefined;
393
+ baseColumn: never;
394
+ identity: undefined;
395
+ generated: undefined;
396
+ }, {}, {}>;
397
+ minuteCount: import("drizzle-orm/pg-core").PgColumn<{
398
+ name: "minute_count";
399
+ tableName: "api_key_rate_limits";
400
+ dataType: "number";
401
+ columnType: "PgInteger";
402
+ data: number;
403
+ driverParam: string | number;
404
+ notNull: true;
405
+ hasDefault: true;
406
+ isPrimaryKey: false;
407
+ isAutoincrement: false;
408
+ hasRuntimeDefault: false;
409
+ enumValues: undefined;
410
+ baseColumn: never;
411
+ identity: undefined;
412
+ generated: undefined;
413
+ }, {}, {}>;
414
+ minuteResetAt: import("drizzle-orm/pg-core").PgColumn<{
415
+ name: "minute_reset_at";
416
+ tableName: "api_key_rate_limits";
417
+ dataType: "number";
418
+ columnType: "PgBigInt53";
419
+ data: number;
420
+ driverParam: string | number;
421
+ notNull: true;
422
+ hasDefault: false;
423
+ isPrimaryKey: false;
424
+ isAutoincrement: false;
425
+ hasRuntimeDefault: false;
426
+ enumValues: undefined;
427
+ baseColumn: never;
428
+ identity: undefined;
429
+ generated: undefined;
430
+ }, {}, {}>;
431
+ hourCount: import("drizzle-orm/pg-core").PgColumn<{
432
+ name: "hour_count";
433
+ tableName: "api_key_rate_limits";
434
+ dataType: "number";
435
+ columnType: "PgInteger";
436
+ data: number;
437
+ driverParam: string | number;
438
+ notNull: true;
439
+ hasDefault: true;
440
+ isPrimaryKey: false;
441
+ isAutoincrement: false;
442
+ hasRuntimeDefault: false;
443
+ enumValues: undefined;
444
+ baseColumn: never;
445
+ identity: undefined;
446
+ generated: undefined;
447
+ }, {}, {}>;
448
+ hourResetAt: import("drizzle-orm/pg-core").PgColumn<{
449
+ name: "hour_reset_at";
450
+ tableName: "api_key_rate_limits";
451
+ dataType: "number";
452
+ columnType: "PgBigInt53";
453
+ data: number;
454
+ driverParam: string | number;
455
+ notNull: true;
456
+ hasDefault: false;
457
+ isPrimaryKey: false;
458
+ isAutoincrement: false;
459
+ hasRuntimeDefault: false;
460
+ enumValues: undefined;
461
+ baseColumn: never;
462
+ identity: undefined;
463
+ generated: undefined;
464
+ }, {}, {}>;
465
+ expiresAt: import("drizzle-orm/pg-core").PgColumn<{
466
+ name: "expires_at";
467
+ tableName: "api_key_rate_limits";
468
+ dataType: "date";
469
+ columnType: "PgTimestamp";
470
+ data: Date;
471
+ driverParam: string;
472
+ notNull: true;
473
+ hasDefault: false;
474
+ isPrimaryKey: false;
475
+ isAutoincrement: false;
476
+ hasRuntimeDefault: false;
477
+ enumValues: undefined;
478
+ baseColumn: never;
479
+ identity: undefined;
480
+ generated: undefined;
481
+ }, {}, {}>;
482
+ updatedAt: import("drizzle-orm/pg-core").PgColumn<{
483
+ name: "updated_at";
484
+ tableName: "api_key_rate_limits";
485
+ dataType: "date";
486
+ columnType: "PgTimestamp";
487
+ data: Date;
488
+ driverParam: string;
489
+ notNull: true;
490
+ hasDefault: true;
491
+ isPrimaryKey: false;
492
+ isAutoincrement: false;
493
+ hasRuntimeDefault: false;
494
+ enumValues: undefined;
495
+ baseColumn: never;
496
+ identity: undefined;
497
+ generated: undefined;
498
+ }, {}, {}>;
499
+ };
500
+ dialect: "pg";
501
+ }>;
502
+ export type ApiKeyRecord = typeof apiKeys.$inferSelect;
503
+ export type NewApiKeyRecord = typeof apiKeys.$inferInsert;
504
+ export type ApiKeyRateLimitRecord = typeof apiKeyRateLimits.$inferSelect;
505
+ export type NewApiKeyRateLimitRecord = typeof apiKeyRateLimits.$inferInsert;
506
+ //# sourceMappingURL=api-keys.d.ts.map
package/dist/db/api-keys.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../src/db/api-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAmBH;;GAEG;AACH,eAAO,MAAM,gBAAgB,wEAA6D,CAAC;AAM3F;;GAEG;AACH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkDnB,CAAC;AAMF;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkC5B,CAAC;AAMF,MAAM,MAAM,YAAY,GAAG,OAAO,OAAO,CAAC,YAAY,CAAC;AACvD,MAAM,MAAM,eAAe,GAAG,OAAO,OAAO,CAAC,YAAY,CAAC;AAC1D,MAAM,MAAM,qBAAqB,GAAG,OAAO,gBAAgB,CAAC,YAAY,CAAC;AACzE,MAAM,MAAM,wBAAwB,GAAG,OAAO,gBAAgB,CAAC,YAAY,CAAC"}
package/dist/db/api-keys.js ADDED
@@ -0,0 +1,101 @@
1
+ "use strict";
2
+ /**
3
+ * API Keys Schema
4
+ *
5
+ * Database schema for API key storage using Drizzle ORM.
6
+ * Includes tables for API keys and rate limit state tracking.
7
+ *
8
+ * @packageDocumentation
9
+ */
10
+ Object.defineProperty(exports, "__esModule", { value: true });
11
+ exports.apiKeyRateLimits = exports.apiKeys = exports.apiKeyStatusEnum = void 0;
12
+ const pg_core_1 = require("drizzle-orm/pg-core");
13
+ // =============================================================================
14
+ // ENUMS
15
+ // =============================================================================
16
+ /**
17
+ * API key status enum
18
+ */
19
+ exports.apiKeyStatusEnum = (0, pg_core_1.pgEnum)('api_key_status', ['active', 'revoked', 'expired']);
20
+ // =============================================================================
21
+ // API KEYS TABLE
22
+ // =============================================================================
23
+ /**
24
+ * API keys table - stores API key records with all metadata
25
+ */
26
+ exports.apiKeys = (0, pg_core_1.pgTable)('api_keys', {
27
+ // Primary key
28
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
29
+ // Key identification
30
+ name: (0, pg_core_1.text)('name').notNull(),
31
+ prefix: (0, pg_core_1.text)('prefix').notNull().unique(), // First 8 chars for lookup
32
+ hashedKey: (0, pg_core_1.text)('hashed_key').notNull(), // SHA-256 hash for validation
33
+ // Ownership
34
+ tenantId: (0, pg_core_1.text)('tenant_id').notNull(),
35
+ createdBy: (0, pg_core_1.text)('created_by').notNull(),
36
+ // Permissions
37
+ scopes: (0, pg_core_1.jsonb)('scopes').$type().notNull().default([]),
38
+ // Rate limiting configuration
39
+ rateLimitRequestsPerMinute: (0, pg_core_1.integer)('rate_limit_requests_per_minute').notNull().default(60),
40
+ rateLimitRequestsPerHour: (0, pg_core_1.integer)('rate_limit_requests_per_hour').notNull().default(1000),
41
+ rateLimitBurstLimit: (0, pg_core_1.integer)('rate_limit_burst_limit').notNull().default(10),
42
+ // Status
43
+ status: (0, exports.apiKeyStatusEnum)('status').notNull().default('active'),
44
+ // Timestamps
45
+ expiresAt: (0, pg_core_1.timestamp)('expires_at', { withTimezone: true }),
46
+ createdAt: (0, pg_core_1.timestamp)('created_at', { withTimezone: true }).notNull().defaultNow(),
47
+ lastUsedAt: (0, pg_core_1.timestamp)('last_used_at', { withTimezone: true }),
48
+ // Additional configuration
49
+ description: (0, pg_core_1.text)('description'),
50
+ allowedIps: (0, pg_core_1.jsonb)('allowed_ips').$type(),
51
+ metadata: (0, pg_core_1.jsonb)('metadata').$type().default({}),
52
+ }, (table) => ({
53
+ // Index by prefix for fast lookup during validation
54
+ prefixIdx: (0, pg_core_1.index)('api_keys_prefix_idx').on(table.prefix),
55
+ // Index by tenant for listing keys
56
+ tenantIdIdx: (0, pg_core_1.index)('api_keys_tenant_id_idx').on(table.tenantId),
57
+ // Composite index for listing with status filter
58
+ tenantStatusIdx: (0, pg_core_1.index)('api_keys_tenant_status_idx').on(table.tenantId, table.status),
59
+ // Index by creator for filtering
60
+ createdByIdx: (0, pg_core_1.index)('api_keys_created_by_idx').on(table.createdBy),
61
+ // Index for expiration checks
62
+ expiresAtIdx: (0, pg_core_1.index)('api_keys_expires_at_idx').on(table.expiresAt),
63
+ // Index for status-based queries
64
+ statusIdx: (0, pg_core_1.index)('api_keys_status_idx').on(table.status),
65
+ }));
66
+ // =============================================================================
67
+ // RATE LIMIT STATE TABLE
68
+ // =============================================================================
69
+ /**
70
+ * Rate limit state table - tracks rate limiting state per API key
71
+ *
72
+ * Note: This is designed for database persistence when Redis is unavailable.
73
+ * For high-performance rate limiting, Redis should be preferred.
74
+ * This table includes TTL-based cleanup support.
75
+ */
76
+ exports.apiKeyRateLimits = (0, pg_core_1.pgTable)('api_key_rate_limits', {
77
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
78
+ // Key reference
79
+ keyId: (0, pg_core_1.uuid)('key_id')
80
+ .notNull()
81
+ .references(() => exports.apiKeys.id, { onDelete: 'cascade' }),
82
+ // Second window (burst limiting)
83
+ secondCount: (0, pg_core_1.integer)('second_count').notNull().default(0),
84
+ secondResetAt: (0, pg_core_1.bigint)('second_reset_at', { mode: 'number' }).notNull(),
85
+ // Minute window
86
+ minuteCount: (0, pg_core_1.integer)('minute_count').notNull().default(0),
87
+ minuteResetAt: (0, pg_core_1.bigint)('minute_reset_at', { mode: 'number' }).notNull(),
88
+ // Hour window
89
+ hourCount: (0, pg_core_1.integer)('hour_count').notNull().default(0),
90
+ hourResetAt: (0, pg_core_1.bigint)('hour_reset_at', { mode: 'number' }).notNull(),
91
+ // TTL for cleanup - records older than this can be purged
92
+ expiresAt: (0, pg_core_1.timestamp)('expires_at', { withTimezone: true }).notNull(),
93
+ // Last update timestamp
94
+ updatedAt: (0, pg_core_1.timestamp)('updated_at', { withTimezone: true }).notNull().defaultNow(),
95
+ }, (table) => ({
96
+ // Unique constraint on keyId - one rate limit record per key
97
+ keyIdUniqueIdx: (0, pg_core_1.uniqueIndex)('api_key_rate_limits_key_id_unique_idx').on(table.keyId),
98
+ // Index for TTL-based cleanup
99
+ expiresAtIdx: (0, pg_core_1.index)('api_key_rate_limits_expires_at_idx').on(table.expiresAt),
100
+ }));
101
+ //# sourceMappingURL=api-keys.js.map
package/dist/db/api-keys.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/db/api-keys.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,iDAW6B;AAE7B,gFAAgF;AAChF,QAAQ;AACR,gFAAgF;AAEhF;;GAEG;AACU,QAAA,gBAAgB,GAAG,IAAA,gBAAM,EAAC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE3F,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;GAEG;AACU,QAAA,OAAO,GAAG,IAAA,iBAAO,EAC5B,UAAU,EACV;IACE,cAAc;IACd,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,qBAAqB;IACrB,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAC5B,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,2BAA2B;IACtE,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC,OAAO,EAAE,EAAE,8BAA8B;IAEvE,YAAY;IACZ,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IACrC,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC,OAAO,EAAE;IAEvC,cAAc;IACd,MAAM,EAAE,IAAA,eAAK,EAAC,QAAQ,CAAC,CAAC,KAAK,EAAY,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAE/D,8BAA8B;IAC9B,0BAA0B,EAAE,IAAA,iBAAO,EAAC,gCAAgC,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3F,wBAAwB,EAAE,IAAA,iBAAO,EAAC,8BAA8B,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACzF,mBAAmB,EAAE,IAAA,iBAAO,EAAC,wBAAwB,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAE5E,SAAS;IACT,MAAM,EAAE,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;IAE9D,aAAa;IACb,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC1D,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;IACjF,UAAU,EAAE,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAE7D,2BAA2B;IAC3B,WAAW,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;IAChC,UAAU,EAAE,IAAA,eAAK,EAAC,aAAa,CAAC,CAAC,KAAK,EAAY;IAClD,QAAQ,EAAE,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,KAAK,EAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;CACzE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,oDAAoD;IACpD,SAAS,EAAE,IAAA,eAAK,EAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IACxD,mCAAmC;IACnC,WAAW,EAAE,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAC/D,iDAAiD;IACjD,eAAe,EAAE,IAAA,eAAK,EAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;IACrF,iCAAiC;IACjC,YAAY,EAAE,IAAA,eAAK,EAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAClE,8BAA8B;IAC9B,YAAY,EAAE,IAAA,eAAK,EAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAClE,iCAAiC;IACjC,SAAS,EAAE,IAAA,eAAK,EAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;CACzD,CAAC,CACH,CAAC;AAEF,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;;;;;GAMG;AACU,QAAA,gBAAgB,GAAG,IAAA,iBAAO,EACrC,qBAAqB,EACrB;IACE,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,gBAAgB;IAChB,KAAK,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC;SAClB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,eAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAExD,iCAAiC;IACjC,WAAW,EAAE,IAAA,iBAAO,EAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,aAAa,EAAE,IAAA,gBAAM,EAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IAEtE,gBAAgB;IAChB,WAAW,EAAE,IAAA,iBAAO,EAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,aAAa,EAAE,IAAA,gBAAM,EAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IAEtE,cAAc;IACd,SAAS,EAAE,IAAA,iBAAO,EAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,WAAW,EAAE,IAAA,gBAAM,EAAC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IAElE,0DAA0D;IAC1D,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAEpE,wBAAwB;IACxB,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;CAClF,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,6DAA6D;IAC7D,cAAc,EAAE,IAAA,qBAAW,EAAC,uCAAuC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;IACpF,8BAA8B;IAC9B,YAAY,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;CAC9E,CAAC,CACH,CAAC"}