@vorionsys/contracts 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/CHANGELOG.md +44 -0
  2. package/LICENSE +190 -0
  3. package/README.md +373 -84
  4. package/dist/aci/index.d.ts +3 -69
  5. package/dist/aci/index.d.ts.map +1 -1
  6. package/dist/aci/index.js +17 -372
  7. package/dist/aci/index.js.map +1 -1
  8. package/dist/canonical/agent.d.ts +1 -1
  9. package/dist/canonical/agent.d.ts.map +1 -1
  10. package/dist/car/car-string.d.ts +6 -6
  11. package/dist/car/effective-permission.d.ts +2 -2
  12. package/dist/car/identity.d.ts +34 -34
  13. package/dist/car/jwt-claims.d.ts +126 -126
  14. package/dist/car/tiers.js +6 -6
  15. package/dist/db/agents.d.ts +545 -5
  16. package/dist/db/agents.d.ts.map +1 -1
  17. package/dist/db/api-keys.d.ts +144 -3
  18. package/dist/db/api-keys.d.ts.map +1 -1
  19. package/dist/db/escalations.d.ts +156 -2
  20. package/dist/db/escalations.d.ts.map +1 -1
  21. package/dist/db/intents.d.ts +154 -3
  22. package/dist/db/intents.d.ts.map +1 -1
  23. package/dist/db/merkle.d.ts +134 -3
  24. package/dist/db/merkle.d.ts.map +1 -1
  25. package/dist/db/operations.d.ts +71 -2
  26. package/dist/db/operations.d.ts.map +1 -1
  27. package/dist/db/policy-versions.d.ts +38 -1
  28. package/dist/db/policy-versions.d.ts.map +1 -1
  29. package/dist/db/proofs.d.ts +119 -3
  30. package/dist/db/proofs.d.ts.map +1 -1
  31. package/dist/db/rbac.d.ts +233 -6
  32. package/dist/db/rbac.d.ts.map +1 -1
  33. package/dist/db/service-accounts.d.ts +218 -6
  34. package/dist/db/service-accounts.d.ts.map +1 -1
  35. package/dist/db/trust.d.ts +168 -2
  36. package/dist/db/trust.d.ts.map +1 -1
  37. package/dist/db/webhooks.d.ts +103 -1
  38. package/dist/db/webhooks.d.ts.map +1 -1
  39. package/dist/v2/proof-event.d.ts +3 -1
  40. package/dist/v2/proof-event.d.ts.map +1 -1
  41. package/dist/validators/proof-event.d.ts +3 -0
  42. package/dist/validators/proof-event.d.ts.map +1 -1
  43. package/dist/validators/proof-event.js +2 -1
  44. package/dist/validators/proof-event.js.map +1 -1
  45. package/package.json +24 -10
  46. package/dist/aci/aci-string.d.ts +0 -539
  47. package/dist/aci/aci-string.d.ts.map +0 -1
  48. package/dist/aci/aci-string.js +0 -581
  49. package/dist/aci/aci-string.js.map +0 -1
  50. package/dist/aci/attestation.d.ts +0 -648
  51. package/dist/aci/attestation.d.ts.map +0 -1
  52. package/dist/aci/attestation.js +0 -299
  53. package/dist/aci/attestation.js.map +0 -1
  54. package/dist/aci/domains.d.ts +0 -260
  55. package/dist/aci/domains.d.ts.map +0 -1
  56. package/dist/aci/domains.js +0 -340
  57. package/dist/aci/domains.js.map +0 -1
  58. package/dist/aci/effective-permission.d.ts +0 -371
  59. package/dist/aci/effective-permission.d.ts.map +0 -1
  60. package/dist/aci/effective-permission.js +0 -364
  61. package/dist/aci/effective-permission.js.map +0 -1
  62. package/dist/aci/identity.d.ts +0 -1100
  63. package/dist/aci/identity.d.ts.map +0 -1
  64. package/dist/aci/identity.js +0 -338
  65. package/dist/aci/identity.js.map +0 -1
  66. package/dist/aci/jwt-claims.d.ts +0 -756
  67. package/dist/aci/jwt-claims.d.ts.map +0 -1
  68. package/dist/aci/jwt-claims.js +0 -345
  69. package/dist/aci/jwt-claims.js.map +0 -1
  70. package/dist/aci/levels.d.ts +0 -279
  71. package/dist/aci/levels.d.ts.map +0 -1
  72. package/dist/aci/levels.js +0 -486
  73. package/dist/aci/levels.js.map +0 -1
  74. package/dist/aci/mapping.d.ts +0 -291
  75. package/dist/aci/mapping.d.ts.map +0 -1
  76. package/dist/aci/mapping.js +0 -447
  77. package/dist/aci/mapping.js.map +0 -1
  78. package/dist/aci/skills.d.ts +0 -314
  79. package/dist/aci/skills.d.ts.map +0 -1
  80. package/dist/aci/skills.js +0 -426
  81. package/dist/aci/skills.js.map +0 -1
  82. package/dist/aci/tiers.d.ts +0 -403
  83. package/dist/aci/tiers.d.ts.map +0 -1
  84. package/dist/aci/tiers.js +0 -686
  85. package/dist/aci/tiers.js.map +0 -1
package/dist/car/jwt-claims.d.ts CHANGED
@@ -401,8 +401,8 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
401
401
  car_org: string;
402
402
  car_class: string;
403
403
  car_version: string;
404
- aci?: string | undefined;
405
404
  sub?: string | undefined;
405
+ aci?: string | undefined;
406
406
  jti?: string | undefined;
407
407
  iss?: string | undefined;
408
408
  aud?: string | string[] | undefined;
@@ -412,14 +412,17 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
412
412
  aci_domains?: number | undefined;
413
413
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
414
414
  aci_level?: CapabilityLevel | undefined;
415
+ car_trust?: CertificationTier | undefined;
415
416
  aci_trust?: CertificationTier | undefined;
416
417
  aci_registry?: string | undefined;
417
418
  aci_org?: string | undefined;
418
419
  aci_class?: string | undefined;
419
420
  aci_version?: string | undefined;
421
+ car_did?: string | undefined;
420
422
  aci_did?: string | undefined;
423
+ car_runtime_tier?: RuntimeTier | undefined;
421
424
  aci_runtime_tier?: RuntimeTier | undefined;
422
- aci_attestations?: {
425
+ car_attestations?: {
423
426
  scope: string;
424
427
  tier: CertificationTier;
425
428
  iss: string;
@@ -427,19 +430,7 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
427
430
  iat: number;
428
431
  evidence?: string | undefined;
429
432
  }[] | undefined;
430
- aci_permission_ceiling?: number | undefined;
431
- aci_constraints?: {
432
- custom?: Record<string, unknown> | undefined;
433
- requires_approval?: boolean | undefined;
434
- max_operations?: number | undefined;
435
- allowed_resources?: string[] | undefined;
436
- blocked_resources?: string[] | undefined;
437
- valid_until?: number | undefined;
438
- } | undefined;
439
- car_trust?: CertificationTier | undefined;
440
- car_did?: string | undefined;
441
- car_runtime_tier?: RuntimeTier | undefined;
442
- car_attestations?: {
433
+ aci_attestations?: {
443
434
  scope: string;
444
435
  tier: CertificationTier;
445
436
  iss: string;
@@ -448,6 +439,7 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
448
439
  evidence?: string | undefined;
449
440
  }[] | undefined;
450
441
  car_permission_ceiling?: number | undefined;
442
+ aci_permission_ceiling?: number | undefined;
451
443
  car_constraints?: {
452
444
  custom?: Record<string, unknown> | undefined;
453
445
  requires_approval?: boolean | undefined;
@@ -456,6 +448,14 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
456
448
  blocked_resources?: string[] | undefined;
457
449
  valid_until?: number | undefined;
458
450
  } | undefined;
451
+ aci_constraints?: {
452
+ custom?: Record<string, unknown> | undefined;
453
+ requires_approval?: boolean | undefined;
454
+ max_operations?: number | undefined;
455
+ allowed_resources?: string[] | undefined;
456
+ blocked_resources?: string[] | undefined;
457
+ valid_until?: number | undefined;
458
+ } | undefined;
459
459
  }, {
460
460
  car: string;
461
461
  car_domains: number;
@@ -465,8 +465,8 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
465
465
  car_org: string;
466
466
  car_class: string;
467
467
  car_version: string;
468
- aci?: string | undefined;
469
468
  sub?: string | undefined;
469
+ aci?: string | undefined;
470
470
  jti?: string | undefined;
471
471
  iss?: string | undefined;
472
472
  aud?: string | string[] | undefined;
@@ -476,14 +476,17 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
476
476
  aci_domains?: number | undefined;
477
477
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
478
478
  aci_level?: CapabilityLevel | undefined;
479
+ car_trust?: CertificationTier | undefined;
479
480
  aci_trust?: CertificationTier | undefined;
480
481
  aci_registry?: string | undefined;
481
482
  aci_org?: string | undefined;
482
483
  aci_class?: string | undefined;
483
484
  aci_version?: string | undefined;
485
+ car_did?: string | undefined;
484
486
  aci_did?: string | undefined;
487
+ car_runtime_tier?: RuntimeTier | undefined;
485
488
  aci_runtime_tier?: RuntimeTier | undefined;
486
- aci_attestations?: {
489
+ car_attestations?: {
487
490
  scope: string;
488
491
  tier: CertificationTier;
489
492
  iss: string;
@@ -491,19 +494,7 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
491
494
  iat: number;
492
495
  evidence?: string | undefined;
493
496
  }[] | undefined;
494
- aci_permission_ceiling?: number | undefined;
495
- aci_constraints?: {
496
- custom?: Record<string, unknown> | undefined;
497
- requires_approval?: boolean | undefined;
498
- max_operations?: number | undefined;
499
- allowed_resources?: string[] | undefined;
500
- blocked_resources?: string[] | undefined;
501
- valid_until?: number | undefined;
502
- } | undefined;
503
- car_trust?: CertificationTier | undefined;
504
- car_did?: string | undefined;
505
- car_runtime_tier?: RuntimeTier | undefined;
506
- car_attestations?: {
497
+ aci_attestations?: {
507
498
  scope: string;
508
499
  tier: CertificationTier;
509
500
  iss: string;
@@ -512,6 +503,7 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
512
503
  evidence?: string | undefined;
513
504
  }[] | undefined;
514
505
  car_permission_ceiling?: number | undefined;
506
+ aci_permission_ceiling?: number | undefined;
515
507
  car_constraints?: {
516
508
  custom?: Record<string, unknown> | undefined;
517
509
  requires_approval?: boolean | undefined;
@@ -520,6 +512,14 @@ export declare const carJWTClaimsSchema: z.ZodObject<{
520
512
  blocked_resources?: string[] | undefined;
521
513
  valid_until?: number | undefined;
522
514
  } | undefined;
515
+ aci_constraints?: {
516
+ custom?: Record<string, unknown> | undefined;
517
+ requires_approval?: boolean | undefined;
518
+ max_operations?: number | undefined;
519
+ allowed_resources?: string[] | undefined;
520
+ blocked_resources?: string[] | undefined;
521
+ valid_until?: number | undefined;
522
+ } | undefined;
523
523
  }>;
524
524
  /** @deprecated Use carJWTClaimsSchema instead */
525
525
  export declare const aciJWTClaimsSchema: z.ZodObject<{
@@ -652,8 +652,8 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
652
652
  car_org: string;
653
653
  car_class: string;
654
654
  car_version: string;
655
- aci?: string | undefined;
656
655
  sub?: string | undefined;
656
+ aci?: string | undefined;
657
657
  jti?: string | undefined;
658
658
  iss?: string | undefined;
659
659
  aud?: string | string[] | undefined;
@@ -663,14 +663,17 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
663
663
  aci_domains?: number | undefined;
664
664
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
665
665
  aci_level?: CapabilityLevel | undefined;
666
+ car_trust?: CertificationTier | undefined;
666
667
  aci_trust?: CertificationTier | undefined;
667
668
  aci_registry?: string | undefined;
668
669
  aci_org?: string | undefined;
669
670
  aci_class?: string | undefined;
670
671
  aci_version?: string | undefined;
672
+ car_did?: string | undefined;
671
673
  aci_did?: string | undefined;
674
+ car_runtime_tier?: RuntimeTier | undefined;
672
675
  aci_runtime_tier?: RuntimeTier | undefined;
673
- aci_attestations?: {
676
+ car_attestations?: {
674
677
  scope: string;
675
678
  tier: CertificationTier;
676
679
  iss: string;
@@ -678,19 +681,7 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
678
681
  iat: number;
679
682
  evidence?: string | undefined;
680
683
  }[] | undefined;
681
- aci_permission_ceiling?: number | undefined;
682
- aci_constraints?: {
683
- custom?: Record<string, unknown> | undefined;
684
- requires_approval?: boolean | undefined;
685
- max_operations?: number | undefined;
686
- allowed_resources?: string[] | undefined;
687
- blocked_resources?: string[] | undefined;
688
- valid_until?: number | undefined;
689
- } | undefined;
690
- car_trust?: CertificationTier | undefined;
691
- car_did?: string | undefined;
692
- car_runtime_tier?: RuntimeTier | undefined;
693
- car_attestations?: {
684
+ aci_attestations?: {
694
685
  scope: string;
695
686
  tier: CertificationTier;
696
687
  iss: string;
@@ -699,6 +690,7 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
699
690
  evidence?: string | undefined;
700
691
  }[] | undefined;
701
692
  car_permission_ceiling?: number | undefined;
693
+ aci_permission_ceiling?: number | undefined;
702
694
  car_constraints?: {
703
695
  custom?: Record<string, unknown> | undefined;
704
696
  requires_approval?: boolean | undefined;
@@ -707,6 +699,14 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
707
699
  blocked_resources?: string[] | undefined;
708
700
  valid_until?: number | undefined;
709
701
  } | undefined;
702
+ aci_constraints?: {
703
+ custom?: Record<string, unknown> | undefined;
704
+ requires_approval?: boolean | undefined;
705
+ max_operations?: number | undefined;
706
+ allowed_resources?: string[] | undefined;
707
+ blocked_resources?: string[] | undefined;
708
+ valid_until?: number | undefined;
709
+ } | undefined;
710
710
  }, {
711
711
  car: string;
712
712
  car_domains: number;
@@ -716,8 +716,8 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
716
716
  car_org: string;
717
717
  car_class: string;
718
718
  car_version: string;
719
- aci?: string | undefined;
720
719
  sub?: string | undefined;
720
+ aci?: string | undefined;
721
721
  jti?: string | undefined;
722
722
  iss?: string | undefined;
723
723
  aud?: string | string[] | undefined;
@@ -727,14 +727,17 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
727
727
  aci_domains?: number | undefined;
728
728
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
729
729
  aci_level?: CapabilityLevel | undefined;
730
+ car_trust?: CertificationTier | undefined;
730
731
  aci_trust?: CertificationTier | undefined;
731
732
  aci_registry?: string | undefined;
732
733
  aci_org?: string | undefined;
733
734
  aci_class?: string | undefined;
734
735
  aci_version?: string | undefined;
736
+ car_did?: string | undefined;
735
737
  aci_did?: string | undefined;
738
+ car_runtime_tier?: RuntimeTier | undefined;
736
739
  aci_runtime_tier?: RuntimeTier | undefined;
737
- aci_attestations?: {
740
+ car_attestations?: {
738
741
  scope: string;
739
742
  tier: CertificationTier;
740
743
  iss: string;
@@ -742,19 +745,7 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
742
745
  iat: number;
743
746
  evidence?: string | undefined;
744
747
  }[] | undefined;
745
- aci_permission_ceiling?: number | undefined;
746
- aci_constraints?: {
747
- custom?: Record<string, unknown> | undefined;
748
- requires_approval?: boolean | undefined;
749
- max_operations?: number | undefined;
750
- allowed_resources?: string[] | undefined;
751
- blocked_resources?: string[] | undefined;
752
- valid_until?: number | undefined;
753
- } | undefined;
754
- car_trust?: CertificationTier | undefined;
755
- car_did?: string | undefined;
756
- car_runtime_tier?: RuntimeTier | undefined;
757
- car_attestations?: {
748
+ aci_attestations?: {
758
749
  scope: string;
759
750
  tier: CertificationTier;
760
751
  iss: string;
@@ -763,6 +754,7 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
763
754
  evidence?: string | undefined;
764
755
  }[] | undefined;
765
756
  car_permission_ceiling?: number | undefined;
757
+ aci_permission_ceiling?: number | undefined;
766
758
  car_constraints?: {
767
759
  custom?: Record<string, unknown> | undefined;
768
760
  requires_approval?: boolean | undefined;
@@ -771,6 +763,14 @@ export declare const aciJWTClaimsSchema: z.ZodObject<{
771
763
  blocked_resources?: string[] | undefined;
772
764
  valid_until?: number | undefined;
773
765
  } | undefined;
766
+ aci_constraints?: {
767
+ custom?: Record<string, unknown> | undefined;
768
+ requires_approval?: boolean | undefined;
769
+ max_operations?: number | undefined;
770
+ allowed_resources?: string[] | undefined;
771
+ blocked_resources?: string[] | undefined;
772
+ valid_until?: number | undefined;
773
+ } | undefined;
774
774
  }>;
775
775
  /**
776
776
  * Options for generating JWT claims.
@@ -940,11 +940,11 @@ export declare const jwtClaimsValidationErrorSchema: z.ZodObject<{
940
940
  message: z.ZodString;
941
941
  path: z.ZodOptional<z.ZodString>;
942
942
  }, "strip", z.ZodTypeAny, {
943
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
943
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
944
944
  message: string;
945
945
  path?: string | undefined;
946
946
  }, {
947
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
947
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
948
948
  message: string;
949
949
  path?: string | undefined;
950
950
  }>;
@@ -958,11 +958,11 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
958
958
  message: z.ZodString;
959
959
  path: z.ZodOptional<z.ZodString>;
960
960
  }, "strip", z.ZodTypeAny, {
961
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
961
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
962
962
  message: string;
963
963
  path?: string | undefined;
964
964
  }, {
965
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
965
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
966
966
  message: string;
967
967
  path?: string | undefined;
968
968
  }>, "many">;
@@ -1096,8 +1096,8 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1096
1096
  car_org: string;
1097
1097
  car_class: string;
1098
1098
  car_version: string;
1099
- aci?: string | undefined;
1100
1099
  sub?: string | undefined;
1100
+ aci?: string | undefined;
1101
1101
  jti?: string | undefined;
1102
1102
  iss?: string | undefined;
1103
1103
  aud?: string | string[] | undefined;
@@ -1107,14 +1107,17 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1107
1107
  aci_domains?: number | undefined;
1108
1108
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
1109
1109
  aci_level?: CapabilityLevel | undefined;
1110
+ car_trust?: CertificationTier | undefined;
1110
1111
  aci_trust?: CertificationTier | undefined;
1111
1112
  aci_registry?: string | undefined;
1112
1113
  aci_org?: string | undefined;
1113
1114
  aci_class?: string | undefined;
1114
1115
  aci_version?: string | undefined;
1116
+ car_did?: string | undefined;
1115
1117
  aci_did?: string | undefined;
1118
+ car_runtime_tier?: RuntimeTier | undefined;
1116
1119
  aci_runtime_tier?: RuntimeTier | undefined;
1117
- aci_attestations?: {
1120
+ car_attestations?: {
1118
1121
  scope: string;
1119
1122
  tier: CertificationTier;
1120
1123
  iss: string;
@@ -1122,19 +1125,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1122
1125
  iat: number;
1123
1126
  evidence?: string | undefined;
1124
1127
  }[] | undefined;
1125
- aci_permission_ceiling?: number | undefined;
1126
- aci_constraints?: {
1127
- custom?: Record<string, unknown> | undefined;
1128
- requires_approval?: boolean | undefined;
1129
- max_operations?: number | undefined;
1130
- allowed_resources?: string[] | undefined;
1131
- blocked_resources?: string[] | undefined;
1132
- valid_until?: number | undefined;
1133
- } | undefined;
1134
- car_trust?: CertificationTier | undefined;
1135
- car_did?: string | undefined;
1136
- car_runtime_tier?: RuntimeTier | undefined;
1137
- car_attestations?: {
1128
+ aci_attestations?: {
1138
1129
  scope: string;
1139
1130
  tier: CertificationTier;
1140
1131
  iss: string;
@@ -1143,6 +1134,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1143
1134
  evidence?: string | undefined;
1144
1135
  }[] | undefined;
1145
1136
  car_permission_ceiling?: number | undefined;
1137
+ aci_permission_ceiling?: number | undefined;
1146
1138
  car_constraints?: {
1147
1139
  custom?: Record<string, unknown> | undefined;
1148
1140
  requires_approval?: boolean | undefined;
@@ -1151,6 +1143,14 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1151
1143
  blocked_resources?: string[] | undefined;
1152
1144
  valid_until?: number | undefined;
1153
1145
  } | undefined;
1146
+ aci_constraints?: {
1147
+ custom?: Record<string, unknown> | undefined;
1148
+ requires_approval?: boolean | undefined;
1149
+ max_operations?: number | undefined;
1150
+ allowed_resources?: string[] | undefined;
1151
+ blocked_resources?: string[] | undefined;
1152
+ valid_until?: number | undefined;
1153
+ } | undefined;
1154
1154
  }, {
1155
1155
  car: string;
1156
1156
  car_domains: number;
@@ -1160,8 +1160,8 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1160
1160
  car_org: string;
1161
1161
  car_class: string;
1162
1162
  car_version: string;
1163
- aci?: string | undefined;
1164
1163
  sub?: string | undefined;
1164
+ aci?: string | undefined;
1165
1165
  jti?: string | undefined;
1166
1166
  iss?: string | undefined;
1167
1167
  aud?: string | string[] | undefined;
@@ -1171,14 +1171,17 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1171
1171
  aci_domains?: number | undefined;
1172
1172
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
1173
1173
  aci_level?: CapabilityLevel | undefined;
1174
+ car_trust?: CertificationTier | undefined;
1174
1175
  aci_trust?: CertificationTier | undefined;
1175
1176
  aci_registry?: string | undefined;
1176
1177
  aci_org?: string | undefined;
1177
1178
  aci_class?: string | undefined;
1178
1179
  aci_version?: string | undefined;
1180
+ car_did?: string | undefined;
1179
1181
  aci_did?: string | undefined;
1182
+ car_runtime_tier?: RuntimeTier | undefined;
1180
1183
  aci_runtime_tier?: RuntimeTier | undefined;
1181
- aci_attestations?: {
1184
+ car_attestations?: {
1182
1185
  scope: string;
1183
1186
  tier: CertificationTier;
1184
1187
  iss: string;
@@ -1186,19 +1189,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1186
1189
  iat: number;
1187
1190
  evidence?: string | undefined;
1188
1191
  }[] | undefined;
1189
- aci_permission_ceiling?: number | undefined;
1190
- aci_constraints?: {
1191
- custom?: Record<string, unknown> | undefined;
1192
- requires_approval?: boolean | undefined;
1193
- max_operations?: number | undefined;
1194
- allowed_resources?: string[] | undefined;
1195
- blocked_resources?: string[] | undefined;
1196
- valid_until?: number | undefined;
1197
- } | undefined;
1198
- car_trust?: CertificationTier | undefined;
1199
- car_did?: string | undefined;
1200
- car_runtime_tier?: RuntimeTier | undefined;
1201
- car_attestations?: {
1192
+ aci_attestations?: {
1202
1193
  scope: string;
1203
1194
  tier: CertificationTier;
1204
1195
  iss: string;
@@ -1207,6 +1198,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1207
1198
  evidence?: string | undefined;
1208
1199
  }[] | undefined;
1209
1200
  car_permission_ceiling?: number | undefined;
1201
+ aci_permission_ceiling?: number | undefined;
1210
1202
  car_constraints?: {
1211
1203
  custom?: Record<string, unknown> | undefined;
1212
1204
  requires_approval?: boolean | undefined;
@@ -1215,11 +1207,19 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1215
1207
  blocked_resources?: string[] | undefined;
1216
1208
  valid_until?: number | undefined;
1217
1209
  } | undefined;
1210
+ aci_constraints?: {
1211
+ custom?: Record<string, unknown> | undefined;
1212
+ requires_approval?: boolean | undefined;
1213
+ max_operations?: number | undefined;
1214
+ allowed_resources?: string[] | undefined;
1215
+ blocked_resources?: string[] | undefined;
1216
+ valid_until?: number | undefined;
1217
+ } | undefined;
1218
1218
  }>>;
1219
1219
  }, "strip", z.ZodTypeAny, {
1220
1220
  valid: boolean;
1221
1221
  errors: {
1222
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
1222
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
1223
1223
  message: string;
1224
1224
  path?: string | undefined;
1225
1225
  }[];
@@ -1232,8 +1232,8 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1232
1232
  car_org: string;
1233
1233
  car_class: string;
1234
1234
  car_version: string;
1235
- aci?: string | undefined;
1236
1235
  sub?: string | undefined;
1236
+ aci?: string | undefined;
1237
1237
  jti?: string | undefined;
1238
1238
  iss?: string | undefined;
1239
1239
  aud?: string | string[] | undefined;
@@ -1243,14 +1243,17 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1243
1243
  aci_domains?: number | undefined;
1244
1244
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
1245
1245
  aci_level?: CapabilityLevel | undefined;
1246
+ car_trust?: CertificationTier | undefined;
1246
1247
  aci_trust?: CertificationTier | undefined;
1247
1248
  aci_registry?: string | undefined;
1248
1249
  aci_org?: string | undefined;
1249
1250
  aci_class?: string | undefined;
1250
1251
  aci_version?: string | undefined;
1252
+ car_did?: string | undefined;
1251
1253
  aci_did?: string | undefined;
1254
+ car_runtime_tier?: RuntimeTier | undefined;
1252
1255
  aci_runtime_tier?: RuntimeTier | undefined;
1253
- aci_attestations?: {
1256
+ car_attestations?: {
1254
1257
  scope: string;
1255
1258
  tier: CertificationTier;
1256
1259
  iss: string;
@@ -1258,19 +1261,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1258
1261
  iat: number;
1259
1262
  evidence?: string | undefined;
1260
1263
  }[] | undefined;
1261
- aci_permission_ceiling?: number | undefined;
1262
- aci_constraints?: {
1263
- custom?: Record<string, unknown> | undefined;
1264
- requires_approval?: boolean | undefined;
1265
- max_operations?: number | undefined;
1266
- allowed_resources?: string[] | undefined;
1267
- blocked_resources?: string[] | undefined;
1268
- valid_until?: number | undefined;
1269
- } | undefined;
1270
- car_trust?: CertificationTier | undefined;
1271
- car_did?: string | undefined;
1272
- car_runtime_tier?: RuntimeTier | undefined;
1273
- car_attestations?: {
1264
+ aci_attestations?: {
1274
1265
  scope: string;
1275
1266
  tier: CertificationTier;
1276
1267
  iss: string;
@@ -1279,6 +1270,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1279
1270
  evidence?: string | undefined;
1280
1271
  }[] | undefined;
1281
1272
  car_permission_ceiling?: number | undefined;
1273
+ aci_permission_ceiling?: number | undefined;
1282
1274
  car_constraints?: {
1283
1275
  custom?: Record<string, unknown> | undefined;
1284
1276
  requires_approval?: boolean | undefined;
@@ -1287,11 +1279,19 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1287
1279
  blocked_resources?: string[] | undefined;
1288
1280
  valid_until?: number | undefined;
1289
1281
  } | undefined;
1282
+ aci_constraints?: {
1283
+ custom?: Record<string, unknown> | undefined;
1284
+ requires_approval?: boolean | undefined;
1285
+ max_operations?: number | undefined;
1286
+ allowed_resources?: string[] | undefined;
1287
+ blocked_resources?: string[] | undefined;
1288
+ valid_until?: number | undefined;
1289
+ } | undefined;
1290
1290
  } | undefined;
1291
1291
  }, {
1292
1292
  valid: boolean;
1293
1293
  errors: {
1294
- code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH" | "MISSING_CAR" | "INVALID_CAR";
1294
+ code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_DOMAINS" | "INVALID_LEVEL" | "MISSING_CAR" | "INVALID_CAR" | "NOT_YET_VALID" | "INVALID_TIER" | "DOMAINS_MISMATCH";
1295
1295
  message: string;
1296
1296
  path?: string | undefined;
1297
1297
  }[];
@@ -1304,8 +1304,8 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1304
1304
  car_org: string;
1305
1305
  car_class: string;
1306
1306
  car_version: string;
1307
- aci?: string | undefined;
1308
1307
  sub?: string | undefined;
1308
+ aci?: string | undefined;
1309
1309
  jti?: string | undefined;
1310
1310
  iss?: string | undefined;
1311
1311
  aud?: string | string[] | undefined;
@@ -1315,14 +1315,17 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1315
1315
  aci_domains?: number | undefined;
1316
1316
  aci_domains_list?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
1317
1317
  aci_level?: CapabilityLevel | undefined;
1318
+ car_trust?: CertificationTier | undefined;
1318
1319
  aci_trust?: CertificationTier | undefined;
1319
1320
  aci_registry?: string | undefined;
1320
1321
  aci_org?: string | undefined;
1321
1322
  aci_class?: string | undefined;
1322
1323
  aci_version?: string | undefined;
1324
+ car_did?: string | undefined;
1323
1325
  aci_did?: string | undefined;
1326
+ car_runtime_tier?: RuntimeTier | undefined;
1324
1327
  aci_runtime_tier?: RuntimeTier | undefined;
1325
- aci_attestations?: {
1328
+ car_attestations?: {
1326
1329
  scope: string;
1327
1330
  tier: CertificationTier;
1328
1331
  iss: string;
@@ -1330,19 +1333,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1330
1333
  iat: number;
1331
1334
  evidence?: string | undefined;
1332
1335
  }[] | undefined;
1333
- aci_permission_ceiling?: number | undefined;
1334
- aci_constraints?: {
1335
- custom?: Record<string, unknown> | undefined;
1336
- requires_approval?: boolean | undefined;
1337
- max_operations?: number | undefined;
1338
- allowed_resources?: string[] | undefined;
1339
- blocked_resources?: string[] | undefined;
1340
- valid_until?: number | undefined;
1341
- } | undefined;
1342
- car_trust?: CertificationTier | undefined;
1343
- car_did?: string | undefined;
1344
- car_runtime_tier?: RuntimeTier | undefined;
1345
- car_attestations?: {
1336
+ aci_attestations?: {
1346
1337
  scope: string;
1347
1338
  tier: CertificationTier;
1348
1339
  iss: string;
@@ -1351,6 +1342,7 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1351
1342
  evidence?: string | undefined;
1352
1343
  }[] | undefined;
1353
1344
  car_permission_ceiling?: number | undefined;
1345
+ aci_permission_ceiling?: number | undefined;
1354
1346
  car_constraints?: {
1355
1347
  custom?: Record<string, unknown> | undefined;
1356
1348
  requires_approval?: boolean | undefined;
@@ -1359,6 +1351,14 @@ export declare const jwtClaimsValidationResultSchema: z.ZodObject<{
1359
1351
  blocked_resources?: string[] | undefined;
1360
1352
  valid_until?: number | undefined;
1361
1353
  } | undefined;
1354
+ aci_constraints?: {
1355
+ custom?: Record<string, unknown> | undefined;
1356
+ requires_approval?: boolean | undefined;
1357
+ max_operations?: number | undefined;
1358
+ allowed_resources?: string[] | undefined;
1359
+ blocked_resources?: string[] | undefined;
1360
+ valid_until?: number | undefined;
1361
+ } | undefined;
1362
1362
  } | undefined;
1363
1363
  }>;
1364
1364
  //# sourceMappingURL=jwt-claims.d.ts.map
package/dist/car/tiers.js CHANGED
@@ -132,8 +132,8 @@ exports.CERTIFICATION_TIER_DESCRIPTIONS = {
132
132
  exports.CERTIFICATION_TIER_SCORES = {
133
133
  [CertificationTier.T0_SANDBOX]: { min: 0, max: 199 },
134
134
  [CertificationTier.T1_OBSERVED]: { min: 200, max: 349 },
135
- [CertificationTier.T2_PROVISIONAL]: { min: 350, max: 500 },
136
- [CertificationTier.T3_MONITORED]: { min: 501, max: 649 },
135
+ [CertificationTier.T2_PROVISIONAL]: { min: 350, max: 499 },
136
+ [CertificationTier.T3_MONITORED]: { min: 500, max: 649 },
137
137
  [CertificationTier.T4_STANDARD]: { min: 650, max: 799 },
138
138
  [CertificationTier.T5_TRUSTED]: { min: 800, max: 875 },
139
139
  [CertificationTier.T6_CERTIFIED]: { min: 876, max: 950 },
@@ -227,8 +227,8 @@ exports.RUNTIME_TIER_DESCRIPTIONS = {
227
227
  exports.RUNTIME_TIER_SCORES = {
228
228
  [RuntimeTier.T0_SANDBOX]: { min: 0, max: 199 },
229
229
  [RuntimeTier.T1_OBSERVED]: { min: 200, max: 349 },
230
- [RuntimeTier.T2_PROVISIONAL]: { min: 350, max: 500 },
231
- [RuntimeTier.T3_MONITORED]: { min: 501, max: 649 },
230
+ [RuntimeTier.T2_PROVISIONAL]: { min: 350, max: 499 },
231
+ [RuntimeTier.T3_MONITORED]: { min: 500, max: 649 },
232
232
  [RuntimeTier.T4_STANDARD]: { min: 650, max: 799 },
233
233
  [RuntimeTier.T5_TRUSTED]: { min: 800, max: 875 },
234
234
  [RuntimeTier.T6_CERTIFIED]: { min: 876, max: 950 },
@@ -460,7 +460,7 @@ function scoreToCertificationTier(score) {
460
460
  return CertificationTier.T0_SANDBOX;
461
461
  if (score < 350)
462
462
  return CertificationTier.T1_OBSERVED;
463
- if (score < 501)
463
+ if (score < 500)
464
464
  return CertificationTier.T2_PROVISIONAL;
465
465
  if (score < 650)
466
466
  return CertificationTier.T3_MONITORED;
@@ -486,7 +486,7 @@ function scoreToRuntimeTier(score) {
486
486
  return RuntimeTier.T0_SANDBOX;
487
487
  if (score < 350)
488
488
  return RuntimeTier.T1_OBSERVED;
489
- if (score < 501)
489
+ if (score < 500)
490
490
  return RuntimeTier.T2_PROVISIONAL;
491
491
  if (score < 650)
492
492
  return RuntimeTier.T3_MONITORED;