@zauso-ai/capstan-auth 1.0.0-beta.6 → 1.0.0-beta.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/execution.d.ts +10 -0
- package/dist/execution.d.ts.map +1 -0
- package/dist/execution.js +50 -0
- package/dist/execution.js.map +1 -0
- package/dist/harness-authorizer.d.ts +10 -0
- package/dist/harness-authorizer.d.ts.map +1 -0
- package/dist/harness-authorizer.js +90 -0
- package/dist/harness-authorizer.js.map +1 -0
- package/dist/index.d.ts +10 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +141 -6
- package/dist/middleware.js.map +1 -1
- package/dist/oauth.d.ts +47 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +199 -0
- package/dist/oauth.js.map +1 -0
- package/dist/permissions.d.ts +12 -22
- package/dist/permissions.d.ts.map +1 -1
- package/dist/permissions.js +91 -33
- package/dist/permissions.js.map +1 -1
- package/dist/runtime-authorizer.d.ts +28 -0
- package/dist/runtime-authorizer.d.ts.map +1 -0
- package/dist/runtime-authorizer.js +136 -0
- package/dist/runtime-authorizer.js.map +1 -0
- package/dist/runtime-grants.d.ts +31 -0
- package/dist/runtime-grants.d.ts.map +1 -0
- package/dist/runtime-grants.js +96 -0
- package/dist/runtime-grants.js.map +1 -0
- package/dist/session.d.ts +3 -3
- package/dist/session.d.ts.map +1 -1
- package/dist/session.js +21 -3
- package/dist/session.js.map +1 -1
- package/dist/store.d.ts +2 -0
- package/dist/store.d.ts.map +1 -1
- package/dist/store.js +13 -0
- package/dist/store.js.map +1 -1
- package/dist/types.d.ts +99 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
export function createGrant(resource, action, options) {
|
|
2
|
+
const grant = { resource, action };
|
|
3
|
+
if (options?.scope !== undefined)
|
|
4
|
+
grant.scope = options.scope;
|
|
5
|
+
if (options?.expiresAt !== undefined)
|
|
6
|
+
grant.expiresAt = options.expiresAt;
|
|
7
|
+
if (options?.constraints !== undefined)
|
|
8
|
+
grant.constraints = options.constraints;
|
|
9
|
+
if (options?.effect !== undefined)
|
|
10
|
+
grant.effect = options.effect;
|
|
11
|
+
return grant;
|
|
12
|
+
}
|
|
13
|
+
export function grantRunActions(runId, actions = ["read", "pause", "cancel", "resume"]) {
|
|
14
|
+
return actions.map((action) => createGrant("run", action, {
|
|
15
|
+
scope: { runId },
|
|
16
|
+
}));
|
|
17
|
+
}
|
|
18
|
+
export function grantApprovalActions(actions = ["read", "approve", "deny", "manage"], options) {
|
|
19
|
+
const scope = {};
|
|
20
|
+
if (options?.approvalId !== undefined)
|
|
21
|
+
scope.approvalId = options.approvalId;
|
|
22
|
+
if (options?.runId !== undefined)
|
|
23
|
+
scope.runId = options.runId;
|
|
24
|
+
if (options?.tool !== undefined)
|
|
25
|
+
scope.tool = options.tool;
|
|
26
|
+
return actions.map((action) => createGrant("approval", action, {
|
|
27
|
+
...(Object.keys(scope).length > 0 ? { scope } : {}),
|
|
28
|
+
}));
|
|
29
|
+
}
|
|
30
|
+
export function grantApprovalCollectionActions(actions = ["list"], options) {
|
|
31
|
+
return actions.map((action) => createGrant("approval", action, {
|
|
32
|
+
...(options?.runId ? { scope: { runId: options.runId } } : {}),
|
|
33
|
+
}));
|
|
34
|
+
}
|
|
35
|
+
export function grantArtifactActions(runId, actions = ["read"], artifactId) {
|
|
36
|
+
const scope = { runId };
|
|
37
|
+
if (artifactId !== undefined)
|
|
38
|
+
scope.artifactId = artifactId;
|
|
39
|
+
return actions.map((action) => createGrant("artifact", action, {
|
|
40
|
+
scope,
|
|
41
|
+
}));
|
|
42
|
+
}
|
|
43
|
+
export function grantCheckpointActions(runId, actions = ["read"]) {
|
|
44
|
+
return actions.map((action) => createGrant("checkpoint", action, {
|
|
45
|
+
scope: { runId },
|
|
46
|
+
}));
|
|
47
|
+
}
|
|
48
|
+
export function grantRunCollectionActions(actions = ["start", "list"]) {
|
|
49
|
+
return actions.map((action) => createGrant("run", action));
|
|
50
|
+
}
|
|
51
|
+
export function grantEventActions(runId, actions = ["read"]) {
|
|
52
|
+
return actions.map((action) => createGrant("event", action, {
|
|
53
|
+
scope: { runId },
|
|
54
|
+
}));
|
|
55
|
+
}
|
|
56
|
+
export function grantEventCollectionActions(actions = ["list"]) {
|
|
57
|
+
return actions.map((action) => createGrant("event", action));
|
|
58
|
+
}
|
|
59
|
+
export function grantTaskActions(runId, actions = ["read"], taskId) {
|
|
60
|
+
const scope = { runId };
|
|
61
|
+
if (taskId !== undefined)
|
|
62
|
+
scope.taskId = taskId;
|
|
63
|
+
return actions.map((action) => createGrant("task", action, {
|
|
64
|
+
scope,
|
|
65
|
+
}));
|
|
66
|
+
}
|
|
67
|
+
export function grantSummaryActions(runId, actions = ["read"], summaryId) {
|
|
68
|
+
const scope = { runId };
|
|
69
|
+
if (summaryId !== undefined)
|
|
70
|
+
scope.summaryId = summaryId;
|
|
71
|
+
return actions.map((action) => createGrant("summary", action, {
|
|
72
|
+
scope,
|
|
73
|
+
}));
|
|
74
|
+
}
|
|
75
|
+
export function grantSummaryCollectionActions(actions = ["list"]) {
|
|
76
|
+
return actions.map((action) => createGrant("summary", action));
|
|
77
|
+
}
|
|
78
|
+
export function grantMemoryActions(actions = ["read"], options) {
|
|
79
|
+
const scope = {};
|
|
80
|
+
if (options?.runId !== undefined)
|
|
81
|
+
scope.runId = options.runId;
|
|
82
|
+
if (options?.memoryId !== undefined)
|
|
83
|
+
scope.memoryId = options.memoryId;
|
|
84
|
+
return actions.map((action) => createGrant("memory", action, {
|
|
85
|
+
...(Object.keys(scope).length > 0 ? { scope } : {}),
|
|
86
|
+
}));
|
|
87
|
+
}
|
|
88
|
+
export function grantContextActions(runId, actions = ["read"]) {
|
|
89
|
+
return actions.map((action) => createGrant("context", action, {
|
|
90
|
+
scope: { runId },
|
|
91
|
+
}));
|
|
92
|
+
}
|
|
93
|
+
export function grantRuntimePathsActions(actions = ["read"]) {
|
|
94
|
+
return actions.map((action) => createGrant("runtime_paths", action));
|
|
95
|
+
}
|
|
96
|
+
//# sourceMappingURL=runtime-grants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime-grants.js","sourceRoot":"","sources":["../src/runtime-grants.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CACzB,QAAgB,EAChB,MAAc,EACd,OAKC;IAED,MAAM,KAAK,GAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC9C,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS;QAAE,KAAK,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC9D,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS;QAAE,KAAK,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAC1E,IAAI,OAAO,EAAE,WAAW,KAAK,SAAS;QAAE,KAAK,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAChF,IAAI,OAAO,EAAE,MAAM,KAAK,SAAS;QAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IACjE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,KAAa,EACb,UAA6B,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC;IAElE,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE;QACzB,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,UAA6B,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAClE,OAIC;IAED,MAAM,KAAK,GAA2B,EAAE,CAAC;IACzC,IAAI,OAAO,EAAE,UAAU,KAAK,SAAS;QAAE,KAAK,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAC7E,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS;QAAE,KAAK,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC9D,IAAI,OAAO,EAAE,IAAI,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3D,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE;QAC9B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpD,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,UAA6B,CAAC,MAAM,CAAC,EACrC,OAEC;IAED,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE;QAC9B,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC,EACrC,UAAmB;IAEnB,MAAM,KAAK,GAA2B,EAAE,KAAK,EAAE,CAAC;IAChD,IAAI,UAAU,KAAK,SAAS;QAAE,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;IAC5D,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE;QAC9B,KAAK;KACN,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,YAAY,EAAE,MAAM,EAAE;QAChC,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,UAA6B,CAAC,OAAO,EAAE,MAAM,CAAC;IAE9C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE;QAC3B,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC,EACrC,MAAe;IAEf,MAAM,KAAK,GAA2B,EAAE,KAAK,EAAE,CAAC;IAChD,IAAI,MAAM,KAAK,SAAS;QAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE;QAC1B,KAAK;KACN,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC,EACrC,SAAkB;IAElB,MAAM,KAAK,GAA2B,EAAE,KAAK,EAAE,CAAC;IAChD,IAAI,SAAS,KAAK,SAAS;QAAE,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;IACzD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE;QAC7B,KAAK;KACN,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,UAA6B,CAAC,MAAM,CAAC,EACrC,OAGC;IAED,MAAM,KAAK,GAA2B,EAAE,CAAC;IACzC,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS;QAAE,KAAK,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC9D,IAAI,OAAO,EAAE,QAAQ,KAAK,SAAS;QAAE,KAAK,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACvE,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE;QAC5B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpD,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAa,EACb,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC5B,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE;QAC7B,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,UAA6B,CAAC,MAAM,CAAC;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;AACvE,CAAC"}
|
package/dist/session.d.ts
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
import type { SessionPayload } from "./types.js";
|
|
1
|
+
import type { SessionPayload, SessionSigningOptions, SessionVerificationOptions } from "./types.js";
|
|
2
2
|
/**
|
|
3
3
|
* Create a signed JWT containing the given session data.
|
|
4
4
|
*
|
|
5
5
|
* `maxAge` defaults to `"7d"` (7 days) when omitted.
|
|
6
6
|
*/
|
|
7
|
-
export declare function signSession(payload: Omit<SessionPayload, "iat" | "exp">, secret: string,
|
|
7
|
+
export declare function signSession(payload: Omit<SessionPayload, "iat" | "exp">, secret: string, maxAgeOrOptions?: string | SessionSigningOptions): string;
|
|
8
8
|
/**
|
|
9
9
|
* Verify a JWT's HMAC-SHA256 signature and expiration.
|
|
10
10
|
*
|
|
11
11
|
* Returns the decoded payload on success, or `null` when the token is
|
|
12
12
|
* invalid, tampered with, or expired.
|
|
13
13
|
*/
|
|
14
|
-
export declare function verifySession(token: string, secret: string): SessionPayload | null;
|
|
14
|
+
export declare function verifySession(token: string, secret: string, options?: SessionVerificationOptions): SessionPayload | null;
|
|
15
15
|
//# sourceMappingURL=session.d.ts.map
|
package/dist/session.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,cAAc,EACd,qBAAqB,EACrB,0BAA0B,EAC3B,MAAM,YAAY,CAAC;AA+DpB;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,KAAK,GAAG,KAAK,CAAC,EAC5C,MAAM,EAAE,MAAM,EACd,eAAe,CAAC,EAAE,MAAM,GAAG,qBAAqB,GAC/C,MAAM,CAiBR;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,0BAA0B,GACnC,cAAc,GAAG,IAAI,CA0CvB"}
|
package/dist/session.js
CHANGED
|
@@ -48,11 +48,16 @@ function sign(payload, secret) {
|
|
|
48
48
|
*
|
|
49
49
|
* `maxAge` defaults to `"7d"` (7 days) when omitted.
|
|
50
50
|
*/
|
|
51
|
-
export function signSession(payload, secret,
|
|
51
|
+
export function signSession(payload, secret, maxAgeOrOptions) {
|
|
52
52
|
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
53
|
-
const
|
|
53
|
+
const options = typeof maxAgeOrOptions === "string"
|
|
54
|
+
? { maxAge: maxAgeOrOptions }
|
|
55
|
+
: (maxAgeOrOptions ?? {});
|
|
56
|
+
const ttl = parseDuration(options.maxAge ?? "7d");
|
|
54
57
|
const full = {
|
|
55
58
|
...payload,
|
|
59
|
+
...(options.issuer !== undefined ? { iss: options.issuer } : {}),
|
|
60
|
+
...(options.audience !== undefined ? { aud: options.audience } : {}),
|
|
56
61
|
iat: nowSeconds,
|
|
57
62
|
exp: nowSeconds + ttl,
|
|
58
63
|
};
|
|
@@ -64,7 +69,7 @@ export function signSession(payload, secret, maxAge) {
|
|
|
64
69
|
* Returns the decoded payload on success, or `null` when the token is
|
|
65
70
|
* invalid, tampered with, or expired.
|
|
66
71
|
*/
|
|
67
|
-
export function verifySession(token, secret) {
|
|
72
|
+
export function verifySession(token, secret, options) {
|
|
68
73
|
const parts = token.split(".");
|
|
69
74
|
if (parts.length !== 3)
|
|
70
75
|
return null;
|
|
@@ -86,6 +91,19 @@ export function verifySession(token, secret) {
|
|
|
86
91
|
const now = Math.floor(Date.now() / 1000);
|
|
87
92
|
if (typeof payload.exp !== "number" || payload.exp <= now)
|
|
88
93
|
return null;
|
|
94
|
+
if (options?.issuer !== undefined && payload.iss !== options.issuer) {
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
if (options?.audience !== undefined) {
|
|
98
|
+
const audiences = Array.isArray(payload.aud)
|
|
99
|
+
? payload.aud
|
|
100
|
+
: payload.aud !== undefined
|
|
101
|
+
? [payload.aud]
|
|
102
|
+
: [];
|
|
103
|
+
if (!audiences.includes(options.audience)) {
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
}
|
|
89
107
|
return payload;
|
|
90
108
|
}
|
|
91
109
|
catch {
|
package/dist/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAO1D,sEAAsE;AAEtE,SAAS,eAAe,CAAC,IAAqB;IAC5C,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzE,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACzD,CAAC;AAED,sEAAsE;AAEtE;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACtD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,6BAA6B,QAAQ,oDAAoD,CAC1F,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAgC,CAAC;IAErD,MAAM,WAAW,GAA2B;QAC1C,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,EAAE;QACL,CAAC,EAAE,IAAI;QACP,CAAC,EAAE,MAAM;QACT,CAAC,EAAE,OAAO;KACX,CAAC;IAEF,OAAO,KAAK,GAAG,WAAW,CAAC,IAAI,CAAE,CAAC;AACpC,CAAC;AAED,sEAAsE;AAEtE,SAAS,IAAI,CAAC,OAAe,EAAE,MAAc;IAC3C,MAAM,MAAM,GAAG,eAAe,CAC5B,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAC7C,CAAC;IACF,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;IAEzC,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC3C,MAAM,CAAC,YAAY,CAAC;SACpB,MAAM,EAAE,CAAC;IAEZ,OAAO,GAAG,YAAY,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,sEAAsE;AAEtE;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,OAA4C,EAC5C,MAAc,EACd,eAAgD;IAEhD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACjD,MAAM,OAAO,GACX,OAAO,eAAe,KAAK,QAAQ;QACjC,CAAC,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE;QAC7B,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;IAC9B,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;IAElD,MAAM,IAAI,GAAmB;QAC3B,GAAG,OAAO;QACV,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,UAAU,GAAG,GAAG;KACtB,CAAC;IAEF,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,KAAa,EACb,MAAc,EACd,OAAoC;IAEpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,KAAiC,CAAC;IAE9D,oCAAoC;IACpC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC7C,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;SAC3B,MAAM,EAAE,CAAC;IAEZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAEhD,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,kBAAkB;IAClB,IAAI,CAAC;QACH,MAAM,OAAO,GAAmB,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAElE,oBAAoB;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC;QACvE,IAAI,OAAO,EAAE,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,OAAO,EAAE,QAAQ,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC1C,CAAC,CAAC,OAAO,CAAC,GAAG;gBACb,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS;oBACzB,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;oBACf,CAAC,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/dist/store.d.ts
CHANGED
|
@@ -9,6 +9,7 @@ export interface KeyValueStore<T> {
|
|
|
9
9
|
set(key: string, value: T, ttlMs?: number): Promise<void>;
|
|
10
10
|
delete(key: string): Promise<boolean>;
|
|
11
11
|
has(key: string): Promise<boolean>;
|
|
12
|
+
keys(): Promise<string[]>;
|
|
12
13
|
clear(): Promise<void>;
|
|
13
14
|
}
|
|
14
15
|
/**
|
|
@@ -20,6 +21,7 @@ export declare class MemoryStore<T> implements KeyValueStore<T> {
|
|
|
20
21
|
set(key: string, value: T, ttlMs?: number): Promise<void>;
|
|
21
22
|
delete(key: string): Promise<boolean>;
|
|
22
23
|
has(key: string): Promise<boolean>;
|
|
24
|
+
keys(): Promise<string[]>;
|
|
23
25
|
clear(): Promise<void>;
|
|
24
26
|
}
|
|
25
27
|
//# sourceMappingURL=store.d.ts.map
|
package/dist/store.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,aAAa,CAAC,CAAC;IAC9B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,WAAW,CAAC,CAAC,CAAE,YAAW,aAAa,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAkE;IAExE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IAUxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIrC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
|
1
|
+
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,aAAa,CAAC,CAAC;IAC9B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,WAAW,CAAC,CAAC,CAAE,YAAW,aAAa,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAkE;IAExE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IAUxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIrC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAazB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
package/dist/store.js
CHANGED
|
@@ -26,6 +26,19 @@ export class MemoryStore {
|
|
|
26
26
|
const val = await this.get(key); // triggers TTL check
|
|
27
27
|
return val !== undefined;
|
|
28
28
|
}
|
|
29
|
+
async keys() {
|
|
30
|
+
const now = Date.now();
|
|
31
|
+
const result = [];
|
|
32
|
+
for (const [key, entry] of this.data) {
|
|
33
|
+
if (entry.expiresAt !== undefined && now > entry.expiresAt) {
|
|
34
|
+
this.data.delete(key);
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
result.push(key);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
return result;
|
|
41
|
+
}
|
|
29
42
|
async clear() {
|
|
30
43
|
this.data.clear();
|
|
31
44
|
}
|
package/dist/store.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAeA;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,IAAI,GAAG,IAAI,GAAG,EAAuD,CAAC;IAE9E,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAC7B,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAQ,EAAE,KAAc;QAC7C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACjB,KAAK;YACL,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS;SAClD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QACtD,OAAO,GAAG,KAAK,SAAS,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,7 +1,74 @@
|
|
|
1
|
+
export type AuthContextType = "human" | "agent" | "anonymous" | "workload";
|
|
2
|
+
export type ActorKind = "user" | "agent" | "workload" | "system" | "anonymous";
|
|
3
|
+
export type CredentialKind = "session" | "oauth" | "api_key" | "mtls" | "dpop" | "run_token" | "approval_token" | "anonymous";
|
|
4
|
+
export type ExecutionKind = "request" | "run" | "tool_call" | "approval" | "schedule" | "release" | "mcp_invocation";
|
|
5
|
+
export interface AuthCookieConfig {
|
|
6
|
+
path?: string;
|
|
7
|
+
domain?: string;
|
|
8
|
+
secure?: boolean;
|
|
9
|
+
httpOnly?: boolean;
|
|
10
|
+
sameSite?: "Strict" | "Lax" | "None";
|
|
11
|
+
}
|
|
12
|
+
export interface AuthGrant {
|
|
13
|
+
resource: string;
|
|
14
|
+
action: string;
|
|
15
|
+
scope?: Record<string, string>;
|
|
16
|
+
effect?: "allow" | "deny";
|
|
17
|
+
expiresAt?: string;
|
|
18
|
+
constraints?: Record<string, unknown>;
|
|
19
|
+
}
|
|
20
|
+
export interface AuthGrantRequirement {
|
|
21
|
+
resource: string;
|
|
22
|
+
action: string;
|
|
23
|
+
scope?: Record<string, string>;
|
|
24
|
+
}
|
|
25
|
+
export interface ActorIdentity {
|
|
26
|
+
kind: ActorKind;
|
|
27
|
+
id: string;
|
|
28
|
+
displayName?: string;
|
|
29
|
+
role?: string;
|
|
30
|
+
email?: string;
|
|
31
|
+
claims?: Record<string, unknown>;
|
|
32
|
+
}
|
|
33
|
+
export interface CredentialProof {
|
|
34
|
+
kind: CredentialKind;
|
|
35
|
+
subjectId: string;
|
|
36
|
+
presentedAt: string;
|
|
37
|
+
expiresAt?: string;
|
|
38
|
+
metadata?: Record<string, unknown>;
|
|
39
|
+
}
|
|
40
|
+
export interface ExecutionIdentity {
|
|
41
|
+
kind: ExecutionKind;
|
|
42
|
+
id: string;
|
|
43
|
+
parentId?: string;
|
|
44
|
+
metadata?: Record<string, unknown>;
|
|
45
|
+
}
|
|
46
|
+
export interface DelegationTargetRef {
|
|
47
|
+
kind: ActorKind | ExecutionKind;
|
|
48
|
+
id: string;
|
|
49
|
+
}
|
|
50
|
+
export interface DelegationLink {
|
|
51
|
+
from: DelegationTargetRef;
|
|
52
|
+
to: DelegationTargetRef;
|
|
53
|
+
reason: string;
|
|
54
|
+
issuedAt: string;
|
|
55
|
+
metadata?: Record<string, unknown>;
|
|
56
|
+
}
|
|
57
|
+
export interface AuthEnvelope {
|
|
58
|
+
actor: ActorIdentity;
|
|
59
|
+
credential: CredentialProof;
|
|
60
|
+
execution?: ExecutionIdentity;
|
|
61
|
+
delegation: DelegationLink[];
|
|
62
|
+
grants: AuthGrant[];
|
|
63
|
+
}
|
|
1
64
|
export interface AuthConfig {
|
|
2
65
|
session: {
|
|
3
66
|
secret: string;
|
|
4
67
|
maxAge?: string;
|
|
68
|
+
issuer?: string;
|
|
69
|
+
audience?: string;
|
|
70
|
+
cookieName?: string;
|
|
71
|
+
cookie?: AuthCookieConfig;
|
|
5
72
|
};
|
|
6
73
|
apiKeys?: {
|
|
7
74
|
prefix?: string;
|
|
@@ -11,25 +78,50 @@ export interface AuthConfig {
|
|
|
11
78
|
trustedDomains?: string[];
|
|
12
79
|
/** Whether to require client certificates (mTLS). */
|
|
13
80
|
mtls?: boolean;
|
|
81
|
+
/** OAuth 2.0 provider configuration for Google, GitHub, etc. */
|
|
82
|
+
oauth?: import("./oauth.js").OAuthConfig;
|
|
14
83
|
}
|
|
15
84
|
export interface SessionPayload {
|
|
16
85
|
userId: string;
|
|
17
86
|
email?: string;
|
|
18
87
|
role?: string;
|
|
88
|
+
displayName?: string;
|
|
89
|
+
permissions?: string[];
|
|
90
|
+
claims?: Record<string, unknown>;
|
|
91
|
+
sessionId?: string;
|
|
92
|
+
iss?: string;
|
|
93
|
+
aud?: string | string[];
|
|
19
94
|
iat: number;
|
|
20
95
|
exp: number;
|
|
21
96
|
}
|
|
97
|
+
export interface SessionSigningOptions {
|
|
98
|
+
maxAge?: string;
|
|
99
|
+
issuer?: string;
|
|
100
|
+
audience?: string | string[];
|
|
101
|
+
}
|
|
102
|
+
export interface SessionVerificationOptions {
|
|
103
|
+
issuer?: string;
|
|
104
|
+
audience?: string;
|
|
105
|
+
}
|
|
22
106
|
export interface AgentCredential {
|
|
23
107
|
id: string;
|
|
24
108
|
name: string;
|
|
25
109
|
apiKeyHash: string;
|
|
26
110
|
apiKeyPrefix: string;
|
|
27
111
|
permissions: string[];
|
|
112
|
+
grants?: AuthGrant[];
|
|
113
|
+
claims?: Record<string, unknown>;
|
|
28
114
|
revokedAt?: string;
|
|
29
115
|
}
|
|
30
116
|
export interface AuthContext {
|
|
31
117
|
isAuthenticated: boolean;
|
|
32
|
-
type:
|
|
118
|
+
type: AuthContextType;
|
|
119
|
+
actor: ActorIdentity;
|
|
120
|
+
credential: CredentialProof;
|
|
121
|
+
execution?: ExecutionIdentity;
|
|
122
|
+
delegation: DelegationLink[];
|
|
123
|
+
grants: AuthGrant[];
|
|
124
|
+
envelope?: AuthEnvelope;
|
|
33
125
|
userId?: string;
|
|
34
126
|
role?: string;
|
|
35
127
|
email?: string;
|
|
@@ -46,5 +138,11 @@ export interface AuthContext {
|
|
|
46
138
|
export interface AuthResolverDeps {
|
|
47
139
|
/** Look up an agent credential by API key prefix */
|
|
48
140
|
findAgentByKeyPrefix?: (prefix: string) => Promise<AgentCredential | null>;
|
|
141
|
+
/** Resolve extra grants after credential verification. */
|
|
142
|
+
resolveAdditionalGrants?: (auth: AuthContext, request: Request) => Promise<AuthGrant[] | string[] | undefined>;
|
|
143
|
+
/** Attach richer execution identity to the resolved auth envelope. */
|
|
144
|
+
resolveExecution?: (auth: AuthContext, request: Request) => Promise<ExecutionIdentity | undefined>;
|
|
145
|
+
/** Attach delegation provenance for runtime / harness flows. */
|
|
146
|
+
resolveDelegation?: (auth: AuthContext, request: Request) => Promise<DelegationLink[] | undefined>;
|
|
49
147
|
}
|
|
50
148
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,OAAO,GAAG,WAAW,GAAG,UAAU,CAAC;AAE3E,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,GAAG,WAAW,CAAC;AAE/E,MAAM,MAAM,cAAc,GACtB,SAAS,GACT,OAAO,GACP,SAAS,GACT,MAAM,GACN,MAAM,GACN,WAAW,GACX,gBAAgB,GAChB,WAAW,CAAC;AAEhB,MAAM,MAAM,aAAa,GACrB,SAAS,GACT,KAAK,GACL,WAAW,GACX,UAAU,GACV,UAAU,GACV,SAAS,GACT,gBAAgB,CAAC;AAErB,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,aAAa,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,SAAS,GAAG,aAAa,CAAC;IAChC,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,mBAAmB,CAAC;IAC1B,EAAE,EAAE,mBAAmB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,aAAa,CAAC;IACrB,UAAU,EAAE,eAAe,CAAC;IAC5B,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,gBAAgB,CAAC;KAC3B,CAAC;IACF,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,qEAAqE;IACrE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,qDAAqD;IACrD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,gEAAgE;IAChE,KAAK,CAAC,EAAE,OAAO,YAAY,EAAE,WAAW,CAAC;CAC1C;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,aAAa,CAAC;IACrB,UAAU,EAAE,eAAe,CAAC;IAC5B,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qFAAqF;IACrF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,CACrB,MAAM,EAAE,MAAM,KACX,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACrC,0DAA0D;IAC1D,uBAAuB,CAAC,EAAE,CACxB,IAAI,EAAE,WAAW,EACjB,OAAO,EAAE,OAAO,KACb,OAAO,CAAC,SAAS,EAAE,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACjD,sEAAsE;IACtE,gBAAgB,CAAC,EAAE,CACjB,IAAI,EAAE,WAAW,EACjB,OAAO,EAAE,OAAO,KACb,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;IAC5C,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,CAClB,IAAI,EAAE,WAAW,EACjB,OAAO,EAAE,OAAO,KACb,OAAO,CAAC,cAAc,EAAE,GAAG,SAAS,CAAC,CAAC;CAC5C"}
|