agent-passport-system 1.29.5 → 1.29.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/src/core/aps-txt.d.ts +35 -1
- package/dist/src/core/aps-txt.d.ts.map +1 -1
- package/dist/src/core/aps-txt.js +87 -2
- package/dist/src/core/aps-txt.js.map +1 -1
- package/dist/src/core/bilateral-receipt.d.ts +54 -0
- package/dist/src/core/bilateral-receipt.d.ts.map +1 -0
- package/dist/src/core/bilateral-receipt.js +192 -0
- package/dist/src/core/bilateral-receipt.js.map +1 -0
- package/dist/src/core/delegation.d.ts +18 -1
- package/dist/src/core/delegation.d.ts.map +1 -1
- package/dist/src/core/delegation.js +33 -5
- package/dist/src/core/delegation.js.map +1 -1
- package/dist/src/core/execution-attestation.d.ts +2 -1
- package/dist/src/core/execution-attestation.d.ts.map +1 -1
- package/dist/src/core/execution-attestation.js +17 -6
- package/dist/src/core/execution-attestation.js.map +1 -1
- package/dist/src/core/fidelity-probe.d.ts +57 -0
- package/dist/src/core/fidelity-probe.d.ts.map +1 -1
- package/dist/src/core/fidelity-probe.js +57 -0
- package/dist/src/core/fidelity-probe.js.map +1 -1
- package/dist/src/core/governance-block.d.ts +94 -0
- package/dist/src/core/governance-block.d.ts.map +1 -1
- package/dist/src/core/governance-block.js +158 -0
- package/dist/src/core/governance-block.js.map +1 -1
- package/dist/src/core/governance-consumer.d.ts.map +1 -1
- package/dist/src/core/governance-consumer.js +11 -2
- package/dist/src/core/governance-consumer.js.map +1 -1
- package/dist/src/core/proof-namespace.d.ts +71 -0
- package/dist/src/core/proof-namespace.d.ts.map +1 -0
- package/dist/src/core/proof-namespace.js +81 -0
- package/dist/src/core/proof-namespace.js.map +1 -0
- package/dist/src/core/tool-integrity.d.ts +75 -0
- package/dist/src/core/tool-integrity.d.ts.map +1 -0
- package/dist/src/core/tool-integrity.js +90 -0
- package/dist/src/core/tool-integrity.js.map +1 -0
- package/dist/src/index.d.ts +8 -2
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +5 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/types/bilateral-receipt.d.ts +53 -0
- package/dist/src/types/bilateral-receipt.d.ts.map +1 -0
- package/dist/src/types/bilateral-receipt.js +14 -0
- package/dist/src/types/bilateral-receipt.js.map +1 -0
- package/dist/src/types/execution-attestation.d.ts +24 -2
- package/dist/src/types/execution-attestation.d.ts.map +1 -1
- package/dist/src/types/execution-attestation.js.map +1 -1
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -2,13 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://www.npmjs.com/package/agent-passport-system)
|
|
4
4
|
[](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
|
|
5
|
-
[](https://github.com/aeoess/agent-passport-system)
|
|
6
6
|
[](https://doi.org/10.5281/zenodo.18749779)
|
|
7
7
|
[-blue)](https://doi.org/10.5281/zenodo.19323172)
|
|
8
8
|
|
|
9
9
|
> **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json).
|
|
10
10
|
|
|
11
|
-
**Enforcement infrastructure for the agent economy.** Every action evaluated in under 2ms. 15 constraint dimensions. 403 ops/sec. Sub-millisecond denial. Feeless Nano payments.
|
|
11
|
+
**Enforcement infrastructure for the agent economy.** Every action evaluated in under 2ms. 15 constraint dimensions. 403 ops/sec. Sub-millisecond denial. Feeless Nano payments. 99 modules. 2,051 tests. Not just identity — the full enforcement stack.
|
|
12
12
|
|
|
13
13
|
AI agents represent companies and people. They spend real money, access sensitive data, negotiate contracts, and talk to other agents. APS is the enforcement layer that answers: what is this agent allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically? Independently validated by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
|
|
14
14
|
|
|
@@ -140,7 +140,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
|
|
|
140
140
|
|
|
141
141
|
## The Stack
|
|
142
142
|
|
|
143
|
-
|
|
143
|
+
67 core modules + 32 v2 constitutional modules. 2,051 tests. Zero heavy dependencies.
|
|
144
144
|
|
|
145
145
|
| Layer | What it does | Key primitive |
|
|
146
146
|
|-------|-------------|---------------|
|
|
@@ -194,7 +194,7 @@ npx agent-passport audit --floor values/floor.yaml
|
|
|
194
194
|
|
|
195
195
|
```bash
|
|
196
196
|
npm test
|
|
197
|
-
#
|
|
197
|
+
# 2047 tests across 98 files, 521 suites, 0 failures
|
|
198
198
|
```
|
|
199
199
|
|
|
200
200
|
50 adversarial tests: Merkle tampering, attribution gaming, compliance violations, floor negotiation attacks, cross-chain confused deputy, taint laundering, authority probing.
|
|
@@ -43,6 +43,9 @@ export interface PathOverride {
|
|
|
43
43
|
terms: GovernanceTerms;
|
|
44
44
|
/** Optional revocation policy override */
|
|
45
45
|
revocation_policy?: RevocationPolicy;
|
|
46
|
+
/** Optional DID pattern for agent-specific terms (e.g. "did:meeet:*", "did:aps:*", "did:*")
|
|
47
|
+
* Source: alxvasilevvv on openclaw#49971 — 1,020 MEEET agents need method-level matching */
|
|
48
|
+
user_agent?: string;
|
|
46
49
|
}
|
|
47
50
|
export interface GenerateApsTxtInput {
|
|
48
51
|
domain: string;
|
|
@@ -64,7 +67,7 @@ export declare function verifyApsTxt(doc: ApsTxt, publicKey: string): {
|
|
|
64
67
|
* Resolve terms for a specific path using aps.txt path overrides.
|
|
65
68
|
* Falls back to default_terms if no override matches.
|
|
66
69
|
*/
|
|
67
|
-
export declare function resolveTermsForPath(doc: ApsTxt, path: string): GovernanceTerms;
|
|
70
|
+
export declare function resolveTermsForPath(doc: ApsTxt, path: string, agentDid?: string): GovernanceTerms;
|
|
68
71
|
/**
|
|
69
72
|
* Serialize aps.txt to a JSON string ready to serve as a file.
|
|
70
73
|
*/
|
|
@@ -117,4 +120,35 @@ export declare function verifyChainedBlock(chain: ChainedGovernanceBlock, conten
|
|
|
117
120
|
chainValid: boolean;
|
|
118
121
|
errors: string[];
|
|
119
122
|
};
|
|
123
|
+
/**
|
|
124
|
+
* AV-2 Fix: Strict aps.txt enforcement.
|
|
125
|
+
* Verifies signature before resolving path terms.
|
|
126
|
+
* unsigned aps.txt → warning or block depending on mode.
|
|
127
|
+
*
|
|
128
|
+
* Source: MoltyCel on qntm#7 — unsigned aps.txt can be replaced
|
|
129
|
+
* by a compromised repo. DID-signed aps.txt prevents this.
|
|
130
|
+
*/
|
|
131
|
+
export type ApsTxtEnforcementMode = 'permissive' | 'warn' | 'strict';
|
|
132
|
+
export interface ApsTxtEnforcementResult {
|
|
133
|
+
/** Whether the agent should proceed */
|
|
134
|
+
allowed: boolean;
|
|
135
|
+
/** Resolved governance terms for the requested path */
|
|
136
|
+
terms: GovernanceTerms | null;
|
|
137
|
+
/** Warning if aps.txt is unsigned or unverifiable */
|
|
138
|
+
warning?: string;
|
|
139
|
+
/** Error if strict mode blocks access */
|
|
140
|
+
error?: string;
|
|
141
|
+
/** Whether the aps.txt signature was verified */
|
|
142
|
+
signatureVerified: boolean;
|
|
143
|
+
}
|
|
144
|
+
export declare function enforceApsTxt(doc: ApsTxt, path: string, opts?: {
|
|
145
|
+
/** Publisher's public key for signature verification */
|
|
146
|
+
publisherPublicKey?: string;
|
|
147
|
+
/** Enforcement mode: permissive (allow unsigned), warn (allow with warning), strict (block unsigned) */
|
|
148
|
+
mode?: ApsTxtEnforcementMode;
|
|
149
|
+
/** Trust threshold (0-1). Below this, restrictive aps.txt produces warning instead of block (AV-4 DoS fix) */
|
|
150
|
+
trustThreshold?: number;
|
|
151
|
+
/** Publisher's trust score (0-1). If below trustThreshold, warn instead of block */
|
|
152
|
+
publisherTrustScore?: number;
|
|
153
|
+
}): ApsTxtEnforcementResult;
|
|
120
154
|
//# sourceMappingURL=aps-txt.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aps-txt.d.ts","sourceRoot":"","sources":["../../../src/core/aps-txt.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAO9E,MAAM,WAAW,MAAM;IACrB,8BAA8B;IAC9B,UAAU,EAAE,kCAAkC,CAAA;IAC9C,OAAO,EAAE,QAAQ,CAAA;IACjB,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAA;IACd,sBAAsB;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,sCAAsC;IACtC,cAAc,EAAE,MAAM,CAAA;IACtB,mDAAmD;IACnD,aAAa,EAAE,eAAe,CAAA;IAC9B,gCAAgC;IAChC,yBAAyB,EAAE,gBAAgB,CAAA;IAC3C,uCAAuC;IACvC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,wEAAwE;IACxE,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;IAC/B,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB;IACxB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,0DAA0D;IAC1D,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC;IACnC,KAAK,EAAE,eAAe,CAAA;IACtB,0CAA0C;IAC1C,iBAAiB,CAAC,EAAE,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"aps-txt.d.ts","sourceRoot":"","sources":["../../../src/core/aps-txt.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAO9E,MAAM,WAAW,MAAM;IACrB,8BAA8B;IAC9B,UAAU,EAAE,kCAAkC,CAAA;IAC9C,OAAO,EAAE,QAAQ,CAAA;IACjB,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAA;IACd,sBAAsB;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,sCAAsC;IACtC,cAAc,EAAE,MAAM,CAAA;IACtB,mDAAmD;IACnD,aAAa,EAAE,eAAe,CAAA;IAC9B,gCAAgC;IAChC,yBAAyB,EAAE,gBAAgB,CAAA;IAC3C,uCAAuC;IACvC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,wEAAwE;IACxE,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;IAC/B,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB;IACxB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,0DAA0D;IAC1D,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC;IACnC,KAAK,EAAE,eAAe,CAAA;IACtB,0CAA0C;IAC1C,iBAAiB,CAAC,EAAE,gBAAgB,CAAA;IACpC;iGAC6F;IAC7F,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAMD,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,YAAY,EAAE,eAAe,CAAA;IAC7B,uBAAuB,CAAC,EAAE,gBAAgB,CAAA;IAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAA;CAC/B;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,MAAM,CAqBjE;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAWjG;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,eAAe,CAejG;AA0BD;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAM1D;AAMD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AAE5D;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAUhF;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,eAAe,GAAG,IAAI,CAM9F;AAMD,MAAM,WAAW,sBAAuB,SAAQ,eAAe;IAC7D,oEAAoE;IACpE,iBAAiB,EAAE,MAAM,CAAA;IACzB,oEAAoE;IACpE,eAAe,EAAE,MAAM,CAAA;IACvB,qEAAqE;IACrE,oBAAoB,EAAE,MAAM,CAAA;CAC7B;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE;IAClD,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAA;IACf,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,8CAA8C;IAC9C,KAAK,EAAE,eAAe,CAAA;IACtB,sDAAsD;IACtD,WAAW,EAAE,eAAe,CAAA;IAC5B,yBAAyB;IACzB,cAAc,EAAE,MAAM,CAAA;IACtB,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;CACpC,GAAG,sBAAsB,CAuBzB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,sBAAsB,EAC7B,OAAO,EAAE,MAAM,EACf,mBAAmB,EAAE,MAAM,EAC3B,WAAW,CAAC,EAAE,eAAe,GAC5B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAwB3D;AAOD;;;;;;;GAOG;AACH,MAAM,MAAM,qBAAqB,GAAG,YAAY,GAAG,MAAM,GAAG,QAAQ,CAAA;AAEpE,MAAM,WAAW,uBAAuB;IACtC,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAA;IAChB,uDAAuD;IACvD,KAAK,EAAE,eAAe,GAAG,IAAI,CAAA;IAC7B,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,iDAAiD;IACjD,iBAAiB,EAAE,OAAO,CAAA;CAC3B;AAED,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IACJ,wDAAwD;IACxD,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,wGAAwG;IACxG,IAAI,CAAC,EAAE,qBAAqB,CAAA;IAC5B,8GAA8G;IAC9G,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,oFAAoF;IACpF,mBAAmB,CAAC,EAAE,MAAM,CAAA;CACxB,GACL,uBAAuB,CAkDzB"}
|
package/dist/src/core/aps-txt.js
CHANGED
|
@@ -50,10 +50,17 @@ export function verifyApsTxt(doc, publicKey) {
|
|
|
50
50
|
* Resolve terms for a specific path using aps.txt path overrides.
|
|
51
51
|
* Falls back to default_terms if no override matches.
|
|
52
52
|
*/
|
|
53
|
-
export function resolveTermsForPath(doc, path) {
|
|
53
|
+
export function resolveTermsForPath(doc, path, agentDid) {
|
|
54
54
|
if (doc.path_overrides) {
|
|
55
55
|
for (const override of doc.path_overrides) {
|
|
56
|
-
|
|
56
|
+
const pathMatch = matchGlob(override.pattern, path);
|
|
57
|
+
// If override has a user_agent pattern, both path AND agent must match
|
|
58
|
+
if (override.user_agent) {
|
|
59
|
+
if (pathMatch && agentDid && matchDidPattern(override.user_agent, agentDid)) {
|
|
60
|
+
return { ...doc.default_terms, ...override.terms };
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
else if (pathMatch) {
|
|
57
64
|
return { ...doc.default_terms, ...override.terms };
|
|
58
65
|
}
|
|
59
66
|
}
|
|
@@ -68,6 +75,21 @@ function matchGlob(pattern, path) {
|
|
|
68
75
|
.replace(/§DOUBLESTAR§/g, '.*');
|
|
69
76
|
return new RegExp(`^${regex}$`).test(path);
|
|
70
77
|
}
|
|
78
|
+
/** Match a DID pattern against an agent's DID.
|
|
79
|
+
* `did:meeet:*` matches `did:meeet:agent_abc`
|
|
80
|
+
* `did:*` matches any DID
|
|
81
|
+
* `did:aps:agent_123` matches exact DID
|
|
82
|
+
* Source: alxvasilevvv on openclaw#49971
|
|
83
|
+
*/
|
|
84
|
+
function matchDidPattern(pattern, did) {
|
|
85
|
+
if (pattern === '*' || pattern === 'did:*')
|
|
86
|
+
return true;
|
|
87
|
+
// Convert DID pattern to regex: `did:meeet:*` → `^did:meeet:.*$`
|
|
88
|
+
const regex = pattern
|
|
89
|
+
.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // escape regex chars except *
|
|
90
|
+
.replace(/\*/g, '.*');
|
|
91
|
+
return new RegExp(`^${regex}$`).test(did);
|
|
92
|
+
}
|
|
71
93
|
/**
|
|
72
94
|
* Serialize aps.txt to a JSON string ready to serve as a file.
|
|
73
95
|
*/
|
|
@@ -169,4 +191,67 @@ export function verifyChainedBlock(chain, content, derivativePublicKey, parentBl
|
|
|
169
191
|
}
|
|
170
192
|
return { valid: sigValid && errors.length === 0, chainValid, errors };
|
|
171
193
|
}
|
|
194
|
+
export function enforceApsTxt(doc, path, opts = {}) {
|
|
195
|
+
const mode = opts.mode ?? 'warn';
|
|
196
|
+
const trustThreshold = opts.trustThreshold ?? 0.3;
|
|
197
|
+
const publisherTrust = opts.publisherTrustScore ?? 0;
|
|
198
|
+
// Step 1: Verify signature if public key provided
|
|
199
|
+
let signatureVerified = false;
|
|
200
|
+
if (opts.publisherPublicKey) {
|
|
201
|
+
const verification = verifyApsTxt(doc, opts.publisherPublicKey);
|
|
202
|
+
signatureVerified = verification.valid;
|
|
203
|
+
}
|
|
204
|
+
// Step 2: Check enforcement mode for unsigned aps.txt
|
|
205
|
+
if (!signatureVerified) {
|
|
206
|
+
if (mode === 'strict') {
|
|
207
|
+
return {
|
|
208
|
+
allowed: false,
|
|
209
|
+
terms: null,
|
|
210
|
+
error: 'aps.txt signature verification failed (strict mode)',
|
|
211
|
+
signatureVerified: false,
|
|
212
|
+
};
|
|
213
|
+
}
|
|
214
|
+
if (mode === 'warn') {
|
|
215
|
+
// Continue but with warning
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
// Step 3: Resolve terms for the path
|
|
219
|
+
const terms = resolveTermsForPath(doc, path);
|
|
220
|
+
// Step 4: AV-4 DoS protection — restrictive aps.txt from unknown publishers
|
|
221
|
+
// If publisher trust is below threshold and aps.txt blocks all agents,
|
|
222
|
+
// produce warning instead of block
|
|
223
|
+
if (isAllDenied(terms) || isFullBlock(doc, path)) {
|
|
224
|
+
if (publisherTrust < trustThreshold && !signatureVerified) {
|
|
225
|
+
return {
|
|
226
|
+
allowed: true,
|
|
227
|
+
terms,
|
|
228
|
+
warning: `Low-trust publisher (${publisherTrust}) with restrictive aps.txt — proceeding with caution (AV-4 protection)`,
|
|
229
|
+
signatureVerified,
|
|
230
|
+
};
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
return {
|
|
234
|
+
allowed: true,
|
|
235
|
+
terms,
|
|
236
|
+
warning: signatureVerified ? undefined : 'aps.txt signature not verified — proceeding in permissive mode',
|
|
237
|
+
signatureVerified,
|
|
238
|
+
};
|
|
239
|
+
}
|
|
240
|
+
/** Check if governance terms deny all usage types */
|
|
241
|
+
function isAllDenied(terms) {
|
|
242
|
+
const fields = ['inference', 'training', 'redistribution', 'derivative', 'caching'];
|
|
243
|
+
return fields.every(f => terms[f] === 'prohibited');
|
|
244
|
+
}
|
|
245
|
+
/** Check if aps.txt effectively blocks all agents for a path */
|
|
246
|
+
function isFullBlock(doc, path) {
|
|
247
|
+
if (!doc.path_overrides)
|
|
248
|
+
return false;
|
|
249
|
+
for (const override of doc.path_overrides) {
|
|
250
|
+
if (override.pattern === '/*' || override.pattern === '/**') {
|
|
251
|
+
if (isAllDenied(override.terms))
|
|
252
|
+
return true;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
return false;
|
|
256
|
+
}
|
|
172
257
|
//# sourceMappingURL=aps-txt.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aps-txt.js","sourceRoot":"","sources":["../../../src/core/aps-txt.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAEnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAA;
|
|
1
|
+
{"version":3,"file":"aps-txt.js","sourceRoot":"","sources":["../../../src/core/aps-txt.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAEnE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAA;AA4DjE,MAAM,UAAU,cAAc,CAAC,KAA0B;IACvD,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAC/C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAEpC,MAAM,GAAG,GAA8B;QACrC,UAAU,EAAE,kCAAkC;QAC9C,OAAO,EAAE,QAAQ;QACjB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,aAAa,EAAE,YAAY;QAC3B,cAAc,EAAE,KAAK,CAAC,aAAa;QACnC,aAAa,EAAE,KAAK,CAAC,YAAY;QACjC,yBAAyB,EAAE,KAAK,CAAC,uBAAuB,IAAI,yBAAyB;QACrF,YAAY,EAAE,GAAG;QACjB,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,EAAE,mBAAmB,EAAE,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAClF,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7D,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,IAAI,EAAE,cAAc,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC;KAC5E,CAAA;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;IACjD,OAAO,EAAE,GAAG,GAAG,EAAE,SAAS,EAAE,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAW,EAAE,SAAiB;IACzD,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAA;IAClC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IACtD,IAAI,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAA;IAE3D,MAAM,WAAW,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;IACxC,IAAI,GAAG,CAAC,aAAa,KAAK,WAAW;QAAE,MAAM,CAAC,IAAI,CAAC,0BAA0B,WAAW,EAAE,CAAC,CAAA;IAE3F,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAW,EAAE,IAAY,EAAE,QAAiB;IAC9E,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;QACvB,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;YAC1C,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;YACnD,uEAAuE;YACvE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACxB,IAAI,SAAS,IAAI,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;oBAC5E,OAAO,EAAE,GAAG,GAAG,CAAC,aAAa,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAA;gBACpD,CAAC;YACH,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,OAAO,EAAE,GAAG,GAAG,CAAC,aAAa,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAA;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,aAAa,CAAA;AAC1B,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,IAAY;IAC9C,mEAAmE;IACnE,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,CAAA;IACjC,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,GAAW;IACnD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IACvD,iEAAiE;IACjE,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAE,8BAA8B;SACrE,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IACvB,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAA;QAC7C,OAAO,MAAgB,CAAA;IACzB,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAA;IAAC,CAAC;AACzB,CAAC;AAQD;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAsB;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACnD,OAAO;QACL,kBAAkB,EAAE,GAAG;QACvB,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,oBAAoB,EAAE,KAAK,CAAC,YAAY;QACxC,sBAAsB,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,IAAI,eAAe;QAC/D,uBAAuB,EAAE,KAAK,CAAC,KAAK,CAAC,SAAS,IAAI,eAAe;KAClE,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAA+B;IACpE,MAAM,GAAG,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAAA;IACtE,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAA;IACpF,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAA;IAAC,CAAC;AACzB,CAAC;AAeD;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAAC,KAa5C;IACC,MAAM,WAAW,GAAG,UAAU,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAA;IACxF,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAChD,MAAM,eAAe,GAAG,UAAU,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAA;IAC9G,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAEpC,MAAM,KAAK,GAA8C;QACvD,UAAU,EAAE,kCAAkC;QAC9C,OAAO,EAAE,iBAAiB;QAC1B,UAAU,EAAE,KAAK,CAAC,WAAW,CAAC,UAAU;QACxC,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,GAAG;QACjB,uBAAuB,EAAE,GAAG;QAC5B,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,iBAAiB,EAAE,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,WAAW,CAAC,iBAAiB;QAChF,iBAAiB,EAAE,eAAe;QAClC,eAAe,EAAE,KAAK,CAAC,cAAc;QACrC,oBAAoB,EAAE,aAAa;KACpC,CAAA;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;IACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;IACjD,OAAO,EAAE,GAAG,KAAK,EAAE,SAAS,EAAE,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAA6B,EAC7B,OAAe,EACf,mBAA2B,EAC3B,WAA6B;IAE7B,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,8BAA8B;IAC9B,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAA;IACpC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAA;IAChE,IAAI,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IAEtE,sBAAsB;IACtB,MAAM,YAAY,GAAG,UAAU,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAA;IACnF,IAAI,KAAK,CAAC,YAAY,KAAK,YAAY;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;IAE7E,yCAAyC;IACzC,IAAI,UAAU,GAAG,IAAI,CAAA;IACrB,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,kBAAkB,GAAG,UAAU,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAA;QAC3G,IAAI,KAAK,CAAC,iBAAiB,KAAK,kBAAkB,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAA;YACxD,UAAU,GAAG,KAAK,CAAA;QACpB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAA;AACvE,CAAC;AA8BD,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,IAAY,EACZ,OASI,EAAE;IAEN,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,MAAM,CAAA;IAChC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,GAAG,CAAA;IACjD,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAA;IAEpD,kDAAkD;IAClD,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAC7B,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAC/D,iBAAiB,GAAG,YAAY,CAAC,KAAK,CAAA;IACxC,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,qDAAqD;gBAC5D,iBAAiB,EAAE,KAAK;aACzB,CAAA;QACH,CAAC;QACD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,4BAA4B;QAC9B,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAE5C,4EAA4E;IAC5E,uEAAuE;IACvE,mCAAmC;IACnC,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACjD,IAAI,cAAc,GAAG,cAAc,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,KAAK;gBACL,OAAO,EAAE,wBAAwB,cAAc,wEAAwE;gBACvH,iBAAiB;aAClB,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,KAAK;QACL,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gEAAgE;QACzG,iBAAiB;KAClB,CAAA;AACH,CAAC;AAED,qDAAqD;AACrD,SAAS,WAAW,CAAC,KAAsB;IACzC,MAAM,MAAM,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,SAAS,CAAU,CAAA;IAC5F,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,CAAA;AACrD,CAAC;AAED,gEAAgE;AAChE,SAAS,WAAW,CAAC,GAAW,EAAE,IAAY;IAC5C,IAAI,CAAC,GAAG,CAAC,cAAc;QAAE,OAAO,KAAK,CAAA;IACrC,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;QAC1C,IAAI,QAAQ,CAAC,OAAO,KAAK,IAAI,IAAI,QAAQ,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC5D,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAA;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import type { BilateralReceipt, BilateralReceiptVerification, InteractionOutcome, EvidenceCommitment, CompromiseWindowCheck, RevocationReason } from '../types/bilateral-receipt.js';
|
|
2
|
+
/**
|
|
3
|
+
* Create a bilateral receipt. Called in two phases:
|
|
4
|
+
* Phase 1: Requesting agent proposes the outcome and signs
|
|
5
|
+
* Phase 2: Serving agent reviews, agrees, and countersigns
|
|
6
|
+
* Phase 3 (optional): Gateway witnesses and adds third signature
|
|
7
|
+
*/
|
|
8
|
+
export declare function createBilateralReceipt(opts: {
|
|
9
|
+
requestingAgentId: string;
|
|
10
|
+
servingAgentId: string;
|
|
11
|
+
delegationId?: string;
|
|
12
|
+
outcome: InteractionOutcome;
|
|
13
|
+
requestedAt: string;
|
|
14
|
+
completedAt: string;
|
|
15
|
+
requestingAgentPrivateKey: string;
|
|
16
|
+
servingAgentPrivateKey: string;
|
|
17
|
+
gatewayPrivateKey?: string;
|
|
18
|
+
evidenceCommitments?: EvidenceCommitment[];
|
|
19
|
+
}): BilateralReceipt;
|
|
20
|
+
export declare function verifyBilateralReceipt(receipt: BilateralReceipt, requestingAgentPublicKey: string, servingAgentPublicKey: string, gatewayPublicKey?: string): BilateralReceiptVerification;
|
|
21
|
+
/**
|
|
22
|
+
* Create an evidence commitment from an external credential.
|
|
23
|
+
* The credential (JWT, JWS, signed JSON) is hashed — not embedded.
|
|
24
|
+
* Verifiers fetch the credential out-of-band and check hash match.
|
|
25
|
+
*/
|
|
26
|
+
export declare function createEvidenceCommitment(opts: {
|
|
27
|
+
type: string;
|
|
28
|
+
credential: string;
|
|
29
|
+
issuerKid?: string;
|
|
30
|
+
jwks?: string;
|
|
31
|
+
pass?: boolean;
|
|
32
|
+
}): EvidenceCommitment;
|
|
33
|
+
/**
|
|
34
|
+
* Verify that a credential matches its commitment.
|
|
35
|
+
*/
|
|
36
|
+
export declare function verifyEvidenceCommitment(commitment: EvidenceCommitment, credential: string): boolean;
|
|
37
|
+
/**
|
|
38
|
+
* Check whether a proof timestamp falls within a compromise window.
|
|
39
|
+
*
|
|
40
|
+
* Three states:
|
|
41
|
+
* 'safe' — proof predates compromise, likely unaffected
|
|
42
|
+
* 'warn' — compromise window unknown, proof might be affected
|
|
43
|
+
* 'error' — proof is definitely within the compromise window
|
|
44
|
+
*
|
|
45
|
+
* When revocationReason !== 'compromise', all pre-revocation
|
|
46
|
+
* proofs are safe (key rotation, decommission, etc.).
|
|
47
|
+
*/
|
|
48
|
+
export declare function checkCompromiseWindow(opts: {
|
|
49
|
+
proofTimestamp: string;
|
|
50
|
+
revokedAt: string;
|
|
51
|
+
revocationReason: RevocationReason;
|
|
52
|
+
compromisedSince?: string;
|
|
53
|
+
}): CompromiseWindowCheck;
|
|
54
|
+
//# sourceMappingURL=bilateral-receipt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bilateral-receipt.d.ts","sourceRoot":"","sources":["../../../src/core/bilateral-receipt.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EACV,gBAAgB,EAChB,4BAA4B,EAC5B,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EACjB,MAAM,+BAA+B,CAAA;AAUtC;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,iBAAiB,EAAE,MAAM,CAAA;IACzB,cAAc,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,kBAAkB,CAAA;IAC3B,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,yBAAyB,EAAE,MAAM,CAAA;IACjC,sBAAsB,EAAE,MAAM,CAAA;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAA;CAC3C,GAAG,gBAAgB,CAiCnB;AAKD,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,gBAAgB,EACzB,wBAAwB,EAAE,MAAM,EAChC,qBAAqB,EAAE,MAAM,EAC7B,gBAAgB,CAAC,EAAE,MAAM,GACxB,4BAA4B,CAyC9B;AAMD;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,OAAO,CAAA;CACf,GAAG,kBAAkB,CASrB;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,UAAU,EAAE,kBAAkB,EAC9B,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE;IAC1C,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,GAAG,qBAAqB,CAmDxB"}
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
|
|
2
|
+
// ══════════════════════════════════════════════════════════════════
|
|
3
|
+
// Bilateral Receipt + Evidence Commitments + Compromise Window
|
|
4
|
+
// ══════════════════════════════════════════════════════════════════
|
|
5
|
+
// Three ecosystem-sourced improvements shipped as one module:
|
|
6
|
+
//
|
|
7
|
+
// 1. Bilateral receipts: both agents sign the same interaction.
|
|
8
|
+
// Source: viftode4, IETF draft-pouwelse-trustchain-01
|
|
9
|
+
//
|
|
10
|
+
// 2. Evidence commitments: bind external attestations into receipts
|
|
11
|
+
// by hash. Source: douglasborthwick-crypto (InsumerAPI)
|
|
12
|
+
//
|
|
13
|
+
// 3. Compromise window: distinguish breach time from detection time.
|
|
14
|
+
// Source: desiorac on qntm#6
|
|
15
|
+
// ══════════════════════════════════════════════════════════════════
|
|
16
|
+
import { createHash, randomUUID } from 'node:crypto';
|
|
17
|
+
import { sign, verify } from '../crypto/keys.js';
|
|
18
|
+
import { canonicalize } from './canonical.js';
|
|
19
|
+
function sha256(input) {
|
|
20
|
+
return createHash('sha256').update(input).digest('hex');
|
|
21
|
+
}
|
|
22
|
+
// ══════════════════════════════════════════════════════════════════
|
|
23
|
+
// 1. Bilateral Receipt — both agents sign the same interaction
|
|
24
|
+
// ══════════════════════════════════════════════════════════════════
|
|
25
|
+
/**
|
|
26
|
+
* Create a bilateral receipt. Called in two phases:
|
|
27
|
+
* Phase 1: Requesting agent proposes the outcome and signs
|
|
28
|
+
* Phase 2: Serving agent reviews, agrees, and countersigns
|
|
29
|
+
* Phase 3 (optional): Gateway witnesses and adds third signature
|
|
30
|
+
*/
|
|
31
|
+
export function createBilateralReceipt(opts) {
|
|
32
|
+
const now = new Date().toISOString();
|
|
33
|
+
// Build the receipt body (everything both agents agree on)
|
|
34
|
+
const body = {
|
|
35
|
+
receiptId: randomUUID(),
|
|
36
|
+
version: '1.0',
|
|
37
|
+
requestingAgentId: opts.requestingAgentId,
|
|
38
|
+
servingAgentId: opts.servingAgentId,
|
|
39
|
+
delegationId: opts.delegationId,
|
|
40
|
+
outcome: opts.outcome,
|
|
41
|
+
requestedAt: opts.requestedAt,
|
|
42
|
+
completedAt: opts.completedAt,
|
|
43
|
+
agreedAt: now,
|
|
44
|
+
evidenceCommitments: opts.evidenceCommitments,
|
|
45
|
+
};
|
|
46
|
+
// Both agents sign the SAME canonical body
|
|
47
|
+
const canonical = canonicalize(body);
|
|
48
|
+
const requestingAgentSignature = sign(canonical, opts.requestingAgentPrivateKey);
|
|
49
|
+
const servingAgentSignature = sign(canonical, opts.servingAgentPrivateKey);
|
|
50
|
+
// Optional gateway witness
|
|
51
|
+
const gatewaySignature = opts.gatewayPrivateKey
|
|
52
|
+
? sign(canonical, opts.gatewayPrivateKey)
|
|
53
|
+
: undefined;
|
|
54
|
+
return {
|
|
55
|
+
...body,
|
|
56
|
+
requestingAgentSignature,
|
|
57
|
+
servingAgentSignature,
|
|
58
|
+
gatewaySignature,
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
// ══════════════════════════════════════════════════════════════════
|
|
62
|
+
// verifyBilateralReceipt — check all signatures over same outcome
|
|
63
|
+
// ══════════════════════════════════════════════════════════════════
|
|
64
|
+
export function verifyBilateralReceipt(receipt, requestingAgentPublicKey, servingAgentPublicKey, gatewayPublicKey) {
|
|
65
|
+
const errors = [];
|
|
66
|
+
// Reconstruct the body both agents signed
|
|
67
|
+
const { requestingAgentSignature, servingAgentSignature, gatewaySignature, ...body } = receipt;
|
|
68
|
+
const canonical = canonicalize(body);
|
|
69
|
+
// Verify requesting agent signature
|
|
70
|
+
const reqValid = verify(canonical, requestingAgentSignature, requestingAgentPublicKey);
|
|
71
|
+
if (!reqValid)
|
|
72
|
+
errors.push('Requesting agent signature invalid');
|
|
73
|
+
// Verify serving agent signature
|
|
74
|
+
const srvValid = verify(canonical, servingAgentSignature, servingAgentPublicKey);
|
|
75
|
+
if (!srvValid)
|
|
76
|
+
errors.push('Serving agent signature invalid');
|
|
77
|
+
// Verify gateway signature (if present)
|
|
78
|
+
let gwValid = null;
|
|
79
|
+
if (gatewaySignature && gatewayPublicKey) {
|
|
80
|
+
gwValid = verify(canonical, gatewaySignature, gatewayPublicKey);
|
|
81
|
+
if (!gwValid)
|
|
82
|
+
errors.push('Gateway witness signature invalid');
|
|
83
|
+
}
|
|
84
|
+
else if (gatewaySignature && !gatewayPublicKey) {
|
|
85
|
+
gwValid = false;
|
|
86
|
+
errors.push('Gateway signature present but no public key provided');
|
|
87
|
+
}
|
|
88
|
+
// Timing sanity
|
|
89
|
+
const req = new Date(receipt.requestedAt).getTime();
|
|
90
|
+
const comp = new Date(receipt.completedAt).getTime();
|
|
91
|
+
const agreed = new Date(receipt.agreedAt).getTime();
|
|
92
|
+
const timingValid = comp >= req && agreed >= req;
|
|
93
|
+
if (!timingValid)
|
|
94
|
+
errors.push('Timing invalid');
|
|
95
|
+
return {
|
|
96
|
+
valid: errors.length === 0,
|
|
97
|
+
requestingAgentSignatureValid: reqValid,
|
|
98
|
+
servingAgentSignatureValid: srvValid,
|
|
99
|
+
gatewaySignatureValid: gwValid,
|
|
100
|
+
outcomeConsistent: reqValid && srvValid, // both signed same canonical body
|
|
101
|
+
timingValid,
|
|
102
|
+
errors,
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
// ══════════════════════════════════════════════════════════════════
|
|
106
|
+
// 2. Evidence Commitment — bind external attestations by hash
|
|
107
|
+
// ══════════════════════════════════════════════════════════════════
|
|
108
|
+
/**
|
|
109
|
+
* Create an evidence commitment from an external credential.
|
|
110
|
+
* The credential (JWT, JWS, signed JSON) is hashed — not embedded.
|
|
111
|
+
* Verifiers fetch the credential out-of-band and check hash match.
|
|
112
|
+
*/
|
|
113
|
+
export function createEvidenceCommitment(opts) {
|
|
114
|
+
return {
|
|
115
|
+
type: opts.type,
|
|
116
|
+
credentialHash: sha256(opts.credential),
|
|
117
|
+
issuerKid: opts.issuerKid,
|
|
118
|
+
jwks: opts.jwks,
|
|
119
|
+
pass: opts.pass,
|
|
120
|
+
committedAt: new Date().toISOString(),
|
|
121
|
+
};
|
|
122
|
+
}
|
|
123
|
+
/**
|
|
124
|
+
* Verify that a credential matches its commitment.
|
|
125
|
+
*/
|
|
126
|
+
export function verifyEvidenceCommitment(commitment, credential) {
|
|
127
|
+
return sha256(credential) === commitment.credentialHash;
|
|
128
|
+
}
|
|
129
|
+
// ══════════════════════════════════════════════════════════════════
|
|
130
|
+
// 3. Compromise Window — breach time vs detection time
|
|
131
|
+
// ══════════════════════════════════════════════════════════════════
|
|
132
|
+
/**
|
|
133
|
+
* Check whether a proof timestamp falls within a compromise window.
|
|
134
|
+
*
|
|
135
|
+
* Three states:
|
|
136
|
+
* 'safe' — proof predates compromise, likely unaffected
|
|
137
|
+
* 'warn' — compromise window unknown, proof might be affected
|
|
138
|
+
* 'error' — proof is definitely within the compromise window
|
|
139
|
+
*
|
|
140
|
+
* When revocationReason !== 'compromise', all pre-revocation
|
|
141
|
+
* proofs are safe (key rotation, decommission, etc.).
|
|
142
|
+
*/
|
|
143
|
+
export function checkCompromiseWindow(opts) {
|
|
144
|
+
const proof = new Date(opts.proofTimestamp).getTime();
|
|
145
|
+
const revoked = new Date(opts.revokedAt).getTime();
|
|
146
|
+
// Non-compromise revocations: pre-revocation proofs are safe
|
|
147
|
+
if (opts.revocationReason !== 'compromise') {
|
|
148
|
+
if (proof < revoked) {
|
|
149
|
+
return {
|
|
150
|
+
status: 'safe',
|
|
151
|
+
reason: `Proof predates ${opts.revocationReason} revocation`,
|
|
152
|
+
proofTimestamp: opts.proofTimestamp,
|
|
153
|
+
revokedAt: opts.revokedAt,
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
return {
|
|
157
|
+
status: 'error',
|
|
158
|
+
reason: `Proof created after ${opts.revocationReason} revocation`,
|
|
159
|
+
proofTimestamp: opts.proofTimestamp,
|
|
160
|
+
revokedAt: opts.revokedAt,
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
// Compromise revocation: check the window
|
|
164
|
+
if (opts.compromisedSince) {
|
|
165
|
+
const breachStart = new Date(opts.compromisedSince).getTime();
|
|
166
|
+
if (proof < breachStart) {
|
|
167
|
+
return {
|
|
168
|
+
status: 'safe',
|
|
169
|
+
reason: 'Proof predates known compromise start',
|
|
170
|
+
proofTimestamp: opts.proofTimestamp,
|
|
171
|
+
revokedAt: opts.revokedAt,
|
|
172
|
+
compromisedSince: opts.compromisedSince,
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
return {
|
|
176
|
+
status: 'error',
|
|
177
|
+
reason: 'Proof created within known compromise window',
|
|
178
|
+
proofTimestamp: opts.proofTimestamp,
|
|
179
|
+
revokedAt: opts.revokedAt,
|
|
180
|
+
compromisedSince: opts.compromisedSince,
|
|
181
|
+
};
|
|
182
|
+
}
|
|
183
|
+
// Compromise but no compromisedSince: unknown window
|
|
184
|
+
// All proofs from this key are suspect
|
|
185
|
+
return {
|
|
186
|
+
status: 'warn',
|
|
187
|
+
reason: 'Key compromised, breach window unknown — all proofs suspect',
|
|
188
|
+
proofTimestamp: opts.proofTimestamp,
|
|
189
|
+
revokedAt: opts.revokedAt,
|
|
190
|
+
};
|
|
191
|
+
}
|
|
192
|
+
//# sourceMappingURL=bilateral-receipt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bilateral-receipt.js","sourceRoot":"","sources":["../../../src/core/bilateral-receipt.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,+DAA+D;AAC/D,qEAAqE;AACrE,8DAA8D;AAC9D,EAAE;AACF,gEAAgE;AAChE,yDAAyD;AACzD,EAAE;AACF,oEAAoE;AACpE,2DAA2D;AAC3D,EAAE;AACF,qEAAqE;AACrE,gCAAgC;AAChC,qEAAqE;AAErE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAU7C,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACzD,CAAC;AAED,qEAAqE;AACrE,+DAA+D;AAC/D,qEAAqE;AAErE;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAWtC;IACC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAEpC,2DAA2D;IAC3D,MAAM,IAAI,GAAG;QACX,SAAS,EAAE,UAAU,EAAE;QACvB,OAAO,EAAE,KAAc;QACvB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;QACzC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,GAAG;QACb,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;KAC9C,CAAA;IAED,2CAA2C;IAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;IACpC,MAAM,wBAAwB,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,yBAAyB,CAAC,CAAA;IAChF,MAAM,qBAAqB,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAA;IAE1E,2BAA2B;IAC3B,MAAM,gBAAgB,GAAG,IAAI,CAAC,iBAAiB;QAC7C,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC;QACzC,CAAC,CAAC,SAAS,CAAA;IAEb,OAAO;QACL,GAAG,IAAI;QACP,wBAAwB;QACxB,qBAAqB;QACrB,gBAAgB;KACjB,CAAA;AACH,CAAC;AAED,qEAAqE;AACrE,kEAAkE;AAClE,qEAAqE;AACrE,MAAM,UAAU,sBAAsB,CACpC,OAAyB,EACzB,wBAAgC,EAChC,qBAA6B,EAC7B,gBAAyB;IAEzB,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,0CAA0C;IAC1C,MAAM,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IAC9F,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;IAEpC,oCAAoC;IACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,EAAE,wBAAwB,EAAE,wBAAwB,CAAC,CAAA;IACtF,IAAI,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAA;IAEhE,iCAAiC;IACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,CAAC,CAAA;IAChF,IAAI,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAA;IAE7D,wCAAwC;IACxC,IAAI,OAAO,GAAmB,IAAI,CAAA;IAClC,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;QACzC,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,CAAA;QAC/D,IAAI,CAAC,OAAO;YAAE,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAA;IAChE,CAAC;SAAM,IAAI,gBAAgB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjD,OAAO,GAAG,KAAK,CAAA;QACf,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAA;IACrE,CAAC;IAED,gBAAgB;IAChB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAA;IACnD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAA;IACpD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAA;IACnD,MAAM,WAAW,GAAG,IAAI,IAAI,GAAG,IAAI,MAAM,IAAI,GAAG,CAAA;IAChD,IAAI,CAAC,WAAW;QAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAE/C,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,6BAA6B,EAAE,QAAQ;QACvC,0BAA0B,EAAE,QAAQ;QACpC,qBAAqB,EAAE,OAAO;QAC9B,iBAAiB,EAAE,QAAQ,IAAI,QAAQ,EAAE,kCAAkC;QAC3E,WAAW;QACX,MAAM;KACP,CAAA;AACH,CAAC;AAED,qEAAqE;AACrE,8DAA8D;AAC9D,qEAAqE;AAErE;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAMxC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACvC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACtC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,UAA8B,EAC9B,UAAkB;IAElB,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,UAAU,CAAC,cAAc,CAAA;AACzD,CAAC;AAED,qEAAqE;AACrE,uDAAuD;AACvD,qEAAqE;AAErE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAKrC;IACC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAA;IACrD,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;IAElD,6DAA6D;IAC7D,IAAI,IAAI,CAAC,gBAAgB,KAAK,YAAY,EAAE,CAAC;QAC3C,IAAI,KAAK,GAAG,OAAO,EAAE,CAAC;YACpB,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,kBAAkB,IAAI,CAAC,gBAAgB,aAAa;gBAC5D,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAA;QACH,CAAC;QACD,OAAO;YACL,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,uBAAuB,IAAI,CAAC,gBAAgB,aAAa;YACjE,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAA;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,OAAO,EAAE,CAAA;QAC7D,IAAI,KAAK,GAAG,WAAW,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,uCAAuC;gBAC/C,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;aACxC,CAAA;QACH,CAAC;QACD,OAAO;YACL,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,8CAA8C;YACtD,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;SACxC,CAAA;IACH,CAAC;IAED,qDAAqD;IACrD,uCAAuC;IACvC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,6DAA6D;QACrE,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAA;AACH,CAAC"}
|
|
@@ -22,7 +22,24 @@ export interface SubDelegateOptions {
|
|
|
22
22
|
privateKey: string;
|
|
23
23
|
}
|
|
24
24
|
export declare function subDelegate(opts: SubDelegateOptions): Delegation;
|
|
25
|
-
|
|
25
|
+
/**
|
|
26
|
+
* What to do when the revocation check itself fails (endpoint unreachable, registry error).
|
|
27
|
+
* - fail_open: treat as NOT revoked (dangerous for high-risk)
|
|
28
|
+
* - fail_closed: treat as POTENTIALLY revoked (safe default for financial/sensitive)
|
|
29
|
+
* - cache_grace: use cached state within TTL, fail_closed after TTL expires
|
|
30
|
+
*/
|
|
31
|
+
export type RevocationCheckPolicy = 'fail_open' | 'fail_closed' | 'cache_grace';
|
|
32
|
+
export declare function verifyDelegation(delegation: Delegation, opts?: {
|
|
33
|
+
/** How to handle revocation check failures. Default: 'fail_open' (backward compat) */
|
|
34
|
+
revocationCheckPolicy?: RevocationCheckPolicy;
|
|
35
|
+
/** Cached revocation state (for cache_grace mode) */
|
|
36
|
+
cachedRevocationState?: {
|
|
37
|
+
revoked: boolean;
|
|
38
|
+
checkedAt: string;
|
|
39
|
+
};
|
|
40
|
+
/** Cache grace period in ms (for cache_grace mode). Default: 300000 (5 min) */
|
|
41
|
+
cacheGraceMs?: number;
|
|
42
|
+
}): DelegationStatus;
|
|
26
43
|
export declare function revokeDelegation(delegationId: string, revokedBy: string, reason: string, privateKey: string): RevocationRecord;
|
|
27
44
|
export declare function verifyRevocation(revocation: RevocationRecord): boolean;
|
|
28
45
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"delegation.d.ts","sourceRoot":"","sources":["../../../src/core/delegation.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,UAAU,EAAE,aAAa,EAAE,gBAAgB,EAAE,gBAAgB,EAC7D,uBAAuB,EAAE,yBAAyB,EAClD,eAAe,EAChB,MAAM,sBAAsB,CAAA;AAkB7B,wBAAgB,YAAY,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,GAAG,MAAM,IAAI,CAMnF;AAYD,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,mBAAmB,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,cAAc,CAAA;IACvD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,mFAAmF;IACnF,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,uBAAuB,GAAG,UAAU,CAiC1E;AAMD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,kBAAkB,GAAG,UAAU,CAkDhE;AAMD,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,gBAAgB,
|
|
1
|
+
{"version":3,"file":"delegation.d.ts","sourceRoot":"","sources":["../../../src/core/delegation.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,UAAU,EAAE,aAAa,EAAE,gBAAgB,EAAE,gBAAgB,EAC7D,uBAAuB,EAAE,yBAAyB,EAClD,eAAe,EAChB,MAAM,sBAAsB,CAAA;AAkB7B,wBAAgB,YAAY,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,GAAG,MAAM,IAAI,CAMnF;AAYD,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,mBAAmB,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,cAAc,CAAA;IACvD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,mFAAmF;IACnF,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,uBAAuB,GAAG,UAAU,CAiC1E;AAMD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,kBAAkB,GAAG,UAAU,CAkDhE;AAMD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,GAAG,WAAW,GAAG,aAAa,GAAG,aAAa,CAAA;AAM/E,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE;IAC9D,sFAAsF;IACtF,qBAAqB,CAAC,EAAE,qBAAqB,CAAA;IAC7C,qDAAqD;IACrD,qBAAqB,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAA;IAC/D,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GAAG,gBAAgB,CA+DnB;AAMD,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB,gBAAgB,CAgBlB;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,gBAAgB,GAAG,OAAO,CAItE;AAMD;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB,uBAAuB,CA6CzB;AAgBD;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,cAAc,EAAE,MAAM,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB,gBAAgB,EAAE,CAiBpB;AAMD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,aAAa,EAAE,MAAM,EAAE,GAAG,yBAAyB,CAgEhF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAU7D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,YAAY,EAAE,MAAM;;;;cAQjD;AAMD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,UAAU,CAAA;IACtB,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAA;IAC/B,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAA;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,aAAa,CA4CvE;AAED,wBAAgB,aAAa,CAC3B,OAAO,EAAE,aAAa,EACtB,cAAc,EAAE,MAAM,GACrB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAWtC;AAGD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,aAAa,EAAE,CAG7D;AAED,wBAAgB,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAEhF;AAeD;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAStE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,eAAe,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEpF;AAED,wBAAgB,WAAW,IAAI,IAAI,CAKlC"}
|
|
@@ -100,7 +100,8 @@ export function subDelegate(opts) {
|
|
|
100
100
|
// ══════════════════════════════════════
|
|
101
101
|
// DELEGATION VERIFICATION
|
|
102
102
|
// ══════════════════════════════════════
|
|
103
|
-
export function verifyDelegation(delegation) {
|
|
103
|
+
export function verifyDelegation(delegation, opts) {
|
|
104
|
+
const policy = opts?.revocationCheckPolicy ?? 'fail_open';
|
|
104
105
|
const errors = [];
|
|
105
106
|
// Check signature
|
|
106
107
|
const { signature, ...unsigned } = delegation;
|
|
@@ -118,10 +119,37 @@ export function verifyDelegation(delegation) {
|
|
|
118
119
|
: false;
|
|
119
120
|
if (notYetValid)
|
|
120
121
|
errors.push(`Delegation not yet valid (notBefore: ${delegation.notBefore})`);
|
|
121
|
-
// Check revocation
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
122
|
+
// Check revocation (with policy for check failures)
|
|
123
|
+
let revocation;
|
|
124
|
+
let revoked = false;
|
|
125
|
+
let revocationCheckFailed = false;
|
|
126
|
+
try {
|
|
127
|
+
revocation = revocationRegistry.get(delegation.delegationId);
|
|
128
|
+
revoked = !!revocation;
|
|
129
|
+
}
|
|
130
|
+
catch {
|
|
131
|
+
// Revocation check failed — apply policy
|
|
132
|
+
revocationCheckFailed = true;
|
|
133
|
+
if (policy === 'fail_closed') {
|
|
134
|
+
revoked = true;
|
|
135
|
+
errors.push('Revocation check failed — treating as revoked (fail_closed policy)');
|
|
136
|
+
}
|
|
137
|
+
else if (policy === 'cache_grace' && opts?.cachedRevocationState) {
|
|
138
|
+
const cacheAge = Date.now() - new Date(opts.cachedRevocationState.checkedAt).getTime();
|
|
139
|
+
const graceMs = opts?.cacheGraceMs ?? 300000;
|
|
140
|
+
if (cacheAge <= graceMs) {
|
|
141
|
+
revoked = opts.cachedRevocationState.revoked;
|
|
142
|
+
if (revoked)
|
|
143
|
+
errors.push('Revocation check failed — cached state shows revoked');
|
|
144
|
+
}
|
|
145
|
+
else {
|
|
146
|
+
revoked = true;
|
|
147
|
+
errors.push('Revocation check failed — cache expired, treating as revoked');
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
// fail_open: revoked stays false
|
|
151
|
+
}
|
|
152
|
+
if (revoked && !revocationCheckFailed)
|
|
125
153
|
errors.push(`Revoked at ${revocation.revokedAt}: ${revocation.reason}`);
|
|
126
154
|
// Check depth
|
|
127
155
|
const depthExceeded = delegation.currentDepth > delegation.maxDepth;
|