agent-passport-system 2.6.0 → 2.8.0

package/README.md

@@ -2,7 +2,7 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-3615%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-3881%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs.
@@ -13,6 +13,15 @@
 
 Accepts did:key, did:web, SPIFFE SVIDs, OAuth tokens, and native did:aps. Authority can only decrease at each transfer point. The gateway is both judge and executor. Every action produces a signed receipt. Gateway evaluation under 2ms.
 
+The narrowing invariant:
+
+```mermaid
+flowchart LR
+    P["Principal<br/>full authority"] -->|"scope: payments<br/>limit: $500, 30 days"| A["Agent A<br/>payments, $500"]
+    A -->|"scope: refunds only<br/>limit: $100, 7 days"| B["Agent B<br/>refunds, $100"]
+    B -.->|"$200 request:<br/>exceeds chain authority"| X["denied + signed receipt"]
+```
+
 ```bash
 npm install agent-passport-system
 ```
@@ -21,7 +30,7 @@ Also implemented in [Python](https://pypi.org/project/agent-passport-system/) an
 
 ## Quick Start
 
-Lead with the curated essentials. `agent-passport-system/core` exposes the ~25 functions that 90% of integrations need: identity, delegation, enforcement, commerce, reputation, key management. The full `agent-passport-system` root import is unchanged and backward compatible: pull from it when Core does not cover your case.
+Lead with the curated essentials. `agent-passport-system/core` exposes the 24 functions that 90% of integrations need: identity, delegation, enforcement, commerce, reputation, key management. The full `agent-passport-system` root import is unchanged and backward compatible: pull from it when Core does not cover your case.
 
 ```typescript
 import {
@@ -29,7 +38,7 @@ import {
   evaluateIntent, commercePreflight, generateKeyPair
 } from 'agent-passport-system/core'
 
-// Full 936-export API still available. Use when Core does not cover your case.
+// Full 925-export API still available. Use when Core does not cover your case.
 // import { ... } from 'agent-passport-system'
 ```
 
@@ -41,6 +50,16 @@ Every primitive in this README carries one of three labels so you know how much
 - **Production-Extension** -- shipped and tested, optional, additive to the canonical core. Safe in production; the surface may still grow.
 - **Experimental** -- published for review and tested, but the shape may change. Pin a version before depending on it.
 
+Where enforcement sits:
+
+```mermaid
+flowchart LR
+    AG[Agent] -->|signed intent| GW{"Gateway<br/>scope / spend / revocation / values floor"}
+    GW -->|permit| ACT[Action executes]
+    GW -->|deny| STOP[Blocked]
+    GW --> RC[("Signed receipt<br/>every outcome, both verdicts")]
+```
+
 ## Core Protocol
 
 *Status: Canonical.*
@@ -176,7 +195,7 @@ Proposed by [@piiiico](https://github.com/piiiico) on the a2aproject/A2A governa
 
 Pick what you need. `import from 'agent-passport-system'` for the full API.
 
-Coordination (task lifecycle with 9-state machine), EU AI Act compliance (signed evidence packets), framework adapters (CrewAI, LangChain, Google ADK, A2A, MCP), bilateral receipts, execution attestation, DID resolution, data lifecycle (access receipts, derivation tracking, consent revocation).
+Coordination (task lifecycle with 9-state machine), EU AI Act mapping support through signed evidence packets for accountability and audit workflows, framework adapters (CrewAI, LangChain, Google ADK, A2A, MCP), bilateral receipts, execution attestation, DID resolution, data lifecycle (access receipts, derivation tracking, consent revocation).
 
 ## Research Primitives
 
@@ -208,9 +227,9 @@ The composition contract specifies how a verifier MUST cross-check per-request s
 
 ## Numbers
 
-3,792 tests. 8 protocol layers. Framework adapters for CrewAI, LangChain, ADK, A2A, MCP, OpenShell, IBAC, Gonka. Gateway evaluation under 2ms. Zero heavy dependencies. Apache-2.0.
+3,881 tests. 8 protocol layers. Framework adapters for CrewAI, LangChain, ADK, A2A, MCP, OpenShell, IBAC, Gonka. Gateway evaluation under 2ms. Zero heavy dependencies. Apache-2.0.
 
-The test count is one number derived from the suite, not three guesses. The badge above, this section, and the `package.json` description all carry the same `3,615`, which is the `tests` total reported by `npm test`. When the suite grows, re-run `npm test`, read the `tests` line, and update all three to match.
+The test count is one number derived from the suite, not three guesses. The badge above, this section, and the `package.json` description all carry the same `3,881`, which is the `tests` total reported by `npm test`. When the suite grows, re-run `npm test`, read the `tests` line, and update all three to match.
 
 ## Papers
 

package/dist/src/adapters/oauth-id-jag/index.d.ts

@@ -0,0 +1,21 @@
+import type { Delegation } from '../../types/passport.js';
+import type { IdJagClaims, VerifiedIdJagGrant, IdJagVerification, IdJagDescriptor, IdJagBindOptions } from './types.js';
+export * from './types.js';
+/**
+ * Wrap a decoded grant the caller asserts it has verified. The only constructor
+ * for VerifiedIdJagGrant, so an unverified grant cannot reach bindIdJagGrant.
+ */
+export declare function verifiedIdJagGrant(grant: IdJagClaims, verification: IdJagVerification): VerifiedIdJagGrant;
+/**
+ * Bind a caller-verified ID-JAG grant to an APS descriptor. Pure projection: it
+ * signs the caller verification attestation and computes the two anchors, but it
+ * makes no allow or deny decision, checks no signature on the grant, fetches
+ * nothing, and invents no spend unit. The chain is the APS-signed hops the caller
+ * built under the grant; this records them and hashes their content.
+ *
+ * Throws IdJagBindingError 'missing_required_claim' on an absent required claim,
+ * or 'missing_verified_at' when no verifiedAt is supplied (it anchors the signed
+ * attestation).
+ */
+export declare function bindIdJagGrant(verified: VerifiedIdJagGrant, chain: Delegation[], callerPrivateKey: string, options?: IdJagBindOptions): IdJagDescriptor;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/adapters/oauth-id-jag/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/adapters/oauth-id-jag/index.ts"],"names":[],"mappings":"AA6BA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAIzD,OAAO,KAAK,EACV,WAAW,EAA4B,kBAAkB,EAAE,iBAAiB,EAC5E,eAAe,EACf,gBAAgB,EACjB,MAAM,YAAY,CAAA;AAEnB,cAAc,YAAY,CAAA;AAI1B;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,GAAG,kBAAkB,CAE1G;AAoGD;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,kBAAkB,EAC5B,KAAK,EAAE,UAAU,EAAE,EACnB,gBAAgB,EAAE,MAAM,EACxB,OAAO,GAAE,gBAAqB,GAC7B,eAAe,CA0EjB"}

package/dist/src/adapters/oauth-id-jag/index.js

@@ -0,0 +1,224 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// OAuth ID-JAG to APS delegation binding.
+//
+// Bridge and profile only. A caller-verified ID-JAG grant (the OAuth Identity
+// Assertion JWT Authorization Grant) is imported as external authority, and APS
+// adds the layer the draft leaves to profiles in section 9.7: scoped agent
+// delegation, monotonic narrowing, evidence quality, and signed receipts for
+// actions taken under it. APS maps onto ID-JAG at the edge; it does not become
+// ID-JAG. This is a binding, not a dependency. Neither side requires the other.
+//
+// Pinned to draft-ietf-oauth-identity-assertion-authz-grant-04 (2026-05-21).
+// Stable APS semantics; draft-pinned external protocol semantics.
+//
+// Proof box
+// Specified and tested: a caller-verified grant projects to an APS descriptor
+//   with two separate anchors (delegationChainRoot over chain content,
+//   sourceGrantRef over grant provenance), a caller-signed verification
+//   attestation, an externally anchored keyless root, scope projected with raw
+//   authorization_details preserved, and no invented spend unit.
+// Does NOT do: verify the ID-JAG signature, fetch JWKS, hold OAuth trust config,
+//   check revocation, decide allow or deny, aggregate, or mint authority. The
+//   input is a caller-verified grant; verification and enforcement stay with the
+//   relying party. Soundness here is by accountability (a keyed caller on the
+//   hook), not by construction.
+import { canonicalHashJCS } from '../../core/canonical-jcs.js';
+import { computeDelegationChainRoot } from '../../decisionReceipt.js';
+import { createDelegationRef } from '../../core/reanchor.js';
+import { sign, publicKeyFromPrivate } from '../../crypto/keys.js';
+import { IDJAG_DRAFT, SOURCE_GRANT_REF_TAG, IdJagBindingError, } from './types.js';
+export * from './types.js';
+const REQUIRED_CLAIMS = ['iss', 'sub', 'aud', 'client_id', 'jti', 'exp', 'iat'];
+/**
+ * Wrap a decoded grant the caller asserts it has verified. The only constructor
+ * for VerifiedIdJagGrant, so an unverified grant cannot reach bindIdJagGrant.
+ */
+export function verifiedIdJagGrant(grant, verification) {
+    return { grant, verification };
+}
+function numericDateToIso(seconds) {
+    return new Date(seconds * 1000).toISOString();
+}
+/** Project the scope claim to APS scope tokens. Baseline only; RAR never widens it. */
+function mapScopeBaseline(claims) {
+    const out = [];
+    if (typeof claims.scope === 'string') {
+        for (const tok of claims.scope.split(/\s+/)) {
+            if (tok.length > 0)
+                out.push(tok);
+        }
+    }
+    return out;
+}
+/**
+ * Project RAR against the scope baseline. RAR that would widen scope is flagged
+ * and not applied. A recognized amount with a currency refines spend; an amount
+ * without a currency is never stamped with a unit; anything else is carried raw
+ * and immutable. The raw objects are always preserved by the caller separately.
+ */
+function projectRar(details, scopeBaseline) {
+    const diagnostics = [];
+    let spendLimit;
+    let spendLimitUnit;
+    for (const detail of details) {
+        const type = typeof detail.type === 'string' ? detail.type : '';
+        if (!scopeBaseline.includes(type)) {
+            diagnostics.push({ code: 'RAR_SCOPE_CONFLICT_NOT_APPLIED', detail: `RAR type "${type}" is not in the projected scope; not applied (would widen).` });
+            continue;
+        }
+        const amount = detail.amount;
+        if (typeof amount === 'number' && Number.isFinite(amount) && amount >= 0) {
+            const currency = detail.currency;
+            if (typeof currency === 'string' && currency.length > 0) {
+                if (spendLimit === undefined) {
+                    spendLimit = amount;
+                    spendLimitUnit = 'currency';
+                }
+            }
+            else {
+                diagnostics.push({ code: 'UNITLESS_AMOUNT_NOT_STAMPED', detail: `RAR type "${type}" carries amount ${amount} with no currency; carried raw, no spend unit synthesized.` });
+            }
+        }
+        else {
+            diagnostics.push({ code: 'OPAQUE_RAR_CARRIED_IMMUTABLE', detail: `RAR type "${type}" has no recognized refinement; carried raw and immutable through the chain.` });
+        }
+    }
+    const result = { diagnostics };
+    if (spendLimit !== undefined) {
+        result.spendLimit = spendLimit;
+        result.spendLimitUnit = spendLimitUnit;
+    }
+    return result;
+}
+function buildOpaqueContext(claims, minimize) {
+    const ctx = {};
+    if (claims.tenant !== undefined)
+        ctx.tenant = claims.tenant;
+    if (claims.aud_tenant !== undefined)
+        ctx.aud_tenant = claims.aud_tenant;
+    if (claims.acr !== undefined)
+        ctx.acr = claims.acr;
+    if (claims.amr !== undefined)
+        ctx.amr = claims.amr;
+    if (claims.auth_time !== undefined)
+        ctx.auth_time = claims.auth_time;
+    if (!minimize) {
+        if (claims.aud_sub !== undefined)
+            ctx.aud_sub = claims.aud_sub;
+        if (claims.email !== undefined)
+            ctx.email = claims.email;
+        if (claims.sub_id !== undefined)
+            ctx.sub_id = claims.sub_id;
+    }
+    return ctx;
+}
+/** Literal-only reconciliation of the act claim against the APS chain leaf. Advisory; never authoritative; never claims cross-domain semantic conflict. */
+function reconcileAct(act, chain) {
+    if (!act)
+        return { status: 'absent', advisoryAct: null };
+    const actActor = typeof act.sub === 'string' ? act.sub : undefined;
+    const chainActor = chain.length > 0 ? chain[chain.length - 1].delegatedTo : undefined;
+    if (actActor === undefined || chainActor === undefined)
+        return { status: 'not_comparable', advisoryAct: act };
+    if (actActor === chainActor)
+        return { status: 'same_literal_identifier', advisoryAct: act };
+    return { status: 'different_literal_identifier_not_enforced', advisoryAct: act };
+}
+/** Compute the source-grant-ref preimage. Provenance and binding target ONLY: resource is included only when present so absent and present do not hash ambiguously. */
+function sourceGrantRefPreimage(claims) {
+    const pre = {
+        tag: SOURCE_GRANT_REF_TAG,
+        draft: IDJAG_DRAFT,
+        iss: claims.iss,
+        sub: claims.sub,
+        jti: claims.jti,
+        client_id: claims.client_id,
+        aud: claims.aud,
+        exp: claims.exp,
+    };
+    if (claims.resource !== undefined)
+        pre.resource = claims.resource;
+    return pre;
+}
+/**
+ * Bind a caller-verified ID-JAG grant to an APS descriptor. Pure projection: it
+ * signs the caller verification attestation and computes the two anchors, but it
+ * makes no allow or deny decision, checks no signature on the grant, fetches
+ * nothing, and invents no spend unit. The chain is the APS-signed hops the caller
+ * built under the grant; this records them and hashes their content.
+ *
+ * Throws IdJagBindingError 'missing_required_claim' on an absent required claim,
+ * or 'missing_verified_at' when no verifiedAt is supplied (it anchors the signed
+ * attestation).
+ */
+export function bindIdJagGrant(verified, chain, callerPrivateKey, options = {}) {
+    const claims = verified.grant;
+    const verification = verified.verification;
+    for (const key of REQUIRED_CLAIMS) {
+        const value = claims[key];
+        if (value === undefined || value === null || value === '') {
+            throw new IdJagBindingError('missing_required_claim', `ID-JAG grant is missing required claim: ${String(key)}`);
+        }
+    }
+    const verifiedAt = verification.verifiedAt;
+    if (typeof verifiedAt !== 'string' || verifiedAt.length === 0) {
+        throw new IdJagBindingError('missing_verified_at', 'caller verification must include verifiedAt to anchor the signed attestation');
+    }
+    const preimage = sourceGrantRefPreimage(claims);
+    const sourceGrantRef = canonicalHashJCS(preimage);
+    const message = `verified grant ${sourceGrantRef} at ${verifiedAt}`;
+    const signature = sign(message, callerPrivateKey);
+    const signerPublicKey = publicKeyFromPrivate(callerPrivateKey);
+    const scope = mapScopeBaseline(claims);
+    const rawAuthorizationDetails = claims.authorization_details ?? [];
+    const rar = projectRar(rawAuthorizationDetails, scope);
+    const resource = claims.resource;
+    const iatIso = numericDateToIso(claims.iat);
+    const descriptor = {
+        draft: IDJAG_DRAFT,
+        sourceGrantRef,
+        sourceGrantRefPreimage: preimage,
+        delegationChainRoot: computeDelegationChainRoot(chain),
+        chain,
+        rootRef: createDelegationRef({ did: claims.sub }),
+        externalRoot: { type: 'external_identity_assertion', protocol: 'id-jag', verifiedBy: 'caller' },
+        delegatedTo: claims.client_id,
+        scope,
+        rawAuthorizationDetails,
+        projectionLossy: true,
+        diagnostics: rar.diagnostics,
+        createdAt: iatIso,
+        expiresAt: numericDateToIso(claims.exp),
+        carriedAudience: {
+            enforcement: 'not_enforced_by_binding',
+            recipients: [claims.aud, ...(resource ? [resource] : [])],
+        },
+        externalState: { revocation: 'not_checked_by_binding' },
+        actReconciliation: reconcileAct(claims.act, chain),
+        callerVerification: {
+            signal: {
+                key: 'id_jag.grant_verified_by_caller',
+                valueHash: sourceGrantRef,
+                provenance: 'self_declared',
+                verificationStatus: 'declared',
+                stability: 'account',
+                attester: signerPublicKey,
+                observedAt: verifiedAt,
+                evidenceRef: signature,
+            },
+            message,
+            signature,
+            signerPublicKey,
+            verifiedAt,
+            ...(verification.kid ? { kid: verification.kid } : {}),
+        },
+        opaqueContext: buildOpaqueContext(claims, options.minimizeSensitive === true),
+        notCarried: { cnf: 'not_carried', dpop: 'not_carried' },
+    };
+    if (rar.spendLimit !== undefined) {
+        descriptor.spendLimit = rar.spendLimit;
+        descriptor.spendLimitUnit = rar.spendLimitUnit;
+    }
+    return descriptor;
+}
+//# sourceMappingURL=index.js.map

package/dist/src/adapters/oauth-id-jag/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/adapters/oauth-id-jag/index.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,0CAA0C;AAC1C,EAAE;AACF,8EAA8E;AAC9E,gFAAgF;AAChF,2EAA2E;AAC3E,6EAA6E;AAC7E,+EAA+E;AAC/E,gFAAgF;AAChF,EAAE;AACF,6EAA6E;AAC7E,kEAAkE;AAClE,EAAE;AACF,YAAY;AACZ,8EAA8E;AAC9E,uEAAuE;AACvE,wEAAwE;AACxE,+EAA+E;AAC/E,iEAAiE;AACjE,iFAAiF;AACjF,8EAA8E;AAC9E,iFAAiF;AACjF,8EAA8E;AAC9E,gCAAgC;AAEhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAA;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAA;AAC5D,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAEjE,OAAO,EACL,WAAW,EAAE,oBAAoB,EAAE,iBAAiB,GACrD,MAAM,YAAY,CAAA;AAOnB,cAAc,YAAY,CAAA;AAE1B,MAAM,eAAe,GAA0B,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;AAEtG;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAkB,EAAE,YAA+B;IACpF,OAAO,EAAE,KAAK,EAAE,YAAY,EAAmC,CAAA;AACjE,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,IAAI,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAA;AAC/C,CAAC;AAED,uFAAuF;AACvF,SAAS,gBAAgB,CAAC,MAAmB;IAC3C,MAAM,GAAG,GAAa,EAAE,CAAA;IACxB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;GAKG;AACH,SAAS,UAAU,CACjB,OAAmC,EACnC,aAAuB;IAEvB,MAAM,WAAW,GAAsB,EAAE,CAAA;IACzC,IAAI,UAA8B,CAAA;IAClC,IAAI,cAAsD,CAAA;IAC1D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC/D,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gCAAgC,EAAE,MAAM,EAAE,aAAa,IAAI,6DAA6D,EAAE,CAAC,CAAA;YACpJ,SAAQ;QACV,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;QAC5B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;YAChC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,UAAU,GAAG,MAAM,CAAA;oBACnB,cAAc,GAAG,UAAU,CAAA;gBAC7B,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,6BAA6B,EAAE,MAAM,EAAE,aAAa,IAAI,oBAAoB,MAAM,4DAA4D,EAAE,CAAC,CAAA;YAC5K,CAAC;QACH,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,8BAA8B,EAAE,MAAM,EAAE,aAAa,IAAI,8EAA8E,EAAE,CAAC,CAAA;QACrK,CAAC;IACH,CAAC;IACD,MAAM,MAAM,GAAyG,EAAE,WAAW,EAAE,CAAA;IACpI,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,UAAU,GAAG,UAAU,CAAA;QAC9B,MAAM,CAAC,cAAc,GAAG,cAAc,CAAA;IACxC,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAmB,EAAE,QAAiB;IAChE,MAAM,GAAG,GAAuB,EAAE,CAAA;IAClC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;QAAE,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC3D,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS;QAAE,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAA;IACvE,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS;QAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;IAClD,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS;QAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;IAClD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS;QAAE,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAA;IACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS;YAAE,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAA;QAC9D,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;YAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;QACxD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;YAAE,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC7D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,2JAA2J;AAC3J,SAAS,YAAY,CAAC,GAAwC,EAAE,KAAmB;IACjF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;IACxD,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAA;IACrF,IAAI,QAAQ,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,WAAW,EAAE,GAAG,EAAE,CAAA;IAC7G,IAAI,QAAQ,KAAK,UAAU;QAAE,OAAO,EAAE,MAAM,EAAE,yBAAyB,EAAE,WAAW,EAAE,GAAG,EAAE,CAAA;IAC3F,OAAO,EAAE,MAAM,EAAE,2CAA2C,EAAE,WAAW,EAAE,GAAG,EAAE,CAAA;AAClF,CAAC;AAED,uKAAuK;AACvK,SAAS,sBAAsB,CAAC,MAAmB;IACjD,MAAM,GAAG,GAA2B;QAClC,GAAG,EAAE,oBAAoB;QACzB,KAAK,EAAE,WAAW;QAClB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;KAChB,CAAA;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS;QAAE,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;IACjE,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAC5B,QAA4B,EAC5B,KAAmB,EACnB,gBAAwB,EACxB,UAA4B,EAAE;IAE9B,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAA;IAC7B,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAA;IAE1C,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QACzB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;YAC1D,MAAM,IAAI,iBAAiB,CAAC,wBAAwB,EAAE,2CAA2C,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACjH,CAAC;IACH,CAAC;IACD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAA;IAC1C,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,iBAAiB,CAAC,qBAAqB,EAAE,8EAA8E,CAAC,CAAA;IACpI,CAAC;IAED,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAA;IAC/C,MAAM,cAAc,GAAG,gBAAgB,CAAC,QAA8C,CAAC,CAAA;IAEvF,MAAM,OAAO,GAAG,kBAAkB,cAAc,OAAO,UAAU,EAAE,CAAA;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;IACjD,MAAM,eAAe,GAAG,oBAAoB,CAAC,gBAAgB,CAAC,CAAA;IAE9D,MAAM,KAAK,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAA;IACtC,MAAM,uBAAuB,GAAG,MAAM,CAAC,qBAAqB,IAAI,EAAE,CAAA;IAClE,MAAM,GAAG,GAAG,UAAU,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAA;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;IAChC,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAE3C,MAAM,UAAU,GAAoB;QAClC,KAAK,EAAE,WAAW;QAClB,cAAc;QACd,sBAAsB,EAAE,QAAQ;QAChC,mBAAmB,EAAE,0BAA0B,CAAC,KAAK,CAAC;QACtD,KAAK;QACL,OAAO,EAAE,mBAAmB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QACjD,YAAY,EAAE,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE;QAC/F,WAAW,EAAE,MAAM,CAAC,SAAS;QAC7B,KAAK;QACL,uBAAuB;QACvB,eAAe,EAAE,IAAI;QACrB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,SAAS,EAAE,MAAM;QACjB,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC;QACvC,eAAe,EAAE;YACf,WAAW,EAAE,yBAAyB;YACtC,UAAU,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SAC1D;QACD,aAAa,EAAE,EAAE,UAAU,EAAE,wBAAwB,EAAE;QACvD,iBAAiB,EAAE,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC;QAClD,kBAAkB,EAAE;YAClB,MAAM,EAAE;gBACN,GAAG,EAAE,iCAAiC;gBACtC,SAAS,EAAE,cAAc;gBACzB,UAAU,EAAE,eAAe;gBAC3B,kBAAkB,EAAE,UAAU;gBAC9B,SAAS,EAAE,SAAS;gBACpB,QAAQ,EAAE,eAAe;gBACzB,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,SAAS;aACvB;YACD,OAAO;YACP,SAAS;YACT,eAAe;YACf,UAAU;YACV,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD;QACD,aAAa,EAAE,kBAAkB,CAAC,MAAM,EAAE,OAAO,CAAC,iBAAiB,KAAK,IAAI,CAAC;QAC7E,UAAU,EAAE,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE;KACxD,CAAA;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAA;QACtC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,cAAc,CAAA;IAChD,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC"}

package/dist/src/adapters/oauth-id-jag/types.d.ts

@@ -0,0 +1,228 @@
+import type { Delegation } from '../../types/passport.js';
+import type { DelegationRef } from '../../core/reanchor.js';
+import type { AttestedSignal } from '../../types/attestation.js';
+/** The pinned ID-JAG draft identifier. A version bump is a separate, deliberate change. */
+export declare const IDJAG_DRAFT = "draft-ietf-oauth-identity-assertion-authz-grant-04";
+/** Domain-separation tag for the source-grant-ref commitment preimage. */
+export declare const SOURCE_GRANT_REF_TAG = "aps.id_jag.source_grant_ref.v1";
+/**
+ * The decoded ID-JAG claims (draft-04 field names). This is the decoded grant,
+ * NOT proof that it was verified. The public path takes VerifiedIdJagGrant.
+ */
+export interface IdJagClaims {
+    /** IdP Authorization Server issuer identifier. */
+    iss: string;
+    /** Subject identifier (the authenticated End-User). */
+    sub: string;
+    /** Resource Authorization Server identifier. */
+    aud: string;
+    /** OAuth 2.0 client at the Resource Authorization Server. */
+    client_id: string;
+    /** Unique JWT identifier. */
+    jti: string;
+    /** Expiration time (JWT NumericDate, seconds since epoch). */
+    exp: number;
+    /** Issued-at time (JWT NumericDate, seconds since epoch). */
+    iat: number;
+    /** Subject identifier in an alternate namespace (optional). */
+    sub_id?: string;
+    /** Resource Server identifier (optional). */
+    resource?: string;
+    /** Space-separated scopes (optional). */
+    scope?: string;
+    /** RAR authorization objects (optional). */
+    authorization_details?: IdJagAuthorizationDetail[];
+    /** Actor claim (optional). Advisory only. */
+    act?: Record<string, unknown>;
+    /** Multi-tenant issuer tenant identifier (optional). Opaque context. */
+    tenant?: string;
+    /** End-User authentication time (optional). Opaque context. */
+    auth_time?: number;
+    /** Authentication Context Class Reference (optional). Opaque context. */
+    acr?: string;
+    /** Authentication methods (optional). Opaque context. */
+    amr?: string[];
+    /** Resource AS tenant identifier (optional). Opaque context. */
+    aud_tenant?: string;
+    /** Resource AS identifier for the End-User (optional). Opaque context, minimizable. */
+    aud_sub?: string;
+    /** End-User email (optional). Opaque context, minimizable. */
+    email?: string;
+}
+/** A Rich Authorization Request object. RAR is open; only recognized fields are read. */
+export interface IdJagAuthorizationDetail {
+    type: string;
+    [key: string]: unknown;
+}
+/** The caller's statement that it verified the grant. The grant signature itself is the caller's responsibility, never this module's. */
+export interface IdJagVerification {
+    /** Fixed: the caller asserts it verified the grant. */
+    status: 'caller_verified';
+    /** ISO 8601 time the caller performed verification. Required to form the signed attestation. */
+    verifiedAt?: string;
+    /** Optional identifier of the verifier (DID or URI). */
+    verifier?: string;
+    /** Optional kid the caller used to verify the grant. Recorded, never folded into a commitment as proof. */
+    kid?: string;
+}
+declare const VERIFIED_BRAND: unique symbol;
+/**
+ * A grant the caller asserts it has verified, wrapped so an unverified grant is
+ * unrepresentable on the public path. Construct only via verifiedIdJagGrant().
+ */
+export interface VerifiedIdJagGrant {
+    readonly [VERIFIED_BRAND]: true;
+    readonly grant: IdJagClaims;
+    readonly verification: IdJagVerification;
+}
+/** The committed preimage for sourceGrantRef. Provenance and binding target ONLY. Never scope, spend, chain, or receipt content. */
+export interface SourceGrantRefPreimage {
+    tag: typeof SOURCE_GRANT_REF_TAG;
+    draft: string;
+    iss: string;
+    sub: string;
+    jti: string;
+    client_id: string;
+    aud: string;
+    resource?: string;
+    exp: number;
+}
+/** Marks the chain root as imported external trust, not an APS-native root. APS verification begins at the first APS-signed hop. */
+export interface IdJagExternalRoot {
+    type: 'external_identity_assertion';
+    protocol: 'id-jag';
+    verifiedBy: 'caller';
+}
+/** aud plus resource, carried but NOT enforced by the binding. The relying party MUST reject a mismatch. */
+export interface IdJagCarriedAudience {
+    enforcement: 'not_enforced_by_binding';
+    recipients: string[];
+}
+/** Literal-only reconciliation of the ID-JAG act claim against the APS chain leaf. Advisory, never authoritative. */
+export interface IdJagActReconciliation {
+    status: 'absent' | 'same_literal_identifier' | 'different_literal_identifier_not_enforced' | 'not_comparable';
+    advisoryAct: Record<string, unknown> | null;
+}
+/** The caller-signed verification attestation. Sound by accountability (a keyed party on the hook), not by construction. */
+export interface IdJagCallerVerification {
+    /** Existing-vocabulary signal record. provenance self_declared, verificationStatus declared (APS did not re-verify the grant). */
+    signal: AttestedSignal;
+    /** The exact signed message: "verified grant <sourceGrantRef> at <verifiedAt>". */
+    message: string;
+    /** The caller's signature over message, checkable under signerPublicKey. */
+    signature: string;
+    /** The caller's APS public key (the party on the hook). */
+    signerPublicKey: string;
+    /** ISO 8601 time the caller verified the grant. */
+    verifiedAt: string;
+    /** Optional kid the caller used. Recorded only. */
+    kid?: string;
+}
+/** A non-fatal observation made during projection (for example a unitless RAR amount that was not stamped). */
+export interface IdJagDiagnostic {
+    code: 'UNITLESS_AMOUNT_NOT_STAMPED' | 'RAR_SCOPE_CONFLICT_NOT_APPLIED' | 'OPAQUE_RAR_CARRIED_IMMUTABLE';
+    detail: string;
+}
+/** Claims carried by reference with no APS narrowing meaning. */
+export interface IdJagOpaqueContext {
+    tenant?: string;
+    aud_tenant?: string;
+    acr?: string;
+    amr?: string[];
+    auth_time?: number;
+    aud_sub?: string;
+    email?: string;
+    sub_id?: string;
+}
+/** Options for binding. Privacy minimization defaults OFF (public SDK; the draft asks to minimize sub_id). */
+export interface IdJagBindOptions {
+    /** When true, email, sub_id, and aud_sub are omitted from carried context. Default false. */
+    minimizeSensitive?: boolean;
+}
+/**
+ * The binding descriptor. A pure projection of a verified ID-JAG grant onto the
+ * APS envelope, plus the APS-signed chain built under it. Two anchors are kept
+ * separate and never merged: delegationChainRoot is canonical chain content;
+ * sourceGrantRef is grant provenance.
+ */
+export interface IdJagDescriptor {
+    /** Pinned ID-JAG draft identifier. */
+    draft: string;
+    /** Grant provenance hash over the committed preimage. NOT chain content. */
+    sourceGrantRef: string;
+    /** The committed preimage, so a verifier can recompute sourceGrantRef. */
+    sourceGrantRefPreimage: SourceGrantRefPreimage;
+    /** Canonical chain content hash over the APS-signed hops. NOT grant identity. */
+    delegationChainRoot: string;
+    /** The APS-signed delegation hops built under the imported grant. */
+    chain: Delegation[];
+    /** Root authority by reference (the End-User sub). Keyless. */
+    rootRef: DelegationRef;
+    /** Label marking the root as imported external trust. */
+    externalRoot: IdJagExternalRoot;
+    /** First delegate: the requesting client at the Resource AS (a reference). */
+    delegatedTo: string;
+    /** Projected APS scope baseline (from the scope claim). Lossy; see rawAuthorizationDetails. */
+    scope: string[];
+    /** The raw RAR objects, always preserved verbatim. */
+    rawAuthorizationDetails: IdJagAuthorizationDetail[];
+    /** True: the scope projection is lossy relative to authorization_details. */
+    projectionLossy: boolean;
+    /** Non-fatal projection observations. */
+    diagnostics: IdJagDiagnostic[];
+    /** Spend cap, set ONLY when a recognized RAR amount carries a currency. Never invented. */
+    spendLimit?: number;
+    /** Spend unit, set ONLY alongside a recognized spendLimit. Never invented, never 'unspecified'. */
+    spendLimitUnit?: 'currency' | 'invocations';
+    /** createdAt (ISO 8601) from iat. No notBefore: draft-04 has no nbf claim. */
+    createdAt: string;
+    /** expiresAt (ISO 8601) from exp. */
+    expiresAt: string;
+    /** aud plus resource, carried, not enforced by the binding. */
+    carriedAudience: IdJagCarriedAudience;
+    /** External state the binding does not check. */
+    externalState: {
+        revocation: 'not_checked_by_binding';
+    };
+    /** Literal-only act reconciliation. Advisory. */
+    actReconciliation: IdJagActReconciliation;
+    /** The caller-signed verification attestation. */
+    callerVerification: IdJagCallerVerification;
+    /** Claims carried by reference with no APS narrowing meaning. */
+    opaqueContext: IdJagOpaqueContext;
+    /** Honestly marks confirmation/sender-constraint material that is not carried. */
+    notCarried: {
+        cnf: 'not_carried';
+        dpop: 'not_carried';
+    };
+}
+/** The result of the soundness verifier. */
+export interface IdJagVerifyResult {
+    /** Structural soundness: anchors recompute, attestation signature checks, no invented unit, draft pinned. */
+    ok: boolean;
+    /**
+     * Never a bare safe-for-execution boolean. When ok and external constraints
+     * (audience, revocation) are carried but unchecked, this reports
+     * structurally_valid_with_unchecked_external_constraints.
+     */
+    status: 'structurally_valid_with_unchecked_external_constraints' | 'unsound';
+    /** Per-check booleans. */
+    checks: {
+        draftPinned: boolean;
+        sourceGrantRefRecomputes: boolean;
+        sourceGrantRefPreimageScopeClean: boolean;
+        delegationChainRootRecomputes: boolean;
+        attestationSignatureValid: boolean;
+        audienceMarkedUnenforced: boolean;
+        noSilentSpendUnit: boolean;
+    };
+    /** Human-readable failures (empty when ok). */
+    failures: string[];
+}
+/** Error raised when a verified ID-JAG grant cannot be bound (missing required claim, missing verifiedAt). */
+export declare class IdJagBindingError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+export {};
+//# sourceMappingURL=types.d.ts.map

package/dist/src/adapters/oauth-id-jag/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/adapters/oauth-id-jag/types.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACzD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAA;AAEhE,2FAA2F;AAC3F,eAAO,MAAM,WAAW,uDAAuD,CAAA;AAE/E,0EAA0E;AAC1E,eAAO,MAAM,oBAAoB,mCAAmC,CAAA;AAEpE;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,kDAAkD;IAClD,GAAG,EAAE,MAAM,CAAA;IACX,uDAAuD;IACvD,GAAG,EAAE,MAAM,CAAA;IACX,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAA;IACX,6DAA6D;IAC7D,SAAS,EAAE,MAAM,CAAA;IACjB,6BAA6B;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAA;IACX,6DAA6D;IAC7D,GAAG,EAAE,MAAM,CAAA;IACX,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,4CAA4C;IAC5C,qBAAqB,CAAC,EAAE,wBAAwB,EAAE,CAAA;IAClD,6CAA6C;IAC7C,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC7B,wEAAwE;IACxE,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,yEAAyE;IACzE,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,yDAAyD;IACzD,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;IACd,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,uFAAuF;IACvF,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,yFAAyF;AACzF,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,yIAAyI;AACzI,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,MAAM,EAAE,iBAAiB,CAAA;IACzB,gGAAgG;IAChG,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,2GAA2G;IAC3G,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,OAAO,CAAC,MAAM,cAAc,EAAE,OAAO,MAAM,CAAA;AAE3C;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,CAAC,cAAc,CAAC,EAAE,IAAI,CAAA;IAC/B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAA;IAC3B,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAA;CACzC;AAED,oIAAoI;AACpI,MAAM,WAAW,sBAAsB;IACrC,GAAG,EAAE,OAAO,oBAAoB,CAAA;IAChC,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,oIAAoI;AACpI,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,6BAA6B,CAAA;IACnC,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,QAAQ,CAAA;CACrB;AAED,4GAA4G;AAC5G,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,yBAAyB,CAAA;IACtC,UAAU,EAAE,MAAM,EAAE,CAAA;CACrB;AAED,qHAAqH;AACrH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EACF,QAAQ,GACR,yBAAyB,GACzB,2CAA2C,GAC3C,gBAAgB,CAAA;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;CAC5C;AAED,4HAA4H;AAC5H,MAAM,WAAW,uBAAuB;IACtC,kIAAkI;IAClI,MAAM,EAAE,cAAc,CAAA;IACtB,mFAAmF;IACnF,OAAO,EAAE,MAAM,CAAA;IACf,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAA;IACjB,2DAA2D;IAC3D,eAAe,EAAE,MAAM,CAAA;IACvB,mDAAmD;IACnD,UAAU,EAAE,MAAM,CAAA;IAClB,mDAAmD;IACnD,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,+GAA+G;AAC/G,MAAM,WAAW,eAAe;IAC9B,IAAI,EACA,6BAA6B,GAC7B,gCAAgC,GAChC,8BAA8B,CAAA;IAClC,MAAM,EAAE,MAAM,CAAA;CACf;AAED,iEAAiE;AACjE,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,8GAA8G;AAC9G,MAAM,WAAW,gBAAgB;IAC/B,6FAA6F;IAC7F,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAA;IACb,4EAA4E;IAC5E,cAAc,EAAE,MAAM,CAAA;IACtB,0EAA0E;IAC1E,sBAAsB,EAAE,sBAAsB,CAAA;IAC9C,iFAAiF;IACjF,mBAAmB,EAAE,MAAM,CAAA;IAC3B,qEAAqE;IACrE,KAAK,EAAE,UAAU,EAAE,CAAA;IACnB,+DAA+D;IAC/D,OAAO,EAAE,aAAa,CAAA;IACtB,yDAAyD;IACzD,YAAY,EAAE,iBAAiB,CAAA;IAC/B,8EAA8E;IAC9E,WAAW,EAAE,MAAM,CAAA;IACnB,+FAA+F;IAC/F,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,sDAAsD;IACtD,uBAAuB,EAAE,wBAAwB,EAAE,CAAA;IACnD,6EAA6E;IAC7E,eAAe,EAAE,OAAO,CAAA;IACxB,yCAAyC;IACzC,WAAW,EAAE,eAAe,EAAE,CAAA;IAC9B,2FAA2F;IAC3F,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mGAAmG;IACnG,cAAc,CAAC,EAAE,UAAU,GAAG,aAAa,CAAA;IAC3C,8EAA8E;IAC9E,SAAS,EAAE,MAAM,CAAA;IACjB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,+DAA+D;IAC/D,eAAe,EAAE,oBAAoB,CAAA;IACrC,iDAAiD;IACjD,aAAa,EAAE;QAAE,UAAU,EAAE,wBAAwB,CAAA;KAAE,CAAA;IACvD,iDAAiD;IACjD,iBAAiB,EAAE,sBAAsB,CAAA;IACzC,kDAAkD;IAClD,kBAAkB,EAAE,uBAAuB,CAAA;IAC3C,iEAAiE;IACjE,aAAa,EAAE,kBAAkB,CAAA;IACjC,kFAAkF;IAClF,UAAU,EAAE;QAAE,GAAG,EAAE,aAAa,CAAC;QAAC,IAAI,EAAE,aAAa,CAAA;KAAE,CAAA;CACxD;AAED,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IAChC,6GAA6G;IAC7G,EAAE,EAAE,OAAO,CAAA;IACX;;;;OAIG;IACH,MAAM,EACF,wDAAwD,GACxD,SAAS,CAAA;IACb,0BAA0B;IAC1B,MAAM,EAAE;QACN,WAAW,EAAE,OAAO,CAAA;QACpB,wBAAwB,EAAE,OAAO,CAAA;QACjC,gCAAgC,EAAE,OAAO,CAAA;QACzC,6BAA6B,EAAE,OAAO,CAAA;QACtC,yBAAyB,EAAE,OAAO,CAAA;QAClC,wBAAwB,EAAE,OAAO,CAAA;QACjC,iBAAiB,EAAE,OAAO,CAAA;KAC3B,CAAA;IACD,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,8GAA8G;AAC9G,qBAAa,iBAAkB,SAAQ,KAAK;aACd,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1D"}

package/dist/src/adapters/oauth-id-jag/types.js

@@ -0,0 +1,18 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// Types for the OAuth ID-JAG to APS delegation binding.
+// Pinned to draft-ietf-oauth-identity-assertion-authz-grant-04 (2026-05-21).
+// Stable APS semantics; draft-pinned external protocol semantics.
+/** The pinned ID-JAG draft identifier. A version bump is a separate, deliberate change. */
+export const IDJAG_DRAFT = 'draft-ietf-oauth-identity-assertion-authz-grant-04';
+/** Domain-separation tag for the source-grant-ref commitment preimage. */
+export const SOURCE_GRANT_REF_TAG = 'aps.id_jag.source_grant_ref.v1';
+/** Error raised when a verified ID-JAG grant cannot be bound (missing required claim, missing verifiedAt). */
+export class IdJagBindingError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = 'IdJagBindingError';
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/src/adapters/oauth-id-jag/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/adapters/oauth-id-jag/types.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,wDAAwD;AACxD,6EAA6E;AAC7E,kEAAkE;AAMlE,2FAA2F;AAC3F,MAAM,CAAC,MAAM,WAAW,GAAG,oDAAoD,CAAA;AAE/E,0EAA0E;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAG,gCAAgC,CAAA;AA2OpE,8GAA8G;AAC9G,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACd;IAA5B,YAA4B,IAAY,EAAE,OAAe;QACvD,KAAK,CAAC,OAAO,CAAC,CAAA;QADY,SAAI,GAAJ,IAAI,CAAQ;QAEtC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAA;IACjC,CAAC;CACF"}

package/dist/src/adapters/oauth-id-jag/verify.d.ts

@@ -0,0 +1,12 @@
+import type { IdJagDescriptor, IdJagVerifyResult } from './types.js';
+/**
+ * Verify an ID-JAG binding descriptor for structural soundness. Recomputes
+ * delegationChainRoot over chain content and sourceGrantRef over its committed
+ * preimage, confirms the preimage carries only provenance and binding-target
+ * fields, confirms the caller attestation signature verifies under the caller
+ * key, confirms audience is marked unenforced, and confirms no spend unit was
+ * silently synthesized. Returns a status that never collapses unchecked external
+ * constraints into a safe-for-execution boolean.
+ */
+export declare function verifyIdJagDescriptor(descriptor: IdJagDescriptor): IdJagVerifyResult;
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/adapters/oauth-id-jag/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/adapters/oauth-id-jag/verify.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAOpE;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,eAAe,GAAG,iBAAiB,CAqDpF"}