agentlock-shared 0.1.0 → 0.3.0

package/dist/schemas.d.ts

@@ -1,4 +1,10 @@
 import { z } from 'zod';
+/**
+ * Reusable Zod schema for webhook URLs.
+ * Enforces: max length 2048, valid URL syntax, HTTPS-only,
+ * and rejects private/internal hostnames at parse time.
+ */
+export declare const WebhookUrlSchema: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
 export declare const AgentActionRequestSchema: z.ZodObject<{
     action_type: z.ZodEnum<["read", "write", "financial", "admin"]>;
     tool: z.ZodString;
@@ -6,14 +12,14 @@ export declare const AgentActionRequestSchema: z.ZodObject<{
     idempotency_key: z.ZodOptional<z.ZodString>;
     cost_estimate: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    action_type: "admin" | "read" | "write" | "financial";
     tool: string;
+    action_type: "admin" | "read" | "write" | "financial";
     payload: Record<string, unknown>;
     idempotency_key?: string | undefined;
     cost_estimate?: number | undefined;
 }, {
-    action_type: "admin" | "read" | "write" | "financial";
     tool: string;
+    action_type: "admin" | "read" | "write" | "financial";
     payload: Record<string, unknown>;
     idempotency_key?: string | undefined;
     cost_estimate?: number | undefined;
@@ -36,37 +42,103 @@ export declare const RegisterAgentSchema: z.ZodObject<{
 }>;
 export declare const PolicyRulesSchema: z.ZodObject<{
     defaultMode: z.ZodEnum<["allow", "require_approval", "block"]>;
-    rules: z.ZodArray<z.ZodObject<{
+    rules: z.ZodArray<z.ZodEffects<z.ZodObject<{
         action_type: z.ZodOptional<z.ZodEnum<["read", "write", "financial", "admin"]>>;
         tool: z.ZodOptional<z.ZodString>;
         domain: z.ZodOptional<z.ZodString>;
         decision: z.ZodEnum<["ALLOW", "REQUIRE_APPROVAL", "BLOCK"]>;
         require_two_approvals: z.ZodOptional<z.ZodBoolean>;
+        allowed_approvers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, "strip", z.ZodTypeAny, {
         decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
-        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         tool?: string | undefined;
-        domain?: string | undefined;
+        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
+        domain?: string | undefined;
     }, {
         decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+        tool?: string | undefined;
         action_type?: "admin" | "read" | "write" | "financial" | undefined;
+        require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
+        domain?: string | undefined;
+    }>, {
+        decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
         tool?: string | undefined;
+        action_type?: "admin" | "read" | "write" | "financial" | undefined;
+        require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
         domain?: string | undefined;
+    }, {
+        decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+        tool?: string | undefined;
+        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
+        domain?: string | undefined;
     }>, "many">;
     http: z.ZodOptional<z.ZodObject<{
         allowedDomains: z.ZodArray<z.ZodString, "many">;
-        allowedMethods: z.ZodArray<z.ZodString, "many">;
+        allowedMethods: z.ZodArray<z.ZodEnum<["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]>, "many">;
         blockList: z.ZodArray<z.ZodString, "many">;
+        allowAllDomains: z.ZodOptional<z.ZodBoolean>;
     }, "strip", z.ZodTypeAny, {
         allowedDomains: string[];
-        allowedMethods: string[];
+        allowedMethods: ("GET" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "DELETE" | "PATCH")[];
         blockList: string[];
+        allowAllDomains?: boolean | undefined;
     }, {
         allowedDomains: string[];
-        allowedMethods: string[];
+        allowedMethods: ("GET" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "DELETE" | "PATCH")[];
         blockList: string[];
+        allowAllDomains?: boolean | undefined;
+    }>>;
+    ssh: z.ZodOptional<z.ZodObject<{
+        allowedHosts: z.ZodArray<z.ZodString, "many">;
+        allowedUsers: z.ZodArray<z.ZodString, "many">;
+        commandRules: z.ZodArray<z.ZodObject<{
+            pattern: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
+            decision: z.ZodEnum<["ALLOW", "REQUIRE_APPROVAL", "BLOCK"]>;
+            require_two_approvals: z.ZodOptional<z.ZodBoolean>;
+            allowed_approvers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            description: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }, {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }>, "many">;
+        defaultDecision: z.ZodDefault<z.ZodEnum<["ALLOW", "REQUIRE_APPROVAL", "BLOCK"]>>;
+    }, "strip", z.ZodTypeAny, {
+        defaultDecision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+        allowedHosts: string[];
+        allowedUsers: string[];
+        commandRules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+    }, {
+        allowedHosts: string[];
+        allowedUsers: string[];
+        commandRules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
     }>>;
     limits: z.ZodOptional<z.ZodObject<{
         maxCostPerAction: z.ZodOptional<z.ZodNumber>;
@@ -78,51 +150,232 @@ export declare const PolicyRulesSchema: z.ZodObject<{
         maxActionsPerHour?: number | undefined;
         maxCostPerAction?: number | undefined;
     }>>;
+    allowHighRiskAutoApproval: z.ZodOptional<z.ZodObject<{
+        financial: z.ZodOptional<z.ZodBoolean>;
+        admin: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        admin?: boolean | undefined;
+        financial?: boolean | undefined;
+    }, {
+        admin?: boolean | undefined;
+        financial?: boolean | undefined;
+    }>>;
+    vpnRoutes: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        domainPattern: z.ZodString;
+        vpnCredentialId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        domainPattern: string;
+        vpnCredentialId: string;
+    }, {
+        domainPattern: string;
+        vpnCredentialId: string;
+    }>, "many">>;
+    claudeBash: z.ZodOptional<z.ZodObject<{
+        rules: z.ZodArray<z.ZodObject<{
+            pattern: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
+            decision: z.ZodEnum<["ALLOW", "REQUIRE_APPROVAL", "BLOCK"]>;
+            description: z.ZodOptional<z.ZodString>;
+            require_two_approvals: z.ZodOptional<z.ZodBoolean>;
+            allowed_approvers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        }, "strip", z.ZodTypeAny, {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }, {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }>, "many">;
+        defaultDecision: z.ZodOptional<z.ZodEnum<["ALLOW", "REQUIRE_APPROVAL", "BLOCK"]>>;
+    }, "strip", z.ZodTypeAny, {
+        rules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
+    }, {
+        rules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
+    }>>;
 }, "strip", z.ZodTypeAny, {
     defaultMode: "allow" | "require_approval" | "block";
     rules: {
         decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
-        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         tool?: string | undefined;
-        domain?: string | undefined;
+        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
+        domain?: string | undefined;
     }[];
     http?: {
         allowedDomains: string[];
-        allowedMethods: string[];
+        allowedMethods: ("GET" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "DELETE" | "PATCH")[];
         blockList: string[];
+        allowAllDomains?: boolean | undefined;
     } | undefined;
+    claudeBash?: {
+        rules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
+    } | undefined;
+    ssh?: {
+        defaultDecision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+        allowedHosts: string[];
+        allowedUsers: string[];
+        commandRules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+    } | undefined;
+    vpnRoutes?: {
+        domainPattern: string;
+        vpnCredentialId: string;
+    }[] | undefined;
     limits?: {
         maxActionsPerHour?: number | undefined;
         maxCostPerAction?: number | undefined;
     } | undefined;
+    allowHighRiskAutoApproval?: {
+        admin?: boolean | undefined;
+        financial?: boolean | undefined;
+    } | undefined;
 }, {
     defaultMode: "allow" | "require_approval" | "block";
     rules: {
         decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
-        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         tool?: string | undefined;
-        domain?: string | undefined;
+        action_type?: "admin" | "read" | "write" | "financial" | undefined;
         require_two_approvals?: boolean | undefined;
+        allowed_approvers?: string[] | undefined;
+        domain?: string | undefined;
     }[];
     http?: {
         allowedDomains: string[];
-        allowedMethods: string[];
+        allowedMethods: ("GET" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "DELETE" | "PATCH")[];
         blockList: string[];
+        allowAllDomains?: boolean | undefined;
+    } | undefined;
+    claudeBash?: {
+        rules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
     } | undefined;
+    ssh?: {
+        allowedHosts: string[];
+        allowedUsers: string[];
+        commandRules: {
+            pattern: string;
+            decision: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK";
+            require_two_approvals?: boolean | undefined;
+            allowed_approvers?: string[] | undefined;
+            description?: string | undefined;
+        }[];
+        defaultDecision?: "ALLOW" | "REQUIRE_APPROVAL" | "BLOCK" | undefined;
+    } | undefined;
+    vpnRoutes?: {
+        domainPattern: string;
+        vpnCredentialId: string;
+    }[] | undefined;
     limits?: {
         maxActionsPerHour?: number | undefined;
         maxCostPerAction?: number | undefined;
     } | undefined;
+    allowHighRiskAutoApproval?: {
+        admin?: boolean | undefined;
+        financial?: boolean | undefined;
+    } | undefined;
 }>;
 export declare const ApproveRequestSchema: z.ZodObject<{
     action: z.ZodEnum<["approve", "deny"]>;
     reason: z.ZodOptional<z.ZodString>;
+    reply_message: z.ZodOptional<z.ZodString>;
+    /** Server-side biometric challenge token (mobile clients only) */
+    biometric_challenge: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     action: "approve" | "deny";
     reason?: string | undefined;
+    reply_message?: string | undefined;
+    biometric_challenge?: string | undefined;
 }, {
     action: "approve" | "deny";
     reason?: string | undefined;
+    reply_message?: string | undefined;
+    biometric_challenge?: string | undefined;
+}>;
+export declare const SendMessageSchema: z.ZodObject<{
+    content: z.ZodString;
+    thread_id: z.ZodOptional<z.ZodString>;
+    expires_at: z.ZodOptional<z.ZodString>;
+    metadata: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodUnknown>, Record<string, unknown>, Record<string, unknown>>>;
+}, "strip", z.ZodTypeAny, {
+    content: string;
+    thread_id?: string | undefined;
+    expires_at?: string | undefined;
+    metadata?: Record<string, unknown> | undefined;
+}, {
+    content: string;
+    thread_id?: string | undefined;
+    expires_at?: string | undefined;
+    metadata?: Record<string, unknown> | undefined;
+}>;
+export declare const AgentSendMessageSchema: z.ZodObject<{
+    content: z.ZodString;
+    thread_id: z.ZodString;
+    metadata: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodUnknown>, Record<string, unknown>, Record<string, unknown>>>;
+}, "strip", z.ZodTypeAny, {
+    content: string;
+    thread_id: string;
+    metadata?: Record<string, unknown> | undefined;
+}, {
+    content: string;
+    thread_id: string;
+    metadata?: Record<string, unknown> | undefined;
+}>;
+/**
+ * Schema for an agent creating a brand-new thread (Flow A of the gateway
+ * messages endpoint). Unlike AgentSendMessageSchema this has an optional
+ * `subject` for the thread title and no thread_id.
+ */
+export declare const AgentCreateThreadSchema: z.ZodObject<{
+    create_thread: z.ZodLiteral<true>;
+    content: z.ZodString;
+    subject: z.ZodOptional<z.ZodString>;
+    metadata: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodUnknown>, Record<string, unknown>, Record<string, unknown>>>;
+}, "strip", z.ZodTypeAny, {
+    content: string;
+    create_thread: true;
+    metadata?: Record<string, unknown> | undefined;
+    subject?: string | undefined;
+}, {
+    content: string;
+    create_thread: true;
+    metadata?: Record<string, unknown> | undefined;
+    subject?: string | undefined;
 }>;
 //# sourceMappingURL=schemas.d.ts.map

package/dist/schemas.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EASnC,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwB5B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;EAG/B,CAAC"}
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAUxB;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,yEA8B1B,CAAC;AAEJ,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EASnC,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAC;AAIH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkH5B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;IAI/B,kEAAkE;;;;;;;;;;;;EAElE,CAAC;AAKH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAQ5B,CAAC;AAEH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;EAOjC,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;EAQlC,CAAC"}

package/dist/schemas.js

@@ -1,15 +1,51 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ApproveRequestSchema = exports.PolicyRulesSchema = exports.RegisterAgentSchema = exports.AgentActionRequestSchema = void 0;
+exports.AgentCreateThreadSchema = exports.AgentSendMessageSchema = exports.SendMessageSchema = exports.ApproveRequestSchema = exports.PolicyRulesSchema = exports.RegisterAgentSchema = exports.AgentActionRequestSchema = exports.WebhookUrlSchema = void 0;
 const zod_1 = require("zod");
+const regex_safety_js_1 = require("./regex-safety.js");
+const policy_js_1 = require("./policy.js");
 /** Max payload size: 64KB when serialized */
 const MAX_PAYLOAD_SIZE = 65_536;
+/** Maximum length for webhook URLs (standard URL length limit) */
+const MAX_WEBHOOK_URL_LENGTH = 2048;
+/**
+ * Reusable Zod schema for webhook URLs.
+ * Enforces: max length 2048, valid URL syntax, HTTPS-only,
+ * and rejects private/internal hostnames at parse time.
+ */
+exports.WebhookUrlSchema = zod_1.z
+    .string()
+    .max(MAX_WEBHOOK_URL_LENGTH, `Webhook URL exceeds maximum length (${MAX_WEBHOOK_URL_LENGTH} characters)`)
+    .refine((val) => {
+    try {
+        const parsed = new URL(val);
+        return parsed.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}, { message: 'Webhook URL must be a valid HTTPS URL' })
+    .refine((val) => {
+    try {
+        const parsed = new URL(val);
+        const hostname = parsed.hostname;
+        const privatePatterns = [
+            /^127\./, /^10\./, /^172\.(1[6-9]|2\d|3[01])\./,
+            /^192\.168\./, /^169\.254\./, /^0\./,
+            /^localhost$/i, /\.local$/i, /\.internal$/i,
+        ];
+        return !privatePatterns.some((p) => p.test(hostname));
+    }
+    catch {
+        return false;
+    }
+}, { message: 'Webhook URL cannot target private or internal addresses' });
 exports.AgentActionRequestSchema = zod_1.z.object({
     action_type: zod_1.z.enum(['read', 'write', 'financial', 'admin']),
     tool: zod_1.z.string().min(1).max(100).regex(/^[a-zA-Z0-9._\-:]+$/, 'Tool name must be alphanumeric with dots, dashes, underscores, or colons'),
     payload: zod_1.z.record(zod_1.z.unknown()).refine((val) => JSON.stringify(val).length <= MAX_PAYLOAD_SIZE, { message: `Payload exceeds maximum size of ${MAX_PAYLOAD_SIZE} bytes` }),
     idempotency_key: zod_1.z.string().max(128).optional(),
-    cost_estimate: zod_1.z.number().optional(),
+    cost_estimate: zod_1.z.number().nonnegative().optional(),
 });
 exports.RegisterAgentSchema = zod_1.z.object({
     name: zod_1.z.string().min(1).max(100),
@@ -17,31 +53,137 @@ exports.RegisterAgentSchema = zod_1.z.object({
     public_key: zod_1.z.string().min(40),
     allowed_tools: zod_1.z.array(zod_1.z.string()).default([]),
 });
+const DOMAIN_RE = /^(\*\.)?([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?\.)*[a-zA-Z]{2,}$/;
 exports.PolicyRulesSchema = zod_1.z.object({
     defaultMode: zod_1.z.enum(['allow', 'require_approval', 'block']),
     rules: zod_1.z.array(zod_1.z.object({
         action_type: zod_1.z.enum(['read', 'write', 'financial', 'admin']).optional(),
-        tool: zod_1.z.string().optional(),
-        domain: zod_1.z.string().optional(),
+        tool: zod_1.z.string().max(100).regex(/^[a-zA-Z0-9._\-:]+$/, 'Tool name must be alphanumeric with dots, dashes, underscores, or colons').optional(),
+        domain: zod_1.z.string().regex(DOMAIN_RE, 'Invalid domain format').optional(),
         decision: zod_1.z.enum(['ALLOW', 'REQUIRE_APPROVAL', 'BLOCK']),
         require_two_approvals: zod_1.z.boolean().optional(),
-    })),
+        allowed_approvers: zod_1.z.array(zod_1.z.string().uuid()).optional(),
+    }).refine(r => r.action_type || r.tool, { message: 'Rule must specify action_type or tool' })).max(100),
     http: zod_1.z
         .object({
-        allowedDomains: zod_1.z.array(zod_1.z.string()),
-        allowedMethods: zod_1.z.array(zod_1.z.string()),
-        blockList: zod_1.z.array(zod_1.z.string()),
+        allowedDomains: zod_1.z.array(zod_1.z.string().min(1).max(253).regex(DOMAIN_RE, 'Invalid domain format')),
+        allowedMethods: zod_1.z.array(zod_1.z.enum(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'])),
+        blockList: zod_1.z.array(zod_1.z.string().min(1).max(253).regex(DOMAIN_RE, 'Invalid domain format')),
+        allowAllDomains: zod_1.z.boolean().optional(),
+    })
+        .optional(),
+    ssh: zod_1.z
+        .object({
+        allowedHosts: zod_1.z.array(zod_1.z.string().min(1).max(253)).max(100),
+        allowedUsers: zod_1.z.array(zod_1.z.string().min(1).max(64).regex(/^[a-zA-Z0-9_\-.]+$/, 'Invalid SSH username')).max(50),
+        commandRules: zod_1.z
+            .array(zod_1.z.object({
+            pattern: zod_1.z.string().min(1).max(500).refine((p) => !(0, regex_safety_js_1.isLikelyRedos)(p), { message: 'Pattern rejected: looks like it could cause catastrophic regex backtracking (ReDoS). Simplify nested quantifiers or alternations.' }).refine((p) => { try {
+                (0, policy_js_1.compileSshPattern)(p);
+                return true;
+            }
+            catch {
+                return false;
+            } }, { message: 'Invalid pattern (must be a glob like "systemctl restart *" or a valid regex)' }),
+            decision: zod_1.z.enum(['ALLOW', 'REQUIRE_APPROVAL', 'BLOCK']),
+            require_two_approvals: zod_1.z.boolean().optional(),
+            allowed_approvers: zod_1.z.array(zod_1.z.string().uuid()).optional(),
+            description: zod_1.z.string().max(200).optional(),
+        }))
+            .max(200),
+        defaultDecision: zod_1.z.enum(['ALLOW', 'REQUIRE_APPROVAL', 'BLOCK']).default('REQUIRE_APPROVAL'),
     })
         .optional(),
     limits: zod_1.z
         .object({
-        maxCostPerAction: zod_1.z.number().optional(),
-        maxActionsPerHour: zod_1.z.number().optional(),
+        maxCostPerAction: zod_1.z.number().nonnegative().optional(),
+        maxActionsPerHour: zod_1.z.number().nonnegative().optional(),
+    })
+        .optional(),
+    allowHighRiskAutoApproval: zod_1.z
+        .object({
+        financial: zod_1.z.boolean().optional(),
+        admin: zod_1.z.boolean().optional(),
+    })
+        .optional(),
+    // Domain→VPN routing table. Each entry pins traffic to a specific VPN
+    // credential when the tool's target hostname matches `domainPattern`.
+    // Patterns may be a literal hostname or `*.<suffix>` for wildcard sub-
+    // domain matches. Capped at 50 entries to keep evaluation cheap and to
+    // force users toward broad patterns rather than a row per endpoint.
+    vpnRoutes: zod_1.z
+        .array(zod_1.z.object({
+        domainPattern: zod_1.z
+            .string()
+            .min(1)
+            .max(253)
+            .regex(/^(\*\.)?([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?\.)*[a-zA-Z]{2,}$/, 'Invalid domain pattern — use a hostname like "corp.example" or "*.corp.example"'),
+        vpnCredentialId: zod_1.z.string().uuid(),
+    }))
+        .max(50)
+        .optional(),
+    claudeBash: zod_1.z
+        .object({
+        rules: zod_1.z
+            .array(zod_1.z.object({
+            pattern: zod_1.z
+                .string()
+                .min(1)
+                .max(500)
+                .refine((p) => !(0, regex_safety_js_1.isLikelyRedos)(p), {
+                message: 'Pattern rejected: looks like it could cause catastrophic regex backtracking. Simplify nested quantifiers or alternations.',
+            })
+                .refine((p) => {
+                try {
+                    (0, policy_js_1.compileClaudeBashPattern)(p);
+                    return true;
+                }
+                catch {
+                    return false;
+                }
+            }, { message: 'Invalid pattern (use a literal prefix like "grep /home/" or wrap a regex in /.../)' }),
+            decision: zod_1.z.enum(['ALLOW', 'REQUIRE_APPROVAL', 'BLOCK']),
+            description: zod_1.z.string().max(200).optional(),
+            // Per-rule overrides for the surrounding permission.claude_code
+            // rule's two-person and approver-allowlist settings. Match the
+            // shape on ssh.commandRules so admins learn one set of fields.
+            require_two_approvals: zod_1.z.boolean().optional(),
+            allowed_approvers: zod_1.z.array(zod_1.z.string().uuid()).optional(),
+        }))
+            .max(200),
+        defaultDecision: zod_1.z.enum(['ALLOW', 'REQUIRE_APPROVAL', 'BLOCK']).optional(),
     })
         .optional(),
 });
 exports.ApproveRequestSchema = zod_1.z.object({
     action: zod_1.z.enum(['approve', 'deny']),
     reason: zod_1.z.string().max(1000).optional(),
+    reply_message: zod_1.z.string().max(2000).optional(),
+    /** Server-side biometric challenge token (mobile clients only) */
+    biometric_challenge: zod_1.z.string().uuid().optional(),
+});
+/** Max metadata size: 8KB when serialized (prevents storage exhaustion) */
+const MAX_METADATA_SIZE = 8_192;
+exports.SendMessageSchema = zod_1.z.object({
+    content: zod_1.z.string().min(1).max(4096),
+    thread_id: zod_1.z.string().uuid().optional(),
+    expires_at: zod_1.z.string().datetime().optional(),
+    metadata: zod_1.z.record(zod_1.z.unknown()).refine((val) => JSON.stringify(val).length <= MAX_METADATA_SIZE, { message: `Metadata exceeds maximum size of ${MAX_METADATA_SIZE} bytes` }).optional(),
+});
+exports.AgentSendMessageSchema = zod_1.z.object({
+    content: zod_1.z.string().min(1).max(4096),
+    thread_id: zod_1.z.string().uuid(),
+    metadata: zod_1.z.record(zod_1.z.unknown()).refine((val) => JSON.stringify(val).length <= MAX_METADATA_SIZE, { message: `Metadata exceeds maximum size of ${MAX_METADATA_SIZE} bytes` }).optional(),
+});
+/**
+ * Schema for an agent creating a brand-new thread (Flow A of the gateway
+ * messages endpoint). Unlike AgentSendMessageSchema this has an optional
+ * `subject` for the thread title and no thread_id.
+ */
+exports.AgentCreateThreadSchema = zod_1.z.object({
+    create_thread: zod_1.z.literal(true),
+    content: zod_1.z.string().min(1).max(4096),
+    subject: zod_1.z.string().max(200).optional(),
+    metadata: zod_1.z.record(zod_1.z.unknown()).refine((val) => JSON.stringify(val).length <= MAX_METADATA_SIZE, { message: `Metadata exceeds maximum size of ${MAX_METADATA_SIZE} bytes` }).optional(),
 });
 //# sourceMappingURL=schemas.js.map

package/dist/schemas.js.map

@@ -1 +1 @@
-{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAExB,6CAA6C;AAC7C,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAEnB,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC5D,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,qBAAqB,EAAE,0EAA0E,CAAC;IACzI,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACnC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,gBAAgB,EACvD,EAAE,OAAO,EAAE,mCAAmC,gBAAgB,QAAQ,EAAE,CACzE;IACD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC/C,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AAEU,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACnF,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9B,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CAC/C,CAAC,CAAC;AAEU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;IAC3D,KAAK,EAAE,OAAC,CAAC,KAAK,CACZ,OAAC,CAAC,MAAM,CAAC;QACP,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QACvE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;QACxD,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC9C,CAAC,CACH;IACD,IAAI,EAAE,OAAC;SACJ,MAAM,CAAC;QACN,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACnC,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACnC,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;KAC/B,CAAC;SACD,QAAQ,EAAE;IACb,MAAM,EAAE,OAAC;SACN,MAAM,CAAC;QACN,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAEU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC"}
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,uDAAkD;AAClD,2CAA0E;AAE1E,6CAA6C;AAC7C,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAEhC,kEAAkE;AAClE,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC;;;;GAIG;AACU,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,GAAG,CAAC,sBAAsB,EAAE,uCAAuC,sBAAsB,cAAc,CAAC;KACxG,MAAM,CACL,CAAC,GAAG,EAAE,EAAE;IACN,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,EACD,EAAE,OAAO,EAAE,uCAAuC,EAAE,CACrD;KACA,MAAM,CACL,CAAC,GAAG,EAAE,EAAE;IACN,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,MAAM,eAAe,GAAG;YACtB,QAAQ,EAAE,OAAO,EAAE,4BAA4B;YAC/C,aAAa,EAAE,aAAa,EAAE,MAAM;YACpC,cAAc,EAAE,WAAW,EAAE,cAAc;SAC5C,CAAC;QACF,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,EACD,EAAE,OAAO,EAAE,yDAAyD,EAAE,CACvE,CAAC;AAES,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC5D,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,qBAAqB,EAAE,0EAA0E,CAAC;IACzI,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACnC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,gBAAgB,EACvD,EAAE,OAAO,EAAE,mCAAmC,gBAAgB,QAAQ,EAAE,CACzE;IACD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC/C,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;CACnD,CAAC,CAAC;AAEU,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IACnF,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9B,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CAC/C,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,kEAAkE,CAAC;AAExE,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;IAC3D,KAAK,EAAE,OAAC,CAAC,KAAK,CACZ,OAAC,CAAC,MAAM,CAAC;QACP,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QACvE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,qBAAqB,EAAE,0EAA0E,CAAC,CAAC,QAAQ,EAAE;QAC7I,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC,QAAQ,EAAE;QACvE,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;QACxD,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC7C,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;KACzD,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC,CAC9F,CAAC,GAAG,CAAC,GAAG,CAAC;IACV,IAAI,EAAE,OAAC;SACJ,MAAM,CAAC;QACN,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;QAC7F,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;QAC7F,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;QACxF,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KACxC,CAAC;SACD,QAAQ,EAAE;IACb,GAAG,EAAE,OAAC;SACH,MAAM,CAAC;QACN,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;QAC1D,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,EAAE,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5G,YAAY,EAAE,OAAC;aACZ,KAAK,CACJ,OAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,+BAAa,EAAC,CAAC,CAAC,EACxB,EAAE,OAAO,EAAE,mIAAmI,EAAE,CACjJ,CAAC,MAAM,CACN,CAAC,CAAC,EAAE,EAAE,GAAG,IAAI,CAAC;gBAAC,IAAA,6BAAiB,EAAC,CAAC,CAAC,CAAC;gBAAC,OAAO,IAAI,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,KAAK,CAAC;YAAC,CAAC,CAAC,CAAC,EAC7E,EAAE,OAAO,EAAE,8EAA8E,EAAE,CAC5F;YACD,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;YACxD,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;YAC7C,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;YACxD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;SAC5C,CAAC,CACH;aACA,GAAG,CAAC,GAAG,CAAC;QACX,eAAe,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC;KAC5F,CAAC;SACD,QAAQ,EAAE;IACb,MAAM,EAAE,OAAC;SACN,MAAM,CAAC;QACN,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;QACrD,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;KACvD,CAAC;SACD,QAAQ,EAAE;IACb,yBAAyB,EAAE,OAAC;SACzB,MAAM,CAAC;QACN,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACjC,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC9B,CAAC;SACD,QAAQ,EAAE;IACb,sEAAsE;IACtE,sEAAsE;IACtE,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,SAAS,EAAE,OAAC;SACT,KAAK,CACJ,OAAC,CAAC,MAAM,CAAC;QACP,aAAa,EAAE,OAAC;aACb,MAAM,EAAE;aACR,GAAG,CAAC,CAAC,CAAC;aACN,GAAG,CAAC,GAAG,CAAC;aACR,KAAK,CACJ,kEAAkE,EAClE,iFAAiF,CAClF;QACH,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;KACnC,CAAC,CACH;SACA,GAAG,CAAC,EAAE,CAAC;SACP,QAAQ,EAAE;IACb,UAAU,EAAE,OAAC;SACV,MAAM,CAAC;QACN,KAAK,EAAE,OAAC;aACL,KAAK,CACJ,OAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,OAAC;iBACP,MAAM,EAAE;iBACR,GAAG,CAAC,CAAC,CAAC;iBACN,GAAG,CAAC,GAAG,CAAC;iBACR,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,+BAAa,EAAC,CAAC,CAAC,EAAE;gBAChC,OAAO,EACL,2HAA2H;aAC9H,CAAC;iBACD,MAAM,CACL,CAAC,CAAC,EAAE,EAAE;gBACJ,IAAI,CAAC;oBACH,IAAA,oCAAwB,EAAC,CAAC,CAAC,CAAC;oBAC5B,OAAO,IAAI,CAAC;gBACd,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC,EACD,EAAE,OAAO,EAAE,oFAAoF,EAAE,CAClG;YACH,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC;YACxD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;YAC3C,gEAAgE;YAChE,+DAA+D;YAC/D,+DAA+D;YAC/D,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;YAC7C,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;SACzD,CAAC,CACH;aACA,GAAG,CAAC,GAAG,CAAC;QACX,eAAe,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC3E,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAEU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACvC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IAC9C,kEAAkE;IAClE,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;CAClD,CAAC,CAAC;AAEH,2EAA2E;AAC3E,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAEnB,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IACpC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC5C,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACpC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,iBAAiB,EACxD,EAAE,OAAO,EAAE,oCAAoC,iBAAiB,QAAQ,EAAE,CAC3E,CAAC,QAAQ,EAAE;CACb,CAAC,CAAC;AAEU,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IACpC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACpC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,iBAAiB,EACxD,EAAE,OAAO,EAAE,oCAAoC,iBAAiB,QAAQ,EAAE,CAC3E,CAAC,QAAQ,EAAE;CACb,CAAC,CAAC;AAEH;;;;GAIG;AACU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,aAAa,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACpC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,iBAAiB,EACxD,EAAE,OAAO,EAAE,oCAAoC,iBAAiB,QAAQ,EAAE,CAC3E,CAAC,QAAQ,EAAE;CACb,CAAC,CAAC"}

package/dist/signing.d.ts

@@ -1,8 +1,21 @@
+/**
+ * Supported signature-scheme version. v1 is the original Ed25519 over
+ * `${canonicalStringify(body)}:${timestamp}:${nonce}`. Future versions
+ * (e.g. v2 switching to a hash-chained nonce or a different canonicalisation)
+ * bump this number; `verifyRequest` must then dispatch on the header value.
+ *
+ * The header is OPTIONAL for backward-compat with agents that don't send it;
+ * an absent header is treated as v1. New clients should set it explicitly so
+ * a future v2 rollout can leave v1 traffic alone during the transition.
+ */
+export declare const SIGNATURE_VERSION_CURRENT: "1";
+export type SignatureVersion = '1';
 export interface SignedHeaders {
     'x-agent-id': string;
     'x-timestamp': string;
     'x-signature': string;
     'x-nonce'?: string;
+    'x-signature-version'?: SignatureVersion;
 }
 export interface KeyPair {
     publicKey: string;
@@ -16,8 +29,10 @@ export declare function verifyRequest(body: Record<string, unknown>, headers: {
     'x-timestamp'?: string;
     'x-signature'?: string;
     'x-nonce'?: string;
+    'x-signature-version'?: string;
 }, publicKeyBase64: string, maxSkewMs?: number): {
     agentId: string;
     nonce: string;
+    version: SignatureVersion;
 };
 //# sourceMappingURL=signing.d.ts.map

package/dist/signing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,eAAe,IAAI,OAAO,CAMzC;AAoCD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAEvE;AAED,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GACvB,aAAa,CAef;AAED,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE;IACP,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,EACD,eAAe,EAAE,MAAM,EACvB,SAAS,SAAgB,GACxB;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CA2BpC"}
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AACH,eAAO,MAAM,yBAAyB,EAAG,GAAY,CAAC;AACtD,MAAM,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAEnC,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB,CAAC,EAAE,gBAAgB,CAAC;CAC1C;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,eAAe,IAAI,OAAO,CAMzC;AAoCD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAEvE;AAED,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GACvB,aAAa,CAqBf;AAID,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE;IACP,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,EACD,eAAe,EAAE,MAAM,EACvB,SAAS,SAAgB,GACxB;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,gBAAgB,CAAA;CAAE,CA4D/D"}