asgard-tide 0.12.42 → 0.12.45

package/LICENSE

@@ -0,0 +1,334 @@
+		Tide Community Open Code License
+
+	Preamble:
+	  The Tide Community Open Code License is a copyright License for 
+	software and other kinds of works designed to encourage the adoption 
+	of the Tide Protocol.  The aim of the Tide Protocol is to be the technological
+	infrastructure of a true zero-trust paradigm, addressing the data-breach
+	protection needs of platform vendors and their customers, the 
+	self-sovereign authority needs of online users, and replace the reliance 
+	on blind trust with proofs.
+
+	  To that end, the Tide Community Open Code License gives you the 
+	freedom to modify and distribute copies of software and other works 
+	for free, or for a fee, as long as you do so in accordance with these 
+	terms and the software adopts the Tide Protocol in full.
+
+	License Terms
+	Version: 2
+	Date of last revision: 1 December 2022
+
+	1	Acceptance of these terms
+	  (a)	These terms are between the copyright holder (“we”, “us” and 
+		“our”) identified in the notice embedded in or provided with 
+		the source code, technical documentation or other material 
+		relating to the Tide Foundation Limited’s (ACN 630 011 371) 
+		(“Tide”) data decryption and key management platform 
+		known as the “Tide Protocol” (“Tide Protocol”) and with which 
+		these terms are packaged (“Materials”) and the person or 
+		entity (“you” and “your”) accessing and/or using the Materials.
+	  (b)	By using, modifying or publishing the Materials or any Modified
+		Materials (as defined in clause 2(c) below), you agree to be 
+		bound by these terms.  If you are doing any of the foregoing in 
+		the context of your employment with your employer or on behalf 
+		of another entity, you are agreeing to be bound by these terms 
+		on behalf of that employer or other entity and you represent 
+		and warrant that you have the authority of that employer or 
+		other entity to enter into these terms on their behalf. In such 
+		circumstances, each reference in these terms “you” or “your” 
+		includes that employer or other entity. 
+	  (c)	These terms will remain in effect until terminated under 
+		clause 9.
+
+	2	Intellectual property rights
+	  (a)	In these terms, “Intellectual Property Rights” means all 
+		intellectual property rights of whatever nature throughout the 
+		world, including all rights conferred under statute, common 
+		law or equity, whether existing now or at any time in the 
+		future, including all rights in and to any patents, patent 
+		applications, business names, trade names, domain names, trade 
+		marks, copyright, trade secrets, circuit layout rights, 
+		designs, confidential information, know-how, technical 
+		information, data or developments. All of our Intellectual 
+		Property Rights are protected by the laws in force in 
+		Australia from time to time.
+	  (b)	You acknowledge and agree that we (or our licensors) retain all
+		right, title, and interest (including all Intellectual Property 
+		Rights) in and to the Materials, and nothing you do with or in 
+		relation to the Materials will transfer any right, title or 
+		interest (including Intellectual Property Rights) to you or 
+		License or otherwise permit you to exercise any Intellectual 
+		Property Rights except as expressly granted under these terms.
+	  (c)	In these terms, “Modified Materials” means any work based on 
+		one or more of the Materials, including a revision, 
+		modification, adaptation, subset, addition, enhancement, 
+		improvement, combination, translation, abridgment, 
+		condensation, expansion, collection, compilation or any other 
+		form in which such Materials may be recast, transformed or 
+		adapted or any other new material derived from the Materials.
+
+	3	Your License to the Materials 
+	  (a)	Subject to paragraph (c) below and your compliance with these 
+		terms, we grant you a limited, non-exclusive,  
+		non-sub-licensable, revocable, worldwide, royalty free License 
+		for the term of these terms to access, use, copy, modify, 
+		adapt, distribute, publish and exploit the Materials, provided 
+		that such License is exercised:
+		(i)	solely in connection with the adoption and use of the 
+			Tide Protocol;
+		(ii)	solely in a manner which requires any payment or 
+			exchange of value to be made via Tide Tokens (as 
+			defined in paragraph (c) below); and
+		(iii)	in accordance with clause 6 and on these terms in 
+			respect of the right to distribute and publish the 
+			Materials and Modified Materials.
+		The foregoing rights to distribute, publish and exploit the 
+		Materials include the right to do so for a fee and applies 
+		in respect of the Materials and the Modified Materials. 
+	  (b)	Any access, use, copy, modification, adaptation, distribution, 
+		publication or exploitation of any of the Materials for use 
+		with applications that do not fully use, adopt and implement 
+		the Tide Protocol is prohibited. This prohibition includes any 
+		use or adaptation of the Materials for the purposes of any 
+		protocol, system or platform competing with the Tide Protocol 
+		or which facilitates any form of payment or exchange of value 
+		other than through use of Tide Tokens (as defined in paragraph 
+		(c) below). 
+	  (c)	Without limiting paragraph (b), the License granted under 
+		paragraph (a) does not permit you to, and in exercising the 
+		rights granted to you under paragraph (a) you must not, under 
+		any circumstances:
+		(i)	remove, omit or in any way modify any component of the 
+			Materials, including source code components, which 
+			requires payment or exchange of value to be made via 
+			Tide cryptographic tokens designed for settling 
+			transactions entered into via the Tide Protocol (“Tide 
+			Tokens”); 
+		(ii)	use the Materials which are source code or object code:
+			(A)	in combination with any other code, script or 
+				software (whether in source or object code form), 
+				or otherwise in any manner, which would in any way 
+				circumvent the requirement for any payment or 
+				exchange of value to be made via Tide Tokens; or
+			(B)	in any other way which does not properly use, adopt 
+				and implement the Tide Protocol in its entirety, 
+				including for the purposes of both data decryption 
+				and key management;  
+		(iii)	violate any applicable laws or any rights of any person, 
+			or use or permit or facilitate the use of the Materials 
+			in any manner or for any purpose that is unlawful or is 
+			in breach of any laws of jurisdiction anywhere in the 
+			world;
+		(iv)	distribute viruses, spyware, corrupted files, or any 
+			other similar software or programs that may damage the 
+			operation of any computer hardware or software, or the 
+			Tide Protocol; or
+		(v)	engage in any other conduct that is improper or brings 
+			or is likely to bring us, the Materials, the Tide 
+			Protocol or Tide Tokens into disrepute,
+		and you must ensure that where any third party is being engaged 
+		to make modifications to the Materials on your behalf, their 
+		rights to do so are subject to terms which incorporate the 
+		restrictions in this clause 3.
+	  (d)	You must take your own precautions to ensure that the processes 
+		which you employ for accessing and using the Materials do not 
+		expose you to the risk of viruses, malicious computer code or 
+		other forms of interference which may damage your computer 
+		systems.  We recommend that you install and use up-to-date 
+		anti-virus, anti-spyware and firewall software on your computer 
+		systems.  
+
+	4	Data security and privacy	
+	  You are fully responsible for ensuring:
+	  (a)	any use, adoption or implementation of the Materials, any 
+		Modified Materials and/or the Tide Protocol appropriately 
+		protects, encrypts and stores data; and 
+	  (b)	all aspects of compliance with privacy and data protection laws. 
+	  We disclaim all warranties and liability regarding the same.
+	  
+	5	Modification of Tide Protocol and Materials 
+	  You acknowledge that Tide may at any time without notice to you change 
+	  or update the whole or any part of the Tide Protocol and/or any of the 
+	  Materials, including in a manner which may result in applications or 
+	  processes you may have developed or implemented no longer being 
+	  compatible or otherwise working in the same manner with the Tide 
+	  Protocol or any Material, including any software development kit. We 
+	  may also withdraw or remove any part of the Materials or the Tide 
+	  Protocol at any stage without notice to you.
+
+	6	Distribution 
+	  (a)	Without limiting clause 3, in exercising the rights granted to 
+		you under clause 3(a) to distribute or publish one or more 
+		copies of any Materials verbatim as you receive the Materials,
+		you may do so in any medium, provided that:
+		(i)	you provide all recipients of the Materials with a copy of 
+			these terms along with the Materials: 
+		(ii)	you keep intact and do not remove, omit, or in any way 
+			modify any of the following:
+			(A)	any notices stating that these License terms apply; 
+			(B)	any hyperlink to these License terms; and
+			(C)	any notices of the absence of any warranty;
+	  (b)	You may charge any price or no price for each copy of the 
+		Materials or Modified Materials that you distribute or publish,
+		and you may offer support or warranty protection for a fee.
+	  (c)	Without limiting clause 3, in exercising the rights granted to 
+		you under clause 3(a) to distribute or publish one or more 
+		copies of any Modified Materials you create or cause to be 
+		created, you may do so in any medium, provided that:
+		(i)	you provide all recipients of the Modified Materials with 
+			a copy of these terms along with the Modified Materials; 
+		(ii)	you keep intact and do not remove, omit, or in any way 
+			modify any of the following:
+			(A)	any notices stating that these License terms apply to 
+				the unmodified Materials;
+			(B)	any hyperlink to these License terms; and
+			(C)	any notices of the absence of any warranty in respect 
+				of the unmodified Materials; and
+		(iii)	the whole of any Modified Materials must be licensed under 
+			these terms (although this does not limit the operation of 
+			paragraph (d)), but you may impose further restrictions 
+			that do not conflict with or override these terms.
+	  (d)	Where you compile any source code Materials or Modified 
+		Materials in an aggregate with any proprietary program, the 
+		Materials remain governed by these License terms. For the 
+		purposes of the foregoing, a compilation of any Materials with 
+		other separate and independent works, which are not by their 
+		nature extensions of the Materials, and which are not combined 
+		with the Materials such as to form a larger program, in or on 
+		a volume of a storage or distribution medium, is an “aggregate” 
+		if the compilation and its resulting copyright are not used to 
+		limit the access or legal rights of the compilation's users 
+		beyond what the individual Materials permit. Inclusion of any 
+		Materials in an aggregate does not cause these terms to apply 
+		to the other parts of the aggregate.
+	  (e)	You may not initiate any proceedings or claims in respect of 
+		infringement of any patent rights in respect of the access, 
+		use, copy, modification, adaptation, distribution, publication 
+		or exploitation of any of the Materials or Modified Materials 
+		in accordance with these terms.
+
+	7	Liability
+	  (a)	All express or implied guarantees, warranties, representations, 
+		statements, terms or conditions relating to these terms or the 
+		Materials that are not contained in these terms, are excluded 
+		to the maximum extent permitted by law. Without limiting the 
+		foregoing:
+		(i)	the Materials are provided ‘as-is’ and neither we nor Tide 
+			warrant or represent that they will work in any way, that 
+			they are fit for any particular purpose, that your 
+			requirements will be met, that your use of the Materials 
+			will be uninterrupted or error free or that the Materials 
+			are free of viruses or other harmful components; and
+		(ii)	we and Tide are not responsible for any loss, corruption or 
+			interception of data which occurs in connection with your 
+			use or misuse of the Materials.
+	  (b)	Nothing in these terms excludes, restricts or modifies any 
+		guarantee, term, condition, warranty, or any right or remedy, 
+		implied or imposed by any law which cannot lawfully be excluded 
+		or limited. (a “Non-Excludable Provision”). If any guarantee, 
+		term, condition or warranty is implied into these terms under a 
+		Non-Excludable Provision and we or Tide can limit your remedy 
+		for a breach of the Non-Excludable Provision, then our and 
+		Tide’s liability for breach of the Non-Excludable Provision is 
+		limited to one or more of the following at our option:
+		(i)	in the case of goods, the replacement of the goods or the 
+			supply of equivalent goods, the repair of the goods, the 
+			payment of the cost of replacing the goods or of acquiring 
+			equivalent goods, or the payment of the cost of having the 
+			goods repaired; or
+		(ii)	in the case of services, the supplying of the services 
+			again, or the payment of the cost of having the services 
+			supplied again. 
+	  (c)	To the maximum extent permitted by law but despite any other 
+		clause in these terms, your use of the Materials is at your own 
+		risk and neither we nor Tide are liable to you for any loss or 
+		damage you (or any of your representatives or sub-licensees) 
+		suffer, sustain or incur in connection with these terms, 
+		exercise of any rights granted under these terms or otherwise 
+		in connection with any access or use of the Materials, including 
+		in respect of any loss, corruption or interception of data or 
+		breach of privacy or security.  
+	  (d)	Without limiting paragraph (c), to the maximum extent permitted 
+		by law, neither we nor Tide are not liable to you for and no 
+		measure of damages will under any circumstances include: 
+		(i)	special, indirect, consequential, incidental or punitive 
+			damages; or
+		(ii)	damages for loss of profits, revenue, goodwill, 
+			opportunity, anticipated savings or loss or corruption of 
+			data.
+	  (e)	The exclusions and limitations of liability in this clause 8 
+		apply regardless of the basis on which such liability arises, 
+		whether in contract, breach of warranty, tort (including 
+		negligence), in equity, under statute, under an indemnity or 
+		on any other basis.
+	  (f)	You will indemnify us and hold us, Tide and each of our 
+		directors, officers, employees and contractors harmless from 
+		and against any loss suffered or incurred by us or any of 
+		those indemnified, arising out of or in connection with: 
+		(i)	your or any of your sub-licensee’s access or use of any of 
+			the Materials or any other exercise of any of the rights 
+			granted to you under these terms in connection with any of 
+			the Materials;
+		(ii)	your negligence or breach of these terms; 
+		(iii)	your violation of any applicable law or infringement of any 
+			rights (including Intellectual Property Rights) of a third 
+			party; or
+		(iv)	any claim made by any third party arising out of or in 
+			connection with any Modified Materials, including any 
+			application developed using any of the Materials, and 
+			including in respect of infringement of any person’s 
+			Intellectual Property Rights. 
+	8	Termination
+	  (a)	Your License to use the Materials under clause 3(a) immediately 
+		and automatically terminates without the need for us to give 
+		notice to you if you breach these terms.
+	  (b)	You may terminate these terms at any time by ceasing all use 
+		and removing all implementations of the Materials and the Tide 
+		Protocol.
+	  (c)	Upon termination of these terms, all rights and Licenses 
+		granted to you under these terms will also terminate and you 
+		must immediately cease using the Materials and remove all 
+		implementations of the Materials. 
+	9	General
+	  (a)	You remain fully responsible and liable for the acts and 
+		omissions of any third party to whom you subcontract the 
+		exercise or performance any of your rights or obligations under 
+		these terms, as if such acts and omissions were your acts and 
+		omissions. 
+	  (b)	If any part of these terms is held to be unenforceable, the 
+		unenforceable part is to be given effect to the greatest extent 
+		possible and the remainder will remain in full force and effect.   
+	  (c)	No waiver, delay or failure by us to take any action shall 
+		constitute or be construed as a waiver of that or any other term, 
+		condition, option, privilege or right we may have.
+	  (d)	The word “including” when used in these terms is not a term of 
+		limitation.
+
+	====================
+	End of License terms
+	====================
+
+	If you develop a Modified Material and want to assert your copyright, 
+	attach the following notices to the Modified Material. It is best to 
+	attach them to the start of each source file to most effectively state 
+	the exclusion of warranty and each file should have at least the 
+	“copyright” line and a pointer to where the full notice is found.
+
+	<INSERT PROGRAM NAME and PURPOSE.>
+
+	Copyright (c) <year> <name of author>    
+
+	This program is free software and is subject to the terms of the Tide 
+	Community Open Code License as published by the Tide Foundation 
+	Limited. You may modify it and redistribute it in accordance with 
+	and subject to the terms of that License.
+
+	This program is distributed WITHOUT WARRANTY of any kind, including 
+	without any implied warranty of MERCHANTABILITY or FITNESS FOR A 
+	PARTICULAR PURPOSE.  See the Tide Community Open Code License for 
+	more details.
+
+	You should have received a copy of the Tide Community Open Code 
+	License along with this program.
+	
+	If not, see https://tide.org/licenses_tcoc2-0-0-en

package/README.md

@@ -1,2 +1,103 @@
-# asgard
-Vendor server-side libraries to validate and test Tide Security
+# Asgard
+Vendor server-side libraries to validate and test Tide Security. 
+
+## Quick overview of Tide specific terminologies
+### Tide Request
+The data object used to communicate with the Tide Network. All information regarding the context of what you want to execute is provided inside this object.
+Fields of is object include request name, id, authorization flow requested, authorized data, informational data etc.
+### Policies and Contracts
+Together, policies and contracts create a rule system designed by you, enforced by the Tide Network. 
+Think of a contract as the function used to validate a request, and a policy as the parameters to that function.
+
+Pseudocode example of policies + contracts:
+```js
+// You create the policy
+your_policy = {
+    max_btc_to_send: 5,
+    time_of_day_allowed: "between 10am and 4pm"
+}
+
+// You upload your own contract, or use one provided by the Network
+function your_contract_validate_func(policy){
+    check current time is in policy.time_of_day_allowed
+    check tx to sign is sending less than policy.max_btc_to_send
+    return success
+}
+
+// The network enforces your policy
+if your_contract_validate_func(your_policy) is success {
+    execute request
+}
+```
+
+## Policies
+A policy is a data object that contains a set of parameters which validate a specific tide request against a contract.
+
+### Policy Structure
+A policy consists of a couple fields:
+- `contractId` : The contract id that your policy is meant to execute against.
+- `modelId` : The model id (request type) your policy/contract will validate the contents of. Could be Cardano Transaction, code signing, token signature etc.
+- `keyId` : Your vendor id
+- `approvalType`: Either set to `explicit` or `implicit`. Set to `explicit` if you require the user(s) to manually approve the use of the policy with a request, or set to `implicit` if you don't require the user to manually approve its use, thus allowing its use without the user of the policy knowing.
+- `executionType`: Either set to `public` or `private`. Set ot `public` if you'd like anyone to be able to execute and retrieve the contents of the request. Or set to `private` if specific conditions for the user executing the request must be met (**logic set in contract**).
+- `params` : A key/value map of the specific values your contract requires to validate the contents of the request. This is what gets enforced by your contract onto the request.
+- `signature` : The signature of the policy from your vendor key. This is required to use a policy on the Tide Network.
+
+Creating a policy:
+```js
+const policyParameters = new Map();
+policyParameters.set("myNumberParam", 1);
+policyParameters.set("myStringParam", "test");
+policyParameters.set("myBigIntParam", BigInt(2));
+policyParameters.set("myBooleanParam", true);
+policyParameters.set("myByteArrayParam", new Uint8Array([0, 2, 1, 3]));
+
+const policy = new Policy({
+    modelId: "<model id to use with this policy>",
+    contractId: "<contract id to use with this policy>",
+    keyId: "<your vendor id>",
+    approvalType: "explicit",
+    executionType: "public",
+    params: policyParameters
+});
+```
+
+### Creating a policy for your organization
+Any policy you create will create a linkage between either a single Tide Request and a single Contract - or any Tide Request and a single Contract. 
+
+The relationship betweent the contract, policy and tide request is as follows:
+1. Contract contains the logic to check policy parameters against a tide request. Contract logic sits on the network's nodes.
+2. The policy contains the actual values the contract will check the tide request against. Policies sit on specific applications using the policy (such as a crypto wallet).
+3. The tide request contains the policy as part of its payload when sent to the network. Aside from that it is simply a data model.
+
+To create a policy, you'll have to create the Policy object then execute a PolicySignRequest to authorize its use. 
+
+Here's the syntax for it:
+```js
+const policySignRequest = PolicySignRequest.New(policy); // PolicySignRequest will return a single signature of the Policy you added to the PolicySignRequest
+const policySignature = // see 7. Executing Tide Requests on tidecloak-js on how to execute a tide request
+policy.signature = policySignature;
+const policyDataToStore = policy.encode(); // You can now store this signed policy for your client application to use when authorizing tide requests you specified in policy.modelId
+```
+
+## Contracts
+### Contract Structure
+All contracts that execute on the Tide Network require the implementation of 3 functions.
+
+1. `validate_request` - Always required for checking policy details against the request's contents.
+2. `validate_approvers` - Required if you intend to use policies with `approvalType` set to **explicit**. This is where the logic that determines if the users that approved this request has the specific roles/conditions to do so.
+3. `validate_executor` - Required if you intend to use policies with `executionType` set to **private**. This is where the logic that determines if the user that executed this request had the correct roles/condition to do so.
+
+Constructing a contract on Tide for now is extraodinarily complex and you probably won't be doing it. TODO
+
+## Other specific niches to know about
+### Custom Requests
+Looking to sign your own kind of custom data with Tide? Look no further. This is where I intend to butcher the explanation of it.
+
+There are 3 types of `CustomRequest` on Tide - each intended to best fit your specific type of request.
+
+1. `BasicCustomRequest` - A basic request. You have all the data your require to be validated at the time of request creation.
+2. `DyanmicPayloadCustomRequest` - A request with the data to be signed in the dynamic part of the request (which can be changed from the time the request was created). 
+3. `DynamicPayloadApprovedCustomRequest` - A request with the data to be signed in the dynamic part of the request that also requires `explicit` approval from the users. This requires the use of a Human Readable object in the authorized payload to ensure the details shown to an approver at approval time can be verified against the signing data added to the request dynamically later.
+
+### Basic Contract Test Validation

package/dist/cjs/contracts/BaseContract.d.ts

@@ -0,0 +1,47 @@
+import { Policy } from "../models/Policy";
+import BaseTideRequest from "../models/TideRequest";
+import { TideMemory } from "../utils/TideMemory";
+interface PolicyRunResult {
+    failed?: unknown;
+    success: boolean;
+}
+export declare abstract class BaseContract {
+    abstract id: string;
+    private tideRequest;
+    private dokens;
+    protected authorizedRequestPayload: TideMemory;
+    protected informationalRequestPayload: TideMemory;
+    /**
+     * Inheritors must implement this
+     * @param policy Policy object
+     */
+    protected abstract validateData(policy: Policy): Promise<void>;
+    /**
+     * Inheritors must implement this if the policy has set it's approvalType to EXPLICIT
+     * @param policy Policy object
+     * @param approverDokens Approver Dokens
+     */
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
+    /**
+     * Inheritors must implement this if the policy has set it's executionType to PRIVATE
+     * @param policy Policy object
+     * @param executorDoken Executor Doken
+     */
+    protected validateExecutor(policy: Policy, executorDoken: Doken): Promise<void>;
+    /**
+     * To help with clients testing if their Tide Request will pass their contract's specified contract
+     * @param policy Serialized policy from Tide
+     * @returns
+     */
+    testPolicy(policy: Uint8Array | Policy, executorDoken?: string | undefined): Promise<PolicyRunResult>;
+    constructor(tideRequest: Uint8Array | BaseTideRequest);
+}
+export declare class Doken {
+    private payload;
+    constructor(d: Uint8Array | string);
+    hasResourceAccessRole(role: string, client: string): boolean;
+    hasRealmAccessRole(role: string): boolean;
+    hasVuid(vuid: string): boolean;
+}
+export {};
+//# sourceMappingURL=BaseContract.d.ts.map

package/dist/cjs/contracts/BaseContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/BaseContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAA+B,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,eAAe,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,UAAU,eAAe;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAA;CACnB;AAED,8BAAsB,YAAY;IAC9B,SAAgB,EAAE,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,MAAM,CAAe;IAC7B,SAAS,CAAC,wBAAwB,EAAE,UAAU,CAAC;IAC/C,SAAS,CAAC,2BAA2B,EAAE,UAAU,CAAC;IAElD;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAE9D;;;;OAIG;IACH,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAInF;;;;OAIG;IACH,SAAS,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/E;;;;OAIG;IACG,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,aAAa,GAAG,MAAM,GAAG,SAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;gBAsBtG,WAAW,EAAE,UAAU,GAAG,eAAe;CAaxD;AAKD,qBAAa,KAAK;IACd,OAAO,CAAC,OAAO,CAAM;gBACT,CAAC,EAAE,UAAU,GAAG,MAAM;IAuBlC,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAkB5D,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAazC,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAKjC"}

package/dist/{contracts → cjs/contracts}/BaseContract.js

@@ -8,23 +8,51 @@ const Policy_1 = require("../models/Policy");
 const TideRequest_1 = __importDefault(require("../models/TideRequest"));
 const Serialization_1 = require("../utils/Serialization");
 class BaseContract {
+    /**
+     * Inheritors must implement this if the policy has set it's approvalType to EXPLICIT
+     * @param policy Policy object
+     * @param approverDokens Approver Dokens
+     */
+    validateApprovers(policy, approverDokens) {
+        throw `validateApprovers not implemented`;
+    }
+    /**
+     * Inheritors must implement this if the policy has set it's executionType to PRIVATE
+     * @param policy Policy object
+     * @param executorDoken Executor Doken
+     */
+    validateExecutor(policy, executorDoken) {
+        throw `validateExecutor not implemented`;
+    }
     /**
      * To help with clients testing if their Tide Request will pass their contract's specified contract
      * @param policy Serialized policy from Tide
      * @returns
      */
-    async testPolicy(policy) {
-        const p = policy instanceof Uint8Array ? new Policy_1.Policy(policy) : policy;
+    async testPolicy(policy, executorDoken = null) {
+        const p = policy instanceof Uint8Array ? Policy_1.Policy.from(policy) : policy;
         if (p.contractId !== this.id)
             throw `Mismatch between policy provided's contract (${p.contractId}) and this contract's id (${this.id})`;
         if (p.modelId !== this.tideRequest.id() && p.modelId !== "any")
             throw `Mismatch between policy provided model id (${p.modelId}) and tide request id (${this.tideRequest.id()})`;
         try {
-            await this.test(p);
-            return true;
+            await this.validateData(p);
+            if (p.approvalType == Policy_1.ApprovalType.EXPLICIT)
+                await this.validateApprovers(p, this.dokens);
+            if (p.executionType == Policy_1.ExecutionType.PRIVATE) {
+                if (!executorDoken)
+                    throw `Policy as set it's execution type to PRIVATE. You must test this with the doken of the executor`;
+                await this.validateExecutor(p, new Doken(executorDoken));
+            }
+            return {
+                success: true
+            };
         }
         catch (ex) {
-            return false;
+            return {
+                success: false,
+                failed: ex
+            };
         }
     }
     constructor(tideRequest) {
@@ -47,7 +75,7 @@ class Doken {
         if (!d || d.length === 0) {
             throw new Error('Doken constructor: received empty or null Uint8Array');
         }
-        const tokenString = (0, Serialization_1.StringFromUint8Array)(d);
+        const tokenString = typeof d === "string" ? d : (0, Serialization_1.StringFromUint8Array)(d);
         const s = tokenString.split(".");
         if (s.length !== 3) {
             throw new Error(`Doken constructor: invalid token format. Expected 3 parts (header.payload.signature) but got ${s.length} parts in: "${tokenString.substring(0, 50)}..."`);
@@ -69,13 +97,13 @@ class Doken {
         if (!client)
             throw new Error('hasResourceAccessRole: client parameter is empty or undefined');
         if (!this.payload.resource_access) {
-            throw new Error(`hasResourceAccessRole: token payload does not contain 'resource_access' field. Available fields: ${Object.keys(this.payload).join(', ')}`);
+            return false;
         }
         if (!this.payload.resource_access[client]) {
-            throw new Error(`hasResourceAccessRole: client '${client}' not found in resource_access. Available clients: ${Object.keys(this.payload.resource_access).join(', ')}`);
+            return false;
         }
         if (!Array.isArray(this.payload.resource_access[client].roles)) {
-            throw new Error(`hasResourceAccessRole: 'roles' field for client '${client}' is not an array. Got type: ${typeof this.payload.resource_access[client].roles}`);
+            return false;
         }
         return this.payload.resource_access[client].roles.includes(role);
     }
@@ -83,10 +111,10 @@ class Doken {
         if (!role)
             throw new Error('hasRealmAccessRole: role parameter is empty or undefined');
         if (!this.payload.realm_access) {
-            throw new Error(`hasRealmAccessRole: token payload does not contain 'realm_access' field. Available fields: ${Object.keys(this.payload).join(', ')}`);
+            return false;
         }
         if (!Array.isArray(this.payload.realm_access.roles)) {
-            throw new Error(`hasRealmAccessRole: 'roles' field in realm_access is not an array. Got type: ${typeof this.payload.realm_access.roles}`);
+            return false;
         }
         return this.payload.realm_access.roles.includes(role);
     }

package/dist/cjs/contracts/BaseContract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseContract.js","sourceRoot":"","sources":["../../../src/contracts/BaseContract.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAuE;AACvE,wEAAoD;AACpD,0DAA8D;AAQ9D,MAAsB,YAAY;IAa9B;;;;OAIG;IACO,iBAAiB,CAAC,MAAc,EAAE,cAAuB;QAC/D,MAAM,mCAAmC,CAAC;IAC9C,CAAC;IAED;;;;OAIG;IACO,gBAAgB,CAAC,MAAc,EAAE,aAAoB;QAC3D,MAAM,kCAAkC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,MAA2B,EAAE,gBAAqC,IAAI;QACnF,MAAM,CAAC,GAAG,MAAM,YAAY,UAAU,CAAC,CAAC,CAAC,eAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACtE,IAAG,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,EAAE;YAAE,MAAM,gDAAgD,CAAC,CAAC,UAAU,6BAA6B,IAAI,CAAC,EAAE,GAAG,CAAC;QACvI,IAAG,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK;YAAE,MAAM,8CAA8C,CAAC,CAAC,OAAO,0BAA0B,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAA;QAC9K,IAAG,CAAC;YACA,MAAM,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAG,CAAC,CAAC,YAAY,IAAI,qBAAY,CAAC,QAAQ;gBAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACzF,IAAG,CAAC,CAAC,aAAa,IAAI,sBAAa,CAAC,OAAO,EAAC,CAAC;gBACzC,IAAG,CAAC,aAAa;oBAAE,MAAM,iGAAiG,CAAC;gBAC3H,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO;gBACH,OAAO,EAAE,IAAI;aAChB,CAAC;QACN,CAAC;QAAA,OAAM,EAAE,EAAC,CAAC;YACP,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;aACb,CAAC;QACN,CAAC;IACL,CAAC;IAED,YAAY,WAAyC;QAvD7C,WAAM,GAAY,EAAE,CAAC,CAAC,uBAAuB;QAwDjD,IAAI,CAAC,WAAW,GAAG,WAAW,YAAY,UAAU,CAAC,CAAC,CAAC,qBAAe,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACzG,IAAI,CAAC,wBAAwB,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;QACvD,IAAI,CAAC,2BAA2B,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;QAEhE,qBAAqB;QACrB,IAAI,GAAG,GAAG,EAAC,MAAM,EAAE,IAAI,UAAU,EAAE,EAAC,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,EAAC,CAAC;YACnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACxC,CAAC,EAAE,CAAC;QACR,CAAC;IACL,CAAC;CACJ;AAvED,oCAuEC;AAKD,MAAa,KAAK;IAEd,YAAY,CAAsB;QAC9B,IAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAA,oCAAoB,EAAC,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjC,IAAG,CAAC,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAC,MAAM,eAAe,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QAC/K,CAAC;QAED,IAAG,CAAC;YACA,MAAM,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAM,KAAK,EAAC,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qDAAqD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QACpL,CAAC;QAED,IAAG,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAC,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sEAAsE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACjH,CAAC;IACL,CAAC;IACD,qBAAqB,CAAC,IAAY,EAAE,MAAc;QAC9C,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACzF,IAAG,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAE7F,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAC,CAAC;YAC9B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,EAAC,CAAC;YACtC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,EAAC,CAAC;YAC3D,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,kBAAkB,CAAC,IAAY;QAC3B,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAEtF,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAC,CAAC;YAC3B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,EAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,IAAY;QAChB,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC1D,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC;IACtC,CAAC;CACJ;AA7DD,sBA6DC;AAGD,SAAS,eAAe,CAAC,KAAa;IAClC,IAAI,MAAM,GAAG,KAAK;SACb,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC;SACpB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE1B,QAAQ,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC;YACF,MAAM;QACV,KAAK,CAAC;YACF,MAAM,IAAI,IAAI,CAAC;YACf,MAAM;QACV,KAAK,CAAC;YACF,MAAM,IAAI,GAAG,CAAC;YACd,MAAM;QACV;YACI,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACD,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;AACL,CAAC;AACD,SAAS,gBAAgB,CAAC,KAAa;IACnC,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAEtD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClB,IAAI,GAAG,GAAG,GAAG,IAAI,CAAC;QACtB,CAAC;QAED,OAAO,GAAG,GAAG,IAAI,CAAC;IACtB,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}

package/dist/{contracts → cjs/contracts}/GenericRealmAccessThresholdRoleContract.d.ts

@@ -1,7 +1,8 @@
 import { Policy } from "../models/Policy";
-import { BaseContract } from "./BaseContract";
+import { BaseContract, Doken } from "./BaseContract";
 export declare class GenericRealmAccessThresholdRoleContract extends BaseContract {
+    protected validateData(policy: Policy): Promise<void>;
     id: string;
-    protected test(policy: Policy): Promise<void>;
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
 }
 //# sourceMappingURL=GenericRealmAccessThresholdRoleContract.d.ts.map

package/dist/cjs/contracts/GenericRealmAccessThresholdRoleContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericRealmAccessThresholdRoleContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/GenericRealmAccessThresholdRoleContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAErD,qBAAa,uCAAwC,SAAQ,YAAY;IACrE,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,EAAE,EAAE,MAAM,CAAuC;cACxC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ5F"}

package/dist/{contracts → cjs/contracts}/GenericRealmAccessThresholdRoleContract.js

@@ -7,9 +7,13 @@ class GenericRealmAccessThresholdRoleContract extends BaseContract_1.BaseContrac
         super(...arguments);
         this.id = "GenericRealmAccessThresholdRole:1";
     }
-    async test(policy) {
+    validateData(policy) {
+        console.warn("Validate Data not implemented!");
+        return;
+    }
+    async validateApprovers(policy, approverDokens) {
         let successfulDokens = 0;
-        this.dokens.forEach(d => {
+        approverDokens.forEach(d => {
             if (d.hasRealmAccessRole(policy.params.getParameter("role")))
                 successfulDokens++;
         });

package/dist/cjs/contracts/GenericRealmAccessThresholdRoleContract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericRealmAccessThresholdRoleContract.js","sourceRoot":"","sources":["../../../src/contracts/GenericRealmAccessThresholdRoleContract.ts"],"names":[],"mappings":";;;AACA,iDAAqD;AAErD,MAAa,uCAAwC,SAAQ,2BAAY;IAAzE;;QAKW,OAAE,GAAW,mCAAmC,CAAC;IAS5D,CAAC;IAba,YAAY,CAAC,MAAc;QACjC,OAAO,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC/C,OAAO;IACX,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,cAAuB;QACrE,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACvB,IAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,MAAM,CAAC,CAAC;gBAAE,gBAAgB,EAAE,CAAC;QAC5F,CAAC,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,WAAW,CAAC,CAAC;QAClE,IAAG,gBAAgB,GAAG,SAAS;YAAE,MAAM,0DAA0D,CAAC;IACtG,CAAC;CACJ;AAdD,0FAcC"}

package/dist/{contracts → cjs/contracts}/GenericResourceAccessThresholdRoleContract.d.ts

@@ -1,7 +1,8 @@
 import { Policy } from "../models/Policy";
-import { BaseContract } from "./BaseContract";
+import { BaseContract, Doken } from "./BaseContract";
 export declare class GenericResourceAccessThresholdRoleContract extends BaseContract {
     id: string;
-    protected test(policy: Policy): Promise<void>;
+    protected validateData(policy: Policy): Promise<void>;
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
 }
 //# sourceMappingURL=GenericResourceAccessThresholdRoleContract.d.ts.map

package/dist/cjs/contracts/GenericResourceAccessThresholdRoleContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericResourceAccessThresholdRoleContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/GenericResourceAccessThresholdRoleContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAErD,qBAAa,0CAA2C,SAAQ,YAAY;IACjE,EAAE,EAAE,MAAM,CAA0C;IAC3D,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;cAIrC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ5F"}