gdc-common-utils-ts 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -1
- package/dist/constants/actor-session.d.ts +40 -0
- package/dist/constants/actor-session.js +40 -0
- package/dist/constants/index.d.ts +1 -0
- package/dist/constants/index.js +1 -0
- package/dist/models/actor-session.d.ts +9 -0
- package/dist/models/actor-session.js +3 -0
- package/dist/models/did.d.ts +2 -1
- package/dist/models/index.d.ts +1 -0
- package/dist/models/index.js +1 -0
- package/dist/utils/communication-identity.d.ts +22 -3
- package/dist/utils/communication-identity.js +8 -1
- package/dist/utils/did-resolution.d.ts +2 -1
- package/dist/utils/did-resolution.js +6 -5
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -131,6 +131,8 @@ The canonical API contract should live in JSDoc on exported code. The README act
|
|
|
131
131
|
### Communication / document utilities
|
|
132
132
|
|
|
133
133
|
- [`initializeCommunicationIdentity(...)`](src/utils/communication-identity.ts)
|
|
134
|
+
- bootstraps the technical communication profile identity for a device/app/channel runtime
|
|
135
|
+
- do not teach its `entityId` as if it were the legal organization id
|
|
134
136
|
- Derives the technical ML-DSA/ML-KEM communication identity for a device, portal, or app profile and returns JOSE header templates for `meta.jws.protected` and `meta.jwe.header`.
|
|
135
137
|
- Uses explicit `seedMaterial` for deterministic derivation. Without `seedMaterial`, it defaults to random generation. `mode = deterministic` requires `seedMaterial`.
|
|
136
138
|
- [`buildOrganizationDidWeb(...)`, `buildProfessionalDidWeb(...)`, `buildIndividualDidWeb(...)`](src/utils/did.ts)
|
|
@@ -208,7 +210,7 @@ The canonical API contract should live in JSDoc on exported code. The README act
|
|
|
208
210
|
- Shared route contexts, controller binding fragments, and reusable helper builders.
|
|
209
211
|
- `tenantId` is modeled as an identifier-like route token (`acme-id`), not as a friendly alternate name.
|
|
210
212
|
- [`docs/LIFECYCLE_101.md`](docs/LIFECYCLE_101.md)
|
|
211
|
-
- Copy/paste lifecycle guide
|
|
213
|
+
- Copy/paste lifecycle `101` guide with semantic rules and reusable placeholders.
|
|
212
214
|
|
|
213
215
|
## Documentation Naming Rules
|
|
214
216
|
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical actor-kind vocabulary shared across SDK packages.
|
|
3
|
+
*/
|
|
4
|
+
export declare const ActorKinds: Readonly<{
|
|
5
|
+
readonly HostOnboarding: "host_onboarding";
|
|
6
|
+
readonly OrganizationController: "organization_controller";
|
|
7
|
+
readonly OrganizationEmployee: "organization_employee";
|
|
8
|
+
readonly IndividualController: "individual_controller";
|
|
9
|
+
readonly IndividualMember: "individual_member";
|
|
10
|
+
readonly Professional: "professional";
|
|
11
|
+
}>;
|
|
12
|
+
/**
|
|
13
|
+
* Canonical capability vocabulary shared across SDK packages.
|
|
14
|
+
*/
|
|
15
|
+
export declare const ActorCapabilities: Readonly<{
|
|
16
|
+
readonly HostActivateOrganization: "host.activate_organization";
|
|
17
|
+
readonly HostConfirmOrder: "host.confirm_order";
|
|
18
|
+
readonly OrganizationCreateEmployee: "organization.create_employee";
|
|
19
|
+
readonly OrganizationDisableEmployee: "organization.disable_employee";
|
|
20
|
+
readonly OrganizationPurgeEmployee: "organization.purge_employee";
|
|
21
|
+
readonly OrganizationActivateDevice: "organization.activate_device";
|
|
22
|
+
readonly OrganizationIssueActivationCode: "organization.issue_activation_code";
|
|
23
|
+
readonly OrganizationRequestSmartToken: "organization.request_smart_token";
|
|
24
|
+
readonly IndividualBootstrap: "individual.bootstrap";
|
|
25
|
+
readonly IndividualDisable: "individual.disable";
|
|
26
|
+
readonly IndividualPurge: "individual.purge";
|
|
27
|
+
readonly IndividualImportIps: "individual.import_ips";
|
|
28
|
+
readonly IndividualGenerateDigitalTwin: "individual.generate_digital_twin";
|
|
29
|
+
readonly IndividualIngestCommunication: "individual.ingest_communication";
|
|
30
|
+
readonly IndividualUpsertRelatedPerson: "individual.upsert_related_person";
|
|
31
|
+
readonly IndividualMemberDisable: "individual_member.disable";
|
|
32
|
+
readonly IndividualMemberPurge: "individual_member.purge";
|
|
33
|
+
readonly ConsentGrantProfessionalAccess: "consent.grant_professional_access";
|
|
34
|
+
readonly ProfessionalMedication: "professional.medication";
|
|
35
|
+
readonly ProfessionalAppointment: "professional.appointment";
|
|
36
|
+
readonly ProfessionalRequestSmartToken: "professional.request_smart_token";
|
|
37
|
+
readonly TokenRequestSmart: "token.request_smart";
|
|
38
|
+
}>;
|
|
39
|
+
export type ActorKindsValue = typeof ActorKinds[keyof typeof ActorKinds];
|
|
40
|
+
export type ActorCapabilitiesValue = typeof ActorCapabilities[keyof typeof ActorCapabilities];
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
|
|
2
|
+
// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
|
|
3
|
+
/**
|
|
4
|
+
* Canonical actor-kind vocabulary shared across SDK packages.
|
|
5
|
+
*/
|
|
6
|
+
export const ActorKinds = Object.freeze({
|
|
7
|
+
HostOnboarding: 'host_onboarding',
|
|
8
|
+
OrganizationController: 'organization_controller',
|
|
9
|
+
OrganizationEmployee: 'organization_employee',
|
|
10
|
+
IndividualController: 'individual_controller',
|
|
11
|
+
IndividualMember: 'individual_member',
|
|
12
|
+
Professional: 'professional',
|
|
13
|
+
});
|
|
14
|
+
/**
|
|
15
|
+
* Canonical capability vocabulary shared across SDK packages.
|
|
16
|
+
*/
|
|
17
|
+
export const ActorCapabilities = Object.freeze({
|
|
18
|
+
HostActivateOrganization: 'host.activate_organization',
|
|
19
|
+
HostConfirmOrder: 'host.confirm_order',
|
|
20
|
+
OrganizationCreateEmployee: 'organization.create_employee',
|
|
21
|
+
OrganizationDisableEmployee: 'organization.disable_employee',
|
|
22
|
+
OrganizationPurgeEmployee: 'organization.purge_employee',
|
|
23
|
+
OrganizationActivateDevice: 'organization.activate_device',
|
|
24
|
+
OrganizationIssueActivationCode: 'organization.issue_activation_code',
|
|
25
|
+
OrganizationRequestSmartToken: 'organization.request_smart_token',
|
|
26
|
+
IndividualBootstrap: 'individual.bootstrap',
|
|
27
|
+
IndividualDisable: 'individual.disable',
|
|
28
|
+
IndividualPurge: 'individual.purge',
|
|
29
|
+
IndividualImportIps: 'individual.import_ips',
|
|
30
|
+
IndividualGenerateDigitalTwin: 'individual.generate_digital_twin',
|
|
31
|
+
IndividualIngestCommunication: 'individual.ingest_communication',
|
|
32
|
+
IndividualUpsertRelatedPerson: 'individual.upsert_related_person',
|
|
33
|
+
IndividualMemberDisable: 'individual_member.disable',
|
|
34
|
+
IndividualMemberPurge: 'individual_member.purge',
|
|
35
|
+
ConsentGrantProfessionalAccess: 'consent.grant_professional_access',
|
|
36
|
+
ProfessionalMedication: 'professional.medication',
|
|
37
|
+
ProfessionalAppointment: 'professional.appointment',
|
|
38
|
+
ProfessionalRequestSmartToken: 'professional.request_smart_token',
|
|
39
|
+
TokenRequestSmart: 'token.request_smart',
|
|
40
|
+
});
|
package/dist/constants/index.js
CHANGED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { ActorCapabilitiesValue, ActorKindsValue } from '../constants/actor-session';
|
|
2
|
+
/**
|
|
3
|
+
* Canonical actor kind shared across SDK packages.
|
|
4
|
+
*/
|
|
5
|
+
export type ActorKind = ActorKindsValue;
|
|
6
|
+
/**
|
|
7
|
+
* Canonical capability token shared across SDK packages.
|
|
8
|
+
*/
|
|
9
|
+
export type Capability = ActorCapabilitiesValue;
|
package/dist/models/did.d.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { PublicJwk } from "../interfaces/Cryptography.types";
|
|
2
2
|
import { RecipientPublicKey } from "./crypto";
|
|
3
3
|
import { JwkSet } from "./jwk";
|
|
4
|
+
import type { ActorKind } from "./actor-session";
|
|
5
|
+
export type { ActorKind } from "./actor-session";
|
|
4
6
|
/**
|
|
5
7
|
* The parameters required to construct a service endpoint selector.
|
|
6
8
|
* This is the contract for a specific API method to define its endpoint.
|
|
@@ -71,7 +73,6 @@ export interface VerificationMethod extends RecipientPublicKey {
|
|
|
71
73
|
controller: string;
|
|
72
74
|
publicKeyJwk: PublicJwk;
|
|
73
75
|
}
|
|
74
|
-
export type ActorKind = 'host_onboarding' | 'organization_controller' | 'organization_employee' | 'individual_controller' | 'individual_member' | 'professional';
|
|
75
76
|
export interface ResolvedServiceEndpoint {
|
|
76
77
|
id: string;
|
|
77
78
|
type: string;
|
package/dist/models/index.d.ts
CHANGED
package/dist/models/index.js
CHANGED
|
@@ -6,9 +6,21 @@ import { JwkKeyUses } from '../constants/cryptography';
|
|
|
6
6
|
export type CommunicationIdentityBootstrapMode = 'deterministic' | 'random';
|
|
7
7
|
export interface CommunicationIdentityBootstrapOptions {
|
|
8
8
|
/**
|
|
9
|
-
* Stable logical identifier of the
|
|
9
|
+
* Stable logical identifier of the technical communication profile.
|
|
10
10
|
*
|
|
11
|
-
* This is
|
|
11
|
+
* This is not the legal organization id, not the tenant id, and not the
|
|
12
|
+
* human controller identity.
|
|
13
|
+
*
|
|
14
|
+
* Treat it as the id of the technical channel/runtime/device profile that
|
|
15
|
+
* owns the communication keys for this app/service.
|
|
16
|
+
*
|
|
17
|
+
* Good examples:
|
|
18
|
+
* - `portal.acme.org:acme-id:web-channel`
|
|
19
|
+
* - `portal.acme.org:acme-id:backend-runtime`
|
|
20
|
+
* - `mobile.acme.app:user-42:device-primary`
|
|
21
|
+
*
|
|
22
|
+
* This value is metadata for the caller. It is not used as implicit seed
|
|
23
|
+
* material.
|
|
12
24
|
*/
|
|
13
25
|
entityId: string;
|
|
14
26
|
/**
|
|
@@ -114,10 +126,17 @@ export interface CommunicationIdentityBootstrapResult {
|
|
|
114
126
|
* human/person signing identity used for controller/professional/individual
|
|
115
127
|
* authorization decisions.
|
|
116
128
|
*
|
|
129
|
+
* Conceptual split:
|
|
130
|
+
* - `appId` identifies the application towards GW CORE headers/policy
|
|
131
|
+
* - `entityId` identifies the local technical communication profile that owns
|
|
132
|
+
* transport keys
|
|
133
|
+
* - controller/professional/subject DIDs identify domain actors
|
|
134
|
+
*
|
|
117
135
|
* The returned JOSE header templates match the current DIDComm metadata contract:
|
|
118
136
|
* `meta.jws.protected` and `meta.jwe.header`.
|
|
119
137
|
*
|
|
120
|
-
* @param options.entityId Stable logical identity of the
|
|
138
|
+
* @param options.entityId Stable logical identity of the technical
|
|
139
|
+
* communication profile or channel runtime.
|
|
121
140
|
* @param options.seedMaterial Explicit seed material for deterministic derivation.
|
|
122
141
|
* @param options.cryptography Stateless crypto engine implementation.
|
|
123
142
|
* @param options.mode Deterministic or random seed derivation mode.
|
|
@@ -11,10 +11,17 @@ import { CommunicationKeyPurposes, DefaultEncryptionCurves, DefaultSigningAlgori
|
|
|
11
11
|
* human/person signing identity used for controller/professional/individual
|
|
12
12
|
* authorization decisions.
|
|
13
13
|
*
|
|
14
|
+
* Conceptual split:
|
|
15
|
+
* - `appId` identifies the application towards GW CORE headers/policy
|
|
16
|
+
* - `entityId` identifies the local technical communication profile that owns
|
|
17
|
+
* transport keys
|
|
18
|
+
* - controller/professional/subject DIDs identify domain actors
|
|
19
|
+
*
|
|
14
20
|
* The returned JOSE header templates match the current DIDComm metadata contract:
|
|
15
21
|
* `meta.jws.protected` and `meta.jwe.header`.
|
|
16
22
|
*
|
|
17
|
-
* @param options.entityId Stable logical identity of the
|
|
23
|
+
* @param options.entityId Stable logical identity of the technical
|
|
24
|
+
* communication profile or channel runtime.
|
|
18
25
|
* @param options.seedMaterial Explicit seed material for deterministic derivation.
|
|
19
26
|
* @param options.cryptography Stateless crypto engine implementation.
|
|
20
27
|
* @param options.mode Deterministic or random seed derivation mode.
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import { ActorKind
|
|
1
|
+
import type { ActorKind } from '../models/actor-session';
|
|
2
|
+
import { DidDocument, DidResolutionResult, ResolvedServiceEndpoint } from '../models/did';
|
|
2
3
|
/**
|
|
3
4
|
* Service selection criteria used when resolving operational endpoints from a DID Document.
|
|
4
5
|
*/
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
|
|
2
|
+
import { ActorKinds } from '../constants/actor-session.js';
|
|
2
3
|
import { DiscoveryCapabilities, DidServiceIds } from '../constants/did-services.js';
|
|
3
4
|
function normalizeServiceEndpoint(service) {
|
|
4
5
|
const capability = inferCapabilityFromServiceId(service.id)
|
|
@@ -147,16 +148,16 @@ export function getActorKindFromDid(did) {
|
|
|
147
148
|
return 'unknown';
|
|
148
149
|
if (normalized.includes(':employee:')) {
|
|
149
150
|
return normalized.includes('resprsn') || normalized.includes('controller')
|
|
150
|
-
?
|
|
151
|
-
:
|
|
151
|
+
? ActorKinds.OrganizationController
|
|
152
|
+
: ActorKinds.Professional;
|
|
152
153
|
}
|
|
153
154
|
if (normalized.includes(':family:') || normalized.includes(':member:')) {
|
|
154
155
|
return normalized.includes('oneself') || normalized.includes('controller')
|
|
155
|
-
?
|
|
156
|
-
:
|
|
156
|
+
? ActorKinds.IndividualController
|
|
157
|
+
: ActorKinds.IndividualMember;
|
|
157
158
|
}
|
|
158
159
|
if (normalized.includes('host'))
|
|
159
|
-
return
|
|
160
|
+
return ActorKinds.HostOnboarding;
|
|
160
161
|
return 'unknown';
|
|
161
162
|
}
|
|
162
163
|
/**
|