kavachos 0.0.3 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/a2a/index.d.ts +2341 -0
- package/dist/a2a/index.js +821 -0
- package/dist/a2a/index.js.map +1 -0
- package/dist/agent/index.d.ts +3 -3
- package/dist/agent/index.js +3 -2
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/index.js +2 -2
- package/dist/auth/index.d.ts +490 -92
- package/dist/auth/index.js +3 -2
- package/dist/chunk-3AZDFCQF.js +186 -0
- package/dist/chunk-3AZDFCQF.js.map +1 -0
- package/dist/{chunk-SJGSPIAD.js → chunk-4CANWZWP.js} +3 -3
- package/dist/{chunk-SJGSPIAD.js.map → chunk-4CANWZWP.js.map} +1 -1
- package/dist/{chunk-KL6XW4S4.js → chunk-62P5FJ34.js} +2375 -633
- package/dist/chunk-62P5FJ34.js.map +1 -0
- package/dist/chunk-ELGG2VW2.js +538 -0
- package/dist/chunk-ELGG2VW2.js.map +1 -0
- package/dist/{chunk-5DT4DN4Y.js → chunk-IS5FRKIS.js} +13 -13
- package/dist/chunk-IS5FRKIS.js.map +1 -0
- package/dist/{chunk-V66UUIA7.js → chunk-KNNJ4COO.js} +92 -3
- package/dist/chunk-KNNJ4COO.js.map +1 -0
- package/dist/{chunk-OVGNZ5OX.js → chunk-O7VQ2LQE.js} +6 -6
- package/dist/chunk-O7VQ2LQE.js.map +1 -0
- package/dist/index.d.ts +138 -5
- package/dist/index.js +564 -29
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.d.ts +2 -2
- package/dist/mcp/index.js +11 -15
- package/dist/mcp/index.js.map +1 -1
- package/dist/permission/index.d.ts +3 -3
- package/dist/permission/index.js +3 -2
- package/dist/{types-Xk83hv4O.d.ts → types-BTui0HQU.d.ts} +1763 -98
- package/dist/vc/index.d.ts +800 -0
- package/dist/vc/index.js +5 -0
- package/dist/vc/index.js.map +1 -0
- package/package.json +17 -1
- package/dist/chunk-5DT4DN4Y.js.map +0 -1
- package/dist/chunk-KL6XW4S4.js.map +0 -1
- package/dist/chunk-OVGNZ5OX.js.map +0 -1
- package/dist/chunk-V66UUIA7.js.map +0 -1
- package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
export { createAgentModule } from './agent/index.js';
|
|
2
|
-
import { D as Database, a as DatabaseConfig, b as DelegateInput, P as Permission, c as DelegationChain, d as DidDocument, e as DidKeyPair, f as DidWebConfig,
|
|
3
|
-
export {
|
|
2
|
+
import { D as Database, a as DatabaseConfig, b as DelegateInput, P as Permission, c as DelegationChain, d as DidDocument, e as DidKeyPair, f as DidWebConfig, g as AgentDid, S as SignedPayload, V as VerificationResult, K as KavachConfig, C as CreateAgentInput, A as AgentIdentity, h as AgentFilter, U as UpdateAgentInput, i as AuthorizeRequest, R as RequestContext, j as AuthorizeResult, k as AuditFilter, l as AuditEntry, m as AuditExportOptions, M as McpServerInput, n as McpServer, o as ResolvedUser, p as SessionManager, q as ApprovalRequest, r as MagicLinkModule, E as EmailOtpModule, T as TotpModule, s as PasskeyModule, O as OrgModule, t as SsoModule, u as AdminModule, v as ApiKeyManagerModule, w as UsernameAuthModule, x as PasswordResetModule, y as EmailVerificationModule, z as OneTimeTokenModule, B as SessionFreshnessModule, F as PhoneAuthModule, G as CaptchaModule, W as WebhookModule$1, H as RedirectChainManager, I as PluginEndpoint, J as EndpointContext, L as KavachPlugin, N as SessionConfig, Q as Session } from './types-BTui0HQU.js';
|
|
3
|
+
export { X as AdminConfig, Y as AdminUser, Z as AgentConfig, _ as ApiKey, $ as ApiKeyManagerConfig, a0 as ApprovalConfig, a1 as ApprovalModule, a2 as AuthAdapter, a3 as CaptchaConfig, a4 as CaptchaVerifyResult, a5 as CreateTokenInput, a6 as D1DatabaseBinding, a7 as EmailOtpConfig, a8 as EmailVerificationConfig, a9 as KavachHooks, aa as KavachInstance, ab as MagicLinkConfig, ac as McpMiddleware, ad as OidcProvider, ae as OneTimeTokenConfig, af as OneTimeTokenPurpose, ag as OrgConfig, ah as OrgInvitation, ai as OrgMember, aj as OrgRole, ak as Organization, al as PasskeyConfig, am as PasskeyCredential, an as PasswordResetConfig, ao as PermissionConstraints, ap as PhoneAuthConfig, aq as PluginContext, ar as PluginInitResult, as as RedirectChainState, at as RedirectConfig, au as RedirectEntry, av as RevokeTokensResult, aw as SSO_ERROR, ax as SamlProvider, ay as ServiceEndpoint, az as SessionFreshnessConfig, aA as SsoAuditEvent, aB as SsoConfig, aC as SsoConnection, aD as SsoError, aE as TokenValidationResult, aF as TotpConfig, aG as TotpSetup, aH as UsernameAuthConfig, aI as ValidateTokenResult, aJ as VerificationMethod, aK as agentCards, aL as agentDids, aM as agents, aN as apiKeysTable, aO as approvalRequests, aP as auditLogs, aQ as budgetPolicies, aR as classifyViolation, aS as createAdminModule, aT as createApiKeyManagerModule, aU as createApprovalModule, aV as createCaptchaModule, aW as createDatabase, aX as createDatabaseSync, aY as createEmailOtpModule, aZ as createEmailVerificationModule, a_ as createMagicLinkModule, a$ as createOneTimeTokenModule, b0 as createOrgModule, b1 as createPasskeyModule, b2 as createPasswordResetModule, b3 as createPhoneAuthModule, b4 as createRedirectChain, b5 as createSessionFreshnessModule, b6 as createSessionManager, b7 as createSsoModule, b8 as createTotpModule, b9 as createUsernameAuthModule, ba as delegationChains, bb as emailOtps, bc as magicLinks, bd as mcpServers, be as oauthAccessTokens, bf as oauthAuthorizationCodes, bg as oauthClients, bh as orgInvitations, bi as orgMembers, bj as orgRoles, bk as organizations, bl as passkeyChallenges, bm as passkeyCredentials, bn as permissions, bo as rateLimits, bp as sessions, bq as ssoConnections, br as tenants, bs as totpRecords, bt as trustScores, bu as users } from './types-BTui0HQU.js';
|
|
4
4
|
export { createAuditModule } from './audit/index.js';
|
|
5
|
-
export { AccessTokenClaims, AdditionalFieldsConfig, AdditionalFieldsModule, AnonymousAuthConfig, AnonymousAuthModule, AuthorizeParams, BearerAuthOptions, CheckoutOptions,
|
|
5
|
+
export { AccessTokenClaims, AdditionalFieldsConfig, AdditionalFieldsModule, AnonymousAuthConfig, AnonymousAuthModule, AuthorizeParams, BearerAuthOptions, BudgetCheckResult, CheckParams, CheckResult, CheckoutOptions, CostAlert, CostAttributionConfig, CostAttributionModule, CostReport, CreateEphemeralSessionInput, CustomSessionConfig, CustomSessionModule, DeleteOptions, DeleteResult, DeviceAuthConfig, DeviceAuthModule, DeviceAuthStatus, DeviceCodeResponse, EVENT_TYPES, EndpointGroup, EphemeralSession, EphemeralSessionConfig, EphemeralSessionModule, EphemeralSessionValidateResult, EventStreamConfig, EventStreamModule, EventType, ExpandParams, FederatedAgent, FederationConfig, FederationModule, FederationToken, FederationWellKnown, FieldDefinition, GdprModule, GetUserClaimsFn, GoogleUser, HeaderAuthOptions, HibpApiError, HibpBreachedError, HibpConfig, HibpModule, InstanceIdentity, IssueFederationTokenInput, JsonWebKeySet, JwtSessionConfig, JwtSessionModule, LastLoginConfig, LastLoginModule, ListObjectsParams, ListSubjectsParams, LoginEvent, LoginMethod, OAuthProxyConfig, OAuthProxyError, OAuthProxyModule, OAuthProxyPluginConfig, OidcClient, OidcDiscoveryDocument, OidcProviderConfig, OidcProviderModule, OneTapConfig, OneTapModule, OneTapVerifyError, OpenApiComponents, OpenApiConfig, OpenApiDocument, OpenApiInfo, OpenApiMediaType, OpenApiModule, OpenApiOperation, OpenApiParameter, OpenApiPathItem, OpenApiRequestBody, OpenApiResponse, OpenApiSchema, OpenApiSecurityRequirement, OpenApiSecurityScheme, OpenApiServer, PermissionRuleSet, PolarConfig, PolarModule, PolarSubscription, ProxyTokens, RateLimitConfig, RateLimitMiddlewareOptions, RateLimitResult, RateLimiter, ReBACConfig, ReBACModule, RecordCostInput, RecordLoginInput, RegisterClientInput, Relationship, ResourceNode, ScimConfig, ScimGroup, ScimModule, ScimUser, SessionTokens, SessionUser, SiweConfig, SiweModule, SiweVerifyResult, StreamEvent, StripeConfig, StripeModule, SubscriptionInfo, TokenParams, TokenResponse, TrustLevel, TrustedDevice, TrustedDeviceConfig, TrustedDeviceModule, TrustedInstance, TwoFactorConfig, UserDataExport, UserInfoClaims, ValidationResult, VerifiedSession, additionalFields, admin, anonymousAuth, apiKeys, bearerAuth, createAdditionalFieldsModule, createAnonymousAuthModule, createCostAttributionModule, createCustomSessionModule, createDeviceAuthModule, createEphemeralSessionModule, createEventStreamModule, createFederationModule, createGdprModule, createHibpModule, createJwtSessionModule, createLastLoginModule, createOAuthProxyModule, createOidcProviderModule, createOneTapModule, createOpenApiModule, createPolarModule, createRateLimiter, createReBACModule, createScimModule, createSiweModule, createStripeModule, createTrustedDeviceModule, customAuth, customSession, deviceAuth, deviceLabelFromRequest, emailOtp, gdpr, headerAuth, magicLink, oauthProxy, oneTap, organization, passkey, polar, scim, siwe, stripe, twoFactor, withRateLimit } from './auth/index.js';
|
|
6
6
|
export { PermissionTemplateName, createPermissionEngine, getPermissionTemplate, permissionTemplates } from './permission/index.js';
|
|
7
|
+
export { CredentialFormat, CredentialStatus, CredentialStatusSchema, CredentialSubject, CredentialSubjectSchema, DelegationLink, ExtractedPermissions, IssueAgentCredentialInput, IssueDelegationCredentialInput, IssuePermissionCredentialInput, KAVACH_AGENT_CREDENTIAL, KAVACH_DELEGATION_CREDENTIAL, KAVACH_PERMISSION_CREDENTIAL, Proof, ProofSchema, VCIssuer, VCIssuerConfig, VCJwtPayload, VCVerifier, VCVerifierConfig, VC_CONTEXT_V1, VC_CONTEXT_V2, VC_TYPE_CREDENTIAL, VC_TYPE_PRESENTATION, VerifiableCredential, VerifiableCredentialSchema, VerifiablePresentation, VerifiablePresentationSchema, VerifiedCredential, VerifiedPresentation, createVCIssuer, createVCVerifier } from './vc/index.js';
|
|
7
8
|
import 'drizzle-orm/better-sqlite3';
|
|
8
9
|
import 'drizzle-orm/sqlite-core';
|
|
9
|
-
import './types-
|
|
10
|
+
import './types-BuHrZcjE.js';
|
|
10
11
|
import 'zod';
|
|
11
12
|
import 'jose';
|
|
12
13
|
|
|
@@ -55,6 +56,60 @@ declare function createPrivilegeAnalyzer(db: Database): {
|
|
|
55
56
|
};
|
|
56
57
|
type PrivilegeAnalyzer = ReturnType<typeof createPrivilegeAnalyzer>;
|
|
57
58
|
|
|
59
|
+
/**
|
|
60
|
+
* Web Crypto API utilities for KavachOS.
|
|
61
|
+
*
|
|
62
|
+
* This module uses ONLY the Web Crypto API (globalThis.crypto) which is
|
|
63
|
+
* available natively in Cloudflare Workers, Deno, Bun, and Node 20+.
|
|
64
|
+
* No `node:crypto` imports are used, making the core package edge-compatible.
|
|
65
|
+
*/
|
|
66
|
+
/** Encode a Uint8Array as a lowercase hex string. */
|
|
67
|
+
declare function toHex(bytes: Uint8Array): string;
|
|
68
|
+
/** Decode a hex string into a Uint8Array. */
|
|
69
|
+
declare function fromHex(hex: string): Uint8Array;
|
|
70
|
+
/** Encode a Uint8Array as a base64url string (no padding). */
|
|
71
|
+
declare function toBase64Url(bytes: Uint8Array): string;
|
|
72
|
+
/** Decode a base64url string into a Uint8Array. */
|
|
73
|
+
declare function fromBase64Url(b64: string): Uint8Array;
|
|
74
|
+
/** Generate a v4 UUID using the globally available crypto.randomUUID(). */
|
|
75
|
+
declare function generateId(): string;
|
|
76
|
+
/** Generate cryptographically secure random bytes as a Uint8Array. */
|
|
77
|
+
declare function randomBytes(length: number): Uint8Array;
|
|
78
|
+
/** Generate cryptographically secure random bytes as a hex string. */
|
|
79
|
+
declare function randomBytesHex(length: number): string;
|
|
80
|
+
/** SHA-256 hash, returns hex string. */
|
|
81
|
+
declare function sha256(data: string | Uint8Array): Promise<string>;
|
|
82
|
+
/** SHA-256 hash, returns Uint8Array. */
|
|
83
|
+
declare function sha256Raw(data: string | Uint8Array): Promise<Uint8Array>;
|
|
84
|
+
/** SHA-1 hash, returns hex string. Needed for HIBP k-anonymity. */
|
|
85
|
+
declare function sha1(data: string | Uint8Array): Promise<string>;
|
|
86
|
+
/** Import a secret key for HMAC operations. */
|
|
87
|
+
declare function importHmacKey(key: string | Uint8Array, hash?: "SHA-256" | "SHA-1"): Promise<CryptoKey>;
|
|
88
|
+
/** HMAC-SHA256 sign, returns hex string. */
|
|
89
|
+
declare function hmacSha256(key: string | Uint8Array, data: string | Uint8Array): Promise<string>;
|
|
90
|
+
/** HMAC-SHA256 sign, returns Uint8Array. */
|
|
91
|
+
declare function hmacSha256Raw(key: string | Uint8Array, data: string | Uint8Array): Promise<Uint8Array>;
|
|
92
|
+
/** HMAC-SHA1 sign, returns Uint8Array (needed for TOTP per RFC 6238). */
|
|
93
|
+
declare function hmacSha1Raw(key: Uint8Array, data: Uint8Array): Promise<Uint8Array>;
|
|
94
|
+
/**
|
|
95
|
+
* Hash a password using PBKDF2-SHA256.
|
|
96
|
+
*
|
|
97
|
+
* Returns a string in the format: `pbkdf2:iterations:salt_hex:hash_hex`
|
|
98
|
+
* which is safe to store in the database.
|
|
99
|
+
*/
|
|
100
|
+
declare function pbkdf2Hash(password: string, salt?: Uint8Array, iterations?: number): Promise<string>;
|
|
101
|
+
/**
|
|
102
|
+
* Verify a password against a stored PBKDF2 hash.
|
|
103
|
+
*
|
|
104
|
+
* Supports the `pbkdf2:iterations:salt:hash` format produced by `pbkdf2Hash`.
|
|
105
|
+
*/
|
|
106
|
+
declare function pbkdf2Verify(password: string, stored: string): Promise<boolean>;
|
|
107
|
+
/**
|
|
108
|
+
* Constant-time comparison of two Uint8Arrays.
|
|
109
|
+
* Returns false immediately if lengths differ (length is not secret).
|
|
110
|
+
*/
|
|
111
|
+
declare function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
112
|
+
|
|
58
113
|
/**
|
|
59
114
|
* Create all KavachOS tables if they do not already exist.
|
|
60
115
|
*
|
|
@@ -660,6 +715,63 @@ declare function createKavach(config: KavachConfig): Promise<{
|
|
|
660
715
|
* ```
|
|
661
716
|
*/
|
|
662
717
|
username: UsernameAuthModule | null;
|
|
718
|
+
/**
|
|
719
|
+
* Password reset (forgot password + reset password).
|
|
720
|
+
*
|
|
721
|
+
* Null when `passwordReset` config was not provided or `auth.session`
|
|
722
|
+
* is not configured.
|
|
723
|
+
*
|
|
724
|
+
* @example
|
|
725
|
+
* ```typescript
|
|
726
|
+
* // In your route handler
|
|
727
|
+
* const response = await kavach.passwordReset?.handleRequest(request);
|
|
728
|
+
* if (response) return response;
|
|
729
|
+
*
|
|
730
|
+
* // Or programmatically
|
|
731
|
+
* await kavach.passwordReset?.requestReset('alice@example.com');
|
|
732
|
+
* await kavach.passwordReset?.resetPassword(token, 'new-password');
|
|
733
|
+
* ```
|
|
734
|
+
*/
|
|
735
|
+
passwordReset: PasswordResetModule | null;
|
|
736
|
+
/**
|
|
737
|
+
* Email address verification.
|
|
738
|
+
*
|
|
739
|
+
* Null when `emailVerification` config was not provided.
|
|
740
|
+
*
|
|
741
|
+
* @example
|
|
742
|
+
* ```typescript
|
|
743
|
+
* // Send a verification email after sign-up
|
|
744
|
+
* await kavach.emailVerification?.sendVerification(userId, email);
|
|
745
|
+
*
|
|
746
|
+
* // Confirm from the link in the email
|
|
747
|
+
* const result = await kavach.emailVerification?.verify(token);
|
|
748
|
+
*
|
|
749
|
+
* // Check status
|
|
750
|
+
* const verified = await kavach.emailVerification?.isVerified(userId);
|
|
751
|
+
* ```
|
|
752
|
+
*/
|
|
753
|
+
emailVerification: EmailVerificationModule | null;
|
|
754
|
+
/**
|
|
755
|
+
* One-time tokens (email verify, password reset, invitations, custom).
|
|
756
|
+
*
|
|
757
|
+
* Always available. Used internally by password reset but exposed for
|
|
758
|
+
* custom flows (email verification, invitation links, etc.).
|
|
759
|
+
*/
|
|
760
|
+
oneTimeTokens: OneTimeTokenModule;
|
|
761
|
+
/**
|
|
762
|
+
* Session freshness enforcement for sensitive operations.
|
|
763
|
+
*
|
|
764
|
+
* Use as middleware before password changes, passkey registration,
|
|
765
|
+
* billing updates, or any action that requires a recently-authenticated
|
|
766
|
+
* session rather than an auto-refreshed one.
|
|
767
|
+
*
|
|
768
|
+
* @example
|
|
769
|
+
* ```typescript
|
|
770
|
+
* const stale = kavach.sessionFreshness.guard(session);
|
|
771
|
+
* if (stale) return stale; // 403 SESSION_NOT_FRESH
|
|
772
|
+
* ```
|
|
773
|
+
*/
|
|
774
|
+
sessionFreshness: SessionFreshnessModule;
|
|
663
775
|
/**
|
|
664
776
|
* Phone number (SMS OTP) authentication.
|
|
665
777
|
*
|
|
@@ -696,6 +808,27 @@ declare function createKavach(config: KavachConfig): Promise<{
|
|
|
696
808
|
* ```
|
|
697
809
|
*/
|
|
698
810
|
webhooks: WebhookModule$1 | null;
|
|
811
|
+
/**
|
|
812
|
+
* Redirect chain manager.
|
|
813
|
+
*
|
|
814
|
+
* Capture the user's original destination before auth redirects, push
|
|
815
|
+
* intermediate steps (onboarding, email verification), and pop them
|
|
816
|
+
* back in order. Cookie-based, works across page transitions and tabs.
|
|
817
|
+
*
|
|
818
|
+
* @example
|
|
819
|
+
* ```typescript
|
|
820
|
+
* // In auth middleware — save where the user was going
|
|
821
|
+
* const setCookie = kavach.redirects.capture(request);
|
|
822
|
+
* return new Response(null, { status: 302, headers: { Location: '/sign-in', 'Set-Cookie': setCookie } });
|
|
823
|
+
*
|
|
824
|
+
* // After sign-in — send user to their original destination
|
|
825
|
+
* const { url, clearCookie } = kavach.redirects.pop(request);
|
|
826
|
+
* const headers: Record<string, string> = { Location: url };
|
|
827
|
+
* if (clearCookie) headers['Set-Cookie'] = clearCookie;
|
|
828
|
+
* return new Response(null, { status: 302, headers });
|
|
829
|
+
* ```
|
|
830
|
+
*/
|
|
831
|
+
redirects: RedirectChainManager;
|
|
699
832
|
/**
|
|
700
833
|
* Plugin system.
|
|
701
834
|
*
|
|
@@ -1348,4 +1481,4 @@ declare function createWebhookModule(config: WebhookConfig): WebhookModule;
|
|
|
1348
1481
|
*/
|
|
1349
1482
|
declare function verifyWebhookSignature(secret: string, rawBody: string, signature: string): Promise<boolean>;
|
|
1350
1483
|
|
|
1351
|
-
export { AdminModule, AgentDid, AgentFilter, AgentIdentity, ApiKeyManagerModule, ApprovalRequest, AuditEntry, AuditExportOptions, AuditFilter, AuthorizeRequest, AuthorizeResult, type BudgetLimits, type BudgetPolicy, type BudgetUsage, CaptchaModule, type CookieOptions, type CookieSessionConfig, type CookieSessionManager, CreateAgentInput, type CreatePolicyInput, type CreateSessionResult, type CreateTenantInput, type CsrfValidationResult, Database, DelegateInput, DelegationChain, DidDocument, DidKeyPair, type DidModule, DidWebConfig, EmailOtpModule, type EmailTemplate, type EmailTemplateConfig, type EmailTemplateName, type EmailTemplates, EndpointContext, type I18nConfig, type I18nModule, type Kavach, KavachConfig, KavachPlugin, MagicLinkModule, McpServer, McpServerInput, type MultiSessionConfig, MultiSessionLimitError, type MultiSessionModule, OrgModule, PasskeyModule, Permission, PhoneAuthModule, PluginEndpoint, type PluginRegistry, type PolicyFilters, type PrivilegeAnalysis, type PrivilegeAnalyzer, type PrivilegeFinding, type PrivilegeSummary, ResolvedUser, type SameSite, Session, SessionConfig, type SessionInfo, SessionManager, SignedPayload, SsoModule, type Tenant, type TenantSettings, TotpModule, type TranslationKeys, type TrustConfig, type TrustModule, type TrustScore, UpdateAgentInput, UsernameAuthModule, type ValidateSessionResult, VerificationResult, type WebhookConfig, type WebhookEvent, type WebhookModule, type WebhookSubscription, buildDidDocument, buildSessionMetadata, createCookieSessionManager, createDelegationModule, createDidModule, createEmailTemplates, createI18n, createKavach, createMultiSessionModule, createPluginRouter, createPolicyModule, createPresentation, createPrivilegeAnalyzer, createTables, createTenantModule, createTrustModule, createWebhookModule, de, en, es, fr, generateCsrfToken, generateDidKey, generateDidWeb, generateOpenAPISpec, getCookie, getDidWebUrl, initializePlugins, ja, parseCookies, parseCookiesFromRequest, resolveDidKey, resolveDidWeb, serializeCookie, serializeCookieDeletion, signPayload, validateCsrfToken, validateOrigin, verifyPayload, verifyPresentation, verifyWebhookSignature, zh };
|
|
1484
|
+
export { AdminModule, AgentDid, AgentFilter, AgentIdentity, ApiKeyManagerModule, ApprovalRequest, AuditEntry, AuditExportOptions, AuditFilter, AuthorizeRequest, AuthorizeResult, type BudgetLimits, type BudgetPolicy, type BudgetUsage, CaptchaModule, type CookieOptions, type CookieSessionConfig, type CookieSessionManager, CreateAgentInput, type CreatePolicyInput, type CreateSessionResult, type CreateTenantInput, type CsrfValidationResult, Database, DatabaseConfig, DelegateInput, DelegationChain, DidDocument, DidKeyPair, type DidModule, DidWebConfig, EmailOtpModule, type EmailTemplate, type EmailTemplateConfig, type EmailTemplateName, type EmailTemplates, EmailVerificationModule, EndpointContext, type I18nConfig, type I18nModule, type Kavach, KavachConfig, KavachPlugin, MagicLinkModule, McpServer, McpServerInput, type MultiSessionConfig, MultiSessionLimitError, type MultiSessionModule, OneTimeTokenModule, OrgModule, PasskeyModule, PasswordResetModule, Permission, PhoneAuthModule, PluginEndpoint, type PluginRegistry, type PolicyFilters, type PrivilegeAnalysis, type PrivilegeAnalyzer, type PrivilegeFinding, type PrivilegeSummary, RedirectChainManager, ResolvedUser, type SameSite, Session, SessionConfig, SessionFreshnessModule, type SessionInfo, SessionManager, SignedPayload, SsoModule, type Tenant, type TenantSettings, TotpModule, type TranslationKeys, type TrustConfig, type TrustModule, type TrustScore, UpdateAgentInput, UsernameAuthModule, type ValidateSessionResult, VerificationResult, type WebhookConfig, type WebhookEvent, type WebhookModule, type WebhookSubscription, buildDidDocument, buildSessionMetadata, constantTimeEqual, createCookieSessionManager, createDelegationModule, createDidModule, createEmailTemplates, createI18n, createKavach, createMultiSessionModule, createPluginRouter, createPolicyModule, createPresentation, createPrivilegeAnalyzer, createTables, createTenantModule, createTrustModule, createWebhookModule, de, en, es, fr, fromBase64Url, fromHex, generateCsrfToken, generateDidKey, generateDidWeb, generateId, generateOpenAPISpec, getCookie, getDidWebUrl, hmacSha1Raw, hmacSha256, hmacSha256Raw, importHmacKey, initializePlugins, ja, parseCookies, parseCookiesFromRequest, pbkdf2Hash, pbkdf2Verify, randomBytes, randomBytesHex, resolveDidKey, resolveDidWeb, serializeCookie, serializeCookieDeletion, sha1, sha256, sha256Raw, signPayload, toBase64Url, toHex, validateCsrfToken, validateOrigin, verifyPayload, verifyPresentation, verifyWebhookSignature, zh };
|