kavachos 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/a2a/index.d.ts +2341 -0
  2. package/dist/a2a/index.js +821 -0
  3. package/dist/a2a/index.js.map +1 -0
  4. package/dist/agent/index.d.ts +3 -3
  5. package/dist/agent/index.js +3 -2
  6. package/dist/audit/index.d.ts +2 -2
  7. package/dist/audit/index.js +2 -2
  8. package/dist/auth/index.d.ts +490 -92
  9. package/dist/auth/index.js +3 -2
  10. package/dist/chunk-3AZDFCQF.js +186 -0
  11. package/dist/chunk-3AZDFCQF.js.map +1 -0
  12. package/dist/{chunk-SJGSPIAD.js → chunk-4CANWZWP.js} +3 -3
  13. package/dist/{chunk-SJGSPIAD.js.map → chunk-4CANWZWP.js.map} +1 -1
  14. package/dist/{chunk-KL6XW4S4.js → chunk-62P5FJ34.js} +2375 -633
  15. package/dist/chunk-62P5FJ34.js.map +1 -0
  16. package/dist/chunk-ELGG2VW2.js +538 -0
  17. package/dist/chunk-ELGG2VW2.js.map +1 -0
  18. package/dist/{chunk-5DT4DN4Y.js → chunk-IS5FRKIS.js} +13 -13
  19. package/dist/chunk-IS5FRKIS.js.map +1 -0
  20. package/dist/{chunk-V66UUIA7.js → chunk-KNNJ4COO.js} +92 -3
  21. package/dist/chunk-KNNJ4COO.js.map +1 -0
  22. package/dist/{chunk-OVGNZ5OX.js → chunk-O7VQ2LQE.js} +6 -6
  23. package/dist/chunk-O7VQ2LQE.js.map +1 -0
  24. package/dist/index.d.ts +138 -5
  25. package/dist/index.js +564 -29
  26. package/dist/index.js.map +1 -1
  27. package/dist/mcp/index.d.ts +2 -2
  28. package/dist/mcp/index.js +11 -15
  29. package/dist/mcp/index.js.map +1 -1
  30. package/dist/permission/index.d.ts +3 -3
  31. package/dist/permission/index.js +3 -2
  32. package/dist/{types-Xk83hv4O.d.ts → types-BTui0HQU.d.ts} +1763 -98
  33. package/dist/vc/index.d.ts +800 -0
  34. package/dist/vc/index.js +5 -0
  35. package/dist/vc/index.js.map +1 -0
  36. package/package.json +17 -1
  37. package/dist/chunk-5DT4DN4Y.js.map +0 -1
  38. package/dist/chunk-KL6XW4S4.js.map +0 -1
  39. package/dist/chunk-OVGNZ5OX.js.map +0 -1
  40. package/dist/chunk-V66UUIA7.js.map +0 -1
  41. package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
@@ -0,0 +1,800 @@
1
+ import { R as Result } from '../types-BuHrZcjE.js';
2
+ import { z } from 'zod';
3
+
4
+ /**
5
+ * W3C Verifiable Credentials Data Model 2.0 types for KavachOS.
6
+ *
7
+ * Defines Zod-validated schemas for credentials, presentations,
8
+ * proofs, and credential status. Agent-centric: the credential
9
+ * subject carries agent identity, permissions, trust level, and
10
+ * delegation scope.
11
+ */
12
+
13
+ declare const VC_CONTEXT_V2 = "https://www.w3.org/ns/credentials/v2";
14
+ declare const VC_CONTEXT_V1 = "https://www.w3.org/2018/credentials/v1";
15
+ declare const VC_TYPE_CREDENTIAL = "VerifiableCredential";
16
+ declare const VC_TYPE_PRESENTATION = "VerifiablePresentation";
17
+ declare const KAVACH_AGENT_CREDENTIAL = "KavachAgentCredential";
18
+ declare const KAVACH_PERMISSION_CREDENTIAL = "KavachPermissionCredential";
19
+ declare const KAVACH_DELEGATION_CREDENTIAL = "KavachDelegationCredential";
20
+ declare const ProofSchema: z.ZodObject<{
21
+ type: z.ZodEnum<["Ed25519Signature2020", "JsonWebSignature2020"]>;
22
+ created: z.ZodString;
23
+ verificationMethod: z.ZodString;
24
+ proofPurpose: z.ZodEnum<["assertionMethod", "authentication"]>;
25
+ proofValue: z.ZodOptional<z.ZodString>;
26
+ jws: z.ZodOptional<z.ZodString>;
27
+ }, "strip", z.ZodTypeAny, {
28
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
29
+ created: string;
30
+ verificationMethod: string;
31
+ proofPurpose: "authentication" | "assertionMethod";
32
+ jws?: string | undefined;
33
+ proofValue?: string | undefined;
34
+ }, {
35
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
36
+ created: string;
37
+ verificationMethod: string;
38
+ proofPurpose: "authentication" | "assertionMethod";
39
+ jws?: string | undefined;
40
+ proofValue?: string | undefined;
41
+ }>;
42
+ type Proof = z.infer<typeof ProofSchema>;
43
+ declare const CredentialStatusSchema: z.ZodObject<{
44
+ id: z.ZodString;
45
+ type: z.ZodString;
46
+ statusPurpose: z.ZodEnum<["revocation", "suspension"]>;
47
+ statusListIndex: z.ZodNumber;
48
+ statusListCredential: z.ZodString;
49
+ }, "strip", z.ZodTypeAny, {
50
+ id: string;
51
+ type: string;
52
+ statusPurpose: "revocation" | "suspension";
53
+ statusListIndex: number;
54
+ statusListCredential: string;
55
+ }, {
56
+ id: string;
57
+ type: string;
58
+ statusPurpose: "revocation" | "suspension";
59
+ statusListIndex: number;
60
+ statusListCredential: string;
61
+ }>;
62
+ type CredentialStatus = z.infer<typeof CredentialStatusSchema>;
63
+ declare const CredentialSubjectSchema: z.ZodObject<{
64
+ id: z.ZodOptional<z.ZodString>;
65
+ agentId: z.ZodOptional<z.ZodString>;
66
+ permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
67
+ trustLevel: z.ZodOptional<z.ZodNumber>;
68
+ delegationScope: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
69
+ delegationChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
70
+ delegator: z.ZodString;
71
+ delegatee: z.ZodString;
72
+ permissions: z.ZodArray<z.ZodString, "many">;
73
+ createdAt: z.ZodString;
74
+ }, "strip", z.ZodTypeAny, {
75
+ createdAt: string;
76
+ permissions: string[];
77
+ delegator: string;
78
+ delegatee: string;
79
+ }, {
80
+ createdAt: string;
81
+ permissions: string[];
82
+ delegator: string;
83
+ delegatee: string;
84
+ }>, "many">>;
85
+ name: z.ZodOptional<z.ZodString>;
86
+ type: z.ZodOptional<z.ZodString>;
87
+ }, "strip", z.ZodTypeAny, {
88
+ name?: string | undefined;
89
+ id?: string | undefined;
90
+ type?: string | undefined;
91
+ agentId?: string | undefined;
92
+ permissions?: string[] | undefined;
93
+ trustLevel?: number | undefined;
94
+ delegationScope?: string[] | undefined;
95
+ delegationChain?: {
96
+ createdAt: string;
97
+ permissions: string[];
98
+ delegator: string;
99
+ delegatee: string;
100
+ }[] | undefined;
101
+ }, {
102
+ name?: string | undefined;
103
+ id?: string | undefined;
104
+ type?: string | undefined;
105
+ agentId?: string | undefined;
106
+ permissions?: string[] | undefined;
107
+ trustLevel?: number | undefined;
108
+ delegationScope?: string[] | undefined;
109
+ delegationChain?: {
110
+ createdAt: string;
111
+ permissions: string[];
112
+ delegator: string;
113
+ delegatee: string;
114
+ }[] | undefined;
115
+ }>;
116
+ type CredentialSubject = z.infer<typeof CredentialSubjectSchema>;
117
+ declare const VerifiableCredentialSchema: z.ZodObject<{
118
+ "@context": z.ZodArray<z.ZodString, "many">;
119
+ id: z.ZodOptional<z.ZodString>;
120
+ type: z.ZodArray<z.ZodString, "many">;
121
+ issuer: z.ZodUnion<[z.ZodString, z.ZodObject<{
122
+ id: z.ZodString;
123
+ name: z.ZodOptional<z.ZodString>;
124
+ }, "strip", z.ZodTypeAny, {
125
+ id: string;
126
+ name?: string | undefined;
127
+ }, {
128
+ id: string;
129
+ name?: string | undefined;
130
+ }>]>;
131
+ issuanceDate: z.ZodString;
132
+ expirationDate: z.ZodOptional<z.ZodString>;
133
+ credentialSubject: z.ZodObject<{
134
+ id: z.ZodOptional<z.ZodString>;
135
+ agentId: z.ZodOptional<z.ZodString>;
136
+ permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
137
+ trustLevel: z.ZodOptional<z.ZodNumber>;
138
+ delegationScope: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
139
+ delegationChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
140
+ delegator: z.ZodString;
141
+ delegatee: z.ZodString;
142
+ permissions: z.ZodArray<z.ZodString, "many">;
143
+ createdAt: z.ZodString;
144
+ }, "strip", z.ZodTypeAny, {
145
+ createdAt: string;
146
+ permissions: string[];
147
+ delegator: string;
148
+ delegatee: string;
149
+ }, {
150
+ createdAt: string;
151
+ permissions: string[];
152
+ delegator: string;
153
+ delegatee: string;
154
+ }>, "many">>;
155
+ name: z.ZodOptional<z.ZodString>;
156
+ type: z.ZodOptional<z.ZodString>;
157
+ }, "strip", z.ZodTypeAny, {
158
+ name?: string | undefined;
159
+ id?: string | undefined;
160
+ type?: string | undefined;
161
+ agentId?: string | undefined;
162
+ permissions?: string[] | undefined;
163
+ trustLevel?: number | undefined;
164
+ delegationScope?: string[] | undefined;
165
+ delegationChain?: {
166
+ createdAt: string;
167
+ permissions: string[];
168
+ delegator: string;
169
+ delegatee: string;
170
+ }[] | undefined;
171
+ }, {
172
+ name?: string | undefined;
173
+ id?: string | undefined;
174
+ type?: string | undefined;
175
+ agentId?: string | undefined;
176
+ permissions?: string[] | undefined;
177
+ trustLevel?: number | undefined;
178
+ delegationScope?: string[] | undefined;
179
+ delegationChain?: {
180
+ createdAt: string;
181
+ permissions: string[];
182
+ delegator: string;
183
+ delegatee: string;
184
+ }[] | undefined;
185
+ }>;
186
+ credentialStatus: z.ZodOptional<z.ZodObject<{
187
+ id: z.ZodString;
188
+ type: z.ZodString;
189
+ statusPurpose: z.ZodEnum<["revocation", "suspension"]>;
190
+ statusListIndex: z.ZodNumber;
191
+ statusListCredential: z.ZodString;
192
+ }, "strip", z.ZodTypeAny, {
193
+ id: string;
194
+ type: string;
195
+ statusPurpose: "revocation" | "suspension";
196
+ statusListIndex: number;
197
+ statusListCredential: string;
198
+ }, {
199
+ id: string;
200
+ type: string;
201
+ statusPurpose: "revocation" | "suspension";
202
+ statusListIndex: number;
203
+ statusListCredential: string;
204
+ }>>;
205
+ proof: z.ZodOptional<z.ZodObject<{
206
+ type: z.ZodEnum<["Ed25519Signature2020", "JsonWebSignature2020"]>;
207
+ created: z.ZodString;
208
+ verificationMethod: z.ZodString;
209
+ proofPurpose: z.ZodEnum<["assertionMethod", "authentication"]>;
210
+ proofValue: z.ZodOptional<z.ZodString>;
211
+ jws: z.ZodOptional<z.ZodString>;
212
+ }, "strip", z.ZodTypeAny, {
213
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
214
+ created: string;
215
+ verificationMethod: string;
216
+ proofPurpose: "authentication" | "assertionMethod";
217
+ jws?: string | undefined;
218
+ proofValue?: string | undefined;
219
+ }, {
220
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
221
+ created: string;
222
+ verificationMethod: string;
223
+ proofPurpose: "authentication" | "assertionMethod";
224
+ jws?: string | undefined;
225
+ proofValue?: string | undefined;
226
+ }>>;
227
+ }, "strip", z.ZodTypeAny, {
228
+ type: string[];
229
+ issuer: string | {
230
+ id: string;
231
+ name?: string | undefined;
232
+ };
233
+ "@context": string[];
234
+ issuanceDate: string;
235
+ credentialSubject: {
236
+ name?: string | undefined;
237
+ id?: string | undefined;
238
+ type?: string | undefined;
239
+ agentId?: string | undefined;
240
+ permissions?: string[] | undefined;
241
+ trustLevel?: number | undefined;
242
+ delegationScope?: string[] | undefined;
243
+ delegationChain?: {
244
+ createdAt: string;
245
+ permissions: string[];
246
+ delegator: string;
247
+ delegatee: string;
248
+ }[] | undefined;
249
+ };
250
+ id?: string | undefined;
251
+ expirationDate?: string | undefined;
252
+ credentialStatus?: {
253
+ id: string;
254
+ type: string;
255
+ statusPurpose: "revocation" | "suspension";
256
+ statusListIndex: number;
257
+ statusListCredential: string;
258
+ } | undefined;
259
+ proof?: {
260
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
261
+ created: string;
262
+ verificationMethod: string;
263
+ proofPurpose: "authentication" | "assertionMethod";
264
+ jws?: string | undefined;
265
+ proofValue?: string | undefined;
266
+ } | undefined;
267
+ }, {
268
+ type: string[];
269
+ issuer: string | {
270
+ id: string;
271
+ name?: string | undefined;
272
+ };
273
+ "@context": string[];
274
+ issuanceDate: string;
275
+ credentialSubject: {
276
+ name?: string | undefined;
277
+ id?: string | undefined;
278
+ type?: string | undefined;
279
+ agentId?: string | undefined;
280
+ permissions?: string[] | undefined;
281
+ trustLevel?: number | undefined;
282
+ delegationScope?: string[] | undefined;
283
+ delegationChain?: {
284
+ createdAt: string;
285
+ permissions: string[];
286
+ delegator: string;
287
+ delegatee: string;
288
+ }[] | undefined;
289
+ };
290
+ id?: string | undefined;
291
+ expirationDate?: string | undefined;
292
+ credentialStatus?: {
293
+ id: string;
294
+ type: string;
295
+ statusPurpose: "revocation" | "suspension";
296
+ statusListIndex: number;
297
+ statusListCredential: string;
298
+ } | undefined;
299
+ proof?: {
300
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
301
+ created: string;
302
+ verificationMethod: string;
303
+ proofPurpose: "authentication" | "assertionMethod";
304
+ jws?: string | undefined;
305
+ proofValue?: string | undefined;
306
+ } | undefined;
307
+ }>;
308
+ type VerifiableCredential = z.infer<typeof VerifiableCredentialSchema>;
309
+ declare const VerifiablePresentationSchema: z.ZodObject<{
310
+ "@context": z.ZodArray<z.ZodString, "many">;
311
+ id: z.ZodOptional<z.ZodString>;
312
+ type: z.ZodArray<z.ZodString, "many">;
313
+ holder: z.ZodOptional<z.ZodString>;
314
+ verifiableCredential: z.ZodArray<z.ZodObject<{
315
+ "@context": z.ZodArray<z.ZodString, "many">;
316
+ id: z.ZodOptional<z.ZodString>;
317
+ type: z.ZodArray<z.ZodString, "many">;
318
+ issuer: z.ZodUnion<[z.ZodString, z.ZodObject<{
319
+ id: z.ZodString;
320
+ name: z.ZodOptional<z.ZodString>;
321
+ }, "strip", z.ZodTypeAny, {
322
+ id: string;
323
+ name?: string | undefined;
324
+ }, {
325
+ id: string;
326
+ name?: string | undefined;
327
+ }>]>;
328
+ issuanceDate: z.ZodString;
329
+ expirationDate: z.ZodOptional<z.ZodString>;
330
+ credentialSubject: z.ZodObject<{
331
+ id: z.ZodOptional<z.ZodString>;
332
+ agentId: z.ZodOptional<z.ZodString>;
333
+ permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
334
+ trustLevel: z.ZodOptional<z.ZodNumber>;
335
+ delegationScope: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
336
+ delegationChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
337
+ delegator: z.ZodString;
338
+ delegatee: z.ZodString;
339
+ permissions: z.ZodArray<z.ZodString, "many">;
340
+ createdAt: z.ZodString;
341
+ }, "strip", z.ZodTypeAny, {
342
+ createdAt: string;
343
+ permissions: string[];
344
+ delegator: string;
345
+ delegatee: string;
346
+ }, {
347
+ createdAt: string;
348
+ permissions: string[];
349
+ delegator: string;
350
+ delegatee: string;
351
+ }>, "many">>;
352
+ name: z.ZodOptional<z.ZodString>;
353
+ type: z.ZodOptional<z.ZodString>;
354
+ }, "strip", z.ZodTypeAny, {
355
+ name?: string | undefined;
356
+ id?: string | undefined;
357
+ type?: string | undefined;
358
+ agentId?: string | undefined;
359
+ permissions?: string[] | undefined;
360
+ trustLevel?: number | undefined;
361
+ delegationScope?: string[] | undefined;
362
+ delegationChain?: {
363
+ createdAt: string;
364
+ permissions: string[];
365
+ delegator: string;
366
+ delegatee: string;
367
+ }[] | undefined;
368
+ }, {
369
+ name?: string | undefined;
370
+ id?: string | undefined;
371
+ type?: string | undefined;
372
+ agentId?: string | undefined;
373
+ permissions?: string[] | undefined;
374
+ trustLevel?: number | undefined;
375
+ delegationScope?: string[] | undefined;
376
+ delegationChain?: {
377
+ createdAt: string;
378
+ permissions: string[];
379
+ delegator: string;
380
+ delegatee: string;
381
+ }[] | undefined;
382
+ }>;
383
+ credentialStatus: z.ZodOptional<z.ZodObject<{
384
+ id: z.ZodString;
385
+ type: z.ZodString;
386
+ statusPurpose: z.ZodEnum<["revocation", "suspension"]>;
387
+ statusListIndex: z.ZodNumber;
388
+ statusListCredential: z.ZodString;
389
+ }, "strip", z.ZodTypeAny, {
390
+ id: string;
391
+ type: string;
392
+ statusPurpose: "revocation" | "suspension";
393
+ statusListIndex: number;
394
+ statusListCredential: string;
395
+ }, {
396
+ id: string;
397
+ type: string;
398
+ statusPurpose: "revocation" | "suspension";
399
+ statusListIndex: number;
400
+ statusListCredential: string;
401
+ }>>;
402
+ proof: z.ZodOptional<z.ZodObject<{
403
+ type: z.ZodEnum<["Ed25519Signature2020", "JsonWebSignature2020"]>;
404
+ created: z.ZodString;
405
+ verificationMethod: z.ZodString;
406
+ proofPurpose: z.ZodEnum<["assertionMethod", "authentication"]>;
407
+ proofValue: z.ZodOptional<z.ZodString>;
408
+ jws: z.ZodOptional<z.ZodString>;
409
+ }, "strip", z.ZodTypeAny, {
410
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
411
+ created: string;
412
+ verificationMethod: string;
413
+ proofPurpose: "authentication" | "assertionMethod";
414
+ jws?: string | undefined;
415
+ proofValue?: string | undefined;
416
+ }, {
417
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
418
+ created: string;
419
+ verificationMethod: string;
420
+ proofPurpose: "authentication" | "assertionMethod";
421
+ jws?: string | undefined;
422
+ proofValue?: string | undefined;
423
+ }>>;
424
+ }, "strip", z.ZodTypeAny, {
425
+ type: string[];
426
+ issuer: string | {
427
+ id: string;
428
+ name?: string | undefined;
429
+ };
430
+ "@context": string[];
431
+ issuanceDate: string;
432
+ credentialSubject: {
433
+ name?: string | undefined;
434
+ id?: string | undefined;
435
+ type?: string | undefined;
436
+ agentId?: string | undefined;
437
+ permissions?: string[] | undefined;
438
+ trustLevel?: number | undefined;
439
+ delegationScope?: string[] | undefined;
440
+ delegationChain?: {
441
+ createdAt: string;
442
+ permissions: string[];
443
+ delegator: string;
444
+ delegatee: string;
445
+ }[] | undefined;
446
+ };
447
+ id?: string | undefined;
448
+ expirationDate?: string | undefined;
449
+ credentialStatus?: {
450
+ id: string;
451
+ type: string;
452
+ statusPurpose: "revocation" | "suspension";
453
+ statusListIndex: number;
454
+ statusListCredential: string;
455
+ } | undefined;
456
+ proof?: {
457
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
458
+ created: string;
459
+ verificationMethod: string;
460
+ proofPurpose: "authentication" | "assertionMethod";
461
+ jws?: string | undefined;
462
+ proofValue?: string | undefined;
463
+ } | undefined;
464
+ }, {
465
+ type: string[];
466
+ issuer: string | {
467
+ id: string;
468
+ name?: string | undefined;
469
+ };
470
+ "@context": string[];
471
+ issuanceDate: string;
472
+ credentialSubject: {
473
+ name?: string | undefined;
474
+ id?: string | undefined;
475
+ type?: string | undefined;
476
+ agentId?: string | undefined;
477
+ permissions?: string[] | undefined;
478
+ trustLevel?: number | undefined;
479
+ delegationScope?: string[] | undefined;
480
+ delegationChain?: {
481
+ createdAt: string;
482
+ permissions: string[];
483
+ delegator: string;
484
+ delegatee: string;
485
+ }[] | undefined;
486
+ };
487
+ id?: string | undefined;
488
+ expirationDate?: string | undefined;
489
+ credentialStatus?: {
490
+ id: string;
491
+ type: string;
492
+ statusPurpose: "revocation" | "suspension";
493
+ statusListIndex: number;
494
+ statusListCredential: string;
495
+ } | undefined;
496
+ proof?: {
497
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
498
+ created: string;
499
+ verificationMethod: string;
500
+ proofPurpose: "authentication" | "assertionMethod";
501
+ jws?: string | undefined;
502
+ proofValue?: string | undefined;
503
+ } | undefined;
504
+ }>, "many">;
505
+ proof: z.ZodOptional<z.ZodObject<{
506
+ type: z.ZodEnum<["Ed25519Signature2020", "JsonWebSignature2020"]>;
507
+ created: z.ZodString;
508
+ verificationMethod: z.ZodString;
509
+ proofPurpose: z.ZodEnum<["assertionMethod", "authentication"]>;
510
+ proofValue: z.ZodOptional<z.ZodString>;
511
+ jws: z.ZodOptional<z.ZodString>;
512
+ }, "strip", z.ZodTypeAny, {
513
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
514
+ created: string;
515
+ verificationMethod: string;
516
+ proofPurpose: "authentication" | "assertionMethod";
517
+ jws?: string | undefined;
518
+ proofValue?: string | undefined;
519
+ }, {
520
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
521
+ created: string;
522
+ verificationMethod: string;
523
+ proofPurpose: "authentication" | "assertionMethod";
524
+ jws?: string | undefined;
525
+ proofValue?: string | undefined;
526
+ }>>;
527
+ }, "strip", z.ZodTypeAny, {
528
+ type: string[];
529
+ "@context": string[];
530
+ verifiableCredential: {
531
+ type: string[];
532
+ issuer: string | {
533
+ id: string;
534
+ name?: string | undefined;
535
+ };
536
+ "@context": string[];
537
+ issuanceDate: string;
538
+ credentialSubject: {
539
+ name?: string | undefined;
540
+ id?: string | undefined;
541
+ type?: string | undefined;
542
+ agentId?: string | undefined;
543
+ permissions?: string[] | undefined;
544
+ trustLevel?: number | undefined;
545
+ delegationScope?: string[] | undefined;
546
+ delegationChain?: {
547
+ createdAt: string;
548
+ permissions: string[];
549
+ delegator: string;
550
+ delegatee: string;
551
+ }[] | undefined;
552
+ };
553
+ id?: string | undefined;
554
+ expirationDate?: string | undefined;
555
+ credentialStatus?: {
556
+ id: string;
557
+ type: string;
558
+ statusPurpose: "revocation" | "suspension";
559
+ statusListIndex: number;
560
+ statusListCredential: string;
561
+ } | undefined;
562
+ proof?: {
563
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
564
+ created: string;
565
+ verificationMethod: string;
566
+ proofPurpose: "authentication" | "assertionMethod";
567
+ jws?: string | undefined;
568
+ proofValue?: string | undefined;
569
+ } | undefined;
570
+ }[];
571
+ id?: string | undefined;
572
+ proof?: {
573
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
574
+ created: string;
575
+ verificationMethod: string;
576
+ proofPurpose: "authentication" | "assertionMethod";
577
+ jws?: string | undefined;
578
+ proofValue?: string | undefined;
579
+ } | undefined;
580
+ holder?: string | undefined;
581
+ }, {
582
+ type: string[];
583
+ "@context": string[];
584
+ verifiableCredential: {
585
+ type: string[];
586
+ issuer: string | {
587
+ id: string;
588
+ name?: string | undefined;
589
+ };
590
+ "@context": string[];
591
+ issuanceDate: string;
592
+ credentialSubject: {
593
+ name?: string | undefined;
594
+ id?: string | undefined;
595
+ type?: string | undefined;
596
+ agentId?: string | undefined;
597
+ permissions?: string[] | undefined;
598
+ trustLevel?: number | undefined;
599
+ delegationScope?: string[] | undefined;
600
+ delegationChain?: {
601
+ createdAt: string;
602
+ permissions: string[];
603
+ delegator: string;
604
+ delegatee: string;
605
+ }[] | undefined;
606
+ };
607
+ id?: string | undefined;
608
+ expirationDate?: string | undefined;
609
+ credentialStatus?: {
610
+ id: string;
611
+ type: string;
612
+ statusPurpose: "revocation" | "suspension";
613
+ statusListIndex: number;
614
+ statusListCredential: string;
615
+ } | undefined;
616
+ proof?: {
617
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
618
+ created: string;
619
+ verificationMethod: string;
620
+ proofPurpose: "authentication" | "assertionMethod";
621
+ jws?: string | undefined;
622
+ proofValue?: string | undefined;
623
+ } | undefined;
624
+ }[];
625
+ id?: string | undefined;
626
+ proof?: {
627
+ type: "Ed25519Signature2020" | "JsonWebSignature2020";
628
+ created: string;
629
+ verificationMethod: string;
630
+ proofPurpose: "authentication" | "assertionMethod";
631
+ jws?: string | undefined;
632
+ proofValue?: string | undefined;
633
+ } | undefined;
634
+ holder?: string | undefined;
635
+ }>;
636
+ type VerifiablePresentation = z.infer<typeof VerifiablePresentationSchema>;
637
+ interface VCIssuerConfig {
638
+ /** DID of the issuer (e.g. did:key:z6Mk...) */
639
+ issuerDid: string;
640
+ /** Private key JWK for signing credentials */
641
+ privateKeyJwk: JsonWebKey;
642
+ /** Public key JWK for verification method references */
643
+ publicKeyJwk: JsonWebKey;
644
+ /** Default credential lifetime in seconds. Default: 86400 (24 hours). */
645
+ defaultTtl?: number;
646
+ /** Credential status endpoint base URL (for revocation). Optional. */
647
+ statusEndpoint?: string;
648
+ }
649
+ interface VCVerifierConfig {
650
+ /**
651
+ * Resolve a DID to its public key JWK.
652
+ * If not provided, only credentials with a known public key can be verified.
653
+ */
654
+ resolveDidKey?: (did: string) => Promise<JsonWebKey | null>;
655
+ /**
656
+ * Check credential revocation status.
657
+ * If not provided, revocation checks are skipped.
658
+ */
659
+ checkRevocationStatus?: (status: CredentialStatus) => Promise<boolean>;
660
+ }
661
+ /** Claims embedded in a JWT-encoded Verifiable Credential */
662
+ interface VCJwtPayload {
663
+ iss: string;
664
+ sub?: string;
665
+ vc: Omit<VerifiableCredential, "proof">;
666
+ iat: number;
667
+ exp?: number;
668
+ jti?: string;
669
+ }
670
+ /** The format a credential was issued in */
671
+ type CredentialFormat = "jwt" | "json-ld";
672
+ /** Result of a successful credential verification */
673
+ interface VerifiedCredential {
674
+ credential: VerifiableCredential;
675
+ format: CredentialFormat;
676
+ issuer: string;
677
+ issuedAt: Date;
678
+ expiresAt: Date | null;
679
+ }
680
+ /** Result of a successful presentation verification */
681
+ interface VerifiedPresentation {
682
+ presentation: VerifiablePresentation;
683
+ credentials: VerifiedCredential[];
684
+ holder: string | null;
685
+ }
686
+ /** Extracted permissions from a verified credential */
687
+ interface ExtractedPermissions {
688
+ agentId: string | null;
689
+ permissions: string[];
690
+ trustLevel: number | null;
691
+ delegationScope: string[];
692
+ }
693
+
694
+ /**
695
+ * W3C Verifiable Credential issuance for KavachOS.
696
+ *
697
+ * Issues VCs as JWT (compact JWS) or JSON-LD with embedded proof.
698
+ * Credentials encode agent identity, permissions, and delegation chains
699
+ * so agents can prove their capabilities to any verifier without
700
+ * a network call back to KavachOS.
701
+ */
702
+
703
+ interface IssueAgentCredentialInput {
704
+ /** Agent ID (used as credentialSubject.id and sub claim) */
705
+ agentId: string;
706
+ /** Agent name */
707
+ name?: string;
708
+ /** Agent type (e.g. "autonomous", "supervised") */
709
+ agentType?: string;
710
+ /** Permissions granted to this agent */
711
+ permissions?: string[];
712
+ /** Trust score between 0 and 1 */
713
+ trustLevel?: number;
714
+ /** Credential lifetime in seconds. Overrides the issuer default. */
715
+ ttl?: number;
716
+ /** Output format. Default: "jwt". */
717
+ format?: CredentialFormat;
718
+ }
719
+ interface IssuePermissionCredentialInput {
720
+ /** Agent DID or ID that receives the permissions */
721
+ agentId: string;
722
+ /** Permissions being granted */
723
+ permissions: string[];
724
+ /** Credential lifetime in seconds. Overrides the issuer default. */
725
+ ttl?: number;
726
+ /** Output format. Default: "jwt". */
727
+ format?: CredentialFormat;
728
+ }
729
+ interface DelegationLink {
730
+ delegator: string;
731
+ delegatee: string;
732
+ permissions: string[];
733
+ createdAt: string;
734
+ }
735
+ interface IssueDelegationCredentialInput {
736
+ /** The agent at the end of the delegation chain */
737
+ agentId: string;
738
+ /** Ordered delegation chain from root to leaf */
739
+ chain: DelegationLink[];
740
+ /** Scope of delegated permissions (subset of original) */
741
+ delegationScope?: string[];
742
+ /** Credential lifetime in seconds. Overrides the issuer default. */
743
+ ttl?: number;
744
+ /** Output format. Default: "jwt". */
745
+ format?: CredentialFormat;
746
+ }
747
+ interface VCIssuer {
748
+ /** Issue a VC encoding agent identity, permissions, and trust score */
749
+ issueAgentCredential(input: IssueAgentCredentialInput): Promise<Result<{
750
+ credential: VerifiableCredential;
751
+ jwt?: string;
752
+ }>>;
753
+ /** Issue a VC for specific permission grants */
754
+ issuePermissionCredential(input: IssuePermissionCredentialInput): Promise<Result<{
755
+ credential: VerifiableCredential;
756
+ jwt?: string;
757
+ }>>;
758
+ /** Issue a VC encoding a delegation chain */
759
+ issueDelegationCredential(input: IssueDelegationCredentialInput): Promise<Result<{
760
+ credential: VerifiableCredential;
761
+ jwt?: string;
762
+ }>>;
763
+ /** The DID of this issuer */
764
+ readonly issuerDid: string;
765
+ }
766
+ /**
767
+ * Create a VC issuer bound to a specific DID and keypair.
768
+ *
769
+ * The issuer can produce credentials in JWT or JSON-LD format.
770
+ * JWT credentials are signed as a compact JWS with the VC embedded
771
+ * in the `vc` claim. JSON-LD credentials carry an embedded proof.
772
+ */
773
+ declare function createVCIssuer(config: VCIssuerConfig): VCIssuer;
774
+
775
+ /**
776
+ * W3C Verifiable Credential verification for KavachOS.
777
+ *
778
+ * Verifies credentials in both JWT and JSON-LD formats. Checks
779
+ * signatures, expiry, and optional revocation status. Extracts
780
+ * KavachOS-specific permissions from verified credentials.
781
+ */
782
+
783
+ interface VCVerifier {
784
+ /** Verify a single credential (JWT string or JSON-LD object) */
785
+ verifyCredential(vc: string | VerifiableCredential, publicKeyJwk?: JsonWebKey): Promise<Result<VerifiedCredential>>;
786
+ /** Verify a presentation containing multiple VCs */
787
+ verifyPresentation(vp: string | VerifiablePresentation, publicKeyJwk?: JsonWebKey): Promise<Result<VerifiedPresentation>>;
788
+ /** Extract KavachOS permissions from a verified credential */
789
+ extractPermissions(vc: VerifiableCredential): ExtractedPermissions;
790
+ }
791
+ /**
792
+ * Create a VC verifier that checks signatures, expiry, and revocation.
793
+ *
794
+ * The verifier accepts both JWT-encoded and JSON-LD credentials.
795
+ * For JWT credentials, pass the compact JWS string. For JSON-LD
796
+ * credentials with embedded proof, pass the credential object.
797
+ */
798
+ declare function createVCVerifier(config?: VCVerifierConfig): VCVerifier;
799
+
800
+ export { type CredentialFormat, type CredentialStatus, CredentialStatusSchema, type CredentialSubject, CredentialSubjectSchema, type DelegationLink, type ExtractedPermissions, type IssueAgentCredentialInput, type IssueDelegationCredentialInput, type IssuePermissionCredentialInput, KAVACH_AGENT_CREDENTIAL, KAVACH_DELEGATION_CREDENTIAL, KAVACH_PERMISSION_CREDENTIAL, type Proof, ProofSchema, type VCIssuer, type VCIssuerConfig, type VCJwtPayload, type VCVerifier, type VCVerifierConfig, VC_CONTEXT_V1, VC_CONTEXT_V2, VC_TYPE_CREDENTIAL, VC_TYPE_PRESENTATION, type VerifiableCredential, VerifiableCredentialSchema, type VerifiablePresentation, VerifiablePresentationSchema, type VerifiedCredential, type VerifiedPresentation, createVCIssuer, createVCVerifier };