kavachos 0.0.4 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/a2a/index.d.ts +2340 -0
- package/dist/a2a/index.js +821 -0
- package/dist/a2a/index.js.map +1 -0
- package/dist/agent/index.d.ts +3 -4
- package/dist/agent/index.js +4 -3
- package/dist/audit/index.d.ts +2 -3
- package/dist/audit/index.js +3 -3
- package/dist/auth/index.d.ts +490 -93
- package/dist/auth/index.js +4 -3
- package/dist/{chunk-KL6XW4S4.js → chunk-FKVAXCNJ.js} +2375 -633
- package/dist/chunk-FKVAXCNJ.js.map +1 -0
- package/dist/{chunk-5DT4DN4Y.js → chunk-IKTOSJ4O.js} +13 -13
- package/dist/chunk-IKTOSJ4O.js.map +1 -0
- package/dist/{chunk-V66UUIA7.js → chunk-KDL6A76K.js} +93 -4
- package/dist/chunk-KDL6A76K.js.map +1 -0
- package/dist/chunk-NSBPE2FW.js +15 -0
- package/dist/{chunk-PZ5AY32C.js.map → chunk-NSBPE2FW.js.map} +1 -1
- package/dist/chunk-NSTER7KE.js +538 -0
- package/dist/chunk-NSTER7KE.js.map +1 -0
- package/dist/chunk-QCRHJMDX.js +186 -0
- package/dist/chunk-QCRHJMDX.js.map +1 -0
- package/dist/{chunk-OVGNZ5OX.js → chunk-VHKZARMM.js} +6 -6
- package/dist/chunk-VHKZARMM.js.map +1 -0
- package/dist/{chunk-SJGSPIAD.js → chunk-Y3OWAJHK.js} +3 -3
- package/dist/{chunk-SJGSPIAD.js.map → chunk-Y3OWAJHK.js.map} +1 -1
- package/dist/index.d.ts +138 -6
- package/dist/index.js +580 -35
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.d.ts +2 -2
- package/dist/mcp/index.js +12 -16
- package/dist/mcp/index.js.map +1 -1
- package/dist/permission/index.d.ts +3 -4
- package/dist/permission/index.js +4 -3
- package/dist/{types-Xk83hv4O.d.ts → types-W8X0PXE7.d.ts} +1764 -99
- package/dist/vc/index.d.ts +800 -0
- package/dist/vc/index.js +5 -0
- package/dist/vc/index.js.map +1 -0
- package/package.json +17 -1
- package/dist/chunk-5DT4DN4Y.js.map +0 -1
- package/dist/chunk-KL6XW4S4.js.map +0 -1
- package/dist/chunk-OVGNZ5OX.js.map +0 -1
- package/dist/chunk-PZ5AY32C.js +0 -9
- package/dist/chunk-V66UUIA7.js.map +0 -1
- package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
|
|
2
1
|
import * as drizzle_orm_sqlite_core from 'drizzle-orm/sqlite-core';
|
|
3
|
-
import {
|
|
2
|
+
import { BaseSQLiteDatabase } from 'drizzle-orm/sqlite-core';
|
|
3
|
+
import { R as Result, f as McpConfig } from './types-BuHrZcjE.js';
|
|
4
4
|
|
|
5
5
|
declare const users: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6
6
|
name: "kavach_users";
|
|
@@ -209,6 +209,23 @@ declare const users: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
209
209
|
identity: undefined;
|
|
210
210
|
generated: undefined;
|
|
211
211
|
}, {}, {}>;
|
|
212
|
+
emailVerified: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
213
|
+
name: "email_verified";
|
|
214
|
+
tableName: "kavach_users";
|
|
215
|
+
dataType: "number";
|
|
216
|
+
columnType: "SQLiteInteger";
|
|
217
|
+
data: number;
|
|
218
|
+
driverParam: number;
|
|
219
|
+
notNull: true;
|
|
220
|
+
hasDefault: true;
|
|
221
|
+
isPrimaryKey: false;
|
|
222
|
+
isAutoincrement: false;
|
|
223
|
+
hasRuntimeDefault: false;
|
|
224
|
+
enumValues: undefined;
|
|
225
|
+
baseColumn: never;
|
|
226
|
+
identity: undefined;
|
|
227
|
+
generated: undefined;
|
|
228
|
+
}, {}, {}>;
|
|
212
229
|
stripeCustomerId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
213
230
|
name: "stripe_customer_id";
|
|
214
231
|
tableName: "kavach_users";
|
|
@@ -5923,13 +5940,13 @@ declare const oidcRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<
|
|
|
5923
5940
|
};
|
|
5924
5941
|
dialect: "sqlite";
|
|
5925
5942
|
}>;
|
|
5926
|
-
declare const
|
|
5927
|
-
name: "
|
|
5943
|
+
declare const costEvents: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
5944
|
+
name: "kavach_cost_events";
|
|
5928
5945
|
schema: undefined;
|
|
5929
5946
|
columns: {
|
|
5930
5947
|
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5931
5948
|
name: "id";
|
|
5932
|
-
tableName: "
|
|
5949
|
+
tableName: "kavach_cost_events";
|
|
5933
5950
|
dataType: "string";
|
|
5934
5951
|
columnType: "SQLiteText";
|
|
5935
5952
|
data: string;
|
|
@@ -5946,9 +5963,9 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
5946
5963
|
}, {}, {
|
|
5947
5964
|
length: number | undefined;
|
|
5948
5965
|
}>;
|
|
5949
|
-
|
|
5950
|
-
name: "
|
|
5951
|
-
tableName: "
|
|
5966
|
+
agentId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5967
|
+
name: "agent_id";
|
|
5968
|
+
tableName: "kavach_cost_events";
|
|
5952
5969
|
dataType: "string";
|
|
5953
5970
|
columnType: "SQLiteText";
|
|
5954
5971
|
data: string;
|
|
@@ -5965,9 +5982,9 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
5965
5982
|
}, {}, {
|
|
5966
5983
|
length: number | undefined;
|
|
5967
5984
|
}>;
|
|
5968
|
-
|
|
5969
|
-
name: "
|
|
5970
|
-
tableName: "
|
|
5985
|
+
tool: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5986
|
+
name: "tool";
|
|
5987
|
+
tableName: "kavach_cost_events";
|
|
5971
5988
|
dataType: "string";
|
|
5972
5989
|
columnType: "SQLiteText";
|
|
5973
5990
|
data: string;
|
|
@@ -5984,15 +6001,49 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
5984
6001
|
}, {}, {
|
|
5985
6002
|
length: number | undefined;
|
|
5986
6003
|
}>;
|
|
5987
|
-
|
|
5988
|
-
name: "
|
|
5989
|
-
tableName: "
|
|
5990
|
-
dataType: "
|
|
5991
|
-
columnType: "
|
|
5992
|
-
data:
|
|
6004
|
+
inputTokens: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6005
|
+
name: "input_tokens";
|
|
6006
|
+
tableName: "kavach_cost_events";
|
|
6007
|
+
dataType: "number";
|
|
6008
|
+
columnType: "SQLiteInteger";
|
|
6009
|
+
data: number;
|
|
6010
|
+
driverParam: number;
|
|
6011
|
+
notNull: false;
|
|
6012
|
+
hasDefault: false;
|
|
6013
|
+
isPrimaryKey: false;
|
|
6014
|
+
isAutoincrement: false;
|
|
6015
|
+
hasRuntimeDefault: false;
|
|
6016
|
+
enumValues: undefined;
|
|
6017
|
+
baseColumn: never;
|
|
6018
|
+
identity: undefined;
|
|
6019
|
+
generated: undefined;
|
|
6020
|
+
}, {}, {}>;
|
|
6021
|
+
outputTokens: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6022
|
+
name: "output_tokens";
|
|
6023
|
+
tableName: "kavach_cost_events";
|
|
6024
|
+
dataType: "number";
|
|
6025
|
+
columnType: "SQLiteInteger";
|
|
6026
|
+
data: number;
|
|
6027
|
+
driverParam: number;
|
|
6028
|
+
notNull: false;
|
|
6029
|
+
hasDefault: false;
|
|
6030
|
+
isPrimaryKey: false;
|
|
6031
|
+
isAutoincrement: false;
|
|
6032
|
+
hasRuntimeDefault: false;
|
|
6033
|
+
enumValues: undefined;
|
|
6034
|
+
baseColumn: never;
|
|
6035
|
+
identity: undefined;
|
|
6036
|
+
generated: undefined;
|
|
6037
|
+
}, {}, {}>;
|
|
6038
|
+
costMicros: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6039
|
+
name: "cost_micros";
|
|
6040
|
+
tableName: "kavach_cost_events";
|
|
6041
|
+
dataType: "number";
|
|
6042
|
+
columnType: "SQLiteInteger";
|
|
6043
|
+
data: number;
|
|
5993
6044
|
driverParam: number;
|
|
5994
6045
|
notNull: true;
|
|
5995
|
-
hasDefault:
|
|
6046
|
+
hasDefault: false;
|
|
5996
6047
|
isPrimaryKey: false;
|
|
5997
6048
|
isAutoincrement: false;
|
|
5998
6049
|
hasRuntimeDefault: false;
|
|
@@ -6001,9 +6052,66 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
6001
6052
|
identity: undefined;
|
|
6002
6053
|
generated: undefined;
|
|
6003
6054
|
}, {}, {}>;
|
|
6004
|
-
|
|
6005
|
-
name: "
|
|
6006
|
-
tableName: "
|
|
6055
|
+
currency: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6056
|
+
name: "currency";
|
|
6057
|
+
tableName: "kavach_cost_events";
|
|
6058
|
+
dataType: "string";
|
|
6059
|
+
columnType: "SQLiteText";
|
|
6060
|
+
data: string;
|
|
6061
|
+
driverParam: string;
|
|
6062
|
+
notNull: true;
|
|
6063
|
+
hasDefault: true;
|
|
6064
|
+
isPrimaryKey: false;
|
|
6065
|
+
isAutoincrement: false;
|
|
6066
|
+
hasRuntimeDefault: false;
|
|
6067
|
+
enumValues: [string, ...string[]];
|
|
6068
|
+
baseColumn: never;
|
|
6069
|
+
identity: undefined;
|
|
6070
|
+
generated: undefined;
|
|
6071
|
+
}, {}, {
|
|
6072
|
+
length: number | undefined;
|
|
6073
|
+
}>;
|
|
6074
|
+
metadata: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6075
|
+
name: "metadata";
|
|
6076
|
+
tableName: "kavach_cost_events";
|
|
6077
|
+
dataType: "json";
|
|
6078
|
+
columnType: "SQLiteTextJson";
|
|
6079
|
+
data: Record<string, unknown>;
|
|
6080
|
+
driverParam: string;
|
|
6081
|
+
notNull: false;
|
|
6082
|
+
hasDefault: false;
|
|
6083
|
+
isPrimaryKey: false;
|
|
6084
|
+
isAutoincrement: false;
|
|
6085
|
+
hasRuntimeDefault: false;
|
|
6086
|
+
enumValues: undefined;
|
|
6087
|
+
baseColumn: never;
|
|
6088
|
+
identity: undefined;
|
|
6089
|
+
generated: undefined;
|
|
6090
|
+
}, {}, {
|
|
6091
|
+
$type: Record<string, unknown>;
|
|
6092
|
+
}>;
|
|
6093
|
+
delegationChainId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6094
|
+
name: "delegation_chain_id";
|
|
6095
|
+
tableName: "kavach_cost_events";
|
|
6096
|
+
dataType: "string";
|
|
6097
|
+
columnType: "SQLiteText";
|
|
6098
|
+
data: string;
|
|
6099
|
+
driverParam: string;
|
|
6100
|
+
notNull: false;
|
|
6101
|
+
hasDefault: false;
|
|
6102
|
+
isPrimaryKey: false;
|
|
6103
|
+
isAutoincrement: false;
|
|
6104
|
+
hasRuntimeDefault: false;
|
|
6105
|
+
enumValues: [string, ...string[]];
|
|
6106
|
+
baseColumn: never;
|
|
6107
|
+
identity: undefined;
|
|
6108
|
+
generated: undefined;
|
|
6109
|
+
}, {}, {
|
|
6110
|
+
length: number | undefined;
|
|
6111
|
+
}>;
|
|
6112
|
+
recordedAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6113
|
+
name: "recorded_at";
|
|
6114
|
+
tableName: "kavach_cost_events";
|
|
6007
6115
|
dataType: "date";
|
|
6008
6116
|
columnType: "SQLiteTimestamp";
|
|
6009
6117
|
data: Date;
|
|
@@ -6018,9 +6126,92 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
6018
6126
|
identity: undefined;
|
|
6019
6127
|
generated: undefined;
|
|
6020
6128
|
}, {}, {}>;
|
|
6021
|
-
|
|
6022
|
-
|
|
6023
|
-
|
|
6129
|
+
};
|
|
6130
|
+
dialect: "sqlite";
|
|
6131
|
+
}>;
|
|
6132
|
+
declare const ephemeralSessions: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6133
|
+
name: "kavach_ephemeral_sessions";
|
|
6134
|
+
schema: undefined;
|
|
6135
|
+
columns: {
|
|
6136
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6137
|
+
name: "id";
|
|
6138
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6139
|
+
dataType: "string";
|
|
6140
|
+
columnType: "SQLiteText";
|
|
6141
|
+
data: string;
|
|
6142
|
+
driverParam: string;
|
|
6143
|
+
notNull: true;
|
|
6144
|
+
hasDefault: false;
|
|
6145
|
+
isPrimaryKey: true;
|
|
6146
|
+
isAutoincrement: false;
|
|
6147
|
+
hasRuntimeDefault: false;
|
|
6148
|
+
enumValues: [string, ...string[]];
|
|
6149
|
+
baseColumn: never;
|
|
6150
|
+
identity: undefined;
|
|
6151
|
+
generated: undefined;
|
|
6152
|
+
}, {}, {
|
|
6153
|
+
length: number | undefined;
|
|
6154
|
+
}>;
|
|
6155
|
+
agentId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6156
|
+
name: "agent_id";
|
|
6157
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6158
|
+
dataType: "string";
|
|
6159
|
+
columnType: "SQLiteText";
|
|
6160
|
+
data: string;
|
|
6161
|
+
driverParam: string;
|
|
6162
|
+
notNull: true;
|
|
6163
|
+
hasDefault: false;
|
|
6164
|
+
isPrimaryKey: false;
|
|
6165
|
+
isAutoincrement: false;
|
|
6166
|
+
hasRuntimeDefault: false;
|
|
6167
|
+
enumValues: [string, ...string[]];
|
|
6168
|
+
baseColumn: never;
|
|
6169
|
+
identity: undefined;
|
|
6170
|
+
generated: undefined;
|
|
6171
|
+
}, {}, {
|
|
6172
|
+
length: number | undefined;
|
|
6173
|
+
}>;
|
|
6174
|
+
ownerId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6175
|
+
name: "owner_id";
|
|
6176
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6177
|
+
dataType: "string";
|
|
6178
|
+
columnType: "SQLiteText";
|
|
6179
|
+
data: string;
|
|
6180
|
+
driverParam: string;
|
|
6181
|
+
notNull: true;
|
|
6182
|
+
hasDefault: false;
|
|
6183
|
+
isPrimaryKey: false;
|
|
6184
|
+
isAutoincrement: false;
|
|
6185
|
+
hasRuntimeDefault: false;
|
|
6186
|
+
enumValues: [string, ...string[]];
|
|
6187
|
+
baseColumn: never;
|
|
6188
|
+
identity: undefined;
|
|
6189
|
+
generated: undefined;
|
|
6190
|
+
}, {}, {
|
|
6191
|
+
length: number | undefined;
|
|
6192
|
+
}>;
|
|
6193
|
+
tokenHash: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6194
|
+
name: "token_hash";
|
|
6195
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6196
|
+
dataType: "string";
|
|
6197
|
+
columnType: "SQLiteText";
|
|
6198
|
+
data: string;
|
|
6199
|
+
driverParam: string;
|
|
6200
|
+
notNull: true;
|
|
6201
|
+
hasDefault: false;
|
|
6202
|
+
isPrimaryKey: false;
|
|
6203
|
+
isAutoincrement: false;
|
|
6204
|
+
hasRuntimeDefault: false;
|
|
6205
|
+
enumValues: [string, ...string[]];
|
|
6206
|
+
baseColumn: never;
|
|
6207
|
+
identity: undefined;
|
|
6208
|
+
generated: undefined;
|
|
6209
|
+
}, {}, {
|
|
6210
|
+
length: number | undefined;
|
|
6211
|
+
}>;
|
|
6212
|
+
expiresAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6213
|
+
name: "expires_at";
|
|
6214
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6024
6215
|
dataType: "date";
|
|
6025
6216
|
columnType: "SQLiteTimestamp";
|
|
6026
6217
|
data: Date;
|
|
@@ -6035,78 +6226,1037 @@ declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
6035
6226
|
identity: undefined;
|
|
6036
6227
|
generated: undefined;
|
|
6037
6228
|
}, {}, {}>;
|
|
6038
|
-
|
|
6039
|
-
|
|
6040
|
-
|
|
6041
|
-
|
|
6042
|
-
|
|
6043
|
-
|
|
6044
|
-
|
|
6045
|
-
|
|
6046
|
-
|
|
6047
|
-
|
|
6048
|
-
|
|
6049
|
-
|
|
6050
|
-
|
|
6051
|
-
|
|
6052
|
-
|
|
6053
|
-
|
|
6054
|
-
|
|
6055
|
-
|
|
6056
|
-
|
|
6057
|
-
|
|
6058
|
-
|
|
6059
|
-
|
|
6060
|
-
|
|
6061
|
-
|
|
6062
|
-
|
|
6063
|
-
|
|
6064
|
-
|
|
6065
|
-
|
|
6066
|
-
|
|
6067
|
-
|
|
6068
|
-
|
|
6069
|
-
|
|
6070
|
-
|
|
6071
|
-
|
|
6072
|
-
|
|
6073
|
-
|
|
6074
|
-
|
|
6075
|
-
|
|
6076
|
-
|
|
6077
|
-
|
|
6078
|
-
|
|
6079
|
-
|
|
6080
|
-
|
|
6081
|
-
|
|
6082
|
-
|
|
6083
|
-
|
|
6084
|
-
|
|
6085
|
-
|
|
6086
|
-
|
|
6087
|
-
|
|
6088
|
-
|
|
6089
|
-
|
|
6090
|
-
|
|
6091
|
-
|
|
6092
|
-
|
|
6093
|
-
|
|
6094
|
-
|
|
6095
|
-
|
|
6096
|
-
|
|
6229
|
+
maxActions: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6230
|
+
name: "max_actions";
|
|
6231
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6232
|
+
dataType: "number";
|
|
6233
|
+
columnType: "SQLiteInteger";
|
|
6234
|
+
data: number;
|
|
6235
|
+
driverParam: number;
|
|
6236
|
+
notNull: false;
|
|
6237
|
+
hasDefault: false;
|
|
6238
|
+
isPrimaryKey: false;
|
|
6239
|
+
isAutoincrement: false;
|
|
6240
|
+
hasRuntimeDefault: false;
|
|
6241
|
+
enumValues: undefined;
|
|
6242
|
+
baseColumn: never;
|
|
6243
|
+
identity: undefined;
|
|
6244
|
+
generated: undefined;
|
|
6245
|
+
}, {}, {}>;
|
|
6246
|
+
actionsUsed: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6247
|
+
name: "actions_used";
|
|
6248
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6249
|
+
dataType: "number";
|
|
6250
|
+
columnType: "SQLiteInteger";
|
|
6251
|
+
data: number;
|
|
6252
|
+
driverParam: number;
|
|
6253
|
+
notNull: true;
|
|
6254
|
+
hasDefault: true;
|
|
6255
|
+
isPrimaryKey: false;
|
|
6256
|
+
isAutoincrement: false;
|
|
6257
|
+
hasRuntimeDefault: false;
|
|
6258
|
+
enumValues: undefined;
|
|
6259
|
+
baseColumn: never;
|
|
6260
|
+
identity: undefined;
|
|
6261
|
+
generated: undefined;
|
|
6262
|
+
}, {}, {}>;
|
|
6263
|
+
status: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6264
|
+
name: "status";
|
|
6265
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6266
|
+
dataType: "string";
|
|
6267
|
+
columnType: "SQLiteText";
|
|
6268
|
+
data: "active" | "revoked" | "expired" | "exhausted";
|
|
6269
|
+
driverParam: string;
|
|
6270
|
+
notNull: true;
|
|
6271
|
+
hasDefault: true;
|
|
6272
|
+
isPrimaryKey: false;
|
|
6273
|
+
isAutoincrement: false;
|
|
6274
|
+
hasRuntimeDefault: false;
|
|
6275
|
+
enumValues: ["active", "expired", "exhausted", "revoked"];
|
|
6276
|
+
baseColumn: never;
|
|
6277
|
+
identity: undefined;
|
|
6278
|
+
generated: undefined;
|
|
6279
|
+
}, {}, {
|
|
6280
|
+
length: number | undefined;
|
|
6281
|
+
}>;
|
|
6282
|
+
auditGroupId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6283
|
+
name: "audit_group_id";
|
|
6284
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6285
|
+
dataType: "string";
|
|
6286
|
+
columnType: "SQLiteText";
|
|
6287
|
+
data: string;
|
|
6288
|
+
driverParam: string;
|
|
6289
|
+
notNull: true;
|
|
6290
|
+
hasDefault: false;
|
|
6291
|
+
isPrimaryKey: false;
|
|
6292
|
+
isAutoincrement: false;
|
|
6293
|
+
hasRuntimeDefault: false;
|
|
6294
|
+
enumValues: [string, ...string[]];
|
|
6295
|
+
baseColumn: never;
|
|
6296
|
+
identity: undefined;
|
|
6297
|
+
generated: undefined;
|
|
6298
|
+
}, {}, {
|
|
6299
|
+
length: number | undefined;
|
|
6300
|
+
}>;
|
|
6301
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6302
|
+
name: "created_at";
|
|
6303
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6304
|
+
dataType: "date";
|
|
6305
|
+
columnType: "SQLiteTimestamp";
|
|
6306
|
+
data: Date;
|
|
6307
|
+
driverParam: number;
|
|
6308
|
+
notNull: true;
|
|
6309
|
+
hasDefault: false;
|
|
6310
|
+
isPrimaryKey: false;
|
|
6311
|
+
isAutoincrement: false;
|
|
6312
|
+
hasRuntimeDefault: false;
|
|
6313
|
+
enumValues: undefined;
|
|
6314
|
+
baseColumn: never;
|
|
6315
|
+
identity: undefined;
|
|
6316
|
+
generated: undefined;
|
|
6317
|
+
}, {}, {}>;
|
|
6318
|
+
updatedAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6319
|
+
name: "updated_at";
|
|
6320
|
+
tableName: "kavach_ephemeral_sessions";
|
|
6321
|
+
dataType: "date";
|
|
6322
|
+
columnType: "SQLiteTimestamp";
|
|
6323
|
+
data: Date;
|
|
6324
|
+
driverParam: number;
|
|
6325
|
+
notNull: true;
|
|
6326
|
+
hasDefault: false;
|
|
6327
|
+
isPrimaryKey: false;
|
|
6328
|
+
isAutoincrement: false;
|
|
6329
|
+
hasRuntimeDefault: false;
|
|
6330
|
+
enumValues: undefined;
|
|
6331
|
+
baseColumn: never;
|
|
6332
|
+
identity: undefined;
|
|
6333
|
+
generated: undefined;
|
|
6334
|
+
}, {}, {}>;
|
|
6335
|
+
};
|
|
6336
|
+
dialect: "sqlite";
|
|
6337
|
+
}>;
|
|
6338
|
+
declare const streamEvents: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6339
|
+
name: "kavach_stream_events";
|
|
6340
|
+
schema: undefined;
|
|
6341
|
+
columns: {
|
|
6342
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6343
|
+
name: "id";
|
|
6344
|
+
tableName: "kavach_stream_events";
|
|
6345
|
+
dataType: "string";
|
|
6346
|
+
columnType: "SQLiteText";
|
|
6347
|
+
data: string;
|
|
6348
|
+
driverParam: string;
|
|
6349
|
+
notNull: true;
|
|
6350
|
+
hasDefault: false;
|
|
6351
|
+
isPrimaryKey: true;
|
|
6352
|
+
isAutoincrement: false;
|
|
6353
|
+
hasRuntimeDefault: false;
|
|
6354
|
+
enumValues: [string, ...string[]];
|
|
6355
|
+
baseColumn: never;
|
|
6356
|
+
identity: undefined;
|
|
6357
|
+
generated: undefined;
|
|
6358
|
+
}, {}, {
|
|
6359
|
+
length: number | undefined;
|
|
6360
|
+
}>;
|
|
6361
|
+
type: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6362
|
+
name: "type";
|
|
6363
|
+
tableName: "kavach_stream_events";
|
|
6364
|
+
dataType: "string";
|
|
6365
|
+
columnType: "SQLiteText";
|
|
6366
|
+
data: string;
|
|
6367
|
+
driverParam: string;
|
|
6368
|
+
notNull: true;
|
|
6369
|
+
hasDefault: false;
|
|
6370
|
+
isPrimaryKey: false;
|
|
6371
|
+
isAutoincrement: false;
|
|
6372
|
+
hasRuntimeDefault: false;
|
|
6373
|
+
enumValues: [string, ...string[]];
|
|
6374
|
+
baseColumn: never;
|
|
6375
|
+
identity: undefined;
|
|
6376
|
+
generated: undefined;
|
|
6377
|
+
}, {}, {
|
|
6378
|
+
length: number | undefined;
|
|
6379
|
+
}>;
|
|
6380
|
+
timestamp: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6381
|
+
name: "timestamp";
|
|
6382
|
+
tableName: "kavach_stream_events";
|
|
6383
|
+
dataType: "date";
|
|
6384
|
+
columnType: "SQLiteTimestamp";
|
|
6385
|
+
data: Date;
|
|
6386
|
+
driverParam: number;
|
|
6387
|
+
notNull: true;
|
|
6388
|
+
hasDefault: false;
|
|
6389
|
+
isPrimaryKey: false;
|
|
6390
|
+
isAutoincrement: false;
|
|
6391
|
+
hasRuntimeDefault: false;
|
|
6392
|
+
enumValues: undefined;
|
|
6393
|
+
baseColumn: never;
|
|
6394
|
+
identity: undefined;
|
|
6395
|
+
generated: undefined;
|
|
6396
|
+
}, {}, {}>;
|
|
6397
|
+
data: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6398
|
+
name: "data";
|
|
6399
|
+
tableName: "kavach_stream_events";
|
|
6400
|
+
dataType: "json";
|
|
6401
|
+
columnType: "SQLiteTextJson";
|
|
6402
|
+
data: Record<string, unknown>;
|
|
6403
|
+
driverParam: string;
|
|
6404
|
+
notNull: true;
|
|
6405
|
+
hasDefault: false;
|
|
6406
|
+
isPrimaryKey: false;
|
|
6407
|
+
isAutoincrement: false;
|
|
6408
|
+
hasRuntimeDefault: false;
|
|
6409
|
+
enumValues: undefined;
|
|
6410
|
+
baseColumn: never;
|
|
6411
|
+
identity: undefined;
|
|
6412
|
+
generated: undefined;
|
|
6413
|
+
}, {}, {
|
|
6414
|
+
$type: Record<string, unknown>;
|
|
6415
|
+
}>;
|
|
6416
|
+
agentId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6417
|
+
name: "agent_id";
|
|
6418
|
+
tableName: "kavach_stream_events";
|
|
6419
|
+
dataType: "string";
|
|
6420
|
+
columnType: "SQLiteText";
|
|
6421
|
+
data: string;
|
|
6422
|
+
driverParam: string;
|
|
6423
|
+
notNull: false;
|
|
6424
|
+
hasDefault: false;
|
|
6425
|
+
isPrimaryKey: false;
|
|
6426
|
+
isAutoincrement: false;
|
|
6427
|
+
hasRuntimeDefault: false;
|
|
6428
|
+
enumValues: [string, ...string[]];
|
|
6429
|
+
baseColumn: never;
|
|
6430
|
+
identity: undefined;
|
|
6431
|
+
generated: undefined;
|
|
6432
|
+
}, {}, {
|
|
6433
|
+
length: number | undefined;
|
|
6434
|
+
}>;
|
|
6435
|
+
userId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6436
|
+
name: "user_id";
|
|
6437
|
+
tableName: "kavach_stream_events";
|
|
6438
|
+
dataType: "string";
|
|
6439
|
+
columnType: "SQLiteText";
|
|
6440
|
+
data: string;
|
|
6441
|
+
driverParam: string;
|
|
6442
|
+
notNull: false;
|
|
6443
|
+
hasDefault: false;
|
|
6444
|
+
isPrimaryKey: false;
|
|
6445
|
+
isAutoincrement: false;
|
|
6446
|
+
hasRuntimeDefault: false;
|
|
6447
|
+
enumValues: [string, ...string[]];
|
|
6448
|
+
baseColumn: never;
|
|
6449
|
+
identity: undefined;
|
|
6450
|
+
generated: undefined;
|
|
6451
|
+
}, {}, {
|
|
6452
|
+
length: number | undefined;
|
|
6453
|
+
}>;
|
|
6454
|
+
};
|
|
6455
|
+
dialect: "sqlite";
|
|
6456
|
+
}>;
|
|
6457
|
+
declare const jwtRefreshTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6458
|
+
name: "kavach_jwt_refresh_tokens";
|
|
6459
|
+
schema: undefined;
|
|
6460
|
+
columns: {
|
|
6461
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6462
|
+
name: "id";
|
|
6463
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6464
|
+
dataType: "string";
|
|
6465
|
+
columnType: "SQLiteText";
|
|
6466
|
+
data: string;
|
|
6467
|
+
driverParam: string;
|
|
6468
|
+
notNull: true;
|
|
6469
|
+
hasDefault: false;
|
|
6470
|
+
isPrimaryKey: true;
|
|
6471
|
+
isAutoincrement: false;
|
|
6472
|
+
hasRuntimeDefault: false;
|
|
6473
|
+
enumValues: [string, ...string[]];
|
|
6474
|
+
baseColumn: never;
|
|
6475
|
+
identity: undefined;
|
|
6476
|
+
generated: undefined;
|
|
6477
|
+
}, {}, {
|
|
6478
|
+
length: number | undefined;
|
|
6479
|
+
}>;
|
|
6480
|
+
tokenHash: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6481
|
+
name: "token_hash";
|
|
6482
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6483
|
+
dataType: "string";
|
|
6484
|
+
columnType: "SQLiteText";
|
|
6485
|
+
data: string;
|
|
6486
|
+
driverParam: string;
|
|
6487
|
+
notNull: true;
|
|
6488
|
+
hasDefault: false;
|
|
6489
|
+
isPrimaryKey: false;
|
|
6490
|
+
isAutoincrement: false;
|
|
6491
|
+
hasRuntimeDefault: false;
|
|
6492
|
+
enumValues: [string, ...string[]];
|
|
6493
|
+
baseColumn: never;
|
|
6494
|
+
identity: undefined;
|
|
6495
|
+
generated: undefined;
|
|
6496
|
+
}, {}, {
|
|
6497
|
+
length: number | undefined;
|
|
6498
|
+
}>;
|
|
6499
|
+
userId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6500
|
+
name: "user_id";
|
|
6501
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6502
|
+
dataType: "string";
|
|
6503
|
+
columnType: "SQLiteText";
|
|
6504
|
+
data: string;
|
|
6505
|
+
driverParam: string;
|
|
6506
|
+
notNull: true;
|
|
6507
|
+
hasDefault: false;
|
|
6508
|
+
isPrimaryKey: false;
|
|
6509
|
+
isAutoincrement: false;
|
|
6510
|
+
hasRuntimeDefault: false;
|
|
6511
|
+
enumValues: [string, ...string[]];
|
|
6512
|
+
baseColumn: never;
|
|
6513
|
+
identity: undefined;
|
|
6514
|
+
generated: undefined;
|
|
6515
|
+
}, {}, {
|
|
6516
|
+
length: number | undefined;
|
|
6517
|
+
}>;
|
|
6518
|
+
used: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6519
|
+
name: "used";
|
|
6520
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6521
|
+
dataType: "boolean";
|
|
6522
|
+
columnType: "SQLiteBoolean";
|
|
6523
|
+
data: boolean;
|
|
6524
|
+
driverParam: number;
|
|
6525
|
+
notNull: true;
|
|
6526
|
+
hasDefault: true;
|
|
6527
|
+
isPrimaryKey: false;
|
|
6528
|
+
isAutoincrement: false;
|
|
6529
|
+
hasRuntimeDefault: false;
|
|
6530
|
+
enumValues: undefined;
|
|
6531
|
+
baseColumn: never;
|
|
6532
|
+
identity: undefined;
|
|
6533
|
+
generated: undefined;
|
|
6534
|
+
}, {}, {}>;
|
|
6535
|
+
expiresAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6536
|
+
name: "expires_at";
|
|
6537
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6538
|
+
dataType: "date";
|
|
6539
|
+
columnType: "SQLiteTimestamp";
|
|
6540
|
+
data: Date;
|
|
6541
|
+
driverParam: number;
|
|
6542
|
+
notNull: true;
|
|
6543
|
+
hasDefault: false;
|
|
6544
|
+
isPrimaryKey: false;
|
|
6545
|
+
isAutoincrement: false;
|
|
6546
|
+
hasRuntimeDefault: false;
|
|
6547
|
+
enumValues: undefined;
|
|
6548
|
+
baseColumn: never;
|
|
6549
|
+
identity: undefined;
|
|
6550
|
+
generated: undefined;
|
|
6551
|
+
}, {}, {}>;
|
|
6552
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6553
|
+
name: "created_at";
|
|
6554
|
+
tableName: "kavach_jwt_refresh_tokens";
|
|
6555
|
+
dataType: "date";
|
|
6556
|
+
columnType: "SQLiteTimestamp";
|
|
6557
|
+
data: Date;
|
|
6558
|
+
driverParam: number;
|
|
6559
|
+
notNull: true;
|
|
6560
|
+
hasDefault: false;
|
|
6561
|
+
isPrimaryKey: false;
|
|
6562
|
+
isAutoincrement: false;
|
|
6563
|
+
hasRuntimeDefault: false;
|
|
6564
|
+
enumValues: undefined;
|
|
6565
|
+
baseColumn: never;
|
|
6566
|
+
identity: undefined;
|
|
6567
|
+
generated: undefined;
|
|
6568
|
+
}, {}, {}>;
|
|
6569
|
+
};
|
|
6570
|
+
dialect: "sqlite";
|
|
6571
|
+
}>;
|
|
6572
|
+
declare const rebacResources: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6573
|
+
name: "kavach_rebac_resources";
|
|
6574
|
+
schema: undefined;
|
|
6575
|
+
columns: {
|
|
6576
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6577
|
+
name: "id";
|
|
6578
|
+
tableName: "kavach_rebac_resources";
|
|
6579
|
+
dataType: "string";
|
|
6580
|
+
columnType: "SQLiteText";
|
|
6581
|
+
data: string;
|
|
6582
|
+
driverParam: string;
|
|
6583
|
+
notNull: true;
|
|
6584
|
+
hasDefault: false;
|
|
6585
|
+
isPrimaryKey: true;
|
|
6586
|
+
isAutoincrement: false;
|
|
6587
|
+
hasRuntimeDefault: false;
|
|
6588
|
+
enumValues: [string, ...string[]];
|
|
6589
|
+
baseColumn: never;
|
|
6590
|
+
identity: undefined;
|
|
6591
|
+
generated: undefined;
|
|
6592
|
+
}, {}, {
|
|
6593
|
+
length: number | undefined;
|
|
6594
|
+
}>;
|
|
6595
|
+
type: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6596
|
+
name: "type";
|
|
6597
|
+
tableName: "kavach_rebac_resources";
|
|
6598
|
+
dataType: "string";
|
|
6599
|
+
columnType: "SQLiteText";
|
|
6600
|
+
data: string;
|
|
6601
|
+
driverParam: string;
|
|
6602
|
+
notNull: true;
|
|
6603
|
+
hasDefault: false;
|
|
6604
|
+
isPrimaryKey: false;
|
|
6605
|
+
isAutoincrement: false;
|
|
6606
|
+
hasRuntimeDefault: false;
|
|
6607
|
+
enumValues: [string, ...string[]];
|
|
6608
|
+
baseColumn: never;
|
|
6609
|
+
identity: undefined;
|
|
6610
|
+
generated: undefined;
|
|
6611
|
+
}, {}, {
|
|
6612
|
+
length: number | undefined;
|
|
6613
|
+
}>;
|
|
6614
|
+
parentId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6615
|
+
name: "parent_id";
|
|
6616
|
+
tableName: "kavach_rebac_resources";
|
|
6617
|
+
dataType: "string";
|
|
6618
|
+
columnType: "SQLiteText";
|
|
6619
|
+
data: string;
|
|
6620
|
+
driverParam: string;
|
|
6621
|
+
notNull: false;
|
|
6622
|
+
hasDefault: false;
|
|
6623
|
+
isPrimaryKey: false;
|
|
6624
|
+
isAutoincrement: false;
|
|
6625
|
+
hasRuntimeDefault: false;
|
|
6626
|
+
enumValues: [string, ...string[]];
|
|
6627
|
+
baseColumn: never;
|
|
6628
|
+
identity: undefined;
|
|
6629
|
+
generated: undefined;
|
|
6630
|
+
}, {}, {
|
|
6631
|
+
length: number | undefined;
|
|
6632
|
+
}>;
|
|
6633
|
+
parentType: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6634
|
+
name: "parent_type";
|
|
6635
|
+
tableName: "kavach_rebac_resources";
|
|
6636
|
+
dataType: "string";
|
|
6637
|
+
columnType: "SQLiteText";
|
|
6638
|
+
data: string;
|
|
6639
|
+
driverParam: string;
|
|
6640
|
+
notNull: false;
|
|
6641
|
+
hasDefault: false;
|
|
6642
|
+
isPrimaryKey: false;
|
|
6643
|
+
isAutoincrement: false;
|
|
6644
|
+
hasRuntimeDefault: false;
|
|
6645
|
+
enumValues: [string, ...string[]];
|
|
6646
|
+
baseColumn: never;
|
|
6647
|
+
identity: undefined;
|
|
6648
|
+
generated: undefined;
|
|
6649
|
+
}, {}, {
|
|
6650
|
+
length: number | undefined;
|
|
6651
|
+
}>;
|
|
6652
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6653
|
+
name: "created_at";
|
|
6654
|
+
tableName: "kavach_rebac_resources";
|
|
6655
|
+
dataType: "date";
|
|
6656
|
+
columnType: "SQLiteTimestamp";
|
|
6657
|
+
data: Date;
|
|
6658
|
+
driverParam: number;
|
|
6659
|
+
notNull: true;
|
|
6660
|
+
hasDefault: false;
|
|
6661
|
+
isPrimaryKey: false;
|
|
6662
|
+
isAutoincrement: false;
|
|
6663
|
+
hasRuntimeDefault: false;
|
|
6664
|
+
enumValues: undefined;
|
|
6665
|
+
baseColumn: never;
|
|
6666
|
+
identity: undefined;
|
|
6667
|
+
generated: undefined;
|
|
6668
|
+
}, {}, {}>;
|
|
6669
|
+
};
|
|
6670
|
+
dialect: "sqlite";
|
|
6671
|
+
}>;
|
|
6672
|
+
declare const rebacRelationships: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6673
|
+
name: "kavach_rebac_relationships";
|
|
6674
|
+
schema: undefined;
|
|
6675
|
+
columns: {
|
|
6676
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6677
|
+
name: "id";
|
|
6678
|
+
tableName: "kavach_rebac_relationships";
|
|
6679
|
+
dataType: "string";
|
|
6680
|
+
columnType: "SQLiteText";
|
|
6681
|
+
data: string;
|
|
6682
|
+
driverParam: string;
|
|
6683
|
+
notNull: true;
|
|
6684
|
+
hasDefault: false;
|
|
6685
|
+
isPrimaryKey: true;
|
|
6686
|
+
isAutoincrement: false;
|
|
6687
|
+
hasRuntimeDefault: false;
|
|
6688
|
+
enumValues: [string, ...string[]];
|
|
6689
|
+
baseColumn: never;
|
|
6690
|
+
identity: undefined;
|
|
6691
|
+
generated: undefined;
|
|
6692
|
+
}, {}, {
|
|
6693
|
+
length: number | undefined;
|
|
6694
|
+
}>;
|
|
6695
|
+
subjectType: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6696
|
+
name: "subject_type";
|
|
6697
|
+
tableName: "kavach_rebac_relationships";
|
|
6698
|
+
dataType: "string";
|
|
6699
|
+
columnType: "SQLiteText";
|
|
6700
|
+
data: string;
|
|
6701
|
+
driverParam: string;
|
|
6702
|
+
notNull: true;
|
|
6703
|
+
hasDefault: false;
|
|
6704
|
+
isPrimaryKey: false;
|
|
6705
|
+
isAutoincrement: false;
|
|
6706
|
+
hasRuntimeDefault: false;
|
|
6707
|
+
enumValues: [string, ...string[]];
|
|
6708
|
+
baseColumn: never;
|
|
6709
|
+
identity: undefined;
|
|
6710
|
+
generated: undefined;
|
|
6711
|
+
}, {}, {
|
|
6712
|
+
length: number | undefined;
|
|
6713
|
+
}>;
|
|
6714
|
+
subjectId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6715
|
+
name: "subject_id";
|
|
6716
|
+
tableName: "kavach_rebac_relationships";
|
|
6717
|
+
dataType: "string";
|
|
6718
|
+
columnType: "SQLiteText";
|
|
6719
|
+
data: string;
|
|
6720
|
+
driverParam: string;
|
|
6721
|
+
notNull: true;
|
|
6722
|
+
hasDefault: false;
|
|
6723
|
+
isPrimaryKey: false;
|
|
6724
|
+
isAutoincrement: false;
|
|
6725
|
+
hasRuntimeDefault: false;
|
|
6726
|
+
enumValues: [string, ...string[]];
|
|
6727
|
+
baseColumn: never;
|
|
6728
|
+
identity: undefined;
|
|
6729
|
+
generated: undefined;
|
|
6730
|
+
}, {}, {
|
|
6731
|
+
length: number | undefined;
|
|
6732
|
+
}>;
|
|
6733
|
+
relation: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6734
|
+
name: "relation";
|
|
6735
|
+
tableName: "kavach_rebac_relationships";
|
|
6736
|
+
dataType: "string";
|
|
6737
|
+
columnType: "SQLiteText";
|
|
6738
|
+
data: string;
|
|
6739
|
+
driverParam: string;
|
|
6740
|
+
notNull: true;
|
|
6741
|
+
hasDefault: false;
|
|
6742
|
+
isPrimaryKey: false;
|
|
6743
|
+
isAutoincrement: false;
|
|
6744
|
+
hasRuntimeDefault: false;
|
|
6745
|
+
enumValues: [string, ...string[]];
|
|
6746
|
+
baseColumn: never;
|
|
6747
|
+
identity: undefined;
|
|
6748
|
+
generated: undefined;
|
|
6749
|
+
}, {}, {
|
|
6750
|
+
length: number | undefined;
|
|
6751
|
+
}>;
|
|
6752
|
+
objectType: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6753
|
+
name: "object_type";
|
|
6754
|
+
tableName: "kavach_rebac_relationships";
|
|
6755
|
+
dataType: "string";
|
|
6756
|
+
columnType: "SQLiteText";
|
|
6757
|
+
data: string;
|
|
6758
|
+
driverParam: string;
|
|
6759
|
+
notNull: true;
|
|
6760
|
+
hasDefault: false;
|
|
6761
|
+
isPrimaryKey: false;
|
|
6762
|
+
isAutoincrement: false;
|
|
6763
|
+
hasRuntimeDefault: false;
|
|
6764
|
+
enumValues: [string, ...string[]];
|
|
6765
|
+
baseColumn: never;
|
|
6766
|
+
identity: undefined;
|
|
6767
|
+
generated: undefined;
|
|
6768
|
+
}, {}, {
|
|
6769
|
+
length: number | undefined;
|
|
6770
|
+
}>;
|
|
6771
|
+
objectId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6772
|
+
name: "object_id";
|
|
6773
|
+
tableName: "kavach_rebac_relationships";
|
|
6774
|
+
dataType: "string";
|
|
6775
|
+
columnType: "SQLiteText";
|
|
6776
|
+
data: string;
|
|
6777
|
+
driverParam: string;
|
|
6778
|
+
notNull: true;
|
|
6779
|
+
hasDefault: false;
|
|
6780
|
+
isPrimaryKey: false;
|
|
6781
|
+
isAutoincrement: false;
|
|
6782
|
+
hasRuntimeDefault: false;
|
|
6783
|
+
enumValues: [string, ...string[]];
|
|
6784
|
+
baseColumn: never;
|
|
6785
|
+
identity: undefined;
|
|
6786
|
+
generated: undefined;
|
|
6787
|
+
}, {}, {
|
|
6788
|
+
length: number | undefined;
|
|
6789
|
+
}>;
|
|
6790
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6791
|
+
name: "created_at";
|
|
6792
|
+
tableName: "kavach_rebac_relationships";
|
|
6793
|
+
dataType: "date";
|
|
6794
|
+
columnType: "SQLiteTimestamp";
|
|
6795
|
+
data: Date;
|
|
6796
|
+
driverParam: number;
|
|
6797
|
+
notNull: true;
|
|
6798
|
+
hasDefault: false;
|
|
6799
|
+
isPrimaryKey: false;
|
|
6800
|
+
isAutoincrement: false;
|
|
6801
|
+
hasRuntimeDefault: false;
|
|
6802
|
+
enumValues: undefined;
|
|
6803
|
+
baseColumn: never;
|
|
6804
|
+
identity: undefined;
|
|
6805
|
+
generated: undefined;
|
|
6806
|
+
}, {}, {}>;
|
|
6807
|
+
};
|
|
6808
|
+
dialect: "sqlite";
|
|
6809
|
+
}>;
|
|
6810
|
+
declare const federationInstances: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6811
|
+
name: "kavach_federation_instances";
|
|
6812
|
+
schema: undefined;
|
|
6813
|
+
columns: {
|
|
6814
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6815
|
+
name: "id";
|
|
6816
|
+
tableName: "kavach_federation_instances";
|
|
6817
|
+
dataType: "string";
|
|
6818
|
+
columnType: "SQLiteText";
|
|
6819
|
+
data: string;
|
|
6820
|
+
driverParam: string;
|
|
6821
|
+
notNull: true;
|
|
6822
|
+
hasDefault: false;
|
|
6823
|
+
isPrimaryKey: true;
|
|
6824
|
+
isAutoincrement: false;
|
|
6825
|
+
hasRuntimeDefault: false;
|
|
6826
|
+
enumValues: [string, ...string[]];
|
|
6827
|
+
baseColumn: never;
|
|
6828
|
+
identity: undefined;
|
|
6829
|
+
generated: undefined;
|
|
6830
|
+
}, {}, {
|
|
6831
|
+
length: number | undefined;
|
|
6832
|
+
}>;
|
|
6833
|
+
instanceId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6834
|
+
name: "instance_id";
|
|
6835
|
+
tableName: "kavach_federation_instances";
|
|
6836
|
+
dataType: "string";
|
|
6837
|
+
columnType: "SQLiteText";
|
|
6838
|
+
data: string;
|
|
6839
|
+
driverParam: string;
|
|
6840
|
+
notNull: true;
|
|
6841
|
+
hasDefault: false;
|
|
6842
|
+
isPrimaryKey: false;
|
|
6843
|
+
isAutoincrement: false;
|
|
6844
|
+
hasRuntimeDefault: false;
|
|
6845
|
+
enumValues: [string, ...string[]];
|
|
6846
|
+
baseColumn: never;
|
|
6847
|
+
identity: undefined;
|
|
6848
|
+
generated: undefined;
|
|
6849
|
+
}, {}, {
|
|
6850
|
+
length: number | undefined;
|
|
6851
|
+
}>;
|
|
6852
|
+
instanceUrl: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6853
|
+
name: "instance_url";
|
|
6854
|
+
tableName: "kavach_federation_instances";
|
|
6855
|
+
dataType: "string";
|
|
6856
|
+
columnType: "SQLiteText";
|
|
6857
|
+
data: string;
|
|
6858
|
+
driverParam: string;
|
|
6859
|
+
notNull: true;
|
|
6860
|
+
hasDefault: false;
|
|
6861
|
+
isPrimaryKey: false;
|
|
6862
|
+
isAutoincrement: false;
|
|
6863
|
+
hasRuntimeDefault: false;
|
|
6864
|
+
enumValues: [string, ...string[]];
|
|
6865
|
+
baseColumn: never;
|
|
6866
|
+
identity: undefined;
|
|
6867
|
+
generated: undefined;
|
|
6868
|
+
}, {}, {
|
|
6869
|
+
length: number | undefined;
|
|
6870
|
+
}>;
|
|
6871
|
+
publicKeyJwk: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6872
|
+
name: "public_key_jwk";
|
|
6873
|
+
tableName: "kavach_federation_instances";
|
|
6874
|
+
dataType: "string";
|
|
6875
|
+
columnType: "SQLiteText";
|
|
6876
|
+
data: string;
|
|
6877
|
+
driverParam: string;
|
|
6878
|
+
notNull: false;
|
|
6879
|
+
hasDefault: false;
|
|
6880
|
+
isPrimaryKey: false;
|
|
6881
|
+
isAutoincrement: false;
|
|
6882
|
+
hasRuntimeDefault: false;
|
|
6883
|
+
enumValues: [string, ...string[]];
|
|
6884
|
+
baseColumn: never;
|
|
6885
|
+
identity: undefined;
|
|
6886
|
+
generated: undefined;
|
|
6887
|
+
}, {}, {
|
|
6888
|
+
length: number | undefined;
|
|
6889
|
+
}>;
|
|
6890
|
+
trustLevel: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6891
|
+
name: "trust_level";
|
|
6892
|
+
tableName: "kavach_federation_instances";
|
|
6893
|
+
dataType: "string";
|
|
6894
|
+
columnType: "SQLiteText";
|
|
6895
|
+
data: "limited" | "full" | "verify-only";
|
|
6896
|
+
driverParam: string;
|
|
6897
|
+
notNull: true;
|
|
6898
|
+
hasDefault: true;
|
|
6899
|
+
isPrimaryKey: false;
|
|
6900
|
+
isAutoincrement: false;
|
|
6901
|
+
hasRuntimeDefault: false;
|
|
6902
|
+
enumValues: ["full", "limited", "verify-only"];
|
|
6903
|
+
baseColumn: never;
|
|
6904
|
+
identity: undefined;
|
|
6905
|
+
generated: undefined;
|
|
6906
|
+
}, {}, {
|
|
6907
|
+
length: number | undefined;
|
|
6908
|
+
}>;
|
|
6909
|
+
discoveredAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6910
|
+
name: "discovered_at";
|
|
6911
|
+
tableName: "kavach_federation_instances";
|
|
6912
|
+
dataType: "date";
|
|
6913
|
+
columnType: "SQLiteTimestamp";
|
|
6914
|
+
data: Date;
|
|
6915
|
+
driverParam: number;
|
|
6916
|
+
notNull: false;
|
|
6917
|
+
hasDefault: false;
|
|
6918
|
+
isPrimaryKey: false;
|
|
6919
|
+
isAutoincrement: false;
|
|
6920
|
+
hasRuntimeDefault: false;
|
|
6921
|
+
enumValues: undefined;
|
|
6922
|
+
baseColumn: never;
|
|
6923
|
+
identity: undefined;
|
|
6924
|
+
generated: undefined;
|
|
6925
|
+
}, {}, {}>;
|
|
6926
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6927
|
+
name: "created_at";
|
|
6928
|
+
tableName: "kavach_federation_instances";
|
|
6929
|
+
dataType: "date";
|
|
6930
|
+
columnType: "SQLiteTimestamp";
|
|
6931
|
+
data: Date;
|
|
6932
|
+
driverParam: number;
|
|
6933
|
+
notNull: true;
|
|
6934
|
+
hasDefault: false;
|
|
6935
|
+
isPrimaryKey: false;
|
|
6936
|
+
isAutoincrement: false;
|
|
6937
|
+
hasRuntimeDefault: false;
|
|
6938
|
+
enumValues: undefined;
|
|
6939
|
+
baseColumn: never;
|
|
6940
|
+
identity: undefined;
|
|
6941
|
+
generated: undefined;
|
|
6942
|
+
}, {}, {}>;
|
|
6943
|
+
updatedAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6944
|
+
name: "updated_at";
|
|
6945
|
+
tableName: "kavach_federation_instances";
|
|
6946
|
+
dataType: "date";
|
|
6947
|
+
columnType: "SQLiteTimestamp";
|
|
6948
|
+
data: Date;
|
|
6949
|
+
driverParam: number;
|
|
6950
|
+
notNull: true;
|
|
6951
|
+
hasDefault: false;
|
|
6952
|
+
isPrimaryKey: false;
|
|
6953
|
+
isAutoincrement: false;
|
|
6954
|
+
hasRuntimeDefault: false;
|
|
6955
|
+
enumValues: undefined;
|
|
6956
|
+
baseColumn: never;
|
|
6957
|
+
identity: undefined;
|
|
6958
|
+
generated: undefined;
|
|
6959
|
+
}, {}, {}>;
|
|
6960
|
+
};
|
|
6961
|
+
dialect: "sqlite";
|
|
6962
|
+
}>;
|
|
6963
|
+
declare const federationTokens: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
6964
|
+
name: "kavach_federation_tokens";
|
|
6965
|
+
schema: undefined;
|
|
6966
|
+
columns: {
|
|
6967
|
+
id: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6968
|
+
name: "id";
|
|
6969
|
+
tableName: "kavach_federation_tokens";
|
|
6970
|
+
dataType: "string";
|
|
6971
|
+
columnType: "SQLiteText";
|
|
6972
|
+
data: string;
|
|
6973
|
+
driverParam: string;
|
|
6974
|
+
notNull: true;
|
|
6975
|
+
hasDefault: false;
|
|
6976
|
+
isPrimaryKey: true;
|
|
6977
|
+
isAutoincrement: false;
|
|
6978
|
+
hasRuntimeDefault: false;
|
|
6979
|
+
enumValues: [string, ...string[]];
|
|
6980
|
+
baseColumn: never;
|
|
6981
|
+
identity: undefined;
|
|
6982
|
+
generated: undefined;
|
|
6983
|
+
}, {}, {
|
|
6984
|
+
length: number | undefined;
|
|
6985
|
+
}>;
|
|
6986
|
+
tokenJti: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
6987
|
+
name: "token_jti";
|
|
6988
|
+
tableName: "kavach_federation_tokens";
|
|
6989
|
+
dataType: "string";
|
|
6990
|
+
columnType: "SQLiteText";
|
|
6991
|
+
data: string;
|
|
6992
|
+
driverParam: string;
|
|
6993
|
+
notNull: true;
|
|
6994
|
+
hasDefault: false;
|
|
6995
|
+
isPrimaryKey: false;
|
|
6996
|
+
isAutoincrement: false;
|
|
6997
|
+
hasRuntimeDefault: false;
|
|
6998
|
+
enumValues: [string, ...string[]];
|
|
6999
|
+
baseColumn: never;
|
|
7000
|
+
identity: undefined;
|
|
7001
|
+
generated: undefined;
|
|
7002
|
+
}, {}, {
|
|
7003
|
+
length: number | undefined;
|
|
7004
|
+
}>;
|
|
7005
|
+
agentId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7006
|
+
name: "agent_id";
|
|
7007
|
+
tableName: "kavach_federation_tokens";
|
|
7008
|
+
dataType: "string";
|
|
7009
|
+
columnType: "SQLiteText";
|
|
7010
|
+
data: string;
|
|
7011
|
+
driverParam: string;
|
|
7012
|
+
notNull: true;
|
|
7013
|
+
hasDefault: false;
|
|
7014
|
+
isPrimaryKey: false;
|
|
7015
|
+
isAutoincrement: false;
|
|
7016
|
+
hasRuntimeDefault: false;
|
|
7017
|
+
enumValues: [string, ...string[]];
|
|
7018
|
+
baseColumn: never;
|
|
7019
|
+
identity: undefined;
|
|
7020
|
+
generated: undefined;
|
|
7021
|
+
}, {}, {
|
|
7022
|
+
length: number | undefined;
|
|
7023
|
+
}>;
|
|
7024
|
+
sourceInstanceId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7025
|
+
name: "source_instance_id";
|
|
7026
|
+
tableName: "kavach_federation_tokens";
|
|
7027
|
+
dataType: "string";
|
|
7028
|
+
columnType: "SQLiteText";
|
|
7029
|
+
data: string;
|
|
7030
|
+
driverParam: string;
|
|
7031
|
+
notNull: true;
|
|
7032
|
+
hasDefault: false;
|
|
7033
|
+
isPrimaryKey: false;
|
|
7034
|
+
isAutoincrement: false;
|
|
7035
|
+
hasRuntimeDefault: false;
|
|
7036
|
+
enumValues: [string, ...string[]];
|
|
7037
|
+
baseColumn: never;
|
|
7038
|
+
identity: undefined;
|
|
7039
|
+
generated: undefined;
|
|
7040
|
+
}, {}, {
|
|
7041
|
+
length: number | undefined;
|
|
7042
|
+
}>;
|
|
7043
|
+
targetInstanceId: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7044
|
+
name: "target_instance_id";
|
|
7045
|
+
tableName: "kavach_federation_tokens";
|
|
7046
|
+
dataType: "string";
|
|
7047
|
+
columnType: "SQLiteText";
|
|
7048
|
+
data: string;
|
|
7049
|
+
driverParam: string;
|
|
7050
|
+
notNull: false;
|
|
7051
|
+
hasDefault: false;
|
|
7052
|
+
isPrimaryKey: false;
|
|
7053
|
+
isAutoincrement: false;
|
|
7054
|
+
hasRuntimeDefault: false;
|
|
7055
|
+
enumValues: [string, ...string[]];
|
|
7056
|
+
baseColumn: never;
|
|
7057
|
+
identity: undefined;
|
|
7058
|
+
generated: undefined;
|
|
7059
|
+
}, {}, {
|
|
7060
|
+
length: number | undefined;
|
|
7061
|
+
}>;
|
|
7062
|
+
direction: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7063
|
+
name: "direction";
|
|
7064
|
+
tableName: "kavach_federation_tokens";
|
|
7065
|
+
dataType: "string";
|
|
7066
|
+
columnType: "SQLiteText";
|
|
7067
|
+
data: "issued" | "received";
|
|
7068
|
+
driverParam: string;
|
|
7069
|
+
notNull: true;
|
|
7070
|
+
hasDefault: false;
|
|
7071
|
+
isPrimaryKey: false;
|
|
7072
|
+
isAutoincrement: false;
|
|
7073
|
+
hasRuntimeDefault: false;
|
|
7074
|
+
enumValues: ["issued", "received"];
|
|
7075
|
+
baseColumn: never;
|
|
7076
|
+
identity: undefined;
|
|
7077
|
+
generated: undefined;
|
|
7078
|
+
}, {}, {
|
|
7079
|
+
length: number | undefined;
|
|
7080
|
+
}>;
|
|
7081
|
+
permissions: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7082
|
+
name: "permissions";
|
|
7083
|
+
tableName: "kavach_federation_tokens";
|
|
7084
|
+
dataType: "json";
|
|
7085
|
+
columnType: "SQLiteTextJson";
|
|
7086
|
+
data: string[];
|
|
7087
|
+
driverParam: string;
|
|
7088
|
+
notNull: true;
|
|
7089
|
+
hasDefault: false;
|
|
7090
|
+
isPrimaryKey: false;
|
|
7091
|
+
isAutoincrement: false;
|
|
7092
|
+
hasRuntimeDefault: false;
|
|
7093
|
+
enumValues: undefined;
|
|
7094
|
+
baseColumn: never;
|
|
7095
|
+
identity: undefined;
|
|
7096
|
+
generated: undefined;
|
|
7097
|
+
}, {}, {
|
|
7098
|
+
$type: string[];
|
|
7099
|
+
}>;
|
|
7100
|
+
trustScore: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7101
|
+
name: "trust_score";
|
|
7102
|
+
tableName: "kavach_federation_tokens";
|
|
7103
|
+
dataType: "number";
|
|
7104
|
+
columnType: "SQLiteInteger";
|
|
7105
|
+
data: number;
|
|
7106
|
+
driverParam: number;
|
|
7107
|
+
notNull: false;
|
|
7108
|
+
hasDefault: false;
|
|
7109
|
+
isPrimaryKey: false;
|
|
7110
|
+
isAutoincrement: false;
|
|
7111
|
+
hasRuntimeDefault: false;
|
|
7112
|
+
enumValues: undefined;
|
|
7113
|
+
baseColumn: never;
|
|
7114
|
+
identity: undefined;
|
|
7115
|
+
generated: undefined;
|
|
7116
|
+
}, {}, {}>;
|
|
7117
|
+
expiresAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7118
|
+
name: "expires_at";
|
|
7119
|
+
tableName: "kavach_federation_tokens";
|
|
7120
|
+
dataType: "date";
|
|
7121
|
+
columnType: "SQLiteTimestamp";
|
|
7122
|
+
data: Date;
|
|
7123
|
+
driverParam: number;
|
|
7124
|
+
notNull: true;
|
|
7125
|
+
hasDefault: false;
|
|
7126
|
+
isPrimaryKey: false;
|
|
7127
|
+
isAutoincrement: false;
|
|
7128
|
+
hasRuntimeDefault: false;
|
|
7129
|
+
enumValues: undefined;
|
|
7130
|
+
baseColumn: never;
|
|
7131
|
+
identity: undefined;
|
|
7132
|
+
generated: undefined;
|
|
7133
|
+
}, {}, {}>;
|
|
7134
|
+
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
7135
|
+
name: "created_at";
|
|
7136
|
+
tableName: "kavach_federation_tokens";
|
|
7137
|
+
dataType: "date";
|
|
7138
|
+
columnType: "SQLiteTimestamp";
|
|
7139
|
+
data: Date;
|
|
7140
|
+
driverParam: number;
|
|
7141
|
+
notNull: true;
|
|
7142
|
+
hasDefault: false;
|
|
7143
|
+
isPrimaryKey: false;
|
|
7144
|
+
isAutoincrement: false;
|
|
7145
|
+
hasRuntimeDefault: false;
|
|
7146
|
+
enumValues: undefined;
|
|
7147
|
+
baseColumn: never;
|
|
7148
|
+
identity: undefined;
|
|
7149
|
+
generated: undefined;
|
|
7150
|
+
}, {}, {}>;
|
|
7151
|
+
};
|
|
7152
|
+
dialect: "sqlite";
|
|
7153
|
+
}>;
|
|
7154
|
+
|
|
7155
|
+
declare const schema_agentCards: typeof agentCards;
|
|
7156
|
+
declare const schema_agentDids: typeof agentDids;
|
|
7157
|
+
declare const schema_agents: typeof agents;
|
|
7158
|
+
declare const schema_apiKeys: typeof apiKeys;
|
|
7159
|
+
declare const schema_approvalRequests: typeof approvalRequests;
|
|
7160
|
+
declare const schema_auditLogs: typeof auditLogs;
|
|
7161
|
+
declare const schema_budgetPolicies: typeof budgetPolicies;
|
|
7162
|
+
declare const schema_costEvents: typeof costEvents;
|
|
7163
|
+
declare const schema_delegationChains: typeof delegationChains;
|
|
7164
|
+
declare const schema_emailOtps: typeof emailOtps;
|
|
7165
|
+
declare const schema_ephemeralSessions: typeof ephemeralSessions;
|
|
7166
|
+
declare const schema_federationInstances: typeof federationInstances;
|
|
7167
|
+
declare const schema_federationTokens: typeof federationTokens;
|
|
7168
|
+
declare const schema_jwtRefreshTokens: typeof jwtRefreshTokens;
|
|
7169
|
+
declare const schema_loginHistory: typeof loginHistory;
|
|
7170
|
+
declare const schema_magicLinks: typeof magicLinks;
|
|
7171
|
+
declare const schema_mcpServers: typeof mcpServers;
|
|
7172
|
+
declare const schema_oauthAccessTokens: typeof oauthAccessTokens;
|
|
7173
|
+
declare const schema_oauthAuthorizationCodes: typeof oauthAuthorizationCodes;
|
|
7174
|
+
declare const schema_oauthClients: typeof oauthClients;
|
|
7175
|
+
declare const schema_oidcAuthCodes: typeof oidcAuthCodes;
|
|
7176
|
+
declare const schema_oidcClients: typeof oidcClients;
|
|
7177
|
+
declare const schema_oidcRefreshTokens: typeof oidcRefreshTokens;
|
|
7178
|
+
declare const schema_oneTimeTokens: typeof oneTimeTokens;
|
|
7179
|
+
declare const schema_orgInvitations: typeof orgInvitations;
|
|
7180
|
+
declare const schema_orgMembers: typeof orgMembers;
|
|
7181
|
+
declare const schema_orgRoles: typeof orgRoles;
|
|
7182
|
+
declare const schema_organizations: typeof organizations;
|
|
7183
|
+
declare const schema_passkeyChallenges: typeof passkeyChallenges;
|
|
7184
|
+
declare const schema_passkeyCredentials: typeof passkeyCredentials;
|
|
7185
|
+
declare const schema_permissions: typeof permissions;
|
|
7186
|
+
declare const schema_phoneVerifications: typeof phoneVerifications;
|
|
7187
|
+
declare const schema_rateLimits: typeof rateLimits;
|
|
7188
|
+
declare const schema_rebacRelationships: typeof rebacRelationships;
|
|
7189
|
+
declare const schema_rebacResources: typeof rebacResources;
|
|
7190
|
+
declare const schema_sessions: typeof sessions;
|
|
7191
|
+
declare const schema_ssoConnections: typeof ssoConnections;
|
|
7192
|
+
declare const schema_streamEvents: typeof streamEvents;
|
|
7193
|
+
declare const schema_tenants: typeof tenants;
|
|
7194
|
+
declare const schema_totpRecords: typeof totpRecords;
|
|
7195
|
+
declare const schema_trustScores: typeof trustScores;
|
|
7196
|
+
declare const schema_trustedDevices: typeof trustedDevices;
|
|
7197
|
+
declare const schema_usernameAccounts: typeof usernameAccounts;
|
|
7198
|
+
declare const schema_users: typeof users;
|
|
7199
|
+
declare namespace schema {
|
|
7200
|
+
export { schema_agentCards as agentCards, schema_agentDids as agentDids, schema_agents as agents, schema_apiKeys as apiKeys, schema_approvalRequests as approvalRequests, schema_auditLogs as auditLogs, schema_budgetPolicies as budgetPolicies, schema_costEvents as costEvents, schema_delegationChains as delegationChains, schema_emailOtps as emailOtps, schema_ephemeralSessions as ephemeralSessions, schema_federationInstances as federationInstances, schema_federationTokens as federationTokens, schema_jwtRefreshTokens as jwtRefreshTokens, schema_loginHistory as loginHistory, schema_magicLinks as magicLinks, schema_mcpServers as mcpServers, schema_oauthAccessTokens as oauthAccessTokens, schema_oauthAuthorizationCodes as oauthAuthorizationCodes, schema_oauthClients as oauthClients, schema_oidcAuthCodes as oidcAuthCodes, schema_oidcClients as oidcClients, schema_oidcRefreshTokens as oidcRefreshTokens, schema_oneTimeTokens as oneTimeTokens, schema_orgInvitations as orgInvitations, schema_orgMembers as orgMembers, schema_orgRoles as orgRoles, schema_organizations as organizations, schema_passkeyChallenges as passkeyChallenges, schema_passkeyCredentials as passkeyCredentials, schema_permissions as permissions, schema_phoneVerifications as phoneVerifications, schema_rateLimits as rateLimits, schema_rebacRelationships as rebacRelationships, schema_rebacResources as rebacResources, schema_sessions as sessions, schema_ssoConnections as ssoConnections, schema_streamEvents as streamEvents, schema_tenants as tenants, schema_totpRecords as totpRecords, schema_trustScores as trustScores, schema_trustedDevices as trustedDevices, schema_usernameAccounts as usernameAccounts, schema_users as users };
|
|
7201
|
+
}
|
|
7202
|
+
|
|
7203
|
+
/** Minimal Cloudflare D1 interface for type compatibility */
|
|
7204
|
+
interface D1DatabaseBinding {
|
|
7205
|
+
prepare(query: string): D1PreparedStatement;
|
|
7206
|
+
batch<T = unknown>(statements: D1PreparedStatement[]): Promise<D1Result<T>[]>;
|
|
7207
|
+
exec(query: string): Promise<D1ExecResult>;
|
|
7208
|
+
}
|
|
7209
|
+
interface D1PreparedStatement {
|
|
7210
|
+
bind(...values: unknown[]): D1PreparedStatement;
|
|
7211
|
+
first<T = unknown>(colName?: string): Promise<T | null>;
|
|
7212
|
+
run<T = unknown>(): Promise<D1Result<T>>;
|
|
7213
|
+
all<T = unknown>(): Promise<D1Result<T>>;
|
|
7214
|
+
raw<T = unknown>(): Promise<T[]>;
|
|
7215
|
+
}
|
|
7216
|
+
interface D1Result<T = unknown> {
|
|
7217
|
+
results: T[];
|
|
7218
|
+
success: boolean;
|
|
7219
|
+
meta: Record<string, unknown>;
|
|
7220
|
+
}
|
|
7221
|
+
interface D1ExecResult {
|
|
7222
|
+
count: number;
|
|
7223
|
+
duration: number;
|
|
6097
7224
|
}
|
|
7225
|
+
/**
|
|
7226
|
+
* The fully-typed SQLite Drizzle database.
|
|
7227
|
+
* Postgres and MySQL connections are represented as `AnyDatabase` at the
|
|
7228
|
+
* adapter boundary because drizzle-orm exposes separate schema builders
|
|
7229
|
+
* (pg-core / mysql-core) that are incompatible with the SQLite schema
|
|
7230
|
+
* defined in schema.ts. Full multi-dialect Drizzle schema support is
|
|
7231
|
+
* planned for v0.2.0.
|
|
7232
|
+
*/
|
|
7233
|
+
type Database = BaseSQLiteDatabase<"sync" | "async", Record<string, unknown>, typeof schema>;
|
|
7234
|
+
type DatabaseConfig = {
|
|
7235
|
+
provider: "sqlite" | "postgres" | "mysql";
|
|
7236
|
+
/** Connection URL. Required for sqlite, postgres, and mysql. */
|
|
7237
|
+
url: string;
|
|
7238
|
+
/** Skip automatic table creation on init (default: false) */
|
|
7239
|
+
skipMigrations?: boolean;
|
|
7240
|
+
} | {
|
|
7241
|
+
provider: "d1";
|
|
7242
|
+
/** Cloudflare D1 binding from the Worker environment. Required when provider is "d1". */
|
|
7243
|
+
binding: D1DatabaseBinding;
|
|
7244
|
+
/** Skip automatic table creation on init (default: false) */
|
|
7245
|
+
skipMigrations?: boolean;
|
|
7246
|
+
};
|
|
6098
7247
|
/**
|
|
6099
7248
|
* Create a database connection.
|
|
6100
7249
|
*
|
|
6101
7250
|
* - **SQLite** – fully typed Drizzle ORM via `better-sqlite3` (current default).
|
|
6102
7251
|
* - **Postgres** – Drizzle connection via `drizzle-orm/node-postgres` + `pg` (peer dep).
|
|
6103
7252
|
* - **MySQL** – Drizzle connection via `drizzle-orm/mysql2` + `mysql2` (peer dep).
|
|
7253
|
+
* - **D1** – Drizzle connection via `drizzle-orm/d1` for Cloudflare Workers (peer dep).
|
|
6104
7254
|
*
|
|
6105
|
-
* For Postgres and
|
|
7255
|
+
* For Postgres, MySQL, and D1 the return value is typed as `Database` for source
|
|
6106
7256
|
* compatibility; the underlying Drizzle instance is created against the
|
|
6107
7257
|
* correct driver. Full pg-core / mysql-core schema typings are planned for v0.2.0.
|
|
6108
7258
|
*/
|
|
6109
|
-
declare function createDatabase(config: DatabaseConfig
|
|
7259
|
+
declare function createDatabase(config: DatabaseConfig): Promise<Database>;
|
|
6110
7260
|
/**
|
|
6111
7261
|
* Synchronous SQLite-only factory kept for backwards compatibility with code
|
|
6112
7262
|
* that cannot use async initialisation. Throws if a non-SQLite provider is
|
|
@@ -6114,7 +7264,7 @@ declare function createDatabase(config: DatabaseConfig$1): Promise<Database>;
|
|
|
6114
7264
|
*
|
|
6115
7265
|
* @deprecated Prefer the async `createDatabase()` which supports all providers.
|
|
6116
7266
|
*/
|
|
6117
|
-
declare function createDatabaseSync(config: DatabaseConfig
|
|
7267
|
+
declare function createDatabaseSync(config: DatabaseConfig): Database;
|
|
6118
7268
|
|
|
6119
7269
|
interface AgentConfig {
|
|
6120
7270
|
/** Enable agent identity management */
|
|
@@ -6538,6 +7688,199 @@ interface EmailOtpModule {
|
|
|
6538
7688
|
}
|
|
6539
7689
|
declare function createEmailOtpModule(config: EmailOtpConfig, db: Database, sessionManager: SessionManager): EmailOtpModule;
|
|
6540
7690
|
|
|
7691
|
+
/**
|
|
7692
|
+
* One-time token module for KavachOS.
|
|
7693
|
+
*
|
|
7694
|
+
* Issues single-use tokens for email verification, password resets,
|
|
7695
|
+
* invitations, and custom flows. The raw token is returned to the caller
|
|
7696
|
+
* once and never persisted — only a SHA-256 hash is stored. Tokens are
|
|
7697
|
+
* invalidated on first use or when they expire.
|
|
7698
|
+
*
|
|
7699
|
+
* @example
|
|
7700
|
+
* ```typescript
|
|
7701
|
+
* const tokens = createOneTimeTokenModule({}, db);
|
|
7702
|
+
*
|
|
7703
|
+
* // Create a password-reset token
|
|
7704
|
+
* const result = await tokens.createToken({
|
|
7705
|
+
* purpose: 'password-reset',
|
|
7706
|
+
* identifier: 'alice@example.com',
|
|
7707
|
+
* ttlSeconds: 1800,
|
|
7708
|
+
* });
|
|
7709
|
+
* if (result.success) {
|
|
7710
|
+
* await mailer.send({ to: 'alice@example.com', token: result.data.token });
|
|
7711
|
+
* }
|
|
7712
|
+
*
|
|
7713
|
+
* // Validate (and consume) on the reset page
|
|
7714
|
+
* const validation = await tokens.validateToken(incomingToken, 'password-reset');
|
|
7715
|
+
* if (validation.success) {
|
|
7716
|
+
* // validation.data.identifier === 'alice@example.com'
|
|
7717
|
+
* }
|
|
7718
|
+
* ```
|
|
7719
|
+
*/
|
|
7720
|
+
|
|
7721
|
+
/** Token purpose discriminator. Use 'custom' for any application-specific flow. */
|
|
7722
|
+
type OneTimeTokenPurpose = "email-verify" | "password-reset" | "invitation" | "custom";
|
|
7723
|
+
interface OneTimeTokenConfig {
|
|
7724
|
+
/** Default TTL in seconds when none is specified per-call. Default: 3600 (1 hour). */
|
|
7725
|
+
defaultTtlSeconds?: number;
|
|
7726
|
+
}
|
|
7727
|
+
interface CreateTokenInput {
|
|
7728
|
+
purpose: OneTimeTokenPurpose;
|
|
7729
|
+
/** Email address, user ID, or any caller-supplied key that scopes the token. */
|
|
7730
|
+
identifier: string;
|
|
7731
|
+
/** Arbitrary data to associate with the token (e.g. org ID, invited role). */
|
|
7732
|
+
metadata?: Record<string, unknown>;
|
|
7733
|
+
/** Override the module-level default TTL for this token only. */
|
|
7734
|
+
ttlSeconds?: number;
|
|
7735
|
+
}
|
|
7736
|
+
interface ValidateTokenResult {
|
|
7737
|
+
identifier: string;
|
|
7738
|
+
metadata?: Record<string, unknown>;
|
|
7739
|
+
}
|
|
7740
|
+
interface RevokeTokensResult {
|
|
7741
|
+
count: number;
|
|
7742
|
+
}
|
|
7743
|
+
interface OneTimeTokenModule {
|
|
7744
|
+
/**
|
|
7745
|
+
* Create a new one-time token.
|
|
7746
|
+
*
|
|
7747
|
+
* Returns the raw token (hex string) exactly once. Store it in your email
|
|
7748
|
+
* or link — it cannot be recovered from the database afterwards.
|
|
7749
|
+
*/
|
|
7750
|
+
createToken(input: CreateTokenInput): Promise<Result<{
|
|
7751
|
+
token: string;
|
|
7752
|
+
expiresAt: Date;
|
|
7753
|
+
}>>;
|
|
7754
|
+
/**
|
|
7755
|
+
* Validate a token and mark it as used.
|
|
7756
|
+
*
|
|
7757
|
+
* Fails when the token is unknown, already used, expired, or belongs to a
|
|
7758
|
+
* different purpose. On success the token is consumed immediately.
|
|
7759
|
+
*/
|
|
7760
|
+
validateToken(token: string, purpose: string): Promise<Result<ValidateTokenResult>>;
|
|
7761
|
+
/**
|
|
7762
|
+
* Revoke all active tokens for an identifier, optionally scoped to a purpose.
|
|
7763
|
+
*
|
|
7764
|
+
* Useful for invalidating outstanding password-reset links when a user
|
|
7765
|
+
* changes their password through another flow, or for cleaning up on account
|
|
7766
|
+
* deletion.
|
|
7767
|
+
*/
|
|
7768
|
+
revokeTokens(identifier: string, purpose?: string): Promise<Result<RevokeTokensResult>>;
|
|
7769
|
+
}
|
|
7770
|
+
/**
|
|
7771
|
+
* Create a one-time token module backed by the provided database.
|
|
7772
|
+
*
|
|
7773
|
+
* The module is stateless — no in-memory caches — so multiple instances
|
|
7774
|
+
* sharing the same database are safe.
|
|
7775
|
+
*/
|
|
7776
|
+
declare function createOneTimeTokenModule(config: OneTimeTokenConfig, db: Database): OneTimeTokenModule;
|
|
7777
|
+
|
|
7778
|
+
/**
|
|
7779
|
+
* Email verification module for KavachOS.
|
|
7780
|
+
*
|
|
7781
|
+
* Handles the full email address verification flow: generating single-use
|
|
7782
|
+
* tokens, sending verification emails, and marking user addresses as verified
|
|
7783
|
+
* in the database. Composes the one-time token module so tokens are stored as
|
|
7784
|
+
* SHA-256 hashes and consumed on first use.
|
|
7785
|
+
*
|
|
7786
|
+
* Security properties:
|
|
7787
|
+
* - Tokens are 256-bit random, stored as SHA-256 hashes (never in plaintext).
|
|
7788
|
+
* - Single-use: consumed on first validation.
|
|
7789
|
+
* - Configurable TTL (default 24 hours).
|
|
7790
|
+
* - Outstanding verify tokens are revoked after successful verification.
|
|
7791
|
+
* - Sending to an already-verified address returns success without sending.
|
|
7792
|
+
*
|
|
7793
|
+
* @example
|
|
7794
|
+
* ```typescript
|
|
7795
|
+
* const kavach = await createKavach({
|
|
7796
|
+
* database: { provider: 'sqlite', url: 'kavach.db' },
|
|
7797
|
+
* auth: { session: { secret: process.env.SESSION_SECRET } },
|
|
7798
|
+
* emailVerification: {
|
|
7799
|
+
* sendVerificationEmail: async (email, token, verifyUrl) => {
|
|
7800
|
+
* await resend.emails.send({
|
|
7801
|
+
* to: email,
|
|
7802
|
+
* subject: 'Verify your email',
|
|
7803
|
+
* html: `<a href="${verifyUrl}">Verify email</a>`,
|
|
7804
|
+
* });
|
|
7805
|
+
* },
|
|
7806
|
+
* verifyUrl: 'https://app.example.com/verify-email',
|
|
7807
|
+
* },
|
|
7808
|
+
* });
|
|
7809
|
+
*
|
|
7810
|
+
* // Send verification email
|
|
7811
|
+
* await kavach.emailVerification.sendVerification(userId, 'alice@example.com');
|
|
7812
|
+
*
|
|
7813
|
+
* // Verify the token from the link
|
|
7814
|
+
* const result = await kavach.emailVerification.verify(token);
|
|
7815
|
+
* if (result.success) console.log('Verified:', result.data.userId);
|
|
7816
|
+
* ```
|
|
7817
|
+
*/
|
|
7818
|
+
|
|
7819
|
+
interface EmailVerificationConfig {
|
|
7820
|
+
/**
|
|
7821
|
+
* Callback to send the verification email.
|
|
7822
|
+
*
|
|
7823
|
+
* KavachOS generates the token and constructs the verify URL. Your job is
|
|
7824
|
+
* to deliver it (Resend, SES, SMTP, Postmark, whatever you use).
|
|
7825
|
+
*/
|
|
7826
|
+
sendVerificationEmail: (email: string, token: string, verifyUrl: string) => Promise<void>;
|
|
7827
|
+
/**
|
|
7828
|
+
* Base URL for the verify page in your app.
|
|
7829
|
+
*
|
|
7830
|
+
* The token is appended as `?token=<token>`. Example:
|
|
7831
|
+
* `https://app.example.com/verify-email` produces
|
|
7832
|
+
* `https://app.example.com/verify-email?token=abc123...`
|
|
7833
|
+
*/
|
|
7834
|
+
verifyUrl: string;
|
|
7835
|
+
/**
|
|
7836
|
+
* Token TTL in seconds. Default: 86400 (24 hours).
|
|
7837
|
+
*/
|
|
7838
|
+
tokenTtlSeconds?: number;
|
|
7839
|
+
/**
|
|
7840
|
+
* When true, call `sendVerification` automatically after sign-up.
|
|
7841
|
+
* Default: false.
|
|
7842
|
+
*
|
|
7843
|
+
* The caller is still responsible for calling `sendVerification` directly
|
|
7844
|
+
* if this is false. This flag is informational — KavachOS uses it to
|
|
7845
|
+
* signal intent to integrations (e.g. the username module).
|
|
7846
|
+
*/
|
|
7847
|
+
autoVerifyOnSignUp?: boolean;
|
|
7848
|
+
}
|
|
7849
|
+
interface EmailVerificationModule {
|
|
7850
|
+
/**
|
|
7851
|
+
* Create a verification token and send the verification email.
|
|
7852
|
+
*
|
|
7853
|
+
* Returns `{ sent: true }` when the email was dispatched.
|
|
7854
|
+
* Returns `{ sent: false }` when the email is already verified — no
|
|
7855
|
+
* email is sent and no token is created in that case.
|
|
7856
|
+
*/
|
|
7857
|
+
sendVerification(userId: string, email: string): Promise<Result<{
|
|
7858
|
+
sent: boolean;
|
|
7859
|
+
}>>;
|
|
7860
|
+
/**
|
|
7861
|
+
* Validate a verification token and mark the user's email as verified.
|
|
7862
|
+
*
|
|
7863
|
+
* The token is consumed on success. All outstanding verify tokens for
|
|
7864
|
+
* the address are revoked after successful verification.
|
|
7865
|
+
*/
|
|
7866
|
+
verify(token: string): Promise<Result<{
|
|
7867
|
+
userId: string;
|
|
7868
|
+
email: string;
|
|
7869
|
+
}>>;
|
|
7870
|
+
/**
|
|
7871
|
+
* Check whether a user's email address has been verified.
|
|
7872
|
+
*/
|
|
7873
|
+
isVerified(userId: string): Promise<boolean>;
|
|
7874
|
+
/**
|
|
7875
|
+
* Handle HTTP requests for email verification endpoints.
|
|
7876
|
+
*
|
|
7877
|
+
* - POST /auth/verify-email/send — { userId, email }
|
|
7878
|
+
* - POST /auth/verify-email/confirm — { token }
|
|
7879
|
+
*/
|
|
7880
|
+
handleRequest(request: Request): Promise<Response | null>;
|
|
7881
|
+
}
|
|
7882
|
+
declare function createEmailVerificationModule(config: EmailVerificationConfig, db: Database, tokenModule: OneTimeTokenModule): EmailVerificationModule;
|
|
7883
|
+
|
|
6541
7884
|
/**
|
|
6542
7885
|
* Magic link authentication for KavachOS.
|
|
6543
7886
|
*
|
|
@@ -6702,7 +8045,7 @@ declare function createOrgModule(config: OrgConfig, db: Database): OrgModule;
|
|
|
6702
8045
|
* Passkey / WebAuthn authentication for KavachOS.
|
|
6703
8046
|
*
|
|
6704
8047
|
* Implements server-side WebAuthn (Level 2) without external libraries.
|
|
6705
|
-
* Uses Web Crypto API
|
|
8048
|
+
* Uses the Web Crypto API for signature verification
|
|
6706
8049
|
* and a minimal CBOR decoder for attestation object parsing.
|
|
6707
8050
|
*
|
|
6708
8051
|
* Flow:
|
|
@@ -6814,6 +8157,121 @@ interface PasskeyModule {
|
|
|
6814
8157
|
}
|
|
6815
8158
|
declare function createPasskeyModule(config: PasskeyConfig, db: Database): PasskeyModule;
|
|
6816
8159
|
|
|
8160
|
+
/**
|
|
8161
|
+
* Password reset module for KavachOS.
|
|
8162
|
+
*
|
|
8163
|
+
* Composes the one-time token module with the username auth module to provide
|
|
8164
|
+
* a complete forgot-password and reset-password flow. The caller supplies an
|
|
8165
|
+
* email-sending callback; KavachOS handles token generation, validation,
|
|
8166
|
+
* password hashing, and session revocation.
|
|
8167
|
+
*
|
|
8168
|
+
* Security properties:
|
|
8169
|
+
* - Tokens are 256-bit random, stored as SHA-256 hashes (never in plaintext).
|
|
8170
|
+
* - Single-use: consumed on first validation.
|
|
8171
|
+
* - Configurable TTL (default 1 hour).
|
|
8172
|
+
* - All existing sessions are revoked on successful reset.
|
|
8173
|
+
* - Email enumeration resistant: always returns success, even for unknown emails.
|
|
8174
|
+
* - Outstanding reset tokens are revoked when a new one is requested.
|
|
8175
|
+
*
|
|
8176
|
+
* @example
|
|
8177
|
+
* ```typescript
|
|
8178
|
+
* const kavach = await createKavach({
|
|
8179
|
+
* database: { provider: 'sqlite', url: 'kavach.db' },
|
|
8180
|
+
* auth: { session: { secret: process.env.SESSION_SECRET } },
|
|
8181
|
+
* username: { password: { minLength: 8 } },
|
|
8182
|
+
* passwordReset: {
|
|
8183
|
+
* sendResetEmail: async (email, token, resetUrl) => {
|
|
8184
|
+
* await resend.emails.send({
|
|
8185
|
+
* to: email,
|
|
8186
|
+
* subject: 'Reset your password',
|
|
8187
|
+
* html: `<a href="${resetUrl}">Reset password</a>`,
|
|
8188
|
+
* });
|
|
8189
|
+
* },
|
|
8190
|
+
* resetUrl: 'https://app.example.com/reset-password',
|
|
8191
|
+
* },
|
|
8192
|
+
* });
|
|
8193
|
+
*
|
|
8194
|
+
* // Forgot password (always succeeds — no email enumeration)
|
|
8195
|
+
* await kavach.passwordReset.requestReset('alice@example.com');
|
|
8196
|
+
*
|
|
8197
|
+
* // Reset password (from the link in the email)
|
|
8198
|
+
* const result = await kavach.passwordReset.resetPassword(token, 'new-password-123');
|
|
8199
|
+
* ```
|
|
8200
|
+
*/
|
|
8201
|
+
|
|
8202
|
+
interface PasswordResetConfig {
|
|
8203
|
+
/**
|
|
8204
|
+
* Callback to send the password reset email.
|
|
8205
|
+
*
|
|
8206
|
+
* KavachOS generates the token and constructs the reset URL. Your job is
|
|
8207
|
+
* to deliver it (Resend, SES, SMTP, Postmark, whatever you use).
|
|
8208
|
+
*
|
|
8209
|
+
* The function should not throw for unknown emails. KavachOS already
|
|
8210
|
+
* handles that by silently succeeding.
|
|
8211
|
+
*/
|
|
8212
|
+
sendResetEmail: (email: string, token: string, resetUrl: string) => Promise<void>;
|
|
8213
|
+
/**
|
|
8214
|
+
* Base URL for the reset page in your app.
|
|
8215
|
+
*
|
|
8216
|
+
* The token is appended as `?token=<token>`. Example:
|
|
8217
|
+
* `https://app.example.com/reset-password` produces
|
|
8218
|
+
* `https://app.example.com/reset-password?token=abc123...`
|
|
8219
|
+
*/
|
|
8220
|
+
resetUrl: string;
|
|
8221
|
+
/**
|
|
8222
|
+
* Token TTL in seconds. Default: 3600 (1 hour).
|
|
8223
|
+
*
|
|
8224
|
+
* Keep this short. Password reset tokens are high-value targets.
|
|
8225
|
+
*/
|
|
8226
|
+
tokenTtlSeconds?: number;
|
|
8227
|
+
/**
|
|
8228
|
+
* Revoke all existing sessions on successful password reset.
|
|
8229
|
+
* Default: true.
|
|
8230
|
+
*
|
|
8231
|
+
* If someone's password was compromised, you want to kick out the
|
|
8232
|
+
* attacker's sessions too.
|
|
8233
|
+
*/
|
|
8234
|
+
revokeSessionsOnReset?: boolean;
|
|
8235
|
+
/**
|
|
8236
|
+
* Minimum password length for the new password.
|
|
8237
|
+
* Default: 8 (matches username module default).
|
|
8238
|
+
*/
|
|
8239
|
+
minPasswordLength?: number;
|
|
8240
|
+
/**
|
|
8241
|
+
* Maximum password length for the new password.
|
|
8242
|
+
* Default: 128 (matches username module default).
|
|
8243
|
+
*/
|
|
8244
|
+
maxPasswordLength?: number;
|
|
8245
|
+
}
|
|
8246
|
+
interface PasswordResetModule {
|
|
8247
|
+
/**
|
|
8248
|
+
* Request a password reset for the given email.
|
|
8249
|
+
*
|
|
8250
|
+
* Always returns success to prevent email enumeration. If the email
|
|
8251
|
+
* is not associated with any account, nothing happens (no email sent).
|
|
8252
|
+
*/
|
|
8253
|
+
requestReset(email: string): Promise<Result<{
|
|
8254
|
+
sent: boolean;
|
|
8255
|
+
}>>;
|
|
8256
|
+
/**
|
|
8257
|
+
* Reset a password using a token from the reset email.
|
|
8258
|
+
*
|
|
8259
|
+
* Validates the token, updates the password hash, and optionally
|
|
8260
|
+
* revokes all sessions. The token is consumed on success.
|
|
8261
|
+
*/
|
|
8262
|
+
resetPassword(token: string, newPassword: string): Promise<Result<{
|
|
8263
|
+
userId: string;
|
|
8264
|
+
}>>;
|
|
8265
|
+
/**
|
|
8266
|
+
* Handle HTTP requests for password reset endpoints.
|
|
8267
|
+
*
|
|
8268
|
+
* - POST /auth/forgot-password — { email }
|
|
8269
|
+
* - POST /auth/reset-password — { token, password }
|
|
8270
|
+
*/
|
|
8271
|
+
handleRequest(request: Request): Promise<Response | null>;
|
|
8272
|
+
}
|
|
8273
|
+
declare function createPasswordResetModule(config: PasswordResetConfig, db: Database, sessionManager: SessionManager, tokenModule: OneTimeTokenModule): PasswordResetModule;
|
|
8274
|
+
|
|
6817
8275
|
/**
|
|
6818
8276
|
* Phone number (SMS OTP) authentication for KavachOS.
|
|
6819
8277
|
*
|
|
@@ -7032,7 +8490,7 @@ declare function createSsoModule(config: SsoConfig, db: Database): SsoModule;
|
|
|
7032
8490
|
* TOTP two-factor authentication for KavachOS.
|
|
7033
8491
|
*
|
|
7034
8492
|
* Implements RFC 6238 (TOTP) and RFC 4226 (HOTP) from scratch using
|
|
7035
|
-
*
|
|
8493
|
+
* the Web Crypto API — no external dependencies.
|
|
7036
8494
|
*
|
|
7037
8495
|
* Flow:
|
|
7038
8496
|
* 1. `setup(userId)` — generate secret + backup codes (not yet active)
|
|
@@ -7436,6 +8894,192 @@ interface PluginInitResult {
|
|
|
7436
8894
|
context?: Record<string, unknown>;
|
|
7437
8895
|
}
|
|
7438
8896
|
|
|
8897
|
+
interface RedirectConfig {
|
|
8898
|
+
/** Cookie name for storing the redirect chain (default: "kavach_redirect") */
|
|
8899
|
+
cookieName?: string;
|
|
8900
|
+
/** Max age in seconds for the redirect cookie (default: 600 = 10 min) */
|
|
8901
|
+
maxAge?: number;
|
|
8902
|
+
/** Default path when no redirect is stored (default: "/") */
|
|
8903
|
+
defaultPath?: string;
|
|
8904
|
+
/** Paths that should never be stored as destinations (auth pages, etc.) */
|
|
8905
|
+
excludePaths?: string[];
|
|
8906
|
+
/** Whether to preserve query params from the original URL (default: true) */
|
|
8907
|
+
preserveQuery?: boolean;
|
|
8908
|
+
/** Whether to preserve hash fragments (default: true) */
|
|
8909
|
+
preserveHash?: boolean;
|
|
8910
|
+
/** Max chain depth to prevent infinite loops (default: 10) */
|
|
8911
|
+
maxDepth?: number;
|
|
8912
|
+
/** Custom cookie options */
|
|
8913
|
+
cookie?: {
|
|
8914
|
+
httpOnly?: boolean;
|
|
8915
|
+
secure?: boolean;
|
|
8916
|
+
sameSite?: "lax" | "strict" | "none";
|
|
8917
|
+
path?: string;
|
|
8918
|
+
domain?: string;
|
|
8919
|
+
};
|
|
8920
|
+
}
|
|
8921
|
+
interface RedirectEntry {
|
|
8922
|
+
/** Unique ID for this entry */
|
|
8923
|
+
id: string;
|
|
8924
|
+
/** The URL path (e.g., "/dashboard/project/abc") */
|
|
8925
|
+
path: string;
|
|
8926
|
+
/** Query parameters as a record */
|
|
8927
|
+
query: Record<string, string>;
|
|
8928
|
+
/** Hash fragment without # */
|
|
8929
|
+
hash: string;
|
|
8930
|
+
/** When this entry was created (epoch ms) */
|
|
8931
|
+
createdAt: number;
|
|
8932
|
+
/** Optional label for debugging ("onboarding", "verify-email", etc.) */
|
|
8933
|
+
label?: string;
|
|
8934
|
+
}
|
|
8935
|
+
interface RedirectChainState {
|
|
8936
|
+
/** The original destination the user was trying to reach */
|
|
8937
|
+
origin: RedirectEntry;
|
|
8938
|
+
/** Stack of intermediate steps (LIFO -- last pushed = first popped) */
|
|
8939
|
+
steps: RedirectEntry[];
|
|
8940
|
+
/** Chain creation time */
|
|
8941
|
+
createdAt: number;
|
|
8942
|
+
}
|
|
8943
|
+
interface RedirectChainManager {
|
|
8944
|
+
/**
|
|
8945
|
+
* Capture the current request's URL as the origin destination.
|
|
8946
|
+
* Call this in your auth middleware when redirecting to sign-in.
|
|
8947
|
+
* Returns the Set-Cookie header value.
|
|
8948
|
+
*
|
|
8949
|
+
* If a chain already exists (user refreshed sign-in page), keeps the existing origin.
|
|
8950
|
+
*/
|
|
8951
|
+
capture(request: Request): string;
|
|
8952
|
+
/**
|
|
8953
|
+
* Push an intermediate step onto the chain.
|
|
8954
|
+
* Use this after sign-up to add onboarding, email verification, etc.
|
|
8955
|
+
* Returns the updated Set-Cookie header value.
|
|
8956
|
+
*
|
|
8957
|
+
* Example: after sign-up, push "/onboarding" then "/complete-profile"
|
|
8958
|
+
* When onboarding completes, pop() returns "/complete-profile"
|
|
8959
|
+
* When profile completes, pop() returns the original destination
|
|
8960
|
+
*/
|
|
8961
|
+
push(path: string, options?: {
|
|
8962
|
+
label?: string;
|
|
8963
|
+
query?: Record<string, string>;
|
|
8964
|
+
}): string;
|
|
8965
|
+
/**
|
|
8966
|
+
* Pop the next destination from the chain.
|
|
8967
|
+
* If there are intermediate steps, returns the next step.
|
|
8968
|
+
* If no steps remain, returns the original destination.
|
|
8969
|
+
* If chain is empty, returns the defaultPath.
|
|
8970
|
+
*
|
|
8971
|
+
* Returns { url, done, clearCookie }
|
|
8972
|
+
* - url: the full URL path with query params
|
|
8973
|
+
* - done: true when the chain is fully consumed
|
|
8974
|
+
* - clearCookie: Set-Cookie header to clear the cookie (only when chain is fully consumed)
|
|
8975
|
+
*/
|
|
8976
|
+
pop(request: Request): {
|
|
8977
|
+
url: string;
|
|
8978
|
+
done: boolean;
|
|
8979
|
+
clearCookie: string | null;
|
|
8980
|
+
};
|
|
8981
|
+
/**
|
|
8982
|
+
* Peek at the next destination without consuming it.
|
|
8983
|
+
*/
|
|
8984
|
+
peek(request: Request): {
|
|
8985
|
+
url: string;
|
|
8986
|
+
remaining: number;
|
|
8987
|
+
} | null;
|
|
8988
|
+
/**
|
|
8989
|
+
* Get the original destination (the URL the user first tried to visit).
|
|
8990
|
+
* Returns null if no chain exists.
|
|
8991
|
+
*/
|
|
8992
|
+
getOrigin(request: Request): RedirectEntry | null;
|
|
8993
|
+
/**
|
|
8994
|
+
* Clear the entire chain. Returns the Set-Cookie header to clear the cookie.
|
|
8995
|
+
*/
|
|
8996
|
+
clear(): string;
|
|
8997
|
+
/**
|
|
8998
|
+
* Parse the chain state from a request's cookies.
|
|
8999
|
+
* Returns null if no chain exists or if it's expired.
|
|
9000
|
+
*/
|
|
9001
|
+
parse(request: Request): RedirectChainState | null;
|
|
9002
|
+
/**
|
|
9003
|
+
* Build a full URL from a RedirectEntry (path + query + hash).
|
|
9004
|
+
*/
|
|
9005
|
+
buildUrl(entry: RedirectEntry): string;
|
|
9006
|
+
/**
|
|
9007
|
+
* Create a RedirectEntry from a URL string or Request.
|
|
9008
|
+
*/
|
|
9009
|
+
createEntry(url: string | Request, label?: string): RedirectEntry;
|
|
9010
|
+
}
|
|
9011
|
+
/** Create a redirect chain manager with the given config. */
|
|
9012
|
+
declare function createRedirectChain(config?: RedirectConfig): RedirectChainManager;
|
|
9013
|
+
|
|
9014
|
+
/**
|
|
9015
|
+
* Session freshness enforcement for KavachOS.
|
|
9016
|
+
*
|
|
9017
|
+
* Sensitive operations (password change, passkey registration, billing updates)
|
|
9018
|
+
* should require a "fresh" session -- one where the user authenticated recently,
|
|
9019
|
+
* not just one that was auto-refreshed hours ago.
|
|
9020
|
+
*
|
|
9021
|
+
* This module adds freshness checks without touching the core session schema.
|
|
9022
|
+
* It works by comparing the session's `createdAt` timestamp against a
|
|
9023
|
+
* configurable freshness window.
|
|
9024
|
+
*
|
|
9025
|
+
* @example
|
|
9026
|
+
* ```typescript
|
|
9027
|
+
* const freshness = createSessionFreshnessModule({ freshAge: 300 }); // 5 minutes
|
|
9028
|
+
*
|
|
9029
|
+
* // In a sensitive endpoint
|
|
9030
|
+
* const session = await sessionManager.validate(token);
|
|
9031
|
+
* if (!freshness.isFresh(session)) {
|
|
9032
|
+
* return new Response(JSON.stringify({
|
|
9033
|
+
* error: 'Session is not fresh. Please re-authenticate.',
|
|
9034
|
+
* code: 'SESSION_NOT_FRESH',
|
|
9035
|
+
* }), { status: 403 });
|
|
9036
|
+
* }
|
|
9037
|
+
* ```
|
|
9038
|
+
*/
|
|
9039
|
+
|
|
9040
|
+
interface SessionFreshnessConfig {
|
|
9041
|
+
/**
|
|
9042
|
+
* Maximum age in seconds for a session to be considered "fresh".
|
|
9043
|
+
* Default: 300 (5 minutes).
|
|
9044
|
+
*
|
|
9045
|
+
* After this window, the user must re-authenticate before performing
|
|
9046
|
+
* sensitive operations.
|
|
9047
|
+
*/
|
|
9048
|
+
freshAge?: number;
|
|
9049
|
+
}
|
|
9050
|
+
interface SessionFreshnessModule {
|
|
9051
|
+
/**
|
|
9052
|
+
* Check if a session was created within the freshness window.
|
|
9053
|
+
*
|
|
9054
|
+
* Uses `session.createdAt` -- not `expiresAt` or last activity.
|
|
9055
|
+
* A session that was auto-refreshed is not considered fresh unless
|
|
9056
|
+
* the user actually re-authenticated.
|
|
9057
|
+
*/
|
|
9058
|
+
isFresh(session: Session): boolean;
|
|
9059
|
+
/**
|
|
9060
|
+
* Assert that a session is fresh, returning a Result type.
|
|
9061
|
+
*
|
|
9062
|
+
* Returns `{ success: true }` if fresh, or an error result if stale.
|
|
9063
|
+
* Use this in request handlers for cleaner error propagation.
|
|
9064
|
+
*/
|
|
9065
|
+
requireFresh(session: Session): Result<{
|
|
9066
|
+
freshUntil: Date;
|
|
9067
|
+
}>;
|
|
9068
|
+
/**
|
|
9069
|
+
* Middleware-style function that returns a Response if the session
|
|
9070
|
+
* is not fresh, or null if it passes.
|
|
9071
|
+
*
|
|
9072
|
+
* @example
|
|
9073
|
+
* ```typescript
|
|
9074
|
+
* const staleResponse = freshness.guard(session);
|
|
9075
|
+
* if (staleResponse) return staleResponse;
|
|
9076
|
+
* // ...proceed with sensitive operation
|
|
9077
|
+
* ```
|
|
9078
|
+
*/
|
|
9079
|
+
guard(session: Session): Response | null;
|
|
9080
|
+
}
|
|
9081
|
+
declare function createSessionFreshnessModule(config?: SessionFreshnessConfig): SessionFreshnessModule;
|
|
9082
|
+
|
|
7439
9083
|
/**
|
|
7440
9084
|
* Main configuration for KavachOS
|
|
7441
9085
|
*/
|
|
@@ -7496,6 +9140,15 @@ interface KavachConfig {
|
|
|
7496
9140
|
* configured so that sessions can be issued on successful verification.
|
|
7497
9141
|
*/
|
|
7498
9142
|
emailOtp?: EmailOtpConfig;
|
|
9143
|
+
/**
|
|
9144
|
+
* Email verification flow.
|
|
9145
|
+
*
|
|
9146
|
+
* When provided, `kavach.emailVerification` is available with
|
|
9147
|
+
* `sendVerification`, `verify`, `isVerified`, and `handleRequest`.
|
|
9148
|
+
* The caller provides a `sendVerificationEmail` callback to deliver the
|
|
9149
|
+
* link.
|
|
9150
|
+
*/
|
|
9151
|
+
emailVerification?: EmailVerificationConfig;
|
|
7499
9152
|
/**
|
|
7500
9153
|
* TOTP two-factor authentication.
|
|
7501
9154
|
*
|
|
@@ -7549,6 +9202,15 @@ interface KavachConfig {
|
|
|
7549
9202
|
* `auth.session` to be configured so that sessions can be issued.
|
|
7550
9203
|
*/
|
|
7551
9204
|
username?: UsernameAuthConfig;
|
|
9205
|
+
/**
|
|
9206
|
+
* Password reset (forgot password) flow.
|
|
9207
|
+
*
|
|
9208
|
+
* When provided, `kavach.passwordReset` is available with `requestReset`,
|
|
9209
|
+
* `resetPassword`, and `handleRequest`. Requires `username` and
|
|
9210
|
+
* `auth.session` to be configured. The caller provides a `sendResetEmail`
|
|
9211
|
+
* callback to deliver the reset link.
|
|
9212
|
+
*/
|
|
9213
|
+
passwordReset?: PasswordResetConfig;
|
|
7552
9214
|
/**
|
|
7553
9215
|
* Phone number (SMS OTP) authentication.
|
|
7554
9216
|
*
|
|
@@ -7570,18 +9232,21 @@ interface KavachConfig {
|
|
|
7570
9232
|
* to. Deliveries are fire-and-forget with exponential backoff retries.
|
|
7571
9233
|
*/
|
|
7572
9234
|
webhooks?: WebhookConfig[];
|
|
7573
|
-
}
|
|
7574
|
-
interface DatabaseConfig {
|
|
7575
|
-
/** Database provider */
|
|
7576
|
-
provider: "sqlite" | "postgres" | "mysql";
|
|
7577
|
-
/** Connection URL (sqlite: file path, postgres/mysql: connection string) */
|
|
7578
|
-
url: string;
|
|
7579
9235
|
/**
|
|
7580
|
-
*
|
|
7581
|
-
*
|
|
7582
|
-
*
|
|
9236
|
+
* Redirect chain configuration.
|
|
9237
|
+
*
|
|
9238
|
+
* When provided, `kavach.redirects` is available for capturing the user's
|
|
9239
|
+
* original destination before auth flows and restoring it afterwards,
|
|
9240
|
+
* with support for intermediate steps (onboarding, email verification, etc.).
|
|
9241
|
+
*/
|
|
9242
|
+
redirects?: RedirectConfig;
|
|
9243
|
+
/**
|
|
9244
|
+
* Session freshness configuration.
|
|
9245
|
+
*
|
|
9246
|
+
* Controls the maximum session age (in seconds) for sensitive operations.
|
|
9247
|
+
* When omitted, defaults to 300 seconds (5 minutes).
|
|
7583
9248
|
*/
|
|
7584
|
-
|
|
9249
|
+
sessionFreshness?: SessionFreshnessConfig;
|
|
7585
9250
|
}
|
|
7586
9251
|
/**
|
|
7587
9252
|
* The main KavachOS instance returned by createKavach()
|
|
@@ -7756,4 +9421,4 @@ interface TokenValidationResult {
|
|
|
7756
9421
|
}
|
|
7757
9422
|
type McpMiddleware = (request: Request) => Promise<Response | undefined>;
|
|
7758
9423
|
|
|
7759
|
-
export { type
|
|
9424
|
+
export { type ApiKeyManagerConfig as $, type AgentIdentity as A, type SessionFreshnessModule as B, type CreateAgentInput as C, type Database as D, type EmailOtpModule as E, type PhoneAuthModule as F, type CaptchaModule as G, type RedirectChainManager as H, type PluginEndpoint as I, type EndpointContext as J, type KavachConfig as K, type KavachPlugin as L, type McpServerInput as M, type SessionConfig as N, type OrgModule as O, type Permission as P, type Session as Q, type RequestContext as R, type SignedPayload as S, type TotpModule as T, type UpdateAgentInput as U, type VerificationResult as V, type WebhookModule as W, type AdminConfig as X, type AdminUser as Y, type AgentConfig as Z, type ApiKey as _, type DatabaseConfig as a, createOneTimeTokenModule as a$, type ApprovalConfig as a0, type ApprovalModule as a1, type AuthAdapter as a2, type CaptchaConfig as a3, type CaptchaVerifyResult as a4, type CreateTokenInput as a5, type D1DatabaseBinding as a6, type EmailOtpConfig as a7, type EmailVerificationConfig as a8, type KavachHooks as a9, type SsoAuditEvent as aA, type SsoConfig as aB, type SsoConnection as aC, SsoError as aD, type TokenValidationResult as aE, type TotpConfig as aF, type TotpSetup as aG, type UsernameAuthConfig as aH, type ValidateTokenResult as aI, type VerificationMethod as aJ, agentCards as aK, agentDids as aL, agents as aM, apiKeys as aN, approvalRequests as aO, auditLogs as aP, budgetPolicies as aQ, classifyViolation as aR, createAdminModule as aS, createApiKeyManagerModule as aT, createApprovalModule as aU, createCaptchaModule as aV, createDatabase as aW, createDatabaseSync as aX, createEmailOtpModule as aY, createEmailVerificationModule as aZ, createMagicLinkModule as a_, type KavachInstance as aa, type MagicLinkConfig as ab, type McpMiddleware as ac, type OidcProvider as ad, type OneTimeTokenConfig as ae, type OneTimeTokenPurpose as af, type OrgConfig as ag, type OrgInvitation as ah, type OrgMember as ai, type OrgRole as aj, type Organization as ak, type PasskeyConfig as al, type PasskeyCredential as am, type PasswordResetConfig as an, type PermissionConstraints as ao, type PhoneAuthConfig as ap, type PluginContext as aq, type PluginInitResult as ar, type RedirectChainState as as, type RedirectConfig as at, type RedirectEntry as au, type RevokeTokensResult as av, SSO_ERROR as aw, type SamlProvider as ax, type ServiceEndpoint as ay, type SessionFreshnessConfig as az, type DelegateInput as b, createOrgModule as b0, createPasskeyModule as b1, createPasswordResetModule as b2, createPhoneAuthModule as b3, createRedirectChain as b4, createSessionFreshnessModule as b5, createSessionManager as b6, createSsoModule as b7, createTotpModule as b8, createUsernameAuthModule as b9, delegationChains as ba, emailOtps as bb, magicLinks as bc, mcpServers as bd, oauthAccessTokens as be, oauthAuthorizationCodes as bf, oauthClients as bg, orgInvitations as bh, orgMembers as bi, orgRoles as bj, organizations as bk, passkeyChallenges as bl, passkeyCredentials as bm, permissions as bn, rateLimits as bo, sessions as bp, ssoConnections as bq, tenants as br, totpRecords as bs, trustScores as bt, users as bu, type WebhookConfig as bv, type WebhookEvent as bw, createWebhookModule as bx, type DelegationChain as c, type DidDocument as d, type DidKeyPair as e, type DidWebConfig as f, type AgentDid as g, type AgentFilter as h, type AuthorizeRequest as i, type AuthorizeResult as j, type AuditFilter as k, type AuditEntry as l, type AuditExportOptions as m, type McpServer as n, type ResolvedUser as o, type SessionManager as p, type ApprovalRequest as q, type MagicLinkModule as r, type PasskeyModule as s, type SsoModule as t, type AdminModule as u, type ApiKeyManagerModule as v, type UsernameAuthModule as w, type PasswordResetModule as x, type EmailVerificationModule as y, type OneTimeTokenModule as z };
|