kavachos 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts +9 -3
  2. package/dist/index.js +388 -135
  3. package/dist/index.js.map +1 -1
  4. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export { and, eq, like } from 'drizzle-orm';
2
2
  export { createAgentModule } from './agent/index.js';
3
- import { D as Database, a as DatabaseConfig, b as DelegateInput, P as Permission, c as DelegationChain, d as DidDocument, e as DidKeyPair, f as DidWebConfig, g as AgentDid, S as SignedPayload, V as VerificationResult, K as KavachConfig, C as CreateAgentInput, A as AgentIdentity, h as AgentFilter, U as UpdateAgentInput, i as AuthorizeRequest, R as RequestContext, j as AuthorizeResult, k as AuditFilter, l as AuditEntry, m as AuditExportOptions, M as McpServerInput, n as McpServer, o as ResolvedUser, p as SessionManager, q as ApprovalRequest, r as MagicLinkModule, E as EmailOtpModule, T as TotpModule, s as PasskeyModule, O as OrgModule, t as SsoModule, u as AdminModule, v as ApiKeyManagerModule, w as UsernameAuthModule, x as PasswordResetModule, y as EmailVerificationModule, z as OneTimeTokenModule, B as SessionFreshnessModule, F as PhoneAuthModule, G as CaptchaModule, W as WebhookModule$1, H as PluginEndpoint, I as EndpointContext, J as KavachPlugin, L as SessionConfig, N as Session } from './types-B02D3kZy.js';
3
+ import { D as Database, a as DatabaseConfig, K as KavachConfig, b as DelegateInput, P as Permission, c as DelegationChain, d as DidDocument, e as DidKeyPair, f as DidWebConfig, g as AgentDid, S as SignedPayload, V as VerificationResult, C as CreateAgentInput, A as AgentIdentity, h as AgentFilter, U as UpdateAgentInput, i as AuthorizeRequest, R as RequestContext, j as AuthorizeResult, k as AuditFilter, l as AuditEntry, m as AuditExportOptions, M as McpServerInput, n as McpServer, o as ResolvedUser, p as SessionManager, q as ApprovalRequest, r as MagicLinkModule, E as EmailOtpModule, T as TotpModule, s as PasskeyModule, O as OrgModule, t as SsoModule, u as AdminModule, v as ApiKeyManagerModule, w as UsernameAuthModule, x as PasswordResetModule, y as EmailVerificationModule, z as OneTimeTokenModule, B as SessionFreshnessModule, F as PhoneAuthModule, G as CaptchaModule, W as WebhookModule$1, H as PluginEndpoint, I as EndpointContext, J as KavachPlugin, L as SessionConfig, N as Session } from './types-B02D3kZy.js';
4
4
  export { Q as AdminConfig, X as AdminUser, Y as AgentConfig, Z as ApiKey, _ as ApiKeyManagerConfig, $ as ApprovalConfig, a0 as ApprovalModule, a1 as AuthAdapter, a2 as CaptchaConfig, a3 as CaptchaVerifyResult, a4 as CreateTokenInput, a5 as D1DatabaseBinding, a6 as EmailOtpConfig, a7 as EmailVerificationConfig, a8 as KavachHooks, a9 as KavachInstance, aa as MagicLinkConfig, ab as McpMiddleware, ac as OidcProvider, ad as OneTimeTokenConfig, ae as OneTimeTokenPurpose, af as OrgConfig, ag as OrgInvitation, ah as OrgMember, ai as OrgRole, aj as Organization, ak as PasskeyConfig, al as PasskeyCredential, am as PasswordResetConfig, an as PermissionConstraints, ao as PhoneAuthConfig, ap as PluginContext, aq as PluginInitResult, ar as RevokeTokensResult, as as SSO_ERROR, at as SamlProvider, au as ServiceEndpoint, av as SessionFreshnessConfig, aw as SsoAuditEvent, ax as SsoConfig, ay as SsoConnection, az as SsoError, aA as TokenValidationResult, aB as TotpConfig, aC as TotpSetup, aD as UsernameAuthConfig, aE as ValidateTokenResult, aF as VerificationMethod, aG as agentCards, aH as agentDids, aI as agents, aJ as apiKeysTable, aK as approvalRequests, aL as auditLogs, aM as budgetPolicies, aN as classifyViolation, aO as createAdminModule, aP as createApiKeyManagerModule, aQ as createApprovalModule, aR as createCaptchaModule, aS as createDatabase, aT as createDatabaseSync, aU as createEmailOtpModule, aV as createEmailVerificationModule, aW as createMagicLinkModule, aX as createOneTimeTokenModule, aY as createOrgModule, aZ as createPasskeyModule, a_ as createPasswordResetModule, a$ as createPhoneAuthModule, b0 as createSessionFreshnessModule, b1 as createSessionManager, b2 as createSsoModule, b3 as createTotpModule, b4 as createUsernameAuthModule, b5 as delegationChains, b6 as emailOtps, b7 as magicLinks, b8 as mcpServers, b9 as oauthAccessTokens, ba as oauthAuthorizationCodes, bb as oauthClients, bc as orgInvitations, bd as orgMembers, be as orgRoles, bf as organizations, bg as passkeyChallenges, bh as passkeyCredentials, bi as permissions, bj as rateLimits, bk as sessions, bl as ssoConnections, bm as tenants, bn as totpRecords, bo as trustScores, bp as users } from './types-B02D3kZy.js';
5
5
  export { createAuditModule } from './audit/index.js';
6
6
  export { AccessTokenClaims, AdditionalFieldsConfig, AdditionalFieldsModule, AnonymousAuthConfig, AnonymousAuthModule, AuthorizeParams, BearerAuthOptions, BudgetCheckResult, CheckParams, CheckResult, CheckoutOptions, CostAlert, CostAttributionConfig, CostAttributionModule, CostReport, CreateEphemeralSessionInput, CustomSessionConfig, CustomSessionModule, DeleteOptions, DeleteResult, DeviceAuthConfig, DeviceAuthModule, DeviceAuthStatus, DeviceCodeResponse, EVENT_TYPES, EndpointGroup, EndpointLimit, EphemeralSession, EphemeralSessionConfig, EphemeralSessionModule, EphemeralSessionValidateResult, EventStreamConfig, EventStreamModule, EventType, ExpandParams, FederatedAgent, FederationConfig, FederationModule, FederationToken, FederationWellKnown, FieldDefinition, GdprModule, GetUserClaimsFn, GoogleUser, HeaderAuthOptions, HibpApiError, HibpBreachedError, HibpConfig, HibpModule, InstanceIdentity, IssueFederationTokenInput, JsonWebKeySet, JwtSessionConfig, JwtSessionModule, KVNamespace, KVStore, LastLoginConfig, LastLoginModule, ListObjectsParams, ListSubjectsParams, LoginEvent, LoginMethod, MemoryStore, OAuthAccount, OAuthCallbackResult, OAuthModule, OAuthModuleConfig, OAuthPluginConfig, OAuthProvider, OAuthProviderConfig, OAuthProxyConfig, OAuthProxyError, OAuthProxyModule, OAuthProxyPluginConfig, OAuthTokens, OAuthUserInfo, OidcClient, OidcDiscoveryDocument, OidcProviderConfig, OidcProviderModule, OneTapConfig, OneTapModule, OneTapVerifyError, OpenApiComponents, OpenApiConfig, OpenApiDocument, OpenApiInfo, OpenApiMediaType, OpenApiModule, OpenApiOperation, OpenApiParameter, OpenApiPathItem, OpenApiRequestBody, OpenApiResponse, OpenApiSchema, OpenApiSecurityRequirement, OpenApiSecurityScheme, OpenApiServer, PermissionRuleSet, PolarConfig, PolarModule, PolarSubscription, ProxyTokens, RateLimitConfig, RateLimitMiddlewareOptions, RateLimitPluginConfig, RateLimitResult, RateLimitStore, RateLimiter, ReBACConfig, ReBACModule, RecordCostInput, RecordLoginInput, RegisterClientInput, Relationship, ResourceNode, ScimConfig, ScimGroup, ScimModule, ScimUser, SessionTokens, SessionUser, SiweConfig, SiweModule, SiweVerifyResult, StreamEvent, StripeConfig, StripeModule, SubscriptionInfo, TokenParams, TokenResponse, TrustLevel, TrustedDevice, TrustedDeviceConfig, TrustedDeviceModule, TrustedInstance, TwoFactorConfig, UserDataExport, UserInfoClaims, ValidationResult, VerifiedSession, additionalFields, admin, anonymousAuth, apiKeys, bearerAuth, createAdditionalFieldsModule, createAnonymousAuthModule, createAppleProvider, createCostAttributionModule, createCustomSessionModule, createDeviceAuthModule, createDiscordProvider, createEphemeralSessionModule, createEventStreamModule, createFederationModule, createGdprModule, createGithubProvider, createGitlabProvider, createGoogleProvider, createHibpModule, createJwtSessionModule, createLastLoginModule, createLinkedInProvider, createMicrosoftProvider, createOAuthModule, createOAuthProxyModule, createOidcProviderModule, createOneTapModule, createOpenApiModule, createPolarModule, createRateLimiter, createReBACModule, createScimModule, createSiweModule, createSlackProvider, createStripeModule, createTrustedDeviceModule, createTwitterProvider, customAuth, customSession, deviceAuth, deviceLabelFromRequest, emailOtp, gdpr, headerAuth, kvStore, magicLink, oauth, oauthProxy, oneTap, organization, passkey, polar, rateLimit, scim, siwe, stripe, twoFactor, withRateLimit } from './auth/index.js';
@@ -60,13 +60,19 @@ declare function createPrivilegeAnalyzer(db: Database): {
60
60
  type PrivilegeAnalyzer = ReturnType<typeof createPrivilegeAnalyzer>;
61
61
 
62
62
  /**
63
- * Create all KavachOS tables if they do not already exist.
63
+ * Create KavachOS tables if they do not already exist.
64
64
  *
65
65
  * Uses `CREATE TABLE IF NOT EXISTS` so it is safe to call on every startup.
66
66
  * Tables are created in dependency order (no forward-reference FK issues).
67
67
  *
68
+ * When `config` is provided, only tables required by the configured features
69
+ * are created. When omitted, all tables are created (backward-compatible
70
+ * behaviour for callers that do not pass a config).
71
+ *
68
72
  * @param db Drizzle database instance returned by `createDatabase()`.
69
73
  * @param provider The database provider used to build the correct DDL syntax.
74
+ * @param config Optional KavachConfig used to determine which feature tables
75
+ * to create. When absent, all tables are created.
70
76
  *
71
77
  * @example
72
78
  * ```typescript
@@ -74,7 +80,7 @@ type PrivilegeAnalyzer = ReturnType<typeof createPrivilegeAnalyzer>;
74
80
  * await createTables(db, 'postgres');
75
81
  * ```
76
82
  */
77
- declare function createTables(db: Database, provider: DatabaseConfig["provider"]): Promise<void>;
83
+ declare function createTables(db: Database, provider: DatabaseConfig["provider"], config?: KavachConfig): Promise<void>;
78
84
 
79
85
  interface DelegationModuleConfig {
80
86
  db: Database;