kavachos 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/a2a/index.d.ts +2 -2
- package/dist/agent/index.d.ts +3 -3
- package/dist/agent/index.js +4 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/index.js +4 -0
- package/dist/audit/index.js.map +1 -1
- package/dist/auth/index.d.ts +34 -3
- package/dist/auth/index.js +91 -2
- package/dist/auth/index.js.map +1 -1
- package/dist/index.d.ts +33 -4
- package/dist/index.js +851 -67
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.d.ts +2 -2
- package/dist/mcp/index.js +38 -1
- package/dist/mcp/index.js.map +1 -1
- package/dist/permission/index.d.ts +8 -3
- package/dist/permission/index.js +68 -59
- package/dist/permission/index.js.map +1 -1
- package/dist/standards/index.d.ts +139 -0
- package/dist/standards/index.js +72 -0
- package/dist/standards/index.js.map +1 -0
- package/dist/{types-BuHrZcjE.d.ts → types-BiUe9e8u.d.ts} +24 -0
- package/dist/{types-B02D3kZy.d.ts → types-RJPOU4un.d.ts} +114 -2
- package/dist/vc/index.d.ts +254 -65
- package/dist/vc/index.js +160 -12
- package/dist/vc/index.js.map +1 -1
- package/package.json +7 -1
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* IETF agentic JWT claim name constants.
|
|
3
|
+
*
|
|
4
|
+
* Sources:
|
|
5
|
+
* - draft-goswami-agentic-jwt-00
|
|
6
|
+
* - draft-liu-agent-operation-authorization-01
|
|
7
|
+
*
|
|
8
|
+
* These constants are off by default. Set `emitAgenticJwtClaims: true` in
|
|
9
|
+
* KavachConfig to include them in issued tokens.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Operational mode of an agent within a delegation chain.
|
|
13
|
+
*
|
|
14
|
+
* - `autonomous` — no human-in-the-loop; the agent acts on its own behalf.
|
|
15
|
+
* - `delegated` — the agent is acting under explicit delegation from another principal.
|
|
16
|
+
* - `supervised` — the agent acts autonomously but requires human approval for sensitive ops.
|
|
17
|
+
*/
|
|
18
|
+
type AgentType = "autonomous" | "delegated" | "supervised";
|
|
19
|
+
/**
|
|
20
|
+
* Trust tier band assigned at token issuance, derived from the numeric trust
|
|
21
|
+
* score. Matches the five-level model in KavachOS trust scoring.
|
|
22
|
+
*
|
|
23
|
+
* Mapping (inclusive lower bound):
|
|
24
|
+
* score 0–19 → "unverified"
|
|
25
|
+
* score 20–39 → "low"
|
|
26
|
+
* score 40–59 → "standard"
|
|
27
|
+
* score 60–79 → "elevated"
|
|
28
|
+
* score 80+ → "high"
|
|
29
|
+
*/
|
|
30
|
+
type TrustTier = "unverified" | "low" | "standard" | "elevated" | "high";
|
|
31
|
+
/**
|
|
32
|
+
* Registered claim names for agentic JWTs.
|
|
33
|
+
*
|
|
34
|
+
* All names are string literals so they can be used directly as JWT payload
|
|
35
|
+
* keys. Consuming code should index into issued token payloads using these
|
|
36
|
+
* constants rather than raw string literals.
|
|
37
|
+
*/
|
|
38
|
+
declare const AGENTIC_JWT_CLAIMS: {
|
|
39
|
+
/**
|
|
40
|
+
* Stable identifier of the agent making the call.
|
|
41
|
+
*
|
|
42
|
+
* @see draft-goswami-agentic-jwt-00 §3.1
|
|
43
|
+
*/
|
|
44
|
+
readonly AGENT_ID: "agent_id";
|
|
45
|
+
/**
|
|
46
|
+
* Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
|
|
47
|
+
*
|
|
48
|
+
* @see draft-goswami-agentic-jwt-00 §3.2
|
|
49
|
+
*/
|
|
50
|
+
readonly AGENT_TYPE: "agent_type";
|
|
51
|
+
/**
|
|
52
|
+
* Subject principal the agent is acting on behalf of (human user or upstream agent).
|
|
53
|
+
*
|
|
54
|
+
* @see draft-goswami-agentic-jwt-00 §3.3
|
|
55
|
+
*/
|
|
56
|
+
readonly ON_BEHALF_OF: "on_behalf_of";
|
|
57
|
+
/**
|
|
58
|
+
* Actor claim per RFC 8693. Identifies the current actor in an
|
|
59
|
+
* impersonation or delegation chain.
|
|
60
|
+
*
|
|
61
|
+
* @see draft-goswami-agentic-jwt-00 §3.4
|
|
62
|
+
* @see RFC 8693
|
|
63
|
+
*/
|
|
64
|
+
readonly ACT: "act";
|
|
65
|
+
/**
|
|
66
|
+
* Authorized future actors for delegation chains (RFC 8693 `may_act`).
|
|
67
|
+
*
|
|
68
|
+
* @see draft-goswami-agentic-jwt-00 §3.5
|
|
69
|
+
* @see RFC 8693
|
|
70
|
+
*/
|
|
71
|
+
readonly MAY_ACT: "may_act";
|
|
72
|
+
/**
|
|
73
|
+
* Trust score band at token issuance (e.g. `standard`, `elevated`).
|
|
74
|
+
*
|
|
75
|
+
* @see draft-goswami-agentic-jwt-00 §3.6
|
|
76
|
+
*/
|
|
77
|
+
readonly TRUST_TIER: "trust_tier";
|
|
78
|
+
/**
|
|
79
|
+
* Correlation id for tracing this token back to an entry in the audit log.
|
|
80
|
+
*
|
|
81
|
+
* @see draft-goswami-agentic-jwt-00 §3.7
|
|
82
|
+
*/
|
|
83
|
+
readonly AUDIT_REF: "audit_ref";
|
|
84
|
+
/**
|
|
85
|
+
* Per-tool budget or rate constraints encoded as a structured object.
|
|
86
|
+
*
|
|
87
|
+
* @see draft-goswami-agentic-jwt-00 §3.8
|
|
88
|
+
*/
|
|
89
|
+
readonly TOOL_CONSTRAINTS: "tool_constraints";
|
|
90
|
+
/**
|
|
91
|
+
* Workload Identity Token (WIT). Present only when three-layer cryptographic
|
|
92
|
+
* binding is active (draft-liu §4.2). Absent in standard issuance paths.
|
|
93
|
+
*
|
|
94
|
+
* @see draft-liu-agent-operation-authorization-01 §4.2
|
|
95
|
+
* TODO(v3): populate from WIT issuance when three-layer binding is implemented.
|
|
96
|
+
*/
|
|
97
|
+
readonly WORKLOAD_BINDING: "wit";
|
|
98
|
+
/**
|
|
99
|
+
* The scoped operation this token authorizes (e.g. `read:documents`).
|
|
100
|
+
*
|
|
101
|
+
* @see draft-liu-agent-operation-authorization-01 §4.3
|
|
102
|
+
*/
|
|
103
|
+
readonly OPERATION: "operation";
|
|
104
|
+
};
|
|
105
|
+
/**
|
|
106
|
+
* Optional shape of agentic JWT claims within a token payload.
|
|
107
|
+
*
|
|
108
|
+
* All fields are optional because they are only emitted when
|
|
109
|
+
* `emitAgenticJwtClaims` is enabled and the relevant context is available
|
|
110
|
+
* on the issuance path.
|
|
111
|
+
*/
|
|
112
|
+
interface AgenticJwtClaims {
|
|
113
|
+
/** Stable agent identifier. */
|
|
114
|
+
agent_id?: string;
|
|
115
|
+
/** Operational mode of the agent. */
|
|
116
|
+
agent_type?: AgentType;
|
|
117
|
+
/** Principal the agent is acting for. */
|
|
118
|
+
on_behalf_of?: string;
|
|
119
|
+
/** RFC 8693 actor claim (current actor in a delegation chain). */
|
|
120
|
+
act?: Record<string, unknown>;
|
|
121
|
+
/** RFC 8693 may_act claim (authorized future actors). */
|
|
122
|
+
may_act?: Record<string, unknown>;
|
|
123
|
+
/** Trust tier band at issuance time. */
|
|
124
|
+
trust_tier?: TrustTier;
|
|
125
|
+
/** Audit log correlation id. */
|
|
126
|
+
audit_ref?: string;
|
|
127
|
+
/** Per-tool budget or rate constraints. */
|
|
128
|
+
tool_constraints?: Record<string, unknown>;
|
|
129
|
+
/**
|
|
130
|
+
* Workload Identity Token.
|
|
131
|
+
* Absent unless three-layer binding is active.
|
|
132
|
+
* TODO(v3): populate when draft-liu three-layer binding is implemented.
|
|
133
|
+
*/
|
|
134
|
+
wit?: string;
|
|
135
|
+
/** Scoped operation this token authorizes. */
|
|
136
|
+
operation?: string;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
export { AGENTIC_JWT_CLAIMS, type AgentType, type AgenticJwtClaims, type TrustTier };
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
// src/standards/claims.ts
|
|
2
|
+
var AGENTIC_JWT_CLAIMS = {
|
|
3
|
+
/**
|
|
4
|
+
* Stable identifier of the agent making the call.
|
|
5
|
+
*
|
|
6
|
+
* @see draft-goswami-agentic-jwt-00 §3.1
|
|
7
|
+
*/
|
|
8
|
+
AGENT_ID: "agent_id",
|
|
9
|
+
/**
|
|
10
|
+
* Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
|
|
11
|
+
*
|
|
12
|
+
* @see draft-goswami-agentic-jwt-00 §3.2
|
|
13
|
+
*/
|
|
14
|
+
AGENT_TYPE: "agent_type",
|
|
15
|
+
/**
|
|
16
|
+
* Subject principal the agent is acting on behalf of (human user or upstream agent).
|
|
17
|
+
*
|
|
18
|
+
* @see draft-goswami-agentic-jwt-00 §3.3
|
|
19
|
+
*/
|
|
20
|
+
ON_BEHALF_OF: "on_behalf_of",
|
|
21
|
+
/**
|
|
22
|
+
* Actor claim per RFC 8693. Identifies the current actor in an
|
|
23
|
+
* impersonation or delegation chain.
|
|
24
|
+
*
|
|
25
|
+
* @see draft-goswami-agentic-jwt-00 §3.4
|
|
26
|
+
* @see RFC 8693
|
|
27
|
+
*/
|
|
28
|
+
ACT: "act",
|
|
29
|
+
/**
|
|
30
|
+
* Authorized future actors for delegation chains (RFC 8693 `may_act`).
|
|
31
|
+
*
|
|
32
|
+
* @see draft-goswami-agentic-jwt-00 §3.5
|
|
33
|
+
* @see RFC 8693
|
|
34
|
+
*/
|
|
35
|
+
MAY_ACT: "may_act",
|
|
36
|
+
/**
|
|
37
|
+
* Trust score band at token issuance (e.g. `standard`, `elevated`).
|
|
38
|
+
*
|
|
39
|
+
* @see draft-goswami-agentic-jwt-00 §3.6
|
|
40
|
+
*/
|
|
41
|
+
TRUST_TIER: "trust_tier",
|
|
42
|
+
/**
|
|
43
|
+
* Correlation id for tracing this token back to an entry in the audit log.
|
|
44
|
+
*
|
|
45
|
+
* @see draft-goswami-agentic-jwt-00 §3.7
|
|
46
|
+
*/
|
|
47
|
+
AUDIT_REF: "audit_ref",
|
|
48
|
+
/**
|
|
49
|
+
* Per-tool budget or rate constraints encoded as a structured object.
|
|
50
|
+
*
|
|
51
|
+
* @see draft-goswami-agentic-jwt-00 §3.8
|
|
52
|
+
*/
|
|
53
|
+
TOOL_CONSTRAINTS: "tool_constraints",
|
|
54
|
+
/**
|
|
55
|
+
* Workload Identity Token (WIT). Present only when three-layer cryptographic
|
|
56
|
+
* binding is active (draft-liu §4.2). Absent in standard issuance paths.
|
|
57
|
+
*
|
|
58
|
+
* @see draft-liu-agent-operation-authorization-01 §4.2
|
|
59
|
+
* TODO(v3): populate from WIT issuance when three-layer binding is implemented.
|
|
60
|
+
*/
|
|
61
|
+
WORKLOAD_BINDING: "wit",
|
|
62
|
+
/**
|
|
63
|
+
* The scoped operation this token authorizes (e.g. `read:documents`).
|
|
64
|
+
*
|
|
65
|
+
* @see draft-liu-agent-operation-authorization-01 §4.3
|
|
66
|
+
*/
|
|
67
|
+
OPERATION: "operation"
|
|
68
|
+
};
|
|
69
|
+
|
|
70
|
+
export { AGENTIC_JWT_CLAIMS };
|
|
71
|
+
//# sourceMappingURL=index.js.map
|
|
72
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/standards/claims.ts"],"names":[],"mappings":";AAgDO,IAAM,kBAAA,GAAqB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjC,QAAA,EAAU,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,UAAA,EAAY,YAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,YAAA,EAAc,cAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASd,GAAA,EAAK,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQL,OAAA,EAAS,SAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,UAAA,EAAY,YAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,SAAA,EAAW,WAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOX,gBAAA,EAAkB,kBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASlB,gBAAA,EAAkB,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOlB,SAAA,EAAW;AACZ","file":"index.js","sourcesContent":["/**\n * IETF agentic JWT claim name constants.\n *\n * Sources:\n * - draft-goswami-agentic-jwt-00\n * - draft-liu-agent-operation-authorization-01\n *\n * These constants are off by default. Set `emitAgenticJwtClaims: true` in\n * KavachConfig to include them in issued tokens.\n */\n\n// ---------------------------------------------------------------------------\n// Named types\n// ---------------------------------------------------------------------------\n\n/**\n * Operational mode of an agent within a delegation chain.\n *\n * - `autonomous` — no human-in-the-loop; the agent acts on its own behalf.\n * - `delegated` — the agent is acting under explicit delegation from another principal.\n * - `supervised` — the agent acts autonomously but requires human approval for sensitive ops.\n */\nexport type AgentType = \"autonomous\" | \"delegated\" | \"supervised\";\n\n/**\n * Trust tier band assigned at token issuance, derived from the numeric trust\n * score. Matches the five-level model in KavachOS trust scoring.\n *\n * Mapping (inclusive lower bound):\n * score 0–19 → \"unverified\"\n * score 20–39 → \"low\"\n * score 40–59 → \"standard\"\n * score 60–79 → \"elevated\"\n * score 80+ → \"high\"\n */\nexport type TrustTier = \"unverified\" | \"low\" | \"standard\" | \"elevated\" | \"high\";\n\n// ---------------------------------------------------------------------------\n// Claim name constants\n// ---------------------------------------------------------------------------\n\n/**\n * Registered claim names for agentic JWTs.\n *\n * All names are string literals so they can be used directly as JWT payload\n * keys. Consuming code should index into issued token payloads using these\n * constants rather than raw string literals.\n */\nexport const AGENTIC_JWT_CLAIMS = {\n\t/**\n\t * Stable identifier of the agent making the call.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.1\n\t */\n\tAGENT_ID: \"agent_id\",\n\n\t/**\n\t * Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.2\n\t */\n\tAGENT_TYPE: \"agent_type\",\n\n\t/**\n\t * Subject principal the agent is acting on behalf of (human user or upstream agent).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.3\n\t */\n\tON_BEHALF_OF: \"on_behalf_of\",\n\n\t/**\n\t * Actor claim per RFC 8693. Identifies the current actor in an\n\t * impersonation or delegation chain.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.4\n\t * @see RFC 8693\n\t */\n\tACT: \"act\",\n\n\t/**\n\t * Authorized future actors for delegation chains (RFC 8693 `may_act`).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.5\n\t * @see RFC 8693\n\t */\n\tMAY_ACT: \"may_act\",\n\n\t/**\n\t * Trust score band at token issuance (e.g. `standard`, `elevated`).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.6\n\t */\n\tTRUST_TIER: \"trust_tier\",\n\n\t/**\n\t * Correlation id for tracing this token back to an entry in the audit log.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.7\n\t */\n\tAUDIT_REF: \"audit_ref\",\n\n\t/**\n\t * Per-tool budget or rate constraints encoded as a structured object.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.8\n\t */\n\tTOOL_CONSTRAINTS: \"tool_constraints\",\n\n\t/**\n\t * Workload Identity Token (WIT). Present only when three-layer cryptographic\n\t * binding is active (draft-liu §4.2). Absent in standard issuance paths.\n\t *\n\t * @see draft-liu-agent-operation-authorization-01 §4.2\n\t * TODO(v3): populate from WIT issuance when three-layer binding is implemented.\n\t */\n\tWORKLOAD_BINDING: \"wit\",\n\n\t/**\n\t * The scoped operation this token authorizes (e.g. `read:documents`).\n\t *\n\t * @see draft-liu-agent-operation-authorization-01 §4.3\n\t */\n\tOPERATION: \"operation\",\n} as const;\n\n// ---------------------------------------------------------------------------\n// Payload shape\n// ---------------------------------------------------------------------------\n\n/**\n * Optional shape of agentic JWT claims within a token payload.\n *\n * All fields are optional because they are only emitted when\n * `emitAgenticJwtClaims` is enabled and the relevant context is available\n * on the issuance path.\n */\nexport interface AgenticJwtClaims {\n\t/** Stable agent identifier. */\n\tagent_id?: string;\n\t/** Operational mode of the agent. */\n\tagent_type?: AgentType;\n\t/** Principal the agent is acting for. */\n\ton_behalf_of?: string;\n\t/** RFC 8693 actor claim (current actor in a delegation chain). */\n\tact?: Record<string, unknown>;\n\t/** RFC 8693 may_act claim (authorized future actors). */\n\tmay_act?: Record<string, unknown>;\n\t/** Trust tier band at issuance time. */\n\ttrust_tier?: TrustTier;\n\t/** Audit log correlation id. */\n\taudit_ref?: string;\n\t/** Per-tool budget or rate constraints. */\n\ttool_constraints?: Record<string, unknown>;\n\t/**\n\t * Workload Identity Token.\n\t * Absent unless three-layer binding is active.\n\t * TODO(v3): populate when draft-liu three-layer binding is implemented.\n\t */\n\twit?: string;\n\t/** Scoped operation this token authorizes. */\n\toperation?: string;\n}\n"]}
|
|
@@ -54,6 +54,30 @@ interface McpConfig {
|
|
|
54
54
|
}>;
|
|
55
55
|
/** Custom token claims generator */
|
|
56
56
|
getAdditionalClaims?: (userId: string, scopes: string[]) => Promise<Record<string, unknown>>;
|
|
57
|
+
/**
|
|
58
|
+
* Emit IETF agentic JWT claims on issued access tokens.
|
|
59
|
+
*
|
|
60
|
+
* When true, any claims returned by `getAgenticContext` are embedded in
|
|
61
|
+
* the token payload using the registered draft-goswami-agentic-jwt-00 claim
|
|
62
|
+
* names. Claims with no available context value are omitted. Off by default.
|
|
63
|
+
*
|
|
64
|
+
* @default false
|
|
65
|
+
*/
|
|
66
|
+
emitAgenticJwtClaims?: boolean;
|
|
67
|
+
/**
|
|
68
|
+
* Resolve agentic context for a given user at token issuance time.
|
|
69
|
+
*
|
|
70
|
+
* Called only when `emitAgenticJwtClaims` is true. Return only the claims
|
|
71
|
+
* you can populate; absent fields are skipped rather than fabricated.
|
|
72
|
+
*
|
|
73
|
+
* TODO(v3): wire this through kavach.ts so the trust module can provide
|
|
74
|
+
* trust_tier automatically without requiring the caller to implement it.
|
|
75
|
+
*/
|
|
76
|
+
getAgenticContext?: (userId: string) => Promise<{
|
|
77
|
+
agentId?: string;
|
|
78
|
+
agentType?: "autonomous" | "delegated" | "supervised";
|
|
79
|
+
trustTier?: "unverified" | "low" | "standard" | "elevated" | "high";
|
|
80
|
+
}>;
|
|
57
81
|
}
|
|
58
82
|
interface McpServerMetadata {
|
|
59
83
|
issuer: string;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as drizzle_orm_sqlite_core from 'drizzle-orm/sqlite-core';
|
|
2
2
|
import { BaseSQLiteDatabase } from 'drizzle-orm/sqlite-core';
|
|
3
|
-
import { R as Result, f as McpConfig } from './types-
|
|
3
|
+
import { R as Result, f as McpConfig } from './types-BiUe9e8u.js';
|
|
4
4
|
import { RedirectConfig } from './redirect/index.js';
|
|
5
5
|
|
|
6
6
|
declare const users: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
@@ -971,6 +971,25 @@ declare const permissions: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
971
971
|
}, {}, {
|
|
972
972
|
$type: PermissionConstraintsRow;
|
|
973
973
|
}>;
|
|
974
|
+
relation: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
975
|
+
name: "relation";
|
|
976
|
+
tableName: "kavach_permissions";
|
|
977
|
+
dataType: "string";
|
|
978
|
+
columnType: "SQLiteText";
|
|
979
|
+
data: string;
|
|
980
|
+
driverParam: string;
|
|
981
|
+
notNull: false;
|
|
982
|
+
hasDefault: false;
|
|
983
|
+
isPrimaryKey: false;
|
|
984
|
+
isAutoincrement: false;
|
|
985
|
+
hasRuntimeDefault: false;
|
|
986
|
+
enumValues: [string, ...string[]];
|
|
987
|
+
baseColumn: never;
|
|
988
|
+
identity: undefined;
|
|
989
|
+
generated: undefined;
|
|
990
|
+
}, {}, {
|
|
991
|
+
length: number | undefined;
|
|
992
|
+
}>;
|
|
974
993
|
createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
975
994
|
name: "created_at";
|
|
976
995
|
tableName: "kavach_permissions";
|
|
@@ -1403,6 +1422,23 @@ declare const auditLogs: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
1403
1422
|
}, {}, {
|
|
1404
1423
|
length: number | undefined;
|
|
1405
1424
|
}>;
|
|
1425
|
+
cacheHit: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
1426
|
+
name: "cache_hit";
|
|
1427
|
+
tableName: "kavach_audit_logs";
|
|
1428
|
+
dataType: "boolean";
|
|
1429
|
+
columnType: "SQLiteBoolean";
|
|
1430
|
+
data: boolean;
|
|
1431
|
+
driverParam: number;
|
|
1432
|
+
notNull: true;
|
|
1433
|
+
hasDefault: true;
|
|
1434
|
+
isPrimaryKey: false;
|
|
1435
|
+
isAutoincrement: false;
|
|
1436
|
+
hasRuntimeDefault: false;
|
|
1437
|
+
enumValues: undefined;
|
|
1438
|
+
baseColumn: never;
|
|
1439
|
+
identity: undefined;
|
|
1440
|
+
generated: undefined;
|
|
1441
|
+
}, {}, {}>;
|
|
1406
1442
|
timestamp: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
1407
1443
|
name: "timestamp";
|
|
1408
1444
|
tableName: "kavach_audit_logs";
|
|
@@ -9111,6 +9147,59 @@ interface PluginInitResult {
|
|
|
9111
9147
|
context?: Record<string, unknown>;
|
|
9112
9148
|
}
|
|
9113
9149
|
|
|
9150
|
+
type PolicyEffect = "permit" | "deny" | "indeterminate";
|
|
9151
|
+
interface PolicyDecisionSubject {
|
|
9152
|
+
agentId?: string;
|
|
9153
|
+
userId?: string;
|
|
9154
|
+
orgId?: string;
|
|
9155
|
+
}
|
|
9156
|
+
interface PolicyEvaluationContext {
|
|
9157
|
+
ip?: string;
|
|
9158
|
+
arguments?: Record<string, unknown>;
|
|
9159
|
+
timestamp?: Date;
|
|
9160
|
+
[key: string]: unknown;
|
|
9161
|
+
}
|
|
9162
|
+
interface EvaluateInput {
|
|
9163
|
+
subject: PolicyDecisionSubject;
|
|
9164
|
+
action: string;
|
|
9165
|
+
resource: string;
|
|
9166
|
+
context?: PolicyEvaluationContext;
|
|
9167
|
+
}
|
|
9168
|
+
interface PolicyDecision {
|
|
9169
|
+
allowed: boolean;
|
|
9170
|
+
effect: PolicyEffect;
|
|
9171
|
+
reason: string;
|
|
9172
|
+
matchedPermissionId?: string;
|
|
9173
|
+
matchedRelation?: string;
|
|
9174
|
+
cacheHit: boolean;
|
|
9175
|
+
durationMs: number;
|
|
9176
|
+
auditId?: string;
|
|
9177
|
+
}
|
|
9178
|
+
interface PolicyCacheStats {
|
|
9179
|
+
hits: number;
|
|
9180
|
+
misses: number;
|
|
9181
|
+
size: number;
|
|
9182
|
+
evictions: number;
|
|
9183
|
+
}
|
|
9184
|
+
interface InvalidateScope {
|
|
9185
|
+
agentId?: string;
|
|
9186
|
+
userId?: string;
|
|
9187
|
+
resource?: string;
|
|
9188
|
+
}
|
|
9189
|
+
type PolicyCombineStrategy = "deny-overrides" | "permit-overrides";
|
|
9190
|
+
interface PolicyCacheConfig {
|
|
9191
|
+
maxEntries?: number;
|
|
9192
|
+
ttlMs?: number;
|
|
9193
|
+
enabled?: boolean;
|
|
9194
|
+
}
|
|
9195
|
+
interface PolicyEngineConfig {
|
|
9196
|
+
cache?: PolicyCacheConfig;
|
|
9197
|
+
combineStrategy?: PolicyCombineStrategy;
|
|
9198
|
+
audit?: boolean;
|
|
9199
|
+
/** Sample rate for audit row writes, 0.0 to 1.0. Defaults to 1.0. */
|
|
9200
|
+
auditSampleRate?: number;
|
|
9201
|
+
}
|
|
9202
|
+
|
|
9114
9203
|
/**
|
|
9115
9204
|
* Session freshness enforcement for KavachOS.
|
|
9116
9205
|
*
|
|
@@ -9332,6 +9421,15 @@ interface KavachConfig {
|
|
|
9332
9421
|
* to. Deliveries are fire-and-forget with exponential backoff retries.
|
|
9333
9422
|
*/
|
|
9334
9423
|
webhooks?: WebhookConfig[];
|
|
9424
|
+
/**
|
|
9425
|
+
* Unified policy engine configuration.
|
|
9426
|
+
*
|
|
9427
|
+
* Controls the LRU cache (max entries, TTL), combining strategy
|
|
9428
|
+
* (deny-overrides vs permit-overrides), audit emission, and audit
|
|
9429
|
+
* sample rate. When omitted, the engine runs with safe defaults:
|
|
9430
|
+
* cache enabled (10,000 entries, 60s TTL), deny-overrides, full audit.
|
|
9431
|
+
*/
|
|
9432
|
+
policy?: PolicyEngineConfig;
|
|
9335
9433
|
/**
|
|
9336
9434
|
* Redirect chain configuration.
|
|
9337
9435
|
*
|
|
@@ -9347,6 +9445,18 @@ interface KavachConfig {
|
|
|
9347
9445
|
* When omitted, defaults to 300 seconds (5 minutes).
|
|
9348
9446
|
*/
|
|
9349
9447
|
sessionFreshness?: SessionFreshnessConfig;
|
|
9448
|
+
/**
|
|
9449
|
+
* Emit IETF agentic JWT claims on issued tokens.
|
|
9450
|
+
*
|
|
9451
|
+
* When true, tokens issued by the MCP token endpoint and the JWT session
|
|
9452
|
+
* module include additional claims defined in draft-goswami-agentic-jwt-00
|
|
9453
|
+
* and draft-liu-agent-operation-authorization-01, such as `agent_id`,
|
|
9454
|
+
* `agent_type`, and `trust_tier`. Off by default to preserve backward
|
|
9455
|
+
* compatibility with existing token consumers.
|
|
9456
|
+
*
|
|
9457
|
+
* @default false
|
|
9458
|
+
*/
|
|
9459
|
+
emitAgenticJwtClaims?: boolean;
|
|
9350
9460
|
}
|
|
9351
9461
|
/**
|
|
9352
9462
|
* The main KavachOS instance returned by createKavach()
|
|
@@ -9397,6 +9507,8 @@ interface Permission {
|
|
|
9397
9507
|
resource: string;
|
|
9398
9508
|
actions: string[];
|
|
9399
9509
|
constraints?: PermissionConstraints;
|
|
9510
|
+
/** Optional ReBAC relation. When set, the policy engine queries the relationship graph. */
|
|
9511
|
+
relation?: string;
|
|
9400
9512
|
}
|
|
9401
9513
|
interface PermissionConstraints {
|
|
9402
9514
|
maxCallsPerHour?: number;
|
|
@@ -9521,4 +9633,4 @@ interface TokenValidationResult {
|
|
|
9521
9633
|
}
|
|
9522
9634
|
type McpMiddleware = (request: Request) => Promise<Response | undefined>;
|
|
9523
9635
|
|
|
9524
|
-
export { type
|
|
9636
|
+
export { type AdminUser as $, type AgentIdentity as A, type SessionFreshnessModule as B, type CreateAgentInput as C, type Database as D, type EmailOtpModule as E, type PhoneAuthModule as F, type CaptchaModule as G, type EvaluateInput as H, type PolicyDecision as I, type InvalidateScope as J, type KavachConfig as K, type PolicyCacheStats as L, type McpServerInput as M, type PluginEndpoint as N, type OrgModule as O, type Permission as P, type EndpointContext as Q, type RequestContext as R, type SignedPayload as S, type TotpModule as T, type UpdateAgentInput as U, type VerificationResult as V, type WebhookModule as W, type KavachPlugin as X, type SessionConfig as Y, type Session as Z, type AdminConfig as _, type DatabaseConfig as a, createOneTimeTokenModule as a$, type AgentConfig as a0, type ApiKey as a1, type ApiKeyManagerConfig as a2, type ApprovalConfig as a3, type ApprovalModule as a4, type AuthAdapter as a5, type CaptchaConfig as a6, type CaptchaVerifyResult as a7, type CreateTokenInput as a8, type D1DatabaseBinding as a9, type SsoAuditEvent as aA, type SsoConfig as aB, type SsoConnection as aC, SsoError as aD, type TokenValidationResult as aE, type TotpConfig as aF, type TotpSetup as aG, type UsernameAuthConfig as aH, type ValidateTokenResult as aI, type VerificationMethod as aJ, agentCards as aK, agentDids as aL, agents as aM, apiKeys as aN, approvalRequests as aO, auditLogs as aP, budgetPolicies as aQ, classifyViolation as aR, createAdminModule as aS, createApiKeyManagerModule as aT, createApprovalModule as aU, createCaptchaModule as aV, createDatabase as aW, createDatabaseSync as aX, createEmailOtpModule as aY, createEmailVerificationModule as aZ, createMagicLinkModule as a_, type EmailOtpConfig as aa, type EmailVerificationConfig as ab, type KavachHooks as ac, type KavachInstance as ad, type MagicLinkConfig as ae, type McpMiddleware as af, type OidcProvider as ag, type OneTimeTokenConfig as ah, type OneTimeTokenPurpose as ai, type OrgConfig as aj, type OrgInvitation as ak, type OrgMember as al, type OrgRole as am, type Organization as an, type PasskeyConfig as ao, type PasskeyCredential as ap, type PasswordResetConfig as aq, type PermissionConstraints as ar, type PhoneAuthConfig as as, type PluginContext as at, type PluginInitResult as au, type RevokeTokensResult as av, SSO_ERROR as aw, type SamlProvider as ax, type ServiceEndpoint as ay, type SessionFreshnessConfig as az, type DelegateInput as b, createOrgModule as b0, createPasskeyModule as b1, createPasswordResetModule as b2, createPhoneAuthModule as b3, createSessionFreshnessModule as b4, createSessionManager as b5, createSsoModule as b6, createTotpModule as b7, createUsernameAuthModule as b8, delegationChains as b9, emailOtps as ba, magicLinks as bb, mcpServers as bc, oauthAccessTokens as bd, oauthAuthorizationCodes as be, oauthClients as bf, orgInvitations as bg, orgMembers as bh, orgRoles as bi, organizations as bj, passkeyChallenges as bk, passkeyCredentials as bl, permissions as bm, rateLimits as bn, sessions as bo, ssoConnections as bp, tenants as bq, totpRecords as br, trustScores as bs, users as bt, type WebhookConfig as bu, type WebhookEvent as bv, createWebhookModule as bw, type DelegationChain as c, type DidDocument as d, type DidKeyPair as e, type DidWebConfig as f, type AgentDid as g, type AgentFilter as h, type AuthorizeRequest as i, type AuthorizeResult as j, type AuditFilter as k, type AuditEntry as l, type AuditExportOptions as m, type McpServer as n, type ResolvedUser as o, type SessionManager as p, type ApprovalRequest as q, type MagicLinkModule as r, type PasskeyModule as s, type SsoModule as t, type AdminModule as u, type ApiKeyManagerModule as v, type UsernameAuthModule as w, type PasswordResetModule as x, type EmailVerificationModule as y, type OneTimeTokenModule as z };
|