kavachos 0.4.0 → 0.4.1

package/dist/auth/index.d.ts

@@ -2,6 +2,7 @@ import { z } from 'zod';
 import { a5 as AuthAdapter, o as ResolvedUser, X as KavachPlugin, D as Database, _ as AdminConfig, p as SessionManager, a2 as ApiKeyManagerConfig, aa as EmailOtpConfig, P as Permission, ae as MagicLinkConfig, aj as OrgConfig, ao as PasskeyConfig, N as PluginEndpoint, aF as TotpConfig } from '../types-RJPOU4un.js';
 export { u as AdminModule, $ as AdminUser, a1 as ApiKey, v as ApiKeyManagerModule, a6 as CaptchaConfig, G as CaptchaModule, a7 as CaptchaVerifyResult, a8 as CreateTokenInput, E as EmailOtpModule, ab as EmailVerificationConfig, y as EmailVerificationModule, r as MagicLinkModule, ag as OidcProvider, ah as OneTimeTokenConfig, z as OneTimeTokenModule, ai as OneTimeTokenPurpose, ak as OrgInvitation, al as OrgMember, O as OrgModule, am as OrgRole, an as Organization, ap as PasskeyCredential, s as PasskeyModule, aq as PasswordResetConfig, x as PasswordResetModule, as as PhoneAuthConfig, F as PhoneAuthModule, av as RevokeTokensResult, aw as SSO_ERROR, ax as SamlProvider, aA as SsoAuditEvent, aB as SsoConfig, aC as SsoConnection, aD as SsoError, t as SsoModule, T as TotpModule, aG as TotpSetup, aH as UsernameAuthConfig, w as UsernameAuthModule, aI as ValidateTokenResult, bu as WebhookConfig, bv as WebhookEvent, W as WebhookModule, aS as createAdminModule, aT as createApiKeyManagerModule, aV as createCaptchaModule, aY as createEmailOtpModule, aZ as createEmailVerificationModule, a_ as createMagicLinkModule, a$ as createOneTimeTokenModule, b0 as createOrgModule, b1 as createPasskeyModule, b2 as createPasswordResetModule, b3 as createPhoneAuthModule, b6 as createSsoModule, b7 as createTotpModule, b8 as createUsernameAuthModule, bw as createWebhookModule } from '../types-RJPOU4un.js';
 import { R as Result } from '../types-BiUe9e8u.js';
+import { AgentType, TrustTier } from '../standards/index.js';
 import * as jose from 'jose';
 import 'drizzle-orm/sqlite-core';
 import '../redirect/index.js';
@@ -982,37 +983,6 @@ declare class HibpApiError extends Error {
     constructor(message: string);
 }
 
-/**
- * IETF agentic JWT claim name constants.
- *
- * Sources:
- *   - draft-goswami-agentic-jwt-00
- *   - draft-liu-agent-operation-authorization-01
- *
- * These constants are off by default. Set `emitAgenticJwtClaims: true` in
- * KavachConfig to include them in issued tokens.
- */
-/**
- * Operational mode of an agent within a delegation chain.
- *
- * - `autonomous`  — no human-in-the-loop; the agent acts on its own behalf.
- * - `delegated`   — the agent is acting under explicit delegation from another principal.
- * - `supervised`  — the agent acts autonomously but requires human approval for sensitive ops.
- */
-type AgentType = "autonomous" | "delegated" | "supervised";
-/**
- * Trust tier band assigned at token issuance, derived from the numeric trust
- * score. Matches the five-level model in KavachOS trust scoring.
- *
- * Mapping (inclusive lower bound):
- *   score 0–19  → "unverified"
- *   score 20–39 → "low"
- *   score 40–59 → "standard"
- *   score 60–79 → "elevated"
- *   score 80+   → "high"
- */
-type TrustTier = "unverified" | "low" | "standard" | "elevated" | "high";
-
 /**
  * JWT session plugin for KavachOS.
  *

package/dist/index.d.ts

@@ -12,6 +12,7 @@ export { AuditCredentialSubject, AuditExportResult, AuditRecord, CredentialForma
 import 'drizzle-orm/sqlite-core';
 import './types-BiUe9e8u.js';
 import 'zod';
+import './standards/index.js';
 import 'jose';
 
 interface PrivilegeFinding {

package/dist/standards/index.d.ts

@@ -0,0 +1,139 @@
+/**
+ * IETF agentic JWT claim name constants.
+ *
+ * Sources:
+ *   - draft-goswami-agentic-jwt-00
+ *   - draft-liu-agent-operation-authorization-01
+ *
+ * These constants are off by default. Set `emitAgenticJwtClaims: true` in
+ * KavachConfig to include them in issued tokens.
+ */
+/**
+ * Operational mode of an agent within a delegation chain.
+ *
+ * - `autonomous`  — no human-in-the-loop; the agent acts on its own behalf.
+ * - `delegated`   — the agent is acting under explicit delegation from another principal.
+ * - `supervised`  — the agent acts autonomously but requires human approval for sensitive ops.
+ */
+type AgentType = "autonomous" | "delegated" | "supervised";
+/**
+ * Trust tier band assigned at token issuance, derived from the numeric trust
+ * score. Matches the five-level model in KavachOS trust scoring.
+ *
+ * Mapping (inclusive lower bound):
+ *   score 0–19  → "unverified"
+ *   score 20–39 → "low"
+ *   score 40–59 → "standard"
+ *   score 60–79 → "elevated"
+ *   score 80+   → "high"
+ */
+type TrustTier = "unverified" | "low" | "standard" | "elevated" | "high";
+/**
+ * Registered claim names for agentic JWTs.
+ *
+ * All names are string literals so they can be used directly as JWT payload
+ * keys. Consuming code should index into issued token payloads using these
+ * constants rather than raw string literals.
+ */
+declare const AGENTIC_JWT_CLAIMS: {
+    /**
+     * Stable identifier of the agent making the call.
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.1
+     */
+    readonly AGENT_ID: "agent_id";
+    /**
+     * Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.2
+     */
+    readonly AGENT_TYPE: "agent_type";
+    /**
+     * Subject principal the agent is acting on behalf of (human user or upstream agent).
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.3
+     */
+    readonly ON_BEHALF_OF: "on_behalf_of";
+    /**
+     * Actor claim per RFC 8693. Identifies the current actor in an
+     * impersonation or delegation chain.
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.4
+     * @see RFC 8693
+     */
+    readonly ACT: "act";
+    /**
+     * Authorized future actors for delegation chains (RFC 8693 `may_act`).
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.5
+     * @see RFC 8693
+     */
+    readonly MAY_ACT: "may_act";
+    /**
+     * Trust score band at token issuance (e.g. `standard`, `elevated`).
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.6
+     */
+    readonly TRUST_TIER: "trust_tier";
+    /**
+     * Correlation id for tracing this token back to an entry in the audit log.
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.7
+     */
+    readonly AUDIT_REF: "audit_ref";
+    /**
+     * Per-tool budget or rate constraints encoded as a structured object.
+     *
+     * @see draft-goswami-agentic-jwt-00 §3.8
+     */
+    readonly TOOL_CONSTRAINTS: "tool_constraints";
+    /**
+     * Workload Identity Token (WIT). Present only when three-layer cryptographic
+     * binding is active (draft-liu §4.2). Absent in standard issuance paths.
+     *
+     * @see draft-liu-agent-operation-authorization-01 §4.2
+     * TODO(v3): populate from WIT issuance when three-layer binding is implemented.
+     */
+    readonly WORKLOAD_BINDING: "wit";
+    /**
+     * The scoped operation this token authorizes (e.g. `read:documents`).
+     *
+     * @see draft-liu-agent-operation-authorization-01 §4.3
+     */
+    readonly OPERATION: "operation";
+};
+/**
+ * Optional shape of agentic JWT claims within a token payload.
+ *
+ * All fields are optional because they are only emitted when
+ * `emitAgenticJwtClaims` is enabled and the relevant context is available
+ * on the issuance path.
+ */
+interface AgenticJwtClaims {
+    /** Stable agent identifier. */
+    agent_id?: string;
+    /** Operational mode of the agent. */
+    agent_type?: AgentType;
+    /** Principal the agent is acting for. */
+    on_behalf_of?: string;
+    /** RFC 8693 actor claim (current actor in a delegation chain). */
+    act?: Record<string, unknown>;
+    /** RFC 8693 may_act claim (authorized future actors). */
+    may_act?: Record<string, unknown>;
+    /** Trust tier band at issuance time. */
+    trust_tier?: TrustTier;
+    /** Audit log correlation id. */
+    audit_ref?: string;
+    /** Per-tool budget or rate constraints. */
+    tool_constraints?: Record<string, unknown>;
+    /**
+     * Workload Identity Token.
+     * Absent unless three-layer binding is active.
+     * TODO(v3): populate when draft-liu three-layer binding is implemented.
+     */
+    wit?: string;
+    /** Scoped operation this token authorizes. */
+    operation?: string;
+}
+
+export { AGENTIC_JWT_CLAIMS, type AgentType, type AgenticJwtClaims, type TrustTier };

package/dist/standards/index.js

@@ -0,0 +1,72 @@
+// src/standards/claims.ts
+var AGENTIC_JWT_CLAIMS = {
+  /**
+   * Stable identifier of the agent making the call.
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.1
+   */
+  AGENT_ID: "agent_id",
+  /**
+   * Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.2
+   */
+  AGENT_TYPE: "agent_type",
+  /**
+   * Subject principal the agent is acting on behalf of (human user or upstream agent).
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.3
+   */
+  ON_BEHALF_OF: "on_behalf_of",
+  /**
+   * Actor claim per RFC 8693. Identifies the current actor in an
+   * impersonation or delegation chain.
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.4
+   * @see RFC 8693
+   */
+  ACT: "act",
+  /**
+   * Authorized future actors for delegation chains (RFC 8693 `may_act`).
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.5
+   * @see RFC 8693
+   */
+  MAY_ACT: "may_act",
+  /**
+   * Trust score band at token issuance (e.g. `standard`, `elevated`).
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.6
+   */
+  TRUST_TIER: "trust_tier",
+  /**
+   * Correlation id for tracing this token back to an entry in the audit log.
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.7
+   */
+  AUDIT_REF: "audit_ref",
+  /**
+   * Per-tool budget or rate constraints encoded as a structured object.
+   *
+   * @see draft-goswami-agentic-jwt-00 §3.8
+   */
+  TOOL_CONSTRAINTS: "tool_constraints",
+  /**
+   * Workload Identity Token (WIT). Present only when three-layer cryptographic
+   * binding is active (draft-liu §4.2). Absent in standard issuance paths.
+   *
+   * @see draft-liu-agent-operation-authorization-01 §4.2
+   * TODO(v3): populate from WIT issuance when three-layer binding is implemented.
+   */
+  WORKLOAD_BINDING: "wit",
+  /**
+   * The scoped operation this token authorizes (e.g. `read:documents`).
+   *
+   * @see draft-liu-agent-operation-authorization-01 §4.3
+   */
+  OPERATION: "operation"
+};
+
+export { AGENTIC_JWT_CLAIMS };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/standards/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/standards/claims.ts"],"names":[],"mappings":";AAgDO,IAAM,kBAAA,GAAqB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjC,QAAA,EAAU,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,UAAA,EAAY,YAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,YAAA,EAAc,cAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASd,GAAA,EAAK,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQL,OAAA,EAAS,SAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,UAAA,EAAY,YAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,SAAA,EAAW,WAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOX,gBAAA,EAAkB,kBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASlB,gBAAA,EAAkB,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOlB,SAAA,EAAW;AACZ","file":"index.js","sourcesContent":["/**\n * IETF agentic JWT claim name constants.\n *\n * Sources:\n *   - draft-goswami-agentic-jwt-00\n *   - draft-liu-agent-operation-authorization-01\n *\n * These constants are off by default. Set `emitAgenticJwtClaims: true` in\n * KavachConfig to include them in issued tokens.\n */\n\n// ---------------------------------------------------------------------------\n// Named types\n// ---------------------------------------------------------------------------\n\n/**\n * Operational mode of an agent within a delegation chain.\n *\n * - `autonomous`  — no human-in-the-loop; the agent acts on its own behalf.\n * - `delegated`   — the agent is acting under explicit delegation from another principal.\n * - `supervised`  — the agent acts autonomously but requires human approval for sensitive ops.\n */\nexport type AgentType = \"autonomous\" | \"delegated\" | \"supervised\";\n\n/**\n * Trust tier band assigned at token issuance, derived from the numeric trust\n * score. Matches the five-level model in KavachOS trust scoring.\n *\n * Mapping (inclusive lower bound):\n *   score 0–19  → \"unverified\"\n *   score 20–39 → \"low\"\n *   score 40–59 → \"standard\"\n *   score 60–79 → \"elevated\"\n *   score 80+   → \"high\"\n */\nexport type TrustTier = \"unverified\" | \"low\" | \"standard\" | \"elevated\" | \"high\";\n\n// ---------------------------------------------------------------------------\n// Claim name constants\n// ---------------------------------------------------------------------------\n\n/**\n * Registered claim names for agentic JWTs.\n *\n * All names are string literals so they can be used directly as JWT payload\n * keys. Consuming code should index into issued token payloads using these\n * constants rather than raw string literals.\n */\nexport const AGENTIC_JWT_CLAIMS = {\n\t/**\n\t * Stable identifier of the agent making the call.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.1\n\t */\n\tAGENT_ID: \"agent_id\",\n\n\t/**\n\t * Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.2\n\t */\n\tAGENT_TYPE: \"agent_type\",\n\n\t/**\n\t * Subject principal the agent is acting on behalf of (human user or upstream agent).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.3\n\t */\n\tON_BEHALF_OF: \"on_behalf_of\",\n\n\t/**\n\t * Actor claim per RFC 8693. Identifies the current actor in an\n\t * impersonation or delegation chain.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.4\n\t * @see RFC 8693\n\t */\n\tACT: \"act\",\n\n\t/**\n\t * Authorized future actors for delegation chains (RFC 8693 `may_act`).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.5\n\t * @see RFC 8693\n\t */\n\tMAY_ACT: \"may_act\",\n\n\t/**\n\t * Trust score band at token issuance (e.g. `standard`, `elevated`).\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.6\n\t */\n\tTRUST_TIER: \"trust_tier\",\n\n\t/**\n\t * Correlation id for tracing this token back to an entry in the audit log.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.7\n\t */\n\tAUDIT_REF: \"audit_ref\",\n\n\t/**\n\t * Per-tool budget or rate constraints encoded as a structured object.\n\t *\n\t * @see draft-goswami-agentic-jwt-00 §3.8\n\t */\n\tTOOL_CONSTRAINTS: \"tool_constraints\",\n\n\t/**\n\t * Workload Identity Token (WIT). Present only when three-layer cryptographic\n\t * binding is active (draft-liu §4.2). Absent in standard issuance paths.\n\t *\n\t * @see draft-liu-agent-operation-authorization-01 §4.2\n\t * TODO(v3): populate from WIT issuance when three-layer binding is implemented.\n\t */\n\tWORKLOAD_BINDING: \"wit\",\n\n\t/**\n\t * The scoped operation this token authorizes (e.g. `read:documents`).\n\t *\n\t * @see draft-liu-agent-operation-authorization-01 §4.3\n\t */\n\tOPERATION: \"operation\",\n} as const;\n\n// ---------------------------------------------------------------------------\n// Payload shape\n// ---------------------------------------------------------------------------\n\n/**\n * Optional shape of agentic JWT claims within a token payload.\n *\n * All fields are optional because they are only emitted when\n * `emitAgenticJwtClaims` is enabled and the relevant context is available\n * on the issuance path.\n */\nexport interface AgenticJwtClaims {\n\t/** Stable agent identifier. */\n\tagent_id?: string;\n\t/** Operational mode of the agent. */\n\tagent_type?: AgentType;\n\t/** Principal the agent is acting for. */\n\ton_behalf_of?: string;\n\t/** RFC 8693 actor claim (current actor in a delegation chain). */\n\tact?: Record<string, unknown>;\n\t/** RFC 8693 may_act claim (authorized future actors). */\n\tmay_act?: Record<string, unknown>;\n\t/** Trust tier band at issuance time. */\n\ttrust_tier?: TrustTier;\n\t/** Audit log correlation id. */\n\taudit_ref?: string;\n\t/** Per-tool budget or rate constraints. */\n\ttool_constraints?: Record<string, unknown>;\n\t/**\n\t * Workload Identity Token.\n\t * Absent unless three-layer binding is active.\n\t * TODO(v3): populate when draft-liu three-layer binding is implemented.\n\t */\n\twit?: string;\n\t/** Scoped operation this token authorizes. */\n\toperation?: string;\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kavachos",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "The auth OS for AI agents - identity, permissions, delegation, and audit for the agentic era",
   "type": "module",
   "main": "dist/index.js",
@@ -55,6 +55,11 @@
       "types": "./dist/redirect/index.d.ts",
       "import": "./dist/redirect/index.js",
       "default": "./dist/redirect/index.js"
+    },
+    "./standards": {
+      "types": "./dist/standards/index.d.ts",
+      "import": "./dist/standards/index.js",
+      "default": "./dist/standards/index.js"
     }
   },
   "files": [