life-as-api 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +377 -0
- package/dist/agent/finance-agent.d.ts +44 -0
- package/dist/agent/finance-agent.js +75 -0
- package/dist/agent/finance-agent.js.map +1 -0
- package/dist/agent/legal-agent.d.ts +44 -0
- package/dist/agent/legal-agent.js +76 -0
- package/dist/agent/legal-agent.js.map +1 -0
- package/dist/agent/medical-agent.d.ts +44 -0
- package/dist/agent/medical-agent.js +75 -0
- package/dist/agent/medical-agent.js.map +1 -0
- package/dist/agent/trusted-agent-registry.d.ts +53 -0
- package/dist/agent/trusted-agent-registry.js +57 -0
- package/dist/agent/trusted-agent-registry.js.map +1 -0
- package/dist/audit/audit-chain-verifier.d.ts +10 -0
- package/dist/audit/audit-chain-verifier.js +67 -0
- package/dist/audit/audit-chain-verifier.js.map +1 -0
- package/dist/audit/audit-log.d.ts +48 -0
- package/dist/audit/audit-log.js +74 -0
- package/dist/audit/audit-log.js.map +1 -0
- package/dist/audit/sqlite-audit-log.d.ts +29 -0
- package/dist/audit/sqlite-audit-log.js +142 -0
- package/dist/audit/sqlite-audit-log.js.map +1 -0
- package/dist/auth/access-context-issuer.d.ts +18 -0
- package/dist/auth/access-context-issuer.js +88 -0
- package/dist/auth/access-context-issuer.js.map +1 -0
- package/dist/auth/assert-authorized-for-subject.d.ts +2 -0
- package/dist/auth/assert-authorized-for-subject.js +20 -0
- package/dist/auth/assert-authorized-for-subject.js.map +1 -0
- package/dist/auth/backend-context-minting-boundary.d.ts +23 -0
- package/dist/auth/backend-context-minting-boundary.js +281 -0
- package/dist/auth/backend-context-minting-boundary.js.map +1 -0
- package/dist/auth/default-authorization-policy.d.ts +7 -0
- package/dist/auth/default-authorization-policy.js +64 -0
- package/dist/auth/default-authorization-policy.js.map +1 -0
- package/dist/auth/fake-auth-adapter.d.ts +7 -0
- package/dist/auth/fake-auth-adapter.js +27 -0
- package/dist/auth/fake-auth-adapter.js.map +1 -0
- package/dist/auth/http-client.d.ts +12 -0
- package/dist/auth/http-client.js +7 -0
- package/dist/auth/http-client.js.map +1 -0
- package/dist/auth/in-memory-grant-resolver.d.ts +21 -0
- package/dist/auth/in-memory-grant-resolver.js +73 -0
- package/dist/auth/in-memory-grant-resolver.js.map +1 -0
- package/dist/auth/in-memory-tenant-boundary.d.ts +16 -0
- package/dist/auth/in-memory-tenant-boundary.js +37 -0
- package/dist/auth/in-memory-tenant-boundary.js.map +1 -0
- package/dist/auth/jwks-key-ring-auth-adapter.d.ts +38 -0
- package/dist/auth/jwks-key-ring-auth-adapter.js +123 -0
- package/dist/auth/jwks-key-ring-auth-adapter.js.map +1 -0
- package/dist/auth/jwks-key-ring.d.ts +25 -0
- package/dist/auth/jwks-key-ring.js +111 -0
- package/dist/auth/jwks-key-ring.js.map +1 -0
- package/dist/auth/jwt-auth-adapter.d.ts +15 -0
- package/dist/auth/jwt-auth-adapter.js +59 -0
- package/dist/auth/jwt-auth-adapter.js.map +1 -0
- package/dist/auth/jwt-core.d.ts +32 -0
- package/dist/auth/jwt-core.js +226 -0
- package/dist/auth/jwt-core.js.map +1 -0
- package/dist/auth/jwt-key-ring-auth-adapter.d.ts +16 -0
- package/dist/auth/jwt-key-ring-auth-adapter.js +58 -0
- package/dist/auth/jwt-key-ring-auth-adapter.js.map +1 -0
- package/dist/auth/oidc-discovery.d.ts +15 -0
- package/dist/auth/oidc-discovery.js +46 -0
- package/dist/auth/oidc-discovery.js.map +1 -0
- package/dist/auth/production-scoped-life-api.d.ts +58 -0
- package/dist/auth/production-scoped-life-api.js +802 -0
- package/dist/auth/production-scoped-life-api.js.map +1 -0
- package/dist/auth/proposal-scope-inspector.d.ts +3 -0
- package/dist/auth/proposal-scope-inspector.js +42 -0
- package/dist/auth/proposal-scope-inspector.js.map +1 -0
- package/dist/auth/proposal-scoped-life-api.d.ts +21 -0
- package/dist/auth/proposal-scoped-life-api.js +168 -0
- package/dist/auth/proposal-scoped-life-api.js.map +1 -0
- package/dist/auth/rate-limited-context-minting-boundary.d.ts +27 -0
- package/dist/auth/rate-limited-context-minting-boundary.js +77 -0
- package/dist/auth/rate-limited-context-minting-boundary.js.map +1 -0
- package/dist/auth/revocation-aware-auth-adapter.d.ts +21 -0
- package/dist/auth/revocation-aware-auth-adapter.js +88 -0
- package/dist/auth/revocation-aware-auth-adapter.js.map +1 -0
- package/dist/auth/sqlite-grant-resolver.d.ts +8 -0
- package/dist/auth/sqlite-grant-resolver.js +78 -0
- package/dist/auth/sqlite-grant-resolver.js.map +1 -0
- package/dist/auth/sqlite-tenant-boundary.d.ts +7 -0
- package/dist/auth/sqlite-tenant-boundary.js +41 -0
- package/dist/auth/sqlite-tenant-boundary.js.map +1 -0
- package/dist/auth/static-jwt-key-ring.d.ts +13 -0
- package/dist/auth/static-jwt-key-ring.js +73 -0
- package/dist/auth/static-jwt-key-ring.js.map +1 -0
- package/dist/auth/subject-scoped-life-api.d.ts +14 -0
- package/dist/auth/subject-scoped-life-api.js +51 -0
- package/dist/auth/subject-scoped-life-api.js.map +1 -0
- package/dist/auth/test-context-minting-boundary.d.ts +13 -0
- package/dist/auth/test-context-minting-boundary.js +74 -0
- package/dist/auth/test-context-minting-boundary.js.map +1 -0
- package/dist/auth/types.d.ts +77 -0
- package/dist/auth/types.js +16 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/compliance/subject-data-report.d.ts +43 -0
- package/dist/compliance/subject-data-report.js +155 -0
- package/dist/compliance/subject-data-report.js.map +1 -0
- package/dist/consent/consent-guard.d.ts +4 -0
- package/dist/consent/consent-guard.js +37 -0
- package/dist/consent/consent-guard.js.map +1 -0
- package/dist/consent/grant-registry.d.ts +7 -0
- package/dist/consent/grant-registry.js +13 -0
- package/dist/consent/grant-registry.js.map +1 -0
- package/dist/consent/intersect-selector.d.ts +3 -0
- package/dist/consent/intersect-selector.js +66 -0
- package/dist/consent/intersect-selector.js.map +1 -0
- package/dist/contract/diagnostics.d.ts +32 -0
- package/dist/contract/diagnostics.js +112 -0
- package/dist/contract/diagnostics.js.map +1 -0
- package/dist/contract/project-contracts.d.ts +5 -0
- package/dist/contract/project-contracts.js +159 -0
- package/dist/contract/project-contracts.js.map +1 -0
- package/dist/contract/types.d.ts +32 -0
- package/dist/contract/types.js +5 -0
- package/dist/contract/types.js.map +1 -0
- package/dist/crypto/aes-gcm.d.ts +11 -0
- package/dist/crypto/aes-gcm.js +78 -0
- package/dist/crypto/aes-gcm.js.map +1 -0
- package/dist/crypto/claim-serializer.d.ts +26 -0
- package/dist/crypto/claim-serializer.js +59 -0
- package/dist/crypto/claim-serializer.js.map +1 -0
- package/dist/crypto/sha256.d.ts +12 -0
- package/dist/crypto/sha256.js +40 -0
- package/dist/crypto/sha256.js.map +1 -0
- package/dist/crypto/static-key.d.ts +11 -0
- package/dist/crypto/static-key.js +60 -0
- package/dist/crypto/static-key.js.map +1 -0
- package/dist/crypto/types.d.ts +20 -0
- package/dist/crypto/types.js +8 -0
- package/dist/crypto/types.js.map +1 -0
- package/dist/datasource/trusted-data-source-registry.d.ts +51 -0
- package/dist/datasource/trusted-data-source-registry.js +57 -0
- package/dist/datasource/trusted-data-source-registry.js.map +1 -0
- package/dist/erasure/tombstone.d.ts +13 -0
- package/dist/erasure/tombstone.js +20 -0
- package/dist/erasure/tombstone.js.map +1 -0
- package/dist/evidence/evidence-backed-claim-creator.d.ts +48 -0
- package/dist/evidence/evidence-backed-claim-creator.js +107 -0
- package/dist/evidence/evidence-backed-claim-creator.js.map +1 -0
- package/dist/evidence/in-memory-raw-document-store.d.ts +26 -0
- package/dist/evidence/in-memory-raw-document-store.js +84 -0
- package/dist/evidence/in-memory-raw-document-store.js.map +1 -0
- package/dist/evidence/raw-document-store.d.ts +12 -0
- package/dist/evidence/raw-document-store.js +8 -0
- package/dist/evidence/raw-document-store.js.map +1 -0
- package/dist/evidence/source-evidence-validator.d.ts +4 -0
- package/dist/evidence/source-evidence-validator.js +14 -0
- package/dist/evidence/source-evidence-validator.js.map +1 -0
- package/dist/evidence/sqlite-raw-document-store.d.ts +19 -0
- package/dist/evidence/sqlite-raw-document-store.js +122 -0
- package/dist/evidence/sqlite-raw-document-store.js.map +1 -0
- package/dist/guardian/guardian-registry.d.ts +96 -0
- package/dist/guardian/guardian-registry.js +95 -0
- package/dist/guardian/guardian-registry.js.map +1 -0
- package/dist/index.d.ts +44 -0
- package/dist/index.js +72 -0
- package/dist/index.js.map +1 -0
- package/dist/observability/health.d.ts +12 -0
- package/dist/observability/health.js +16 -0
- package/dist/observability/health.js.map +1 -0
- package/dist/observability/logger.d.ts +21 -0
- package/dist/observability/logger.js +40 -0
- package/dist/observability/logger.js.map +1 -0
- package/dist/observability/metrics.d.ts +15 -0
- package/dist/observability/metrics.js +52 -0
- package/dist/observability/metrics.js.map +1 -0
- package/dist/persistence/backup.d.ts +24 -0
- package/dist/persistence/backup.js +251 -0
- package/dist/persistence/backup.js.map +1 -0
- package/dist/persistence/decryptability-scan.d.ts +10 -0
- package/dist/persistence/decryptability-scan.js +144 -0
- package/dist/persistence/decryptability-scan.js.map +1 -0
- package/dist/persistence/in-memory-unit-of-work.d.ts +11 -0
- package/dist/persistence/in-memory-unit-of-work.js +32 -0
- package/dist/persistence/in-memory-unit-of-work.js.map +1 -0
- package/dist/persistence/key-availability.d.ts +9 -0
- package/dist/persistence/key-availability.js +125 -0
- package/dist/persistence/key-availability.js.map +1 -0
- package/dist/persistence/sqlite/migrations.d.ts +9 -0
- package/dist/persistence/sqlite/migrations.js +535 -0
- package/dist/persistence/sqlite/migrations.js.map +1 -0
- package/dist/persistence/sqlite/schema.d.ts +10 -0
- package/dist/persistence/sqlite/schema.js +101 -0
- package/dist/persistence/sqlite/schema.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-fact-store.d.ts +24 -0
- package/dist/persistence/sqlite/sqlite-fact-store.js +207 -0
- package/dist/persistence/sqlite/sqlite-fact-store.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-source-registry.d.ts +17 -0
- package/dist/persistence/sqlite/sqlite-source-registry.js +132 -0
- package/dist/persistence/sqlite/sqlite-source-registry.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.d.ts +8 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.js +41 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.js.map +1 -0
- package/dist/persistence/sqlite/types.d.ts +24 -0
- package/dist/persistence/sqlite/types.js +28 -0
- package/dist/persistence/sqlite/types.js.map +1 -0
- package/dist/persistence/unit-of-work.d.ts +6 -0
- package/dist/persistence/unit-of-work.js +15 -0
- package/dist/persistence/unit-of-work.js.map +1 -0
- package/dist/proposal/accepted-claim-appender.d.ts +7 -0
- package/dist/proposal/accepted-claim-appender.js +16 -0
- package/dist/proposal/accepted-claim-appender.js.map +1 -0
- package/dist/proposal/in-memory-proposal-queue.d.ts +21 -0
- package/dist/proposal/in-memory-proposal-queue.js +218 -0
- package/dist/proposal/in-memory-proposal-queue.js.map +1 -0
- package/dist/proposal/policy-aware-proposal-queue.d.ts +23 -0
- package/dist/proposal/policy-aware-proposal-queue.js +162 -0
- package/dist/proposal/policy-aware-proposal-queue.js.map +1 -0
- package/dist/proposal/proposal-policy.d.ts +37 -0
- package/dist/proposal/proposal-policy.js +72 -0
- package/dist/proposal/proposal-policy.js.map +1 -0
- package/dist/proposal/proposal-queue.d.ts +13 -0
- package/dist/proposal/proposal-queue.js +15 -0
- package/dist/proposal/proposal-queue.js.map +1 -0
- package/dist/proposal/source-aware-claim-appender.d.ts +13 -0
- package/dist/proposal/source-aware-claim-appender.js +47 -0
- package/dist/proposal/source-aware-claim-appender.js.map +1 -0
- package/dist/proposal/sqlite-proposal-queue.d.ts +26 -0
- package/dist/proposal/sqlite-proposal-queue.js +282 -0
- package/dist/proposal/sqlite-proposal-queue.js.map +1 -0
- package/dist/resolution/resolve-claims.d.ts +4 -0
- package/dist/resolution/resolve-claims.js +101 -0
- package/dist/resolution/resolve-claims.js.map +1 -0
- package/dist/resolution/trust-profile.d.ts +12 -0
- package/dist/resolution/trust-profile.js +23 -0
- package/dist/resolution/trust-profile.js.map +1 -0
- package/dist/resolution/types.d.ts +15 -0
- package/dist/resolution/types.js +8 -0
- package/dist/resolution/types.js.map +1 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.d.ts +23 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.js +240 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.js.map +1 -0
- package/dist/sdk/create-life-api.d.ts +55 -0
- package/dist/sdk/create-life-api.js +251 -0
- package/dist/sdk/create-life-api.js.map +1 -0
- package/dist/sdk/create-sqlite-life-api.d.ts +33 -0
- package/dist/sdk/create-sqlite-life-api.js +654 -0
- package/dist/sdk/create-sqlite-life-api.js.map +1 -0
- package/dist/sdk/life-api.d.ts +27 -0
- package/dist/sdk/life-api.js +17 -0
- package/dist/sdk/life-api.js.map +1 -0
- package/dist/sdk/validation.d.ts +8 -0
- package/dist/sdk/validation.js +216 -0
- package/dist/sdk/validation.js.map +1 -0
- package/dist/source/in-memory-source-registry.d.ts +15 -0
- package/dist/source/in-memory-source-registry.js +104 -0
- package/dist/source/in-memory-source-registry.js.map +1 -0
- package/dist/source/source-aware-fact-store.d.ts +19 -0
- package/dist/source/source-aware-fact-store.js +40 -0
- package/dist/source/source-aware-fact-store.js.map +1 -0
- package/dist/source/source-kind-predicate-policy.d.ts +4 -0
- package/dist/source/source-kind-predicate-policy.js +62 -0
- package/dist/source/source-kind-predicate-policy.js.map +1 -0
- package/dist/source/source-registry.d.ts +11 -0
- package/dist/source/source-registry.js +12 -0
- package/dist/source/source-registry.js.map +1 -0
- package/dist/store/in-memory-fact-store.d.ts +25 -0
- package/dist/store/in-memory-fact-store.js +192 -0
- package/dist/store/in-memory-fact-store.js.map +1 -0
- package/dist/surface/context-query.d.ts +21 -0
- package/dist/surface/context-query.js +113 -0
- package/dist/surface/context-query.js.map +1 -0
- package/dist/surface/evidence-backed-context-query.d.ts +62 -0
- package/dist/surface/evidence-backed-context-query.js +240 -0
- package/dist/surface/evidence-backed-context-query.js.map +1 -0
- package/dist/types/access-context.d.ts +25 -0
- package/dist/types/access-context.js +6 -0
- package/dist/types/access-context.js.map +1 -0
- package/dist/types/claim.d.ts +48 -0
- package/dist/types/claim.js +5 -0
- package/dist/types/claim.js.map +1 -0
- package/dist/types/consent.d.ts +41 -0
- package/dist/types/consent.js +3 -0
- package/dist/types/consent.js.map +1 -0
- package/dist/types/crypto-boundary.d.ts +12 -0
- package/dist/types/crypto-boundary.js +15 -0
- package/dist/types/crypto-boundary.js.map +1 -0
- package/dist/types/evidence.d.ts +31 -0
- package/dist/types/evidence.js +8 -0
- package/dist/types/evidence.js.map +1 -0
- package/dist/types/fact-store.d.ts +24 -0
- package/dist/types/fact-store.js +12 -0
- package/dist/types/fact-store.js.map +1 -0
- package/dist/types/ids.d.ts +36 -0
- package/dist/types/ids.js +11 -0
- package/dist/types/ids.js.map +1 -0
- package/dist/types/proposal.d.ts +38 -0
- package/dist/types/proposal.js +7 -0
- package/dist/types/proposal.js.map +1 -0
- package/dist/types/source.d.ts +33 -0
- package/dist/types/source.js +6 -0
- package/dist/types/source.js.map +1 -0
- package/dist/types/trust.d.ts +24 -0
- package/dist/types/trust.js +5 -0
- package/dist/types/trust.js.map +1 -0
- package/dist/utilities/deep-freeze.d.ts +1 -0
- package/dist/utilities/deep-freeze.js +17 -0
- package/dist/utilities/deep-freeze.js.map +1 -0
- package/package.json +55 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqlite-audit-log.js","sourceRoot":"","sources":["../../src/audit/sqlite-audit-log.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,EAAE;AACF,kFAAkF;AAClF,yFAAyF;AACzF,wFAAwF;AACxF,iFAAiF;AACjF,2FAA2F;AAC3F,oGAAoG;AACpG,8GAA8G;AAC9G,iGAAiG;AACjG,gFAAgF;AAChF,4HAA4H;AAC5H,EAAE;AACF,8FAA8F;AAC9F,sFAAsF;AACtF,0FAA0F;AAC1F,yFAAyF;AAEzF,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC3F,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AA+BpD,MAAM,UAAU,mBAAmB,CAAC,MAA4B;IAC9D,8FAA8F;IAC9F,wFAAwF;IACxF,mFAAmF;IACnF,MAAM,GAAG,GAAG;QACV,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/F,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;QACjD,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IACF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAmBD,SAAS,eAAe,CAAC,GAAkB;IACzC,OAAO;QACL,EAAE,EAAmB,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,UAAU,EAAW,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC;QAC/C,KAAK,EAAgB,GAAG,CAAC,KAAK;QAC9B,QAAQ,EAAa,GAAG,CAAC,QAAQ;QACjC,UAAU,EAAW,GAAG,CAAC,WAA8B;QACvD,mBAAmB,EAAE,GAAG,CAAC,oBAAoB;QAC7C,WAAW,EAAU,GAAG,CAAC,YAAY;QACrC,cAAc,EAAQ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAc,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC5F,GAAG,CAAC,GAAG,CAAC,QAAQ,IAAY,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAW,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAA+C,CAAC,CAAC,CAAC,EAAE,CAAC;QACnI,GAAG,CAAC,GAAG,CAAC,OAAO,IAAa,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAW,GAAG,CAAC,OAAqB,EAA6C,CAAC,CAAC,CAAC,EAAE,CAAC;QACnI,GAAG,CAAC,GAAG,CAAC,YAAY,IAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAQ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAc,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrI,GAAG,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,IAAa,EAAyD,CAAC,CAAC,CAAC,EAAE,CAAC;QACnI,GAAG,CAAC,GAAG,CAAC,OAAO,IAAa,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAY,GAAG,CAAC,OAAO,EAA2D,CAAC,CAAC,CAAC,EAAE,CAAC;KACpI,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,cAAc;IACzB,6EAA6E;IACpE,iBAAiB,GAAG,mBAA4B,CAAC;IACzC,GAAG,CAAoB;IACvB,eAAe,CAAU;IAE1C,4EAA4E;IAC5E,qEAAqE;IACrE,YAAY,UAAsC;QAChD,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,CAAC,GAAG,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YAC5B,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC;YACtB,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,eAAe;YAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;IAC7C,CAAC;IAED,mEAAmE;IACnE,4FAA4F;IAC5F,2FAA2F;IAC3F,4FAA4F;IAC5F,KAAK,CAAC,KAAK,CAAC,KAAiB;QAC3B,MAAM,OAAO,GAAY,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC;QAC/C,MAAM,OAAO,GAAY,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC;QAC/C,MAAM,YAAY,GAAO,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;QACnE,MAAM,WAAW,GAAQ,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnG,6DAA6D;QAC7D,MAAM,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpE,MAAM,MAAM,GAAa,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC;QAE9C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,EAAE;YAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG;iBACjB,OAAO,CACN;;sEAE4D,CAC7D;iBACA,GAAG,EAA+D,CAAC;YAEtE,MAAM,OAAO,GAAgB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACtD,MAAM,QAAQ,GAAkB,GAAG,EAAE,eAAe,IAAI,IAAI,CAAC;YAE7D,MAAM,SAAS,GAAG,mBAAmB,CAAC;gBACpC,KAAK,EAAiB,KAAK,CAAC,KAAK;gBACjC,YAAY,EAAU,WAAW;gBACjC,QAAQ,EAAc,KAAK,CAAC,QAAQ;gBACpC,QAAQ,EAAc,OAAO;gBAC7B,EAAE,EAAoB,KAAK,CAAC,EAAE;gBAC9B,SAAS,EAAa,QAAQ;gBAC9B,OAAO,EAAe,OAAO;gBAC7B,WAAW,EAAW,KAAK,CAAC,UAAU;gBACtC,WAAW,EAAW,KAAK,CAAC,UAAU;gBACtC,gBAAgB,EAAM,YAAY;gBAClC,YAAY,EAAU,KAAK,CAAC,WAAW;gBACvC,oBAAoB,EAAE,KAAK,CAAC,mBAAmB;gBAC/C,QAAQ,EAAc,OAAO;gBAC7B,4GAA4G;gBAC5G,kBAAkB,EAAI,gBAAgB;gBACtC,OAAO,EAAe,MAAM;aAC7B,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;YAE3C,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;;;;;;OAMhB,CAAC,CAAC,GAAG,CACJ,KAAK,CAAC,EAAE,EACR,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,KAAK,EACX,OAAO,EACP,OAAO,EACP,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,mBAAmB,EACzB,KAAK,CAAC,WAAW,EACjB,YAAY,EACZ,WAAW,EACX,OAAO,EACP,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,MAAM,CACP,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,uFAAuF;QACvF,6EAA6E;QAC7E,aAAa,CAAC,SAAS,EAAE,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,OAAQ,IAAI,CAAC,GAAG;aACb,OAAO,CAAC,+CAA+C,CAAC;aACxD,GAAG,EAAsB;aACzB,GAAG,CAAC,eAAe,CAAC,CAAC;IAC1B,CAAC;CACF"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { AccessContext, OwnerContext, AgentConsentContext, SystemProjectionContext, TestContext, AuditContext, PurposeTag } from "../types/access-context.js";
|
|
2
|
+
import type { PersonId, GrantId, ISOTime } from "../types/ids.js";
|
|
3
|
+
export declare class AccessContextIssuer {
|
|
4
|
+
private readonly _trusted;
|
|
5
|
+
isTrusted(ctx: unknown): ctx is AccessContext;
|
|
6
|
+
assertTrusted(ctx: unknown): asserts ctx is AccessContext;
|
|
7
|
+
mintOwner(personId: PersonId): OwnerContext;
|
|
8
|
+
mintSystemProjection(): SystemProjectionContext;
|
|
9
|
+
mintTest(label: string): TestContext;
|
|
10
|
+
mintAudit(personId: PersonId): AuditContext;
|
|
11
|
+
mintAgent(opts: {
|
|
12
|
+
readonly agentId: string;
|
|
13
|
+
readonly grantId: GrantId;
|
|
14
|
+
readonly purpose: PurposeTag;
|
|
15
|
+
readonly notAfter: ISOTime;
|
|
16
|
+
}): AgentConsentContext;
|
|
17
|
+
}
|
|
18
|
+
export declare function createAccessContextIssuerForTest(): AccessContextIssuer;
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
// Authenticated AccessContext boundary — Slice-15 / Slice-15c.
|
|
2
|
+
//
|
|
3
|
+
// AUTH_CONTEXT_BOUNDARY_EXISTS_001: each AccessContextIssuer owns a private WeakSet.
|
|
4
|
+
// AUTH_CONTEXT_RAW_STRUCTURAL_FORGERY_DENIED_001: plain structural objects not in the
|
|
5
|
+
// paired issuer's WeakSet are rejected by the API that holds that issuer.
|
|
6
|
+
// AUTH_CONTEXT_TRUST_IS_AUTHORITY_SCOPED_001: contexts are bound to the issuer that
|
|
7
|
+
// minted them — not accepted by an API paired with a different issuer.
|
|
8
|
+
// AUTH_CONTEXT_CROSS_AUTHORITY_REPLAY_DENIED_001: bundleA.auth.mintOwner() is denied
|
|
9
|
+
// by bundleB.api — cross-bundle replay is impossible as long as each factory call
|
|
10
|
+
// produces a fresh AccessContextIssuer with its own WeakSet.
|
|
11
|
+
// AUTH_CONTEXT_ISSUER_MINTS_TRUSTED_CONTEXT_001: only AccessContextIssuer.mint*()
|
|
12
|
+
// adds to the private WeakSet; spreading or JSON round-tripping creates a new object
|
|
13
|
+
// outside the set — trust destroyed.
|
|
14
|
+
// AUTH_CONTEXT_NO_REAL_IDP_CLAIM_001: this module does not integrate with any real
|
|
15
|
+
// identity provider. It provides the boundary and enforcement mechanism only.
|
|
16
|
+
// ─── AccessContextIssuer ──────────────────────────────────────────────────────
|
|
17
|
+
// Each instance owns its own private WeakSet — the trust boundary is
|
|
18
|
+
// per-authority, not module-global. A context minted by issuer A cannot pass
|
|
19
|
+
// the trust check of an API paired with issuer B.
|
|
20
|
+
//
|
|
21
|
+
// Obtain an instance via the test/dev factory:
|
|
22
|
+
// const { api, auth } = await createInMemoryLifeApiForTest();
|
|
23
|
+
// The returned `auth` is the sole authority accepted by the returned `api`.
|
|
24
|
+
export class AccessContextIssuer {
|
|
25
|
+
_trusted = new WeakSet();
|
|
26
|
+
// ─── Instance-scoped trust verification ──────────────────────────────────
|
|
27
|
+
// AUTH_CONTEXT_PUBLIC_INDEX_NO_GLOBAL_TRUST_ORACLE_001: these methods are on
|
|
28
|
+
// the instance, not a module-level export. Trust is meaningful only relative
|
|
29
|
+
// to the authority that minted the context.
|
|
30
|
+
isTrusted(ctx) {
|
|
31
|
+
return typeof ctx === "object" && ctx !== null && this._trusted.has(ctx);
|
|
32
|
+
}
|
|
33
|
+
assertTrusted(ctx) {
|
|
34
|
+
if (!this.isTrusted(ctx)) {
|
|
35
|
+
throw new Error("AUTH_CONTEXT_RAW_STRUCTURAL_FORGERY_DENIED_001: context was not minted by " +
|
|
36
|
+
"the AccessContextIssuer paired with this API instance — plain structural " +
|
|
37
|
+
"objects and contexts from a different API bundle are not accepted");
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
// ─── Mint methods ─────────────────────────────────────────────────────────
|
|
41
|
+
// AUTH_CONTEXT_OWNER_PRIVILEGE_REQUIRES_TRUSTED_CONTEXT_001
|
|
42
|
+
mintOwner(personId) {
|
|
43
|
+
const ctx = { kind: "owner", personId };
|
|
44
|
+
this._trusted.add(ctx);
|
|
45
|
+
return ctx;
|
|
46
|
+
}
|
|
47
|
+
mintSystemProjection() {
|
|
48
|
+
const ctx = { kind: "system_projection" };
|
|
49
|
+
this._trusted.add(ctx);
|
|
50
|
+
return ctx;
|
|
51
|
+
}
|
|
52
|
+
// AUTH_CONTEXT_INTERNAL_TEST_ESCAPE_HATCH_DOCUMENTED_001
|
|
53
|
+
// mintTest() is the intentional escape hatch for SDK tests.
|
|
54
|
+
// Arbitrary { kind: "test" } plain objects are still rejected.
|
|
55
|
+
mintTest(label) {
|
|
56
|
+
const ctx = { kind: "test", label };
|
|
57
|
+
this._trusted.add(ctx);
|
|
58
|
+
return ctx;
|
|
59
|
+
}
|
|
60
|
+
// AUTH_CONTEXT_AUDIT_CONTEXT_NOT_PRIVILEGED_001
|
|
61
|
+
// A minted AuditContext still cannot perform privileged mutations —
|
|
62
|
+
// _assertPrivileged() blocks it regardless of trust status.
|
|
63
|
+
mintAudit(personId) {
|
|
64
|
+
const ctx = { kind: "audit", personId };
|
|
65
|
+
this._trusted.add(ctx);
|
|
66
|
+
return ctx;
|
|
67
|
+
}
|
|
68
|
+
// AUTH_CONTEXT_AGENT_PRIVILEGE_REQUIRES_TRUSTED_GRANT_BINDING_001
|
|
69
|
+
// Minting a trusted agent context is necessary but not sufficient.
|
|
70
|
+
// GrantRegistry still validates the grant on every queryContracts / createProposal call.
|
|
71
|
+
mintAgent(opts) {
|
|
72
|
+
const ctx = {
|
|
73
|
+
kind: "agent",
|
|
74
|
+
agentId: opts.agentId,
|
|
75
|
+
grantId: opts.grantId,
|
|
76
|
+
purpose: opts.purpose,
|
|
77
|
+
notAfter: opts.notAfter,
|
|
78
|
+
};
|
|
79
|
+
this._trusted.add(ctx);
|
|
80
|
+
return ctx;
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
// ─── Internal standalone factory (not in src/index.ts) ───────────────────────
|
|
84
|
+
// Used by internal tests that directly test the issuer without the full bundle.
|
|
85
|
+
export function createAccessContextIssuerForTest() {
|
|
86
|
+
return new AccessContextIssuer();
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=access-context-issuer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-context-issuer.js","sourceRoot":"","sources":["../../src/auth/access-context-issuer.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,EAAE;AACF,qFAAqF;AACrF,sFAAsF;AACtF,4EAA4E;AAC5E,oFAAoF;AACpF,yEAAyE;AACzE,qFAAqF;AACrF,oFAAoF;AACpF,+DAA+D;AAC/D,kFAAkF;AAClF,uFAAuF;AACvF,uCAAuC;AACvC,mFAAmF;AACnF,gFAAgF;AAahF,iFAAiF;AACjF,qEAAqE;AACrE,6EAA6E;AAC7E,kDAAkD;AAClD,EAAE;AACF,+CAA+C;AAC/C,gEAAgE;AAChE,4EAA4E;AAE5E,MAAM,OAAO,mBAAmB;IACb,QAAQ,GAAG,IAAI,OAAO,EAAU,CAAC;IAElD,4EAA4E;IAC5E,6EAA6E;IAC7E,6EAA6E;IAC7E,4CAA4C;IAE5C,SAAS,CAAC,GAAY;QACpB,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3E,CAAC;IAED,aAAa,CAAC,GAAY;QACxB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,4EAA4E;gBAC5E,2EAA2E;gBAC3E,mEAAmE,CACpE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6EAA6E;IAE7E,4DAA4D;IAC5D,SAAS,CAAC,QAAkB;QAC1B,MAAM,GAAG,GAAiB,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,oBAAoB;QAClB,MAAM,GAAG,GAA4B,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;QACnE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,yDAAyD;IACzD,4DAA4D;IAC5D,+DAA+D;IAC/D,QAAQ,CAAC,KAAa;QACpB,MAAM,GAAG,GAAgB,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,gDAAgD;IAChD,oEAAoE;IACpE,4DAA4D;IAC5D,SAAS,CAAC,QAAkB;QAC1B,MAAM,GAAG,GAAiB,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,yFAAyF;IACzF,SAAS,CAAC,IAKT;QACC,MAAM,GAAG,GAAwB;YAC/B,IAAI,EAAM,OAAO;YACjB,OAAO,EAAG,IAAI,CAAC,OAAO;YACtB,OAAO,EAAG,IAAI,CAAC,OAAO;YACtB,OAAO,EAAG,IAAI,CAAC,OAAO;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED,gFAAgF;AAChF,gFAAgF;AAEhF,MAAM,UAAU,gCAAgC;IAC9C,OAAO,IAAI,mBAAmB,EAAE,CAAC;AACnC,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
// AUTH_CONTEXT_SUBJECT_SCOPE_HELPER_001
|
|
2
|
+
//
|
|
3
|
+
// When MintedContext.authorizedPersonId is set, enforces that requestedSubject
|
|
4
|
+
// matches it exactly. Throws AUTH_SUBJECT_SCOPE_VIOLATION_001 on mismatch.
|
|
5
|
+
//
|
|
6
|
+
// When authorizedPersonId is absent (undefined), this helper does NOT throw.
|
|
7
|
+
// Absence means the principal is tenant-scoped rather than subject-scoped;
|
|
8
|
+
// the caller is responsible for tenant-level enforcement in that case.
|
|
9
|
+
//
|
|
10
|
+
// IMPORTANT: This helper is NOT full LifeApi callsite enforcement.
|
|
11
|
+
// AUTH_CONTEXT_SUBJECT_SCOPE_ENFORCED_001 (full enforcement at every LifeApi
|
|
12
|
+
// call site, including agent grants) remains deferred to Production-01c/01d.
|
|
13
|
+
export function assertAuthorizedForSubject(minted, requestedSubject) {
|
|
14
|
+
if (minted.authorizedPersonId !== undefined &&
|
|
15
|
+
minted.authorizedPersonId !== requestedSubject) {
|
|
16
|
+
throw Object.assign(new Error(`AUTH_SUBJECT_SCOPE_VIOLATION_001: MintedContext.authorizedPersonId ` +
|
|
17
|
+
`does not match requestedSubject`), { code: "AUTH_SUBJECT_SCOPE_VIOLATION_001" });
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=assert-authorized-for-subject.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assert-authorized-for-subject.js","sourceRoot":"","sources":["../../src/auth/assert-authorized-for-subject.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,EAAE;AACF,+EAA+E;AAC/E,2EAA2E;AAC3E,EAAE;AACF,6EAA6E;AAC7E,2EAA2E;AAC3E,uEAAuE;AACvE,EAAE;AACF,mEAAmE;AACnE,6EAA6E;AAC7E,6EAA6E;AAI7E,MAAM,UAAU,0BAA0B,CACxC,MAA+B,EAC/B,gBAAwB;IAExB,IACE,MAAM,CAAC,kBAAkB,KAAK,SAAS;QACvC,MAAM,CAAC,kBAAkB,KAAK,gBAAgB,EAC9C,CAAC;QACD,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,qEAAqE;YACrE,iCAAiC,CAClC,EACD,EAAE,IAAI,EAAE,kCAAkC,EAAE,CAC7C,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { TrustedAgentRegistry } from "../agent/trusted-agent-registry.js";
|
|
2
|
+
import type { GuardianRegistry } from "../guardian/guardian-registry.js";
|
|
3
|
+
import type { AuthAdapter, AuthorizationPolicy, Clock, GuardianContextMintingBoundary, GrantResolver, MintedContext, MintOptions, TenantBoundary } from "./types.js";
|
|
4
|
+
import type { AccessContextIssuer } from "./access-context-issuer.js";
|
|
5
|
+
import type { AuditLog } from "../audit/audit-log.js";
|
|
6
|
+
/** @remarks TEST/DEV ONLY — not for production use. */
|
|
7
|
+
export declare class BackendContextMintingBoundary implements GuardianContextMintingBoundary {
|
|
8
|
+
private readonly _opts;
|
|
9
|
+
constructor(_opts: {
|
|
10
|
+
readonly adapter: AuthAdapter;
|
|
11
|
+
readonly policy: AuthorizationPolicy;
|
|
12
|
+
readonly issuer: AccessContextIssuer;
|
|
13
|
+
readonly clock: Clock;
|
|
14
|
+
readonly tenantBoundary: TenantBoundary;
|
|
15
|
+
readonly grantResolver: GrantResolver;
|
|
16
|
+
readonly trustedAgentRegistry?: TrustedAgentRegistry;
|
|
17
|
+
readonly guardianRegistry?: GuardianRegistry;
|
|
18
|
+
readonly guardianAuditLog?: AuditLog;
|
|
19
|
+
});
|
|
20
|
+
mint(credential: string, targetPersonId: string, requestedKind: "owner" | "agent" | "system" | "audit", options?: MintOptions): Promise<MintedContext>;
|
|
21
|
+
private _guardianDeny;
|
|
22
|
+
mintGuardianContext(credential: string, wardId: string): Promise<MintedContext>;
|
|
23
|
+
}
|
|
@@ -0,0 +1,281 @@
|
|
|
1
|
+
// TEST/DEV ONLY — BackendContextMintingBoundary.
|
|
2
|
+
// AUTH_OWNER_TENANT_BOUNDARY_CHECKED_001: TenantBoundary.assertOwnership fires before every
|
|
3
|
+
// OwnerContext mint; fail-closed on throw.
|
|
4
|
+
// AUTH_AGENT_GRANT_RESOLUTION_CHECKED_001: GrantResolver.resolveActiveGrant fires before every
|
|
5
|
+
// AgentConsentContext mint; undefined → fail-closed.
|
|
6
|
+
// AUTH_AGENT_CONTEXT_NOT_AFTER_BOUNDED_001: AgentConsentContext.notAfter is bounded by the
|
|
7
|
+
// earlier of decision.notAfter and grantDescriptor.notAfter, compared as UTC instants
|
|
8
|
+
// (Date.parse epoch ms) — NOT lexicographically. Offset-form ISO strings are handled correctly.
|
|
9
|
+
// AUTH_AGENT_CONTEXT_NOT_AFTER_INVALID_001: fail-closed if either notAfter string is unparseable.
|
|
10
|
+
// PRODUCTION_AUTH_GRANT_PERSON_SCOPE_PROPAGATED_001: agent contexts carry authorizedPersonId from GrantDescriptor.personId.
|
|
11
|
+
// Broad grants (personId === undefined) are denied with PRODUCTION_AUTH_BROAD_GRANT_DEFERRED_001.
|
|
12
|
+
// AUTH_OWNER_CONTEXT_MINT_DENIED_001: thrown when TenantBoundary denies; internal
|
|
13
|
+
// AUTH_TENANT_OWNERSHIP_DENIED_001 is NOT propagated — fail closed.
|
|
14
|
+
// AUTH_AGENT_CONTEXT_MINT_DENIED_001: thrown when GrantResolver returns undefined; internal
|
|
15
|
+
// denial reason (missing/revoked/expired/mismatch) is NOT propagated — fail closed.
|
|
16
|
+
// TRUSTED_AGENT_REGISTRY_GATES_GRANT_001: if trustedAgentRegistry is configured, every
|
|
17
|
+
// AgentConsentContext mint requires isAgentTrusted(agentId, purpose) === true before
|
|
18
|
+
// the context is minted. Denial maps to AUTH_AGENT_CONTEXT_MINT_DENIED_001.
|
|
19
|
+
// TRUSTED_AGENT_REGISTRY_FAIL_CLOSED_001: registry exception → treated as untrusted.
|
|
20
|
+
// TRUSTED_AGENT_REGISTRY_OPTIONAL_NO_CHECK_WHEN_ABSENT_001: absent registry → no change.
|
|
21
|
+
//
|
|
22
|
+
// Platform-03 — Guardianship — mintGuardianContext:
|
|
23
|
+
// GUARDIAN_CONTEXT_MINT_GATED_001: registry check (getRelationship + isAuthorized) fires
|
|
24
|
+
// BEFORE the minting call — no context exists that could access data if the check fails.
|
|
25
|
+
// GUARDIAN_PRINCIPAL_USER_REQUIRED_001: only "user" principals may be guardians; agents,
|
|
26
|
+
// services, and audit principals are denied via the opaque guardian-deny path.
|
|
27
|
+
// GUARDIAN_REGISTRY_NOT_CONFIGURED_001: no guardianRegistry configured → distinct fail-closed
|
|
28
|
+
// code (deployment configuration state, not per-ward denial info).
|
|
29
|
+
// GUARDIAN_REGISTRY_FAIL_CLOSED_001: getRelationship/isAuthorized exception → denied.
|
|
30
|
+
// GUARDIAN_CONTEXT_MINT_TENANT_CHECKED_001: TenantBoundary.assertOwnership checked for the
|
|
31
|
+
// ward before mint; AUTH_TENANT_OWNERSHIP_DENIED_001 maps to the guardian-deny path; any
|
|
32
|
+
// other tenant-boundary error propagates unchanged.
|
|
33
|
+
// GUARDIAN_CONTEXT_MARKED_001: returned MintedContext carries guardianOf + a snapshot of
|
|
34
|
+
// guardianScopes at mint time.
|
|
35
|
+
// GUARDIAN_ACTION_UNAUTHORIZED_AUDITED_001: every guardian-deny writes a best-effort audit
|
|
36
|
+
// event (guardianAuditLog); the single opaque AUTH_GUARDIAN_CONTEXT_MINT_DENIED_001 code is
|
|
37
|
+
// thrown regardless of the internal reason.
|
|
38
|
+
// AUTH_TOKEN_SECRETS_NOT_AUDITED_001: raw credential never stored or audited.
|
|
39
|
+
//
|
|
40
|
+
// Platform-04 — Purpose enforcement (agent mint path only):
|
|
41
|
+
// PURPOSE_ENFORCEMENT_GATES_GRANT_ACCESS_001: when the caller passes
|
|
42
|
+
// options.declaredPurpose to mint() AND the resolved grant has a `purpose` set AND
|
|
43
|
+
// the two differ, the mint is denied. Omitting declaredPurpose (or a grant without
|
|
44
|
+
// `purpose`) preserves prior unenforced behavior exactly —
|
|
45
|
+
// GRANT_PURPOSE_DECLARED_NOT_ENFORCED_LIBRARY_LEVEL_001 still holds in that case.
|
|
46
|
+
// PURPOSE_MISMATCH_DENIED_OPAQUE_001: the mismatch denial throws the exact same error
|
|
47
|
+
// (message + code: AUTH_AGENT_CONTEXT_MINT_DENIED_001) as the grant-not-found path,
|
|
48
|
+
// so a caller cannot distinguish "no such grant" from "purpose declared doesn't match
|
|
49
|
+
// the grant's declared purpose" — neither the grant's purpose nor the caller's
|
|
50
|
+
// declaredPurpose is ever included in the thrown error.
|
|
51
|
+
import { buildAuditEvent } from "../audit/audit-log.js";
|
|
52
|
+
import { asGrantId, asISOTime, asPersonId } from "../types/ids.js";
|
|
53
|
+
// PURPOSE_MISMATCH_DENIED_OPAQUE_001: shared denial thrower — identical error to the
|
|
54
|
+
// grant-not-found path. Extracted so both call sites throw byte-for-byte the same thing.
|
|
55
|
+
function throwAgentContextMintDenied() {
|
|
56
|
+
throw Object.assign(new Error("AUTH_AGENT_CONTEXT_MINT_DENIED_001: agent context mint denied — " +
|
|
57
|
+
"grant not found, revoked, expired, or scope mismatch"), { code: "AUTH_AGENT_CONTEXT_MINT_DENIED_001" });
|
|
58
|
+
}
|
|
59
|
+
// AUTH_AGENT_CONTEXT_NOT_AFTER_INVALID_001: both notAfter strings must parse as valid instants.
|
|
60
|
+
// Uses Date.parse (epoch ms) so UTC offset forms like "+02:00" are handled correctly.
|
|
61
|
+
function parseInstantMs(value) {
|
|
62
|
+
const ms = Date.parse(value);
|
|
63
|
+
if (Number.isNaN(ms)) {
|
|
64
|
+
throw Object.assign(new Error(`AUTH_AGENT_CONTEXT_NOT_AFTER_INVALID_001: unparseable notAfter timestamp: ${value}`), { code: "AUTH_AGENT_CONTEXT_NOT_AFTER_INVALID_001" });
|
|
65
|
+
}
|
|
66
|
+
return ms;
|
|
67
|
+
}
|
|
68
|
+
// Returns the original string whose instant is earlier. Fails closed on invalid input.
|
|
69
|
+
function earlierNotAfter(a, b) {
|
|
70
|
+
return parseInstantMs(a) <= parseInstantMs(b) ? a : b;
|
|
71
|
+
}
|
|
72
|
+
/** @remarks TEST/DEV ONLY — not for production use. */
|
|
73
|
+
export class BackendContextMintingBoundary {
|
|
74
|
+
_opts;
|
|
75
|
+
constructor(_opts) {
|
|
76
|
+
this._opts = _opts;
|
|
77
|
+
}
|
|
78
|
+
async mint(credential, targetPersonId, requestedKind, options) {
|
|
79
|
+
const { adapter, policy, issuer, clock, tenantBoundary, grantResolver, trustedAgentRegistry } = this._opts;
|
|
80
|
+
const declaredPurpose = options?.declaredPurpose;
|
|
81
|
+
// 1. Verify credential — AUTH_TOKEN_SECRETS_NOT_AUDITED_001: raw credential not stored
|
|
82
|
+
const principal = await adapter.verify(credential);
|
|
83
|
+
// 2. Expiry check before policy — AUTH_TOKEN_EXPIRY_CHECKED_001
|
|
84
|
+
if (principal.expiresAt <= clock.now()) {
|
|
85
|
+
throw Object.assign(new Error("AUTH_CREDENTIAL_EXPIRED_001: credential has expired"), { code: "AUTH_CREDENTIAL_EXPIRED_001" });
|
|
86
|
+
}
|
|
87
|
+
// 3. Resolve authorization decision
|
|
88
|
+
const decision = await policy.resolve(principal, targetPersonId);
|
|
89
|
+
// 4. Kind check — AUTH_DECISION_KIND_MISMATCH_001
|
|
90
|
+
if (decision.kind !== requestedKind) {
|
|
91
|
+
if (requestedKind === "owner" && principal.principalType === "agent") {
|
|
92
|
+
throw Object.assign(new Error("AUTH_AGENT_CANNOT_MINT_OWNER_001: an agent principal may not receive an OwnerContext"), { code: "AUTH_AGENT_CANNOT_MINT_OWNER_001" });
|
|
93
|
+
}
|
|
94
|
+
if (requestedKind === "system" && principal.principalType !== "service") {
|
|
95
|
+
throw Object.assign(new Error("AUTH_SERVICE_PRINCIPAL_REQUIRED_FOR_SYSTEM_CONTEXT_001: " +
|
|
96
|
+
"only service principals may mint a SystemProjectionContext"), { code: "AUTH_SERVICE_PRINCIPAL_REQUIRED_FOR_SYSTEM_CONTEXT_001" });
|
|
97
|
+
}
|
|
98
|
+
throw Object.assign(new Error(`AUTH_DECISION_KIND_MISMATCH_001: policy resolved "${decision.kind}" ` +
|
|
99
|
+
`but "${requestedKind}" was requested`), { code: "AUTH_DECISION_KIND_MISMATCH_001" });
|
|
100
|
+
}
|
|
101
|
+
const base = {
|
|
102
|
+
principalId: principal.principalId,
|
|
103
|
+
principalType: principal.principalType,
|
|
104
|
+
tenantId: principal.tenantId,
|
|
105
|
+
};
|
|
106
|
+
switch (decision.kind) {
|
|
107
|
+
case "owner": {
|
|
108
|
+
// AUTH_OWNER_TENANT_BOUNDARY_CHECKED_001
|
|
109
|
+
try {
|
|
110
|
+
await tenantBoundary.assertOwnership(principal.tenantId, decision.personId);
|
|
111
|
+
}
|
|
112
|
+
catch (err) {
|
|
113
|
+
const code = (typeof err === "object" && err !== null)
|
|
114
|
+
? err.code
|
|
115
|
+
: undefined;
|
|
116
|
+
if (code === "AUTH_TENANT_OWNERSHIP_DENIED_001") {
|
|
117
|
+
// AUTH_OWNER_CONTEXT_MINT_DENIED_001: remap denial; internal code not propagated
|
|
118
|
+
throw Object.assign(new Error("AUTH_OWNER_CONTEXT_MINT_DENIED_001: owner context mint denied by TenantBoundary"), { code: "AUTH_OWNER_CONTEXT_MINT_DENIED_001" });
|
|
119
|
+
}
|
|
120
|
+
throw err; // storage/read failure — propagate
|
|
121
|
+
}
|
|
122
|
+
const ctx = issuer.mintOwner(asPersonId(decision.personId));
|
|
123
|
+
return {
|
|
124
|
+
...base,
|
|
125
|
+
context: ctx,
|
|
126
|
+
authorizedPersonId: principal.authorizedPersonId ?? decision.personId,
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
case "agent": {
|
|
130
|
+
// AUTH_AGENT_GRANT_RESOLUTION_CHECKED_001: pre-mint resolution; storage throws propagate
|
|
131
|
+
const grant = await grantResolver.resolveActiveGrant(decision.agentId, decision.grantId, principal.tenantId);
|
|
132
|
+
if (grant === undefined)
|
|
133
|
+
throwAgentContextMintDenied();
|
|
134
|
+
// PRODUCTION_AUTH_BROAD_GRANT_DEFERRED_001: broad grants (no personId) are not
|
|
135
|
+
// implemented for MVP production agent contexts. Fail closed at mint time.
|
|
136
|
+
// PRODUCTION_AUTH_NO_SILENT_TENANT_WIDE_AGENT_SCOPE_001
|
|
137
|
+
if (grant.personId === undefined) {
|
|
138
|
+
throw Object.assign(new Error("PRODUCTION_AUTH_BROAD_GRANT_DEFERRED_001: agent grant has no personId — " +
|
|
139
|
+
"broad grants are not implemented for production agent contexts"), { code: "PRODUCTION_AUTH_BROAD_GRANT_DEFERRED_001" });
|
|
140
|
+
}
|
|
141
|
+
// TRUSTED_AGENT_REGISTRY_GATES_GRANT_001: registry configured → scope-check fires
|
|
142
|
+
// BEFORE issuer.mintAgent — no AgentConsentContext exists if the check fails.
|
|
143
|
+
// TRUSTED_AGENT_REGISTRY_FAIL_CLOSED_001: registry exception → denied.
|
|
144
|
+
// Denial mapped to AUTH_AGENT_CONTEXT_MINT_DENIED_001 (reason not propagated).
|
|
145
|
+
if (trustedAgentRegistry !== undefined) {
|
|
146
|
+
let trusted = false;
|
|
147
|
+
try {
|
|
148
|
+
trusted = await trustedAgentRegistry.isAgentTrusted(decision.agentId, decision.purpose);
|
|
149
|
+
}
|
|
150
|
+
catch {
|
|
151
|
+
trusted = false;
|
|
152
|
+
}
|
|
153
|
+
if (!trusted)
|
|
154
|
+
throwAgentContextMintDenied();
|
|
155
|
+
}
|
|
156
|
+
// PURPOSE_ENFORCEMENT_GATES_GRANT_ACCESS_001: caller opted in by passing declaredPurpose;
|
|
157
|
+
// grant also declares a purpose; they differ → opaque denial identical to grant-not-found.
|
|
158
|
+
if (declaredPurpose !== undefined && grant.purpose !== undefined && grant.purpose !== declaredPurpose) {
|
|
159
|
+
throwAgentContextMintDenied();
|
|
160
|
+
}
|
|
161
|
+
// AUTH_AGENT_CONTEXT_NOT_AFTER_BOUNDED_001: instant comparison via Date.parse epoch ms
|
|
162
|
+
// AUTH_AGENT_CONTEXT_NOT_AFTER_INVALID_001: throws if either string is unparseable
|
|
163
|
+
const boundedNotAfter = earlierNotAfter(decision.notAfter, grant.notAfter);
|
|
164
|
+
const ctx = issuer.mintAgent({
|
|
165
|
+
agentId: decision.agentId,
|
|
166
|
+
grantId: asGrantId(decision.grantId),
|
|
167
|
+
purpose: decision.purpose,
|
|
168
|
+
notAfter: asISOTime(boundedNotAfter),
|
|
169
|
+
});
|
|
170
|
+
// PRODUCTION_AUTH_GRANT_PERSON_SCOPE_PROPAGATED_001: authorizedPersonId set from grant.personId
|
|
171
|
+
// PURPOSE_ENFORCEMENT_GATES_GRANT_ACCESS_001: declaredPurpose carried when caller declared one.
|
|
172
|
+
return {
|
|
173
|
+
...base,
|
|
174
|
+
context: ctx,
|
|
175
|
+
authorizedGrantId: decision.grantId,
|
|
176
|
+
authorizedPersonId: grant.personId,
|
|
177
|
+
...(declaredPurpose !== undefined ? { declaredPurpose } : {}),
|
|
178
|
+
};
|
|
179
|
+
}
|
|
180
|
+
case "system": {
|
|
181
|
+
const ctx = issuer.mintSystemProjection();
|
|
182
|
+
return { ...base, context: ctx };
|
|
183
|
+
}
|
|
184
|
+
case "audit": {
|
|
185
|
+
const ctx = issuer.mintAudit(asPersonId(targetPersonId));
|
|
186
|
+
return { ...base, context: ctx };
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
// ─── Platform-03 — Guardianship ──────────────────────────────────────────────
|
|
191
|
+
// GUARDIAN_ACTION_UNAUTHORIZED_AUDITED_001: best-effort audit write (swallowed on failure),
|
|
192
|
+
// then throw the single opaque AUTH_GUARDIAN_CONTEXT_MINT_DENIED_001 code — the internal
|
|
193
|
+
// reason (unknown relationship, missing scope, expired, tenant mismatch, wrong principal
|
|
194
|
+
// type) is never propagated to the caller.
|
|
195
|
+
async _guardianDeny(principal, wardId) {
|
|
196
|
+
const { guardianAuditLog, clock } = this._opts;
|
|
197
|
+
if (guardianAuditLog !== undefined) {
|
|
198
|
+
try {
|
|
199
|
+
await guardianAuditLog.write(buildAuditEvent({
|
|
200
|
+
actor: `${principal.principalType}:${principal.principalId}`,
|
|
201
|
+
decision: "deny",
|
|
202
|
+
reasonCode: "GUARDIAN_ACTION_UNAUTHORIZED",
|
|
203
|
+
selectorFingerprint: `guardian:mint:ward=${wardId}`,
|
|
204
|
+
resultCount: 0,
|
|
205
|
+
resultClaimIds: [],
|
|
206
|
+
actingAsGuardian: true,
|
|
207
|
+
wardId,
|
|
208
|
+
now: asISOTime(clock.now()),
|
|
209
|
+
}));
|
|
210
|
+
}
|
|
211
|
+
catch {
|
|
212
|
+
// Best-effort — audit write failure must not mask the underlying denial.
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
throw Object.assign(new Error("AUTH_GUARDIAN_CONTEXT_MINT_DENIED_001: guardian context mint denied — " +
|
|
216
|
+
"no active guardianship, missing scope, expired, or tenant mismatch"), { code: "AUTH_GUARDIAN_CONTEXT_MINT_DENIED_001" });
|
|
217
|
+
}
|
|
218
|
+
// GUARDIAN_CONTEXT_MINT_GATED_001 / GUARDIAN_PRINCIPAL_USER_REQUIRED_001 /
|
|
219
|
+
// GUARDIAN_REGISTRY_NOT_CONFIGURED_001 / GUARDIAN_CONTEXT_MINT_TENANT_CHECKED_001 /
|
|
220
|
+
// GUARDIAN_CONTEXT_MARKED_001 — see file header.
|
|
221
|
+
async mintGuardianContext(credential, wardId) {
|
|
222
|
+
const { adapter, clock, tenantBoundary, guardianRegistry, issuer } = this._opts;
|
|
223
|
+
// 1. Verify credential — AUTH_TOKEN_SECRETS_NOT_AUDITED_001: raw credential not stored.
|
|
224
|
+
const principal = await adapter.verify(credential);
|
|
225
|
+
// 2. Expiry check — identical to mint().
|
|
226
|
+
if (principal.expiresAt <= clock.now()) {
|
|
227
|
+
throw Object.assign(new Error("AUTH_CREDENTIAL_EXPIRED_001: credential has expired"), { code: "AUTH_CREDENTIAL_EXPIRED_001" });
|
|
228
|
+
}
|
|
229
|
+
// 3. GUARDIAN_PRINCIPAL_USER_REQUIRED_001: only human user principals may be guardians.
|
|
230
|
+
if (principal.principalType !== "user") {
|
|
231
|
+
return this._guardianDeny(principal, wardId);
|
|
232
|
+
}
|
|
233
|
+
// 4. GUARDIAN_REGISTRY_NOT_CONFIGURED_001: distinct fail-closed code — deployment
|
|
234
|
+
// configuration state, not a per-ward denial reason. Not routed through guardian-deny.
|
|
235
|
+
if (guardianRegistry === undefined) {
|
|
236
|
+
throw Object.assign(new Error("GUARDIAN_REGISTRY_NOT_CONFIGURED_001: guardianship not enabled on this " +
|
|
237
|
+
"deployment; fail-closed"), { code: "GUARDIAN_REGISTRY_NOT_CONFIGURED_001" });
|
|
238
|
+
}
|
|
239
|
+
// 5. GUARDIAN_REGISTRY_FAIL_CLOSED_001: any registry exception → rel=undefined/authorized=false.
|
|
240
|
+
let rel;
|
|
241
|
+
let authorized = false;
|
|
242
|
+
try {
|
|
243
|
+
rel = await guardianRegistry.getRelationship(principal.principalId, wardId);
|
|
244
|
+
authorized = await guardianRegistry.isAuthorized(principal.principalId, wardId, "context:mint");
|
|
245
|
+
}
|
|
246
|
+
catch {
|
|
247
|
+
rel = undefined;
|
|
248
|
+
authorized = false;
|
|
249
|
+
}
|
|
250
|
+
if (rel === undefined || !authorized) {
|
|
251
|
+
return this._guardianDeny(principal, wardId);
|
|
252
|
+
}
|
|
253
|
+
// 6. GUARDIAN_CONTEXT_MINT_TENANT_CHECKED_001: tenant boundary check for the ward.
|
|
254
|
+
try {
|
|
255
|
+
await tenantBoundary.assertOwnership(principal.tenantId, wardId);
|
|
256
|
+
}
|
|
257
|
+
catch (err) {
|
|
258
|
+
const code = (typeof err === "object" && err !== null)
|
|
259
|
+
? err.code
|
|
260
|
+
: undefined;
|
|
261
|
+
if (code === "AUTH_TENANT_OWNERSHIP_DENIED_001") {
|
|
262
|
+
return this._guardianDeny(principal, wardId);
|
|
263
|
+
}
|
|
264
|
+
throw err; // storage/read failure — propagate unchanged
|
|
265
|
+
}
|
|
266
|
+
// 7. GUARDIAN_CONTEXT_MINT_GATED_001: registry + tenant checks (steps 3–6) all complete
|
|
267
|
+
// before any context is minted.
|
|
268
|
+
const ctx = issuer.mintOwner(asPersonId(wardId));
|
|
269
|
+
// 8. GUARDIAN_CONTEXT_MARKED_001: rel is guaranteed defined here (step 5 already checked).
|
|
270
|
+
return {
|
|
271
|
+
context: ctx,
|
|
272
|
+
principalId: principal.principalId,
|
|
273
|
+
principalType: principal.principalType,
|
|
274
|
+
tenantId: principal.tenantId,
|
|
275
|
+
authorizedPersonId: wardId,
|
|
276
|
+
guardianOf: asPersonId(wardId),
|
|
277
|
+
guardianScopes: [...rel.guardianScopes],
|
|
278
|
+
};
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
//# sourceMappingURL=backend-context-minting-boundary.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"backend-context-minting-boundary.js","sourceRoot":"","sources":["../../src/auth/backend-context-minting-boundary.ts"],"names":[],"mappings":"AAAA,iDAAiD;AACjD,4FAA4F;AAC5F,6CAA6C;AAC7C,+FAA+F;AAC/F,uDAAuD;AACvD,2FAA2F;AAC3F,wFAAwF;AACxF,kGAAkG;AAClG,kGAAkG;AAClG,4HAA4H;AAC5H,oGAAoG;AACpG,kFAAkF;AAClF,sEAAsE;AACtE,4FAA4F;AAC5F,sFAAsF;AACtF,uFAAuF;AACvF,uFAAuF;AACvF,8EAA8E;AAC9E,qFAAqF;AACrF,yFAAyF;AACzF,EAAE;AACF,oDAAoD;AACpD,yFAAyF;AACzF,2FAA2F;AAC3F,yFAAyF;AACzF,iFAAiF;AACjF,8FAA8F;AAC9F,qEAAqE;AACrE,sFAAsF;AACtF,2FAA2F;AAC3F,2FAA2F;AAC3F,sDAAsD;AACtD,yFAAyF;AACzF,iCAAiC;AACjC,2FAA2F;AAC3F,8FAA8F;AAC9F,8CAA8C;AAC9C,8EAA8E;AAC9E,EAAE;AACF,4DAA4D;AAC5D,qEAAqE;AACrE,qFAAqF;AACrF,qFAAqF;AACrF,6DAA6D;AAC7D,oFAAoF;AACpF,sFAAsF;AACtF,sFAAsF;AACtF,wFAAwF;AACxF,iFAAiF;AACjF,0DAA0D;AAkB1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAEnE,qFAAqF;AACrF,yFAAyF;AACzF,SAAS,2BAA2B;IAClC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,kEAAkE;QAClE,sDAAsD,CACvD,EACD,EAAE,IAAI,EAAE,oCAAoC,EAAE,CAC/C,CAAC;AACJ,CAAC;AAED,gGAAgG;AAChG,sFAAsF;AACtF,SAAS,cAAc,CAAC,KAAa;IACnC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,6EAA6E,KAAK,EAAE,CAAC,EAC/F,EAAE,IAAI,EAAE,0CAA0C,EAAE,CACrD,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,uFAAuF;AACvF,SAAS,eAAe,CAAC,CAAS,EAAE,CAAS;IAC3C,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,uDAAuD;AACvD,MAAM,OAAO,6BAA6B;IAErB;IADnB,YACmB,KAUhB;QAVgB,UAAK,GAAL,KAAK,CAUrB;IACA,CAAC;IAEJ,KAAK,CAAC,IAAI,CACR,UAAsB,EACtB,cAAsB,EACtB,aAAsD,EACtD,OAA2B;QAE3B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,oBAAoB,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAC3G,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,CAAC;QAEjD,uFAAuF;QACvF,MAAM,SAAS,GAAsB,MAAM,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEtE,gEAAgE;QAChE,IAAI,SAAS,CAAC,SAAS,IAAI,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,qDAAqD,CAAC,EAChE,EAAE,IAAI,EAAE,6BAA6B,EAAE,CACxC,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAEjE,kDAAkD;QAClD,IAAI,QAAQ,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACpC,IAAI,aAAa,KAAK,OAAO,IAAI,SAAS,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACrE,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,sFAAsF,CAAC,EACjG,EAAE,IAAI,EAAE,kCAAkC,EAAE,CAC7C,CAAC;YACJ,CAAC;YACD,IAAI,aAAa,KAAK,QAAQ,IAAI,SAAS,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBACxE,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,0DAA0D;oBAC1D,4DAA4D,CAC7D,EACD,EAAE,IAAI,EAAE,wDAAwD,EAAE,CACnE,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,qDAAqD,QAAQ,CAAC,IAAI,IAAI;gBACtE,QAAQ,aAAa,iBAAiB,CACvC,EACD,EAAE,IAAI,EAAE,iCAAiC,EAAE,CAC5C,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG;YACX,WAAW,EAAI,SAAS,CAAC,WAAW;YACpC,aAAa,EAAE,SAAS,CAAC,aAAa;YACtC,QAAQ,EAAO,SAAS,CAAC,QAAQ;SACzB,CAAC;QAEX,QAAQ,QAAQ,CAAC,IAAI,EAAE,CAAC;YACtB,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC9E,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,MAAM,IAAI,GAAG,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,CAAC;wBACpD,CAAC,CAAE,GAA0B,CAAC,IAAI;wBAClC,CAAC,CAAC,SAAS,CAAC;oBACd,IAAI,IAAI,KAAK,kCAAkC,EAAE,CAAC;wBAChD,iFAAiF;wBACjF,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,iFAAiF,CAAC,EAC5F,EAAE,IAAI,EAAE,oCAAoC,EAAE,CAC/C,CAAC;oBACJ,CAAC;oBACD,MAAM,GAAG,CAAC,CAAC,mCAAmC;gBAChD,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC5D,OAAO;oBACL,GAAG,IAAI;oBACP,OAAO,EAAa,GAAG;oBACvB,kBAAkB,EAAE,SAAS,CAAC,kBAAkB,IAAI,QAAQ,CAAC,QAAQ;iBACtE,CAAC;YACJ,CAAC;YAED,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,yFAAyF;gBACzF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,kBAAkB,CAClD,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,OAAO,EAChB,SAAS,CAAC,QAAQ,CACnB,CAAC;gBACF,IAAI,KAAK,KAAK,SAAS;oBAAE,2BAA2B,EAAE,CAAC;gBACvD,+EAA+E;gBAC/E,2EAA2E;gBAC3E,wDAAwD;gBACxD,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;oBACjC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,0EAA0E;wBAC1E,gEAAgE,CACjE,EACD,EAAE,IAAI,EAAE,0CAA0C,EAAE,CACrD,CAAC;gBACJ,CAAC;gBACD,kFAAkF;gBAClF,gFAAgF;gBAChF,uEAAuE;gBACvE,+EAA+E;gBAC/E,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,IAAI,OAAO,GAAG,KAAK,CAAC;oBACpB,IAAI,CAAC;wBAAC,OAAO,GAAG,MAAM,oBAAoB,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAAC,CAAC;oBAChG,MAAM,CAAC;wBAAC,OAAO,GAAG,KAAK,CAAC;oBAAC,CAAC;oBAC1B,IAAI,CAAC,OAAO;wBAAE,2BAA2B,EAAE,CAAC;gBAC9C,CAAC;gBACD,0FAA0F;gBAC1F,2FAA2F;gBAC3F,IAAI,eAAe,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;oBACtG,2BAA2B,EAAE,CAAC;gBAChC,CAAC;gBACD,uFAAuF;gBACvF,mFAAmF;gBACnF,MAAM,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;oBAC3B,OAAO,EAAG,QAAQ,CAAC,OAAO;oBAC1B,OAAO,EAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oBACrC,OAAO,EAAG,QAAQ,CAAC,OAAO;oBAC1B,QAAQ,EAAE,SAAS,CAAC,eAAe,CAAC;iBACrC,CAAC,CAAC;gBACH,gGAAgG;gBAChG,gGAAgG;gBAChG,OAAO;oBACL,GAAG,IAAI;oBACP,OAAO,EAAa,GAAG;oBACvB,iBAAiB,EAAG,QAAQ,CAAC,OAAO;oBACpC,kBAAkB,EAAE,KAAK,CAAC,QAAQ;oBAClC,GAAG,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC9D,CAAC;YACJ,CAAC;YAED,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,GAAG,GAAG,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1C,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;YACnC,CAAC;YAED,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;gBACzD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,4FAA4F;IAC5F,2FAA2F;IAC3F,2FAA2F;IAC3F,6CAA6C;IACrC,KAAK,CAAC,aAAa,CAAC,SAA4B,EAAE,MAAc;QACtE,MAAM,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAC/C,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,gBAAgB,CAAC,KAAK,CAAC,eAAe,CAAC;oBAC3C,KAAK,EAAgB,GAAG,SAAS,CAAC,aAAa,IAAI,SAAS,CAAC,WAAW,EAAE;oBAC1E,QAAQ,EAAa,MAAM;oBAC3B,UAAU,EAAW,8BAA8B;oBACnD,mBAAmB,EAAE,sBAAsB,MAAM,EAAE;oBACnD,WAAW,EAAU,CAAC;oBACtB,cAAc,EAAO,EAAE;oBACvB,gBAAgB,EAAK,IAAI;oBACzB,MAAM;oBACN,GAAG,EAAkB,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;iBAC5C,CAAC,CAAC,CAAC;YACN,CAAC;YAAC,MAAM,CAAC;gBACP,yEAAyE;YAC3E,CAAC;QACH,CAAC;QACD,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,wEAAwE;YACxE,oEAAoE,CACrE,EACD,EAAE,IAAI,EAAE,uCAAuC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,oFAAoF;IACpF,iDAAiD;IACjD,KAAK,CAAC,mBAAmB,CAAC,UAAkB,EAAE,MAAc;QAC1D,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhF,wFAAwF;QACxF,MAAM,SAAS,GAAsB,MAAM,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEtE,yCAAyC;QACzC,IAAI,SAAS,CAAC,SAAS,IAAI,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,qDAAqD,CAAC,EAChE,EAAE,IAAI,EAAE,6BAA6B,EAAE,CACxC,CAAC;QACJ,CAAC;QAED,wFAAwF;QACxF,IAAI,SAAS,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QAED,kFAAkF;QAClF,0FAA0F;QAC1F,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,yEAAyE;gBACzE,yBAAyB,CAC1B,EACD,EAAE,IAAI,EAAE,sCAAsC,EAAE,CACjD,CAAC;QACJ,CAAC;QAED,iGAAiG;QACjG,IAAI,GAAqC,CAAC;QAC1C,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC5E,UAAU,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QAClG,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,GAAG,SAAS,CAAC;YAChB,UAAU,GAAG,KAAK,CAAC;QACrB,CAAC;QACD,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QAED,mFAAmF;QACnF,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnE,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,CAAC;gBACpD,CAAC,CAAE,GAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,SAAS,CAAC;YACd,IAAI,IAAI,KAAK,kCAAkC,EAAE,CAAC;gBAChD,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,GAAG,CAAC,CAAC,6CAA6C;QAC1D,CAAC;QAED,wFAAwF;QACxF,mCAAmC;QACnC,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjD,2FAA2F;QAC3F,OAAO;YACL,OAAO,EAAa,GAAG;YACvB,WAAW,EAAS,SAAS,CAAC,WAAW;YACzC,aAAa,EAAO,SAAS,CAAC,aAAa;YAC3C,QAAQ,EAAY,SAAS,CAAC,QAAQ;YACtC,kBAAkB,EAAE,MAAM;YAC1B,UAAU,EAAU,UAAU,CAAC,MAAM,CAAC;YACtC,cAAc,EAAM,CAAC,GAAG,GAAG,CAAC,cAAc,CAAC;SAC5C,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { AuthorizationDecision, AuthorizationPolicy, Clock, VerifiedPrincipal } from "./types.js";
|
|
2
|
+
/** @remarks TEST/DEV/REFERENCE ONLY — not for production use. */
|
|
3
|
+
export declare class DefaultAuthorizationPolicy implements AuthorizationPolicy {
|
|
4
|
+
private readonly _clock;
|
|
5
|
+
constructor(_clock: Clock);
|
|
6
|
+
resolve(principal: VerifiedPrincipal, targetPersonId: string): Promise<AuthorizationDecision>;
|
|
7
|
+
}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
// TEST/DEV/REFERENCE ONLY — do NOT export from src/index.ts.
|
|
2
|
+
// This is not a production-ready AuthorizationPolicy.
|
|
3
|
+
// Hosts MUST implement their own AuthorizationPolicy backed by a real TenantBoundary
|
|
4
|
+
// and GrantResolver. DefaultAuthorizationPolicy uses no database and no real grant lookup.
|
|
5
|
+
// AUTH_TEST_ISSUER_NOT_PRODUCTION_001
|
|
6
|
+
/** @remarks TEST/DEV/REFERENCE ONLY — not for production use. */
|
|
7
|
+
export class DefaultAuthorizationPolicy {
|
|
8
|
+
_clock;
|
|
9
|
+
constructor(_clock) {
|
|
10
|
+
this._clock = _clock;
|
|
11
|
+
}
|
|
12
|
+
async resolve(principal, targetPersonId) {
|
|
13
|
+
const { principalType, roles, authorizedPersonId, grantIds, expiresAt } = principal;
|
|
14
|
+
switch (principalType) {
|
|
15
|
+
case "service": {
|
|
16
|
+
if (!roles.includes("system")) {
|
|
17
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: service principal has no system role"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
18
|
+
}
|
|
19
|
+
return { kind: "system", projection: "default" };
|
|
20
|
+
}
|
|
21
|
+
case "audit": {
|
|
22
|
+
if (!roles.includes("audit")) {
|
|
23
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: audit principal has no audit role"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
24
|
+
}
|
|
25
|
+
return { kind: "audit" };
|
|
26
|
+
}
|
|
27
|
+
case "agent": {
|
|
28
|
+
// AUTH_AGENT_CANNOT_MINT_OWNER_001: any non-agent role is a privilege escalation signal
|
|
29
|
+
const hasNonAgentRole = roles.some(r => r !== "agent");
|
|
30
|
+
if (hasNonAgentRole) {
|
|
31
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: agent principal carries non-agent roles — possible privilege escalation"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
32
|
+
}
|
|
33
|
+
if (!roles.includes("agent")) {
|
|
34
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: agent principal has no agent role"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
35
|
+
}
|
|
36
|
+
const grantId = grantIds[0];
|
|
37
|
+
if (grantId === undefined) {
|
|
38
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: agent principal has no grantIds"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
39
|
+
}
|
|
40
|
+
return {
|
|
41
|
+
kind: "agent",
|
|
42
|
+
agentId: principal.principalId,
|
|
43
|
+
grantId,
|
|
44
|
+
purpose: "obligation_review",
|
|
45
|
+
notAfter: expiresAt,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
case "user": {
|
|
49
|
+
if (authorizedPersonId !== undefined && authorizedPersonId !== targetPersonId) {
|
|
50
|
+
throw Object.assign(new Error("AUTH_TENANT_BOUNDARY_VIOLATED_001: credential's authorizedPersonId does not match targetPersonId"), { code: "AUTH_TENANT_BOUNDARY_VIOLATED_001" });
|
|
51
|
+
}
|
|
52
|
+
if (!roles.includes("owner")) {
|
|
53
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: user principal has no owner role"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
54
|
+
}
|
|
55
|
+
return { kind: "owner", personId: targetPersonId };
|
|
56
|
+
}
|
|
57
|
+
default: {
|
|
58
|
+
const _exhaustive = principalType;
|
|
59
|
+
throw Object.assign(new Error("AUTH_NO_VALID_DECISION_001: unsupported principalType"), { code: "AUTH_NO_VALID_DECISION_001" });
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
//# sourceMappingURL=default-authorization-policy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default-authorization-policy.js","sourceRoot":"","sources":["../../src/auth/default-authorization-policy.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,sDAAsD;AACtD,qFAAqF;AACrF,2FAA2F;AAC3F,sCAAsC;AAUtC,iEAAiE;AACjE,MAAM,OAAO,0BAA0B;IACR;IAA7B,YAA6B,MAAa;QAAb,WAAM,GAAN,MAAM,CAAO;IAAG,CAAC;IAE9C,KAAK,CAAC,OAAO,CACX,SAAiC,EACjC,cAAsB;QAEtB,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,SAAS,CAAC;QAEpF,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9B,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,kEAAkE,CAAC,EAC7E,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;YACnD,CAAC;YAED,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7B,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,+DAA+D,CAAC,EAC1E,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YAC3B,CAAC;YAED,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,wFAAwF;gBACxF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;gBACvD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,qGAAqG,CACtG,EACD,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7B,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,+DAA+D,CAAC,EAC1E,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,6DAA6D,CAAC,EACxE,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,OAAO;oBACL,IAAI,EAAM,OAAO;oBACjB,OAAO,EAAG,SAAS,CAAC,WAAW;oBAC/B,OAAO;oBACP,OAAO,EAAG,mBAAiC;oBAC3C,QAAQ,EAAE,SAAS;iBACpB,CAAC;YACJ,CAAC;YAED,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,IAAI,kBAAkB,KAAK,SAAS,IAAI,kBAAkB,KAAK,cAAc,EAAE,CAAC;oBAC9E,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,kGAAkG,CACnG,EACD,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAC9C,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7B,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,8DAA8D,CAAC,EACzE,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;YACrD,CAAC;YAED,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,WAAW,GAAU,aAAa,CAAC;gBACzC,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,uDAAuD,CAAC,EAClE,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { AuthAdapter, VerifiedPrincipal } from "./types.js";
|
|
2
|
+
/** @remarks TEST-ONLY — pre-configured stub; performs no real credential verification. */
|
|
3
|
+
export declare class FakeAuthAdapter implements AuthAdapter {
|
|
4
|
+
private readonly _principal;
|
|
5
|
+
constructor(_principal: VerifiedPrincipal);
|
|
6
|
+
verify(_credential: string): Promise<VerifiedPrincipal>;
|
|
7
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
// TEST-ONLY — FakeAuthAdapter.
|
|
2
|
+
//
|
|
3
|
+
// AUTH_TEST_ISSUER_NOT_PRODUCTION_001: this class does NOT perform real credential
|
|
4
|
+
// verification. It accepts a pre-configured VerifiedPrincipal and returns it on
|
|
5
|
+
// every verify() call regardless of the credential string provided.
|
|
6
|
+
//
|
|
7
|
+
// Constraints:
|
|
8
|
+
// - Do NOT export from src/index.ts.
|
|
9
|
+
// - Do NOT use in production deployments.
|
|
10
|
+
// - Do NOT parse JWTs, read environment secrets, or call external services.
|
|
11
|
+
// - Do NOT create a false impression of production-grade authentication.
|
|
12
|
+
//
|
|
13
|
+
// Usage: inject into tests that verify the auth boundary interface contracts,
|
|
14
|
+
// not the credential verification logic.
|
|
15
|
+
/** @remarks TEST-ONLY — pre-configured stub; performs no real credential verification. */
|
|
16
|
+
export class FakeAuthAdapter {
|
|
17
|
+
_principal;
|
|
18
|
+
constructor(_principal) {
|
|
19
|
+
this._principal = _principal;
|
|
20
|
+
}
|
|
21
|
+
// The credential string is accepted but never inspected or parsed.
|
|
22
|
+
// No JWT library. No secret reading. No IdP call. No environment variable access.
|
|
23
|
+
async verify(_credential) {
|
|
24
|
+
return this._principal;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=fake-auth-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fake-auth-adapter.js","sourceRoot":"","sources":["../../src/auth/fake-auth-adapter.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,EAAE;AACF,mFAAmF;AACnF,kFAAkF;AAClF,sEAAsE;AACtE,EAAE;AACF,eAAe;AACf,uCAAuC;AACvC,4CAA4C;AAC5C,8EAA8E;AAC9E,2EAA2E;AAC3E,EAAE;AACF,8EAA8E;AAC9E,2CAA2C;AAI3C,0FAA0F;AAC1F,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,UAA6B;QAA7B,eAAU,GAAV,UAAU,CAAmB;IAAG,CAAC;IAE9D,mEAAmE;IACnE,kFAAkF;IAClF,KAAK,CAAC,MAAM,CAAC,WAAmB;QAC9B,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal HTTP client interface for JWKS endpoint fetch.
|
|
3
|
+
* Implementations must enforce timeoutMs and maxBytes.
|
|
4
|
+
* Must throw on HTTP error, timeout, or size limit exceeded.
|
|
5
|
+
* Never called with HTTP (only HTTPS) URLs — enforced at JwksKeyRingAuthAdapter construction.
|
|
6
|
+
*/
|
|
7
|
+
export interface HttpClient {
|
|
8
|
+
getText(url: string, options: {
|
|
9
|
+
timeoutMs: number;
|
|
10
|
+
maxBytes: number;
|
|
11
|
+
}): Promise<string>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
// src/auth/http-client.ts
|
|
2
|
+
// INTERNAL — not exported from src/index.ts.
|
|
3
|
+
// Injectable HTTP client interface used by JwksKeyRing.
|
|
4
|
+
// The library does not bundle a default implementation — host supplies one.
|
|
5
|
+
// See docs/specs/post-mvp-external-idp-oidc-spec.md §6.1
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=http-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../src/auth/http-client.ts"],"names":[],"mappings":"AAAA,0BAA0B;AAC1B,6CAA6C;AAC7C,wDAAwD;AACxD,4EAA4E;AAC5E,yDAAyD"}
|