settld 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Dockerfile +45 -0
- package/README.md +150 -0
- package/SETTLD_VERSION +1 -0
- package/bin/settld.js +212 -0
- package/conformance/README.md +14 -0
- package/conformance/kernel-v0/README.md +60 -0
- package/conformance/kernel-v0/cases.json +19 -0
- package/conformance/kernel-v0/run.mjs +830 -0
- package/conformance/v1/README.md +77 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/evidence/evidence_index.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/settld.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/payload/invoice_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/settld.json +1 -0
- package/conformance/v1/bundles/closepack/nonstrict-pass-missing-sla-acceptance/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/acceptance/acceptance_criteria.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/acceptance/acceptance_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/evidence/evidence_index.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/payload/invoice_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/sla/sla_definition.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/sla/sla_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-embedded-invoice-fails/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/acceptance/acceptance_criteria.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/acceptance/acceptance_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/evidence/evidence_index.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/payload/invoice_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/sla/sla_definition.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/sla/sla_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-fail-evidence-index-mismatch/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/acceptance/acceptance_criteria.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/acceptance/acceptance_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/evidence/evidence_index.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/payload/invoice_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/settld.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/sla/sla_definition.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/sla/sla_evaluation.json +1 -0
- package/conformance/v1/bundles/closepack/strict-pass/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/finance/GLBatch.v1.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/finance/JournalCsv.v1.csv +2 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/finance/JournalCsv.v1.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/finance/reconcile.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/verify/report.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/month/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/settld.json +1 -0
- package/conformance/v1/bundles/financepack/pass-with-tool-version-unknown-warning/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/finance/GLBatch.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/finance/JournalCsv.v1.csv +2 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/finance/JournalCsv.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/finance/reconcile.json +2 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/verify/report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/month/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/settld.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-manifest-tamper/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/finance/GLBatch.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/finance/JournalCsv.v1.csv +2 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/finance/JournalCsv.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/finance/reconcile.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/verify/report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/month/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-fail-missing-verification-report/settld.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/finance/GLBatch.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/finance/JournalCsv.v1.csv +2 -0
- package/conformance/v1/bundles/financepack/strict-pass/finance/JournalCsv.v1.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/finance/reconcile.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/policy.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/revocations.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/manifest.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/verify/report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/month/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/settld.json +1 -0
- package/conformance/v1/bundles/financepack/strict-pass/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-missing-verification-report/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/nonstrict-pass-unsigned-pricing-matrix-warning/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-evidence-sha-mismatch/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invalid-pricing-matrix-signature/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-invoice-total-mismatch/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-pricing-matrix-signature/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-missing-verification-report/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-fail-pricing-code-unknown/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/invoice/invoice_claim.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/metering/metering_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/policy.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/revocations.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/job/snapshot.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/manifest.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/verify/report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/payload/job_proof_bundle/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/pricing/pricing_matrix.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/pricing/pricing_matrix_signatures.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/settld.json +1 -0
- package/conformance/v1/bundles/invoicebundle/strict-pass/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/policy.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/revocations.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/job/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/manifest.json +1 -0
- package/conformance/v1/bundles/jobproof/nonstrict-pass-missing-verification-report/verify/report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/policy.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/revocations.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/job/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/manifest.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/verify/report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-manifest-tamper/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/policy.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/revocations.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/job/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/manifest.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/verify/report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-fail-unauthorized-signer/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/policy.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/revocations.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/jobproof/strict-pass/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/job/snapshot.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/manifest.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/verify/report.json +1 -0
- package/conformance/v1/bundles/jobproof/strict-pass/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/policy.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/revocations.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/manifest.json +1 -0
- package/conformance/v1/bundles/monthproof/nonstrict-pass-missing-verification-report/verify/report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/events/events.jsonl +2 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/policy.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/revocations.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/manifest.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/verify/report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-manifest-tamper/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/policy.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/revocations.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/manifest.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/verify/report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-fail-unauthorized-signer/verify/verification_report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/attestation/bundle_head_attestation.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/global/events/events.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/global/events/payload_material.jsonl +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/global/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/policy.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/revocations.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/tenant/events/events.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/tenant/events/payload_material.jsonl +0 -0
- package/conformance/v1/bundles/monthproof/strict-pass/governance/tenant/snapshot.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/keys/public_keys.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/manifest.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/verify/report.json +1 -0
- package/conformance/v1/bundles/monthproof/strict-pass/verify/verification_report.json +1 -0
- package/conformance/v1/cases.json +381 -0
- package/conformance/v1/expected/closepack_nonstrict_pass_missing_sla_acceptance.json +9 -0
- package/conformance/v1/expected/closepack_strict_fail_embedded_invoice_fails.json +9 -0
- package/conformance/v1/expected/closepack_strict_fail_evidence_index_mismatch.json +9 -0
- package/conformance/v1/expected/closepack_strict_pass.json +9 -0
- package/conformance/v1/expected/financepack_strict_fail_missing_verification_report.json +9 -0
- package/conformance/v1/expected/financepack_strict_fail_on_warnings_tool_version_unknown.json +9 -0
- package/conformance/v1/expected/financepack_strict_fail_trust_roots_missing.json +9 -0
- package/conformance/v1/expected/financepack_strict_fail_trust_roots_wrong.json +9 -0
- package/conformance/v1/expected/financepack_strict_pass.json +9 -0
- package/conformance/v1/expected/invoicebundle_nonstrict_pass_missing_verification_report.json +9 -0
- package/conformance/v1/expected/invoicebundle_nonstrict_pass_unsigned_pricing_matrix_warning.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_evidence_sha_mismatch.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_invalid_pricing_matrix_signature.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_invoice_total_mismatch.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_missing_pricing_matrix_signature.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_missing_verification_report.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_fail_pricing_code_unknown.json +9 -0
- package/conformance/v1/expected/invoicebundle_strict_pass.json +9 -0
- package/conformance/v1/expected/jobproof_nonstrict_pass_missing_verification_report.json +9 -0
- package/conformance/v1/expected/jobproof_strict_fail_manifest_tamper.json +9 -0
- package/conformance/v1/expected/jobproof_strict_fail_unauthorized_signer.json +9 -0
- package/conformance/v1/expected/jobproof_strict_pass.json +9 -0
- package/conformance/v1/expected/monthproof_nonstrict_pass_missing_verification_report.json +9 -0
- package/conformance/v1/expected/monthproof_strict_fail_manifest_tamper.json +9 -0
- package/conformance/v1/expected/monthproof_strict_fail_unauthorized_signer.json +9 -0
- package/conformance/v1/expected/monthproof_strict_pass.json +9 -0
- package/conformance/v1/expected/security_bundle_symlink_outside.json +9 -0
- package/conformance/v1/expected/security_manifest_case_collision.json +8 -0
- package/conformance/v1/expected/security_manifest_duplicate_paths.json +9 -0
- package/conformance/v1/expected/security_manifest_path_traversal.json +9 -0
- package/conformance/v1/lib/harness.mjs +78 -0
- package/conformance/v1/lib/mutations.mjs +61 -0
- package/conformance/v1/produce-cases.json +75 -0
- package/conformance/v1/producer/bad-plugin-invalid-provider.mjs +4 -0
- package/conformance/v1/producer/bad-plugin-no-export.mjs +3 -0
- package/conformance/v1/producer/fixture_keypairs.json +18 -0
- package/conformance/v1/producer/inmemory-signer-plugin.mjs +47 -0
- package/conformance/v1/producer/signer-stdio-bad-json.mjs +54 -0
- package/conformance/v1/producer/signer-stdio-partial-stdout-exit1.mjs +51 -0
- package/conformance/v1/producer/signer-stdio-stderr-only-exit1.mjs +46 -0
- package/conformance/v1/producer/signer-stdio-stub.mjs +134 -0
- package/conformance/v1/protocol-vectors/v1.json +81 -0
- package/conformance/v1/release-cases.json +111 -0
- package/conformance/v1/release-trust-quorum.json +15 -0
- package/conformance/v1/release-trust-revoked.json +16 -0
- package/conformance/v1/release-trust.json +15 -0
- package/conformance/v1/releases/release_fail_asset_hash_mismatch/a.tgz +1 -0
- package/conformance/v1/releases/release_fail_asset_hash_mismatch/b.tar.gz +1 -0
- package/conformance/v1/releases/release_fail_asset_hash_mismatch/release_index_v1.json +1 -0
- package/conformance/v1/releases/release_fail_asset_hash_mismatch/release_index_v1.sig +1 -0
- package/conformance/v1/releases/release_fail_missing_asset/a.tgz +1 -0
- package/conformance/v1/releases/release_fail_missing_asset/release_index_v1.json +1 -0
- package/conformance/v1/releases/release_fail_missing_asset/release_index_v1.sig +1 -0
- package/conformance/v1/releases/release_fail_signature_invalid/a.tgz +1 -0
- package/conformance/v1/releases/release_fail_signature_invalid/b.tar.gz +1 -0
- package/conformance/v1/releases/release_fail_signature_invalid/release_index_v1.json +1 -0
- package/conformance/v1/releases/release_fail_signature_invalid/release_index_v1.sig +1 -0
- package/conformance/v1/releases/release_pass/a.tgz +1 -0
- package/conformance/v1/releases/release_pass/b.tar.gz +1 -0
- package/conformance/v1/releases/release_pass/release_index_v1.json +1 -0
- package/conformance/v1/releases/release_pass/release_index_v1.sig +1 -0
- package/conformance/v1/run-produce.mjs +507 -0
- package/conformance/v1/run-release.mjs +129 -0
- package/conformance/v1/run.mjs +229 -0
- package/conformance/v1/trust.json +11 -0
- package/docker-compose.yml +154 -0
- package/package.json +98 -0
- package/packages/artifact-verify/src/bundle-path.js +60 -0
- package/packages/artifact-verify/src/canonical-json.js +48 -0
- package/packages/artifact-verify/src/close-pack-bundle.js +914 -0
- package/packages/artifact-verify/src/crypto.js +18 -0
- package/packages/artifact-verify/src/finance-pack-bundle.js +750 -0
- package/packages/artifact-verify/src/governance-policy.js +312 -0
- package/packages/artifact-verify/src/hash-file.js +38 -0
- package/packages/artifact-verify/src/index.js +100 -0
- package/packages/artifact-verify/src/invoice-bundle.js +865 -0
- package/packages/artifact-verify/src/job-proof-bundle.js +1996 -0
- package/packages/artifact-verify/src/map-with-concurrency.js +32 -0
- package/packages/artifact-verify/src/reconcile.js +135 -0
- package/packages/artifact-verify/src/release/release-index-lib.js +190 -0
- package/packages/artifact-verify/src/release/verify-release.js +187 -0
- package/packages/artifact-verify/src/revocation-list.js +119 -0
- package/packages/artifact-verify/src/safe-unzip.js +335 -0
- package/packages/artifact-verify/src/settlement-decision-report.js +61 -0
- package/packages/artifact-verify/src/timestamp-proof.js +49 -0
- package/packages/artifact-verify/src/tool-provenance.js +49 -0
- package/packages/artifact-verify/src/trust.js +54 -0
- package/packages/artifact-verify/src/verification-warnings.js +34 -0
- package/scripts/closepack/export.mjs +101 -0
- package/scripts/closepack/lib.mjs +1068 -0
- package/scripts/closepack/verify.mjs +65 -0
- package/scripts/init/capability.mjs +556 -0
- package/scripts/init/postinstall-sanity.mjs +18 -0
- package/services/finance-sink/README.md +37 -0
- package/services/finance-sink/package.json +6 -0
- package/services/finance-sink/src/ack-worker.js +152 -0
- package/services/finance-sink/src/config.js +176 -0
- package/services/finance-sink/src/dedupe-store.js +232 -0
- package/services/finance-sink/src/s3-store.js +139 -0
- package/services/finance-sink/src/server.js +391 -0
- package/services/receiver/README.md +49 -0
- package/services/receiver/package.json +6 -0
- package/services/receiver/src/ack-worker.js +166 -0
- package/services/receiver/src/config.js +178 -0
- package/services/receiver/src/dedupe-store.js +232 -0
- package/services/receiver/src/s3-store.js +111 -0
- package/services/receiver/src/server.js +304 -0
- package/src/agent/agent-sim.js +167 -0
- package/src/api/app.js +31794 -0
- package/src/api/http.js +124 -0
- package/src/api/maintenance.js +174 -0
- package/src/api/middleware/auth.js +105 -0
- package/src/api/middleware/authz.js +19 -0
- package/src/api/openapi.js +5684 -0
- package/src/api/outbox.js +93 -0
- package/src/api/persistence.js +628 -0
- package/src/api/server.js +100 -0
- package/src/api/store.js +2088 -0
- package/src/api/workers/artifacts.js +574 -0
- package/src/api/workers/deliveries.js +628 -0
- package/src/api/workers/proof.js +374 -0
- package/src/core/acceptance-criteria.js +78 -0
- package/src/core/access.js +130 -0
- package/src/core/agent-reputation.js +311 -0
- package/src/core/agent-runs.js +253 -0
- package/src/core/agent-wallets.js +883 -0
- package/src/core/allocations.js +160 -0
- package/src/core/artifact-verification-status.js +216 -0
- package/src/core/artifacts.js +938 -0
- package/src/core/assist.js +106 -0
- package/src/core/audit-export.js +68 -0
- package/src/core/auth.js +189 -0
- package/src/core/billing-plans.js +187 -0
- package/src/core/booking.js +268 -0
- package/src/core/cancellation.js +34 -0
- package/src/core/canonical-json.js +104 -0
- package/src/core/claims.js +152 -0
- package/src/core/close-pack-bundle.js +527 -0
- package/src/core/config.js +272 -0
- package/src/core/contract-compiler.js +68 -0
- package/src/core/contract-document.js +226 -0
- package/src/core/contract-selection.js +152 -0
- package/src/core/contracts.js +439 -0
- package/src/core/crypto.js +30 -0
- package/src/core/deterministic-zip.js +169 -0
- package/src/core/dispatch-events.js +113 -0
- package/src/core/dispatch.js +26 -0
- package/src/core/dispute-open-envelope.js +163 -0
- package/src/core/escrow-ledger.js +329 -0
- package/src/core/event-chain.js +114 -0
- package/src/core/event-policy.js +120 -0
- package/src/core/evidence-linker.js +93 -0
- package/src/core/evidence-store.js +286 -0
- package/src/core/evidence.js +119 -0
- package/src/core/failpoints.js +30 -0
- package/src/core/finance-account-map.js +59 -0
- package/src/core/finance-pack-bundle.js +554 -0
- package/src/core/funding-hold.js +185 -0
- package/src/core/gl-batch.js +107 -0
- package/src/core/governance-policy.js +174 -0
- package/src/core/governance.js +92 -0
- package/src/core/hold-exposure.js +74 -0
- package/src/core/idempotency.js +51 -0
- package/src/core/ids.js +21 -0
- package/src/core/incidents.js +75 -0
- package/src/core/insurer-reimbursements.js +58 -0
- package/src/core/interaction-directions.js +170 -0
- package/src/core/invoice-bundle.js +564 -0
- package/src/core/job-reducer.js +702 -0
- package/src/core/job-state-machine.js +266 -0
- package/src/core/journal-csv.js +94 -0
- package/src/core/ledger-postings-finance.js +31 -0
- package/src/core/ledger-postings.js +476 -0
- package/src/core/ledger.js +59 -0
- package/src/core/liveness.js +154 -0
- package/src/core/log.js +156 -0
- package/src/core/maintenance-locks.js +3 -0
- package/src/core/marketplace-kernel.js +243 -0
- package/src/core/metrics.js +133 -0
- package/src/core/money-rail-adapters.js +735 -0
- package/src/core/month-close-hold-policy.js +19 -0
- package/src/core/month-close.js +159 -0
- package/src/core/operator-cost.js +79 -0
- package/src/core/operator-coverage.js +46 -0
- package/src/core/operator-reducer.js +73 -0
- package/src/core/operators.js +52 -0
- package/src/core/ops-audit.js +45 -0
- package/src/core/party-statements.js +145 -0
- package/src/core/pilot-templates.js +26 -0
- package/src/core/policy.js +76 -0
- package/src/core/pricing.js +71 -0
- package/src/core/proof-bundle.js +1153 -0
- package/src/core/proof-events.js +88 -0
- package/src/core/proof-verifier.js +261 -0
- package/src/core/proof.js +46 -0
- package/src/core/protocol.js +105 -0
- package/src/core/quotas.js +32 -0
- package/src/core/reputation-event.js +203 -0
- package/src/core/rescheduling.js +51 -0
- package/src/core/retention.js +32 -0
- package/src/core/revocation-list.js +70 -0
- package/src/core/risk.js +383 -0
- package/src/core/robot-health.js +111 -0
- package/src/core/robot-reducer.js +198 -0
- package/src/core/robots.js +152 -0
- package/src/core/s3-presign.js +111 -0
- package/src/core/secrets.js +128 -0
- package/src/core/settlement-adjustment.js +151 -0
- package/src/core/settlement-kernel.js +405 -0
- package/src/core/settlement-policy.js +206 -0
- package/src/core/settlement-splits.js +46 -0
- package/src/core/signer-keys.js +33 -0
- package/src/core/skills.js +86 -0
- package/src/core/sla-events.js +229 -0
- package/src/core/sla-metering.js +169 -0
- package/src/core/sla-policy-templates.js +340 -0
- package/src/core/sla.js +29 -0
- package/src/core/statements.js +426 -0
- package/src/core/tenancy.js +55 -0
- package/src/core/timestamp-proof.js +36 -0
- package/src/core/tool-manifest.js +116 -0
- package/src/core/tool-provenance.js +36 -0
- package/src/core/url-safety.js +263 -0
- package/src/core/verification-warnings.js +53 -0
- package/src/core/zone-coverage.js +59 -0
- package/src/core/zones.js +8 -0
- package/src/core/zoneset.js +67 -0
- package/src/db/migrate.js +61 -0
- package/src/db/migrations/001_init.sql +92 -0
- package/src/db/migrations/002_robot_reservations.sql +23 -0
- package/src/db/migrations/003_idempotency_v2.sql +32 -0
- package/src/db/migrations/004_notifications.sql +12 -0
- package/src/db/migrations/005_multi_tenant.sql +106 -0
- package/src/db/migrations/006_contracts.sql +27 -0
- package/src/db/migrations/007_artifacts_deliveries_correlations.sql +53 -0
- package/src/db/migrations/008_delivery_ingest_hardening.sql +52 -0
- package/src/db/migrations/009_auth_keys.sql +21 -0
- package/src/db/migrations/010_signer_keys.sql +25 -0
- package/src/db/migrations/011_ops_audit.sql +33 -0
- package/src/db/migrations/012_retention.sql +16 -0
- package/src/db/migrations/013_perf_indexes.sql +18 -0
- package/src/db/migrations/014_contracts_v2.sql +68 -0
- package/src/db/migrations/015_parties.sql +16 -0
- package/src/db/migrations/016_ledger_allocations.sql +18 -0
- package/src/db/migrations/017_party_statements.sql +31 -0
- package/src/db/migrations/018_finance_account_map.sql +12 -0
- package/src/db/migrations/019_ledger_allocations_account_id.sql +7 -0
- package/src/db/migrations/020_artifacts_source_event_unique.sql +10 -0
- package/src/db/migrations/021_artifacts_by_job_created_at_id.sql +6 -0
- package/src/db/migrations/022_governance_uniqueness.sql +28 -0
- package/src/db/migrations/023_marketplace_tasks.sql +45 -0
- package/src/db/migrations/024_agent_runtime_state.sql +70 -0
- package/src/db/migrations/025_tenant_settlement_policies.sql +19 -0
- package/src/db/migrations/026_money_rails_billable_events.sql +82 -0
- package/src/db/migrations/027_tenant_billing_config.sql +10 -0
- package/src/db/migrations/028_marketplace_rfq_storage.sql +121 -0
- package/src/db/pg.js +123 -0
- package/src/db/store-pg.js +6465 -0
|
@@ -0,0 +1,312 @@
|
|
|
1
|
+
import { canonicalJsonStringify } from "./canonical-json.js";
|
|
2
|
+
import { sha256HexUtf8, verifyHashHexEd25519 } from "./crypto.js";
|
|
3
|
+
|
|
4
|
+
function assertNonEmptyString(value, name) {
|
|
5
|
+
if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
function assertPlainObject(value, name) {
|
|
9
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) throw new TypeError(`${name} must be an object`);
|
|
10
|
+
if (Object.getPrototypeOf(value) !== Object.prototype && Object.getPrototypeOf(value) !== null) throw new TypeError(`${name} must be a plain object`);
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
export const GOVERNANCE_POLICY_SCHEMA_V1 = "GovernancePolicy.v1";
|
|
14
|
+
export const GOVERNANCE_POLICY_SCHEMA_V2 = "GovernancePolicy.v2";
|
|
15
|
+
|
|
16
|
+
export const SIGNATURE_ALGORITHM = Object.freeze({
|
|
17
|
+
ED25519: "ed25519"
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
export const SIGNER_SCOPE = Object.freeze({
|
|
21
|
+
GLOBAL: "global",
|
|
22
|
+
TENANT: "tenant"
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
function normalizeScope(value) {
|
|
26
|
+
const s = typeof value === "string" ? value.trim().toLowerCase() : "";
|
|
27
|
+
if (s === SIGNER_SCOPE.GLOBAL) return SIGNER_SCOPE.GLOBAL;
|
|
28
|
+
if (s === SIGNER_SCOPE.TENANT) return SIGNER_SCOPE.TENANT;
|
|
29
|
+
return null;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
function normalizePurpose(value) {
|
|
33
|
+
const p = typeof value === "string" ? value.trim().toLowerCase() : "";
|
|
34
|
+
return p || null;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
function parseAllowedKeyIds(value, name) {
|
|
38
|
+
if (value === null) return null;
|
|
39
|
+
if (!Array.isArray(value)) throw new TypeError(`${name} must be an array or null`);
|
|
40
|
+
const out = [];
|
|
41
|
+
const seen = new Set();
|
|
42
|
+
for (const v of value) {
|
|
43
|
+
if (typeof v !== "string" || !v.trim()) continue;
|
|
44
|
+
const kid = v.trim();
|
|
45
|
+
if (seen.has(kid)) continue;
|
|
46
|
+
seen.add(kid);
|
|
47
|
+
out.push(kid);
|
|
48
|
+
}
|
|
49
|
+
out.sort();
|
|
50
|
+
return out;
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
function parseAllowedKeyIdsRequired(value, name) {
|
|
54
|
+
if (!Array.isArray(value)) throw new TypeError(`${name} must be an array`);
|
|
55
|
+
const out = [];
|
|
56
|
+
const seen = new Set();
|
|
57
|
+
for (const v of value) {
|
|
58
|
+
if (typeof v !== "string" || !v.trim()) continue;
|
|
59
|
+
const kid = v.trim();
|
|
60
|
+
if (seen.has(kid)) continue;
|
|
61
|
+
seen.add(kid);
|
|
62
|
+
out.push(kid);
|
|
63
|
+
}
|
|
64
|
+
out.sort();
|
|
65
|
+
return out;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
function parseScopes(value, name) {
|
|
69
|
+
if (!Array.isArray(value) || value.length === 0) throw new TypeError(`${name} must be a non-empty array`);
|
|
70
|
+
const out = [];
|
|
71
|
+
const seen = new Set();
|
|
72
|
+
for (const v of value) {
|
|
73
|
+
const s = normalizeScope(v);
|
|
74
|
+
if (!s) throw new TypeError(`${name} contains invalid scope`);
|
|
75
|
+
if (seen.has(s)) continue;
|
|
76
|
+
seen.add(s);
|
|
77
|
+
out.push(s);
|
|
78
|
+
}
|
|
79
|
+
return out;
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
function parseSignerRule(rule, name) {
|
|
83
|
+
assertPlainObject(rule, name);
|
|
84
|
+
assertNonEmptyString(rule.subjectType, `${name}.subjectType`);
|
|
85
|
+
const allowedScopes = parseScopes(rule.allowedScopes, `${name}.allowedScopes`);
|
|
86
|
+
const allowedKeyIds = parseAllowedKeyIds(rule.allowedKeyIds, `${name}.allowedKeyIds`);
|
|
87
|
+
if (typeof rule.requireGoverned !== "boolean") throw new TypeError(`${name}.requireGoverned must be a boolean`);
|
|
88
|
+
const requiredPurpose = normalizePurpose(rule.requiredPurpose);
|
|
89
|
+
if (requiredPurpose !== "server") throw new TypeError(`${name}.requiredPurpose must be 'server'`);
|
|
90
|
+
return {
|
|
91
|
+
subjectType: String(rule.subjectType),
|
|
92
|
+
allowedScopes,
|
|
93
|
+
allowedKeyIds,
|
|
94
|
+
requireGoverned: rule.requireGoverned,
|
|
95
|
+
requiredPurpose
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
function parseSignerRuleV2(rule, name) {
|
|
100
|
+
assertPlainObject(rule, name);
|
|
101
|
+
assertNonEmptyString(rule.subjectType, `${name}.subjectType`);
|
|
102
|
+
const allowedScopes = parseScopes(rule.allowedScopes, `${name}.allowedScopes`);
|
|
103
|
+
const allowedKeyIds = parseAllowedKeyIdsRequired(rule.allowedKeyIds, `${name}.allowedKeyIds`);
|
|
104
|
+
if (typeof rule.requireGoverned !== "boolean") throw new TypeError(`${name}.requireGoverned must be a boolean`);
|
|
105
|
+
const requiredPurpose = normalizePurpose(rule.requiredPurpose);
|
|
106
|
+
if (requiredPurpose !== "server") throw new TypeError(`${name}.requiredPurpose must be 'server'`);
|
|
107
|
+
return {
|
|
108
|
+
subjectType: String(rule.subjectType),
|
|
109
|
+
allowedScopes,
|
|
110
|
+
allowedKeyIds,
|
|
111
|
+
requireGoverned: rule.requireGoverned,
|
|
112
|
+
requiredPurpose
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
export function parseGovernancePolicyV1(policyJson) {
|
|
117
|
+
assertPlainObject(policyJson, "governance policy");
|
|
118
|
+
if (policyJson.schemaVersion !== GOVERNANCE_POLICY_SCHEMA_V1) {
|
|
119
|
+
return { ok: false, error: "unsupported governance policy schemaVersion", schemaVersion: policyJson.schemaVersion ?? null };
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
try {
|
|
123
|
+
assertNonEmptyString(policyJson.policyId, "policy.policyId");
|
|
124
|
+
assertNonEmptyString(policyJson.generatedAt, "policy.generatedAt");
|
|
125
|
+
} catch (err) {
|
|
126
|
+
return { ok: false, error: err?.message ?? "invalid governance policy" };
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
if (!Array.isArray(policyJson.algorithms) || policyJson.algorithms.length === 0) {
|
|
130
|
+
return { ok: false, error: "governance policy algorithms must be a non-empty array" };
|
|
131
|
+
}
|
|
132
|
+
const algos = Array.from(new Set(policyJson.algorithms.map((a) => String(a).trim().toLowerCase()).filter(Boolean))).sort();
|
|
133
|
+
if (!algos.includes(SIGNATURE_ALGORITHM.ED25519)) return { ok: false, error: "governance policy does not allow ed25519" };
|
|
134
|
+
|
|
135
|
+
if (!Array.isArray(policyJson.verificationReportSigners)) return { ok: false, error: "governance policy verificationReportSigners must be an array" };
|
|
136
|
+
if (!Array.isArray(policyJson.bundleHeadAttestationSigners)) return { ok: false, error: "governance policy bundleHeadAttestationSigners must be an array" };
|
|
137
|
+
|
|
138
|
+
const verificationReportSigners = [];
|
|
139
|
+
for (let i = 0; i < policyJson.verificationReportSigners.length; i += 1) {
|
|
140
|
+
try {
|
|
141
|
+
verificationReportSigners.push(parseSignerRule(policyJson.verificationReportSigners[i], `verificationReportSigners[${i}]`));
|
|
142
|
+
} catch (err) {
|
|
143
|
+
return { ok: false, error: err?.message ?? "invalid governance policy rule" };
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
const bundleHeadAttestationSigners = [];
|
|
147
|
+
for (let i = 0; i < policyJson.bundleHeadAttestationSigners.length; i += 1) {
|
|
148
|
+
try {
|
|
149
|
+
bundleHeadAttestationSigners.push(parseSignerRule(policyJson.bundleHeadAttestationSigners[i], `bundleHeadAttestationSigners[${i}]`));
|
|
150
|
+
} catch (err) {
|
|
151
|
+
return { ok: false, error: err?.message ?? "invalid governance policy rule" };
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
return {
|
|
156
|
+
ok: true,
|
|
157
|
+
policy: {
|
|
158
|
+
schemaVersion: GOVERNANCE_POLICY_SCHEMA_V1,
|
|
159
|
+
policyId: String(policyJson.policyId),
|
|
160
|
+
generatedAt: String(policyJson.generatedAt),
|
|
161
|
+
algorithms: algos,
|
|
162
|
+
verificationReportSigners,
|
|
163
|
+
bundleHeadAttestationSigners
|
|
164
|
+
}
|
|
165
|
+
};
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
function stripGovernancePolicyV2Sig(policy) {
|
|
169
|
+
const { policyHash: _h, signature: _sig, ...rest } = policy ?? {};
|
|
170
|
+
return rest;
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
export function parseGovernancePolicyV2(policyJson) {
|
|
174
|
+
assertPlainObject(policyJson, "governance policy");
|
|
175
|
+
if (policyJson.schemaVersion !== GOVERNANCE_POLICY_SCHEMA_V2) {
|
|
176
|
+
return { ok: false, error: "unsupported governance policy schemaVersion", schemaVersion: policyJson.schemaVersion ?? null };
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
try {
|
|
180
|
+
assertNonEmptyString(policyJson.policyId, "policy.policyId");
|
|
181
|
+
assertNonEmptyString(policyJson.generatedAt, "policy.generatedAt");
|
|
182
|
+
} catch (err) {
|
|
183
|
+
return { ok: false, error: err?.message ?? "invalid governance policy" };
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
if (!Array.isArray(policyJson.algorithms) || policyJson.algorithms.length === 0) {
|
|
187
|
+
return { ok: false, error: "governance policy algorithms must be a non-empty array" };
|
|
188
|
+
}
|
|
189
|
+
const algos = Array.from(new Set(policyJson.algorithms.map((a) => String(a).trim().toLowerCase()).filter(Boolean))).sort();
|
|
190
|
+
if (!algos.includes(SIGNATURE_ALGORITHM.ED25519)) return { ok: false, error: "governance policy does not allow ed25519" };
|
|
191
|
+
|
|
192
|
+
if (!Array.isArray(policyJson.verificationReportSigners)) return { ok: false, error: "governance policy verificationReportSigners must be an array" };
|
|
193
|
+
if (!Array.isArray(policyJson.bundleHeadAttestationSigners)) return { ok: false, error: "governance policy bundleHeadAttestationSigners must be an array" };
|
|
194
|
+
|
|
195
|
+
const verificationReportSigners = [];
|
|
196
|
+
for (let i = 0; i < policyJson.verificationReportSigners.length; i += 1) {
|
|
197
|
+
try {
|
|
198
|
+
verificationReportSigners.push(parseSignerRuleV2(policyJson.verificationReportSigners[i], `verificationReportSigners[${i}]`));
|
|
199
|
+
} catch (err) {
|
|
200
|
+
return { ok: false, error: err?.message ?? "invalid governance policy rule" };
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
const bundleHeadAttestationSigners = [];
|
|
204
|
+
for (let i = 0; i < policyJson.bundleHeadAttestationSigners.length; i += 1) {
|
|
205
|
+
try {
|
|
206
|
+
bundleHeadAttestationSigners.push(parseSignerRuleV2(policyJson.bundleHeadAttestationSigners[i], `bundleHeadAttestationSigners[${i}]`));
|
|
207
|
+
} catch (err) {
|
|
208
|
+
return { ok: false, error: err?.message ?? "invalid governance policy rule" };
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
const revRef = policyJson.revocationList ?? null;
|
|
213
|
+
if (!revRef || typeof revRef !== "object" || Array.isArray(revRef)) return { ok: false, error: "governance policy revocationList missing" };
|
|
214
|
+
const refPath = typeof revRef.path === "string" && revRef.path.trim() ? revRef.path.trim() : null;
|
|
215
|
+
const refSha = typeof revRef.sha256 === "string" && revRef.sha256.trim() ? revRef.sha256.trim() : null;
|
|
216
|
+
if (!refPath || !refSha || !/^[0-9a-f]{64}$/.test(refSha)) return { ok: false, error: "governance policy revocationList invalid" };
|
|
217
|
+
|
|
218
|
+
const signerKeyId = typeof policyJson.signerKeyId === "string" && policyJson.signerKeyId.trim() ? policyJson.signerKeyId.trim() : null;
|
|
219
|
+
const signedAt = typeof policyJson.signedAt === "string" && policyJson.signedAt.trim() ? policyJson.signedAt.trim() : null;
|
|
220
|
+
const policyHash = typeof policyJson.policyHash === "string" && policyJson.policyHash.trim() ? policyJson.policyHash.trim() : null;
|
|
221
|
+
const signature = typeof policyJson.signature === "string" && policyJson.signature.trim() ? policyJson.signature.trim() : null;
|
|
222
|
+
|
|
223
|
+
return {
|
|
224
|
+
ok: true,
|
|
225
|
+
policy: {
|
|
226
|
+
schemaVersion: GOVERNANCE_POLICY_SCHEMA_V2,
|
|
227
|
+
policyId: String(policyJson.policyId),
|
|
228
|
+
generatedAt: String(policyJson.generatedAt),
|
|
229
|
+
algorithms: algos,
|
|
230
|
+
verificationReportSigners,
|
|
231
|
+
bundleHeadAttestationSigners,
|
|
232
|
+
revocationList: { path: refPath, sha256: refSha },
|
|
233
|
+
signerKeyId,
|
|
234
|
+
signedAt,
|
|
235
|
+
policyHash,
|
|
236
|
+
signature
|
|
237
|
+
}
|
|
238
|
+
};
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
export function verifyGovernancePolicyV2Signature({ policy, trustedGovernanceRootPublicKeyByKeyId } = {}) {
|
|
242
|
+
if (!policy || typeof policy !== "object" || Array.isArray(policy)) return { ok: false, error: "policy must be an object" };
|
|
243
|
+
if (String(policy.schemaVersion ?? "") !== GOVERNANCE_POLICY_SCHEMA_V2) return { ok: false, error: "unsupported governance policy schemaVersion" };
|
|
244
|
+
if (!(trustedGovernanceRootPublicKeyByKeyId instanceof Map)) return { ok: false, error: "trustedGovernanceRootPublicKeyByKeyId must be a Map" };
|
|
245
|
+
const signerKeyId = typeof policy.signerKeyId === "string" && policy.signerKeyId.trim() ? policy.signerKeyId.trim() : null;
|
|
246
|
+
const signature = typeof policy.signature === "string" && policy.signature.trim() ? policy.signature.trim() : null;
|
|
247
|
+
const declaredHash = typeof policy.policyHash === "string" && policy.policyHash.trim() ? policy.policyHash.trim() : null;
|
|
248
|
+
if (!signerKeyId || !signature || !declaredHash) return { ok: false, error: "governance policy missing signature fields" };
|
|
249
|
+
const publicKeyPem = trustedGovernanceRootPublicKeyByKeyId.get(signerKeyId) ?? null;
|
|
250
|
+
if (!publicKeyPem) return { ok: false, error: "governance policy signerKeyId not trusted", signerKeyId };
|
|
251
|
+
|
|
252
|
+
const core = stripGovernancePolicyV2Sig(policy);
|
|
253
|
+
const expectedHash = sha256HexUtf8(canonicalJsonStringify(core));
|
|
254
|
+
if (expectedHash !== declaredHash) return { ok: false, error: "governance policyHash mismatch", expected: expectedHash, actual: declaredHash };
|
|
255
|
+
const okSig = verifyHashHexEd25519({ hashHex: expectedHash, signatureBase64: signature, publicKeyPem });
|
|
256
|
+
if (!okSig) return { ok: false, error: "governance policy signature invalid", signerKeyId };
|
|
257
|
+
return { ok: true, policyHash: expectedHash, signerKeyId };
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
function ruleForSubject(rules, subjectType) {
|
|
261
|
+
for (const r of Array.isArray(rules) ? rules : []) {
|
|
262
|
+
if (!r || typeof r !== "object") continue;
|
|
263
|
+
if (String(r.subjectType) === String(subjectType)) return r;
|
|
264
|
+
}
|
|
265
|
+
return null;
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
export function authorizeServerSignerForPolicy({
|
|
269
|
+
policy,
|
|
270
|
+
documentKind,
|
|
271
|
+
subjectType,
|
|
272
|
+
signerKeyId,
|
|
273
|
+
signerScope,
|
|
274
|
+
keyMeta
|
|
275
|
+
} = {}) {
|
|
276
|
+
if (!policy || typeof policy !== "object") return { ok: false, error: "missing governance policy" };
|
|
277
|
+
assertNonEmptyString(documentKind, "documentKind");
|
|
278
|
+
assertNonEmptyString(subjectType, "subjectType");
|
|
279
|
+
assertNonEmptyString(signerKeyId, "signerKeyId");
|
|
280
|
+
|
|
281
|
+
const scope = normalizeScope(signerScope) ?? SIGNER_SCOPE.GLOBAL;
|
|
282
|
+
|
|
283
|
+
const rules =
|
|
284
|
+
documentKind === "verification_report"
|
|
285
|
+
? policy.verificationReportSigners
|
|
286
|
+
: documentKind === "bundle_head_attestation"
|
|
287
|
+
? policy.bundleHeadAttestationSigners
|
|
288
|
+
: null;
|
|
289
|
+
if (!rules) return { ok: false, error: "unsupported documentKind", documentKind };
|
|
290
|
+
|
|
291
|
+
const rule = ruleForSubject(rules, subjectType);
|
|
292
|
+
if (!rule) return { ok: false, error: "no governance policy rule for subjectType", subjectType, documentKind };
|
|
293
|
+
|
|
294
|
+
if (!rule.allowedScopes.includes(scope)) {
|
|
295
|
+
return { ok: false, error: "signer scope not allowed by policy", subjectType, documentKind, signerScope: scope, allowedScopes: rule.allowedScopes };
|
|
296
|
+
}
|
|
297
|
+
if (Array.isArray(rule.allowedKeyIds)) {
|
|
298
|
+
if (!rule.allowedKeyIds.includes(signerKeyId)) {
|
|
299
|
+
return { ok: false, error: "signer keyId not allowed by policy", subjectType, documentKind, signerKeyId };
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
if (rule.requireGoverned) {
|
|
303
|
+
const governed = Boolean(keyMeta && typeof keyMeta === "object" && keyMeta.serverGoverned === true);
|
|
304
|
+
if (!governed) return { ok: false, error: "signer key is not governed", subjectType, documentKind, signerKeyId };
|
|
305
|
+
}
|
|
306
|
+
const purpose = normalizePurpose(keyMeta?.purpose);
|
|
307
|
+
if (rule.requiredPurpose && purpose !== rule.requiredPurpose) {
|
|
308
|
+
return { ok: false, error: "signer key purpose not allowed by policy", subjectType, documentKind, signerKeyId, purpose };
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
return { ok: true, rule, signerScope: scope };
|
|
312
|
+
}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import fs from "node:fs";
|
|
2
|
+
import crypto from "node:crypto";
|
|
3
|
+
|
|
4
|
+
function abortError() {
|
|
5
|
+
const err = new Error("aborted");
|
|
6
|
+
err.name = "AbortError";
|
|
7
|
+
return err;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
export async function hashFile(filepath, { algo = "sha256", maxBytes = null, signal = null } = {}) {
|
|
11
|
+
if (typeof filepath !== "string" || !filepath.trim()) throw new TypeError("filepath must be a non-empty string");
|
|
12
|
+
if (typeof algo !== "string" || !algo.trim()) throw new TypeError("algo must be a non-empty string");
|
|
13
|
+
if (maxBytes !== null && (!Number.isInteger(maxBytes) || maxBytes < 0)) throw new TypeError("maxBytes must be null or a non-negative integer");
|
|
14
|
+
if (signal !== null && typeof signal !== "object") throw new TypeError("signal must be null or an AbortSignal-like object");
|
|
15
|
+
|
|
16
|
+
if (signal?.aborted) throw abortError();
|
|
17
|
+
|
|
18
|
+
const hash = crypto.createHash(algo);
|
|
19
|
+
let total = 0;
|
|
20
|
+
|
|
21
|
+
const stream = fs.createReadStream(filepath, { signal: signal ?? undefined });
|
|
22
|
+
try {
|
|
23
|
+
for await (const chunk of stream) {
|
|
24
|
+
if (signal?.aborted) throw abortError();
|
|
25
|
+
hash.update(chunk);
|
|
26
|
+
if (maxBytes !== null) {
|
|
27
|
+
total += chunk.length;
|
|
28
|
+
if (total > maxBytes) throw new Error("maxBytes exceeded");
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
} catch (err) {
|
|
32
|
+
stream.destroy();
|
|
33
|
+
throw err;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
return hash.digest("hex");
|
|
37
|
+
}
|
|
38
|
+
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import { canonicalJsonStringify } from "./canonical-json.js";
|
|
2
|
+
import { hmacSha256Hex, sha256HexUtf8 } from "./crypto.js";
|
|
3
|
+
|
|
4
|
+
function assertPlainObject(value, name) {
|
|
5
|
+
if (!value || typeof value !== "object" || Array.isArray(value)) throw new TypeError(`${name} must be an object`);
|
|
6
|
+
if (Object.getPrototypeOf(value) !== Object.prototype && Object.getPrototypeOf(value) !== null) {
|
|
7
|
+
throw new TypeError(`${name} must be a plain object`);
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
function assertNonEmptyString(value, name) {
|
|
12
|
+
if (typeof value !== "string" || value.trim() === "") throw new TypeError(`${name} must be a non-empty string`);
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export const SUPPORTED_ARTIFACT_TYPES = Object.freeze([
|
|
16
|
+
"WorkCertificate.v1",
|
|
17
|
+
"ProofReceipt.v1",
|
|
18
|
+
"IncidentPacket.v1",
|
|
19
|
+
"CreditMemo.v1",
|
|
20
|
+
"SettlementStatement.v1",
|
|
21
|
+
"MonthlyStatement.v1",
|
|
22
|
+
"HeldExposureRollforward.v1",
|
|
23
|
+
"PartyStatement.v1",
|
|
24
|
+
"PayoutInstruction.v1",
|
|
25
|
+
"GLBatch.v1",
|
|
26
|
+
"JournalCsv.v1",
|
|
27
|
+
"FinancePackBundle.v1",
|
|
28
|
+
"CoverageCertificate.v1"
|
|
29
|
+
]);
|
|
30
|
+
|
|
31
|
+
const SUPPORTED_ARTIFACT_TYPE_SET = new Set(SUPPORTED_ARTIFACT_TYPES);
|
|
32
|
+
|
|
33
|
+
export function verifyArtifactVersion(artifact) {
|
|
34
|
+
assertPlainObject(artifact, "artifact");
|
|
35
|
+
const artifactTypeRaw = artifact?.artifactType ?? artifact?.schemaVersion ?? null;
|
|
36
|
+
const artifactType = typeof artifactTypeRaw === "string" ? artifactTypeRaw : null;
|
|
37
|
+
if (!artifactType || !artifactType.trim()) return { ok: false, error: "missing artifactType" };
|
|
38
|
+
if (!SUPPORTED_ARTIFACT_TYPE_SET.has(artifactType)) return { ok: false, error: "unsupported artifactType", artifactType };
|
|
39
|
+
|
|
40
|
+
const schemaVersionRaw = artifact?.schemaVersion ?? null;
|
|
41
|
+
if (schemaVersionRaw === null || schemaVersionRaw === undefined) return { ok: true, artifactType, assumed: "missing schemaVersion" };
|
|
42
|
+
const schemaVersion = typeof schemaVersionRaw === "string" ? schemaVersionRaw : null;
|
|
43
|
+
if (!schemaVersion || !schemaVersion.trim()) return { ok: false, error: "invalid schemaVersion" };
|
|
44
|
+
if (schemaVersion !== artifactType) return { ok: false, error: "schemaVersion mismatch", expected: artifactType, actual: schemaVersion };
|
|
45
|
+
return { ok: true, artifactType };
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
export function computeArtifactHash(artifactJson) {
|
|
49
|
+
assertPlainObject(artifactJson, "artifactJson");
|
|
50
|
+
if (artifactJson.artifactHash !== undefined) throw new TypeError("artifactJson must not include artifactHash when hashing");
|
|
51
|
+
return sha256HexUtf8(canonicalJsonStringify(artifactJson));
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
export function verifyArtifactHash(artifact) {
|
|
55
|
+
assertPlainObject(artifact, "artifact");
|
|
56
|
+
const actual = artifact.artifactHash ?? null;
|
|
57
|
+
if (typeof actual !== "string" || actual.trim() === "") return { ok: false, error: "missing artifactHash" };
|
|
58
|
+
const { artifactHash: _ignored, ...core } = artifact;
|
|
59
|
+
let expected;
|
|
60
|
+
try {
|
|
61
|
+
expected = computeArtifactHash(core);
|
|
62
|
+
} catch (err) {
|
|
63
|
+
return { ok: false, error: err?.message ?? "failed to hash artifact" };
|
|
64
|
+
}
|
|
65
|
+
if (expected !== actual) return { ok: false, error: "artifactHash mismatch", expected, actual };
|
|
66
|
+
return { ok: true, expected, actual };
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
export function verifyWebhookSignature({ secret, timestamp, bodyJson, signatureHex }) {
|
|
70
|
+
assertNonEmptyString(secret, "secret");
|
|
71
|
+
assertNonEmptyString(timestamp, "timestamp");
|
|
72
|
+
assertPlainObject(bodyJson, "bodyJson");
|
|
73
|
+
assertNonEmptyString(signatureHex, "signatureHex");
|
|
74
|
+
|
|
75
|
+
const body = canonicalJsonStringify(bodyJson);
|
|
76
|
+
const data = `${timestamp}.${body}`;
|
|
77
|
+
const expected = hmacSha256Hex({ secret, value: data });
|
|
78
|
+
if (expected !== signatureHex) return { ok: false, error: "bad signature", expected, actual: signatureHex };
|
|
79
|
+
return { ok: true };
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
export function verifySettlementBalances(artifact) {
|
|
83
|
+
assertPlainObject(artifact, "artifact");
|
|
84
|
+
const totals = artifact?.settlement?.totalsByAccountId ?? null;
|
|
85
|
+
if (!totals || typeof totals !== "object" || Array.isArray(totals)) return { ok: true, skipped: "no totalsByAccountId" };
|
|
86
|
+
let sum = 0;
|
|
87
|
+
for (const v of Object.values(totals)) {
|
|
88
|
+
if (!Number.isFinite(v)) return { ok: false, error: "non-numeric posting total" };
|
|
89
|
+
sum += v;
|
|
90
|
+
}
|
|
91
|
+
if (sum !== 0) return { ok: false, error: "postings do not balance", sum };
|
|
92
|
+
return { ok: true };
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
export { reconcileGlBatchAgainstPartyStatements } from "./reconcile.js";
|
|
96
|
+
export { verifyFinancePackBundleDir } from "./finance-pack-bundle.js";
|
|
97
|
+
export { verifyInvoiceBundleDir } from "./invoice-bundle.js";
|
|
98
|
+
export { verifyJobProofBundleDir, verifyMonthProofBundleDir } from "./job-proof-bundle.js";
|
|
99
|
+
export { verifyClosePackBundleDir } from "./close-pack-bundle.js";
|
|
100
|
+
export { computeSettlementDecisionReportHashV1, verifySettlementDecisionReportV1Binding, verifySettlementDecisionReportV1Signature } from "./settlement-decision-report.js";
|