tenzro-wallet 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +128 -0
- package/dist/balance/aggregator.d.ts +16 -0
- package/dist/balance/aggregator.d.ts.map +1 -0
- package/dist/balance/aggregator.js +73 -0
- package/dist/balance/aggregator.js.map +1 -0
- package/dist/balance/index.d.ts +3 -0
- package/dist/balance/index.d.ts.map +1 -0
- package/dist/balance/index.js +2 -0
- package/dist/balance/index.js.map +1 -0
- package/dist/consent/index.d.ts +3 -0
- package/dist/consent/index.d.ts.map +1 -0
- package/dist/consent/index.js +2 -0
- package/dist/consent/index.js.map +1 -0
- package/dist/consent/policy.d.ts +27 -0
- package/dist/consent/policy.d.ts.map +1 -0
- package/dist/consent/policy.js +121 -0
- package/dist/consent/policy.js.map +1 -0
- package/dist/crypto/eip1559.d.ts +53 -0
- package/dist/crypto/eip1559.d.ts.map +1 -0
- package/dist/crypto/eip1559.js +79 -0
- package/dist/crypto/eip1559.js.map +1 -0
- package/dist/crypto/keccak256.d.ts +20 -0
- package/dist/crypto/keccak256.d.ts.map +1 -0
- package/dist/crypto/keccak256.js +167 -0
- package/dist/crypto/keccak256.js.map +1 -0
- package/dist/crypto/rlp.d.ts +30 -0
- package/dist/crypto/rlp.d.ts.map +1 -0
- package/dist/crypto/rlp.js +165 -0
- package/dist/crypto/rlp.js.map +1 -0
- package/dist/crypto/sha256.d.ts +14 -0
- package/dist/crypto/sha256.d.ts.map +1 -0
- package/dist/crypto/sha256.js +33 -0
- package/dist/crypto/sha256.js.map +1 -0
- package/dist/crypto/solana.d.ts +86 -0
- package/dist/crypto/solana.d.ts.map +1 -0
- package/dist/crypto/solana.js +218 -0
- package/dist/crypto/solana.js.map +1 -0
- package/dist/custody/frost/backend.d.ts +59 -0
- package/dist/custody/frost/backend.d.ts.map +1 -0
- package/dist/custody/frost/backend.js +83 -0
- package/dist/custody/frost/backend.js.map +1 -0
- package/dist/custody/frost/coordinator.d.ts +148 -0
- package/dist/custody/frost/coordinator.d.ts.map +1 -0
- package/dist/custody/frost/coordinator.js +58 -0
- package/dist/custody/frost/coordinator.js.map +1 -0
- package/dist/custody/frost/ed25519-driver.d.ts +30 -0
- package/dist/custody/frost/ed25519-driver.d.ts.map +1 -0
- package/dist/custody/frost/ed25519-driver.js +76 -0
- package/dist/custody/frost/ed25519-driver.js.map +1 -0
- package/dist/custody/frost/http-adapter.d.ts +77 -0
- package/dist/custody/frost/http-adapter.d.ts.map +1 -0
- package/dist/custody/frost/http-adapter.js +168 -0
- package/dist/custody/frost/http-adapter.js.map +1 -0
- package/dist/custody/frost/hybrid-driver.d.ts +37 -0
- package/dist/custody/frost/hybrid-driver.d.ts.map +1 -0
- package/dist/custody/frost/hybrid-driver.js +60 -0
- package/dist/custody/frost/hybrid-driver.js.map +1 -0
- package/dist/custody/frost/index.d.ts +12 -0
- package/dist/custody/frost/index.d.ts.map +1 -0
- package/dist/custody/frost/index.js +6 -0
- package/dist/custody/frost/index.js.map +1 -0
- package/dist/custody/frost/secp256k1-driver.d.ts +26 -0
- package/dist/custody/frost/secp256k1-driver.d.ts.map +1 -0
- package/dist/custody/frost/secp256k1-driver.js +78 -0
- package/dist/custody/frost/secp256k1-driver.js.map +1 -0
- package/dist/custody/index.d.ts +9 -0
- package/dist/custody/index.d.ts.map +1 -0
- package/dist/custody/index.js +11 -0
- package/dist/custody/index.js.map +1 -0
- package/dist/custody/internal-mpc.d.ts +14 -0
- package/dist/custody/internal-mpc.d.ts.map +1 -0
- package/dist/custody/internal-mpc.js +40 -0
- package/dist/custody/internal-mpc.js.map +1 -0
- package/dist/custody/mldsa/coordinator.d.ts +63 -0
- package/dist/custody/mldsa/coordinator.d.ts.map +1 -0
- package/dist/custody/mldsa/coordinator.js +44 -0
- package/dist/custody/mldsa/coordinator.js.map +1 -0
- package/dist/custody/mldsa/driver.d.ts +23 -0
- package/dist/custody/mldsa/driver.d.ts.map +1 -0
- package/dist/custody/mldsa/driver.js +43 -0
- package/dist/custody/mldsa/driver.js.map +1 -0
- package/dist/custody/mldsa/http-adapter.d.ts +59 -0
- package/dist/custody/mldsa/http-adapter.d.ts.map +1 -0
- package/dist/custody/mldsa/http-adapter.js +103 -0
- package/dist/custody/mldsa/http-adapter.js.map +1 -0
- package/dist/custody/mldsa/index.d.ts +7 -0
- package/dist/custody/mldsa/index.d.ts.map +1 -0
- package/dist/custody/mldsa/index.js +4 -0
- package/dist/custody/mldsa/index.js.map +1 -0
- package/dist/custody/pairing/http-adapter.d.ts +40 -0
- package/dist/custody/pairing/http-adapter.d.ts.map +1 -0
- package/dist/custody/pairing/http-adapter.js +113 -0
- package/dist/custody/pairing/http-adapter.js.map +1 -0
- package/dist/custody/pairing/index.d.ts +10 -0
- package/dist/custody/pairing/index.d.ts.map +1 -0
- package/dist/custody/pairing/index.js +8 -0
- package/dist/custody/pairing/index.js.map +1 -0
- package/dist/custody/pairing/port.d.ts +121 -0
- package/dist/custody/pairing/port.d.ts.map +1 -0
- package/dist/custody/pairing/port.js +40 -0
- package/dist/custody/pairing/port.js.map +1 -0
- package/dist/custody/passkey-share/http-adapter.d.ts +77 -0
- package/dist/custody/passkey-share/http-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/http-adapter.js +125 -0
- package/dist/custody/passkey-share/http-adapter.js.map +1 -0
- package/dist/custody/passkey-share/index.d.ts +7 -0
- package/dist/custody/passkey-share/index.d.ts.map +1 -0
- package/dist/custody/passkey-share/index.js +4 -0
- package/dist/custody/passkey-share/index.js.map +1 -0
- package/dist/custody/passkey-share/unwrapper.d.ts +174 -0
- package/dist/custody/passkey-share/unwrapper.d.ts.map +1 -0
- package/dist/custody/passkey-share/unwrapper.js +132 -0
- package/dist/custody/passkey-share/unwrapper.js.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts +112 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.js +150 -0
- package/dist/custody/passkey-share/webauthn-adapter.js.map +1 -0
- package/dist/custody/surface-key-id.d.ts +15 -0
- package/dist/custody/surface-key-id.d.ts.map +1 -0
- package/dist/custody/surface-key-id.js +25 -0
- package/dist/custody/surface-key-id.js.map +1 -0
- package/dist/dapp/eip6963.d.ts +64 -0
- package/dist/dapp/eip6963.d.ts.map +1 -0
- package/dist/dapp/eip6963.js +55 -0
- package/dist/dapp/eip6963.js.map +1 -0
- package/dist/dapp/index.d.ts +21 -0
- package/dist/dapp/index.d.ts.map +1 -0
- package/dist/dapp/index.js +24 -0
- package/dist/dapp/index.js.map +1 -0
- package/dist/identity/delegate-set.d.ts +57 -0
- package/dist/identity/delegate-set.d.ts.map +1 -0
- package/dist/identity/delegate-set.js +85 -0
- package/dist/identity/delegate-set.js.map +1 -0
- package/dist/identity/did.d.ts +17 -0
- package/dist/identity/did.d.ts.map +1 -0
- package/dist/identity/did.js +60 -0
- package/dist/identity/did.js.map +1 -0
- package/dist/identity/index.d.ts +14 -0
- package/dist/identity/index.d.ts.map +1 -0
- package/dist/identity/index.js +8 -0
- package/dist/identity/index.js.map +1 -0
- package/dist/identity/provision.d.ts +13 -0
- package/dist/identity/provision.d.ts.map +1 -0
- package/dist/identity/provision.js +151 -0
- package/dist/identity/provision.js.map +1 -0
- package/dist/identity/provisioning-http-adapter.d.ts +81 -0
- package/dist/identity/provisioning-http-adapter.d.ts.map +1 -0
- package/dist/identity/provisioning-http-adapter.js +114 -0
- package/dist/identity/provisioning-http-adapter.js.map +1 -0
- package/dist/identity/recovery-http-adapter.d.ts +83 -0
- package/dist/identity/recovery-http-adapter.d.ts.map +1 -0
- package/dist/identity/recovery-http-adapter.js +139 -0
- package/dist/identity/recovery-http-adapter.js.map +1 -0
- package/dist/identity/wallet-new.d.ts +132 -0
- package/dist/identity/wallet-new.d.ts.map +1 -0
- package/dist/identity/wallet-new.js +94 -0
- package/dist/identity/wallet-new.js.map +1 -0
- package/dist/identity/wallet-recover.d.ts +116 -0
- package/dist/identity/wallet-recover.d.ts.map +1 -0
- package/dist/identity/wallet-recover.js +95 -0
- package/dist/identity/wallet-recover.js.map +1 -0
- package/dist/index.d.ts +12 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/kernel.d.ts +119 -0
- package/dist/kernel.d.ts.map +1 -0
- package/dist/kernel.js +144 -0
- package/dist/kernel.js.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts +44 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js +60 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts +86 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js +100 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js.map +1 -0
- package/dist/ports/agent/acp.d.ts +66 -0
- package/dist/ports/agent/acp.d.ts.map +1 -0
- package/dist/ports/agent/acp.js +27 -0
- package/dist/ports/agent/acp.js.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.js +70 -0
- package/dist/ports/agent/adapters/acp-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js +82 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts +66 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js +75 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts +28 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.js +97 -0
- package/dist/ports/agent/adapters/ap2-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js +37 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts +30 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js +60 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts +54 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js +53 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts +33 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.js +109 -0
- package/dist/ports/agent/adapters/escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js +103 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts +68 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js +131 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.js +103 -0
- package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js +136 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts +62 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js +76 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js +108 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts +23 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js +156 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts +45 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.js +80 -0
- package/dist/ports/agent/adapters/session-key-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js +38 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js.map +1 -0
- package/dist/ports/agent/agent-bond.d.ts +80 -0
- package/dist/ports/agent/agent-bond.d.ts.map +1 -0
- package/dist/ports/agent/agent-bond.js +23 -0
- package/dist/ports/agent/agent-bond.js.map +1 -0
- package/dist/ports/agent/agent-payment.d.ts +72 -0
- package/dist/ports/agent/agent-payment.d.ts.map +1 -0
- package/dist/ports/agent/agent-payment.js +17 -0
- package/dist/ports/agent/agent-payment.js.map +1 -0
- package/dist/ports/agent/ap2.d.ts +104 -0
- package/dist/ports/agent/ap2.d.ts.map +1 -0
- package/dist/ports/agent/ap2.js +22 -0
- package/dist/ports/agent/ap2.js.map +1 -0
- package/dist/ports/agent/auth-approval.d.ts +40 -0
- package/dist/ports/agent/auth-approval.d.ts.map +1 -0
- package/dist/ports/agent/auth-approval.js +23 -0
- package/dist/ports/agent/auth-approval.js.map +1 -0
- package/dist/ports/agent/erc7802.d.ts +94 -0
- package/dist/ports/agent/erc7802.d.ts.map +1 -0
- package/dist/ports/agent/erc7802.js +30 -0
- package/dist/ports/agent/erc7802.js.map +1 -0
- package/dist/ports/agent/erc8004.d.ts +57 -0
- package/dist/ports/agent/erc8004.d.ts.map +1 -0
- package/dist/ports/agent/erc8004.js +20 -0
- package/dist/ports/agent/erc8004.js.map +1 -0
- package/dist/ports/agent/escrow.d.ts +74 -0
- package/dist/ports/agent/escrow.d.ts.map +1 -0
- package/dist/ports/agent/escrow.js +18 -0
- package/dist/ports/agent/escrow.js.map +1 -0
- package/dist/ports/agent/fee-estimator.d.ts +71 -0
- package/dist/ports/agent/fee-estimator.d.ts.map +1 -0
- package/dist/ports/agent/fee-estimator.js +21 -0
- package/dist/ports/agent/fee-estimator.js.map +1 -0
- package/dist/ports/agent/htlc-escrow.d.ts +94 -0
- package/dist/ports/agent/htlc-escrow.d.ts.map +1 -0
- package/dist/ports/agent/htlc-escrow.js +25 -0
- package/dist/ports/agent/htlc-escrow.js.map +1 -0
- package/dist/ports/agent/index.d.ts +58 -0
- package/dist/ports/agent/index.d.ts.map +1 -0
- package/dist/ports/agent/index.js +24 -0
- package/dist/ports/agent/index.js.map +1 -0
- package/dist/ports/agent/insurance.d.ts +65 -0
- package/dist/ports/agent/insurance.d.ts.map +1 -0
- package/dist/ports/agent/insurance.js +18 -0
- package/dist/ports/agent/insurance.js.map +1 -0
- package/dist/ports/agent/lifecycle.d.ts +69 -0
- package/dist/ports/agent/lifecycle.d.ts.map +1 -0
- package/dist/ports/agent/lifecycle.js +17 -0
- package/dist/ports/agent/lifecycle.js.map +1 -0
- package/dist/ports/agent/nanopayment.d.ts +72 -0
- package/dist/ports/agent/nanopayment.d.ts.map +1 -0
- package/dist/ports/agent/nanopayment.js +16 -0
- package/dist/ports/agent/nanopayment.js.map +1 -0
- package/dist/ports/agent/payment-rails.d.ts +140 -0
- package/dist/ports/agent/payment-rails.d.ts.map +1 -0
- package/dist/ports/agent/payment-rails.js +25 -0
- package/dist/ports/agent/payment-rails.js.map +1 -0
- package/dist/ports/agent/principal-chain.d.ts +95 -0
- package/dist/ports/agent/principal-chain.d.ts.map +1 -0
- package/dist/ports/agent/principal-chain.js +16 -0
- package/dist/ports/agent/principal-chain.js.map +1 -0
- package/dist/ports/agent/session-key.d.ts +94 -0
- package/dist/ports/agent/session-key.d.ts.map +1 -0
- package/dist/ports/agent/session-key.js +31 -0
- package/dist/ports/agent/session-key.js.map +1 -0
- package/dist/ports/agent/tee-attestation.d.ts +51 -0
- package/dist/ports/agent/tee-attestation.d.ts.map +1 -0
- package/dist/ports/agent/tee-attestation.js +28 -0
- package/dist/ports/agent/tee-attestation.js.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts +47 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js +144 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js +31 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js +31 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts +27 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js +28 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js +31 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts +48 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js +49 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts +26 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js +27 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js.map +1 -0
- package/dist/ports/bridge/bridge.d.ts +123 -0
- package/dist/ports/bridge/bridge.d.ts.map +1 -0
- package/dist/ports/bridge/bridge.js +20 -0
- package/dist/ports/bridge/bridge.js.map +1 -0
- package/dist/ports/bridge/index.d.ts +13 -0
- package/dist/ports/bridge/index.d.ts.map +1 -0
- package/dist/ports/bridge/index.js +11 -0
- package/dist/ports/bridge/index.js.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts +52 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js +232 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js.map +1 -0
- package/dist/ports/canton/canton-identity.d.ts +60 -0
- package/dist/ports/canton/canton-identity.d.ts.map +1 -0
- package/dist/ports/canton/canton-identity.js +28 -0
- package/dist/ports/canton/canton-identity.js.map +1 -0
- package/dist/ports/canton/canton-validator.d.ts +182 -0
- package/dist/ports/canton/canton-validator.d.ts.map +1 -0
- package/dist/ports/canton/canton-validator.js +39 -0
- package/dist/ports/canton/canton-validator.js.map +1 -0
- package/dist/ports/canton/fingerprint.d.ts +24 -0
- package/dist/ports/canton/fingerprint.d.ts.map +1 -0
- package/dist/ports/canton/fingerprint.js +31 -0
- package/dist/ports/canton/fingerprint.js.map +1 -0
- package/dist/ports/canton/hash.d.ts +37 -0
- package/dist/ports/canton/hash.d.ts.map +1 -0
- package/dist/ports/canton/hash.js +68 -0
- package/dist/ports/canton/hash.js.map +1 -0
- package/dist/ports/canton/http.d.ts +64 -0
- package/dist/ports/canton/http.d.ts.map +1 -0
- package/dist/ports/canton/http.js +177 -0
- package/dist/ports/canton/http.js.map +1 -0
- package/dist/ports/cross-vm.d.ts +79 -0
- package/dist/ports/cross-vm.d.ts.map +1 -0
- package/dist/ports/cross-vm.js +81 -0
- package/dist/ports/cross-vm.js.map +1 -0
- package/dist/ports/index.d.ts +18 -0
- package/dist/ports/index.d.ts.map +1 -0
- package/dist/ports/index.js +11 -0
- package/dist/ports/index.js.map +1 -0
- package/dist/ports/tenzro-identity.d.ts +29 -0
- package/dist/ports/tenzro-identity.d.ts.map +1 -0
- package/dist/ports/tenzro-identity.js +19 -0
- package/dist/ports/tenzro-identity.js.map +1 -0
- package/dist/ports/tenzro-rpc.d.ts +79 -0
- package/dist/ports/tenzro-rpc.d.ts.map +1 -0
- package/dist/ports/tenzro-rpc.js +21 -0
- package/dist/ports/tenzro-rpc.js.map +1 -0
- package/dist/router/index.d.ts +3 -0
- package/dist/router/index.d.ts.map +1 -0
- package/dist/router/index.js +2 -0
- package/dist/router/index.js.map +1 -0
- package/dist/router/route.d.ts +17 -0
- package/dist/router/route.d.ts.map +1 -0
- package/dist/router/route.js +78 -0
- package/dist/router/route.js.map +1 -0
- package/dist/settlement/nanopayment-flow.d.ts +48 -0
- package/dist/settlement/nanopayment-flow.d.ts.map +1 -0
- package/dist/settlement/nanopayment-flow.js +111 -0
- package/dist/settlement/nanopayment-flow.js.map +1 -0
- package/dist/surfaces/canton-external.d.ts +43 -0
- package/dist/surfaces/canton-external.d.ts.map +1 -0
- package/dist/surfaces/canton-external.js +252 -0
- package/dist/surfaces/canton-external.js.map +1 -0
- package/dist/surfaces/canton-internal.d.ts +34 -0
- package/dist/surfaces/canton-internal.d.ts.map +1 -0
- package/dist/surfaces/canton-internal.js +163 -0
- package/dist/surfaces/canton-internal.js.map +1 -0
- package/dist/surfaces/canton-onboarding.d.ts +64 -0
- package/dist/surfaces/canton-onboarding.d.ts.map +1 -0
- package/dist/surfaces/canton-onboarding.js +113 -0
- package/dist/surfaces/canton-onboarding.js.map +1 -0
- package/dist/surfaces/evm-on-tenzro.d.ts +29 -0
- package/dist/surfaces/evm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/evm-on-tenzro.js +226 -0
- package/dist/surfaces/evm-on-tenzro.js.map +1 -0
- package/dist/surfaces/index.d.ts +13 -0
- package/dist/surfaces/index.d.ts.map +1 -0
- package/dist/surfaces/index.js +7 -0
- package/dist/surfaces/index.js.map +1 -0
- package/dist/surfaces/svm-on-tenzro.d.ts +24 -0
- package/dist/surfaces/svm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/svm-on-tenzro.js +238 -0
- package/dist/surfaces/svm-on-tenzro.js.map +1 -0
- package/dist/surfaces/tenzro-native.d.ts +45 -0
- package/dist/surfaces/tenzro-native.d.ts.map +1 -0
- package/dist/surfaces/tenzro-native.js +299 -0
- package/dist/surfaces/tenzro-native.js.map +1 -0
- package/dist/surfaces/util.d.ts +18 -0
- package/dist/surfaces/util.d.ts.map +1 -0
- package/dist/surfaces/util.js +36 -0
- package/dist/surfaces/util.js.map +1 -0
- package/dist/types/asset.d.ts +43 -0
- package/dist/types/asset.d.ts.map +1 -0
- package/dist/types/asset.js +13 -0
- package/dist/types/asset.js.map +1 -0
- package/dist/types/consent.d.ts +46 -0
- package/dist/types/consent.d.ts.map +1 -0
- package/dist/types/consent.js +18 -0
- package/dist/types/consent.js.map +1 -0
- package/dist/types/identity.d.ts +115 -0
- package/dist/types/identity.d.ts.map +1 -0
- package/dist/types/identity.js +12 -0
- package/dist/types/identity.js.map +1 -0
- package/dist/types/index.d.ts +10 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +3 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/intent.d.ts +132 -0
- package/dist/types/intent.d.ts.map +1 -0
- package/dist/types/intent.js +8 -0
- package/dist/types/intent.js.map +1 -0
- package/dist/types/signing-driver.d.ts +48 -0
- package/dist/types/signing-driver.d.ts.map +1 -0
- package/dist/types/signing-driver.js +9 -0
- package/dist/types/signing-driver.js.map +1 -0
- package/dist/types/surface-module.d.ts +38 -0
- package/dist/types/surface-module.d.ts.map +1 -0
- package/dist/types/surface-module.js +19 -0
- package/dist/types/surface-module.js.map +1 -0
- package/dist/types/surface.d.ts +17 -0
- package/dist/types/surface.d.ts.map +1 -0
- package/dist/types/surface.js +28 -0
- package/dist/types/surface.js.map +1 -0
- package/package.json +84 -0
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PaymentRailsPort — agent-payment rail dispatcher.
|
|
3
|
+
*
|
|
4
|
+
* Tenzro's `PaymentClient` exposes five rails through one client class:
|
|
5
|
+
*
|
|
6
|
+
* • MPP — Tempo's Machine Payments Protocol
|
|
7
|
+
* • x402 — Coinbase HTTP-402, x402 Foundation governance,
|
|
8
|
+
* absorbed as a payment method inside AP2
|
|
9
|
+
* • AP2 — FIDO Alliance Agentic-Payments TWG (v0.2, Apr 2026)
|
|
10
|
+
* • Visa TAP — Visa Trusted Agent Protocol (RFC 9421 sigs)
|
|
11
|
+
* • Mastercard — Mastercard Agent Pay (SingleUse / SessionBound /
|
|
12
|
+
* Recurring tokens, KYA tier checks)
|
|
13
|
+
*
|
|
14
|
+
* The wallet doesn't pick the rail — the merchant or resource declares it
|
|
15
|
+
* (HTTP 402 header, AP2 mandate type, etc.). The wallet's job is to
|
|
16
|
+
* surface them through one port so a single agent-spending UI can drive
|
|
17
|
+
* them all under the same SessionKey scope.
|
|
18
|
+
*
|
|
19
|
+
* Per `reference_agentic_payments_2026.md`: x402 is now subsumed inside
|
|
20
|
+
* AP2 schema-wise, but stays a distinct *rail* on the wire (HTTP 402 vs.
|
|
21
|
+
* AP2 mandate). We keep the methods separate so callers can opt into the
|
|
22
|
+
* rail their counterparty actually speaks.
|
|
23
|
+
*/
|
|
24
|
+
export interface PaymentReceipt {
|
|
25
|
+
readonly receiptId: string;
|
|
26
|
+
/** Underlying tx hash on the settlement chain, when applicable. */
|
|
27
|
+
readonly txHash?: string;
|
|
28
|
+
/** Engine-reported status (Approved / Settled / Pending / Failed / …). */
|
|
29
|
+
readonly status: string;
|
|
30
|
+
/** Free-form metadata the engine attached. */
|
|
31
|
+
readonly meta?: Readonly<Record<string, unknown>>;
|
|
32
|
+
}
|
|
33
|
+
export interface PayMppRequest {
|
|
34
|
+
readonly url: string;
|
|
35
|
+
readonly payerDid?: string;
|
|
36
|
+
}
|
|
37
|
+
export interface PayX402Request {
|
|
38
|
+
readonly url: string;
|
|
39
|
+
readonly payerDid?: string;
|
|
40
|
+
}
|
|
41
|
+
export interface PayAp2Request {
|
|
42
|
+
/** Agent DID that authorises the payment under its delegation scope. */
|
|
43
|
+
readonly agentDid: string;
|
|
44
|
+
readonly url: string;
|
|
45
|
+
/** Decimal-string amount (preserves precision; matches AP2 wire shape). */
|
|
46
|
+
readonly amount: string;
|
|
47
|
+
}
|
|
48
|
+
export interface PayVisaTapRequest {
|
|
49
|
+
/** Visa-issued credential. Opaque; forwarded verbatim. */
|
|
50
|
+
readonly credential: Readonly<Record<string, unknown>>;
|
|
51
|
+
}
|
|
52
|
+
export interface PayMastercardRequest {
|
|
53
|
+
/**
|
|
54
|
+
* Mastercard-issued payment credential — typically one of the three
|
|
55
|
+
* token kinds: SingleUse, SessionBound, Recurring.
|
|
56
|
+
*/
|
|
57
|
+
readonly credential: Readonly<Record<string, unknown>>;
|
|
58
|
+
}
|
|
59
|
+
export interface SignVisaTapRequest {
|
|
60
|
+
/**
|
|
61
|
+
* RFC 9421 HTTP message-signature inputs the SDK turns into the
|
|
62
|
+
* `Signature-Input` / `Signature` header pair. The wallet only declares
|
|
63
|
+
* what it carries on the wire — composition happens in the SDK.
|
|
64
|
+
*/
|
|
65
|
+
readonly request: {
|
|
66
|
+
readonly method: string;
|
|
67
|
+
readonly url: string;
|
|
68
|
+
readonly headers: Readonly<Record<string, string>>;
|
|
69
|
+
readonly body?: string;
|
|
70
|
+
};
|
|
71
|
+
/** Agent DID whose key signs the message. */
|
|
72
|
+
readonly agentDid: string;
|
|
73
|
+
}
|
|
74
|
+
export interface VisaTapSignedRequest {
|
|
75
|
+
/** Original headers plus `Signature-Input` and `Signature`. */
|
|
76
|
+
readonly headers: Readonly<Record<string, string>>;
|
|
77
|
+
/** Echoed back so callers don't have to thread the URL separately. */
|
|
78
|
+
readonly url: string;
|
|
79
|
+
readonly method: string;
|
|
80
|
+
}
|
|
81
|
+
/** Mastercard token kinds per Mastercard Agent Pay spec. */
|
|
82
|
+
export type MastercardTokenKind = 'SingleUse' | 'SessionBound' | 'Recurring';
|
|
83
|
+
export interface IssueMastercardTokenRequest {
|
|
84
|
+
readonly agentDid: string;
|
|
85
|
+
readonly kind: MastercardTokenKind;
|
|
86
|
+
/**
|
|
87
|
+
* Per-token-kind binding params — opaque to the kernel (recurring schedule,
|
|
88
|
+
* session id, single-use cap, etc.). The SDK validates against KYA tier.
|
|
89
|
+
*/
|
|
90
|
+
readonly params: Readonly<Record<string, unknown>>;
|
|
91
|
+
}
|
|
92
|
+
export interface MastercardToken {
|
|
93
|
+
readonly tokenId: string;
|
|
94
|
+
readonly kind: MastercardTokenKind;
|
|
95
|
+
/** Decimal-string cap; "0" means uncapped at this layer (KYA tier still applies). */
|
|
96
|
+
readonly cap: string;
|
|
97
|
+
readonly expiresAt: number;
|
|
98
|
+
readonly raw: Readonly<Record<string, unknown>>;
|
|
99
|
+
}
|
|
100
|
+
export interface PaymentChallenge {
|
|
101
|
+
/** Opaque challenge id the gateway echoes back. */
|
|
102
|
+
readonly challengeId: string;
|
|
103
|
+
/** Resource the challenge gates. */
|
|
104
|
+
readonly resource: string;
|
|
105
|
+
readonly amount: number;
|
|
106
|
+
readonly asset: string;
|
|
107
|
+
readonly protocol: string;
|
|
108
|
+
/** Engine fields the wallet should not interpret. */
|
|
109
|
+
readonly raw: Readonly<Record<string, unknown>>;
|
|
110
|
+
}
|
|
111
|
+
export interface CreateChallengeRequest {
|
|
112
|
+
readonly resource: string;
|
|
113
|
+
readonly amount: number;
|
|
114
|
+
/** Defaults to 'USDC' on the SDK side. */
|
|
115
|
+
readonly asset?: string;
|
|
116
|
+
/** Defaults to 'mpp' on the SDK side. */
|
|
117
|
+
readonly protocol?: 'mpp' | 'x402' | 'ap2';
|
|
118
|
+
}
|
|
119
|
+
export interface PaymentRailsPort {
|
|
120
|
+
createChallenge(req: CreateChallengeRequest): Promise<PaymentChallenge>;
|
|
121
|
+
payMpp(req: PayMppRequest): Promise<PaymentReceipt>;
|
|
122
|
+
payX402(req: PayX402Request): Promise<PaymentReceipt>;
|
|
123
|
+
payAp2(req: PayAp2Request): Promise<PaymentReceipt>;
|
|
124
|
+
payVisaTap(req: PayVisaTapRequest): Promise<PaymentReceipt>;
|
|
125
|
+
payMastercard(req: PayMastercardRequest): Promise<PaymentReceipt>;
|
|
126
|
+
getReceipt(receiptId: string): Promise<PaymentReceipt | null>;
|
|
127
|
+
/**
|
|
128
|
+
* Produce RFC 9421 message-signature headers for a Visa TAP request.
|
|
129
|
+
* Throws "SDK pending" until `tenzro-sdk`'s PaymentClient exposes
|
|
130
|
+
* `signVisaTap` (DESIGN.md §11.1).
|
|
131
|
+
*/
|
|
132
|
+
signVisaTap(req: SignVisaTapRequest): Promise<VisaTapSignedRequest>;
|
|
133
|
+
/**
|
|
134
|
+
* Issue a Mastercard Agent Pay token for the given agent + kind. Throws
|
|
135
|
+
* "SDK pending" until `tenzro-sdk`'s PaymentClient exposes
|
|
136
|
+
* `issueMastercardToken` (DESIGN.md §11.1).
|
|
137
|
+
*/
|
|
138
|
+
issueMastercardToken(req: IssueMastercardTokenRequest): Promise<MastercardToken>;
|
|
139
|
+
}
|
|
140
|
+
//# sourceMappingURL=payment-rails.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"payment-rails.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/payment-rails.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,mEAAmE;IACnE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,2EAA2E;IAC3E,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,0DAA0D;IAC1D,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACxD;AAED,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACxD;AAUD,MAAM,WAAW,kBAAkB;IACjC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACnC,+DAA+D;IAC/D,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,sEAAsE;IACtE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,4DAA4D;AAC5D,MAAM,MAAM,mBAAmB,GAAG,WAAW,GAAG,cAAc,GAAG,WAAW,CAAC;AAE7E,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC;IACnC;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC;IACnC,qFAAqF;IACrF,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,gBAAgB;IAC/B,mDAAmD;IACnD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,oCAAoC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,qDAAqD;IACrD,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,QAAQ,CAAC,QAAQ,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,CAAC;CAC5C;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACxE,MAAM,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACpD,UAAU,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5D,aAAa,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAClE,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAI9D;;;;OAIG;IACH,WAAW,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEpE;;;;OAIG;IACH,oBAAoB,CAAC,GAAG,EAAE,2BAA2B,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAClF"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PaymentRailsPort — agent-payment rail dispatcher.
|
|
3
|
+
*
|
|
4
|
+
* Tenzro's `PaymentClient` exposes five rails through one client class:
|
|
5
|
+
*
|
|
6
|
+
* • MPP — Tempo's Machine Payments Protocol
|
|
7
|
+
* • x402 — Coinbase HTTP-402, x402 Foundation governance,
|
|
8
|
+
* absorbed as a payment method inside AP2
|
|
9
|
+
* • AP2 — FIDO Alliance Agentic-Payments TWG (v0.2, Apr 2026)
|
|
10
|
+
* • Visa TAP — Visa Trusted Agent Protocol (RFC 9421 sigs)
|
|
11
|
+
* • Mastercard — Mastercard Agent Pay (SingleUse / SessionBound /
|
|
12
|
+
* Recurring tokens, KYA tier checks)
|
|
13
|
+
*
|
|
14
|
+
* The wallet doesn't pick the rail — the merchant or resource declares it
|
|
15
|
+
* (HTTP 402 header, AP2 mandate type, etc.). The wallet's job is to
|
|
16
|
+
* surface them through one port so a single agent-spending UI can drive
|
|
17
|
+
* them all under the same SessionKey scope.
|
|
18
|
+
*
|
|
19
|
+
* Per `reference_agentic_payments_2026.md`: x402 is now subsumed inside
|
|
20
|
+
* AP2 schema-wise, but stays a distinct *rail* on the wire (HTTP 402 vs.
|
|
21
|
+
* AP2 mandate). We keep the methods separate so callers can opt into the
|
|
22
|
+
* rail their counterparty actually speaks.
|
|
23
|
+
*/
|
|
24
|
+
export {};
|
|
25
|
+
//# sourceMappingURL=payment-rails.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"payment-rails.js","sourceRoot":"","sources":["../../../src/ports/agent/payment-rails.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PrincipalChainPort — read-only access to the receipt principal-chain
|
|
3
|
+
* (Agent-Swarm Spec 5).
|
|
4
|
+
*
|
|
5
|
+
* Every settlement / payment / lifecycle receipt produced by the network
|
|
6
|
+
* grows a typed `principal_chain` field captured at receipt write time:
|
|
7
|
+
* a delegation path from the acting identity (`actor`) up to the
|
|
8
|
+
* controller, plus the controller's KYC tier and bond figures. The
|
|
9
|
+
* chain is frozen — later revocations don't invalidate it.
|
|
10
|
+
*
|
|
11
|
+
* Auditors, dashboards, and seed-agent governance walk these chains via
|
|
12
|
+
* the SDK's `PrincipalChainClient`; the wallet exposes the same surface
|
|
13
|
+
* so it can render "who paid for this" trails alongside transactions.
|
|
14
|
+
*/
|
|
15
|
+
export type PrincipalRole = 'controller' | 'delegated_agent' | 'autonomous_agent';
|
|
16
|
+
export type IdentityType = 'human' | 'machine';
|
|
17
|
+
export interface PrincipalLink {
|
|
18
|
+
/** DID string of the link. */
|
|
19
|
+
readonly did: string;
|
|
20
|
+
readonly identityType: IdentityType;
|
|
21
|
+
/** Hex-encoded SHA-256 of the DelegationScope under which this link acted. */
|
|
22
|
+
readonly delegationScopeId?: string;
|
|
23
|
+
readonly role: PrincipalRole;
|
|
24
|
+
/**
|
|
25
|
+
* `true` when the link's identity could not be resolved at receipt
|
|
26
|
+
* write time (revoked, not-found). Receipts are still written — the
|
|
27
|
+
* regulator sees a partially-resolvable chain with an explicit gap.
|
|
28
|
+
*/
|
|
29
|
+
readonly tombstone: boolean;
|
|
30
|
+
}
|
|
31
|
+
export interface PrincipalChainRecord {
|
|
32
|
+
/** DID of the acting identity (signer of the underlying tx). */
|
|
33
|
+
readonly actor: string;
|
|
34
|
+
/**
|
|
35
|
+
* Top-down list of intermediate links. Empty when the controller acted
|
|
36
|
+
* directly (`delegationDepth === 0`).
|
|
37
|
+
*/
|
|
38
|
+
readonly chain: readonly PrincipalLink[];
|
|
39
|
+
/** The controller link itself — the legally responsible principal. */
|
|
40
|
+
readonly controller: PrincipalLink;
|
|
41
|
+
/** 0 = Unverified, 1 = Basic, 2 = Enhanced, 3 = Full. */
|
|
42
|
+
readonly controllerKycTier: number;
|
|
43
|
+
/** Bond posted by the controller, in TNZO base units. */
|
|
44
|
+
readonly controllerBond?: bigint;
|
|
45
|
+
/** Bond posted directly against the actor's DID (Spec 9). */
|
|
46
|
+
readonly actorBond?: bigint;
|
|
47
|
+
/**
|
|
48
|
+
* Sum of all promotion-eligible Active bonds the controller has posted
|
|
49
|
+
* across every agent they own (Spec 9) — total skin-in-the-game.
|
|
50
|
+
*/
|
|
51
|
+
readonly controllerBondAggregate?: bigint;
|
|
52
|
+
/** Number of delegation levels between actor and controller. */
|
|
53
|
+
readonly delegationDepth: number;
|
|
54
|
+
/** Block height at which the chain was resolved and frozen. */
|
|
55
|
+
readonly frozenAtBlock: bigint;
|
|
56
|
+
}
|
|
57
|
+
export interface PrincipalChainSummaryRecord {
|
|
58
|
+
readonly actor: string;
|
|
59
|
+
readonly controller: string;
|
|
60
|
+
readonly controllerKycTier: number;
|
|
61
|
+
readonly controllerBond?: bigint;
|
|
62
|
+
readonly actorBond?: bigint;
|
|
63
|
+
readonly controllerBondAggregate?: bigint;
|
|
64
|
+
readonly delegationDepth: number;
|
|
65
|
+
readonly hasTombstone: boolean;
|
|
66
|
+
readonly frozenAtBlock: bigint;
|
|
67
|
+
}
|
|
68
|
+
export interface ControllerActivitySummaryRecord {
|
|
69
|
+
readonly controllerDid: string;
|
|
70
|
+
readonly receiptCount: bigint;
|
|
71
|
+
/** Total settled value in the window, in TNZO base units. */
|
|
72
|
+
readonly totalValueTnzo: bigint;
|
|
73
|
+
/** Distinct DIDs that acted under the controller in the window. */
|
|
74
|
+
readonly agentsActedUnder: readonly string[];
|
|
75
|
+
readonly killSwitchEvents: number;
|
|
76
|
+
readonly kycTierAtOldest: number;
|
|
77
|
+
readonly kycTierAtNewest: number;
|
|
78
|
+
readonly bondMin: bigint;
|
|
79
|
+
readonly bondMax: bigint;
|
|
80
|
+
/** Inclusive lower bound, unix seconds; undefined if open-ended. */
|
|
81
|
+
readonly since?: number;
|
|
82
|
+
/** Inclusive upper bound, unix seconds; undefined if open-ended. */
|
|
83
|
+
readonly until?: number;
|
|
84
|
+
}
|
|
85
|
+
export interface PrincipalChainPort {
|
|
86
|
+
/** Full chain for a single receipt. Returns null if unknown. */
|
|
87
|
+
getReceiptPrincipalChain(receiptId: string): Promise<PrincipalChainRecord | null>;
|
|
88
|
+
/** Compact summaries for every receipt with the given actor DID. */
|
|
89
|
+
listReceiptsByActor(actorDid: string): Promise<PrincipalChainSummaryRecord[]>;
|
|
90
|
+
/** Compact summaries for every receipt terminating at controllerDid. */
|
|
91
|
+
listReceiptsByController(controllerDid: string): Promise<PrincipalChainSummaryRecord[]>;
|
|
92
|
+
/** Aggregate activity metrics for a controller. Returns null if unknown. */
|
|
93
|
+
summarizeController(controllerDid: string): Promise<ControllerActivitySummaryRecord | null>;
|
|
94
|
+
}
|
|
95
|
+
//# sourceMappingURL=principal-chain.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal-chain.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/principal-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAElF,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,SAAS,CAAC;AAE/C,MAAM,WAAW,aAAa;IAC5B,8BAA8B;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,8EAA8E;IAC9E,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;IACzC,sEAAsE;IACtE,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;IACnC,yDAAyD;IACzD,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,yDAAyD;IACzD,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,6DAA6D;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAC1C,gEAAgE;IAChE,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,+DAA+D;IAC/D,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAC1C,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,+BAA+B;IAC9C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,6DAA6D;IAC7D,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,mEAAmE;IACnE,QAAQ,CAAC,gBAAgB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,oEAAoE;IACpE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,oEAAoE;IACpE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IAElF,oEAAoE;IACpE,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,2BAA2B,EAAE,CAAC,CAAC;IAE9E,wEAAwE;IACxE,wBAAwB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,2BAA2B,EAAE,CAAC,CAAC;IAExF,4EAA4E;IAC5E,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC,CAAC;CAC7F"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PrincipalChainPort — read-only access to the receipt principal-chain
|
|
3
|
+
* (Agent-Swarm Spec 5).
|
|
4
|
+
*
|
|
5
|
+
* Every settlement / payment / lifecycle receipt produced by the network
|
|
6
|
+
* grows a typed `principal_chain` field captured at receipt write time:
|
|
7
|
+
* a delegation path from the acting identity (`actor`) up to the
|
|
8
|
+
* controller, plus the controller's KYC tier and bond figures. The
|
|
9
|
+
* chain is frozen — later revocations don't invalidate it.
|
|
10
|
+
*
|
|
11
|
+
* Auditors, dashboards, and seed-agent governance walk these chains via
|
|
12
|
+
* the SDK's `PrincipalChainClient`; the wallet exposes the same surface
|
|
13
|
+
* so it can render "who paid for this" trails alongside transactions.
|
|
14
|
+
*/
|
|
15
|
+
export {};
|
|
16
|
+
//# sourceMappingURL=principal-chain.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"principal-chain.js","sourceRoot":"","sources":["../../../src/ports/agent/principal-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SessionKeyPort — scoped delegations under TDIP.
|
|
3
|
+
*
|
|
4
|
+
* This is the primitive every agent-payment rail rests on. AP2 mandates,
|
|
5
|
+
* Mastercard Agent Pay tokens, x402 micropayment caps, Visa TAP scopes —
|
|
6
|
+
* all of them are *expressions* of a session key with a bounded
|
|
7
|
+
* delegation scope. The wallet's job is to:
|
|
8
|
+
*
|
|
9
|
+
* 1. Create scoped session keys ("this agent may spend up to 10 USDC/day
|
|
10
|
+
* on inference services for the next hour").
|
|
11
|
+
* 2. Inspect / list active scopes for the user UI.
|
|
12
|
+
* 3. Revoke a scope when the user wants to cut off an agent.
|
|
13
|
+
*
|
|
14
|
+
* Server-side, the auth engine enforces. The wallet does NOT decide
|
|
15
|
+
* whether a tx is in-policy — it asks. A compromised wallet client cannot
|
|
16
|
+
* widen a scope; the engine rejects.
|
|
17
|
+
*
|
|
18
|
+
* Wire mapping: `tenzro_onboardDelegatedAgent`, `tenzro_revokeDid`,
|
|
19
|
+
* `tenzro_revokeJwt` — i.e. delegation scopes are JWT-bound under the
|
|
20
|
+
* controller's act-chain. Creating a scope is "onboard a delegated
|
|
21
|
+
* agent under controllerDid with this scope"; revoking is revoking the
|
|
22
|
+
* JWT (single scope) or the DID (cascades all scopes).
|
|
23
|
+
*
|
|
24
|
+
* The opaque `scope` shape is whatever the engine accepts — currently a
|
|
25
|
+
* `Record<string, unknown>` matching `SpendingPolicy::is_allowed()`'s
|
|
26
|
+
* input. The port doesn't validate; it forwards. AP2/Mastercard/Visa
|
|
27
|
+
* adapters build scope objects that match their respective schemas and
|
|
28
|
+
* pass them through.
|
|
29
|
+
*/
|
|
30
|
+
export interface SessionScope {
|
|
31
|
+
/** Human-readable label shown in approver UI. */
|
|
32
|
+
readonly label: string;
|
|
33
|
+
/** Capability strings — "inference", "rpc-call", "storage", custom tags. */
|
|
34
|
+
readonly capabilities: readonly string[];
|
|
35
|
+
/** Engine-specific scope object. Forwarded as-is to the auth engine. */
|
|
36
|
+
readonly delegationScope: Readonly<Record<string, unknown>>;
|
|
37
|
+
/** Optional DPoP thumbprint to bind the resulting JWT to a specific key. */
|
|
38
|
+
readonly dpopJkt?: string;
|
|
39
|
+
}
|
|
40
|
+
export interface CreateSessionRequest {
|
|
41
|
+
/** Controller DID (the human or upstream agent granting authority). */
|
|
42
|
+
readonly controllerDid: string;
|
|
43
|
+
readonly scope: SessionScope;
|
|
44
|
+
}
|
|
45
|
+
export interface CreatedSession {
|
|
46
|
+
/** DID of the newly-onboarded delegated agent. */
|
|
47
|
+
readonly agentDid: string;
|
|
48
|
+
/** Bearer JWT for the new agent. The wallet hands this to the agent. */
|
|
49
|
+
readonly accessToken: string;
|
|
50
|
+
/** Refresh token for renewal. */
|
|
51
|
+
readonly refreshToken?: string;
|
|
52
|
+
/** Unix-ms when the access token expires. */
|
|
53
|
+
readonly expiresAt: number;
|
|
54
|
+
}
|
|
55
|
+
export interface ActiveSession {
|
|
56
|
+
readonly agentDid: string;
|
|
57
|
+
readonly controllerDid: string;
|
|
58
|
+
readonly capabilities: readonly string[];
|
|
59
|
+
readonly delegationScope: Readonly<Record<string, unknown>>;
|
|
60
|
+
readonly issuedAt: number;
|
|
61
|
+
readonly expiresAt: number;
|
|
62
|
+
readonly status: 'active' | 'revoked' | 'expired';
|
|
63
|
+
}
|
|
64
|
+
export interface RevokeSessionRequest {
|
|
65
|
+
/**
|
|
66
|
+
* Either a JWT `jti` (revokes a single session) or a DID (cascades
|
|
67
|
+
* — invalidates every JWT minted under that DID and every descendant
|
|
68
|
+
* DID in the act-chain).
|
|
69
|
+
*/
|
|
70
|
+
readonly target: {
|
|
71
|
+
kind: 'jti';
|
|
72
|
+
jti: string;
|
|
73
|
+
} | {
|
|
74
|
+
kind: 'did';
|
|
75
|
+
did: string;
|
|
76
|
+
};
|
|
77
|
+
readonly reason?: string;
|
|
78
|
+
}
|
|
79
|
+
export interface RevokeSessionResult {
|
|
80
|
+
readonly target: string;
|
|
81
|
+
readonly status: string;
|
|
82
|
+
}
|
|
83
|
+
export interface SessionKeyPort {
|
|
84
|
+
/** Create a scoped session key under `controllerDid`. */
|
|
85
|
+
create(req: CreateSessionRequest): Promise<CreatedSession>;
|
|
86
|
+
/**
|
|
87
|
+
* List active sessions for the controller. Used by the wallet UI to
|
|
88
|
+
* render "agents acting on your behalf" + a revoke button.
|
|
89
|
+
*/
|
|
90
|
+
list(controllerDid: string): Promise<readonly ActiveSession[]>;
|
|
91
|
+
/** Revoke a single session (jti) or every session under a DID. */
|
|
92
|
+
revoke(req: RevokeSessionRequest): Promise<RevokeSessionResult>;
|
|
93
|
+
}
|
|
94
|
+
//# sourceMappingURL=session-key.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-key.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/session-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,MAAM,WAAW,YAAY;IAC3B,iDAAiD;IACjD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,4EAA4E;IAC5E,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,wEAAwE;IACxE,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,4EAA4E;IAC5E,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,wEAAwE;IACxE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,iCAAiC;IACjC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,6CAA6C;IAC7C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;CACnD;AAED,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7E,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,yDAAyD;IACzD,MAAM,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAE3D;;;OAGG;IACH,IAAI,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,aAAa,EAAE,CAAC,CAAC;IAE/D,kEAAkE;IAClE,MAAM,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjE"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SessionKeyPort — scoped delegations under TDIP.
|
|
3
|
+
*
|
|
4
|
+
* This is the primitive every agent-payment rail rests on. AP2 mandates,
|
|
5
|
+
* Mastercard Agent Pay tokens, x402 micropayment caps, Visa TAP scopes —
|
|
6
|
+
* all of them are *expressions* of a session key with a bounded
|
|
7
|
+
* delegation scope. The wallet's job is to:
|
|
8
|
+
*
|
|
9
|
+
* 1. Create scoped session keys ("this agent may spend up to 10 USDC/day
|
|
10
|
+
* on inference services for the next hour").
|
|
11
|
+
* 2. Inspect / list active scopes for the user UI.
|
|
12
|
+
* 3. Revoke a scope when the user wants to cut off an agent.
|
|
13
|
+
*
|
|
14
|
+
* Server-side, the auth engine enforces. The wallet does NOT decide
|
|
15
|
+
* whether a tx is in-policy — it asks. A compromised wallet client cannot
|
|
16
|
+
* widen a scope; the engine rejects.
|
|
17
|
+
*
|
|
18
|
+
* Wire mapping: `tenzro_onboardDelegatedAgent`, `tenzro_revokeDid`,
|
|
19
|
+
* `tenzro_revokeJwt` — i.e. delegation scopes are JWT-bound under the
|
|
20
|
+
* controller's act-chain. Creating a scope is "onboard a delegated
|
|
21
|
+
* agent under controllerDid with this scope"; revoking is revoking the
|
|
22
|
+
* JWT (single scope) or the DID (cascades all scopes).
|
|
23
|
+
*
|
|
24
|
+
* The opaque `scope` shape is whatever the engine accepts — currently a
|
|
25
|
+
* `Record<string, unknown>` matching `SpendingPolicy::is_allowed()`'s
|
|
26
|
+
* input. The port doesn't validate; it forwards. AP2/Mastercard/Visa
|
|
27
|
+
* adapters build scope objects that match their respective schemas and
|
|
28
|
+
* pass them through.
|
|
29
|
+
*/
|
|
30
|
+
export {};
|
|
31
|
+
//# sourceMappingURL=session-key.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-key.js","sourceRoot":"","sources":["../../../src/ports/agent/session-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TeeAttestationPort — verify the node's TEE attestation.
|
|
3
|
+
*
|
|
4
|
+
* The wallet's hybrid-signing path leans on a TEE-resident co-signer at
|
|
5
|
+
* the Tenzro node. Before trusting that co-signer (in particular before
|
|
6
|
+
* sending a passkey-derived share to it), the wallet should verify the
|
|
7
|
+
* node's attestation report against the TEE vendor's certificate chain.
|
|
8
|
+
*
|
|
9
|
+
* The wallet does NOT itself decode TDX/SEV/Nitro reports — that's a
|
|
10
|
+
* mountain of vendor-specific code, with cert chains that need keeping
|
|
11
|
+
* up to date. Instead the node exposes verification as an RPC
|
|
12
|
+
* (`tenzro_verifyTeeAttestation`); the wallet calls in. Trust model:
|
|
13
|
+
* the same engine that issues the attestation also verifies it, which
|
|
14
|
+
* isn't useful in isolation. The protection comes from the wallet
|
|
15
|
+
* pinning the node's expected vendor + measurement off-band (e.g. via a
|
|
16
|
+
* release manifest) and then checking the attestation result *and* the
|
|
17
|
+
* report's measurement field against that pin.
|
|
18
|
+
*
|
|
19
|
+
* This port surfaces:
|
|
20
|
+
* - `detect` — what TEE the node says it has
|
|
21
|
+
* - `getAttestation` — fetch a fresh attestation report
|
|
22
|
+
* - `verify` — verify an attestation (typically the one just fetched)
|
|
23
|
+
*
|
|
24
|
+
* The wallet UI uses these to render a "verified" badge and to gate
|
|
25
|
+
* sensitive flows on a green attestation.
|
|
26
|
+
*/
|
|
27
|
+
export interface TeeInfo {
|
|
28
|
+
readonly available: boolean;
|
|
29
|
+
/** "intel-tdx", "amd-sev-snp", "aws-nitro", "nvidia-gpu". */
|
|
30
|
+
readonly vendor: string;
|
|
31
|
+
readonly capabilities: readonly string[];
|
|
32
|
+
}
|
|
33
|
+
export interface AttestationReport {
|
|
34
|
+
/** Hex-encoded report bytes. The wallet treats these as opaque except
|
|
35
|
+
* for pinning-time measurement comparisons. */
|
|
36
|
+
readonly report: string;
|
|
37
|
+
/** Hex-encoded vendor signature over `report`. */
|
|
38
|
+
readonly signature: string;
|
|
39
|
+
/** X.509 certificate chain (PEM strings). */
|
|
40
|
+
readonly certificateChain: readonly string[];
|
|
41
|
+
}
|
|
42
|
+
export interface AttestationVerifyResult {
|
|
43
|
+
readonly valid: boolean;
|
|
44
|
+
readonly message?: string;
|
|
45
|
+
}
|
|
46
|
+
export interface TeeAttestationPort {
|
|
47
|
+
detect(): Promise<TeeInfo>;
|
|
48
|
+
getAttestation(teeType: string): Promise<AttestationReport>;
|
|
49
|
+
verify(attestationHex: string, teeType: string): Promise<AttestationVerifyResult>;
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=tee-attestation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee-attestation.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/tee-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,6DAA6D;IAC7D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;CAC1C;AAED,MAAM,WAAW,iBAAiB;IAChC;oDACgD;IAChD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,6CAA6C;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3B,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC5D,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CACnF"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TeeAttestationPort — verify the node's TEE attestation.
|
|
3
|
+
*
|
|
4
|
+
* The wallet's hybrid-signing path leans on a TEE-resident co-signer at
|
|
5
|
+
* the Tenzro node. Before trusting that co-signer (in particular before
|
|
6
|
+
* sending a passkey-derived share to it), the wallet should verify the
|
|
7
|
+
* node's attestation report against the TEE vendor's certificate chain.
|
|
8
|
+
*
|
|
9
|
+
* The wallet does NOT itself decode TDX/SEV/Nitro reports — that's a
|
|
10
|
+
* mountain of vendor-specific code, with cert chains that need keeping
|
|
11
|
+
* up to date. Instead the node exposes verification as an RPC
|
|
12
|
+
* (`tenzro_verifyTeeAttestation`); the wallet calls in. Trust model:
|
|
13
|
+
* the same engine that issues the attestation also verifies it, which
|
|
14
|
+
* isn't useful in isolation. The protection comes from the wallet
|
|
15
|
+
* pinning the node's expected vendor + measurement off-band (e.g. via a
|
|
16
|
+
* release manifest) and then checking the attestation result *and* the
|
|
17
|
+
* report's measurement field against that pin.
|
|
18
|
+
*
|
|
19
|
+
* This port surfaces:
|
|
20
|
+
* - `detect` — what TEE the node says it has
|
|
21
|
+
* - `getAttestation` — fetch a fresh attestation report
|
|
22
|
+
* - `verify` — verify an attestation (typically the one just fetched)
|
|
23
|
+
*
|
|
24
|
+
* The wallet UI uses these to render a "verified" badge and to gate
|
|
25
|
+
* sensitive flows on a green attestation.
|
|
26
|
+
*/
|
|
27
|
+
export {};
|
|
28
|
+
//# sourceMappingURL=tee-attestation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee-attestation.js","sourceRoot":"","sources":["../../../src/ports/agent/tee-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared body for the wallet's per-vendor bridge adapters. Each adapter
|
|
3
|
+
* (LI.FI, CCIP, LayerZero, Wormhole, deBridge, Canton) is the wallet's
|
|
4
|
+
* UX-side abstraction — one row in the route picker per vendor. Under
|
|
5
|
+
* the hood they all forward to the same `tenzro-sdk` `BridgeClient`,
|
|
6
|
+
* filtering by `adapter` (the SDK's name for `vendor`).
|
|
7
|
+
*
|
|
8
|
+
* SDK shape this targets (verified against `tenzro-sdk@0.1.0`
|
|
9
|
+
* `src/bridge.ts`):
|
|
10
|
+
*
|
|
11
|
+
* - `client.bridge().getRoutes(fromChain, toChain, token?)`
|
|
12
|
+
* → `BridgeRoute[]` (one entry per available vendor; the wallet
|
|
13
|
+
* filters to its own `adapterId` and synthesises the `BridgeQuote`).
|
|
14
|
+
* - `client.bridge().bridgeTokens(fromChain, toChain, token, amount,
|
|
15
|
+
* recipient, adapter?)`
|
|
16
|
+
* → `BridgeTransfer { id, sourceChain, targetChain, assetId, amount,
|
|
17
|
+
* sender, recipient, status, txHash, bridgeFee, completedAt? }`.
|
|
18
|
+
* The wallet maps this to a `BridgeBuildResult` whose single
|
|
19
|
+
* transaction wraps the SDK-returned tx hash for surface display.
|
|
20
|
+
* - `client.bridge().getTransferStatus(transferId)`
|
|
21
|
+
* → `TransferStatus { transfer_id, status, source_tx_hash?,
|
|
22
|
+
* destination_tx_hash?, updated_at }`.
|
|
23
|
+
* The wallet wraps this in an async-iterable that polls until a
|
|
24
|
+
* terminal phase (`delivered` / `failed`).
|
|
25
|
+
*
|
|
26
|
+
* The wallet's `BridgeRoutePort` surface (quote → build → track) is
|
|
27
|
+
* UX-shaped; it doesn't perfectly match the SDK's flatter API. The
|
|
28
|
+
* adapter does the mapping:
|
|
29
|
+
*
|
|
30
|
+
* - `quote()` calls `getRoutes()` and finds the entry matching
|
|
31
|
+
* `adapterId`. The route's `opaque` payload carries the original
|
|
32
|
+
* request fields the wallet needs to call `bridgeTokens` later.
|
|
33
|
+
* - `build()` reads the `opaque` payload, calls `bridgeTokens`,
|
|
34
|
+
* and returns the SDK transfer's `id` as `trackerId`.
|
|
35
|
+
* - `track()` polls `getTransferStatus(trackerId)` on a 2 s tick
|
|
36
|
+
* until the transfer is `delivered` or `failed`.
|
|
37
|
+
*/
|
|
38
|
+
import type { BridgeClient } from 'tenzro-sdk';
|
|
39
|
+
import type { BridgeAdapterId, BridgeRoutePort } from '../bridge.js';
|
|
40
|
+
/**
|
|
41
|
+
* Type alias for the SDK's `BridgeClient`. We take a structural
|
|
42
|
+
* super-type for testability (the test suite injects a fake), but the
|
|
43
|
+
* real adapter accepts the SDK class instance as-is.
|
|
44
|
+
*/
|
|
45
|
+
export type BridgeClientLike = Partial<Pick<BridgeClient, 'getRoutes' | 'bridgeTokens' | 'getTransferStatus' | 'listAdapters'>>;
|
|
46
|
+
export declare function bridgeAdapterFromClient(vendor: BridgeAdapterId, client: BridgeClientLike | undefined): BridgeRoutePort;
|
|
47
|
+
//# sourceMappingURL=bridge-adapter-base.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bridge-adapter-base.d.ts","sourceRoot":"","sources":["../../../../src/ports/bridge/adapters/bridge-adapter-base.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,KAAK,EACV,eAAe,EAKf,eAAe,EAGhB,MAAM,cAAc,CAAC;AAEtB;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,CACpC,IAAI,CAAC,YAAY,EAAE,WAAW,GAAG,cAAc,GAAG,mBAAmB,GAAG,cAAc,CAAC,CACxF,CAAC;AAkBF,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,gBAAgB,GAAG,SAAS,GACnC,eAAe,CAmFjB"}
|