feat: checkpoint

2025-11-23 22:57:43 +01:00
parent 7df57522d2
commit 5d45e273ee
160 changed files with 10160 additions and 1476 deletions
--- a/platform/spec/audit/actor.ts
+++ b/platform/spec/audit/actor.ts
@@ -0,0 +1,17 @@
+import z from "zod";
+
+import { AuditUserSchema, AuditUserType } from "./user.ts";
+
+export const AuditActorSchema = z.object({
+  user: AuditUserSchema,
+});
+
+export const auditors = {
+  system: AuditActorSchema.parse({
+    user: {
+      typeId: AuditUserType.System,
+    },
+  }),
+};
+
+export type AuditActor = z.infer<typeof AuditActorSchema>;
--- a/platform/spec/audit/user.ts
+++ b/platform/spec/audit/user.ts
@@ -0,0 +1,17 @@
+import z from "zod";
+
+export enum AuditUserType {
+  Unknown = 0,
+  Identity = 1,
+  System = 2,
+  Service = 3,
+  Other = 99,
+}
+
+export const AuditUserSchema = z.object({
+  typeId: z.enum(AuditUserType).describe("The account type identifier."),
+  uid: z
+    .string()
+    .optional()
+    .describe("The unique user identifier. For example, the Windows user SID, ActiveDirectory DN or AWS user ARN."),
+});
--- a/platform/spec/auth/errors.ts
+++ b/platform/spec/auth/errors.ts
@@ -0,0 +1,7 @@
+import { BadRequestError } from "@platform/relay";
+
+export class AuthenticationStrategyPayloadError extends BadRequestError {
+  constructor() {
+    super("Provided authentication payload is not recognized.");
+  }
+}
--- a/platform/spec/auth/strategies.ts
+++ b/platform/spec/auth/strategies.ts
@@ -0,0 +1,44 @@
+import { z } from "zod";
+
+export const PasskeyStrategySchema = z.object({
+  type: z.literal("passkey").describe("Authentication strategy type for WebAuthn/Passkey"),
+  id: z.string().describe("Base64URL encoded credential ID"),
+  rawId: z.string().describe("Raw credential ID as base64URL encoded string"),
+  response: z
+    .object({
+      clientDataJSON: z.string().describe("Base64URL encoded client data JSON"),
+      authenticatorData: z.string().describe("Base64URL encoded authenticator data"),
+      signature: z.string().optional().describe("Signature for authentication responses"),
+      userHandle: z.string().optional().describe("Optional user handle identifier"),
+      attestationObject: z.string().optional().describe("Attestation object for registration responses"),
+    })
+    .describe("WebAuthn response data"),
+  clientExtensionResults: z
+    .record(z.string(), z.unknown())
+    .default({})
+    .describe("Results from WebAuthn extension inputs"),
+  authenticatorAttachment: z
+    .enum(["platform", "cross-platform"])
+    .optional()
+    .describe("Type of authenticator used (platform or cross-platform)"),
+});
+
+export const EmailStrategySchema = z.object({
+  type: z.literal("email").describe("Authentication strategy type for email"),
+  email: z.email().describe("User's email address for authentication"),
+});
+
+export const PasswordStrategySchema = z.object({
+  type: z.literal("password").describe("Authentication strategy type for password"),
+  alias: z.string().describe("User alias (username or email)"),
+  password: z.string().describe("User's password"),
+});
+
+export const StrategySchema = z
+  .union([PasskeyStrategySchema, EmailStrategySchema, PasswordStrategySchema])
+  .describe("Union of all available authentication strategy schemas");
+
+export type PasskeyStrategy = z.infer<typeof PasskeyStrategySchema>;
+export type EmailStrategy = z.infer<typeof EmailStrategySchema>;
+export type PasswordStrategy = z.infer<typeof PasswordStrategySchema>;
+export type Strategy = z.infer<typeof StrategySchema>;
--- a/platform/spec/package.json
+++ b/platform/spec/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "@platform/spec",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "dependencies": {
+    "@platform/models": "workspace:*",
+    "@platform/relay": "workspace:*",
+    "zod": "4.1.12"
+  }
+}