import { Keypair, Fact, UcanPayload, Ucan } from "./types.js"; import { Capability } from "./capability/index.js"; import { DelegationSemantics, DelegationChain } from "./attenuation.js"; import { Store } from "./store.js"; export interface BuildableState { issuer: Keypair; audience: string; expiration: number; } export interface CapabilityLookupCapableState { issuer: Keypair; expiration: number; } /** * A builder API for UCANs. * * Supports grabbing UCANs from a UCAN `Store` for proofs (see `delegateCapability`). * * Example usage: * * ```ts * const ucan = await Builder.create() * .issuedBy(aliceKeypair) * .toAudience(bobDID) * .withLifetimeInSeconds(30) * .claimCapability({ email: "my@email.com", cap: "SEND" }) * .delegateCapability(emailSemantics, { email: "my-friends@email.com", cap: "SEND" }, proof) * .build() * ``` */ export declare class Builder> { private state; private defaultable; private constructor(); /** * Create an empty builder. * Before finalising the builder, you need to at least call * - `issuedBy` * - `toAudience` and * - `withLifetimeInSeconds` or `withExpiration`. * To finalise the builder, call its `build` or `buildPayload` method. */ static create(): Builder>; /** * @param issuer The issuer as a DID string ("did:key:..."). * * The UCAN must be signed with the private key of the issuer to be valid. */ issuedBy(issuer: Keypair): Builder; /** * @param audience The audience as a DID string ("did:key:..."). * * This is the identity this UCAN transfers rights to. * It could e.g. be the DID of a service you're posting this UCAN as a JWT to, * or it could be the DID of something that'll use this UCAN as a proof to * continue the UCAN chain as an issuer. */ toAudience(audience: string): Builder; /** * @param seconds The number of seconds from the calltime of this function * to set the expiry timestamp to. */ withLifetimeInSeconds(seconds: number): Builder; /** * @param expiration The UTCTime timestamp (in seconds) for when the UCAN should expire. */ withExpiration(expiration: number): Builder; /** * @param notBeforeTimestamp The UTCTime timestamp (in seconds) of when the UCAN becomes active. */ withNotBefore(notBeforeTimestamp: number): Builder; /** * @param fact Any fact or proof of knowledge in this UCAN as a record. * @param facts Arbitrary more facts or proofs of knowledge. */ withFact(fact: Fact): Builder; withFact(fact: Fact, ...facts: Fact[]): Builder; /** * Will ensure that the built UCAN includes a number used once. */ withNonce(): Builder; /** * Claim capabilities 'by parenthood'. */ claimCapability(capability: Capability): Builder; claimCapability(capability: Capability, ...capabilities: Capability[]): Builder; /** * Delegate capabilities from a given proof to the audience of the UCAN you're building. * * @param semantics The rules for which delegations of capabilities are allowed. * @param requiredCapability The capability you want to delegate. * * Then, one of * @param proof The proof chain that grants the issuer of this UCAN at least the capabilities you want to delegate, or * @param store The UCAN store in which to try to find a UCAN granting you enough capabilities to delegate given capabilities. * * @throws If given store can't provide a UCAN for delegating given capability * @throws If given proof can't be used to delegate given capability * @throws If the builder hasn't set an issuer and expiration yet */ delegateCapability(requiredCapability: Capability, store: Store): State extends CapabilityLookupCapableState ? Builder : never; delegateCapability(requiredCapability: Capability, proof: DelegationChain, semantics: DelegationSemantics): State extends CapabilityLookupCapableState ? Builder : never; /** * Build the UCAN body. This can be used if you want to sign the UCAN yourself afterwards. */ buildPayload(): State extends BuildableState ? UcanPayload : never; /** * Finalize: Build and sign the UCAN. * * @throws If the builder hasn't yet been set an issuer, audience and expiration. */ build(): Promise; }