@web3-storage/capabilities - npm Package Compare versions

Comparing version 2.3.0 to 3.0.0

dist/src/access.d.ts

@@ -1,9 +0,26 @@
-export { top };
+export { top } from "./top.js";
 /**
  * Account identifier.
  */
-export const As: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
+export const Account: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
     protocol: "did:";
 }>, any>;
 /**
+ * Describes the capability requested.
+ */
+export const CapabilityRequest: Schema.StructSchema<{
+    can: Schema.StringSchema<string, unknown>;
+}, unknown>;
+/**
+ * Authorization request describing set of desired capabilities.
+ */
+export const AuthorizationRequest: Schema.StructSchema<{
+    iss: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
+        protocol: "did:";
+    }>, any>;
+    att: Schema.Schema<Schema.InferStruct<{
+        can: Schema.StringSchema<string, unknown>;
+    }>[], unknown>;
+}, unknown>;
+/**
  * Capability can only be delegated (but not invoked) allowing audience to
@@ -13,32 +30,17 @@ * derived any `access/` prefixed capability for the agent identified
  */
-export const access: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "access/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>;
+export const access: Types.TheCapabilityParser<Types.CapabilityMatch<"access/*", Types.URI<"did:">, {}>>;
 /**
- * Capability can be invoked by an agent to request a `./update` for an account.
- *
- * `with` field identifies requesting agent, which MAY be different from iss field identifying issuing agent.
+ * Capability can be invoked by an agent to request set of capabilities from
+ * the account.
  */
-export const authorize: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "access/authorize";
-    with: `did:key:${string}` & `did:${string}` & Types.Phantom<{
+export const authorize: Types.TheCapabilityParser<Types.CapabilityMatch<"access/authorize", `did:key:${string}` & `did:${string}` & Types.Phantom<{
+    protocol: "did:";
+}>, Schema.InferStruct<{
+    iss: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
         protocol: "did:";
-    }>;
-    nb: Types.InferCaveats<{
-        /**
-         * Value MUST be a did:mailto identifier of the account
-         * that the agent wishes to represent via did:key in the `with` field.
-         * It MUST be a valid did:mailto identifier.
-         */
-        as: Schema.Schema<`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
-            protocol: "did:";
-        }>, any>;
-    }>;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{
-    can: "access/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>;
+    }>, any>;
+    att: Schema.Schema<Schema.InferStruct<{
+        can: Schema.StringSchema<string, unknown>;
+    }>[], unknown>;
+}>>>;
 /**
@@ -65,36 +67,17 @@ * Issued by trusted authority (usually the one handling invocation that contains this proof)
  */
-export const session: Types.TheCapabilityParser<Types.CapabilityMatch<"./update", Types.URI<"did:">, {
+export const session: Types.TheCapabilityParser<Types.CapabilityMatch<"./update", Types.URI<"did:">, Schema.InferStruct<{
     key: Schema.Schema<`did:key:${string}` & `did:${string}` & Types.Phantom<{
         protocol: "did:";
     }>, any>;
-}>>;
-export const claim: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "access/claim";
-    with: (`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
-        protocol: "did:";
-    }>) | (`did:key:${string}` & `did:${string}` & Types.Phantom<{
-        protocol: "did:";
-    }>);
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{
-    can: "access/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>;
-export const delegate: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "access/delegate";
-    with: `did:key:${string}` & `did:${string}` & Types.Phantom<{
-        protocol: "did:";
-    }>;
-    nb: Types.InferCaveats<{
-        /**
-         * @type {Schema.Schema<AccessDelegateDelegations>}
-         */
-        delegations: Schema.Schema<AccessDelegateDelegations>;
-    }>;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{
-    can: "access/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>;
+}>>>;
+export const claim: Types.TheCapabilityParser<Types.CapabilityMatch<"access/claim", (`did:mailto:${string}` & `did:${string}` & Types.Phantom<{
+    protocol: "did:";
+}>) | (`did:key:${string}` & `did:${string}` & Types.Phantom<{
+    protocol: "did:";
+}>), {}>>;
+export const delegate: Types.TheCapabilityParser<Types.CapabilityMatch<"access/delegate", `did:key:${string}` & `did:${string}` & Types.Phantom<{
+    protocol: "did:";
+}>, Schema.InferStruct<{
+    delegations: Schema.Schema<AccessDelegateDelegations>;
+}>>>;
 export type AccessDelegateDelegations = Schema.Dictionary<string, Types.Link<unknown, number, number, 0 | 1>>;
@@ -110,5 +93,4 @@ /**
 };
-import { top } from "./top.js";
 import * as Types from "@ucanto/interface";
 import { Schema } from "@ucanto/validator/src/lib.js";
 //# sourceMappingURL=access.d.ts.map

dist/src/space.d.ts

 export { top } from "./top.js";
 export { Store };
-export const space: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "space/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>;
+export const space: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"space/*", import("@ucanto/interface").URI<"did:">, any>>;
 /**
@@ -13,107 +9,35 @@ * `space/info` can be derived from any of the `store/*`
  */
-export const info: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "space/info";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        link: typeof Store.Schema.Link;
-        size: Store.Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>, unknown>;
-        origin: Store.Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        link: typeof Store.Schema.Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        cursor: Store.Schema.Schema<string | undefined, unknown>;
-        size: Store.Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        pre: Store.Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        root: typeof Store.Schema.Link;
-        shards: Store.Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        root: typeof Store.Schema.Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        cursor: Store.Schema.Schema<string | undefined, unknown>;
-        size: Store.Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        pre: Store.Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "space/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
-export const recoverValidation: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "space/recover-validation";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        identity: Store.Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "space/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
-export const recover: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "space/recover";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        identity: Store.Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "space/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const info: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<import("@ucanto/interface").ParsedCapability<"space/info", import("@ucanto/interface").URI<"did:">, {}>, import("@ucanto/interface").CapabilityMatch<"store/add", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    link: typeof Store.Schema.Link;
+    size: Store.Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>, unknown>;
+    origin: Store.Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
+}>> | import("@ucanto/interface").CapabilityMatch<"store/remove", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    link: typeof Store.Schema.Link;
+}>> | import("@ucanto/interface").CapabilityMatch<"store/list", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    cursor: Store.Schema.Schema<string | undefined, unknown>;
+    size: Store.Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Store.Schema.Schema<boolean | undefined, unknown>;
+}>> | import("@ucanto/interface").CapabilityMatch<"upload/add", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    root: typeof Store.Schema.Link;
+    shards: Store.Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
+}>> | import("@ucanto/interface").CapabilityMatch<"upload/remove", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    root: typeof Store.Schema.Link;
+}>> | import("@ucanto/interface").CapabilityMatch<"upload/list", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    cursor: Store.Schema.Schema<string | undefined, unknown>;
+    size: Store.Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Store.Schema.Schema<boolean | undefined, unknown>;
+}>>>>;
+export const recoverValidation: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"space/recover-validation", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    identity: Store.Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
+}>>>;
+export const recover: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"space/recover", import("@ucanto/interface").URI<"did:">, Store.Schema.InferStruct<{
+    identity: Store.Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
+}>>>;
 import * as Store from "./store.js";
 //# sourceMappingURL=space.d.ts.map

dist/src/store.d.ts

@@ -6,7 +6,3 @@ /**
  */
-export const store: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>;
+export const store: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"store/*", import("@ucanto/interface").URI<"did:">, any>>;
 /**
@@ -19,35 +15,9 @@ * `store/add` capability allows agent to store a CAR file into a (memory) space
  */
-export const add: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "store/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * CID of the CAR file to be stored. Service will provision write target
-         * for this exact CAR file for agent to PUT or POST it. Attempt to write
-         * any other content will fail.
-         */
-        link: typeof Link;
-        /**
-         * Size of the CAR file to be stored. Service will provision write target
-         * for this exact size. Attempt to write a larger CAR file will fail.
-         */
-        size: Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>, unknown>;
-        /**
-         * Agent may optionally provide a link to a related CAR file using `origin`
-         * field. This is useful when storing large DAGs, agent could shard it
-         * across multiple CAR files and then link each shard with a previous one.
-         *
-         * Providing this relation tells service that given CAR is shard of the
-         * larger DAG as opposed to it being intentionally partial DAG. When DAG is
-         * not sharded, there will be only one `store/add` with `origin` left out.
-         */
-        origin: Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const add: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"store/add", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    link: typeof Link;
+    size: Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>, unknown>;
+    origin: Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
+}>>>;
 /**
@@ -57,16 +27,5 @@ * Capability can be used to remove the stored CAR file from the (memory)
  */
-export const remove: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "store/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * CID of the CAR file to be removed from the store.
-         */
-        link: typeof Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const remove: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"store/remove", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    link: typeof Link;
+}>>>;
 /**
@@ -76,97 +35,24 @@ * Capability can be invoked to request a list of stored CAR files in the
  */
-export const list: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "store/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * A pointer that can be moved back and forth on the list.
-         * It can be used to paginate a list for instance.
-         */
-        cursor: Schema.Schema<string | undefined, unknown>;
-        /**
-         * Maximum number of items per page.
-         */
-        size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        /**
-         * If true, return page of results preceding cursor. Defaults to false.
-         */
-        pre: Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
-export const all: import("@ucanto/interface").CapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "store/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * CID of the CAR file to be stored. Service will provision write target
-         * for this exact CAR file for agent to PUT or POST it. Attempt to write
-         * any other content will fail.
-         */
-        link: typeof Link;
-        /**
-         * Size of the CAR file to be stored. Service will provision write target
-         * for this exact size. Attempt to write a larger CAR file will fail.
-         */
-        size: Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>, unknown>;
-        /**
-         * Agent may optionally provide a link to a related CAR file using `origin`
-         * field. This is useful when storing large DAGs, agent could shard it
-         * across multiple CAR files and then link each shard with a previous one.
-         *
-         * Providing this relation tells service that given CAR is shard of the
-         * larger DAG as opposed to it being intentionally partial DAG. When DAG is
-         * not sharded, there will be only one `store/add` with `origin` left out.
-         */
-        origin: Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * CID of the CAR file to be removed from the store.
-         */
-        link: typeof Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * A pointer that can be moved back and forth on the list.
-         * It can be used to paginate a list for instance.
-         */
-        cursor: Schema.Schema<string | undefined, unknown>;
-        /**
-         * Maximum number of items per page.
-         */
-        size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        /**
-         * If true, return page of results preceding cursor. Defaults to false.
-         */
-        pre: Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "store/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const list: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"store/list", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    cursor: Schema.Schema<string | undefined, unknown>;
+    size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Schema.Schema<boolean | undefined, unknown>;
+}>>>;
+export const all: import("@ucanto/interface").CapabilityParser<import("@ucanto/interface").CapabilityMatch<"store/add", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    link: typeof Link;
+    size: Schema.NumberSchema<number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>, unknown>;
+    origin: Schema.Schema<import("@ucanto/interface").Link<unknown, number, number, 0 | 1> | undefined, unknown>;
+}>> | import("@ucanto/interface").CapabilityMatch<"store/remove", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    link: typeof Link;
+}>> | import("@ucanto/interface").CapabilityMatch<"store/list", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    cursor: Schema.Schema<string | undefined, unknown>;
+    size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Schema.Schema<boolean | undefined, unknown>;
+}>>>;
 import { Schema } from "@ucanto/validator/src/lib.js";
@@ -173,0 +59,0 @@ import { Link } from "@ucanto/validator/src/schema.js";

dist/src/top.d.ts

@@ -7,3 +7,3 @@ /**
  */
-export const top: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>;
+export const top: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, any>>;
 //# sourceMappingURL=top.d.ts.map

dist/src/types.d.ts

 import type { TupleToUnion } from 'type-fest';
+import * as Ucanto from '@ucanto/interface';
 import { InferInvokedCapability } from '@ucanto/interface';
@@ -9,4 +10,27 @@ import { space, info, recover, recoverValidation } from './space.js';
 import * as AccessCaps from './access.js';
+export interface Unit {
+}
+/**
+ * failure due to a resource not having enough storage capacity.
+ */
+export interface InsufficientStorage {
+    error: true;
+    name: 'InsufficientStorage';
+    message: string;
+}
 export type Access = InferInvokedCapability<typeof AccessCaps.access>;
 export type AccessAuthorize = InferInvokedCapability<typeof AccessCaps.authorize>;
+export type AccessAuthorizeSuccess = Unit;
+export type AccessClaim = InferInvokedCapability<typeof AccessCaps.claim>;
+export interface AccessClaimSuccess {
+    delegations: Record<string, Ucanto.ByteView<Ucanto.Delegation>>;
+}
+export interface AccessClaimFailure {
+    error: true;
+}
+export type AccessDelegate = InferInvokedCapability<typeof AccessCaps.delegate>;
+export type AccessDelegateSuccess = unknown;
+export type AccessDelegateFailure = {
+    error: true;
+} | InsufficientStorage;
 export type AccessSession = InferInvokedCapability<typeof AccessCaps.session>;
@@ -13,0 +37,0 @@ export type Space = InferInvokedCapability<typeof space>;

dist/src/upload.d.ts

@@ -6,7 +6,3 @@ /**
  */
-export const upload: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>;
+export const upload: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"upload/*", import("@ucanto/interface").URI<"did:">, any>>;
 /**
@@ -31,20 +27,6 @@ * Capability allows an agent to add an arbitrary DAG (root) to the upload list
  */
-export const add: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "upload/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * Root CID of the DAG to be added to the upload list.
-         */
-        root: typeof Link;
-        /**
-         * CIDs to the CAR files that contain blocks of the DAG.
-         */
-        shards: Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const add: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"upload/add", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    root: typeof Link;
+    shards: Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
+}>>>;
 /**
@@ -55,16 +37,5 @@ * Capability removes an upload (identified by it's root CID) from the upload
  */
-export const remove: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "upload/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * Root CID of the DAG to be removed from the upload list.
-         */
-        root: typeof Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const remove: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"upload/remove", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    root: typeof Link;
+}>>>;
 /**
@@ -74,85 +45,24 @@ * Capability can be invoked to request a list of uploads in the (memory) space
  */
-export const list: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "upload/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * A pointer that can be moved back and forth on the list.
-         * It can be used to paginate a list for instance.
-         */
-        cursor: Schema.Schema<string | undefined, unknown>;
-        /**
-         * Maximum number of items per page.
-         */
-        size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        /**
-         * If true, return page of results preceding cursor. Defaults to false.
-         */
-        pre: Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
-export const all: import("@ucanto/interface").CapabilityParser<import("@ucanto/interface").DerivedMatch<{
-    can: "upload/add";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * Root CID of the DAG to be added to the upload list.
-         */
-        root: typeof Link;
-        /**
-         * CIDs to the CAR files that contain blocks of the DAG.
-         */
-        shards: Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/remove";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * Root CID of the DAG to be removed from the upload list.
-         */
-        root: typeof Link;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/list";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb: import("@ucanto/interface").InferCaveats<{
-        /**
-         * A pointer that can be moved back and forth on the list.
-         * It can be used to paginate a list for instance.
-         */
-        cursor: Schema.Schema<string | undefined, unknown>;
-        /**
-         * Maximum number of items per page.
-         */
-        size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
-            typeof: "integer";
-        }>) | undefined, unknown>;
-        /**
-         * If true, return page of results preceding cursor. Defaults to false.
-         */
-        pre: Schema.Schema<boolean | undefined, unknown>;
-    }>;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}> | import("@ucanto/interface").DerivedMatch<{
-    can: "upload/*";
-    with: import("@ucanto/interface").URI<"did:">;
-    nb?: import("@ucanto/interface").InferCaveats<{}> | undefined;
-}, import("@ucanto/interface").CapabilityMatch<"*", import("@ucanto/interface").URI<"did:">, {}>>>>;
+export const list: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"upload/list", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    cursor: Schema.Schema<string | undefined, unknown>;
+    size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Schema.Schema<boolean | undefined, unknown>;
+}>>>;
+export const all: import("@ucanto/interface").CapabilityParser<import("@ucanto/interface").CapabilityMatch<"upload/add", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    root: typeof Link;
+    shards: Schema.Schema<import("@ucanto/interface").Link<unknown, 514, number, 1>[] | undefined, any>;
+}>> | import("@ucanto/interface").CapabilityMatch<"upload/remove", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    root: typeof Link;
+}>> | import("@ucanto/interface").CapabilityMatch<"upload/list", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    cursor: Schema.Schema<string | undefined, unknown>;
+    size: Schema.Schema<(number & import("@ucanto/interface").Phantom<{
+        typeof: "integer";
+    }>) | undefined, unknown>;
+    pre: Schema.Schema<boolean | undefined, unknown>;
+}>>>;
+import { Schema } from "@ucanto/validator/src/lib.js";
 import { Link } from "@ucanto/validator/src/schema.js";
-import { Schema } from "@ucanto/validator/src/lib.js";
 export { Link, Schema };
 //# sourceMappingURL=upload.d.ts.map

dist/src/utils.d.ts

@@ -28,3 +28,3 @@ /**
  *
- * TODO: needs to account for caps derived from diferent namespaces like 'account/info' can be derived from 'store/add'
+ * TODO: needs to account for caps derived from different namespaces like 'account/info' can be derived from 'store/add'
  *
@@ -35,11 +35,7 @@ * @param {import('@ucanto/interface').Ability} parent
 export function canDelegateAbility(parent: import('@ucanto/interface').Ability, child: import('@ucanto/interface').Ability): boolean;
-export function equalLink<T extends {
-    can: "store/add" | "store/remove";
-    with: Types.URI<"did:">;
-    nb: {
-        link?: Types.Link<unknown, number, number, 0 | 1> | undefined;
-    };
-}>(claimed: T, delegated: T): Types.Result<true, Types.Failure>;
+export function equalLink<T extends Types.ParsedCapability<"store/add" | "store/remove", Types.URI<"did:">, {
+    link?: Types.Link<unknown, number, number, 0 | 1> | undefined;
+}>>(claimed: T, delegated: T): Types.Result<true, Types.Failure>;
 import { Failure } from "@ucanto/validator/src/lib";
 import * as Types from "@ucanto/interface";
 //# sourceMappingURL=utils.d.ts.map

dist/src/voucher.d.ts

@@ -1,6 +0,6 @@
-export { top };
+export { top } from "./top.js";
 /**
  * Products are identified by the CID of the DAG that describes them.
  */
-export const Product: import("@ucanto/validator/src/schema.js").Schema<Types.URI<`${string}:`>, unknown>;
+export const Product: Schema.Schema<import("@ucanto/interface").URI<`${string}:`>, unknown>;
 /**
@@ -10,7 +10,7 @@ * Verifiable identity to whom voucher is issued. Currently it is a `mailto:`
  */
-export const Identity: import("@ucanto/validator/src/schema.js").Schema<Types.URI<"mailto:">, unknown>;
+export const Identity: Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
 /**
  * Services are identified using a decentralized identifier.
  */
-export const Service: import("@ucanto/validator/src/schema.js").Schema<`did:${string}:${string}` & `did:${string}` & Types.Phantom<{
+export const Service: Schema.Schema<`did:${string}:${string}` & `did:${string}` & import("@ucanto/interface").Phantom<{
     protocol: "did:";
@@ -26,7 +26,3 @@ }>, any>;
  */
-export const voucher: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "voucher/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>;
+export const voucher: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"voucher/*", import("@ucanto/interface").URI<"did:">, any>>;
 /**
@@ -41,54 +37,15 @@ * Capability can be invoked by an agent to claim a voucher for a specific
  */
-export const claim: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "voucher/claim";
-    with: Types.URI<"did:">;
-    nb: Types.InferCaveats<{
-        /**
-         * URI of the product agent is requesting a voucher of.
-         */
-        product: import("@ucanto/validator/src/schema.js").Schema<Types.URI<`${string}:`>, unknown>;
-        /**
-         * Verifiable identity on who's behalf behalf claim is made.
-         */
-        identity: import("@ucanto/validator/src/schema.js").Schema<Types.URI<"mailto:">, unknown>;
-        /**
-         * Optional service DID who's voucher is been requested.
-         */
-        service: import("@ucanto/validator/src/schema.js").Schema<(`did:${string}:${string}` & `did:${string}` & Types.Phantom<{
-            protocol: "did:";
-        }>) | undefined, any>;
-    }>;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}> | Types.DerivedMatch<{
-    can: "voucher/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>;
-export const redeem: Types.TheCapabilityParser<Types.DerivedMatch<{
-    can: "voucher/redeem";
-    with: Types.URI<"did:">;
-    nb: Types.InferCaveats<{
-        /**
-         * Link of the product voucher is for. Must be the same as `nb.product`
-         * of `voucher/claim` that requested this.
-         */
-        product: import("@ucanto/validator/src/schema.js").Schema<Types.URI<`${string}:`>, unknown>;
-        /**
-         * Verifiable identity to whom voucher is issued. It is a `mailto:` URL
-         * where this delegation is typically sent.
-         */
-        identity: import("@ucanto/validator/src/schema.js").Schema<Types.URI<"mailto:">, unknown>;
-        /**
-         * Space identifier where voucher can be redeemed. When service delegates
-         * `voucher/redeem` to the user agent it may omit this field to allow
-         * agent to choose space.
-         */
-        space: import("@ucanto/validator/src/schema.js").Schema<Types.URI<"did:">, unknown>;
-    }>;
-}, Types.DerivedMatch<{
-    can: "voucher/*";
-    with: Types.URI<"did:">;
-    nb?: Types.InferCaveats<{}> | undefined;
-}, Types.CapabilityMatch<"*", Types.URI<"did:">, {}>>>>;
-import { top } from "./top.js";
-import * as Types from "@ucanto/interface";
+export const claim: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"voucher/claim", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    product: Schema.Schema<import("@ucanto/interface").URI<`${string}:`>, unknown>;
+    identity: Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
+    service: Schema.Schema<(`did:${string}:${string}` & `did:${string}` & import("@ucanto/interface").Phantom<{
+        protocol: "did:";
+    }>) | undefined, any>;
+}>>>;
+export const redeem: import("@ucanto/interface").TheCapabilityParser<import("@ucanto/interface").CapabilityMatch<"voucher/redeem", import("@ucanto/interface").URI<"did:">, Schema.InferStruct<{
+    product: Schema.Schema<import("@ucanto/interface").URI<`${string}:`>, unknown>;
+    identity: Schema.Schema<import("@ucanto/interface").URI<"mailto:">, unknown>;
+    space: Schema.Schema<import("@ucanto/interface").URI<"did:">, unknown>;
+}>>>;
+import { Schema } from "@ucanto/validator/src/lib.js";
 //# sourceMappingURL=voucher.d.ts.map

package.json

 {
   "name": "@web3-storage/capabilities",
-  "version": "2.3.0",
+  "version": "3.0.0",
   "description": "Capabilities provided by web3.storage",
@@ -54,7 +54,7 @@ "homepage": "https://github.com/web3-storage/w3protocol/tree/main/packages/capabilities",
   "dependencies": {
-    "@ucanto/core": "^4.2.3",
-    "@ucanto/interface": "^4.2.3",
-    "@ucanto/principal": "^4.2.3",
-    "@ucanto/transport": "^4.2.3",
-    "@ucanto/validator": "^4.2.3"
+    "@ucanto/core": "^5.0.0",
+    "@ucanto/interface": "^5.0.0",
+    "@ucanto/principal": "^5.0.0",
+    "@ucanto/transport": "^5.0.0",
+    "@ucanto/validator": "^5.0.0"
   },
@@ -70,3 +70,3 @@ "devDependencies": {
     "type-fest": "^3.3.0",
-    "typescript": "4.9.4",
+    "typescript": "4.9.5",
     "watch": "^1.0.2"
@@ -115,2 +115,3 @@ },
     "build": "tsc --build",
+    "check": "tsc --build",
     "test": "pnpm run test:node && pnpm run test:browser",
@@ -117,0 +118,0 @@ "test:node": "mocha 'test/**/*.test.js' -n experimental-vm-modules -n no-warnings",

src/access.js

@@ -12,16 +12,36 @@ /**
 import { capability, URI, DID, Schema, Failure } from '@ucanto/validator'
-// @ts-ignore
-// eslint-disable-next-line no-unused-vars
 import * as Types from '@ucanto/interface'
 import { equalWith, fail, equal } from './utils.js'
-import { top } from './top.js'
+export { top } from './top.js'
 
-export { top }
-
 /**
  * Account identifier.
  */
-export const As = DID.match({ method: 'mailto' })
+export const Account = DID.match({ method: 'mailto' })
 
 /**
+ * Describes the capability requested.
+ */
+export const CapabilityRequest = Schema.struct({
+  /**
+   * If set to `"*"` it corresponds to "sudo" access.
+   */
+  can: Schema.string(),
+})
+
+/**
+ * Authorization request describing set of desired capabilities.
+ */
+export const AuthorizationRequest = Schema.struct({
+  /**
+   * DID of the Account authorization is requested from.
+   */
+  iss: Account,
+  /**
+   * Capabilities agent wishes to be granted.
+   */
+  att: CapabilityRequest.array(),
+})
+
+/**
  * Capability can only be delegated (but not invoked) allowing audience to
@@ -31,42 +51,26 @@ * derived any `access/` prefixed capability for the agent identified
  */
-export const access = top.derive({
-  to: capability({
-    can: 'access/*',
-    with: URI.match({ protocol: 'did:' }),
-  }),
-  derives: equalWith,
+export const access = capability({
+  can: 'access/*',
+  with: URI.match({ protocol: 'did:' }),
 })
 
-const base = top.or(access)
-
 /**
- * Capability can be invoked by an agent to request a `./update` for an account.
- *
- * `with` field identifies requesting agent, which MAY be different from iss field identifying issuing agent.
+ * Capability can be invoked by an agent to request set of capabilities from
+ * the account.
  */
-export const authorize = base.derive({
-  to: capability({
-    can: 'access/authorize',
-    with: DID.match({ method: 'key' }),
-    nb: {
-      /**
-       * Value MUST be a did:mailto identifier of the account
-       * that the agent wishes to represent via did:key in the `with` field.
-       * It MUST be a valid did:mailto identifier.
-       */
-      as: As,
-    },
-    derives: (child, parent) => {
-      return (
-        fail(equalWith(child, parent)) ||
-        fail(equal(child.nb.as, parent.nb.as, 'as')) ||
-        true
-      )
-    },
-  }),
+export const authorize = capability({
+  can: 'access/authorize',
+  with: DID.match({ method: 'key' }),
   /**
-   * `access/authorize` can be derived from the `access/*` & `*` capability
-   * as long as the `with` fields match.
+   * Authorization request describing set of desired capabilities
    */
-  derives: equalWith,
+  nb: AuthorizationRequest,
+  derives: (child, parent) => {
+    return (
+      fail(equalWith(child, parent)) ||
+      fail(equal(child.nb.iss, parent.nb.iss, 'iss')) ||
+      fail(subsetCapabilities(child.nb.att, parent.nb.att)) ||
+      true
+    )
+  },
 })
@@ -99,48 +103,37 @@
   with: URI.match({ protocol: 'did:' }),
-  nb: {
+  nb: Schema.struct({
     // Agent DID so it can sign UCANs as did:mailto if it matches this delegation `aud`
     key: DID.match({ method: 'key' }),
-  },
+  }),
 })
 
-export const claim = base.derive({
-  to: capability({
-    can: 'access/claim',
-    with: DID.match({ method: 'key' }).or(DID.match({ method: 'mailto' })),
-    derives: equalWith,
-  }),
-  derives: equalWith,
+export const claim = capability({
+  can: 'access/claim',
+  with: DID.match({ method: 'key' }).or(DID.match({ method: 'mailto' })),
 })
 
 // https://github.com/web3-storage/specs/blob/main/w3-access.md#accessdelegate
-export const delegate = base.derive({
-  to: capability({
-    can: 'access/delegate',
+export const delegate = capability({
+  can: 'access/delegate',
+  /**
+   * Field MUST be a space DID with a storage provider. Delegation will be stored just like any other DAG stored using store/add capability.
+   *
+   * @see https://github.com/web3-storage/specs/blob/main/w3-access.md#delegate-with
+   */
+  with: DID.match({ method: 'key' }),
+  nb: Schema.struct({
+    // keys SHOULD be CIDs, but we won't require it in the schema
     /**
-     * Field MUST be a space DID with a storage provider. Delegation will be stored just like any other DAG stored using store/add capability.
-     *
-     * @see https://github.com/web3-storage/specs/blob/main/w3-access.md#delegate-with
+     * @type {Schema.Schema<AccessDelegateDelegations>}
      */
-    with: DID.match({ method: 'key' }),
-    nb: {
-      // keys SHOULD be CIDs, but we won't require it in the schema
-      /**
-       * @type {Schema.Schema<AccessDelegateDelegations>}
-       */
-      delegations: Schema.dictionary({
-        value: Schema.Link.match(),
-      }),
-    },
-    derives: (claim, proof) => {
-      return (
-        fail(equalWith(claim, proof)) ||
-        fail(subsetsNbDelegations(claim, proof)) ||
-        true
-      )
-    },
+    delegations: Schema.dictionary({
+      value: Schema.Link.match(),
+    }),
   }),
   derives: (claim, proof) => {
-    // no need to check claim.nb.delegations is subset of proof
-    // because the proofs types here never include constraints on the nb.delegations set
-    return fail(equalWith(claim, proof)) || true
+    return (
+      fail(equalWith(claim, proof)) ||
+      fail(subsetsNbDelegations(claim, proof)) ||
+      true
+    )
   },
@@ -185,2 +178,34 @@ })
 /**
+ * Checks that set of requested capabilities is a subset of the capabilities
+ * that had been allowed by the owner or the delegate.
+ *
+ * ⚠️ This function does not currently check that say `store/add` is allowed
+ * when say `store/*` was delegated, because it seems very unlikely that we
+ * will ever encounter delegations for `access/authorize` at all.
+ *
+ * @param {Schema.Infer<CapabilityRequest>[]} claim
+ * @param {Schema.Infer<CapabilityRequest>[]} proof
+ */
+const subsetCapabilities = (claim, proof) => {
+  const allowed = new Set(proof.map((p) => p.can))
+  // If everything is allowed, no need to check further because it contains
+  // all the capabilities.
+  if (allowed.has('*')) {
+    return true
+  }
+
+  // Otherwise we compute delta between what is allowed and what is requested.
+  const escalated = setDifference(
+    claim.map((c) => c.can),
+    allowed
+  )
+
+  if (escalated.size > 0) {
+    return new Failure(`unauthorized nb.att.can ${[...escalated].join(', ')}`)
+  }
+
+  return true
+}
+
+/**
  * iterate delegated UCAN CIDs from an access/delegate capability.nb.delegations value.
@@ -187,0 +212,0 @@ *

src/space.js

@@ -12,9 +12,8 @@ /**
 
-import { top } from './top.js'
 import * as Store from './store.js'
-import { capability, URI } from '@ucanto/validator'
+import { capability, URI, Schema } from '@ucanto/validator'
 import { canDelegateURI, equalWith, fail } from './utils.js'
 import * as Upload from './upload.js'
+export { top } from './top.js'
 
-export { top } from './top.js'
 // Need this to workaround TS bug
@@ -24,13 +23,8 @@ // @see https://github.com/microsoft/TypeScript/issues/51548
 
-export const space = top.derive({
-  to: capability({
-    can: 'space/*',
-    with: URI.match({ protocol: 'did:' }),
-    derives: equalWith,
-  }),
+export const space = capability({
+  can: 'space/*',
+  with: URI.match({ protocol: 'did:' }),
   derives: equalWith,
 })
 
-const base = top.or(space)
-
 /**
@@ -41,4 +35,3 @@ * `space/info` can be derived from any of the `store/*`
  */
-export const info = base
-  .or(Store.add)
+export const info = Store.add
   .or(Store.list)
@@ -53,3 +46,2 @@ .or(Store.remove)
       with: URI.match({ protocol: 'did:' }),
-      derives: equalWith,
     }),
@@ -59,30 +51,23 @@ derives: equalWith,
 
-export const recoverValidation = base.derive({
-  to: capability({
-    can: 'space/recover-validation',
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      identity: URI.match({ protocol: 'mailto:' }),
-    },
-    derives: equalWith,
+export const recoverValidation = capability({
+  can: 'space/recover-validation',
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
+    identity: URI.match({ protocol: 'mailto:' }),
   }),
-  derives: equalWith,
 })
 
-export const recover = base.derive({
-  to: capability({
-    can: 'space/recover',
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      identity: URI.match({ protocol: 'mailto:' }),
-    },
-    derives: (child, parent) => {
-      return (
-        fail(equalWith(child, parent)) ||
-        fail(canDelegateURI(child.nb.identity, parent.nb.identity)) ||
-        true
-      )
-    },
+export const recover = capability({
+  can: 'space/recover',
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
+    identity: URI.match({ protocol: 'mailto:' }),
   }),
-  derives: equalWith,
+  derives: (child, parent) => {
+    return (
+      fail(equalWith(child, parent)) ||
+      fail(canDelegateURI(child.nb.identity, parent.nb.identity)) ||
+      true
+    )
+  },
 })

src/store.js

@@ -13,3 +13,2 @@ /**
 import { equalLink, equalWith } from './utils.js'
-import { top } from './top.js'
 
@@ -21,26 +20,12 @@ /**
  */
-export const store = top.derive({
-  to: capability({
-    can: 'store/*',
-    /**
-     * did:key identifier of the (memory) space where CAR is intended to
-     * be stored.
-     */
-    with: URI.match({ protocol: 'did:' }),
-    derives: equalWith,
-  }),
+export const store = capability({
+  can: 'store/*',
   /**
-   * `store/*` can be derived from the `*` capability as long as `with` field
-   * is the same.
+   * did:key identifier of the (memory) space where CAR is intended to
+   * be stored.
    */
+  with: URI.match({ protocol: 'did:' }),
   derives: equalWith,
 })
 
-// Right now ucanto does not yet has native `*` support, which means
-// `store/add` can not be derived from `*` event though it can be
-// derived from `store/*`. As a workaround we just define base capability
-// here so all store capabilities could be derived from either `*` or
-// `store/*`.
-const base = top.or(store)
-
 /**
@@ -53,53 +38,46 @@ * `store/add` capability allows agent to store a CAR file into a (memory) space
  */
-export const add = base.derive({
-  to: capability({
-    can: 'store/add',
+export const add = capability({
+  can: 'store/add',
+  /**
+   * did:key identifier of the (memory) space where CAR is intended to
+   * be stored.
+   */
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
     /**
-     * did:key identifier of the (memory) space where CAR is intended to
-     * be stored.
+     * CID of the CAR file to be stored. Service will provision write target
+     * for this exact CAR file for agent to PUT or POST it. Attempt to write
+     * any other content will fail.
      */
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * CID of the CAR file to be stored. Service will provision write target
-       * for this exact CAR file for agent to PUT or POST it. Attempt to write
-       * any other content will fail.
-       */
-      link: Link,
-      /**
-       * Size of the CAR file to be stored. Service will provision write target
-       * for this exact size. Attempt to write a larger CAR file will fail.
-       */
-      size: Schema.integer(),
-      /**
-       * Agent may optionally provide a link to a related CAR file using `origin`
-       * field. This is useful when storing large DAGs, agent could shard it
-       * across multiple CAR files and then link each shard with a previous one.
-       *
-       * Providing this relation tells service that given CAR is shard of the
-       * larger DAG as opposed to it being intentionally partial DAG. When DAG is
-       * not sharded, there will be only one `store/add` with `origin` left out.
-       */
-      origin: Link.optional(),
-    },
-    derives: (claim, from) => {
-      const result = equalLink(claim, from)
-      if (result.error) {
-        return result
-      } else if (claim.nb.size !== undefined && from.nb.size !== undefined) {
-        return claim.nb.size > from.nb.size
-          ? new Failure(
-              `Size constraint violation: ${claim.nb.size} > ${from.nb.size}`
-            )
-          : true
-      } else {
-        return true
-      }
-    },
+    link: Link,
+    /**
+     * Size of the CAR file to be stored. Service will provision write target
+     * for this exact size. Attempt to write a larger CAR file will fail.
+     */
+    size: Schema.integer(),
+    /**
+     * Agent may optionally provide a link to a related CAR file using `origin`
+     * field. This is useful when storing large DAGs, agent could shard it
+     * across multiple CAR files and then link each shard with a previous one.
+     *
+     * Providing this relation tells service that given CAR is shard of the
+     * larger DAG as opposed to it being intentionally partial DAG. When DAG is
+     * not sharded, there will be only one `store/add` with `origin` left out.
+     */
+    origin: Link.optional(),
   }),
-  /**
-   * `store/add` can be derived from the `store/*` & `*` capability
-   * as long as the `with` fields match.
-   */
-  derives: equalWith,
+  derives: (claim, from) => {
+    const result = equalLink(claim, from)
+    if (result.error) {
+      return result
+    } else if (claim.nb.size !== undefined && from.nb.size !== undefined) {
+      return claim.nb.size > from.nb.size
+        ? new Failure(
+            `Size constraint violation: ${claim.nb.size} > ${from.nb.size}`
+          )
+        : true
+    } else {
+      return true
+    }
+  },
 })
@@ -111,23 +89,16 @@
  */
-export const remove = base.derive({
-  to: capability({
-    can: 'store/remove',
+export const remove = capability({
+  can: 'store/remove',
+  /**
+   * did:key identifier of the (memory) space where CAR is intended to
+   * be stored.
+   */
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
     /**
-     * did:key identifier of the (memory) space where CAR is intended to
-     * be stored.
+     * CID of the CAR file to be removed from the store.
      */
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * CID of the CAR file to be removed from the store.
-       */
-      link: Link,
-    },
-    derives: equalLink,
+    link: Link,
   }),
-  /**
-   * `store/remove` can be derived from the `store/*` & `*` capability
-   * as long as the `with` fields match.
-   */
-  derives: equalWith,
+  derives: equalLink,
 })
@@ -139,39 +110,32 @@
  */
-export const list = base.derive({
-  to: capability({
-    can: 'store/list',
+export const list = capability({
+  can: 'store/list',
+  /**
+   * did:key identifier of the (memory) space where CAR is intended to
+   * be stored.
+   */
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
     /**
-     * did:key identifier of the (memory) space where CAR is intended to
-     * be stored.
+     * A pointer that can be moved back and forth on the list.
+     * It can be used to paginate a list for instance.
      */
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * A pointer that can be moved back and forth on the list.
-       * It can be used to paginate a list for instance.
-       */
-      cursor: Schema.string().optional(),
-      /**
-       * Maximum number of items per page.
-       */
-      size: Schema.integer().optional(),
-      /**
-       * If true, return page of results preceding cursor. Defaults to false.
-       */
-      pre: Schema.boolean().optional(),
-    },
-    derives: (claimed, delegated) => {
-      if (claimed.with !== delegated.with) {
-        return new Failure(
-          `Expected 'with: "${delegated.with}"' instead got '${claimed.with}'`
-        )
-      }
-      return true
-    },
+    cursor: Schema.string().optional(),
+    /**
+     * Maximum number of items per page.
+     */
+    size: Schema.integer().optional(),
+    /**
+     * If true, return page of results preceding cursor. Defaults to false.
+     */
+    pre: Schema.boolean().optional(),
   }),
-  /**
-   * `store/list` can be derived from the `store/*` & `*` capability
-   * as long as the `with` fields match.
-   */
-  derives: equalWith,
+  derives: (claimed, delegated) => {
+    if (claimed.with !== delegated.with) {
+      return new Failure(
+        `Expected 'with: "${delegated.with}"' instead got '${claimed.with}'`
+      )
+    }
+    return true
+  },
 })
@@ -181,4 +145,4 @@
 
-// ⚠️ We export imports here so they are not omited in generated typedes
+// ⚠️ We export imports here so they are not omitted in generated typedes
 // @see https://github.com/microsoft/TypeScript/issues/51548
 export { Schema, Link }

src/types.ts

 import type { TupleToUnion } from 'type-fest'
+import * as Ucanto from '@ucanto/interface'
 import { InferInvokedCapability } from '@ucanto/interface'
@@ -10,2 +11,13 @@ import { space, info, recover, recoverValidation } from './space.js'
 
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface Unit {}
+/**
+ * failure due to a resource not having enough storage capacity.
+ */
+export interface InsufficientStorage {
+  error: true
+  name: 'InsufficientStorage'
+  message: string
+}
+
 // Access
@@ -16,2 +28,17 @@ export type Access = InferInvokedCapability<typeof AccessCaps.access>
 >
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export type AccessAuthorizeSuccess = Unit
+export type AccessClaim = InferInvokedCapability<typeof AccessCaps.claim>
+export interface AccessClaimSuccess {
+  delegations: Record<string, Ucanto.ByteView<Ucanto.Delegation>>
+}
+export interface AccessClaimFailure {
+  error: true
+}
+
+export type AccessDelegate = InferInvokedCapability<typeof AccessCaps.delegate>
+export type AccessDelegateSuccess = unknown
+export type AccessDelegateFailure = { error: true } | InsufficientStorage
+
 export type AccessSession = InferInvokedCapability<typeof AccessCaps.session>
@@ -18,0 +45,0 @@

src/upload.js

@@ -14,3 +14,2 @@ /**
 import { equalWith, fail, equal } from './utils.js'
-import { top } from './top.js'
 
@@ -22,26 +21,12 @@ /**
  */
-export const upload = top.derive({
-  to: capability({
-    can: 'upload/*',
-    /**
-     * did:key identifier of the (memory) space where upload is add to the
-     * upload list.
-     */
-    with: URI.match({ protocol: 'did:' }),
-    derives: equalWith,
-  }),
+export const upload = capability({
+  can: 'upload/*',
   /**
-   * `upload/*` can be derived from the `*` capability as long as `with` field
-   * is the same.
+   * did:key identifier of the (memory) space where upload is add to the
+   * upload list.
    */
+  with: URI.match({ protocol: 'did:' }),
   derives: equalWith,
 })
 
-// Right now ucanto does not yet has native `*` support, which means
-// `upload/add` can not be derived from `*` event though it can be
-// derived from `upload/*`. As a workaround we just define base capability
-// here so all store capabilities could be derived from either `*` or
-// `upload/*`.
-const base = top.or(upload)
-
 /**
@@ -71,33 +56,26 @@ * Schema representing a link (a.k.a CID) to a CAR file. Enforces CAR codec code and CID v1.
  */
-export const add = base.derive({
-  to: capability({
-    can: 'upload/add',
+export const add = capability({
+  can: 'upload/add',
+  /**
+   * did:key identifier of the (memory) space where uploaded is added.
+   */
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
     /**
-     * did:key identifier of the (memory) space where uploaded is added.
+     * Root CID of the DAG to be added to the upload list.
      */
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * Root CID of the DAG to be added to the upload list.
-       */
-      root: Link,
-      /**
-       * CIDs to the CAR files that contain blocks of the DAG.
-       */
-      shards: CARLink.array().optional(),
-    },
-    derives: (self, from) => {
-      return (
-        fail(equalWith(self, from)) ||
-        fail(equal(self.nb.root, from.nb.root, 'root')) ||
-        fail(equal(self.nb.shards, from.nb.shards, 'shards')) ||
-        true
-      )
-    },
+    root: Link,
+    /**
+     * CIDs to the CAR files that contain blocks of the DAG.
+     */
+    shards: CARLink.array().optional(),
   }),
-  /**
-   * `upload/add` can be derived from the `upload/*` & `*` capability
-   * as long as `with` fields match.
-   */
-  derives: equalWith,
+  derives: (self, from) => {
+    return (
+      fail(equalWith(self, from)) ||
+      fail(equal(self.nb.root, from.nb.root, 'root')) ||
+      fail(equal(self.nb.shards, from.nb.shards, 'shards')) ||
+      true
+    )
+  },
 })
@@ -110,28 +88,21 @@
  */
-export const remove = base.derive({
-  to: capability({
-    can: 'upload/remove',
+export const remove = capability({
+  can: 'upload/remove',
+  /**
+   * did:key identifier of the (memory) space where uploaded is removed from.
+   */
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
     /**
-     * did:key identifier of the (memory) space where uploaded is removed from.
+     * Root CID of the DAG to be removed from the upload list.
      */
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * Root CID of the DAG to be removed from the upload list.
-       */
-      root: Link,
-    },
-    derives: (self, from) => {
-      return (
-        fail(equalWith(self, from)) ||
-        fail(equal(self.nb.root, from.nb.root, 'root')) ||
-        true
-      )
-    },
+    root: Link,
   }),
-  /**
-   * `upload/remove` can be derived from the `upload/*` & `*` capability
-   * as long as `with` fields match.
-   */
-  derives: equalWith,
+  derives: (self, from) => {
+    return (
+      fail(equalWith(self, from)) ||
+      fail(equal(self.nb.root, from.nb.root, 'root')) ||
+      true
+    )
+  },
 })
@@ -143,27 +114,20 @@
  */
-export const list = base.derive({
-  to: capability({
-    can: 'upload/list',
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * A pointer that can be moved back and forth on the list.
-       * It can be used to paginate a list for instance.
-       */
-      cursor: Schema.string().optional(),
-      /**
-       * Maximum number of items per page.
-       */
-      size: Schema.integer().optional(),
-      /**
-       * If true, return page of results preceding cursor. Defaults to false.
-       */
-      pre: Schema.boolean().optional(),
-    },
+export const list = capability({
+  can: 'upload/list',
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
+    /**
+     * A pointer that can be moved back and forth on the list.
+     * It can be used to paginate a list for instance.
+     */
+    cursor: Schema.string().optional(),
+    /**
+     * Maximum number of items per page.
+     */
+    size: Schema.integer().optional(),
+    /**
+     * If true, return page of results preceding cursor. Defaults to false.
+     */
+    pre: Schema.boolean().optional(),
   }),
-  /**
-   * `upload/list` can be derived from the `upload/*` & `*` capability
-   * as long as with fields match.
-   */
-  derives: equalWith,
 })
@@ -173,4 +137,4 @@
 
-// ⚠️ We export imports here so they are not omited in generated typedefs
+// ⚠️ We export imports here so they are not omitted in generated typedefs
 // @see https://github.com/microsoft/TypeScript/issues/51548
 export { Link, Schema }

src/utils.js

@@ -103,3 +103,3 @@ import { Failure } from '@ucanto/validator'
  *
- * TODO: needs to account for caps derived from diferent namespaces like 'account/info' can be derived from 'store/add'
+ * TODO: needs to account for caps derived from different namespaces like 'account/info' can be derived from 'store/add'
  *
@@ -123,3 +123,3 @@ * @param {import('@ucanto/interface').Ability} parent
 
-  // namespaces dont match
+  // namespaces don't match
   if (parsedParent.namespace !== parsedChild.namespace) {
@@ -126,0 +126,0 @@ return false

src/voucher.js

@@ -11,11 +11,6 @@ /**
  */
-import { capability, URI, DID } from '@ucanto/validator'
-// @ts-ignore
-// eslint-disable-next-line no-unused-vars
-import * as Types from '@ucanto/interface'
+import { capability, URI, DID, Schema } from '@ucanto/validator'
 import { equalWith, fail, equal } from './utils.js'
-import { top } from './top.js'
+export { top } from './top.js'
 
-export { top }
-
 /**
@@ -45,13 +40,8 @@ * Products are identified by the CID of the DAG that describes them.
  */
-export const voucher = top.derive({
-  to: capability({
-    can: 'voucher/*',
-    with: URI.match({ protocol: 'did:' }),
-    derives: equalWith,
-  }),
+export const voucher = capability({
+  can: 'voucher/*',
+  with: URI.match({ protocol: 'did:' }),
   derives: equalWith,
 })
 
-const base = top.or(voucher)
-
 /**
@@ -66,74 +56,60 @@ * Capability can be invoked by an agent to claim a voucher for a specific
  */
-export const claim = base.derive({
-  to: capability({
-    can: 'voucher/claim',
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * URI of the product agent is requesting a voucher of.
-       */
-      product: Product,
-      /**
-       * Verifiable identity on who's behalf behalf claim is made.
-       */
-      identity: Identity,
-      /**
-       * Optional service DID who's voucher is been requested.
-       */
-      service: Service.optional(),
-    },
-    derives: (child, parent) => {
-      return (
-        fail(equalWith(child, parent)) ||
-        fail(equal(child.nb.product, parent.nb.product, 'product')) ||
-        fail(equal(child.nb.identity, parent.nb.identity, 'identity')) ||
-        fail(equal(child.nb.service, parent.nb.service, 'service')) ||
-        true
-      )
-    },
+export const claim = capability({
+  can: 'voucher/claim',
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
+    /**
+     * URI of the product agent is requesting a voucher of.
+     */
+    product: Product,
+    /**
+     * Verifiable identity on who's behalf behalf claim is made.
+     */
+    identity: Identity,
+    /**
+     * Optional service DID who's voucher is been requested.
+     */
+    service: Service.optional(),
   }),
-  /**
-   * `voucher/claim` can be derived from the `voucher/*` & `*` capability
-   * as long as the `with` fields match.
-   */
-  derives: equalWith,
+  derives: (child, parent) => {
+    return (
+      fail(equalWith(child, parent)) ||
+      fail(equal(child.nb.product, parent.nb.product, 'product')) ||
+      fail(equal(child.nb.identity, parent.nb.identity, 'identity')) ||
+      fail(equal(child.nb.service, parent.nb.service, 'service')) ||
+      true
+    )
+  },
 })
 
-export const redeem = voucher.derive({
-  to: capability({
-    can: 'voucher/redeem',
-    with: URI.match({ protocol: 'did:' }),
-    nb: {
-      /**
-       * Link of the product voucher is for. Must be the same as `nb.product`
-       * of `voucher/claim` that requested this.
-       */
-      product: Product,
-      /**
-       * Verifiable identity to whom voucher is issued. It is a `mailto:` URL
-       * where this delegation is typically sent.
-       */
-      identity: Identity,
-      /**
-       * Space identifier where voucher can be redeemed. When service delegates
-       * `voucher/redeem` to the user agent it may omit this field to allow
-       * agent to choose space.
-       */
-      space: URI.match({ protocol: 'did:' }),
-    },
-    derives: (child, parent) => {
-      return (
-        fail(equalWith(child, parent)) ||
-        fail(equal(child.nb.product, parent.nb.product, 'product')) ||
-        fail(equal(child.nb.identity, parent.nb.identity, 'identity')) ||
-        fail(equal(child.nb.space, parent.nb.space, 'account')) ||
-        true
-      )
-    },
+export const redeem = capability({
+  can: 'voucher/redeem',
+  with: URI.match({ protocol: 'did:' }),
+  nb: Schema.struct({
+    /**
+     * Link of the product voucher is for. Must be the same as `nb.product`
+     * of `voucher/claim` that requested this.
+     */
+    product: Product,
+    /**
+     * Verifiable identity to whom voucher is issued. It is a `mailto:` URL
+     * where this delegation is typically sent.
+     */
+    identity: Identity,
+    /**
+     * Space identifier where voucher can be redeemed. When service delegates
+     * `voucher/redeem` to the user agent it may omit this field to allow
+     * agent to choose space.
+     */
+    space: URI.match({ protocol: 'did:' }),
   }),
-  /**
-   * `voucher/redeem` can be derived from the `voucher/*` & `*` capability
-   * as long as the `with` fields match.
-   */
-  derives: equalWith,
+  derives: (child, parent) => {
+    return (
+      fail(equalWith(child, parent)) ||
+      fail(equal(child.nb.product, parent.nb.product, 'product')) ||
+      fail(equal(child.nb.identity, parent.nb.identity, 'identity')) ||
+      fail(equal(child.nb.space, parent.nb.space, 'account')) ||
+      true
+    )
+  },
 })

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

63597

decreased by-20.63%

Lines of code

1331

decreased by-22.3%

Dependency changes

• + Added@ucanto/core@5.2.0(transitive)

• + Added@ucanto/interface@5.0.06.2.0(transitive)

• + Added@ucanto/principal@5.1.0(transitive)

• + Added@ucanto/transport@5.1.1(transitive)

• + Added@ucanto/validator@5.0.0(transitive)

• - Removed@ucanto/core@4.4.0(transitive)

• - Removed@ucanto/interface@4.4.1(transitive)

• - Removed@ucanto/principal@4.4.0(transitive)

• - Removed@ucanto/transport@4.4.0(transitive)

• - Removed@ucanto/validator@4.4.0(transitive)

• Updated@ucanto/core@^5.0.0

• Updated@ucanto/interface@^5.0.0

• Updated@ucanto/principal@^5.0.0

• Updated@ucanto/transport@^5.0.0

• Updated@ucanto/validator@^5.0.0