@aigrc/core 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/air/index.d.mts +1669 -0
  2. package/dist/air/index.d.ts +1669 -0
  3. package/dist/air/index.js +450 -0
  4. package/dist/air/index.js.map +1 -0
  5. package/dist/air/index.mjs +410 -0
  6. package/dist/air/index.mjs.map +1 -0
  7. package/dist/governance-lock/index.d.mts +903 -0
  8. package/dist/governance-lock/index.d.ts +903 -0
  9. package/dist/governance-lock/index.js +444 -0
  10. package/dist/governance-lock/index.js.map +1 -0
  11. package/dist/governance-lock/index.mjs +389 -0
  12. package/dist/governance-lock/index.mjs.map +1 -0
  13. package/dist/index.d.mts +467 -4
  14. package/dist/index.d.ts +467 -4
  15. package/dist/index.js +2213 -3
  16. package/dist/index.js.map +1 -1
  17. package/dist/index.mjs +2114 -2
  18. package/dist/index.mjs.map +1 -1
  19. package/dist/schemas/index.d.mts +1950 -29
  20. package/dist/schemas/index.d.ts +1950 -29
  21. package/dist/schemas/index.js +354 -1
  22. package/dist/schemas/index.js.map +1 -1
  23. package/dist/schemas/index.mjs +332 -1
  24. package/dist/schemas/index.mjs.map +1 -1
  25. package/package.json +11 -1
package/dist/schemas/index.d.ts CHANGED
@@ -1209,6 +1209,1827 @@ declare const ConstraintsSchema: z.ZodObject<{
1209
1209
  } | undefined;
1210
1210
  }>;
1211
1211
  type Constraints = z.infer<typeof ConstraintsSchema>;
1212
+ declare const RiskLevelSchema: z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>;
1213
+ type RiskLevel = z.infer<typeof RiskLevelSchema>;
1214
+ declare const GoldenThreadSchema: z.ZodObject<{
1215
+ /** Ticket ID from approval system (e.g., "FIN-1234") */
1216
+ ticket_id: z.ZodString;
1217
+ /** Email of approver (e.g., "ciso@corp.com") */
1218
+ approved_by: z.ZodString;
1219
+ /** ISO 8601 timestamp of approval (e.g., "2025-01-15T10:30:00Z") */
1220
+ approved_at: z.ZodString;
1221
+ /** SHA-256 hash of canonical string: sha256:{64 hex chars} */
1222
+ hash: z.ZodOptional<z.ZodString>;
1223
+ /** Optional cryptographic signature: {ALGORITHM}:{BASE64_SIGNATURE} */
1224
+ signature: z.ZodOptional<z.ZodString>;
1225
+ }, "strip", z.ZodTypeAny, {
1226
+ ticket_id: string;
1227
+ approved_by: string;
1228
+ approved_at: string;
1229
+ hash?: string | undefined;
1230
+ signature?: string | undefined;
1231
+ }, {
1232
+ ticket_id: string;
1233
+ approved_by: string;
1234
+ approved_at: string;
1235
+ hash?: string | undefined;
1236
+ signature?: string | undefined;
1237
+ }>;
1238
+ type GoldenThread = z.infer<typeof GoldenThreadSchema>;
1239
+ declare const LineageSchema: z.ZodObject<{
1240
+ /** Parent agent's instance_id, null for root agents */
1241
+ parent_instance_id: z.ZodNullable<z.ZodString>;
1242
+ /** Depth in spawn tree: 0 for root, 1 for first child, etc. */
1243
+ generation_depth: z.ZodNumber;
1244
+ /** Chain of ancestor instance_ids from root to parent */
1245
+ ancestor_chain: z.ZodArray<z.ZodString, "many">;
1246
+ /** When this agent was spawned */
1247
+ spawned_at: z.ZodString;
1248
+ /** Root agent's instance_id for tracing entire tree */
1249
+ root_instance_id: z.ZodString;
1250
+ }, "strip", z.ZodTypeAny, {
1251
+ parent_instance_id: string | null;
1252
+ generation_depth: number;
1253
+ ancestor_chain: string[];
1254
+ spawned_at: string;
1255
+ root_instance_id: string;
1256
+ }, {
1257
+ parent_instance_id: string | null;
1258
+ generation_depth: number;
1259
+ ancestor_chain: string[];
1260
+ spawned_at: string;
1261
+ root_instance_id: string;
1262
+ }>;
1263
+ type Lineage = z.infer<typeof LineageSchema>;
1264
+ declare const CapabilitiesManifestSchema: z.ZodObject<{
1265
+ /** List of allowed tool/action identifiers (supports wildcards: *, prefix_*) */
1266
+ allowed_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1267
+ /** List of explicitly denied tools (takes precedence over allowed) */
1268
+ denied_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1269
+ /** Allowed domain patterns (regex) for external resources */
1270
+ allowed_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1271
+ /** Denied domain patterns (takes precedence over allowed) */
1272
+ denied_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1273
+ /** Maximum cost per session in USD */
1274
+ max_cost_per_session: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1275
+ /** Maximum cost per day in USD */
1276
+ max_cost_per_day: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1277
+ /** Maximum tokens per single API call */
1278
+ max_tokens_per_call: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1279
+ /** Whether this agent can spawn child agents */
1280
+ may_spawn_children: z.ZodDefault<z.ZodBoolean>;
1281
+ /** Maximum depth of child agent spawning (0 = cannot spawn) */
1282
+ max_child_depth: z.ZodDefault<z.ZodNumber>;
1283
+ /** Capability decay mode for children: decay, explicit, inherit */
1284
+ capability_mode: z.ZodDefault<z.ZodEnum<["decay", "explicit", "inherit"]>>;
1285
+ /** Custom extension fields */
1286
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1287
+ }, "strip", z.ZodTypeAny, {
1288
+ allowed_tools: string[];
1289
+ denied_tools: string[];
1290
+ allowed_domains: string[];
1291
+ denied_domains: string[];
1292
+ may_spawn_children: boolean;
1293
+ max_child_depth: number;
1294
+ capability_mode: "decay" | "explicit" | "inherit";
1295
+ custom?: Record<string, unknown> | undefined;
1296
+ max_cost_per_session?: number | null | undefined;
1297
+ max_cost_per_day?: number | null | undefined;
1298
+ max_tokens_per_call?: number | null | undefined;
1299
+ }, {
1300
+ custom?: Record<string, unknown> | undefined;
1301
+ allowed_tools?: string[] | undefined;
1302
+ denied_tools?: string[] | undefined;
1303
+ allowed_domains?: string[] | undefined;
1304
+ denied_domains?: string[] | undefined;
1305
+ max_cost_per_session?: number | null | undefined;
1306
+ max_cost_per_day?: number | null | undefined;
1307
+ max_tokens_per_call?: number | null | undefined;
1308
+ may_spawn_children?: boolean | undefined;
1309
+ max_child_depth?: number | undefined;
1310
+ capability_mode?: "decay" | "explicit" | "inherit" | undefined;
1311
+ }>;
1312
+ type CapabilitiesManifest = z.infer<typeof CapabilitiesManifestSchema>;
1313
+ declare const OperatingModeSchema: z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>;
1314
+ type OperatingMode = z.infer<typeof OperatingModeSchema>;
1315
+ declare const RuntimeIdentitySchema: z.ZodObject<{
1316
+ /** Unique UUIDv4 for this runtime instance */
1317
+ instance_id: z.ZodString;
1318
+ /** Asset ID from the Asset Card (e.g., "aigrc-2024-a1b2c3d4") */
1319
+ asset_id: z.ZodString;
1320
+ /** Human-readable name from Asset Card */
1321
+ asset_name: z.ZodString;
1322
+ /** Semantic version from Asset Card */
1323
+ asset_version: z.ZodString;
1324
+ /** SHA-256 hash of Golden Thread data */
1325
+ golden_thread_hash: z.ZodString;
1326
+ /** Full Golden Thread authorization data */
1327
+ golden_thread: z.ZodObject<{
1328
+ /** Ticket ID from approval system (e.g., "FIN-1234") */
1329
+ ticket_id: z.ZodString;
1330
+ /** Email of approver (e.g., "ciso@corp.com") */
1331
+ approved_by: z.ZodString;
1332
+ /** ISO 8601 timestamp of approval (e.g., "2025-01-15T10:30:00Z") */
1333
+ approved_at: z.ZodString;
1334
+ /** SHA-256 hash of canonical string: sha256:{64 hex chars} */
1335
+ hash: z.ZodOptional<z.ZodString>;
1336
+ /** Optional cryptographic signature: {ALGORITHM}:{BASE64_SIGNATURE} */
1337
+ signature: z.ZodOptional<z.ZodString>;
1338
+ }, "strip", z.ZodTypeAny, {
1339
+ ticket_id: string;
1340
+ approved_by: string;
1341
+ approved_at: string;
1342
+ hash?: string | undefined;
1343
+ signature?: string | undefined;
1344
+ }, {
1345
+ ticket_id: string;
1346
+ approved_by: string;
1347
+ approved_at: string;
1348
+ hash?: string | undefined;
1349
+ signature?: string | undefined;
1350
+ }>;
1351
+ /** Risk level from classification */
1352
+ risk_level: z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>;
1353
+ /** Agent lineage for spawned agents */
1354
+ lineage: z.ZodObject<{
1355
+ /** Parent agent's instance_id, null for root agents */
1356
+ parent_instance_id: z.ZodNullable<z.ZodString>;
1357
+ /** Depth in spawn tree: 0 for root, 1 for first child, etc. */
1358
+ generation_depth: z.ZodNumber;
1359
+ /** Chain of ancestor instance_ids from root to parent */
1360
+ ancestor_chain: z.ZodArray<z.ZodString, "many">;
1361
+ /** When this agent was spawned */
1362
+ spawned_at: z.ZodString;
1363
+ /** Root agent's instance_id for tracing entire tree */
1364
+ root_instance_id: z.ZodString;
1365
+ }, "strip", z.ZodTypeAny, {
1366
+ parent_instance_id: string | null;
1367
+ generation_depth: number;
1368
+ ancestor_chain: string[];
1369
+ spawned_at: string;
1370
+ root_instance_id: string;
1371
+ }, {
1372
+ parent_instance_id: string | null;
1373
+ generation_depth: number;
1374
+ ancestor_chain: string[];
1375
+ spawned_at: string;
1376
+ root_instance_id: string;
1377
+ }>;
1378
+ /** Capabilities manifest defining permissions */
1379
+ capabilities_manifest: z.ZodObject<{
1380
+ /** List of allowed tool/action identifiers (supports wildcards: *, prefix_*) */
1381
+ allowed_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1382
+ /** List of explicitly denied tools (takes precedence over allowed) */
1383
+ denied_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1384
+ /** Allowed domain patterns (regex) for external resources */
1385
+ allowed_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1386
+ /** Denied domain patterns (takes precedence over allowed) */
1387
+ denied_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
1388
+ /** Maximum cost per session in USD */
1389
+ max_cost_per_session: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1390
+ /** Maximum cost per day in USD */
1391
+ max_cost_per_day: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1392
+ /** Maximum tokens per single API call */
1393
+ max_tokens_per_call: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
1394
+ /** Whether this agent can spawn child agents */
1395
+ may_spawn_children: z.ZodDefault<z.ZodBoolean>;
1396
+ /** Maximum depth of child agent spawning (0 = cannot spawn) */
1397
+ max_child_depth: z.ZodDefault<z.ZodNumber>;
1398
+ /** Capability decay mode for children: decay, explicit, inherit */
1399
+ capability_mode: z.ZodDefault<z.ZodEnum<["decay", "explicit", "inherit"]>>;
1400
+ /** Custom extension fields */
1401
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1402
+ }, "strip", z.ZodTypeAny, {
1403
+ allowed_tools: string[];
1404
+ denied_tools: string[];
1405
+ allowed_domains: string[];
1406
+ denied_domains: string[];
1407
+ may_spawn_children: boolean;
1408
+ max_child_depth: number;
1409
+ capability_mode: "decay" | "explicit" | "inherit";
1410
+ custom?: Record<string, unknown> | undefined;
1411
+ max_cost_per_session?: number | null | undefined;
1412
+ max_cost_per_day?: number | null | undefined;
1413
+ max_tokens_per_call?: number | null | undefined;
1414
+ }, {
1415
+ custom?: Record<string, unknown> | undefined;
1416
+ allowed_tools?: string[] | undefined;
1417
+ denied_tools?: string[] | undefined;
1418
+ allowed_domains?: string[] | undefined;
1419
+ denied_domains?: string[] | undefined;
1420
+ max_cost_per_session?: number | null | undefined;
1421
+ max_cost_per_day?: number | null | undefined;
1422
+ max_tokens_per_call?: number | null | undefined;
1423
+ may_spawn_children?: boolean | undefined;
1424
+ max_child_depth?: number | undefined;
1425
+ capability_mode?: "decay" | "explicit" | "inherit" | undefined;
1426
+ }>;
1427
+ /** When this identity was created */
1428
+ created_at: z.ZodString;
1429
+ /** Whether Golden Thread hash has been verified */
1430
+ verified: z.ZodDefault<z.ZodBoolean>;
1431
+ /** Current operating mode */
1432
+ mode: z.ZodDefault<z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>>;
1433
+ }, "strip", z.ZodTypeAny, {
1434
+ instance_id: string;
1435
+ asset_id: string;
1436
+ asset_name: string;
1437
+ asset_version: string;
1438
+ golden_thread_hash: string;
1439
+ golden_thread: {
1440
+ ticket_id: string;
1441
+ approved_by: string;
1442
+ approved_at: string;
1443
+ hash?: string | undefined;
1444
+ signature?: string | undefined;
1445
+ };
1446
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1447
+ lineage: {
1448
+ parent_instance_id: string | null;
1449
+ generation_depth: number;
1450
+ ancestor_chain: string[];
1451
+ spawned_at: string;
1452
+ root_instance_id: string;
1453
+ };
1454
+ capabilities_manifest: {
1455
+ allowed_tools: string[];
1456
+ denied_tools: string[];
1457
+ allowed_domains: string[];
1458
+ denied_domains: string[];
1459
+ may_spawn_children: boolean;
1460
+ max_child_depth: number;
1461
+ capability_mode: "decay" | "explicit" | "inherit";
1462
+ custom?: Record<string, unknown> | undefined;
1463
+ max_cost_per_session?: number | null | undefined;
1464
+ max_cost_per_day?: number | null | undefined;
1465
+ max_tokens_per_call?: number | null | undefined;
1466
+ };
1467
+ created_at: string;
1468
+ verified: boolean;
1469
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1470
+ }, {
1471
+ instance_id: string;
1472
+ asset_id: string;
1473
+ asset_name: string;
1474
+ asset_version: string;
1475
+ golden_thread_hash: string;
1476
+ golden_thread: {
1477
+ ticket_id: string;
1478
+ approved_by: string;
1479
+ approved_at: string;
1480
+ hash?: string | undefined;
1481
+ signature?: string | undefined;
1482
+ };
1483
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1484
+ lineage: {
1485
+ parent_instance_id: string | null;
1486
+ generation_depth: number;
1487
+ ancestor_chain: string[];
1488
+ spawned_at: string;
1489
+ root_instance_id: string;
1490
+ };
1491
+ capabilities_manifest: {
1492
+ custom?: Record<string, unknown> | undefined;
1493
+ allowed_tools?: string[] | undefined;
1494
+ denied_tools?: string[] | undefined;
1495
+ allowed_domains?: string[] | undefined;
1496
+ denied_domains?: string[] | undefined;
1497
+ max_cost_per_session?: number | null | undefined;
1498
+ max_cost_per_day?: number | null | undefined;
1499
+ max_tokens_per_call?: number | null | undefined;
1500
+ may_spawn_children?: boolean | undefined;
1501
+ max_child_depth?: number | undefined;
1502
+ capability_mode?: "decay" | "explicit" | "inherit" | undefined;
1503
+ };
1504
+ created_at: string;
1505
+ verified?: boolean | undefined;
1506
+ mode?: "NORMAL" | "SANDBOX" | "RESTRICTED" | undefined;
1507
+ }>;
1508
+ type RuntimeIdentity = z.infer<typeof RuntimeIdentitySchema>;
1509
+ declare const KillSwitchCommandTypeSchema: z.ZodEnum<["TERMINATE", "PAUSE", "RESUME"]>;
1510
+ type KillSwitchCommandType = z.infer<typeof KillSwitchCommandTypeSchema>;
1511
+ declare const KillSwitchCommandSchema: z.ZodObject<{
1512
+ /** Unique command ID for idempotency and replay prevention */
1513
+ command_id: z.ZodString;
1514
+ /** Type of command */
1515
+ type: z.ZodEnum<["TERMINATE", "PAUSE", "RESUME"]>;
1516
+ /** Target instance_id (optional, for specific instance) */
1517
+ instance_id: z.ZodOptional<z.ZodString>;
1518
+ /** Target asset_id (optional, for all instances of an asset) */
1519
+ asset_id: z.ZodOptional<z.ZodString>;
1520
+ /** Target organization (optional, for org-wide kill) */
1521
+ organization: z.ZodOptional<z.ZodString>;
1522
+ /** Cryptographic signature for verification */
1523
+ signature: z.ZodString;
1524
+ /** ISO 8601 timestamp for replay prevention */
1525
+ timestamp: z.ZodString;
1526
+ /** Human-readable reason for audit trail */
1527
+ reason: z.ZodString;
1528
+ /** Issuer of the command (email or system ID) */
1529
+ issued_by: z.ZodString;
1530
+ }, "strip", z.ZodTypeAny, {
1531
+ type: "TERMINATE" | "PAUSE" | "RESUME";
1532
+ signature: string;
1533
+ command_id: string;
1534
+ timestamp: string;
1535
+ reason: string;
1536
+ issued_by: string;
1537
+ instance_id?: string | undefined;
1538
+ asset_id?: string | undefined;
1539
+ organization?: string | undefined;
1540
+ }, {
1541
+ type: "TERMINATE" | "PAUSE" | "RESUME";
1542
+ signature: string;
1543
+ command_id: string;
1544
+ timestamp: string;
1545
+ reason: string;
1546
+ issued_by: string;
1547
+ instance_id?: string | undefined;
1548
+ asset_id?: string | undefined;
1549
+ organization?: string | undefined;
1550
+ }>;
1551
+ type KillSwitchCommand = z.infer<typeof KillSwitchCommandSchema>;
1552
+ declare const GovernanceTokenIdentityClaimsSchema: z.ZodObject<{
1553
+ instance_id: z.ZodString;
1554
+ asset_id: z.ZodString;
1555
+ asset_name: z.ZodString;
1556
+ asset_version: z.ZodString;
1557
+ }, "strip", z.ZodTypeAny, {
1558
+ instance_id: string;
1559
+ asset_id: string;
1560
+ asset_name: string;
1561
+ asset_version: string;
1562
+ }, {
1563
+ instance_id: string;
1564
+ asset_id: string;
1565
+ asset_name: string;
1566
+ asset_version: string;
1567
+ }>;
1568
+ declare const GovernanceTokenGovernanceClaimsSchema: z.ZodObject<{
1569
+ risk_level: z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>;
1570
+ golden_thread: z.ZodObject<{
1571
+ hash: z.ZodString;
1572
+ verified: z.ZodBoolean;
1573
+ ticket_id: z.ZodString;
1574
+ }, "strip", z.ZodTypeAny, {
1575
+ ticket_id: string;
1576
+ hash: string;
1577
+ verified: boolean;
1578
+ }, {
1579
+ ticket_id: string;
1580
+ hash: string;
1581
+ verified: boolean;
1582
+ }>;
1583
+ mode: z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>;
1584
+ }, "strip", z.ZodTypeAny, {
1585
+ golden_thread: {
1586
+ ticket_id: string;
1587
+ hash: string;
1588
+ verified: boolean;
1589
+ };
1590
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1591
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1592
+ }, {
1593
+ golden_thread: {
1594
+ ticket_id: string;
1595
+ hash: string;
1596
+ verified: boolean;
1597
+ };
1598
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1599
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1600
+ }>;
1601
+ declare const GovernanceTokenControlClaimsSchema: z.ZodObject<{
1602
+ kill_switch: z.ZodObject<{
1603
+ enabled: z.ZodBoolean;
1604
+ channel: z.ZodEnum<["sse", "polling", "file"]>;
1605
+ }, "strip", z.ZodTypeAny, {
1606
+ enabled: boolean;
1607
+ channel: "sse" | "polling" | "file";
1608
+ }, {
1609
+ enabled: boolean;
1610
+ channel: "sse" | "polling" | "file";
1611
+ }>;
1612
+ paused: z.ZodBoolean;
1613
+ termination_pending: z.ZodBoolean;
1614
+ }, "strip", z.ZodTypeAny, {
1615
+ kill_switch: {
1616
+ enabled: boolean;
1617
+ channel: "sse" | "polling" | "file";
1618
+ };
1619
+ paused: boolean;
1620
+ termination_pending: boolean;
1621
+ }, {
1622
+ kill_switch: {
1623
+ enabled: boolean;
1624
+ channel: "sse" | "polling" | "file";
1625
+ };
1626
+ paused: boolean;
1627
+ termination_pending: boolean;
1628
+ }>;
1629
+ declare const GovernanceTokenCapabilityClaimsSchema: z.ZodObject<{
1630
+ hash: z.ZodString;
1631
+ tools: z.ZodArray<z.ZodString, "many">;
1632
+ max_budget_usd: z.ZodNullable<z.ZodNumber>;
1633
+ can_spawn: z.ZodBoolean;
1634
+ max_child_depth: z.ZodNumber;
1635
+ }, "strip", z.ZodTypeAny, {
1636
+ hash: string;
1637
+ max_child_depth: number;
1638
+ tools: string[];
1639
+ max_budget_usd: number | null;
1640
+ can_spawn: boolean;
1641
+ }, {
1642
+ hash: string;
1643
+ max_child_depth: number;
1644
+ tools: string[];
1645
+ max_budget_usd: number | null;
1646
+ can_spawn: boolean;
1647
+ }>;
1648
+ declare const GovernanceTokenLineageClaimsSchema: z.ZodObject<{
1649
+ generation_depth: z.ZodNumber;
1650
+ parent_instance_id: z.ZodNullable<z.ZodString>;
1651
+ root_instance_id: z.ZodString;
1652
+ }, "strip", z.ZodTypeAny, {
1653
+ parent_instance_id: string | null;
1654
+ generation_depth: number;
1655
+ root_instance_id: string;
1656
+ }, {
1657
+ parent_instance_id: string | null;
1658
+ generation_depth: number;
1659
+ root_instance_id: string;
1660
+ }>;
1661
+ declare const GovernanceTokenPayloadSchema: z.ZodObject<{
1662
+ /** Issuer: "aigos-runtime" */
1663
+ iss: z.ZodLiteral<"aigos-runtime">;
1664
+ /** Subject: instance_id of the agent */
1665
+ sub: z.ZodString;
1666
+ /** Audience: "aigos-agents" or specific agent */
1667
+ aud: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
1668
+ /** Expiration timestamp (Unix epoch) */
1669
+ exp: z.ZodNumber;
1670
+ /** Issued at timestamp (Unix epoch) */
1671
+ iat: z.ZodNumber;
1672
+ /** Not before timestamp (Unix epoch) */
1673
+ nbf: z.ZodNumber;
1674
+ /** Unique JWT ID */
1675
+ jti: z.ZodString;
1676
+ aigos: z.ZodObject<{
1677
+ identity: z.ZodObject<{
1678
+ instance_id: z.ZodString;
1679
+ asset_id: z.ZodString;
1680
+ asset_name: z.ZodString;
1681
+ asset_version: z.ZodString;
1682
+ }, "strip", z.ZodTypeAny, {
1683
+ instance_id: string;
1684
+ asset_id: string;
1685
+ asset_name: string;
1686
+ asset_version: string;
1687
+ }, {
1688
+ instance_id: string;
1689
+ asset_id: string;
1690
+ asset_name: string;
1691
+ asset_version: string;
1692
+ }>;
1693
+ governance: z.ZodObject<{
1694
+ risk_level: z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>;
1695
+ golden_thread: z.ZodObject<{
1696
+ hash: z.ZodString;
1697
+ verified: z.ZodBoolean;
1698
+ ticket_id: z.ZodString;
1699
+ }, "strip", z.ZodTypeAny, {
1700
+ ticket_id: string;
1701
+ hash: string;
1702
+ verified: boolean;
1703
+ }, {
1704
+ ticket_id: string;
1705
+ hash: string;
1706
+ verified: boolean;
1707
+ }>;
1708
+ mode: z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>;
1709
+ }, "strip", z.ZodTypeAny, {
1710
+ golden_thread: {
1711
+ ticket_id: string;
1712
+ hash: string;
1713
+ verified: boolean;
1714
+ };
1715
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1716
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1717
+ }, {
1718
+ golden_thread: {
1719
+ ticket_id: string;
1720
+ hash: string;
1721
+ verified: boolean;
1722
+ };
1723
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1724
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1725
+ }>;
1726
+ control: z.ZodObject<{
1727
+ kill_switch: z.ZodObject<{
1728
+ enabled: z.ZodBoolean;
1729
+ channel: z.ZodEnum<["sse", "polling", "file"]>;
1730
+ }, "strip", z.ZodTypeAny, {
1731
+ enabled: boolean;
1732
+ channel: "sse" | "polling" | "file";
1733
+ }, {
1734
+ enabled: boolean;
1735
+ channel: "sse" | "polling" | "file";
1736
+ }>;
1737
+ paused: z.ZodBoolean;
1738
+ termination_pending: z.ZodBoolean;
1739
+ }, "strip", z.ZodTypeAny, {
1740
+ kill_switch: {
1741
+ enabled: boolean;
1742
+ channel: "sse" | "polling" | "file";
1743
+ };
1744
+ paused: boolean;
1745
+ termination_pending: boolean;
1746
+ }, {
1747
+ kill_switch: {
1748
+ enabled: boolean;
1749
+ channel: "sse" | "polling" | "file";
1750
+ };
1751
+ paused: boolean;
1752
+ termination_pending: boolean;
1753
+ }>;
1754
+ capabilities: z.ZodObject<{
1755
+ hash: z.ZodString;
1756
+ tools: z.ZodArray<z.ZodString, "many">;
1757
+ max_budget_usd: z.ZodNullable<z.ZodNumber>;
1758
+ can_spawn: z.ZodBoolean;
1759
+ max_child_depth: z.ZodNumber;
1760
+ }, "strip", z.ZodTypeAny, {
1761
+ hash: string;
1762
+ max_child_depth: number;
1763
+ tools: string[];
1764
+ max_budget_usd: number | null;
1765
+ can_spawn: boolean;
1766
+ }, {
1767
+ hash: string;
1768
+ max_child_depth: number;
1769
+ tools: string[];
1770
+ max_budget_usd: number | null;
1771
+ can_spawn: boolean;
1772
+ }>;
1773
+ lineage: z.ZodObject<{
1774
+ generation_depth: z.ZodNumber;
1775
+ parent_instance_id: z.ZodNullable<z.ZodString>;
1776
+ root_instance_id: z.ZodString;
1777
+ }, "strip", z.ZodTypeAny, {
1778
+ parent_instance_id: string | null;
1779
+ generation_depth: number;
1780
+ root_instance_id: string;
1781
+ }, {
1782
+ parent_instance_id: string | null;
1783
+ generation_depth: number;
1784
+ root_instance_id: string;
1785
+ }>;
1786
+ }, "strip", z.ZodTypeAny, {
1787
+ lineage: {
1788
+ parent_instance_id: string | null;
1789
+ generation_depth: number;
1790
+ root_instance_id: string;
1791
+ };
1792
+ identity: {
1793
+ instance_id: string;
1794
+ asset_id: string;
1795
+ asset_name: string;
1796
+ asset_version: string;
1797
+ };
1798
+ governance: {
1799
+ golden_thread: {
1800
+ ticket_id: string;
1801
+ hash: string;
1802
+ verified: boolean;
1803
+ };
1804
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1805
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1806
+ };
1807
+ control: {
1808
+ kill_switch: {
1809
+ enabled: boolean;
1810
+ channel: "sse" | "polling" | "file";
1811
+ };
1812
+ paused: boolean;
1813
+ termination_pending: boolean;
1814
+ };
1815
+ capabilities: {
1816
+ hash: string;
1817
+ max_child_depth: number;
1818
+ tools: string[];
1819
+ max_budget_usd: number | null;
1820
+ can_spawn: boolean;
1821
+ };
1822
+ }, {
1823
+ lineage: {
1824
+ parent_instance_id: string | null;
1825
+ generation_depth: number;
1826
+ root_instance_id: string;
1827
+ };
1828
+ identity: {
1829
+ instance_id: string;
1830
+ asset_id: string;
1831
+ asset_name: string;
1832
+ asset_version: string;
1833
+ };
1834
+ governance: {
1835
+ golden_thread: {
1836
+ ticket_id: string;
1837
+ hash: string;
1838
+ verified: boolean;
1839
+ };
1840
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1841
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1842
+ };
1843
+ control: {
1844
+ kill_switch: {
1845
+ enabled: boolean;
1846
+ channel: "sse" | "polling" | "file";
1847
+ };
1848
+ paused: boolean;
1849
+ termination_pending: boolean;
1850
+ };
1851
+ capabilities: {
1852
+ hash: string;
1853
+ max_child_depth: number;
1854
+ tools: string[];
1855
+ max_budget_usd: number | null;
1856
+ can_spawn: boolean;
1857
+ };
1858
+ }>;
1859
+ }, "strip", z.ZodTypeAny, {
1860
+ iss: "aigos-runtime";
1861
+ sub: string;
1862
+ aud: string | string[];
1863
+ exp: number;
1864
+ iat: number;
1865
+ nbf: number;
1866
+ jti: string;
1867
+ aigos: {
1868
+ lineage: {
1869
+ parent_instance_id: string | null;
1870
+ generation_depth: number;
1871
+ root_instance_id: string;
1872
+ };
1873
+ identity: {
1874
+ instance_id: string;
1875
+ asset_id: string;
1876
+ asset_name: string;
1877
+ asset_version: string;
1878
+ };
1879
+ governance: {
1880
+ golden_thread: {
1881
+ ticket_id: string;
1882
+ hash: string;
1883
+ verified: boolean;
1884
+ };
1885
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1886
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1887
+ };
1888
+ control: {
1889
+ kill_switch: {
1890
+ enabled: boolean;
1891
+ channel: "sse" | "polling" | "file";
1892
+ };
1893
+ paused: boolean;
1894
+ termination_pending: boolean;
1895
+ };
1896
+ capabilities: {
1897
+ hash: string;
1898
+ max_child_depth: number;
1899
+ tools: string[];
1900
+ max_budget_usd: number | null;
1901
+ can_spawn: boolean;
1902
+ };
1903
+ };
1904
+ }, {
1905
+ iss: "aigos-runtime";
1906
+ sub: string;
1907
+ aud: string | string[];
1908
+ exp: number;
1909
+ iat: number;
1910
+ nbf: number;
1911
+ jti: string;
1912
+ aigos: {
1913
+ lineage: {
1914
+ parent_instance_id: string | null;
1915
+ generation_depth: number;
1916
+ root_instance_id: string;
1917
+ };
1918
+ identity: {
1919
+ instance_id: string;
1920
+ asset_id: string;
1921
+ asset_name: string;
1922
+ asset_version: string;
1923
+ };
1924
+ governance: {
1925
+ golden_thread: {
1926
+ ticket_id: string;
1927
+ hash: string;
1928
+ verified: boolean;
1929
+ };
1930
+ risk_level: "minimal" | "limited" | "high" | "unacceptable";
1931
+ mode: "NORMAL" | "SANDBOX" | "RESTRICTED";
1932
+ };
1933
+ control: {
1934
+ kill_switch: {
1935
+ enabled: boolean;
1936
+ channel: "sse" | "polling" | "file";
1937
+ };
1938
+ paused: boolean;
1939
+ termination_pending: boolean;
1940
+ };
1941
+ capabilities: {
1942
+ hash: string;
1943
+ max_child_depth: number;
1944
+ tools: string[];
1945
+ max_budget_usd: number | null;
1946
+ can_spawn: boolean;
1947
+ };
1948
+ };
1949
+ }>;
1950
+ type GovernanceTokenPayload = z.infer<typeof GovernanceTokenPayloadSchema>;
1951
+ type GovernanceTokenIdentityClaims = z.infer<typeof GovernanceTokenIdentityClaimsSchema>;
1952
+ type GovernanceTokenGovernanceClaims = z.infer<typeof GovernanceTokenGovernanceClaimsSchema>;
1953
+ type GovernanceTokenControlClaims = z.infer<typeof GovernanceTokenControlClaimsSchema>;
1954
+ type GovernanceTokenCapabilityClaims = z.infer<typeof GovernanceTokenCapabilityClaimsSchema>;
1955
+ type GovernanceTokenLineageClaims = z.infer<typeof GovernanceTokenLineageClaimsSchema>;
1956
+ declare const AssetCardRuntimeSchema: z.ZodObject<{
1957
+ /** Path to policy file for this asset */
1958
+ policy_path: z.ZodOptional<z.ZodString>;
1959
+ /** Behavior when Golden Thread verification fails */
1960
+ verification_failure_mode: z.ZodDefault<z.ZodEnum<["SANDBOX", "FAIL"]>>;
1961
+ /** Whether telemetry is enabled for this asset */
1962
+ telemetry_enabled: z.ZodDefault<z.ZodBoolean>;
1963
+ /** Kill switch configuration */
1964
+ kill_switch: z.ZodOptional<z.ZodObject<{
1965
+ enabled: z.ZodDefault<z.ZodBoolean>;
1966
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
1967
+ endpoint: z.ZodOptional<z.ZodString>;
1968
+ }, "strip", z.ZodTypeAny, {
1969
+ enabled: boolean;
1970
+ channel: "sse" | "polling" | "file";
1971
+ endpoint?: string | undefined;
1972
+ }, {
1973
+ enabled?: boolean | undefined;
1974
+ channel?: "sse" | "polling" | "file" | undefined;
1975
+ endpoint?: string | undefined;
1976
+ }>>;
1977
+ }, "strip", z.ZodTypeAny, {
1978
+ verification_failure_mode: "SANDBOX" | "FAIL";
1979
+ telemetry_enabled: boolean;
1980
+ kill_switch?: {
1981
+ enabled: boolean;
1982
+ channel: "sse" | "polling" | "file";
1983
+ endpoint?: string | undefined;
1984
+ } | undefined;
1985
+ policy_path?: string | undefined;
1986
+ }, {
1987
+ kill_switch?: {
1988
+ enabled?: boolean | undefined;
1989
+ channel?: "sse" | "polling" | "file" | undefined;
1990
+ endpoint?: string | undefined;
1991
+ } | undefined;
1992
+ policy_path?: string | undefined;
1993
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
1994
+ telemetry_enabled?: boolean | undefined;
1995
+ }>;
1996
+ type AssetCardRuntime = z.infer<typeof AssetCardRuntimeSchema>;
1997
+ declare const PolicyRuleEffectSchema: z.ZodEnum<["allow", "deny", "audit"]>;
1998
+ type PolicyRuleEffect = z.infer<typeof PolicyRuleEffectSchema>;
1999
+ declare const PolicyRuleSchema: z.ZodObject<{
2000
+ /** Unique identifier for this rule */
2001
+ id: z.ZodString;
2002
+ /** Human-readable description */
2003
+ description: z.ZodOptional<z.ZodString>;
2004
+ /** Effect when rule matches: allow, deny, or audit */
2005
+ effect: z.ZodEnum<["allow", "deny", "audit"]>;
2006
+ /** Actions/tools this rule applies to (supports wildcards) */
2007
+ actions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2008
+ /** Resources/domains this rule applies to (supports patterns) */
2009
+ resources: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2010
+ /** Conditions that must be true for rule to apply */
2011
+ conditions: z.ZodOptional<z.ZodObject<{
2012
+ /** Required risk levels for this rule to apply */
2013
+ risk_levels: z.ZodOptional<z.ZodArray<z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>, "many">>;
2014
+ /** Required operating modes */
2015
+ modes: z.ZodOptional<z.ZodArray<z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>, "many">>;
2016
+ /** Time-based conditions (ISO 8601 time ranges) */
2017
+ time_ranges: z.ZodOptional<z.ZodArray<z.ZodObject<{
2018
+ start: z.ZodString;
2019
+ end: z.ZodString;
2020
+ }, "strip", z.ZodTypeAny, {
2021
+ start: string;
2022
+ end: string;
2023
+ }, {
2024
+ start: string;
2025
+ end: string;
2026
+ }>, "many">>;
2027
+ /** Custom condition expressions */
2028
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
2029
+ }, "strip", z.ZodTypeAny, {
2030
+ custom?: Record<string, unknown> | undefined;
2031
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2032
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2033
+ time_ranges?: {
2034
+ start: string;
2035
+ end: string;
2036
+ }[] | undefined;
2037
+ }, {
2038
+ custom?: Record<string, unknown> | undefined;
2039
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2040
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2041
+ time_ranges?: {
2042
+ start: string;
2043
+ end: string;
2044
+ }[] | undefined;
2045
+ }>>;
2046
+ /** Priority for rule ordering (higher = evaluated first) */
2047
+ priority: z.ZodDefault<z.ZodNumber>;
2048
+ }, "strip", z.ZodTypeAny, {
2049
+ id: string;
2050
+ effect: "allow" | "deny" | "audit";
2051
+ actions: string[];
2052
+ resources: string[];
2053
+ priority: number;
2054
+ description?: string | undefined;
2055
+ conditions?: {
2056
+ custom?: Record<string, unknown> | undefined;
2057
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2058
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2059
+ time_ranges?: {
2060
+ start: string;
2061
+ end: string;
2062
+ }[] | undefined;
2063
+ } | undefined;
2064
+ }, {
2065
+ id: string;
2066
+ effect: "allow" | "deny" | "audit";
2067
+ description?: string | undefined;
2068
+ actions?: string[] | undefined;
2069
+ resources?: string[] | undefined;
2070
+ conditions?: {
2071
+ custom?: Record<string, unknown> | undefined;
2072
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2073
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2074
+ time_ranges?: {
2075
+ start: string;
2076
+ end: string;
2077
+ }[] | undefined;
2078
+ } | undefined;
2079
+ priority?: number | undefined;
2080
+ }>;
2081
+ type PolicyRule = z.infer<typeof PolicyRuleSchema>;
2082
+ declare const PolicyCapabilitiesSchema: z.ZodObject<{
2083
+ /** Default effect when no rule matches */
2084
+ default_effect: z.ZodDefault<z.ZodEnum<["allow", "deny", "audit"]>>;
2085
+ /** Allowed tools (supports wildcards: *, prefix_*) */
2086
+ allowed_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2087
+ /** Denied tools (takes precedence) */
2088
+ denied_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2089
+ /** Allowed domain patterns */
2090
+ allowed_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2091
+ /** Denied domain patterns */
2092
+ denied_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2093
+ /** Maximum budget per session in USD */
2094
+ max_budget_per_session: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
2095
+ /** Maximum budget per day in USD */
2096
+ max_budget_per_day: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
2097
+ /** Whether agent can spawn children */
2098
+ may_spawn: z.ZodDefault<z.ZodBoolean>;
2099
+ /** Maximum spawn depth */
2100
+ max_spawn_depth: z.ZodDefault<z.ZodNumber>;
2101
+ }, "strip", z.ZodTypeAny, {
2102
+ allowed_tools: string[];
2103
+ denied_tools: string[];
2104
+ allowed_domains: string[];
2105
+ denied_domains: string[];
2106
+ default_effect: "allow" | "deny" | "audit";
2107
+ may_spawn: boolean;
2108
+ max_spawn_depth: number;
2109
+ max_budget_per_session?: number | null | undefined;
2110
+ max_budget_per_day?: number | null | undefined;
2111
+ }, {
2112
+ allowed_tools?: string[] | undefined;
2113
+ denied_tools?: string[] | undefined;
2114
+ allowed_domains?: string[] | undefined;
2115
+ denied_domains?: string[] | undefined;
2116
+ default_effect?: "allow" | "deny" | "audit" | undefined;
2117
+ max_budget_per_session?: number | null | undefined;
2118
+ max_budget_per_day?: number | null | undefined;
2119
+ may_spawn?: boolean | undefined;
2120
+ max_spawn_depth?: number | undefined;
2121
+ }>;
2122
+ type PolicyCapabilities = z.infer<typeof PolicyCapabilitiesSchema>;
2123
+ declare const PolicyFileSchema: z.ZodObject<{
2124
+ /** Schema version for forward compatibility */
2125
+ version: z.ZodLiteral<"1.0">;
2126
+ /** Unique policy identifier */
2127
+ id: z.ZodString;
2128
+ /** Human-readable name */
2129
+ name: z.ZodString;
2130
+ /** Description of this policy */
2131
+ description: z.ZodOptional<z.ZodString>;
2132
+ /** Parent policy to inherit from */
2133
+ extends: z.ZodOptional<z.ZodString>;
2134
+ /** Target asset IDs or patterns this policy applies to */
2135
+ applies_to: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2136
+ /** Default capabilities when no rules match */
2137
+ capabilities: z.ZodOptional<z.ZodObject<{
2138
+ /** Default effect when no rule matches */
2139
+ default_effect: z.ZodDefault<z.ZodEnum<["allow", "deny", "audit"]>>;
2140
+ /** Allowed tools (supports wildcards: *, prefix_*) */
2141
+ allowed_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2142
+ /** Denied tools (takes precedence) */
2143
+ denied_tools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2144
+ /** Allowed domain patterns */
2145
+ allowed_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2146
+ /** Denied domain patterns */
2147
+ denied_domains: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2148
+ /** Maximum budget per session in USD */
2149
+ max_budget_per_session: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
2150
+ /** Maximum budget per day in USD */
2151
+ max_budget_per_day: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
2152
+ /** Whether agent can spawn children */
2153
+ may_spawn: z.ZodDefault<z.ZodBoolean>;
2154
+ /** Maximum spawn depth */
2155
+ max_spawn_depth: z.ZodDefault<z.ZodNumber>;
2156
+ }, "strip", z.ZodTypeAny, {
2157
+ allowed_tools: string[];
2158
+ denied_tools: string[];
2159
+ allowed_domains: string[];
2160
+ denied_domains: string[];
2161
+ default_effect: "allow" | "deny" | "audit";
2162
+ may_spawn: boolean;
2163
+ max_spawn_depth: number;
2164
+ max_budget_per_session?: number | null | undefined;
2165
+ max_budget_per_day?: number | null | undefined;
2166
+ }, {
2167
+ allowed_tools?: string[] | undefined;
2168
+ denied_tools?: string[] | undefined;
2169
+ allowed_domains?: string[] | undefined;
2170
+ denied_domains?: string[] | undefined;
2171
+ default_effect?: "allow" | "deny" | "audit" | undefined;
2172
+ max_budget_per_session?: number | null | undefined;
2173
+ max_budget_per_day?: number | null | undefined;
2174
+ may_spawn?: boolean | undefined;
2175
+ max_spawn_depth?: number | undefined;
2176
+ }>>;
2177
+ /** Ordered list of policy rules */
2178
+ rules: z.ZodDefault<z.ZodArray<z.ZodObject<{
2179
+ /** Unique identifier for this rule */
2180
+ id: z.ZodString;
2181
+ /** Human-readable description */
2182
+ description: z.ZodOptional<z.ZodString>;
2183
+ /** Effect when rule matches: allow, deny, or audit */
2184
+ effect: z.ZodEnum<["allow", "deny", "audit"]>;
2185
+ /** Actions/tools this rule applies to (supports wildcards) */
2186
+ actions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2187
+ /** Resources/domains this rule applies to (supports patterns) */
2188
+ resources: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2189
+ /** Conditions that must be true for rule to apply */
2190
+ conditions: z.ZodOptional<z.ZodObject<{
2191
+ /** Required risk levels for this rule to apply */
2192
+ risk_levels: z.ZodOptional<z.ZodArray<z.ZodEnum<["minimal", "limited", "high", "unacceptable"]>, "many">>;
2193
+ /** Required operating modes */
2194
+ modes: z.ZodOptional<z.ZodArray<z.ZodEnum<["NORMAL", "SANDBOX", "RESTRICTED"]>, "many">>;
2195
+ /** Time-based conditions (ISO 8601 time ranges) */
2196
+ time_ranges: z.ZodOptional<z.ZodArray<z.ZodObject<{
2197
+ start: z.ZodString;
2198
+ end: z.ZodString;
2199
+ }, "strip", z.ZodTypeAny, {
2200
+ start: string;
2201
+ end: string;
2202
+ }, {
2203
+ start: string;
2204
+ end: string;
2205
+ }>, "many">>;
2206
+ /** Custom condition expressions */
2207
+ custom: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
2208
+ }, "strip", z.ZodTypeAny, {
2209
+ custom?: Record<string, unknown> | undefined;
2210
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2211
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2212
+ time_ranges?: {
2213
+ start: string;
2214
+ end: string;
2215
+ }[] | undefined;
2216
+ }, {
2217
+ custom?: Record<string, unknown> | undefined;
2218
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2219
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2220
+ time_ranges?: {
2221
+ start: string;
2222
+ end: string;
2223
+ }[] | undefined;
2224
+ }>>;
2225
+ /** Priority for rule ordering (higher = evaluated first) */
2226
+ priority: z.ZodDefault<z.ZodNumber>;
2227
+ }, "strip", z.ZodTypeAny, {
2228
+ id: string;
2229
+ effect: "allow" | "deny" | "audit";
2230
+ actions: string[];
2231
+ resources: string[];
2232
+ priority: number;
2233
+ description?: string | undefined;
2234
+ conditions?: {
2235
+ custom?: Record<string, unknown> | undefined;
2236
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2237
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2238
+ time_ranges?: {
2239
+ start: string;
2240
+ end: string;
2241
+ }[] | undefined;
2242
+ } | undefined;
2243
+ }, {
2244
+ id: string;
2245
+ effect: "allow" | "deny" | "audit";
2246
+ description?: string | undefined;
2247
+ actions?: string[] | undefined;
2248
+ resources?: string[] | undefined;
2249
+ conditions?: {
2250
+ custom?: Record<string, unknown> | undefined;
2251
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2252
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2253
+ time_ranges?: {
2254
+ start: string;
2255
+ end: string;
2256
+ }[] | undefined;
2257
+ } | undefined;
2258
+ priority?: number | undefined;
2259
+ }>, "many">>;
2260
+ /** Metadata */
2261
+ metadata: z.ZodOptional<z.ZodObject<{
2262
+ created_at: z.ZodOptional<z.ZodString>;
2263
+ updated_at: z.ZodOptional<z.ZodString>;
2264
+ created_by: z.ZodOptional<z.ZodString>;
2265
+ tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2266
+ }, "strip", z.ZodTypeAny, {
2267
+ created_at?: string | undefined;
2268
+ updated_at?: string | undefined;
2269
+ created_by?: string | undefined;
2270
+ tags?: string[] | undefined;
2271
+ }, {
2272
+ created_at?: string | undefined;
2273
+ updated_at?: string | undefined;
2274
+ created_by?: string | undefined;
2275
+ tags?: string[] | undefined;
2276
+ }>>;
2277
+ }, "strip", z.ZodTypeAny, {
2278
+ name: string;
2279
+ id: string;
2280
+ version: "1.0";
2281
+ applies_to: string[];
2282
+ rules: {
2283
+ id: string;
2284
+ effect: "allow" | "deny" | "audit";
2285
+ actions: string[];
2286
+ resources: string[];
2287
+ priority: number;
2288
+ description?: string | undefined;
2289
+ conditions?: {
2290
+ custom?: Record<string, unknown> | undefined;
2291
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2292
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2293
+ time_ranges?: {
2294
+ start: string;
2295
+ end: string;
2296
+ }[] | undefined;
2297
+ } | undefined;
2298
+ }[];
2299
+ capabilities?: {
2300
+ allowed_tools: string[];
2301
+ denied_tools: string[];
2302
+ allowed_domains: string[];
2303
+ denied_domains: string[];
2304
+ default_effect: "allow" | "deny" | "audit";
2305
+ may_spawn: boolean;
2306
+ max_spawn_depth: number;
2307
+ max_budget_per_session?: number | null | undefined;
2308
+ max_budget_per_day?: number | null | undefined;
2309
+ } | undefined;
2310
+ description?: string | undefined;
2311
+ extends?: string | undefined;
2312
+ metadata?: {
2313
+ created_at?: string | undefined;
2314
+ updated_at?: string | undefined;
2315
+ created_by?: string | undefined;
2316
+ tags?: string[] | undefined;
2317
+ } | undefined;
2318
+ }, {
2319
+ name: string;
2320
+ id: string;
2321
+ version: "1.0";
2322
+ capabilities?: {
2323
+ allowed_tools?: string[] | undefined;
2324
+ denied_tools?: string[] | undefined;
2325
+ allowed_domains?: string[] | undefined;
2326
+ denied_domains?: string[] | undefined;
2327
+ default_effect?: "allow" | "deny" | "audit" | undefined;
2328
+ max_budget_per_session?: number | null | undefined;
2329
+ max_budget_per_day?: number | null | undefined;
2330
+ may_spawn?: boolean | undefined;
2331
+ max_spawn_depth?: number | undefined;
2332
+ } | undefined;
2333
+ description?: string | undefined;
2334
+ extends?: string | undefined;
2335
+ applies_to?: string[] | undefined;
2336
+ rules?: {
2337
+ id: string;
2338
+ effect: "allow" | "deny" | "audit";
2339
+ description?: string | undefined;
2340
+ actions?: string[] | undefined;
2341
+ resources?: string[] | undefined;
2342
+ conditions?: {
2343
+ custom?: Record<string, unknown> | undefined;
2344
+ risk_levels?: ("minimal" | "limited" | "high" | "unacceptable")[] | undefined;
2345
+ modes?: ("NORMAL" | "SANDBOX" | "RESTRICTED")[] | undefined;
2346
+ time_ranges?: {
2347
+ start: string;
2348
+ end: string;
2349
+ }[] | undefined;
2350
+ } | undefined;
2351
+ priority?: number | undefined;
2352
+ }[] | undefined;
2353
+ metadata?: {
2354
+ created_at?: string | undefined;
2355
+ updated_at?: string | undefined;
2356
+ created_by?: string | undefined;
2357
+ tags?: string[] | undefined;
2358
+ } | undefined;
2359
+ }>;
2360
+ type PolicyFile = z.infer<typeof PolicyFileSchema>;
2361
+ declare const AigrcRuntimeConfigSchema: z.ZodObject<{
2362
+ /** Default policy file path */
2363
+ default_policy: z.ZodOptional<z.ZodString>;
2364
+ /** Policy search paths */
2365
+ policy_paths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2366
+ /** Asset card search paths */
2367
+ asset_paths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2368
+ /** Default verification failure mode */
2369
+ verification_failure_mode: z.ZodDefault<z.ZodEnum<["SANDBOX", "FAIL"]>>;
2370
+ /** Telemetry configuration */
2371
+ telemetry: z.ZodOptional<z.ZodObject<{
2372
+ enabled: z.ZodDefault<z.ZodBoolean>;
2373
+ endpoint: z.ZodOptional<z.ZodString>;
2374
+ sample_rate: z.ZodDefault<z.ZodNumber>;
2375
+ }, "strip", z.ZodTypeAny, {
2376
+ enabled: boolean;
2377
+ sample_rate: number;
2378
+ endpoint?: string | undefined;
2379
+ }, {
2380
+ enabled?: boolean | undefined;
2381
+ endpoint?: string | undefined;
2382
+ sample_rate?: number | undefined;
2383
+ }>>;
2384
+ /** Kill switch configuration */
2385
+ kill_switch: z.ZodOptional<z.ZodObject<{
2386
+ enabled: z.ZodDefault<z.ZodBoolean>;
2387
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
2388
+ endpoint: z.ZodOptional<z.ZodString>;
2389
+ poll_interval_ms: z.ZodDefault<z.ZodNumber>;
2390
+ }, "strip", z.ZodTypeAny, {
2391
+ enabled: boolean;
2392
+ channel: "sse" | "polling" | "file";
2393
+ poll_interval_ms: number;
2394
+ endpoint?: string | undefined;
2395
+ }, {
2396
+ enabled?: boolean | undefined;
2397
+ channel?: "sse" | "polling" | "file" | undefined;
2398
+ endpoint?: string | undefined;
2399
+ poll_interval_ms?: number | undefined;
2400
+ }>>;
2401
+ }, "strip", z.ZodTypeAny, {
2402
+ verification_failure_mode: "SANDBOX" | "FAIL";
2403
+ policy_paths: string[];
2404
+ asset_paths: string[];
2405
+ kill_switch?: {
2406
+ enabled: boolean;
2407
+ channel: "sse" | "polling" | "file";
2408
+ poll_interval_ms: number;
2409
+ endpoint?: string | undefined;
2410
+ } | undefined;
2411
+ default_policy?: string | undefined;
2412
+ telemetry?: {
2413
+ enabled: boolean;
2414
+ sample_rate: number;
2415
+ endpoint?: string | undefined;
2416
+ } | undefined;
2417
+ }, {
2418
+ kill_switch?: {
2419
+ enabled?: boolean | undefined;
2420
+ channel?: "sse" | "polling" | "file" | undefined;
2421
+ endpoint?: string | undefined;
2422
+ poll_interval_ms?: number | undefined;
2423
+ } | undefined;
2424
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2425
+ default_policy?: string | undefined;
2426
+ policy_paths?: string[] | undefined;
2427
+ asset_paths?: string[] | undefined;
2428
+ telemetry?: {
2429
+ enabled?: boolean | undefined;
2430
+ endpoint?: string | undefined;
2431
+ sample_rate?: number | undefined;
2432
+ } | undefined;
2433
+ }>;
2434
+ type AigrcRuntimeConfig = z.infer<typeof AigrcRuntimeConfigSchema>;
2435
+ declare const AigrcIntegrationsConfigSchema: z.ZodObject<{
2436
+ /** JIRA integration */
2437
+ jira: z.ZodOptional<z.ZodObject<{
2438
+ enabled: z.ZodDefault<z.ZodBoolean>;
2439
+ url: z.ZodOptional<z.ZodString>;
2440
+ project_key: z.ZodOptional<z.ZodString>;
2441
+ }, "strip", z.ZodTypeAny, {
2442
+ enabled: boolean;
2443
+ url?: string | undefined;
2444
+ project_key?: string | undefined;
2445
+ }, {
2446
+ enabled?: boolean | undefined;
2447
+ url?: string | undefined;
2448
+ project_key?: string | undefined;
2449
+ }>>;
2450
+ /** Azure DevOps integration */
2451
+ azure_devops: z.ZodOptional<z.ZodObject<{
2452
+ enabled: z.ZodDefault<z.ZodBoolean>;
2453
+ organization: z.ZodOptional<z.ZodString>;
2454
+ project: z.ZodOptional<z.ZodString>;
2455
+ }, "strip", z.ZodTypeAny, {
2456
+ enabled: boolean;
2457
+ organization?: string | undefined;
2458
+ project?: string | undefined;
2459
+ }, {
2460
+ organization?: string | undefined;
2461
+ enabled?: boolean | undefined;
2462
+ project?: string | undefined;
2463
+ }>>;
2464
+ /** GitHub integration */
2465
+ github: z.ZodOptional<z.ZodObject<{
2466
+ enabled: z.ZodDefault<z.ZodBoolean>;
2467
+ owner: z.ZodOptional<z.ZodString>;
2468
+ repo: z.ZodOptional<z.ZodString>;
2469
+ }, "strip", z.ZodTypeAny, {
2470
+ enabled: boolean;
2471
+ owner?: string | undefined;
2472
+ repo?: string | undefined;
2473
+ }, {
2474
+ enabled?: boolean | undefined;
2475
+ owner?: string | undefined;
2476
+ repo?: string | undefined;
2477
+ }>>;
2478
+ }, "strip", z.ZodTypeAny, {
2479
+ jira?: {
2480
+ enabled: boolean;
2481
+ url?: string | undefined;
2482
+ project_key?: string | undefined;
2483
+ } | undefined;
2484
+ github?: {
2485
+ enabled: boolean;
2486
+ owner?: string | undefined;
2487
+ repo?: string | undefined;
2488
+ } | undefined;
2489
+ azure_devops?: {
2490
+ enabled: boolean;
2491
+ organization?: string | undefined;
2492
+ project?: string | undefined;
2493
+ } | undefined;
2494
+ }, {
2495
+ jira?: {
2496
+ enabled?: boolean | undefined;
2497
+ url?: string | undefined;
2498
+ project_key?: string | undefined;
2499
+ } | undefined;
2500
+ github?: {
2501
+ enabled?: boolean | undefined;
2502
+ owner?: string | undefined;
2503
+ repo?: string | undefined;
2504
+ } | undefined;
2505
+ azure_devops?: {
2506
+ organization?: string | undefined;
2507
+ enabled?: boolean | undefined;
2508
+ project?: string | undefined;
2509
+ } | undefined;
2510
+ }>;
2511
+ type AigrcIntegrationsConfig = z.infer<typeof AigrcIntegrationsConfigSchema>;
2512
+ declare const AigrcConfigSchema: z.ZodObject<{
2513
+ /** Schema version */
2514
+ version: z.ZodLiteral<"1.0">;
2515
+ /** Project name */
2516
+ name: z.ZodOptional<z.ZodString>;
2517
+ /** Project description */
2518
+ description: z.ZodOptional<z.ZodString>;
2519
+ /** Runtime governance configuration */
2520
+ runtime: z.ZodOptional<z.ZodObject<{
2521
+ /** Default policy file path */
2522
+ default_policy: z.ZodOptional<z.ZodString>;
2523
+ /** Policy search paths */
2524
+ policy_paths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2525
+ /** Asset card search paths */
2526
+ asset_paths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
2527
+ /** Default verification failure mode */
2528
+ verification_failure_mode: z.ZodDefault<z.ZodEnum<["SANDBOX", "FAIL"]>>;
2529
+ /** Telemetry configuration */
2530
+ telemetry: z.ZodOptional<z.ZodObject<{
2531
+ enabled: z.ZodDefault<z.ZodBoolean>;
2532
+ endpoint: z.ZodOptional<z.ZodString>;
2533
+ sample_rate: z.ZodDefault<z.ZodNumber>;
2534
+ }, "strip", z.ZodTypeAny, {
2535
+ enabled: boolean;
2536
+ sample_rate: number;
2537
+ endpoint?: string | undefined;
2538
+ }, {
2539
+ enabled?: boolean | undefined;
2540
+ endpoint?: string | undefined;
2541
+ sample_rate?: number | undefined;
2542
+ }>>;
2543
+ /** Kill switch configuration */
2544
+ kill_switch: z.ZodOptional<z.ZodObject<{
2545
+ enabled: z.ZodDefault<z.ZodBoolean>;
2546
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
2547
+ endpoint: z.ZodOptional<z.ZodString>;
2548
+ poll_interval_ms: z.ZodDefault<z.ZodNumber>;
2549
+ }, "strip", z.ZodTypeAny, {
2550
+ enabled: boolean;
2551
+ channel: "sse" | "polling" | "file";
2552
+ poll_interval_ms: number;
2553
+ endpoint?: string | undefined;
2554
+ }, {
2555
+ enabled?: boolean | undefined;
2556
+ channel?: "sse" | "polling" | "file" | undefined;
2557
+ endpoint?: string | undefined;
2558
+ poll_interval_ms?: number | undefined;
2559
+ }>>;
2560
+ }, "strip", z.ZodTypeAny, {
2561
+ verification_failure_mode: "SANDBOX" | "FAIL";
2562
+ policy_paths: string[];
2563
+ asset_paths: string[];
2564
+ kill_switch?: {
2565
+ enabled: boolean;
2566
+ channel: "sse" | "polling" | "file";
2567
+ poll_interval_ms: number;
2568
+ endpoint?: string | undefined;
2569
+ } | undefined;
2570
+ default_policy?: string | undefined;
2571
+ telemetry?: {
2572
+ enabled: boolean;
2573
+ sample_rate: number;
2574
+ endpoint?: string | undefined;
2575
+ } | undefined;
2576
+ }, {
2577
+ kill_switch?: {
2578
+ enabled?: boolean | undefined;
2579
+ channel?: "sse" | "polling" | "file" | undefined;
2580
+ endpoint?: string | undefined;
2581
+ poll_interval_ms?: number | undefined;
2582
+ } | undefined;
2583
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2584
+ default_policy?: string | undefined;
2585
+ policy_paths?: string[] | undefined;
2586
+ asset_paths?: string[] | undefined;
2587
+ telemetry?: {
2588
+ enabled?: boolean | undefined;
2589
+ endpoint?: string | undefined;
2590
+ sample_rate?: number | undefined;
2591
+ } | undefined;
2592
+ }>>;
2593
+ /** External integrations */
2594
+ integrations: z.ZodOptional<z.ZodObject<{
2595
+ /** JIRA integration */
2596
+ jira: z.ZodOptional<z.ZodObject<{
2597
+ enabled: z.ZodDefault<z.ZodBoolean>;
2598
+ url: z.ZodOptional<z.ZodString>;
2599
+ project_key: z.ZodOptional<z.ZodString>;
2600
+ }, "strip", z.ZodTypeAny, {
2601
+ enabled: boolean;
2602
+ url?: string | undefined;
2603
+ project_key?: string | undefined;
2604
+ }, {
2605
+ enabled?: boolean | undefined;
2606
+ url?: string | undefined;
2607
+ project_key?: string | undefined;
2608
+ }>>;
2609
+ /** Azure DevOps integration */
2610
+ azure_devops: z.ZodOptional<z.ZodObject<{
2611
+ enabled: z.ZodDefault<z.ZodBoolean>;
2612
+ organization: z.ZodOptional<z.ZodString>;
2613
+ project: z.ZodOptional<z.ZodString>;
2614
+ }, "strip", z.ZodTypeAny, {
2615
+ enabled: boolean;
2616
+ organization?: string | undefined;
2617
+ project?: string | undefined;
2618
+ }, {
2619
+ organization?: string | undefined;
2620
+ enabled?: boolean | undefined;
2621
+ project?: string | undefined;
2622
+ }>>;
2623
+ /** GitHub integration */
2624
+ github: z.ZodOptional<z.ZodObject<{
2625
+ enabled: z.ZodDefault<z.ZodBoolean>;
2626
+ owner: z.ZodOptional<z.ZodString>;
2627
+ repo: z.ZodOptional<z.ZodString>;
2628
+ }, "strip", z.ZodTypeAny, {
2629
+ enabled: boolean;
2630
+ owner?: string | undefined;
2631
+ repo?: string | undefined;
2632
+ }, {
2633
+ enabled?: boolean | undefined;
2634
+ owner?: string | undefined;
2635
+ repo?: string | undefined;
2636
+ }>>;
2637
+ }, "strip", z.ZodTypeAny, {
2638
+ jira?: {
2639
+ enabled: boolean;
2640
+ url?: string | undefined;
2641
+ project_key?: string | undefined;
2642
+ } | undefined;
2643
+ github?: {
2644
+ enabled: boolean;
2645
+ owner?: string | undefined;
2646
+ repo?: string | undefined;
2647
+ } | undefined;
2648
+ azure_devops?: {
2649
+ enabled: boolean;
2650
+ organization?: string | undefined;
2651
+ project?: string | undefined;
2652
+ } | undefined;
2653
+ }, {
2654
+ jira?: {
2655
+ enabled?: boolean | undefined;
2656
+ url?: string | undefined;
2657
+ project_key?: string | undefined;
2658
+ } | undefined;
2659
+ github?: {
2660
+ enabled?: boolean | undefined;
2661
+ owner?: string | undefined;
2662
+ repo?: string | undefined;
2663
+ } | undefined;
2664
+ azure_devops?: {
2665
+ organization?: string | undefined;
2666
+ enabled?: boolean | undefined;
2667
+ project?: string | undefined;
2668
+ } | undefined;
2669
+ }>>;
2670
+ /** Environment-specific overrides */
2671
+ environments: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2672
+ runtime: z.ZodOptional<z.ZodObject<{
2673
+ default_policy: z.ZodOptional<z.ZodOptional<z.ZodString>>;
2674
+ policy_paths: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodString, "many">>>;
2675
+ asset_paths: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodString, "many">>>;
2676
+ verification_failure_mode: z.ZodOptional<z.ZodDefault<z.ZodEnum<["SANDBOX", "FAIL"]>>>;
2677
+ telemetry: z.ZodOptional<z.ZodOptional<z.ZodObject<{
2678
+ enabled: z.ZodDefault<z.ZodBoolean>;
2679
+ endpoint: z.ZodOptional<z.ZodString>;
2680
+ sample_rate: z.ZodDefault<z.ZodNumber>;
2681
+ }, "strip", z.ZodTypeAny, {
2682
+ enabled: boolean;
2683
+ sample_rate: number;
2684
+ endpoint?: string | undefined;
2685
+ }, {
2686
+ enabled?: boolean | undefined;
2687
+ endpoint?: string | undefined;
2688
+ sample_rate?: number | undefined;
2689
+ }>>>;
2690
+ kill_switch: z.ZodOptional<z.ZodOptional<z.ZodObject<{
2691
+ enabled: z.ZodDefault<z.ZodBoolean>;
2692
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
2693
+ endpoint: z.ZodOptional<z.ZodString>;
2694
+ poll_interval_ms: z.ZodDefault<z.ZodNumber>;
2695
+ }, "strip", z.ZodTypeAny, {
2696
+ enabled: boolean;
2697
+ channel: "sse" | "polling" | "file";
2698
+ poll_interval_ms: number;
2699
+ endpoint?: string | undefined;
2700
+ }, {
2701
+ enabled?: boolean | undefined;
2702
+ channel?: "sse" | "polling" | "file" | undefined;
2703
+ endpoint?: string | undefined;
2704
+ poll_interval_ms?: number | undefined;
2705
+ }>>>;
2706
+ }, "strip", z.ZodTypeAny, {
2707
+ kill_switch?: {
2708
+ enabled: boolean;
2709
+ channel: "sse" | "polling" | "file";
2710
+ poll_interval_ms: number;
2711
+ endpoint?: string | undefined;
2712
+ } | undefined;
2713
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2714
+ default_policy?: string | undefined;
2715
+ policy_paths?: string[] | undefined;
2716
+ asset_paths?: string[] | undefined;
2717
+ telemetry?: {
2718
+ enabled: boolean;
2719
+ sample_rate: number;
2720
+ endpoint?: string | undefined;
2721
+ } | undefined;
2722
+ }, {
2723
+ kill_switch?: {
2724
+ enabled?: boolean | undefined;
2725
+ channel?: "sse" | "polling" | "file" | undefined;
2726
+ endpoint?: string | undefined;
2727
+ poll_interval_ms?: number | undefined;
2728
+ } | undefined;
2729
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2730
+ default_policy?: string | undefined;
2731
+ policy_paths?: string[] | undefined;
2732
+ asset_paths?: string[] | undefined;
2733
+ telemetry?: {
2734
+ enabled?: boolean | undefined;
2735
+ endpoint?: string | undefined;
2736
+ sample_rate?: number | undefined;
2737
+ } | undefined;
2738
+ }>>;
2739
+ integrations: z.ZodOptional<z.ZodObject<{
2740
+ jira: z.ZodOptional<z.ZodOptional<z.ZodObject<{
2741
+ enabled: z.ZodDefault<z.ZodBoolean>;
2742
+ url: z.ZodOptional<z.ZodString>;
2743
+ project_key: z.ZodOptional<z.ZodString>;
2744
+ }, "strip", z.ZodTypeAny, {
2745
+ enabled: boolean;
2746
+ url?: string | undefined;
2747
+ project_key?: string | undefined;
2748
+ }, {
2749
+ enabled?: boolean | undefined;
2750
+ url?: string | undefined;
2751
+ project_key?: string | undefined;
2752
+ }>>>;
2753
+ azure_devops: z.ZodOptional<z.ZodOptional<z.ZodObject<{
2754
+ enabled: z.ZodDefault<z.ZodBoolean>;
2755
+ organization: z.ZodOptional<z.ZodString>;
2756
+ project: z.ZodOptional<z.ZodString>;
2757
+ }, "strip", z.ZodTypeAny, {
2758
+ enabled: boolean;
2759
+ organization?: string | undefined;
2760
+ project?: string | undefined;
2761
+ }, {
2762
+ organization?: string | undefined;
2763
+ enabled?: boolean | undefined;
2764
+ project?: string | undefined;
2765
+ }>>>;
2766
+ github: z.ZodOptional<z.ZodOptional<z.ZodObject<{
2767
+ enabled: z.ZodDefault<z.ZodBoolean>;
2768
+ owner: z.ZodOptional<z.ZodString>;
2769
+ repo: z.ZodOptional<z.ZodString>;
2770
+ }, "strip", z.ZodTypeAny, {
2771
+ enabled: boolean;
2772
+ owner?: string | undefined;
2773
+ repo?: string | undefined;
2774
+ }, {
2775
+ enabled?: boolean | undefined;
2776
+ owner?: string | undefined;
2777
+ repo?: string | undefined;
2778
+ }>>>;
2779
+ }, "strip", z.ZodTypeAny, {
2780
+ jira?: {
2781
+ enabled: boolean;
2782
+ url?: string | undefined;
2783
+ project_key?: string | undefined;
2784
+ } | undefined;
2785
+ github?: {
2786
+ enabled: boolean;
2787
+ owner?: string | undefined;
2788
+ repo?: string | undefined;
2789
+ } | undefined;
2790
+ azure_devops?: {
2791
+ enabled: boolean;
2792
+ organization?: string | undefined;
2793
+ project?: string | undefined;
2794
+ } | undefined;
2795
+ }, {
2796
+ jira?: {
2797
+ enabled?: boolean | undefined;
2798
+ url?: string | undefined;
2799
+ project_key?: string | undefined;
2800
+ } | undefined;
2801
+ github?: {
2802
+ enabled?: boolean | undefined;
2803
+ owner?: string | undefined;
2804
+ repo?: string | undefined;
2805
+ } | undefined;
2806
+ azure_devops?: {
2807
+ organization?: string | undefined;
2808
+ enabled?: boolean | undefined;
2809
+ project?: string | undefined;
2810
+ } | undefined;
2811
+ }>>;
2812
+ }, "strip", z.ZodTypeAny, {
2813
+ runtime?: {
2814
+ kill_switch?: {
2815
+ enabled: boolean;
2816
+ channel: "sse" | "polling" | "file";
2817
+ poll_interval_ms: number;
2818
+ endpoint?: string | undefined;
2819
+ } | undefined;
2820
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2821
+ default_policy?: string | undefined;
2822
+ policy_paths?: string[] | undefined;
2823
+ asset_paths?: string[] | undefined;
2824
+ telemetry?: {
2825
+ enabled: boolean;
2826
+ sample_rate: number;
2827
+ endpoint?: string | undefined;
2828
+ } | undefined;
2829
+ } | undefined;
2830
+ integrations?: {
2831
+ jira?: {
2832
+ enabled: boolean;
2833
+ url?: string | undefined;
2834
+ project_key?: string | undefined;
2835
+ } | undefined;
2836
+ github?: {
2837
+ enabled: boolean;
2838
+ owner?: string | undefined;
2839
+ repo?: string | undefined;
2840
+ } | undefined;
2841
+ azure_devops?: {
2842
+ enabled: boolean;
2843
+ organization?: string | undefined;
2844
+ project?: string | undefined;
2845
+ } | undefined;
2846
+ } | undefined;
2847
+ }, {
2848
+ runtime?: {
2849
+ kill_switch?: {
2850
+ enabled?: boolean | undefined;
2851
+ channel?: "sse" | "polling" | "file" | undefined;
2852
+ endpoint?: string | undefined;
2853
+ poll_interval_ms?: number | undefined;
2854
+ } | undefined;
2855
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2856
+ default_policy?: string | undefined;
2857
+ policy_paths?: string[] | undefined;
2858
+ asset_paths?: string[] | undefined;
2859
+ telemetry?: {
2860
+ enabled?: boolean | undefined;
2861
+ endpoint?: string | undefined;
2862
+ sample_rate?: number | undefined;
2863
+ } | undefined;
2864
+ } | undefined;
2865
+ integrations?: {
2866
+ jira?: {
2867
+ enabled?: boolean | undefined;
2868
+ url?: string | undefined;
2869
+ project_key?: string | undefined;
2870
+ } | undefined;
2871
+ github?: {
2872
+ enabled?: boolean | undefined;
2873
+ owner?: string | undefined;
2874
+ repo?: string | undefined;
2875
+ } | undefined;
2876
+ azure_devops?: {
2877
+ organization?: string | undefined;
2878
+ enabled?: boolean | undefined;
2879
+ project?: string | undefined;
2880
+ } | undefined;
2881
+ } | undefined;
2882
+ }>>>;
2883
+ }, "strip", z.ZodTypeAny, {
2884
+ version: "1.0";
2885
+ name?: string | undefined;
2886
+ environments?: Record<string, {
2887
+ runtime?: {
2888
+ kill_switch?: {
2889
+ enabled: boolean;
2890
+ channel: "sse" | "polling" | "file";
2891
+ poll_interval_ms: number;
2892
+ endpoint?: string | undefined;
2893
+ } | undefined;
2894
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2895
+ default_policy?: string | undefined;
2896
+ policy_paths?: string[] | undefined;
2897
+ asset_paths?: string[] | undefined;
2898
+ telemetry?: {
2899
+ enabled: boolean;
2900
+ sample_rate: number;
2901
+ endpoint?: string | undefined;
2902
+ } | undefined;
2903
+ } | undefined;
2904
+ integrations?: {
2905
+ jira?: {
2906
+ enabled: boolean;
2907
+ url?: string | undefined;
2908
+ project_key?: string | undefined;
2909
+ } | undefined;
2910
+ github?: {
2911
+ enabled: boolean;
2912
+ owner?: string | undefined;
2913
+ repo?: string | undefined;
2914
+ } | undefined;
2915
+ azure_devops?: {
2916
+ enabled: boolean;
2917
+ organization?: string | undefined;
2918
+ project?: string | undefined;
2919
+ } | undefined;
2920
+ } | undefined;
2921
+ }> | undefined;
2922
+ runtime?: {
2923
+ verification_failure_mode: "SANDBOX" | "FAIL";
2924
+ policy_paths: string[];
2925
+ asset_paths: string[];
2926
+ kill_switch?: {
2927
+ enabled: boolean;
2928
+ channel: "sse" | "polling" | "file";
2929
+ poll_interval_ms: number;
2930
+ endpoint?: string | undefined;
2931
+ } | undefined;
2932
+ default_policy?: string | undefined;
2933
+ telemetry?: {
2934
+ enabled: boolean;
2935
+ sample_rate: number;
2936
+ endpoint?: string | undefined;
2937
+ } | undefined;
2938
+ } | undefined;
2939
+ description?: string | undefined;
2940
+ integrations?: {
2941
+ jira?: {
2942
+ enabled: boolean;
2943
+ url?: string | undefined;
2944
+ project_key?: string | undefined;
2945
+ } | undefined;
2946
+ github?: {
2947
+ enabled: boolean;
2948
+ owner?: string | undefined;
2949
+ repo?: string | undefined;
2950
+ } | undefined;
2951
+ azure_devops?: {
2952
+ enabled: boolean;
2953
+ organization?: string | undefined;
2954
+ project?: string | undefined;
2955
+ } | undefined;
2956
+ } | undefined;
2957
+ }, {
2958
+ version: "1.0";
2959
+ name?: string | undefined;
2960
+ environments?: Record<string, {
2961
+ runtime?: {
2962
+ kill_switch?: {
2963
+ enabled?: boolean | undefined;
2964
+ channel?: "sse" | "polling" | "file" | undefined;
2965
+ endpoint?: string | undefined;
2966
+ poll_interval_ms?: number | undefined;
2967
+ } | undefined;
2968
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
2969
+ default_policy?: string | undefined;
2970
+ policy_paths?: string[] | undefined;
2971
+ asset_paths?: string[] | undefined;
2972
+ telemetry?: {
2973
+ enabled?: boolean | undefined;
2974
+ endpoint?: string | undefined;
2975
+ sample_rate?: number | undefined;
2976
+ } | undefined;
2977
+ } | undefined;
2978
+ integrations?: {
2979
+ jira?: {
2980
+ enabled?: boolean | undefined;
2981
+ url?: string | undefined;
2982
+ project_key?: string | undefined;
2983
+ } | undefined;
2984
+ github?: {
2985
+ enabled?: boolean | undefined;
2986
+ owner?: string | undefined;
2987
+ repo?: string | undefined;
2988
+ } | undefined;
2989
+ azure_devops?: {
2990
+ organization?: string | undefined;
2991
+ enabled?: boolean | undefined;
2992
+ project?: string | undefined;
2993
+ } | undefined;
2994
+ } | undefined;
2995
+ }> | undefined;
2996
+ runtime?: {
2997
+ kill_switch?: {
2998
+ enabled?: boolean | undefined;
2999
+ channel?: "sse" | "polling" | "file" | undefined;
3000
+ endpoint?: string | undefined;
3001
+ poll_interval_ms?: number | undefined;
3002
+ } | undefined;
3003
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
3004
+ default_policy?: string | undefined;
3005
+ policy_paths?: string[] | undefined;
3006
+ asset_paths?: string[] | undefined;
3007
+ telemetry?: {
3008
+ enabled?: boolean | undefined;
3009
+ endpoint?: string | undefined;
3010
+ sample_rate?: number | undefined;
3011
+ } | undefined;
3012
+ } | undefined;
3013
+ description?: string | undefined;
3014
+ integrations?: {
3015
+ jira?: {
3016
+ enabled?: boolean | undefined;
3017
+ url?: string | undefined;
3018
+ project_key?: string | undefined;
3019
+ } | undefined;
3020
+ github?: {
3021
+ enabled?: boolean | undefined;
3022
+ owner?: string | undefined;
3023
+ repo?: string | undefined;
3024
+ } | undefined;
3025
+ azure_devops?: {
3026
+ organization?: string | undefined;
3027
+ enabled?: boolean | undefined;
3028
+ project?: string | undefined;
3029
+ } | undefined;
3030
+ } | undefined;
3031
+ }>;
3032
+ type AigrcConfig = z.infer<typeof AigrcConfigSchema>;
1212
3033
  declare const AssetCardSchema: z.ZodObject<{
1213
3034
  $schema: z.ZodOptional<z.ZodString>;
1214
3035
  id: z.ZodString;
@@ -2010,8 +3831,88 @@ declare const AssetCardSchema: z.ZodObject<{
2010
3831
  logToolInvocations?: boolean | undefined;
2011
3832
  } | undefined;
2012
3833
  }>>;
3834
+ /** Golden Thread authorization data (SPEC-PRT-001) */
3835
+ golden_thread: z.ZodOptional<z.ZodObject<{
3836
+ /** Ticket ID from approval system (e.g., "FIN-1234") */
3837
+ ticket_id: z.ZodString;
3838
+ /** Email of approver (e.g., "ciso@corp.com") */
3839
+ approved_by: z.ZodString;
3840
+ /** ISO 8601 timestamp of approval (e.g., "2025-01-15T10:30:00Z") */
3841
+ approved_at: z.ZodString;
3842
+ /** SHA-256 hash of canonical string: sha256:{64 hex chars} */
3843
+ hash: z.ZodOptional<z.ZodString>;
3844
+ /** Optional cryptographic signature: {ALGORITHM}:{BASE64_SIGNATURE} */
3845
+ signature: z.ZodOptional<z.ZodString>;
3846
+ }, "strip", z.ZodTypeAny, {
3847
+ ticket_id: string;
3848
+ approved_by: string;
3849
+ approved_at: string;
3850
+ hash?: string | undefined;
3851
+ signature?: string | undefined;
3852
+ }, {
3853
+ ticket_id: string;
3854
+ approved_by: string;
3855
+ approved_at: string;
3856
+ hash?: string | undefined;
3857
+ signature?: string | undefined;
3858
+ }>>;
3859
+ /** Runtime governance configuration (SPEC-RT) */
3860
+ runtime: z.ZodOptional<z.ZodObject<{
3861
+ /** Path to policy file for this asset */
3862
+ policy_path: z.ZodOptional<z.ZodString>;
3863
+ /** Behavior when Golden Thread verification fails */
3864
+ verification_failure_mode: z.ZodDefault<z.ZodEnum<["SANDBOX", "FAIL"]>>;
3865
+ /** Whether telemetry is enabled for this asset */
3866
+ telemetry_enabled: z.ZodDefault<z.ZodBoolean>;
3867
+ /** Kill switch configuration */
3868
+ kill_switch: z.ZodOptional<z.ZodObject<{
3869
+ enabled: z.ZodDefault<z.ZodBoolean>;
3870
+ channel: z.ZodDefault<z.ZodEnum<["sse", "polling", "file"]>>;
3871
+ endpoint: z.ZodOptional<z.ZodString>;
3872
+ }, "strip", z.ZodTypeAny, {
3873
+ enabled: boolean;
3874
+ channel: "sse" | "polling" | "file";
3875
+ endpoint?: string | undefined;
3876
+ }, {
3877
+ enabled?: boolean | undefined;
3878
+ channel?: "sse" | "polling" | "file" | undefined;
3879
+ endpoint?: string | undefined;
3880
+ }>>;
3881
+ }, "strip", z.ZodTypeAny, {
3882
+ verification_failure_mode: "SANDBOX" | "FAIL";
3883
+ telemetry_enabled: boolean;
3884
+ kill_switch?: {
3885
+ enabled: boolean;
3886
+ channel: "sse" | "polling" | "file";
3887
+ endpoint?: string | undefined;
3888
+ } | undefined;
3889
+ policy_path?: string | undefined;
3890
+ }, {
3891
+ kill_switch?: {
3892
+ enabled?: boolean | undefined;
3893
+ channel?: "sse" | "polling" | "file" | undefined;
3894
+ endpoint?: string | undefined;
3895
+ } | undefined;
3896
+ policy_path?: string | undefined;
3897
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
3898
+ telemetry_enabled?: boolean | undefined;
3899
+ }>>;
2013
3900
  }, "strip", z.ZodTypeAny, {
2014
3901
  name: string;
3902
+ governance: {
3903
+ status: "linked" | "draft" | "approved" | "production" | "deprecated" | "revoked";
3904
+ approvals: {
3905
+ name: string;
3906
+ date: string;
3907
+ role: string;
3908
+ email?: string | undefined;
3909
+ source?: string | undefined;
3910
+ }[];
3911
+ deployment?: {
3912
+ environments: string[];
3913
+ lastDeployed?: string | null | undefined;
3914
+ } | undefined;
3915
+ };
2015
3916
  id: string;
2016
3917
  version: string;
2017
3918
  created: string;
@@ -2139,22 +4040,25 @@ declare const AssetCardSchema: z.ZodObject<{
2139
4040
  riskTolerance?: "high" | "low" | "medium" | null | undefined;
2140
4041
  importedAt?: string | null | undefined;
2141
4042
  };
2142
- governance: {
2143
- status: "linked" | "draft" | "approved" | "production" | "deprecated" | "revoked";
2144
- approvals: {
2145
- name: string;
2146
- date: string;
2147
- role: string;
2148
- email?: string | undefined;
2149
- source?: string | undefined;
2150
- }[];
2151
- deployment?: {
2152
- environments: string[];
2153
- lastDeployed?: string | null | undefined;
4043
+ runtime?: {
4044
+ verification_failure_mode: "SANDBOX" | "FAIL";
4045
+ telemetry_enabled: boolean;
4046
+ kill_switch?: {
4047
+ enabled: boolean;
4048
+ channel: "sse" | "polling" | "file";
4049
+ endpoint?: string | undefined;
2154
4050
  } | undefined;
2155
- };
2156
- $schema?: string | undefined;
4051
+ policy_path?: string | undefined;
4052
+ } | undefined;
4053
+ golden_thread?: {
4054
+ ticket_id: string;
4055
+ approved_by: string;
4056
+ approved_at: string;
4057
+ hash?: string | undefined;
4058
+ signature?: string | undefined;
4059
+ } | undefined;
2157
4060
  description?: string | undefined;
4061
+ $schema?: string | undefined;
2158
4062
  constraints?: {
2159
4063
  runtime?: {
2160
4064
  maxIterations?: number | undefined;
@@ -2170,6 +4074,20 @@ declare const AssetCardSchema: z.ZodObject<{
2170
4074
  } | undefined;
2171
4075
  }, {
2172
4076
  name: string;
4077
+ governance: {
4078
+ status: "linked" | "draft" | "approved" | "production" | "deprecated" | "revoked";
4079
+ approvals?: {
4080
+ name: string;
4081
+ date: string;
4082
+ role: string;
4083
+ email?: string | undefined;
4084
+ source?: string | undefined;
4085
+ }[] | undefined;
4086
+ deployment?: {
4087
+ environments?: string[] | undefined;
4088
+ lastDeployed?: string | null | undefined;
4089
+ } | undefined;
4090
+ };
2173
4091
  id: string;
2174
4092
  created: string;
2175
4093
  updated: string;
@@ -2296,23 +4214,26 @@ declare const AssetCardSchema: z.ZodObject<{
2296
4214
  riskTolerance?: "high" | "low" | "medium" | null | undefined;
2297
4215
  importedAt?: string | null | undefined;
2298
4216
  };
2299
- governance: {
2300
- status: "linked" | "draft" | "approved" | "production" | "deprecated" | "revoked";
2301
- approvals?: {
2302
- name: string;
2303
- date: string;
2304
- role: string;
2305
- email?: string | undefined;
2306
- source?: string | undefined;
2307
- }[] | undefined;
2308
- deployment?: {
2309
- environments?: string[] | undefined;
2310
- lastDeployed?: string | null | undefined;
4217
+ runtime?: {
4218
+ kill_switch?: {
4219
+ enabled?: boolean | undefined;
4220
+ channel?: "sse" | "polling" | "file" | undefined;
4221
+ endpoint?: string | undefined;
2311
4222
  } | undefined;
2312
- };
2313
- $schema?: string | undefined;
4223
+ policy_path?: string | undefined;
4224
+ verification_failure_mode?: "SANDBOX" | "FAIL" | undefined;
4225
+ telemetry_enabled?: boolean | undefined;
4226
+ } | undefined;
4227
+ golden_thread?: {
4228
+ ticket_id: string;
4229
+ approved_by: string;
4230
+ approved_at: string;
4231
+ hash?: string | undefined;
4232
+ signature?: string | undefined;
4233
+ } | undefined;
2314
4234
  description?: string | undefined;
2315
4235
  version?: string | undefined;
4236
+ $schema?: string | undefined;
2316
4237
  constraints?: {
2317
4238
  runtime?: {
2318
4239
  maxIterations?: number | undefined;
@@ -2329,4 +4250,4 @@ declare const AssetCardSchema: z.ZodObject<{
2329
4250
  }>;
2330
4251
  type AssetCard = z.infer<typeof AssetCardSchema>;
2331
4252
 
2332
- export { ApprovalSchema, type AssetCard, AssetCardSchema, type Classification, ClassificationSchema, type Constraints, ConstraintsSchema, type ControlStatus, ControlStatusSchema, type Governance, GovernanceSchema, type Intent, IntentSchema, type JurisdictionClassification, JurisdictionClassificationSchema, type Owner, OwnerSchema, type RiskFactors, RiskFactorsSchema, type Technical, TechnicalSchema, type Trustworthiness, type TrustworthinessCharacteristic, TrustworthinessCharacteristicSchema, TrustworthinessSchema };
4253
+ export { type AigrcConfig, AigrcConfigSchema, type AigrcIntegrationsConfig, AigrcIntegrationsConfigSchema, type AigrcRuntimeConfig, AigrcRuntimeConfigSchema, ApprovalSchema, type AssetCard, type AssetCardRuntime, AssetCardRuntimeSchema, AssetCardSchema, type CapabilitiesManifest, CapabilitiesManifestSchema, type Classification, ClassificationSchema, type Constraints, ConstraintsSchema, type ControlStatus, ControlStatusSchema, type GoldenThread, GoldenThreadSchema, type Governance, GovernanceSchema, type GovernanceTokenCapabilityClaims, GovernanceTokenCapabilityClaimsSchema, type GovernanceTokenControlClaims, GovernanceTokenControlClaimsSchema, type GovernanceTokenGovernanceClaims, GovernanceTokenGovernanceClaimsSchema, type GovernanceTokenIdentityClaims, GovernanceTokenIdentityClaimsSchema, type GovernanceTokenLineageClaims, GovernanceTokenLineageClaimsSchema, type GovernanceTokenPayload, GovernanceTokenPayloadSchema, type Intent, IntentSchema, type JurisdictionClassification, JurisdictionClassificationSchema, type KillSwitchCommand, KillSwitchCommandSchema, type KillSwitchCommandType, KillSwitchCommandTypeSchema, type Lineage, LineageSchema, type OperatingMode, OperatingModeSchema, type Owner, OwnerSchema, type PolicyCapabilities, PolicyCapabilitiesSchema, type PolicyFile, PolicyFileSchema, type PolicyRule, type PolicyRuleEffect, PolicyRuleEffectSchema, PolicyRuleSchema, type RiskFactors, RiskFactorsSchema, type RiskLevel, RiskLevelSchema, type RuntimeIdentity, RuntimeIdentitySchema, type Technical, TechnicalSchema, type Trustworthiness, type TrustworthinessCharacteristic, TrustworthinessCharacteristicSchema, TrustworthinessSchema };