@atlasent/sdk 1.5.0

package/dist/index.d.ts

@@ -0,0 +1,620 @@
+import { webcrypto } from 'node:crypto';
+import { p as protect, c as configure, a as AtlaSentError, A as AtlaSentDeniedError } from './protect-BKxcoR_2.js';
+export { d as AtlaSentDecision, e as AtlaSentDeniedErrorInit, f as AtlaSentErrorCode, g as AtlaSentErrorInit, C as ConfigureOptions, P as Permit, b as ProtectRequest } from './protect-BKxcoR_2.js';
+
+/**
+ * Shared audit wire types — the `/v1/audit/*` HTTP surface.
+ *
+ * Source of truth: `atlasent-api/supabase/functions/v1-audit/index.ts`
+ * (the edge function that serves `GET /v1/audit/events`,
+ * `POST /v1/audit/exports`, and `POST /v1/audit/verify`). The docstring
+ * at the top of that file describes these shapes. Keep this module in
+ * lockstep with it; `test/audit-types.test.ts` contains type-level
+ * assertions against the field set to make drift obvious.
+ *
+ * Fields are snake_case because that is what the server emits on the
+ * wire — unlike the evaluate / verify-permit types in `./types.ts`,
+ * which use camelCase on the SDK side and translate at the client
+ * boundary, the audit surface is intentionally wire-identical so that
+ * signed export bundles round-trip byte-for-byte through verifiers.
+ */
+/** Policy decision enum used on `audit_events.decision`. */
+type AuditDecision = 'allow' | 'deny' | 'hold' | 'escalate';
+/**
+ * Signing status reported on an export bundle. "signed" is the normal
+ * path; "unsigned" means the deployment has no active signing key;
+ * "signing_failed" means a key is configured but signing errored and
+ * the export was returned anyway (the signature is an empty string).
+ */
+type AuditExportSignatureStatus = 'signed' | 'unsigned' | 'signing_failed';
+/**
+ * One persisted row from `audit_events`, as returned by
+ * `GET /v1/audit/events` and embedded inside `AuditExport.events`.
+ *
+ * `decision` is nullable because not every event is an evaluation —
+ * CRUD-style audit writes (e.g. `policy.updated`) omit it. All other
+ * nullable fields follow the same "field doesn't apply to this event
+ * type" convention rather than "unknown value".
+ */
+interface AuditEvent {
+    /** Event UUID. Stable; surfaces as `tampered_event_ids` on verify failure. */
+    id: string;
+    /** Organization this event belongs to. */
+    org_id: string;
+    /** Per-org monotonic sequence. Used as the pagination cursor's payload. */
+    sequence: number;
+    /** Event type tag (e.g. "evaluate.allow", "policy.updated"). */
+    type: string;
+    /** Policy decision when the event is an evaluation; `null` otherwise. */
+    decision: AuditDecision | null;
+    /** Actor id (user / API key / agent) when applicable. */
+    actor_id: string | null;
+    /** Optional resource tag — e.g. "policy". */
+    resource_type: string | null;
+    /** Optional resource id — paired with `resource_type`. */
+    resource_id: string | null;
+    /** Canonical JSON of the event payload. Hashed into `hash`. */
+    payload: Record<string, unknown> | null;
+    /** SHA-256(prev_hash || canonicalJSON(payload)), hex. */
+    hash: string;
+    /** Previous event's `hash` (genesis is `"0".repeat(64)`). */
+    previous_hash: string;
+    /** When the underlying action occurred (ISO 8601). */
+    occurred_at: string;
+    /** When the row was persisted (ISO 8601). */
+    created_at: string;
+}
+/**
+ * Response shape for `GET /v1/audit/events`.
+ *
+ * `total` is the filter's full count (not just this page) so callers
+ * can show "page 1 of N" without an extra HEAD request.
+ *
+ * `next_cursor` is an opaque base64url string. Pass it back verbatim
+ * as `?cursor=...` to fetch the next page. Absent when this is the
+ * last page.
+ */
+interface AuditEventsPage {
+    events: AuditEvent[];
+    total: number;
+    next_cursor?: string;
+}
+/**
+ * Query parameters accepted by `GET /v1/audit/events`. Serialize as
+ * URL search params — `types` is a comma-joined list on the wire
+ * (e.g. `types=evaluate.allow,policy.updated`).
+ *
+ * All fields are optional; the server defaults `limit` to 50 and caps
+ * it at 500.
+ */
+interface AuditEventsQuery {
+    /** Comma-joined list of event types to filter on. */
+    types?: string;
+    /** Filter to a single actor. */
+    actor_id?: string;
+    /** Inclusive lower bound on `occurred_at` (ISO 8601). */
+    from?: string;
+    /** Inclusive upper bound on `occurred_at` (ISO 8601). */
+    to?: string;
+    /** Page size. Default 50, min 1, max 500. */
+    limit?: number;
+    /** Opaque cursor returned as `next_cursor` by the prior page. */
+    cursor?: string;
+}
+/**
+ * Response shape for `POST /v1/audit/exports` — a signed bundle of
+ * audit events suitable for offline verification.
+ *
+ * `signature` is detached Ed25519 over `signedBytesFor(bundle)` (see
+ * `./auditBundle.ts`). An empty string means the server attempted to
+ * sign but failed; check `signature_status` to distinguish.
+ *
+ * `tampered_event_ids` surfaces rows whose recomputed hash doesn't
+ * match the stored hash — even when `chain_integrity_ok` is false,
+ * the signature still covers whatever the server emitted, so callers
+ * that trust the signature must still inspect this list.
+ */
+interface AuditExport {
+    /** Server-assigned UUID for this export. */
+    export_id: string;
+    /** Organization the bundle belongs to. */
+    org_id: string;
+    /** Events in canonical (ascending sequence) order. */
+    events: AuditEvent[];
+    /** Last event's `hash`, or `"0".repeat(64)` if `events` is empty. */
+    chain_head_hash: string;
+    /** `true` iff adjacency + re-hash succeeded for every event. */
+    chain_integrity_ok: boolean;
+    /** `AuditEvent.id`s whose recomputed hash != stored hash. */
+    tampered_event_ids: string[];
+    /** Detached Ed25519 signature (base64url). Empty string on sign failure. */
+    signature: string;
+    /** Outcome of the signing attempt. */
+    signature_status: AuditExportSignatureStatus;
+    /** Registry id of the key that signed — absent when unsigned. */
+    signing_key_id?: string;
+    /** When the bundle was signed (ISO 8601). */
+    signed_at: string;
+}
+
+/**
+ * Public types for the AtlaSent TypeScript SDK.
+ *
+ * These shapes are deliberately minimal and 1:1 with the AtlaSent
+ * authorization API. Request / response fields are camelCase on the
+ * SDK side; the client handles snake_case translation on the wire.
+ */
+
+/** The two possible policy decisions. */
+type Decision = "ALLOW" | "DENY";
+/**
+ * Rate-limit state parsed from the server's `X-RateLimit-*` headers.
+ *
+ * Present on every authenticated response (success and 429) when the
+ * server emits the headers. `null` when the server doesn't — older
+ * deployments, or internal endpoints that skip per-key rate limiting.
+ *
+ * Clients should check `remaining` and sleep until `resetAt` to
+ * preemptively back off before hitting a 429.
+ */
+interface RateLimitState {
+    /** Value of `X-RateLimit-Limit` — the per-minute budget. */
+    limit: number;
+    /** Value of `X-RateLimit-Remaining` — unused budget in the current window. */
+    remaining: number;
+    /**
+     * Parsed `X-RateLimit-Reset` — the UTC instant when the current
+     * window's counter zeroes. Accepts either a unix-seconds integer or
+     * an ISO 8601 string on the wire.
+     */
+    resetAt: Date;
+}
+/** Input to {@link AtlaSentClient.evaluate}. */
+interface EvaluateRequest {
+    /** Identifier of the calling agent (e.g. "clinical-data-agent"). */
+    agent: string;
+    /** The action being authorized (e.g. "modify_patient_record"). */
+    action: string;
+    /** Arbitrary policy context (user, environment, resource IDs). */
+    context?: Record<string, unknown>;
+}
+/** Result of {@link AtlaSentClient.evaluate}. */
+interface EvaluateResponse {
+    /** "ALLOW" or "DENY". A "DENY" is not thrown — branch on this field. */
+    decision: Decision;
+    /** Opaque permit identifier, passed to {@link AtlaSentClient.verifyPermit}. */
+    permitId: string;
+    /** Human-readable explanation from the policy engine. */
+    reason: string;
+    /** Hash-chained audit-trail entry (21 CFR Part 11 / GxP-ready). */
+    auditHash: string;
+    /** ISO 8601 timestamp of the decision. */
+    timestamp: string;
+    /**
+     * Per-key rate-limit state for this request's response, parsed from
+     * `X-RateLimit-*` headers. `null` when the server didn't emit them.
+     */
+    rateLimit: RateLimitState | null;
+}
+/** Input to {@link AtlaSentClient.verifyPermit}. */
+interface VerifyPermitRequest {
+    /** The permit ID returned by a prior evaluate() call. */
+    permitId: string;
+    /** Optional: re-state the action for cross-check with the server. */
+    action?: string;
+    /** Optional: re-state the agent for cross-check with the server. */
+    agent?: string;
+    /** Optional: re-state the context for cross-check with the server. */
+    context?: Record<string, unknown>;
+}
+/** Result of {@link AtlaSentClient.verifyPermit}. */
+interface VerifyPermitResponse {
+    /** `true` when the permit is valid and un-revoked. */
+    verified: boolean;
+    /** Verification outcome string from the server. */
+    outcome: string;
+    /** Verification hash bound to the permit. */
+    permitHash: string;
+    /** ISO 8601 timestamp of the verification. */
+    timestamp: string;
+    /**
+     * Per-key rate-limit state for this request's response, parsed from
+     * `X-RateLimit-*` headers. `null` when the server didn't emit them.
+     */
+    rateLimit: RateLimitState | null;
+}
+/**
+ * Result of {@link AtlaSentClient.keySelf} — self-introspection of the API
+ * key the client was constructed with. Returned by `GET /v1/api-key-self`.
+ *
+ * Never includes the raw key or its hash — introspection is intentionally
+ * read-only and safe to surface in operator dashboards. Useful for:
+ *   - "which key am I?" debugging
+ *   - IP_NOT_ALLOWED failures — `clientIp` is the IP the server observed
+ *   - proactive expiry warnings — `expiresAt` is the server-stored expiry
+ *     (`null` means the key does not auto-expire)
+ *   - verifying scopes before attempting a scope-gated action
+ */
+interface ApiKeySelfResponse {
+    /** Server-side UUID of the api_keys row for this key. */
+    keyId: string;
+    /** Organization the key belongs to. */
+    organizationId: string;
+    /** "live" or "test" (or any future environment label the server introduces). */
+    environment: string;
+    /** Granted scopes — e.g. ["evaluate", "audit.read"]. */
+    scopes: string[];
+    /**
+     * Per-key IP allowlist as CIDR strings (e.g. ["10.0.0.0/8"]). `null`
+     * when the key is unrestricted.
+     */
+    allowedCidrs: string[] | null;
+    /** Server-enforced per-minute rate limit for this key. */
+    rateLimitPerMinute: number;
+    /** Client IP as the server observed it (first hop of X-Forwarded-For). */
+    clientIp: string | null;
+    /** Server-stored expiry; `null` means the key does not auto-expire. */
+    expiresAt: string | null;
+    /**
+     * Per-key rate-limit state for this request's response, parsed from
+     * `X-RateLimit-*` headers. `null` when the server didn't emit them.
+     */
+    rateLimit: RateLimitState | null;
+}
+/**
+ * Result of {@link AtlaSentClient.listAuditEvents}. Extends the raw
+ * wire page with a camelCase `rateLimit` alongside the snake_case
+ * wire fields — the wire shape (`events`, `total`, `next_cursor`) is
+ * untouched so callers that pass it to the offline verifier get
+ * byte-identical behaviour.
+ */
+interface AuditEventsResult extends AuditEventsPage {
+    /**
+     * Per-key rate-limit state for this request's response, parsed from
+     * `X-RateLimit-*` headers. `null` when the server didn't emit them.
+     */
+    rateLimit: RateLimitState | null;
+}
+/**
+ * Filter accepted by {@link AtlaSentClient.createAuditExport}. Fields
+ * are snake_case to match the server's `POST /v1-audit/exports`
+ * request body; an empty object requests a full-org bundle.
+ */
+interface AuditExportRequest {
+    /** Comma-joined list of event types to include (e.g. `"evaluate.allow,policy.updated"`). */
+    types?: string;
+    /** Filter to a single actor. */
+    actor_id?: string;
+    /** Inclusive lower bound on `occurred_at` (ISO 8601). */
+    from?: string;
+    /** Inclusive upper bound on `occurred_at` (ISO 8601). */
+    to?: string;
+}
+/**
+ * Result of {@link AtlaSentClient.createAuditExport}. Extends the
+ * signed bundle shape with a camelCase `rateLimit`. The signed
+ * envelope fields (`export_id`, `org_id`, `chain_head_hash`,
+ * `event_count`, `signed_at`, `events`, `signature`) are preserved
+ * byte-for-byte so the object can be handed straight to
+ * `verifyAuditBundle(bundle, keys)`.
+ */
+interface AuditExportResult extends AuditExport {
+    /**
+     * Per-key rate-limit state for this request's response, parsed from
+     * `X-RateLimit-*` headers. `null` when the server didn't emit them.
+     */
+    rateLimit: RateLimitState | null;
+}
+/** Constructor options for {@link AtlaSentClient}. */
+interface AtlaSentClientOptions {
+    /** Required. Your AtlaSent API key. */
+    apiKey: string;
+    /** API base URL. Defaults to "https://api.atlasent.io". */
+    baseUrl?: string;
+    /** Per-request timeout in milliseconds. Defaults to 10_000. */
+    timeoutMs?: number;
+    /**
+     * Inject a fetch implementation (primarily for testing).
+     * Defaults to `globalThis.fetch`.
+     */
+    fetch?: typeof fetch;
+}
+
+/**
+ * AtlaSent HTTP client.
+ *
+ * Two public methods, both backed by native `fetch`:
+ *   - {@link AtlaSentClient.evaluate}     → POST {baseUrl}/v1-evaluate
+ *   - {@link AtlaSentClient.verifyPermit} → POST {baseUrl}/v1-verify-permit
+ *
+ * Fail-closed: a clean policy DENY is returned (not thrown), but
+ * network, timeout, bad response, 4xx/5xx, and rate-limit conditions
+ * all throw {@link AtlaSentError}.
+ */
+
+declare class AtlaSentClient {
+    private readonly apiKey;
+    private readonly baseUrl;
+    private readonly timeoutMs;
+    private readonly fetchImpl;
+    constructor(options: AtlaSentClientOptions);
+    /**
+     * Ask the policy engine whether an agent action is permitted.
+     *
+     * A "DENY" is **not** thrown — it is returned in
+     * `response.decision`. Network errors, invalid API key, rate
+     * limits, timeouts, and malformed responses throw
+     * {@link AtlaSentError}.
+     */
+    evaluate(input: EvaluateRequest): Promise<EvaluateResponse>;
+    /**
+     * Verify that a previously issued permit is still valid.
+     *
+     * A `verified: false` response is **not** thrown — inspect the
+     * returned object. Only transport / server errors throw.
+     */
+    verifyPermit(input: VerifyPermitRequest): Promise<VerifyPermitResponse>;
+    /**
+     * Self-introspection: ask the server to describe the API key this
+     * client was constructed with. Returns the key's ID, organization,
+     * environment, scopes, IP allowlist, per-minute rate limit, the
+     * client IP the server observed, and the expiry (if any).
+     *
+     * Never includes the raw key or its hash. Safe to surface in operator
+     * dashboards. Useful for `IP_NOT_ALLOWED` debugging (the server tells
+     * you exactly which IP it saw) and for proactive expiry warnings.
+     *
+     * Throws {@link AtlaSentError} on transport / auth failures — same
+     * taxonomy as {@link AtlaSentClient.evaluate}.
+     */
+    keySelf(): Promise<ApiKeySelfResponse>;
+    /**
+     * List persisted audit events for the authenticated organization
+     * (`GET /v1-audit/events`). Returned rows are wire-identical with
+     * the server: snake_case field names, including `previous_hash` and
+     * the `hash` chain, so the response can be fed straight into the
+     * offline verifier when paired with a signed export.
+     *
+     * `query.types` is a comma-joined list (e.g.
+     * `"evaluate.allow,policy.updated"`). `cursor` is the opaque
+     * `next_cursor` from the prior page. All fields are optional; the
+     * server defaults `limit` to 50 (capped at 500).
+     *
+     * Throws {@link AtlaSentError} on transport / auth failures — same
+     * taxonomy as {@link AtlaSentClient.evaluate}.
+     */
+    listAuditEvents(query?: AuditEventsQuery): Promise<AuditEventsResult>;
+    /**
+     * Request a signed audit export bundle
+     * (`POST /v1-audit/exports`). The returned object is wire-identical
+     * with the server — `signature`, `chain_head_hash`, `events`, and
+     * friends survive untouched so the bundle can be persisted to disk
+     * and handed to the offline verifier (`verifyBundle` /
+     * `verifyAuditBundle`) without any reshaping.
+     *
+     * Pass `filter.types`, `filter.from`, `filter.to`, or `filter.actor_id`
+     * to narrow the export; omit for a full-org bundle. `rateLimit` is
+     * attached alongside the wire fields for observability.
+     *
+     * Throws {@link AtlaSentError} on transport / auth failures — same
+     * taxonomy as {@link AtlaSentClient.evaluate}.
+     */
+    createAuditExport(filter?: AuditExportRequest): Promise<AuditExportResult>;
+    private post;
+    private get;
+    private request;
+}
+
+/** Node's webcrypto CryptoKey — kept local so the module doesn't depend on DOM types. */
+type WebCryptoKey = webcrypto.CryptoKey;
+/** Public key candidate the verifier will try, tagged with its registry id. */
+interface VerifyKey {
+    keyId: string;
+    publicKey: WebCryptoKey;
+}
+interface BundleVerificationResult {
+    /**
+     * AND of three checks: adjacency (each event's `previous_hash`
+     * equals the prior event's `hash`), per-event hash recomputation
+     * from the canonical payload, and `chain_head_hash` matching the
+     * last event's stored hash.
+     */
+    chainIntegrityOk: boolean;
+    /** Ed25519 signature verified against one of the supplied public keys. */
+    signatureValid: boolean;
+    /** `chain_head_hash` equals the last event's stored `hash`. */
+    headHashMatches: boolean;
+    /** Event ids whose recomputed hash != stored hash. */
+    tamperedEventIds: string[];
+    /** Which registry key id matched, when `signatureValid` is true. */
+    matchedKeyId?: string | undefined;
+    /** Non-fatal explanation when a flag is false. */
+    reason?: string | undefined;
+    /** Convenience: `chainIntegrityOk && signatureValid`. */
+    verified: boolean;
+}
+/** Parsed bundle shape the verifier consumes. Fields beyond these are ignored. */
+interface AuditBundle {
+    export_id?: unknown;
+    org_id?: unknown;
+    chain_head_hash?: unknown;
+    event_count?: unknown;
+    signed_at?: unknown;
+    events?: unknown;
+    signature?: unknown;
+    signing_key_id?: unknown;
+    [k: string]: unknown;
+}
+interface VerifyBundleOptions {
+    /** SPKI-PEM strings (one per key in the active trust set). */
+    publicKeysPem?: readonly string[];
+    /** Already-imported keys, paired with registry ids (rotation hint). */
+    keys?: readonly VerifyKey[];
+}
+/**
+ * Reproduces `_shared/rules.ts::canonicalJSON` byte-for-byte:
+ *   - object keys sorted at every depth
+ *   - no whitespace
+ *   - `null`, `undefined`, `NaN`, `±Infinity` all render as `"null"`
+ *   - strings use standard `JSON.stringify` escapes
+ */
+declare function canonicalJSON(value: unknown): string;
+/**
+ * Recreate the exact bytes `handleExport` signed. Key order is
+ * load-bearing — must match the object literal in
+ * `v1-audit/index.ts::handleExport`. V8 preserves insertion order, so
+ * the literal below is byte-identical with what the backend signs.
+ */
+declare function signedBytesFor(bundle: AuditBundle): Uint8Array<ArrayBuffer>;
+declare function verifyAuditBundle(bundle: AuditBundle, keys: readonly VerifyKey[]): Promise<BundleVerificationResult>;
+/**
+ * Load a bundle from disk (or a parsed object) and verify it.
+ *
+ * `publicKeysPem` is the active SPKI-PEM set from
+ * `GET /v1-signing-keys`. When omitted, the chain check still runs
+ * but `signatureValid` will be false with an explanatory `reason` —
+ * callers that want a complete offline check MUST supply the trust
+ * set.
+ */
+declare function verifyBundle(pathOrBundle: string | AuditBundle, options?: VerifyBundleOptions): Promise<BundleVerificationResult>;
+
+/**
+ * Retry-policy helpers for the AtlaSent TypeScript SDK.
+ *
+ * This module is **pure**: no I/O, no network, no globals beyond
+ * `Math.random`. The intent is that {@link AtlaSentClient} (and any
+ * caller wrapping `protect()` / `evaluate()`) can ask
+ * {@link isRetryable} whether to retry a given {@link AtlaSentError},
+ * then ask {@link computeBackoffMs} how long to sleep before the next
+ * attempt.
+ *
+ * Wire-up into the client itself is intentionally deferred — see
+ * ROADMAP item #7 (Post-GA). Sentry breadcrumb emission is also
+ * deferred; both will land together once a transport-level retry
+ * loop is wired into `client.ts`.
+ *
+ * Retry classification (matches the server's documented contract):
+ *   - `network` / `timeout`        → retry (transient transport)
+ *   - `server_error` (HTTP 5xx)    → retry
+ *   - `rate_limited` (HTTP 429)    → retry, honour `retryAfterMs`
+ *   - `bad_response`               → retry (likely truncated body)
+ *   - `invalid_api_key`/`forbidden`/`bad_request` → never retry
+ *
+ * Backoff: capped exponential with full jitter.
+ *   delay = min(maxDelayMs, baseDelayMs * 2^attempt) * random[0, 1)
+ *
+ * "Full jitter" is the AWS-recommended scheme — see
+ * https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/.
+ * It avoids thundering-herd retries from many SDK instances that hit
+ * a 429 in the same window.
+ */
+/** Defaults for {@link RetryPolicy}. Conservative — three retries, ~7s ceiling. */
+declare const DEFAULT_RETRY_POLICY: Required<RetryPolicy>;
+/**
+ * Caller-tunable retry policy. All fields optional; missing fields
+ * fall back to {@link DEFAULT_RETRY_POLICY}.
+ */
+interface RetryPolicy {
+    /**
+     * Total attempts including the first try. `1` disables retries
+     * entirely. Must be `>= 1`; values below are clamped to `1`.
+     */
+    maxAttempts?: number;
+    /**
+     * Initial backoff for `attempt = 0`. Doubles per attempt up to
+     * `maxDelayMs`. Must be `>= 0`.
+     */
+    baseDelayMs?: number;
+    /**
+     * Hard ceiling on the per-attempt sleep, applied **before** jitter.
+     * The actual sleep is uniformly distributed in `[0, ceiling]`.
+     */
+    maxDelayMs?: number;
+}
+/**
+ * Decide whether `err` is worth a retry. Anything that isn't an
+ * {@link AtlaSentError} is treated as non-retryable — the SDK's
+ * transport layer always wraps fetch failures in `AtlaSentError`,
+ * so a non-AtlaSent throwable is by definition a programmer bug
+ * (a bad input, an assertion in user code) and should propagate.
+ */
+declare function isRetryable(err: unknown): boolean;
+/**
+ * Compute how long to sleep before retry attempt `attempt`
+ * (zero-indexed: `attempt = 0` is the first retry, i.e. the second
+ * total request). Uses capped exponential backoff with full jitter.
+ *
+ * When `err` carries a `retryAfterMs` (server-provided `Retry-After`
+ * header), the result is `max(retryAfterMs, jitteredDelay)` — the
+ * server's hint is treated as a floor so we never retry sooner than
+ * the server asked.
+ *
+ * @param attempt    Zero-indexed retry attempt (0, 1, 2, ...).
+ * @param policy     Optional override of {@link DEFAULT_RETRY_POLICY}.
+ * @param err        Optional error whose `retryAfterMs` is honoured.
+ * @param random     Injectable RNG, defaults to `Math.random`. Must
+ *                   return values in `[0, 1)` to preserve the
+ *                   distribution.
+ */
+declare function computeBackoffMs(attempt: number, policy?: RetryPolicy, err?: unknown, random?: () => number): number;
+/**
+ * Returns `true` when `attempt` (zero-indexed) is below the policy's
+ * `maxAttempts - 1` ceiling — i.e. when there is still budget for at
+ * least one more try after this one. Convenience wrapper so retry
+ * loops read top-to-bottom:
+ *
+ * ```ts
+ * for (let attempt = 0; ; attempt++) {
+ *   try { return await op(); }
+ *   catch (err) {
+ *     if (!isRetryable(err) || !hasAttemptsLeft(attempt, policy)) throw err;
+ *     await sleep(computeBackoffMs(attempt, policy, err));
+ *   }
+ * }
+ * ```
+ */
+declare function hasAttemptsLeft(attempt: number, policy?: RetryPolicy): boolean;
+/**
+ * Merge a partial policy with {@link DEFAULT_RETRY_POLICY} and clamp
+ * each field into a sensible range. Exported for tests and for
+ * callers that want to log the resolved policy.
+ */
+declare function mergePolicy(policy: RetryPolicy): Required<RetryPolicy>;
+
+/**
+ * @atlasent/sdk — execution-time authorization for AI agents.
+ *
+ * Primary API is the default export:
+ *
+ * ```ts
+ * import atlasent from "@atlasent/sdk";
+ *
+ * const permit = await atlasent.protect({
+ *   agent: "deploy-bot",
+ *   action: "deploy_to_production",
+ *   context: { commit, approver },
+ * });
+ * ```
+ *
+ * Named exports remain available for the lower-level
+ * {@link AtlaSentClient} and the error taxonomy.
+ */
+
+/**
+ * Default export. The opinionated, category-defining entry point:
+ *
+ * ```ts
+ * import atlasent from "@atlasent/sdk";
+ * await atlasent.protect({ ... });
+ * ```
+ */
+declare const atlasent: {
+    readonly protect: typeof protect;
+    readonly configure: typeof configure;
+    readonly verifyBundle: typeof verifyBundle;
+    readonly AtlaSentClient: typeof AtlaSentClient;
+    readonly AtlaSentError: typeof AtlaSentError;
+    readonly AtlaSentDeniedError: typeof AtlaSentDeniedError;
+};
+
+export { type ApiKeySelfResponse, AtlaSentClient, type AtlaSentClientOptions, AtlaSentDeniedError, AtlaSentError, type AuditBundle, type AuditDecision, type AuditEvent, type AuditEventsPage, type AuditEventsQuery, type AuditEventsResult, type AuditExport, type AuditExportRequest, type AuditExportResult, type AuditExportSignatureStatus, type BundleVerificationResult, DEFAULT_RETRY_POLICY, type Decision, type EvaluateRequest, type EvaluateResponse, type RateLimitState, type RetryPolicy, type VerifyBundleOptions, type VerifyKey, type VerifyPermitRequest, type VerifyPermitResponse, canonicalJSON, computeBackoffMs, configure, atlasent as default, hasAttemptsLeft, isRetryable, mergePolicy, protect, signedBytesFor, verifyAuditBundle, verifyBundle };