@attestry/sdk 0.6.0

package/dist/resources/evidence-pack.d.ts

@@ -0,0 +1,1080 @@
+import type { AttestryClient } from "../client.js";
+import type { RequestOptions } from "../types.js";
+/**
+ * The five evidence-pack types the kernel accepts. Mirrors
+ * `PACK_TYPES` in kernel `src/lib/evidence-pack/types.ts:150-156`.
+ * Frozen so consumer code can safely use
+ * `PACK_TYPES.includes(...)` without mutation risk (P1 hardening —
+ * defends against a hostile/buggy npm dep mutating the array between
+ * SDK import and method call).
+ *
+ * Drift-pinned in the spec-diff round (`evidence-pack.drift.test.ts`)
+ * by text-comparing this declaration with the kernel's. An addition /
+ * removal / reordering on either side trips the test, **satisfying P1
+ * checkpoint AC7** ("SDK drift pin: `pack_type` enum in SDK matches
+ * kernel").
+ */
+export declare const PACK_TYPES: readonly ["annex_iv", "agentic_reperformance", "red_team_cycle", "pccp_evidence", "underwriting_evidence"];
+export type PackType = (typeof PACK_TYPES)[number];
+/**
+ * The five pack-status values the kernel emits + accepts as a filter.
+ * Mirrors `PACK_STATUSES` in kernel `src/lib/evidence-pack/types.ts:160-166`.
+ * Frozen; drift-pinned identically to `PACK_TYPES`.
+ */
+export declare const PACK_STATUSES: readonly ["draft", "signed", "superseded", "revoked", "expired"];
+export type PackStatus = (typeof PACK_STATUSES)[number];
+/**
+ * The three artifact formats `evidencePack.export` accepts. Mirrors
+ * `EXPORT_FORMATS` in kernel `src/lib/evidence-pack/types.ts:584`
+ * (`["json","pdf","zip"] as const`). Frozen; drift-pinned byte-equal to
+ * the kernel in `evidence-pack.drift.test.ts` (P1.8 DEV-76).
+ *
+ * The kernel route's `exportQuerySchema` requires `format` (no default,
+ * spec concern E1 — unknown/absent → 422). The SDK pre-validates
+ * `format` against this frozen tuple, so an absent/unknown format
+ * rejects with a synchronous `TypeError` before the request is sent.
+ */
+export declare const EXPORT_FORMATS: readonly ["json", "pdf", "zip"];
+export type ExportFormat = (typeof EXPORT_FORMATS)[number];
+/**
+ * Input for `evidencePack.create`. Mirrors the wire body of
+ * `POST /api/v1/evidence-packs` (kernel `createEvidencePackInputSchema`
+ * minus the auth-derived `orgId` and `userId` fields).
+ *
+ * P1.6-scope fields (4) — matches the P1.5 MCP `attestry_evidence_pack_create`
+ * surface for SDK ↔ MCP parity (DEV-67). The kernel route ALSO accepts
+ * `consumerHints` (P3 future) and `parentPackId` (P1.4 supersede surface);
+ * P1.6 deliberately omits both to match MCP parity. A future SDK
+ * extension may add them without breaking the 4-field surface.
+ */
+export interface CreateEvidencePackInput {
+    /**
+     * One of the five `PACK_TYPES` values. Pre-validated by the SDK against
+     * the local frozen tuple; rejection is a synchronous `TypeError`
+     * (P1.6 spec hostile concern #1).
+     */
+    packType: PackType;
+    /**
+     * Optional UUID of the AI system the pack is scoped to. Omit for an
+     * org-level pack (kernel column is nullable; org-level packs are
+     * legitimate for underwriting / cross-system evidence). Pre-validated
+     * against `UUID_REGEX` when provided.
+     */
+    systemId?: string;
+    /**
+     * Optional array of regulatory framework bindings (up to 50). Each
+     * binding's inner shape is open-spec to the SDK (faithful courier —
+     * kernel `frameworkBindingSchema` is the deep validator with
+     * `.strict()` enforcement of `framework` + `identifier` +
+     * `jurisdiction?` + `effective_date?`).
+     */
+    frameworkBindings?: unknown[];
+    /**
+     * Optional free-form metadata object (string-keyed). Capped by the
+     * kernel at 64 KiB serialized (`MAX_METADATA_BYTES`); the SDK does
+     * NOT pre-validate the size cap (no extra `JSON.stringify` cost on
+     * the happy path), leaving the kernel as the authority — same
+     * faithful-courier discipline as `vision.extract` deep field shapes.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Input for `evidencePack.get`. Mirrors the URL-path param of
+ * `GET /api/v1/evidence-packs/{id}` — single field.
+ */
+export interface GetEvidencePackInput {
+    /**
+     * UUID of the evidence pack to retrieve. RFC 4122 hyphenated form
+     * (8-4-4-4-12 hex, case-insensitive). Pre-validated by the SDK before
+     * the URL is constructed.
+     */
+    packId: string;
+}
+/**
+ * Input for `evidencePack.list`. Mirrors the query-string of
+ * `GET /api/v1/evidence-packs` (kernel `listEvidencePacksQuerySchema`
+ * MINUS `parentPackId` — see DEV-67; the SDK matches the P1.5 MCP
+ * surface parity, not the wider kernel route surface).
+ *
+ * **Single page per call** (DEV-63) — pass the response's `nextCursor`
+ * back as `cursor` on a subsequent call to fetch the next page. No
+ * async-iterator today; a future SDK-wide prompt may add cross-resource
+ * iteration.
+ *
+ * **`limit` default applied kernel-side**: when omitted, the kernel
+ * applies `.default(50)` (carry-forward invariant #52 — closed-default
+ * field pre-validation; the SDK omits the field from the query string
+ * so the kernel's default fires).
+ */
+export interface ListEvidencePacksInput {
+    /** Optional UUID filter — return only packs scoped to this AI system. */
+    systemId?: string;
+    /** Optional closed-enum filter on `pack_type`. */
+    packType?: PackType;
+    /** Optional closed-enum filter on `status`. */
+    status?: PackStatus;
+    /**
+     * Optional page size. Integer in [1, 200] inclusive. Omitted →
+     * kernel-side default of 50.
+     */
+    limit?: number;
+    /**
+     * Optional opaque pagination cursor. Pass the `nextCursor` from a
+     * previous call to fetch the next page. Base64url-encoded JSON
+     * `{c, i}` (kernel format; the SDK passes through verbatim and does
+     * NOT decode).
+     */
+    cursor?: string;
+}
+/**
+ * Input for `evidencePack.addBundle`. Mirrors the wire body + URL-path
+ * param of `POST /api/v1/evidence-packs/{id}/bundles` (kernel
+ * `addBundleToPackInputSchema` minus the auth-derived `orgId` and
+ * `userId`; `packId` rides the URL path, not the body).
+ *
+ * 8 fields total (DEV-67) — 4 required + 4 optional, matching the
+ * P1.5 MCP `attestry_evidence_pack_append_bundle` surface.
+ */
+export interface AddBundleInput {
+    /**
+     * UUID of the draft pack to append the bundle to. RFC 4122 hyphenated.
+     * Pre-validated by the SDK before the URL is constructed.
+     */
+    packId: string;
+    /**
+     * Ordered array of trace entries (up to 1000). Per-entry shape is
+     * open-spec to the SDK (kernel `traceEntrySchema` deep-validates
+     * `action` / `timestamp` / `refs?` with `.strict()`).
+     */
+    traceContent: unknown[];
+    /**
+     * Non-empty hash string identifying the bundle's inputs. Length
+     * 1-500 chars. Format is open-spec to the SDK (kernel accepts any
+     * non-empty length-bounded string; the project convention is
+     * `sha256:<hex>` but the kernel does NOT enforce it).
+     */
+    inputsHash: string;
+    /**
+     * Non-empty hash string identifying the bundle's outputs. Length
+     * 1-500 chars; same open-spec rule as `inputsHash`.
+     */
+    outputsHash: string;
+    /**
+     * Optional model-behavior log. Open-spec inner shape (kernel
+     * `modelBehaviorLogSchema` deep-validates `model` / `version` /
+     * `sampling_params?` / `response_hash?`).
+     */
+    modelBehaviorLog?: Record<string, unknown>;
+    /**
+     * Optional corroboration-results object (free-form jsonb). Depth-
+     * capped server-side at 64 levels (kernel `MAX_HASHED_JSONB_DEPTH`);
+     * the SDK does NOT pre-validate depth.
+     */
+    corroborationResults?: Record<string, unknown>;
+    /**
+     * Optional `http(s)://` URI of bundle binary content in storage.
+     * Length-capped at 2000 chars (kernel `httpsOnlyUrl(2000)`). Scheme
+     * validation (`^https?://`) is kernel-authoritative; the SDK
+     * validates length only (faithful courier).
+     */
+    storageUri?: string;
+    /**
+     * Optional free-form metadata. Capped by the kernel at 64 KiB
+     * serialized; SDK does NOT pre-validate the size.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Input for `evidencePack.sign`. Mirrors the URL-path param + wire body
+ * of `POST /api/v1/evidence-packs/{id}/sign` (kernel `signPackInputSchema`
+ * minus the auth-derived `orgId` / `userId`; `packId` rides the URL
+ * path). Matches the P1.7 MCP `attestry_evidence_pack_sign` surface
+ * (the MCP `confirm` gate is MCP-layer-only and NOT mirrored here).
+ */
+export interface SignEvidencePackInput {
+    /**
+     * UUID of the **draft** pack to sign. RFC 4122 hyphenated. Pre-validated
+     * by the SDK before the URL is constructed.
+     */
+    packId: string;
+    /**
+     * Optional UUID of an attestation certificate to bind to the signed
+     * pack. When provided, the kernel verifies it belongs to the caller's
+     * org (and, for a system-scoped pack, matches the pack's system).
+     * Omit to sign without an attestation cert (`content_hash` is the
+     * signing primitive). Pre-validated against `UUID_REGEX` when provided.
+     */
+    attestationCertificateId?: string;
+}
+/**
+ * Inner-payload shape for the new draft pack a `supersede` creates.
+ * Mirrors the kernel `supersedeNewPackPayloadSchema` and the P1.7 MCP
+ * `supersede` tool's `newPack` shape.
+ *
+ * **Includes `consumerHints`** (P1.8 DEV-74) — unlike P1.6's `create`
+ * input, which deliberately omitted it (DEV-67) to match the MCP
+ * **create** tool. The MCP **supersede** tool's `newPack` includes
+ * `consumerHints`, so the SDK supersede mirrors it.
+ */
+export interface SupersedeEvidencePackNewPack {
+    /**
+     * One of the five `PACK_TYPES` values. Pre-validated against the local
+     * frozen tuple; rejection is a synchronous `TypeError`.
+     */
+    packType: PackType;
+    /**
+     * Optional UUID of the AI system the new pack is scoped to. Omit for
+     * an org-level pack. Pre-validated against `UUID_REGEX` when provided.
+     */
+    systemId?: string;
+    /**
+     * Optional array of regulatory framework bindings (up to 50). Inner
+     * shape is open-spec to the SDK (kernel `frameworkBindingSchema` is the
+     * `.strict()` deep validator) — same faithful-courier discipline as
+     * `create`'s `frameworkBindings`.
+     */
+    frameworkBindings?: unknown[];
+    /**
+     * Optional consumer-consumption hints object (kernel
+     * `consumerHintsSchema` = `{allowPublicRetrieval?, suggestedVerifier?,
+     * expectedQueryPatterns?}`, `.strict()`). The SDK validates only that
+     * it is a non-null non-array object and forwards it as-is; the kernel
+     * deep-validates the keys + the `https`-only verifier URL + caps.
+     */
+    consumerHints?: Record<string, unknown>;
+    /**
+     * Optional free-form metadata object (string-keyed). Capped kernel-side
+     * at 64 KiB serialized; the SDK does NOT pre-validate the size.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Input for `evidencePack.supersede`. Mirrors the URL-path param + wire
+ * body of `POST /api/v1/evidence-packs/{id}/supersede` (kernel
+ * `supersedePackInputSchema` minus the auth-derived `orgId` / `userId`;
+ * the old pack's id rides the URL path as `packId`).
+ */
+export interface SupersedeEvidencePackInput {
+    /**
+     * UUID of the **signed** pack to supersede (the OLD pack). RFC 4122
+     * hyphenated. Rides the URL path. Pre-validated by the SDK.
+     */
+    packId: string;
+    /**
+     * Payload for the NEW draft pack the supersede creates. Required. The
+     * kernel splices in `orgId` / `userId` (auth) + `parentPackId` (= the
+     * old `packId`) at the transaction layer.
+     */
+    newPack: SupersedeEvidencePackNewPack;
+}
+/**
+ * Input for `evidencePack.revoke`. Mirrors the URL-path param + wire body
+ * of `POST /api/v1/evidence-packs/{id}/revoke` (kernel
+ * `revokePackInputSchema` minus the auth-derived `orgId` / `userId`;
+ * `packId` rides the URL path).
+ */
+export interface RevokeEvidencePackInput {
+    /**
+     * UUID of the **signed** pack to revoke. RFC 4122 hyphenated.
+     * Pre-validated by the SDK before the URL is constructed.
+     */
+    packId: string;
+    /**
+     * Optional human-readable revocation reason, recorded verbatim in the
+     * pack's audit-log entry. Length 1-500 chars (kernel
+     * `z.string().min(1).max(500)`). Pre-validated when provided.
+     */
+    reason?: string;
+}
+/**
+ * Input for `evidencePack.export`. Mirrors the URL-path param + query
+ * string of `GET /api/v1/evidence-packs/{id}/export?format={json|pdf|zip}`.
+ */
+export interface ExportEvidencePackInput {
+    /**
+     * UUID of the pack to export. RFC 4122 hyphenated. Rides the URL path.
+     * Pre-validated by the SDK.
+     */
+    packId: string;
+    /**
+     * One of the three `EXPORT_FORMATS` values (`json` / `pdf` / `zip`).
+     * **Required** — the kernel `exportQuerySchema` has no default (spec
+     * concern E1). Pre-validated against the frozen tuple; an absent or
+     * unknown format rejects with a synchronous `TypeError`.
+     */
+    format: ExportFormat;
+}
+/**
+ * An evidence-pack record. Mirrors `EvidencePack` (kernel
+ * `InferSelectModel<typeof evidencePacks>`) projected through
+ * `successResponse` (`NextResponse.json` serializes Drizzle `Date`
+ * columns as ISO-8601 strings — wire shape).
+ *
+ * Closed-enum fields (`packType`, `status`) are typed as the SDK's
+ * closed unions for compile-time narrowing but the runtime P2 validator
+ * checks `typeof === "string"` only (faithful courier — same
+ * convention as `gate.gate` / `vision.packIntegration.status` /
+ * `BulkFailedSummary.code`). A kernel-side enum addition before the
+ * SDK is bumped will round-trip at runtime (typed as the closed union
+ * at compile time but holding the new string); the drift pin
+ * (`evidence-pack.drift.test.ts`) fires in CI before that scenario
+ * reaches consumers.
+ *
+ * Nullable columns surface as `T | null` on the wire (kernel column
+ * definitions with `.nullable()` semantics — see
+ * `src/lib/db/schema.ts`).
+ */
+export interface EvidencePack {
+    /** UUID of the pack. */
+    id: string;
+    /** Pack type closed enum (typed-closed, runtime-open). */
+    packType: PackType;
+    /** UUID of the owning organization. */
+    orgId: string;
+    /** UUID of the scoped AI system, or `null` for org-level packs. */
+    systemId: string | null;
+    /** Pack status closed enum (typed-closed, runtime-open). */
+    status: PackStatus;
+    /**
+     * Framework bindings JSONB. Runtime shape is an array of binding
+     * objects (kernel default `[]::jsonb`); typed as `unknown` here so
+     * consumers can deep-validate per their needs without a tight SDK
+     * coupling. The P2 validator requires an array (the kernel column
+     * is `notNull` with a default empty array; any other shape would be
+     * a kernel regression).
+     */
+    frameworkBindings: unknown[];
+    /** UUID of the parent pack when this pack supersedes one, else `null`. */
+    parentPackId: string | null;
+    /** UUID of the pack that supersedes this one, else `null`. */
+    supersededById: string | null;
+    /**
+     * Consumer-hints JSONB. Runtime shape is `{allowPublicRetrieval?,
+     * suggestedVerifier?, expectedQueryPatterns?}` (kernel default
+     * `{}::jsonb`). Typed as `unknown` for the same reason as
+     * `frameworkBindings`; P2 validator requires a non-null non-array
+     * object.
+     */
+    consumerHints: unknown;
+    /** UUID of the linked attestation certificate, or `null` when unsigned. */
+    attestationCertificateId: string | null;
+    /** SHA-256 hash of the canonical bundle list, or `null` in `draft` state. */
+    contentHash: string | null;
+    /** ISO-8601 timestamp of `sign` transition, or `null` when unsigned. */
+    signedAt: string | null;
+    /** UUID of the signing user, or `null` when unsigned. */
+    signedByUserId: string | null;
+    /**
+     * Free-form metadata JSONB. Default `{}::jsonb`. Typed `unknown`; P2
+     * validator requires a non-null non-array object.
+     */
+    metadata: unknown;
+    /** ISO-8601 timestamp of pack creation. */
+    createdAt: string;
+}
+/**
+ * A reperformance-bundle record. Mirrors `ReperformanceBundle` (kernel
+ * `InferSelectModel<typeof reperformanceBundles>`) projected through
+ * `successResponse` (Drizzle `Date` → ISO-8601 string).
+ */
+export interface ReperformanceBundle {
+    /** UUID of the bundle. */
+    id: string;
+    /** UUID of the parent pack. */
+    evidencePackId: string;
+    /**
+     * Trace-content array (kernel `notNull` jsonb). Per-entry shape is
+     * `{action, timestamp, refs?}` runtime; typed `unknown` here.
+     */
+    traceContent: unknown[];
+    /** Caller-supplied inputs hash. */
+    inputsHash: string;
+    /** Caller-supplied outputs hash. */
+    outputsHash: string;
+    /** Optional model-behavior-log object, or `null`. */
+    modelBehaviorLog: unknown;
+    /** Optional corroboration-results object, or `null`. */
+    corroborationResults: unknown;
+    /** Optional storage URI, or `null`. */
+    storageUri: string | null;
+    /** Free-form metadata (kernel default `{}::jsonb`). */
+    metadata: unknown;
+    /** ISO-8601 timestamp of bundle creation. */
+    createdAt: string;
+}
+/**
+ * Response for `evidencePack.get`. Mirrors the kernel's
+ * `GetEvidencePackResult` (`{pack, bundles}`) — the pack plus its
+ * full bundle list ordered `(created_at, id) ASC` (kernel
+ * `queries.ts:275-278`).
+ */
+export interface GetEvidencePackResponse {
+    pack: EvidencePack;
+    bundles: ReperformanceBundle[];
+}
+/**
+ * Response for `evidencePack.list`. Mirrors the kernel's
+ * `ListEvidencePacksResult` (`{items, nextCursor}`) — newest-first
+ * keyset pagination over `(created_at DESC, id DESC)`. `nextCursor`
+ * is `null` when no more pages.
+ */
+export interface ListEvidencePacksResponse {
+    items: EvidencePack[];
+    /** Opaque cursor for the next page, or `null` when no more pages. */
+    nextCursor: string | null;
+}
+/**
+ * `hashCollision` block on the `addBundle` response. The kernel
+ * detects same-`(inputs_hash, outputs_hash)` collisions with prior
+ * bundles on the SAME pack and FLAGS (does NOT block — P1.2 DEV-17).
+ *
+ * `count` is the total number of colliding prior bundles;
+ * `collidingBundleIds` is a bounded sample of up to 10 ids (kernel
+ * hostile-redux F-14 — capped so the response doesn't grow
+ * unboundedly under dup-heavy packs).
+ */
+export interface HashCollision {
+    detected: boolean;
+    count: number;
+    collidingBundleIds: string[];
+}
+/**
+ * Response for `evidencePack.addBundle`. Mirrors the kernel's
+ * `AddBundleToPackResult` — the newly-appended bundle, the updated
+ * pack (with recomputed `content_hash`), and the collision flag.
+ */
+export interface AddBundleResponse {
+    bundle: ReperformanceBundle;
+    pack: EvidencePack;
+    hashCollision: HashCollision;
+}
+/**
+ * Response for `evidencePack.supersede`. Mirrors the kernel
+ * `supersedePack` return (`{newPack, oldPack}`, HTTP 201). `newPack` is
+ * the freshly-created draft (status `draft`, `parentPackId` = the old
+ * pack); `oldPack` is the now-`superseded` old pack (with
+ * `supersededById` set). Both are full `EvidencePack` records (each
+ * P2-validated via `validatePack`).
+ */
+export interface SupersedeEvidencePackResponse {
+    newPack: EvidencePack;
+    oldPack: EvidencePack;
+}
+/**
+ * Result of `evidencePack.export` (P1.8 DEV-73). The kernel export route
+ * returns a downloadable artifact, NOT the `{success, data}` JSON
+ * envelope — so the SDK is a faithful courier: it surfaces the
+ * un-consumed `Response` and lets the consumer read the body in the form
+ * the format dictates.
+ *
+ *   - `json` → `response.json()` yields the raw artifact
+ *     `{export:{format,generatedAt,schemaVersion}, pack, bundles}`.
+ *   - `pdf`  → `await response.arrayBuffer()` (or `.bytes()`) yields the
+ *     PDF bytes.
+ *   - `zip`  → `response.body` is a `ReadableStream<Uint8Array>` (stream
+ *     it to disk for large packs), or `await response.blob()`.
+ *
+ * The transport's `_streamRequest` has already verified the HTTP status
+ * (a non-2xx threw `AttestryAPIError`) and that the response's
+ * `Content-Type` MIME matches the requested format — so reading `body`
+ * will not surprise the consumer with an HTML error page.
+ */
+export interface EvidencePackExportResult {
+    /** The requested export format, echoed back. */
+    format: ExportFormat;
+    /**
+     * The kernel `Content-Type` for this artifact
+     * (`application/json` | `application/pdf` | `application/zip`).
+     * Guaranteed to equal the response's MIME (the transport's content-type
+     * guard threw otherwise).
+     */
+    contentType: string;
+    /**
+     * The kernel `Content-Disposition` download header
+     * (`attachment; filename="evidence-pack-<id>.<fmt>"`), or `null` if a
+     * proxy stripped it (the kernel always sets it).
+     */
+    contentDisposition: string | null;
+    /**
+     * The un-consumed `Response`. Call `.json()` / `.arrayBuffer()` /
+     * `.blob()` or read `.body` as a stream.
+     */
+    response: Response;
+}
+/**
+ * `evidencePack` resource — sibling to `IncidentsResource`,
+ * `DecisionsResource`, `ChatResource`, `AuditLogResource`,
+ * `RegulatoryChangesResource`, `ComplianceCheckResource`,
+ * `CheckResource`, `GateResource`, `VisionResource`.
+ *
+ * Eight methods: the P1.6 core (`create`, `get`, `list`, `addBundle`)
+ * plus the P1.8 lifecycle/export ops (`sign`, `supersede`, `revoke`,
+ * `export`). All are JSON request/response (`{success,data}` envelope
+ * via `_request`) EXCEPT `export`, which returns a downloadable artifact
+ * (json/pdf/zip) via the streaming transport `_streamRequest`.
+ */
+export declare class EvidencePackResource {
+    private readonly client;
+    constructor(client: AttestryClient);
+    /**
+     * Create a new draft evidence pack for the authenticated organization.
+     * Wraps `POST /api/v1/evidence-packs`.
+     *
+     * `orgId` and `userId` are derived server-side from the API key; they
+     * are never accepted on the wire. The kernel applies defaults for
+     * `frameworkBindings` (`[]`), `consumerHints` (`{}`), `metadata`
+     * (`{}`), and `status` (`"draft"`) when fields are omitted.
+     *
+     * **Idempotency**: the kernel accepts `Idempotency-Key` on this
+     * endpoint, but the SDK does NOT expose the header in P1.6 (see
+     * resource header comment). Consumers needing safe retry today
+     * should dedupe client-side.
+     *
+     * Errors — ordered by kernel firing precedence (rate-limit → auth →
+     * body parse → Zod → DB):
+     *   - `AttestryAPIError` (status 429) — rate limit FIRES FIRST
+     *     (auto-retried by default — invariant #18).
+     *   - `AttestryAPIError` (status 401) — no API key OR invalid key.
+     *   - `AttestryAPIError` (status 403) — authenticated key lacks
+     *     `WRITE_ASSESSMENTS` permission.
+     *   - `AttestryAPIError` (status 400) — JSON parse failure on the
+     *     body OR a malformed `Idempotency-Key` header (the kernel
+     *     emits 400 for both transport-shape failures).
+     *   - `AttestryAPIError` (status 409) — `Idempotency-Key` conflict
+     *     (same key, different body hash; `details.code` ===
+     *     `"evidence_pack.idempotency_key_conflict"`). Not reachable
+     *     from P1.6's SDK directly.
+     *   - `AttestryAPIError` (status 422) — Zod validation failed
+     *     (`details.code` === `"evidence_pack.validation_failed"`;
+     *     `details.issues` carries the field paths).
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — caller-
+     *     supplied `options.signal` fired (pre-aborted or mid-flight).
+     *   - `AttestryError` (P2 hardening) — kernel response failed
+     *     SDK-side shape validation (not an object, wrong type on any
+     *     field).
+     *   - `AttestryAPIError` (P3 hardening) — kernel response had a
+     *     wrong Content-Type (transport-level guard, before body
+     *     parsing).
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation (null/array/non-object input; missing
+     *     `packType`; bad `packType` enum; bad `systemId` UUID; bad
+     *     `frameworkBindings` array shape; bad `metadata` shape).
+     *
+     * **SDK-side validation** (synchronous `TypeError`, no fetch issued):
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packType`: required own-property; member of `PACK_TYPES`.
+     *   - `input.systemId` (when own-present, value not undefined): non-
+     *     empty string matching `UUID_REGEX`.
+     *   - `input.frameworkBindings` (when own-present, value not
+     *     undefined): array of length ≤50 (kernel cap); per-entry shape
+     *     is open-spec and forwarded to the kernel as-is.
+     *   - `input.metadata` (when own-present, value not undefined):
+     *     non-null, non-array object.
+     *
+     * **Response-shape validation** (P2 hardening; symmetric defense on
+     * response side via the `objectHasOwn` snapshot): every documented
+     * `EvidencePack` field is type-checked. Rejects with `AttestryError`
+     * on shape violation.
+     *
+     * @example Minimum viable pack (org-level, no system, no bindings)
+     * ```ts
+     * const pack = await client.evidencePack.create({
+     *   packType: "underwriting_evidence",
+     * });
+     * console.log("created:", pack.id, "status:", pack.status); // "draft"
+     * ```
+     *
+     * @example Annex IV pack scoped to a specific AI system
+     * ```ts
+     * const pack = await client.evidencePack.create({
+     *   packType: "annex_iv",
+     *   systemId: "11111111-1111-1111-1111-111111111111",
+     *   frameworkBindings: [
+     *     { framework: "eu_ai_act", identifier: "Annex.IV.1" },
+     *     { framework: "iso_42001", identifier: "8.2" },
+     *   ],
+     *   metadata: { author: "compliance-bot", version: 1 },
+     * });
+     * ```
+     */
+    create(input: CreateEvidencePackInput, options?: RequestOptions): Promise<EvidencePack>;
+    /**
+     * Retrieve a single evidence pack's metadata together with its full
+     * reperformance-bundle list. Wraps `GET /api/v1/evidence-packs/{id}`.
+     *
+     * **Anti-enumeration 404**: a pack that doesn't exist OR exists in a
+     * different org surfaces as `AttestryAPIError` with `status === 404`
+     * and a generic "pack not found" message (faithful courier — the
+     * kernel `getEvidencePack` query intentionally collapses cross-org
+     * and missing to the same response).
+     *
+     * Errors — ordered by kernel firing precedence. The kernel route at
+     * `src/app/api/v1/evidence-packs/[id]/route.ts` validates the URL-path
+     * UUID BEFORE the auth check, so a malformed path UUID surfaces as 400
+     * BEFORE 401/403 (same ordering as `addBundle`):
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed UUID in
+     *     the path (kernel `packPathParamsSchema` Zod rejection).
+     *     **Fires BEFORE auth.** The SDK pre-validates the UUID format so
+     *     this surface is only reachable via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / wrong
+     *     permission (`READ_ASSESSMENTS`).
+     *   - `AttestryAPIError` (status 404) — pack missing OR cross-org.
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — kernel response shape
+     *     violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty string;
+     *     matching `UUID_REGEX`.
+     *
+     * **Response-shape validation** (P2 hardening): `pack` field is a
+     * full `EvidencePack`; `bundles` field is an array of
+     * `ReperformanceBundle` (per-element shape validated).
+     *
+     * @example
+     * ```ts
+     * const { pack, bundles } = await client.evidencePack.get({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     * });
+     * console.log(`${pack.packType} pack, status: ${pack.status}`);
+     * console.log(`${bundles.length} bundles attached`);
+     * ```
+     */
+    get(input: GetEvidencePackInput, options?: RequestOptions): Promise<GetEvidencePackResponse>;
+    /**
+     * List the authenticated organization's evidence packs, newest first.
+     * Wraps `GET /api/v1/evidence-packs`.
+     *
+     * **Single page per call** (DEV-63). Pass `response.nextCursor` back
+     * as `cursor` to fetch the next page; `nextCursor: null` means no
+     * more pages. The kernel pages by tuple comparison over
+     * `(created_at DESC, id DESC)` so same-microsecond timestamps do
+     * not skip rows.
+     *
+     * **Filters are AND-combined kernel-side**. Omitting all filters
+     * lists the entire org's packs (newest first). Empty `cursor` (`""`)
+     * is rejected by the SDK; pass `undefined` (or omit the field) for
+     * the first page.
+     *
+     * Errors — ordered by kernel firing precedence:
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / wrong
+     *     permission (`READ_ASSESSMENTS`).
+     *   - `AttestryAPIError` (status 400) — a length-valid but
+     *     UNDECODABLE `cursor` (`details.code` ===
+     *     `"evidence_pack.invalid_cursor"`). NOTE: a `cursor` that fails
+     *     the kernel's Zod length cap (>500 chars) fires EARLIER as 422
+     *     (below), not 400 — the 400 path is reached only after the query
+     *     schema accepts the cursor's shape. Since the SDK treats `cursor`
+     *     as opaque (caller passes back `nextCursor` verbatim), neither is
+     *     reachable with a kernel-issued cursor.
+     *   - `AttestryAPIError` (status 422) — Zod query-param validation
+     *     failed, INCLUDING an over-long (>500-char) `cursor`
+     *     (`details.code` === `"evidence_pack.validation_failed"`).
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — response-shape violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input` (optional): if provided, non-null, non-array object.
+     *   - `input.systemId` (when own-present): UUID format.
+     *   - `input.packType` (when own-present): member of `PACK_TYPES`.
+     *   - `input.status` (when own-present): member of `PACK_STATUSES`.
+     *   - `input.limit` (when own-present): `Number.isInteger`, range
+     *     [1, 200] inclusive. Mirrors kernel `.int().min(1).max(200)`.
+     *   - `input.cursor` (when own-present): non-empty string.
+     *
+     * @example First page, all filters omitted
+     * ```ts
+     * const { items, nextCursor } = await client.evidencePack.list();
+     * for (const pack of items) {
+     *   console.log(pack.id, pack.packType, pack.status);
+     * }
+     * if (nextCursor) {
+     *   const next = await client.evidencePack.list({ cursor: nextCursor });
+     * }
+     * ```
+     *
+     * @example Filter by system + status + cap to 25
+     * ```ts
+     * const draft = await client.evidencePack.list({
+     *   systemId: "11111111-1111-1111-1111-111111111111",
+     *   status: "draft",
+     *   limit: 25,
+     * });
+     * ```
+     */
+    list(input?: ListEvidencePacksInput, options?: RequestOptions): Promise<ListEvidencePacksResponse>;
+    /**
+     * Append a reperformance bundle to an existing **draft** evidence
+     * pack. Wraps `POST /api/v1/evidence-packs/{id}/bundles`.
+     *
+     * The kernel recomputes the pack's `content_hash` after the append
+     * and returns the updated pack alongside the new bundle. A
+     * `hashCollision` flag is set when the new `(inputs_hash,
+     * outputs_hash)` tuple matches any existing bundle on the SAME pack
+     * — flagged but NOT blocked (P1.2 DEV-17, faithful courier).
+     *
+     * **State invariant**: the pack must be in `draft` status. A
+     * non-draft pack (`signed`, `superseded`, `revoked`, `expired`)
+     * rejects with `AttestryAPIError` status 409 (`details.code` ===
+     * `"evidence_pack.invalid_state"`; `details.currentStatus` carries
+     * the pack's current state).
+     *
+     * **Method name `addBundle`** — see resource header for the
+     * `addBundle` vs `appendBundle` decision.
+     *
+     * **Idempotency**: same carry-forward as `create` — the kernel
+     * accepts `Idempotency-Key` but the SDK doesn't expose the header
+     * in P1.6.
+     *
+     * Errors — ordered by kernel firing precedence. The kernel route at
+     * `src/app/api/v1/evidence-packs/[id]/bundles/route.ts` validates the
+     * URL-path UUID BEFORE the auth check, so a malformed path UUID
+     * surfaces as 400 BEFORE 401/403. Body-parse 400s and idempotency-
+     * key 400s fire AFTER auth (matches the `get` JSDoc shape):
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed
+     *     URL-path packId. **Fires BEFORE auth** (the kernel
+     *     `packPathParamsSchema.safeParse` runs first). The SDK
+     *     pre-validates the path UUID so this surface is only reachable
+     *     via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / wrong
+     *     permission (`WRITE_ASSESSMENTS`).
+     *   - `AttestryAPIError` (status 400 — JSON parse / idempotency-key
+     *     format) — malformed JSON body OR malformed `Idempotency-Key`
+     *     header. **Fires AFTER auth** (the kernel parses these after
+     *     `requireSessionOrApiKey` resolves).
+     *   - `AttestryAPIError` (status 404) — pack missing OR cross-org.
+     *   - `AttestryAPIError` (status 409) — invalid state (carries
+     *     `details.currentStatus`) OR idempotency conflict.
+     *   - `AttestryAPIError` (status 413) — canonical bundle list >
+     *     256 KiB (kernel `PayloadTooLargeError`).
+     *   - `AttestryAPIError` (status 422) — Zod validation failed.
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — response-shape violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty UUID string.
+     *   - `input.traceContent`: required own-property; array of length
+     *     ≤1000. Per-entry shape is open-spec (kernel deep-validates).
+     *   - `input.inputsHash`: required own-property; non-empty string;
+     *     length ≤500.
+     *   - `input.outputsHash`: required own-property; non-empty string;
+     *     length ≤500.
+     *   - `input.modelBehaviorLog` (when own-present): non-null,
+     *     non-array object. Inner shape open-spec.
+     *   - `input.corroborationResults` (when own-present): non-null,
+     *     non-array object. Inner shape open-spec.
+     *   - `input.storageUri` (when own-present): non-empty string;
+     *     length ≤2000. Scheme validation kernel-authoritative.
+     *   - `input.metadata` (when own-present): non-null, non-array
+     *     object.
+     *
+     * **Response-shape validation** (P2 hardening): `bundle` is a
+     * `ReperformanceBundle`; `pack` is an `EvidencePack`; `hashCollision`
+     * is the 3-field `HashCollision` block.
+     *
+     * @example Append a bundle to a draft pack
+     * ```ts
+     * const { bundle, pack, hashCollision } = await client.evidencePack.addBundle({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     *   traceContent: [
+     *     { action: "ingest", timestamp: "2026-05-18T12:00:00Z" },
+     *     { action: "extract", timestamp: "2026-05-18T12:00:01Z" },
+     *   ],
+     *   inputsHash:  "sha256:0000000000000000000000000000000000000000000000000000000000000000",
+     *   outputsHash: "sha256:1111111111111111111111111111111111111111111111111111111111111111",
+     * });
+     * console.log(`appended bundle ${bundle.id}; pack hash now ${pack.contentHash}`);
+     * if (hashCollision.detected) {
+     *   console.warn(`duplicate bundle — ${hashCollision.count} prior matches`);
+     * }
+     * ```
+     */
+    addBundle(input: AddBundleInput, options?: RequestOptions): Promise<AddBundleResponse>;
+    /**
+     * Sign a draft evidence pack, transitioning it `draft → signed` and
+     * finalizing it into an auditor-visible compliance artifact. Wraps
+     * `POST /api/v1/evidence-packs/{id}/sign`.
+     *
+     * The kernel recomputes the pack's `content_hash` over its current
+     * bundle list on sign (never trusting the stored column), writes
+     * `signed_at` + `signed_by_user_id` + (when provided)
+     * `attestation_certificate_id`, and appends an `evidence_pack.signed`
+     * audit-log entry — all atomic inside one per-org-locked transaction.
+     *
+     * **Auth: ADMIN-only** — the kernel gates `sessionRoles:['admin']` +
+     * `apiKeyPermissions:[ADMIN]`. A non-admin key → 403.
+     *
+     * **Empty-pack guard**: signing a pack with no bundles → 409 with
+     * `details.code === "evidence_pack.empty"` (a dedicated `EmptyPackError`,
+     * NOT `InvalidStateError` — so it carries NO `currentStatus`; the pack
+     * IS in the right `draft` pre-sign state, it just has nothing to sign).
+     *
+     * **Idempotency**: the kernel does NOT honor `Idempotency-Key` on sign
+     * (a replay 409s with `currentStatus='signed'`); the SDK sends none.
+     *
+     * Errors — ordered by kernel firing precedence. The route validates the
+     * URL-path UUID via `packPathParamsSchema.safeParse` BEFORE
+     * `requireSessionOrApiKey`, so a malformed path UUID surfaces as 400
+     * BEFORE 401/403:
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed URL-path
+     *     packId. **Fires BEFORE auth.** The SDK pre-validates the UUID, so
+     *     this surface is only reachable via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / key is not
+     *     ADMIN.
+     *   - `AttestryAPIError` (status 400 — JSON parse) — malformed body.
+     *     **Fires AFTER auth.**
+     *   - `AttestryAPIError` (status 422) — Zod validation failed
+     *     (`details.code === "evidence_pack.validation_failed"`).
+     *   - `AttestryAPIError` (status 404) — pack missing OR cross-org OR
+     *     (when an `attestationCertificateId` is supplied) the cert is
+     *     missing / cross-org / cross-system (anti-enumeration — same
+     *     "pack not found" message).
+     *   - `AttestryAPIError` (status 409) — `InvalidStateError` (pack not in
+     *     `draft`; `details.currentStatus` carries the state) OR
+     *     `EmptyPackError` (`details.code === "evidence_pack.empty"`).
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — response-shape violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty UUID string.
+     *   - `input.attestationCertificateId` (when own-present): UUID format.
+     *
+     * **Response-shape validation** (P2 hardening): the signed `EvidencePack`.
+     *
+     * @example
+     * ```ts
+     * const signed = await client.evidencePack.sign({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     * });
+     * console.log(signed.status, signed.contentHash); // "signed", "sha256:..."
+     * ```
+     */
+    sign(input: SignEvidencePackInput, options?: RequestOptions): Promise<EvidencePack>;
+    /**
+     * Supersede a signed evidence pack: transitions the old pack
+     * `signed → superseded` and creates a NEW draft pack linked to it
+     * (`parent_pack_id = oldPackId`). Wraps
+     * `POST /api/v1/evidence-packs/{id}/supersede`.
+     *
+     * Both packs are returned (`{newPack, oldPack}`, HTTP 201). The two
+     * operations + the audit-log entry commit atomically inside one
+     * per-org-locked transaction.
+     *
+     * **Auth**: WRITE_ASSESSMENTS (NOT admin — supersede is a normal write).
+     *
+     * **`newPack` includes `consumerHints`** (unlike `create`, which omits
+     * it) — mirroring the kernel `supersedeNewPackPayloadSchema` and the
+     * P1.7 MCP supersede tool.
+     *
+     * **Idempotency**: the kernel route honors `Idempotency-Key` on
+     * supersede, but the SDK does NOT send it (R-2 carry-forward — same as
+     * `create` / `addBundle`). Consumers needing safe retry today should
+     * dedupe client-side.
+     *
+     * Errors — ordered by kernel firing precedence (path-uuid 400 BEFORE
+     * auth). The SDK does not send `Idempotency-Key`, so the idempotency-
+     * format-400 / idempotency-conflict-409 surfaces are unreachable from
+     * the SDK:
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed URL-path
+     *     packId. **Fires BEFORE auth.** Reachable only via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / lacks
+     *     WRITE_ASSESSMENTS.
+     *   - `AttestryAPIError` (status 400 — JSON parse) — malformed body.
+     *   - `AttestryAPIError` (status 422) — Zod validation failed on
+     *     `newPack` (`details.code === "evidence_pack.validation_failed"`).
+     *   - `AttestryAPIError` (status 404) — old pack missing OR cross-org.
+     *   - `AttestryAPIError` (status 409) — `InvalidStateError` (old pack not
+     *     in `signed` state; `details.currentStatus` carries the state).
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — response-shape violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty UUID string.
+     *   - `input.newPack`: required own-property; non-null, non-array object.
+     *   - `input.newPack.packType`: required; member of `PACK_TYPES`.
+     *   - `input.newPack.systemId` (when own-present): UUID format.
+     *   - `input.newPack.frameworkBindings` (when own-present): array of
+     *     length ≤50. Per-entry shape is open-spec (kernel deep-validates).
+     *   - `input.newPack.consumerHints` (when own-present): non-null,
+     *     non-array object. Inner shape open-spec (kernel deep-validates).
+     *   - `input.newPack.metadata` (when own-present): non-null, non-array
+     *     object.
+     *
+     * **Response-shape validation** (P2 hardening): `newPack` and `oldPack`
+     * are each a full `EvidencePack`.
+     *
+     * @example
+     * ```ts
+     * const { newPack, oldPack } = await client.evidencePack.supersede({
+     *   packId: "11111111-1111-1111-1111-111111111111", // the signed pack
+     *   newPack: {
+     *     packType: "annex_iv",
+     *     frameworkBindings: [{ framework: "eu_ai_act", identifier: "Annex.IV.1" }],
+     *   },
+     * });
+     * console.log(oldPack.status, newPack.status); // "superseded", "draft"
+     * console.log(newPack.parentPackId === oldPack.id); // true
+     * ```
+     */
+    supersede(input: SupersedeEvidencePackInput, options?: RequestOptions): Promise<SupersedeEvidencePackResponse>;
+    /**
+     * Revoke a signed evidence pack, transitioning it `signed → revoked`
+     * and blocking future verification. Wraps
+     * `POST /api/v1/evidence-packs/{id}/revoke`.
+     *
+     * **No cascade** — revoking a pack does NOT touch its children or the
+     * supersession-chain neighbour. Revocation is intentionally NOT
+     * idempotent: a second revoke 409s (auditors care about the difference
+     * between "revoked once" and "revoked again"; the first is canonical).
+     *
+     * **Auth: ADMIN-only** — the kernel gates `sessionRoles:['admin']` +
+     * `apiKeyPermissions:[ADMIN]`. A non-admin key → 403.
+     *
+     * Optional `reason` (≤500 chars) is recorded verbatim in the pack's
+     * audit-log entry for compliance investigators.
+     *
+     * Errors — ordered by kernel firing precedence (path-uuid 400 BEFORE
+     * auth):
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed URL-path
+     *     packId. **Fires BEFORE auth.** Reachable only via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / not ADMIN.
+     *   - `AttestryAPIError` (status 400 — JSON parse) — malformed body.
+     *   - `AttestryAPIError` (status 422) — Zod validation failed
+     *     (`details.code === "evidence_pack.validation_failed"`).
+     *   - `AttestryAPIError` (status 404) — pack missing OR cross-org.
+     *   - `AttestryAPIError` (status 409) — `InvalidStateError` (pack not in
+     *     `signed` state, e.g. already revoked / still draft / superseded;
+     *     `details.currentStatus` carries the state).
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryError` (P2 hardening) — response-shape violation.
+     *   - `AttestryAPIError` (P3 hardening) — non-JSON response.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty UUID string.
+     *   - `input.reason` (when own-present): non-empty string; length ≤500.
+     *
+     * **Response-shape validation** (P2 hardening): the revoked `EvidencePack`.
+     *
+     * @example
+     * ```ts
+     * const revoked = await client.evidencePack.revoke({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     *   reason: "superseding control framework updated; pack no longer valid",
+     * });
+     * console.log(revoked.status); // "revoked"
+     * ```
+     */
+    revoke(input: RevokeEvidencePackInput, options?: RequestOptions): Promise<EvidencePack>;
+    /**
+     * Export an evidence pack as a downloadable artifact. Wraps
+     * `GET /api/v1/evidence-packs/{id}/export?format={json|pdf|zip}`.
+     *
+     * **Returns a non-JSON artifact** (P1.8 DEV-73). Unlike every other
+     * method, the kernel export route returns the RAW artifact on success
+     * (NOT the `{success,data}` envelope) with a download
+     * `Content-Disposition` header. This method therefore routes through the
+     * streaming transport and returns an {@link EvidencePackExportResult}
+     * wrapping the **un-consumed** `Response`:
+     *
+     *   - `json` → `await result.response.json()` yields the artifact
+     *     `{export:{format,generatedAt,schemaVersion:"evidence-pack-export.v1"},
+     *     pack, bundles}`.
+     *   - `pdf`  → `await result.response.arrayBuffer()` yields the PDF bytes.
+     *   - `zip`  → `result.response.body` is a `ReadableStream<Uint8Array>`
+     *     (stream it to disk for large packs), or `await result.response.blob()`.
+     *
+     * The transport has already verified the HTTP status (a non-2xx threw
+     * `AttestryAPIError` — NOT a stream/parse crash) and that the response's
+     * `Content-Type` MIME matches the requested format. The SDK does NOT
+     * consume or `validatePack` the artifact body — faithful courier (same
+     * discipline as `decisions.export` / `auditLog.export`).
+     *
+     * **Auth**: READ_ASSESSMENTS. **Revoked packs are exportable** (the
+     * artifact carries `status:'revoked'` verbatim — no filtering).
+     *
+     * **No internal timeout** — the streaming transport does not arm the
+     * 30s default (a large zip can take longer). Pass `options.signal` from
+     * your own `AbortController` to bound the duration.
+     *
+     * Errors — ordered by kernel firing precedence. **The query-schema parse
+     * runs BEFORE auth** in this route, so an absent/unknown `format` 422s
+     * BEFORE 401/403:
+     *   - `AttestryAPIError` (status 429) — rate limit (auto-retried).
+     *   - `AttestryAPIError` (status 400 — path UUID) — malformed URL-path
+     *     packId. **Fires BEFORE auth.** Reachable only via SDK rule changes.
+     *   - `AttestryAPIError` (status 422) — absent / unknown `format`
+     *     (`details.code === "evidence_pack.validation_failed"`). **Fires
+     *     BEFORE auth.** The SDK pre-validates `format`, so reachable only
+     *     via SDK rule changes.
+     *   - `AttestryAPIError` (status 401 / 403) — auth missing / lacks
+     *     READ_ASSESSMENTS.
+     *   - `AttestryAPIError` (status 404) — pack missing OR cross-org.
+     *   - `AttestryAPIError` (status 500) — internal kernel error.
+     *   - `AttestryError` ("request aborted by caller") — abort.
+     *   - `AttestryAPIError` (transport guard) — a 2xx with the wrong
+     *     `Content-Type` for the requested format.
+     *   - `TypeError` (synchronous, no fetch issued) — input failed
+     *     SDK-side validation.
+     *
+     * **SDK-side validation**:
+     *   - `input`: required; non-null, non-array object.
+     *   - `input.packId`: required own-property; non-empty UUID string.
+     *   - `input.format`: required own-property; member of `EXPORT_FORMATS`.
+     *
+     * @example Stream a zip export to disk (Node)
+     * ```ts
+     * import { Writable } from "node:stream";
+     * const { response } = await client.evidencePack.export({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     *   format: "zip",
+     * });
+     * await response.body!.pipeTo(Writable.toWeb(fs.createWriteStream("pack.zip")));
+     * ```
+     *
+     * @example Read the JSON artifact for offline content-hash re-verification
+     * ```ts
+     * const { response } = await client.evidencePack.export({
+     *   packId: "11111111-1111-1111-1111-111111111111",
+     *   format: "json",
+     * });
+     * const artifact = await response.json(); // {export, pack, bundles}
+     * ```
+     */
+    export(input: ExportEvidencePackInput, options?: RequestOptions): Promise<EvidencePackExportResult>;
+}
+//# sourceMappingURL=evidence-pack.d.ts.map