@axtary/actionpass 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,6 +1,18 @@
1
1
  import { type CryptoKey, type JWK, type KeyObject } from "jose";
2
2
  import { z } from "zod";
3
+ import { type ActionPassStatusClaim } from "./status-list.js";
4
+ import { type ActionProvenance } from "./provenance.js";
5
+ import { type PolicyDecisionExplanation } from "./explain.js";
6
+ export * from "./caep.js";
7
+ export * from "./dev-key.js";
8
+ export * from "./explain.js";
9
+ export * from "./postgres.js";
10
+ export * from "./provenance.js";
11
+ export * from "./status-list.js";
3
12
  export declare const ACTION_SCHEMA_VERSION = "axtary.action.v0";
13
+ export declare const ACTIONPASS_V0_VERSION = "axtary.actionpass.v0";
14
+ export declare const ACTIONPASS_V1_VERSION = "axtary.actionpass.v1";
15
+ export declare const ACTIONPASS_V2_VERSION = "axtary.actionpass.v2";
4
16
  export declare const ACTIONPASS_VERSION = "axtary.actionpass.v0";
5
17
  export declare const APPROVAL_ARTIFACT_VERSION = "axtary.approval.v0";
6
18
  export declare const ACTIONPASS_REVOCATION_VERSION = "axtary.actionpass_revocation.v0";
@@ -10,9 +22,25 @@ export declare const LEDGER_PROVIDER_EVIDENCE_VERSION = "axtary.ledger_provider_
10
22
  export declare const LEDGER_EXECUTION_OUTCOME_VERSION = "axtary.ledger_execution_outcome.v0";
11
23
  export declare const DEFAULT_EXPIRES_IN_SECONDS = 600;
12
24
  export declare const DEFAULT_SIGNING_ALGORITHM = "ES256";
25
+ export declare const DPOP_PROOF_TYP = "dpop+jwt";
26
+ export declare const DEFAULT_DPOP_MAX_AGE_SECONDS = 60;
27
+ export declare const DEFAULT_DPOP_CLOCK_SKEW_SECONDS = 5;
13
28
  export type JsonValue = string | number | boolean | null | JsonValue[] | {
14
29
  [key: string]: JsonValue;
15
30
  };
31
+ export declare const BudgetAmountSchema: z.ZodRecord<z.ZodString, z.ZodNumber>;
32
+ export type BudgetAmount = z.infer<typeof BudgetAmountSchema>;
33
+ export declare const ActionBudgetSchema: z.ZodObject<{
34
+ reservationId: z.ZodString;
35
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
36
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
37
+ commitStatus: z.ZodEnum<{
38
+ pending: "pending";
39
+ committed: "committed";
40
+ rolled_back: "rolled_back";
41
+ }>;
42
+ }, z.core.$strip>;
43
+ export type ActionBudget = z.infer<typeof ActionBudgetSchema>;
16
44
  export declare const AxtaryDecisionSchema: z.ZodEnum<{
17
45
  allow: "allow";
18
46
  deny: "deny";
@@ -42,15 +70,45 @@ export declare const NormalizedActionSchema: z.ZodObject<{
42
70
  serverIdentity: z.ZodString;
43
71
  schemaVersion: z.ZodString;
44
72
  definitionHash: z.ZodString;
73
+ publisher: z.ZodOptional<z.ZodString>;
74
+ publisherKeyId: z.ZodOptional<z.ZodString>;
75
+ semver: z.ZodOptional<z.ZodString>;
76
+ priorDefinitionHash: z.ZodOptional<z.ZodString>;
77
+ }, z.core.$strip>>;
78
+ provenance: z.ZodOptional<z.ZodObject<{
79
+ schemaVersion: z.ZodDefault<z.ZodLiteral<"axtary.provenance.v0">>;
80
+ sources: z.ZodArray<z.ZodObject<{
81
+ id: z.ZodString;
82
+ kind: z.ZodEnum<{
83
+ unknown: "unknown";
84
+ task: "task";
85
+ operator: "operator";
86
+ document: "document";
87
+ tool_output: "tool_output";
88
+ connector: "connector";
89
+ }>;
90
+ integrity: z.ZodEnum<{
91
+ unknown: "unknown";
92
+ trusted: "trusted";
93
+ untrusted: "untrusted";
94
+ }>;
95
+ resource: z.ZodOptional<z.ZodString>;
96
+ observedAt: z.ZodOptional<z.ZodString>;
97
+ }, z.core.$strip>>;
98
+ bindings: z.ZodArray<z.ZodObject<{
99
+ path: z.ZodString;
100
+ sourceIds: z.ZodArray<z.ZodString>;
101
+ }, z.core.$strip>>;
45
102
  }, z.core.$strip>>;
46
103
  budget: z.ZodOptional<z.ZodObject<{
47
- reservationId: z.ZodOptional<z.ZodString>;
48
- limit: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
49
- commitStatus: z.ZodOptional<z.ZodEnum<{
104
+ reservationId: z.ZodString;
105
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
106
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
107
+ commitStatus: z.ZodEnum<{
50
108
  pending: "pending";
51
109
  committed: "committed";
52
110
  rolled_back: "rolled_back";
53
- }>>;
111
+ }>;
54
112
  }, z.core.$strip>>;
55
113
  }, z.core.$strip>;
56
114
  export type NormalizedAction = z.infer<typeof NormalizedActionSchema>;
@@ -72,6 +130,29 @@ export declare const PolicyDecisionSchema: z.ZodObject<{
72
130
  maxFilesChanged: z.ZodNumber;
73
131
  blockedPaths: z.ZodArray<z.ZodString>;
74
132
  }, z.core.$strip>;
133
+ rule: z.ZodOptional<z.ZodObject<{
134
+ id: z.ZodString;
135
+ matchedRuleIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
136
+ }, z.core.$strip>>;
137
+ obligations: z.ZodOptional<z.ZodObject<{
138
+ requiredApproverRoles: z.ZodDefault<z.ZodArray<z.ZodString>>;
139
+ timeWindow: z.ZodOptional<z.ZodObject<{
140
+ startHourUtc: z.ZodNumber;
141
+ endHourUtc: z.ZodNumber;
142
+ daysOfWeek: z.ZodDefault<z.ZodArray<z.ZodNumber>>;
143
+ }, z.core.$strip>>;
144
+ rateLimit: z.ZodOptional<z.ZodObject<{
145
+ ruleId: z.ZodString;
146
+ maxActions: z.ZodNumber;
147
+ windowSeconds: z.ZodNumber;
148
+ scope: z.ZodEnum<{
149
+ resource: "resource";
150
+ actor: "actor";
151
+ tenant: "tenant";
152
+ tool: "tool";
153
+ }>;
154
+ }, z.core.$strip>>;
155
+ }, z.core.$strip>>;
75
156
  }, z.core.$strip>;
76
157
  export type PolicyDecision = z.infer<typeof PolicyDecisionSchema>;
77
158
  export type ActionPassDecision = PolicyDecision;
@@ -82,6 +163,7 @@ export declare const ApprovalSchema: z.ZodObject<{
82
163
  policy_override: "policy_override";
83
164
  }>;
84
165
  approvedBy: z.ZodOptional<z.ZodString>;
166
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
85
167
  approvalArtifact: z.ZodOptional<z.ZodString>;
86
168
  approvalArtifactHash: z.ZodOptional<z.ZodString>;
87
169
  actionHash: z.ZodOptional<z.ZodString>;
@@ -97,6 +179,7 @@ export declare const ApprovalArtifactSchema: z.ZodObject<{
97
179
  policy_override: "policy_override";
98
180
  }>;
99
181
  approvedBy: z.ZodString;
182
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
100
183
  approvedAt: z.ZodString;
101
184
  actionHash: z.ZodString;
102
185
  payloadHash: z.ZodString;
@@ -107,8 +190,159 @@ export declare const ApprovalArtifactSchema: z.ZodObject<{
107
190
  expiresAt: z.ZodOptional<z.ZodString>;
108
191
  }, z.core.$strip>;
109
192
  export type ApprovalArtifact = z.infer<typeof ApprovalArtifactSchema>;
110
- export declare const ActionPassClaimsSchema: z.ZodObject<{
193
+ export declare const ActionPassV0ClaimsSchema: z.ZodObject<{
194
+ iss: z.ZodString;
195
+ sub: z.ZodString;
196
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
197
+ exp: z.ZodNumber;
198
+ nbf: z.ZodNumber;
199
+ iat: z.ZodNumber;
200
+ jti: z.ZodString;
201
+ tenant: z.ZodString;
202
+ humanOwner: z.ZodString;
203
+ agentRuntime: z.ZodString;
204
+ intent: z.ZodObject<{
205
+ taskId: z.ZodString;
206
+ declaredGoal: z.ZodString;
207
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
208
+ }, z.core.$strip>;
209
+ capability: z.ZodObject<{
210
+ tool: z.ZodString;
211
+ resource: z.ZodString;
212
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
213
+ }, z.core.$strip>;
214
+ decision: z.ZodEnum<{
215
+ allow: "allow";
216
+ deny: "deny";
217
+ step_up: "step_up";
218
+ }>;
219
+ reasons: z.ZodArray<z.ZodString>;
220
+ policy: z.ZodObject<{
221
+ nativeRule: z.ZodString;
222
+ version: z.ZodString;
223
+ cedarCompatible: z.ZodBoolean;
224
+ opaCompatible: z.ZodBoolean;
225
+ }, z.core.$strip>;
226
+ payloadHash: z.ZodString;
227
+ provenanceHash: z.ZodOptional<z.ZodString>;
228
+ budget: z.ZodOptional<z.ZodObject<{
229
+ reservationId: z.ZodString;
230
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
231
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
232
+ commitStatus: z.ZodEnum<{
233
+ pending: "pending";
234
+ committed: "committed";
235
+ rolled_back: "rolled_back";
236
+ }>;
237
+ }, z.core.$strip>>;
238
+ approval: z.ZodOptional<z.ZodObject<{
239
+ mode: z.ZodEnum<{
240
+ none: "none";
241
+ human: "human";
242
+ policy_override: "policy_override";
243
+ }>;
244
+ approvedBy: z.ZodOptional<z.ZodString>;
245
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
246
+ approvalArtifact: z.ZodOptional<z.ZodString>;
247
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
248
+ actionHash: z.ZodOptional<z.ZodString>;
249
+ payloadHash: z.ZodOptional<z.ZodString>;
250
+ approvedAt: z.ZodOptional<z.ZodString>;
251
+ }, z.core.$strip>>;
252
+ audit: z.ZodObject<{
253
+ traceId: z.ZodString;
254
+ parentPassId: z.ZodNullable<z.ZodString>;
255
+ ledgerHash: z.ZodNullable<z.ZodString>;
256
+ }, z.core.$strip>;
111
257
  apv: z.ZodLiteral<"axtary.actionpass.v0">;
258
+ }, z.core.$strip>;
259
+ export declare const ActionPassV1ClaimsSchema: z.ZodObject<{
260
+ cnf: z.ZodObject<{
261
+ jkt: z.ZodString;
262
+ }, z.core.$strip>;
263
+ delegation: z.ZodOptional<z.ZodObject<{
264
+ depth: z.ZodNumber;
265
+ rootPassId: z.ZodString;
266
+ }, z.core.$strip>>;
267
+ iss: z.ZodString;
268
+ sub: z.ZodString;
269
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
270
+ exp: z.ZodNumber;
271
+ nbf: z.ZodNumber;
272
+ iat: z.ZodNumber;
273
+ jti: z.ZodString;
274
+ tenant: z.ZodString;
275
+ humanOwner: z.ZodString;
276
+ agentRuntime: z.ZodString;
277
+ intent: z.ZodObject<{
278
+ taskId: z.ZodString;
279
+ declaredGoal: z.ZodString;
280
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
281
+ }, z.core.$strip>;
282
+ capability: z.ZodObject<{
283
+ tool: z.ZodString;
284
+ resource: z.ZodString;
285
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
286
+ }, z.core.$strip>;
287
+ decision: z.ZodEnum<{
288
+ allow: "allow";
289
+ deny: "deny";
290
+ step_up: "step_up";
291
+ }>;
292
+ reasons: z.ZodArray<z.ZodString>;
293
+ policy: z.ZodObject<{
294
+ nativeRule: z.ZodString;
295
+ version: z.ZodString;
296
+ cedarCompatible: z.ZodBoolean;
297
+ opaCompatible: z.ZodBoolean;
298
+ }, z.core.$strip>;
299
+ payloadHash: z.ZodString;
300
+ provenanceHash: z.ZodOptional<z.ZodString>;
301
+ budget: z.ZodOptional<z.ZodObject<{
302
+ reservationId: z.ZodString;
303
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
304
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
305
+ commitStatus: z.ZodEnum<{
306
+ pending: "pending";
307
+ committed: "committed";
308
+ rolled_back: "rolled_back";
309
+ }>;
310
+ }, z.core.$strip>>;
311
+ approval: z.ZodOptional<z.ZodObject<{
312
+ mode: z.ZodEnum<{
313
+ none: "none";
314
+ human: "human";
315
+ policy_override: "policy_override";
316
+ }>;
317
+ approvedBy: z.ZodOptional<z.ZodString>;
318
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
319
+ approvalArtifact: z.ZodOptional<z.ZodString>;
320
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
321
+ actionHash: z.ZodOptional<z.ZodString>;
322
+ payloadHash: z.ZodOptional<z.ZodString>;
323
+ approvedAt: z.ZodOptional<z.ZodString>;
324
+ }, z.core.$strip>>;
325
+ audit: z.ZodObject<{
326
+ traceId: z.ZodString;
327
+ parentPassId: z.ZodNullable<z.ZodString>;
328
+ ledgerHash: z.ZodNullable<z.ZodString>;
329
+ }, z.core.$strip>;
330
+ apv: z.ZodLiteral<"axtary.actionpass.v1">;
331
+ }, z.core.$strip>;
332
+ export declare const ActionPassV2ClaimsSchema: z.ZodObject<{
333
+ cnf: z.ZodObject<{
334
+ jkt: z.ZodString;
335
+ }, z.core.$strip>;
336
+ delegation: z.ZodOptional<z.ZodObject<{
337
+ depth: z.ZodNumber;
338
+ rootPassId: z.ZodString;
339
+ }, z.core.$strip>>;
340
+ status: z.ZodObject<{
341
+ status_list: z.ZodObject<{
342
+ idx: z.ZodNumber;
343
+ uri: z.ZodString;
344
+ }, z.core.$strip>;
345
+ }, z.core.$strip>;
112
346
  iss: z.ZodString;
113
347
  sub: z.ZodString;
114
348
  aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
@@ -142,6 +376,17 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
142
376
  opaCompatible: z.ZodBoolean;
143
377
  }, z.core.$strip>;
144
378
  payloadHash: z.ZodString;
379
+ provenanceHash: z.ZodOptional<z.ZodString>;
380
+ budget: z.ZodOptional<z.ZodObject<{
381
+ reservationId: z.ZodString;
382
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
383
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
384
+ commitStatus: z.ZodEnum<{
385
+ pending: "pending";
386
+ committed: "committed";
387
+ rolled_back: "rolled_back";
388
+ }>;
389
+ }, z.core.$strip>>;
145
390
  approval: z.ZodOptional<z.ZodObject<{
146
391
  mode: z.ZodEnum<{
147
392
  none: "none";
@@ -149,6 +394,7 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
149
394
  policy_override: "policy_override";
150
395
  }>;
151
396
  approvedBy: z.ZodOptional<z.ZodString>;
397
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
152
398
  approvalArtifact: z.ZodOptional<z.ZodString>;
153
399
  approvalArtifactHash: z.ZodOptional<z.ZodString>;
154
400
  actionHash: z.ZodOptional<z.ZodString>;
@@ -160,8 +406,236 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
160
406
  parentPassId: z.ZodNullable<z.ZodString>;
161
407
  ledgerHash: z.ZodNullable<z.ZodString>;
162
408
  }, z.core.$strip>;
409
+ apv: z.ZodLiteral<"axtary.actionpass.v2">;
163
410
  }, z.core.$strip>;
411
+ export declare const ActionPassClaimsSchema: z.ZodUnion<readonly [z.ZodObject<{
412
+ iss: z.ZodString;
413
+ sub: z.ZodString;
414
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
415
+ exp: z.ZodNumber;
416
+ nbf: z.ZodNumber;
417
+ iat: z.ZodNumber;
418
+ jti: z.ZodString;
419
+ tenant: z.ZodString;
420
+ humanOwner: z.ZodString;
421
+ agentRuntime: z.ZodString;
422
+ intent: z.ZodObject<{
423
+ taskId: z.ZodString;
424
+ declaredGoal: z.ZodString;
425
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
426
+ }, z.core.$strip>;
427
+ capability: z.ZodObject<{
428
+ tool: z.ZodString;
429
+ resource: z.ZodString;
430
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
431
+ }, z.core.$strip>;
432
+ decision: z.ZodEnum<{
433
+ allow: "allow";
434
+ deny: "deny";
435
+ step_up: "step_up";
436
+ }>;
437
+ reasons: z.ZodArray<z.ZodString>;
438
+ policy: z.ZodObject<{
439
+ nativeRule: z.ZodString;
440
+ version: z.ZodString;
441
+ cedarCompatible: z.ZodBoolean;
442
+ opaCompatible: z.ZodBoolean;
443
+ }, z.core.$strip>;
444
+ payloadHash: z.ZodString;
445
+ provenanceHash: z.ZodOptional<z.ZodString>;
446
+ budget: z.ZodOptional<z.ZodObject<{
447
+ reservationId: z.ZodString;
448
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
449
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
450
+ commitStatus: z.ZodEnum<{
451
+ pending: "pending";
452
+ committed: "committed";
453
+ rolled_back: "rolled_back";
454
+ }>;
455
+ }, z.core.$strip>>;
456
+ approval: z.ZodOptional<z.ZodObject<{
457
+ mode: z.ZodEnum<{
458
+ none: "none";
459
+ human: "human";
460
+ policy_override: "policy_override";
461
+ }>;
462
+ approvedBy: z.ZodOptional<z.ZodString>;
463
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
464
+ approvalArtifact: z.ZodOptional<z.ZodString>;
465
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
466
+ actionHash: z.ZodOptional<z.ZodString>;
467
+ payloadHash: z.ZodOptional<z.ZodString>;
468
+ approvedAt: z.ZodOptional<z.ZodString>;
469
+ }, z.core.$strip>>;
470
+ audit: z.ZodObject<{
471
+ traceId: z.ZodString;
472
+ parentPassId: z.ZodNullable<z.ZodString>;
473
+ ledgerHash: z.ZodNullable<z.ZodString>;
474
+ }, z.core.$strip>;
475
+ apv: z.ZodLiteral<"axtary.actionpass.v0">;
476
+ }, z.core.$strip>, z.ZodObject<{
477
+ cnf: z.ZodObject<{
478
+ jkt: z.ZodString;
479
+ }, z.core.$strip>;
480
+ delegation: z.ZodOptional<z.ZodObject<{
481
+ depth: z.ZodNumber;
482
+ rootPassId: z.ZodString;
483
+ }, z.core.$strip>>;
484
+ iss: z.ZodString;
485
+ sub: z.ZodString;
486
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
487
+ exp: z.ZodNumber;
488
+ nbf: z.ZodNumber;
489
+ iat: z.ZodNumber;
490
+ jti: z.ZodString;
491
+ tenant: z.ZodString;
492
+ humanOwner: z.ZodString;
493
+ agentRuntime: z.ZodString;
494
+ intent: z.ZodObject<{
495
+ taskId: z.ZodString;
496
+ declaredGoal: z.ZodString;
497
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
498
+ }, z.core.$strip>;
499
+ capability: z.ZodObject<{
500
+ tool: z.ZodString;
501
+ resource: z.ZodString;
502
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
503
+ }, z.core.$strip>;
504
+ decision: z.ZodEnum<{
505
+ allow: "allow";
506
+ deny: "deny";
507
+ step_up: "step_up";
508
+ }>;
509
+ reasons: z.ZodArray<z.ZodString>;
510
+ policy: z.ZodObject<{
511
+ nativeRule: z.ZodString;
512
+ version: z.ZodString;
513
+ cedarCompatible: z.ZodBoolean;
514
+ opaCompatible: z.ZodBoolean;
515
+ }, z.core.$strip>;
516
+ payloadHash: z.ZodString;
517
+ provenanceHash: z.ZodOptional<z.ZodString>;
518
+ budget: z.ZodOptional<z.ZodObject<{
519
+ reservationId: z.ZodString;
520
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
521
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
522
+ commitStatus: z.ZodEnum<{
523
+ pending: "pending";
524
+ committed: "committed";
525
+ rolled_back: "rolled_back";
526
+ }>;
527
+ }, z.core.$strip>>;
528
+ approval: z.ZodOptional<z.ZodObject<{
529
+ mode: z.ZodEnum<{
530
+ none: "none";
531
+ human: "human";
532
+ policy_override: "policy_override";
533
+ }>;
534
+ approvedBy: z.ZodOptional<z.ZodString>;
535
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
536
+ approvalArtifact: z.ZodOptional<z.ZodString>;
537
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
538
+ actionHash: z.ZodOptional<z.ZodString>;
539
+ payloadHash: z.ZodOptional<z.ZodString>;
540
+ approvedAt: z.ZodOptional<z.ZodString>;
541
+ }, z.core.$strip>>;
542
+ audit: z.ZodObject<{
543
+ traceId: z.ZodString;
544
+ parentPassId: z.ZodNullable<z.ZodString>;
545
+ ledgerHash: z.ZodNullable<z.ZodString>;
546
+ }, z.core.$strip>;
547
+ apv: z.ZodLiteral<"axtary.actionpass.v1">;
548
+ }, z.core.$strip>, z.ZodObject<{
549
+ cnf: z.ZodObject<{
550
+ jkt: z.ZodString;
551
+ }, z.core.$strip>;
552
+ delegation: z.ZodOptional<z.ZodObject<{
553
+ depth: z.ZodNumber;
554
+ rootPassId: z.ZodString;
555
+ }, z.core.$strip>>;
556
+ status: z.ZodObject<{
557
+ status_list: z.ZodObject<{
558
+ idx: z.ZodNumber;
559
+ uri: z.ZodString;
560
+ }, z.core.$strip>;
561
+ }, z.core.$strip>;
562
+ iss: z.ZodString;
563
+ sub: z.ZodString;
564
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
565
+ exp: z.ZodNumber;
566
+ nbf: z.ZodNumber;
567
+ iat: z.ZodNumber;
568
+ jti: z.ZodString;
569
+ tenant: z.ZodString;
570
+ humanOwner: z.ZodString;
571
+ agentRuntime: z.ZodString;
572
+ intent: z.ZodObject<{
573
+ taskId: z.ZodString;
574
+ declaredGoal: z.ZodString;
575
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
576
+ }, z.core.$strip>;
577
+ capability: z.ZodObject<{
578
+ tool: z.ZodString;
579
+ resource: z.ZodString;
580
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
581
+ }, z.core.$strip>;
582
+ decision: z.ZodEnum<{
583
+ allow: "allow";
584
+ deny: "deny";
585
+ step_up: "step_up";
586
+ }>;
587
+ reasons: z.ZodArray<z.ZodString>;
588
+ policy: z.ZodObject<{
589
+ nativeRule: z.ZodString;
590
+ version: z.ZodString;
591
+ cedarCompatible: z.ZodBoolean;
592
+ opaCompatible: z.ZodBoolean;
593
+ }, z.core.$strip>;
594
+ payloadHash: z.ZodString;
595
+ provenanceHash: z.ZodOptional<z.ZodString>;
596
+ budget: z.ZodOptional<z.ZodObject<{
597
+ reservationId: z.ZodString;
598
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
599
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
600
+ commitStatus: z.ZodEnum<{
601
+ pending: "pending";
602
+ committed: "committed";
603
+ rolled_back: "rolled_back";
604
+ }>;
605
+ }, z.core.$strip>>;
606
+ approval: z.ZodOptional<z.ZodObject<{
607
+ mode: z.ZodEnum<{
608
+ none: "none";
609
+ human: "human";
610
+ policy_override: "policy_override";
611
+ }>;
612
+ approvedBy: z.ZodOptional<z.ZodString>;
613
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
614
+ approvalArtifact: z.ZodOptional<z.ZodString>;
615
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
616
+ actionHash: z.ZodOptional<z.ZodString>;
617
+ payloadHash: z.ZodOptional<z.ZodString>;
618
+ approvedAt: z.ZodOptional<z.ZodString>;
619
+ }, z.core.$strip>>;
620
+ audit: z.ZodObject<{
621
+ traceId: z.ZodString;
622
+ parentPassId: z.ZodNullable<z.ZodString>;
623
+ ledgerHash: z.ZodNullable<z.ZodString>;
624
+ }, z.core.$strip>;
625
+ apv: z.ZodLiteral<"axtary.actionpass.v2">;
626
+ }, z.core.$strip>]>;
164
627
  export type ActionPassClaims = z.infer<typeof ActionPassClaimsSchema>;
628
+ export type ActionPassV1Claims = z.infer<typeof ActionPassV1ClaimsSchema>;
629
+ export type ActionPassV2Claims = z.infer<typeof ActionPassV2ClaimsSchema>;
630
+ export declare const DpopProofClaimsSchema: z.ZodObject<{
631
+ htm: z.ZodString;
632
+ htu: z.ZodString;
633
+ iat: z.ZodNumber;
634
+ jti: z.ZodString;
635
+ ath: z.ZodString;
636
+ nonce: z.ZodOptional<z.ZodString>;
637
+ }, z.core.$strip>;
638
+ export type DpopProofClaims = z.infer<typeof DpopProofClaimsSchema>;
165
639
  export declare const ActionPassRevocationSchema: z.ZodObject<{
166
640
  schemaVersion: z.ZodLiteral<"axtary.actionpass_revocation.v0">;
167
641
  passId: z.ZodString;
@@ -251,10 +725,12 @@ export declare const LedgerProviderSchema: z.ZodEnum<{
251
725
  slack: "slack";
252
726
  linear: "linear";
253
727
  docs: "docs";
728
+ drive: "drive";
254
729
  mcp: "mcp";
255
730
  aws: "aws";
256
731
  gcp: "gcp";
257
732
  jira: "jira";
733
+ postgres: "postgres";
258
734
  }>;
259
735
  export type LedgerProvider = z.infer<typeof LedgerProviderSchema>;
260
736
  export declare const LedgerProviderEvidenceDiffSchema: z.ZodObject<{
@@ -263,10 +739,12 @@ export declare const LedgerProviderEvidenceDiffSchema: z.ZodObject<{
263
739
  slack: "slack";
264
740
  linear: "linear";
265
741
  docs: "docs";
742
+ drive: "drive";
266
743
  mcp: "mcp";
267
744
  aws: "aws";
268
745
  gcp: "gcp";
269
746
  jira: "jira";
747
+ postgres: "postgres";
270
748
  }>;
271
749
  summary: z.ZodOptional<z.ZodString>;
272
750
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -309,10 +787,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
309
787
  slack: "slack";
310
788
  linear: "linear";
311
789
  docs: "docs";
790
+ drive: "drive";
312
791
  mcp: "mcp";
313
792
  aws: "aws";
314
793
  gcp: "gcp";
315
794
  jira: "jira";
795
+ postgres: "postgres";
316
796
  }>;
317
797
  tool: z.ZodString;
318
798
  operation: z.ZodString;
@@ -322,10 +802,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
322
802
  slack: "slack";
323
803
  linear: "linear";
324
804
  docs: "docs";
805
+ drive: "drive";
325
806
  mcp: "mcp";
326
807
  aws: "aws";
327
808
  gcp: "gcp";
328
809
  jira: "jira";
810
+ postgres: "postgres";
329
811
  }>;
330
812
  kind: z.ZodString;
331
813
  id: z.ZodString;
@@ -344,10 +826,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
344
826
  slack: "slack";
345
827
  linear: "linear";
346
828
  docs: "docs";
829
+ drive: "drive";
347
830
  mcp: "mcp";
348
831
  aws: "aws";
349
832
  gcp: "gcp";
350
833
  jira: "jira";
834
+ postgres: "postgres";
351
835
  }>;
352
836
  summary: z.ZodOptional<z.ZodString>;
353
837
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -378,6 +862,113 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
378
862
  }, z.core.$strip>>;
379
863
  }, z.core.$strip>;
380
864
  export type LedgerProviderEvidence = z.infer<typeof LedgerProviderEvidenceSchema>;
865
+ export type ConnectorProvider = "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "mcp" | "docs" | "drive" | "postgres";
866
+ export type ConnectorCapabilityOperation = "read" | "write" | "external_message" | "identity_read" | "identity_mutation";
867
+ export type ConnectorCapabilityStatus = "supported" | "demo_only" | "planned";
868
+ export type ConnectorCapability = {
869
+ id: string;
870
+ provider: ConnectorProvider;
871
+ connector: string;
872
+ label: string;
873
+ tool: string;
874
+ operation: ConnectorCapabilityOperation;
875
+ status: ConnectorCapabilityStatus;
876
+ supportedModes: string[];
877
+ requiresActionPass: boolean;
878
+ defaultPolicy: "allow" | "deny" | "step_up" | "deny_until_scoped";
879
+ payloadFields: string[];
880
+ approvalTriggers: string[];
881
+ credentialBoundary: string;
882
+ smokeCheck: string | null;
883
+ };
884
+ export type ConnectorProviderMode = "fake" | "rest" | "app" | "web" | "graphql" | "local" | "local-wrapper" | "postgres" | "off" | "planned";
885
+ export declare const GitHubNativeConnectorConfigSchema: z.ZodObject<{
886
+ mode: z.ZodDefault<z.ZodEnum<{
887
+ fake: "fake";
888
+ rest: "rest";
889
+ app: "app";
890
+ }>>;
891
+ tokenEnv: z.ZodDefault<z.ZodString>;
892
+ apiBaseUrl: z.ZodDefault<z.ZodString>;
893
+ userAgent: z.ZodDefault<z.ZodString>;
894
+ appId: z.ZodOptional<z.ZodString>;
895
+ appIdEnv: z.ZodDefault<z.ZodString>;
896
+ installationId: z.ZodOptional<z.ZodString>;
897
+ installationIdEnv: z.ZodDefault<z.ZodString>;
898
+ privateKeyEnv: z.ZodDefault<z.ZodString>;
899
+ }, z.core.$strip>;
900
+ export type GitHubNativeConnectorConfig = z.infer<typeof GitHubNativeConnectorConfigSchema>;
901
+ export declare const DEFAULT_GITHUB_NATIVE_CONNECTOR_CONFIG: GitHubNativeConnectorConfig;
902
+ export declare const LinearNativeConnectorConfigSchema: z.ZodObject<{
903
+ mode: z.ZodDefault<z.ZodEnum<{
904
+ fake: "fake";
905
+ graphql: "graphql";
906
+ }>>;
907
+ tokenEnv: z.ZodDefault<z.ZodString>;
908
+ apiUrl: z.ZodDefault<z.ZodString>;
909
+ }, z.core.$strip>;
910
+ export type LinearNativeConnectorConfig = z.infer<typeof LinearNativeConnectorConfigSchema>;
911
+ export declare const DEFAULT_LINEAR_NATIVE_CONNECTOR_CONFIG: LinearNativeConnectorConfig;
912
+ export declare const JiraNativeConnectorConfigSchema: z.ZodObject<{
913
+ mode: z.ZodDefault<z.ZodEnum<{
914
+ fake: "fake";
915
+ rest: "rest";
916
+ }>>;
917
+ auth: z.ZodDefault<z.ZodEnum<{
918
+ api_token: "api_token";
919
+ oauth: "oauth";
920
+ }>>;
921
+ tokenEnv: z.ZodDefault<z.ZodString>;
922
+ emailEnv: z.ZodDefault<z.ZodString>;
923
+ siteUrl: z.ZodDefault<z.ZodString>;
924
+ cloudId: z.ZodOptional<z.ZodString>;
925
+ cloudIdEnv: z.ZodDefault<z.ZodString>;
926
+ }, z.core.$strip>;
927
+ export type JiraNativeConnectorConfig = z.infer<typeof JiraNativeConnectorConfigSchema>;
928
+ export declare const DEFAULT_JIRA_NATIVE_CONNECTOR_CONFIG: JiraNativeConnectorConfig;
929
+ export declare const PostgresNativeConnectorConfigSchema: z.ZodObject<{
930
+ mode: z.ZodDefault<z.ZodEnum<{
931
+ postgres: "postgres";
932
+ off: "off";
933
+ }>>;
934
+ dsnEnv: z.ZodDefault<z.ZodString>;
935
+ allowedTables: z.ZodDefault<z.ZodArray<z.ZodString>>;
936
+ allowedFunctions: z.ZodDefault<z.ZodArray<z.ZodString>>;
937
+ requireRls: z.ZodDefault<z.ZodBoolean>;
938
+ maxRows: z.ZodDefault<z.ZodNumber>;
939
+ statementTimeoutMs: z.ZodDefault<z.ZodNumber>;
940
+ lockTimeoutMs: z.ZodDefault<z.ZodNumber>;
941
+ idleTransactionTimeoutMs: z.ZodDefault<z.ZodNumber>;
942
+ }, z.core.$strip>;
943
+ export type PostgresNativeConnectorConfig = z.infer<typeof PostgresNativeConnectorConfigSchema>;
944
+ export declare const DEFAULT_POSTGRES_NATIVE_CONNECTOR_CONFIG: PostgresNativeConnectorConfig;
945
+ export declare const DriveNativeConnectorConfigSchema: z.ZodObject<{
946
+ mode: z.ZodDefault<z.ZodEnum<{
947
+ rest: "rest";
948
+ off: "off";
949
+ }>>;
950
+ tokenEnv: z.ZodDefault<z.ZodString>;
951
+ selectedFileId: z.ZodOptional<z.ZodString>;
952
+ apiBaseUrl: z.ZodDefault<z.ZodString>;
953
+ allowedMimeTypes: z.ZodDefault<z.ZodArray<z.ZodString>>;
954
+ maxReadBytes: z.ZodDefault<z.ZodNumber>;
955
+ }, z.core.$strip>;
956
+ export type DriveNativeConnectorConfig = z.infer<typeof DriveNativeConnectorConfigSchema>;
957
+ export declare const DEFAULT_DRIVE_NATIVE_CONNECTOR_CONFIG: DriveNativeConnectorConfig;
958
+ export type NativeConnectorToolDescriptor = {
959
+ capability: ConnectorCapability;
960
+ normalizeEvidence: (action: NormalizedAction, payload: Record<string, JsonValue>) => LedgerProviderEvidence;
961
+ };
962
+ export type NativeConnectorGovernanceDescriptor<TConfig> = {
963
+ provider: ConnectorProvider;
964
+ connector: string;
965
+ mode: ConnectorProviderMode;
966
+ configSchema: z.ZodType<TConfig>;
967
+ defaultConfig: TConfig;
968
+ requiredScopes: readonly string[];
969
+ smokeCheck: string;
970
+ tools: readonly NativeConnectorToolDescriptor[];
971
+ };
381
972
  export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
382
973
  schemaVersion: z.ZodLiteral<"axtary.ledger_execution_outcome.v0">;
383
974
  status: z.ZodEnum<{
@@ -389,10 +980,12 @@ export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
389
980
  slack: "slack";
390
981
  linear: "linear";
391
982
  docs: "docs";
983
+ drive: "drive";
392
984
  mcp: "mcp";
393
985
  aws: "aws";
394
986
  gcp: "gcp";
395
987
  jira: "jira";
988
+ postgres: "postgres";
396
989
  }>>;
397
990
  resultId: z.ZodOptional<z.ZodString>;
398
991
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -403,12 +996,54 @@ export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
403
996
  sideEffectProof: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
404
997
  }, z.core.$strict>;
405
998
  export type LedgerExecutionOutcome = z.infer<typeof LedgerExecutionOutcomeSchema>;
999
+ export declare const DelegationLedgerEdgeSchema: z.ZodObject<{
1000
+ parentPassId: z.ZodString;
1001
+ childPassId: z.ZodString;
1002
+ depth: z.ZodNumber;
1003
+ rootPassId: z.ZodString;
1004
+ }, z.core.$strip>;
1005
+ export type DelegationLedgerEdge = z.infer<typeof DelegationLedgerEdgeSchema>;
1006
+ export declare const BudgetLedgerEventSchema: z.ZodObject<{
1007
+ reservationId: z.ZodNullable<z.ZodString>;
1008
+ scope: z.ZodString;
1009
+ status: z.ZodEnum<{
1010
+ pending: "pending";
1011
+ committed: "committed";
1012
+ rolled_back: "rolled_back";
1013
+ denied: "denied";
1014
+ }>;
1015
+ expiresAt: z.ZodNullable<z.ZodString>;
1016
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
1017
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
1018
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
1019
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1020
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1021
+ }, z.core.$strip>;
1022
+ export type BudgetLedgerEvent = z.infer<typeof BudgetLedgerEventSchema>;
1023
+ export declare const LedgerAuditContextSchema: z.ZodObject<{
1024
+ tenant: z.ZodNullable<z.ZodString>;
1025
+ agentId: z.ZodString;
1026
+ humanOwner: z.ZodString;
1027
+ taskId: z.ZodString;
1028
+ tool: z.ZodString;
1029
+ resource: z.ZodString;
1030
+ }, z.core.$strip>;
1031
+ export type LedgerAuditContext = z.infer<typeof LedgerAuditContextSchema>;
406
1032
  export declare const LedgerRecordSchema: z.ZodObject<{
407
1033
  schemaVersion: z.ZodLiteral<"axtary.ledger.v0">;
408
1034
  id: z.ZodString;
409
1035
  occurredAt: z.ZodString;
1036
+ auditContext: z.ZodOptional<z.ZodObject<{
1037
+ tenant: z.ZodNullable<z.ZodString>;
1038
+ agentId: z.ZodString;
1039
+ humanOwner: z.ZodString;
1040
+ taskId: z.ZodString;
1041
+ tool: z.ZodString;
1042
+ resource: z.ZodString;
1043
+ }, z.core.$strip>>;
410
1044
  actionHash: z.ZodString;
411
1045
  payloadHash: z.ZodString;
1046
+ provenanceHash: z.ZodOptional<z.ZodString>;
412
1047
  decision: z.ZodEnum<{
413
1048
  allow: "allow";
414
1049
  deny: "deny";
@@ -428,10 +1063,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
428
1063
  slack: "slack";
429
1064
  linear: "linear";
430
1065
  docs: "docs";
1066
+ drive: "drive";
431
1067
  mcp: "mcp";
432
1068
  aws: "aws";
433
1069
  gcp: "gcp";
434
1070
  jira: "jira";
1071
+ postgres: "postgres";
435
1072
  }>;
436
1073
  tool: z.ZodString;
437
1074
  operation: z.ZodString;
@@ -441,10 +1078,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
441
1078
  slack: "slack";
442
1079
  linear: "linear";
443
1080
  docs: "docs";
1081
+ drive: "drive";
444
1082
  mcp: "mcp";
445
1083
  aws: "aws";
446
1084
  gcp: "gcp";
447
1085
  jira: "jira";
1086
+ postgres: "postgres";
448
1087
  }>;
449
1088
  kind: z.ZodString;
450
1089
  id: z.ZodString;
@@ -463,10 +1102,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
463
1102
  slack: "slack";
464
1103
  linear: "linear";
465
1104
  docs: "docs";
1105
+ drive: "drive";
466
1106
  mcp: "mcp";
467
1107
  aws: "aws";
468
1108
  gcp: "gcp";
469
1109
  jira: "jira";
1110
+ postgres: "postgres";
470
1111
  }>;
471
1112
  summary: z.ZodOptional<z.ZodString>;
472
1113
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -507,10 +1148,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
507
1148
  slack: "slack";
508
1149
  linear: "linear";
509
1150
  docs: "docs";
1151
+ drive: "drive";
510
1152
  mcp: "mcp";
511
1153
  aws: "aws";
512
1154
  gcp: "gcp";
513
1155
  jira: "jira";
1156
+ postgres: "postgres";
514
1157
  }>>;
515
1158
  resultId: z.ZodOptional<z.ZodString>;
516
1159
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -522,6 +1165,28 @@ export declare const LedgerRecordSchema: z.ZodObject<{
522
1165
  }, z.core.$strict>>;
523
1166
  traceId: z.ZodOptional<z.ZodString>;
524
1167
  actionPassId: z.ZodNullable<z.ZodString>;
1168
+ delegation: z.ZodOptional<z.ZodObject<{
1169
+ parentPassId: z.ZodString;
1170
+ childPassId: z.ZodString;
1171
+ depth: z.ZodNumber;
1172
+ rootPassId: z.ZodString;
1173
+ }, z.core.$strip>>;
1174
+ budget: z.ZodOptional<z.ZodObject<{
1175
+ reservationId: z.ZodNullable<z.ZodString>;
1176
+ scope: z.ZodString;
1177
+ status: z.ZodEnum<{
1178
+ pending: "pending";
1179
+ committed: "committed";
1180
+ rolled_back: "rolled_back";
1181
+ denied: "denied";
1182
+ }>;
1183
+ expiresAt: z.ZodNullable<z.ZodString>;
1184
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
1185
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
1186
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
1187
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1188
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1189
+ }, z.core.$strip>>;
525
1190
  correlationId: z.ZodOptional<z.ZodString>;
526
1191
  previousLedgerHash: z.ZodNullable<z.ZodString>;
527
1192
  ledgerHash: z.ZodString;
@@ -554,11 +1219,30 @@ export type IssueActionPassInput = {
554
1219
  parentPassId?: string | null;
555
1220
  ledgerHash?: string | null;
556
1221
  traceId?: string;
1222
+ passId?: string;
1223
+ };
1224
+ export type IssueActionPassV1Input = IssueActionPassInput & {
1225
+ holderPublicJwk: JWK;
1226
+ delegation?: {
1227
+ depth: number;
1228
+ rootPassId: string;
1229
+ };
1230
+ };
1231
+ export type IssueActionPassV2Input = IssueActionPassV1Input & {
1232
+ status: ActionPassStatusClaim;
557
1233
  };
558
1234
  export type IssueActionPassResult = {
559
1235
  token: string;
560
1236
  claims: ActionPassClaims;
561
1237
  };
1238
+ export type IssueActionPassV1Result = {
1239
+ token: string;
1240
+ claims: ActionPassV1Claims;
1241
+ };
1242
+ export type IssueActionPassV2Result = {
1243
+ token: string;
1244
+ claims: ActionPassV2Claims;
1245
+ };
562
1246
  export type AuthorizeInput = {
563
1247
  action: unknown;
564
1248
  issuer: string;
@@ -590,9 +1274,38 @@ export type VerifyActionPassInput = {
590
1274
  algorithms?: SigningAlgorithm[];
591
1275
  clockTolerance?: string | number;
592
1276
  currentDate?: Date;
1277
+ dpopProof?: string;
1278
+ dpopMethod?: string;
1279
+ dpopUri?: string;
1280
+ dpopNonce?: string;
1281
+ dpopAlgorithms?: SigningAlgorithm[];
1282
+ dpopMaxAgeSeconds?: number;
1283
+ dpopClockSkewSeconds?: number;
1284
+ dpopReplayStore?: DpopReplayStore;
593
1285
  revokedPassIds?: Iterable<string>;
594
1286
  revocations?: Iterable<ActionPassRevocation>;
595
1287
  isRevoked?: (claims: ActionPassClaims) => boolean | string | Promise<boolean | string>;
1288
+ getStatus?: (claims: ActionPassV2Claims) => number | string | Promise<number | string>;
1289
+ };
1290
+ export type ActionPassRevocationSource = Pick<VerifyActionPassInput, "revokedPassIds" | "revocations" | "isRevoked" | "getStatus">;
1291
+ export type CreateDpopProofInput = {
1292
+ actionPass: string;
1293
+ method: string;
1294
+ uri: string;
1295
+ signingKey: SigningKey;
1296
+ publicJwk: JWK;
1297
+ algorithm?: SigningAlgorithm;
1298
+ now?: Date;
1299
+ proofId?: string;
1300
+ nonce?: string;
1301
+ };
1302
+ export type CreateDpopProofResult = {
1303
+ proof: string;
1304
+ claims: DpopProofClaims;
1305
+ jkt: string;
1306
+ };
1307
+ export type DpopReplayStore = {
1308
+ consume(proofId: string, expiresAt: Date, now?: Date): boolean | Promise<boolean>;
596
1309
  };
597
1310
  export type VerifyActionPassResult = {
598
1311
  valid: true;
@@ -602,10 +1315,53 @@ export type VerifyActionPassResult = {
602
1315
  valid: false;
603
1316
  reason: string;
604
1317
  };
1318
+ export type VerifyDelegationChainInput = {
1319
+ /**
1320
+ * Root-to-leaf chain. Every entry is signature/content verified; the leaf
1321
+ * entry must additionally carry a fresh DPoP proof.
1322
+ */
1323
+ chain: VerifyActionPassInput[];
1324
+ currentDate?: Date;
1325
+ /**
1326
+ * One authority-owned source applied to every root-to-leaf member. This is
1327
+ * what makes revoking any ancestor invalidate all descendant presentations.
1328
+ */
1329
+ revocation?: ActionPassRevocationSource;
1330
+ };
1331
+ export type VerifyDelegationChainResult = {
1332
+ valid: true;
1333
+ claims: Array<ActionPassV1Claims | ActionPassV2Claims>;
1334
+ actions: NormalizedAction[];
1335
+ } | {
1336
+ valid: false;
1337
+ reason: string;
1338
+ };
1339
+ export type DelegateActionPassV1Input = Omit<IssueActionPassV1Input, "action" | "decision" | "holderPublicJwk" | "parentPassId" | "delegation"> & {
1340
+ parentChain: VerifyActionPassInput[];
1341
+ childAction: unknown;
1342
+ childDecision: PolicyDecision;
1343
+ childHolderPublicJwk: JWK;
1344
+ revocation?: ActionPassRevocationSource;
1345
+ };
1346
+ export type DelegateActionPassV1Result = IssueActionPassV1Result & {
1347
+ delegation: DelegationLedgerEdge;
1348
+ };
1349
+ export type DelegateActionPassV2Input = Omit<IssueActionPassV2Input, "action" | "decision" | "holderPublicJwk" | "parentPassId" | "delegation" | "status"> & {
1350
+ parentChain: VerifyActionPassInput[];
1351
+ childAction: unknown;
1352
+ childDecision: PolicyDecision;
1353
+ childHolderPublicJwk: JWK;
1354
+ childStatus: ActionPassStatusClaim;
1355
+ revocation?: ActionPassRevocationSource;
1356
+ };
1357
+ export type DelegateActionPassV2Result = IssueActionPassV2Result & {
1358
+ delegation: DelegationLedgerEdge;
1359
+ };
605
1360
  export type CreateApprovalArtifactInput = {
606
1361
  action: unknown;
607
1362
  mode: "human" | "policy_override";
608
1363
  approvedBy: string;
1364
+ approverRoles?: string[];
609
1365
  approvedAt?: Date;
610
1366
  reason?: string;
611
1367
  expiresAt?: Date;
@@ -635,7 +1391,52 @@ export declare function evaluateAction(actionInput: unknown, options?: PolicyOpt
635
1391
  export declare function authorize(input: AuthorizeInput): Promise<AuthorizeResult>;
636
1392
  export declare function createApprovalArtifact(input: CreateApprovalArtifactInput): CreateApprovalArtifactResult;
637
1393
  export declare function issueActionPass(input: IssueActionPassInput): Promise<IssueActionPassResult>;
1394
+ export declare function issueActionPassV1(input: IssueActionPassV1Input): Promise<IssueActionPassV1Result>;
1395
+ export declare function issueActionPassV2(input: IssueActionPassV2Input): Promise<IssueActionPassV2Result>;
1396
+ export declare function delegateActionPassV1(input: DelegateActionPassV1Input): Promise<DelegateActionPassV1Result>;
1397
+ export declare function delegateActionPassV2(input: DelegateActionPassV2Input): Promise<DelegateActionPassV2Result>;
1398
+ export declare function createDpopProof(input: CreateDpopProofInput): Promise<CreateDpopProofResult>;
1399
+ export declare class InMemoryDpopReplayStore implements DpopReplayStore {
1400
+ private readonly entries;
1401
+ consume(proofId: string, expiresAt: Date, currentDate?: Date): boolean;
1402
+ }
1403
+ export type FileDpopReplayStoreOptions = {
1404
+ lock?: {
1405
+ staleMs?: number;
1406
+ updateMs?: number;
1407
+ retries?: number;
1408
+ minTimeoutMs?: number;
1409
+ maxTimeoutMs?: number;
1410
+ };
1411
+ };
1412
+ /**
1413
+ * Durable, inter-process replay store for DPoP proof `jti`s. A proof captured
1414
+ * before a restart stays rejected after restart, for as long as it remains
1415
+ * inside its own time window. Entries live only until their proof expires, so
1416
+ * the on-disk set stays bounded to the in-flight window rather than growing
1417
+ * unboundedly.
1418
+ *
1419
+ * This is a single-file local store, not a cross-host distributed one: it
1420
+ * defends one machine's verifiers (shared across handlers/processes on that
1421
+ * host). Authenticated cross-host distribution is out of scope here.
1422
+ *
1423
+ * Durability mirrors the local ledger: a `proper-lockfile` lease serializes the
1424
+ * read-modify-write so `consume` is atomic across processes, appended lines are
1425
+ * `fsync`ed before the lease releases, and the file is compacted in place once
1426
+ * expired lines outnumber live ones so it cannot grow without bound.
1427
+ */
1428
+ export declare class FileDpopReplayStore implements DpopReplayStore {
1429
+ readonly filePath: string;
1430
+ private readonly options;
1431
+ constructor(filePath: string, options?: FileDpopReplayStoreOptions);
1432
+ consume(proofId: string, expiresAt: Date, currentDate?: Date): Promise<boolean>;
1433
+ private acquireLock;
1434
+ private readLiveEntries;
1435
+ private append;
1436
+ private compact;
1437
+ }
638
1438
  export declare function verifyActionPass(input: VerifyActionPassInput): Promise<VerifyActionPassResult>;
1439
+ export declare function verifyDelegationChain(input: VerifyDelegationChainInput): Promise<VerifyDelegationChainResult>;
639
1440
  export declare function revokeActionPass(input: RevokeActionPassInput): ActionPassRevocation;
640
1441
  export declare class LocalActionPassTrustStore implements ActionPassTrustStore {
641
1442
  readonly filePath: string;
@@ -652,6 +1453,8 @@ export declare function recordDecision(input: {
652
1453
  action: unknown;
653
1454
  decision: PolicyDecision;
654
1455
  actionPassId?: string | null;
1456
+ delegation?: DelegationLedgerEdge;
1457
+ budget?: BudgetLedgerEvent;
655
1458
  previousLedgerHash?: string | null;
656
1459
  occurredAt?: Date;
657
1460
  traceId?: string;
@@ -659,10 +1462,209 @@ export declare function recordDecision(input: {
659
1462
  executionOutcome?: LedgerExecutionOutcome;
660
1463
  correlationId?: string | null;
661
1464
  }): LedgerRecord;
1465
+ /**
1466
+ * Canonical reason token marking a ledger record as the tamper-evident
1467
+ * revocation event for its pass. Matches the forensics `cascade_containment`
1468
+ * convention (spec §9.5) and the trust-store revocation authority (spec §7).
1469
+ */
1470
+ export declare const REVOCATION_LEDGER_REASON = "actionpass_revoked";
1471
+ /**
1472
+ * Build a tamper-evident revocation event for a previously recorded pass. The
1473
+ * event is a `deny` record naming the pass with `actionpass_revoked`, reusing
1474
+ * the revoked record's action/payload hashes, policy, and audit context so the
1475
+ * revocation is bound to the exact action it cancels. It carries no delegation
1476
+ * edge or budget event (those describe the original action, not the
1477
+ * revocation). The durable enforcement authority remains the trust store (§7);
1478
+ * this record is the auditable logbook entry, not the enforcement source.
1479
+ */
1480
+ export declare function recordActionPassRevocationEvent(input: {
1481
+ revokedRecord: LedgerRecord;
1482
+ revokedBy?: string;
1483
+ reason?: string;
1484
+ occurredAt?: Date;
1485
+ previousLedgerHash?: string | null;
1486
+ }): LedgerRecord;
662
1487
  export declare function hashPayload(payload: unknown): string;
1488
+ export declare function hashProvenance(provenance: ActionProvenance): string;
663
1489
  export declare function hashAction(action: unknown): string;
1490
+ export declare const GITHUB_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<GitHubNativeConnectorConfig>;
1491
+ export declare const LINEAR_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<LinearNativeConnectorConfig>;
1492
+ export declare const JIRA_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<JiraNativeConnectorConfig>;
1493
+ export declare const POSTGRES_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<PostgresNativeConnectorConfig>;
1494
+ export declare const DRIVE_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<DriveNativeConnectorConfig>;
1495
+ export declare const NATIVE_CONNECTOR_GOVERNANCE_REGISTRY: readonly [NativeConnectorGovernanceDescriptor<{
1496
+ mode: "fake" | "rest" | "app";
1497
+ tokenEnv: string;
1498
+ apiBaseUrl: string;
1499
+ userAgent: string;
1500
+ appIdEnv: string;
1501
+ installationIdEnv: string;
1502
+ privateKeyEnv: string;
1503
+ appId?: string | undefined;
1504
+ installationId?: string | undefined;
1505
+ }>, NativeConnectorGovernanceDescriptor<{
1506
+ mode: "fake" | "graphql";
1507
+ tokenEnv: string;
1508
+ apiUrl: string;
1509
+ }>, NativeConnectorGovernanceDescriptor<{
1510
+ mode: "fake" | "rest";
1511
+ auth: "api_token" | "oauth";
1512
+ tokenEnv: string;
1513
+ emailEnv: string;
1514
+ siteUrl: string;
1515
+ cloudIdEnv: string;
1516
+ cloudId?: string | undefined;
1517
+ }>, NativeConnectorGovernanceDescriptor<{
1518
+ mode: "postgres" | "off";
1519
+ dsnEnv: string;
1520
+ allowedTables: string[];
1521
+ allowedFunctions: string[];
1522
+ requireRls: boolean;
1523
+ maxRows: number;
1524
+ statementTimeoutMs: number;
1525
+ lockTimeoutMs: number;
1526
+ idleTransactionTimeoutMs: number;
1527
+ }>, NativeConnectorGovernanceDescriptor<{
1528
+ mode: "rest" | "off";
1529
+ tokenEnv: string;
1530
+ apiBaseUrl: string;
1531
+ allowedMimeTypes: string[];
1532
+ maxReadBytes: number;
1533
+ selectedFileId?: string | undefined;
1534
+ }>];
664
1535
  export declare function providerEvidenceForAction(actionInput: unknown): LedgerProviderEvidence | undefined;
665
1536
  export declare function hashJson(value: unknown): string;
666
1537
  export declare function stableStringify(value: unknown): string;
1538
+ export declare function computeDpopAccessTokenHash(token: string): string;
1539
+ export declare function normalizeDpopMethod(method: string): string;
1540
+ export declare function normalizeDpopUri(uri: string): string;
1541
+ export declare function actionPassDpopTarget(actionInput: unknown): {
1542
+ method: "POST";
1543
+ uri: string;
1544
+ };
667
1545
  export declare function validateApprovalArtifact(artifactInput: unknown, actionInput: unknown, now?: Date): string | null;
1546
+ export declare const AXTARY_DEFAULT_ISSUER = "axtary-dev";
1547
+ export declare const AXTARY_DEFAULT_TENANT = "local";
1548
+ export declare const AXTARY_DEFAULT_RUNTIME = "sdk";
1549
+ /** Flat authorization request — the shape from PRD §8.2. */
1550
+ export type AxtaryAuthorizeRequest = {
1551
+ agent: string;
1552
+ human: string;
1553
+ intent: string;
1554
+ tool: string;
1555
+ resource: string;
1556
+ payload?: Record<string, JsonValue>;
1557
+ /** Agent runtime label; defaults to the instance runtime ("sdk"). */
1558
+ runtime?: string;
1559
+ /** Stable task id for ledger correlation; generated when omitted. */
1560
+ task?: string;
1561
+ /** Tenant; defaults to the instance tenant. */
1562
+ tenant?: string;
1563
+ constraints?: Record<string, JsonValue>;
1564
+ budget?: ActionBudget;
1565
+ toolDefinition?: NormalizedAction["toolDefinition"];
1566
+ provenance?: ActionProvenance;
1567
+ maxDelegationDepth?: number;
1568
+ };
1569
+ export type AxtaryPass = IssueActionPassResult;
1570
+ export type AxtaryAuthorizeResult = {
1571
+ /** Alias of `decision.decision` so `result.status === "allow"` reads cleanly. */
1572
+ status: AxtaryDecision;
1573
+ decision: PolicyDecision;
1574
+ reasons: string[];
1575
+ explanation: PolicyDecisionExplanation;
1576
+ payloadHash: string;
1577
+ action: NormalizedAction;
1578
+ pass: AxtaryPass | null;
1579
+ ledger: LedgerRecord;
1580
+ };
1581
+ export type AxtaryAuthorizeOptions = {
1582
+ policy?: PolicyOptions;
1583
+ approval?: Approval;
1584
+ approvalArtifact?: ApprovalArtifact;
1585
+ now?: Date;
1586
+ };
1587
+ export type AxtaryExecutionOutcome = Omit<LedgerExecutionOutcome, "schemaVersion" | "sideEffectProof"> & {
1588
+ sideEffectProof?: Record<string, JsonValue>;
1589
+ };
1590
+ export type AxtaryRecordInput = {
1591
+ action: AxtaryAuthorizeRequest | NormalizedAction;
1592
+ decision: PolicyDecision;
1593
+ pass?: AxtaryPass | string | null;
1594
+ outcome?: AxtaryExecutionOutcome;
1595
+ correlationId?: string | null;
1596
+ previousLedgerHash?: string | null;
1597
+ };
1598
+ export type AxtaryRevokeOptions = {
1599
+ revokedBy?: string;
1600
+ reason?: string;
1601
+ revokedAt?: Date;
1602
+ };
1603
+ export type AxtaryConfig = {
1604
+ issuer?: string;
1605
+ tenant?: string;
1606
+ runtime?: string;
1607
+ /** Issuer signing key. Omit to use a persistent local dev key (see devKeypair). */
1608
+ signingKey?: SigningKey;
1609
+ signingKeyId?: string;
1610
+ /** Public verification key matching `signingKey`; required for `verify`. */
1611
+ verificationKey?: VerificationKey;
1612
+ algorithm?: SigningAlgorithm;
1613
+ /** Default policy options applied to every authorize call. */
1614
+ policy?: PolicyOptions;
1615
+ /** Override the dev keyring file path used when no signing key is configured. */
1616
+ keyPath?: string;
1617
+ /** Suppress the one-time dev-key warning. */
1618
+ quiet?: boolean;
1619
+ };
1620
+ export declare class Axtary {
1621
+ readonly issuer: string;
1622
+ readonly tenant: string;
1623
+ readonly runtime: string;
1624
+ private readonly defaultPolicy?;
1625
+ private readonly algorithm;
1626
+ private readonly quiet;
1627
+ private readonly configuredSigningKey?;
1628
+ private readonly configuredKeyId?;
1629
+ private readonly configuredVerificationKey?;
1630
+ private readonly keyPath?;
1631
+ private signerPromise?;
1632
+ private ledgerHead;
1633
+ private readonly revocations;
1634
+ constructor(config?: AxtaryConfig);
1635
+ /** Current local ledger head (hash of the last record this instance wrote). */
1636
+ get ledgerHash(): string | null;
1637
+ private resolveSigner;
1638
+ private toNormalizedAction;
1639
+ /**
1640
+ * Decide an action and, for an allow, issue an ActionPass. Always returns a
1641
+ * decision (the policy evaluation is keyless); a deny/step-up returns
1642
+ * `pass: null`. Threads the local ledger head so successive calls chain.
1643
+ */
1644
+ authorize(request: AxtaryAuthorizeRequest | NormalizedAction, options?: AxtaryAuthorizeOptions): Promise<AxtaryAuthorizeResult>;
1645
+ /**
1646
+ * Verify a previously issued pass against an action. Accepts an authorize
1647
+ * result, a pass object, or a raw token; the action defaults to the result's
1648
+ * action when one is supplied. Fails closed for a pass this instance revoked.
1649
+ */
1650
+ verify(pass: AxtaryAuthorizeResult | AxtaryPass | string, action?: AxtaryAuthorizeRequest | NormalizedAction): Promise<VerifyActionPassResult>;
1651
+ /**
1652
+ * Append an execution result to the local ledger, chained after the decision
1653
+ * record from `authorize`. Returns the tamper-evident record; durable
1654
+ * persistence is the proxy/CLI's responsibility.
1655
+ */
1656
+ record(input: AxtaryRecordInput): LedgerRecord;
1657
+ /**
1658
+ * Revoke a pass by id. The revocation is held in this instance so a later
1659
+ * `verify` of that pass fails closed. Durable cross-process revocation is the
1660
+ * CLI/trust-store path (`axtary revoke`).
1661
+ */
1662
+ revoke(passId: string, options?: AxtaryRevokeOptions): ActionPassRevocation;
1663
+ /** Deterministic, human-readable explanation of a decision (no model call). */
1664
+ explain(decision: PolicyDecision | AxtaryAuthorizeResult): PolicyDecisionExplanation;
1665
+ }
1666
+ /** Create an Axtary SDK instance. */
1667
+ export declare function createAxtary(config?: AxtaryConfig): Axtary;
1668
+ /** Default Axtary SDK instance (PRD §8.2 `import { axtary }`). */
1669
+ export declare const axtary: Axtary;
668
1670
  //# sourceMappingURL=index.d.ts.map