@axtary/actionpass 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,6 +1,18 @@
1
1
  import { type CryptoKey, type JWK, type KeyObject } from "jose";
2
2
  import { z } from "zod";
3
+ import { type ActionPassStatusClaim } from "./status-list.js";
4
+ import { type ActionProvenance } from "./provenance.js";
5
+ import { type PolicyDecisionExplanation } from "./explain.js";
6
+ export * from "./caep.js";
7
+ export * from "./dev-key.js";
8
+ export * from "./explain.js";
9
+ export * from "./postgres.js";
10
+ export * from "./provenance.js";
11
+ export * from "./status-list.js";
3
12
  export declare const ACTION_SCHEMA_VERSION = "axtary.action.v0";
13
+ export declare const ACTIONPASS_V0_VERSION = "axtary.actionpass.v0";
14
+ export declare const ACTIONPASS_V1_VERSION = "axtary.actionpass.v1";
15
+ export declare const ACTIONPASS_V2_VERSION = "axtary.actionpass.v2";
4
16
  export declare const ACTIONPASS_VERSION = "axtary.actionpass.v0";
5
17
  export declare const APPROVAL_ARTIFACT_VERSION = "axtary.approval.v0";
6
18
  export declare const ACTIONPASS_REVOCATION_VERSION = "axtary.actionpass_revocation.v0";
@@ -10,9 +22,25 @@ export declare const LEDGER_PROVIDER_EVIDENCE_VERSION = "axtary.ledger_provider_
10
22
  export declare const LEDGER_EXECUTION_OUTCOME_VERSION = "axtary.ledger_execution_outcome.v0";
11
23
  export declare const DEFAULT_EXPIRES_IN_SECONDS = 600;
12
24
  export declare const DEFAULT_SIGNING_ALGORITHM = "ES256";
25
+ export declare const DPOP_PROOF_TYP = "dpop+jwt";
26
+ export declare const DEFAULT_DPOP_MAX_AGE_SECONDS = 60;
27
+ export declare const DEFAULT_DPOP_CLOCK_SKEW_SECONDS = 5;
13
28
  export type JsonValue = string | number | boolean | null | JsonValue[] | {
14
29
  [key: string]: JsonValue;
15
30
  };
31
+ export declare const BudgetAmountSchema: z.ZodRecord<z.ZodString, z.ZodNumber>;
32
+ export type BudgetAmount = z.infer<typeof BudgetAmountSchema>;
33
+ export declare const ActionBudgetSchema: z.ZodObject<{
34
+ reservationId: z.ZodString;
35
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
36
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
37
+ commitStatus: z.ZodEnum<{
38
+ pending: "pending";
39
+ committed: "committed";
40
+ rolled_back: "rolled_back";
41
+ }>;
42
+ }, z.core.$strip>;
43
+ export type ActionBudget = z.infer<typeof ActionBudgetSchema>;
16
44
  export declare const AxtaryDecisionSchema: z.ZodEnum<{
17
45
  allow: "allow";
18
46
  deny: "deny";
@@ -42,15 +70,45 @@ export declare const NormalizedActionSchema: z.ZodObject<{
42
70
  serverIdentity: z.ZodString;
43
71
  schemaVersion: z.ZodString;
44
72
  definitionHash: z.ZodString;
73
+ publisher: z.ZodOptional<z.ZodString>;
74
+ publisherKeyId: z.ZodOptional<z.ZodString>;
75
+ semver: z.ZodOptional<z.ZodString>;
76
+ priorDefinitionHash: z.ZodOptional<z.ZodString>;
77
+ }, z.core.$strip>>;
78
+ provenance: z.ZodOptional<z.ZodObject<{
79
+ schemaVersion: z.ZodDefault<z.ZodLiteral<"axtary.provenance.v0">>;
80
+ sources: z.ZodArray<z.ZodObject<{
81
+ id: z.ZodString;
82
+ kind: z.ZodEnum<{
83
+ unknown: "unknown";
84
+ task: "task";
85
+ operator: "operator";
86
+ document: "document";
87
+ tool_output: "tool_output";
88
+ connector: "connector";
89
+ }>;
90
+ integrity: z.ZodEnum<{
91
+ unknown: "unknown";
92
+ trusted: "trusted";
93
+ untrusted: "untrusted";
94
+ }>;
95
+ resource: z.ZodOptional<z.ZodString>;
96
+ observedAt: z.ZodOptional<z.ZodString>;
97
+ }, z.core.$strip>>;
98
+ bindings: z.ZodArray<z.ZodObject<{
99
+ path: z.ZodString;
100
+ sourceIds: z.ZodArray<z.ZodString>;
101
+ }, z.core.$strip>>;
45
102
  }, z.core.$strip>>;
46
103
  budget: z.ZodOptional<z.ZodObject<{
47
- reservationId: z.ZodOptional<z.ZodString>;
48
- limit: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
49
- commitStatus: z.ZodOptional<z.ZodEnum<{
104
+ reservationId: z.ZodString;
105
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
106
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
107
+ commitStatus: z.ZodEnum<{
50
108
  pending: "pending";
51
109
  committed: "committed";
52
110
  rolled_back: "rolled_back";
53
- }>>;
111
+ }>;
54
112
  }, z.core.$strip>>;
55
113
  }, z.core.$strip>;
56
114
  export type NormalizedAction = z.infer<typeof NormalizedActionSchema>;
@@ -72,6 +130,29 @@ export declare const PolicyDecisionSchema: z.ZodObject<{
72
130
  maxFilesChanged: z.ZodNumber;
73
131
  blockedPaths: z.ZodArray<z.ZodString>;
74
132
  }, z.core.$strip>;
133
+ rule: z.ZodOptional<z.ZodObject<{
134
+ id: z.ZodString;
135
+ matchedRuleIds: z.ZodDefault<z.ZodArray<z.ZodString>>;
136
+ }, z.core.$strip>>;
137
+ obligations: z.ZodOptional<z.ZodObject<{
138
+ requiredApproverRoles: z.ZodDefault<z.ZodArray<z.ZodString>>;
139
+ timeWindow: z.ZodOptional<z.ZodObject<{
140
+ startHourUtc: z.ZodNumber;
141
+ endHourUtc: z.ZodNumber;
142
+ daysOfWeek: z.ZodDefault<z.ZodArray<z.ZodNumber>>;
143
+ }, z.core.$strip>>;
144
+ rateLimit: z.ZodOptional<z.ZodObject<{
145
+ ruleId: z.ZodString;
146
+ maxActions: z.ZodNumber;
147
+ windowSeconds: z.ZodNumber;
148
+ scope: z.ZodEnum<{
149
+ resource: "resource";
150
+ actor: "actor";
151
+ tenant: "tenant";
152
+ tool: "tool";
153
+ }>;
154
+ }, z.core.$strip>>;
155
+ }, z.core.$strip>>;
75
156
  }, z.core.$strip>;
76
157
  export type PolicyDecision = z.infer<typeof PolicyDecisionSchema>;
77
158
  export type ActionPassDecision = PolicyDecision;
@@ -82,6 +163,7 @@ export declare const ApprovalSchema: z.ZodObject<{
82
163
  policy_override: "policy_override";
83
164
  }>;
84
165
  approvedBy: z.ZodOptional<z.ZodString>;
166
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
85
167
  approvalArtifact: z.ZodOptional<z.ZodString>;
86
168
  approvalArtifactHash: z.ZodOptional<z.ZodString>;
87
169
  actionHash: z.ZodOptional<z.ZodString>;
@@ -97,6 +179,7 @@ export declare const ApprovalArtifactSchema: z.ZodObject<{
97
179
  policy_override: "policy_override";
98
180
  }>;
99
181
  approvedBy: z.ZodString;
182
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
100
183
  approvedAt: z.ZodString;
101
184
  actionHash: z.ZodString;
102
185
  payloadHash: z.ZodString;
@@ -107,8 +190,159 @@ export declare const ApprovalArtifactSchema: z.ZodObject<{
107
190
  expiresAt: z.ZodOptional<z.ZodString>;
108
191
  }, z.core.$strip>;
109
192
  export type ApprovalArtifact = z.infer<typeof ApprovalArtifactSchema>;
110
- export declare const ActionPassClaimsSchema: z.ZodObject<{
193
+ export declare const ActionPassV0ClaimsSchema: z.ZodObject<{
194
+ iss: z.ZodString;
195
+ sub: z.ZodString;
196
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
197
+ exp: z.ZodNumber;
198
+ nbf: z.ZodNumber;
199
+ iat: z.ZodNumber;
200
+ jti: z.ZodString;
201
+ tenant: z.ZodString;
202
+ humanOwner: z.ZodString;
203
+ agentRuntime: z.ZodString;
204
+ intent: z.ZodObject<{
205
+ taskId: z.ZodString;
206
+ declaredGoal: z.ZodString;
207
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
208
+ }, z.core.$strip>;
209
+ capability: z.ZodObject<{
210
+ tool: z.ZodString;
211
+ resource: z.ZodString;
212
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
213
+ }, z.core.$strip>;
214
+ decision: z.ZodEnum<{
215
+ allow: "allow";
216
+ deny: "deny";
217
+ step_up: "step_up";
218
+ }>;
219
+ reasons: z.ZodArray<z.ZodString>;
220
+ policy: z.ZodObject<{
221
+ nativeRule: z.ZodString;
222
+ version: z.ZodString;
223
+ cedarCompatible: z.ZodBoolean;
224
+ opaCompatible: z.ZodBoolean;
225
+ }, z.core.$strip>;
226
+ payloadHash: z.ZodString;
227
+ provenanceHash: z.ZodOptional<z.ZodString>;
228
+ budget: z.ZodOptional<z.ZodObject<{
229
+ reservationId: z.ZodString;
230
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
231
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
232
+ commitStatus: z.ZodEnum<{
233
+ pending: "pending";
234
+ committed: "committed";
235
+ rolled_back: "rolled_back";
236
+ }>;
237
+ }, z.core.$strip>>;
238
+ approval: z.ZodOptional<z.ZodObject<{
239
+ mode: z.ZodEnum<{
240
+ none: "none";
241
+ human: "human";
242
+ policy_override: "policy_override";
243
+ }>;
244
+ approvedBy: z.ZodOptional<z.ZodString>;
245
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
246
+ approvalArtifact: z.ZodOptional<z.ZodString>;
247
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
248
+ actionHash: z.ZodOptional<z.ZodString>;
249
+ payloadHash: z.ZodOptional<z.ZodString>;
250
+ approvedAt: z.ZodOptional<z.ZodString>;
251
+ }, z.core.$strip>>;
252
+ audit: z.ZodObject<{
253
+ traceId: z.ZodString;
254
+ parentPassId: z.ZodNullable<z.ZodString>;
255
+ ledgerHash: z.ZodNullable<z.ZodString>;
256
+ }, z.core.$strip>;
111
257
  apv: z.ZodLiteral<"axtary.actionpass.v0">;
258
+ }, z.core.$strip>;
259
+ export declare const ActionPassV1ClaimsSchema: z.ZodObject<{
260
+ cnf: z.ZodObject<{
261
+ jkt: z.ZodString;
262
+ }, z.core.$strip>;
263
+ delegation: z.ZodOptional<z.ZodObject<{
264
+ depth: z.ZodNumber;
265
+ rootPassId: z.ZodString;
266
+ }, z.core.$strip>>;
267
+ iss: z.ZodString;
268
+ sub: z.ZodString;
269
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
270
+ exp: z.ZodNumber;
271
+ nbf: z.ZodNumber;
272
+ iat: z.ZodNumber;
273
+ jti: z.ZodString;
274
+ tenant: z.ZodString;
275
+ humanOwner: z.ZodString;
276
+ agentRuntime: z.ZodString;
277
+ intent: z.ZodObject<{
278
+ taskId: z.ZodString;
279
+ declaredGoal: z.ZodString;
280
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
281
+ }, z.core.$strip>;
282
+ capability: z.ZodObject<{
283
+ tool: z.ZodString;
284
+ resource: z.ZodString;
285
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
286
+ }, z.core.$strip>;
287
+ decision: z.ZodEnum<{
288
+ allow: "allow";
289
+ deny: "deny";
290
+ step_up: "step_up";
291
+ }>;
292
+ reasons: z.ZodArray<z.ZodString>;
293
+ policy: z.ZodObject<{
294
+ nativeRule: z.ZodString;
295
+ version: z.ZodString;
296
+ cedarCompatible: z.ZodBoolean;
297
+ opaCompatible: z.ZodBoolean;
298
+ }, z.core.$strip>;
299
+ payloadHash: z.ZodString;
300
+ provenanceHash: z.ZodOptional<z.ZodString>;
301
+ budget: z.ZodOptional<z.ZodObject<{
302
+ reservationId: z.ZodString;
303
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
304
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
305
+ commitStatus: z.ZodEnum<{
306
+ pending: "pending";
307
+ committed: "committed";
308
+ rolled_back: "rolled_back";
309
+ }>;
310
+ }, z.core.$strip>>;
311
+ approval: z.ZodOptional<z.ZodObject<{
312
+ mode: z.ZodEnum<{
313
+ none: "none";
314
+ human: "human";
315
+ policy_override: "policy_override";
316
+ }>;
317
+ approvedBy: z.ZodOptional<z.ZodString>;
318
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
319
+ approvalArtifact: z.ZodOptional<z.ZodString>;
320
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
321
+ actionHash: z.ZodOptional<z.ZodString>;
322
+ payloadHash: z.ZodOptional<z.ZodString>;
323
+ approvedAt: z.ZodOptional<z.ZodString>;
324
+ }, z.core.$strip>>;
325
+ audit: z.ZodObject<{
326
+ traceId: z.ZodString;
327
+ parentPassId: z.ZodNullable<z.ZodString>;
328
+ ledgerHash: z.ZodNullable<z.ZodString>;
329
+ }, z.core.$strip>;
330
+ apv: z.ZodLiteral<"axtary.actionpass.v1">;
331
+ }, z.core.$strip>;
332
+ export declare const ActionPassV2ClaimsSchema: z.ZodObject<{
333
+ cnf: z.ZodObject<{
334
+ jkt: z.ZodString;
335
+ }, z.core.$strip>;
336
+ delegation: z.ZodOptional<z.ZodObject<{
337
+ depth: z.ZodNumber;
338
+ rootPassId: z.ZodString;
339
+ }, z.core.$strip>>;
340
+ status: z.ZodObject<{
341
+ status_list: z.ZodObject<{
342
+ idx: z.ZodNumber;
343
+ uri: z.ZodString;
344
+ }, z.core.$strip>;
345
+ }, z.core.$strip>;
112
346
  iss: z.ZodString;
113
347
  sub: z.ZodString;
114
348
  aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
@@ -142,6 +376,17 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
142
376
  opaCompatible: z.ZodBoolean;
143
377
  }, z.core.$strip>;
144
378
  payloadHash: z.ZodString;
379
+ provenanceHash: z.ZodOptional<z.ZodString>;
380
+ budget: z.ZodOptional<z.ZodObject<{
381
+ reservationId: z.ZodString;
382
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
383
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
384
+ commitStatus: z.ZodEnum<{
385
+ pending: "pending";
386
+ committed: "committed";
387
+ rolled_back: "rolled_back";
388
+ }>;
389
+ }, z.core.$strip>>;
145
390
  approval: z.ZodOptional<z.ZodObject<{
146
391
  mode: z.ZodEnum<{
147
392
  none: "none";
@@ -149,6 +394,7 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
149
394
  policy_override: "policy_override";
150
395
  }>;
151
396
  approvedBy: z.ZodOptional<z.ZodString>;
397
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
152
398
  approvalArtifact: z.ZodOptional<z.ZodString>;
153
399
  approvalArtifactHash: z.ZodOptional<z.ZodString>;
154
400
  actionHash: z.ZodOptional<z.ZodString>;
@@ -160,8 +406,236 @@ export declare const ActionPassClaimsSchema: z.ZodObject<{
160
406
  parentPassId: z.ZodNullable<z.ZodString>;
161
407
  ledgerHash: z.ZodNullable<z.ZodString>;
162
408
  }, z.core.$strip>;
409
+ apv: z.ZodLiteral<"axtary.actionpass.v2">;
163
410
  }, z.core.$strip>;
411
+ export declare const ActionPassClaimsSchema: z.ZodUnion<readonly [z.ZodObject<{
412
+ iss: z.ZodString;
413
+ sub: z.ZodString;
414
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
415
+ exp: z.ZodNumber;
416
+ nbf: z.ZodNumber;
417
+ iat: z.ZodNumber;
418
+ jti: z.ZodString;
419
+ tenant: z.ZodString;
420
+ humanOwner: z.ZodString;
421
+ agentRuntime: z.ZodString;
422
+ intent: z.ZodObject<{
423
+ taskId: z.ZodString;
424
+ declaredGoal: z.ZodString;
425
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
426
+ }, z.core.$strip>;
427
+ capability: z.ZodObject<{
428
+ tool: z.ZodString;
429
+ resource: z.ZodString;
430
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
431
+ }, z.core.$strip>;
432
+ decision: z.ZodEnum<{
433
+ allow: "allow";
434
+ deny: "deny";
435
+ step_up: "step_up";
436
+ }>;
437
+ reasons: z.ZodArray<z.ZodString>;
438
+ policy: z.ZodObject<{
439
+ nativeRule: z.ZodString;
440
+ version: z.ZodString;
441
+ cedarCompatible: z.ZodBoolean;
442
+ opaCompatible: z.ZodBoolean;
443
+ }, z.core.$strip>;
444
+ payloadHash: z.ZodString;
445
+ provenanceHash: z.ZodOptional<z.ZodString>;
446
+ budget: z.ZodOptional<z.ZodObject<{
447
+ reservationId: z.ZodString;
448
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
449
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
450
+ commitStatus: z.ZodEnum<{
451
+ pending: "pending";
452
+ committed: "committed";
453
+ rolled_back: "rolled_back";
454
+ }>;
455
+ }, z.core.$strip>>;
456
+ approval: z.ZodOptional<z.ZodObject<{
457
+ mode: z.ZodEnum<{
458
+ none: "none";
459
+ human: "human";
460
+ policy_override: "policy_override";
461
+ }>;
462
+ approvedBy: z.ZodOptional<z.ZodString>;
463
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
464
+ approvalArtifact: z.ZodOptional<z.ZodString>;
465
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
466
+ actionHash: z.ZodOptional<z.ZodString>;
467
+ payloadHash: z.ZodOptional<z.ZodString>;
468
+ approvedAt: z.ZodOptional<z.ZodString>;
469
+ }, z.core.$strip>>;
470
+ audit: z.ZodObject<{
471
+ traceId: z.ZodString;
472
+ parentPassId: z.ZodNullable<z.ZodString>;
473
+ ledgerHash: z.ZodNullable<z.ZodString>;
474
+ }, z.core.$strip>;
475
+ apv: z.ZodLiteral<"axtary.actionpass.v0">;
476
+ }, z.core.$strip>, z.ZodObject<{
477
+ cnf: z.ZodObject<{
478
+ jkt: z.ZodString;
479
+ }, z.core.$strip>;
480
+ delegation: z.ZodOptional<z.ZodObject<{
481
+ depth: z.ZodNumber;
482
+ rootPassId: z.ZodString;
483
+ }, z.core.$strip>>;
484
+ iss: z.ZodString;
485
+ sub: z.ZodString;
486
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
487
+ exp: z.ZodNumber;
488
+ nbf: z.ZodNumber;
489
+ iat: z.ZodNumber;
490
+ jti: z.ZodString;
491
+ tenant: z.ZodString;
492
+ humanOwner: z.ZodString;
493
+ agentRuntime: z.ZodString;
494
+ intent: z.ZodObject<{
495
+ taskId: z.ZodString;
496
+ declaredGoal: z.ZodString;
497
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
498
+ }, z.core.$strip>;
499
+ capability: z.ZodObject<{
500
+ tool: z.ZodString;
501
+ resource: z.ZodString;
502
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
503
+ }, z.core.$strip>;
504
+ decision: z.ZodEnum<{
505
+ allow: "allow";
506
+ deny: "deny";
507
+ step_up: "step_up";
508
+ }>;
509
+ reasons: z.ZodArray<z.ZodString>;
510
+ policy: z.ZodObject<{
511
+ nativeRule: z.ZodString;
512
+ version: z.ZodString;
513
+ cedarCompatible: z.ZodBoolean;
514
+ opaCompatible: z.ZodBoolean;
515
+ }, z.core.$strip>;
516
+ payloadHash: z.ZodString;
517
+ provenanceHash: z.ZodOptional<z.ZodString>;
518
+ budget: z.ZodOptional<z.ZodObject<{
519
+ reservationId: z.ZodString;
520
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
521
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
522
+ commitStatus: z.ZodEnum<{
523
+ pending: "pending";
524
+ committed: "committed";
525
+ rolled_back: "rolled_back";
526
+ }>;
527
+ }, z.core.$strip>>;
528
+ approval: z.ZodOptional<z.ZodObject<{
529
+ mode: z.ZodEnum<{
530
+ none: "none";
531
+ human: "human";
532
+ policy_override: "policy_override";
533
+ }>;
534
+ approvedBy: z.ZodOptional<z.ZodString>;
535
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
536
+ approvalArtifact: z.ZodOptional<z.ZodString>;
537
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
538
+ actionHash: z.ZodOptional<z.ZodString>;
539
+ payloadHash: z.ZodOptional<z.ZodString>;
540
+ approvedAt: z.ZodOptional<z.ZodString>;
541
+ }, z.core.$strip>>;
542
+ audit: z.ZodObject<{
543
+ traceId: z.ZodString;
544
+ parentPassId: z.ZodNullable<z.ZodString>;
545
+ ledgerHash: z.ZodNullable<z.ZodString>;
546
+ }, z.core.$strip>;
547
+ apv: z.ZodLiteral<"axtary.actionpass.v1">;
548
+ }, z.core.$strip>, z.ZodObject<{
549
+ cnf: z.ZodObject<{
550
+ jkt: z.ZodString;
551
+ }, z.core.$strip>;
552
+ delegation: z.ZodOptional<z.ZodObject<{
553
+ depth: z.ZodNumber;
554
+ rootPassId: z.ZodString;
555
+ }, z.core.$strip>>;
556
+ status: z.ZodObject<{
557
+ status_list: z.ZodObject<{
558
+ idx: z.ZodNumber;
559
+ uri: z.ZodString;
560
+ }, z.core.$strip>;
561
+ }, z.core.$strip>;
562
+ iss: z.ZodString;
563
+ sub: z.ZodString;
564
+ aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
565
+ exp: z.ZodNumber;
566
+ nbf: z.ZodNumber;
567
+ iat: z.ZodNumber;
568
+ jti: z.ZodString;
569
+ tenant: z.ZodString;
570
+ humanOwner: z.ZodString;
571
+ agentRuntime: z.ZodString;
572
+ intent: z.ZodObject<{
573
+ taskId: z.ZodString;
574
+ declaredGoal: z.ZodString;
575
+ maxDelegationDepth: z.ZodOptional<z.ZodNumber>;
576
+ }, z.core.$strip>;
577
+ capability: z.ZodObject<{
578
+ tool: z.ZodString;
579
+ resource: z.ZodString;
580
+ constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
581
+ }, z.core.$strip>;
582
+ decision: z.ZodEnum<{
583
+ allow: "allow";
584
+ deny: "deny";
585
+ step_up: "step_up";
586
+ }>;
587
+ reasons: z.ZodArray<z.ZodString>;
588
+ policy: z.ZodObject<{
589
+ nativeRule: z.ZodString;
590
+ version: z.ZodString;
591
+ cedarCompatible: z.ZodBoolean;
592
+ opaCompatible: z.ZodBoolean;
593
+ }, z.core.$strip>;
594
+ payloadHash: z.ZodString;
595
+ provenanceHash: z.ZodOptional<z.ZodString>;
596
+ budget: z.ZodOptional<z.ZodObject<{
597
+ reservationId: z.ZodString;
598
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
599
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
600
+ commitStatus: z.ZodEnum<{
601
+ pending: "pending";
602
+ committed: "committed";
603
+ rolled_back: "rolled_back";
604
+ }>;
605
+ }, z.core.$strip>>;
606
+ approval: z.ZodOptional<z.ZodObject<{
607
+ mode: z.ZodEnum<{
608
+ none: "none";
609
+ human: "human";
610
+ policy_override: "policy_override";
611
+ }>;
612
+ approvedBy: z.ZodOptional<z.ZodString>;
613
+ approverRoles: z.ZodOptional<z.ZodArray<z.ZodString>>;
614
+ approvalArtifact: z.ZodOptional<z.ZodString>;
615
+ approvalArtifactHash: z.ZodOptional<z.ZodString>;
616
+ actionHash: z.ZodOptional<z.ZodString>;
617
+ payloadHash: z.ZodOptional<z.ZodString>;
618
+ approvedAt: z.ZodOptional<z.ZodString>;
619
+ }, z.core.$strip>>;
620
+ audit: z.ZodObject<{
621
+ traceId: z.ZodString;
622
+ parentPassId: z.ZodNullable<z.ZodString>;
623
+ ledgerHash: z.ZodNullable<z.ZodString>;
624
+ }, z.core.$strip>;
625
+ apv: z.ZodLiteral<"axtary.actionpass.v2">;
626
+ }, z.core.$strip>]>;
164
627
  export type ActionPassClaims = z.infer<typeof ActionPassClaimsSchema>;
628
+ export type ActionPassV1Claims = z.infer<typeof ActionPassV1ClaimsSchema>;
629
+ export type ActionPassV2Claims = z.infer<typeof ActionPassV2ClaimsSchema>;
630
+ export declare const DpopProofClaimsSchema: z.ZodObject<{
631
+ htm: z.ZodString;
632
+ htu: z.ZodString;
633
+ iat: z.ZodNumber;
634
+ jti: z.ZodString;
635
+ ath: z.ZodString;
636
+ nonce: z.ZodOptional<z.ZodString>;
637
+ }, z.core.$strip>;
638
+ export type DpopProofClaims = z.infer<typeof DpopProofClaimsSchema>;
165
639
  export declare const ActionPassRevocationSchema: z.ZodObject<{
166
640
  schemaVersion: z.ZodLiteral<"axtary.actionpass_revocation.v0">;
167
641
  passId: z.ZodString;
@@ -251,10 +725,12 @@ export declare const LedgerProviderSchema: z.ZodEnum<{
251
725
  slack: "slack";
252
726
  linear: "linear";
253
727
  docs: "docs";
728
+ drive: "drive";
254
729
  mcp: "mcp";
255
730
  aws: "aws";
256
731
  gcp: "gcp";
257
732
  jira: "jira";
733
+ postgres: "postgres";
258
734
  }>;
259
735
  export type LedgerProvider = z.infer<typeof LedgerProviderSchema>;
260
736
  export declare const LedgerProviderEvidenceDiffSchema: z.ZodObject<{
@@ -263,10 +739,12 @@ export declare const LedgerProviderEvidenceDiffSchema: z.ZodObject<{
263
739
  slack: "slack";
264
740
  linear: "linear";
265
741
  docs: "docs";
742
+ drive: "drive";
266
743
  mcp: "mcp";
267
744
  aws: "aws";
268
745
  gcp: "gcp";
269
746
  jira: "jira";
747
+ postgres: "postgres";
270
748
  }>;
271
749
  summary: z.ZodOptional<z.ZodString>;
272
750
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -309,10 +787,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
309
787
  slack: "slack";
310
788
  linear: "linear";
311
789
  docs: "docs";
790
+ drive: "drive";
312
791
  mcp: "mcp";
313
792
  aws: "aws";
314
793
  gcp: "gcp";
315
794
  jira: "jira";
795
+ postgres: "postgres";
316
796
  }>;
317
797
  tool: z.ZodString;
318
798
  operation: z.ZodString;
@@ -322,10 +802,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
322
802
  slack: "slack";
323
803
  linear: "linear";
324
804
  docs: "docs";
805
+ drive: "drive";
325
806
  mcp: "mcp";
326
807
  aws: "aws";
327
808
  gcp: "gcp";
328
809
  jira: "jira";
810
+ postgres: "postgres";
329
811
  }>;
330
812
  kind: z.ZodString;
331
813
  id: z.ZodString;
@@ -344,10 +826,12 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
344
826
  slack: "slack";
345
827
  linear: "linear";
346
828
  docs: "docs";
829
+ drive: "drive";
347
830
  mcp: "mcp";
348
831
  aws: "aws";
349
832
  gcp: "gcp";
350
833
  jira: "jira";
834
+ postgres: "postgres";
351
835
  }>;
352
836
  summary: z.ZodOptional<z.ZodString>;
353
837
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -378,6 +862,113 @@ export declare const LedgerProviderEvidenceSchema: z.ZodObject<{
378
862
  }, z.core.$strip>>;
379
863
  }, z.core.$strip>;
380
864
  export type LedgerProviderEvidence = z.infer<typeof LedgerProviderEvidenceSchema>;
865
+ export type ConnectorProvider = "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "mcp" | "docs" | "drive" | "postgres";
866
+ export type ConnectorCapabilityOperation = "read" | "write" | "external_message" | "identity_read" | "identity_mutation";
867
+ export type ConnectorCapabilityStatus = "supported" | "demo_only" | "planned";
868
+ export type ConnectorCapability = {
869
+ id: string;
870
+ provider: ConnectorProvider;
871
+ connector: string;
872
+ label: string;
873
+ tool: string;
874
+ operation: ConnectorCapabilityOperation;
875
+ status: ConnectorCapabilityStatus;
876
+ supportedModes: string[];
877
+ requiresActionPass: boolean;
878
+ defaultPolicy: "allow" | "deny" | "step_up" | "deny_until_scoped";
879
+ payloadFields: string[];
880
+ approvalTriggers: string[];
881
+ credentialBoundary: string;
882
+ smokeCheck: string | null;
883
+ };
884
+ export type ConnectorProviderMode = "fake" | "rest" | "app" | "web" | "graphql" | "local" | "local-wrapper" | "postgres" | "off" | "planned";
885
+ export declare const GitHubNativeConnectorConfigSchema: z.ZodObject<{
886
+ mode: z.ZodDefault<z.ZodEnum<{
887
+ fake: "fake";
888
+ rest: "rest";
889
+ app: "app";
890
+ }>>;
891
+ tokenEnv: z.ZodDefault<z.ZodString>;
892
+ apiBaseUrl: z.ZodDefault<z.ZodString>;
893
+ userAgent: z.ZodDefault<z.ZodString>;
894
+ appId: z.ZodOptional<z.ZodString>;
895
+ appIdEnv: z.ZodDefault<z.ZodString>;
896
+ installationId: z.ZodOptional<z.ZodString>;
897
+ installationIdEnv: z.ZodDefault<z.ZodString>;
898
+ privateKeyEnv: z.ZodDefault<z.ZodString>;
899
+ }, z.core.$strip>;
900
+ export type GitHubNativeConnectorConfig = z.infer<typeof GitHubNativeConnectorConfigSchema>;
901
+ export declare const DEFAULT_GITHUB_NATIVE_CONNECTOR_CONFIG: GitHubNativeConnectorConfig;
902
+ export declare const LinearNativeConnectorConfigSchema: z.ZodObject<{
903
+ mode: z.ZodDefault<z.ZodEnum<{
904
+ fake: "fake";
905
+ graphql: "graphql";
906
+ }>>;
907
+ tokenEnv: z.ZodDefault<z.ZodString>;
908
+ apiUrl: z.ZodDefault<z.ZodString>;
909
+ }, z.core.$strip>;
910
+ export type LinearNativeConnectorConfig = z.infer<typeof LinearNativeConnectorConfigSchema>;
911
+ export declare const DEFAULT_LINEAR_NATIVE_CONNECTOR_CONFIG: LinearNativeConnectorConfig;
912
+ export declare const JiraNativeConnectorConfigSchema: z.ZodObject<{
913
+ mode: z.ZodDefault<z.ZodEnum<{
914
+ fake: "fake";
915
+ rest: "rest";
916
+ }>>;
917
+ auth: z.ZodDefault<z.ZodEnum<{
918
+ api_token: "api_token";
919
+ oauth: "oauth";
920
+ }>>;
921
+ tokenEnv: z.ZodDefault<z.ZodString>;
922
+ emailEnv: z.ZodDefault<z.ZodString>;
923
+ siteUrl: z.ZodDefault<z.ZodString>;
924
+ cloudId: z.ZodOptional<z.ZodString>;
925
+ cloudIdEnv: z.ZodDefault<z.ZodString>;
926
+ }, z.core.$strip>;
927
+ export type JiraNativeConnectorConfig = z.infer<typeof JiraNativeConnectorConfigSchema>;
928
+ export declare const DEFAULT_JIRA_NATIVE_CONNECTOR_CONFIG: JiraNativeConnectorConfig;
929
+ export declare const PostgresNativeConnectorConfigSchema: z.ZodObject<{
930
+ mode: z.ZodDefault<z.ZodEnum<{
931
+ postgres: "postgres";
932
+ off: "off";
933
+ }>>;
934
+ dsnEnv: z.ZodDefault<z.ZodString>;
935
+ allowedTables: z.ZodDefault<z.ZodArray<z.ZodString>>;
936
+ allowedFunctions: z.ZodDefault<z.ZodArray<z.ZodString>>;
937
+ requireRls: z.ZodDefault<z.ZodBoolean>;
938
+ maxRows: z.ZodDefault<z.ZodNumber>;
939
+ statementTimeoutMs: z.ZodDefault<z.ZodNumber>;
940
+ lockTimeoutMs: z.ZodDefault<z.ZodNumber>;
941
+ idleTransactionTimeoutMs: z.ZodDefault<z.ZodNumber>;
942
+ }, z.core.$strip>;
943
+ export type PostgresNativeConnectorConfig = z.infer<typeof PostgresNativeConnectorConfigSchema>;
944
+ export declare const DEFAULT_POSTGRES_NATIVE_CONNECTOR_CONFIG: PostgresNativeConnectorConfig;
945
+ export declare const DriveNativeConnectorConfigSchema: z.ZodObject<{
946
+ mode: z.ZodDefault<z.ZodEnum<{
947
+ rest: "rest";
948
+ off: "off";
949
+ }>>;
950
+ tokenEnv: z.ZodDefault<z.ZodString>;
951
+ selectedFileId: z.ZodOptional<z.ZodString>;
952
+ apiBaseUrl: z.ZodDefault<z.ZodString>;
953
+ allowedMimeTypes: z.ZodDefault<z.ZodArray<z.ZodString>>;
954
+ maxReadBytes: z.ZodDefault<z.ZodNumber>;
955
+ }, z.core.$strip>;
956
+ export type DriveNativeConnectorConfig = z.infer<typeof DriveNativeConnectorConfigSchema>;
957
+ export declare const DEFAULT_DRIVE_NATIVE_CONNECTOR_CONFIG: DriveNativeConnectorConfig;
958
+ export type NativeConnectorToolDescriptor = {
959
+ capability: ConnectorCapability;
960
+ normalizeEvidence: (action: NormalizedAction, payload: Record<string, JsonValue>) => LedgerProviderEvidence;
961
+ };
962
+ export type NativeConnectorGovernanceDescriptor<TConfig> = {
963
+ provider: ConnectorProvider;
964
+ connector: string;
965
+ mode: ConnectorProviderMode;
966
+ configSchema: z.ZodType<TConfig>;
967
+ defaultConfig: TConfig;
968
+ requiredScopes: readonly string[];
969
+ smokeCheck: string;
970
+ tools: readonly NativeConnectorToolDescriptor[];
971
+ };
381
972
  export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
382
973
  schemaVersion: z.ZodLiteral<"axtary.ledger_execution_outcome.v0">;
383
974
  status: z.ZodEnum<{
@@ -389,10 +980,12 @@ export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
389
980
  slack: "slack";
390
981
  linear: "linear";
391
982
  docs: "docs";
983
+ drive: "drive";
392
984
  mcp: "mcp";
393
985
  aws: "aws";
394
986
  gcp: "gcp";
395
987
  jira: "jira";
988
+ postgres: "postgres";
396
989
  }>>;
397
990
  resultId: z.ZodOptional<z.ZodString>;
398
991
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -400,15 +993,59 @@ export declare const LedgerExecutionOutcomeSchema: z.ZodObject<{
400
993
  resourceLabel: z.ZodOptional<z.ZodString>;
401
994
  failureReason: z.ZodOptional<z.ZodString>;
402
995
  errorClass: z.ZodOptional<z.ZodString>;
996
+ approvedPayloadHash: z.ZodOptional<z.ZodString>;
997
+ executedPayloadHash: z.ZodOptional<z.ZodString>;
403
998
  sideEffectProof: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
404
999
  }, z.core.$strict>;
405
1000
  export type LedgerExecutionOutcome = z.infer<typeof LedgerExecutionOutcomeSchema>;
1001
+ export declare const DelegationLedgerEdgeSchema: z.ZodObject<{
1002
+ parentPassId: z.ZodString;
1003
+ childPassId: z.ZodString;
1004
+ depth: z.ZodNumber;
1005
+ rootPassId: z.ZodString;
1006
+ }, z.core.$strip>;
1007
+ export type DelegationLedgerEdge = z.infer<typeof DelegationLedgerEdgeSchema>;
1008
+ export declare const BudgetLedgerEventSchema: z.ZodObject<{
1009
+ reservationId: z.ZodNullable<z.ZodString>;
1010
+ scope: z.ZodString;
1011
+ status: z.ZodEnum<{
1012
+ pending: "pending";
1013
+ committed: "committed";
1014
+ rolled_back: "rolled_back";
1015
+ denied: "denied";
1016
+ }>;
1017
+ expiresAt: z.ZodNullable<z.ZodString>;
1018
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
1019
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
1020
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
1021
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1022
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1023
+ }, z.core.$strip>;
1024
+ export type BudgetLedgerEvent = z.infer<typeof BudgetLedgerEventSchema>;
1025
+ export declare const LedgerAuditContextSchema: z.ZodObject<{
1026
+ tenant: z.ZodNullable<z.ZodString>;
1027
+ agentId: z.ZodString;
1028
+ humanOwner: z.ZodString;
1029
+ taskId: z.ZodString;
1030
+ tool: z.ZodString;
1031
+ resource: z.ZodString;
1032
+ }, z.core.$strip>;
1033
+ export type LedgerAuditContext = z.infer<typeof LedgerAuditContextSchema>;
406
1034
  export declare const LedgerRecordSchema: z.ZodObject<{
407
1035
  schemaVersion: z.ZodLiteral<"axtary.ledger.v0">;
408
1036
  id: z.ZodString;
409
1037
  occurredAt: z.ZodString;
1038
+ auditContext: z.ZodOptional<z.ZodObject<{
1039
+ tenant: z.ZodNullable<z.ZodString>;
1040
+ agentId: z.ZodString;
1041
+ humanOwner: z.ZodString;
1042
+ taskId: z.ZodString;
1043
+ tool: z.ZodString;
1044
+ resource: z.ZodString;
1045
+ }, z.core.$strip>>;
410
1046
  actionHash: z.ZodString;
411
1047
  payloadHash: z.ZodString;
1048
+ provenanceHash: z.ZodOptional<z.ZodString>;
412
1049
  decision: z.ZodEnum<{
413
1050
  allow: "allow";
414
1051
  deny: "deny";
@@ -428,10 +1065,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
428
1065
  slack: "slack";
429
1066
  linear: "linear";
430
1067
  docs: "docs";
1068
+ drive: "drive";
431
1069
  mcp: "mcp";
432
1070
  aws: "aws";
433
1071
  gcp: "gcp";
434
1072
  jira: "jira";
1073
+ postgres: "postgres";
435
1074
  }>;
436
1075
  tool: z.ZodString;
437
1076
  operation: z.ZodString;
@@ -441,10 +1080,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
441
1080
  slack: "slack";
442
1081
  linear: "linear";
443
1082
  docs: "docs";
1083
+ drive: "drive";
444
1084
  mcp: "mcp";
445
1085
  aws: "aws";
446
1086
  gcp: "gcp";
447
1087
  jira: "jira";
1088
+ postgres: "postgres";
448
1089
  }>;
449
1090
  kind: z.ZodString;
450
1091
  id: z.ZodString;
@@ -463,10 +1104,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
463
1104
  slack: "slack";
464
1105
  linear: "linear";
465
1106
  docs: "docs";
1107
+ drive: "drive";
466
1108
  mcp: "mcp";
467
1109
  aws: "aws";
468
1110
  gcp: "gcp";
469
1111
  jira: "jira";
1112
+ postgres: "postgres";
470
1113
  }>;
471
1114
  summary: z.ZodOptional<z.ZodString>;
472
1115
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -507,10 +1150,12 @@ export declare const LedgerRecordSchema: z.ZodObject<{
507
1150
  slack: "slack";
508
1151
  linear: "linear";
509
1152
  docs: "docs";
1153
+ drive: "drive";
510
1154
  mcp: "mcp";
511
1155
  aws: "aws";
512
1156
  gcp: "gcp";
513
1157
  jira: "jira";
1158
+ postgres: "postgres";
514
1159
  }>>;
515
1160
  resultId: z.ZodOptional<z.ZodString>;
516
1161
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -518,10 +1163,34 @@ export declare const LedgerRecordSchema: z.ZodObject<{
518
1163
  resourceLabel: z.ZodOptional<z.ZodString>;
519
1164
  failureReason: z.ZodOptional<z.ZodString>;
520
1165
  errorClass: z.ZodOptional<z.ZodString>;
1166
+ approvedPayloadHash: z.ZodOptional<z.ZodString>;
1167
+ executedPayloadHash: z.ZodOptional<z.ZodString>;
521
1168
  sideEffectProof: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
522
1169
  }, z.core.$strict>>;
523
1170
  traceId: z.ZodOptional<z.ZodString>;
524
1171
  actionPassId: z.ZodNullable<z.ZodString>;
1172
+ delegation: z.ZodOptional<z.ZodObject<{
1173
+ parentPassId: z.ZodString;
1174
+ childPassId: z.ZodString;
1175
+ depth: z.ZodNumber;
1176
+ rootPassId: z.ZodString;
1177
+ }, z.core.$strip>>;
1178
+ budget: z.ZodOptional<z.ZodObject<{
1179
+ reservationId: z.ZodNullable<z.ZodString>;
1180
+ scope: z.ZodString;
1181
+ status: z.ZodEnum<{
1182
+ pending: "pending";
1183
+ committed: "committed";
1184
+ rolled_back: "rolled_back";
1185
+ denied: "denied";
1186
+ }>;
1187
+ expiresAt: z.ZodNullable<z.ZodString>;
1188
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
1189
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
1190
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
1191
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1192
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
1193
+ }, z.core.$strip>>;
525
1194
  correlationId: z.ZodOptional<z.ZodString>;
526
1195
  previousLedgerHash: z.ZodNullable<z.ZodString>;
527
1196
  ledgerHash: z.ZodString;
@@ -554,11 +1223,30 @@ export type IssueActionPassInput = {
554
1223
  parentPassId?: string | null;
555
1224
  ledgerHash?: string | null;
556
1225
  traceId?: string;
1226
+ passId?: string;
1227
+ };
1228
+ export type IssueActionPassV1Input = IssueActionPassInput & {
1229
+ holderPublicJwk: JWK;
1230
+ delegation?: {
1231
+ depth: number;
1232
+ rootPassId: string;
1233
+ };
1234
+ };
1235
+ export type IssueActionPassV2Input = IssueActionPassV1Input & {
1236
+ status: ActionPassStatusClaim;
557
1237
  };
558
1238
  export type IssueActionPassResult = {
559
1239
  token: string;
560
1240
  claims: ActionPassClaims;
561
1241
  };
1242
+ export type IssueActionPassV1Result = {
1243
+ token: string;
1244
+ claims: ActionPassV1Claims;
1245
+ };
1246
+ export type IssueActionPassV2Result = {
1247
+ token: string;
1248
+ claims: ActionPassV2Claims;
1249
+ };
562
1250
  export type AuthorizeInput = {
563
1251
  action: unknown;
564
1252
  issuer: string;
@@ -590,9 +1278,38 @@ export type VerifyActionPassInput = {
590
1278
  algorithms?: SigningAlgorithm[];
591
1279
  clockTolerance?: string | number;
592
1280
  currentDate?: Date;
1281
+ dpopProof?: string;
1282
+ dpopMethod?: string;
1283
+ dpopUri?: string;
1284
+ dpopNonce?: string;
1285
+ dpopAlgorithms?: SigningAlgorithm[];
1286
+ dpopMaxAgeSeconds?: number;
1287
+ dpopClockSkewSeconds?: number;
1288
+ dpopReplayStore?: DpopReplayStore;
593
1289
  revokedPassIds?: Iterable<string>;
594
1290
  revocations?: Iterable<ActionPassRevocation>;
595
1291
  isRevoked?: (claims: ActionPassClaims) => boolean | string | Promise<boolean | string>;
1292
+ getStatus?: (claims: ActionPassV2Claims) => number | string | Promise<number | string>;
1293
+ };
1294
+ export type ActionPassRevocationSource = Pick<VerifyActionPassInput, "revokedPassIds" | "revocations" | "isRevoked" | "getStatus">;
1295
+ export type CreateDpopProofInput = {
1296
+ actionPass: string;
1297
+ method: string;
1298
+ uri: string;
1299
+ signingKey: SigningKey;
1300
+ publicJwk: JWK;
1301
+ algorithm?: SigningAlgorithm;
1302
+ now?: Date;
1303
+ proofId?: string;
1304
+ nonce?: string;
1305
+ };
1306
+ export type CreateDpopProofResult = {
1307
+ proof: string;
1308
+ claims: DpopProofClaims;
1309
+ jkt: string;
1310
+ };
1311
+ export type DpopReplayStore = {
1312
+ consume(proofId: string, expiresAt: Date, now?: Date): boolean | Promise<boolean>;
596
1313
  };
597
1314
  export type VerifyActionPassResult = {
598
1315
  valid: true;
@@ -602,10 +1319,53 @@ export type VerifyActionPassResult = {
602
1319
  valid: false;
603
1320
  reason: string;
604
1321
  };
1322
+ export type VerifyDelegationChainInput = {
1323
+ /**
1324
+ * Root-to-leaf chain. Every entry is signature/content verified; the leaf
1325
+ * entry must additionally carry a fresh DPoP proof.
1326
+ */
1327
+ chain: VerifyActionPassInput[];
1328
+ currentDate?: Date;
1329
+ /**
1330
+ * One authority-owned source applied to every root-to-leaf member. This is
1331
+ * what makes revoking any ancestor invalidate all descendant presentations.
1332
+ */
1333
+ revocation?: ActionPassRevocationSource;
1334
+ };
1335
+ export type VerifyDelegationChainResult = {
1336
+ valid: true;
1337
+ claims: Array<ActionPassV1Claims | ActionPassV2Claims>;
1338
+ actions: NormalizedAction[];
1339
+ } | {
1340
+ valid: false;
1341
+ reason: string;
1342
+ };
1343
+ export type DelegateActionPassV1Input = Omit<IssueActionPassV1Input, "action" | "decision" | "holderPublicJwk" | "parentPassId" | "delegation"> & {
1344
+ parentChain: VerifyActionPassInput[];
1345
+ childAction: unknown;
1346
+ childDecision: PolicyDecision;
1347
+ childHolderPublicJwk: JWK;
1348
+ revocation?: ActionPassRevocationSource;
1349
+ };
1350
+ export type DelegateActionPassV1Result = IssueActionPassV1Result & {
1351
+ delegation: DelegationLedgerEdge;
1352
+ };
1353
+ export type DelegateActionPassV2Input = Omit<IssueActionPassV2Input, "action" | "decision" | "holderPublicJwk" | "parentPassId" | "delegation" | "status"> & {
1354
+ parentChain: VerifyActionPassInput[];
1355
+ childAction: unknown;
1356
+ childDecision: PolicyDecision;
1357
+ childHolderPublicJwk: JWK;
1358
+ childStatus: ActionPassStatusClaim;
1359
+ revocation?: ActionPassRevocationSource;
1360
+ };
1361
+ export type DelegateActionPassV2Result = IssueActionPassV2Result & {
1362
+ delegation: DelegationLedgerEdge;
1363
+ };
605
1364
  export type CreateApprovalArtifactInput = {
606
1365
  action: unknown;
607
1366
  mode: "human" | "policy_override";
608
1367
  approvedBy: string;
1368
+ approverRoles?: string[];
609
1369
  approvedAt?: Date;
610
1370
  reason?: string;
611
1371
  expiresAt?: Date;
@@ -635,7 +1395,53 @@ export declare function evaluateAction(actionInput: unknown, options?: PolicyOpt
635
1395
  export declare function authorize(input: AuthorizeInput): Promise<AuthorizeResult>;
636
1396
  export declare function createApprovalArtifact(input: CreateApprovalArtifactInput): CreateApprovalArtifactResult;
637
1397
  export declare function issueActionPass(input: IssueActionPassInput): Promise<IssueActionPassResult>;
1398
+ export declare function issueActionPassV1(input: IssueActionPassV1Input): Promise<IssueActionPassV1Result>;
1399
+ export declare function issueActionPassV2(input: IssueActionPassV2Input): Promise<IssueActionPassV2Result>;
1400
+ export declare function delegateActionPassV1(input: DelegateActionPassV1Input): Promise<DelegateActionPassV1Result>;
1401
+ export declare function delegateActionPassV2(input: DelegateActionPassV2Input): Promise<DelegateActionPassV2Result>;
1402
+ export declare function createDpopProof(input: CreateDpopProofInput): Promise<CreateDpopProofResult>;
1403
+ export declare class InMemoryDpopReplayStore implements DpopReplayStore {
1404
+ private readonly entries;
1405
+ consume(proofId: string, expiresAt: Date, currentDate?: Date): boolean;
1406
+ }
1407
+ export type FileDpopReplayStoreOptions = {
1408
+ lock?: {
1409
+ staleMs?: number;
1410
+ updateMs?: number;
1411
+ retries?: number;
1412
+ minTimeoutMs?: number;
1413
+ maxTimeoutMs?: number;
1414
+ };
1415
+ };
1416
+ /**
1417
+ * Durable, inter-process replay store for DPoP proof `jti`s. A proof captured
1418
+ * before a restart stays rejected after restart, for as long as it remains
1419
+ * inside its own time window. Entries live only until their proof expires, so
1420
+ * the on-disk set stays bounded to the in-flight window rather than growing
1421
+ * unboundedly.
1422
+ *
1423
+ * This is a single-file local store, not a cross-host distributed one: it
1424
+ * defends one machine's verifiers (shared across handlers/processes on that
1425
+ * host). Authenticated cross-host distribution is out of scope here.
1426
+ *
1427
+ * Durability mirrors the local ledger: a `proper-lockfile` lease serializes the
1428
+ * read-modify-write so `consume` is atomic across processes, appended lines are
1429
+ * `fsync`ed before the lease releases, and the file is compacted in place once
1430
+ * expired lines outnumber live ones so it cannot grow without bound.
1431
+ */
1432
+ export declare class FileDpopReplayStore implements DpopReplayStore {
1433
+ readonly filePath: string;
1434
+ private readonly options;
1435
+ constructor(filePath: string, options?: FileDpopReplayStoreOptions);
1436
+ consume(proofId: string, expiresAt: Date, currentDate?: Date): Promise<boolean>;
1437
+ private acquireLock;
1438
+ private readLiveEntries;
1439
+ private append;
1440
+ private compact;
1441
+ }
638
1442
  export declare function verifyActionPass(input: VerifyActionPassInput): Promise<VerifyActionPassResult>;
1443
+ export declare function verifyActionPassArtifact(input: VerifyActionPassInput): Promise<VerifyActionPassResult>;
1444
+ export declare function verifyDelegationChain(input: VerifyDelegationChainInput): Promise<VerifyDelegationChainResult>;
639
1445
  export declare function revokeActionPass(input: RevokeActionPassInput): ActionPassRevocation;
640
1446
  export declare class LocalActionPassTrustStore implements ActionPassTrustStore {
641
1447
  readonly filePath: string;
@@ -652,6 +1458,8 @@ export declare function recordDecision(input: {
652
1458
  action: unknown;
653
1459
  decision: PolicyDecision;
654
1460
  actionPassId?: string | null;
1461
+ delegation?: DelegationLedgerEdge;
1462
+ budget?: BudgetLedgerEvent;
655
1463
  previousLedgerHash?: string | null;
656
1464
  occurredAt?: Date;
657
1465
  traceId?: string;
@@ -659,10 +1467,209 @@ export declare function recordDecision(input: {
659
1467
  executionOutcome?: LedgerExecutionOutcome;
660
1468
  correlationId?: string | null;
661
1469
  }): LedgerRecord;
1470
+ /**
1471
+ * Canonical reason token marking a ledger record as the tamper-evident
1472
+ * revocation event for its pass. Matches the forensics `cascade_containment`
1473
+ * convention (spec §9.5) and the trust-store revocation authority (spec §7).
1474
+ */
1475
+ export declare const REVOCATION_LEDGER_REASON = "actionpass_revoked";
1476
+ /**
1477
+ * Build a tamper-evident revocation event for a previously recorded pass. The
1478
+ * event is a `deny` record naming the pass with `actionpass_revoked`, reusing
1479
+ * the revoked record's action/payload hashes, policy, and audit context so the
1480
+ * revocation is bound to the exact action it cancels. It carries no delegation
1481
+ * edge or budget event (those describe the original action, not the
1482
+ * revocation). The durable enforcement authority remains the trust store (§7);
1483
+ * this record is the auditable logbook entry, not the enforcement source.
1484
+ */
1485
+ export declare function recordActionPassRevocationEvent(input: {
1486
+ revokedRecord: LedgerRecord;
1487
+ revokedBy?: string;
1488
+ reason?: string;
1489
+ occurredAt?: Date;
1490
+ previousLedgerHash?: string | null;
1491
+ }): LedgerRecord;
662
1492
  export declare function hashPayload(payload: unknown): string;
1493
+ export declare function hashProvenance(provenance: ActionProvenance): string;
663
1494
  export declare function hashAction(action: unknown): string;
1495
+ export declare const GITHUB_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<GitHubNativeConnectorConfig>;
1496
+ export declare const LINEAR_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<LinearNativeConnectorConfig>;
1497
+ export declare const JIRA_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<JiraNativeConnectorConfig>;
1498
+ export declare const POSTGRES_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<PostgresNativeConnectorConfig>;
1499
+ export declare const DRIVE_NATIVE_CONNECTOR_GOVERNANCE: NativeConnectorGovernanceDescriptor<DriveNativeConnectorConfig>;
1500
+ export declare const NATIVE_CONNECTOR_GOVERNANCE_REGISTRY: readonly [NativeConnectorGovernanceDescriptor<{
1501
+ mode: "fake" | "rest" | "app";
1502
+ tokenEnv: string;
1503
+ apiBaseUrl: string;
1504
+ userAgent: string;
1505
+ appIdEnv: string;
1506
+ installationIdEnv: string;
1507
+ privateKeyEnv: string;
1508
+ appId?: string | undefined;
1509
+ installationId?: string | undefined;
1510
+ }>, NativeConnectorGovernanceDescriptor<{
1511
+ mode: "fake" | "graphql";
1512
+ tokenEnv: string;
1513
+ apiUrl: string;
1514
+ }>, NativeConnectorGovernanceDescriptor<{
1515
+ mode: "fake" | "rest";
1516
+ auth: "api_token" | "oauth";
1517
+ tokenEnv: string;
1518
+ emailEnv: string;
1519
+ siteUrl: string;
1520
+ cloudIdEnv: string;
1521
+ cloudId?: string | undefined;
1522
+ }>, NativeConnectorGovernanceDescriptor<{
1523
+ mode: "postgres" | "off";
1524
+ dsnEnv: string;
1525
+ allowedTables: string[];
1526
+ allowedFunctions: string[];
1527
+ requireRls: boolean;
1528
+ maxRows: number;
1529
+ statementTimeoutMs: number;
1530
+ lockTimeoutMs: number;
1531
+ idleTransactionTimeoutMs: number;
1532
+ }>, NativeConnectorGovernanceDescriptor<{
1533
+ mode: "rest" | "off";
1534
+ tokenEnv: string;
1535
+ apiBaseUrl: string;
1536
+ allowedMimeTypes: string[];
1537
+ maxReadBytes: number;
1538
+ selectedFileId?: string | undefined;
1539
+ }>];
664
1540
  export declare function providerEvidenceForAction(actionInput: unknown): LedgerProviderEvidence | undefined;
665
1541
  export declare function hashJson(value: unknown): string;
666
1542
  export declare function stableStringify(value: unknown): string;
1543
+ export declare function computeDpopAccessTokenHash(token: string): string;
1544
+ export declare function normalizeDpopMethod(method: string): string;
1545
+ export declare function normalizeDpopUri(uri: string): string;
1546
+ export declare function actionPassDpopTarget(actionInput: unknown): {
1547
+ method: "POST";
1548
+ uri: string;
1549
+ };
667
1550
  export declare function validateApprovalArtifact(artifactInput: unknown, actionInput: unknown, now?: Date): string | null;
1551
+ export declare const AXTARY_DEFAULT_ISSUER = "axtary-dev";
1552
+ export declare const AXTARY_DEFAULT_TENANT = "local";
1553
+ export declare const AXTARY_DEFAULT_RUNTIME = "sdk";
1554
+ /** Flat authorization request — the shape from PRD §8.2. */
1555
+ export type AxtaryAuthorizeRequest = {
1556
+ agent: string;
1557
+ human: string;
1558
+ intent: string;
1559
+ tool: string;
1560
+ resource: string;
1561
+ payload?: Record<string, JsonValue>;
1562
+ /** Agent runtime label; defaults to the instance runtime ("sdk"). */
1563
+ runtime?: string;
1564
+ /** Stable task id for ledger correlation; generated when omitted. */
1565
+ task?: string;
1566
+ /** Tenant; defaults to the instance tenant. */
1567
+ tenant?: string;
1568
+ constraints?: Record<string, JsonValue>;
1569
+ budget?: ActionBudget;
1570
+ toolDefinition?: NormalizedAction["toolDefinition"];
1571
+ provenance?: ActionProvenance;
1572
+ maxDelegationDepth?: number;
1573
+ };
1574
+ export type AxtaryPass = IssueActionPassResult;
1575
+ export type AxtaryAuthorizeResult = {
1576
+ /** Alias of `decision.decision` so `result.status === "allow"` reads cleanly. */
1577
+ status: AxtaryDecision;
1578
+ decision: PolicyDecision;
1579
+ reasons: string[];
1580
+ explanation: PolicyDecisionExplanation;
1581
+ payloadHash: string;
1582
+ action: NormalizedAction;
1583
+ pass: AxtaryPass | null;
1584
+ ledger: LedgerRecord;
1585
+ };
1586
+ export type AxtaryAuthorizeOptions = {
1587
+ policy?: PolicyOptions;
1588
+ approval?: Approval;
1589
+ approvalArtifact?: ApprovalArtifact;
1590
+ now?: Date;
1591
+ };
1592
+ export type AxtaryExecutionOutcome = Omit<LedgerExecutionOutcome, "schemaVersion" | "sideEffectProof"> & {
1593
+ sideEffectProof?: Record<string, JsonValue>;
1594
+ };
1595
+ export type AxtaryRecordInput = {
1596
+ action: AxtaryAuthorizeRequest | NormalizedAction;
1597
+ decision: PolicyDecision;
1598
+ pass?: AxtaryPass | string | null;
1599
+ outcome?: AxtaryExecutionOutcome;
1600
+ correlationId?: string | null;
1601
+ previousLedgerHash?: string | null;
1602
+ };
1603
+ export type AxtaryRevokeOptions = {
1604
+ revokedBy?: string;
1605
+ reason?: string;
1606
+ revokedAt?: Date;
1607
+ };
1608
+ export type AxtaryConfig = {
1609
+ issuer?: string;
1610
+ tenant?: string;
1611
+ runtime?: string;
1612
+ /** Issuer signing key. Omit to use a persistent local dev key (see devKeypair). */
1613
+ signingKey?: SigningKey;
1614
+ signingKeyId?: string;
1615
+ /** Public verification key matching `signingKey`; required for `verify`. */
1616
+ verificationKey?: VerificationKey;
1617
+ algorithm?: SigningAlgorithm;
1618
+ /** Default policy options applied to every authorize call. */
1619
+ policy?: PolicyOptions;
1620
+ /** Override the dev keyring file path used when no signing key is configured. */
1621
+ keyPath?: string;
1622
+ /** Suppress the one-time dev-key warning. */
1623
+ quiet?: boolean;
1624
+ };
1625
+ export declare class Axtary {
1626
+ readonly issuer: string;
1627
+ readonly tenant: string;
1628
+ readonly runtime: string;
1629
+ private readonly defaultPolicy?;
1630
+ private readonly algorithm;
1631
+ private readonly quiet;
1632
+ private readonly configuredSigningKey?;
1633
+ private readonly configuredKeyId?;
1634
+ private readonly configuredVerificationKey?;
1635
+ private readonly keyPath?;
1636
+ private signerPromise?;
1637
+ private ledgerHead;
1638
+ private readonly revocations;
1639
+ constructor(config?: AxtaryConfig);
1640
+ /** Current local ledger head (hash of the last record this instance wrote). */
1641
+ get ledgerHash(): string | null;
1642
+ private resolveSigner;
1643
+ private toNormalizedAction;
1644
+ /**
1645
+ * Decide an action and, for an allow, issue an ActionPass. Always returns a
1646
+ * decision (the policy evaluation is keyless); a deny/step-up returns
1647
+ * `pass: null`. Threads the local ledger head so successive calls chain.
1648
+ */
1649
+ authorize(request: AxtaryAuthorizeRequest | NormalizedAction, options?: AxtaryAuthorizeOptions): Promise<AxtaryAuthorizeResult>;
1650
+ /**
1651
+ * Verify a previously issued pass against an action. Accepts an authorize
1652
+ * result, a pass object, or a raw token; the action defaults to the result's
1653
+ * action when one is supplied. Fails closed for a pass this instance revoked.
1654
+ */
1655
+ verify(pass: AxtaryAuthorizeResult | AxtaryPass | string, action?: AxtaryAuthorizeRequest | NormalizedAction): Promise<VerifyActionPassResult>;
1656
+ /**
1657
+ * Append an execution result to the local ledger, chained after the decision
1658
+ * record from `authorize`. Returns the tamper-evident record; durable
1659
+ * persistence is the proxy/CLI's responsibility.
1660
+ */
1661
+ record(input: AxtaryRecordInput): LedgerRecord;
1662
+ /**
1663
+ * Revoke a pass by id. The revocation is held in this instance so a later
1664
+ * `verify` of that pass fails closed. Durable cross-process revocation is the
1665
+ * CLI/trust-store path (`axtary revoke`).
1666
+ */
1667
+ revoke(passId: string, options?: AxtaryRevokeOptions): ActionPassRevocation;
1668
+ /** Deterministic, human-readable explanation of a decision (no model call). */
1669
+ explain(decision: PolicyDecision | AxtaryAuthorizeResult): PolicyDecisionExplanation;
1670
+ }
1671
+ /** Create an Axtary SDK instance. */
1672
+ export declare function createAxtary(config?: AxtaryConfig): Axtary;
1673
+ /** Default Axtary SDK instance (PRD §8.2 `import { axtary }`). */
1674
+ export declare const axtary: Axtary;
668
1675
  //# sourceMappingURL=index.d.ts.map