@axtary/cli 0.0.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/LICENSE +202 -0
  2. package/README.md +140 -6
  3. package/dist/bin.js +10 -0
  4. package/dist/bin.js.map +1 -1
  5. package/dist/claude-code-hook.d.ts +65 -0
  6. package/dist/claude-code-hook.d.ts.map +1 -0
  7. package/dist/claude-code-hook.js +326 -0
  8. package/dist/claude-code-hook.js.map +1 -0
  9. package/dist/codex-hook.d.ts +48 -0
  10. package/dist/codex-hook.d.ts.map +1 -0
  11. package/dist/codex-hook.js +259 -0
  12. package/dist/codex-hook.js.map +1 -0
  13. package/dist/credentials.d.ts +101 -0
  14. package/dist/credentials.d.ts.map +1 -0
  15. package/dist/credentials.js +277 -0
  16. package/dist/credentials.js.map +1 -0
  17. package/dist/cursor-hook.d.ts +51 -0
  18. package/dist/cursor-hook.d.ts.map +1 -0
  19. package/dist/cursor-hook.js +214 -0
  20. package/dist/cursor-hook.js.map +1 -0
  21. package/dist/hook-install.d.ts +21 -0
  22. package/dist/hook-install.d.ts.map +1 -0
  23. package/dist/hook-install.js +179 -0
  24. package/dist/hook-install.js.map +1 -0
  25. package/dist/index.d.ts +897 -5
  26. package/dist/index.d.ts.map +1 -1
  27. package/dist/index.js +6750 -513
  28. package/dist/index.js.map +1 -1
  29. package/dist/mcp-fs-normalize.d.ts +18 -0
  30. package/dist/mcp-fs-normalize.d.ts.map +1 -0
  31. package/dist/mcp-fs-normalize.js +39 -0
  32. package/dist/mcp-fs-normalize.js.map +1 -0
  33. package/dist/mcp-oauth.d.ts +67 -0
  34. package/dist/mcp-oauth.d.ts.map +1 -0
  35. package/dist/mcp-oauth.js +242 -0
  36. package/dist/mcp-oauth.js.map +1 -0
  37. package/dist/oauth.d.ts +90 -0
  38. package/dist/oauth.d.ts.map +1 -0
  39. package/dist/oauth.js +339 -0
  40. package/dist/oauth.js.map +1 -0
  41. package/dist/render.d.ts +103 -0
  42. package/dist/render.d.ts.map +1 -0
  43. package/dist/render.js +172 -0
  44. package/dist/render.js.map +1 -0
  45. package/dist/shell-file-normalize.d.ts +21 -0
  46. package/dist/shell-file-normalize.d.ts.map +1 -0
  47. package/dist/shell-file-normalize.js +269 -0
  48. package/dist/shell-file-normalize.js.map +1 -0
  49. package/package.json +17 -13
package/dist/index.d.ts CHANGED
@@ -1,20 +1,58 @@
1
- import { type JsonValue, type AxtaryDecision } from "@axtary/actionpass";
2
- import { type FakeAdapterState } from "@axtary/adapters";
3
- import { type LedgerExport, type LedgerExportFormat, type LedgerSyncResult } from "@axtary/ledger";
1
+ import { LocalCaepMappingStore, issuerJwks, type SsfSubjectIdentifier, type ActionPassRevocation, type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
2
+ import { type FakeAdapterState, type PostgresQueryClient } from "@axtary/adapters";
3
+ import { type LedgerAttestationBundle, type LedgerConsistencyProof, type LedgerExport, type LedgerExportFormat, type OtelTraceExportResult, type ForensicReport, type LedgerInclusionProof, type LedgerSyncResult, type ProofVerificationResult, type VerifyLedgerAttestationResult } from "@axtary/ledger";
4
+ import { type McpConformanceReceipt, type McpChainVerdict, type McpPinReconcileEntry, type McpSignedDefinitionVerification } from "@axtary/mcp";
5
+ import { type PolicyConfig, type PolicyFixtureResult as PolicyTemplateFixtureResult, type PolicyTemplate, type PolicySimulation } from "@axtary/policy";
4
6
  import { type ProxyHandleResult } from "@axtary/proxy";
7
+ import { type CredentialMetadata, type CredentialStore } from "./credentials.js";
8
+ export { HOOK_INSTALL_SCHEMA_VERSION, installRuntimeHook, type HookInstallRuntime, type HookInstallResult, } from "./hook-install.js";
9
+ export { CLAUDE_CODE_HOOK_SCHEMA_VERSION, normalizeClaudeCodeToolCall, parseClaudeCodeHookPayload, runClaudeCodeHook, type ClaudeCodeHookPayload, type ClaudeCodeHookRunInput, type ClaudeCodeHookRunResult, } from "./claude-code-hook.js";
10
+ export { CURSOR_HOOK_SCHEMA_VERSION, normalizeCursorToolCall, parseCursorHookPayload, runCursorHook, type CursorHookPayload, type CursorHookRunInput, type CursorHookRunResult, } from "./cursor-hook.js";
11
+ export { CODEX_HOOK_SCHEMA_VERSION, classifyShellCommand, normalizeCodexToolCall, parseCodexHookPayload, runCodexHook, type CodexHookPayload, type CodexHookRunInput, type CodexHookRunResult, } from "./codex-hook.js";
5
12
  export declare const DEMO_SCHEMA_VERSION = "axtary.demo.v0";
13
+ export declare const TEMPLATE_DEMO_SCHEMA_VERSION = "axtary.template_demo.v0";
6
14
  export declare const POLICY_TEST_SCHEMA_VERSION = "axtary.policy_test.v0";
15
+ export declare const POLICY_HARNESS_SCHEMA_VERSION = "axtary.policy_harness.v0";
16
+ export declare const POLICY_SIMULATE_RUN_SCHEMA_VERSION = "axtary.policy_simulate_run.v0";
7
17
  export declare const LOCAL_PROXY_SCHEMA_VERSION = "axtary.local_proxy.v0";
8
18
  export declare const LEDGER_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_export_run.v0";
9
19
  export declare const LEDGER_SYNC_RUN_SCHEMA_VERSION = "axtary.ledger_sync_run.v0";
20
+ export declare const LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_otel_export_run.v0";
21
+ export declare const LEDGER_ATTEST_RUN_SCHEMA_VERSION = "axtary.ledger_attest_run.v0";
22
+ export declare const LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_verify_export_run.v0";
23
+ export declare const LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION = "axtary.ledger_prove_inclusion_run.v0";
24
+ export declare const LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION = "axtary.ledger_prove_consistency_run.v0";
25
+ export declare const LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION = "axtary.ledger_verify_proof_run.v0";
26
+ export declare const LEDGER_FORENSICS_RUN_SCHEMA_VERSION = "axtary.ledger_forensics_run.v0";
27
+ export declare const ATTESTATION_KEY_SCHEMA_VERSION = "axtary.attestation_key.v0";
28
+ export declare const CONNECTOR_DOCTOR_SCHEMA_VERSION = "axtary.connector_doctor.v0";
29
+ export declare const REAL_WORKFLOW_RUN_SCHEMA_VERSION = "axtary.real_workflow_run.v0";
30
+ export declare const CONNECT_RUN_SCHEMA_VERSION = "axtary.connect_run.v0";
31
+ export declare const CONNECTIONS_SCHEMA_VERSION = "axtary.connections.v0";
32
+ export declare const ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION = "axtary.actionpass_revocation_run.v0";
33
+ export declare const DEFAULT_ACTIONPASS_TRUST_STORE_PATH = ".axtary/actionpass-trust-store.json";
34
+ export declare const DEFAULT_DPOP_REPLAY_STORE_PATH = ".axtary/dpop-replay-store.jsonl";
35
+ export declare const ACTIONPASS_STATUS_RUN_SCHEMA_VERSION = "axtary.actionpass_status_run.v0";
36
+ export declare const CAEP_MAPPING_RUN_SCHEMA_VERSION = "axtary.caep_mapping_run.v0";
10
37
  export type DemoRunInput = {
11
38
  configPath?: string;
12
39
  ledgerPath?: string;
40
+ trustStorePath?: string;
41
+ dpopReplayStorePath?: string;
42
+ statusListUri?: string;
13
43
  cwd?: string;
14
44
  };
45
+ export type TemplateDemoRunInput = {
46
+ configPath?: string;
47
+ cwd?: string;
48
+ templateId: string;
49
+ };
15
50
  export type ProxyServerInput = DemoRunInput & {
16
51
  host?: string;
17
52
  port?: number;
53
+ otlpEndpoint?: string;
54
+ otlpServiceName?: string;
55
+ otlpTimeoutMs?: number;
18
56
  };
19
57
  export type ProxyServerHandle = {
20
58
  schemaVersion: typeof LOCAL_PROXY_SCHEMA_VERSION;
@@ -22,14 +60,33 @@ export type ProxyServerHandle = {
22
60
  host: string;
23
61
  port: number;
24
62
  ledgerPath: string;
63
+ trustStorePath: string;
64
+ dpopReplayStorePath: string;
65
+ issuerKeyringPath: string;
66
+ statusStorePath: string;
67
+ statusListUri: string;
68
+ caep: {
69
+ enabled: boolean;
70
+ mappingPath: string;
71
+ replayPath: string;
72
+ issuer: string | null;
73
+ };
74
+ otel: {
75
+ enabled: boolean;
76
+ endpoint: string | null;
77
+ serviceName: string | null;
78
+ };
25
79
  adapters: FakeAdapterState;
26
80
  adapterModes: {
27
- github: "fake" | "rest";
81
+ github: "fake" | "rest" | "app";
28
82
  slack: "fake" | "web";
29
83
  linear: "fake" | "graphql";
84
+ jira: "fake" | "rest";
30
85
  aws: "off" | "rest";
31
86
  gcp: "off" | "rest";
32
87
  docs: "off" | "local";
88
+ postgres: "off" | "postgres";
89
+ drive: "off" | "rest";
33
90
  mcp: "fixture";
34
91
  };
35
92
  close: () => Promise<void>;
@@ -66,6 +123,45 @@ export type PolicyTestRunResult = {
66
123
  failed: number;
67
124
  results: PolicyFixtureResult[];
68
125
  };
126
+ export type PolicySimulateRunInput = {
127
+ actionPath: string;
128
+ configPath?: string;
129
+ cwd?: string;
130
+ };
131
+ export type PolicySimulateRunResult = {
132
+ schemaVersion: typeof POLICY_SIMULATE_RUN_SCHEMA_VERSION;
133
+ config: {
134
+ filePath: string | null;
135
+ policyVersion: string;
136
+ };
137
+ actionPath: string;
138
+ simulation: PolicySimulation;
139
+ };
140
+ export type PolicyHarnessRunInput = {
141
+ harnessPath: string;
142
+ configPath?: string;
143
+ cwd?: string;
144
+ };
145
+ export type PolicyHarnessRunResult = {
146
+ schemaVersion: typeof POLICY_HARNESS_SCHEMA_VERSION;
147
+ config: {
148
+ filePath: string | null;
149
+ policyVersion: string;
150
+ };
151
+ harnessPath: string;
152
+ passed: boolean;
153
+ total: number;
154
+ failed: number;
155
+ results: Array<{
156
+ name: string;
157
+ passed: boolean;
158
+ expectedDecision: string;
159
+ actualDecision: string;
160
+ expectedRule: string | null;
161
+ actualRule: string | null;
162
+ actualReasons: string[];
163
+ }>;
164
+ };
69
165
  export type DemoActionResult = {
70
166
  name: string;
71
167
  tool: string;
@@ -90,8 +186,12 @@ export type DemoRunResult = {
90
186
  github: "fake";
91
187
  slack: "fake";
92
188
  linear: "fake";
189
+ jira: "fake";
93
190
  aws: "off";
94
191
  gcp: "off";
192
+ docs: "local";
193
+ postgres: "off";
194
+ drive: "off";
95
195
  mcp: "fixture";
96
196
  };
97
197
  ledger: {
@@ -101,14 +201,87 @@ export type DemoRunResult = {
101
201
  failure: string | null;
102
202
  };
103
203
  };
204
+ export type TemplateDemoRunResult = {
205
+ schemaVersion: typeof TEMPLATE_DEMO_SCHEMA_VERSION;
206
+ template: {
207
+ id: string;
208
+ name: string;
209
+ decisionModel: PolicyTemplate["decisionModel"];
210
+ };
211
+ config: {
212
+ filePath: string | null;
213
+ policyVersion: string;
214
+ };
215
+ mode: "policy_only";
216
+ passed: boolean;
217
+ total: number;
218
+ failed: number;
219
+ results: PolicyTemplateFixtureResult[];
220
+ };
104
221
  export type CliIo = {
105
222
  stdout?: (text: string) => void;
106
223
  stderr?: (text: string) => void;
224
+ stdin?: () => Promise<string>;
107
225
  cwd?: string;
108
226
  };
227
+ export declare function authorizeDecisionHints(decision: PolicyDecision, policy: PolicyConfig): string[];
109
228
  type SmokeTestInput = DemoRunInput & {
110
229
  env?: Record<string, string | undefined>;
111
230
  fetch?: typeof fetch;
231
+ store?: CredentialStore;
232
+ };
233
+ type ConnectorDoctorInput = SmokeTestInput;
234
+ export type ConnectorDoctorProviderStatus = {
235
+ provider: "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "docs" | "drive" | "postgres";
236
+ mode: string;
237
+ status: "ready" | "missing" | "failed" | "skipped";
238
+ capability: "real-write" | "read-only" | "local-read" | "fake" | "off";
239
+ requiredEnv: string[];
240
+ missingEnv: string[];
241
+ requiredScopes: string[];
242
+ smokeCheck: string | null;
243
+ summary: string;
244
+ details?: JsonValue;
245
+ };
246
+ export type ConnectorDoctorResult = {
247
+ schemaVersion: typeof CONNECTOR_DOCTOR_SCHEMA_VERSION;
248
+ config: {
249
+ filePath: string | null;
250
+ tenant: string;
251
+ };
252
+ status: "ready" | "needs_setup";
253
+ providers: ConnectorDoctorProviderStatus[];
254
+ };
255
+ export declare const POLICY_PARITY_SCHEMA_VERSION = "axtary.policy_parity.v0";
256
+ export type PolicyParityRunInput = {
257
+ configPath?: string;
258
+ cwd?: string;
259
+ fixturesPath?: string;
260
+ cedarPath?: string;
261
+ regoWasmPath?: string;
262
+ };
263
+ export type PolicyParityFixtureResult = {
264
+ id: string;
265
+ passed: boolean;
266
+ expected: {
267
+ decision: string;
268
+ reasons: string[];
269
+ };
270
+ engines: Record<string, {
271
+ decision: string;
272
+ reasons: string[];
273
+ }>;
274
+ };
275
+ export type PolicyParityRunResult = {
276
+ schemaVersion: typeof POLICY_PARITY_SCHEMA_VERSION;
277
+ engines: string[];
278
+ fixturesPath: string;
279
+ cedarPath: string;
280
+ regoWasmPath: string;
281
+ passed: boolean;
282
+ total: number;
283
+ failed: number;
284
+ results: PolicyParityFixtureResult[];
112
285
  };
113
286
  export type LedgerExportRunInput = DemoRunInput & {
114
287
  from?: string;
@@ -145,12 +318,731 @@ export type LedgerSyncRunResult = {
145
318
  endpoint: string;
146
319
  sync: LedgerSyncResult;
147
320
  };
321
+ export type LedgerOtelExportRunInput = LedgerExportRunInput & {
322
+ endpoint: string;
323
+ serviceName?: string;
324
+ timeoutMs?: number;
325
+ fetch?: typeof fetch;
326
+ };
327
+ export type LedgerOtelExportRunResult = {
328
+ schemaVersion: typeof LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION;
329
+ config: {
330
+ filePath: string | null;
331
+ tenant: string;
332
+ };
333
+ ledgerPath: string;
334
+ endpoint: string;
335
+ export: OtelTraceExportResult;
336
+ };
337
+ export type RealWorkflowRunInput = DemoRunInput & {
338
+ env?: Record<string, string | undefined>;
339
+ fetch?: typeof fetch;
340
+ repoResource?: string;
341
+ linearIssueKey?: string;
342
+ projectKey?: string;
343
+ docsQuery?: string;
344
+ slackChannel?: string;
345
+ baseBranch?: string;
346
+ headBranch?: string;
347
+ prTitle?: string;
348
+ approvedBy?: string;
349
+ approveStepUp?: boolean;
350
+ hostedApproval?: boolean;
351
+ approvalEndpoint?: string;
352
+ approvalTokenEnv?: string;
353
+ approvalPollIntervalSeconds?: number;
354
+ approvalTimeoutSeconds?: number;
355
+ onApprovalPending?: (info: {
356
+ requestId: string;
357
+ endpoint: string;
358
+ }) => void;
359
+ store?: CredentialStore;
360
+ tamper?: boolean;
361
+ checkName?: string;
362
+ reviewLine?: number;
363
+ databaseResource?: string;
364
+ sqlStatement?: string;
365
+ sqlParameters?: JsonValue[];
366
+ maxRows?: number;
367
+ postgresClientFactory?: (connectionString: string) => PostgresQueryClient;
368
+ driveFileId?: string;
369
+ maxReadBytes?: number;
370
+ };
371
+ export type RealWorkflowTamperEvidence = {
372
+ step: string;
373
+ tool: string;
374
+ mutation: string;
375
+ approvedPayloadHash: string;
376
+ attemptedPayloadHash: string;
377
+ /**
378
+ * Whether the tamper step actually ran. A prior step failing (e.g. a
379
+ * GitHub branch collision on re-run) aborts the workflow before the Slack
380
+ * step, leaving the tamper unexercised. This must be distinguished from a
381
+ * step that ran and was not blocked, so a benign prior failure can never
382
+ * be misreported as "the tampered payload executed".
383
+ */
384
+ reached: boolean;
385
+ blocked: boolean;
386
+ blockReasons: string[];
387
+ };
388
+ export type RealWorkflowStepResult = {
389
+ name: string;
390
+ tool: string;
391
+ status: ProxyHandleResult["status"];
392
+ decision: string | null;
393
+ reasons: string[];
394
+ actionPassId: string | null;
395
+ authorizationLedgerLine: number | null;
396
+ executionLedgerLine: number | null;
397
+ result: JsonValue | null;
398
+ error: string | null;
399
+ };
400
+ export type RealWorkflowRunResult = {
401
+ schemaVersion: typeof REAL_WORKFLOW_RUN_SCHEMA_VERSION;
402
+ workflow: "github-pr-review";
403
+ config: {
404
+ filePath: string | null;
405
+ tenant: string;
406
+ };
407
+ ledgerPath: string;
408
+ status: "completed" | "blocked" | "failed";
409
+ requiredModes: {
410
+ github: "rest";
411
+ slack: "web";
412
+ linear: "graphql";
413
+ docs: "local";
414
+ };
415
+ inputs: {
416
+ repoResource: string;
417
+ linearIssueKey: string;
418
+ projectKey: string;
419
+ docsQuery: string;
420
+ slackChannel: string;
421
+ baseBranch: string;
422
+ headBranch: string;
423
+ prTitle: string;
424
+ };
425
+ steps: RealWorkflowStepResult[];
426
+ tamper: RealWorkflowTamperEvidence | null;
427
+ ledger: DemoRunResult["ledger"];
428
+ };
148
429
  export declare function startProxyServer(input?: ProxyServerInput): Promise<ProxyServerHandle>;
430
+ export declare const INIT_SCHEMA_VERSION = "axtary.init.v0";
431
+ export declare const INIT_CONFIG_TEMPLATE = "schemaVersion: axtary.config.v0\nissuer: https://local.axtary.dev\ntenant: org:local\nledger:\n path: .axtary/actions.jsonl\nruntime:\n allowUnsignedExecution: false\n handlerTimeoutMs: 10000\n status:\n enabled: true\n keyringPath: .axtary/keys/actionpass-issuer-keyring.json\n storePath: .axtary/actionpass-status.json\n ttlSeconds: 60\n expiresInSeconds: 120\n caep:\n enabled: false\n mappingPath: .axtary/caep-mappings.json\n replayPath: .axtary/ssf-replay.json\nadapters:\n # Start in fake mode: deterministic local adapters, no credentials needed.\n # Switch a provider to its real mode (rest/web/graphql) once its env token is set.\n github:\n mode: fake\n tokenEnv: GITHUB_TOKEN\n apiBaseUrl: https://api.github.com\n userAgent: axtary-local-proxy\n slack:\n mode: fake\n tokenEnv: SLACK_BOT_TOKEN\n apiBaseUrl: https://slack.com/api\n linear:\n mode: fake\n tokenEnv: LINEAR_API_KEY\n apiUrl: https://api.linear.app/graphql\n docs:\n mode: local\n # Local docs the agent may search. `axtary init` creates the docs/ root;\n # add or remove roots to match your project.\n roots:\n - docs\npolicy:\n version: \"starter-v0\"\n github:\n pullRequests:\n requiredBaseBranch: main\n maxFilesChanged: 12\n denyPathPrefixes:\n - .env\n - secrets/\n stepUpPathPrefixes:\n - infra/prod/\n - billing/\n - auth/\n requiresTests: true\n contents:\n denyReadPathPrefixes:\n - .env\n - secrets/\n - infra/prod/\n slack:\n messages:\n allowedChannels:\n - \"#axtary-dev\"\n stepUpExternalRecipients: true\ndemo:\n scenario: coding-agent\n";
432
+ export type InitRunInput = {
433
+ cwd?: string;
434
+ configPath?: string;
435
+ force?: boolean;
436
+ templateId?: string;
437
+ };
438
+ export type InitRunResult = {
439
+ schemaVersion: typeof INIT_SCHEMA_VERSION;
440
+ status: "created" | "exists";
441
+ configPath: string;
442
+ templateId: string | null;
443
+ policyTestPath: string | null;
444
+ };
445
+ export declare function runInit(input?: InitRunInput): Promise<InitRunResult>;
446
+ export declare function formatInitResult(result: InitRunResult): string;
447
+ export declare const MCP_SERVE_SCHEMA_VERSION = "axtary.mcp_serve.v0";
448
+ export declare const MCP_CONFORMANCE_RUN_SCHEMA_VERSION = "axtary.mcp_conformance_run.v0";
449
+ export type McpServeInput = {
450
+ configPath?: string;
451
+ cwd?: string;
452
+ ledgerPath?: string;
453
+ trustStorePath?: string;
454
+ dpopReplayStorePath?: string;
455
+ pinsPath?: string;
456
+ /**
457
+ * When true, a tool with no existing pin is quarantined until reviewed
458
+ * instead of trusted-on-first-use. Drift is always quarantined regardless.
459
+ */
460
+ strict?: boolean;
461
+ wrap?: string;
462
+ wrapUrl?: string;
463
+ headers?: Record<string, string>;
464
+ oauth?: boolean;
465
+ oauthStore?: CredentialStore;
466
+ oauthFetch?: typeof fetch;
467
+ owner?: string;
468
+ input?: NodeJS.ReadableStream;
469
+ output?: NodeJS.WritableStream;
470
+ log?: (text: string) => void;
471
+ };
472
+ export type McpServeQuarantine = {
473
+ serverIdentity: string;
474
+ toolName: string;
475
+ reason: "definition_drifted" | "unpinned_strict";
476
+ discoveredHash: string;
477
+ pinnedHash: string | null;
478
+ };
479
+ export type McpServeHandle = {
480
+ schemaVersion: typeof MCP_SERVE_SCHEMA_VERSION;
481
+ ledgerPath: string;
482
+ trustStorePath: string;
483
+ dpopReplayStorePath: string;
484
+ pinsPath: string;
485
+ tools: Array<{
486
+ name: string;
487
+ serverIdentity: string;
488
+ definitionHash: string;
489
+ }>;
490
+ provenance: {
491
+ pinned: number;
492
+ pinnedOnFirstUse: number;
493
+ quarantined: McpServeQuarantine[];
494
+ };
495
+ done: Promise<void>;
496
+ close: () => Promise<void>;
497
+ };
498
+ export declare function startMcpServe(input?: McpServeInput): Promise<McpServeHandle>;
499
+ export declare function resolveActionPassTrustStorePath(cwd: string, trustStorePath?: string): string;
500
+ export declare function resolveDpopReplayStorePath(cwd: string, dpopReplayStorePath?: string): string;
501
+ export type McpWrapTarget = {
502
+ /** stdio command line (whitespace-split, no shell quoting). */
503
+ wrap?: string;
504
+ /** Streamable HTTP MCP endpoint URL. */
505
+ wrapUrl?: string;
506
+ /** Extra HTTP headers (e.g. Authorization) for the HTTP transport. */
507
+ headers?: Record<string, string>;
508
+ /**
509
+ * Resolve the upstream bearer from the local OAuth broker for this remote MCP
510
+ * server (RFC 9728/8707 session created by `axtary mcp login`). The token is
511
+ * injected only into the upstream request header — never persisted to pins,
512
+ * ledger, or status. Requires `wrapUrl`.
513
+ */
514
+ oauth?: boolean;
515
+ /** Credential store + fetch overrides for OAuth bearer resolution (tests). */
516
+ oauthStore?: CredentialStore;
517
+ oauthFetch?: typeof fetch;
518
+ };
519
+ export declare const MCP_PINS_REPORT_SCHEMA_VERSION = "axtary.mcp_pins_report.v0";
520
+ export declare const MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION = "axtary.mcp_publisher_trust_report.v0";
521
+ export declare const MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION = "axtary.mcp_signed_definition_verify.v0";
522
+ export type McpPublisherTrustResult = {
523
+ schemaVersion: typeof MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION;
524
+ trustPath: string;
525
+ registered: string | null;
526
+ publishers: Array<{
527
+ publisher: string;
528
+ keys: Array<{
529
+ kid: string;
530
+ alg: string;
531
+ kty: string;
532
+ crv: string;
533
+ }>;
534
+ }>;
535
+ };
536
+ export declare function runMcpTrustPublisher(input: {
537
+ publisher: string;
538
+ jwksPath: string;
539
+ trustPath?: string;
540
+ cwd?: string;
541
+ }): Promise<McpPublisherTrustResult>;
542
+ export declare function runMcpPublishers(input?: {
543
+ trustPath?: string;
544
+ cwd?: string;
545
+ }): Promise<McpPublisherTrustResult>;
546
+ export declare function formatMcpPublishers(result: McpPublisherTrustResult): string;
547
+ export type McpSignedDefinitionVerifyResult = {
548
+ schemaVersion: typeof MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION;
549
+ trustPath: string;
550
+ definitionPath: string;
551
+ statementPath: string;
552
+ verification: McpSignedDefinitionVerification;
553
+ };
554
+ export declare function runMcpVerifyDefinition(input: {
555
+ definitionPath: string;
556
+ statementPath: string;
557
+ publisher: string;
558
+ trustPath?: string;
559
+ cwd?: string;
560
+ }): Promise<McpSignedDefinitionVerifyResult>;
561
+ export declare function formatMcpVerifyDefinition(result: McpSignedDefinitionVerifyResult): string;
562
+ export type McpPinsResult = {
563
+ schemaVersion: typeof MCP_PINS_REPORT_SCHEMA_VERSION;
564
+ pinsPath: string;
565
+ servers: Array<{
566
+ serverIdentity: string;
567
+ serverVersion: string | null;
568
+ tools: Array<{
569
+ toolName: string;
570
+ definitionHash: string;
571
+ schemaVersion: string;
572
+ pinnedAt: string;
573
+ publisher: string | null;
574
+ kid: string | null;
575
+ semver: string | null;
576
+ priorDefinitionHash: string | null;
577
+ }>;
578
+ }>;
579
+ };
580
+ export declare function runMcpPins(input: {
581
+ configPath?: string;
582
+ pinsPath?: string;
583
+ cwd?: string;
584
+ }): Promise<McpPinsResult>;
585
+ export declare function formatMcpPins(result: McpPinsResult): string;
586
+ export declare const MCP_REVIEW_SCHEMA_VERSION = "axtary.mcp_review.v0";
587
+ export type McpPublisherEvidence = {
588
+ trust: "verified" | "unsigned" | "untrusted" | "invalid";
589
+ publisher: string | null;
590
+ kid: string | null;
591
+ semver: string | null;
592
+ priorDefinitionHash: string | null;
593
+ chainVerdict: McpChainVerdict | null;
594
+ reason: string | null;
595
+ };
596
+ export type McpReviewEntry = McpPinReconcileEntry & {
597
+ publisherEvidence: McpPublisherEvidence;
598
+ };
599
+ export type McpReviewResult = {
600
+ schemaVersion: typeof MCP_REVIEW_SCHEMA_VERSION;
601
+ pinsPath: string;
602
+ trustPath: string;
603
+ signedDefinitionsPath: string;
604
+ accepted: boolean;
605
+ pinned: number;
606
+ pending: McpReviewEntry[];
607
+ tools: McpReviewEntry[];
608
+ };
609
+ export declare function runMcpReview(input: {
610
+ configPath?: string;
611
+ pinsPath?: string;
612
+ wrap?: string;
613
+ wrapUrl?: string;
614
+ headers?: Record<string, string>;
615
+ oauth?: boolean;
616
+ oauthStore?: CredentialStore;
617
+ oauthFetch?: typeof fetch;
618
+ publisherTrustPath?: string;
619
+ signedDefinitionsPath?: string;
620
+ accept?: boolean;
621
+ cwd?: string;
622
+ }): Promise<McpReviewResult>;
623
+ export declare function formatMcpReview(result: McpReviewResult): string;
624
+ export type McpConformanceRunInput = McpWrapTarget & {
625
+ configPath?: string;
626
+ pinsPath?: string;
627
+ ledgerPath?: string;
628
+ statusPath?: string;
629
+ attestationPath?: string;
630
+ keyPath?: string;
631
+ publisherTrustPath?: string;
632
+ signedDefinitionsPath?: string;
633
+ toolName: string;
634
+ arguments: Record<string, JsonValue>;
635
+ accept?: boolean;
636
+ owner?: string;
637
+ cwd?: string;
638
+ };
639
+ export type McpConformanceRunResult = {
640
+ schemaVersion: typeof MCP_CONFORMANCE_RUN_SCHEMA_VERSION;
641
+ pinsPath: string;
642
+ ledgerPath: string;
643
+ statusPath: string;
644
+ receipt: McpConformanceReceipt;
645
+ };
646
+ /**
647
+ * Exercise one explicitly selected live tool through the complete governed MCP
648
+ * path and persist a compact, secret-free receipt for operator surfaces.
649
+ */
650
+ export declare function runMcpConformance(input: McpConformanceRunInput): Promise<McpConformanceRunResult>;
651
+ export declare function formatMcpConformance(result: McpConformanceRunResult): string;
652
+ export declare const MCP_DRIFT_DEMO_SCHEMA_VERSION = "axtary.mcp_drift_demo.v0";
653
+ export type McpDriftDemoPhase = {
654
+ isError: boolean;
655
+ text: string;
656
+ };
657
+ export type McpDriftDemoResult = {
658
+ schemaVersion: typeof MCP_DRIFT_DEMO_SCHEMA_VERSION;
659
+ tool: {
660
+ serverIdentity: string;
661
+ name: string;
662
+ };
663
+ approved: {
664
+ definitionHash: string;
665
+ description: string;
666
+ };
667
+ mutated: {
668
+ definitionHash: string;
669
+ description: string;
670
+ injectedInstruction: string;
671
+ };
672
+ phases: {
673
+ approvedCall: McpDriftDemoPhase;
674
+ driftedCall: McpDriftDemoPhase;
675
+ };
676
+ blocked: boolean;
677
+ blockReasons: string[];
678
+ mutatedInvokerCalled: boolean;
679
+ ledger: {
680
+ path: string;
681
+ valid: boolean;
682
+ records: Array<{
683
+ decision: string;
684
+ reasons: string[];
685
+ definitionHash: string | null;
686
+ }>;
687
+ };
688
+ };
689
+ /**
690
+ * The tool-poisoning counter, reproducible in one command: a wrapped MCP tool
691
+ * executes at its reviewed definition hash, then the definition mutates (a
692
+ * hidden instruction lands in the description) and the identical call is
693
+ * denied before the invoker runs — both hashes end up in the ledger.
694
+ */
695
+ export declare function runMcpDriftDemo(input?: DemoRunInput): Promise<McpDriftDemoResult>;
149
696
  export declare function runDemo(input?: DemoRunInput): Promise<DemoRunResult>;
697
+ export declare function runTemplateDemo(input: TemplateDemoRunInput): Promise<TemplateDemoRunResult>;
150
698
  export declare function runSmokeTest(input?: SmokeTestInput, io?: CliIo): Promise<number>;
699
+ export declare function runConnectorDoctor(input?: ConnectorDoctorInput): Promise<ConnectorDoctorResult>;
151
700
  export declare function runTestPolicy(input: PolicyTestRunInput): Promise<PolicyTestRunResult>;
701
+ export declare function runPolicySimulate(input: PolicySimulateRunInput): Promise<PolicySimulateRunResult>;
702
+ export declare function runPolicyHarness(input: PolicyHarnessRunInput): Promise<PolicyHarnessRunResult>;
703
+ /**
704
+ * Three-engine parity: evaluates every shared fixture through the native
705
+ * evaluator, the Cedar policy set, and the compiled Rego bundle, and reports
706
+ * whether decisions and reason sets agree. Cedar/Rego run via optional wasm
707
+ * engines (repo devDependencies) loaded through @axtary/policy/parity.
708
+ */
709
+ export declare function runPolicyParity(input?: PolicyParityRunInput): Promise<PolicyParityRunResult>;
152
710
  export declare function runLedgerExport(input?: LedgerExportRunInput): Promise<LedgerExportRunResult>;
153
711
  export declare function runLedgerSync(input: LedgerSyncRunInput): Promise<LedgerSyncRunResult>;
712
+ export declare function runLedgerOtelExport(input: LedgerOtelExportRunInput): Promise<LedgerOtelExportRunResult>;
713
+ export type LedgerAttestRunInput = LedgerExportRunInput & {
714
+ /** Where to persist the local attestation key (defaults beside the ledger). */
715
+ keyPath?: string;
716
+ };
717
+ export type LedgerAttestRunResult = {
718
+ schemaVersion: typeof LEDGER_ATTEST_RUN_SCHEMA_VERSION;
719
+ config: {
720
+ filePath: string | null;
721
+ tenant: string;
722
+ };
723
+ ledgerPath: string;
724
+ keyPath: string;
725
+ keyId: string;
726
+ outputPath: string | null;
727
+ bundle: LedgerAttestationBundle;
728
+ };
729
+ export type LedgerVerifyExportRunInput = {
730
+ bundlePath: string;
731
+ issuer?: string;
732
+ cwd?: string;
733
+ json?: boolean;
734
+ };
735
+ export type LedgerVerifyExportRunResult = {
736
+ schemaVersion: typeof LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION;
737
+ bundlePath: string;
738
+ result: VerifyLedgerAttestationResult;
739
+ };
740
+ /**
741
+ * `axtary attest-ledger` — export the verified ledger and emit a signed,
742
+ * self-contained attestation bundle (export + JWS token + public key) that any
743
+ * third party can verify offline with only a JOSE library.
744
+ */
745
+ export declare function runLedgerAttest(input?: LedgerAttestRunInput): Promise<LedgerAttestRunResult>;
746
+ /**
747
+ * `axtary verify-export` — the standalone verifier. Reads an attestation bundle
748
+ * and confirms the signature, the canonical export digest, and the record chain
749
+ * using only the bundle's embedded public key.
750
+ */
751
+ export declare function runLedgerVerifyExport(input: LedgerVerifyExportRunInput): Promise<LedgerVerifyExportRunResult>;
752
+ export type LedgerProveInclusionRunInput = {
753
+ bundlePath: string;
754
+ recordId?: string;
755
+ index?: number;
756
+ outputPath?: string;
757
+ cwd?: string;
758
+ json?: boolean;
759
+ };
760
+ export type LedgerProveInclusionRunResult = {
761
+ schemaVersion: typeof LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION;
762
+ bundlePath: string;
763
+ outputPath: string | null;
764
+ proof: LedgerInclusionProof;
765
+ };
766
+ /**
767
+ * `axtary prove-inclusion` — emit an RFC 6962 inclusion proof for one record in
768
+ * an attestation bundle. The proof's `merkleRoot` matches the bundle's signed
769
+ * tree head, so a third party can verify it against the signed attestation.
770
+ */
771
+ export declare function runLedgerProveInclusion(input: LedgerProveInclusionRunInput): Promise<LedgerProveInclusionRunResult>;
772
+ export type LedgerProveConsistencyRunInput = {
773
+ firstBundlePath: string;
774
+ secondBundlePath: string;
775
+ outputPath?: string;
776
+ cwd?: string;
777
+ json?: boolean;
778
+ };
779
+ export type LedgerProveConsistencyRunResult = {
780
+ schemaVersion: typeof LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION;
781
+ firstBundlePath: string;
782
+ secondBundlePath: string;
783
+ outputPath: string | null;
784
+ proof: LedgerConsistencyProof;
785
+ };
786
+ /**
787
+ * `axtary prove-consistency` — emit an RFC 6962 consistency proof showing the
788
+ * second attestation's log append-only-extends the first. The proof binds both
789
+ * bundles' signed tree-head roots.
790
+ */
791
+ export declare function runLedgerProveConsistency(input: LedgerProveConsistencyRunInput): Promise<LedgerProveConsistencyRunResult>;
792
+ export type LedgerVerifyProofRunInput = {
793
+ proofPath: string;
794
+ bundlePath?: string;
795
+ firstBundlePath?: string;
796
+ secondBundlePath?: string;
797
+ issuer?: string;
798
+ cwd?: string;
799
+ json?: boolean;
800
+ };
801
+ export type LedgerVerifyProofRunResult = {
802
+ schemaVersion: typeof LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION;
803
+ proofType: "inclusion" | "consistency";
804
+ attestationValid: boolean;
805
+ proofResult: ProofVerificationResult;
806
+ valid: boolean;
807
+ };
808
+ /**
809
+ * `axtary verify-proof` — the standalone proof verifier. It re-verifies the
810
+ * signed tree head(s) from the bundle(s), then binds the inclusion/consistency
811
+ * proof to those signed roots, failing closed on any mismatch.
812
+ */
813
+ export declare function runLedgerVerifyProof(input: LedgerVerifyProofRunInput): Promise<LedgerVerifyProofRunResult>;
814
+ export type LedgerForensicsRunInput = {
815
+ bundlePath?: string;
816
+ ledgerPath?: string;
817
+ configPath?: string;
818
+ cwd?: string;
819
+ json?: boolean;
820
+ };
821
+ export type LedgerForensicsRunResult = {
822
+ schemaVersion: typeof LEDGER_FORENSICS_RUN_SCHEMA_VERSION;
823
+ source: string;
824
+ evidence: "verified_attestation_bundle" | "verified_local_ledger";
825
+ report: ForensicReport;
826
+ };
827
+ /**
828
+ * `axtary forensics` — offline reconstruction of a delegation+execution incident
829
+ * from the ledger alone, asserting attenuation / reconstructibility / cascade
830
+ * containment. Reads an attestation bundle when given (so analysis runs over
831
+ * attested evidence), otherwise the local ledger.
832
+ */
833
+ export declare function runLedgerForensics(input: LedgerForensicsRunInput): Promise<LedgerForensicsRunResult>;
834
+ export type ConnectRunInput = {
835
+ provider: string;
836
+ clientId?: string;
837
+ clientIdEnv?: string;
838
+ clientSecretEnv?: string;
839
+ redirectPort?: number;
840
+ redirectUri?: string;
841
+ cloudId?: string;
842
+ json?: boolean;
843
+ env?: Record<string, string | undefined>;
844
+ fetch?: typeof fetch;
845
+ store?: CredentialStore;
846
+ openBrowser?: (url: string) => void | Promise<void>;
847
+ onListening?: (port: number) => void;
848
+ stdout?: (text: string) => void;
849
+ };
850
+ export type ConnectRunResult = {
851
+ schemaVersion: typeof CONNECT_RUN_SCHEMA_VERSION;
852
+ provider: string;
853
+ account: string | null;
854
+ scopes: string[];
855
+ expiresAt: string | null;
856
+ secretBackend: "keychain" | "file";
857
+ context?: Record<string, string>;
858
+ };
859
+ /**
860
+ * `axtary connect <provider>` — local-loopback OAuth so a customer clicks
861
+ * "Allow" in the browser instead of hand-pasting a bot token. The customer
862
+ * brings their own OAuth app (client id/secret stay in local env, never reach
863
+ * Axtary); the obtained token is stored in the local credential broker (OS
864
+ * keychain or a 0600 file), never echoed.
865
+ */
866
+ export declare function runConnect(input: ConnectRunInput): Promise<ConnectRunResult>;
867
+ export declare function runDisconnect(input: {
868
+ provider: string;
869
+ store?: CredentialStore;
870
+ }): Promise<{
871
+ provider: string;
872
+ removed: boolean;
873
+ }>;
874
+ export type ConnectionsRunResult = {
875
+ schemaVersion: typeof CONNECTIONS_SCHEMA_VERSION;
876
+ connections: CredentialMetadata[];
877
+ };
878
+ export declare function runConnections(input?: {
879
+ store?: CredentialStore;
880
+ }): Promise<ConnectionsRunResult>;
881
+ export type ActionPassRevokeRunInput = {
882
+ passId: string;
883
+ trustStorePath?: string;
884
+ statusStorePath?: string;
885
+ ledgerPath?: string;
886
+ configPath?: string;
887
+ cwd?: string;
888
+ revokedBy?: string;
889
+ reason?: string;
890
+ revokedAt?: Date;
891
+ };
892
+ export type ActionPassRevokeRunResult = {
893
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
894
+ trustStorePath: string;
895
+ revocation: ActionPassRevocation;
896
+ statusStorePath: string | null;
897
+ ledgerPath: string | null;
898
+ ledgerEventId: string | null;
899
+ };
900
+ export declare function runActionPassRevoke(input: ActionPassRevokeRunInput): Promise<ActionPassRevokeRunResult>;
901
+ export declare function runActionPassRevocations(input?: {
902
+ trustStorePath?: string;
903
+ cwd?: string;
904
+ }): Promise<{
905
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
906
+ trustStorePath: string;
907
+ revocations: ActionPassRevocation[];
908
+ }>;
909
+ export declare function runIssuerKeyring(input?: {
910
+ keyringPath?: string;
911
+ cwd?: string;
912
+ rotate?: boolean;
913
+ retireAfterSeconds?: number;
914
+ }): Promise<{
915
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
916
+ keyringPath: string;
917
+ activeKid: string;
918
+ keys: Array<{
919
+ kid: string;
920
+ status: "active" | "retired";
921
+ createdAt: string;
922
+ retireAfter: string | null;
923
+ }>;
924
+ jwks: ReturnType<typeof issuerJwks>;
925
+ }>;
926
+ export declare function runActionPassStatus(input?: {
927
+ statusStorePath?: string;
928
+ cwd?: string;
929
+ }): Promise<{
930
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
931
+ statusStorePath: string;
932
+ uri: string;
933
+ entries: Array<{
934
+ passId: string;
935
+ index: number;
936
+ status: number;
937
+ updatedAt: string;
938
+ }>;
939
+ }>;
940
+ export declare function runCaepMap(input: {
941
+ issuer: string;
942
+ subject: SsfSubjectIdentifier;
943
+ rootPassIds: string[];
944
+ mappingPath?: string;
945
+ cwd?: string;
946
+ }): Promise<{
947
+ schemaVersion: typeof CAEP_MAPPING_RUN_SCHEMA_VERSION;
948
+ mappingPath: string;
949
+ mapping: Awaited<ReturnType<LocalCaepMappingStore["put"]>>;
950
+ }>;
951
+ export declare function runRealWorkflow(input?: RealWorkflowRunInput): Promise<RealWorkflowRunResult>;
952
+ export declare const GITHUB_DEPTH_RUN_SCHEMA_VERSION = "axtary.github_depth_run.v0";
953
+ export type GitHubDepthRunResult = {
954
+ schemaVersion: typeof GITHUB_DEPTH_RUN_SCHEMA_VERSION;
955
+ workflow: "github-depth";
956
+ config: {
957
+ filePath: string | null;
958
+ tenant: string;
959
+ };
960
+ ledgerPath: string;
961
+ status: "completed" | "blocked" | "failed";
962
+ requiredModes: {
963
+ github: "app";
964
+ };
965
+ inputs: {
966
+ repoResource: string;
967
+ issueKey: string;
968
+ baseBranch: string;
969
+ headBranch: string;
970
+ prTitle: string;
971
+ checkName: string;
972
+ reviewLine: number;
973
+ };
974
+ target: {
975
+ pullNumber: number;
976
+ headSha: string;
977
+ path: string;
978
+ line: number;
979
+ } | null;
980
+ steps: RealWorkflowStepResult[];
981
+ ledger: DemoRunResult["ledger"];
982
+ };
983
+ /**
984
+ * GitHub-only depth proof: open a draft PR in the sandbox repo, then exercise
985
+ * the three M7.3 write tools against that PR — an inline review comment, a check
986
+ * run on its head commit, and a conversation comment — each governed by policy,
987
+ * payload-bound by an ActionPass, and written to the ledger as a decision +
988
+ * execution-outcome pair. Requires only the GitHub credential.
989
+ */
990
+ export declare function runGitHubDepthWorkflow(input?: RealWorkflowRunInput): Promise<GitHubDepthRunResult>;
991
+ export declare const POSTGRES_READ_RUN_SCHEMA_VERSION = "axtary.postgres_read_run.v0";
992
+ export type PostgresReadRunResult = {
993
+ schemaVersion: typeof POSTGRES_READ_RUN_SCHEMA_VERSION;
994
+ workflow: "postgres-read";
995
+ config: {
996
+ filePath: string | null;
997
+ tenant: string;
998
+ };
999
+ ledgerPath: string;
1000
+ status: "completed" | "blocked" | "failed";
1001
+ requiredModes: {
1002
+ postgres: "postgres";
1003
+ };
1004
+ inputs: {
1005
+ databaseResource: string;
1006
+ statementHash: string | null;
1007
+ predicateHash: string | null;
1008
+ tables: string[];
1009
+ parameterCount: number;
1010
+ parameterHash: string;
1011
+ maxRows: number;
1012
+ };
1013
+ step: RealWorkflowStepResult;
1014
+ ledger: DemoRunResult["ledger"];
1015
+ };
1016
+ export declare function runPostgresReadWorkflow(input?: RealWorkflowRunInput): Promise<PostgresReadRunResult>;
1017
+ export declare const DRIVE_READ_RUN_SCHEMA_VERSION = "axtary.drive_read_run.v0";
1018
+ export type DriveReadRunResult = {
1019
+ schemaVersion: typeof DRIVE_READ_RUN_SCHEMA_VERSION;
1020
+ workflow: "drive-read";
1021
+ config: {
1022
+ filePath: string | null;
1023
+ tenant: string;
1024
+ };
1025
+ ledgerPath: string;
1026
+ status: "completed" | "blocked" | "failed";
1027
+ requiredModes: {
1028
+ drive: "rest";
1029
+ };
1030
+ inputs: {
1031
+ fileId: string;
1032
+ resource: string;
1033
+ maxBytes: number;
1034
+ source: "argument" | "picker_context" | "config";
1035
+ };
1036
+ step: RealWorkflowStepResult;
1037
+ ledger: DemoRunResult["ledger"];
1038
+ };
1039
+ export declare function runDriveReadWorkflow(input?: RealWorkflowRunInput): Promise<DriveReadRunResult>;
154
1040
  export declare function runAxtaryCli(argv?: string[], io?: CliIo): Promise<number>;
155
- export {};
1041
+ /**
1042
+ * The tamper-outcome line, with the three states kept distinct: blocked
1043
+ * (the win), not-blocked (a real security failure), and not-reached (a prior
1044
+ * step failed before Slack, so the tamper was never exercised — must never be
1045
+ * reported as the tampered payload executing).
1046
+ */
1047
+ export declare function tamperOutcomeLine(tamper: RealWorkflowTamperEvidence): string;
156
1048
  //# sourceMappingURL=index.d.ts.map