@axtary/cli 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/README.md +135 -12
  2. package/dist/bin.js +10 -0
  3. package/dist/bin.js.map +1 -1
  4. package/dist/claude-code-hook.d.ts +20 -0
  5. package/dist/claude-code-hook.d.ts.map +1 -1
  6. package/dist/claude-code-hook.js +114 -34
  7. package/dist/claude-code-hook.js.map +1 -1
  8. package/dist/codex-hook.d.ts +48 -0
  9. package/dist/codex-hook.d.ts.map +1 -0
  10. package/dist/codex-hook.js +259 -0
  11. package/dist/codex-hook.js.map +1 -0
  12. package/dist/credentials.d.ts +101 -0
  13. package/dist/credentials.d.ts.map +1 -0
  14. package/dist/credentials.js +277 -0
  15. package/dist/credentials.js.map +1 -0
  16. package/dist/cursor-hook.d.ts +51 -0
  17. package/dist/cursor-hook.d.ts.map +1 -0
  18. package/dist/cursor-hook.js +214 -0
  19. package/dist/cursor-hook.js.map +1 -0
  20. package/dist/hook-install.d.ts +21 -0
  21. package/dist/hook-install.d.ts.map +1 -0
  22. package/dist/hook-install.js +179 -0
  23. package/dist/hook-install.js.map +1 -0
  24. package/dist/index.d.ts +877 -8
  25. package/dist/index.d.ts.map +1 -1
  26. package/dist/index.js +6592 -1048
  27. package/dist/index.js.map +1 -1
  28. package/dist/mcp-fs-normalize.d.ts +18 -0
  29. package/dist/mcp-fs-normalize.d.ts.map +1 -0
  30. package/dist/mcp-fs-normalize.js +39 -0
  31. package/dist/mcp-fs-normalize.js.map +1 -0
  32. package/dist/mcp-oauth.d.ts +67 -0
  33. package/dist/mcp-oauth.d.ts.map +1 -0
  34. package/dist/mcp-oauth.js +242 -0
  35. package/dist/mcp-oauth.js.map +1 -0
  36. package/dist/oauth.d.ts +90 -0
  37. package/dist/oauth.d.ts.map +1 -0
  38. package/dist/oauth.js +339 -0
  39. package/dist/oauth.js.map +1 -0
  40. package/dist/render.d.ts +103 -0
  41. package/dist/render.d.ts.map +1 -0
  42. package/dist/render.js +172 -0
  43. package/dist/render.js.map +1 -0
  44. package/dist/shell-file-normalize.d.ts +21 -0
  45. package/dist/shell-file-normalize.d.ts.map +1 -0
  46. package/dist/shell-file-normalize.js +269 -0
  47. package/dist/shell-file-normalize.js.map +1 -0
  48. package/package.json +14 -9
package/dist/index.d.ts CHANGED
@@ -1,24 +1,60 @@
1
- import { type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
2
- import { type FakeAdapterState } from "@axtary/adapters";
3
- import { type LedgerExport, type LedgerExportFormat, type LedgerSyncResult } from "@axtary/ledger";
4
- import { type PolicyConfig } from "@axtary/policy";
1
+ import { LocalCaepMappingStore, issuerJwks, type SsfSubjectIdentifier, type ActionPassRevocation, type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
2
+ import { type FakeAdapterState, type PostgresQueryClient } from "@axtary/adapters";
3
+ import { type LedgerAttestationBundle, type LedgerConsistencyProof, type LedgerEquivalenceReport, type LedgerExport, type LedgerExportFormat, type OtelTraceExportResult, type ForensicReport, type LedgerInclusionProof, type LedgerSyncResult, type ProofVerificationResult, type VerifyLedgerAttestationResult } from "@axtary/ledger";
4
+ import { type McpConformanceReceipt, type McpChainVerdict, type McpPinReconcileEntry, type McpSignedDefinitionVerification } from "@axtary/mcp";
5
+ import { type PolicyConfig, type PolicyFixtureResult as PolicyTemplateFixtureResult, type PolicyTemplate, type PolicySimulation } from "@axtary/policy";
6
+ import { type AcsInterventionPoint } from "@axtary/policy/acs";
5
7
  import { type ProxyHandleResult } from "@axtary/proxy";
8
+ import { type CredentialMetadata, type CredentialStore } from "./credentials.js";
9
+ export { HOOK_INSTALL_SCHEMA_VERSION, installRuntimeHook, type HookInstallRuntime, type HookInstallResult, } from "./hook-install.js";
6
10
  export { CLAUDE_CODE_HOOK_SCHEMA_VERSION, normalizeClaudeCodeToolCall, parseClaudeCodeHookPayload, runClaudeCodeHook, type ClaudeCodeHookPayload, type ClaudeCodeHookRunInput, type ClaudeCodeHookRunResult, } from "./claude-code-hook.js";
11
+ export { CURSOR_HOOK_SCHEMA_VERSION, normalizeCursorToolCall, parseCursorHookPayload, runCursorHook, type CursorHookPayload, type CursorHookRunInput, type CursorHookRunResult, } from "./cursor-hook.js";
12
+ export { CODEX_HOOK_SCHEMA_VERSION, classifyShellCommand, normalizeCodexToolCall, parseCodexHookPayload, runCodexHook, type CodexHookPayload, type CodexHookRunInput, type CodexHookRunResult, } from "./codex-hook.js";
7
13
  export declare const DEMO_SCHEMA_VERSION = "axtary.demo.v0";
14
+ export declare const TEMPLATE_DEMO_SCHEMA_VERSION = "axtary.template_demo.v0";
8
15
  export declare const POLICY_TEST_SCHEMA_VERSION = "axtary.policy_test.v0";
16
+ export declare const POLICY_HARNESS_SCHEMA_VERSION = "axtary.policy_harness.v0";
17
+ export declare const POLICY_SIMULATE_RUN_SCHEMA_VERSION = "axtary.policy_simulate_run.v0";
9
18
  export declare const LOCAL_PROXY_SCHEMA_VERSION = "axtary.local_proxy.v0";
10
19
  export declare const LEDGER_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_export_run.v0";
11
20
  export declare const LEDGER_SYNC_RUN_SCHEMA_VERSION = "axtary.ledger_sync_run.v0";
21
+ export declare const LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_otel_export_run.v0";
22
+ export declare const LEDGER_ATTEST_RUN_SCHEMA_VERSION = "axtary.ledger_attest_run.v0";
23
+ export declare const LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_verify_export_run.v0";
24
+ export declare const LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION = "axtary.ledger_prove_inclusion_run.v0";
25
+ export declare const LEDGER_PROVE_EQUIVALENCE_RUN_SCHEMA_VERSION = "axtary.ledger_prove_equivalence_run.v0";
26
+ export declare const LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION = "axtary.ledger_prove_consistency_run.v0";
27
+ export declare const LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION = "axtary.ledger_verify_proof_run.v0";
28
+ export declare const LEDGER_FORENSICS_RUN_SCHEMA_VERSION = "axtary.ledger_forensics_run.v0";
29
+ export declare const ATTESTATION_KEY_SCHEMA_VERSION = "axtary.attestation_key.v0";
12
30
  export declare const CONNECTOR_DOCTOR_SCHEMA_VERSION = "axtary.connector_doctor.v0";
13
31
  export declare const REAL_WORKFLOW_RUN_SCHEMA_VERSION = "axtary.real_workflow_run.v0";
32
+ export declare const CONNECT_RUN_SCHEMA_VERSION = "axtary.connect_run.v0";
33
+ export declare const CONNECTIONS_SCHEMA_VERSION = "axtary.connections.v0";
34
+ export declare const ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION = "axtary.actionpass_revocation_run.v0";
35
+ export declare const DEFAULT_ACTIONPASS_TRUST_STORE_PATH = ".axtary/actionpass-trust-store.json";
36
+ export declare const DEFAULT_DPOP_REPLAY_STORE_PATH = ".axtary/dpop-replay-store.jsonl";
37
+ export declare const ACTIONPASS_STATUS_RUN_SCHEMA_VERSION = "axtary.actionpass_status_run.v0";
38
+ export declare const CAEP_MAPPING_RUN_SCHEMA_VERSION = "axtary.caep_mapping_run.v0";
14
39
  export type DemoRunInput = {
15
40
  configPath?: string;
16
41
  ledgerPath?: string;
42
+ trustStorePath?: string;
43
+ dpopReplayStorePath?: string;
44
+ statusListUri?: string;
17
45
  cwd?: string;
18
46
  };
47
+ export type TemplateDemoRunInput = {
48
+ configPath?: string;
49
+ cwd?: string;
50
+ templateId: string;
51
+ };
19
52
  export type ProxyServerInput = DemoRunInput & {
20
53
  host?: string;
21
54
  port?: number;
55
+ otlpEndpoint?: string;
56
+ otlpServiceName?: string;
57
+ otlpTimeoutMs?: number;
22
58
  };
23
59
  export type ProxyServerHandle = {
24
60
  schemaVersion: typeof LOCAL_PROXY_SCHEMA_VERSION;
@@ -26,14 +62,33 @@ export type ProxyServerHandle = {
26
62
  host: string;
27
63
  port: number;
28
64
  ledgerPath: string;
65
+ trustStorePath: string;
66
+ dpopReplayStorePath: string;
67
+ issuerKeyringPath: string;
68
+ statusStorePath: string;
69
+ statusListUri: string;
70
+ caep: {
71
+ enabled: boolean;
72
+ mappingPath: string;
73
+ replayPath: string;
74
+ issuer: string | null;
75
+ };
76
+ otel: {
77
+ enabled: boolean;
78
+ endpoint: string | null;
79
+ serviceName: string | null;
80
+ };
29
81
  adapters: FakeAdapterState;
30
82
  adapterModes: {
31
- github: "fake" | "rest";
83
+ github: "fake" | "rest" | "app";
32
84
  slack: "fake" | "web";
33
85
  linear: "fake" | "graphql";
86
+ jira: "fake" | "rest";
34
87
  aws: "off" | "rest";
35
88
  gcp: "off" | "rest";
36
89
  docs: "off" | "local";
90
+ postgres: "off" | "postgres";
91
+ drive: "off" | "rest";
37
92
  mcp: "fixture";
38
93
  };
39
94
  close: () => Promise<void>;
@@ -70,6 +125,45 @@ export type PolicyTestRunResult = {
70
125
  failed: number;
71
126
  results: PolicyFixtureResult[];
72
127
  };
128
+ export type PolicySimulateRunInput = {
129
+ actionPath: string;
130
+ configPath?: string;
131
+ cwd?: string;
132
+ };
133
+ export type PolicySimulateRunResult = {
134
+ schemaVersion: typeof POLICY_SIMULATE_RUN_SCHEMA_VERSION;
135
+ config: {
136
+ filePath: string | null;
137
+ policyVersion: string;
138
+ };
139
+ actionPath: string;
140
+ simulation: PolicySimulation;
141
+ };
142
+ export type PolicyHarnessRunInput = {
143
+ harnessPath: string;
144
+ configPath?: string;
145
+ cwd?: string;
146
+ };
147
+ export type PolicyHarnessRunResult = {
148
+ schemaVersion: typeof POLICY_HARNESS_SCHEMA_VERSION;
149
+ config: {
150
+ filePath: string | null;
151
+ policyVersion: string;
152
+ };
153
+ harnessPath: string;
154
+ passed: boolean;
155
+ total: number;
156
+ failed: number;
157
+ results: Array<{
158
+ name: string;
159
+ passed: boolean;
160
+ expectedDecision: string;
161
+ actualDecision: string;
162
+ expectedRule: string | null;
163
+ actualRule: string | null;
164
+ actualReasons: string[];
165
+ }>;
166
+ };
73
167
  export type DemoActionResult = {
74
168
  name: string;
75
169
  tool: string;
@@ -94,8 +188,12 @@ export type DemoRunResult = {
94
188
  github: "fake";
95
189
  slack: "fake";
96
190
  linear: "fake";
191
+ jira: "fake";
97
192
  aws: "off";
98
193
  gcp: "off";
194
+ docs: "local";
195
+ postgres: "off";
196
+ drive: "off";
99
197
  mcp: "fixture";
100
198
  };
101
199
  ledger: {
@@ -105,6 +203,23 @@ export type DemoRunResult = {
105
203
  failure: string | null;
106
204
  };
107
205
  };
206
+ export type TemplateDemoRunResult = {
207
+ schemaVersion: typeof TEMPLATE_DEMO_SCHEMA_VERSION;
208
+ template: {
209
+ id: string;
210
+ name: string;
211
+ decisionModel: PolicyTemplate["decisionModel"];
212
+ };
213
+ config: {
214
+ filePath: string | null;
215
+ policyVersion: string;
216
+ };
217
+ mode: "policy_only";
218
+ passed: boolean;
219
+ total: number;
220
+ failed: number;
221
+ results: PolicyTemplateFixtureResult[];
222
+ };
108
223
  export type CliIo = {
109
224
  stdout?: (text: string) => void;
110
225
  stderr?: (text: string) => void;
@@ -115,10 +230,11 @@ export declare function authorizeDecisionHints(decision: PolicyDecision, policy:
115
230
  type SmokeTestInput = DemoRunInput & {
116
231
  env?: Record<string, string | undefined>;
117
232
  fetch?: typeof fetch;
233
+ store?: CredentialStore;
118
234
  };
119
235
  type ConnectorDoctorInput = SmokeTestInput;
120
236
  export type ConnectorDoctorProviderStatus = {
121
- provider: "github" | "slack" | "linear" | "aws" | "gcp" | "docs";
237
+ provider: "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "docs" | "drive" | "postgres";
122
238
  mode: string;
123
239
  status: "ready" | "missing" | "failed" | "skipped";
124
240
  capability: "real-write" | "read-only" | "local-read" | "fake" | "off";
@@ -138,6 +254,74 @@ export type ConnectorDoctorResult = {
138
254
  status: "ready" | "needs_setup";
139
255
  providers: ConnectorDoctorProviderStatus[];
140
256
  };
257
+ export declare const POLICY_PARITY_SCHEMA_VERSION = "axtary.policy_parity.v0";
258
+ export declare const ACS_CONFORMANCE_SCHEMA_VERSION = "axtary.acs_conformance.v0";
259
+ export type PolicyParityRunInput = {
260
+ configPath?: string;
261
+ cwd?: string;
262
+ fixturesPath?: string;
263
+ cedarPath?: string;
264
+ regoWasmPath?: string;
265
+ };
266
+ export type PolicyParityFixtureResult = {
267
+ id: string;
268
+ passed: boolean;
269
+ expected: {
270
+ decision: string;
271
+ reasons: string[];
272
+ };
273
+ engines: Record<string, {
274
+ decision: string;
275
+ reasons: string[];
276
+ }>;
277
+ };
278
+ export type PolicyParityRunResult = {
279
+ schemaVersion: typeof POLICY_PARITY_SCHEMA_VERSION;
280
+ engines: string[];
281
+ fixturesPath: string;
282
+ cedarPath: string;
283
+ regoWasmPath: string;
284
+ agentCore: {
285
+ schemaVersion: string;
286
+ status: "offline_mapping";
287
+ gatewayResource: string;
288
+ fixtureCount: number;
289
+ sample: JsonValue | null;
290
+ };
291
+ passed: boolean;
292
+ total: number;
293
+ failed: number;
294
+ results: PolicyParityFixtureResult[];
295
+ };
296
+ export type AcsConformanceVectorResult = {
297
+ id: string;
298
+ interventionPoint: AcsInterventionPoint;
299
+ expectedVerdict: string;
300
+ actualVerdict: string;
301
+ expectedProxyStatus: string;
302
+ actualProxyStatus: string | null;
303
+ passed: boolean;
304
+ reasons: string[];
305
+ actionHash: string | null;
306
+ payloadHash: string | null;
307
+ actionPassId: string | null;
308
+ ledgerLine: number | null;
309
+ executionLedgerLine: number | null;
310
+ };
311
+ export type AcsConformanceRunInput = {
312
+ configPath?: string;
313
+ cwd?: string;
314
+ ledgerPath?: string;
315
+ };
316
+ export type AcsConformanceRunResult = {
317
+ schemaVersion: typeof ACS_CONFORMANCE_SCHEMA_VERSION;
318
+ manifestVersion: string;
319
+ ledgerPath: string;
320
+ passed: boolean;
321
+ total: number;
322
+ failed: number;
323
+ vectors: AcsConformanceVectorResult[];
324
+ };
141
325
  export type LedgerExportRunInput = DemoRunInput & {
142
326
  from?: string;
143
327
  to?: string;
@@ -173,6 +357,22 @@ export type LedgerSyncRunResult = {
173
357
  endpoint: string;
174
358
  sync: LedgerSyncResult;
175
359
  };
360
+ export type LedgerOtelExportRunInput = LedgerExportRunInput & {
361
+ endpoint: string;
362
+ serviceName?: string;
363
+ timeoutMs?: number;
364
+ fetch?: typeof fetch;
365
+ };
366
+ export type LedgerOtelExportRunResult = {
367
+ schemaVersion: typeof LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION;
368
+ config: {
369
+ filePath: string | null;
370
+ tenant: string;
371
+ };
372
+ ledgerPath: string;
373
+ endpoint: string;
374
+ export: OtelTraceExportResult;
375
+ };
176
376
  export type RealWorkflowRunInput = DemoRunInput & {
177
377
  env?: Record<string, string | undefined>;
178
378
  fetch?: typeof fetch;
@@ -186,7 +386,26 @@ export type RealWorkflowRunInput = DemoRunInput & {
186
386
  prTitle?: string;
187
387
  approvedBy?: string;
188
388
  approveStepUp?: boolean;
389
+ hostedApproval?: boolean;
390
+ approvalEndpoint?: string;
391
+ approvalTokenEnv?: string;
392
+ approvalPollIntervalSeconds?: number;
393
+ approvalTimeoutSeconds?: number;
394
+ onApprovalPending?: (info: {
395
+ requestId: string;
396
+ endpoint: string;
397
+ }) => void;
398
+ store?: CredentialStore;
189
399
  tamper?: boolean;
400
+ checkName?: string;
401
+ reviewLine?: number;
402
+ databaseResource?: string;
403
+ sqlStatement?: string;
404
+ sqlParameters?: JsonValue[];
405
+ maxRows?: number;
406
+ postgresClientFactory?: (connectionString: string) => PostgresQueryClient;
407
+ driveFileId?: string;
408
+ maxReadBytes?: number;
190
409
  };
191
410
  export type RealWorkflowTamperEvidence = {
192
411
  step: string;
@@ -194,6 +413,29 @@ export type RealWorkflowTamperEvidence = {
194
413
  mutation: string;
195
414
  approvedPayloadHash: string;
196
415
  attemptedPayloadHash: string;
416
+ /**
417
+ * The scoped-authority contrast: the agent still held a valid, exact-payload
418
+ * human approval for this tool + resource when it attempted the mutated
419
+ * payload. `scopeUnchanged` is computed by comparing the approved and
420
+ * attempted actions' tool + resource — when true, an authorizer that checks
421
+ * scope alone (a held, valid scoped token) would still authorize the call,
422
+ * and only the payload-hash binding caught the swap.
423
+ */
424
+ scopedAuthority: {
425
+ tool: string;
426
+ resource: string;
427
+ approvedBy: string;
428
+ artifactId: string;
429
+ scopeUnchanged: boolean;
430
+ };
431
+ /**
432
+ * Whether the tamper step actually ran. A prior step failing (e.g. a
433
+ * GitHub branch collision on re-run) aborts the workflow before the Slack
434
+ * step, leaving the tamper unexercised. This must be distinguished from a
435
+ * step that ran and was not blocked, so a benign prior failure can never
436
+ * be misreported as "the tampered payload executed".
437
+ */
438
+ reached: boolean;
197
439
  blocked: boolean;
198
440
  blockReasons: string[];
199
441
  };
@@ -240,48 +482,675 @@ export type RealWorkflowRunResult = {
240
482
  };
241
483
  export declare function startProxyServer(input?: ProxyServerInput): Promise<ProxyServerHandle>;
242
484
  export declare const INIT_SCHEMA_VERSION = "axtary.init.v0";
243
- export declare const INIT_CONFIG_TEMPLATE: string;
485
+ export declare const INIT_CONFIG_TEMPLATE = "schemaVersion: axtary.config.v0\nissuer: https://local.axtary.dev\ntenant: org:local\nledger:\n path: .axtary/actions.jsonl\nruntime:\n allowUnsignedExecution: false\n handlerTimeoutMs: 10000\n status:\n enabled: true\n keyringPath: .axtary/keys/actionpass-issuer-keyring.json\n storePath: .axtary/actionpass-status.json\n ttlSeconds: 60\n expiresInSeconds: 120\n caep:\n enabled: false\n mappingPath: .axtary/caep-mappings.json\n replayPath: .axtary/ssf-replay.json\nadapters:\n # Start in fake mode: deterministic local adapters, no credentials needed.\n # Switch a provider to its real mode (rest/web/graphql) once its env token is set.\n github:\n mode: fake\n tokenEnv: GITHUB_TOKEN\n apiBaseUrl: https://api.github.com\n userAgent: axtary-local-proxy\n slack:\n mode: fake\n tokenEnv: SLACK_BOT_TOKEN\n apiBaseUrl: https://slack.com/api\n linear:\n mode: fake\n tokenEnv: LINEAR_API_KEY\n apiUrl: https://api.linear.app/graphql\n docs:\n mode: local\n # Local docs the agent may search. `axtary init` creates the docs/ root;\n # add or remove roots to match your project.\n roots:\n - docs\npolicy:\n version: \"starter-v0\"\n github:\n pullRequests:\n requiredBaseBranch: main\n maxFilesChanged: 12\n denyPathPrefixes:\n - .env\n - secrets/\n stepUpPathPrefixes:\n - infra/prod/\n - billing/\n - auth/\n requiresTests: true\n contents:\n denyReadPathPrefixes:\n - .env\n - secrets/\n - infra/prod/\n slack:\n messages:\n allowedChannels:\n - \"#axtary-dev\"\n stepUpExternalRecipients: true\ndemo:\n scenario: coding-agent\n";
244
486
  export type InitRunInput = {
245
487
  cwd?: string;
246
488
  configPath?: string;
247
489
  force?: boolean;
490
+ templateId?: string;
248
491
  };
249
492
  export type InitRunResult = {
250
493
  schemaVersion: typeof INIT_SCHEMA_VERSION;
251
494
  status: "created" | "exists";
252
495
  configPath: string;
496
+ templateId: string | null;
497
+ policyTestPath: string | null;
253
498
  };
254
499
  export declare function runInit(input?: InitRunInput): Promise<InitRunResult>;
255
500
  export declare function formatInitResult(result: InitRunResult): string;
256
501
  export declare const MCP_SERVE_SCHEMA_VERSION = "axtary.mcp_serve.v0";
502
+ export declare const MCP_CONFORMANCE_RUN_SCHEMA_VERSION = "axtary.mcp_conformance_run.v0";
257
503
  export type McpServeInput = {
258
504
  configPath?: string;
259
505
  cwd?: string;
260
506
  ledgerPath?: string;
507
+ trustStorePath?: string;
508
+ dpopReplayStorePath?: string;
509
+ pinsPath?: string;
510
+ /**
511
+ * When true, a tool with no existing pin is quarantined until reviewed
512
+ * instead of trusted-on-first-use. Drift is always quarantined regardless.
513
+ */
514
+ strict?: boolean;
261
515
  wrap?: string;
516
+ wrapUrl?: string;
517
+ headers?: Record<string, string>;
518
+ oauth?: boolean;
519
+ oauthStore?: CredentialStore;
520
+ oauthFetch?: typeof fetch;
262
521
  owner?: string;
263
522
  input?: NodeJS.ReadableStream;
264
523
  output?: NodeJS.WritableStream;
265
524
  log?: (text: string) => void;
266
525
  };
526
+ export type McpServeQuarantine = {
527
+ serverIdentity: string;
528
+ toolName: string;
529
+ reason: "definition_drifted" | "unpinned_strict";
530
+ discoveredHash: string;
531
+ pinnedHash: string | null;
532
+ };
267
533
  export type McpServeHandle = {
268
534
  schemaVersion: typeof MCP_SERVE_SCHEMA_VERSION;
269
535
  ledgerPath: string;
536
+ trustStorePath: string;
537
+ dpopReplayStorePath: string;
538
+ pinsPath: string;
270
539
  tools: Array<{
271
540
  name: string;
272
541
  serverIdentity: string;
273
542
  definitionHash: string;
274
543
  }>;
544
+ provenance: {
545
+ pinned: number;
546
+ pinnedOnFirstUse: number;
547
+ quarantined: McpServeQuarantine[];
548
+ };
275
549
  done: Promise<void>;
276
550
  close: () => Promise<void>;
277
551
  };
278
552
  export declare function startMcpServe(input?: McpServeInput): Promise<McpServeHandle>;
279
- export declare function runDemo(input?: DemoRunInput): Promise<DemoRunResult>;
553
+ export declare function resolveActionPassTrustStorePath(cwd: string, trustStorePath?: string): string;
554
+ export declare function resolveDpopReplayStorePath(cwd: string, dpopReplayStorePath?: string): string;
555
+ export type McpWrapTarget = {
556
+ /** stdio command line (whitespace-split, no shell quoting). */
557
+ wrap?: string;
558
+ /** Streamable HTTP MCP endpoint URL. */
559
+ wrapUrl?: string;
560
+ /** Extra HTTP headers (e.g. Authorization) for the HTTP transport. */
561
+ headers?: Record<string, string>;
562
+ /**
563
+ * Resolve the upstream bearer from the local OAuth broker for this remote MCP
564
+ * server (RFC 9728/8707 session created by `axtary mcp login`). The token is
565
+ * injected only into the upstream request header — never persisted to pins,
566
+ * ledger, or status. Requires `wrapUrl`.
567
+ */
568
+ oauth?: boolean;
569
+ /** Credential store + fetch overrides for OAuth bearer resolution (tests). */
570
+ oauthStore?: CredentialStore;
571
+ oauthFetch?: typeof fetch;
572
+ };
573
+ export declare const MCP_PINS_REPORT_SCHEMA_VERSION = "axtary.mcp_pins_report.v0";
574
+ export declare const MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION = "axtary.mcp_publisher_trust_report.v0";
575
+ export declare const MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION = "axtary.mcp_signed_definition_verify.v0";
576
+ export type McpPublisherTrustResult = {
577
+ schemaVersion: typeof MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION;
578
+ trustPath: string;
579
+ registered: string | null;
580
+ publishers: Array<{
581
+ publisher: string;
582
+ keys: Array<{
583
+ kid: string;
584
+ alg: string;
585
+ kty: string;
586
+ crv: string;
587
+ }>;
588
+ }>;
589
+ };
590
+ export declare function runMcpTrustPublisher(input: {
591
+ publisher: string;
592
+ jwksPath: string;
593
+ trustPath?: string;
594
+ cwd?: string;
595
+ }): Promise<McpPublisherTrustResult>;
596
+ export declare function runMcpPublishers(input?: {
597
+ trustPath?: string;
598
+ cwd?: string;
599
+ }): Promise<McpPublisherTrustResult>;
600
+ export declare function formatMcpPublishers(result: McpPublisherTrustResult): string;
601
+ export type McpSignedDefinitionVerifyResult = {
602
+ schemaVersion: typeof MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION;
603
+ trustPath: string;
604
+ definitionPath: string;
605
+ statementPath: string;
606
+ verification: McpSignedDefinitionVerification;
607
+ };
608
+ export declare function runMcpVerifyDefinition(input: {
609
+ definitionPath: string;
610
+ statementPath: string;
611
+ publisher: string;
612
+ trustPath?: string;
613
+ cwd?: string;
614
+ }): Promise<McpSignedDefinitionVerifyResult>;
615
+ export declare function formatMcpVerifyDefinition(result: McpSignedDefinitionVerifyResult): string;
616
+ export type McpPinsResult = {
617
+ schemaVersion: typeof MCP_PINS_REPORT_SCHEMA_VERSION;
618
+ pinsPath: string;
619
+ servers: Array<{
620
+ serverIdentity: string;
621
+ serverVersion: string | null;
622
+ tools: Array<{
623
+ toolName: string;
624
+ definitionHash: string;
625
+ schemaVersion: string;
626
+ pinnedAt: string;
627
+ publisher: string | null;
628
+ kid: string | null;
629
+ semver: string | null;
630
+ priorDefinitionHash: string | null;
631
+ }>;
632
+ }>;
633
+ };
634
+ export declare function runMcpPins(input: {
635
+ configPath?: string;
636
+ pinsPath?: string;
637
+ cwd?: string;
638
+ }): Promise<McpPinsResult>;
639
+ export declare function formatMcpPins(result: McpPinsResult): string;
640
+ export declare const MCP_REVIEW_SCHEMA_VERSION = "axtary.mcp_review.v0";
641
+ export type McpPublisherEvidence = {
642
+ trust: "verified" | "unsigned" | "untrusted" | "invalid";
643
+ publisher: string | null;
644
+ kid: string | null;
645
+ semver: string | null;
646
+ priorDefinitionHash: string | null;
647
+ chainVerdict: McpChainVerdict | null;
648
+ reason: string | null;
649
+ };
650
+ export type McpReviewEntry = McpPinReconcileEntry & {
651
+ publisherEvidence: McpPublisherEvidence;
652
+ };
653
+ export type McpReviewResult = {
654
+ schemaVersion: typeof MCP_REVIEW_SCHEMA_VERSION;
655
+ pinsPath: string;
656
+ trustPath: string;
657
+ signedDefinitionsPath: string;
658
+ accepted: boolean;
659
+ pinned: number;
660
+ pending: McpReviewEntry[];
661
+ tools: McpReviewEntry[];
662
+ };
663
+ export declare function runMcpReview(input: {
664
+ configPath?: string;
665
+ pinsPath?: string;
666
+ wrap?: string;
667
+ wrapUrl?: string;
668
+ headers?: Record<string, string>;
669
+ oauth?: boolean;
670
+ oauthStore?: CredentialStore;
671
+ oauthFetch?: typeof fetch;
672
+ publisherTrustPath?: string;
673
+ signedDefinitionsPath?: string;
674
+ accept?: boolean;
675
+ cwd?: string;
676
+ }): Promise<McpReviewResult>;
677
+ export declare function formatMcpReview(result: McpReviewResult): string;
678
+ export type McpConformanceRunInput = McpWrapTarget & {
679
+ configPath?: string;
680
+ pinsPath?: string;
681
+ ledgerPath?: string;
682
+ statusPath?: string;
683
+ attestationPath?: string;
684
+ keyPath?: string;
685
+ publisherTrustPath?: string;
686
+ signedDefinitionsPath?: string;
687
+ toolName: string;
688
+ arguments: Record<string, JsonValue>;
689
+ accept?: boolean;
690
+ owner?: string;
691
+ cwd?: string;
692
+ };
693
+ export type McpConformanceRunResult = {
694
+ schemaVersion: typeof MCP_CONFORMANCE_RUN_SCHEMA_VERSION;
695
+ pinsPath: string;
696
+ ledgerPath: string;
697
+ statusPath: string;
698
+ receipt: McpConformanceReceipt;
699
+ };
700
+ /**
701
+ * Exercise one explicitly selected live tool through the complete governed MCP
702
+ * path and persist a compact, secret-free receipt for operator surfaces.
703
+ */
704
+ export declare function runMcpConformance(input: McpConformanceRunInput): Promise<McpConformanceRunResult>;
705
+ export declare function formatMcpConformance(result: McpConformanceRunResult): string;
706
+ export declare const MCP_DRIFT_DEMO_SCHEMA_VERSION = "axtary.mcp_drift_demo.v0";
707
+ export type McpDriftDemoPhase = {
708
+ isError: boolean;
709
+ text: string;
710
+ };
711
+ export type McpDriftDemoResult = {
712
+ schemaVersion: typeof MCP_DRIFT_DEMO_SCHEMA_VERSION;
713
+ tool: {
714
+ serverIdentity: string;
715
+ name: string;
716
+ };
717
+ approved: {
718
+ definitionHash: string;
719
+ description: string;
720
+ };
721
+ mutated: {
722
+ definitionHash: string;
723
+ description: string;
724
+ injectedInstruction: string;
725
+ };
726
+ phases: {
727
+ approvedCall: McpDriftDemoPhase;
728
+ driftedCall: McpDriftDemoPhase;
729
+ };
730
+ blocked: boolean;
731
+ blockReasons: string[];
732
+ mutatedInvokerCalled: boolean;
733
+ ledger: {
734
+ path: string;
735
+ valid: boolean;
736
+ records: Array<{
737
+ decision: string;
738
+ reasons: string[];
739
+ definitionHash: string | null;
740
+ }>;
741
+ };
742
+ };
743
+ /**
744
+ * The tool-poisoning counter, reproducible in one command: a wrapped MCP tool
745
+ * executes at its reviewed definition hash, then the definition mutates (a
746
+ * hidden instruction lands in the description) and the identical call is
747
+ * denied before the invoker runs — both hashes end up in the ledger.
748
+ */
749
+ export declare function runMcpDriftDemo(input?: DemoRunInput): Promise<McpDriftDemoResult>;
750
+ export declare function runDemo(input?: DemoRunInput & {
751
+ approveStepUp?: boolean;
752
+ approvedBy?: string;
753
+ }): Promise<DemoRunResult>;
754
+ export declare function runTemplateDemo(input: TemplateDemoRunInput): Promise<TemplateDemoRunResult>;
280
755
  export declare function runSmokeTest(input?: SmokeTestInput, io?: CliIo): Promise<number>;
281
756
  export declare function runConnectorDoctor(input?: ConnectorDoctorInput): Promise<ConnectorDoctorResult>;
282
757
  export declare function runTestPolicy(input: PolicyTestRunInput): Promise<PolicyTestRunResult>;
758
+ export declare function runPolicySimulate(input: PolicySimulateRunInput): Promise<PolicySimulateRunResult>;
759
+ export declare function runPolicyHarness(input: PolicyHarnessRunInput): Promise<PolicyHarnessRunResult>;
760
+ /**
761
+ * Three-engine parity: evaluates every shared fixture through the native
762
+ * evaluator, the Cedar policy set, and the compiled Rego bundle, and reports
763
+ * whether decisions and reason sets agree. Cedar/Rego run via optional wasm
764
+ * engines (repo devDependencies) loaded through @axtary/policy/parity.
765
+ */
766
+ export declare function runPolicyParity(input?: PolicyParityRunInput): Promise<PolicyParityRunResult>;
767
+ export declare function runAcsConformance(input?: AcsConformanceRunInput): Promise<AcsConformanceRunResult>;
283
768
  export declare function runLedgerExport(input?: LedgerExportRunInput): Promise<LedgerExportRunResult>;
284
769
  export declare function runLedgerSync(input: LedgerSyncRunInput): Promise<LedgerSyncRunResult>;
770
+ export declare function runLedgerOtelExport(input: LedgerOtelExportRunInput): Promise<LedgerOtelExportRunResult>;
771
+ export type LedgerAttestRunInput = LedgerExportRunInput & {
772
+ /** Where to persist the local attestation key (defaults beside the ledger). */
773
+ keyPath?: string;
774
+ };
775
+ export type LedgerAttestRunResult = {
776
+ schemaVersion: typeof LEDGER_ATTEST_RUN_SCHEMA_VERSION;
777
+ config: {
778
+ filePath: string | null;
779
+ tenant: string;
780
+ };
781
+ ledgerPath: string;
782
+ keyPath: string;
783
+ keyId: string;
784
+ outputPath: string | null;
785
+ bundle: LedgerAttestationBundle;
786
+ };
787
+ export type LedgerVerifyExportRunInput = {
788
+ bundlePath: string;
789
+ issuer?: string;
790
+ cwd?: string;
791
+ json?: boolean;
792
+ };
793
+ export type LedgerVerifyExportRunResult = {
794
+ schemaVersion: typeof LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION;
795
+ bundlePath: string;
796
+ result: VerifyLedgerAttestationResult;
797
+ /**
798
+ * Approval↔execution equivalence summary over the verified export's
799
+ * execution records; null when the bundle did not verify. Verification
800
+ * itself already fails closed on any failed pair, so a valid result can
801
+ * only contain proved and unproven entries.
802
+ */
803
+ equivalence: LedgerEquivalenceReport | null;
804
+ };
805
+ /**
806
+ * `axtary attest-ledger` — export the verified ledger and emit a signed,
807
+ * self-contained attestation bundle (export + JWS token + public key) that any
808
+ * third party can verify offline with only a JOSE library.
809
+ */
810
+ export declare function runLedgerAttest(input?: LedgerAttestRunInput): Promise<LedgerAttestRunResult>;
811
+ /**
812
+ * `axtary verify-export` — the standalone verifier. Reads an attestation bundle
813
+ * and confirms the signature, the canonical export digest, and the record chain
814
+ * using only the bundle's embedded public key.
815
+ */
816
+ export declare function runLedgerVerifyExport(input: LedgerVerifyExportRunInput): Promise<LedgerVerifyExportRunResult>;
817
+ export type LedgerProveEquivalenceRunInput = {
818
+ configPath?: string;
819
+ ledgerPath?: string;
820
+ cwd?: string;
821
+ from?: string;
822
+ to?: string;
823
+ decisions?: AxtaryDecision[];
824
+ outputPath?: string;
825
+ };
826
+ export type LedgerProveEquivalenceRunResult = {
827
+ schemaVersion: typeof LEDGER_PROVE_EQUIVALENCE_RUN_SCHEMA_VERSION;
828
+ config: {
829
+ filePath: string | null;
830
+ tenant: string;
831
+ };
832
+ ledgerPath: string;
833
+ outputPath: string | null;
834
+ report: LedgerEquivalenceReport;
835
+ };
836
+ /**
837
+ * `axtary prove-equivalence` — the queryable, exportable approval↔execution
838
+ * equivalence proof. Reads the ledger through the fail-closed export path
839
+ * (a tampered chain refuses to export at all), then reports, per execution
840
+ * record, the approved payload hash, the executed payload hash, and whether
841
+ * they are equal. Executions without approval evidence report `unproven`,
842
+ * never fake-proved.
843
+ */
844
+ export declare function runLedgerProveEquivalence(input?: LedgerProveEquivalenceRunInput): Promise<LedgerProveEquivalenceRunResult>;
845
+ export type LedgerProveInclusionRunInput = {
846
+ bundlePath: string;
847
+ recordId?: string;
848
+ index?: number;
849
+ outputPath?: string;
850
+ cwd?: string;
851
+ json?: boolean;
852
+ };
853
+ export type LedgerProveInclusionRunResult = {
854
+ schemaVersion: typeof LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION;
855
+ bundlePath: string;
856
+ outputPath: string | null;
857
+ proof: LedgerInclusionProof;
858
+ };
859
+ /**
860
+ * `axtary prove-inclusion` — emit an RFC 6962 inclusion proof for one record in
861
+ * an attestation bundle. The proof's `merkleRoot` matches the bundle's signed
862
+ * tree head, so a third party can verify it against the signed attestation.
863
+ */
864
+ export declare function runLedgerProveInclusion(input: LedgerProveInclusionRunInput): Promise<LedgerProveInclusionRunResult>;
865
+ export type LedgerProveConsistencyRunInput = {
866
+ firstBundlePath: string;
867
+ secondBundlePath: string;
868
+ outputPath?: string;
869
+ cwd?: string;
870
+ json?: boolean;
871
+ };
872
+ export type LedgerProveConsistencyRunResult = {
873
+ schemaVersion: typeof LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION;
874
+ firstBundlePath: string;
875
+ secondBundlePath: string;
876
+ outputPath: string | null;
877
+ proof: LedgerConsistencyProof;
878
+ };
879
+ /**
880
+ * `axtary prove-consistency` — emit an RFC 6962 consistency proof showing the
881
+ * second attestation's log append-only-extends the first. The proof binds both
882
+ * bundles' signed tree-head roots.
883
+ */
884
+ export declare function runLedgerProveConsistency(input: LedgerProveConsistencyRunInput): Promise<LedgerProveConsistencyRunResult>;
885
+ export type LedgerVerifyProofRunInput = {
886
+ proofPath: string;
887
+ bundlePath?: string;
888
+ firstBundlePath?: string;
889
+ secondBundlePath?: string;
890
+ issuer?: string;
891
+ cwd?: string;
892
+ json?: boolean;
893
+ };
894
+ export type LedgerVerifyProofRunResult = {
895
+ schemaVersion: typeof LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION;
896
+ proofType: "inclusion" | "consistency";
897
+ attestationValid: boolean;
898
+ proofResult: ProofVerificationResult;
899
+ valid: boolean;
900
+ };
901
+ /**
902
+ * `axtary verify-proof` — the standalone proof verifier. It re-verifies the
903
+ * signed tree head(s) from the bundle(s), then binds the inclusion/consistency
904
+ * proof to those signed roots, failing closed on any mismatch.
905
+ */
906
+ export declare function runLedgerVerifyProof(input: LedgerVerifyProofRunInput): Promise<LedgerVerifyProofRunResult>;
907
+ export type LedgerForensicsRunInput = {
908
+ bundlePath?: string;
909
+ ledgerPath?: string;
910
+ configPath?: string;
911
+ cwd?: string;
912
+ json?: boolean;
913
+ };
914
+ export type LedgerForensicsRunResult = {
915
+ schemaVersion: typeof LEDGER_FORENSICS_RUN_SCHEMA_VERSION;
916
+ source: string;
917
+ evidence: "verified_attestation_bundle" | "verified_local_ledger";
918
+ report: ForensicReport;
919
+ };
920
+ /**
921
+ * `axtary forensics` — offline reconstruction of a delegation+execution incident
922
+ * from the ledger alone, asserting attenuation / reconstructibility / cascade
923
+ * containment. Reads an attestation bundle when given (so analysis runs over
924
+ * attested evidence), otherwise the local ledger.
925
+ */
926
+ export declare function runLedgerForensics(input: LedgerForensicsRunInput): Promise<LedgerForensicsRunResult>;
927
+ export type ConnectRunInput = {
928
+ provider: string;
929
+ clientId?: string;
930
+ clientIdEnv?: string;
931
+ clientSecretEnv?: string;
932
+ redirectPort?: number;
933
+ redirectUri?: string;
934
+ cloudId?: string;
935
+ json?: boolean;
936
+ env?: Record<string, string | undefined>;
937
+ fetch?: typeof fetch;
938
+ store?: CredentialStore;
939
+ openBrowser?: (url: string) => void | Promise<void>;
940
+ onListening?: (port: number) => void;
941
+ stdout?: (text: string) => void;
942
+ };
943
+ export type ConnectRunResult = {
944
+ schemaVersion: typeof CONNECT_RUN_SCHEMA_VERSION;
945
+ provider: string;
946
+ account: string | null;
947
+ scopes: string[];
948
+ expiresAt: string | null;
949
+ secretBackend: "keychain" | "file";
950
+ context?: Record<string, string>;
951
+ };
952
+ /**
953
+ * `axtary connect <provider>` — local-loopback OAuth so a customer clicks
954
+ * "Allow" in the browser instead of hand-pasting a bot token. The customer
955
+ * brings their own OAuth app (client id/secret stay in local env, never reach
956
+ * Axtary); the obtained token is stored in the local credential broker (OS
957
+ * keychain or a 0600 file), never echoed.
958
+ */
959
+ export declare function runConnect(input: ConnectRunInput): Promise<ConnectRunResult>;
960
+ export declare function runDisconnect(input: {
961
+ provider: string;
962
+ store?: CredentialStore;
963
+ }): Promise<{
964
+ provider: string;
965
+ removed: boolean;
966
+ }>;
967
+ export type ConnectionsRunResult = {
968
+ schemaVersion: typeof CONNECTIONS_SCHEMA_VERSION;
969
+ connections: CredentialMetadata[];
970
+ };
971
+ export declare function runConnections(input?: {
972
+ store?: CredentialStore;
973
+ }): Promise<ConnectionsRunResult>;
974
+ export type ActionPassRevokeRunInput = {
975
+ passId: string;
976
+ trustStorePath?: string;
977
+ statusStorePath?: string;
978
+ ledgerPath?: string;
979
+ configPath?: string;
980
+ cwd?: string;
981
+ revokedBy?: string;
982
+ reason?: string;
983
+ revokedAt?: Date;
984
+ };
985
+ export type ActionPassRevokeRunResult = {
986
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
987
+ trustStorePath: string;
988
+ revocation: ActionPassRevocation;
989
+ statusStorePath: string | null;
990
+ ledgerPath: string | null;
991
+ ledgerEventId: string | null;
992
+ };
993
+ export declare function runActionPassRevoke(input: ActionPassRevokeRunInput): Promise<ActionPassRevokeRunResult>;
994
+ export declare function runActionPassRevocations(input?: {
995
+ trustStorePath?: string;
996
+ cwd?: string;
997
+ }): Promise<{
998
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
999
+ trustStorePath: string;
1000
+ revocations: ActionPassRevocation[];
1001
+ }>;
1002
+ export declare function runIssuerKeyring(input?: {
1003
+ keyringPath?: string;
1004
+ cwd?: string;
1005
+ rotate?: boolean;
1006
+ retireAfterSeconds?: number;
1007
+ }): Promise<{
1008
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
1009
+ keyringPath: string;
1010
+ activeKid: string;
1011
+ keys: Array<{
1012
+ kid: string;
1013
+ status: "active" | "retired";
1014
+ createdAt: string;
1015
+ retireAfter: string | null;
1016
+ }>;
1017
+ jwks: ReturnType<typeof issuerJwks>;
1018
+ }>;
1019
+ export declare function runActionPassStatus(input?: {
1020
+ statusStorePath?: string;
1021
+ cwd?: string;
1022
+ }): Promise<{
1023
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
1024
+ statusStorePath: string;
1025
+ uri: string;
1026
+ entries: Array<{
1027
+ passId: string;
1028
+ index: number;
1029
+ status: number;
1030
+ updatedAt: string;
1031
+ }>;
1032
+ }>;
1033
+ export declare function runCaepMap(input: {
1034
+ issuer: string;
1035
+ subject: SsfSubjectIdentifier;
1036
+ rootPassIds: string[];
1037
+ mappingPath?: string;
1038
+ cwd?: string;
1039
+ }): Promise<{
1040
+ schemaVersion: typeof CAEP_MAPPING_RUN_SCHEMA_VERSION;
1041
+ mappingPath: string;
1042
+ mapping: Awaited<ReturnType<LocalCaepMappingStore["put"]>>;
1043
+ }>;
285
1044
  export declare function runRealWorkflow(input?: RealWorkflowRunInput): Promise<RealWorkflowRunResult>;
1045
+ export declare const GITHUB_DEPTH_RUN_SCHEMA_VERSION = "axtary.github_depth_run.v0";
1046
+ export type GitHubDepthRunResult = {
1047
+ schemaVersion: typeof GITHUB_DEPTH_RUN_SCHEMA_VERSION;
1048
+ workflow: "github-depth";
1049
+ config: {
1050
+ filePath: string | null;
1051
+ tenant: string;
1052
+ };
1053
+ ledgerPath: string;
1054
+ status: "completed" | "blocked" | "failed";
1055
+ requiredModes: {
1056
+ github: "app";
1057
+ };
1058
+ inputs: {
1059
+ repoResource: string;
1060
+ issueKey: string;
1061
+ baseBranch: string;
1062
+ headBranch: string;
1063
+ prTitle: string;
1064
+ checkName: string;
1065
+ reviewLine: number;
1066
+ };
1067
+ target: {
1068
+ pullNumber: number;
1069
+ headSha: string;
1070
+ path: string;
1071
+ line: number;
1072
+ } | null;
1073
+ steps: RealWorkflowStepResult[];
1074
+ ledger: DemoRunResult["ledger"];
1075
+ };
1076
+ /**
1077
+ * GitHub-only depth proof: open a draft PR in the sandbox repo, then exercise
1078
+ * the three M7.3 write tools against that PR — an inline review comment, a check
1079
+ * run on its head commit, and a conversation comment — each governed by policy,
1080
+ * payload-bound by an ActionPass, and written to the ledger as a decision +
1081
+ * execution-outcome pair. Requires only the GitHub credential.
1082
+ */
1083
+ export declare function runGitHubDepthWorkflow(input?: RealWorkflowRunInput): Promise<GitHubDepthRunResult>;
1084
+ export declare const POSTGRES_READ_RUN_SCHEMA_VERSION = "axtary.postgres_read_run.v0";
1085
+ export type PostgresReadRunResult = {
1086
+ schemaVersion: typeof POSTGRES_READ_RUN_SCHEMA_VERSION;
1087
+ workflow: "postgres-read";
1088
+ config: {
1089
+ filePath: string | null;
1090
+ tenant: string;
1091
+ };
1092
+ ledgerPath: string;
1093
+ status: "completed" | "blocked" | "failed";
1094
+ requiredModes: {
1095
+ postgres: "postgres";
1096
+ };
1097
+ inputs: {
1098
+ databaseResource: string;
1099
+ statementHash: string | null;
1100
+ predicateHash: string | null;
1101
+ tables: string[];
1102
+ parameterCount: number;
1103
+ parameterHash: string;
1104
+ maxRows: number;
1105
+ };
1106
+ step: RealWorkflowStepResult;
1107
+ ledger: DemoRunResult["ledger"];
1108
+ };
1109
+ export declare function runPostgresReadWorkflow(input?: RealWorkflowRunInput): Promise<PostgresReadRunResult>;
1110
+ export declare const DRIVE_READ_RUN_SCHEMA_VERSION = "axtary.drive_read_run.v0";
1111
+ export type DriveReadRunResult = {
1112
+ schemaVersion: typeof DRIVE_READ_RUN_SCHEMA_VERSION;
1113
+ workflow: "drive-read";
1114
+ config: {
1115
+ filePath: string | null;
1116
+ tenant: string;
1117
+ };
1118
+ ledgerPath: string;
1119
+ status: "completed" | "blocked" | "failed";
1120
+ requiredModes: {
1121
+ drive: "rest";
1122
+ };
1123
+ inputs: {
1124
+ fileId: string;
1125
+ resource: string;
1126
+ maxBytes: number;
1127
+ source: "argument" | "picker_context" | "config";
1128
+ };
1129
+ step: RealWorkflowStepResult;
1130
+ ledger: DemoRunResult["ledger"];
1131
+ };
1132
+ export declare function runDriveReadWorkflow(input?: RealWorkflowRunInput): Promise<DriveReadRunResult>;
286
1133
  export declare function runAxtaryCli(argv?: string[], io?: CliIo): Promise<number>;
1134
+ /**
1135
+ * One line summarizing the approval↔execution equivalence over a set of
1136
+ * execution records. Verification fails closed on any failed pair, so a
1137
+ * summary rendered for a VALID export can only contain proved + unproven.
1138
+ */
1139
+ export declare function equivalenceSummaryLine(report: LedgerEquivalenceReport): string;
1140
+ /**
1141
+ * The tamper-outcome line, with the three states kept distinct: blocked
1142
+ * (the win), not-blocked (a real security failure), and not-reached (a prior
1143
+ * step failed before Slack, so the tamper was never exercised — must never be
1144
+ * reported as the tampered payload executing).
1145
+ */
1146
+ /**
1147
+ * The scoped-authority contrast line — the differentiation beat spelled out:
1148
+ * the agent still held a valid, exact-payload human approval whose tool +
1149
+ * resource scope matched the attempted call, so an authorizer that checks
1150
+ * scope alone would have let the swapped payload through. Only claim that
1151
+ * when `scopeUnchanged` was actually computed true; otherwise state the
1152
+ * scope changed too, which any authorizer should reject.
1153
+ */
1154
+ export declare function scopedAuthorityLine(authority: RealWorkflowTamperEvidence["scopedAuthority"]): string;
1155
+ export declare function tamperOutcomeLine(tamper: RealWorkflowTamperEvidence): string;
287
1156
  //# sourceMappingURL=index.d.ts.map