@axtary/ledger 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,16 +1,31 @@
1
- import { type LedgerExecutionOutcome, type LedgerRecord, type NormalizedAction, type PolicyDecision } from "@axtary/actionpass";
1
+ import { type ActionPassRevocation, type LocalActionPassTrustStore, type BudgetLedgerEvent, type LedgerExecutionOutcome, type DelegationLedgerEdge, type LedgerRecord, type NormalizedAction, type PolicyDecision, type SigningAlgorithm, type SigningKey, type VerificationKey, type VerificationKeyResolver, type VerificationKeySet } from "@axtary/actionpass";
2
2
  import { z } from "zod";
3
+ import { merkleConsistencyProof, merkleInclusionProof, merkleLeafHash, merkleNodeHash, merkleTreeRoot, verifyMerkleConsistency, verifyMerkleInclusion } from "./merkle.js";
4
+ export { merkleConsistencyProof, merkleInclusionProof, merkleLeafHash, merkleNodeHash, merkleTreeRoot, verifyMerkleConsistency, verifyMerkleInclusion, };
5
+ export { BEHAVIOR_STORE_VERSION, BehaviorStoreSchema, InMemoryBehaviorStore, FileBehaviorStore, deriveBehaviorSignals, recordBehaviorObservation, type BehaviorStore, type BehaviorStoreData, type BehaviorSignals, type FileBehaviorStoreOptions, } from "./behavior.js";
6
+ export { LEDGER_FORENSICS_VERSION, analyzeForensics, reconstructIncident, type ForensicExecution, type ForensicIncident, type ForensicNode, type ForensicProperty, type ForensicReport, type ForensicTimelineEntry, } from "./forensics.js";
3
7
  export declare const LOCAL_LEDGER_SCHEMA_VERSION = "axtary.local-ledger.v0";
8
+ export declare const LOCAL_LEDGER_HEAD_SCHEMA_VERSION = "axtary.local-ledger-head.v0";
4
9
  export declare const LEDGER_EXPORT_SCHEMA_VERSION = "axtary.ledger_export.v0";
5
10
  export declare const LEDGER_SYNC_SCHEMA_VERSION = "axtary.ledger_sync.v0";
6
11
  export declare const LEDGER_SIEM_EVENT_SCHEMA_VERSION = "axtary.siem_event.v0";
12
+ export declare const LEDGER_OTEL_EXPORT_SCHEMA_VERSION = "axtary.otel_trace_export.v0";
7
13
  export declare const LedgerAppendResultSchema: z.ZodObject<{
8
14
  record: z.ZodObject<{
9
15
  schemaVersion: z.ZodLiteral<"axtary.ledger.v0">;
10
16
  id: z.ZodString;
11
17
  occurredAt: z.ZodString;
18
+ auditContext: z.ZodOptional<z.ZodObject<{
19
+ tenant: z.ZodNullable<z.ZodString>;
20
+ agentId: z.ZodString;
21
+ humanOwner: z.ZodString;
22
+ taskId: z.ZodString;
23
+ tool: z.ZodString;
24
+ resource: z.ZodString;
25
+ }, z.core.$strip>>;
12
26
  actionHash: z.ZodString;
13
27
  payloadHash: z.ZodString;
28
+ provenanceHash: z.ZodOptional<z.ZodString>;
14
29
  decision: z.ZodEnum<{
15
30
  allow: "allow";
16
31
  deny: "deny";
@@ -30,10 +45,12 @@ export declare const LedgerAppendResultSchema: z.ZodObject<{
30
45
  slack: "slack";
31
46
  linear: "linear";
32
47
  docs: "docs";
48
+ drive: "drive";
33
49
  mcp: "mcp";
34
50
  aws: "aws";
35
51
  gcp: "gcp";
36
52
  jira: "jira";
53
+ postgres: "postgres";
37
54
  }>;
38
55
  tool: z.ZodString;
39
56
  operation: z.ZodString;
@@ -43,10 +60,12 @@ export declare const LedgerAppendResultSchema: z.ZodObject<{
43
60
  slack: "slack";
44
61
  linear: "linear";
45
62
  docs: "docs";
63
+ drive: "drive";
46
64
  mcp: "mcp";
47
65
  aws: "aws";
48
66
  gcp: "gcp";
49
67
  jira: "jira";
68
+ postgres: "postgres";
50
69
  }>;
51
70
  kind: z.ZodString;
52
71
  id: z.ZodString;
@@ -65,10 +84,12 @@ export declare const LedgerAppendResultSchema: z.ZodObject<{
65
84
  slack: "slack";
66
85
  linear: "linear";
67
86
  docs: "docs";
87
+ drive: "drive";
68
88
  mcp: "mcp";
69
89
  aws: "aws";
70
90
  gcp: "gcp";
71
91
  jira: "jira";
92
+ postgres: "postgres";
72
93
  }>;
73
94
  summary: z.ZodOptional<z.ZodString>;
74
95
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -109,10 +130,12 @@ export declare const LedgerAppendResultSchema: z.ZodObject<{
109
130
  slack: "slack";
110
131
  linear: "linear";
111
132
  docs: "docs";
133
+ drive: "drive";
112
134
  mcp: "mcp";
113
135
  aws: "aws";
114
136
  gcp: "gcp";
115
137
  jira: "jira";
138
+ postgres: "postgres";
116
139
  }>>;
117
140
  resultId: z.ZodOptional<z.ZodString>;
118
141
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -124,6 +147,28 @@ export declare const LedgerAppendResultSchema: z.ZodObject<{
124
147
  }, z.core.$strict>>;
125
148
  traceId: z.ZodOptional<z.ZodString>;
126
149
  actionPassId: z.ZodNullable<z.ZodString>;
150
+ delegation: z.ZodOptional<z.ZodObject<{
151
+ parentPassId: z.ZodString;
152
+ childPassId: z.ZodString;
153
+ depth: z.ZodNumber;
154
+ rootPassId: z.ZodString;
155
+ }, z.core.$strip>>;
156
+ budget: z.ZodOptional<z.ZodObject<{
157
+ reservationId: z.ZodNullable<z.ZodString>;
158
+ scope: z.ZodString;
159
+ status: z.ZodEnum<{
160
+ pending: "pending";
161
+ committed: "committed";
162
+ rolled_back: "rolled_back";
163
+ denied: "denied";
164
+ }>;
165
+ expiresAt: z.ZodNullable<z.ZodString>;
166
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
167
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
168
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
169
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
170
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
171
+ }, z.core.$strip>>;
127
172
  correlationId: z.ZodOptional<z.ZodString>;
128
173
  previousLedgerHash: z.ZodNullable<z.ZodString>;
129
174
  ledgerHash: z.ZodString;
@@ -135,6 +180,14 @@ export type AppendDecisionInput = {
135
180
  action: NormalizedAction;
136
181
  decision: PolicyDecision;
137
182
  actionPassId?: string | null;
183
+ delegation?: DelegationLedgerEdge;
184
+ budget?: BudgetLedgerEvent;
185
+ occurredAt?: Date;
186
+ };
187
+ export type AppendRevocationInput = {
188
+ revokedRecord: LedgerRecord;
189
+ revokedBy?: string;
190
+ reason?: string;
138
191
  occurredAt?: Date;
139
192
  };
140
193
  export type AppendExecutionOutcomeInput = AppendDecisionInput & {
@@ -183,8 +236,17 @@ export declare const LedgerExportSchema: z.ZodObject<{
183
236
  schemaVersion: z.ZodLiteral<"axtary.ledger.v0">;
184
237
  id: z.ZodString;
185
238
  occurredAt: z.ZodString;
239
+ auditContext: z.ZodOptional<z.ZodObject<{
240
+ tenant: z.ZodNullable<z.ZodString>;
241
+ agentId: z.ZodString;
242
+ humanOwner: z.ZodString;
243
+ taskId: z.ZodString;
244
+ tool: z.ZodString;
245
+ resource: z.ZodString;
246
+ }, z.core.$strip>>;
186
247
  actionHash: z.ZodString;
187
248
  payloadHash: z.ZodString;
249
+ provenanceHash: z.ZodOptional<z.ZodString>;
188
250
  decision: z.ZodEnum<{
189
251
  allow: "allow";
190
252
  deny: "deny";
@@ -204,10 +266,12 @@ export declare const LedgerExportSchema: z.ZodObject<{
204
266
  slack: "slack";
205
267
  linear: "linear";
206
268
  docs: "docs";
269
+ drive: "drive";
207
270
  mcp: "mcp";
208
271
  aws: "aws";
209
272
  gcp: "gcp";
210
273
  jira: "jira";
274
+ postgres: "postgres";
211
275
  }>;
212
276
  tool: z.ZodString;
213
277
  operation: z.ZodString;
@@ -217,10 +281,12 @@ export declare const LedgerExportSchema: z.ZodObject<{
217
281
  slack: "slack";
218
282
  linear: "linear";
219
283
  docs: "docs";
284
+ drive: "drive";
220
285
  mcp: "mcp";
221
286
  aws: "aws";
222
287
  gcp: "gcp";
223
288
  jira: "jira";
289
+ postgres: "postgres";
224
290
  }>;
225
291
  kind: z.ZodString;
226
292
  id: z.ZodString;
@@ -239,10 +305,12 @@ export declare const LedgerExportSchema: z.ZodObject<{
239
305
  slack: "slack";
240
306
  linear: "linear";
241
307
  docs: "docs";
308
+ drive: "drive";
242
309
  mcp: "mcp";
243
310
  aws: "aws";
244
311
  gcp: "gcp";
245
312
  jira: "jira";
313
+ postgres: "postgres";
246
314
  }>;
247
315
  summary: z.ZodOptional<z.ZodString>;
248
316
  files: z.ZodDefault<z.ZodArray<z.ZodObject<{
@@ -283,10 +351,12 @@ export declare const LedgerExportSchema: z.ZodObject<{
283
351
  slack: "slack";
284
352
  linear: "linear";
285
353
  docs: "docs";
354
+ drive: "drive";
286
355
  mcp: "mcp";
287
356
  aws: "aws";
288
357
  gcp: "gcp";
289
358
  jira: "jira";
359
+ postgres: "postgres";
290
360
  }>>;
291
361
  resultId: z.ZodOptional<z.ZodString>;
292
362
  resultUrl: z.ZodOptional<z.ZodString>;
@@ -298,6 +368,28 @@ export declare const LedgerExportSchema: z.ZodObject<{
298
368
  }, z.core.$strict>>;
299
369
  traceId: z.ZodOptional<z.ZodString>;
300
370
  actionPassId: z.ZodNullable<z.ZodString>;
371
+ delegation: z.ZodOptional<z.ZodObject<{
372
+ parentPassId: z.ZodString;
373
+ childPassId: z.ZodString;
374
+ depth: z.ZodNumber;
375
+ rootPassId: z.ZodString;
376
+ }, z.core.$strip>>;
377
+ budget: z.ZodOptional<z.ZodObject<{
378
+ reservationId: z.ZodNullable<z.ZodString>;
379
+ scope: z.ZodString;
380
+ status: z.ZodEnum<{
381
+ pending: "pending";
382
+ committed: "committed";
383
+ rolled_back: "rolled_back";
384
+ denied: "denied";
385
+ }>;
386
+ expiresAt: z.ZodNullable<z.ZodString>;
387
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
388
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
389
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
390
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
391
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
392
+ }, z.core.$strip>>;
301
393
  correlationId: z.ZodOptional<z.ZodString>;
302
394
  previousLedgerHash: z.ZodNullable<z.ZodString>;
303
395
  ledgerHash: z.ZodString;
@@ -355,10 +447,12 @@ export declare const LedgerSiemEventSchema: z.ZodObject<{
355
447
  slack: "slack";
356
448
  linear: "linear";
357
449
  docs: "docs";
450
+ drive: "drive";
358
451
  mcp: "mcp";
359
452
  aws: "aws";
360
453
  gcp: "gcp";
361
454
  jira: "jira";
455
+ postgres: "postgres";
362
456
  }>;
363
457
  tool: z.ZodString;
364
458
  operation: z.ZodString;
@@ -397,19 +491,495 @@ export type SyncLedgerExportInput = {
397
491
  fetch?: typeof fetch;
398
492
  timeoutMs?: number;
399
493
  };
494
+ export type LedgerTelemetryExporter = {
495
+ exportRecord(record: LedgerRecord): Promise<void>;
496
+ };
497
+ export type OtlpHttpTraceExporterOptions = {
498
+ endpoint: string;
499
+ serviceName?: string;
500
+ serviceVersion?: string;
501
+ timeoutMs?: number;
502
+ headers?: Record<string, string>;
503
+ fetch?: typeof fetch;
504
+ };
505
+ export type ExportOtelTracesInput = OtlpHttpTraceExporterOptions & {
506
+ records: LedgerRecord[];
507
+ };
508
+ export type OtelTraceExportResult = {
509
+ schemaVersion: typeof LEDGER_OTEL_EXPORT_SCHEMA_VERSION;
510
+ endpoint: string;
511
+ exportedAt: string;
512
+ records: number;
513
+ spans: number;
514
+ status: number;
515
+ };
516
+ export type LocalJsonlLedgerOptions = {
517
+ lock?: {
518
+ staleMs?: number;
519
+ updateMs?: number;
520
+ retries?: number;
521
+ minTimeoutMs?: number;
522
+ maxTimeoutMs?: number;
523
+ };
524
+ telemetry?: LedgerTelemetryExporter;
525
+ };
400
526
  export declare class LocalJsonlLedger {
401
527
  readonly filePath: string;
402
- constructor(filePath: string);
528
+ readonly headPath: string;
529
+ private readonly options;
530
+ constructor(filePath: string, options?: LocalJsonlLedgerOptions);
403
531
  appendDecision(input: AppendDecisionInput): Promise<LedgerAppendResult>;
404
532
  appendExecutionOutcome(input: AppendExecutionOutcomeInput): Promise<LedgerAppendResult>;
533
+ appendRevocation(input: AppendRevocationInput): Promise<LedgerAppendResult>;
405
534
  appendRecord(recordInput: LedgerRecord): Promise<LedgerAppendResult>;
406
535
  readRecords(): Promise<LedgerRecord[]>;
407
536
  verify(): Promise<VerifyLedgerResult>;
537
+ private withAppendLock;
538
+ private appendLocked;
539
+ private exportTelemetry;
540
+ }
541
+ export declare class OtlpHttpTraceExporter implements LedgerTelemetryExporter {
542
+ private readonly options;
543
+ constructor(options: OtlpHttpTraceExporterOptions);
544
+ exportRecord(record: LedgerRecord): Promise<void>;
408
545
  }
409
546
  export declare function readLedgerRecords(filePath: string): Promise<LedgerRecord[]>;
547
+ export type RevokeActionPassResult = {
548
+ revocation: ActionPassRevocation;
549
+ ledgerEvent: LedgerAppendResult | null;
550
+ revokedRecordId: string | null;
551
+ };
552
+ /**
553
+ * Revoke a pass through the single honest path used by both the CLI and the
554
+ * dashboard: first write the durable trust-store revocation (the enforcement
555
+ * authority the proxy/adapters/MCP check), then append a tamper-evident
556
+ * revocation event to the hash-chained ledger bound to the most recent record
557
+ * naming that pass. Enforcement is written first so a later audit-append
558
+ * failure still leaves the pass actually revoked. When no ledger record names
559
+ * the pass (e.g. it never ran locally), the revocation is still authoritative
560
+ * and `ledgerEvent` is null — never faked.
561
+ */
562
+ export declare function revokeActionPassWithLedgerEvent(input: {
563
+ trustStore: LocalActionPassTrustStore;
564
+ ledger: LocalJsonlLedger;
565
+ passId: string;
566
+ revokedBy?: string;
567
+ reason?: string;
568
+ occurredAt?: Date;
569
+ }): Promise<RevokeActionPassResult>;
410
570
  export declare function verifyLedgerFile(filePath: string): Promise<VerifyLedgerResult>;
411
571
  export declare function exportLedgerRecords(input: ExportLedgerRecordsInput): Promise<LedgerExport>;
572
+ export declare function exportLedgerRecordsToOtlp(input: ExportOtelTracesInput): Promise<OtelTraceExportResult>;
412
573
  export declare function syncLedgerExport(input: SyncLedgerExportInput): Promise<LedgerSyncResult>;
413
574
  export declare function formatLedgerExport(input: FormatLedgerExportInput): string;
414
575
  export declare function computeLedgerHash(record: Omit<LedgerRecord, "ledgerHash">): string;
576
+ export declare const LEDGER_ATTESTATION_VERSION = "axtary.ledger_attestation.v0";
577
+ export declare const LedgerAttestationClaimsSchema: z.ZodObject<{
578
+ lav: z.ZodLiteral<"axtary.ledger_attestation.v0">;
579
+ iss: z.ZodString;
580
+ iat: z.ZodNumber;
581
+ tenant: z.ZodOptional<z.ZodString>;
582
+ exportDigest: z.ZodString;
583
+ recordCount: z.ZodNumber;
584
+ firstLedgerHash: z.ZodNullable<z.ZodString>;
585
+ segmentHead: z.ZodNullable<z.ZodString>;
586
+ sourceLastLedgerHash: z.ZodNullable<z.ZodString>;
587
+ range: z.ZodObject<{
588
+ from: z.ZodNullable<z.ZodString>;
589
+ to: z.ZodNullable<z.ZodString>;
590
+ decisions: z.ZodNullable<z.ZodArray<z.ZodEnum<{
591
+ allow: "allow";
592
+ deny: "deny";
593
+ step_up: "step_up";
594
+ }>>>;
595
+ }, z.core.$strip>;
596
+ merkleRoot: z.ZodOptional<z.ZodString>;
597
+ treeSize: z.ZodOptional<z.ZodNumber>;
598
+ }, z.core.$strip>;
599
+ export type LedgerAttestationClaims = z.infer<typeof LedgerAttestationClaimsSchema>;
600
+ export type LedgerAttestation = {
601
+ schemaVersion: typeof LEDGER_ATTESTATION_VERSION;
602
+ token: string;
603
+ claims: LedgerAttestationClaims;
604
+ };
605
+ export type AttestLedgerExportInput = {
606
+ export: LedgerExport;
607
+ issuer: string;
608
+ signingKey: SigningKey;
609
+ keyId?: string;
610
+ algorithm?: SigningAlgorithm;
611
+ tenant?: string;
612
+ now?: Date;
613
+ };
614
+ export type VerifyLedgerAttestationInput = {
615
+ export: LedgerExport;
616
+ attestation: string | LedgerAttestation;
617
+ verificationKey?: VerificationKey;
618
+ verificationKeys?: VerificationKeySet | VerificationKeyResolver;
619
+ issuer?: string;
620
+ algorithms?: SigningAlgorithm[];
621
+ currentDate?: Date;
622
+ };
623
+ export type VerifyLedgerAttestationResult = {
624
+ valid: true;
625
+ claims: LedgerAttestationClaims;
626
+ recomputedDigest: string;
627
+ } | {
628
+ valid: false;
629
+ reason: string;
630
+ };
631
+ /** SHA-256 digest of the canonical (JCS) ledger export — the content binding. */
632
+ export declare function computeLedgerExportDigest(exportInput: LedgerExport): string;
633
+ /**
634
+ * RFC 6962 leaves for an export: one leaf per record, committing to that
635
+ * record's `ledgerHash`. Because a verifier recomputes each `ledgerHash` from
636
+ * record content (spec §9.1), binding leaves to `ledgerHash` transitively binds
637
+ * the full record content — a one-byte rewrite changes the leaf and the root.
638
+ */
639
+ export declare function ledgerExportLeafHashes(exportInput: LedgerExport): Buffer[];
640
+ /** Merkle Tree Hash (RFC 6962) over the export's record leaves, as `sha256:hex`. */
641
+ export declare function computeLedgerExportMerkleRoot(exportInput: LedgerExport): string;
642
+ export declare function attestLedgerExport(input: AttestLedgerExportInput): Promise<LedgerAttestation>;
643
+ /**
644
+ * Standalone verifier: confirm a ledger export carries a valid issuer signature
645
+ * and has not been altered. Needs only the export, the attestation token, and
646
+ * the issuer public key — re-derivable from the spec alone.
647
+ */
648
+ export declare function verifyLedgerAttestation(input: VerifyLedgerAttestationInput): Promise<VerifyLedgerAttestationResult>;
649
+ type OtlpAnyValue = {
650
+ stringValue: string;
651
+ } | {
652
+ boolValue: boolean;
653
+ } | {
654
+ intValue: string;
655
+ } | {
656
+ arrayValue: {
657
+ values: OtlpAnyValue[];
658
+ };
659
+ };
660
+ type OtlpAttribute = {
661
+ key: string;
662
+ value: OtlpAnyValue;
663
+ };
664
+ type BuildOtlpTraceRequestInput = {
665
+ records: LedgerRecord[];
666
+ serviceName?: string;
667
+ serviceVersion?: string;
668
+ };
669
+ export declare function buildOtlpTraceRequest(input: BuildOtlpTraceRequestInput): {
670
+ resourceSpans: {
671
+ resource: {
672
+ attributes: OtlpAttribute[];
673
+ };
674
+ scopeSpans: {
675
+ scope: {
676
+ name: string;
677
+ version: string;
678
+ };
679
+ spans: {
680
+ status?: {
681
+ code: string;
682
+ message: string;
683
+ } | {
684
+ code: string;
685
+ message?: undefined;
686
+ } | undefined;
687
+ traceId: string;
688
+ spanId: string;
689
+ name: string;
690
+ kind: string;
691
+ startTimeUnixNano: string;
692
+ endTimeUnixNano: string;
693
+ attributes: OtlpAttribute[];
694
+ }[];
695
+ }[];
696
+ }[];
697
+ };
698
+ export declare const LEDGER_ATTESTATION_BUNDLE_VERSION = "axtary.ledger_attestation_bundle.v0";
699
+ export declare const LedgerAttestationBundleSchema: z.ZodObject<{
700
+ schemaVersion: z.ZodLiteral<"axtary.ledger_attestation_bundle.v0">;
701
+ export: z.ZodObject<{
702
+ schemaVersion: z.ZodLiteral<"axtary.ledger_export.v0">;
703
+ exportedAt: z.ZodString;
704
+ source: z.ZodObject<{
705
+ filePath: z.ZodString;
706
+ totalRecords: z.ZodNumber;
707
+ lastLedgerHash: z.ZodNullable<z.ZodString>;
708
+ }, z.core.$strip>;
709
+ filters: z.ZodObject<{
710
+ from: z.ZodNullable<z.ZodString>;
711
+ to: z.ZodNullable<z.ZodString>;
712
+ decisions: z.ZodNullable<z.ZodArray<z.ZodEnum<{
713
+ allow: "allow";
714
+ deny: "deny";
715
+ step_up: "step_up";
716
+ }>>>;
717
+ }, z.core.$strip>;
718
+ records: z.ZodArray<z.ZodObject<{
719
+ schemaVersion: z.ZodLiteral<"axtary.ledger.v0">;
720
+ id: z.ZodString;
721
+ occurredAt: z.ZodString;
722
+ auditContext: z.ZodOptional<z.ZodObject<{
723
+ tenant: z.ZodNullable<z.ZodString>;
724
+ agentId: z.ZodString;
725
+ humanOwner: z.ZodString;
726
+ taskId: z.ZodString;
727
+ tool: z.ZodString;
728
+ resource: z.ZodString;
729
+ }, z.core.$strip>>;
730
+ actionHash: z.ZodString;
731
+ payloadHash: z.ZodString;
732
+ provenanceHash: z.ZodOptional<z.ZodString>;
733
+ decision: z.ZodEnum<{
734
+ allow: "allow";
735
+ deny: "deny";
736
+ step_up: "step_up";
737
+ }>;
738
+ reasons: z.ZodArray<z.ZodString>;
739
+ policy: z.ZodObject<{
740
+ nativeRule: z.ZodString;
741
+ version: z.ZodString;
742
+ cedarCompatible: z.ZodBoolean;
743
+ opaCompatible: z.ZodBoolean;
744
+ }, z.core.$strip>;
745
+ providerEvidence: z.ZodOptional<z.ZodObject<{
746
+ schemaVersion: z.ZodLiteral<"axtary.ledger_provider_evidence.v0">;
747
+ provider: z.ZodEnum<{
748
+ github: "github";
749
+ slack: "slack";
750
+ linear: "linear";
751
+ docs: "docs";
752
+ drive: "drive";
753
+ mcp: "mcp";
754
+ aws: "aws";
755
+ gcp: "gcp";
756
+ jira: "jira";
757
+ postgres: "postgres";
758
+ }>;
759
+ tool: z.ZodString;
760
+ operation: z.ZodString;
761
+ resource: z.ZodObject<{
762
+ provider: z.ZodEnum<{
763
+ github: "github";
764
+ slack: "slack";
765
+ linear: "linear";
766
+ docs: "docs";
767
+ drive: "drive";
768
+ mcp: "mcp";
769
+ aws: "aws";
770
+ gcp: "gcp";
771
+ jira: "jira";
772
+ postgres: "postgres";
773
+ }>;
774
+ kind: z.ZodString;
775
+ id: z.ZodString;
776
+ label: z.ZodOptional<z.ZodString>;
777
+ url: z.ZodOptional<z.ZodString>;
778
+ }, z.core.$strict>;
779
+ normalized: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<import("@axtary/actionpass").JsonValue, unknown, z.core.$ZodTypeInternals<import("@axtary/actionpass").JsonValue, unknown>>>>;
780
+ fieldChanges: z.ZodDefault<z.ZodArray<z.ZodObject<{
781
+ field: z.ZodString;
782
+ before: z.ZodOptional<z.ZodType<import("@axtary/actionpass").JsonValue, unknown, z.core.$ZodTypeInternals<import("@axtary/actionpass").JsonValue, unknown>>>;
783
+ after: z.ZodOptional<z.ZodType<import("@axtary/actionpass").JsonValue, unknown, z.core.$ZodTypeInternals<import("@axtary/actionpass").JsonValue, unknown>>>;
784
+ }, z.core.$strip>>>;
785
+ diff: z.ZodOptional<z.ZodObject<{
786
+ provider: z.ZodEnum<{
787
+ github: "github";
788
+ slack: "slack";
789
+ linear: "linear";
790
+ docs: "docs";
791
+ drive: "drive";
792
+ mcp: "mcp";
793
+ aws: "aws";
794
+ gcp: "gcp";
795
+ jira: "jira";
796
+ postgres: "postgres";
797
+ }>;
798
+ summary: z.ZodOptional<z.ZodString>;
799
+ files: z.ZodDefault<z.ZodArray<z.ZodObject<{
800
+ path: z.ZodString;
801
+ oldPath: z.ZodOptional<z.ZodString>;
802
+ status: z.ZodEnum<{
803
+ added: "added";
804
+ modified: "modified";
805
+ deleted: "deleted";
806
+ renamed: "renamed";
807
+ }>;
808
+ additions: z.ZodDefault<z.ZodNumber>;
809
+ deletions: z.ZodDefault<z.ZodNumber>;
810
+ hunks: z.ZodDefault<z.ZodArray<z.ZodObject<{
811
+ header: z.ZodString;
812
+ lines: z.ZodArray<z.ZodObject<{
813
+ type: z.ZodEnum<{
814
+ context: "context";
815
+ addition: "addition";
816
+ deletion: "deletion";
817
+ }>;
818
+ content: z.ZodString;
819
+ oldLine: z.ZodOptional<z.ZodNumber>;
820
+ newLine: z.ZodOptional<z.ZodNumber>;
821
+ }, z.core.$strip>>;
822
+ }, z.core.$strip>>>;
823
+ }, z.core.$strip>>>;
824
+ }, z.core.$strip>>;
825
+ }, z.core.$strip>>;
826
+ executionOutcome: z.ZodOptional<z.ZodObject<{
827
+ schemaVersion: z.ZodLiteral<"axtary.ledger_execution_outcome.v0">;
828
+ status: z.ZodEnum<{
829
+ succeeded: "succeeded";
830
+ failed: "failed";
831
+ }>;
832
+ provider: z.ZodOptional<z.ZodEnum<{
833
+ github: "github";
834
+ slack: "slack";
835
+ linear: "linear";
836
+ docs: "docs";
837
+ drive: "drive";
838
+ mcp: "mcp";
839
+ aws: "aws";
840
+ gcp: "gcp";
841
+ jira: "jira";
842
+ postgres: "postgres";
843
+ }>>;
844
+ resultId: z.ZodOptional<z.ZodString>;
845
+ resultUrl: z.ZodOptional<z.ZodString>;
846
+ resourceId: z.ZodOptional<z.ZodString>;
847
+ resourceLabel: z.ZodOptional<z.ZodString>;
848
+ failureReason: z.ZodOptional<z.ZodString>;
849
+ errorClass: z.ZodOptional<z.ZodString>;
850
+ sideEffectProof: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<import("@axtary/actionpass").JsonValue, unknown, z.core.$ZodTypeInternals<import("@axtary/actionpass").JsonValue, unknown>>>>;
851
+ }, z.core.$strict>>;
852
+ traceId: z.ZodOptional<z.ZodString>;
853
+ actionPassId: z.ZodNullable<z.ZodString>;
854
+ delegation: z.ZodOptional<z.ZodObject<{
855
+ parentPassId: z.ZodString;
856
+ childPassId: z.ZodString;
857
+ depth: z.ZodNumber;
858
+ rootPassId: z.ZodString;
859
+ }, z.core.$strip>>;
860
+ budget: z.ZodOptional<z.ZodObject<{
861
+ reservationId: z.ZodNullable<z.ZodString>;
862
+ scope: z.ZodString;
863
+ status: z.ZodEnum<{
864
+ pending: "pending";
865
+ committed: "committed";
866
+ rolled_back: "rolled_back";
867
+ denied: "denied";
868
+ }>;
869
+ expiresAt: z.ZodNullable<z.ZodString>;
870
+ cost: z.ZodRecord<z.ZodString, z.ZodNumber>;
871
+ limit: z.ZodRecord<z.ZodString, z.ZodNumber>;
872
+ committedBefore: z.ZodRecord<z.ZodString, z.ZodNumber>;
873
+ committedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
874
+ reservedAfter: z.ZodRecord<z.ZodString, z.ZodNumber>;
875
+ }, z.core.$strip>>;
876
+ correlationId: z.ZodOptional<z.ZodString>;
877
+ previousLedgerHash: z.ZodNullable<z.ZodString>;
878
+ ledgerHash: z.ZodString;
879
+ }, z.core.$strip>>;
880
+ }, z.core.$strip>;
881
+ attestation: z.ZodObject<{
882
+ token: z.ZodString;
883
+ claims: z.ZodObject<{
884
+ lav: z.ZodLiteral<"axtary.ledger_attestation.v0">;
885
+ iss: z.ZodString;
886
+ iat: z.ZodNumber;
887
+ tenant: z.ZodOptional<z.ZodString>;
888
+ exportDigest: z.ZodString;
889
+ recordCount: z.ZodNumber;
890
+ firstLedgerHash: z.ZodNullable<z.ZodString>;
891
+ segmentHead: z.ZodNullable<z.ZodString>;
892
+ sourceLastLedgerHash: z.ZodNullable<z.ZodString>;
893
+ range: z.ZodObject<{
894
+ from: z.ZodNullable<z.ZodString>;
895
+ to: z.ZodNullable<z.ZodString>;
896
+ decisions: z.ZodNullable<z.ZodArray<z.ZodEnum<{
897
+ allow: "allow";
898
+ deny: "deny";
899
+ step_up: "step_up";
900
+ }>>>;
901
+ }, z.core.$strip>;
902
+ merkleRoot: z.ZodOptional<z.ZodString>;
903
+ treeSize: z.ZodOptional<z.ZodNumber>;
904
+ }, z.core.$strip>;
905
+ }, z.core.$strip>;
906
+ publicJwk: z.ZodRecord<z.ZodString, z.ZodUnknown>;
907
+ keyId: z.ZodNullable<z.ZodString>;
908
+ }, z.core.$strip>;
909
+ export type LedgerAttestationBundle = z.infer<typeof LedgerAttestationBundleSchema>;
910
+ /** Bundle an export, its attestation, and the public key into one artifact. */
911
+ export declare function buildLedgerAttestationBundle(input: {
912
+ export: LedgerExport;
913
+ attestation: LedgerAttestation;
914
+ publicJwk: Record<string, unknown>;
915
+ keyId?: string | null;
916
+ }): LedgerAttestationBundle;
917
+ /** Verify a self-contained attestation bundle (export + token + embedded public key). */
918
+ export declare function verifyLedgerAttestationBundle(bundleInput: unknown, options?: {
919
+ issuer?: string;
920
+ algorithms?: SigningAlgorithm[];
921
+ currentDate?: Date;
922
+ }): Promise<VerifyLedgerAttestationResult>;
923
+ export declare const LEDGER_INCLUSION_PROOF_VERSION = "axtary.ledger_inclusion_proof.v0";
924
+ export declare const LedgerInclusionProofSchema: z.ZodObject<{
925
+ schemaVersion: z.ZodLiteral<"axtary.ledger_inclusion_proof.v0">;
926
+ recordId: z.ZodString;
927
+ ledgerHash: z.ZodString;
928
+ leafIndex: z.ZodNumber;
929
+ treeSize: z.ZodNumber;
930
+ merkleRoot: z.ZodString;
931
+ auditPath: z.ZodArray<z.ZodString>;
932
+ }, z.core.$strip>;
933
+ export type LedgerInclusionProof = z.infer<typeof LedgerInclusionProofSchema>;
934
+ export declare const LEDGER_CONSISTENCY_PROOF_VERSION = "axtary.ledger_consistency_proof.v0";
935
+ export declare const LedgerConsistencyProofSchema: z.ZodObject<{
936
+ schemaVersion: z.ZodLiteral<"axtary.ledger_consistency_proof.v0">;
937
+ firstSize: z.ZodNumber;
938
+ secondSize: z.ZodNumber;
939
+ firstRoot: z.ZodString;
940
+ secondRoot: z.ZodString;
941
+ proof: z.ZodArray<z.ZodString>;
942
+ }, z.core.$strip>;
943
+ export type LedgerConsistencyProof = z.infer<typeof LedgerConsistencyProofSchema>;
944
+ export type ProofVerificationResult = {
945
+ valid: true;
946
+ } | {
947
+ valid: false;
948
+ reason: string;
949
+ };
950
+ /** Build an inclusion proof for one record (by id or 0-based index). */
951
+ export declare function proveLedgerInclusion(input: {
952
+ export: LedgerExport;
953
+ recordId?: string;
954
+ index?: number;
955
+ }): LedgerInclusionProof;
956
+ /**
957
+ * Verify an inclusion proof against a Merkle root. Pass `expectedRoot` (e.g. a
958
+ * signed attestation's `merkleRoot`) to bind the proof to a signed tree head.
959
+ * Pass `record` to additionally recompute the leaf from record content so a
960
+ * proof cannot smuggle a `ledgerHash` that does not match the record.
961
+ */
962
+ export declare function verifyLedgerInclusionProof(input: {
963
+ proof: unknown;
964
+ expectedRoot?: string;
965
+ record?: LedgerRecord;
966
+ }): ProofVerificationResult;
967
+ /**
968
+ * Build a consistency proof showing the `second` export append-only-extends the
969
+ * `first`. Roots are computed from each export independently; if `first` is not
970
+ * a genuine prefix, verification fails (the honest, fail-closed outcome).
971
+ */
972
+ export declare function proveLedgerConsistency(input: {
973
+ first: LedgerExport;
974
+ second: LedgerExport;
975
+ }): LedgerConsistencyProof;
976
+ /**
977
+ * Verify a consistency proof. Pass `firstExpectedRoot`/`secondExpectedRoot`
978
+ * (the two signed heads' `merkleRoot`s) to bind the proof to signed tree heads.
979
+ */
980
+ export declare function verifyLedgerConsistencyProof(input: {
981
+ proof: unknown;
982
+ firstExpectedRoot?: string;
983
+ secondExpectedRoot?: string;
984
+ }): ProofVerificationResult;
415
985
  //# sourceMappingURL=index.d.ts.map