@fusionkit/plane 0.1.0

package/dist/test/server-hardening.test.js

@@ -0,0 +1,192 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { after, before, test } from "node:test";
+import { generateEd25519KeyPair } from "@fusionkit/protocol";
+import { generateMasterKeyHex, masterKeyFromMaterial } from "../keys.js";
+import { Plane } from "../plane.js";
+import { defaultPolicy } from "../policy.js";
+import { SecretStore } from "../secrets.js";
+import { startPlaneServer } from "../server.js";
+const ADMIN = "srv-admin";
+let dir;
+let plane;
+let server;
+let baseUrl;
+let requesterToken;
+function manifest() {
+    return {
+        version: "warrant.manifest.v1",
+        baseRef: "0".repeat(40),
+        bundleHash: "1".repeat(64),
+        untrackedFiles: [],
+        deniedPatterns: [],
+        deniedPaths: []
+    };
+}
+function runBody() {
+    return {
+        requestedBy: { kind: "human", id: "tester" },
+        agentKind: "mock",
+        prompt: "server hardening",
+        pool: "default",
+        secretNames: [],
+        workspace: manifest(),
+        network: { defaultDeny: true, allowHosts: [] },
+        budget: {},
+        disclosure: "minimal-context"
+    };
+}
+async function http(method, path, options = {}) {
+    const headers = {};
+    if (options.token)
+        headers.authorization = `Bearer ${options.token}`;
+    if (options.body !== undefined || options.rawBody !== undefined) {
+        headers["content-type"] = "application/json";
+    }
+    const response = await fetch(`${baseUrl}${path}`, {
+        method,
+        headers,
+        body: options.rawBody ??
+            (options.body === undefined ? undefined : JSON.stringify(options.body))
+    });
+    const text = await response.text();
+    return {
+        status: response.status,
+        body: text.length > 0 ? JSON.parse(text) : undefined
+    };
+}
+before(async () => {
+    dir = mkdtempSync(join(tmpdir(), "warrant-srv-"));
+    const keys = generateEd25519KeyPair();
+    plane = new Plane({
+        dataDir: dir,
+        policy: defaultPolicy(),
+        planePrivateKeyPem: keys.privateKeyPem,
+        planePublicKeyPem: keys.publicKeyPem,
+        adminToken: ADMIN,
+        enrollToken: "srv-enroll",
+        secretStore: new SecretStore(join(dir, "secrets.enc"), masterKeyFromMaterial(generateMasterKeyHex()))
+    });
+    requesterToken = plane.issuePrincipal("ci", "requester").token;
+    const started = await startPlaneServer(plane, { port: 0 });
+    server = started.server;
+    baseUrl = `http://127.0.0.1:${started.port}`;
+});
+after(() => {
+    server.close(() => undefined);
+    plane.close();
+    rmSync(dir, { recursive: true, force: true });
+});
+test("readiness and health probes", async () => {
+    assert.equal((await http("GET", "/v1/health")).status, 200);
+    const ready = await http("GET", "/v1/ready");
+    assert.equal(ready.status, 200);
+    assert.deepEqual(ready.body, { ready: true });
+});
+test("auth distinguishes 401 (no/invalid token) from 403 (wrong role)", async () => {
+    assert.equal((await http("GET", "/v1/runs")).status, 401);
+    assert.equal((await http("GET", "/v1/runs", { token: "bogus" })).status, 401);
+    // requester may read/create runs but not list runners or manage principals.
+    assert.equal((await http("GET", "/v1/runs", { token: requesterToken })).status, 200);
+    assert.equal((await http("GET", "/v1/runners", { token: requesterToken })).status, 403);
+    assert.equal((await http("GET", "/v1/principals", { token: requesterToken })).status, 403);
+    assert.equal((await http("GET", "/v1/principals", { token: ADMIN })).status, 200);
+});
+test("malformed JSON and schema violations return structured 400s", async () => {
+    const malformed = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        rawBody: "{not json"
+    });
+    assert.equal(malformed.status, 400);
+    const missingRequest = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: {}
+    });
+    assert.equal(missingRequest.status, 400);
+    assert.ok(Array.isArray(missingRequest.body.issues));
+    const badEnum = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: { request: { ...runBody(), disclosure: "nonsense" } }
+    });
+    assert.equal(badEnum.status, 400);
+    const badHash = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: {
+            request: {
+                ...runBody(),
+                workspace: { ...manifest(), bundleHash: "not-a-hash" }
+            }
+        }
+    });
+    assert.equal(badHash.status, 400);
+});
+test("valid run request is accepted and listed", async () => {
+    const created = await http("POST", "/v1/runs", {
+        token: ADMIN,
+        body: { request: runBody() }
+    });
+    assert.equal(created.status, 200);
+    const list = await http("GET", "/v1/runs", { token: ADMIN });
+    assert.equal(list.status, 200);
+});
+test("admin can mint and use a single-use enroll token over HTTP", async () => {
+    const issued = await http("POST", "/v1/enroll-tokens", { token: ADMIN });
+    assert.equal(issued.status, 200);
+    const token = issued.body.token;
+    const enroll = await http("POST", "/v1/runners/enroll", {
+        body: {
+            enrollToken: token,
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        }
+    });
+    assert.equal(enroll.status, 200);
+    // Reuse is rejected.
+    const reuse = await http("POST", "/v1/runners/enroll", {
+        body: {
+            enrollToken: token,
+            publicKeyPem: generateEd25519KeyPair().publicKeyPem,
+            pool: "default"
+        }
+    });
+    assert.equal(reuse.status, 400);
+});
+test("rate limiting trips after the burst is exhausted", async () => {
+    // A dedicated server with a tiny bucket so the limit trips deterministically
+    // without starving the other tests sharing the main server.
+    const tinyDir = mkdtempSync(join(tmpdir(), "warrant-rl-"));
+    const keys = generateEd25519KeyPair();
+    const tinyPlane = new Plane({
+        dataDir: tinyDir,
+        policy: defaultPolicy(),
+        planePrivateKeyPem: keys.privateKeyPem,
+        planePublicKeyPem: keys.publicKeyPem,
+        adminToken: "rl-admin",
+        enrollToken: "rl-enroll",
+        secretStore: new SecretStore(join(tinyDir, "secrets.enc"), masterKeyFromMaterial(generateMasterKeyHex()))
+    });
+    const started = await startPlaneServer(tinyPlane, {
+        port: 0,
+        rateLimit: { ratePerSec: 1, burst: 3, authFailureLimit: 100, authFailureWindowMs: 1000 }
+    });
+    const tinyUrl = `http://127.0.0.1:${started.port}`;
+    try {
+        const statuses = [];
+        for (let i = 0; i < 6; i++) {
+            const res = await fetch(`${tinyUrl}/v1/runs`, {
+                headers: { authorization: "Bearer rl-admin" }
+            });
+            statuses.push(res.status);
+            await res.arrayBuffer();
+        }
+        assert.ok(statuses.includes(200), "the first requests within the burst succeed");
+        assert.ok(statuses.includes(429), "later requests are rate limited");
+    }
+    finally {
+        await new Promise((resolve) => started.server.close(() => resolve()));
+        tinyPlane.close();
+        rmSync(tinyDir, { recursive: true, force: true });
+    }
+});

package/dist/test/ui-parity.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/test/ui-parity.test.js

@@ -0,0 +1,28 @@
+import assert from "node:assert/strict";
+import { readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { test } from "node:test";
+import { RUN_EVENT_TYPES } from "@fusionkit/protocol";
+/**
+ * The control panel is deliberately dependency-free, so it carries its own
+ * copy of the event-summary switch instead of importing the protocol's
+ * `summarizeRunEvent`. This test is the drift guard the copy pays for: the
+ * UI must name exactly the run-event types the protocol vocabulary declares
+ * (which is itself completeness-checked against the `RunEvent` union at
+ * compile time). Adding an event type without teaching the panel about it
+ * fails here, not silently in a browser's default branch.
+ */
+const APP_JS = join(dirname(fileURLToPath(import.meta.url)), "..", "..", "ui", "app.js");
+test("the control panel's eventSummary covers exactly the protocol's run-event types", () => {
+    const source = readFileSync(APP_JS, "utf8");
+    const start = source.indexOf("function eventSummary(");
+    assert.ok(start >= 0, "ui/app.js must define eventSummary");
+    const end = source.indexOf("function ", start + 1);
+    const body = source.slice(start, end === -1 ? undefined : end);
+    const seen = new Set();
+    for (const match of body.matchAll(/case "([a-z.]+)":/g)) {
+        seen.add(match[1]);
+    }
+    assert.deepEqual([...seen].sort(), [...RUN_EVENT_TYPES].sort(), "ui eventSummary switch must handle exactly the protocol's RunEvent types");
+});

package/dist/validation.d.ts

@@ -0,0 +1,326 @@
+import { z } from "zod";
+export declare const runRequestSchema: z.ZodObject<{
+    requestedBy: z.ZodObject<{
+        kind: z.ZodEnum<{
+            human: "human";
+            service: "service";
+        }>;
+        id: z.ZodString;
+    }, z.core.$strip>;
+    agentKind: z.ZodString;
+    agentVersion: z.ZodOptional<z.ZodString>;
+    prompt: z.ZodString;
+    pool: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+    secretNames: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+    workspace: z.ZodObject<{
+        version: z.ZodLiteral<"warrant.manifest.v1">;
+        baseRef: z.ZodString;
+        bundleHash: z.ZodString;
+        dirtyDiffHash: z.ZodOptional<z.ZodString>;
+        untrackedFiles: z.ZodArray<z.ZodObject<{
+            path: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+            hash: z.ZodString;
+            bytes: z.ZodNumber;
+        }, z.core.$strip>>;
+        deniedPatterns: z.ZodArray<z.ZodString>;
+        deniedPaths: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+    }, z.core.$strip>;
+    network: z.ZodObject<{
+        defaultDeny: z.ZodBoolean;
+        allowHosts: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+    }, z.core.$strip>;
+    budget: z.ZodObject<{
+        maxSpendUsd: z.ZodOptional<z.ZodNumber>;
+        maxDurationMin: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>;
+    disclosure: z.ZodEnum<{
+        none: "none";
+        "metadata-only": "metadata-only";
+        redacted: "redacted";
+        "minimal-context": "minimal-context";
+        full: "full";
+    }>;
+    execution: z.ZodOptional<z.ZodDiscriminatedUnion<[z.ZodObject<{
+        kind: z.ZodLiteral<"shell">;
+        script: z.ZodString;
+        shell: z.ZodOptional<z.ZodEnum<{
+            sh: "sh";
+            bash: "bash";
+        }>>;
+        cwd: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+        timeoutMs: z.ZodOptional<z.ZodNumber>;
+        env: z.ZodOptional<z.ZodObject<{
+            inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+            }, z.core.$strip>>>;
+            vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+            egressProxy: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strict>>;
+        log: z.ZodOptional<z.ZodObject<{
+            stdout: z.ZodLiteral<"capture">;
+            stderr: z.ZodEnum<{
+                capture: "capture";
+                merge: "merge";
+            }>;
+            maxBytes: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strict>>;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"argv">;
+        command: z.ZodString;
+        args: z.ZodArray<z.ZodString>;
+        cwd: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+        timeoutMs: z.ZodOptional<z.ZodNumber>;
+        env: z.ZodOptional<z.ZodObject<{
+            inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+            }, z.core.$strip>>>;
+            vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+            egressProxy: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strict>>;
+        log: z.ZodOptional<z.ZodObject<{
+            stdout: z.ZodLiteral<"capture">;
+            stderr: z.ZodEnum<{
+                capture: "capture";
+                merge: "merge";
+            }>;
+            maxBytes: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strict>>;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"agent">;
+        agent: z.ZodObject<{
+            kind: z.ZodEnum<{
+                "claude-code": "claude-code";
+                codex: "codex";
+                pi: "pi";
+                mock: "mock";
+                command: "command";
+            }>;
+            version: z.ZodOptional<z.ZodString>;
+        }, z.core.$strict>;
+        prompt: z.ZodString;
+        timeoutMs: z.ZodOptional<z.ZodNumber>;
+        env: z.ZodOptional<z.ZodObject<{
+            inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+            }, z.core.$strip>>>;
+            vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+            egressProxy: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strict>>;
+        log: z.ZodOptional<z.ZodObject<{
+            stdout: z.ZodLiteral<"capture">;
+            stderr: z.ZodEnum<{
+                capture: "capture";
+                merge: "merge";
+            }>;
+            maxBytes: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strict>>;
+    }, z.core.$strict>], "kind">>;
+    isolation: z.ZodOptional<z.ZodEnum<{
+        process: "process";
+        hermetic: "hermetic";
+        "vercel-sandbox": "vercel-sandbox";
+    }>>;
+    continuation: z.ZodOptional<z.ZodObject<{
+        envelopeHash: z.ZodString;
+        checkpointId: z.ZodString;
+        tier: z.ZodEnum<{
+            workspace: "workspace";
+            semantic: "semantic";
+        }>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export declare const createRunBodySchema: z.ZodObject<{
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+    request: z.ZodObject<{
+        requestedBy: z.ZodObject<{
+            kind: z.ZodEnum<{
+                human: "human";
+                service: "service";
+            }>;
+            id: z.ZodString;
+        }, z.core.$strip>;
+        agentKind: z.ZodString;
+        agentVersion: z.ZodOptional<z.ZodString>;
+        prompt: z.ZodString;
+        pool: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+        secretNames: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+        workspace: z.ZodObject<{
+            version: z.ZodLiteral<"warrant.manifest.v1">;
+            baseRef: z.ZodString;
+            bundleHash: z.ZodString;
+            dirtyDiffHash: z.ZodOptional<z.ZodString>;
+            untrackedFiles: z.ZodArray<z.ZodObject<{
+                path: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                hash: z.ZodString;
+                bytes: z.ZodNumber;
+            }, z.core.$strip>>;
+            deniedPatterns: z.ZodArray<z.ZodString>;
+            deniedPaths: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+        }, z.core.$strip>;
+        network: z.ZodObject<{
+            defaultDeny: z.ZodBoolean;
+            allowHosts: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+        }, z.core.$strip>;
+        budget: z.ZodObject<{
+            maxSpendUsd: z.ZodOptional<z.ZodNumber>;
+            maxDurationMin: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>;
+        disclosure: z.ZodEnum<{
+            none: "none";
+            "metadata-only": "metadata-only";
+            redacted: "redacted";
+            "minimal-context": "minimal-context";
+            full: "full";
+        }>;
+        execution: z.ZodOptional<z.ZodDiscriminatedUnion<[z.ZodObject<{
+            kind: z.ZodLiteral<"shell">;
+            script: z.ZodString;
+            shell: z.ZodOptional<z.ZodEnum<{
+                sh: "sh";
+                bash: "bash";
+            }>>;
+            cwd: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+            timeoutMs: z.ZodOptional<z.ZodNumber>;
+            env: z.ZodOptional<z.ZodObject<{
+                inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                    secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                }, z.core.$strip>>>;
+                vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+                egressProxy: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strict>>;
+            log: z.ZodOptional<z.ZodObject<{
+                stdout: z.ZodLiteral<"capture">;
+                stderr: z.ZodEnum<{
+                    capture: "capture";
+                    merge: "merge";
+                }>;
+                maxBytes: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strict>>;
+        }, z.core.$strict>, z.ZodObject<{
+            kind: z.ZodLiteral<"argv">;
+            command: z.ZodString;
+            args: z.ZodArray<z.ZodString>;
+            cwd: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+            timeoutMs: z.ZodOptional<z.ZodNumber>;
+            env: z.ZodOptional<z.ZodObject<{
+                inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                    secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                }, z.core.$strip>>>;
+                vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+                egressProxy: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strict>>;
+            log: z.ZodOptional<z.ZodObject<{
+                stdout: z.ZodLiteral<"capture">;
+                stderr: z.ZodEnum<{
+                    capture: "capture";
+                    merge: "merge";
+                }>;
+                maxBytes: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strict>>;
+        }, z.core.$strict>, z.ZodObject<{
+            kind: z.ZodLiteral<"agent">;
+            agent: z.ZodObject<{
+                kind: z.ZodEnum<{
+                    "claude-code": "claude-code";
+                    codex: "codex";
+                    pi: "pi";
+                    mock: "mock";
+                    command: "command";
+                }>;
+                version: z.ZodOptional<z.ZodString>;
+            }, z.core.$strict>;
+            prompt: z.ZodString;
+            timeoutMs: z.ZodOptional<z.ZodNumber>;
+            env: z.ZodOptional<z.ZodObject<{
+                inherit: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                    env: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                    secretName: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+                }, z.core.$strip>>>;
+                vars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+                egressProxy: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strict>>;
+            log: z.ZodOptional<z.ZodObject<{
+                stdout: z.ZodLiteral<"capture">;
+                stderr: z.ZodEnum<{
+                    capture: "capture";
+                    merge: "merge";
+                }>;
+                maxBytes: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strict>>;
+        }, z.core.$strict>], "kind">>;
+        isolation: z.ZodOptional<z.ZodEnum<{
+            process: "process";
+            hermetic: "hermetic";
+            "vercel-sandbox": "vercel-sandbox";
+        }>>;
+        continuation: z.ZodOptional<z.ZodObject<{
+            envelopeHash: z.ZodString;
+            checkpointId: z.ZodString;
+            tier: z.ZodEnum<{
+                workspace: "workspace";
+                semantic: "semantic";
+            }>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export declare const enrollBodySchema: z.ZodObject<{
+    enrollToken: z.ZodString;
+    publicKeyPem: z.ZodString;
+    pool: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+}, z.core.$strip>;
+export declare const claimBodySchema: z.ZodObject<{
+    runnerToken: z.ZodString;
+    pool: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+}, z.core.$strip>;
+export declare const approveBodySchema: z.ZodObject<{
+    actor: z.ZodOptional<z.ZodObject<{
+        kind: z.ZodEnum<{
+            human: "human";
+            service: "service";
+        }>;
+        id: z.ZodString;
+    }, z.core.$strip>>;
+    idpToken: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const cancelBodySchema: z.ZodObject<{
+    actor: z.ZodOptional<z.ZodObject<{
+        kind: z.ZodEnum<{
+            human: "human";
+            service: "service";
+        }>;
+        id: z.ZodString;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export declare const eventsBodySchema: z.ZodObject<{
+    claimToken: z.ZodString;
+    events: z.ZodArray<z.ZodUnknown>;
+}, z.core.$strip>;
+export declare const completeBodySchema: z.ZodObject<{
+    claimToken: z.ZodString;
+    receipt: z.ZodUnknown;
+}, z.core.$strip>;
+export declare const issuePrincipalBodySchema: z.ZodObject<{
+    name: z.ZodString;
+    role: z.ZodEnum<{
+        admin: "admin";
+        requester: "requester";
+        approver: "approver";
+        enroller: "enroller";
+    }>;
+}, z.core.$strip>;
+export declare class ValidationError extends Error {
+    readonly issues: string[];
+    constructor(issues: string[]);
+}
+export declare function parseBody<T>(schema: z.ZodType<T>, raw: unknown): T;