npm - @hesohq/verify-wasm - Versions diffs - 0.4.3 → 0.5.0-dev.101 - Mend

@hesohq/verify-wasm 0.4.3 → 0.5.0-dev.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/heso_wasm.d.ts CHANGED Viewed

@@ -94,6 +94,238 @@ export class ChainResult {
     set seq(value: number | null | undefined);
 }
+/**
+ * The result of an offline CloudTrail feed-completeness check.
+ */
+export class CloudTrailFeedVerdict {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * 0-based head-first index at which the chain broke / a digest was rejected;
+     * `None` for `Complete`.
+     */
+    get broken_at(): number | undefined;
+    /**
+     * 0-based head-first index at which the chain broke / a digest was rejected;
+     * `None` for `Complete`.
+     */
+    set broken_at(value: number | null | undefined);
+    /**
+     * Number of hourly digests whose signature + chain link verified.
+     */
+    digests_verified: number;
+    /**
+     * `true` ONLY when an unbroken signed chain proved completeness back to the
+     * starting (genesis) digest — the single state that earns a third-party
+     * `feed_complete` claim. A `ChainGap` (disclosed gap) reports `false`.
+     */
+    feed_complete: boolean;
+    /**
+     * The kind tag of the outcome: `"Complete"`, `"ChainGap"`, `"Empty"`,
+     * `"Malformed"`, `"NoMatchingKey"`, `"SignatureInvalid"`,
+     * `"PreviousHashMismatch"`, `"PreviousSignatureMismatch"`,
+     * `"PreviousObjectMismatch"`.
+     */
+    kind: string;
+    /**
+     * Number of signed log files the verified digests committed to across the
+     * window. For `Complete` this is the SIGNED, COMPLETE inventory the window
+     * provably covers (no log file could have been added, removed, or modified
+     * without breaking the chain). `0` for non-window outcomes.
+     */
+    signed_log_files_count: number;
+    /**
+     * The signed log-file inventory as a JSON array of
+     * `{s3_bucket, s3_object, hash_value, …}` — the proof page renders these so a
+     * third party can confirm WHICH files the window covers. `"[]"` for
+     * non-window outcomes.
+     */
+    signed_log_files_json: string;
+    /**
+     * `digestEndTime` of the head digest (window upper bound). `None` unless the
+     * outcome carries a window.
+     */
+    get window_end(): string | undefined;
+    /**
+     * `digestEndTime` of the head digest (window upper bound). `None` unless the
+     * outcome carries a window.
+     */
+    set window_end(value: string | null | undefined);
+    /**
+     * `digestEndTime` of the starting digest reached (`Complete`) or the last
+     * verified digest before the gap (`ChainGap`). `None` otherwise.
+     */
+    get window_start(): string | undefined;
+    /**
+     * `digestEndTime` of the starting digest reached (`Complete`) or the last
+     * verified digest before the gap (`ChainGap`). `None` otherwise.
+     */
+    set window_start(value: string | null | undefined);
+}
+/**
+ * The kind-tagged verdict of [`verify_commitment_wasm`]. `verdict` is one of
+ * `"Valid"`, `"InvalidSignature"`, `"FingerprintMismatch"`, `"WrongAlgorithm"`,
+ * `"Malformed"`; a recipient accepts the commitment ONLY on `"Valid"`.
+ * `signer_fpr` carries the recomputed `blake3(pubkey)` fingerprint (only
+ * meaningful on `"Valid"`).
+ */
+export class CommitmentVerdict {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * The recomputed `blake3(pubkey)` fingerprint (only set on `"Valid"`).
+     */
+    signer_fpr: string;
+    /**
+     * The verdict tag.
+     */
+    verdict: string;
+}
+/**
+ * The base verdict + the rendered signed metrics + the offline-recomputed cost.
+ *
+ * `verdict` / `trust_level` are exactly what [`verify_action_receipt_wasm`]
+ * returns. The metric fields are the SIGNED values (the closed `status` /
+ * `token_source` enums rendered to their wire snake_case strings). `cost_display`
+ * / `recomputed_cost_micros` are RECOMPUTED from the rate card the caller passed
+ * in — `priced == false` (and both `None`) when that card does not price the
+ * model; never a guessed figure. `card_id_matches` tells the reader whether the
+ * card handed in is the one the receipt actually named.
+ */
+export class MetricsVerdict {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Request bytes sent, when the transport exposed it.
+     */
+    get bytes_in(): number | undefined;
+    /**
+     * Request bytes sent, when the transport exposed it.
+     */
+    set bytes_in(value: number | null | undefined);
+    /**
+     * Response bytes received, when the transport exposed it.
+     */
+    get bytes_out(): number | undefined;
+    /**
+     * Response bytes received, when the transport exposed it.
+     */
+    set bytes_out(value: number | null | undefined);
+    /**
+     * Whether the passed-in card is the one the receipt named.
+     */
+    card_id_matches: boolean;
+    /**
+     * Recomputed cost as a 6-decimal display string; `None` when not priced.
+     */
+    get cost_display(): string | undefined;
+    /**
+     * Recomputed cost as a 6-decimal display string; `None` when not priced.
+     */
+    set cost_display(value: string | null | undefined);
+    /**
+     * Wall-clock duration in whole milliseconds.
+     */
+    get duration_ms(): number | undefined;
+    /**
+     * Wall-clock duration in whole milliseconds.
+     */
+    set duration_ms(value: number | null | undefined);
+    /**
+     * Whether the receipt carried a signed `metrics` block.
+     */
+    has_metrics: boolean;
+    /**
+     * The `provider/model` key derived from the signed `action.fields`.
+     */
+    get model_key(): string | undefined;
+    /**
+     * The `provider/model` key derived from the signed `action.fields`.
+     */
+    set model_key(value: string | null | undefined);
+    /**
+     * `true` iff the model is priced by the passed-in card.
+     */
+    priced: boolean;
+    /**
+     * The rate-card id AS NAMED in the signed receipt.
+     */
+    get rate_card_id(): string | undefined;
+    /**
+     * The rate-card id AS NAMED in the signed receipt.
+     */
+    set rate_card_id(value: string | null | undefined);
+    /**
+     * Recomputed cost in micro-USD (`BigInt`); `None` when not priced.
+     */
+    get recomputed_cost_micros(): bigint | undefined;
+    /**
+     * Recomputed cost in micro-USD (`BigInt`); `None` when not priced.
+     */
+    set recomputed_cost_micros(value: bigint | null | undefined);
+    /**
+     * Transport-level retries before this outcome.
+     */
+    get retries(): number | undefined;
+    /**
+     * Transport-level retries before this outcome.
+     */
+    set retries(value: number | null | undefined);
+    /**
+     * Transport status code, when one applied.
+     */
+    get status_code(): number | undefined;
+    /**
+     * Transport status code, when one applied.
+     */
+    set status_code(value: number | null | undefined);
+    /**
+     * Execution-outcome class, wire snake_case (`"ok"`, `"server_error"`, …).
+     */
+    get status(): string | undefined;
+    /**
+     * Execution-outcome class, wire snake_case (`"ok"`, `"server_error"`, …).
+     */
+    set status(value: string | null | undefined);
+    /**
+     * Token-count source, wire snake_case (`"provider_reported"`/`"estimated"`).
+     */
+    get token_source(): string | undefined;
+    /**
+     * Token-count source, wire snake_case (`"provider_reported"`/`"estimated"`).
+     */
+    set token_source(value: string | null | undefined);
+    /**
+     * Provider-reported (or estimated) input tokens.
+     */
+    get tokens_in(): number | undefined;
+    /**
+     * Provider-reported (or estimated) input tokens.
+     */
+    set tokens_in(value: number | null | undefined);
+    /**
+     * Provider-reported (or estimated) output tokens.
+     */
+    get tokens_out(): number | undefined;
+    /**
+     * Provider-reported (or estimated) output tokens.
+     */
+    set tokens_out(value: number | null | undefined);
+    /**
+     * The re-derived trust level (`"L0"`/`"L1"`); `""` unless `verdict == "Valid"`.
+     */
+    trust_level: string;
+    /**
+     * The base `ActionOutcome` verdict tag (`"Valid"`, `"HashMismatch"`, …).
+     */
+    verdict: string;
+}
 /**
  * The verified, decoded result of a delegation envelope.
  */
@@ -136,12 +368,71 @@ export function actionCanonicalBytes(content_json: string): Uint8Array;
  */
 export function anchoredContentHash(content_json: string): string;
+/**
+ * Assemble the on-the-wire approval-token frame from the detached signature the
+ * in-browser approver key produced over [`approval_token_payload_wasm`]. Pure
+ * assemble, no key. The base64 of these bytes is the bearer `token_b64`.
+ *
+ * Byte order (see [`heso_action::domain::approval_token_frame`], the ONE source —
+ * the kernel verifier parses EXACTLY this and rejects trailing bytes):
+ * `nonce(32) ++ expiry(BE8) ++ decision_tag(1) ++ scope_len(BE4) ++ scope
+ *   ++ signature(64) ++ pubkey(32)`
+ *
+ * `nonce`          — 32 raw bytes (Uint8Array); MUST equal the nonce signed over.
+ * `expiryUnixSecs` — token expiry as BigInt Unix seconds.
+ * `decision`       — `"approved"` or `"rejected"`.
+ * `scope`          — the UTF-8 scope string.
+ * `signature`      — 64 raw Ed25519 signature bytes (Uint8Array).
+ * `pubkey`         — 32 raw Ed25519 public-key bytes (Uint8Array).
+ */
+export function approvalTokenFrame(nonce: Uint8Array, expiry_unix_secs: bigint, decision: string, scope: string, signature: Uint8Array, pubkey: Uint8Array): Uint8Array;
+/**
+ * Return the EXACT bytes the approver's Ed25519 key must sign for an approval
+ * token (the Option-C in-browser minter signs THESE, never any hand-rolled
+ * bytes). Mirrors [`l1_cosign_payload_wasm`]: pure assemble, no OsRng, no key —
+ * the browser holds the key, this only produces the payload a detached signer
+ * covers.
+ *
+ * Byte order (see [`heso_action::domain::approval_token_signed_payload`], the ONE
+ * source — the kernel verifier recomputes the identical bytes):
+ * `APPROVAL_TOKEN_SIGNING_DOMAIN ++ nonce(32) ++ expiry(BE8) ++ decision_tag(1)
+ *   ++ scope_len(BE4) ++ scope ++ action_canonical_bytes`
+ *
+ * `contentJson`       — the `ActionContent` JSON; canonicalized through the SAME
+ *                       RFC-8785 path as [`action_canonical_bytes_wasm`] (the
+ *                       browser MUST NOT hand-roll JCS).
+ * `nonce`             — 32 raw replay-prevention bytes (Uint8Array).
+ * `expiryUnixSecs`    — token expiry as BigInt Unix seconds.
+ * `decision`          — `"approved"` or `"rejected"` (the SEC-02 decision binding).
+ * `scope`             — the UTF-8 scope string.
+ */
+export function approvalTokenPayload(content_json: string, nonce: Uint8Array, expiry_unix_secs: bigint, decision: string, scope: string): Uint8Array;
 /**
  * Compute a domain-separated BLAKE3 chain-link digest from two 64-hex hashes.
  * Replaces the `@noble`-backed chain helper in `crypto.ts`.
  */
 export function chainHashHex(prev_hex: string, action_hex: string): string;
+/**
+ * PURE. Return the RFC-8785 (JCS) canonical bytes of a commitment envelope JSON
+ * string — the exact bytes the detached operator signature is computed over
+ * (after the `COMMITMENT_SIGNING_DOMAIN` prefix). Delegates to the single kernel
+ * JCS impl; never re-canonicalizes. Throws `[MALFORMED]` if the JSON does not
+ * parse as a `CommitmentEnvelope` and `[CANON]` if it cannot be canonicalized.
+ */
+export function commitmentEnvelopeCanonicalBytes(envelope_json: string): Uint8Array;
+/**
+ * The **commitment fingerprint** of an Ed25519 public key: `blake3(raw_pubkey)`,
+ * the full 32-byte digest, lowercase 64-hex, NO prefix — the value the producer
+ * puts in the wire `signer_fpr`. DISTINCT from the `heso:`-prefixed Grade-0
+ * signer fingerprint. Throws `[MALFORMED]` if `pubkey_b64` is not base64 of
+ * exactly 32 bytes.
+ */
+export function commitmentFingerprint(pubkey_b64: string): string;
 /**
  * BLAKE3 (64-hex) of the canonical bytes — the value that goes into
  * `action_hash`. Replaces `@noble/hashes` blake3 usage in `crypto.ts`.
@@ -193,6 +484,13 @@ export function l1CosignPayload(suspended_content_json: string, approver_record_
  */
 export function parsePolicy(toml_src: string): void;
+/**
+ * Parse a C2SP signed-note checkpoint and return its `{origin, size, root_hex,
+ * text}` as a JSON string. Does NO signature verification — call
+ * `verifyNoteAgainstKey` for that. Throws `[NOTE]` on a malformed note.
+ */
+export function parseSignedNote(note: string): string;
 /**
  * Parse + validate policy TOML and return the rules as a JSON array of
  * [`PolicyRule`] (the Rust wire shape) so the web renders a pulled policy via the
@@ -244,6 +542,14 @@ export function ruleToSentence(rule_json: string): string;
  */
 export function shortHash(hex: string, prefix?: string | null): string;
+/**
+ * The frozen top-tree leaf VALUE committing one org's epoch snapshot:
+ * `SHA-256(TOP_LEAF_DOMAIN || org_id(16) || epoch(BE8) || org_root(32))`,
+ * 64-hex. The stage-2 commitment a two-stage inclusion proof rides. Throws
+ * `[ORG]`/`[ROOT]` on malformed inputs.
+ */
+export function topLeafValue(org_id_hyphenated: string, epoch: bigint, org_root_hex: string): string;
 /**
  * Floor pre-check over a candidate ruleset (JSON array of [`PolicyRule`]) WITHOUT
  * serializing to TOML — the live check the builder runs as the user edits.
@@ -267,6 +573,25 @@ export function validateNoFloorBypass(rules_json: string): void;
  */
 export function verifyActionReceipt(receipt_bytes: Uint8Array): ActionVerdict;
+/**
+ * Verify a single `ActionReceipt` AND render its signed metrics + recompute cost
+ * from the passed-in public rate card.
+ *
+ * Runs the EXISTING [`verify_action_receipt`] for the base outcome + trust level
+ * (so that path is byte-for-byte unchanged), then — when the receipt parses —
+ * renders the signed metrics and recomputes the cost via the pure
+ * `heso_action::metrics_view::metrics_view`. Never panics:
+ *
+ * - receipt fails to PARSE  ⇒ base verdict + `has_metrics: false` (no metrics).
+ * - rate card fails to PARSE ⇒ base verdict + rendered metrics, but `priced:
+ *   false` and `cost_display: None` (cost cannot be recomputed without a card).
+ * - everything parses        ⇒ full metrics + recomputed cost.
+ *
+ * `receipt_bytes`   — the raw `ActionReceipt` JSON bytes (`Uint8Array`).
+ * `rate_card_json`  — the public rate-card JSON the cost is recomputed from.
+ */
+export function verifyActionReceiptWithRates(receipt_bytes: Uint8Array, rate_card_json: string): MetricsVerdict;
 /**
  * Verify a serialized approval token and return its decoded claims.
  *
@@ -292,6 +617,42 @@ export function verifyApprovalToken(token: Uint8Array, action_canonical: Uint8Ar
  */
 export function verifyChain(receipts_bytes: Uint8Array): ChainResult;
+/**
+ * **REJECT-MORE-ONLY.** Verify an AWS CloudTrail signed digest-file chain
+ * **offline**, proving feed completeness from the frozen bundle bytes + the
+ * PINNED AWS public keys alone — no network, no AWS call, no HESO endpoint.
+ *
+ * `proof_json` is a [`heso_action::cloudtrail::CloudTrailFeedProof`] JSON: the
+ * digest chain (HEAD FIRST), the head's out-of-band `x-amz-meta-signature`, and
+ * the pinned per-Region AWS public keys (PKCS#1 DER, base64 — exactly as
+ * `ListPublicKeys` returns them; this verifier wraps them into SPKI internally,
+ * the #1 implementation trap handled once in the kernel).
+ *
+ * The AWS key is trusted **out of band** (CT pin-the-key model): a digest whose
+ * `digestPublicKeyFingerprint` matches no pinned key FAILS with
+ * `kind = "NoMatchingKey"`. The verdict separates `feed_complete` (window
+ * completeness, claimable to a third party for this STRONG rail) from a
+ * disclosed `ChainGap` — never collapsing a gap into a green badge.
+ *
+ * Throws `[CT_PARSE]` only if `proof_json` is not a valid `CloudTrailFeedProof`;
+ * every cryptographic / chain failure is a non-throwing kind tag instead.
+ */
+export function verifyCloudTrailFeed(proof_json: string): CloudTrailFeedVerdict;
+/**
+ * REJECT-MORE-ONLY. Verify a detached commitment-envelope signature in the
+ * browser — the recipient independently confirms a commitment the same way the
+ * cloud does.
+ *
+ * Parses `envelope_bytes` as a `CommitmentEnvelope`, re-canonicalizes VIA THE
+ * KERNEL, `verify_strict`-checks the detached Ed25519 signature under
+ * `COMMITMENT_SIGNING_DOMAIN`, and confirms the recomputed commitment
+ * fingerprint (`blake3(pubkey)`) equals `claimed_signer_fpr`. Produces ZERO new
+ * canonical/signed bytes. Never throws — every outcome is a kind-tagged
+ * [`CommitmentVerdict`].
+ */
+export function verifyCommitment(envelope_bytes: Uint8Array, operator_pubkey_b64: string, detached_sig_b64: string, claimed_signer_fpr: string): CommitmentVerdict;
 /**
  * RFC-6962 consistency proof verification.
  *
@@ -329,6 +690,31 @@ export function verifyDelegation(wire: Uint8Array, registered_operator_key: Uint
  */
 export function verifyInclusion(leaf_value_hex: string, index: number, size: number, root_hex: string, proof_hashes_json: string): boolean;
+/**
+ * Verify a parsed C2SP signed-note checkpoint against a PINNED Ed25519 log
+ * public key (base64, raw 32 bytes). Returns `true` iff at least one signature
+ * line is from the pinned key AND `verify_strict`s over the note text.
+ *
+ * The pinned key is supplied by the caller (trusted out of band, CT-style) — a
+ * note signed by any non-pinned key returns `false`. Throws `[NOTE]` if the
+ * note is malformed or `[KEY]` if the pubkey is not base64 of 32 bytes.
+ */
+export function verifyNoteAgainstKey(note: string, log_pubkey_b64: string): boolean;
+/**
+ * Verify a single commit-and-reveal field reveal against its signed redaction
+ * marker — recompute `BLAKE3(salt ++ field_path ++ value)` and check equality
+ * with `marker.commitment`. The browser/offline counterpart to the Node
+ * `verifyRevealJs`: the missing half that lets a web auditor reveal-and-prove a
+ * redacted field with only the receipt + the customer-supplied sidecar.
+ *
+ * `reveal_json` — a `FieldReveal`: `{ field_path, salt_hex, value_json }`.
+ * `marker_json` — the matching `RedactionMarker` from the signed receipt.
+ *
+ * Returns `true` iff the reveal recomputes the marker's commitment.
+ */
+export function verifyReveal(reveal_json: string, marker_json: string): boolean;
 /**
  * Verify a session chain (lifecycle role + transition checks).
  */
@@ -347,68 +733,136 @@ export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembl
 export interface InitOutput {
     readonly memory: WebAssembly.Memory;
     readonly __wbg_actionverdict_free: (a: number, b: number) => void;
-    readonly __wbg_get_actionverdict_verdict: (a: number) => [number, number];
+    readonly __wbg_get_actionverdict_verdict: (a: number, b: number) => void;
     readonly __wbg_set_actionverdict_verdict: (a: number, b: number, c: number) => void;
-    readonly __wbg_get_actionverdict_trust_level: (a: number) => [number, number];
+    readonly __wbg_get_actionverdict_trust_level: (a: number, b: number) => void;
     readonly __wbg_set_actionverdict_trust_level: (a: number, b: number, c: number) => void;
     readonly __wbg_chainresult_free: (a: number, b: number) => void;
     readonly __wbg_get_chainresult_ok: (a: number) => number;
     readonly __wbg_set_chainresult_ok: (a: number, b: number) => void;
     readonly __wbg_get_chainresult_length: (a: number) => number;
     readonly __wbg_set_chainresult_length: (a: number, b: number) => void;
-    readonly __wbg_get_chainresult_error: (a: number) => [number, number];
+    readonly __wbg_get_chainresult_error: (a: number, b: number) => void;
     readonly __wbg_set_chainresult_error: (a: number, b: number, c: number) => void;
     readonly __wbg_get_chainresult_seq: (a: number) => number;
     readonly __wbg_set_chainresult_seq: (a: number, b: number) => void;
-    readonly __wbg_get_chainresult_detail: (a: number) => [number, number];
+    readonly __wbg_get_chainresult_detail: (a: number, b: number) => void;
     readonly __wbg_set_chainresult_detail: (a: number, b: number, c: number) => void;
     readonly __wbg_approvaltokenclaims_free: (a: number, b: number) => void;
-    readonly __wbg_get_approvaltokenclaims_nonce: (a: number) => any;
-    readonly __wbg_set_approvaltokenclaims_nonce: (a: number, b: any) => void;
-    readonly __wbg_get_approvaltokenclaims_expiry_unix_secs: (a: number) => any;
-    readonly __wbg_set_approvaltokenclaims_expiry_unix_secs: (a: number, b: any) => void;
-    readonly __wbg_get_approvaltokenclaims_decision: (a: number) => [number, number];
-    readonly __wbg_get_approvaltokenclaims_scope: (a: number) => [number, number];
-    readonly __wbg_get_approvaltokenclaims_approver_public_key: (a: number) => [number, number];
+    readonly __wbg_get_approvaltokenclaims_nonce: (a: number) => number;
+    readonly __wbg_set_approvaltokenclaims_nonce: (a: number, b: number) => void;
+    readonly __wbg_get_approvaltokenclaims_expiry_unix_secs: (a: number) => number;
+    readonly __wbg_set_approvaltokenclaims_expiry_unix_secs: (a: number, b: number) => void;
+    readonly __wbg_get_approvaltokenclaims_approver_public_key: (a: number, b: number) => void;
     readonly __wbg_set_approvaltokenclaims_approver_public_key: (a: number, b: number, c: number) => void;
     readonly __wbg_verifieddelegation_free: (a: number, b: number) => void;
-    readonly __wbg_get_verifieddelegation_authorized_key: (a: number) => any;
-    readonly __wbg_set_verifieddelegation_authorized_key: (a: number, b: any) => void;
-    readonly __wbg_get_verifieddelegation_sub: (a: number) => [number, number];
-    readonly __wbg_get_verifieddelegation_scope: (a: number) => [number, number];
-    readonly __wbg_get_verifieddelegation_expiry_unix_secs: (a: number) => any;
-    readonly __wbg_set_verifieddelegation_expiry_unix_secs: (a: number, b: any) => void;
-    readonly __wbg_get_verifieddelegation_not_before_unix_secs: (a: number) => any;
-    readonly __wbg_set_verifieddelegation_not_before_unix_secs: (a: number, b: any) => void;
+    readonly __wbg_get_verifieddelegation_authorized_key: (a: number) => number;
+    readonly __wbg_set_verifieddelegation_authorized_key: (a: number, b: number) => void;
+    readonly __wbg_get_verifieddelegation_expiry_unix_secs: (a: number) => number;
+    readonly __wbg_set_verifieddelegation_expiry_unix_secs: (a: number, b: number) => void;
+    readonly __wbg_get_verifieddelegation_not_before_unix_secs: (a: number) => number;
+    readonly __wbg_set_verifieddelegation_not_before_unix_secs: (a: number, b: number) => void;
     readonly verifyActionReceipt: (a: number, b: number) => number;
-    readonly actionCanonicalBytes: (a: number, b: number) => [number, number, number];
-    readonly l1CosignPayload: (a: number, b: number, c: number, d: number) => [number, number, number];
-    readonly quorumCosignPayload: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => [number, number, number];
-    readonly contentHash: (a: number, b: number) => [number, number, number, number];
-    readonly anchoredContentHash: (a: number, b: number) => [number, number, number, number];
-    readonly shortHash: (a: number, b: number, c: number, d: number) => [number, number, number, number];
-    readonly chainHashHex: (a: number, b: number, c: number, d: number) => [number, number, number, number];
-    readonly verifyApprovalToken: (a: number, b: number, c: number, d: number, e: any, f: any, g: number, h: number, i: number, j: number, k: any) => [number, number, number];
-    readonly verifyDelegation: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number, k: number, l: number, m: any) => [number, number, number];
-    readonly verifyChain: (a: number, b: number) => [number, number, number];
-    readonly verifySessionChain: (a: number, b: number) => [number, number, number];
-    readonly verifySessionChainWithRotation: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number];
-    readonly verifyInclusion: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => [number, number, number];
-    readonly verifyConsistency: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => [number, number, number];
-    readonly parsePolicy: (a: number, b: number) => [number, number];
-    readonly ruleToSentence: (a: number, b: number) => [number, number, number, number];
-    readonly policyRulesFromToml: (a: number, b: number) => [number, number, number, number];
-    readonly validateNoFloorBypass: (a: number, b: number) => [number, number];
+    readonly actionCanonicalBytes: (a: number, b: number, c: number) => void;
+    readonly l1CosignPayload: (a: number, b: number, c: number, d: number, e: number) => void;
+    readonly quorumCosignPayload: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => void;
+    readonly contentHash: (a: number, b: number, c: number) => void;
+    readonly anchoredContentHash: (a: number, b: number, c: number) => void;
+    readonly shortHash: (a: number, b: number, c: number, d: number, e: number) => void;
+    readonly chainHashHex: (a: number, b: number, c: number, d: number, e: number) => void;
+    readonly verifyApprovalToken: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number, k: number, l: number) => void;
+    readonly approvalTokenPayload: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number) => void;
+    readonly approvalTokenFrame: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number, k: number, l: number) => void;
+    readonly verifyDelegation: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number, k: number, l: number, m: number, n: number) => void;
+    readonly verifyCommitment: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => number;
+    readonly commitmentEnvelopeCanonicalBytes: (a: number, b: number, c: number) => void;
+    readonly commitmentFingerprint: (a: number, b: number, c: number) => void;
+    readonly parseSignedNote: (a: number, b: number, c: number) => void;
+    readonly verifyNoteAgainstKey: (a: number, b: number, c: number, d: number, e: number) => void;
+    readonly topLeafValue: (a: number, b: number, c: number, d: bigint, e: number, f: number) => void;
+    readonly verifyChain: (a: number, b: number, c: number) => void;
+    readonly verifySessionChain: (a: number, b: number, c: number) => void;
+    readonly verifySessionChainWithRotation: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
+    readonly verifyInclusion: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => void;
+    readonly verifyConsistency: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => void;
+    readonly verifyReveal: (a: number, b: number, c: number, d: number, e: number) => void;
+    readonly parsePolicy: (a: number, b: number, c: number) => void;
+    readonly ruleToSentence: (a: number, b: number, c: number) => void;
+    readonly policyRulesFromToml: (a: number, b: number, c: number) => void;
+    readonly validateNoFloorBypass: (a: number, b: number, c: number) => void;
+    readonly __wbg_metricsverdict_free: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_verdict: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_verdict: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_trust_level: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_trust_level: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_has_metrics: (a: number) => number;
+    readonly __wbg_set_metricsverdict_has_metrics: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_duration_ms: (a: number) => number;
+    readonly __wbg_set_metricsverdict_duration_ms: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_status: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_status: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_status_code: (a: number) => number;
+    readonly __wbg_set_metricsverdict_status_code: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_tokens_in: (a: number) => number;
+    readonly __wbg_set_metricsverdict_tokens_in: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_tokens_out: (a: number) => number;
+    readonly __wbg_set_metricsverdict_tokens_out: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_token_source: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_token_source: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_bytes_in: (a: number) => number;
+    readonly __wbg_set_metricsverdict_bytes_in: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_bytes_out: (a: number) => number;
+    readonly __wbg_set_metricsverdict_bytes_out: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_retries: (a: number) => number;
+    readonly __wbg_set_metricsverdict_retries: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_rate_card_id: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_rate_card_id: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_model_key: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_model_key: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_recomputed_cost_micros: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_recomputed_cost_micros: (a: number, b: number, c: bigint) => void;
+    readonly __wbg_get_metricsverdict_cost_display: (a: number, b: number) => void;
+    readonly __wbg_set_metricsverdict_cost_display: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_metricsverdict_priced: (a: number) => number;
+    readonly __wbg_set_metricsverdict_priced: (a: number, b: number) => void;
+    readonly __wbg_get_metricsverdict_card_id_matches: (a: number) => number;
+    readonly __wbg_set_metricsverdict_card_id_matches: (a: number, b: number) => void;
+    readonly verifyActionReceiptWithRates: (a: number, b: number, c: number, d: number) => number;
+    readonly __wbg_cloudtrailfeedverdict_free: (a: number, b: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_feed_complete: (a: number) => number;
+    readonly __wbg_set_cloudtrailfeedverdict_feed_complete: (a: number, b: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_kind: (a: number, b: number) => void;
+    readonly __wbg_set_cloudtrailfeedverdict_kind: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_digests_verified: (a: number) => number;
+    readonly __wbg_set_cloudtrailfeedverdict_digests_verified: (a: number, b: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_window_end: (a: number, b: number) => void;
+    readonly __wbg_set_cloudtrailfeedverdict_window_end: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_window_start: (a: number, b: number) => void;
+    readonly __wbg_set_cloudtrailfeedverdict_window_start: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_signed_log_files_count: (a: number) => number;
+    readonly __wbg_set_cloudtrailfeedverdict_signed_log_files_count: (a: number, b: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number) => void;
+    readonly __wbg_set_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number, c: number) => void;
+    readonly verifyCloudTrailFeed: (a: number, b: number, c: number) => void;
     readonly __wbg_set_approvaltokenclaims_decision: (a: number, b: number, c: number) => void;
     readonly __wbg_set_approvaltokenclaims_scope: (a: number, b: number, c: number) => void;
     readonly __wbg_set_verifieddelegation_sub: (a: number, b: number, c: number) => void;
     readonly __wbg_set_verifieddelegation_scope: (a: number, b: number, c: number) => void;
-    readonly __wbindgen_malloc: (a: number, b: number) => number;
-    readonly __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
-    readonly __wbindgen_externrefs: WebAssembly.Table;
-    readonly __externref_table_dealloc: (a: number) => void;
-    readonly __wbindgen_free: (a: number, b: number, c: number) => void;
-    readonly __wbindgen_start: () => void;
+    readonly __wbg_set_commitmentverdict_verdict: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_commitmentverdict_signer_fpr: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_cloudtrailfeedverdict_broken_at: (a: number, b: number) => void;
+    readonly __wbg_get_cloudtrailfeedverdict_broken_at: (a: number) => number;
+    readonly __wbg_commitmentverdict_free: (a: number, b: number) => void;
+    readonly __wbg_get_approvaltokenclaims_decision: (a: number, b: number) => void;
+    readonly __wbg_get_approvaltokenclaims_scope: (a: number, b: number) => void;
+    readonly __wbg_get_verifieddelegation_sub: (a: number, b: number) => void;
+    readonly __wbg_get_verifieddelegation_scope: (a: number, b: number) => void;
+    readonly __wbg_get_commitmentverdict_verdict: (a: number, b: number) => void;
+    readonly __wbg_get_commitmentverdict_signer_fpr: (a: number, b: number) => void;
+    readonly __wbindgen_export: (a: number, b: number) => number;
+    readonly __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
+    readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
+    readonly __wbindgen_export3: (a: number, b: number, c: number) => void;
 }
 export type SyncInitInput = BufferSource | WebAssembly.Module;