npm - @hlos-ai/schemas - Versions diffs - 0.4.2 - Mend

@hlos-ai/schemas 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/LICENSE +190 -0
package/README.md +148 -0
package/dist/chunk-RQP6MVT3.js +40 -0
package/dist/chunk-RQP6MVT3.js.map +1 -0
package/dist/ids.cjs +66 -0
package/dist/ids.cjs.map +1 -0
package/dist/ids.d.cts +69 -0
package/dist/ids.d.ts +69 -0
package/dist/ids.js +27 -0
package/dist/ids.js.map +1 -0
package/dist/index.cjs +1081 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +1830 -0
package/dist/index.d.ts +1830 -0
package/dist/index.js +965 -0
package/dist/index.js.map +1 -0
package/package.json +63 -0

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,1830 @@
+import { z } from 'zod';
+import { ReceiptId } from './ids.js';
+export { CorrelationId, CorrelationIdSchema, CrossingId, CrossingIdSchema, IdempotencyKey, IdempotencyKeySchema, PassportId, PassportIdSchema, ReceiptIdSchema, WalletId, WalletIdSchema, generateCrossingId, generateId, generatePassportId, generateReceiptId, generateWalletId } from './ids.js';
+/**
+ * @hlos-ai/schemas - Surface Types
+ *
+ * Canonical surface identifiers for idempotency scoping,
+ * audit logging, and request attribution.
+ */
+/**
+ * Known surfaces that interact with HLOS Kernel v2.
+ * Used for idempotency scoping: (surface, idempotency_key) must be unique.
+ */
+declare const SurfaceSchema: z.ZodEnum<["mcp", "x402", "events", "cli", "web", "acp", "api"]>;
+type Surface = z.infer<typeof SurfaceSchema>;
+/**
+ * All known surfaces as a const array (for iteration).
+ */
+declare const SURFACES: ["mcp", "x402", "events", "cli", "web", "acp", "api"];
+/**
+ * @hlos-ai/schemas - Error Codes
+ *
+ * Canonical error codes for HLOS Kernel v2 API.
+ * These are FROZEN — additive changes only.
+ */
+/**
+ * Kernel error codes (stable, exhaustive).
+ */
+declare const KernelErrorCodeSchema$1: z.ZodEnum<["INVALID_REQUEST", "UNAUTHORIZED", "FORBIDDEN", "NOT_FOUND", "CONFLICT", "IDEMPOTENCY_CONFLICT", "INSUFFICIENT_BALANCE", "SPEND_CAP_EXCEEDED", "RATE_LIMITED", "INTERNAL_ERROR", "SERVICE_UNAVAILABLE"]>;
+type KernelErrorCode$1 = z.infer<typeof KernelErrorCodeSchema$1>;
+/**
+ * @hlos-ai/schemas - Response Types
+ *
+ * Standard response envelopes for HLOS Kernel v2 API.
+ *
+ * - Reads return SuccessResponse<T>
+ * - Mutations return SignedReceiptV0<T>
+ * - Errors return ErrorResponse
+ */
+/**
+ * Standard success response for read operations.
+ * Mutations return SignedReceiptV0 instead.
+ */
+interface SuccessResponse<T> {
+    success: true;
+    data: T;
+    meta?: {
+        request_id?: string;
+        correlation_id: string;
+    };
+}
+/**
+ * Create a SuccessResponse.
+ */
+declare function success<T>(data: T, correlationId: string, requestId?: string): SuccessResponse<T>;
+/**
+ * Standard error response.
+ */
+interface ErrorResponse {
+    success: false;
+    error: {
+        code: KernelErrorCode$1;
+        message: string;
+        details?: unknown;
+        correlation_id: string;
+    };
+}
+/**
+ * Create an ErrorResponse.
+ */
+declare function error(code: KernelErrorCode$1, message: string, correlationId: string, details?: unknown): ErrorResponse;
+declare const SuccessResponseSchema: <T extends z.ZodType>(dataSchema: T) => z.ZodObject<{
+    success: z.ZodLiteral<true>;
+    data: T;
+    meta: z.ZodOptional<z.ZodObject<{
+        request_id: z.ZodOptional<z.ZodString>;
+        correlation_id: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
+    success: z.ZodLiteral<true>;
+    data: T;
+    meta: z.ZodOptional<z.ZodObject<{
+        request_id: z.ZodOptional<z.ZodString>;
+        correlation_id: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }>>;
+}>, any> extends infer T_1 ? { [k in keyof T_1]: T_1[k]; } : never, z.baseObjectInputType<{
+    success: z.ZodLiteral<true>;
+    data: T;
+    meta: z.ZodOptional<z.ZodObject<{
+        request_id: z.ZodOptional<z.ZodString>;
+        correlation_id: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }, {
+        correlation_id: string;
+        request_id?: string | undefined;
+    }>>;
+}> extends infer T_2 ? { [k_1 in keyof T_2]: T_2[k_1]; } : never>;
+declare const ErrorResponseSchema: z.ZodObject<{
+    success: z.ZodLiteral<false>;
+    error: z.ZodObject<{
+        code: z.ZodEnum<["INVALID_REQUEST", "UNAUTHORIZED", "FORBIDDEN", "NOT_FOUND", "CONFLICT", "IDEMPOTENCY_CONFLICT", "INSUFFICIENT_BALANCE", "SPEND_CAP_EXCEEDED", "RATE_LIMITED", "INTERNAL_ERROR", "SERVICE_UNAVAILABLE"]>;
+        message: z.ZodString;
+        details: z.ZodOptional<z.ZodUnknown>;
+        correlation_id: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE";
+        message: string;
+        correlation_id: string;
+        details?: unknown;
+    }, {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE";
+        message: string;
+        correlation_id: string;
+        details?: unknown;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    success: false;
+    error: {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE";
+        message: string;
+        correlation_id: string;
+        details?: unknown;
+    };
+}, {
+    success: false;
+    error: {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE";
+        message: string;
+        correlation_id: string;
+        details?: unknown;
+    };
+}>;
+/**
+ * @hlos-ai/schemas - SignedReceiptV0
+ *
+ * Canonical receipt format for HLOS Kernel v2 mutations.
+ * All mutating operations emit this receipt type.
+ *
+ * FROZEN: Breaking changes require version bump.
+ */
+/**
+ * Receipt type URI (JSON-LD style).
+ */
+declare const RECEIPT_TYPE_URI: "https://hlos.ai/schema/SignedReceiptV0";
+/**
+ * Current receipt format version.
+ * This is a NUMBER, not semver.
+ */
+declare const RECEIPT_VERSION: 0;
+/**
+ * SignedReceiptV0: Canonical receipt for all v2 mutations.
+ *
+ * Content is JCS-canonicalized, SHA-256 hashed, Ed25519 signed.
+ *
+ * @template T - The content type (mutation-specific payload)
+ */
+interface SignedReceiptV0<T = unknown> {
+    /**
+     * Type URI for JSON-LD compatibility.
+     */
+    '@type': typeof RECEIPT_TYPE_URI;
+    /**
+     * Format version (number, not semver).
+     * Increment for breaking format changes.
+     */
+    version: typeof RECEIPT_VERSION;
+    /**
+     * Unique receipt identifier.
+     */
+    receipt_id: ReceiptId | string;
+    /**
+     * The mutation payload (JCS-canonicalized before hashing).
+     */
+    content: T;
+    /**
+     * SHA-256 hash of JCS(content), base64url encoded.
+     *
+     * IMPORTANT: This is base64url of the raw 32-byte digest,
+     * NOT hex encoding. Matches signature input format.
+     */
+    content_hash: string;
+    /**
+     * Ed25519 signature over the raw 32-byte content_hash digest.
+     * base64url encoded.
+     *
+     * Signing process:
+     *   1. canonicalize = JCS(content)
+     *   2. digest = SHA-256(canonicalize) → 32 bytes
+     *   3. signature = Ed25519.sign(private_key, digest)
+     *   4. encode = base64url(signature)
+     */
+    signature: string;
+    /**
+     * Key identifier for signature verification.
+     * Resolves via JWKS endpoint: GET /api/v2/.well-known/keys
+     */
+    key_id: string;
+    /**
+     * ISO 8601 timestamp when receipt was issued.
+     */
+    issued_at: string;
+}
+/**
+ * Strict base64url length constants:
+ * - SHA-256 digest (32 bytes) = 43 chars base64url (no padding)
+ * - Ed25519 signature (64 bytes) = 86 chars base64url (no padding)
+ */
+declare const CONTENT_HASH_LENGTH = 43;
+declare const SIGNATURE_LENGTH = 86;
+declare const SignedReceiptV0Schema: <T extends z.ZodType>(contentSchema: T) => z.ZodObject<{
+    '@type': z.ZodLiteral<"https://hlos.ai/schema/SignedReceiptV0">;
+    version: z.ZodLiteral<0>;
+    receipt_id: z.ZodString;
+    content: T;
+    content_hash: z.ZodString;
+    signature: z.ZodString;
+    key_id: z.ZodString;
+    issued_at: z.ZodString;
+}, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
+    '@type': z.ZodLiteral<"https://hlos.ai/schema/SignedReceiptV0">;
+    version: z.ZodLiteral<0>;
+    receipt_id: z.ZodString;
+    content: T;
+    content_hash: z.ZodString;
+    signature: z.ZodString;
+    key_id: z.ZodString;
+    issued_at: z.ZodString;
+}>, any> extends infer T_1 ? { [k in keyof T_1]: T_1[k]; } : never, z.baseObjectInputType<{
+    '@type': z.ZodLiteral<"https://hlos.ai/schema/SignedReceiptV0">;
+    version: z.ZodLiteral<0>;
+    receipt_id: z.ZodString;
+    content: T;
+    content_hash: z.ZodString;
+    signature: z.ZodString;
+    key_id: z.ZodString;
+    issued_at: z.ZodString;
+}> extends infer T_2 ? { [k_1 in keyof T_2]: T_2[k_1]; } : never>;
+/**
+ * Loose schema for unknown content types.
+ */
+declare const SignedReceiptV0LooseSchema: z.ZodObject<{
+    '@type': z.ZodLiteral<"https://hlos.ai/schema/SignedReceiptV0">;
+    version: z.ZodLiteral<0>;
+    receipt_id: z.ZodString;
+    content: z.ZodUnknown;
+    content_hash: z.ZodString;
+    signature: z.ZodString;
+    key_id: z.ZodString;
+    issued_at: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    '@type': "https://hlos.ai/schema/SignedReceiptV0";
+    version: 0;
+    receipt_id: string;
+    content_hash: string;
+    signature: string;
+    key_id: string;
+    issued_at: string;
+    content?: unknown;
+}, {
+    '@type': "https://hlos.ai/schema/SignedReceiptV0";
+    version: 0;
+    receipt_id: string;
+    content_hash: string;
+    signature: string;
+    key_id: string;
+    issued_at: string;
+    content?: unknown;
+}>;
+/**
+ * Check if a value is a SignedReceiptV0.
+ */
+declare function isSignedReceiptV0(value: unknown): value is SignedReceiptV0;
+/**
+ * @hlos-ai/schemas - Shared Contract Types
+ *
+ * LOCKED CONTRACT — All tracks must import from this file.
+ * No local redefinitions allowed.
+ *
+ * Contains:
+ * - Response envelopes (KernelOk, KernelError, ApiResponse)
+ * - Error codes (KernelErrorCode) - STRICT ENUM
+ * - Attribution enums (FundingSource, CredentialSource)
+ * - Crossing types (CrossingSnapshotV0, CrossingHashInputV0, CrossingSettledReceipt)
+ * - Stack primitives (Stack, StackProvider, StackConnection)
+ * - Test fixtures (golden vectors for conformance)
+ */
+/**
+ * Kernel error codes - STRICT ENUM.
+ * Uses KernelErrorCodeSchema instead of z.string() to prevent drift.
+ */
+declare const KernelErrorCodeSchema: z.ZodEnum<["VALIDATION_ERROR", "INVALID_REQUEST", "UNAUTHORIZED", "FORBIDDEN", "NOT_FOUND", "CROSSING_NOT_FOUND", "STACK_NOT_FOUND", "STACK_CONNECTION_NOT_FOUND", "CONFLICT", "INVALID_STATE_TRANSITION", "CROSSING_ALREADY_SETTLED", "IDEMPOTENCY_CONFLICT", "INSUFFICIENT_BALANCE", "SPEND_CAP_EXCEEDED", "RATE_LIMITED", "INTERNAL_ERROR", "SERVICE_UNAVAILABLE"]>;
+type KernelErrorCode = z.infer<typeof KernelErrorCodeSchema>;
+/**
+ * HTTP status code mapping for each error code.
+ */
+declare const ERROR_CODE_STATUS: Record<KernelErrorCode, number>;
+/**
+ * KernelOk - Standard success envelope.
+ * Status: 200-299 (success) OR 304 (not modified).
+ * NOT arbitrary 3xx (302 implies navigation semantics, not API success).
+ */
+declare const KernelOkSchema: <T extends z.ZodType>(dataSchema: T) => z.ZodObject<{
+    ok: z.ZodLiteral<true>;
+    status: z.ZodUnion<[z.ZodNumber, z.ZodLiteral<304>]>;
+    data: T;
+}, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
+    ok: z.ZodLiteral<true>;
+    status: z.ZodUnion<[z.ZodNumber, z.ZodLiteral<304>]>;
+    data: T;
+}>, any> extends infer T_1 ? { [k in keyof T_1]: T_1[k]; } : never, z.baseObjectInputType<{
+    ok: z.ZodLiteral<true>;
+    status: z.ZodUnion<[z.ZodNumber, z.ZodLiteral<304>]>;
+    data: T;
+}> extends infer T_2 ? { [k_1 in keyof T_2]: T_2[k_1]; } : never>;
+type KernelOk<T> = {
+    ok: true;
+    status: number;
+    data: T;
+};
+/**
+ * KernelError - Standard error envelope.
+ * Uses STRICT KernelErrorCodeSchema.
+ */
+declare const KernelErrorSchema: z.ZodObject<{
+    ok: z.ZodLiteral<false>;
+    status: z.ZodNumber;
+    error: z.ZodObject<{
+        code: z.ZodEnum<["VALIDATION_ERROR", "INVALID_REQUEST", "UNAUTHORIZED", "FORBIDDEN", "NOT_FOUND", "CROSSING_NOT_FOUND", "STACK_NOT_FOUND", "STACK_CONNECTION_NOT_FOUND", "CONFLICT", "INVALID_STATE_TRANSITION", "CROSSING_ALREADY_SETTLED", "IDEMPOTENCY_CONFLICT", "INSUFFICIENT_BALANCE", "SPEND_CAP_EXCEEDED", "RATE_LIMITED", "INTERNAL_ERROR", "SERVICE_UNAVAILABLE"]>;
+        message: z.ZodString;
+        details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE" | "VALIDATION_ERROR" | "CROSSING_NOT_FOUND" | "STACK_NOT_FOUND" | "STACK_CONNECTION_NOT_FOUND" | "INVALID_STATE_TRANSITION" | "CROSSING_ALREADY_SETTLED";
+        message: string;
+        details?: Record<string, unknown> | undefined;
+    }, {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE" | "VALIDATION_ERROR" | "CROSSING_NOT_FOUND" | "STACK_NOT_FOUND" | "STACK_CONNECTION_NOT_FOUND" | "INVALID_STATE_TRANSITION" | "CROSSING_ALREADY_SETTLED";
+        message: string;
+        details?: Record<string, unknown> | undefined;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    status: number;
+    error: {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE" | "VALIDATION_ERROR" | "CROSSING_NOT_FOUND" | "STACK_NOT_FOUND" | "STACK_CONNECTION_NOT_FOUND" | "INVALID_STATE_TRANSITION" | "CROSSING_ALREADY_SETTLED";
+        message: string;
+        details?: Record<string, unknown> | undefined;
+    };
+    ok: false;
+}, {
+    status: number;
+    error: {
+        code: "INVALID_REQUEST" | "UNAUTHORIZED" | "FORBIDDEN" | "NOT_FOUND" | "CONFLICT" | "IDEMPOTENCY_CONFLICT" | "INSUFFICIENT_BALANCE" | "SPEND_CAP_EXCEEDED" | "RATE_LIMITED" | "INTERNAL_ERROR" | "SERVICE_UNAVAILABLE" | "VALIDATION_ERROR" | "CROSSING_NOT_FOUND" | "STACK_NOT_FOUND" | "STACK_CONNECTION_NOT_FOUND" | "INVALID_STATE_TRANSITION" | "CROSSING_ALREADY_SETTLED";
+        message: string;
+        details?: Record<string, unknown> | undefined;
+    };
+    ok: false;
+}>;
+type KernelError = z.infer<typeof KernelErrorSchema>;
+/**
+ * ApiResponse - Union of success and error.
+ */
+type ApiResponse<T> = KernelOk<T> | KernelError;
+/**
+ * CrossingId format: cross_[a-z0-9]{20,}
+ */
+declare const CrossingIdFormatSchema: z.ZodString;
+/**
+ * ReceiptId format: rcpt_[0-9A-HJKMNP-TV-Z]{26}
+ */
+declare const ReceiptIdFormatSchema: z.ZodString;
+/**
+ * PassportId format: passport_[a-z0-9]{20,}
+ */
+declare const PassportIdFormatSchema: z.ZodString;
+/**
+ * WalletId format: wallet_[a-z0-9]{20,}
+ */
+declare const WalletIdFormatSchema: z.ZodString;
+/**
+ * FundingSource - Who paid for this crossing.
+ * Determined by credential_source (see mapping rule below).
+ */
+declare const FundingSourceSchema: z.ZodEnum<["SPONSOR", "PLATFORM", "USER"]>;
+type FundingSource = z.infer<typeof FundingSourceSchema>;
+/**
+ * CredentialSource - Where the credential came from.
+ */
+declare const CredentialSourceSchema: z.ZodEnum<["SPONSOR_KEY", "BYOK", "HLOS_FALLBACK"]>;
+type CredentialSource = z.infer<typeof CredentialSourceSchema>;
+/**
+ * Deterministic funding mapping rule.
+ * INVARIANT: credential_source determines funding_source.
+ */
+declare function deriveFundingSource(credentialSource: CredentialSource): FundingSource;
+/**
+ * CrossingSnapshotV0 - Stable fields for hash computation.
+ *
+ * INVARIANT: Must NOT include any derived or mutable fields:
+ * - state, receiptIds, settledAt, createdAt/updatedAt
+ */
+declare const CrossingSnapshotV0Schema: z.ZodObject<{
+    crossingId: z.ZodString;
+    capabilityId: z.ZodString;
+    passportId: z.ZodString;
+    event_id: z.ZodNullable<z.ZodString>;
+    access_window_id: z.ZodNullable<z.ZodString>;
+    access_grant_id: z.ZodNullable<z.ZodString>;
+    attribution_org_id: z.ZodNullable<z.ZodString>;
+    funding_source: z.ZodNullable<z.ZodEnum<["SPONSOR", "PLATFORM", "USER"]>>;
+    credential_source: z.ZodEnum<["SPONSOR_KEY", "BYOK", "HLOS_FALLBACK"]>;
+}, "strip", z.ZodTypeAny, {
+    crossingId: string;
+    capabilityId: string;
+    passportId: string;
+    event_id: string | null;
+    access_window_id: string | null;
+    access_grant_id: string | null;
+    attribution_org_id: string | null;
+    funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+    credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+}, {
+    crossingId: string;
+    capabilityId: string;
+    passportId: string;
+    event_id: string | null;
+    access_window_id: string | null;
+    access_grant_id: string | null;
+    attribution_org_id: string | null;
+    funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+    credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+}>;
+type CrossingSnapshotV0 = z.infer<typeof CrossingSnapshotV0Schema>;
+/**
+ * CrossingHashInputV0 - Input to hash function.
+ * Uses version marker for future-proofing.
+ */
+declare const CrossingHashInputV0Schema: z.ZodObject<{
+    v: z.ZodLiteral<0>;
+    snapshot: z.ZodObject<{
+        crossingId: z.ZodString;
+        capabilityId: z.ZodString;
+        passportId: z.ZodString;
+        event_id: z.ZodNullable<z.ZodString>;
+        access_window_id: z.ZodNullable<z.ZodString>;
+        access_grant_id: z.ZodNullable<z.ZodString>;
+        attribution_org_id: z.ZodNullable<z.ZodString>;
+        funding_source: z.ZodNullable<z.ZodEnum<["SPONSOR", "PLATFORM", "USER"]>>;
+        credential_source: z.ZodEnum<["SPONSOR_KEY", "BYOK", "HLOS_FALLBACK"]>;
+    }, "strip", z.ZodTypeAny, {
+        crossingId: string;
+        capabilityId: string;
+        passportId: string;
+        event_id: string | null;
+        access_window_id: string | null;
+        access_grant_id: string | null;
+        attribution_org_id: string | null;
+        funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+        credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    }, {
+        crossingId: string;
+        capabilityId: string;
+        passportId: string;
+        event_id: string | null;
+        access_window_id: string | null;
+        access_grant_id: string | null;
+        attribution_org_id: string | null;
+        funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+        credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    }>;
+    attested_receipt_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    v: 0;
+    snapshot: {
+        crossingId: string;
+        capabilityId: string;
+        passportId: string;
+        event_id: string | null;
+        access_window_id: string | null;
+        access_grant_id: string | null;
+        attribution_org_id: string | null;
+        funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+        credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    };
+    attested_receipt_id: string;
+}, {
+    v: 0;
+    snapshot: {
+        crossingId: string;
+        capabilityId: string;
+        passportId: string;
+        event_id: string | null;
+        access_window_id: string | null;
+        access_grant_id: string | null;
+        attribution_org_id: string | null;
+        funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+        credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    };
+    attested_receipt_id: string;
+}>;
+type CrossingHashInputV0 = z.infer<typeof CrossingHashInputV0Schema>;
+/**
+ * SettlementAuthority - LITERAL (no drift).
+ */
+declare const SETTLEMENT_AUTHORITY: "hlos.ai";
+/**
+ * CrossingSettledReceipt - Issued when crossing reaches SETTLED state.
+ */
+declare const CrossingSettledReceiptSchema: z.ZodObject<{
+    type: z.ZodLiteral<"CrossingSettled">;
+    crossingId: z.ZodString;
+    event_id: z.ZodNullable<z.ZodString>;
+    access_window_id: z.ZodNullable<z.ZodString>;
+    access_grant_id: z.ZodNullable<z.ZodString>;
+    attribution_org_id: z.ZodNullable<z.ZodString>;
+    funding_source: z.ZodNullable<z.ZodEnum<["SPONSOR", "PLATFORM", "USER"]>>;
+    credential_source: z.ZodEnum<["SPONSOR_KEY", "BYOK", "HLOS_FALLBACK"]>;
+    settlement_authority: z.ZodLiteral<"hlos.ai">;
+    crossing_hash: z.ZodString;
+    attested_receipt_id: z.ZodString;
+    settled_at: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    type: "CrossingSettled";
+    crossingId: string;
+    event_id: string | null;
+    access_window_id: string | null;
+    access_grant_id: string | null;
+    attribution_org_id: string | null;
+    funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+    credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    attested_receipt_id: string;
+    settlement_authority: "hlos.ai";
+    crossing_hash: string;
+    settled_at: string;
+}, {
+    type: "CrossingSettled";
+    crossingId: string;
+    event_id: string | null;
+    access_window_id: string | null;
+    access_grant_id: string | null;
+    attribution_org_id: string | null;
+    funding_source: "SPONSOR" | "PLATFORM" | "USER" | null;
+    credential_source: "SPONSOR_KEY" | "BYOK" | "HLOS_FALLBACK";
+    attested_receipt_id: string;
+    settlement_authority: "hlos.ai";
+    crossing_hash: string;
+    settled_at: string;
+}>;
+type CrossingSettledReceipt = z.infer<typeof CrossingSettledReceiptSchema>;
+/**
+ * AvailabilityType - Provider availability classification.
+ */
+declare const AvailabilityTypeSchema: z.ZodEnum<["EVENT_SPONSOR", "EVERGREEN", "CATALOG"]>;
+type AvailabilityType = z.infer<typeof AvailabilityTypeSchema>;
+/**
+ * ProviderRole - P1: Constrained enum for provider roles.
+ */
+declare const ProviderRoleSchema: z.ZodEnum<["AI", "DATABASE", "AUTH", "DEPLOY", "STORAGE", "SEARCH", "PAYMENTS", "COMPUTE", "OTHER"]>;
+type ProviderRole = z.infer<typeof ProviderRoleSchema>;
+/**
+ * StackProvider - Provider within a stack.
+ */
+declare const StackProviderSchema: z.ZodObject<{
+    provider_id: z.ZodString;
+    role: z.ZodEnum<["AI", "DATABASE", "AUTH", "DEPLOY", "STORAGE", "SEARCH", "PAYMENTS", "COMPUTE", "OTHER"]>;
+    display_name: z.ZodString;
+    budget_allocation: z.ZodNumber;
+    sku_ids: z.ZodArray<z.ZodString, "many">;
+    availability_type: z.ZodEnum<["EVENT_SPONSOR", "EVERGREEN", "CATALOG"]>;
+}, "strip", z.ZodTypeAny, {
+    provider_id: string;
+    role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+    display_name: string;
+    budget_allocation: number;
+    sku_ids: string[];
+    availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+}, {
+    provider_id: string;
+    role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+    display_name: string;
+    budget_allocation: number;
+    sku_ids: string[];
+    availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+}>;
+type StackProvider = z.infer<typeof StackProviderSchema>;
+/**
+ * Stack - Curated capability bundle.
+ */
+declare const StackSchema: z.ZodObject<{
+    id: z.ZodString;
+    slug: z.ZodString;
+    name: z.ZodString;
+    tagline: z.ZodString;
+    icon: z.ZodString;
+    providers: z.ZodArray<z.ZodObject<{
+        provider_id: z.ZodString;
+        role: z.ZodEnum<["AI", "DATABASE", "AUTH", "DEPLOY", "STORAGE", "SEARCH", "PAYMENTS", "COMPUTE", "OTHER"]>;
+        display_name: z.ZodString;
+        budget_allocation: z.ZodNumber;
+        sku_ids: z.ZodArray<z.ZodString, "many">;
+        availability_type: z.ZodEnum<["EVENT_SPONSOR", "EVERGREEN", "CATALOG"]>;
+    }, "strip", z.ZodTypeAny, {
+        provider_id: string;
+        role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+        display_name: string;
+        budget_allocation: number;
+        sku_ids: string[];
+        availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+    }, {
+        provider_id: string;
+        role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+        display_name: string;
+        budget_allocation: number;
+        sku_ids: string[];
+        availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+    }>, "many">;
+    github_template: z.ZodNullable<z.ZodString>;
+    total_budget: z.ZodNumber;
+    event_id: z.ZodNullable<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    event_id: string | null;
+    id: string;
+    slug: string;
+    name: string;
+    tagline: string;
+    icon: string;
+    providers: {
+        provider_id: string;
+        role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+        display_name: string;
+        budget_allocation: number;
+        sku_ids: string[];
+        availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+    }[];
+    github_template: string | null;
+    total_budget: number;
+}, {
+    event_id: string | null;
+    id: string;
+    slug: string;
+    name: string;
+    tagline: string;
+    icon: string;
+    providers: {
+        provider_id: string;
+        role: "AI" | "DATABASE" | "AUTH" | "DEPLOY" | "STORAGE" | "SEARCH" | "PAYMENTS" | "COMPUTE" | "OTHER";
+        display_name: string;
+        budget_allocation: number;
+        sku_ids: string[];
+        availability_type: "EVENT_SPONSOR" | "EVERGREEN" | "CATALOG";
+    }[];
+    github_template: string | null;
+    total_budget: number;
+}>;
+type Stack = z.infer<typeof StackSchema>;
+/**
+ * StackConnection - User's connection to a stack.
+ */
+declare const StackConnectionSchema: z.ZodObject<{
+    id: z.ZodString;
+    stack_id: z.ZodString;
+    passport_id: z.ZodString;
+    team_id: z.ZodNullable<z.ZodString>;
+    environment_id: z.ZodString;
+    connected_at: z.ZodString;
+    connected_providers: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    stack_id: string;
+    passport_id: string;
+    team_id: string | null;
+    environment_id: string;
+    connected_at: string;
+    connected_providers: string[];
+}, {
+    id: string;
+    stack_id: string;
+    passport_id: string;
+    team_id: string | null;
+    environment_id: string;
+    connected_at: string;
+    connected_providers: string[];
+}>;
+type StackConnection = z.infer<typeof StackConnectionSchema>;
+/**
+ * Create a KernelOk response.
+ */
+declare function kernelOk<T>(data: T, status?: number): KernelOk<T>;
+/**
+ * Create a KernelError response.
+ */
+declare function kernelError(code: KernelErrorCode, // P0: Now typed to KernelErrorCode
+message: string, status?: number, details?: Record<string, unknown>): KernelError;
+/**
+ * Golden test fixtures for downstream conformance testing.
+ * Surfaces (MCP, Agent Passport, Caravan, events-hlos) can import these
+ * to verify they're hashing/encoding/typing identically.
+ */
+declare const GOLDEN_FIXTURES: {
+    /**
+     * Sample CrossingHashInputV0 for hash conformance.
+     */
+    readonly crossingHashInput: {
+        v: 0;
+        snapshot: {
+            crossingId: string;
+            capabilityId: string;
+            passportId: string;
+            event_id: string;
+            access_window_id: string;
+            access_grant_id: string;
+            attribution_org_id: string;
+            funding_source: "SPONSOR";
+            credential_source: "SPONSOR_KEY";
+        };
+        attested_receipt_id: string;
+    };
+    /**
+     * Expected crossing_hash for the above input (FROZEN).
+     * Compute: JCS canonicalize → SHA-256 → base64url (no padding)
+     *
+     * This is the golden vector. If your hash differs, your implementation
+     * is not conformant. DO NOT CHANGE unless crossingHashInput changes.
+     */
+    readonly expectedCrossingHash_base64url_sha256_jcs_v0: "z8A2kCNck4rPL4ugNe-Fbxputdi3PkjkVpSrIBhojU0";
+    /**
+     * Sample CrossingSettledReceipt.
+     */
+    readonly crossingSettledReceipt: {
+        type: "CrossingSettled";
+        crossingId: string;
+        event_id: string;
+        access_window_id: string;
+        access_grant_id: string;
+        attribution_org_id: string;
+        funding_source: "SPONSOR";
+        credential_source: "SPONSOR_KEY";
+        settlement_authority: "hlos.ai";
+        crossing_hash: string;
+        attested_receipt_id: string;
+        settled_at: string;
+    };
+};
+/**
+ * Type guard: check if a value is a valid CrossingHashInputV0.
+ */
+declare function isCrossingHashInputV0(value: unknown): value is CrossingHashInputV0;
+/**
+ * Type guard: check if a value is a valid CrossingSettledReceipt.
+ */
+declare function isCrossingSettledReceipt(value: unknown): value is CrossingSettledReceipt;
+/**
+ * Family W — Privacy-Preserving Proofs (Phase 1 Lock)
+ *
+ * CC-W-01: RP-specific pseudonym derivation + rotation
+ * CC-W-03: transaction_context_hash binding prevents replay
+ *
+ * Phase 1 schemas are LOCKED. Any changes require:
+ * - Golden vector updates
+ * - Invariants note
+ * - Contract tests
+ *
+ * @packageDocumentation
+ */
+/**
+ * RPID derivation domain separator.
+ * Used in HKDF info: concat(W_RPID_DOMAIN, encodeEpoch(epoch))
+ */
+declare const W_RPID_DOMAIN: Uint8Array<ArrayBuffer>;
+/**
+ * Transaction context domain separator (reserved for future use).
+ */
+declare const W_TXCTX_DOMAIN: Uint8Array<ArrayBuffer>;
+declare function encodeEpoch(epoch: number | string): Uint8Array;
+/**
+ * Relying Party identifier.
+ * Uniquely identifies a verifier/merchant for pseudonym derivation.
+ */
+declare const RelyingPartyIdSchema: z.ZodObject<{
+    /** RP domain (e.g., "merchant.example.com") */
+    domain: z.ZodString;
+    /** Audience URI (e.g., "https://merchant.example.com/verify") */
+    audience_uri: z.ZodString;
+    /** SHA-256 hash of verifier's public key (hex, 64 chars) */
+    verifier_key_hash: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    domain: string;
+    audience_uri: string;
+    verifier_key_hash: string;
+}, {
+    domain: string;
+    audience_uri: string;
+    verifier_key_hash: string;
+}>;
+type RelyingPartyId = z.infer<typeof RelyingPartyIdSchema>;
+/**
+ * Rotation epoch for RPID derivation.
+ *
+ * Accepts:
+ * - number: milliseconds since Unix epoch (non-negative integer)
+ * - string: RFC3339 datetime (e.g., "2026-01-29T00:00:00Z")
+ *
+ * INVARIANT: All epochs normalize to millisecond timestamps via encodeEpoch().
+ */
+declare const RotationEpochSchema: z.ZodUnion<[z.ZodNumber, z.ZodString]>;
+type RotationEpoch = z.infer<typeof RotationEpochSchema>;
+/**
+ * RP-specific pseudonym.
+ * Base64url-encoded, 32 bytes = 43 chars without padding.
+ * We prefer no-padding format per RFC 7515.
+ */
+declare const RPIDSchema: z.ZodString;
+type RPID = z.infer<typeof RPIDSchema>;
+/**
+ * Transaction context for replay protection.
+ *
+ * Core fields (required, stable):
+ * - relying_party_id: who is verifying
+ * - operation_hash: sha256(JCS({ intent, request }))
+ * - not_before/not_after: validity window
+ *
+ * Optional fields (part of hash, must be consistent):
+ * - amount/currency: economic context
+ * - surface_id/channel_id: routing context
+ */
+declare const TransactionContextSchema: z.ZodObject<{
+    relying_party_id: z.ZodObject<{
+        /** RP domain (e.g., "merchant.example.com") */
+        domain: z.ZodString;
+        /** Audience URI (e.g., "https://merchant.example.com/verify") */
+        audience_uri: z.ZodString;
+        /** SHA-256 hash of verifier's public key (hex, 64 chars) */
+        verifier_key_hash: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        domain: string;
+        audience_uri: string;
+        verifier_key_hash: string;
+    }, {
+        domain: string;
+        audience_uri: string;
+        verifier_key_hash: string;
+    }>;
+    /** sha256(JCS({ intent, request })) — see computeOperationHash() */
+    operation_hash: z.ZodString;
+    /** Validity start (RFC3339) */
+    not_before: z.ZodString;
+    /** Validity end (RFC3339) */
+    not_after: z.ZodString;
+    amount: z.ZodOptional<z.ZodNumber>;
+    currency: z.ZodOptional<z.ZodString>;
+    surface_id: z.ZodOptional<z.ZodString>;
+    channel_id: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    relying_party_id: {
+        domain: string;
+        audience_uri: string;
+        verifier_key_hash: string;
+    };
+    operation_hash: string;
+    not_before: string;
+    not_after: string;
+    amount?: number | undefined;
+    currency?: string | undefined;
+    surface_id?: string | undefined;
+    channel_id?: string | undefined;
+}, {
+    relying_party_id: {
+        domain: string;
+        audience_uri: string;
+        verifier_key_hash: string;
+    };
+    operation_hash: string;
+    not_before: string;
+    not_after: string;
+    amount?: number | undefined;
+    currency?: string | undefined;
+    surface_id?: string | undefined;
+    channel_id?: string | undefined;
+}>;
+type TransactionContext = z.infer<typeof TransactionContextSchema>;
+/**
+ * SHA-256 hash of JCS-canonicalized TransactionContext.
+ * 64-character lowercase hex string.
+ */
+declare const TransactionContextHashSchema: z.ZodString;
+type TransactionContextHash = z.infer<typeof TransactionContextHashSchema>;
+/**
+ * Golden fixtures for Phase 1 W schemas.
+ * Used for drift detection and cross-repo alignment.
+ */
+declare const W_GOLDEN_FIXTURES: {
+    /**
+     * encodeEpoch(1706486400000) = 2024-01-29T00:00:00.000Z
+     * Expected: 8 bytes, u64 big-endian
+     */
+    readonly epochMs: 1706486400000;
+    readonly expectedEpochBytes: Uint8Array<ArrayBuffer>;
+    /**
+     * Sample RelyingPartyId for test vectors
+     */
+    readonly sampleRpId: {
+        domain: string;
+        audience_uri: string;
+        verifier_key_hash: string;
+    };
+    /**
+     * Sample TransactionContext for test vectors
+     */
+    readonly sampleTxContext: {
+        relying_party_id: {
+            domain: string;
+            audience_uri: string;
+            verifier_key_hash: string;
+        };
+        operation_hash: string;
+        not_before: string;
+        not_after: string;
+    };
+    /**
+     * MAX_WINDOW_MS: Maximum allowed not_after - not_before (5 minutes)
+     */
+    readonly MAX_WINDOW_MS: number;
+};
+/**
+ * Validate transaction context time window.
+ *
+ * Enforces:
+ * - not_after > not_before
+ * - not_after - not_before <= MAX_WINDOW_MS
+ *
+ * @param context - Transaction context to validate
+ * @returns true if valid, throws otherwise
+ */
+declare function validateTimeWindow(context: TransactionContext): boolean;
+/**
+ * @hlos-ai/schemas - Agents Contracts
+ *
+ * Shared schemas for Agents Index + Passport Stub.
+ * Routes are authoritative source of truth; these schemas validate conformance.
+ *
+ * Design choices:
+ * - .passthrough() allows extra fields without breaking
+ * - Enums use .or(z.string()) pattern for forward compatibility
+ * - passport_id is z.null() as a boundary constraint
+ */
+/**
+ * AgentStatus - Known values documented, but accepts future additions.
+ */
+declare const AgentStatusSchema: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+type AgentStatus = z.infer<typeof AgentStatusSchema>;
+/**
+ * AgentType - Known values documented, but accepts future additions.
+ */
+declare const AgentTypeSchema: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+type AgentType = z.infer<typeof AgentTypeSchema>;
+/**
+ * Agent item in list response (snake_case wire format).
+ */
+declare const AgentListItemSchema: z.ZodObject<{
+    id: z.ZodString;
+    external_id: z.ZodString;
+    name: z.ZodString;
+    status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+    agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+    trust_score: z.ZodNumber;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    created_at: z.ZodString;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    id: z.ZodString;
+    external_id: z.ZodString;
+    name: z.ZodString;
+    status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+    agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+    trust_score: z.ZodNumber;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    created_at: z.ZodString;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    id: z.ZodString;
+    external_id: z.ZodString;
+    name: z.ZodString;
+    status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+    agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+    trust_score: z.ZodNumber;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    created_at: z.ZodString;
+}, z.ZodTypeAny, "passthrough">>;
+type AgentListItem = z.infer<typeof AgentListItemSchema>;
+/**
+ * GET /api/agents response schema.
+ * _meta.source: "hlos" (authoritative list)
+ */
+declare const AgentsListResponseSchema: z.ZodObject<{
+    agents: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">>, "many">;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"hlos">;
+    }, "strip", z.ZodTypeAny, {
+        source: "hlos";
+    }, {
+        source: "hlos";
+    }>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    agents: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">>, "many">;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"hlos">;
+    }, "strip", z.ZodTypeAny, {
+        source: "hlos";
+    }, {
+        source: "hlos";
+    }>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    agents: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        id: z.ZodString;
+        external_id: z.ZodString;
+        name: z.ZodString;
+        status: z.ZodUnion<[z.ZodEnum<["ACTIVE", "PENDING", "SUSPENDED", "REVOKED"]>, z.ZodString]>;
+        agent_type: z.ZodUnion<[z.ZodEnum<["CUSTOM", "CLAUDE", "GPT", "GEMINI", "CURSOR", "COPILOT", "OTHER"]>, z.ZodString]>;
+        trust_score: z.ZodNumber;
+        hosting_model: z.ZodNull;
+        declared_tier: z.ZodNull;
+        created_at: z.ZodString;
+    }, z.ZodTypeAny, "passthrough">>, "many">;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"hlos">;
+    }, "strip", z.ZodTypeAny, {
+        source: "hlos";
+    }, {
+        source: "hlos";
+    }>;
+}, z.ZodTypeAny, "passthrough">>;
+type AgentsListResponse = z.infer<typeof AgentsListResponseSchema>;
+/**
+ * GET /api/agents/[agentId]/passport response schema.
+ *
+ * BOUNDARY CONSTRAINT:
+ * - passport_id MUST be null (HLOS does not mint passports)
+ * - _meta.source: "stub" signals non-authoritative response
+ * - All counters/tiers are null until backed by Agent-Passport system
+ */
+declare const AgentPassportStubResponseSchema: z.ZodObject<{
+    passport_id: z.ZodNull;
+    agent_id: z.ZodString;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    effective_tier: z.ZodNull;
+    finality_level: z.ZodNull;
+    graph: z.ZodObject<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">>;
+    links: z.ZodObject<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">>;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"stub">;
+    }, "strip", z.ZodTypeAny, {
+        source: "stub";
+    }, {
+        source: "stub";
+    }>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    passport_id: z.ZodNull;
+    agent_id: z.ZodString;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    effective_tier: z.ZodNull;
+    finality_level: z.ZodNull;
+    graph: z.ZodObject<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">>;
+    links: z.ZodObject<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">>;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"stub">;
+    }, "strip", z.ZodTypeAny, {
+        source: "stub";
+    }, {
+        source: "stub";
+    }>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    passport_id: z.ZodNull;
+    agent_id: z.ZodString;
+    hosting_model: z.ZodNull;
+    declared_tier: z.ZodNull;
+    effective_tier: z.ZodNull;
+    finality_level: z.ZodNull;
+    graph: z.ZodObject<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        incoming_edges: z.ZodNull;
+        outgoing_edges: z.ZodNull;
+        active_visas: z.ZodNull;
+    }, z.ZodTypeAny, "passthrough">>;
+    links: z.ZodObject<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        passport_url: z.ZodString;
+        docs_url: z.ZodLiteral<"/agents/passport">;
+    }, z.ZodTypeAny, "passthrough">>;
+    _meta: z.ZodObject<{
+        source: z.ZodLiteral<"stub">;
+    }, "strip", z.ZodTypeAny, {
+        source: "stub";
+    }, {
+        source: "stub";
+    }>;
+}, z.ZodTypeAny, "passthrough">>;
+type AgentPassportStubResponse = z.infer<typeof AgentPassportStubResponseSchema>;
+/**
+ * @hlos-ai/schemas - Base64url Encoding Utilities
+ *
+ * RFC 4648 §5 compliant base64url encoding/decoding.
+ * Zero external dependencies.
+ *
+ * Used for:
+ * - receipt_hash: base64url(SHA-256(JCS(receipt)))
+ * - content_hash: base64url(SHA-256(JCS(content)))
+ * - crossing_hash: base64url(SHA-256(JCS(CrossingHashInputV0)))
+ * - Ed25519 signatures and public keys
+ */
+/**
+ * Encode Uint8Array to base64url (RFC 4648 §5, no padding).
+ */
+declare function bytesToBase64url(bytes: Uint8Array): string;
+/**
+ * Decode base64url string to Uint8Array.
+ */
+declare function base64urlToBytes(str: string): Uint8Array;
+/**
+ * Regex for base64url-encoded SHA-256 hash (32 bytes = 43 chars, no padding).
+ */
+declare const BASE64URL_SHA256_REGEX: RegExp;
+/**
+ * Zod schema for a base64url-encoded SHA-256 hash.
+ * 32 bytes = 43 chars base64url (no padding).
+ */
+declare const Base64urlSha256Schema: z.ZodString;
+/**
+ * Zod schema for a base64url-encoded Ed25519 signature.
+ * 64 bytes = 86 chars base64url (no padding).
+ */
+declare const Base64urlEd25519SigSchema: z.ZodString;
+/**
+ * @hlos-ai/schemas - Receipt Hash Computation
+ *
+ * Canonical hash computation for HLOS receipts.
+ *
+ * receipt_hash = base64url(SHA-256(JCS(receipt)))
+ *
+ * This is the hash that:
+ * - BazaarReceiptEnvelope references (hash-first, per BRIDGE_SPEC.md §1.1)
+ * - Notary Attestation (NA) binds to (per BRIDGE_SPEC.md §4.3)
+ * - Surfaces use to reference kernel receipts unambiguously
+ *
+ * IMPORTANT: receipt_hash is computed over the ENTIRE SignedReceiptV0 envelope
+ * (including content, content_hash, signature, key_id, etc.), NOT just content.
+ * This binds the hash to a specific signed receipt version.
+ *
+ * Requires @noble/hashes as peer dependency.
+ *
+ * @see BRIDGE_SPEC.md §1.3 for canonical hashing requirements
+ */
+/**
+ * JCS (RFC 8785) canonical JSON serialization.
+ *
+ * Per RFC 8785:
+ * - Object keys are lexicographically sorted
+ * - Numbers use ES6 serialization
+ * - Rejects: undefined, functions, symbols, bigint, non-finite numbers
+ *
+ * @throws Error if value contains non-canonicalizable types
+ */
+declare function jcsCanonicalize(value: unknown): string;
+/**
+ * Compute receipt_hash for a SignedReceiptV0.
+ *
+ * receipt_hash = base64url(SHA-256(JCS(receipt)))
+ *
+ * The hash is over the ENTIRE receipt envelope (content, content_hash,
+ * signature, key_id, @type, version, receipt_id, issued_at).
+ *
+ * This is the canonical hash format per BRIDGE_SPEC.md §1.3:
+ * 1. Canonicalize the receipt using RFC 8785 JCS
+ * 2. Hash canonical bytes using SHA-256
+ * 3. Encode as base64url (no padding)
+ *
+ * @param receipt - A fully-formed SignedReceiptV0 (must already be signed)
+ * @returns 43-char base64url string (32-byte SHA-256 digest)
+ *
+ * @example
+ * ```typescript
+ * const receipt = issueReceiptV0(content);
+ * const hash = computeReceiptHash(receipt);
+ * // hash is e.g. "z8A2kCNck4rPL4ugNe-Fbxputdi3PkjkVpSrIBhojU0"
+ * ```
+ */
+declare function computeReceiptHash(receipt: SignedReceiptV0): string;
+/**
+ * Compute content_hash for arbitrary content.
+ *
+ * content_hash = base64url(SHA-256(JCS(content)))
+ *
+ * This is the hash stored in SignedReceiptV0.content_hash.
+ * It hashes only the content field, NOT the entire receipt.
+ *
+ * @param content - The content to hash (will be JCS-canonicalized)
+ * @returns 43-char base64url string (32-byte SHA-256 digest)
+ */
+declare function computeContentHash(content: unknown): string;
+/**
+ * Zod schema for receipt_hash field.
+ * base64url(SHA-256(JCS(receipt))) — always 43 chars.
+ */
+declare const ReceiptHashSchema: z.ZodString;
+/**
+ * Golden receipt fixture for hash conformance testing.
+ *
+ * This is a deterministic SignedReceiptV0 with fixed field values.
+ * The receipt_hash computed over this fixture is FROZEN.
+ *
+ * If your computeReceiptHash() produces a different result for this input,
+ * your implementation is non-conformant. DO NOT CHANGE these values.
+ */
+declare const RECEIPT_HASH_GOLDEN_FIXTURE: {
+    readonly receipt: {
+        '@type': "https://hlos.ai/schema/SignedReceiptV0";
+        version: 0;
+        receipt_id: string;
+        content: {
+            type: "CrossingSettled";
+            crossingId: string;
+            settlement_authority: string;
+        };
+        content_hash: string;
+        signature: string;
+        key_id: string;
+        issued_at: string;
+    };
+    /**
+     * Expected JCS canonical form of the receipt.
+     * Keys are lexicographically sorted at all levels.
+     */
+    readonly expectedJcs: "{\"@type\":\"https://hlos.ai/schema/SignedReceiptV0\",\"content\":{\"crossingId\":\"cross_test123abc456def789ghi\",\"settlement_authority\":\"hlos.ai\",\"type\":\"CrossingSettled\"},\"content_hash\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"issued_at\":\"2026-01-27T00:00:00.000Z\",\"key_id\":\"hlos-v2-1\",\"receipt_id\":\"rcpt_01HZGOLDENTEST000000000000\",\"signature\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"version\":0}";
+    /**
+     * Expected receipt_hash (FROZEN).
+     * Compute: JCS canonicalize receipt → SHA-256 → base64url (no padding)
+     *
+     * DO NOT CHANGE unless the receipt fixture above changes.
+     */
+    readonly expectedReceiptHash: "uLiQVUeVKcE35Rdje2fArZQfTcECDgwK6UbmQB_36Pg";
+};
+/**
+ * @hlos-ai/schemas - Finality Schemas
+ *
+ * Defines the Notary Attestation (NA) schema and related types
+ * for HLOS kernel-level HARD finality.
+ *
+ * Per BRIDGE_SPEC.md §4:
+ * - SOFT finality: SignedReceiptV0 signed by settlement authority hlos.ai
+ * - HARD finality: SignedReceiptV0 + NA where STAAMPID countersigns receipt_hash
+ *
+ * HARD finality is a platform feature (POST /api/finality/notarize),
+ * not surface-specific. Any surface can request it.
+ *
+ * @see BRIDGE_SPEC.md §4.3 for NA schema
+ * @see BRIDGE_SPEC.md §4.2 for notarize endpoint
+ */
+/**
+ * NA ID prefix.
+ */
+declare const NA_ID_PREFIX: "na_";
+/**
+ * Finality levels.
+ */
+declare const FinalityLevel: {
+    readonly SOFT: "SOFT";
+    readonly HARD: "HARD";
+};
+type FinalityLevel = (typeof FinalityLevel)[keyof typeof FinalityLevel];
+/**
+ * Notary Attestation ID format: na_ + alphanumeric (20+ chars).
+ */
+declare const NotaryAttestationIdFormatSchema: z.ZodString;
+/**
+ * Merkle proof for append-only log inclusion.
+ * Future-proof: STAAMPID may provide this for auditable transparency.
+ */
+declare const LogInclusionProofSchema: z.ZodObject<{
+    /** Merkle root hash (base64url SHA-256) */
+    root: z.ZodString;
+    /** Sibling hashes along the path (base64url SHA-256 each) */
+    proof: z.ZodArray<z.ZodString, "many">;
+    /** Leaf index in the log */
+    index: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    root: string;
+    proof: string[];
+    index: number;
+}, {
+    root: string;
+    proof: string[];
+    index: number;
+}>;
+type LogInclusionProof = z.infer<typeof LogInclusionProofSchema>;
+/**
+ * NotaryAttestation (NA): STAAMPID's countersignature over a receipt_hash.
+ *
+ * This is the artifact that promotes SOFT finality → HARD finality.
+ * The notary binds to receipt_hash, NOT the receipt content directly.
+ *
+ * Required fields (per BRIDGE_SPEC.md §4.3):
+ * - na_id: Unique NA identifier
+ * - receipt_hash: The kernel receipt hash being attested
+ * - notary_id: Identifier of the notary service
+ * - issued_at: When the attestation was issued
+ * - signature: The notary's countersignature
+ * - signature_alg: Signature algorithm used
+ *
+ * Optional fields (future-proof):
+ * - receipt_type, receipt_version: For schema evolution
+ * - settlement_authority: Cross-check field
+ * - validity_window_seconds, expires_at: TTL for NA validity
+ * - log_inclusion: Merkle proof for append-only log
+ */
+declare const NotaryAttestationSchema: z.ZodObject<{
+    /** Unique NA identifier */
+    na_id: z.ZodString;
+    /** The receipt_hash this NA attests to */
+    receipt_hash: z.ZodString;
+    /** Notary service identifier (e.g. "staampid") */
+    notary_id: z.ZodString;
+    /** ISO 8601 timestamp when NA was issued */
+    issued_at: z.ZodString;
+    /** Notary's countersignature (base64url encoded) */
+    signature: z.ZodString;
+    /** Signature algorithm (e.g. "EdDSA") */
+    signature_alg: z.ZodString;
+    /** Receipt type being attested */
+    receipt_type: z.ZodOptional<z.ZodString>;
+    /** Receipt version being attested */
+    receipt_version: z.ZodOptional<z.ZodNumber>;
+    /** Settlement authority that issued the receipt (cross-check) */
+    settlement_authority: z.ZodOptional<z.ZodString>;
+    /** TTL in seconds for this attestation */
+    validity_window_seconds: z.ZodOptional<z.ZodNumber>;
+    /** ISO 8601 expiry (derived from issued_at + validity_window_seconds) */
+    expires_at: z.ZodOptional<z.ZodString>;
+    /** Merkle proof for append-only log inclusion */
+    log_inclusion: z.ZodOptional<z.ZodObject<{
+        /** Merkle root hash (base64url SHA-256) */
+        root: z.ZodString;
+        /** Sibling hashes along the path (base64url SHA-256 each) */
+        proof: z.ZodArray<z.ZodString, "many">;
+        /** Leaf index in the log */
+        index: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        root: string;
+        proof: string[];
+        index: number;
+    }, {
+        root: string;
+        proof: string[];
+        index: number;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    signature: string;
+    issued_at: string;
+    na_id: string;
+    receipt_hash: string;
+    notary_id: string;
+    signature_alg: string;
+    settlement_authority?: string | undefined;
+    receipt_type?: string | undefined;
+    receipt_version?: number | undefined;
+    validity_window_seconds?: number | undefined;
+    expires_at?: string | undefined;
+    log_inclusion?: {
+        root: string;
+        proof: string[];
+        index: number;
+    } | undefined;
+}, {
+    signature: string;
+    issued_at: string;
+    na_id: string;
+    receipt_hash: string;
+    notary_id: string;
+    signature_alg: string;
+    settlement_authority?: string | undefined;
+    receipt_type?: string | undefined;
+    receipt_version?: number | undefined;
+    validity_window_seconds?: number | undefined;
+    expires_at?: string | undefined;
+    log_inclusion?: {
+        root: string;
+        proof: string[];
+        index: number;
+    } | undefined;
+}>;
+type NotaryAttestation = z.infer<typeof NotaryAttestationSchema>;
+/**
+ * NotaryRequest: The payload HLOS sends to STAAMPID to request a countersignature.
+ *
+ * This is a deterministic payload per BRIDGE_SPEC.md §4.3.
+ * STAAMPID uses this to:
+ * 1. Verify the receipt_hash is well-formed
+ * 2. Log the attestation request
+ * 3. Countersign and return NA
+ */
+declare const NotaryRequestSchema: z.ZodObject<{
+    /** receipt_hash to be attested (base64url SHA-256) */
+    receipt_hash: z.ZodString;
+    /** Must be literal 'hlos.ai' */
+    settlement_authority: z.ZodLiteral<"hlos.ai">;
+    /** Crossing this receipt belongs to */
+    crossing_id: z.ZodString;
+    /** Type of the receipt being attested */
+    receipt_type: z.ZodString;
+    /** Version of the receipt being attested */
+    receipt_version: z.ZodNumber;
+    /** ISO 8601 timestamp of the request */
+    timestamp: z.ZodString;
+    /** Optional: requested validity window in seconds */
+    validity_window_seconds: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    settlement_authority: "hlos.ai";
+    receipt_hash: string;
+    receipt_type: string;
+    receipt_version: number;
+    crossing_id: string;
+    timestamp: string;
+    validity_window_seconds?: number | undefined;
+}, {
+    settlement_authority: "hlos.ai";
+    receipt_hash: string;
+    receipt_type: string;
+    receipt_version: number;
+    crossing_id: string;
+    timestamp: string;
+    validity_window_seconds?: number | undefined;
+}>;
+type NotaryRequest = z.infer<typeof NotaryRequestSchema>;
+/**
+ * Status values for the notarize endpoint response.
+ */
+declare const NotarizeStatusSchema: z.ZodEnum<["HARD", "PENDING", "FAILED", "ALREADY_HARD"]>;
+type NotarizeStatus = z.infer<typeof NotarizeStatusSchema>;
+/**
+ * Response from POST /api/finality/notarize.
+ */
+declare const NotarizeResponseSchema: z.ZodObject<{
+    /** Finality status after this operation */
+    status: z.ZodEnum<["HARD", "PENDING", "FAILED", "ALREADY_HARD"]>;
+    /** The receipt_hash that was notarized */
+    receipt_hash: z.ZodString;
+    /** Hash of the NA itself (optional, present when status is HARD) */
+    na_hash: z.ZodOptional<z.ZodString>;
+    /** The full NA object (optional embed) */
+    na: z.ZodOptional<z.ZodObject<{
+        /** Unique NA identifier */
+        na_id: z.ZodString;
+        /** The receipt_hash this NA attests to */
+        receipt_hash: z.ZodString;
+        /** Notary service identifier (e.g. "staampid") */
+        notary_id: z.ZodString;
+        /** ISO 8601 timestamp when NA was issued */
+        issued_at: z.ZodString;
+        /** Notary's countersignature (base64url encoded) */
+        signature: z.ZodString;
+        /** Signature algorithm (e.g. "EdDSA") */
+        signature_alg: z.ZodString;
+        /** Receipt type being attested */
+        receipt_type: z.ZodOptional<z.ZodString>;
+        /** Receipt version being attested */
+        receipt_version: z.ZodOptional<z.ZodNumber>;
+        /** Settlement authority that issued the receipt (cross-check) */
+        settlement_authority: z.ZodOptional<z.ZodString>;
+        /** TTL in seconds for this attestation */
+        validity_window_seconds: z.ZodOptional<z.ZodNumber>;
+        /** ISO 8601 expiry (derived from issued_at + validity_window_seconds) */
+        expires_at: z.ZodOptional<z.ZodString>;
+        /** Merkle proof for append-only log inclusion */
+        log_inclusion: z.ZodOptional<z.ZodObject<{
+            /** Merkle root hash (base64url SHA-256) */
+            root: z.ZodString;
+            /** Sibling hashes along the path (base64url SHA-256 each) */
+            proof: z.ZodArray<z.ZodString, "many">;
+            /** Leaf index in the log */
+            index: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            root: string;
+            proof: string[];
+            index: number;
+        }, {
+            root: string;
+            proof: string[];
+            index: number;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        signature: string;
+        issued_at: string;
+        na_id: string;
+        receipt_hash: string;
+        notary_id: string;
+        signature_alg: string;
+        settlement_authority?: string | undefined;
+        receipt_type?: string | undefined;
+        receipt_version?: number | undefined;
+        validity_window_seconds?: number | undefined;
+        expires_at?: string | undefined;
+        log_inclusion?: {
+            root: string;
+            proof: string[];
+            index: number;
+        } | undefined;
+    }, {
+        signature: string;
+        issued_at: string;
+        na_id: string;
+        receipt_hash: string;
+        notary_id: string;
+        signature_alg: string;
+        settlement_authority?: string | undefined;
+        receipt_type?: string | undefined;
+        receipt_version?: number | undefined;
+        validity_window_seconds?: number | undefined;
+        expires_at?: string | undefined;
+        log_inclusion?: {
+            root: string;
+            proof: string[];
+            index: number;
+        } | undefined;
+    }>>;
+    /** Notary service identifier */
+    notary: z.ZodOptional<z.ZodString>;
+    /** NA ID for retrieval */
+    notary_receipt_id: z.ZodOptional<z.ZodString>;
+    /** ISO 8601 timestamp */
+    timestamp: z.ZodString;
+    /** Error details (present when status is FAILED) */
+    error: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    status: "PENDING" | "HARD" | "FAILED" | "ALREADY_HARD";
+    receipt_hash: string;
+    timestamp: string;
+    error?: string | undefined;
+    na_hash?: string | undefined;
+    na?: {
+        signature: string;
+        issued_at: string;
+        na_id: string;
+        receipt_hash: string;
+        notary_id: string;
+        signature_alg: string;
+        settlement_authority?: string | undefined;
+        receipt_type?: string | undefined;
+        receipt_version?: number | undefined;
+        validity_window_seconds?: number | undefined;
+        expires_at?: string | undefined;
+        log_inclusion?: {
+            root: string;
+            proof: string[];
+            index: number;
+        } | undefined;
+    } | undefined;
+    notary?: string | undefined;
+    notary_receipt_id?: string | undefined;
+}, {
+    status: "PENDING" | "HARD" | "FAILED" | "ALREADY_HARD";
+    receipt_hash: string;
+    timestamp: string;
+    error?: string | undefined;
+    na_hash?: string | undefined;
+    na?: {
+        signature: string;
+        issued_at: string;
+        na_id: string;
+        receipt_hash: string;
+        notary_id: string;
+        signature_alg: string;
+        settlement_authority?: string | undefined;
+        receipt_type?: string | undefined;
+        receipt_version?: number | undefined;
+        validity_window_seconds?: number | undefined;
+        expires_at?: string | undefined;
+        log_inclusion?: {
+            root: string;
+            proof: string[];
+            index: number;
+        } | undefined;
+    } | undefined;
+    notary?: string | undefined;
+    notary_receipt_id?: string | undefined;
+}>;
+type NotarizeResponse = z.infer<typeof NotarizeResponseSchema>;
+/**
+ * Check if a value is a valid NotaryAttestation.
+ */
+declare function isNotaryAttestation(value: unknown): value is NotaryAttestation;
+/**
+ * Check if a value is a valid NotaryRequest.
+ */
+declare function isNotaryRequest(value: unknown): value is NotaryRequest;
+/**
+ * ArtifactRef: A typed reference to a kernel artifact (for BRE assembly).
+ * Per BRIDGE_SPEC.md §2.3.
+ */
+declare const ArtifactRefSchema: z.ZodObject<{
+    /** Artifact type */
+    type: z.ZodEnum<["CR", "LAT", "EGP", "SA", "SignedReceiptV0", "NA"]>;
+    /** base64url SHA-256 hash of the artifact */
+    hash: z.ZodString;
+    /** Issuer of the artifact */
+    issuer: z.ZodString;
+    /** Schema version */
+    version: z.ZodString;
+    /** Optional retrieval URI */
+    uri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "CR" | "LAT" | "EGP" | "SA" | "SignedReceiptV0" | "NA";
+    version: string;
+    hash: string;
+    issuer: string;
+    uri?: string | undefined;
+}, {
+    type: "CR" | "LAT" | "EGP" | "SA" | "SignedReceiptV0" | "NA";
+    version: string;
+    hash: string;
+    issuer: string;
+    uri?: string | undefined;
+}>;
+type ArtifactRef = z.infer<typeof ArtifactRefSchema>;
+/**
+ * Golden fixtures for finality schema conformance testing.
+ *
+ * These are deterministic test values. DO NOT CHANGE unless the
+ * schema definition changes.
+ */
+declare const FINALITY_GOLDEN_FIXTURES: {
+    /** Sample NotaryAttestation */
+    readonly notaryAttestation: {
+        na_id: string;
+        receipt_hash: string;
+        notary_id: string;
+        issued_at: string;
+        signature: string;
+        signature_alg: string;
+        receipt_type: string;
+        receipt_version: number;
+        settlement_authority: string;
+    };
+    /** Sample NotaryRequest */
+    readonly notaryRequest: {
+        receipt_hash: string;
+        settlement_authority: "hlos.ai";
+        crossing_id: string;
+        receipt_type: string;
+        receipt_version: number;
+        timestamp: string;
+    };
+    /** Sample successful notarize response */
+    readonly notarizeResponseHard: {
+        status: "HARD";
+        receipt_hash: string;
+        na_hash: string;
+        notary: string;
+        notary_receipt_id: string;
+        timestamp: string;
+    };
+};
+export { type AgentListItem, AgentListItemSchema, type AgentPassportStubResponse, AgentPassportStubResponseSchema, type AgentStatus, AgentStatusSchema, type AgentType, AgentTypeSchema, type AgentsListResponse, AgentsListResponseSchema, type ApiResponse, type ArtifactRef, ArtifactRefSchema, type AvailabilityType, AvailabilityTypeSchema, BASE64URL_SHA256_REGEX, Base64urlEd25519SigSchema, Base64urlSha256Schema, CONTENT_HASH_LENGTH, type CredentialSource, CredentialSourceSchema, type CrossingHashInputV0, CrossingHashInputV0Schema, CrossingIdFormatSchema, type CrossingSettledReceipt, CrossingSettledReceiptSchema, type CrossingSnapshotV0, CrossingSnapshotV0Schema, ERROR_CODE_STATUS, type ErrorResponse, ErrorResponseSchema, FINALITY_GOLDEN_FIXTURES, FinalityLevel, type FundingSource, FundingSourceSchema, GOLDEN_FIXTURES, type KernelError, type KernelErrorCode, KernelErrorCodeSchema, KernelErrorSchema, type KernelOk, KernelOkSchema, type LogInclusionProof, LogInclusionProofSchema, NA_ID_PREFIX, type NotarizeResponse, NotarizeResponseSchema, type NotarizeStatus, NotarizeStatusSchema, type NotaryAttestation, NotaryAttestationIdFormatSchema, NotaryAttestationSchema, type NotaryRequest, NotaryRequestSchema, PassportIdFormatSchema, type ProviderRole, ProviderRoleSchema, RECEIPT_HASH_GOLDEN_FIXTURE, RECEIPT_TYPE_URI, RECEIPT_VERSION, type RPID, RPIDSchema, ReceiptHashSchema, ReceiptId, ReceiptIdFormatSchema, type RelyingPartyId, RelyingPartyIdSchema, type RotationEpoch, RotationEpochSchema, SETTLEMENT_AUTHORITY, SIGNATURE_LENGTH, SURFACES, type SignedReceiptV0, SignedReceiptV0LooseSchema, SignedReceiptV0Schema, type Stack, type StackConnection, StackConnectionSchema, type StackProvider, StackProviderSchema, StackSchema, type SuccessResponse, SuccessResponseSchema, type Surface, SurfaceSchema, type TransactionContext, type TransactionContextHash, TransactionContextHashSchema, TransactionContextSchema, W_GOLDEN_FIXTURES, W_RPID_DOMAIN, W_TXCTX_DOMAIN, WalletIdFormatSchema, base64urlToBytes, bytesToBase64url, computeContentHash, computeReceiptHash, deriveFundingSource, encodeEpoch, error, isCrossingHashInputV0, isCrossingSettledReceipt, isNotaryAttestation, isNotaryRequest, isSignedReceiptV0, jcsCanonicalize, kernelError, kernelOk, success, validateTimeWindow };