@kya-os/checkpoint-wasm-runtime 1.0.0

package/CHANGELOG.md

@@ -0,0 +1,58 @@
+# @kya-os/checkpoint-wasm-runtime
+
+## 1.0.0 — 2026-05-15
+
+E-tracks Phase D — package rename + orchestrator edge variant. **BREAKING.**
+
+### BREAKING CHANGES
+
+- **Package renamed** from `@kya-os/agentshield-wasm-runtime` to
+  `@kya-os/checkpoint-wasm-runtime` per architect Q1 + Rename-2 (#2483).
+  0-day hard cutover; the legacy `@kya-os/agentshield-wasm-runtime@0.1.6`
+  is published with npm's `deprecated` field pointing here. Migrate by
+  swapping the import path:
+  `from '@kya-os/agentshield-wasm-runtime'` → `from '@kya-os/checkpoint-wasm-runtime'`.
+
+### Added (Edge-WASM-2 folded into Phase D)
+
+- `./orchestrator/edge` subpath — async-init equivalent of `./orchestrator`
+  for Vercel Edge / Cloudflare Workers / browser embedding. Mirrors the
+  Node orchestrator surface (`verifyRequestEdge`, `initEngineEdge`) and
+  consumes the Edge-WASM-1 `engineVerifyEdge` engine bridge.
+- `edge-runtime` + `browser` conditions on the `./orchestrator` subpath —
+  bundlers targeting edge runtimes automatically route to the async-init
+  variant without an explicit subpath.
+- `./adapters` subpath barrel — re-exports the 5 DI adapters
+  (DidResolver, StatusListCache, ReputationOracle, PolicyEvaluator, Clock)
+  for Phase D / E host wrappers.
+
+### Migration
+
+```diff
+- "@kya-os/agentshield-wasm-runtime": "^0.1.6"
++ "@kya-os/checkpoint-wasm-runtime": "^1.0.0"
+```
+
+```diff
+- import { verifyRequest } from '@kya-os/agentshield-wasm-runtime/orchestrator';
++ import { verifyRequest } from '@kya-os/checkpoint-wasm-runtime/orchestrator';
+```
+
+For edge runtimes:
+
+```ts
+import {
+  verifyRequestEdge,
+  initEngineEdge,
+} from '@kya-os/checkpoint-wasm-runtime/orchestrator/edge';
+```
+
+No other API changes. All Phase A/B/C exports — `engineVerify`,
+`engineVerifyEdge`, 5 DI adapters, `verifyRequest`,
+`renderDecisionAsResponse`, types — preserved under the new package name.
+
+## 0.1.6 — 2026-05-15
+
+Edge-WASM-1 — `--target web` build of `kya-os-engine` shipped alongside
+the Node target. See `@kya-os/agentshield-wasm-runtime` (legacy name)
+git history for prior phases.

package/dist/adapters.d.mts

@@ -0,0 +1,257 @@
+import { d as DidDocument, D as Decision } from './types-D0j85fF0.mjs';
+import '@kya-os/checkpoint-shared';
+
+/**
+ * DidResolver adapter — sub-phase B.1.
+ *
+ * Resolves `did:key:*` (in-memory multibase decode) and `did:web:*`
+ * (HTTPS fetch of `.well-known/did.json`) into the engine's
+ * `DidDocument` shape. The async half does any required I/O; the
+ * adapter's output is plain data that the host wrapper bundles into
+ * `ContextSpec.didDocs` before calling `engineVerify`.
+ *
+ * Phase 1 supports only Ed25519 verification methods (the engine's
+ * `KeyType` is `#[non_exhaustive]` with `Ed25519` as its single
+ * variant). Non-Ed25519 methods on a resolved doc are silently
+ * filtered out — the engine wouldn't accept them as a valid Stage 2
+ * key match anyway.
+ *
+ * **`kid` for `did:key`**: the verification-method id is
+ * `<did>#<multibase>` per mcp-i-core PR #16. **NOT** `<did>#keys-1`.
+ * H-1's `stage2_did_key_fragment_resolution` test pins this.
+ */
+
+declare class MalformedDid extends Error {
+    readonly kind = "MalformedDid";
+}
+declare class UnsupportedKeyType extends Error {
+    readonly kind = "UnsupportedKeyType";
+}
+declare class DidNotFound extends Error {
+    readonly kind = "DidNotFound";
+}
+declare class DidResolverTimeout extends Error {
+    readonly kind = "DidResolverTimeout";
+}
+declare class DidResolverError extends Error {
+    readonly kind = "DidResolverError";
+}
+declare class UnsupportedDidMethod extends Error {
+    readonly kind = "UnsupportedDidMethod";
+}
+interface DidResolverAdapter {
+    resolve(did: string): Promise<DidDocument>;
+}
+interface CacheEntry$3<T> {
+    value: T;
+    fetchedAt: number;
+}
+interface DidResolverOpts {
+    /** AbortController timeout for did:web fetches. Default 3000ms. */
+    fetchTimeoutMs?: number;
+    /** TTL for the in-memory cache. Default 5 minutes. */
+    ttlMs?: number;
+    /** Injectable fetch — defaults to global `fetch` (Node 18+). */
+    fetch?: typeof fetch;
+    /**
+     * Injectable cache — defaults to a fresh `Map` per adapter instance.
+     * Tests pass a shared cache to assert miss/hit behaviour.
+     */
+    cache?: Map<string, CacheEntry$3<DidDocument>>;
+    /** Injectable wall-clock — defaults to `Date.now()`. Tests use a stub. */
+    now?: () => number;
+}
+declare function makeDidResolver(opts?: DidResolverOpts): DidResolverAdapter;
+declare function decodeDidKey(did: string): DidDocument;
+
+/**
+ * StatusListCache adapter — sub-phase B.2.
+ *
+ * Fetches a W3C StatusList2021 Verifiable Credential, base64url-decodes
+ * + gunzips the encoded bitstring, and enumerates set bits as a sorted
+ * list of revoked indices. Phase C bundles the output as
+ * `ContextSpec.revoked: Record<url, number[]>`; the engine's
+ * `MapStatusListCache::is_revoked(url, index)` (in `wasm.rs`) checks
+ * `indices.contains(&index)` to make a Stage 3 contribution.
+ *
+ * Architectural choice (deviation from kickoff § 5 B.2): the kickoff
+ * sketched a contract where the WASM side does the bit-level lookup
+ * on raw bytes. Phase A's `wasm.rs` already shipped with the simpler
+ * `Vec<u64>`-of-indices shape, and § 4.1 of Phase B's mandate is
+ * "TS-only." The adapter does the bitstring decode + bit enumeration
+ * on the TS side; the engine stays unchanged.
+ *
+ * Bit convention: W3C VC Status List § "Bitstring expansion algorithm"
+ * — index N is bit `7 - (N % 8)` of byte `floor(N / 8)`, MSB-first.
+ */
+declare class StatusListUnavailable extends Error {
+    readonly kind = "StatusListUnavailable";
+}
+declare class MalformedStatusList extends Error {
+    readonly kind = "MalformedStatusList";
+}
+declare class StatusListTimeout extends Error {
+    readonly kind = "StatusListTimeout";
+}
+interface StatusListCacheAdapter {
+    /**
+     * Fetch the status list at `url`, decode it, and return the sorted
+     * set of revoked credential indices.
+     *
+     * @throws {StatusListUnavailable} on transport / non-2xx response.
+     * @throws {StatusListTimeout} when the fetch budget is exceeded.
+     * @throws {MalformedStatusList} when the VC is unparseable.
+     */
+    fetch(url: string): Promise<number[]>;
+}
+interface CacheEntry$2 {
+    indices: number[];
+    fetchedAt: number;
+}
+interface StatusListCacheOpts {
+    fetchTimeoutMs?: number;
+    ttlMs?: number;
+    fetch?: typeof fetch;
+    cache?: Map<string, CacheEntry$2>;
+    now?: () => number;
+}
+declare function makeStatusListCache(opts?: StatusListCacheOpts): StatusListCacheAdapter;
+
+/**
+ * ReputationOracle adapter — sub-phase B.3.
+ *
+ * Resolves a per-DID reputation score in `[0.0, 1.0]`. Phase 1 wires
+ * an optional HTTP endpoint (Argus). Unavailable / misconfigured /
+ * out-of-range responses degrade to a baseline score so infrastructure
+ * blips can't silently DOS Adobe-class traffic. The engine's Stage 6
+ * compares the returned score against the tenant-configured threshold
+ * (Phase B.4 builds the threshold via `PolicyEvaluator`).
+ *
+ * **Degrade-to-trust** (Phase B § 4.5). Reputation is best-effort;
+ * Argus outages do not block traffic. The adapter returns the
+ * configured baseline (default 1.0 = "no signal, treat as trusted")
+ * and logs loudly. The engine's `LowReputation` block fires only
+ * when score < threshold from tenant policy; baseline-1.0 ensures
+ * no traffic is silently rejected just because Argus went down.
+ */
+interface ReputationOracleAdapter {
+    /**
+     * Return the agent's reputation in `[0.0, 1.0]`. Higher is better.
+     *
+     * **Does not throw.** Network / parse / range failures degrade to
+     * the baseline + log; the engine should never see a thrown error
+     * from this adapter.
+     */
+    score(agentDid: string): Promise<number>;
+}
+interface CacheEntry$1 {
+    value: number;
+    fetchedAt: number;
+}
+interface ReputationOracleOpts {
+    /**
+     * Base URL for the reputation service (Argus). When unset, the
+     * adapter returns the baseline without fetching. Phase 1 only —
+     * Argus's HTTP surface is post-Adobe; until it lands, every host
+     * runs in degrade-to-trust mode.
+     */
+    argusUrl?: string;
+    /** Fetch budget. Default 1500ms — reputation is best-effort, tighter than DID resolution. */
+    fetchTimeoutMs?: number;
+    /** Cache TTL. Default 10s — reputation churns faster than DIDs. */
+    ttlMs?: number;
+    /** Injectable fetch. Defaults to global `fetch`. */
+    fetch?: typeof fetch;
+    /** Returned when Argus is unset / unreachable / malformed. Default 1.0. */
+    baselineWhenUnreachable?: number;
+    /** Injectable cache for tests. */
+    cache?: Map<string, CacheEntry$1>;
+    /** Injectable wall-clock. */
+    now?: () => number;
+    /** Hook for diagnostics. Phase 1 keeps log volume manageable by sampling. */
+    logger?: (msg: string) => void;
+}
+declare function makeReputationOracle(opts?: ReputationOracleOpts): ReputationOracleAdapter;
+
+/**
+ * PolicyEvaluator adapter — sub-phase B.4.
+ *
+ * Computes the **tenant verdict** on the JS side and hands the engine
+ * a constant `Decision` for the WASM `WasmConstantPolicy` to echo as
+ * Stage 7's contribution. The engine's cross-stage priority order
+ * (locked in D-design § 6 row 4) handles how Stage 7 interacts with
+ * Stages 2 / 3 / 4 / 5.
+ *
+ * **Sync-engine / async-host invariant.** The JS adapter is async (it
+ * fetches tenant policy from the Checkpoint dashboard); the engine
+ * sees only the resolved `Decision`. Cedar-1 will replace this
+ * adapter's implementation without touching the surrounding orchestrator.
+ *
+ * **Cedar-1 forward-compat.** [`PolicyEvaluatorAdapter`] is the
+ * Cedar-swappable interface: `(input) → Decision`. The Phase 1 stub
+ * is a reputation-threshold check; Cedar-1 will replace the
+ * implementation, not the surface. Don't bake Cedar internals into
+ * this seam.
+ *
+ * **Degrade-to-permit.** Per Phase B § 4.5: when the dashboard policy
+ * endpoint is unreachable, fall back to `defaultPolicy` (caller-supplied)
+ * or `permit-by-default`. Loud log; no silent block.
+ */
+
+/**
+ * Pre-fetched inputs the JS host knows before calling the engine.
+ * Phase 1's evaluator only consumes `reputation` + `tenantHost`; later
+ * implementations (Cedar-1) may extend.
+ */
+interface PolicyEvalInput {
+    tenantHost: string;
+    reputation: number;
+}
+interface PolicyEvaluatorAdapter {
+    evaluate(input: PolicyEvalInput): Promise<Decision>;
+}
+/**
+ * Phase 1 tenant-policy shape — just a reputation threshold.
+ * Cedar-1 replaces this with a full policy bundle; for now the
+ * dashboard exposes one field.
+ */
+interface TenantPolicy {
+    reputationThreshold: number;
+}
+interface PolicyEvaluatorOpts {
+    /**
+     * Dashboard policy endpoint. When unset, every tenant resolves to
+     * `defaultPolicy` (or permit-by-default if that's also unset).
+     */
+    dashboardUrl?: string;
+    fetchTimeoutMs?: number;
+    ttlMs?: number;
+    fetch?: typeof fetch;
+    /** Used when the dashboard endpoint is unreachable or unconfigured. */
+    defaultPolicy?: TenantPolicy;
+    cache?: Map<string, CacheEntry>;
+    now?: () => number;
+    logger?: (msg: string) => void;
+}
+interface CacheEntry {
+    policy: TenantPolicy;
+    fetchedAt: number;
+}
+declare function makePolicyEvaluator(opts?: PolicyEvaluatorOpts): PolicyEvaluatorAdapter;
+
+/**
+ * Clock adapter — sub-phase B.5.
+ *
+ * Provides the Unix-seconds timestamp the engine's `Clock` trait needs
+ * for Stage 4 expiration checks. Trivial; the trait shape exists so
+ * tests can inject a frozen clock (and so the engine's sync-trait
+ * surface is satisfied without a JS callback crossing the WASM
+ * boundary — `ContextSpec.nowUnix` carries the value).
+ */
+interface ClockAdapter {
+    nowUnix(): number;
+}
+declare function makeSystemClock(): ClockAdapter;
+declare function makeFixedClock(unixSeconds: number): ClockAdapter;
+
+export { type ClockAdapter, DidNotFound, type DidResolverAdapter, DidResolverError, type DidResolverOpts, DidResolverTimeout, MalformedDid, MalformedStatusList, type PolicyEvalInput, type PolicyEvaluatorAdapter, type PolicyEvaluatorOpts, type ReputationOracleAdapter, type ReputationOracleOpts, type StatusListCacheAdapter, type StatusListCacheOpts, StatusListTimeout, StatusListUnavailable, type TenantPolicy, UnsupportedDidMethod, UnsupportedKeyType, decodeDidKey, makeDidResolver, makeFixedClock, makePolicyEvaluator, makeReputationOracle, makeStatusListCache, makeSystemClock };

package/dist/adapters.d.ts

@@ -0,0 +1,257 @@
+import { d as DidDocument, D as Decision } from './types-D0j85fF0.js';
+import '@kya-os/checkpoint-shared';
+
+/**
+ * DidResolver adapter — sub-phase B.1.
+ *
+ * Resolves `did:key:*` (in-memory multibase decode) and `did:web:*`
+ * (HTTPS fetch of `.well-known/did.json`) into the engine's
+ * `DidDocument` shape. The async half does any required I/O; the
+ * adapter's output is plain data that the host wrapper bundles into
+ * `ContextSpec.didDocs` before calling `engineVerify`.
+ *
+ * Phase 1 supports only Ed25519 verification methods (the engine's
+ * `KeyType` is `#[non_exhaustive]` with `Ed25519` as its single
+ * variant). Non-Ed25519 methods on a resolved doc are silently
+ * filtered out — the engine wouldn't accept them as a valid Stage 2
+ * key match anyway.
+ *
+ * **`kid` for `did:key`**: the verification-method id is
+ * `<did>#<multibase>` per mcp-i-core PR #16. **NOT** `<did>#keys-1`.
+ * H-1's `stage2_did_key_fragment_resolution` test pins this.
+ */
+
+declare class MalformedDid extends Error {
+    readonly kind = "MalformedDid";
+}
+declare class UnsupportedKeyType extends Error {
+    readonly kind = "UnsupportedKeyType";
+}
+declare class DidNotFound extends Error {
+    readonly kind = "DidNotFound";
+}
+declare class DidResolverTimeout extends Error {
+    readonly kind = "DidResolverTimeout";
+}
+declare class DidResolverError extends Error {
+    readonly kind = "DidResolverError";
+}
+declare class UnsupportedDidMethod extends Error {
+    readonly kind = "UnsupportedDidMethod";
+}
+interface DidResolverAdapter {
+    resolve(did: string): Promise<DidDocument>;
+}
+interface CacheEntry$3<T> {
+    value: T;
+    fetchedAt: number;
+}
+interface DidResolverOpts {
+    /** AbortController timeout for did:web fetches. Default 3000ms. */
+    fetchTimeoutMs?: number;
+    /** TTL for the in-memory cache. Default 5 minutes. */
+    ttlMs?: number;
+    /** Injectable fetch — defaults to global `fetch` (Node 18+). */
+    fetch?: typeof fetch;
+    /**
+     * Injectable cache — defaults to a fresh `Map` per adapter instance.
+     * Tests pass a shared cache to assert miss/hit behaviour.
+     */
+    cache?: Map<string, CacheEntry$3<DidDocument>>;
+    /** Injectable wall-clock — defaults to `Date.now()`. Tests use a stub. */
+    now?: () => number;
+}
+declare function makeDidResolver(opts?: DidResolverOpts): DidResolverAdapter;
+declare function decodeDidKey(did: string): DidDocument;
+
+/**
+ * StatusListCache adapter — sub-phase B.2.
+ *
+ * Fetches a W3C StatusList2021 Verifiable Credential, base64url-decodes
+ * + gunzips the encoded bitstring, and enumerates set bits as a sorted
+ * list of revoked indices. Phase C bundles the output as
+ * `ContextSpec.revoked: Record<url, number[]>`; the engine's
+ * `MapStatusListCache::is_revoked(url, index)` (in `wasm.rs`) checks
+ * `indices.contains(&index)` to make a Stage 3 contribution.
+ *
+ * Architectural choice (deviation from kickoff § 5 B.2): the kickoff
+ * sketched a contract where the WASM side does the bit-level lookup
+ * on raw bytes. Phase A's `wasm.rs` already shipped with the simpler
+ * `Vec<u64>`-of-indices shape, and § 4.1 of Phase B's mandate is
+ * "TS-only." The adapter does the bitstring decode + bit enumeration
+ * on the TS side; the engine stays unchanged.
+ *
+ * Bit convention: W3C VC Status List § "Bitstring expansion algorithm"
+ * — index N is bit `7 - (N % 8)` of byte `floor(N / 8)`, MSB-first.
+ */
+declare class StatusListUnavailable extends Error {
+    readonly kind = "StatusListUnavailable";
+}
+declare class MalformedStatusList extends Error {
+    readonly kind = "MalformedStatusList";
+}
+declare class StatusListTimeout extends Error {
+    readonly kind = "StatusListTimeout";
+}
+interface StatusListCacheAdapter {
+    /**
+     * Fetch the status list at `url`, decode it, and return the sorted
+     * set of revoked credential indices.
+     *
+     * @throws {StatusListUnavailable} on transport / non-2xx response.
+     * @throws {StatusListTimeout} when the fetch budget is exceeded.
+     * @throws {MalformedStatusList} when the VC is unparseable.
+     */
+    fetch(url: string): Promise<number[]>;
+}
+interface CacheEntry$2 {
+    indices: number[];
+    fetchedAt: number;
+}
+interface StatusListCacheOpts {
+    fetchTimeoutMs?: number;
+    ttlMs?: number;
+    fetch?: typeof fetch;
+    cache?: Map<string, CacheEntry$2>;
+    now?: () => number;
+}
+declare function makeStatusListCache(opts?: StatusListCacheOpts): StatusListCacheAdapter;
+
+/**
+ * ReputationOracle adapter — sub-phase B.3.
+ *
+ * Resolves a per-DID reputation score in `[0.0, 1.0]`. Phase 1 wires
+ * an optional HTTP endpoint (Argus). Unavailable / misconfigured /
+ * out-of-range responses degrade to a baseline score so infrastructure
+ * blips can't silently DOS Adobe-class traffic. The engine's Stage 6
+ * compares the returned score against the tenant-configured threshold
+ * (Phase B.4 builds the threshold via `PolicyEvaluator`).
+ *
+ * **Degrade-to-trust** (Phase B § 4.5). Reputation is best-effort;
+ * Argus outages do not block traffic. The adapter returns the
+ * configured baseline (default 1.0 = "no signal, treat as trusted")
+ * and logs loudly. The engine's `LowReputation` block fires only
+ * when score < threshold from tenant policy; baseline-1.0 ensures
+ * no traffic is silently rejected just because Argus went down.
+ */
+interface ReputationOracleAdapter {
+    /**
+     * Return the agent's reputation in `[0.0, 1.0]`. Higher is better.
+     *
+     * **Does not throw.** Network / parse / range failures degrade to
+     * the baseline + log; the engine should never see a thrown error
+     * from this adapter.
+     */
+    score(agentDid: string): Promise<number>;
+}
+interface CacheEntry$1 {
+    value: number;
+    fetchedAt: number;
+}
+interface ReputationOracleOpts {
+    /**
+     * Base URL for the reputation service (Argus). When unset, the
+     * adapter returns the baseline without fetching. Phase 1 only —
+     * Argus's HTTP surface is post-Adobe; until it lands, every host
+     * runs in degrade-to-trust mode.
+     */
+    argusUrl?: string;
+    /** Fetch budget. Default 1500ms — reputation is best-effort, tighter than DID resolution. */
+    fetchTimeoutMs?: number;
+    /** Cache TTL. Default 10s — reputation churns faster than DIDs. */
+    ttlMs?: number;
+    /** Injectable fetch. Defaults to global `fetch`. */
+    fetch?: typeof fetch;
+    /** Returned when Argus is unset / unreachable / malformed. Default 1.0. */
+    baselineWhenUnreachable?: number;
+    /** Injectable cache for tests. */
+    cache?: Map<string, CacheEntry$1>;
+    /** Injectable wall-clock. */
+    now?: () => number;
+    /** Hook for diagnostics. Phase 1 keeps log volume manageable by sampling. */
+    logger?: (msg: string) => void;
+}
+declare function makeReputationOracle(opts?: ReputationOracleOpts): ReputationOracleAdapter;
+
+/**
+ * PolicyEvaluator adapter — sub-phase B.4.
+ *
+ * Computes the **tenant verdict** on the JS side and hands the engine
+ * a constant `Decision` for the WASM `WasmConstantPolicy` to echo as
+ * Stage 7's contribution. The engine's cross-stage priority order
+ * (locked in D-design § 6 row 4) handles how Stage 7 interacts with
+ * Stages 2 / 3 / 4 / 5.
+ *
+ * **Sync-engine / async-host invariant.** The JS adapter is async (it
+ * fetches tenant policy from the Checkpoint dashboard); the engine
+ * sees only the resolved `Decision`. Cedar-1 will replace this
+ * adapter's implementation without touching the surrounding orchestrator.
+ *
+ * **Cedar-1 forward-compat.** [`PolicyEvaluatorAdapter`] is the
+ * Cedar-swappable interface: `(input) → Decision`. The Phase 1 stub
+ * is a reputation-threshold check; Cedar-1 will replace the
+ * implementation, not the surface. Don't bake Cedar internals into
+ * this seam.
+ *
+ * **Degrade-to-permit.** Per Phase B § 4.5: when the dashboard policy
+ * endpoint is unreachable, fall back to `defaultPolicy` (caller-supplied)
+ * or `permit-by-default`. Loud log; no silent block.
+ */
+
+/**
+ * Pre-fetched inputs the JS host knows before calling the engine.
+ * Phase 1's evaluator only consumes `reputation` + `tenantHost`; later
+ * implementations (Cedar-1) may extend.
+ */
+interface PolicyEvalInput {
+    tenantHost: string;
+    reputation: number;
+}
+interface PolicyEvaluatorAdapter {
+    evaluate(input: PolicyEvalInput): Promise<Decision>;
+}
+/**
+ * Phase 1 tenant-policy shape — just a reputation threshold.
+ * Cedar-1 replaces this with a full policy bundle; for now the
+ * dashboard exposes one field.
+ */
+interface TenantPolicy {
+    reputationThreshold: number;
+}
+interface PolicyEvaluatorOpts {
+    /**
+     * Dashboard policy endpoint. When unset, every tenant resolves to
+     * `defaultPolicy` (or permit-by-default if that's also unset).
+     */
+    dashboardUrl?: string;
+    fetchTimeoutMs?: number;
+    ttlMs?: number;
+    fetch?: typeof fetch;
+    /** Used when the dashboard endpoint is unreachable or unconfigured. */
+    defaultPolicy?: TenantPolicy;
+    cache?: Map<string, CacheEntry>;
+    now?: () => number;
+    logger?: (msg: string) => void;
+}
+interface CacheEntry {
+    policy: TenantPolicy;
+    fetchedAt: number;
+}
+declare function makePolicyEvaluator(opts?: PolicyEvaluatorOpts): PolicyEvaluatorAdapter;
+
+/**
+ * Clock adapter — sub-phase B.5.
+ *
+ * Provides the Unix-seconds timestamp the engine's `Clock` trait needs
+ * for Stage 4 expiration checks. Trivial; the trait shape exists so
+ * tests can inject a frozen clock (and so the engine's sync-trait
+ * surface is satisfied without a JS callback crossing the WASM
+ * boundary — `ContextSpec.nowUnix` carries the value).
+ */
+interface ClockAdapter {
+    nowUnix(): number;
+}
+declare function makeSystemClock(): ClockAdapter;
+declare function makeFixedClock(unixSeconds: number): ClockAdapter;
+
+export { type ClockAdapter, DidNotFound, type DidResolverAdapter, DidResolverError, type DidResolverOpts, DidResolverTimeout, MalformedDid, MalformedStatusList, type PolicyEvalInput, type PolicyEvaluatorAdapter, type PolicyEvaluatorOpts, type ReputationOracleAdapter, type ReputationOracleOpts, type StatusListCacheAdapter, type StatusListCacheOpts, StatusListTimeout, StatusListUnavailable, type TenantPolicy, UnsupportedDidMethod, UnsupportedKeyType, decodeDidKey, makeDidResolver, makeFixedClock, makePolicyEvaluator, makeReputationOracle, makeStatusListCache, makeSystemClock };