@kya-os/contracts 1.5.4-canary.2 → 1.6.0

package/dist/agentshield-api/admin-schemas.d.ts

@@ -28,28 +28,22 @@ export declare const clearCacheResponseSchema: z.ZodObject<{
     had_value: z.ZodBoolean;
     had_old_value: z.ZodBoolean;
     cleared: z.ZodBoolean;
-    refreshed_immediately: z.ZodOptional<z.ZodBoolean>;
-    refresh_error: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    agent_did: string;
     message: string;
+    agent_did: string;
     project_id: string | null;
     cache_key: string;
     old_cache_key: string | null;
     had_value: boolean;
     had_old_value: boolean;
     cleared: boolean;
-    refreshed_immediately?: boolean | undefined;
-    refresh_error?: string | undefined;
 }, {
-    agent_did: string;
     message: string;
+    agent_did: string;
     project_id: string | null;
     cache_key: string;
     old_cache_key: string | null;
     had_value: boolean;
     had_old_value: boolean;
     cleared: boolean;
-    refreshed_immediately?: boolean | undefined;
-    refresh_error?: string | undefined;
 }>;

package/dist/agentshield-api/admin-schemas.js

@@ -27,6 +27,4 @@ exports.clearCacheResponseSchema = zod_1.z.object({
     had_value: zod_1.z.boolean().describe('Whether the cache entry existed before clearing'),
     had_old_value: zod_1.z.boolean().describe('Whether the old cache entry existed before clearing'),
     cleared: zod_1.z.boolean().describe('Whether the cache was successfully cleared'),
-    refreshed_immediately: zod_1.z.boolean().optional().describe('Whether cache was immediately refreshed from API after clearing'),
-    refresh_error: zod_1.z.string().optional().describe('Error message if immediate refresh failed (non-fatal)'),
 });

package/dist/agentshield-api/admin-types.d.ts

@@ -34,8 +34,4 @@ export interface ClearCacheResponse {
     had_old_value: boolean;
     /** Whether the cache was successfully cleared */
     cleared: boolean;
-    /** Whether cache was immediately refreshed from API after clearing */
-    refreshed_immediately?: boolean;
-    /** Error message if immediate refresh failed (non-fatal) */
-    refresh_error?: string;
 }

package/dist/agentshield-api/index.d.ts

@@ -6,7 +6,7 @@
  *
  * @package @kya-os/contracts/agentshield-api
  */
-export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
+export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, ConsentEventContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
 export { AgentShieldAPIError } from "./types.js";
 export type { AgentShieldAPIHeaders } from "./endpoints.js";
 export type { ClearCacheRequest, ClearCacheResponse } from "./admin-types.js";

package/dist/agentshield-api/schemas.d.ts

@@ -52,7 +52,7 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
         timestamp: string;
         requestId: string;
     }>>;
-}>, any> extends infer T_1 ? { [k in keyof T_1]: z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
+}>, any> extends infer T_1 ? { [k in keyof T_1]: T_1[k]; } : never, z.baseObjectInputType<{
     success: z.ZodBoolean;
     data: T;
     metadata: z.ZodOptional<z.ZodObject<{
@@ -65,33 +65,7 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
         timestamp: string;
         requestId: string;
     }>>;
-}>, any>[k]; } : never, z.baseObjectInputType<{
-    success: z.ZodBoolean;
-    data: T;
-    metadata: z.ZodOptional<z.ZodObject<{
-        requestId: z.ZodString;
-        timestamp: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        timestamp: string;
-        requestId: string;
-    }, {
-        timestamp: string;
-        requestId: string;
-    }>>;
-}> extends infer T_2 ? { [k_1 in keyof T_2]: z.baseObjectInputType<{
-    success: z.ZodBoolean;
-    data: T;
-    metadata: z.ZodOptional<z.ZodObject<{
-        requestId: z.ZodString;
-        timestamp: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        timestamp: string;
-        requestId: string;
-    }, {
-        timestamp: string;
-        requestId: string;
-    }>>;
-}>[k_1]; } : never>;
+}> extends infer T_2 ? { [k_1 in keyof T_2]: T_2[k_1]; } : never>;
 /**
  * Proof submission request schema
  */
@@ -188,6 +162,61 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
             result?: unknown;
             userIdentifier?: string | undefined;
         }>, "many">>;
+        consentEvents: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            eventType: z.ZodEnum<["consent:page_viewed", "consent:approved", "consent:delegation_created", "consent:credential_required"]>;
+            timestamp: z.ZodNumber;
+            sessionId: z.ZodString;
+            userDid: z.ZodOptional<z.ZodString>;
+            agentDid: z.ZodString;
+            targetTools: z.ZodArray<z.ZodString, "many">;
+            scopes: z.ZodArray<z.ZodString, "many">;
+            delegationId: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodString;
+            termsAccepted: z.ZodOptional<z.ZodBoolean>;
+            credentialStatus: z.ZodOptional<z.ZodEnum<["present", "required", "obtained"]>>;
+            oauthIdentity: z.ZodOptional<z.ZodObject<{
+                provider: z.ZodString;
+                identifier: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                provider: string;
+                identifier: string;
+            }, {
+                provider: string;
+                identifier: string;
+            }>>;
+        }, "strip", z.ZodTypeAny, {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }, {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }>, "many">>;
         mcpServerUrl: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         toolCalls?: {
@@ -198,6 +227,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
             userIdentifier?: string | undefined;
         }[] | undefined;
         mcpServerUrl?: string | undefined;
+        consentEvents?: {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }[] | undefined;
     }, {
         toolCalls?: {
             scopeId: string;
@@ -207,6 +253,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
             userIdentifier?: string | undefined;
         }[] | undefined;
         mcpServerUrl?: string | undefined;
+        consentEvents?: {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }[] | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     session_id: string;
@@ -236,6 +299,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
             userIdentifier?: string | undefined;
         }[] | undefined;
         mcpServerUrl?: string | undefined;
+        consentEvents?: {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }[] | undefined;
     } | undefined;
 }, {
     session_id: string;
@@ -265,6 +345,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
             userIdentifier?: string | undefined;
         }[] | undefined;
         mcpServerUrl?: string | undefined;
+        consentEvents?: {
+            timestamp: number;
+            agentDid: string;
+            sessionId: string;
+            scopes: string[];
+            eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+            targetTools: string[];
+            projectId: string;
+            userDid?: string | undefined;
+            credentialStatus?: "required" | "present" | "obtained" | undefined;
+            delegationId?: string | undefined;
+            termsAccepted?: boolean | undefined;
+            oauthIdentity?: {
+                provider: string;
+                identifier: string;
+            } | undefined;
+        }[] | undefined;
     } | undefined;
 }>;
 /**
@@ -274,7 +371,7 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
     success: z.ZodBoolean;
     accepted: z.ZodNumber;
     rejected: z.ZodNumber;
-    outcomes: z.ZodRecord<z.ZodString, z.ZodNumber>;
+    outcomes: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
     errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
         proof_index: z.ZodNumber;
         error: z.ZodObject<{
@@ -309,7 +406,6 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
     success: boolean;
     accepted: number;
     rejected: number;
-    outcomes: Record<string, number>;
     errors?: {
         error: {
             code: string;
@@ -318,11 +414,11 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
         };
         proof_index: number;
     }[] | undefined;
+    outcomes?: Record<string, number> | undefined;
 }, {
     success: boolean;
     accepted: number;
     rejected: number;
-    outcomes: Record<string, number>;
     errors?: {
         error: {
             code: string;
@@ -331,6 +427,7 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
         };
         proof_index: number;
     }[] | undefined;
+    outcomes?: Record<string, number> | undefined;
 }>;
 /**
  * Delegation credential schema
@@ -5787,7 +5884,7 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
  * Create delegation request schema
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -5798,6 +5895,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
+    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
     agent_did: z.ZodString;
@@ -5806,6 +5904,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
+    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
     agent_did: z.ZodString;
@@ -5814,6 +5913,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
+    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">>, z.objectOutputType<{
     agent_did: z.ZodString;
@@ -5822,6 +5922,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
+    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
     agent_did: z.ZodString;
@@ -5830,6 +5931,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
+    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">>;
 /**
@@ -5847,12 +5949,12 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     user_id: z.ZodOptional<z.ZodString>;
     user_identifier: z.ZodOptional<z.ZodString>;
     scopes: z.ZodArray<z.ZodString, "many">;
-    status: z.ZodLiteral<"active">;
+    status: z.ZodEnum<["active", "expired", "revoked"]>;
     issued_at: z.ZodString;
-    expires_at: z.ZodOptional<z.ZodString>;
+    expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
     created_at: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    status: "active";
+    status: "active" | "revoked" | "expired";
     delegation_id: string;
     scopes: string[];
     agent_did: string;
@@ -5860,9 +5962,9 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     created_at: string;
     user_id?: string | undefined;
     user_identifier?: string | undefined;
-    expires_at?: string | undefined;
+    expires_at?: string | null | undefined;
 }, {
-    status: "active";
+    status: "active" | "revoked" | "expired";
     delegation_id: string;
     scopes: string[];
     agent_did: string;
@@ -5870,7 +5972,7 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     created_at: string;
     user_id?: string | undefined;
     user_identifier?: string | undefined;
-    expires_at?: string | undefined;
+    expires_at?: string | null | undefined;
 }>;
 /**
  * Wrapped creation response schema
@@ -5883,12 +5985,12 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         user_id: z.ZodOptional<z.ZodString>;
         user_identifier: z.ZodOptional<z.ZodString>;
         scopes: z.ZodArray<z.ZodString, "many">;
-        status: z.ZodLiteral<"active">;
+        status: z.ZodEnum<["active", "expired", "revoked"]>;
         issued_at: z.ZodString;
-        expires_at: z.ZodOptional<z.ZodString>;
+        expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
         created_at: z.ZodString;
     }, "strip", z.ZodTypeAny, {
-        status: "active";
+        status: "active" | "revoked" | "expired";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -5896,9 +5998,9 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | undefined;
+        expires_at?: string | null | undefined;
     }, {
-        status: "active";
+        status: "active" | "revoked" | "expired";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -5906,7 +6008,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | undefined;
+        expires_at?: string | null | undefined;
     }>;
     metadata: z.ZodOptional<z.ZodObject<{
         requestId: z.ZodString;
@@ -5921,7 +6023,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     success: boolean;
     data: {
-        status: "active";
+        status: "active" | "revoked" | "expired";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -5929,7 +6031,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | undefined;
+        expires_at?: string | null | undefined;
     };
     metadata?: {
         timestamp: string;
@@ -5938,7 +6040,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
 }, {
     success: boolean;
     data: {
-        status: "active";
+        status: "active" | "revoked" | "expired";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -5946,7 +6048,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | undefined;
+        expires_at?: string | null | undefined;
     };
     metadata?: {
         timestamp: string;

package/dist/agentshield-api/schemas.js

@@ -48,6 +48,32 @@ const toolCallContextSchema = zod_1.z.object({
     scopeId: zod_1.z.string().min(1, "scopeId is required to link context to proof"),
     userIdentifier: zod_1.z.string().optional(),
 });
+/**
+ * Consent Event Context Schema
+ * Represents consent-related events for audit tracking
+ */
+const consentEventContextSchema = zod_1.z.object({
+    eventType: zod_1.z.enum([
+        "consent:page_viewed",
+        "consent:approved",
+        "consent:delegation_created",
+        "consent:credential_required"
+    ]),
+    timestamp: zod_1.z.number().int().positive(),
+    sessionId: zod_1.z.string().min(1),
+    userDid: zod_1.z.string().optional(),
+    agentDid: zod_1.z.string().min(1),
+    targetTools: zod_1.z.array(zod_1.z.string()).min(1), // ALWAYS array
+    scopes: zod_1.z.array(zod_1.z.string()).min(0),
+    delegationId: zod_1.z.string().uuid().optional(),
+    projectId: zod_1.z.string().uuid(),
+    termsAccepted: zod_1.z.boolean().optional(),
+    credentialStatus: zod_1.z.enum(["present", "required", "obtained"]).optional(),
+    oauthIdentity: zod_1.z.object({
+        provider: zod_1.z.string(),
+        identifier: zod_1.z.string(),
+    }).optional(),
+});
 /**
  * Proof submission request schema
  */
@@ -59,6 +85,7 @@ exports.proofSubmissionRequestSchema = zod_1.z.object({
     context: zod_1.z
         .object({
         toolCalls: zod_1.z.array(toolCallContextSchema).optional(),
+        consentEvents: zod_1.z.array(consentEventContextSchema).optional(), // NEW: Consent events for audit tracking
         mcpServerUrl: zod_1.z.string().url().optional(), // MCP server URL for tool discovery
     })
         .optional(),
@@ -70,7 +97,7 @@ exports.proofSubmissionResponseSchema = zod_1.z.object({
     success: zod_1.z.boolean(),
     accepted: zod_1.z.number().int().min(0),
     rejected: zod_1.z.number().int().min(0),
-    outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)), // Record<BouncerOutcome, number>
+    outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)).optional(), // Record<BouncerOutcome, number> - Optional because API may return empty object or omit it
     errors: zod_1.z
         .array(zod_1.z.object({
         proof_index: zod_1.z.number().int().min(0),
@@ -172,7 +199,7 @@ exports.toolProtectionConfigAPIResponseSchema = (0, exports.agentShieldAPIRespon
  * Create delegation request schema
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -184,6 +211,7 @@ exports.createDelegationRequestSchema = zod_1.z
     expires_at: zod_1.z.string().datetime().optional(),
     session_id: zod_1.z.string().optional(),
     project_id: zod_1.z.string().uuid().optional(),
+    user_identifier: zod_1.z.string().max(200).optional(), // Matches AgentShield's max(200)
     custom_fields: zod_1.z.record(zod_1.z.unknown()).optional(),
 })
     .passthrough()
@@ -211,9 +239,9 @@ exports.createDelegationResponseSchema = zod_1.z.object({
     user_id: zod_1.z.string().optional(),
     user_identifier: zod_1.z.string().optional(),
     scopes: zod_1.z.array(zod_1.z.string()),
-    status: zod_1.z.literal("active"),
+    status: zod_1.z.enum(['active', 'expired', 'revoked']), // Matches AgentShield's actual API behavior
     issued_at: zod_1.z.string().datetime(),
-    expires_at: zod_1.z.string().datetime().optional(),
+    expires_at: zod_1.z.string().datetime().nullable().optional(), // AgentShield allows null values
     created_at: zod_1.z.string().datetime(),
 });
 /**

package/dist/agentshield-api/types.d.ts

@@ -41,6 +41,30 @@ export interface ToolCallContext {
     scopeId: string;
     userIdentifier?: string;
 }
+/**
+ * Consent Event Context
+ *
+ * Represents consent-related events that occur during the consent flow.
+ * These events are logged separately from tool executions and allow
+ * multiple events per session (unlike regular audit logs).
+ */
+export interface ConsentEventContext {
+    eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
+    timestamp: number;
+    sessionId: string;
+    userDid?: string;
+    agentDid: string;
+    targetTools: string[];
+    scopes: string[];
+    delegationId?: string;
+    projectId: string;
+    termsAccepted?: boolean;
+    credentialStatus?: "present" | "required" | "obtained";
+    oauthIdentity?: {
+        provider: string;
+        identifier: string;
+    };
+}
 /**
  * Request body for proof submission endpoint
  * POST /api/v1/bouncer/proofs
@@ -55,6 +79,7 @@ export interface ProofSubmissionRequest {
     /** AgentShield extension: Optional context for dashboard enrichment */
     context?: {
         toolCalls?: ToolCallContext[];
+        consentEvents?: ConsentEventContext[];
         mcpServerUrl?: string;
     };
 }
@@ -69,7 +94,7 @@ export interface ProofSubmissionResponse {
     success: boolean;
     accepted: number;
     rejected: number;
-    outcomes: Record<BouncerOutcome, number>;
+    outcomes?: Record<BouncerOutcome, number>;
     errors?: Array<{
         proof_index: number;
         error: {
@@ -163,7 +188,7 @@ export type ToolProtectionConfigAPIResponse = AgentShieldAPIResponse<ToolProtect
  * POST /api/v1/bouncer/delegations
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -176,6 +201,8 @@ export interface CreateDelegationRequest {
     expires_at?: string;
     session_id?: string;
     project_id?: string;
+    /** User identifier string, max 200 chars, optional */
+    user_identifier?: string;
     custom_fields?: Record<string, unknown>;
 }
 /**
@@ -193,9 +220,9 @@ export interface CreateDelegationResponse {
     user_id?: string;
     user_identifier?: string;
     scopes: string[];
-    status: "active";
+    status: "active" | "expired" | "revoked";
     issued_at: string;
-    expires_at?: string;
+    expires_at?: string | null;
     created_at: string;
 }
 /**