@motebit/protocol 1.0.0 → 1.2.0

package/dist/dispute.d.ts

@@ -5,6 +5,7 @@
  * for dispute resolution in agent-to-agent delegations. Any implementation can
  * produce and verify dispute artifacts using these types.
  */
+import type { MerkleInclusionProof } from "./retention-policy.js";
 /** Dispute lifecycle states. Terminal states (final, expired) are irreversible. */
 export type DisputeState = "opened" | "evidence" | "arbitration" | "resolved" | "appealed" | "final" | "expired";
 /** Dispute resolution outcome. */
@@ -87,10 +88,12 @@ export interface DisputeEvidence {
  * Foundation Law (§6.5):
  * - Federation resolution must include individual AdjudicatorVote entries
  * - Aggregated-only verdicts are rejected
- * - Each vote signature MUST cover `dispute_id` — votes are not portable
- *   across disputes (a malicious adjudicator collecting old votes from
- *   other disputes cannot stuff them into a new resolution because the
- *   dispute_id binding breaks the signature).
+ * - Each vote signature MUST cover `dispute_id` AND `round` — votes are
+ *   not portable across disputes OR adjudication rounds (a malicious
+ *   adjudicator collecting old votes from other disputes cannot stuff
+ *   them into a new resolution because the dispute_id binding breaks
+ *   the signature; a leader cannot replay round-1 vote bytes as round-2
+ *   evidence because the round binding breaks the signature).
  */
 export interface AdjudicatorVote {
     /**
@@ -101,6 +104,13 @@ export interface AdjudicatorVote {
      * fails to verify against the wrong binding).
      */
     dispute_id: string;
+    /**
+     * Adjudication round. 1 for original adjudication; 2 for §8.3 appeal.
+     * Signature-bound (§6.5): a peer's round-1 vote bytes do not satisfy
+     * round-2 binding even for the same evidence. The §8.3 round-isolation
+     * property is enforced cryptographically, not by leader bookkeeping.
+     */
+    round: number;
     /** Federation peer MotebitId. */
     peer_id: string;
     /** Vote outcome. */
@@ -115,6 +125,55 @@ export interface AdjudicatorVote {
     /** Ed25519 by the voting peer over canonical JSON of all fields except signature. */
     signature: string;
 }
+/**
+ * Federation vote request — leader-to-peer fan-out body for §6.2
+ * federation adjudication. The leader (the relay where the dispute
+ * resolution was requested AND named in the dispute as filer or
+ * respondent) POSTs this to each active federation peer; each peer
+ * returns a signed `AdjudicatorVote`.
+ *
+ * Wire-format protocol type for `relay-federation@1.2` §16. The
+ * peer-side gate ladder (`spec/relay-federation-v1.md` §16.2) enforces:
+ * schema → known peer → requester-id binding → signature → freshness
+ * → operator policy configured.
+ *
+ * Foundation Law (`spec/dispute-v1.md` §6.5):
+ * - Signature MUST cover `dispute_id`, `round`, `requester_id`, and the
+ *   evidence bundle. Cross-round replay and request-tampering both
+ *   fail-closed.
+ * - For round=2 (appeal), `evidence_bundle` MUST carry the original
+ *   round-1 evidence plus any new evidence introduced with the appeal
+ *   (per §8.4).
+ */
+export interface VoteRequest {
+    /** The dispute being adjudicated. MUST equal the URL `:disputeId` parameter. */
+    dispute_id: string;
+    /**
+     * Adjudication round. 1 for original adjudication; 2 for §8.3 appeal.
+     * Signature-bound — cross-round vote replay is cryptographically
+     * rejected.
+     */
+    round: number;
+    /** Original signed dispute artifact (§4.2). The peer can re-verify the dispute's provenance from this alone. */
+    dispute_request: DisputeRequest;
+    /**
+     * All evidence collected during the dispute's evidence window (§5.2).
+     * For round=2, MUST carry the original round-1 evidence plus any new
+     * evidence introduced with the appeal.
+     */
+    evidence_bundle: DisputeEvidence[];
+    /** Leader relay's `motebit_id`. MUST be a known peer to the receiver (gate 2). */
+    requester_id: string;
+    /** Unix ms when the leader signed. Used by gate 5 freshness check (default ±60s). */
+    requested_at: number;
+    /**
+     * Cryptosuite discriminator. Always `"motebit-jcs-ed25519-b64-v1"`
+     * (see DisputeRequest for the full recipe).
+     */
+    suite: "motebit-jcs-ed25519-b64-v1";
+    /** Base64url Ed25519 by the leader over `canonicalJson(body minus signature)`. */
+    signature: string;
+}
 /**
  * Dispute resolution by adjudicator.
  *
@@ -173,4 +232,91 @@ export interface DisputeAppeal {
     /** Ed25519 over canonical JSON of all fields except signature. */
     signature: string;
 }
+/**
+ * Evidence shape #1: disputant proves their peer pubkey is committed
+ * in the cert's `federation_graph_anchor.merkle_root` via an inclusion
+ * proof, but `witnessed_by[]` does not include them.
+ *
+ * Verifier in `@motebit/crypto` recomputes the proof against the cert's
+ * anchor root and asserts the leaf hash matches the canonical
+ * leaf-of-disputant-pubkey encoding (same hashing recipe as
+ * `relay-federation-v1.md` §7.6 / `credential-anchor-v1.md` §3).
+ */
+export interface WitnessOmissionInclusionProofEvidence {
+    kind: "inclusion_proof";
+    /**
+     * Hex-encoded SHA-256 leaf hash for the disputant's federation pubkey
+     * under the anchor's canonicalization (lowercase hex pubkey bytes).
+     */
+    leaf_hash: string;
+    /** Inclusion proof against `cert.federation_graph_anchor.merkle_root`. */
+    proof: MerkleInclusionProof;
+}
+/**
+ * Evidence shape #2: disputant claims a peering relationship at
+ * `cert.horizon_ts` outside the cert's published anchor — i.e., the
+ * issuer published an incomplete or wrong anchor that omitted a peer
+ * who was peered with them at the horizon.
+ *
+ * The disputant supplies a signed peering artifact issued by the cert's
+ * issuer (e.g., a relay-federation PeeringConfirm or Heartbeat) whose
+ * timestamp window covers `cert.horizon_ts`. The verifier in
+ * `@motebit/crypto` asserts the embedded signature validates against
+ * the cert issuer's pubkey and the artifact's window covers
+ * `cert.horizon_ts`. Wire format of `peering_artifact` is opaque at this
+ * layer; verification dispatches on the artifact's own kind/spec.
+ */
+export interface WitnessOmissionAlternativePeeringEvidence {
+    kind: "alternative_peering";
+    /**
+     * Signed peering artifact from the cert issuer — embeds its own
+     * signature. Carries enough fields for the verifier to re-check
+     * the issuer's signature and the peering window.
+     */
+    peering_artifact: Record<string, unknown>;
+}
+/** Discriminated evidence union — exactly one shape per dispute. */
+export type WitnessOmissionEvidence = WitnessOmissionInclusionProofEvidence | WitnessOmissionAlternativePeeringEvidence;
+/**
+ * Witness-omission dispute — files within 24h of `cert.issued_at`
+ * (`WITNESS_OMISSION_DISPUTE_WINDOW_MS` in `@motebit/crypto`) by a peer
+ * claiming the disputed cert's `witnessed_by[]` wrongly omits them.
+ *
+ * Foundation Law (Phase 4b-3 §4.4):
+ * - `cert_issuer` + `cert_signature` together pin the disputed cert —
+ *   the relay reconciles the dispute against the cert in its local
+ *   `relay_horizon_certs` table at validation time.
+ * - At least one evidence shape is required at filing time — either
+ *   `inclusion_proof` (membership in the published anchor) or
+ *   `alternative_peering` (peering attested outside the anchor).
+ * - The cert's `issued_at` is the lookup-derived clock for the 24h
+ *   window — disputant-attested timestamps cannot widen the window.
+ * - Sustained disputes are reputation signals; the cert remains
+ *   terminal (retention-policy.md decision 5).
+ */
+export interface WitnessOmissionDispute {
+    /** UUID v7, generated by the disputant. */
+    dispute_id: string;
+    /** MotebitId / operator-id of the cert issuer — the relay that signed the disputed horizon cert. */
+    cert_issuer: string;
+    /**
+     * Hex-encoded signature of the disputed `append_only_horizon` cert.
+     * Opaque pointer; the relay resolves the cert from its local
+     * `relay_horizon_certs` table.
+     */
+    cert_signature: string;
+    /** MotebitId of the disputant peer claiming wrongful omission. */
+    disputant_motebit_id: string;
+    /** Exactly one of the two evidence shapes. */
+    evidence: WitnessOmissionEvidence;
+    /** Unix ms. */
+    filed_at: number;
+    /**
+     * Cryptosuite discriminator. Always `"motebit-jcs-ed25519-b64-v1"`
+     * (see DisputeRequest for the full recipe).
+     */
+    suite: "motebit-jcs-ed25519-b64-v1";
+    /** Ed25519 by disputant over canonical JSON of all fields except signature. */
+    signature: string;
+}
 //# sourceMappingURL=dispute.d.ts.map

package/dist/dispute.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dispute.d.ts","sourceRoot":"","sources":["../src/dispute.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,mFAAmF;AACnF,MAAM,MAAM,YAAY,GACpB,QAAQ,GACR,UAAU,GACV,aAAa,GACb,UAAU,GACV,UAAU,GACV,OAAO,GACP,SAAS,CAAC;AAEd,kCAAkC;AAClC,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,YAAY,GAAG,OAAO,CAAC;AAE/D,+BAA+B;AAC/B,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,aAAa,GACb,iBAAiB,GACjB,cAAc,GACd,OAAO,CAAC;AAEZ,4DAA4D;AAC5D,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG,qBAAqB,GAAG,OAAO,CAAC;AAItF;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,QAAQ,EAAE,eAAe,CAAC;IAC1B,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,gEAAgE;AAChE,MAAM,MAAM,mBAAmB,GAC3B,mBAAmB,GACnB,YAAY,GACZ,cAAc,GACd,kBAAkB,GAClB,kBAAkB,GAClB,aAAa,CAAC;AAElB;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB;IACrB,aAAa,EAAE,mBAAmB,CAAC;IACnC,kCAAkC;IAClC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;;;;;GAUG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,IAAI,EAAE,cAAc,CAAC;IACrB,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,qFAAqF;IACrF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,UAAU,EAAE,cAAc,CAAC;IAC3B,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,WAAW,EAAE,iBAAiB,CAAC;IAC/B,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,eAAe;IACf,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe;IACf,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB"}
+{"version":3,"file":"dispute.d.ts","sourceRoot":"","sources":["../src/dispute.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAIlE,mFAAmF;AACnF,MAAM,MAAM,YAAY,GACpB,QAAQ,GACR,UAAU,GACV,aAAa,GACb,UAAU,GACV,UAAU,GACV,OAAO,GACP,SAAS,CAAC;AAEd,kCAAkC;AAClC,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,YAAY,GAAG,OAAO,CAAC;AAE/D,+BAA+B;AAC/B,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,aAAa,GACb,iBAAiB,GACjB,cAAc,GACd,OAAO,CAAC;AAEZ,4DAA4D;AAC5D,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG,qBAAqB,GAAG,OAAO,CAAC;AAItF;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,QAAQ,EAAE,eAAe,CAAC;IAC1B,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,gEAAgE;AAChE,MAAM,MAAM,mBAAmB,GAC3B,mBAAmB,GACnB,YAAY,GACZ,cAAc,GACd,kBAAkB,GAClB,kBAAkB,GAClB,aAAa,CAAC;AAElB;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB;IACrB,aAAa,EAAE,mBAAmB,CAAC;IACnC,kCAAkC;IAClC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,IAAI,EAAE,cAAc,CAAC;IACrB,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,qFAAqF;IACrF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,WAAW;IAC1B,gFAAgF;IAChF,UAAU,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,KAAK,EAAE,MAAM,CAAC;IACd,gHAAgH;IAChH,eAAe,EAAE,cAAc,CAAC;IAChC;;;;OAIG;IACH,eAAe,EAAE,eAAe,EAAE,CAAC;IACnC,kFAAkF;IAClF,YAAY,EAAE,MAAM,CAAC;IACrB,qFAAqF;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kFAAkF;IAClF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,UAAU,EAAE,cAAc,CAAC;IAC3B,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,WAAW,EAAE,iBAAiB,CAAC;IAC/B,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,eAAe;IACf,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe;IACf,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,kEAAkE;IAClE,SAAS,EAAE,MAAM,CAAC;CACnB;AAeD;;;;;;;;;GASG;AACH,MAAM,WAAW,qCAAqC;IACpD,IAAI,EAAE,iBAAiB,CAAC;IACxB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,KAAK,EAAE,oBAAoB,CAAC;CAC7B;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,yCAAyC;IACxD,IAAI,EAAE,qBAAqB,CAAC;IAC5B;;;;OAIG;IACH,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC3C;AAED,oEAAoE;AACpE,MAAM,MAAM,uBAAuB,GAC/B,qCAAqC,GACrC,yCAAyC,CAAC;AAE9C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,sBAAsB;IACrC,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oGAAoG;IACpG,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB,kEAAkE;IAClE,oBAAoB,EAAE,MAAM,CAAC;IAC7B,8CAA8C;IAC9C,QAAQ,EAAE,uBAAuB,CAAC;IAClC,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,+EAA+E;IAC/E,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/index.d.ts

@@ -85,6 +85,53 @@ export interface AgentTrustRecord {
     avg_quality?: number;
     /** Number of quality samples collected. */
     quality_sample_count?: number;
+    /**
+     * Most-recent verified hardware-attestation snapshot about the remote
+     * agent. Projected from the latest peer-issued `AgentTrustCredential`
+     * in the credential store at read time — never persisted on
+     * `agent_trust`. The credential is the authoritative source; caching
+     * the claim on the trust row would invite drift on revocation /
+     * re-attestation. Absent when no credential carries a claim.
+     *
+     * Shape mirrors `AgentHardwareAttestation` in `@motebit/panels` so
+     * surfaces can pass `AgentTrustRecord[]` straight to the Agents-panel
+     * adapter without per-field transformation. `score` is computed once
+     * at projection time via `scoreAttestation`
+     * (`packages/semiring/src/hardware-attestation.ts`) — keep both shapes
+     * byte-aligned. The same data flows into `HardwareAttestationSemiring`
+     * for routing — see `docs/doctrine/self-attesting-system.md`: a
+     * routing-input claim MUST be visible to the user.
+     */
+    hardware_attestation?: {
+        platform: HardwareAttestationClaim["platform"];
+        key_exported?: boolean;
+        score: number;
+    };
+    /**
+     * Most-recent observed-latency snapshot for delegations to this peer.
+     * Projected from the local `LatencyStatsStore` at read time — never
+     * persisted on `agent_trust`. The store is the authoritative source;
+     * caching avg/p95 on the trust row would invite drift on every new
+     * task. Absent when the store has zero samples for this pair.
+     *
+     * Same surface contract as `hardware_attestation`: every routing-input
+     * the runtime computes against MUST be visible to the user, per
+     * `docs/doctrine/self-attesting-system.md`. Latency factors into peer
+     * ranking through `agent-graph.ts`'s latency map (default 3000ms when
+     * stats are absent); the Agents-panel latency render is the user-facing
+     * surface for that input.
+     *
+     * Shape mirrors `AgentLatencyStats` in `@motebit/panels` so surfaces
+     * can pass `AgentTrustRecord[]` straight to the Agents-panel adapter
+     * without per-field transformation. Numbers in milliseconds; integer
+     * sample counts. The relay-side enricher uses the same shape from its
+     * `relay_latency_stats` table.
+     */
+    latency_stats?: {
+        avg_ms: number;
+        p95_ms: number;
+        sample_count: number;
+    };
 }
 /** Thresholds for automatic trust level promotion/demotion. */
 export interface TrustTransitionThresholds {
@@ -200,7 +247,8 @@ export declare enum EventType {
     TrustLevelChanged = "trust_level_changed",
     KeyRotated = "key_rotated",
     ComputerSessionOpened = "computer_session_opened",
-    ComputerSessionClosed = "computer_session_closed"
+    ComputerSessionClosed = "computer_session_closed",
+    SkillLoaded = "skill_loaded"
 }
 export declare enum MemoryType {
     Episodic = "episodic",
@@ -321,6 +369,16 @@ export interface ToolAuditEntry {
     injection?: InjectionWarning;
     costUnits?: number;
     timestamp: number;
+    /**
+     * Sensitivity tier classified at write time. Optional in v1: pre-
+     * phase-5 entries drop the field, and the consolidation-cycle flush
+     * phase lazy-classifies on read per docs/doctrine/retention-policy.md
+     * §"Decision 6b". Tool-audit entries also carry an obligation floor
+     * resolved per record (settlement window, dispute window, regulatory
+     * floor); the cycle's flush phase computes
+     * `max(sensitivity_floor, obligation_floor)` per decision 3.
+     */
+    sensitivity?: SensitivityLevel;
 }
 export interface ToolDefinition {
     name: string;
@@ -340,6 +398,27 @@ export interface ToolDefinition {
      * last. See `@motebit/protocol/tool-mode`.
      */
     mode?: ToolMode;
+    /**
+     * Outbound axis — true when execution sends bytes outside the device
+     * (HTTP fetch, search-engine query, MCP server call,
+     * cross-motebit delegation). Independent of `riskHint` (which
+     * captures local risk: file overwrite, irreversible side effect).
+     *
+     * Consumed by the runtime's sensitivity-routing gate: an outbound
+     * tool refuses to execute when session sensitivity is
+     * medical/financial/secret AND the configured provider is not
+     * sovereign — the same fail-closed contract that gates AI provider
+     * calls (CLAUDE.md privacy doctrine: "Medical/financial/secret never
+     * reach external AI"; the principle generalizes to any outbound
+     * surface). Default `false`/absent ≡ local — matches the
+     * pre-existing builtin set (read_file, recall_memories, current_time).
+     *
+     * Tools added through `@motebit/mcp-client` always set this to
+     * `true` (MCP tools execute against a remote server by definition).
+     * See `check-tool-modes` for the cost-tier sibling and
+     * `check-sensitivity-routing` for the outbound enforcement gate.
+     */
+    outbound?: boolean;
 }
 export interface ToolResult {
     ok: boolean;
@@ -398,6 +477,14 @@ export interface SyncConversationMessage {
     tool_call_id: string | null;
     created_at: number;
     token_estimate: number;
+    /**
+     * Sensitivity tier classified at write time. Optional in v1: peers
+     * running pre-phase-5 builds drop the field on push, and the receiver
+     * lazy-classifies on flush per docs/doctrine/retention-policy.md
+     * §"Decision 6b" using the operator's
+     * `pre_classification_default_sensitivity`.
+     */
+    sensitivity?: import("./retention-policy.js").SensitivityLevelString;
 }
 /** Result of a conversation sync cycle. */
 export interface ConversationSyncResult {
@@ -614,9 +701,9 @@ export interface ExecutionReceipt {
  * Signed per-tool-call proof: one receipt per invocation of a tool during
  * an agent turn. Complements `ExecutionReceipt` (which commits to the
  * task as a whole) by committing to each individual tool call inside
- * the task — the finer-grained audit granularity the agent-workstation
- * surface needs to show the user exactly which tool ran, what it was
- * given, and what it returned, with a signature per call.
+ * the task — the finer-grained audit granularity the Motebit Computer
+ * needs to show the user exactly which tool ran, what it was given,
+ * and what it returned, with a signature per call.
  *
  * Why this exists as its own artifact instead of an inner field on
  * `ExecutionReceipt`:
@@ -624,8 +711,8 @@ export interface ExecutionReceipt {
  *   - Third-party implementers verifying a single tool's output do not
  *     need the enclosing task's receipt — the per-call receipt is
  *     independently self-verifiable with just the signer's public key.
- *   - The workstation surface emits these live as tool calls complete,
- *     before the enclosing task finishes; nesting inside `ExecutionReceipt`
+ *   - The slab emits these live as tool calls complete, before the
+ *     enclosing task finishes; nesting inside `ExecutionReceipt`
  *     would force the UI to wait for the outer receipt.
  *   - Delegation is recursive at the task level (`delegation_receipts`);
  *     keeping tool-invocation receipts separate avoids tangling two
@@ -721,10 +808,10 @@ export interface ConsolidationReceipt {
     finished_at: number;
     /** Phases that ran to completion. Closed union — adding a phase is a
      *  protocol-coordinated change. */
-    phases_run: ReadonlyArray<"orient" | "gather" | "consolidate" | "prune">;
+    phases_run: ReadonlyArray<"orient" | "gather" | "consolidate" | "prune" | "flush">;
     /** Phases that yielded mid-execution because their AbortSignal fired
      *  (budget exhausted or parent signal aborted). Subset of `phases_run`. */
-    phases_yielded: ReadonlyArray<"orient" | "gather" | "consolidate" | "prune">;
+    phases_yielded: ReadonlyArray<"orient" | "gather" | "consolidate" | "prune" | "flush">;
     /** Structural counts only — never memory content. The privacy boundary
      *  is the type: there is no field here that could leak a memory's text
      *  or embedding. Adding such a field is a protocol break. */
@@ -736,6 +823,10 @@ export interface ConsolidationReceipt {
         pruned_decay?: number;
         pruned_notability?: number;
         pruned_retention?: number;
+        /** Conversation messages flushed under `consolidation_flush` (phase 5-ship). */
+        flushed_conversations?: number;
+        /** Tool-audit entries flushed under `consolidation_flush` (phase 5-ship). */
+        flushed_tool_audits?: number;
     };
     /**
      * Cryptosuite discriminator. Always `"motebit-jcs-ed25519-b64-v1"` for
@@ -1168,7 +1259,7 @@ export declare const PLATFORM_FEE_RATE = 0.05;
 /**
  * Per-task settlement bookkeeping artifact.
  *
- * Foundation Law (services/api/CLAUDE.md rule 6):
+ * Foundation Law (services/relay/CLAUDE.md rule 6):
  * - Every truth the relay asserts (credential anchor proofs,
  *   revocation memos, settlement receipts) is independently
  *   verifiable onchain without relay contact.
@@ -1540,7 +1631,7 @@ export interface HardwareAttestationClaim {
      * `platform: "software"` is truthfully claiming "this key is not
      * hardware-backed", distinct from an absent claim ("unknown").
      */
-    platform: "secure_enclave" | "tpm" | "play_integrity" | "device_check" | "webauthn" | "software";
+    platform: "secure_enclave" | "tpm" | "play_integrity" | "android_keystore" | "device_check" | "webauthn" | "software";
     /**
      * True when the private key was exported from hardware to software
      * storage (backup, pairing). Weakens the claim — the hardware no
@@ -1578,6 +1669,15 @@ export interface ConversationStoreAdapter {
         content: string;
         toolCalls?: string;
         toolCallId?: string;
+        /**
+         * Sensitivity tier the message was classified at on write.
+         * Optional in v1: pre-classification messages and adapters that
+         * haven't yet been migrated to the phase-5-ship column drop the
+         * field, and the consolidation-cycle flush phase lazy-classifies
+         * on read per docs/doctrine/retention-policy.md §"Decision 6b"
+         * (operator manifest's `pre_classification_default_sensitivity`).
+         */
+        sensitivity?: SensitivityLevel;
     }): void;
     loadMessages(conversationId: string, limit?: number): Array<{
         messageId: string;
@@ -1589,6 +1689,7 @@ export interface ConversationStoreAdapter {
         toolCallId: string | null;
         createdAt: number;
         tokenEstimate: number;
+        sensitivity?: SensitivityLevel;
     }>;
     getActiveConversation(motebitId: string): {
         conversationId: string;
@@ -1606,6 +1707,28 @@ export interface ConversationStoreAdapter {
         messageCount: number;
     }>;
     deleteConversation(conversationId: string): void;
+    /**
+     * Enumerate messages older than `beforeCreatedAt`. The
+     * consolidation-cycle flush phase calls this per
+     * docs/doctrine/retention-policy.md §"Consolidation flush" to find
+     * candidates whose retention floor may have passed. Optional — when
+     * absent, the flush phase is a no-op for this store on this surface.
+     */
+    enumerateForFlush?(motebitId: string, beforeCreatedAt: number): Array<{
+        messageId: string;
+        conversationId: string;
+        role: string;
+        content: string;
+        createdAt: number;
+        sensitivity?: SensitivityLevel;
+    }>;
+    /**
+     * Erase a single message row — physical row removal, the storage
+     * operation behind a `consolidation_flush` deletion certificate per
+     * decision 7. Distinct from `deleteConversation` (whole-conversation
+     * tombstone). Optional — paired with `enumerateForFlush`.
+     */
+    eraseMessage?(messageId: string): void;
 }
 export interface StateSnapshotAdapter {
     saveState(motebitId: string, stateJson: string, versionClock?: number): void;
@@ -1670,6 +1793,19 @@ export interface EventStoreAdapter {
     tombstone(eventId: string, motebitId: string): Promise<void>;
     /** Delete events with version_clock <= beforeClock. Returns count deleted. */
     compact?(motebitId: string, beforeClock: number): Promise<number>;
+    /**
+     * Erase events with `timestamp < horizonTs`. Returns count erased.
+     * Distinct from `compact` (state-snapshot driven, version-clock-keyed):
+     * `truncateBeforeHorizon` is the storage operation behind an
+     * `append_only_horizon` deletion certificate per
+     * docs/doctrine/retention-policy.md §"Decision 4". Whole-prefix
+     * truncation only — entries before `horizonTs` are unrecoverable.
+     *
+     * Optional in phase 4a (local-only horizon advance ships first).
+     * Phase 4b tightens to required once federation co-witness lands and
+     * every operator's event log is expected to support horizon advance.
+     */
+    truncateBeforeHorizon?(motebitId: string, horizonTs: number): Promise<number>;
     /** Count total events for a motebit. */
     countEvents?(motebitId: string): Promise<number>;
 }
@@ -1680,6 +1816,17 @@ export interface DeviceRegistration {
     public_key: string;
     registered_at: number;
     device_name?: string;
+    /**
+     * Optional self-issued `AgentTrustCredential` (JSON-serialized signed
+     * VC) bearing a `hardware_attestation` claim about this device's
+     * identity key. Identity metadata, not a credential-index entry —
+     * served via `GET /agent/:motebitId/capabilities` so peers can pull,
+     * verify, and issue their own peer credentials about this subject.
+     * The `/credentials/submit` self-issued rejection (spec §23) remains
+     * unchanged. See `spec/identity-v1.md` §3 (device record) and
+     * `docs/doctrine/promoting-private-to-public.md` companion.
+     */
+    hardware_attestation_credential?: string;
 }
 export interface IdentityStorage {
     save(identity: MotebitIdentity): Promise<void>;
@@ -1711,6 +1858,20 @@ export interface AuditLogSink {
     queryStatsSince(afterTimestamp: number): AuditStatsSince;
     /** Query tool audit entries by run_id (plan execution). Optional — returns [] if not implemented. */
     queryByRunId?(runId: string): ToolAuditEntry[];
+    /**
+     * Enumerate entries older than `beforeTimestamp`. The
+     * consolidation-cycle flush phase calls this per
+     * docs/doctrine/retention-policy.md §"Consolidation flush" to find
+     * candidates whose retention floor may have passed. Optional — when
+     * absent, the flush phase is a no-op for this store on this surface.
+     */
+    enumerateForFlush?(beforeTimestamp: number): ToolAuditEntry[];
+    /**
+     * Erase a single tool-audit entry — physical row removal, the storage
+     * operation behind a `consolidation_flush` deletion certificate per
+     * decision 7. Optional — paired with `enumerateForFlush`.
+     */
+    erase?(callId: string): void;
 }
 export interface PlanStoreAdapter {
     savePlan(plan: Plan): void;
@@ -1759,15 +1920,17 @@ export { TrustSemiring, CostSemiring, LatencySemiring, BottleneckSemiring, Relia
 export type { Edge } from "./graph.js";
 export { WeightedDigraph } from "./graph.js";
 export { optimalPaths, optimalPath, transitiveClosure, optimalPathTrace } from "./traversal.js";
-export { TRUST_LEVEL_SCORES, trustLevelToScore, TRUST_ZERO, TRUST_ONE, trustAdd, trustMultiply, composeTrustChain, joinParallelRoutes, DEFAULT_TRUST_THRESHOLDS, } from "./trust-algebra.js";
+export { TRUST_LEVEL_SCORES, trustLevelToScore, TRUST_ZERO, TRUST_ONE, trustAdd, trustMultiply, composeTrustChain, joinParallelRoutes, REFERENCE_TRUST_THRESHOLDS, DEFAULT_TRUST_THRESHOLDS, } from "./trust-algebra.js";
 export type { CredentialAnchorBatch, CredentialChainAnchor, CredentialAnchorProof, ChainAnchorSubmitter, } from "./credential-anchor.js";
 export type { AgentSettlementAnchorBatch, AgentSettlementChainAnchor, AgentSettlementAnchorProof, } from "./agent-settlement-anchor.js";
 export type { RelayMetadata, RelayMetadataPeer, AgentResolutionResult } from "./discovery.js";
 export type { MigrationState, MigrationRequest, MigrationToken, DepartureAttestation, CredentialBundle, BalanceWaiver, MigrationPresentation, } from "./migration.js";
-export type { DisputeState, DisputeOutcome, DisputeCategory, DisputeFundAction, DisputeRequest, DisputeEvidence, DisputeEvidenceType, AdjudicatorVote, DisputeResolution, DisputeAppeal, } from "./dispute.js";
+export type { DisputeState, DisputeOutcome, DisputeCategory, DisputeFundAction, DisputeRequest, DisputeEvidence, DisputeEvidenceType, AdjudicatorVote, VoteRequest, DisputeResolution, DisputeAppeal, WitnessOmissionDispute, WitnessOmissionEvidence, WitnessOmissionInclusionProofEvidence, WitnessOmissionAlternativePeeringEvidence, } from "./dispute.js";
 export type { SettlementMode, P2pPaymentProof, PaymentVerificationStatus, SettlementEligibility, SolvencyProof, } from "./settlement-mode.js";
 export type { SuiteId, SuiteEntry, SuiteStatus, SuiteAlgorithm, SuiteCanonicalization, SuiteSignatureEncoding, SuitePublicKeyEncoding, } from "./crypto-suite.js";
 export { SUITE_REGISTRY, ALL_SUITE_IDS, isSuiteId, getSuiteEntry } from "./crypto-suite.js";
+export { MAX_RETENTION_DAYS_BY_SENSITIVITY, REFERENCE_RETENTION_DAYS_BY_SENSITIVITY, RUNTIME_RETENTION_REGISTRY, EMPTY_FEDERATION_GRAPH_ANCHOR, } from "./retention-policy.js";
+export type { RetentionCeilingDays, RetentionShape, RetentionShapeDeclaration, RetentionStoreDeclaration, RetentionManifest, RuntimeStoreId, DeletionCertificate, DeletionReason, HorizonSubject, HorizonWitness, HorizonWitnessRequestBody, WitnessSolicitationRequest, WitnessSolicitationResponse, FederationGraphAnchor, MerkleAlgo, MerkleInclusionProof, SubjectSignature, OperatorSignature, DelegateSignature, GuardianSignature, SensitivityLevelString, } from "./retention-policy.js";
 export type { MemoryDecayedPayload, MemoryFormedPayload, MemoryAccessedPayload, MemoryPinnedPayload, MemoryDeletedPayload, MemoryConsolidatedPayload, MemoryAuditPayload, MemoryPromotedPayload, } from "./memory-events.js";
 export type { GoalCreatedPayload, GoalExecutedPayload, GoalProgressPayload, GoalCompletedPayload, GoalRemovedPayload, } from "./goal-lifecycle.js";
 export type { PlanCreatedPayload, PlanStepStartedPayload, PlanStepCompletedPayload, PlanStepFailedPayload, PlanStepDelegatedPayload, PlanCompletedPayload, PlanFailedPayload, } from "./plan-lifecycle.js";
@@ -1776,4 +1939,7 @@ export { COMPUTER_ACTION_KINDS, COMPUTER_FAILURE_REASONS } from "./computer-use.
 export type { ToolMode } from "./tool-mode.js";
 export { TOOL_MODES, toolModePriority } from "./tool-mode.js";
 import type { ToolMode } from "./tool-mode.js";
+export type { SkillSensitivity, SkillPlatform, SkillHardwareAttestationGate, SkillSignature, SkillManifestMetadata, SkillManifestMotebit, SkillManifest, SkillEnvelopeFile, SkillEnvelopeSkillRef, SkillEnvelope, SkillLoadPayload, } from "./skills.js";
+export { SKILL_SENSITIVITY_TIERS, SKILL_AUTO_LOADABLE_TIERS, SKILL_PLATFORMS } from "./skills.js";
+export type { SkillRegistryEntry, SkillRegistrySubmitRequest, SkillRegistrySubmitResponse, SkillRegistryListing, SkillRegistryBundle, } from "./skills.js";
 //# sourceMappingURL=index.d.ts.map