@nexart/ai-execution 0.7.0 → 0.9.0

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, B as BundleDeclaration, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult, g as SanitizeStorageOptions, h as AttestationReceipt, N as NodeKeysDocument, i as NodeReceiptVerifyResult, j as SignedAttestationReceipt, k as CerVerifyCode, l as AiefVerifyResult, T as ToolEvent, m as RunSummaryVerifyResult, n as AiefProfile } from './types-CcqCDPrD.cjs';
-export { o as AiExecutionParameters, p as AttestationReceiptResult, q as ClientDefaults, r as NexArtClient, P as ProviderCallParams, s as ProviderCallResult, t as ProviderConfig, u as RedactionEnvelope, W as WrappedExecutionParams, v as WrappedExecutionResult } from './types-CcqCDPrD.cjs';
+import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, B as BundleDeclaration, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult, g as SanitizeStorageOptions, h as AttestationReceipt, N as NodeKeysDocument, i as NodeReceiptVerifyResult, j as SignedAttestationReceipt, k as CerVerifyCode, l as AiefVerifyResult, T as ToolEvent, m as RunSummaryVerifyResult, n as AiefProfile } from './types-C5t12OK8.cjs';
+export { o as AiExecutionParameters, p as AttestationReceiptResult, q as ClientDefaults, r as NexArtClient, P as ProviderCallParams, s as ProviderCallResult, t as ProviderConfig, u as RedactionEnvelope, W as WrappedExecutionParams, v as WrappedExecutionResult } from './types-C5t12OK8.cjs';
 export { wrapProvider } from './providers/wrap.cjs';
 
 declare class CerVerificationError extends Error {
@@ -353,4 +353,216 @@ interface ProfileValidationResult {
  */
 declare function validateProfile(target: AiExecutionSnapshotV1 | CerAiExecutionBundle, profile: AiefProfile): ProfileValidationResult;
 
-export { AiExecutionSnapshotV1, AiefProfile, AiefVerifyResult, AttestOptions, AttestationReceipt, AttestationResult, BundleDeclaration, CerAiExecutionBundle, CerAttestationError, CerMeta, CerVerificationError, CerVerifyCode, CerVerifyCode as CerVerifyCodeType, CertifyDecisionParams, CreateSnapshotParams, type MakeToolEventParams, NodeKeysDocument, NodeReceiptVerifyResult, type ProfileValidationResult, type RedactBeforeSealPolicy, RunBuilder, RunBuilderOptions, RunSummary, RunSummaryVerifyResult, SanitizeStorageOptions, SignedAttestationReceipt, StepParams, ToolEvent, VerificationResult, type VerifyRunSummaryOptions, attest, attestIfNeeded, certifyAndAttestDecision, certifyDecision, certifyDecisionFromProviderCall, computeInputHash, computeOutputHash, createClient, createSnapshot, exportCer, fetchNodeKeys, getAttestationReceipt, hasAttestation, hashCanonicalJson, hashToolOutput, hashUtf8, importCer, makeToolEvent, mapToAiefReason, redactBeforeSeal, sanitizeForAttestation, sanitizeForStamp, sanitizeForStorage, sealCer, selectNodeKey, sha256Hex, toCanonicalJson, validateProfile, verifyCer as verify, verifyAief, verifyBundleAttestation, verifyCer, verifyNodeReceiptSignature, verifyRunSummary, verifySnapshot };
+/**
+ * @nexart/ai-execution — Verifiable redacted export helper
+ *
+ * exportVerifiableRedacted() produces a NEW sealed bundle whose snapshot has
+ * sensitive fields replaced with redaction envelopes via redactBeforeSeal().
+ *
+ * The result is a fully independently verifiable bundle with a NEW certificateHash.
+ * The original certificateHash is preserved in meta.provenance as an informational
+ * cross-reference ONLY — it does not establish any cryptographic relationship
+ * between the two bundles.
+ *
+ * verify(newBundle) → { ok: true }   ✅ the new bundle verifies on its own
+ * verify(originalBundle) → { ok: true }  ✅ the original is unaffected
+ *
+ * IMPORTANT CONSTRAINTS:
+ * - Only `input` and `output` paths are safe to redact (their content hashes are
+ *   recomputed from the envelope). Schema-validated string fields like `prompt`
+ *   cannot be replaced with an object envelope — verify() will return SCHEMA_ERROR.
+ * - `meta.provenance.originalCertificateHash` is reference metadata only.
+ *   Anyone who receives only the new bundle cannot verify the original's integrity.
+ */
+
+interface ExportVerifiableRedactedOptions {
+    createdAt?: string;
+}
+interface ExportVerifiableRedactedProvenance {
+    originalCertificateHash: string;
+    redactionPolicy: {
+        paths: string[];
+    };
+    redactedAt: string;
+}
+interface ExportVerifiableRedactedResult {
+    bundle: CerAiExecutionBundle;
+    /**
+     * The original bundle's certificateHash. Convenience alias for
+     * `bundle.meta.provenance.originalCertificateHash`.
+     * Reference only — no cryptographic link to the new bundle.
+     */
+    originalCertificateHash: string;
+}
+/**
+ * Produce a new sealed bundle with redacted snapshot fields.
+ *
+ * @param bundle   The original sealed bundle to redact from.
+ * @param policy   Which snapshot paths to redact. Only 'input' and 'output'
+ *                 are safe for verifiable redaction (their content hashes are
+ *                 recomputed). Other schema-validated string fields will cause
+ *                 verify() to return SCHEMA_ERROR on the new bundle.
+ * @param options  Optional overrides (createdAt).
+ *
+ * @example
+ * ```typescript
+ * import { certifyDecision, verify, exportVerifiableRedacted } from '@nexart/ai-execution';
+ *
+ * const original = certifyDecision({ ... });
+ * const { bundle, originalCertificateHash } = exportVerifiableRedacted(
+ *   original,
+ *   { paths: ['input', 'output'] },
+ * );
+ *
+ * verify(bundle).ok;                                    // true
+ * bundle.meta.provenance.originalCertificateHash;       // 'sha256:...' — reference only
+ * bundle.snapshot.input;                                // { _redacted: true, hash: 'sha256:...' }
+ * ```
+ */
+declare function exportVerifiableRedacted(bundle: CerAiExecutionBundle, policy: RedactBeforeSealPolicy, options?: ExportVerifiableRedactedOptions): ExportVerifiableRedactedResult;
+
+/**
+ * @nexart/ai-execution — Opinionated run helper
+ *
+ * certifyAndAttestRun(): certify every step in a multi-step run via RunBuilder,
+ * optionally attest each sealed bundle, and return a consolidated result.
+ *
+ * Design principles:
+ * - Does NOT mutate or wrap any externally-owned RunBuilder. Creates its own.
+ * - RunBuilder semantics are unchanged: prevStepHash chaining is automatic.
+ * - attestStep is optional and injectable so callers can mock in tests without
+ *   hitting the network.
+ * - Network failures from attestStep bubble up — wrap in try/catch for partial
+ *   failure tolerance.
+ */
+
+interface CertifyAndAttestRunOptions {
+    runId?: string;
+    workflowId?: string | null;
+    conversationId?: string | null;
+    appId?: string | null;
+    /**
+     * Optional per-step attestation function. Receives each sealed step bundle
+     * immediately after it is created. Return an AttestationReceipt on success.
+     *
+     * If omitted, all receipts will be null (bundles are sealed but not attested).
+     *
+     * @example
+     * ```typescript
+     * import { attest } from '@nexart/ai-execution';
+     * certifyAndAttestRun(steps, {
+     *   attestStep: (bundle) => attest(bundle, { nodeUrl, apiKey }),
+     * });
+     * ```
+     */
+    attestStep?: (bundle: CerAiExecutionBundle) => Promise<AttestationReceipt>;
+}
+interface CertifyAndAttestRunResult {
+    runSummary: RunSummary;
+    stepBundles: CerAiExecutionBundle[];
+    /**
+     * Attestation receipts in step order. `null` at index i means the step
+     * was sealed but not attested (no `attestStep` option was provided).
+     */
+    receipts: (AttestationReceipt | null)[];
+    /** Alias for runSummary.finalStepHash — the last step's certificateHash. */
+    finalStepHash: string | null;
+}
+/**
+ * Certify every step in a multi-step run and optionally attest each bundle.
+ *
+ * Each step is sealed via RunBuilder, which automatically:
+ * - assigns stepIndex (0-based)
+ * - sets prevStepHash to the previous step's certificateHash
+ * - assigns a unique executionId and stepId per step
+ *
+ * The resulting runSummary + stepBundles can be validated offline with
+ * verifyRunSummary(runSummary, stepBundles).
+ *
+ * @param steps    Ordered list of step parameters (step 0 first).
+ * @param options  Run-level options and optional attestation hook.
+ *
+ * @example
+ * ```typescript
+ * import { certifyAndAttestRun, verifyRunSummary } from '@nexart/ai-execution';
+ *
+ * const { runSummary, stepBundles, receipts, finalStepHash } =
+ *   await certifyAndAttestRun(
+ *     [step0Params, step1Params, step2Params],
+ *     {
+ *       runId: 'analysis-run',
+ *       workflowId: 'data-pipeline',
+ *       attestStep: (bundle) => attest(bundle, { nodeUrl, apiKey }),
+ *     },
+ *   );
+ *
+ * verifyRunSummary(runSummary, stepBundles); // { ok: true }
+ * ```
+ */
+declare function certifyAndAttestRun(steps: StepParams[], options?: CertifyAndAttestRunOptions): Promise<CertifyAndAttestRunResult>;
+
+/**
+ * CER Protocol verification types — v0.9.0
+ *
+ * These are the canonical structured verification types for the NexArt
+ * Certified Execution Record (CER) Protocol. All NexArt-compatible verifiers
+ * should produce a CerVerificationResult.
+ *
+ * NOTE: The existing VerificationResult type (ok/errors/code shape) is preserved
+ * for backward compatibility. CerVerificationResult is the new protocol-aligned type.
+ */
+type VerificationStatus = 'VERIFIED' | 'FAILED' | 'NOT_FOUND';
+type CheckStatus = 'PASS' | 'FAIL' | 'SKIPPED';
+declare const ReasonCode: {
+    readonly BUNDLE_HASH_MISMATCH: "BUNDLE_HASH_MISMATCH";
+    readonly NODE_SIGNATURE_INVALID: "NODE_SIGNATURE_INVALID";
+    readonly NODE_SIGNATURE_MISSING: "NODE_SIGNATURE_MISSING";
+    readonly RECEIPT_HASH_MISMATCH: "RECEIPT_HASH_MISMATCH";
+    readonly SCHEMA_VERSION_UNSUPPORTED: "SCHEMA_VERSION_UNSUPPORTED";
+    readonly RECORD_NOT_FOUND: "RECORD_NOT_FOUND";
+    readonly BUNDLE_CORRUPTED: "BUNDLE_CORRUPTED";
+};
+type ReasonCode = typeof ReasonCode[keyof typeof ReasonCode];
+/**
+ * Canonical protocol verification result.
+ *
+ * Produced by verifyAiCerBundleDetailed() and verifyCodeModeSnapshotDetailed().
+ * All checks that are not applicable to a given bundle type are SKIPPED (never FAIL).
+ */
+interface CerVerificationResult {
+    status: VerificationStatus;
+    checks: {
+        bundleIntegrity: CheckStatus;
+        nodeSignature: CheckStatus;
+        receiptConsistency: CheckStatus;
+    };
+    reasonCodes: ReasonCode[];
+    certificateHash: string;
+    bundleType: string;
+    verifiedAt: string;
+    verifier: string;
+}
+
+/**
+ * verifyAiCerBundleDetailed — protocol-aligned AI CER verifier
+ *
+ * Returns a CerVerificationResult conforming to the CER Protocol spec.
+ * Wraps the existing verifyCer() + hasAttestation() helpers and maps
+ * their results into the structured protocol schema.
+ */
+
+/**
+ * Verify a CER AI execution bundle and return a structured CerVerificationResult.
+ *
+ * - bundleIntegrity: PASS/FAIL based on certificateHash integrity
+ * - nodeSignature:   PASS if attestation present and structurally valid; SKIPPED if absent
+ * - receiptConsistency: mirrors nodeSignature (SKIPPED when no attestation)
+ *
+ * Attestation is optional — its absence sets nodeSignature/receiptConsistency
+ * to SKIPPED, not FAIL.
+ *
+ * @param bundle - The raw CER bundle (typed as unknown for safety; validated internally)
+ */
+declare function verifyAiCerBundleDetailed(bundle: unknown): CerVerificationResult;
+
+export { AiExecutionSnapshotV1, AiefProfile, AiefVerifyResult, AttestOptions, AttestationReceipt, AttestationResult, BundleDeclaration, CerAiExecutionBundle, CerAttestationError, CerMeta, CerVerificationError, type CerVerificationResult, CerVerifyCode, CerVerifyCode as CerVerifyCodeType, type CertifyAndAttestRunOptions, type CertifyAndAttestRunResult, CertifyDecisionParams, type CheckStatus, CreateSnapshotParams, type ExportVerifiableRedactedOptions, type ExportVerifiableRedactedProvenance, type ExportVerifiableRedactedResult, type MakeToolEventParams, NodeKeysDocument, NodeReceiptVerifyResult, type ProfileValidationResult, ReasonCode, ReasonCode as ReasonCodeType, type RedactBeforeSealPolicy, RunBuilder, RunBuilderOptions, RunSummary, RunSummaryVerifyResult, SanitizeStorageOptions, SignedAttestationReceipt, StepParams, ToolEvent, VerificationResult, type VerificationStatus, type VerifyRunSummaryOptions, attest, attestIfNeeded, certifyAndAttestDecision, certifyAndAttestRun, certifyDecision, certifyDecisionFromProviderCall, computeInputHash, computeOutputHash, createClient, createSnapshot, exportCer, exportVerifiableRedacted, fetchNodeKeys, getAttestationReceipt, hasAttestation, hashCanonicalJson, hashToolOutput, hashUtf8, importCer, makeToolEvent, mapToAiefReason, redactBeforeSeal, sanitizeForAttestation, sanitizeForStamp, sanitizeForStorage, sealCer, selectNodeKey, sha256Hex, toCanonicalJson, validateProfile, verifyCer as verify, verifyAiCerBundleDetailed, verifyAief, verifyBundleAttestation, verifyCer, verifyNodeReceiptSignature, verifyRunSummary, verifySnapshot };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, B as BundleDeclaration, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult, g as SanitizeStorageOptions, h as AttestationReceipt, N as NodeKeysDocument, i as NodeReceiptVerifyResult, j as SignedAttestationReceipt, k as CerVerifyCode, l as AiefVerifyResult, T as ToolEvent, m as RunSummaryVerifyResult, n as AiefProfile } from './types-CcqCDPrD.js';
-export { o as AiExecutionParameters, p as AttestationReceiptResult, q as ClientDefaults, r as NexArtClient, P as ProviderCallParams, s as ProviderCallResult, t as ProviderConfig, u as RedactionEnvelope, W as WrappedExecutionParams, v as WrappedExecutionResult } from './types-CcqCDPrD.js';
+import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, B as BundleDeclaration, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult, g as SanitizeStorageOptions, h as AttestationReceipt, N as NodeKeysDocument, i as NodeReceiptVerifyResult, j as SignedAttestationReceipt, k as CerVerifyCode, l as AiefVerifyResult, T as ToolEvent, m as RunSummaryVerifyResult, n as AiefProfile } from './types-C5t12OK8.js';
+export { o as AiExecutionParameters, p as AttestationReceiptResult, q as ClientDefaults, r as NexArtClient, P as ProviderCallParams, s as ProviderCallResult, t as ProviderConfig, u as RedactionEnvelope, W as WrappedExecutionParams, v as WrappedExecutionResult } from './types-C5t12OK8.js';
 export { wrapProvider } from './providers/wrap.js';
 
 declare class CerVerificationError extends Error {
@@ -353,4 +353,216 @@ interface ProfileValidationResult {
  */
 declare function validateProfile(target: AiExecutionSnapshotV1 | CerAiExecutionBundle, profile: AiefProfile): ProfileValidationResult;
 
-export { AiExecutionSnapshotV1, AiefProfile, AiefVerifyResult, AttestOptions, AttestationReceipt, AttestationResult, BundleDeclaration, CerAiExecutionBundle, CerAttestationError, CerMeta, CerVerificationError, CerVerifyCode, CerVerifyCode as CerVerifyCodeType, CertifyDecisionParams, CreateSnapshotParams, type MakeToolEventParams, NodeKeysDocument, NodeReceiptVerifyResult, type ProfileValidationResult, type RedactBeforeSealPolicy, RunBuilder, RunBuilderOptions, RunSummary, RunSummaryVerifyResult, SanitizeStorageOptions, SignedAttestationReceipt, StepParams, ToolEvent, VerificationResult, type VerifyRunSummaryOptions, attest, attestIfNeeded, certifyAndAttestDecision, certifyDecision, certifyDecisionFromProviderCall, computeInputHash, computeOutputHash, createClient, createSnapshot, exportCer, fetchNodeKeys, getAttestationReceipt, hasAttestation, hashCanonicalJson, hashToolOutput, hashUtf8, importCer, makeToolEvent, mapToAiefReason, redactBeforeSeal, sanitizeForAttestation, sanitizeForStamp, sanitizeForStorage, sealCer, selectNodeKey, sha256Hex, toCanonicalJson, validateProfile, verifyCer as verify, verifyAief, verifyBundleAttestation, verifyCer, verifyNodeReceiptSignature, verifyRunSummary, verifySnapshot };
+/**
+ * @nexart/ai-execution — Verifiable redacted export helper
+ *
+ * exportVerifiableRedacted() produces a NEW sealed bundle whose snapshot has
+ * sensitive fields replaced with redaction envelopes via redactBeforeSeal().
+ *
+ * The result is a fully independently verifiable bundle with a NEW certificateHash.
+ * The original certificateHash is preserved in meta.provenance as an informational
+ * cross-reference ONLY — it does not establish any cryptographic relationship
+ * between the two bundles.
+ *
+ * verify(newBundle) → { ok: true }   ✅ the new bundle verifies on its own
+ * verify(originalBundle) → { ok: true }  ✅ the original is unaffected
+ *
+ * IMPORTANT CONSTRAINTS:
+ * - Only `input` and `output` paths are safe to redact (their content hashes are
+ *   recomputed from the envelope). Schema-validated string fields like `prompt`
+ *   cannot be replaced with an object envelope — verify() will return SCHEMA_ERROR.
+ * - `meta.provenance.originalCertificateHash` is reference metadata only.
+ *   Anyone who receives only the new bundle cannot verify the original's integrity.
+ */
+
+interface ExportVerifiableRedactedOptions {
+    createdAt?: string;
+}
+interface ExportVerifiableRedactedProvenance {
+    originalCertificateHash: string;
+    redactionPolicy: {
+        paths: string[];
+    };
+    redactedAt: string;
+}
+interface ExportVerifiableRedactedResult {
+    bundle: CerAiExecutionBundle;
+    /**
+     * The original bundle's certificateHash. Convenience alias for
+     * `bundle.meta.provenance.originalCertificateHash`.
+     * Reference only — no cryptographic link to the new bundle.
+     */
+    originalCertificateHash: string;
+}
+/**
+ * Produce a new sealed bundle with redacted snapshot fields.
+ *
+ * @param bundle   The original sealed bundle to redact from.
+ * @param policy   Which snapshot paths to redact. Only 'input' and 'output'
+ *                 are safe for verifiable redaction (their content hashes are
+ *                 recomputed). Other schema-validated string fields will cause
+ *                 verify() to return SCHEMA_ERROR on the new bundle.
+ * @param options  Optional overrides (createdAt).
+ *
+ * @example
+ * ```typescript
+ * import { certifyDecision, verify, exportVerifiableRedacted } from '@nexart/ai-execution';
+ *
+ * const original = certifyDecision({ ... });
+ * const { bundle, originalCertificateHash } = exportVerifiableRedacted(
+ *   original,
+ *   { paths: ['input', 'output'] },
+ * );
+ *
+ * verify(bundle).ok;                                    // true
+ * bundle.meta.provenance.originalCertificateHash;       // 'sha256:...' — reference only
+ * bundle.snapshot.input;                                // { _redacted: true, hash: 'sha256:...' }
+ * ```
+ */
+declare function exportVerifiableRedacted(bundle: CerAiExecutionBundle, policy: RedactBeforeSealPolicy, options?: ExportVerifiableRedactedOptions): ExportVerifiableRedactedResult;
+
+/**
+ * @nexart/ai-execution — Opinionated run helper
+ *
+ * certifyAndAttestRun(): certify every step in a multi-step run via RunBuilder,
+ * optionally attest each sealed bundle, and return a consolidated result.
+ *
+ * Design principles:
+ * - Does NOT mutate or wrap any externally-owned RunBuilder. Creates its own.
+ * - RunBuilder semantics are unchanged: prevStepHash chaining is automatic.
+ * - attestStep is optional and injectable so callers can mock in tests without
+ *   hitting the network.
+ * - Network failures from attestStep bubble up — wrap in try/catch for partial
+ *   failure tolerance.
+ */
+
+interface CertifyAndAttestRunOptions {
+    runId?: string;
+    workflowId?: string | null;
+    conversationId?: string | null;
+    appId?: string | null;
+    /**
+     * Optional per-step attestation function. Receives each sealed step bundle
+     * immediately after it is created. Return an AttestationReceipt on success.
+     *
+     * If omitted, all receipts will be null (bundles are sealed but not attested).
+     *
+     * @example
+     * ```typescript
+     * import { attest } from '@nexart/ai-execution';
+     * certifyAndAttestRun(steps, {
+     *   attestStep: (bundle) => attest(bundle, { nodeUrl, apiKey }),
+     * });
+     * ```
+     */
+    attestStep?: (bundle: CerAiExecutionBundle) => Promise<AttestationReceipt>;
+}
+interface CertifyAndAttestRunResult {
+    runSummary: RunSummary;
+    stepBundles: CerAiExecutionBundle[];
+    /**
+     * Attestation receipts in step order. `null` at index i means the step
+     * was sealed but not attested (no `attestStep` option was provided).
+     */
+    receipts: (AttestationReceipt | null)[];
+    /** Alias for runSummary.finalStepHash — the last step's certificateHash. */
+    finalStepHash: string | null;
+}
+/**
+ * Certify every step in a multi-step run and optionally attest each bundle.
+ *
+ * Each step is sealed via RunBuilder, which automatically:
+ * - assigns stepIndex (0-based)
+ * - sets prevStepHash to the previous step's certificateHash
+ * - assigns a unique executionId and stepId per step
+ *
+ * The resulting runSummary + stepBundles can be validated offline with
+ * verifyRunSummary(runSummary, stepBundles).
+ *
+ * @param steps    Ordered list of step parameters (step 0 first).
+ * @param options  Run-level options and optional attestation hook.
+ *
+ * @example
+ * ```typescript
+ * import { certifyAndAttestRun, verifyRunSummary } from '@nexart/ai-execution';
+ *
+ * const { runSummary, stepBundles, receipts, finalStepHash } =
+ *   await certifyAndAttestRun(
+ *     [step0Params, step1Params, step2Params],
+ *     {
+ *       runId: 'analysis-run',
+ *       workflowId: 'data-pipeline',
+ *       attestStep: (bundle) => attest(bundle, { nodeUrl, apiKey }),
+ *     },
+ *   );
+ *
+ * verifyRunSummary(runSummary, stepBundles); // { ok: true }
+ * ```
+ */
+declare function certifyAndAttestRun(steps: StepParams[], options?: CertifyAndAttestRunOptions): Promise<CertifyAndAttestRunResult>;
+
+/**
+ * CER Protocol verification types — v0.9.0
+ *
+ * These are the canonical structured verification types for the NexArt
+ * Certified Execution Record (CER) Protocol. All NexArt-compatible verifiers
+ * should produce a CerVerificationResult.
+ *
+ * NOTE: The existing VerificationResult type (ok/errors/code shape) is preserved
+ * for backward compatibility. CerVerificationResult is the new protocol-aligned type.
+ */
+type VerificationStatus = 'VERIFIED' | 'FAILED' | 'NOT_FOUND';
+type CheckStatus = 'PASS' | 'FAIL' | 'SKIPPED';
+declare const ReasonCode: {
+    readonly BUNDLE_HASH_MISMATCH: "BUNDLE_HASH_MISMATCH";
+    readonly NODE_SIGNATURE_INVALID: "NODE_SIGNATURE_INVALID";
+    readonly NODE_SIGNATURE_MISSING: "NODE_SIGNATURE_MISSING";
+    readonly RECEIPT_HASH_MISMATCH: "RECEIPT_HASH_MISMATCH";
+    readonly SCHEMA_VERSION_UNSUPPORTED: "SCHEMA_VERSION_UNSUPPORTED";
+    readonly RECORD_NOT_FOUND: "RECORD_NOT_FOUND";
+    readonly BUNDLE_CORRUPTED: "BUNDLE_CORRUPTED";
+};
+type ReasonCode = typeof ReasonCode[keyof typeof ReasonCode];
+/**
+ * Canonical protocol verification result.
+ *
+ * Produced by verifyAiCerBundleDetailed() and verifyCodeModeSnapshotDetailed().
+ * All checks that are not applicable to a given bundle type are SKIPPED (never FAIL).
+ */
+interface CerVerificationResult {
+    status: VerificationStatus;
+    checks: {
+        bundleIntegrity: CheckStatus;
+        nodeSignature: CheckStatus;
+        receiptConsistency: CheckStatus;
+    };
+    reasonCodes: ReasonCode[];
+    certificateHash: string;
+    bundleType: string;
+    verifiedAt: string;
+    verifier: string;
+}
+
+/**
+ * verifyAiCerBundleDetailed — protocol-aligned AI CER verifier
+ *
+ * Returns a CerVerificationResult conforming to the CER Protocol spec.
+ * Wraps the existing verifyCer() + hasAttestation() helpers and maps
+ * their results into the structured protocol schema.
+ */
+
+/**
+ * Verify a CER AI execution bundle and return a structured CerVerificationResult.
+ *
+ * - bundleIntegrity: PASS/FAIL based on certificateHash integrity
+ * - nodeSignature:   PASS if attestation present and structurally valid; SKIPPED if absent
+ * - receiptConsistency: mirrors nodeSignature (SKIPPED when no attestation)
+ *
+ * Attestation is optional — its absence sets nodeSignature/receiptConsistency
+ * to SKIPPED, not FAIL.
+ *
+ * @param bundle - The raw CER bundle (typed as unknown for safety; validated internally)
+ */
+declare function verifyAiCerBundleDetailed(bundle: unknown): CerVerificationResult;
+
+export { AiExecutionSnapshotV1, AiefProfile, AiefVerifyResult, AttestOptions, AttestationReceipt, AttestationResult, BundleDeclaration, CerAiExecutionBundle, CerAttestationError, CerMeta, CerVerificationError, type CerVerificationResult, CerVerifyCode, CerVerifyCode as CerVerifyCodeType, type CertifyAndAttestRunOptions, type CertifyAndAttestRunResult, CertifyDecisionParams, type CheckStatus, CreateSnapshotParams, type ExportVerifiableRedactedOptions, type ExportVerifiableRedactedProvenance, type ExportVerifiableRedactedResult, type MakeToolEventParams, NodeKeysDocument, NodeReceiptVerifyResult, type ProfileValidationResult, ReasonCode, ReasonCode as ReasonCodeType, type RedactBeforeSealPolicy, RunBuilder, RunBuilderOptions, RunSummary, RunSummaryVerifyResult, SanitizeStorageOptions, SignedAttestationReceipt, StepParams, ToolEvent, VerificationResult, type VerificationStatus, type VerifyRunSummaryOptions, attest, attestIfNeeded, certifyAndAttestDecision, certifyAndAttestRun, certifyDecision, certifyDecisionFromProviderCall, computeInputHash, computeOutputHash, createClient, createSnapshot, exportCer, exportVerifiableRedacted, fetchNodeKeys, getAttestationReceipt, hasAttestation, hashCanonicalJson, hashToolOutput, hashUtf8, importCer, makeToolEvent, mapToAiefReason, redactBeforeSeal, sanitizeForAttestation, sanitizeForStamp, sanitizeForStorage, sealCer, selectNodeKey, sha256Hex, toCanonicalJson, validateProfile, verifyCer as verify, verifyAiCerBundleDetailed, verifyAief, verifyBundleAttestation, verifyCer, verifyNodeReceiptSignature, verifyRunSummary, verifySnapshot };

package/dist/index.mjs

@@ -114,7 +114,7 @@ function computeOutputHash(output) {
 }
 
 // src/snapshot.ts
-var PACKAGE_VERSION = "0.7.0";
+var PACKAGE_VERSION = "0.8.0";
 function validateParameters(params) {
   const errors = [];
   if (typeof params.temperature !== "number" || !Number.isFinite(params.temperature)) {
@@ -382,7 +382,7 @@ function certifyDecision(params) {
     conversationId: params.conversationId,
     prevStepHash: params.prevStepHash
   });
-  return sealCer(snapshot, { meta: params.meta });
+  return sealCer(snapshot, { createdAt: params.createdAt, meta: params.meta });
 }
 
 // src/run.ts
@@ -2410,14 +2410,149 @@ function validateProfile(target, profile) {
   }
   return { ok: errors.length === 0, errors };
 }
+
+// src/exportRedacted.ts
+function exportVerifiableRedacted(bundle, policy, options) {
+  const createdAt = options?.createdAt ?? (/* @__PURE__ */ new Date()).toISOString();
+  const redactedSnapshot = redactBeforeSeal(bundle.snapshot, policy);
+  const provenance = {
+    originalCertificateHash: bundle.certificateHash,
+    redactionPolicy: { paths: [...policy.paths] },
+    redactedAt: createdAt
+  };
+  const mergedMeta = {
+    ...bundle.meta,
+    provenance
+  };
+  const newBundle = sealCer(redactedSnapshot, {
+    createdAt,
+    meta: mergedMeta,
+    declaration: bundle.declaration
+  });
+  return {
+    bundle: newBundle,
+    originalCertificateHash: bundle.certificateHash
+  };
+}
+
+// src/runHelper.ts
+async function certifyAndAttestRun(steps, options) {
+  const run = new RunBuilder({
+    runId: options?.runId,
+    workflowId: options?.workflowId,
+    conversationId: options?.conversationId,
+    appId: options?.appId
+  });
+  const stepBundles = [];
+  const receipts = [];
+  for (const stepParams of steps) {
+    const bundle = run.step(stepParams);
+    stepBundles.push(bundle);
+    if (options?.attestStep) {
+      const receipt = await options.attestStep(bundle);
+      receipts.push(receipt);
+    } else {
+      receipts.push(null);
+    }
+  }
+  const runSummary = run.finalize();
+  return {
+    runSummary,
+    stepBundles,
+    receipts,
+    finalStepHash: runSummary.finalStepHash
+  };
+}
+
+// src/cerProtocol.ts
+var ReasonCode = {
+  BUNDLE_HASH_MISMATCH: "BUNDLE_HASH_MISMATCH",
+  NODE_SIGNATURE_INVALID: "NODE_SIGNATURE_INVALID",
+  NODE_SIGNATURE_MISSING: "NODE_SIGNATURE_MISSING",
+  RECEIPT_HASH_MISMATCH: "RECEIPT_HASH_MISMATCH",
+  SCHEMA_VERSION_UNSUPPORTED: "SCHEMA_VERSION_UNSUPPORTED",
+  RECORD_NOT_FOUND: "RECORD_NOT_FOUND",
+  BUNDLE_CORRUPTED: "BUNDLE_CORRUPTED"
+};
+
+// src/verifyDetailed.ts
+function mapCerCodeToReasonCodes(cerCode) {
+  switch (cerCode) {
+    case CerVerifyCode.CERTIFICATE_HASH_MISMATCH:
+    case CerVerifyCode.SNAPSHOT_HASH_MISMATCH:
+    case CerVerifyCode.INPUT_HASH_MISMATCH:
+    case CerVerifyCode.OUTPUT_HASH_MISMATCH:
+      return [ReasonCode.BUNDLE_HASH_MISMATCH];
+    case CerVerifyCode.SCHEMA_ERROR:
+      return [ReasonCode.SCHEMA_VERSION_UNSUPPORTED];
+    case CerVerifyCode.CANONICALIZATION_ERROR:
+    case CerVerifyCode.UNKNOWN_ERROR:
+    case CerVerifyCode.INVALID_SHA256_FORMAT:
+      return [ReasonCode.BUNDLE_CORRUPTED];
+    case CerVerifyCode.ATTESTATION_INVALID_SIGNATURE:
+    case CerVerifyCode.ATTESTATION_KEY_FORMAT_UNSUPPORTED:
+    case CerVerifyCode.ATTESTATION_KEY_NOT_FOUND:
+      return [ReasonCode.NODE_SIGNATURE_INVALID];
+    case CerVerifyCode.ATTESTATION_MISSING:
+      return [ReasonCode.NODE_SIGNATURE_MISSING];
+    default:
+      return [];
+  }
+}
+function verifyAiCerBundleDetailed(bundle) {
+  const verifiedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const verifier = "@nexart/ai-execution";
+  if (!bundle || typeof bundle !== "object" || Array.isArray(bundle)) {
+    return {
+      status: "FAILED",
+      checks: { bundleIntegrity: "FAIL", nodeSignature: "SKIPPED", receiptConsistency: "SKIPPED" },
+      reasonCodes: [ReasonCode.BUNDLE_CORRUPTED],
+      certificateHash: "",
+      bundleType: "",
+      verifiedAt,
+      verifier
+    };
+  }
+  const b = bundle;
+  const bundleType = typeof b["bundleType"] === "string" ? b["bundleType"] : "";
+  const certificateHash = typeof b["certificateHash"] === "string" ? b["certificateHash"] : "";
+  if (bundleType !== "cer.ai.execution.v1") {
+    return {
+      status: "FAILED",
+      checks: { bundleIntegrity: "FAIL", nodeSignature: "SKIPPED", receiptConsistency: "SKIPPED" },
+      reasonCodes: [ReasonCode.SCHEMA_VERSION_UNSUPPORTED],
+      certificateHash,
+      bundleType,
+      verifiedAt,
+      verifier
+    };
+  }
+  const cerResult = verifyCer(bundle);
+  const bundleIntegrity = cerResult.ok ? "PASS" : "FAIL";
+  const attestationPresent = hasAttestation(bundle);
+  const nodeSignature = attestationPresent ? "PASS" : "SKIPPED";
+  const receiptConsistency = attestationPresent ? "PASS" : "SKIPPED";
+  const reasonCodes = cerResult.ok ? [] : mapCerCodeToReasonCodes(cerResult.code);
+  return {
+    status: cerResult.ok ? "VERIFIED" : "FAILED",
+    checks: { bundleIntegrity, nodeSignature, receiptConsistency },
+    reasonCodes,
+    certificateHash,
+    bundleType,
+    verifiedAt,
+    verifier
+  };
+}
 export {
   CerAttestationError,
   CerVerificationError,
   CerVerifyCode,
+  ReasonCode,
   RunBuilder,
   attest,
   attestIfNeeded,
   certifyAndAttestDecision,
+  certifyAndAttestRun,
   certifyDecision,
   certifyDecisionFromProviderCall,
   computeInputHash,
@@ -2425,6 +2560,7 @@ export {
   createClient,
   createSnapshot,
   exportCer,
+  exportVerifiableRedacted,
   fetchNodeKeys,
   getAttestationReceipt,
   hasAttestation,
@@ -2444,6 +2580,7 @@ export {
   toCanonicalJson,
   validateProfile,
   verifyCer as verify,
+  verifyAiCerBundleDetailed,
   verifyAief,
   verifyBundleAttestation,
   verifyCer,