npm - @nextera.one/axis-server-sdk - Versions diffs - 0.1.1 → 0.3.0 - Mend

@nextera.one/axis-server-sdk 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,7 @@
+import { AxisFrame } from './core/index.js';
+export { AXIS_MAGIC, AXIS_VERSION, AxisFrameZ, TLV as AxisTlvType, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_RECEIPT_HASH, TLV_RID, TLV_TRACE_ID, TLV_TS, computeReceiptHash, computeSignaturePayload, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, generateEd25519KeyPair, getSignTarget, sha256, signFrame, varintLength, verifyFrameSignature } from './core/index.js';
 import { OnModuleInit } from '@nestjs/common';
+import 'zod';
 declare const HANDLER_METADATA_KEY = "axis:handler";
 declare function Handler(intent?: string): ClassDecorator;
@@ -16,14 +19,6 @@ interface IntentOptions {
 }
 declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
-interface AxisFrame {
-    flags: number;
-    headers: Map<number, Uint8Array>;
-    body: Uint8Array;
-    sig: Uint8Array;
-    metadata?: Record<string, any>;
-}
 interface AxisEffect {
     ok: boolean;
     effect: string;
@@ -39,6 +34,638 @@ declare class IntentRouter {
     private recordLatency;
 }
+declare const ATS1_HDR: {
+    readonly INTENT_ID: 1;
+    readonly ACTOR_KEY_ID: 2;
+    readonly CAPSULE_ID: 3;
+    readonly NONCE: 4;
+    readonly TS_MS: 5;
+    readonly SCHEMA_ID: 6;
+    readonly BODY_HASH: 7;
+    readonly TRACE_ID: 8;
+};
+declare const ATS1_SCHEMA: {
+    readonly PASSKEY_LOGIN_OPTIONS_REQ: 2001;
+    readonly PASSKEY_LOGIN_OPTIONS_RES: 2002;
+    readonly PASSKEY_LOGIN_VERIFY_REQ: 2011;
+    readonly PASSKEY_LOGIN_VERIFY_RES: 2012;
+    readonly PASSKEY_REGISTER_OPTIONS_REQ: 2021;
+    readonly PASSKEY_REGISTER_OPTIONS_RES: 2022;
+    readonly PASSKEY_REGISTER_VERIFY_REQ: 2031;
+    readonly PASSKEY_REGISTER_VERIFY_RES: 2032;
+};
+type Ats1FieldType = 'bytes' | 'utf8' | 'uvarint' | 'u64be' | 'nested';
+type Ats1FieldDescriptor = {
+    tag: number;
+    name: string;
+    type: Ats1FieldType;
+    required?: boolean;
+    repeated?: boolean;
+    nestedSchema?: Ats1SchemaDescriptor;
+    maxLen?: number;
+};
+type Ats1SchemaDescriptor = {
+    schemaId: number;
+    name: string;
+    strict: boolean;
+    maxNestingDepth: number;
+    maxBodyBytes?: number;
+    fields: Ats1FieldDescriptor[];
+};
+type DecodedTlv = {
+    tag: number;
+    value: Buffer;
+};
+type DecodedTlvMap = Map<number, Buffer[]>;
+type SensorInputLike = {
+    hdrTLVs: DecodedTlvMap;
+    bodyTLVs: DecodedTlvMap;
+    schemaId: number;
+    intentId: number;
+};
+type Ats1Limits = {
+    maxVarintBytes: number;
+    maxTlvCount: number;
+    maxValueBytes: number;
+    maxNestingDepth: number;
+};
+declare const DEFAULT_LIMITS: Ats1Limits;
+declare function encodeUVarint(n: number | bigint): Buffer;
+declare function decodeUVarint(buf: Buffer, offset: number, limits?: Ats1Limits): {
+    value: bigint;
+    offset: number;
+    bytesRead: number;
+};
+declare function encodeU64BE(n: bigint): Buffer;
+declare function decodeU64BE(buf: Buffer): bigint;
+declare function sha256(data: Buffer): Buffer;
+declare function encodeTLV(tag: number, value: Buffer): Buffer;
+declare function encodeTLVStreamCanonical(entries: DecodedTlv[]): Buffer;
+declare function decodeTLVStream(stream: Buffer, limits?: Ats1Limits): DecodedTlv[];
+declare function tlvsToMap(entries: DecodedTlv[]): DecodedTlvMap;
+type LogicalBody = {
+    schemaId: number;
+    fields: Record<string, any>;
+};
+declare function validateTLVsAgainstSchema(schema: Ats1SchemaDescriptor, tlvs: DecodedTlv[], depth?: number, limits?: Ats1Limits): void;
+declare function logicalBodyToTLVs(schema: Ats1SchemaDescriptor, body: LogicalBody, limits?: Ats1Limits): DecodedTlv[];
+declare function tlvsToLogicalBody(schema: Ats1SchemaDescriptor, tlvs: DecodedTlv[], limits?: Ats1Limits): LogicalBody;
+declare const HDR_TAGS: {
+    readonly intent_id: 1;
+    readonly actor_key_id: 2;
+    readonly capsule_id: 3;
+    readonly nonce: 4;
+    readonly ts_ms: 5;
+    readonly schema_id: 6;
+    readonly body_hash: 7;
+    readonly trace_id: 8;
+};
+type AxisHeaderLogical = {
+    intentId: number;
+    actorKeyId: Uint8Array;
+    capsuleId?: Uint8Array;
+    nonce: Uint8Array;
+    tsMs: bigint;
+    schemaId: number;
+    bodyHash: Uint8Array;
+    traceId?: Uint8Array;
+    version?: number;
+    headerHash?: Uint8Array;
+    headerTlvs?: DecodedTlv[];
+    bodyTlvs?: DecodedTlv[];
+};
+type AxisLogicalRequest = {
+    hdr: AxisHeaderLogical;
+    body: LogicalBody;
+};
+declare function encodeAxisHeaderToTLVs(hdr: AxisHeaderLogical): DecodedTlv[];
+declare function decodeAxisHeaderFromTLVs(hdrTlvs: DecodedTlv[], limits?: Ats1Limits): AxisHeaderLogical;
+declare function encodeAxisRequestBinary(schema: Ats1SchemaDescriptor, req: Omit<AxisLogicalRequest, 'hdr'> & {
+    hdr: Omit<AxisHeaderLogical, 'bodyHash'>;
+}, limits?: Ats1Limits): {
+    hdrBytes: Buffer;
+    bodyBytes: Buffer;
+    bodyHash: Buffer;
+};
+declare function decodeAxisRequestBinary(schema: Ats1SchemaDescriptor, hdrBytes: Buffer, bodyBytes: Buffer, limits?: Ats1Limits): {
+    hdr: AxisHeaderLogical;
+    body: LogicalBody;
+    sensorInput: SensorInputLike;
+};
+declare const Schema3100_DeviceContext: Ats1SchemaDescriptor;
+declare const Schema2001_PasskeyLoginOptionsReq: Ats1SchemaDescriptor;
+declare const Schema4001_LoginWithDeviceReq: Ats1SchemaDescriptor;
+type ats1_Ats1FieldDescriptor = Ats1FieldDescriptor;
+type ats1_Ats1FieldType = Ats1FieldType;
+type ats1_Ats1Limits = Ats1Limits;
+type ats1_Ats1SchemaDescriptor = Ats1SchemaDescriptor;
+type ats1_AxisHeaderLogical = AxisHeaderLogical;
+type ats1_AxisLogicalRequest = AxisLogicalRequest;
+declare const ats1_DEFAULT_LIMITS: typeof DEFAULT_LIMITS;
+type ats1_DecodedTlv = DecodedTlv;
+type ats1_DecodedTlvMap = DecodedTlvMap;
+declare const ats1_HDR_TAGS: typeof HDR_TAGS;
+declare const ats1_Schema2001_PasskeyLoginOptionsReq: typeof Schema2001_PasskeyLoginOptionsReq;
+declare const ats1_Schema3100_DeviceContext: typeof Schema3100_DeviceContext;
+declare const ats1_Schema4001_LoginWithDeviceReq: typeof Schema4001_LoginWithDeviceReq;
+type ats1_SensorInputLike = SensorInputLike;
+declare const ats1_decodeAxisHeaderFromTLVs: typeof decodeAxisHeaderFromTLVs;
+declare const ats1_decodeAxisRequestBinary: typeof decodeAxisRequestBinary;
+declare const ats1_decodeTLVStream: typeof decodeTLVStream;
+declare const ats1_decodeU64BE: typeof decodeU64BE;
+declare const ats1_decodeUVarint: typeof decodeUVarint;
+declare const ats1_encodeAxisHeaderToTLVs: typeof encodeAxisHeaderToTLVs;
+declare const ats1_encodeAxisRequestBinary: typeof encodeAxisRequestBinary;
+declare const ats1_encodeTLV: typeof encodeTLV;
+declare const ats1_encodeTLVStreamCanonical: typeof encodeTLVStreamCanonical;
+declare const ats1_encodeU64BE: typeof encodeU64BE;
+declare const ats1_encodeUVarint: typeof encodeUVarint;
+declare const ats1_logicalBodyToTLVs: typeof logicalBodyToTLVs;
+declare const ats1_sha256: typeof sha256;
+declare const ats1_tlvsToLogicalBody: typeof tlvsToLogicalBody;
+declare const ats1_tlvsToMap: typeof tlvsToMap;
+declare const ats1_validateTLVsAgainstSchema: typeof validateTLVsAgainstSchema;
+declare namespace ats1 {
+  export { type ats1_Ats1FieldDescriptor as Ats1FieldDescriptor, type ats1_Ats1FieldType as Ats1FieldType, type ats1_Ats1Limits as Ats1Limits, type ats1_Ats1SchemaDescriptor as Ats1SchemaDescriptor, type ats1_AxisHeaderLogical as AxisHeaderLogical, type ats1_AxisLogicalRequest as AxisLogicalRequest, ats1_DEFAULT_LIMITS as DEFAULT_LIMITS, type ats1_DecodedTlv as DecodedTlv, type ats1_DecodedTlvMap as DecodedTlvMap, ats1_HDR_TAGS as HDR_TAGS, ats1_Schema2001_PasskeyLoginOptionsReq as Schema2001_PasskeyLoginOptionsReq, ats1_Schema3100_DeviceContext as Schema3100_DeviceContext, ats1_Schema4001_LoginWithDeviceReq as Schema4001_LoginWithDeviceReq, type ats1_SensorInputLike as SensorInputLike, ats1_decodeAxisHeaderFromTLVs as decodeAxisHeaderFromTLVs, ats1_decodeAxisRequestBinary as decodeAxisRequestBinary, ats1_decodeTLVStream as decodeTLVStream, ats1_decodeU64BE as decodeU64BE, ats1_decodeUVarint as decodeUVarint, ats1_encodeAxisHeaderToTLVs as encodeAxisHeaderToTLVs, ats1_encodeAxisRequestBinary as encodeAxisRequestBinary, ats1_encodeTLV as encodeTLV, ats1_encodeTLVStreamCanonical as encodeTLVStreamCanonical, ats1_encodeU64BE as encodeU64BE, ats1_encodeUVarint as encodeUVarint, ats1_logicalBodyToTLVs as logicalBodyToTLVs, ats1_sha256 as sha256, ats1_tlvsToLogicalBody as tlvsToLogicalBody, ats1_tlvsToMap as tlvsToMap, ats1_validateTLVsAgainstSchema as validateTLVsAgainstSchema };
+}
+declare function buildAts1Hdr(params: {
+    intentId: number;
+    schemaId: number;
+    actorKeyId?: Buffer;
+    capsuleId?: Buffer;
+    traceId?: Buffer;
+    tsMs?: bigint;
+    nonce?: Buffer;
+    bodyHash?: Buffer;
+}): Buffer;
+declare function packPasskeyLoginOptionsReq(params: {
+    intentId: number;
+    username: string;
+    actorKeyId?: Buffer;
+    capsuleId?: Buffer;
+    traceId?: Buffer;
+}): {
+    hdr: Buffer<ArrayBufferLike>;
+    body: Buffer<ArrayBufferLike>;
+};
+declare function unpackPasskeyLoginOptionsReq(body: Buffer): {
+    username: string;
+};
+declare const Schema2021_PasskeyRegisterOptionsReq: Ats1SchemaDescriptor;
+declare const Schema2011_PasskeyLoginVerifyReq: Ats1SchemaDescriptor;
+declare function packPasskeyRegisterOptionsReq(params: {
+    intentId: number;
+    username: string;
+    actorKeyId?: Buffer;
+    traceId?: Buffer;
+}): {
+    hdr: Buffer<ArrayBufferLike>;
+    body: Buffer<ArrayBufferLike>;
+};
+declare function unpackPasskeyRegisterOptionsReq(body: Buffer): {
+    username: string;
+};
+declare function packPasskeyLoginVerifyReq(params: {
+    intentId: number;
+    username: string;
+    credentialId: Buffer;
+    clientDataJSON: Buffer;
+    authenticatorData: Buffer;
+    signature: Buffer;
+    userHandle?: Buffer;
+    actorKeyId?: Buffer;
+    traceId?: Buffer;
+}): {
+    hdr: Buffer<ArrayBufferLike>;
+    body: Buffer<ArrayBufferLike>;
+};
+declare function unpackPasskeyLoginVerifyReq(body: Buffer): {
+    username: string;
+    credentialId: Buffer;
+    clientDataJSON: Buffer;
+    authenticatorData: Buffer;
+    signature: Buffer;
+    userHandle: Buffer | undefined;
+};
+declare const Schema2002_PasskeyLoginOptionsRes: Ats1SchemaDescriptor;
+declare function packPasskeyLoginOptionsRes(params: {
+    challenge: string;
+    timeout?: number;
+    rpId?: string;
+    userVerification?: string;
+    allowCredentials?: {
+        id: string;
+        type: string;
+        transports?: string[];
+    }[];
+}): Buffer;
+declare const Schema2012_PasskeyLoginVerifyRes: Ats1SchemaDescriptor;
+declare function packPasskeyLoginVerifyRes(params: {
+    actorId: string;
+    keyId: string;
+    capsule: Buffer;
+    expiresAt: bigint;
+}): Buffer;
+type Axis1FrameToEncode = {
+    ver: number;
+    flags: number;
+    hdr: Buffer;
+    body: Buffer;
+    sig: Buffer;
+};
+declare function encodeAxis1Frame(f: Axis1FrameToEncode): Buffer;
+declare function axis1SigningBytes(params: {
+    ver: number;
+    flags: number;
+    hdr: Buffer;
+    body: Buffer;
+}): Buffer;
+declare function encVarint(x: bigint): Buffer;
+declare function varintU(x: number | bigint): Buffer;
+declare function u64be(x: bigint): Buffer;
+declare function utf8(s: string): Buffer;
+declare function bytes(b: Uint8Array | Buffer): Buffer;
+declare function nonce16(): Buffer;
+declare function tlv(type: number, value: Buffer): Buffer;
+declare function buildTLVs(items: {
+    type: number;
+    value: Buffer;
+}[], opts?: {
+    allowDupTypes?: Set<number>;
+}): Buffer;
+declare function b64urlEncode(buf: Buffer): string;
+declare function b64urlDecode(str: string): Buffer;
+declare function b64urlEncodeString(str: string, encoding?: BufferEncoding): string;
+declare function b64urlDecodeString(str: string, encoding?: BufferEncoding): string;
+declare function canonicalJson(value: any): string;
+declare function canonicalJsonExcluding(obj: Record<string, any>, exclude: string[]): string;
+type AxisAlg = 'EdDSA' | 'ES256' | 'RS256';
+type CapsuleStatus = 'ACTIVE' | 'CONSUMED' | 'REVOKED' | 'EXPIRED';
+type CapsuleMode = 'SINGLE_USE' | 'MULTI_USE';
+type KeyStatus = 'ACTIVE' | 'GRACE' | 'REVOKED' | 'RETIRED';
+interface AxisSig {
+    alg: AxisAlg;
+    kid: string;
+    value: string;
+}
+interface AxisPacket$1<T = any> {
+    v: 1;
+    pid: string;
+    nonce: string;
+    ts: number;
+    actorId: string;
+    opcode: string;
+    body: T;
+    sig: AxisSig;
+}
+interface AxisCapsuleConstraints {
+    maxAmount?: number;
+    maxCount?: number;
+    ttlSeconds?: number;
+    ipCidrAllow?: string[];
+    countryAllow?: string[];
+    deviceIdAllow?: string[];
+    sessionIdLock?: string;
+    nonceRequired?: boolean;
+}
+interface TickWindow {
+    start: number;
+    end: number;
+}
+interface AxisCapsulePayload {
+    v: 1;
+    capsuleId: string;
+    actorId: string;
+    issuer: string;
+    audience: string;
+    subject?: string;
+    intent: string;
+    scopes: string[];
+    actions?: string[];
+    iat: number;
+    nbf?: number;
+    exp: number;
+    tickWindow?: TickWindow;
+    mode: CapsuleMode;
+    maxUses: number;
+    nonceSeed?: string;
+    policyRefs?: string[];
+    riskScore?: number;
+    constraints?: AxisCapsuleConstraints;
+    meta?: Record<string, unknown>;
+}
+interface AxisCapsule {
+    payload: AxisCapsulePayload;
+    sig: AxisSig;
+}
+interface CapsuleIssueBody {
+    intent: string;
+    audience: string;
+    scopes: string[];
+    subject?: string;
+    mode: CapsuleMode;
+    maxUses?: number;
+    expSeconds?: number;
+    constraints?: AxisCapsuleConstraints;
+    hints?: {
+        ip?: string;
+        ua?: string;
+        deviceId?: string;
+        geo?: string;
+    };
+}
+interface CapsuleBatchBody extends Omit<CapsuleIssueBody, 'mode' | 'maxUses'> {
+    count: number;
+    mode: 'SINGLE_USE';
+}
+interface IntentExecBody {
+    intent: string;
+    capsule: AxisCapsule;
+    execNonce?: string;
+    args: Record<string, any>;
+}
+interface CapsuleRevokeBody {
+    capsuleId: string;
+    reason: string;
+}
+interface AxisResponse<T = any> {
+    ok: boolean;
+    pid: string;
+    decisionId: string;
+    code: string;
+    message?: string;
+    data?: T;
+    meta?: Record<string, unknown>;
+}
+interface CapsuleIssueResult {
+    capsule: AxisCapsule;
+}
+interface CapsuleBatchResult {
+    capsules: AxisCapsule[];
+}
+interface ActorKeyRecord {
+    id: Buffer;
+    actor_id: string;
+    key_id: string;
+    algorithm: string;
+    public_key: Buffer;
+    purpose: string;
+    status: KeyStatus;
+    is_primary: boolean;
+    not_before: Date | null;
+    expires_at: Date | null;
+    rotated_from_key_id: string | null;
+    revoked_at: Date | null;
+    revocation_reason: string | null;
+    metadata: any;
+    created_at: Date;
+    updated_at: Date;
+}
+interface IssuerKeyRecord {
+    id: Buffer;
+    kid: string;
+    issuer_id: string;
+    alg: string;
+    public_key_pem: string;
+    status: KeyStatus;
+    not_before: Date | null;
+    not_after: Date | null;
+    fingerprint: string | null;
+    metadata: any;
+    created_at: Date;
+    updated_at: Date;
+}
+interface CapsuleRecord {
+    id: Buffer;
+    capsule_id: string;
+    actor_id: string;
+    intent: string;
+    audience: string;
+    issuer: string;
+    subject: string | null;
+    status: CapsuleStatus;
+    mode: CapsuleMode;
+    max_uses: number;
+    used_count: number;
+    iat: Date;
+    nbf: Date | null;
+    exp: Date;
+    scopes_json: any;
+    constraints_json: any;
+    policy_refs_json: any;
+    risk_score: number | null;
+    payload_hash: Buffer;
+    sig_alg: string;
+    sig_kid: string;
+    sig_value: Buffer;
+    created_at: Date;
+    updated_at: Date;
+    last_used_at: Date | null;
+}
+declare class ContractViolationError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+interface ExecutionMetrics {
+    dbWrites: number;
+    dbReads: number;
+    externalCalls: number;
+    elapsedMs: number;
+}
+declare class ExecutionMeter {
+    private dbWrites;
+    private dbReads;
+    private externalCalls;
+    private startTime;
+    private contract;
+    constructor(contract: any);
+    recordDbWrite(): void;
+    recordDbRead(): void;
+    recordExternalCall(): void;
+    checkTime(): void;
+    validateEffect(effect: string): void;
+    getMetrics(): ExecutionMetrics;
+    getContract(): any;
+}
+interface ExecutionContract {
+    maxDbWrites: number;
+    maxDbReads?: number;
+    maxExternalCalls: number;
+    maxTimeMs: number;
+    allowedEffects: string[];
+    maxMemoryMb?: number;
+}
+declare const DEFAULT_CONTRACTS: Record<string, ExecutionContract>;
+declare const FALLBACK_CONTRACT: ExecutionContract;
+type Axis1DecodedFrame = {
+    ver: number;
+    flags: number;
+    hdr: Buffer;
+    body: Buffer;
+    sig: Buffer;
+    frameSize: number;
+};
+declare function decodeAxis1Frame(buf: Buffer): Axis1DecodedFrame;
+declare const T: {
+    INTENT: number;
+    PID: number;
+    INTENT_VERSION: number;
+    ACTOR_ID: number;
+    CAPSULE_ID: number;
+    NONCE: number;
+    TS_MS: number;
+    PROOF_TYPE: number;
+    BODY: number;
+    JSON: number;
+};
+type AxisPacket = {
+    intent: string;
+    intentVersion: number;
+    actorId: string;
+    capsuleId?: Buffer;
+    pid: Buffer;
+    nonce: Buffer;
+    tsMs: bigint;
+    headersMap: Map<number, Buffer[]>;
+    bodyMap: Map<number, Buffer[]>;
+    hdrBytes: Buffer;
+    bodyBytes: Buffer;
+    sig: Buffer;
+};
+declare function buildPacket(hdr: Buffer, body: Buffer, sig: Buffer, flags?: number): AxisPacket;
+interface AxisObservedContext {
+    ip?: string;
+    ua?: string;
+    geo?: string;
+}
+interface AxisRequestContext {
+    observed: AxisObservedContext;
+    actorKeyKid?: string;
+    issuerKeyKid?: string;
+    decisionId: string;
+    actorId: string;
+    aud?: string;
+    opcode: string;
+    deviceId?: string;
+    sessionId?: string;
+}
+interface SensorPhaseMetadata {
+    phase: 'PRE_DECODE' | 'POST_DECODE';
+    dependencies?: string[];
+    asyncOk?: boolean;
+    cryptoOk?: boolean;
+    description?: string;
+}
+interface AxisSensor {
+    readonly name: string;
+    readonly order?: number;
+    phase?: SensorPhaseMetadata | 'PRE_DECODE' | 'POST_DECODE';
+    supports?(input: SensorInput): boolean;
+    run(input: SensorInput): Promise<SensorDecision>;
+}
+interface AxisSensorInit extends AxisSensor, OnModuleInit {
+}
+interface AxisPreSensor extends AxisSensor {
+    phase: 'PRE_DECODE';
+}
+interface AxisPostSensor extends AxisSensor {
+    phase: 'POST_DECODE';
+}
+interface SensorInput {
+    rawBytes?: Buffer | Uint8Array;
+    intent?: string;
+    ip?: string;
+    path?: string;
+    contentLength?: number;
+    peek?: Uint8Array;
+    country?: string;
+    clientId?: string;
+    isWs?: boolean;
+    metadata?: Record<string, any>;
+    actorId?: string;
+    opcode?: string;
+    aud?: string;
+    observed?: AxisObservedContext;
+    frameBody?: any;
+    deviceId?: string;
+    sessionId?: string;
+    packet?: Record<string, any>;
+    [key: string]: any;
+}
+declare enum Decision {
+    ALLOW = "ALLOW",
+    DENY = "DENY",
+    THROTTLE = "THROTTLE",
+    FLAG = "FLAG"
+}
+type SensorDecision = {
+    decision?: Decision;
+    allow: boolean;
+    riskScore: number;
+    reasons: string[];
+    code?: string;
+    retryAfterMs?: number;
+    scoreDelta?: number;
+    tags?: Record<string, any>;
+    meta?: any;
+    tighten?: {
+        expSecondsMax?: number;
+        constraintsPatch?: Record<string, any>;
+    };
+} | {
+    action: 'ALLOW';
+    meta?: any;
+} | {
+    action: 'DENY';
+    code: string;
+    reason?: string;
+    retryAfterMs?: number;
+    meta?: any;
+} | {
+    action: 'THROTTLE';
+    retryAfterMs: number;
+    meta?: any;
+} | {
+    action: 'FLAG';
+    scoreDelta: number;
+    reasons: string[];
+    meta?: any;
+};
+type SensorMinifiedDecision = {
+    allow: boolean;
+    riskScore: number;
+    reasons: string[];
+    tags?: Record<string, any>;
+    meta?: any;
+    tighten?: {
+        expSecondsMax?: number;
+        constraintsPatch?: Record<string, any>;
+    };
+    retryAfterMs?: number;
+};
+declare function normalizeSensorDecision(sensorDecision: SensorDecision): SensorMinifiedDecision;
+declare const SensorDecisions: {
+    allow(meta?: any, tags?: Record<string, any>): SensorDecision;
+    deny(code: string, reason?: string, meta?: any): SensorDecision;
+    throttle(retryAfterMs: number, meta?: any): SensorDecision;
+    flag(scoreDelta: number, reasons: string[], meta?: any): SensorDecision;
+};
 interface AxisHandler {
     readonly name: string;
     readonly open?: boolean;
@@ -56,4 +683,4 @@ interface AxisCrudHandler extends AxisHandlerInit {
     remove(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
 }
-export { type AxisCrudHandler, type AxisEffect, type AxisFrame, type AxisHandler, type AxisHandlerInit, HANDLER_METADATA_KEY, Handler, INTENT_ROUTES_KEY, Intent, type IntentOptions, type IntentRoute, IntentRouter };
+export { ATS1_HDR, ATS1_SCHEMA, type ActorKeyRecord, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, AxisFrame, type AxisHandler, type AxisHandlerInit, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisResponse, type AxisSensor, type AxisSensorInit, type AxisSig, type CapsuleBatchBody, type CapsuleBatchResult, type CapsuleIssueBody, type CapsuleIssueResult, type CapsuleMode, type CapsuleRecord, type CapsuleRevokeBody, type CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, Decision, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_ROUTES_KEY, Intent, type IntentExecBody, type IntentOptions, type IntentRoute, IntentRouter, type IssuerKeyRecord, type KeyStatus, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type TickWindow, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildTLVs, bytes, canonicalJson, canonicalJsonExcluding, decodeAxis1Frame, encVarint, encodeAxis1Frame, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, varintU };