@ouro.bot/friends 0.1.0-alpha.4

package/dist/a2a/index.js

@@ -0,0 +1,198 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAILBOX_VERSION = void 0;
+exports.buildOutgoing = buildOutgoing;
+exports.compareReady = compareReady;
+exports.readIncoming = readIncoming;
+exports.isSeen = isSeen;
+exports.markSeen = markSeen;
+// src/a2a — the pure git-mailbox format/routing/dedup library (brick two).
+//
+// A consumer agent and a producer agent that authenticate as two DISTINCT git
+// identities share a dedicated PRIVATE mailbox repo. This module computes the
+// per-message file PATH + BYTES the host writes, and parses/validates/orders/
+// dedups the files the host hands back — nothing more. It is PURE:
+//   • ZERO runtime deps; the ONLY node builtin is `node:crypto` (randomUUID),
+//     mirroring share.ts / agent-peer.ts;
+//   • NO fs / net / http / child_process / process.env / git anywhere — the wire
+//     (clone / pull / add / commit / push) is entirely the caller's job.
+// Type-only imports of `ProfileShareEnvelope` (../share) + `MissionShareEnvelope`
+// (../mission-share) carry no runtime edge. Both are CORE modules, so the a2a→core
+// import direction is eslint-legal (a2a may import core; the reverse is forbidden).
+//
+// Security model (the git-native TOFU): addressing lives in the PATH, and a
+// single-writer-per-outbox-dir layout means a forged sender can't write into
+// another agent's outbox dir without that git identity. `readIncoming` binds the
+// wrapper's claimed from/to against the path and REJECTS any mismatch, so a
+// hostile mailbox can only DENY or REPLAY — never escalate (content trust is the
+// import layer's job; this layer never touches first-party notes or trust).
+const node_crypto_1 = require("node:crypto");
+const observability_1 = require("../observability");
+/** The mailbox wire-format version. Bumped only on a breaking message change. */
+exports.MAILBOX_VERSION = 1;
+/** Compute the mailbox file (path + bytes) for one outgoing share. Does NOT
+ * write anything — the host does the git op. The envelope is carried verbatim
+ * (by reference, never cloned or mutated). */
+function buildOutgoing(input) {
+    const now = input.now ?? new Date().toISOString();
+    const messageId = (0, node_crypto_1.randomUUID)();
+    const message = {
+        mailboxVersion: exports.MAILBOX_VERSION,
+        messageId,
+        fromAgentId: input.fromAgentId,
+        toAgentId: input.toAgentId,
+        issuedAt: now,
+        kind: input.kind ?? "profile_share",
+        envelope: input.envelope,
+    };
+    // Mailbox paths are git-relative POSIX (always `/`), intentionally NOT
+    // path.join — that would pull an fs-adjacent builtin and be platform-sep
+    // sensitive. A template literal keeps this module fs-free.
+    const relativePath = `agents/${input.fromAgentId}/outbox/${input.toAgentId}/${now}--${messageId}.json`;
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.a2a_outgoing_built",
+        message: "built outgoing mailbox message",
+        meta: { toAgentId: input.toAgentId },
+    });
+    return { relativePath, bytes: JSON.stringify(message, null, 2), messageId };
+}
+/** Parse the post-office path. Returns the owner/routing dirs, or null when the
+ * path doesn't match `agents/<from>/outbox/<to>/<file>.json` exactly. */
+function parsePath(relativePath) {
+    const parts = relativePath.split("/");
+    if (parts.length !== 5)
+        return null;
+    if (parts[0] !== "agents" || parts[2] !== "outbox")
+        return null;
+    if (parts.some((segment) => segment.length === 0))
+        return null;
+    if (!parts[4].endsWith(".json"))
+        return null;
+    return { from: parts[1], to: parts[3] };
+}
+/** Whether a parsed value is a well-formed mailbox wrapper. */
+function isWellFormedWrapper(value) {
+    return (typeof value.mailboxVersion === "number" &&
+        typeof value.messageId === "string" &&
+        value.messageId.length > 0 &&
+        typeof value.fromAgentId === "string" &&
+        typeof value.toAgentId === "string" &&
+        typeof value.issuedAt === "string" &&
+        (value.kind === "profile_share" || value.kind === "mission_share" || value.kind === "coordination") &&
+        typeof value.envelope === "object" &&
+        value.envelope !== null &&
+        !Array.isArray(value.envelope));
+}
+/** Lexicographic compare of two strings → -1 | 0 | 1. */
+function cmp(a, b) {
+    if (a < b)
+        return -1;
+    if (a > b)
+        return 1;
+    return 0;
+}
+/** Deterministic delivery order: issuedAt ascending, tiebroken by messageId
+ * ascending. Exported so the ordering contract is independently testable in both
+ * argument orders (every branch reachable). */
+function compareReady(a, b) {
+    const byTime = cmp(a.issuedAt, b.issuedAt);
+    return byTime !== 0 ? byTime : cmp(a.messageId, b.messageId);
+}
+/** Parse, validate, path-bind, address-filter, and dedup a batch of mailbox
+ * files. The security-critical reader: every reject reason is distinct so the
+ * caller can tell a spoof (path mismatch) from malformed input. Order of checks:
+ * path → JSON → object → wrapper shape → version → path-binding → addressing →
+ * dedup. A message addressed to someone else is silently skipped (not ours);
+ * only a malformed PATH makes a non-self message visible (as rejected). */
+function readIncoming(input) {
+    const ready = [];
+    const skippedSeen = [];
+    const rejected = [];
+    for (const file of input.files) {
+        const path = parsePath(file.relativePath);
+        if (!path) {
+            rejected.push({ relativePath: file.relativePath, reason: "malformed_path" });
+            continue;
+        }
+        let parsed;
+        try {
+            parsed = JSON.parse(file.bytes);
+        }
+        catch {
+            rejected.push({ relativePath: file.relativePath, reason: "invalid_json" });
+            continue;
+        }
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            rejected.push({ relativePath: file.relativePath, reason: "not_an_object" });
+            continue;
+        }
+        const message = parsed;
+        if (!isWellFormedWrapper(message)) {
+            rejected.push({ relativePath: file.relativePath, reason: "malformed_message" });
+            continue;
+        }
+        if (message.mailboxVersion !== exports.MAILBOX_VERSION) {
+            rejected.push({ relativePath: file.relativePath, reason: "unsupported_version" });
+            continue;
+        }
+        // Path-binding (TOFU): a forged sender that doesn't own the outbox dir, or a
+        // wrapper routed to a dir it doesn't address, is rejected — never delivered.
+        if (message.fromAgentId !== path.from) {
+            rejected.push({ relativePath: file.relativePath, reason: "from_path_mismatch" });
+            continue;
+        }
+        if (message.toAgentId !== path.to) {
+            rejected.push({ relativePath: file.relativePath, reason: "to_path_mismatch" });
+            continue;
+        }
+        // Addressing: a message for someone else is not ours to read — skip silently.
+        if (message.toAgentId !== input.selfAgentId)
+            continue;
+        const messageId = message.messageId;
+        if (isSeen(input.seen, messageId)) {
+            skippedSeen.push(messageId);
+            continue;
+        }
+        ready.push({
+            messageId,
+            fromAgentId: message.fromAgentId,
+            toAgentId: message.toAgentId,
+            issuedAt: message.issuedAt,
+            kind: message.kind,
+            envelope: message.envelope,
+            relativePath: file.relativePath,
+        });
+    }
+    // Deterministic delivery order: issuedAt ascending, tiebroken by messageId.
+    ready.sort(compareReady);
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.a2a_incoming_read",
+        message: "read incoming mailbox files",
+        meta: {
+            ready: ready.length,
+            skipped: skippedSeen.length,
+            rejected: rejected.length,
+            at: input.now ?? new Date().toISOString(),
+        },
+    });
+    return { ready, skippedSeen, rejected };
+}
+/** Whether a messageId is already in the ledger. Uses hasOwnProperty so an
+ * inherited prototype key (e.g. "toString") never reads as seen. */
+function isSeen(seen, messageId) {
+    return Object.prototype.hasOwnProperty.call(seen.seen, messageId);
+}
+/** Return a NEW ledger with `messageId` recorded (immutable — never mutates the
+ * input). `at` defaults to now; that single `new Date()` is the only ambient
+ * time minted here and matches share.ts's idiom. */
+function markSeen(seen, messageId, at) {
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.a2a_marked_seen",
+        message: "marked mailbox message seen",
+        meta: {},
+    });
+    return { seen: { ...seen.seen, [messageId]: at ?? new Date().toISOString() } };
+}

package/dist/agent-peer.d.ts

@@ -0,0 +1,17 @@
+import type { FriendStore } from "./store";
+import type { AgentMeta, FriendRecord, TrustLevel } from "./types";
+export interface UpsertAgentPeerInput {
+    name: string;
+    agentId: string;
+    trustLevel?: TrustLevel;
+    a2a?: AgentMeta["a2a"];
+    /** Optional A2A git-mailbox coords — the ergonomic top-level path the MCP
+     * `onboard_agent` tool uses. Folded into the rebuilt `a2a`; if also set inside
+     * `a2a`, this explicit value wins (last spread). Absent ⇒ no mailbox key. */
+    mailbox?: {
+        repo: string;
+        selfOutboxAgentId: string;
+    };
+    bundleName?: string;
+}
+export declare function upsertAgentPeer(store: FriendStore, input: UpsertAgentPeerInput): Promise<FriendRecord>;

package/dist/agent-peer.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.upsertAgentPeer = upsertAgentPeer;
+// upsertAgentPeer — the record-shaping half of the harness's `onboardA2APeer`.
+//
+// Mints or updates an agent-peer friend record from already-resolved inputs. The
+// HTTP agent-card fetch (`fetchA2AAgentCard` / `endpointForCard` / URL parsing)
+// stays harness-side; this helper takes `agentId` and the `a2a` coords directly,
+// so the MCP server can onboard a peer without any network call.
+const node_crypto_1 = require("node:crypto");
+const observability_1 = require("./observability");
+async function upsertAgentPeer(store, input) {
+    const { name, agentId, a2a, bundleName } = input;
+    const existing = await store.findByExternalId("a2a-agent", agentId);
+    const now = new Date().toISOString();
+    const trustLevel = input.trustLevel ?? existing?.trustLevel ?? "acquaintance";
+    const baseMeta = existing?.agentMeta ?? {
+        bundleName: bundleName ?? name,
+        familiarity: 0,
+        sharedMissions: [],
+        outcomes: [],
+    };
+    const record = {
+        ...(existing ?? {
+            id: (0, node_crypto_1.randomUUID)(),
+            createdAt: now,
+            externalIds: [],
+            tenantMemberships: [],
+            toolPreferences: {},
+            notes: {},
+            totalTokens: 0,
+            schemaVersion: 1,
+        }),
+        name,
+        role: "agent-peer",
+        trustLevel,
+        kind: "agent",
+        agentMeta: {
+            ...baseMeta,
+            bundleName: baseMeta.bundleName || bundleName || name,
+            a2a: { ...(a2a ?? {}), agentId, ...(input.mailbox ? { mailbox: input.mailbox } : {}) },
+        },
+        externalIds: [
+            ...(existing?.externalIds.filter((id) => !(id.provider === "a2a-agent" && id.externalId === agentId)) ?? []),
+            { provider: "a2a-agent", externalId: agentId, linkedAt: now },
+        ],
+        updatedAt: now,
+    };
+    await store.put(record.id, record);
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.agent_peer_upserted",
+        message: "upserted agent peer record",
+        meta: { friendId: record.id, trustLevel },
+    });
+    return record;
+}

package/dist/channel.d.ts

@@ -0,0 +1,11 @@
+import type { ChannelCapabilities, Channel } from "./types";
+export type Facing = "human" | "agent";
+export declare function channelToFacing(channel?: Channel | string): Facing;
+export declare function getChannelCapabilities(channel: string): ChannelCapabilities;
+/** Whether the channel is remote (open or closed) vs local/internal. */
+export declare function isRemoteChannel(capabilities?: ChannelCapabilities): boolean;
+/**
+ * Returns channel names whose senseType is "open" or "closed" -- i.e. channels
+ * that are always-on (daemon-managed) rather than interactive or internal.
+ */
+export declare function getAlwaysOnSenseNames(): string[];

package/dist/channel.js

@@ -0,0 +1,132 @@
+"use strict";
+// Channel capabilities -- hardcoded const map keyed by channel identifier.
+// Pure lookup, no I/O, cannot fail. Unknown channel gets minimal defaults.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.channelToFacing = channelToFacing;
+exports.getChannelCapabilities = getChannelCapabilities;
+exports.isRemoteChannel = isRemoteChannel;
+exports.getAlwaysOnSenseNames = getAlwaysOnSenseNames;
+const observability_1 = require("./observability");
+const AGENT_FACING_CHANNELS = new Set(["inner", "mcp", "a2a"]);
+function channelToFacing(channel) {
+    const facing = channel && AGENT_FACING_CHANNELS.has(channel) ? "agent" : "human";
+    (0, observability_1.emitNervesEvent)({
+        component: "channels",
+        event: "channel.facing_lookup",
+        message: "channel facing lookup",
+        meta: { channel: channel ?? "undefined", facing },
+    });
+    return facing;
+}
+const CHANNEL_CAPABILITIES = {
+    cli: {
+        channel: "cli",
+        senseType: "local",
+        availableIntegrations: [],
+        supportsMarkdown: false,
+        supportsStreaming: true,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    teams: {
+        channel: "teams",
+        senseType: "closed",
+        availableIntegrations: ["ado", "graph", "github"],
+        supportsMarkdown: true,
+        supportsStreaming: true,
+        supportsRichCards: true,
+        maxMessageLength: Infinity,
+    },
+    bluebubbles: {
+        channel: "bluebubbles",
+        senseType: "open",
+        availableIntegrations: [],
+        supportsMarkdown: false,
+        supportsStreaming: false,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    mail: {
+        channel: "mail",
+        senseType: "open",
+        availableIntegrations: [],
+        supportsMarkdown: false,
+        supportsStreaming: false,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    voice: {
+        channel: "voice",
+        senseType: "local",
+        availableIntegrations: [],
+        supportsMarkdown: false,
+        supportsStreaming: true,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    a2a: {
+        channel: "a2a",
+        senseType: "open",
+        availableIntegrations: [],
+        supportsMarkdown: true,
+        supportsStreaming: false,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    inner: {
+        channel: "inner",
+        senseType: "internal",
+        availableIntegrations: [],
+        supportsMarkdown: false,
+        supportsStreaming: true,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+    mcp: {
+        channel: "mcp",
+        senseType: "local",
+        availableIntegrations: [],
+        supportsMarkdown: true,
+        supportsStreaming: false,
+        supportsRichCards: false,
+        maxMessageLength: Infinity,
+    },
+};
+const DEFAULT_CAPABILITIES = {
+    channel: "cli",
+    senseType: "local",
+    availableIntegrations: [],
+    supportsMarkdown: false,
+    supportsStreaming: false,
+    supportsRichCards: false,
+    maxMessageLength: Infinity,
+};
+function getChannelCapabilities(channel) {
+    (0, observability_1.emitNervesEvent)({
+        component: "channels",
+        event: "channel.capabilities_lookup",
+        message: "channel capabilities lookup",
+        meta: { channel },
+    });
+    return CHANNEL_CAPABILITIES[channel] ?? DEFAULT_CAPABILITIES;
+}
+/** Whether the channel is remote (open or closed) vs local/internal. */
+function isRemoteChannel(capabilities) {
+    const senseType = capabilities?.senseType;
+    return senseType !== undefined && senseType !== "local" && senseType !== "internal";
+}
+/**
+ * Returns channel names whose senseType is "open" or "closed" -- i.e. channels
+ * that are always-on (daemon-managed) rather than interactive or internal.
+ */
+function getAlwaysOnSenseNames() {
+    (0, observability_1.emitNervesEvent)({
+        component: "channels",
+        event: "channel.always_on_lookup",
+        message: "always-on sense names lookup",
+        meta: {},
+    });
+    return Object.entries(CHANNEL_CAPABILITIES)
+        .filter(([, cap]) => cap.senseType === "open" || cap.senseType === "closed")
+        .map(([channel]) => channel);
+}

package/dist/consent.d.ts

@@ -0,0 +1,34 @@
+import type { GrantStore } from "./grant-store";
+import type { ShareScope, TrustLevel } from "./types";
+/** The recipient of a share, as the consent layer sees it: its join-key agentId
+ * and its resolved trust level on this graph (the authorization input). */
+export interface ConsentRecipient {
+    agentId: string;
+    trustLevel: TrustLevel;
+}
+export interface ConsentDecisionInput {
+    /** The subject whose data may be shared — a friend UUID for a profile share, a
+     * missionKey for a mission share (Fork D: opaque subject key). */
+    subjectKey: string;
+    recipient: ConsentRecipient;
+    scope: ShareScope;
+    grants: GrantStore;
+    now?: Date;
+}
+/** A pluggable consent posture. `consents` resolves true iff the share is
+ * permitted under this posture. */
+export interface ConsentPolicy {
+    readonly name: string;
+    consents(input: ConsentDecisionInput): Promise<boolean>;
+}
+export declare const strictPolicy: ConsentPolicy;
+export declare const trustImpliedPolicy: ConsentPolicy;
+export declare const tieredPolicy: ConsentPolicy;
+/**
+ * ── CONSENT-POLICY SWAP POINT (the operator's one-line default) ──
+ * The active consent posture. Swap this assignment to `strictPolicy` or
+ * `trustImpliedPolicy` to change the product's privacy posture; `tieredPolicy`
+ * is the recommended default (identity via trust, note content via explicit
+ * grant). `prepareProfileShare` uses this when no `consent` policy is injected.
+ */
+export declare const DEFAULT_CONSENT_POLICY: ConsentPolicy;

package/dist/consent.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CONSENT_POLICY = exports.tieredPolicy = exports.trustImpliedPolicy = exports.strictPolicy = void 0;
+const types_1 = require("./types");
+const grants_1 = require("./grants");
+const TRUST_RANK = { family: 4, friend: 3, acquaintance: 2, stranger: 1 };
+/** True when `level` is at least `friend` (the "trusted" floor). */
+function isAtLeastFriend(level) {
+    return TRUST_RANK[level] >= TRUST_RANK.friend;
+}
+/** Whether an effective, non-revoked, non-expired grant covers exactly
+ * (subject, recipient, scope). The shared machinery all three policies build on. */
+async function hasEffectiveGrant(input) {
+    const now = input.now ?? new Date();
+    const all = await input.grants.listAll();
+    return all.some((g) => g.subjectKey === input.subjectKey &&
+        g.recipientAgentId === input.recipient.agentId &&
+        g.scope === input.scope &&
+        (0, grants_1.isGrantEffective)(g, now));
+}
+// ── A1: strict ──
+// Consented ONLY if a non-revoked, non-expired explicit grant covers
+// (subject, recipient, scope). Safest; trust alone never implies a share.
+exports.strictPolicy = {
+    name: "strict",
+    async consents(input) {
+        return hasEffectiveGrant(input);
+    },
+};
+// ── A2: trust-implied ──
+// Consented if an explicit grant covers it, OR the recipient's trust ≥ friend
+// (any scope). Fast; can surprise on privacy because trust unlocks note content.
+exports.trustImpliedPolicy = {
+    name: "trust_implied",
+    async consents(input) {
+        if (isAtLeastFriend(input.recipient.trustLevel))
+            return true;
+        return hasEffectiveGrant(input);
+    },
+};
+// ── A3: tiered (the recommended default) ──
+// Identity-scope shares (the join key only — "name"/"identity") are consented if
+// the recipient's trust ≥ friend; but any note-content scope (`notes:*`,
+// `outcomes`) ALWAYS requires an explicit grant. Trust agrees on WHO; content
+// still requires consent.
+exports.tieredPolicy = {
+    name: "tiered",
+    async consents(input) {
+        if (types_1.IDENTITY_SCOPES.has(input.scope)) {
+            return isAtLeastFriend(input.recipient.trustLevel);
+        }
+        return hasEffectiveGrant(input);
+    },
+};
+/**
+ * ── CONSENT-POLICY SWAP POINT (the operator's one-line default) ──
+ * The active consent posture. Swap this assignment to `strictPolicy` or
+ * `trustImpliedPolicy` to change the product's privacy posture; `tieredPolicy`
+ * is the recommended default (identity via trust, note content via explicit
+ * grant). `prepareProfileShare` uses this when no `consent` policy is injected.
+ */
+exports.DEFAULT_CONSENT_POLICY = exports.tieredPolicy;

package/dist/coordination.d.ts

@@ -0,0 +1,100 @@
+import type { MissionStore } from "./mission-store";
+import type { FriendStore } from "./store";
+import type { GrantStore } from "./grant-store";
+import type { AgentAttribution, CoordinationIntent, MissionRecord, TrustLevel } from "./types";
+import type { ConsentPolicy } from "./consent";
+import type { AgentVerifier } from "./verifier";
+/** The cross-agent coordination envelope (brick 5). Names the subject by JOIN KEY
+ * (`missionKey`) + title only — NEVER a local UUID. A SIBLING of
+ * `MissionShareEnvelope` (Fork A — per-kind compiler-enforced type safety), not a
+ * widening: a coordination message is always *about* a mission both agents can name
+ * out of band. */
+export interface CoordinationEnvelope {
+    /** The mission, named by its join key — `missionKey` + a human title. */
+    subject: {
+        missionKey: string;
+        title: string;
+    };
+    /** The agent that produced this envelope (its join-key agentId). */
+    fromAgentId: string;
+    /** The verb (one of the five coordination intents). */
+    intent: CoordinationIntent;
+    /** Optional free text ("can you take the API side?"). */
+    note?: string;
+    /** The handoff target, present ONLY on intent:"handoff": the agent the sender
+     * PROPOSES as the new assignee (named by join-key agentId). The receiver's own
+     * accept is what actually sets it — a handoff never forces an assignment. */
+    proposedAssignee?: AgentAttribution;
+    /** Opaque, verifier-specific proof slot. The TOFU verifier ignores it. */
+    proof?: string;
+    issuedAt: string;
+}
+export interface PrepareCoordinationInput {
+    /** The LOCAL mission to coordinate, by its local UUID id (resolved via the store). */
+    missionId: string;
+    /** The recipient agent's join-key agentId. */
+    toAgentId: string;
+    /** The coordination verb. */
+    intent: CoordinationIntent;
+    /** Optional free text carried on the envelope + logged. */
+    note?: string;
+    /** The proposed new assignee — meaningful ONLY on intent:"handoff". */
+    proposedAssignee?: AgentAttribution;
+    /** This agent's own join-key agentId — the asserter of the first-party log entry
+     * (and, on an `accept`, the assignee it claims for itself). */
+    selfAgentId: string;
+    /** Optional proof to stamp on the envelope (for a non-TOFU recipient verifier). */
+    proof?: string;
+}
+export type PrepareCoordinationStatus = "not_found" | "no_consent" | "not_assignee";
+export type PrepareCoordinationResult = {
+    ok: true;
+    envelope: CoordinationEnvelope;
+} | {
+    ok: false;
+    status: PrepareCoordinationStatus;
+};
+/**
+ * Producer half of the coordination primitive. Consent-gated (subject = the
+ * mission's `missionKey`, scope = `"coordinate"`), names the mission by its join
+ * key (never the local UUID). The recipient's trust — read off this agent's own
+ * friend record for `toAgentId` — is the authorization input the policy uses. The
+ * ONLY precondition: `handoff` requires this agent to hold the assignment. Also
+ * records the outgoing intent on the local mission as a first-party log step.
+ */
+export declare function prepareCoordination(missions: MissionStore, store: FriendStore, grants: GrantStore, input: PrepareCoordinationInput, consent?: ConsentPolicy): Promise<PrepareCoordinationResult>;
+export interface ImportCoordinationInput {
+    envelope: CoordinationEnvelope;
+    /** The agent the envelope arrived from (its join-key agentId). */
+    fromAgentId: string;
+    /** This agent's resolved trust in the source agent — the cap on acceptance. */
+    trustOfSource: TrustLevel;
+}
+export type ImportCoordinationStatus = "logged" | "assigned" | "seeded" | "no_mission" | "untrusted_source" | "untrusted_introduction";
+export type ImportCoordinationResult = {
+    ok: true;
+    status: "logged" | "assigned" | "seeded";
+    record: MissionRecord;
+} | {
+    ok: false;
+    status: "no_mission" | "untrusted_source" | "untrusted_introduction";
+};
+export interface ImportCoordinationOptions {
+    /** Authentication seam. Defaults to TOFU. Authorization (trust) is still applied
+     * regardless of what the verifier says. */
+    verifier?: AgentVerifier;
+    /** Minimum trust a source must hold for its messages to be accepted at all.
+     * Default `acquaintance`: a stranger source is refused. */
+    minTrustToAccept?: TrustLevel;
+}
+/**
+ * Consumer half of the coordination primitive — the non-clobbering merge. Resolves
+ * the mission by `findByMissionKey`; appends the incoming intent to
+ * `coordination.log` stamped `origin:imported` WITHOUT touching first-party
+ * `learnings`/`notes`/`status`; applies the bounded assignee effect (only `accept`
+ * sets it; a `handoff` never forces it; conflicts are last-writer-wins by
+ * `issuedAt`); NEVER recomputes status / participants / trust / standing; the
+ * source agent's trust caps acceptance; seeds an unknown mission only when a
+ * friend/family peer introduces it.
+ */
+export declare function importCoordination(missions: MissionStore, input: ImportCoordinationInput, options?: ImportCoordinationOptions): Promise<ImportCoordinationResult>;