@ouro.bot/friends 0.1.0-alpha.4

package/dist/notes.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyFriendNote = applyFriendNote;
+// applyFriendNote — structured-result port of the harness's `save_friend_note`.
+//
+// Writes a friend's name, a tool preference, or a general note. Returns a
+// FriendOpResult instead of the harness's English strings so the MCP layer can
+// serialize and branch on the outcome. The override-conflict case stays
+// distinguishable (`status: "override_required"`, `ok: false`) from a real
+// write, and a missing friend is a normal `not_found` result — never a throw.
+const observability_1 = require("./observability");
+async function applyFriendNote(store, friendId, input) {
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.note_applied",
+        message: "applied friend note",
+        meta: { type: input.type },
+    });
+    const { type, key, content, override, provenance } = input;
+    // Validate inputs up front so the helper is self-contained (the harness
+    // returned English here; we return a structured `invalid` result).
+    if (!content) {
+        return { ok: false, status: "invalid", message: "a content value is required" };
+    }
+    if ((type === "tool_preference" || type === "note") && !key) {
+        return { ok: false, status: "invalid", message: "a key is required for tool_preference or note" };
+    }
+    try {
+        const record = await store.get(friendId);
+        if (!record) {
+            return { ok: false, status: "not_found", message: "friend record not found" };
+        }
+        const now = new Date().toISOString();
+        if (type === "name") {
+            const updated = { ...record, name: content, updatedAt: now };
+            await store.put(friendId, updated);
+            return { ok: true, status: "saved", record: updated };
+        }
+        if (type === "tool_preference") {
+            const existing = record.toolPreferences[key];
+            if (existing && !override) {
+                return {
+                    ok: false,
+                    status: "override_required",
+                    message: `a tool preference already exists for '${key}': "${existing}"`,
+                };
+            }
+            const updated = {
+                ...record,
+                toolPreferences: { ...record.toolPreferences, [key]: content },
+                updatedAt: now,
+            };
+            await store.put(friendId, updated);
+            return { ok: true, status: "saved", record: updated };
+        }
+        // type === "note"
+        // Redirect a "name" key to the name field rather than storing it as a note.
+        if (key === "name") {
+            const updated = { ...record, name: content, updatedAt: now };
+            await store.put(friendId, updated);
+            return { ok: true, status: "redirected_to_name", record: updated };
+        }
+        const existing = record.notes[key];
+        if (existing && !override) {
+            return {
+                ok: false,
+                status: "override_required",
+                message: `a note already exists for '${key}': "${existing.value}"`,
+            };
+        }
+        const updated = {
+            ...record,
+            notes: {
+                ...record.notes,
+                [key]: { value: content, savedAt: now, ...(provenance ? { provenance } : {}) },
+            },
+            updatedAt: now,
+        };
+        await store.put(friendId, updated);
+        return { ok: true, status: "saved", record: updated };
+    }
+    catch (err) {
+        return {
+            ok: false,
+            status: "error",
+            /* v8 ignore next -- defensive: non-Error throw is unreachable in tests; we inject an Error @preserve */
+            message: err instanceof Error ? err.message : String(err),
+        };
+    }
+}

package/dist/observability.d.ts

@@ -0,0 +1,27 @@
+/** Log severity for an emitted event. Mirrors the harness's `LogLevel`. */
+export type LogLevel = "debug" | "info" | "warn" | "error";
+/**
+ * A structured observability event. Field-for-field identical to the harness's
+ * `NervesEvent` so the harness's real emitter can be injected without adaptation.
+ */
+export interface NervesEvent {
+    level?: LogLevel;
+    event: string;
+    trace_id?: string;
+    component: string;
+    message: string;
+    meta?: Record<string, unknown>;
+}
+/** A function that consumes emitted events. */
+export type NervesEmitter = (event: NervesEvent) => void;
+/**
+ * Inject the emitter that `emitNervesEvent` should forward to. Pass `null` to
+ * reset back to the default no-op. The harness passes its real nerves emitter
+ * here so extracted friend code reports through the same observability pipeline.
+ */
+export declare function setNervesEmitter(emitter: NervesEmitter | null): void;
+/**
+ * Emit a structured observability event. No-op by default; forwards to whatever
+ * was last passed to `setNervesEmitter`.
+ */
+export declare function emitNervesEvent(event: NervesEvent): void;

package/dist/observability.js

@@ -0,0 +1,31 @@
+"use strict";
+// Observability seam.
+//
+// In the Ouroboros harness, the friend model emits structured "nerves" events
+// through `emitNervesEvent` (from `nerves/runtime`). The standalone package must
+// stay self-contained, so this module ships a no-op `emitNervesEvent` with the
+// SAME signature as the harness's, plus `setNervesEmitter(fn)` — an injection
+// point the harness (or any consumer) can use to wire its real emitter back in.
+//
+// Default behavior: events are dropped. Call `setNervesEmitter` once at startup
+// to forward them somewhere real.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setNervesEmitter = setNervesEmitter;
+exports.emitNervesEvent = emitNervesEvent;
+const noopEmitter = () => { };
+let activeEmitter = noopEmitter;
+/**
+ * Inject the emitter that `emitNervesEvent` should forward to. Pass `null` to
+ * reset back to the default no-op. The harness passes its real nerves emitter
+ * here so extracted friend code reports through the same observability pipeline.
+ */
+function setNervesEmitter(emitter) {
+    activeEmitter = emitter ?? noopEmitter;
+}
+/**
+ * Emit a structured observability event. No-op by default; forwards to whatever
+ * was last passed to `setNervesEmitter`.
+ */
+function emitNervesEvent(event) {
+    activeEmitter(event);
+}

package/dist/outcomes.d.ts

@@ -0,0 +1,9 @@
+import type { FriendStore } from "./store";
+import type { FriendRecord, NoteProvenance } from "./types";
+export interface RecordOutcomeInput {
+    missionId: string;
+    result: "success" | "partial" | "failed";
+    note?: string;
+    provenance?: NoteProvenance;
+}
+export declare function recordRelationshipOutcome(store: FriendStore, friendId: string, input: RecordOutcomeInput, familiarityDelta?: number): Promise<FriendRecord | null>;

package/dist/outcomes.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recordRelationshipOutcome = recordRelationshipOutcome;
+// recordRelationshipOutcome — appends a shared-mission outcome to a friend's
+// agentMeta, dedupes the mission into sharedMissions, and bumps familiarity.
+//
+// D3: if the record has no `agentMeta` (e.g. a human record), it is
+// auto-initialized so the helper is usable on any friendId. The record's `kind`
+// is intentionally NOT flipped to "agent". CAVEAT: `FileFriendStore.normalize`
+// drops `agentMeta` on read when `kind !== "agent"`, so on a human record the
+// outcome persists in-process and round-trips through a MemoryStore, but a
+// FileFriendStore reload normalizes it away. For an agent record it persists in
+// full. Returns the updated record, or null when the friend is missing.
+const observability_1 = require("./observability");
+async function recordRelationshipOutcome(store, friendId, input, familiarityDelta) {
+    const record = await store.get(friendId);
+    if (!record)
+        return null;
+    const meta = record.agentMeta ?? {
+        bundleName: record.name,
+        familiarity: 0,
+        sharedMissions: [],
+        outcomes: [],
+    };
+    const now = new Date().toISOString();
+    const outcome = {
+        missionId: input.missionId,
+        result: input.result,
+        timestamp: now,
+        ...(input.note ? { note: input.note } : {}),
+        ...(input.provenance ? { provenance: input.provenance } : {}),
+    };
+    const outcomes = [...meta.outcomes, outcome];
+    const sharedMissions = meta.sharedMissions.includes(input.missionId)
+        ? meta.sharedMissions
+        : [...meta.sharedMissions, input.missionId];
+    const familiarity = meta.familiarity + (familiarityDelta ?? 1);
+    const updated = {
+        ...record,
+        agentMeta: { ...meta, outcomes, sharedMissions, familiarity },
+        updatedAt: now,
+    };
+    await store.put(friendId, updated);
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.outcome_recorded",
+        message: "recorded relationship outcome",
+        meta: { friendId, result: input.result },
+    });
+    return updated;
+}

package/dist/resolver.d.ts

@@ -0,0 +1,28 @@
+import type { FriendStore } from "./store";
+import type { IdentityProvider, ResolvedContext } from "./types";
+export interface FriendResolverParams {
+    provider: IdentityProvider;
+    externalId: string;
+    tenantId?: string;
+    displayName: string;
+    channel: string;
+}
+export declare function _setMachineOwnerUsernameForTest(value: string | null | undefined): void;
+/**
+ * The OS username that owns this daemon process, or null if undetectable. The
+ * person running the daemon owns this agent + its bundle, so the local friend
+ * that names them is the machine owner (family), not a stranger.
+ */
+export declare function machineOwnerUsername(): string | null;
+/**
+ * True when (provider, externalId) names the local machine owner — the OS user
+ * running the daemon. Matches the bare username or a `user@host` external id.
+ */
+export declare function isLocalMachineOwnerIdentity(provider: string, externalId: string, ownerUsername: string | null): boolean;
+export declare class FriendResolver {
+    private readonly store;
+    private readonly params;
+    constructor(store: FriendStore, params: FriendResolverParams);
+    resolve(): Promise<ResolvedContext>;
+    private resolveOrCreate;
+}

package/dist/resolver.js

@@ -0,0 +1,187 @@
+"use strict";
+// FriendResolver -- resolves external identity into a FriendRecord + channel capabilities.
+// Created per-request (per-incoming-message), per-friend.
+// Replaces the old ContextResolver: no authority checker, no separate note resolution.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FriendResolver = void 0;
+exports._setMachineOwnerUsernameForTest = _setMachineOwnerUsernameForTest;
+exports.machineOwnerUsername = machineOwnerUsername;
+exports.isLocalMachineOwnerIdentity = isLocalMachineOwnerIdentity;
+const crypto_1 = require("crypto");
+const os_1 = require("os");
+const channel_1 = require("./channel");
+const observability_1 = require("./observability");
+const CURRENT_SCHEMA_VERSION = 1;
+// Test seam: when set (including to null), overrides OS detection of the
+// machine-owner username so resolver tests are deterministic.
+let machineOwnerOverride;
+function _setMachineOwnerUsernameForTest(value) {
+    machineOwnerOverride = value;
+}
+/**
+ * The OS username that owns this daemon process, or null if undetectable. The
+ * person running the daemon owns this agent + its bundle, so the local friend
+ * that names them is the machine owner (family), not a stranger.
+ */
+function machineOwnerUsername() {
+    if (machineOwnerOverride !== undefined)
+        return machineOwnerOverride;
+    try {
+        return (0, os_1.userInfo)().username;
+    }
+    catch {
+        /* v8 ignore next -- defensive: userInfo() only throws when the running user has no passwd entry @preserve */
+        return null;
+    }
+}
+/**
+ * True when (provider, externalId) names the local machine owner — the OS user
+ * running the daemon. Matches the bare username or a `user@host` external id.
+ */
+function isLocalMachineOwnerIdentity(provider, externalId, ownerUsername) {
+    if (provider !== "local" || !ownerUsername)
+        return false;
+    return externalId === ownerUsername || externalId.startsWith(`${ownerUsername}@`);
+}
+class FriendResolver {
+    store;
+    params;
+    constructor(store, params) {
+        this.store = store;
+        this.params = params;
+    }
+    async resolve() {
+        const friend = await this.resolveOrCreate();
+        const channel = (0, channel_1.getChannelCapabilities)(this.params.channel);
+        return { friend, channel };
+    }
+    async resolveOrCreate() {
+        // Try to find existing friend by external ID
+        let existing = null;
+        try {
+            existing = await this.store.findByExternalId(this.params.provider, this.params.externalId, this.params.tenantId);
+        }
+        catch {
+            // Store search failure -- fall through to create new (D16)
+        }
+        if (existing)
+            return existing;
+        // Migration: local provider previously used "${username}@${hostname}" format.
+        // If no exact match, try finding a friend with old-format external ID.
+        /* v8 ignore start -- migration path: only fires when legacy hostname-format friend exists @preserve */
+        if (this.params.provider === "local" && !this.params.externalId.includes("@")) {
+            try {
+                const all = typeof this.store.listAll === "function" ? await this.store.listAll() : [];
+                /* v8 ignore start -- migration path: only fires when legacy hostname-format friend exists @preserve */
+                const migrationMatch = all.find((f) => f.externalIds.some((eid) => eid.provider === "local" && eid.externalId.startsWith(this.params.externalId + "@")));
+                if (migrationMatch) {
+                    const now = new Date().toISOString();
+                    migrationMatch.externalIds.push({
+                        provider: this.params.provider,
+                        externalId: this.params.externalId,
+                        linkedAt: now,
+                    });
+                    migrationMatch.updatedAt = now;
+                    try {
+                        await this.store.put(migrationMatch.id, migrationMatch);
+                    }
+                    catch {
+                        // best-effort persist
+                    }
+                    (0, observability_1.emitNervesEvent)({
+                        component: "friends",
+                        event: "friends.local_id_migrated",
+                        message: `migrated local friend identity from hostname format to username-only`,
+                        meta: { friendId: migrationMatch.id, newExternalId: this.params.externalId },
+                    });
+                    return migrationMatch;
+                }
+                /* v8 ignore stop */
+            }
+            catch {
+                // fall through to create new
+            }
+        }
+        /* v8 ignore stop */
+        // First encounter -- create new FriendRecord
+        const now = new Date().toISOString();
+        const externalId = {
+            provider: this.params.provider,
+            externalId: this.params.externalId,
+            linkedAt: now,
+            ...(this.params.tenantId !== undefined ? { tenantId: this.params.tenantId } : {}),
+        };
+        const tenantMemberships = this.params.tenantId ? [this.params.tenantId] : [];
+        let hasAnyFriends = false;
+        try {
+            if (typeof this.store.hasAnyFriends === "function") {
+                hasAnyFriends = await this.store.hasAnyFriends();
+            }
+        }
+        catch {
+            hasAnyFriends = false;
+        }
+        const isFirstImprint = !hasAnyFriends;
+        const isA2AAgent = this.params.provider === "a2a-agent";
+        // The local friend that names the OS user running the daemon is the machine
+        // owner (family) — they own the agent + its bundle. Usually this friend already
+        // exists as a family/primary hatch imprint; this covers the un-imprinted boss
+        // path (e.g. a Workbench boss check-in on a bundle that skipped imprint).
+        const isLocalMachineOwner = isLocalMachineOwnerIdentity(this.params.provider, this.params.externalId, machineOwnerUsername());
+        // BlueBubbles group chats route through here as `imessage-handle` with an
+        // externalId of the form `group:any;+;<chatHash>`. When the harness auto-
+        // creates the group friend at stranger trust, we mark the record so that
+        // the trust gate can surface the relationship for explicit acknowledgment
+        // later instead of letting messages accumulate silently.
+        const isImessageGroup = this.params.provider === "imessage-handle" &&
+            typeof this.params.externalId === "string" &&
+            this.params.externalId.startsWith("group:");
+        const notes = {};
+        if (this.params.displayName !== "Unknown") {
+            notes.name = { value: this.params.displayName, savedAt: now };
+        }
+        if (isImessageGroup && !isFirstImprint) {
+            notes.autoCreatedGroup = { value: "true", savedAt: now };
+        }
+        const friend = {
+            id: (0, crypto_1.randomUUID)(),
+            name: this.params.displayName,
+            role: isA2AAgent ? "agent-peer" : isFirstImprint ? "primary" : isLocalMachineOwner ? "family" : "stranger",
+            trustLevel: isA2AAgent ? "stranger" : (isFirstImprint || isLocalMachineOwner) ? "family" : "stranger",
+            connections: [],
+            externalIds: [externalId],
+            tenantMemberships,
+            toolPreferences: {},
+            notes,
+            totalTokens: 0,
+            createdAt: now,
+            updatedAt: now,
+            schemaVersion: CURRENT_SCHEMA_VERSION,
+            kind: isA2AAgent ? "agent" : "human",
+            ...(isA2AAgent ? {
+                agentMeta: {
+                    bundleName: this.params.displayName,
+                    familiarity: 0,
+                    sharedMissions: [],
+                    outcomes: [],
+                    a2a: { agentId: this.params.externalId },
+                },
+            } : {}),
+        };
+        // Persist -- log and continue on failure (D16)
+        try {
+            await this.store.put(friend.id, friend);
+        }
+        catch (err) {
+            (0, observability_1.emitNervesEvent)({
+                level: "error",
+                event: "friends.persist_error",
+                component: "friends",
+                message: "failed to persist friend record",
+                meta: { reason: err instanceof Error ? err.message : String(err) },
+            });
+        }
+        return friend;
+    }
+}
+exports.FriendResolver = FriendResolver;

package/dist/results.d.ts

@@ -0,0 +1,8 @@
+import type { FriendRecord } from "./types";
+export type FriendOpStatus = "saved" | "updated" | "linked" | "unlinked" | "merged" | "noop" | "not_found" | "override_required" | "redirected_to_name" | "invalid" | "error";
+export interface FriendOpResult {
+    ok: boolean;
+    status: FriendOpStatus;
+    message?: string;
+    record?: FriendRecord;
+}

package/dist/results.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/room.d.ts

@@ -0,0 +1,22 @@
+import type { FriendStore } from "./store";
+import type { Channel, FriendRecord } from "./types";
+import type { TrustExplanation } from "./trust-explanation";
+/** How the agent knows a room member:
+ * - "direct" — the member carries a per-person identity (a non-group externalId),
+ *   so the agent knows them as an individual, not merely as a name in a roster.
+ * - "group_only" — the member is known ONLY through this room: the only identities
+ *   they carry are group ids. */
+export type RoomKnownVia = "direct" | "group_only";
+export interface RoomMember {
+    friend: FriendRecord;
+    trust: TrustExplanation;
+    knownVia: RoomKnownVia;
+}
+export interface RoomView {
+    groupExternalId: string;
+    members: RoomMember[];
+}
+/** Resolve the room identified by `groupExternalId` into its members + each
+ * member's trust context + how the agent knows them. `channel` selects the lens
+ * for the trust explanation (defaults to the agent-facing "mcp" channel). */
+export declare function resolveRoom(store: FriendStore, groupExternalId: string, channel?: Channel): Promise<RoomView>;

package/dist/room.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveRoom = resolveRoom;
+// resolveRoom — the team / room view (N11). Pure read, NO new persisted state.
+//
+// A "room" IS its group ExternalId; membership is already materialized on each
+// member (every participant carries the group's externalId, via
+// upsertGroupContextParticipants). resolveRoom reverse-looks-up every friend
+// carrying that group id and composes the per-member trust context that already
+// exists — proof N10's shape is right (per-party trust + who-said-what +
+// provenance all compose into the room view without any new state).
+const observability_1 = require("./observability");
+const trust_explanation_1 = require("./trust-explanation");
+function isGroupExternalId(externalId) {
+    return externalId.startsWith("group:");
+}
+function knownViaFor(friend) {
+    const hasNonGroupIdentity = friend.externalIds.some((ext) => !isGroupExternalId(ext.externalId));
+    return hasNonGroupIdentity ? "direct" : "group_only";
+}
+/** Resolve the room identified by `groupExternalId` into its members + each
+ * member's trust context + how the agent knows them. `channel` selects the lens
+ * for the trust explanation (defaults to the agent-facing "mcp" channel). */
+async function resolveRoom(store, groupExternalId, channel = "mcp") {
+    const all = typeof store.listAll === "function" ? await store.listAll() : [];
+    const members = all
+        .filter((friend) => friend.externalIds.some((ext) => ext.externalId === groupExternalId))
+        .map((friend) => ({
+        friend,
+        trust: (0, trust_explanation_1.describeTrustContext)({ friend, channel, isGroupChat: true }),
+        knownVia: knownViaFor(friend),
+    }));
+    (0, observability_1.emitNervesEvent)({
+        component: "friends",
+        event: "friends.room_resolved",
+        message: "resolved room view",
+        meta: { groupExternalId, memberCount: members.length },
+    });
+    return { groupExternalId, members };
+}

package/dist/share.d.ts

@@ -0,0 +1,106 @@
+import type { FriendStore } from "./store";
+import type { GrantStore } from "./grant-store";
+import type { AgentAttribution, ExternalId, FriendRecord, RelationshipOutcome, ShareScope, TrustLevel } from "./types";
+import type { ConsentPolicy } from "./consent";
+import type { AgentVerifier } from "./verifier";
+/** A note as carried on the wire: its value plus who FIRST asserted it
+ * (`originallyAssertedBy`), so the consumer can attribute it without laundering
+ * an imported fact into first-party. */
+export interface SharedNote {
+    key: string;
+    value: string;
+    originallyAssertedBy?: AgentAttribution;
+}
+/** The cross-agent profile-share envelope. Names the subject by JOIN KEY only. */
+export interface ProfileShareEnvelope {
+    /** The party, named by join key — externalIds + display name, NEVER a local UUID. */
+    subject: {
+        externalIds: ExternalId[];
+        displayName: string;
+    };
+    /** The agent that produced this envelope (its join-key agentId). */
+    fromAgentId: string;
+    scope: ShareScope;
+    /** Scope-filtered notes (present for `notes:*` scopes). */
+    notes?: SharedNote[];
+    /** Scope-filtered relationship outcomes (present for the `outcomes` scope). */
+    outcomes?: RelationshipOutcome[];
+    /** Opaque, verifier-specific proof slot (Fork B). The TOFU verifier ignores it;
+     * reserved day one so a stronger verifier needs no envelope change. */
+    proof?: string;
+    issuedAt: string;
+}
+export interface PrepareProfileShareInput {
+    /** The local friend to share (UUID or name — resolved via the store). */
+    friendId: string;
+    /** The recipient agent's join-key agentId. */
+    toAgentId: string;
+    scope: ShareScope;
+    /** This agent's own join-key agentId — the original asserter of first-party
+     * facts (so a shared first-party note is attributed to self, not laundered). */
+    selfAgentId: string;
+    /** Optional proof to stamp on the envelope (for a non-TOFU recipient verifier). */
+    proof?: string;
+}
+export type PrepareProfileShareStatus = "not_found" | "no_consent" | "no_recipient";
+export type PrepareProfileShareResult = {
+    ok: true;
+    envelope: ProfileShareEnvelope;
+} | {
+    ok: false;
+    status: PrepareProfileShareStatus;
+};
+/** The original asserter of a note: for an imported note, whoever the import
+ * recorded as `originallyAssertedBy` (falling back to its `assertedBy`); for a
+ * first-party note, this agent itself. Never launders imported → first-party.
+ * Always returns an attribution (a shared fact is always attributable). Exported
+ * so the mission-share producer reuses it (a MissionLearning is structurally
+ * compatible with the inline param type) — single-sourced, tested once. */
+export declare function originalAsserterOf(note: {
+    provenance?: {
+        origin?: "first_party" | "imported";
+        assertedBy?: AgentAttribution;
+    };
+}, selfAgentId: string): AgentAttribution;
+/**
+ * Producer half of the moat. Consent-gated (via the injected ConsentPolicy, or
+ * the module default), scope-filtered, provenance-preserving. Names the party by
+ * join key, never the local UUID. The recipient's trust level — read off this
+ * agent's own record for `toAgentId` — is the authorization input the policy
+ * uses. Returns `{ ok:true, envelope }` or `{ ok:false, status }`.
+ */
+export declare function prepareProfileShare(store: FriendStore, grants: GrantStore, input: PrepareProfileShareInput, consent?: ConsentPolicy): Promise<PrepareProfileShareResult>;
+export interface ImportProfileShareInput {
+    envelope: ProfileShareEnvelope;
+    /** The agent the envelope arrived from (its join-key agentId). */
+    fromAgentId: string;
+    /** This agent's resolved trust in the source agent — the cap on acceptance.
+     * A stranger source's facts are refused (see `minTrustToAccept`). */
+    trustOfSource: TrustLevel;
+}
+export type ImportProfileShareStatus = "imported" | "seeded" | "no_party" | "untrusted_source" | "untrusted_introduction";
+export type ImportProfileShareResult = {
+    ok: true;
+    status: "imported" | "seeded";
+    record: FriendRecord;
+} | {
+    ok: false;
+    status: "no_party" | "untrusted_source" | "untrusted_introduction";
+};
+export interface ImportProfileShareOptions {
+    /** Authentication seam (Fork B). Defaults to TOFU. Authorization (trust) is
+     * still applied regardless of what the verifier says. */
+    verifier?: AgentVerifier;
+    /** Minimum trust a source agent must hold for its facts to be accepted at all.
+     * Default `acquaintance`: a stranger source is refused. */
+    minTrustToAccept?: TrustLevel;
+}
+/**
+ * Consumer half of the moat — the non-clobbering merge. Resolves the party by
+ * join key; lands imported facts in the `importedNotes` namespace (origin
+ * "imported" + assertedBy + importedAt) WITHOUT ever touching first-party `notes`;
+ * the source agent's trust caps acceptance; NEVER changes the party's trust level
+ * (the key safety invariant); seeds an unknown party only when a friend/family
+ * peer introduces it. Returns `{ ok, status, record }`.
+ */
+export declare function importProfileShare(store: FriendStore, input: ImportProfileShareInput, options?: ImportProfileShareOptions): Promise<ImportProfileShareResult>;