npm - @parmanasystems/execution - Versions diffs - 1.0.19 - Mend

@parmanasystems/execution 1.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,810 @@
+interface ExecutionToken {
+    execution_id: string;
+    policy_id: string;
+    decision_payload: any;
+    schema_version: string;
+    runtime_version: string;
+}
+/**
+ * 🔐 Issue Execution Token (FINAL)
+ * Fully deterministic — caller provides execution_id
+ */
+declare function issueToken(input: {
+    execution_id: string;
+    policy_id: string;
+    decision_payload: any;
+    schema_version: string;
+    runtime_version: string;
+}): ExecutionToken;
+/**
+ * Synchronous signing interface used by the deterministic governance runtime.
+ * Implementations must produce a base64-encoded Ed25519 signature over the
+ * UTF-8 `payload`.  See {@link LocalSigner} for the in-process implementation.
+ */
+interface Signer {
+    /**
+     * Signs the canonical UTF-8 `payload` and returns a base64-encoded signature.
+     * Must be deterministic: the same key and payload always produce the same bytes.
+     */
+    sign(payload: string): string;
+}
+/**
+ * Signs the canonical form of `token` with `signer` and returns a
+ * base64-encoded Ed25519 signature.
+ */
+declare function signExecutionToken(token: ExecutionToken, signer: Signer): string;
+/**
+ * Synchronous verification interface used by the deterministic governance runtime.
+ * See {@link LocalVerifier} for the in-process implementation.
+ */
+interface Verifier {
+    /**
+     * Verifies that `signature` (base64 Ed25519) was produced over the canonical
+     * UTF-8 `payload` with the corresponding private key.
+     */
+    verify(payload: string, signature: string): boolean;
+}
+declare function verifyExecutionToken(token: ExecutionToken, signature: string, verifier: Verifier): boolean;
+/**
+ * Validates that `policyId` passes full bundle and signature verification.
+ * Delegates to {@link validatePolicy} and throws if validation fails.
+ *
+ * @throws When the policy does not exist or any version fails verification.
+ */
+declare function verifyRuntimePolicy(policyId: string): void;
+interface ExecutionContext {
+    token: any;
+    token_signature: string;
+    signer: any;
+    verifier: any;
+    runtime_manifest: any;
+    runtime_requirements: any;
+}
+interface ReplayStore {
+    markExecuted(execution_id: string): void;
+}
+interface ExecutionAttestation {
+    execution_id: string;
+    decision: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+    execution_state: "completed" | "blocked" | "pending_override";
+    signature: string;
+    runtime_hash: string;
+}
+/**
+ * 🔴 CORE EXECUTION (FULLY DETERMINISTIC)
+ *
+ * Principles:
+ * - NO time dependency
+ * - replay is enforced
+ * - decision is precomputed (token-driven)
+ * - execution is enforcement only
+ */
+declare function executeDecision(context: ExecutionContext, replayStore: ReplayStore): ExecutionAttestation;
+/** A single audit log entry with arbitrary governance fields. */
+interface AuditEntry {
+    [key: string]: unknown;
+}
+/**
+ * Verifies that `signature` (base64 Ed25519) was produced over the canonical
+ * form of `entry` by the authority whose key `verifier` holds.
+ */
+declare function verifyAuditEntry(entry: AuditEntry, signature: string, verifier: Verifier): boolean;
+/**
+ * Placeholder for full audit-chain integrity verification.
+ * A complete implementation would re-hash every JSONL record and validate
+ * the `previous_record_hash` linkage.
+ *
+ * @returns `true` — full chain verification is not yet implemented.
+ */
+declare function verifyAuditChain(): boolean;
+type DecisionSource = "rule_match";
+interface DecisionResult {
+    status: "decided";
+    outcome: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+    source: DecisionSource;
+    rule_id: string;
+}
+/**
+ * The static portion of the runtime manifest (everything except `runtime_hash`).
+ * Used both as the canonical source of capability declarations and as the input
+ * to {@link hashRuntime}.
+ */
+declare const runtimeManifestDefinition: {
+    readonly runtime_version: "1.0.0";
+    readonly supported_schema_versions: readonly ["1.0.0"];
+    readonly capabilities: readonly ["deterministic-evaluation", "attestation-signing", "replay-protection", "bundle-verification"];
+};
+/**
+ * Returns the SHA-256 hex digest of the canonicalized {@link runtimeManifestDefinition}.
+ * This hash is embedded in every {@link ExecutionResult} as `runtime_hash`,
+ * binding the result to a specific version of the runtime.
+ */
+declare function hashRuntime(): string;
+/**
+ * 🔒 In-memory replay protection
+ */
+declare class MemoryReplayStore implements ReplayStore {
+    private store;
+    markExecuted(execution_id: string): void;
+}
+interface AsyncReplayStore {
+    hasExecuted(executionId: string): Promise<boolean>;
+    markExecuted(executionId: string): Promise<void>;
+    get?(key: string): Promise<string | null>;
+    set?(key: string, value: string): Promise<void>;
+    del?(key: string): Promise<void>;
+    close?(): Promise<void>;
+}
+/**
+ * Async variant of {@link Signer} for remote key providers (e.g. AWS KMS).
+ * The returned promise resolves to a base64-encoded signature.
+ * See {@link AwsKmsSigner} for the AWS KMS implementation.
+ */
+interface AsyncSigner {
+    /** Signs the canonical UTF-8 `payload` and resolves to a base64-encoded signature. */
+    sign(payload: string): Promise<string>;
+}
+/**
+ * Static description of the governance runtime's identity, capabilities, and
+ * supported protocol versions.
+ *
+ * Included in every {@link ExecutionResult} so verifiers can confirm the
+ * runtime environment without trusting the operator.  The `runtime_hash`
+ * field is a deterministic SHA-256 commitment over the manifest definition,
+ * binding the result to a specific runtime build.
+ */
+interface RuntimeManifest {
+    /** Semantic version of the governance runtime (e.g. `"1.0.0"`). */
+    runtime_version: string;
+    /** SHA-256 hex hash of the canonical runtime manifest definition. */
+    runtime_hash: string;
+    /** Schema version strings that this runtime can process. */
+    supported_schema_versions: readonly string[];
+    /** Capability strings advertised by this runtime (e.g. `"replay-protection"`). */
+    capabilities: readonly string[];
+}
+/**
+ * Returns the active {@link RuntimeManifest} for the current process,
+ * combining the static manifest definition with a freshly computed `runtime_hash`.
+ */
+declare function getRuntimeManifest(): RuntimeManifest;
+/**
+ * Signs the canonical form of `manifest` with `signer` and returns a
+ * base64-encoded Ed25519 signature.  Use this to produce a verifiable
+ * attestation that a specific runtime version was active at a given time.
+ */
+declare function signRuntimeManifest(manifest: RuntimeManifest, signer: Signer): string;
+/**
+ * Verifies that `signature` (base64 Ed25519) was produced over the canonical
+ * form of `manifest` by the authority whose key `verifier` holds.
+ */
+declare function verifyRuntimeManifest(manifest: RuntimeManifest, signature: string, verifier: Verifier): boolean;
+/**
+ * In-process Ed25519 {@link Signer} backed by Node.js `crypto`.
+ *
+ * Suitable for development and environments where the private key can be
+ * securely injected at process start.  For hardware-backed or remote signing
+ * see {@link AwsKmsSigner}.
+ */
+declare class LocalSigner implements Signer {
+    private readonly privateKey;
+    /**
+     * @param privateKey - PEM-encoded Ed25519 private key (PKCS8 format).
+     */
+    constructor(privateKey: string);
+    /**
+     * Signs `payload` (UTF-8) with the Ed25519 private key and returns a
+     * base64-encoded signature.
+     */
+    sign(payload: string): string;
+}
+/**
+ * In-process Ed25519 {@link Verifier} backed by Node.js `crypto`.
+ *
+ * Paired with {@link LocalSigner}; both must use the same Ed25519 key pair.
+ */
+declare class LocalVerifier implements Verifier {
+    private readonly publicKey;
+    /**
+     * @param publicKey - PEM-encoded Ed25519 public key (SPKI format).
+     */
+    constructor(publicKey: string);
+    /**
+     * Verifies that `signature` (base64 Ed25519) was produced over the UTF-8
+     * `payload` by the holder of the corresponding private key.
+     */
+    verify(payload: string, signature: string): boolean;
+}
+interface DryRunResult {
+    policy_id: string;
+    policy_version: string;
+    schema_version: string;
+    decision: DecisionResult;
+    rule_trace: string[];
+    governed: false;
+    dry_run: true;
+    evaluated_at: string;
+}
+declare function evaluateDryRun(policyId: string, policyVersion: string, signals: Record<string, unknown>, governed_time?: string): DryRunResult;
+type InvariantBoundary = "canonicalize" | "validate" | "verify" | "replay" | "execute" | "sign";
+interface InvariantEntry {
+    readonly id: string;
+    readonly description: string;
+    readonly boundary: InvariantBoundary | readonly InvariantBoundary[];
+}
+/**
+ * Single source of truth for all governance invariants.
+ *
+ * Every invariant_id that appears in ViolationReport, source comments,
+ * or test coverage maps MUST have an entry here.  The CI gate
+ * (scripts/ci-invariant-gate.ts) enforces this at build time.
+ */
+declare const INVARIANT_REGISTRY: {
+    readonly "INV-001": {
+        readonly id: "INV-001";
+        readonly description: "Canonical serialization produces identical bytes for identical inputs";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-002": {
+        readonly id: "INV-002";
+        readonly description: "Input payload must be structurally valid";
+        readonly boundary: "validate";
+    };
+    readonly "INV-003": {
+        readonly id: "INV-003";
+        readonly description: "Execution token signature must be cryptographically valid";
+        readonly boundary: "verify";
+    };
+    readonly "INV-004": {
+        readonly id: "INV-004";
+        readonly description: "Execution time is injected deterministically — no wall-clock reads inside the execution scope";
+        readonly boundary: readonly InvariantBoundary[];
+    };
+    readonly "INV-005": {
+        readonly id: "INV-005";
+        readonly description: "Runtime version must be in the set of supported runtime versions";
+        readonly boundary: "verify";
+    };
+    readonly "INV-006": {
+        readonly id: "INV-006";
+        readonly description: "Schema version 1.0.0 must be supported by both runtime manifest and requirements";
+        readonly boundary: "verify";
+    };
+    readonly "INV-007": {
+        readonly id: "INV-007";
+        readonly description: "Execution token must not be expired at governed_time";
+        readonly boundary: "verify";
+    };
+    readonly "INV-008": {
+        readonly id: "INV-008";
+        readonly description: "The governed field is always in signature scope and equals literal true";
+        readonly boundary: "sign";
+    };
+    readonly "INV-009": {
+        readonly id: "INV-009";
+        readonly description: "Signals hash must be a non-empty string binding execution to specific inputs";
+        readonly boundary: "validate";
+    };
+    readonly "INV-010": {
+        readonly id: "INV-010";
+        readonly description: "Policy ID and policy version must be non-empty strings";
+        readonly boundary: "validate";
+    };
+    readonly "INV-011": {
+        readonly id: "INV-011";
+        readonly description: "All required runtime capabilities must be present in the runtime manifest";
+        readonly boundary: "verify";
+    };
+    readonly "INV-013": {
+        readonly id: "INV-013";
+        readonly description: "Replay protection is always enforced — execution_id is single-use and non-configurable";
+        readonly boundary: "replay";
+    };
+    readonly "INV-014": {
+        readonly id: "INV-014";
+        readonly description: "governed literal true structurally distinguishes ExecutionResult from DryRunResult";
+        readonly boundary: "execute";
+    };
+    readonly "INV-015": {
+        readonly id: "INV-015";
+        readonly description: "Audit record must be written before attestation is issued";
+        readonly boundary: "execute";
+    };
+    readonly "INV-016": {
+        readonly id: "INV-016";
+        readonly description: "Audit records are linearizable via SHA-256 hash chain";
+        readonly boundary: "execute";
+    };
+    readonly "INV-017": {
+        readonly id: "INV-017";
+        readonly description: "Any verification failure causes fail-closed execution — no partial results";
+        readonly boundary: readonly InvariantBoundary[];
+    };
+    readonly "INV-020": {
+        readonly id: "INV-020";
+        readonly description: "Runtime capability declarations are truthful and non-negotiable";
+        readonly boundary: "verify";
+    };
+    readonly "INV-022": {
+        readonly id: "INV-022";
+        readonly description: "Every policy decision is derivable from the policy document and input signals";
+        readonly boundary: "execute";
+    };
+    readonly "INV-024": {
+        readonly id: "INV-024";
+        readonly description: "Decision values are semantically unambiguous strings";
+        readonly boundary: "execute";
+    };
+    readonly "INV-025": {
+        readonly id: "INV-025";
+        readonly description: "Schema version and runtime version are present in every ExecutionResult";
+        readonly boundary: "execute";
+    };
+    readonly "INV-030": {
+        readonly id: "INV-030";
+        readonly description: "Every attestation contains a runtime_hash binding it to a specific runtime version";
+        readonly boundary: "execute";
+    };
+    readonly "INV-031": {
+        readonly id: "INV-031";
+        readonly description: "Runtime manifest declares explicit supported_schema_versions and runtime_version";
+        readonly boundary: "verify";
+    };
+    readonly "INV-033": {
+        readonly id: "INV-033";
+        readonly description: "Governance properties (replay, audit, attestation) are structurally enforced — not configurable";
+        readonly boundary: "execute";
+    };
+    readonly "INV-034": {
+        readonly id: "INV-034";
+        readonly description: "Any verifier holding the correct public key can independently verify an attestation";
+        readonly boundary: "sign";
+    };
+    readonly "INV-035": {
+        readonly id: "INV-035";
+        readonly description: "Verification is reproducible: same attestation + key produces identical outcome";
+        readonly boundary: "sign";
+    };
+    readonly "INV-037": {
+        readonly id: "INV-037";
+        readonly description: "Signatures from different authority keys do not cross-verify — signing domains are isolated";
+        readonly boundary: "sign";
+    };
+    readonly "INV-038": {
+        readonly id: "INV-038";
+        readonly description: "Cross-key verification failures are consistent: wrong-key always returns false";
+        readonly boundary: "sign";
+    };
+    readonly "INV-040": {
+        readonly id: "INV-040";
+        readonly description: "AI output and governance enforcement are strictly separated — no AI field in execution scope";
+        readonly boundary: "validate";
+    };
+    readonly "INV-041": {
+        readonly id: "INV-041";
+        readonly description: "Governance boundary is explicit: runtime manifest must declare runtime_version";
+        readonly boundary: "verify";
+    };
+    readonly "INV-047": {
+        readonly id: "INV-047";
+        readonly description: "Canonical serialization uses explicit UTF-8 encoding";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-048": {
+        readonly id: "INV-048";
+        readonly description: "Unicode normalization is stable across canonicalization calls";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-049": {
+        readonly id: "INV-049";
+        readonly description: "Canonical JSON sorts object keys recursively and preserves array order";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-050": {
+        readonly id: "INV-050";
+        readonly description: "Duplicate JSON keys must not appear in governance payloads (gap: documented)";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-051": {
+        readonly id: "INV-051";
+        readonly description: "Numeric values canonicalize identically regardless of trailing zeros";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-052": {
+        readonly id: "INV-052";
+        readonly description: "Object insertion order does not affect canonical form or content-address hash";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-053": {
+        readonly id: "INV-053";
+        readonly description: "Array element order is preserved through canonicalization";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-054": {
+        readonly id: "INV-054";
+        readonly description: "JSON type closure: NaN and Infinity serialize to null; undefined fields are omitted";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-057": {
+        readonly id: "INV-057";
+        readonly description: "Content-address (SHA-256) is stable for identical content across calls";
+        readonly boundary: "canonicalize";
+    };
+    readonly "INV-059": {
+        readonly id: "INV-059";
+        readonly description: "Replay domain is explicit: every execution_id in the store was consumed by a real execution";
+        readonly boundary: "replay";
+    };
+    readonly "INV-060": {
+        readonly id: "INV-060";
+        readonly description: "Attestation verification is idempotent: same inputs always produce identical results";
+        readonly boundary: "sign";
+    };
+    readonly "INV-061": {
+        readonly id: "INV-061";
+        readonly description: "Runtime capability declarations are immutable after build";
+        readonly boundary: "verify";
+    };
+    readonly "INV-072": {
+        readonly id: "INV-072";
+        readonly description: "Dry-run path produces no side effects: no replay store write, no audit record, no signature";
+        readonly boundary: "execute";
+    };
+    readonly "INV-073": {
+        readonly id: "INV-073";
+        readonly description: "Canonical evaluation source files contain no network calls";
+        readonly boundary: "execute";
+    };
+    readonly "INV-074": {
+        readonly id: "INV-074";
+        readonly description: "Every governed executeDecision call produces exactly one audit record";
+        readonly boundary: "execute";
+    };
+    readonly "INV-075": {
+        readonly id: "INV-075";
+        readonly description: "Execution IDs (UUIDv4) are unique per issuance — governance identity is non-reusable";
+        readonly boundary: "execute";
+    };
+    readonly "INV-077": {
+        readonly id: "INV-077";
+        readonly description: "All failure modes are deterministic: same invalid input always produces the same error";
+        readonly boundary: readonly InvariantBoundary[];
+    };
+    readonly "INV-078": {
+        readonly id: "INV-078";
+        readonly description: "Operational metadata fields must not contaminate deterministic signing scope";
+        readonly boundary: "validate";
+    };
+    readonly "INV-080": {
+        readonly id: "INV-080";
+        readonly description: "Unsupported schema and runtime versions fail explicitly with a descriptive error";
+        readonly boundary: "verify";
+    };
+    readonly "META-001": {
+        readonly id: "META-001";
+        readonly description: "Every governed execution produces a signed, independently verifiable attestation";
+        readonly boundary: "sign";
+    };
+    readonly "META-004": {
+        readonly id: "META-004";
+        readonly description: "Invariant violations always fail closed — no partial results are emitted on violation";
+        readonly boundary: readonly InvariantBoundary[];
+    };
+};
+type InvariantId = keyof typeof INVARIANT_REGISTRY;
+/**
+ * Structured report emitted when a governance invariant is violated.
+ *
+ * Fields:
+ *   invariant_id  — the invariant from INVARIANT_REGISTRY that was breached
+ *   boundary      — pipeline stage where the violation was detected
+ *   reason        — human-readable explanation of what failed
+ *   input_hash    — SHA-256 of the canonical form of the input that triggered the violation
+ *   timestamp_seq — monotonically increasing sequence number within the process lifetime
+ */
+interface ViolationReport {
+    readonly invariant_id: string;
+    readonly boundary: string;
+    readonly reason: string;
+    readonly input_hash: string;
+    readonly timestamp_seq: number;
+}
+/**
+ * Thrown by every pipeline stage boundary when a governance invariant is violated.
+ *
+ * Carries a structured ViolationReport so downstream consumers can distinguish
+ * invariant violations from unexpected runtime errors without string parsing.
+ */
+declare class InvariantViolation extends Error {
+    readonly report: ViolationReport;
+    constructor(report: ViolationReport);
+}
+/**
+ * Computes the SHA-256 hex digest of `value` for use as `input_hash` in a ViolationReport.
+ * Accepts a string (used as-is) or any value (JSON-stringified before hashing).
+ */
+declare function hashInput(value: unknown): string;
+/**
+ * Constructs and throws an InvariantViolation.
+ * Never returns — the return type `never` enforces this at compile time.
+ *
+ * @param invariant_id - ID from INVARIANT_REGISTRY
+ * @param boundary     - Pipeline stage name
+ * @param reason       - Human-readable reason (must contain the legacy message substring for test compat)
+ * @param input        - The input that triggered the violation (hashed automatically)
+ */
+declare function violate(invariant_id: string, boundary: string, reason: string, input: unknown): never;
+/**
+ * 🔒 Stage 1 — Verification
+ */
+declare function stageVerify(token: ExecutionToken, token_signature: string, verifier: {
+    verify: (data: Uint8Array, sig: Uint8Array) => boolean;
+}, runtime_manifest: any, runtime_requirements: any): void;
+/**
+ * 🔒 Stage 2 — Execution (ENFORCEMENT ONLY)
+ */
+declare function stageExecute(token: ExecutionToken): void;
+/**
+ * 🔒 Stage 3 — Signing (NEW MODEL)
+ */
+declare function stageSign(payload: {
+    execution_id: string;
+    decision: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+    execution_state: "completed" | "blocked" | "pending_override";
+}, signer: {
+    sign: (data: Uint8Array) => Uint8Array;
+}, runtime_hash: string): {
+    execution_id: string;
+    decision: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+    execution_state: "completed" | "blocked" | "pending_override";
+    signature: string;
+    runtime_hash: string;
+};
+/**
+ * Sealed Execution VM — determinism enforcement for the governance execution scope.
+ *
+ * The execution stage (execute.ts, pipeline.ts) is forbidden from accessing:
+ *   - Date.now()      — non-deterministic wall clock
+ *   - Math.random()   — non-deterministic PRNG
+ *   - fs / network IO — external state that varies across environments
+ *
+ * Time is injected explicitly via governed_time in ExecutionContext.
+ * The CI gate (scripts/ci-invariant-gate.ts) enforces these constraints statically.
+ *
+ * This module provides:
+ *   - governingTime()  — derives execution time from injected governed_time or falls
+ *                         back to the system clock (only acceptable outside execute.ts)
+ *   - FORBIDDEN_GLOBALS — the list of globals that must not appear in execution-scope files
+ */
+/** Globals forbidden inside the sealed execution scope. */
+declare const FORBIDDEN_GLOBALS: readonly ["Date.now", "Math.random"];
+/**
+ * Files in the execution package whose source must not reference FORBIDDEN_GLOBALS.
+ * Enforced by the CI gate.
+ */
+declare const SEALED_SCOPE_FILES: readonly ["packages/execution/src/execute.ts", "packages/execution/src/pipeline.ts", "packages/execution/src/canonical-signing.ts", "packages/bundle/src/canonicalize.ts", "packages/bundle/src/hash.ts"];
+/**
+ * Returns the governing time for an execution.
+ *
+ * When `provided` is a non-empty ISO 8601 string it is returned as-is,
+ * preserving determinism.  When `provided` is absent or empty the current
+ * system time is used — this fallback is intentionally limited to
+ * non-execution-scope callers (audit.ts, dry-run.ts, tests).
+ *
+ * MUST NOT be called from execute.ts or pipeline.ts — those files must
+ * receive governed_time from their caller and pass it through explicitly.
+ */
+declare function governingTime(provided?: string): string;
+declare function executeFromSignals(input: {
+    policyId: string;
+    policyVersion: string;
+    signals: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+}, signer: Signer, verifier: Verifier, replayStore: AsyncReplayStore & {
+    get?: (key: string) => Promise<string | null>;
+    set?: (key: string, value: string) => Promise<void>;
+    del?: (key: string) => Promise<void>;
+}): Promise<{
+    status: "pending_override";
+    execution_id: string;
+    decision: DecisionResult;
+    requires_override: boolean;
+    execution_state?: undefined;
+    replay?: undefined;
+    signature?: undefined;
+    error?: undefined;
+} | {
+    status: "success";
+    execution_id: string;
+    decision: DecisionResult;
+    execution_state: "completed" | "blocked";
+    requires_override: boolean;
+    replay: boolean;
+    signature?: undefined;
+    error?: undefined;
+} | {
+    status: "success";
+    execution_id: string;
+    decision: DecisionResult;
+    execution_state: "completed" | "blocked";
+    requires_override: boolean;
+    signature: string;
+    replay?: undefined;
+    error?: undefined;
+} | {
+    status: "error";
+    error: string;
+    execution_id?: undefined;
+    decision?: undefined;
+    requires_override?: undefined;
+    execution_state?: undefined;
+    replay?: undefined;
+    signature?: undefined;
+}>;
+interface BaseCondition {
+    signal: string;
+    equals?: unknown;
+    greater_than?: number;
+    less_than?: number;
+}
+interface AllCondition {
+    all: RuleCondition[];
+}
+interface AnyCondition {
+    any: RuleCondition[];
+}
+type RuleCondition = BaseCondition | AllCondition | AnyCondition;
+interface PolicyRule {
+    id: string;
+    condition: RuleCondition;
+    outcome: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+}
+interface PolicyDocument {
+    schemaVersion: string;
+    signalsSchema: Record<string, unknown>;
+    rules: PolicyRule[];
+}
+declare function evaluatePolicy(policy: PolicyDocument, signals: Record<string, unknown>): DecisionResult;
+declare function canonicalize(value: any): string;
+/**
+ * Executes multiple records sequentially.
+ *
+ * Each record is processed independently.
+ * Errors are captured per-record (fail-isolated).
+ */
+declare function executeBatch(records: Array<{
+    policyId: string;
+    policyVersion: string;
+    signals: Record<string, unknown>;
+    governed_time: string;
+}>, signer: Signer, verifier: Verifier, replayStore: AsyncReplayStore): Promise<({
+    input: {
+        policyId: string;
+        policyVersion: string;
+        signals: Record<string, unknown>;
+        governed_time: string;
+    };
+    output: {
+        status: "pending_override";
+        execution_id: string;
+        decision: DecisionResult;
+        requires_override: boolean;
+        execution_state?: undefined;
+        replay?: undefined;
+        signature?: undefined;
+        error?: undefined;
+    } | {
+        status: "success";
+        execution_id: string;
+        decision: DecisionResult;
+        execution_state: "completed" | "blocked";
+        requires_override: boolean;
+        replay: boolean;
+        signature?: undefined;
+        error?: undefined;
+    } | {
+        status: "success";
+        execution_id: string;
+        decision: DecisionResult;
+        execution_state: "completed" | "blocked";
+        requires_override: boolean;
+        signature: string;
+        replay?: undefined;
+        error?: undefined;
+    } | {
+        status: "error";
+        error: string;
+        execution_id?: undefined;
+        decision?: undefined;
+        requires_override?: undefined;
+        execution_state?: undefined;
+        replay?: undefined;
+        signature?: undefined;
+    };
+} | {
+    input: {
+        policyId: string;
+        policyVersion: string;
+        signals: Record<string, unknown>;
+        governed_time: string;
+    };
+    output: {
+        status: string;
+        error: string;
+    };
+})[]>;
+declare function loadPolicy(policyId: string, policyVersion: string, basePath?: string): PolicyDocument;
+declare class RedisReplayStore implements AsyncReplayStore {
+    private client;
+    constructor(url: string);
+    hasExecuted(executionId: string): Promise<boolean>;
+    markExecuted(executionId: string): Promise<void>;
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    del(key: string): Promise<void>;
+    close(): Promise<void>;
+}
+declare function resolveOverride(executionId: string, replayStore: AsyncReplayStore & {
+    get: (key: string) => Promise<string | null>;
+    del: (key: string) => Promise<void>;
+}, signer: Signer, verifier: Verifier): Promise<{
+    status: "success";
+    execution_id: string;
+    signature: string;
+    resolved: boolean;
+}>;
+export { type AsyncReplayStore, type AsyncSigner, type AuditEntry, type DecisionResult, type DryRunResult, type ExecutionAttestation, type ExecutionContext, type ExecutionToken, FORBIDDEN_GLOBALS, INVARIANT_REGISTRY, type InvariantBoundary, type InvariantEntry, type InvariantId, InvariantViolation, LocalSigner, LocalVerifier, MemoryReplayStore, RedisReplayStore, type ReplayStore, type RuntimeManifest, SEALED_SCOPE_FILES, type Signer, type Verifier, type ViolationReport, canonicalize, evaluateDryRun, evaluatePolicy, executeBatch, executeDecision, executeFromSignals, getRuntimeManifest, governingTime, hashInput, hashRuntime, issueToken, loadPolicy, resolveOverride, runtimeManifestDefinition, signExecutionToken, signRuntimeManifest, stageExecute, stageSign, stageVerify, verifyAuditChain, verifyAuditEntry, verifyExecutionToken, verifyRuntimeManifest, verifyRuntimePolicy, violate };