npm - @peac/policy-kit - Versions diffs - 0.9.18 → 0.10.0 - Mend

@peac/policy-kit 0.9.18 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/LICENSE +190 -0
package/dist/enforce.d.ts +256 -0
package/dist/enforce.d.ts.map +1 -0
package/dist/enforce.js +309 -0
package/dist/enforce.js.map +1 -0
package/dist/enforcement-profiles.d.ts +164 -0
package/dist/enforcement-profiles.d.ts.map +1 -0
package/dist/enforcement-profiles.js +293 -0
package/dist/enforcement-profiles.js.map +1 -0
package/dist/generated/profiles.d.ts +17 -0
package/dist/generated/profiles.d.ts.map +1 -0
package/dist/generated/profiles.js +212 -0
package/dist/generated/profiles.js.map +1 -0
package/dist/index.d.ts +6 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +52 -1
package/dist/index.js.map +1 -1
package/dist/profiles.d.ts +210 -0
package/dist/profiles.d.ts.map +1 -0
package/dist/profiles.js +368 -0
package/dist/profiles.js.map +1 -0
package/dist/types.d.ts +620 -8
package/dist/types.d.ts.map +1 -1
package/dist/types.js +261 -1
package/dist/types.js.map +1 -1
package/package.json +14 -10

package/dist/types.d.ts CHANGED Viewed

@@ -82,7 +82,7 @@ export declare const PolicyRuleSchema: z.ZodObject<{
         id?: string | undefined;
     }>>;
     /** Purpose(s) this rule applies to - single purpose or array */
-    purpose: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["crawl", "index", "train", "inference", "ai_input", "ai_index", "search"]>, z.ZodArray<z.ZodEnum<["crawl", "index", "train", "inference", "ai_input", "ai_index", "search"]>, "many">]>>;
+    purpose: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, z.ZodArray<z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, "many">]>>;
     /** Licensing mode(s) this rule applies to */
     licensing_mode: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, z.ZodArray<z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, "many">]>>;
     /** Decision if rule matches */
@@ -97,7 +97,7 @@ export declare const PolicyRuleSchema: z.ZodObject<{
         labels?: string[] | undefined;
         id?: string | undefined;
     } | undefined;
-    purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+    purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
     licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
     reason?: string | undefined;
 }, {
@@ -108,7 +108,7 @@ export declare const PolicyRuleSchema: z.ZodObject<{
         labels?: string[] | undefined;
         id?: string | undefined;
     } | undefined;
-    purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+    purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
     licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
     reason?: string | undefined;
 }>;
@@ -172,7 +172,7 @@ export declare const PolicyDocumentSchema: z.ZodObject<{
             id?: string | undefined;
         }>>;
         /** Purpose(s) this rule applies to - single purpose or array */
-        purpose: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["crawl", "index", "train", "inference", "ai_input", "ai_index", "search"]>, z.ZodArray<z.ZodEnum<["crawl", "index", "train", "inference", "ai_input", "ai_index", "search"]>, "many">]>>;
+        purpose: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, z.ZodArray<z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, "many">]>>;
         /** Licensing mode(s) this rule applies to */
         licensing_mode: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, z.ZodArray<z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, "many">]>>;
         /** Decision if rule matches */
@@ -187,7 +187,7 @@ export declare const PolicyDocumentSchema: z.ZodObject<{
             labels?: string[] | undefined;
             id?: string | undefined;
         } | undefined;
-        purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+        purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
         licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
         reason?: string | undefined;
     }, {
@@ -198,7 +198,7 @@ export declare const PolicyDocumentSchema: z.ZodObject<{
             labels?: string[] | undefined;
             id?: string | undefined;
         } | undefined;
-        purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+        purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
         licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
         reason?: string | undefined;
     }>, "many">;
@@ -216,7 +216,7 @@ export declare const PolicyDocumentSchema: z.ZodObject<{
             labels?: string[] | undefined;
             id?: string | undefined;
         } | undefined;
-        purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+        purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
         licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
         reason?: string | undefined;
     }[];
@@ -235,7 +235,7 @@ export declare const PolicyDocumentSchema: z.ZodObject<{
             labels?: string[] | undefined;
             id?: string | undefined;
         } | undefined;
-        purpose?: "crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "ai_input" | "ai_index" | "search")[] | undefined;
+        purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
         licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
         reason?: string | undefined;
     }[];
@@ -273,4 +273,616 @@ export interface EvaluationResult {
     /** Whether default was applied (no rule matched) */
     is_default: boolean;
 }
+/**
+ * Structured rate limit configuration.
+ *
+ * Uses `window_seconds` for future-proofing (avoids enum lock-in).
+ * CLI parses human-friendly strings like "100/hour" to this format.
+ *
+ * @example
+ * ```typescript
+ * const limit: RateLimitConfig = {
+ *   limit: 100,
+ *   window_seconds: 3600, // 1 hour
+ *   burst: 10,
+ *   partition: 'agent',
+ * };
+ * ```
+ */
+export declare const RateLimitConfigSchema: z.ZodObject<{
+    /** Maximum requests allowed in the window */
+    limit: z.ZodNumber;
+    /** Window size in seconds (e.g., 3600 for 1 hour) */
+    window_seconds: z.ZodNumber;
+    /** Optional burst allowance above the limit */
+    burst: z.ZodOptional<z.ZodNumber>;
+    /** How to partition rate limits (default: per-agent) */
+    partition: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["agent", "ip", "account"]>, z.ZodString]>>;
+}, "strict", z.ZodTypeAny, {
+    limit: number;
+    window_seconds: number;
+    burst?: number | undefined;
+    partition?: string | undefined;
+}, {
+    limit: number;
+    window_seconds: number;
+    burst?: number | undefined;
+    partition?: string | undefined;
+}>;
+export type RateLimitConfig = z.infer<typeof RateLimitConfigSchema>;
+/**
+ * Parse a human-friendly rate limit string to RateLimitConfig.
+ *
+ * @example
+ * ```typescript
+ * parseRateLimit('100/hour');   // { limit: 100, window_seconds: 3600 }
+ * parseRateLimit('1000/day');   // { limit: 1000, window_seconds: 86400 }
+ * parseRateLimit('10/minute');  // { limit: 10, window_seconds: 60 }
+ * ```
+ */
+export declare function parseRateLimit(input: string): RateLimitConfig;
+/**
+ * Format a RateLimitConfig to human-friendly string.
+ */
+export declare function formatRateLimit(config: RateLimitConfig): string;
+/**
+ * Requirements for 'review' decision (challenge-required semantics).
+ *
+ * When decision is 'review' and requirements are not met:
+ * - Enforcement returns a challenge response (e.g., HTTP 402)
+ * - Client provides proof (e.g., PEAC receipt)
+ * - On valid proof, access is granted
+ *
+ * This differs from 'deny' which is unconditional rejection.
+ *
+ * @example
+ * ```typescript
+ * const rule: PolicyRule = {
+ *   name: 'inference-needs-receipt',
+ *   purpose: 'inference',
+ *   decision: 'review',
+ *   requirements: { receipt: true },
+ * };
+ * ```
+ */
+export declare const DecisionRequirementsSchema: z.ZodObject<{
+    /** Require a valid PEAC receipt */
+    receipt: z.ZodOptional<z.ZodBoolean>;
+}, "strict", z.ZodTypeAny, {
+    receipt?: boolean | undefined;
+}, {
+    receipt?: boolean | undefined;
+}>;
+export type DecisionRequirements = z.infer<typeof DecisionRequirementsSchema>;
+/**
+ * Profile parameter definition.
+ *
+ * Defines a configurable parameter for a profile.
+ */
+export declare const ProfileParameterSchema: z.ZodObject<{
+    /** Human-readable description */
+    description: z.ZodString;
+    /** Whether this parameter is required */
+    required: z.ZodOptional<z.ZodBoolean>;
+    /** Default value if not provided */
+    default: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
+    /** Example value for documentation */
+    example: z.ZodOptional<z.ZodString>;
+    /** Validation type for the parameter */
+    validate: z.ZodOptional<z.ZodEnum<["email", "url", "rate_limit"]>>;
+}, "strict", z.ZodTypeAny, {
+    description: string;
+    required?: boolean | undefined;
+    default?: string | number | boolean | undefined;
+    example?: string | undefined;
+    validate?: "email" | "url" | "rate_limit" | undefined;
+}, {
+    description: string;
+    required?: boolean | undefined;
+    default?: string | number | boolean | undefined;
+    example?: string | undefined;
+    validate?: "email" | "url" | "rate_limit" | undefined;
+}>;
+export type ProfileParameter = z.infer<typeof ProfileParameterSchema>;
+/**
+ * Profile definition.
+ *
+ * A profile is a pre-configured policy template for a specific use case
+ * (e.g., news publisher, SaaS docs, open source project).
+ *
+ * Profiles are compiled to TypeScript at build time for:
+ * - Type safety
+ * - No runtime YAML/fs dependencies
+ * - Deterministic output
+ *
+ * @example
+ * ```typescript
+ * const profile: ProfileDefinition = {
+ *   id: 'news-media',
+ *   name: 'News Media Publisher',
+ *   description: 'Policy for news and media publishers...',
+ *   policy: { ... },
+ *   parameters: {
+ *     contact: { description: 'Contact email', required: true, validate: 'email' },
+ *     rate_limit: { description: 'Rate limit', default: '100/hour', validate: 'rate_limit' },
+ *   },
+ *   defaults: {
+ *     requirements: { receipt: true },
+ *   },
+ * };
+ * ```
+ */
+export declare const ProfileDefinitionSchema: z.ZodObject<{
+    /** Unique profile identifier (e.g., 'news-media') */
+    id: z.ZodString;
+    /** Human-readable profile name */
+    name: z.ZodString;
+    /** Multi-line description of the profile */
+    description: z.ZodString;
+    /** Base policy document */
+    policy: z.ZodObject<{
+        /** Policy format version */
+        version: z.ZodLiteral<"peac-policy/0.1">;
+        /** Policy name/description (optional) */
+        name: z.ZodOptional<z.ZodString>;
+        /** Default decision (required) */
+        defaults: z.ZodObject<{
+            /** Default decision when no rule matches */
+            decision: z.ZodEnum<["allow", "deny", "review"]>;
+            /** Default reason for audit trail */
+            reason: z.ZodOptional<z.ZodString>;
+        }, "strict", z.ZodTypeAny, {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        }, {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        }>;
+        /** Rules evaluated in order (first match wins) */
+        rules: z.ZodArray<z.ZodObject<{
+            /** Rule name (for debugging/auditing) */
+            name: z.ZodString;
+            /** Subject matcher (omit for any subject) */
+            subject: z.ZodOptional<z.ZodObject<{
+                /** Match by subject type(s) - single type or array */
+                type: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["human", "org", "agent"]>, z.ZodArray<z.ZodEnum<["human", "org", "agent"]>, "many">]>>;
+                /** Match by label(s) - subject must have ALL specified labels */
+                labels: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                /** Match by subject ID pattern (exact match or prefix with *) */
+                id: z.ZodOptional<z.ZodString>;
+            }, "strict", z.ZodTypeAny, {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            }, {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            }>>;
+            /** Purpose(s) this rule applies to - single purpose or array */
+            purpose: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, z.ZodArray<z.ZodEnum<["crawl", "index", "train", "inference", "user_action", "ai_input", "ai_index", "search"]>, "many">]>>;
+            /** Licensing mode(s) this rule applies to */
+            licensing_mode: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, z.ZodArray<z.ZodEnum<["subscription", "pay_per_crawl", "pay_per_inference"]>, "many">]>>;
+            /** Decision if rule matches */
+            decision: z.ZodEnum<["allow", "deny", "review"]>;
+            /** Reason for decision (for audit trail) */
+            reason: z.ZodOptional<z.ZodString>;
+        }, "strict", z.ZodTypeAny, {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }, {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }>, "many">;
+    }, "strict", z.ZodTypeAny, {
+        version: "peac-policy/0.1";
+        defaults: {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        };
+        rules: {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }[];
+        name?: string | undefined;
+    }, {
+        version: "peac-policy/0.1";
+        defaults: {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        };
+        rules: {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }[];
+        name?: string | undefined;
+    }>;
+    /** Configurable parameters */
+    parameters: z.ZodRecord<z.ZodString, z.ZodObject<{
+        /** Human-readable description */
+        description: z.ZodString;
+        /** Whether this parameter is required */
+        required: z.ZodOptional<z.ZodBoolean>;
+        /** Default value if not provided */
+        default: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
+        /** Example value for documentation */
+        example: z.ZodOptional<z.ZodString>;
+        /** Validation type for the parameter */
+        validate: z.ZodOptional<z.ZodEnum<["email", "url", "rate_limit"]>>;
+    }, "strict", z.ZodTypeAny, {
+        description: string;
+        required?: boolean | undefined;
+        default?: string | number | boolean | undefined;
+        example?: string | undefined;
+        validate?: "email" | "url" | "rate_limit" | undefined;
+    }, {
+        description: string;
+        required?: boolean | undefined;
+        default?: string | number | boolean | undefined;
+        example?: string | undefined;
+        validate?: "email" | "url" | "rate_limit" | undefined;
+    }>>;
+    /** Default values for profile instances */
+    defaults: z.ZodOptional<z.ZodObject<{
+        /** Default requirements for 'review' decisions */
+        requirements: z.ZodOptional<z.ZodObject<{
+            /** Require a valid PEAC receipt */
+            receipt: z.ZodOptional<z.ZodBoolean>;
+        }, "strict", z.ZodTypeAny, {
+            receipt?: boolean | undefined;
+        }, {
+            receipt?: boolean | undefined;
+        }>>;
+        /** Default rate limit */
+        rate_limit: z.ZodOptional<z.ZodObject<{
+            /** Maximum requests allowed in the window */
+            limit: z.ZodNumber;
+            /** Window size in seconds (e.g., 3600 for 1 hour) */
+            window_seconds: z.ZodNumber;
+            /** Optional burst allowance above the limit */
+            burst: z.ZodOptional<z.ZodNumber>;
+            /** How to partition rate limits (default: per-agent) */
+            partition: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["agent", "ip", "account"]>, z.ZodString]>>;
+        }, "strict", z.ZodTypeAny, {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        }, {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        }>>;
+    }, "strict", z.ZodTypeAny, {
+        rate_limit?: {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        } | undefined;
+        requirements?: {
+            receipt?: boolean | undefined;
+        } | undefined;
+    }, {
+        rate_limit?: {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        } | undefined;
+        requirements?: {
+            receipt?: boolean | undefined;
+        } | undefined;
+    }>>;
+}, "strict", z.ZodTypeAny, {
+    id: string;
+    name: string;
+    description: string;
+    policy: {
+        version: "peac-policy/0.1";
+        defaults: {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        };
+        rules: {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }[];
+        name?: string | undefined;
+    };
+    parameters: Record<string, {
+        description: string;
+        required?: boolean | undefined;
+        default?: string | number | boolean | undefined;
+        example?: string | undefined;
+        validate?: "email" | "url" | "rate_limit" | undefined;
+    }>;
+    defaults?: {
+        rate_limit?: {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        } | undefined;
+        requirements?: {
+            receipt?: boolean | undefined;
+        } | undefined;
+    } | undefined;
+}, {
+    id: string;
+    name: string;
+    description: string;
+    policy: {
+        version: "peac-policy/0.1";
+        defaults: {
+            decision: "allow" | "deny" | "review";
+            reason?: string | undefined;
+        };
+        rules: {
+            name: string;
+            decision: "allow" | "deny" | "review";
+            subject?: {
+                type?: "human" | "org" | "agent" | ("human" | "org" | "agent")[] | undefined;
+                labels?: string[] | undefined;
+                id?: string | undefined;
+            } | undefined;
+            purpose?: "crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search" | ("crawl" | "index" | "train" | "inference" | "user_action" | "ai_input" | "ai_index" | "search")[] | undefined;
+            licensing_mode?: "subscription" | "pay_per_crawl" | "pay_per_inference" | ("subscription" | "pay_per_crawl" | "pay_per_inference")[] | undefined;
+            reason?: string | undefined;
+        }[];
+        name?: string | undefined;
+    };
+    parameters: Record<string, {
+        description: string;
+        required?: boolean | undefined;
+        default?: string | number | boolean | undefined;
+        example?: string | undefined;
+        validate?: "email" | "url" | "rate_limit" | undefined;
+    }>;
+    defaults?: {
+        rate_limit?: {
+            limit: number;
+            window_seconds: number;
+            burst?: number | undefined;
+            partition?: string | undefined;
+        } | undefined;
+        requirements?: {
+            receipt?: boolean | undefined;
+        } | undefined;
+    } | undefined;
+}>;
+export type ProfileDefinition = z.infer<typeof ProfileDefinitionSchema>;
+/**
+ * Policy constraints for rate limiting and budget control.
+ *
+ * These constraints are ADVISORY - enforcement happens at the edge/application layer.
+ * PEAC receipts capture what constraints were DECLARED, not whether they were enforced.
+ *
+ * @example
+ * ```typescript
+ * const constraints: PolicyConstraints = {
+ *   rate_limit: { window_s: 3600, max: 100 },
+ *   budget: { max_requests: 1000 },
+ * };
+ * ```
+ */
+export declare const PolicyConstraintsSchema: z.ZodObject<{
+    /** Rate limit configuration */
+    rate_limit: z.ZodOptional<z.ZodObject<{
+        /** Window size in seconds */
+        window_s: z.ZodNumber;
+        /** Maximum requests allowed in the window */
+        max: z.ZodNumber;
+        /** Retry-After header value in seconds (optional) */
+        retry_after_s: z.ZodOptional<z.ZodNumber>;
+    }, "strict", z.ZodTypeAny, {
+        window_s: number;
+        max: number;
+        retry_after_s?: number | undefined;
+    }, {
+        window_s: number;
+        max: number;
+        retry_after_s?: number | undefined;
+    }>>;
+    /** Budget constraints */
+    budget: z.ZodOptional<z.ZodObject<{
+        /** Maximum tokens allowed */
+        max_tokens: z.ZodOptional<z.ZodNumber>;
+        /** Maximum requests allowed */
+        max_requests: z.ZodOptional<z.ZodNumber>;
+    }, "strict", z.ZodTypeAny, {
+        max_tokens?: number | undefined;
+        max_requests?: number | undefined;
+    }, {
+        max_tokens?: number | undefined;
+        max_requests?: number | undefined;
+    }>>;
+}, "strict", z.ZodTypeAny, {
+    rate_limit?: {
+        window_s: number;
+        max: number;
+        retry_after_s?: number | undefined;
+    } | undefined;
+    budget?: {
+        max_tokens?: number | undefined;
+        max_requests?: number | undefined;
+    } | undefined;
+}, {
+    rate_limit?: {
+        window_s: number;
+        max: number;
+        retry_after_s?: number | undefined;
+    } | undefined;
+    budget?: {
+        max_tokens?: number | undefined;
+        max_requests?: number | undefined;
+    } | undefined;
+}>;
+export type PolicyConstraints = z.infer<typeof PolicyConstraintsSchema>;
+/**
+ * Enforcement profile for purpose handling.
+ *
+ * Defines how undeclared or unknown purposes are handled at the enforcement layer.
+ * These are distinct from use-case profiles (api-provider, news-media, etc.).
+ *
+ * Three canonical profiles:
+ * - `strict`: Deny undeclared purposes (regulated data, private APIs)
+ * - `balanced`: Review + constraints for undeclared purposes (general web, default)
+ * - `open`: Allow undeclared purposes with recording (public content, research)
+ */
+export type EnforcementProfileId = 'strict' | 'balanced' | 'open';
+/**
+ * Enforcement profile definition.
+ *
+ * Specifies how to handle requests with undeclared, unknown, or missing purposes.
+ */
+export declare const EnforcementProfileSchema: z.ZodObject<{
+    /** Profile identifier */
+    id: z.ZodEnum<["strict", "balanced", "open"]>;
+    /** Human-readable name */
+    name: z.ZodString;
+    /** Description of when to use this profile */
+    description: z.ZodString;
+    /** Decision for requests with no purpose declared (missing header) */
+    undeclared_decision: z.ZodEnum<["allow", "deny", "review"]>;
+    /** Decision for requests with unknown purpose tokens */
+    unknown_decision: z.ZodEnum<["allow", "deny", "review"]>;
+    /** Purpose reason to record when undeclared/unknown is processed */
+    purpose_reason: z.ZodEnum<["allowed", "constrained", "denied", "downgraded", "undeclared_default", "unknown_preserved"]>;
+    /** Default constraints to apply for 'review' decisions */
+    default_constraints: z.ZodOptional<z.ZodObject<{
+        /** Rate limit configuration */
+        rate_limit: z.ZodOptional<z.ZodObject<{
+            /** Window size in seconds */
+            window_s: z.ZodNumber;
+            /** Maximum requests allowed in the window */
+            max: z.ZodNumber;
+            /** Retry-After header value in seconds (optional) */
+            retry_after_s: z.ZodOptional<z.ZodNumber>;
+        }, "strict", z.ZodTypeAny, {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        }, {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        }>>;
+        /** Budget constraints */
+        budget: z.ZodOptional<z.ZodObject<{
+            /** Maximum tokens allowed */
+            max_tokens: z.ZodOptional<z.ZodNumber>;
+            /** Maximum requests allowed */
+            max_requests: z.ZodOptional<z.ZodNumber>;
+        }, "strict", z.ZodTypeAny, {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        }, {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        }>>;
+    }, "strict", z.ZodTypeAny, {
+        rate_limit?: {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        } | undefined;
+        budget?: {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        } | undefined;
+    }, {
+        rate_limit?: {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        } | undefined;
+        budget?: {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        } | undefined;
+    }>>;
+    /** Whether receipts are required for allowed requests */
+    receipts: z.ZodEnum<["required", "optional", "omit"]>;
+}, "strict", z.ZodTypeAny, {
+    id: "strict" | "balanced" | "open";
+    name: string;
+    description: string;
+    undeclared_decision: "allow" | "deny" | "review";
+    unknown_decision: "allow" | "deny" | "review";
+    purpose_reason: "allowed" | "constrained" | "denied" | "downgraded" | "undeclared_default" | "unknown_preserved";
+    receipts: "required" | "omit" | "optional";
+    default_constraints?: {
+        rate_limit?: {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        } | undefined;
+        budget?: {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        } | undefined;
+    } | undefined;
+}, {
+    id: "strict" | "balanced" | "open";
+    name: string;
+    description: string;
+    undeclared_decision: "allow" | "deny" | "review";
+    unknown_decision: "allow" | "deny" | "review";
+    purpose_reason: "allowed" | "constrained" | "denied" | "downgraded" | "undeclared_default" | "unknown_preserved";
+    receipts: "required" | "omit" | "optional";
+    default_constraints?: {
+        rate_limit?: {
+            window_s: number;
+            max: number;
+            retry_after_s?: number | undefined;
+        } | undefined;
+        budget?: {
+            max_tokens?: number | undefined;
+            max_requests?: number | undefined;
+        } | undefined;
+    } | undefined;
+}>;
+export type EnforcementProfile = z.infer<typeof EnforcementProfileSchema>;
 //# sourceMappingURL=types.d.ts.map