@peac/schema 0.10.14 → 0.11.1

package/dist/agent-identity.d.ts

@@ -14,7 +14,10 @@ import type { JsonValue } from '@peac/kernel';
  * - 'operator': Bot/crawler operated by a known organization (e.g., Googlebot, GPTBot)
  * - 'user-delegated': Agent acting on behalf of a human user (e.g., browser extension, AI assistant)
  */
-export declare const ControlTypeSchema: z.ZodEnum<["operator", "user-delegated"]>;
+export declare const ControlTypeSchema: z.ZodEnum<{
+    operator: "operator";
+    "user-delegated": "user-delegated";
+}>;
 export type ControlType = z.infer<typeof ControlTypeSchema>;
 /**
  * Array of valid control types for runtime checks
@@ -28,7 +31,12 @@ export declare const CONTROL_TYPES: readonly ["operator", "user-delegated"];
  * - 'mtls': Mutual TLS client certificate
  * - 'jwk-thumbprint': JWK Thumbprint confirmation (RFC 7638)
  */
-export declare const ProofMethodSchema: z.ZodEnum<["http-message-signature", "dpop", "mtls", "jwk-thumbprint"]>;
+export declare const ProofMethodSchema: z.ZodEnum<{
+    "http-message-signature": "http-message-signature";
+    dpop: "dpop";
+    mtls: "mtls";
+    "jwk-thumbprint": "jwk-thumbprint";
+}>;
 export type ProofMethod = z.infer<typeof ProofMethodSchema>;
 /**
  * Array of valid proof methods for runtime checks
@@ -40,100 +48,36 @@ export declare const PROOF_METHODS: readonly ["http-message-signature", "dpop",
  * This allows verifiers to reconstruct the binding message for verification.
  */
 export declare const BindingDetailsSchema: z.ZodObject<{
-    /** HTTP method (uppercase: GET, POST, etc.) */
     method: z.ZodString;
-    /** Target URI of the request */
     target: z.ZodString;
-    /** Headers included in the signature (lowercase) */
-    headers_included: z.ZodArray<z.ZodString, "many">;
-    /** SHA-256 hash of request body (base64url), empty string if no body */
+    headers_included: z.ZodArray<z.ZodString>;
     body_hash: z.ZodOptional<z.ZodString>;
-    /** When the binding was signed (RFC 3339) */
     signed_at: z.ZodString;
-}, "strict", z.ZodTypeAny, {
-    method: string;
-    target: string;
-    headers_included: string[];
-    signed_at: string;
-    body_hash?: string | undefined;
-}, {
-    method: string;
-    target: string;
-    headers_included: string[];
-    signed_at: string;
-    body_hash?: string | undefined;
-}>;
+}, z.core.$strict>;
 export type BindingDetails = z.infer<typeof BindingDetailsSchema>;
 /**
  * Proof of control binding - cryptographic evidence that the agent controls the key.
  */
 export declare const AgentProofSchema: z.ZodObject<{
-    /** Proof method used */
-    method: z.ZodEnum<["http-message-signature", "dpop", "mtls", "jwk-thumbprint"]>;
-    /** Key ID (matches kid in JWS header or JWKS) */
+    method: z.ZodEnum<{
+        "http-message-signature": "http-message-signature";
+        dpop: "dpop";
+        mtls: "mtls";
+        "jwk-thumbprint": "jwk-thumbprint";
+    }>;
     key_id: z.ZodString;
-    /** Algorithm used (default: EdDSA for Ed25519) */
     alg: z.ZodDefault<z.ZodString>;
-    /** Signature over binding message (base64url, for http-message-signature) */
     signature: z.ZodOptional<z.ZodString>;
-    /** DPoP proof JWT (for dpop method) */
     dpop_proof: z.ZodOptional<z.ZodString>;
-    /** Certificate fingerprint (for mtls method, SHA-256 base64url) */
     cert_thumbprint: z.ZodOptional<z.ZodString>;
-    /** Binding details for http-message-signature */
     binding: z.ZodOptional<z.ZodObject<{
-        /** HTTP method (uppercase: GET, POST, etc.) */
         method: z.ZodString;
-        /** Target URI of the request */
         target: z.ZodString;
-        /** Headers included in the signature (lowercase) */
-        headers_included: z.ZodArray<z.ZodString, "many">;
-        /** SHA-256 hash of request body (base64url), empty string if no body */
+        headers_included: z.ZodArray<z.ZodString>;
         body_hash: z.ZodOptional<z.ZodString>;
-        /** When the binding was signed (RFC 3339) */
         signed_at: z.ZodString;
-    }, "strict", z.ZodTypeAny, {
-        method: string;
-        target: string;
-        headers_included: string[];
-        signed_at: string;
-        body_hash?: string | undefined;
-    }, {
-        method: string;
-        target: string;
-        headers_included: string[];
-        signed_at: string;
-        body_hash?: string | undefined;
-    }>>;
-}, "strict", z.ZodTypeAny, {
-    method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-    key_id: string;
-    alg: string;
-    signature?: string | undefined;
-    dpop_proof?: string | undefined;
-    cert_thumbprint?: string | undefined;
-    binding?: {
-        method: string;
-        target: string;
-        headers_included: string[];
-        signed_at: string;
-        body_hash?: string | undefined;
-    } | undefined;
-}, {
-    method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-    key_id: string;
-    alg?: string | undefined;
-    signature?: string | undefined;
-    dpop_proof?: string | undefined;
-    cert_thumbprint?: string | undefined;
-    binding?: {
-        method: string;
-        target: string;
-        headers_included: string[];
-        signed_at: string;
-        body_hash?: string | undefined;
-    } | undefined;
-}>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;
 export type AgentProof = z.infer<typeof AgentProofSchema>;
 /**
  * Agent identity evidence - the payload of an AgentIdentityAttestation.
@@ -142,139 +86,38 @@ export type AgentProof = z.infer<typeof AgentProofSchema>;
  * cryptographic proof of key control.
  */
 export declare const AgentIdentityEvidenceSchema: z.ZodObject<{
-    /** Stable agent identifier (opaque string, REQUIRED) */
     agent_id: z.ZodString;
-    /** Control type: operator-verified or user-delegated (REQUIRED) */
-    control_type: z.ZodEnum<["operator", "user-delegated"]>;
-    /** Agent capabilities/scopes (optional, for fine-grained access) */
-    capabilities: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /** Delegation chain for user-delegated agents (optional) */
-    delegation_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /** Cryptographic proof of key control (optional) */
+    control_type: z.ZodEnum<{
+        operator: "operator";
+        "user-delegated": "user-delegated";
+    }>;
+    capabilities: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    delegation_chain: z.ZodOptional<z.ZodArray<z.ZodString>>;
     proof: z.ZodOptional<z.ZodObject<{
-        /** Proof method used */
-        method: z.ZodEnum<["http-message-signature", "dpop", "mtls", "jwk-thumbprint"]>;
-        /** Key ID (matches kid in JWS header or JWKS) */
+        method: z.ZodEnum<{
+            "http-message-signature": "http-message-signature";
+            dpop: "dpop";
+            mtls: "mtls";
+            "jwk-thumbprint": "jwk-thumbprint";
+        }>;
         key_id: z.ZodString;
-        /** Algorithm used (default: EdDSA for Ed25519) */
         alg: z.ZodDefault<z.ZodString>;
-        /** Signature over binding message (base64url, for http-message-signature) */
         signature: z.ZodOptional<z.ZodString>;
-        /** DPoP proof JWT (for dpop method) */
         dpop_proof: z.ZodOptional<z.ZodString>;
-        /** Certificate fingerprint (for mtls method, SHA-256 base64url) */
         cert_thumbprint: z.ZodOptional<z.ZodString>;
-        /** Binding details for http-message-signature */
         binding: z.ZodOptional<z.ZodObject<{
-            /** HTTP method (uppercase: GET, POST, etc.) */
             method: z.ZodString;
-            /** Target URI of the request */
             target: z.ZodString;
-            /** Headers included in the signature (lowercase) */
-            headers_included: z.ZodArray<z.ZodString, "many">;
-            /** SHA-256 hash of request body (base64url), empty string if no body */
+            headers_included: z.ZodArray<z.ZodString>;
             body_hash: z.ZodOptional<z.ZodString>;
-            /** When the binding was signed (RFC 3339) */
             signed_at: z.ZodString;
-        }, "strict", z.ZodTypeAny, {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        }, {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        }>>;
-    }, "strict", z.ZodTypeAny, {
-        method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-        key_id: string;
-        alg: string;
-        signature?: string | undefined;
-        dpop_proof?: string | undefined;
-        cert_thumbprint?: string | undefined;
-        binding?: {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        } | undefined;
-    }, {
-        method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-        key_id: string;
-        alg?: string | undefined;
-        signature?: string | undefined;
-        dpop_proof?: string | undefined;
-        cert_thumbprint?: string | undefined;
-        binding?: {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        } | undefined;
-    }>>;
-    /** Key directory URL for public key discovery (optional) */
+        }, z.core.$strict>>;
+    }, z.core.$strict>>;
     key_directory_url: z.ZodOptional<z.ZodString>;
-    /** Agent operator/organization (optional, for operator type) */
     operator: z.ZodOptional<z.ZodString>;
-    /** User identifier (optional, for user-delegated type, should be opaque) */
     user_id: z.ZodOptional<z.ZodString>;
-    /** Additional type-specific metadata (optional) */
-    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, z.ZodTypeDef, JsonValue>>>;
-}, "strict", z.ZodTypeAny, {
-    agent_id: string;
-    control_type: "operator" | "user-delegated";
-    operator?: string | undefined;
-    capabilities?: string[] | undefined;
-    delegation_chain?: string[] | undefined;
-    proof?: {
-        method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-        key_id: string;
-        alg: string;
-        signature?: string | undefined;
-        dpop_proof?: string | undefined;
-        cert_thumbprint?: string | undefined;
-        binding?: {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        } | undefined;
-    } | undefined;
-    key_directory_url?: string | undefined;
-    user_id?: string | undefined;
-    metadata?: Record<string, JsonValue> | undefined;
-}, {
-    agent_id: string;
-    control_type: "operator" | "user-delegated";
-    operator?: string | undefined;
-    capabilities?: string[] | undefined;
-    delegation_chain?: string[] | undefined;
-    proof?: {
-        method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-        key_id: string;
-        alg?: string | undefined;
-        signature?: string | undefined;
-        dpop_proof?: string | undefined;
-        cert_thumbprint?: string | undefined;
-        binding?: {
-            method: string;
-            target: string;
-            headers_included: string[];
-            signed_at: string;
-            body_hash?: string | undefined;
-        } | undefined;
-    } | undefined;
-    key_directory_url?: string | undefined;
-    user_id?: string | undefined;
-    metadata?: Record<string, JsonValue> | undefined;
-}>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
+}, z.core.$strict>;
 export type AgentIdentityEvidence = z.infer<typeof AgentIdentityEvidenceSchema>;
 /**
  * Attestation type literal for agent identity
@@ -307,214 +150,45 @@ export declare const AGENT_IDENTITY_TYPE: "peac/agent-identity";
  * ```
  */
 export declare const AgentIdentityAttestationSchema: z.ZodObject<{
-    /** Attestation type (MUST be 'peac/agent-identity') */
     type: z.ZodLiteral<"peac/agent-identity">;
-    /** Issuer of the attestation (agent operator, IdP, or platform) */
     issuer: z.ZodString;
-    /** When the attestation was issued (RFC 3339) */
     issued_at: z.ZodString;
-    /** When the attestation expires (RFC 3339, optional) */
     expires_at: z.ZodOptional<z.ZodString>;
-    /** Reference to external verification endpoint (optional) */
     ref: z.ZodOptional<z.ZodString>;
-    /** Agent identity evidence */
     evidence: z.ZodObject<{
-        /** Stable agent identifier (opaque string, REQUIRED) */
         agent_id: z.ZodString;
-        /** Control type: operator-verified or user-delegated (REQUIRED) */
-        control_type: z.ZodEnum<["operator", "user-delegated"]>;
-        /** Agent capabilities/scopes (optional, for fine-grained access) */
-        capabilities: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-        /** Delegation chain for user-delegated agents (optional) */
-        delegation_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-        /** Cryptographic proof of key control (optional) */
+        control_type: z.ZodEnum<{
+            operator: "operator";
+            "user-delegated": "user-delegated";
+        }>;
+        capabilities: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        delegation_chain: z.ZodOptional<z.ZodArray<z.ZodString>>;
         proof: z.ZodOptional<z.ZodObject<{
-            /** Proof method used */
-            method: z.ZodEnum<["http-message-signature", "dpop", "mtls", "jwk-thumbprint"]>;
-            /** Key ID (matches kid in JWS header or JWKS) */
+            method: z.ZodEnum<{
+                "http-message-signature": "http-message-signature";
+                dpop: "dpop";
+                mtls: "mtls";
+                "jwk-thumbprint": "jwk-thumbprint";
+            }>;
             key_id: z.ZodString;
-            /** Algorithm used (default: EdDSA for Ed25519) */
             alg: z.ZodDefault<z.ZodString>;
-            /** Signature over binding message (base64url, for http-message-signature) */
             signature: z.ZodOptional<z.ZodString>;
-            /** DPoP proof JWT (for dpop method) */
             dpop_proof: z.ZodOptional<z.ZodString>;
-            /** Certificate fingerprint (for mtls method, SHA-256 base64url) */
             cert_thumbprint: z.ZodOptional<z.ZodString>;
-            /** Binding details for http-message-signature */
             binding: z.ZodOptional<z.ZodObject<{
-                /** HTTP method (uppercase: GET, POST, etc.) */
                 method: z.ZodString;
-                /** Target URI of the request */
                 target: z.ZodString;
-                /** Headers included in the signature (lowercase) */
-                headers_included: z.ZodArray<z.ZodString, "many">;
-                /** SHA-256 hash of request body (base64url), empty string if no body */
+                headers_included: z.ZodArray<z.ZodString>;
                 body_hash: z.ZodOptional<z.ZodString>;
-                /** When the binding was signed (RFC 3339) */
                 signed_at: z.ZodString;
-            }, "strict", z.ZodTypeAny, {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            }, {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            }>>;
-        }, "strict", z.ZodTypeAny, {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg: string;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        }, {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg?: string | undefined;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        }>>;
-        /** Key directory URL for public key discovery (optional) */
+            }, z.core.$strict>>;
+        }, z.core.$strict>>;
         key_directory_url: z.ZodOptional<z.ZodString>;
-        /** Agent operator/organization (optional, for operator type) */
         operator: z.ZodOptional<z.ZodString>;
-        /** User identifier (optional, for user-delegated type, should be opaque) */
         user_id: z.ZodOptional<z.ZodString>;
-        /** Additional type-specific metadata (optional) */
-        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, z.ZodTypeDef, JsonValue>>>;
-    }, "strict", z.ZodTypeAny, {
-        agent_id: string;
-        control_type: "operator" | "user-delegated";
-        operator?: string | undefined;
-        capabilities?: string[] | undefined;
-        delegation_chain?: string[] | undefined;
-        proof?: {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg: string;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        } | undefined;
-        key_directory_url?: string | undefined;
-        user_id?: string | undefined;
-        metadata?: Record<string, JsonValue> | undefined;
-    }, {
-        agent_id: string;
-        control_type: "operator" | "user-delegated";
-        operator?: string | undefined;
-        capabilities?: string[] | undefined;
-        delegation_chain?: string[] | undefined;
-        proof?: {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg?: string | undefined;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        } | undefined;
-        key_directory_url?: string | undefined;
-        user_id?: string | undefined;
-        metadata?: Record<string, JsonValue> | undefined;
-    }>;
-}, "strict", z.ZodTypeAny, {
-    type: "peac/agent-identity";
-    issuer: string;
-    issued_at: string;
-    evidence: {
-        agent_id: string;
-        control_type: "operator" | "user-delegated";
-        operator?: string | undefined;
-        capabilities?: string[] | undefined;
-        delegation_chain?: string[] | undefined;
-        proof?: {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg: string;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        } | undefined;
-        key_directory_url?: string | undefined;
-        user_id?: string | undefined;
-        metadata?: Record<string, JsonValue> | undefined;
-    };
-    expires_at?: string | undefined;
-    ref?: string | undefined;
-}, {
-    type: "peac/agent-identity";
-    issuer: string;
-    issued_at: string;
-    evidence: {
-        agent_id: string;
-        control_type: "operator" | "user-delegated";
-        operator?: string | undefined;
-        capabilities?: string[] | undefined;
-        delegation_chain?: string[] | undefined;
-        proof?: {
-            method: "http-message-signature" | "dpop" | "mtls" | "jwk-thumbprint";
-            key_id: string;
-            alg?: string | undefined;
-            signature?: string | undefined;
-            dpop_proof?: string | undefined;
-            cert_thumbprint?: string | undefined;
-            binding?: {
-                method: string;
-                target: string;
-                headers_included: string[];
-                signed_at: string;
-                body_hash?: string | undefined;
-            } | undefined;
-        } | undefined;
-        key_directory_url?: string | undefined;
-        user_id?: string | undefined;
-        metadata?: Record<string, JsonValue> | undefined;
-    };
-    expires_at?: string | undefined;
-    ref?: string | undefined;
-}>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<JsonValue, unknown, z.core.$ZodTypeInternals<JsonValue, unknown>>>>;
+    }, z.core.$strict>;
+}, z.core.$strict>;
 export type AgentIdentityAttestation = z.infer<typeof AgentIdentityAttestationSchema>;
 /**
  * Identity binding result from constructBindingMessage().
@@ -522,25 +196,11 @@ export type AgentIdentityAttestation = z.infer<typeof AgentIdentityAttestationSc
  * Used to tie an agent identity attestation to a specific HTTP request.
  */
 export declare const IdentityBindingSchema: z.ZodObject<{
-    /** SHA-256 hash of the canonical binding message (base64url) */
     binding_message_hash: z.ZodString;
-    /** Ed25519 signature over binding message (base64url) */
     signature: z.ZodString;
-    /** Key ID used for signing */
     key_id: z.ZodString;
-    /** When the binding was created (RFC 3339) */
     signed_at: z.ZodString;
-}, "strict", z.ZodTypeAny, {
-    signed_at: string;
-    key_id: string;
-    signature: string;
-    binding_message_hash: string;
-}, {
-    signed_at: string;
-    key_id: string;
-    signature: string;
-    binding_message_hash: string;
-}>;
+}, z.core.$strict>;
 export type IdentityBinding = z.infer<typeof IdentityBindingSchema>;
 /**
  * Agent identity verification result to include in receipt evidence.
@@ -549,29 +209,15 @@ export type IdentityBinding = z.infer<typeof IdentityBindingSchema>;
  * attestation, binding the verified identity to the issued receipt.
  */
 export declare const AgentIdentityVerifiedSchema: z.ZodObject<{
-    /** Agent ID from the verified attestation */
     agent_id: z.ZodString;
-    /** Control type from the verified attestation */
-    control_type: z.ZodEnum<["operator", "user-delegated"]>;
-    /** When the publisher verified the identity (RFC 3339) */
+    control_type: z.ZodEnum<{
+        operator: "operator";
+        "user-delegated": "user-delegated";
+    }>;
     verified_at: z.ZodString;
-    /** Key ID that was used for verification */
     key_id: z.ZodString;
-    /** SHA-256 hash of the binding message (base64url) */
     binding_hash: z.ZodString;
-}, "strict", z.ZodTypeAny, {
-    key_id: string;
-    agent_id: string;
-    control_type: "operator" | "user-delegated";
-    verified_at: string;
-    binding_hash: string;
-}, {
-    key_id: string;
-    agent_id: string;
-    control_type: "operator" | "user-delegated";
-    verified_at: string;
-    binding_hash: string;
-}>;
+}, z.core.$strict>;
 export type AgentIdentityVerified = z.infer<typeof AgentIdentityVerifiedSchema>;
 /**
  * Validate an AgentIdentityAttestation.

package/dist/agent-identity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-identity.d.ts","sourceRoot":"","sources":["../src/agent-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAO9C;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,2CAAyC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,aAAa,yCAA0C,CAAC;AAMrE;;;;;;;GAOG;AACH,eAAO,MAAM,iBAAiB,yEAK5B,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,aAAa,uEAAwE,CAAC;AAMnG;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;IAE7B,+CAA+C;;IAG/C,gCAAgC;;IAGhC,oDAAoD;;IAGpD,wEAAwE;;IAGxE,6CAA6C;;;;;;;;;;;;;;EAGtC,CAAC;AACZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,gBAAgB;IAEzB,wBAAwB;;IAGxB,iDAAiD;;IAGjD,kDAAkD;;IAGlD,6EAA6E;;IAG7E,uCAAuC;;IAGvC,mEAAmE;;IAGnE,iDAAiD;;QA7CjD,+CAA+C;;QAG/C,gCAAgC;;QAGhC,oDAAoD;;QAGpD,wEAAwE;;QAGxE,6CAA6C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoCtC,CAAC;AACZ,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAM1D;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;IAEpC,wDAAwD;;IAGxD,mEAAmE;;IAGnE,oEAAoE;;IAGpE,4DAA4D;;IAG5D,oDAAoD;;QAhDpD,wBAAwB;;QAGxB,iDAAiD;;QAGjD,kDAAkD;;QAGlD,6EAA6E;;QAG7E,uCAAuC;;QAGvC,mEAAmE;;QAGnE,iDAAiD;;YA7CjD,+CAA+C;;YAG/C,gCAAgC;;YAGhC,oDAAoD;;YAGpD,wEAAwE;;YAGxE,6CAA6C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAkE7C,4DAA4D;;IAG5D,gEAAgE;;IAGhE,4EAA4E;;IAG5E,mDAAmD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAG5C,CAAC;AACZ,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAMhF;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAG,qBAA8B,CAAC;AAElE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,8BAA8B;IAEvC,uDAAuD;;IAGvD,mEAAmE;;IAGnE,iDAAiD;;IAGjD,wDAAwD;;IAGxD,6DAA6D;;IAG7D,8BAA8B;;QAlF9B,wDAAwD;;QAGxD,mEAAmE;;QAGnE,oEAAoE;;QAGpE,4DAA4D;;QAG5D,oDAAoD;;YAhDpD,wBAAwB;;YAGxB,iDAAiD;;YAGjD,kDAAkD;;YAGlD,6EAA6E;;YAG7E,uCAAuC;;YAGvC,mEAAmE;;YAGnE,iDAAiD;;gBA7CjD,+CAA+C;;gBAG/C,gCAAgC;;gBAGhC,oDAAoD;;gBAGpD,wEAAwE;;gBAGxE,6CAA6C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkE7C,4DAA4D;;QAG5D,gEAAgE;;QAGhE,4EAA4E;;QAG5E,mDAAmD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6D5C,CAAC;AACZ,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAMtF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB;IAE9B,gEAAgE;;IAGhE,yDAAyD;;IAGzD,8BAA8B;;IAG9B,8CAA8C;;;;;;;;;;;;EAGvC,CAAC;AACZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAMpE;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;IAEpC,6CAA6C;;IAG7C,iDAAiD;;IAGjD,0DAA0D;;IAG1D,4CAA4C;;IAG5C,sDAAsD;;;;;;;;;;;;;;EAG/C,CAAC;AACZ,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAMhF;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gCAAgC,CAC9C,IAAI,EAAE,OAAO,GACZ;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,wBAAwB,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAM9E;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE;IACtD,IAAI,EAAE,MAAM,CAAC;CACd,GAAG,WAAW,IAAI,wBAAwB,CAE1C;AAED;;GAEG;AACH,MAAM,WAAW,oCAAoC;IACnD,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,YAAY,EAAE,WAAW,CAAC;IAC1B,qCAAqC;IACrC,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,oCAAoC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,qDAAqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CACtC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,oCAAoC,GAC3C,wBAAwB,CA4C1B;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,OAAO,GACZ;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAMrE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,wBAAwB,EACrC,SAAS,GAAE,MAAc,GACxB,OAAO,CAOT;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,wBAAwB,EACrC,SAAS,GAAE,MAAc,GACxB,OAAO,CAIT"}
+{"version":3,"file":"agent-identity.d.ts","sourceRoot":"","sources":["../src/agent-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAO9C;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;EAAyC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,aAAa,yCAA0C,CAAC;AAMrE;;;;;;;GAOG;AACH,eAAO,MAAM,iBAAiB;;;;;EAK5B,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,aAAa,uEAAwE,CAAC;AAMnG;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;;;;;;kBAiBtB,CAAC;AACZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;kBAuBlB,CAAC;AACZ,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAM1D;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA6B7B,CAAC;AACZ,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAMhF;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAG,qBAA8B,CAAC;AAElE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAoBhC,CAAC;AACZ,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAMtF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB;;;;;kBAcvB,CAAC;AACZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAMpE;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;kBAiB7B,CAAC;AACZ,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAMhF;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gCAAgC,CAC9C,IAAI,EAAE,OAAO,GACZ;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,wBAAwB,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAM9E;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE;IACtD,IAAI,EAAE,MAAM,CAAC;CACd,GAAG,WAAW,IAAI,wBAAwB,CAE1C;AAED;;GAEG;AACH,MAAM,WAAW,oCAAoC;IACnD,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,YAAY,EAAE,WAAW,CAAC;IAC1B,qCAAqC;IACrC,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,oCAAoC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,qDAAqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CACtC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,oCAAoC,GAC3C,wBAAwB,CA4C1B;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,OAAO,GACZ;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAMrE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,wBAAwB,EACrC,SAAS,GAAE,MAAc,GACxB,OAAO,CAOT;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,wBAAwB,EACrC,SAAS,GAAE,MAAc,GACxB,OAAO,CAIT"}

package/dist/attestation-receipt.d.ts

@@ -58,21 +58,10 @@ export declare const ATTESTATION_LIMITS: {
  * leaking sensitive data (API keys, tokens, PII in parameters).
  */
 export declare const MinimalInteractionBindingSchema: z.ZodObject<{
-    /** HTTP method (uppercase, e.g., GET, POST) */
-    method: z.ZodEffects<z.ZodString, string, string>;
-    /** Request path (no query string by default) */
+    method: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
     path: z.ZodString;
-    /** HTTP response status code */
     status: z.ZodNumber;
-}, "strict", z.ZodTypeAny, {
-    path: string;
-    status: number;
-    method: string;
-}, {
-    path: string;
-    status: number;
-    method: string;
-}>;
+}, z.core.$strict>;
 /**
  * Attestation receipt extensions schema
  *
@@ -87,37 +76,14 @@ export declare const AttestationExtensionsSchema: z.ZodRecord<z.ZodString, z.Zod
  * ReceiptClaimsSchema from ./validators.ts
  */
 export declare const AttestationReceiptClaimsSchema: z.ZodObject<{
-    /** Issuer URL (normalized, no trailing slash) */
-    iss: z.ZodEffects<z.ZodString, string, string>;
-    /** Audience URL */
-    aud: z.ZodEffects<z.ZodString, string, string>;
-    /** Issued at (Unix seconds) */
+    iss: z.ZodString;
+    aud: z.ZodString;
     iat: z.ZodNumber;
-    /** Expiration (Unix seconds) */
     exp: z.ZodNumber;
-    /** Receipt ID (UUIDv7) */
     rid: z.ZodString;
-    /** Subject identifier (optional) */
     sub: z.ZodOptional<z.ZodString>;
-    /** Extensions (optional) */
     ext: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-}, "strict", z.ZodTypeAny, {
-    iss: string;
-    aud: string;
-    iat: number;
-    exp: number;
-    rid: string;
-    sub?: string | undefined;
-    ext?: Record<string, unknown> | undefined;
-}, {
-    iss: string;
-    aud: string;
-    iat: number;
-    exp: number;
-    rid: string;
-    sub?: string | undefined;
-    ext?: Record<string, unknown> | undefined;
-}>;
+}, z.core.$strict>;
 export type MinimalInteractionBinding = z.infer<typeof MinimalInteractionBindingSchema>;
 export type AttestationExtensions = z.infer<typeof AttestationExtensionsSchema>;
 export type AttestationReceiptClaims = z.infer<typeof AttestationReceiptClaimsSchema>;