@peac/schema 0.10.5 → 0.10.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/errors.d.ts +1 -1
  2. package/dist/errors.d.ts.map +1 -1
  3. package/dist/index.d.ts +3 -1
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +46 -2
  6. package/dist/index.js.map +1 -1
  7. package/dist/interaction.d.ts +1085 -0
  8. package/dist/interaction.d.ts.map +1 -0
  9. package/dist/interaction.js +918 -0
  10. package/dist/interaction.js.map +1 -0
  11. package/package.json +2 -2
package/dist/interaction.d.ts ADDED
@@ -0,0 +1,1085 @@
1
+ /**
2
+ * PEAC Interaction Evidence Types (v0.10.7+)
3
+ *
4
+ * Interaction evidence captures what happened during agent execution.
5
+ * This is an extension type - stored at evidence.extensions["org.peacprotocol/interaction@0.1"]
6
+ *
7
+ * Design principles:
8
+ * - Wire-stable: Uses extensions mechanism (NOT a top-level evidence field)
9
+ * - Hash-only by default: Privacy-preserving content digests
10
+ * - Open kind registry: Not a closed enum, converges through convention
11
+ * - 1 receipt = 1 interaction: No batching (use bundles for that)
12
+ *
13
+ * @see docs/specs/INTERACTION-EVIDENCE.md
14
+ */
15
+ import { z } from 'zod';
16
+ import type { JsonValue } from '@peac/kernel';
17
+ import type { PEACEnvelope } from './envelope.js';
18
+ import type { WorkflowContext } from './workflow.js';
19
+ /**
20
+ * Extension key for interaction evidence
21
+ * Used in evidence.extensions['org.peacprotocol/interaction@0.1']
22
+ */
23
+ export declare const INTERACTION_EXTENSION_KEY = "org.peacprotocol/interaction@0.1";
24
+ /**
25
+ * Canonical digest algorithms (NORMATIVE)
26
+ *
27
+ * k = 1024 bytes (binary), m = 1024*1024 bytes (binary)
28
+ * NO case-insensitivity, NO regex matching - strict canonical set only.
29
+ */
30
+ export declare const CANONICAL_DIGEST_ALGS: readonly ["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"];
31
+ /**
32
+ * Size constants for digest truncation (NORMATIVE)
33
+ */
34
+ export declare const DIGEST_SIZE_CONSTANTS: {
35
+ readonly k: 1024;
36
+ readonly m: number;
37
+ readonly 'trunc-64k': 65536;
38
+ readonly 'trunc-1m': 1048576;
39
+ };
40
+ /**
41
+ * Result status values for interaction outcomes
42
+ */
43
+ export declare const RESULT_STATUSES: readonly ["ok", "error", "timeout", "canceled"];
44
+ /**
45
+ * Redaction modes for payload references
46
+ */
47
+ export declare const REDACTION_MODES: readonly ["hash_only", "redacted", "plaintext_allowlisted"];
48
+ /**
49
+ * Policy decision values
50
+ */
51
+ export declare const POLICY_DECISIONS: readonly ["allow", "deny", "constrained"];
52
+ /**
53
+ * Well-known interaction kinds (informational, not normative)
54
+ *
55
+ * The kind field accepts any string matching the kind grammar.
56
+ * These well-known values are listed in the PEAC registries for interop.
57
+ * New kinds do NOT require protocol updates - just use the name.
58
+ *
59
+ * Custom kinds: use "custom:<reverse-dns>" or "<reverse-dns>:<token>"
60
+ */
61
+ export declare const WELL_KNOWN_KINDS: readonly ["tool.call", "http.request", "fs.read", "fs.write", "message"];
62
+ /**
63
+ * Reserved kind prefixes (NORMATIVE)
64
+ *
65
+ * Kinds starting with these prefixes that are NOT in WELL_KNOWN_KINDS
66
+ * MUST be rejected to prevent namespace pollution.
67
+ */
68
+ export declare const RESERVED_KIND_PREFIXES: readonly ["peac.", "org.peacprotocol."];
69
+ /**
70
+ * Interaction evidence limits (DoS protection)
71
+ */
72
+ export declare const INTERACTION_LIMITS: {
73
+ /** Maximum interaction ID length */
74
+ readonly maxInteractionIdLength: 256;
75
+ /** Maximum kind length */
76
+ readonly maxKindLength: 128;
77
+ /** Maximum platform name length */
78
+ readonly maxPlatformLength: 64;
79
+ /** Maximum version string length */
80
+ readonly maxVersionLength: 64;
81
+ /** Maximum plugin ID length */
82
+ readonly maxPluginIdLength: 128;
83
+ /** Maximum tool name length */
84
+ readonly maxToolNameLength: 256;
85
+ /** Maximum provider length */
86
+ readonly maxProviderLength: 128;
87
+ /** Maximum URI length */
88
+ readonly maxUriLength: 2048;
89
+ /** Maximum method length */
90
+ readonly maxMethodLength: 16;
91
+ /** Maximum error code length */
92
+ readonly maxErrorCodeLength: 128;
93
+ /** Maximum payment reference length */
94
+ readonly maxPaymentReferenceLength: 256;
95
+ /** Maximum receipt RID length */
96
+ readonly maxReceiptRidLength: 128;
97
+ };
98
+ /**
99
+ * Kind format pattern
100
+ *
101
+ * Lowercase letters, digits, dots, underscores, colons, hyphens.
102
+ * Must start with a letter, end with letter or digit.
103
+ * Min 2 chars, max 128 chars.
104
+ *
105
+ * Examples: "tool.call", "http.request", "custom:com.example.foo"
106
+ */
107
+ export declare const KIND_FORMAT_PATTERN: RegExp;
108
+ /**
109
+ * Extension key format pattern (NORMATIVE)
110
+ *
111
+ * Reverse-DNS domain + '/' + key name + optional version
112
+ * Pattern: ^([a-z0-9-]+\.)+[a-z0-9-]+\/[a-z][a-z0-9._:-]{0,126}[a-z0-9](?:@[0-9]+(?:\.[0-9]+)*)?$
113
+ *
114
+ * Examples:
115
+ * - "com.example/foo"
116
+ * - "org.peacprotocol/interaction@0.1"
117
+ * - "io.vendor/custom-data"
118
+ */
119
+ export declare const EXTENSION_KEY_PATTERN: RegExp;
120
+ /**
121
+ * Digest value format (64 lowercase hex chars)
122
+ */
123
+ export declare const DIGEST_VALUE_PATTERN: RegExp;
124
+ /**
125
+ * Digest algorithm schema - strict canonical set
126
+ */
127
+ export declare const DigestAlgSchema: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
128
+ /**
129
+ * Digest schema for privacy-preserving content hashing
130
+ */
131
+ export declare const DigestSchema: z.ZodObject<{
132
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
133
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
134
+ /** 64 lowercase hex chars (SHA-256 output) */
135
+ value: z.ZodString;
136
+ /** Original byte length before any truncation (REQUIRED) */
137
+ bytes: z.ZodNumber;
138
+ }, "strict", z.ZodTypeAny, {
139
+ value: string;
140
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
141
+ bytes: number;
142
+ }, {
143
+ value: string;
144
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
145
+ bytes: number;
146
+ }>;
147
+ /**
148
+ * Payload reference schema (on-wire, portable)
149
+ */
150
+ export declare const PayloadRefSchema: z.ZodObject<{
151
+ /** Content digest */
152
+ digest: z.ZodObject<{
153
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
154
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
155
+ /** 64 lowercase hex chars (SHA-256 output) */
156
+ value: z.ZodString;
157
+ /** Original byte length before any truncation (REQUIRED) */
158
+ bytes: z.ZodNumber;
159
+ }, "strict", z.ZodTypeAny, {
160
+ value: string;
161
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
162
+ bytes: number;
163
+ }, {
164
+ value: string;
165
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
166
+ bytes: number;
167
+ }>;
168
+ /** Redaction mode */
169
+ redaction: z.ZodEnum<["hash_only", "redacted", "plaintext_allowlisted"]>;
170
+ }, "strict", z.ZodTypeAny, {
171
+ digest: {
172
+ value: string;
173
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
174
+ bytes: number;
175
+ };
176
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
177
+ }, {
178
+ digest: {
179
+ value: string;
180
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
181
+ bytes: number;
182
+ };
183
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
184
+ }>;
185
+ /**
186
+ * Executor identity schema (who ran this)
187
+ */
188
+ export declare const ExecutorSchema: z.ZodObject<{
189
+ /** Platform identifier: 'openclaw', 'mcp', 'a2a', 'claude-code' */
190
+ platform: z.ZodString;
191
+ /** Platform version */
192
+ version: z.ZodOptional<z.ZodString>;
193
+ /** Plugin that captured this */
194
+ plugin_id: z.ZodOptional<z.ZodString>;
195
+ /** Hash of plugin package (provenance) */
196
+ plugin_digest: z.ZodOptional<z.ZodObject<{
197
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
198
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
199
+ /** 64 lowercase hex chars (SHA-256 output) */
200
+ value: z.ZodString;
201
+ /** Original byte length before any truncation (REQUIRED) */
202
+ bytes: z.ZodNumber;
203
+ }, "strict", z.ZodTypeAny, {
204
+ value: string;
205
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
206
+ bytes: number;
207
+ }, {
208
+ value: string;
209
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
210
+ bytes: number;
211
+ }>>;
212
+ }, "strict", z.ZodTypeAny, {
213
+ platform: string;
214
+ version?: string | undefined;
215
+ plugin_id?: string | undefined;
216
+ plugin_digest?: {
217
+ value: string;
218
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
219
+ bytes: number;
220
+ } | undefined;
221
+ }, {
222
+ platform: string;
223
+ version?: string | undefined;
224
+ plugin_id?: string | undefined;
225
+ plugin_digest?: {
226
+ value: string;
227
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
228
+ bytes: number;
229
+ } | undefined;
230
+ }>;
231
+ /**
232
+ * Tool target schema (for tool.call kind)
233
+ */
234
+ export declare const ToolTargetSchema: z.ZodObject<{
235
+ /** Tool name */
236
+ name: z.ZodString;
237
+ /** Tool provider */
238
+ provider: z.ZodOptional<z.ZodString>;
239
+ /** Tool version */
240
+ version: z.ZodOptional<z.ZodString>;
241
+ }, "strict", z.ZodTypeAny, {
242
+ name: string;
243
+ version?: string | undefined;
244
+ provider?: string | undefined;
245
+ }, {
246
+ name: string;
247
+ version?: string | undefined;
248
+ provider?: string | undefined;
249
+ }>;
250
+ /**
251
+ * Resource target schema (for http/fs kinds)
252
+ */
253
+ export declare const ResourceTargetSchema: z.ZodObject<{
254
+ /** Resource URI */
255
+ uri: z.ZodOptional<z.ZodString>;
256
+ /** HTTP method or operation */
257
+ method: z.ZodOptional<z.ZodString>;
258
+ }, "strict", z.ZodTypeAny, {
259
+ method?: string | undefined;
260
+ uri?: string | undefined;
261
+ }, {
262
+ method?: string | undefined;
263
+ uri?: string | undefined;
264
+ }>;
265
+ /**
266
+ * Execution result schema
267
+ */
268
+ export declare const ResultSchema: z.ZodObject<{
269
+ /** Result status */
270
+ status: z.ZodEnum<["ok", "error", "timeout", "canceled"]>;
271
+ /** Error code (PEAC error code or namespaced) */
272
+ error_code: z.ZodOptional<z.ZodString>;
273
+ /** Whether the operation can be retried */
274
+ retryable: z.ZodOptional<z.ZodBoolean>;
275
+ }, "strict", z.ZodTypeAny, {
276
+ status: "error" | "ok" | "timeout" | "canceled";
277
+ error_code?: string | undefined;
278
+ retryable?: boolean | undefined;
279
+ }, {
280
+ status: "error" | "ok" | "timeout" | "canceled";
281
+ error_code?: string | undefined;
282
+ retryable?: boolean | undefined;
283
+ }>;
284
+ /**
285
+ * Policy context schema (policy state at execution time)
286
+ */
287
+ export declare const PolicyContextSchema: z.ZodObject<{
288
+ /** Policy decision */
289
+ decision: z.ZodEnum<["allow", "deny", "constrained"]>;
290
+ /** Whether sandbox mode was enabled */
291
+ sandbox_enabled: z.ZodOptional<z.ZodBoolean>;
292
+ /** Whether elevated permissions were granted */
293
+ elevated: z.ZodOptional<z.ZodBoolean>;
294
+ /** Hash of effective policy document */
295
+ effective_policy_digest: z.ZodOptional<z.ZodObject<{
296
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
297
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
298
+ /** 64 lowercase hex chars (SHA-256 output) */
299
+ value: z.ZodString;
300
+ /** Original byte length before any truncation (REQUIRED) */
301
+ bytes: z.ZodNumber;
302
+ }, "strict", z.ZodTypeAny, {
303
+ value: string;
304
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
305
+ bytes: number;
306
+ }, {
307
+ value: string;
308
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
309
+ bytes: number;
310
+ }>>;
311
+ }, "strict", z.ZodTypeAny, {
312
+ decision: "allow" | "deny" | "constrained";
313
+ sandbox_enabled?: boolean | undefined;
314
+ elevated?: boolean | undefined;
315
+ effective_policy_digest?: {
316
+ value: string;
317
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
318
+ bytes: number;
319
+ } | undefined;
320
+ }, {
321
+ decision: "allow" | "deny" | "constrained";
322
+ sandbox_enabled?: boolean | undefined;
323
+ elevated?: boolean | undefined;
324
+ effective_policy_digest?: {
325
+ value: string;
326
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
327
+ bytes: number;
328
+ } | undefined;
329
+ }>;
330
+ /**
331
+ * References schema (links to related evidence)
332
+ */
333
+ export declare const RefsSchema: z.ZodObject<{
334
+ /** Links to evidence.payment.reference */
335
+ payment_reference: z.ZodOptional<z.ZodString>;
336
+ /** Correlation across receipts */
337
+ related_receipt_rid: z.ZodOptional<z.ZodString>;
338
+ }, "strict", z.ZodTypeAny, {
339
+ payment_reference?: string | undefined;
340
+ related_receipt_rid?: string | undefined;
341
+ }, {
342
+ payment_reference?: string | undefined;
343
+ related_receipt_rid?: string | undefined;
344
+ }>;
345
+ /**
346
+ * Kind schema with format validation
347
+ */
348
+ export declare const KindSchema: z.ZodString;
349
+ /**
350
+ * Interaction evidence schema with invariant refinements
351
+ *
352
+ * ALL REJECT invariants are enforced here. This ensures that
353
+ * both direct schema validation and ordered validation produce
354
+ * consistent results.
355
+ */
356
+ export declare const InteractionEvidenceV01Schema: z.ZodEffects<z.ZodObject<{
357
+ /** Stable ID for idempotency/dedupe (REQUIRED) */
358
+ interaction_id: z.ZodString;
359
+ /** Event kind - open string, not closed enum (REQUIRED) */
360
+ kind: z.ZodString;
361
+ /** Executor identity (REQUIRED) */
362
+ executor: z.ZodObject<{
363
+ /** Platform identifier: 'openclaw', 'mcp', 'a2a', 'claude-code' */
364
+ platform: z.ZodString;
365
+ /** Platform version */
366
+ version: z.ZodOptional<z.ZodString>;
367
+ /** Plugin that captured this */
368
+ plugin_id: z.ZodOptional<z.ZodString>;
369
+ /** Hash of plugin package (provenance) */
370
+ plugin_digest: z.ZodOptional<z.ZodObject<{
371
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
372
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
373
+ /** 64 lowercase hex chars (SHA-256 output) */
374
+ value: z.ZodString;
375
+ /** Original byte length before any truncation (REQUIRED) */
376
+ bytes: z.ZodNumber;
377
+ }, "strict", z.ZodTypeAny, {
378
+ value: string;
379
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
380
+ bytes: number;
381
+ }, {
382
+ value: string;
383
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
384
+ bytes: number;
385
+ }>>;
386
+ }, "strict", z.ZodTypeAny, {
387
+ platform: string;
388
+ version?: string | undefined;
389
+ plugin_id?: string | undefined;
390
+ plugin_digest?: {
391
+ value: string;
392
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
393
+ bytes: number;
394
+ } | undefined;
395
+ }, {
396
+ platform: string;
397
+ version?: string | undefined;
398
+ plugin_id?: string | undefined;
399
+ plugin_digest?: {
400
+ value: string;
401
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
402
+ bytes: number;
403
+ } | undefined;
404
+ }>;
405
+ /** Tool target (when kind is tool-related) */
406
+ tool: z.ZodOptional<z.ZodObject<{
407
+ /** Tool name */
408
+ name: z.ZodString;
409
+ /** Tool provider */
410
+ provider: z.ZodOptional<z.ZodString>;
411
+ /** Tool version */
412
+ version: z.ZodOptional<z.ZodString>;
413
+ }, "strict", z.ZodTypeAny, {
414
+ name: string;
415
+ version?: string | undefined;
416
+ provider?: string | undefined;
417
+ }, {
418
+ name: string;
419
+ version?: string | undefined;
420
+ provider?: string | undefined;
421
+ }>>;
422
+ /** Resource target (when kind is http/fs-related) */
423
+ resource: z.ZodOptional<z.ZodObject<{
424
+ /** Resource URI */
425
+ uri: z.ZodOptional<z.ZodString>;
426
+ /** HTTP method or operation */
427
+ method: z.ZodOptional<z.ZodString>;
428
+ }, "strict", z.ZodTypeAny, {
429
+ method?: string | undefined;
430
+ uri?: string | undefined;
431
+ }, {
432
+ method?: string | undefined;
433
+ uri?: string | undefined;
434
+ }>>;
435
+ /** Input payload reference */
436
+ input: z.ZodOptional<z.ZodObject<{
437
+ /** Content digest */
438
+ digest: z.ZodObject<{
439
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
440
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
441
+ /** 64 lowercase hex chars (SHA-256 output) */
442
+ value: z.ZodString;
443
+ /** Original byte length before any truncation (REQUIRED) */
444
+ bytes: z.ZodNumber;
445
+ }, "strict", z.ZodTypeAny, {
446
+ value: string;
447
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
448
+ bytes: number;
449
+ }, {
450
+ value: string;
451
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
452
+ bytes: number;
453
+ }>;
454
+ /** Redaction mode */
455
+ redaction: z.ZodEnum<["hash_only", "redacted", "plaintext_allowlisted"]>;
456
+ }, "strict", z.ZodTypeAny, {
457
+ digest: {
458
+ value: string;
459
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
460
+ bytes: number;
461
+ };
462
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
463
+ }, {
464
+ digest: {
465
+ value: string;
466
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
467
+ bytes: number;
468
+ };
469
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
470
+ }>>;
471
+ /** Output payload reference */
472
+ output: z.ZodOptional<z.ZodObject<{
473
+ /** Content digest */
474
+ digest: z.ZodObject<{
475
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
476
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
477
+ /** 64 lowercase hex chars (SHA-256 output) */
478
+ value: z.ZodString;
479
+ /** Original byte length before any truncation (REQUIRED) */
480
+ bytes: z.ZodNumber;
481
+ }, "strict", z.ZodTypeAny, {
482
+ value: string;
483
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
484
+ bytes: number;
485
+ }, {
486
+ value: string;
487
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
488
+ bytes: number;
489
+ }>;
490
+ /** Redaction mode */
491
+ redaction: z.ZodEnum<["hash_only", "redacted", "plaintext_allowlisted"]>;
492
+ }, "strict", z.ZodTypeAny, {
493
+ digest: {
494
+ value: string;
495
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
496
+ bytes: number;
497
+ };
498
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
499
+ }, {
500
+ digest: {
501
+ value: string;
502
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
503
+ bytes: number;
504
+ };
505
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
506
+ }>>;
507
+ /** Start time (RFC 3339) (REQUIRED) */
508
+ started_at: z.ZodString;
509
+ /** Completion time (RFC 3339) */
510
+ completed_at: z.ZodOptional<z.ZodString>;
511
+ /** Duration in milliseconds (OPTIONAL, non-normative) */
512
+ duration_ms: z.ZodOptional<z.ZodNumber>;
513
+ /** Execution outcome */
514
+ result: z.ZodOptional<z.ZodObject<{
515
+ /** Result status */
516
+ status: z.ZodEnum<["ok", "error", "timeout", "canceled"]>;
517
+ /** Error code (PEAC error code or namespaced) */
518
+ error_code: z.ZodOptional<z.ZodString>;
519
+ /** Whether the operation can be retried */
520
+ retryable: z.ZodOptional<z.ZodBoolean>;
521
+ }, "strict", z.ZodTypeAny, {
522
+ status: "error" | "ok" | "timeout" | "canceled";
523
+ error_code?: string | undefined;
524
+ retryable?: boolean | undefined;
525
+ }, {
526
+ status: "error" | "ok" | "timeout" | "canceled";
527
+ error_code?: string | undefined;
528
+ retryable?: boolean | undefined;
529
+ }>>;
530
+ /** Policy context at execution */
531
+ policy: z.ZodOptional<z.ZodObject<{
532
+ /** Policy decision */
533
+ decision: z.ZodEnum<["allow", "deny", "constrained"]>;
534
+ /** Whether sandbox mode was enabled */
535
+ sandbox_enabled: z.ZodOptional<z.ZodBoolean>;
536
+ /** Whether elevated permissions were granted */
537
+ elevated: z.ZodOptional<z.ZodBoolean>;
538
+ /** Hash of effective policy document */
539
+ effective_policy_digest: z.ZodOptional<z.ZodObject<{
540
+ /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */
541
+ alg: z.ZodEnum<["sha-256", "sha-256:trunc-64k", "sha-256:trunc-1m"]>;
542
+ /** 64 lowercase hex chars (SHA-256 output) */
543
+ value: z.ZodString;
544
+ /** Original byte length before any truncation (REQUIRED) */
545
+ bytes: z.ZodNumber;
546
+ }, "strict", z.ZodTypeAny, {
547
+ value: string;
548
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
549
+ bytes: number;
550
+ }, {
551
+ value: string;
552
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
553
+ bytes: number;
554
+ }>>;
555
+ }, "strict", z.ZodTypeAny, {
556
+ decision: "allow" | "deny" | "constrained";
557
+ sandbox_enabled?: boolean | undefined;
558
+ elevated?: boolean | undefined;
559
+ effective_policy_digest?: {
560
+ value: string;
561
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
562
+ bytes: number;
563
+ } | undefined;
564
+ }, {
565
+ decision: "allow" | "deny" | "constrained";
566
+ sandbox_enabled?: boolean | undefined;
567
+ elevated?: boolean | undefined;
568
+ effective_policy_digest?: {
569
+ value: string;
570
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
571
+ bytes: number;
572
+ } | undefined;
573
+ }>>;
574
+ /** References to related evidence */
575
+ refs: z.ZodOptional<z.ZodObject<{
576
+ /** Links to evidence.payment.reference */
577
+ payment_reference: z.ZodOptional<z.ZodString>;
578
+ /** Correlation across receipts */
579
+ related_receipt_rid: z.ZodOptional<z.ZodString>;
580
+ }, "strict", z.ZodTypeAny, {
581
+ payment_reference?: string | undefined;
582
+ related_receipt_rid?: string | undefined;
583
+ }, {
584
+ payment_reference?: string | undefined;
585
+ related_receipt_rid?: string | undefined;
586
+ }>>;
587
+ /** Platform-specific extensions (MUST be namespaced) */
588
+ extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
589
+ }, "strict", z.ZodTypeAny, {
590
+ started_at: string;
591
+ interaction_id: string;
592
+ kind: string;
593
+ executor: {
594
+ platform: string;
595
+ version?: string | undefined;
596
+ plugin_id?: string | undefined;
597
+ plugin_digest?: {
598
+ value: string;
599
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
600
+ bytes: number;
601
+ } | undefined;
602
+ };
603
+ policy?: {
604
+ decision: "allow" | "deny" | "constrained";
605
+ sandbox_enabled?: boolean | undefined;
606
+ elevated?: boolean | undefined;
607
+ effective_policy_digest?: {
608
+ value: string;
609
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
610
+ bytes: number;
611
+ } | undefined;
612
+ } | undefined;
613
+ resource?: {
614
+ method?: string | undefined;
615
+ uri?: string | undefined;
616
+ } | undefined;
617
+ result?: {
618
+ status: "error" | "ok" | "timeout" | "canceled";
619
+ error_code?: string | undefined;
620
+ retryable?: boolean | undefined;
621
+ } | undefined;
622
+ completed_at?: string | undefined;
623
+ tool?: {
624
+ name: string;
625
+ version?: string | undefined;
626
+ provider?: string | undefined;
627
+ } | undefined;
628
+ input?: {
629
+ digest: {
630
+ value: string;
631
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
632
+ bytes: number;
633
+ };
634
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
635
+ } | undefined;
636
+ output?: {
637
+ digest: {
638
+ value: string;
639
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
640
+ bytes: number;
641
+ };
642
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
643
+ } | undefined;
644
+ duration_ms?: number | undefined;
645
+ refs?: {
646
+ payment_reference?: string | undefined;
647
+ related_receipt_rid?: string | undefined;
648
+ } | undefined;
649
+ extensions?: Record<string, unknown> | undefined;
650
+ }, {
651
+ started_at: string;
652
+ interaction_id: string;
653
+ kind: string;
654
+ executor: {
655
+ platform: string;
656
+ version?: string | undefined;
657
+ plugin_id?: string | undefined;
658
+ plugin_digest?: {
659
+ value: string;
660
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
661
+ bytes: number;
662
+ } | undefined;
663
+ };
664
+ policy?: {
665
+ decision: "allow" | "deny" | "constrained";
666
+ sandbox_enabled?: boolean | undefined;
667
+ elevated?: boolean | undefined;
668
+ effective_policy_digest?: {
669
+ value: string;
670
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
671
+ bytes: number;
672
+ } | undefined;
673
+ } | undefined;
674
+ resource?: {
675
+ method?: string | undefined;
676
+ uri?: string | undefined;
677
+ } | undefined;
678
+ result?: {
679
+ status: "error" | "ok" | "timeout" | "canceled";
680
+ error_code?: string | undefined;
681
+ retryable?: boolean | undefined;
682
+ } | undefined;
683
+ completed_at?: string | undefined;
684
+ tool?: {
685
+ name: string;
686
+ version?: string | undefined;
687
+ provider?: string | undefined;
688
+ } | undefined;
689
+ input?: {
690
+ digest: {
691
+ value: string;
692
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
693
+ bytes: number;
694
+ };
695
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
696
+ } | undefined;
697
+ output?: {
698
+ digest: {
699
+ value: string;
700
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
701
+ bytes: number;
702
+ };
703
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
704
+ } | undefined;
705
+ duration_ms?: number | undefined;
706
+ refs?: {
707
+ payment_reference?: string | undefined;
708
+ related_receipt_rid?: string | undefined;
709
+ } | undefined;
710
+ extensions?: Record<string, unknown> | undefined;
711
+ }>, {
712
+ started_at: string;
713
+ interaction_id: string;
714
+ kind: string;
715
+ executor: {
716
+ platform: string;
717
+ version?: string | undefined;
718
+ plugin_id?: string | undefined;
719
+ plugin_digest?: {
720
+ value: string;
721
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
722
+ bytes: number;
723
+ } | undefined;
724
+ };
725
+ policy?: {
726
+ decision: "allow" | "deny" | "constrained";
727
+ sandbox_enabled?: boolean | undefined;
728
+ elevated?: boolean | undefined;
729
+ effective_policy_digest?: {
730
+ value: string;
731
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
732
+ bytes: number;
733
+ } | undefined;
734
+ } | undefined;
735
+ resource?: {
736
+ method?: string | undefined;
737
+ uri?: string | undefined;
738
+ } | undefined;
739
+ result?: {
740
+ status: "error" | "ok" | "timeout" | "canceled";
741
+ error_code?: string | undefined;
742
+ retryable?: boolean | undefined;
743
+ } | undefined;
744
+ completed_at?: string | undefined;
745
+ tool?: {
746
+ name: string;
747
+ version?: string | undefined;
748
+ provider?: string | undefined;
749
+ } | undefined;
750
+ input?: {
751
+ digest: {
752
+ value: string;
753
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
754
+ bytes: number;
755
+ };
756
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
757
+ } | undefined;
758
+ output?: {
759
+ digest: {
760
+ value: string;
761
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
762
+ bytes: number;
763
+ };
764
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
765
+ } | undefined;
766
+ duration_ms?: number | undefined;
767
+ refs?: {
768
+ payment_reference?: string | undefined;
769
+ related_receipt_rid?: string | undefined;
770
+ } | undefined;
771
+ extensions?: Record<string, unknown> | undefined;
772
+ }, {
773
+ started_at: string;
774
+ interaction_id: string;
775
+ kind: string;
776
+ executor: {
777
+ platform: string;
778
+ version?: string | undefined;
779
+ plugin_id?: string | undefined;
780
+ plugin_digest?: {
781
+ value: string;
782
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
783
+ bytes: number;
784
+ } | undefined;
785
+ };
786
+ policy?: {
787
+ decision: "allow" | "deny" | "constrained";
788
+ sandbox_enabled?: boolean | undefined;
789
+ elevated?: boolean | undefined;
790
+ effective_policy_digest?: {
791
+ value: string;
792
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
793
+ bytes: number;
794
+ } | undefined;
795
+ } | undefined;
796
+ resource?: {
797
+ method?: string | undefined;
798
+ uri?: string | undefined;
799
+ } | undefined;
800
+ result?: {
801
+ status: "error" | "ok" | "timeout" | "canceled";
802
+ error_code?: string | undefined;
803
+ retryable?: boolean | undefined;
804
+ } | undefined;
805
+ completed_at?: string | undefined;
806
+ tool?: {
807
+ name: string;
808
+ version?: string | undefined;
809
+ provider?: string | undefined;
810
+ } | undefined;
811
+ input?: {
812
+ digest: {
813
+ value: string;
814
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
815
+ bytes: number;
816
+ };
817
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
818
+ } | undefined;
819
+ output?: {
820
+ digest: {
821
+ value: string;
822
+ alg: "sha-256" | "sha-256:trunc-64k" | "sha-256:trunc-1m";
823
+ bytes: number;
824
+ };
825
+ redaction: "hash_only" | "redacted" | "plaintext_allowlisted";
826
+ } | undefined;
827
+ duration_ms?: number | undefined;
828
+ refs?: {
829
+ payment_reference?: string | undefined;
830
+ related_receipt_rid?: string | undefined;
831
+ } | undefined;
832
+ extensions?: Record<string, unknown> | undefined;
833
+ }>;
834
+ export type DigestAlg = z.infer<typeof DigestAlgSchema>;
835
+ export type Digest = z.infer<typeof DigestSchema>;
836
+ export type PayloadRef = z.infer<typeof PayloadRefSchema>;
837
+ export type Executor = z.infer<typeof ExecutorSchema>;
838
+ export type ToolTarget = z.infer<typeof ToolTargetSchema>;
839
+ export type ResourceTarget = z.infer<typeof ResourceTargetSchema>;
840
+ export type ResultStatus = z.infer<typeof ResultSchema>['status'];
841
+ export type Result = z.infer<typeof ResultSchema>;
842
+ export type PolicyDecision = z.infer<typeof PolicyContextSchema>['decision'];
843
+ export type PolicyContext = z.infer<typeof PolicyContextSchema>;
844
+ export type Refs = z.infer<typeof RefsSchema>;
845
+ export type InteractionEvidenceV01 = z.infer<typeof InteractionEvidenceV01Schema>;
846
+ /**
847
+ * Validation error with code and optional field path
848
+ */
849
+ export interface ValidationError {
850
+ /** Machine-readable error code (E_INTERACTION_*) */
851
+ code: string;
852
+ /** Human-readable message */
853
+ message: string;
854
+ /** JSON path to the problematic field */
855
+ field?: string;
856
+ }
857
+ /**
858
+ * Validation warning with code and optional field path
859
+ */
860
+ export interface ValidationWarning {
861
+ /** Machine-readable warning code (W_INTERACTION_*) */
862
+ code: string;
863
+ /** Human-readable message */
864
+ message: string;
865
+ /** JSON path to the problematic field */
866
+ field?: string;
867
+ }
868
+ /**
869
+ * Result of interaction evidence validation.
870
+ *
871
+ * Warning-capable API: returns both errors (fatal) and warnings (non-fatal).
872
+ * This enables conformance testing with warning fixtures.
873
+ */
874
+ export type InteractionValidationResult = {
875
+ valid: true;
876
+ value: InteractionEvidenceV01;
877
+ warnings: ValidationWarning[];
878
+ } | {
879
+ valid: false;
880
+ errors: ValidationError[];
881
+ warnings: ValidationWarning[];
882
+ };
883
+ /**
884
+ * Validate interaction evidence with explicit evaluation ordering.
885
+ *
886
+ * Returns canonical error codes per validation ordering.
887
+ * This function does NOT depend on Zod's internal validation ordering.
888
+ * Cross-language implementations MUST produce identical error_code values
889
+ * for the same invalid input.
890
+ *
891
+ * Validation order:
892
+ * 1. Required field presence
893
+ * 2. Required field format (interaction_id, kind, started_at)
894
+ * 3. Kind format and reserved prefix check
895
+ * 4. Executor field validation
896
+ * 5. Optional field format (completed_at, digests, etc.)
897
+ * 6. Cross-field invariants (timing, output-result, error-detail)
898
+ * 7. Extension key namespacing
899
+ * 8. Target consistency (kind prefix -> target field)
900
+ *
901
+ * @param input - Raw input to validate
902
+ * @returns Validation result with canonical error codes on failure
903
+ */
904
+ export declare function validateInteractionOrdered(input: unknown): InteractionValidationResult;
905
+ /**
906
+ * Simple validation result for conformance harness compatibility.
907
+ *
908
+ * This matches the pattern used by other PEAC validators (workflow, etc.)
909
+ * and allows conformance fixtures to test without needing to handle the
910
+ * full warning-capable API shape.
911
+ */
912
+ export interface SimpleValidationResult {
913
+ /** Whether the input is valid */
914
+ valid: boolean;
915
+ /** Error code on failure */
916
+ error_code?: string;
917
+ /** Field path on failure */
918
+ error_field?: string;
919
+ }
920
+ /**
921
+ * Validate interaction evidence (simple API for conformance harness)
922
+ *
923
+ * This is the recommended entry point for conformance testing.
924
+ * Returns a simple result matching the existing harness contract.
925
+ *
926
+ * ## Warnings Contract
927
+ *
928
+ * This compat API intentionally **omits warnings** from the result.
929
+ * Warnings are available via validateInteractionOrdered() for consumers
930
+ * who explicitly opt in. Stable consumers should:
931
+ * - Use this function for pass/fail validation
932
+ * - Use validateInteractionOrdered() only when warnings are needed
933
+ *
934
+ * This prevents breaking changes if warning codes are added/modified.
935
+ *
936
+ * @param input - Raw input to validate
937
+ * @returns Simple validation result with error_code on failure (no warnings)
938
+ */
939
+ export declare function validateInteraction(input: unknown): SimpleValidationResult;
940
+ /**
941
+ * Validate interaction evidence (throwing)
942
+ *
943
+ * @param evidence - Object to validate
944
+ * @returns Validated InteractionEvidenceV01
945
+ * @throws ZodError if validation fails
946
+ */
947
+ export declare function validateInteractionEvidence(evidence: unknown): InteractionEvidenceV01;
948
+ /**
949
+ * Check if an object is valid interaction evidence (non-throwing)
950
+ *
951
+ * @param evidence - Object to check
952
+ * @returns True if valid InteractionEvidenceV01
953
+ */
954
+ export declare function isValidInteractionEvidence(evidence: unknown): evidence is InteractionEvidenceV01;
955
+ /**
956
+ * Check if a kind is in the well-known registry
957
+ *
958
+ * @param kind - Kind string to check
959
+ * @returns True if well-known
960
+ */
961
+ export declare function isWellKnownKind(kind: string): kind is (typeof WELL_KNOWN_KINDS)[number];
962
+ /**
963
+ * Check if a kind uses a reserved prefix
964
+ *
965
+ * @param kind - Kind string to check
966
+ * @returns True if uses reserved prefix
967
+ */
968
+ export declare function isReservedKindPrefix(kind: string): boolean;
969
+ /**
970
+ * Check if a digest uses truncation
971
+ *
972
+ * @param digest - Digest to check
973
+ * @returns True if truncated
974
+ */
975
+ export declare function isDigestTruncated(digest: Digest): boolean;
976
+ /**
977
+ * Get interaction evidence from a PEAC envelope
978
+ *
979
+ * @param receipt - PEAC envelope to read from
980
+ * @returns Interaction evidence if present, undefined otherwise
981
+ */
982
+ export declare function getInteraction(receipt: PEACEnvelope): InteractionEvidenceV01 | undefined;
983
+ /**
984
+ * Set interaction evidence on a PEAC envelope (mutates)
985
+ *
986
+ * @param receipt - PEAC envelope to modify
987
+ * @param interaction - Interaction evidence to set
988
+ */
989
+ export declare function setInteraction(receipt: PEACEnvelope, interaction: InteractionEvidenceV01): void;
990
+ /**
991
+ * Check if a PEAC envelope has interaction evidence
992
+ *
993
+ * @param receipt - PEAC envelope to check
994
+ * @returns True if interaction evidence is present
995
+ */
996
+ export declare function hasInteraction(receipt: PEACEnvelope): boolean;
997
+ /**
998
+ * ReceiptView - pure view layer that makes extensions feel like top-level fields
999
+ *
1000
+ * Does NOT modify the underlying envelope; just provides convenient access.
1001
+ * This projection allows code to work with interaction evidence as if it were
1002
+ * a first-class field while maintaining wire format stability.
1003
+ */
1004
+ export interface ReceiptView {
1005
+ /** The underlying envelope (unchanged) */
1006
+ readonly envelope: PEACEnvelope;
1007
+ /** Interaction evidence (from extension) - feels like top-level */
1008
+ readonly interaction?: InteractionEvidenceV01;
1009
+ /** Array form for uniform pipeline processing */
1010
+ readonly interactions: readonly InteractionEvidenceV01[];
1011
+ /** Workflow context (from auth.extensions) */
1012
+ readonly workflow?: WorkflowContext;
1013
+ }
1014
+ /**
1015
+ * Create a view over a PEAC envelope that provides first-class access
1016
+ * to extension data without modifying the wire format.
1017
+ *
1018
+ * @param envelope - PEAC envelope to create view for
1019
+ * @returns ReceiptView with convenient accessors
1020
+ *
1021
+ * @example
1022
+ * const view = createReceiptView(envelope);
1023
+ * if (view.interaction) {
1024
+ * console.log(view.interaction.kind);
1025
+ * }
1026
+ */
1027
+ export declare function createReceiptView(envelope: PEACEnvelope): ReceiptView;
1028
+ /**
1029
+ * Parameters for creating interaction evidence
1030
+ */
1031
+ export interface CreateInteractionParams {
1032
+ interaction_id: string;
1033
+ kind: string;
1034
+ executor: {
1035
+ platform: string;
1036
+ version?: string;
1037
+ plugin_id?: string;
1038
+ plugin_digest?: Digest;
1039
+ };
1040
+ tool?: {
1041
+ name: string;
1042
+ provider?: string;
1043
+ version?: string;
1044
+ };
1045
+ resource?: {
1046
+ uri?: string;
1047
+ method?: string;
1048
+ };
1049
+ input?: {
1050
+ digest: Digest;
1051
+ redaction: (typeof REDACTION_MODES)[number];
1052
+ };
1053
+ output?: {
1054
+ digest: Digest;
1055
+ redaction: (typeof REDACTION_MODES)[number];
1056
+ };
1057
+ started_at: string;
1058
+ completed_at?: string;
1059
+ duration_ms?: number;
1060
+ result?: {
1061
+ status: (typeof RESULT_STATUSES)[number];
1062
+ error_code?: string;
1063
+ retryable?: boolean;
1064
+ };
1065
+ policy?: {
1066
+ decision: (typeof POLICY_DECISIONS)[number];
1067
+ sandbox_enabled?: boolean;
1068
+ elevated?: boolean;
1069
+ effective_policy_digest?: Digest;
1070
+ };
1071
+ refs?: {
1072
+ payment_reference?: string;
1073
+ related_receipt_rid?: string;
1074
+ };
1075
+ extensions?: Record<string, JsonValue>;
1076
+ }
1077
+ /**
1078
+ * Create validated interaction evidence
1079
+ *
1080
+ * @param params - Interaction parameters
1081
+ * @returns Validated InteractionEvidenceV01
1082
+ * @throws ZodError if validation fails
1083
+ */
1084
+ export declare function createInteractionEvidence(params: CreateInteractionParams): InteractionEvidenceV01;
1085
+ //# sourceMappingURL=interaction.d.ts.map