@runfile-ai/schemas 0.1.0

package/dist/ingest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ingest.d.ts","sourceRoot":"","sources":["../src/ingest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAoBxB;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBzB,CAAC;AACZ,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsC9B,CAAC;AACL,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKvB,CAAC;AACZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAOrB,CAAC;AACZ,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOrB,CAAC;AACZ,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,sBAAsB,4SAYjC,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;EAOtB,CAAC;AACZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASpB,CAAC;AACZ,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAE9D,eAAO,MAAM,aAAa,6MAWxB,CAAC;AAEH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;EAOb,CAAC;AACZ,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMrB,CAAC;AACZ,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,sBAAsB,8CAA4C,CAAC;AAEhF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAevB,CAAC;AACZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC"}

package/dist/ingest.js

@@ -0,0 +1,177 @@
+import { z } from 'zod';
+import { ActionSchema, ActorSchema, AnomalyFlagSchema, DecisionSchema, EnvironmentEnum, LabelsSchema, ModelRefSchema, PayloadEncryptionSchema, RedactionAppliedSchema, SdkMetadataSchema, SubjectSchema, WallClockSourceEnum, } from './event.js';
+const sha256Hex = z.string().regex(/^sha256:[a-f0-9]{64}$/);
+const ulid = z.string().regex(/^[0-9A-HJKMNP-TV-Z]{26}$/);
+const semver = z.string().regex(/^\d+\.\d+\.\d+$/);
+/**
+ * PayloadSubmission — the on-the-wire payload bundled into a BatchSubmission.
+ *
+ * Differs from the persisted `payload_ref` (in event-schema.json) as follows:
+ *   - `s3_uri` is replaced by `s3_uri_intent` (hint; server assigns canonical URI)
+ *   - `ciphertext_base64` carries the encrypted bytes inline (server uploads to S3)
+ */
+export const PayloadSubmissionSchema = z
+    .object({
+    s3_uri_intent: z.string().max(1024).optional(),
+    sha256: sha256Hex,
+    size_bytes: z.number().int().min(0).max(67_108_864),
+    encryption: PayloadEncryptionSchema,
+    content_type: z
+        .enum([
+        'application/json',
+        'text/plain',
+        'application/vnd.runfile.llm-request+json',
+        'application/vnd.runfile.llm-response+json',
+        'application/vnd.runfile.tool-call+json',
+        'application/vnd.runfile.tool-result+json',
+        'application/vnd.runfile.state-snapshot+json',
+    ])
+        .optional(),
+    redaction_applied: RedactionAppliedSchema.optional(),
+    ciphertext_base64: z.string().max(7_340_032),
+})
+    .strict();
+/**
+ * EventSubmission — an event as submitted by the SDK. Differs from RunfileEvent:
+ *   - `tenant_id` omitted (server resolves from API key)
+ *   - `received_at` omitted (server stamps on receipt)
+ *   - `event_hash` omitted (server computes after chain assembly)
+ *   - `prev_hash` → `prev_hash_intent` (advisory; server validates)
+ *   - `payload_ref` → `PayloadSubmission` (inline ciphertext, server assigns URI)
+ *   - `merkle_inclusion` omitted (set later by Merkle Builder)
+ */
+export const EventSubmissionSchema = z
+    .object({
+    schema_version: semver,
+    event_id: ulid,
+    agent_run_id: z.string().regex(/^run_[0-9A-HJKMNP-TV-Z]{26}$/),
+    parent_event_id: ulid.nullable(),
+    captured_at: z.string().datetime(),
+    wall_clock_source: WallClockSourceEnum,
+    sdk: SdkMetadataSchema,
+    actor: ActorSchema,
+    action: ActionSchema,
+    subject: SubjectSchema,
+    model_ref: ModelRefSchema.optional(),
+    decision: DecisionSchema.optional(),
+    payload_ref: PayloadSubmissionSchema.optional(),
+    redaction_policy_version: semver,
+    regulatory_scope_version: semver.optional(),
+    anomaly_flags: z.array(AnomalyFlagSchema).max(32).optional(),
+    environment: EnvironmentEnum.optional(),
+    labels: LabelsSchema.optional(),
+    prev_hash_intent: sha256Hex,
+})
+    .strict()
+    .superRefine((data, ctx) => {
+    if (data.action.kind === 'llm_call' && !data.model_ref) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'model_ref is required when action.kind=llm_call',
+            path: ['model_ref'],
+        });
+    }
+    if (data.action.kind === 'decision' && !data.decision) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'decision is required when action.kind=decision',
+            path: ['decision'],
+        });
+    }
+});
+export const BatchSubmissionSchema = z
+    .object({
+    batch_id: z.string().regex(/^b_[0-9A-HJKMNP-TV-Z]{26}$/),
+    events: z.array(EventSubmissionSchema).min(1).max(100),
+})
+    .strict();
+export const AcceptedEventSchema = z
+    .object({
+    event_id: ulid,
+    accepted_at: z.string().datetime(),
+    payload_s3_uri: z.string(),
+    processing_status: z.literal('queued').optional(),
+})
+    .strict();
+export const BatchAcceptedSchema = z
+    .object({
+    batch_id: z.string().regex(/^b_[0-9A-HJKMNP-TV-Z]{26}$/),
+    accepted_count: z.number().int().min(1),
+    accepted_events: z.array(AcceptedEventSchema),
+    received_at: z.string().datetime(),
+})
+    .strict();
+export const EventRejectionCodeEnum = z.enum([
+    'schema_validation_failed',
+    'duplicate_event_id',
+    'payload_too_large',
+    'payload_sha256_mismatch',
+    'kms_key_unknown',
+    'kms_key_unauthorized',
+    'actor_scope_violation',
+    'environment_scope_violation',
+    'region_scope_violation',
+    'timestamp_out_of_range',
+    'missing_required_conditional_field',
+]);
+export const EventRejectionSchema = z
+    .object({
+    event_id: z.string(),
+    error_code: EventRejectionCodeEnum,
+    error_message: z.string().max(1024),
+    field_path: z.string().optional(),
+})
+    .strict();
+export const BatchPartialSchema = z
+    .object({
+    batch_id: z.string().regex(/^b_[0-9A-HJKMNP-TV-Z]{26}$/),
+    accepted_count: z.number().int().min(0),
+    rejected_count: z.number().int().min(1),
+    accepted_events: z.array(AcceptedEventSchema),
+    rejected_events: z.array(EventRejectionSchema),
+    received_at: z.string().datetime(),
+})
+    .strict();
+export const ErrorCodeEnum = z.enum([
+    'unauthorized',
+    'forbidden',
+    'bad_request',
+    'schema_version_unsupported',
+    'batch_too_large',
+    'rate_limited',
+    'quota_exceeded',
+    'service_unavailable',
+    'internal_error',
+    'idempotency_conflict',
+]);
+export const ErrorSchema = z
+    .object({
+    error_code: ErrorCodeEnum,
+    error_message: z.string().max(1024),
+    retry_after_seconds: z.number().int().nonnegative().optional(),
+    request_id: z.string().optional(),
+})
+    .strict();
+export const BatchRejectedSchema = z
+    .object({
+    batch_id: z.string().regex(/^b_[0-9A-HJKMNP-TV-Z]{26}$/),
+    error: ErrorSchema,
+    rejected_events: z.array(EventRejectionSchema),
+})
+    .strict();
+export const RedactionTreatmentEnum = z.enum(['redact', 'tokenize', 'encrypt']);
+export const RedactionPolicySchema = z
+    .object({
+    policy_version: semver,
+    classification_rules: z.array(z
+        .object({
+        classification: z.string(),
+        treatment: RedactionTreatmentEnum,
+        detector: z.record(z.string(), z.unknown()).optional(),
+    })
+        .strict()),
+    fetched_at: z.string().datetime(),
+    ttl_seconds: z.number().int().positive().default(300),
+})
+    .strict();
+//# sourceMappingURL=ingest.js.map

package/dist/ingest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ingest.js","sourceRoot":"","sources":["../src/ingest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,YAAY,EACZ,cAAc,EACd,uBAAuB,EACvB,sBAAsB,EACtB,iBAAiB,EACjB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;AAC5D,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC1D,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC;KACrC,MAAM,CAAC;IACN,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IAC9C,MAAM,EAAE,SAAS;IACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC;IACnD,UAAU,EAAE,uBAAuB;IACnC,YAAY,EAAE,CAAC;SACZ,IAAI,CAAC;QACJ,kBAAkB;QAClB,YAAY;QACZ,0CAA0C;QAC1C,2CAA2C;QAC3C,wCAAwC;QACxC,0CAA0C;QAC1C,6CAA6C;KAC9C,CAAC;SACD,QAAQ,EAAE;IACb,iBAAiB,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IACpD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;CAC7C,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,cAAc,EAAE,MAAM;IACtB,QAAQ,EAAE,IAAI;IACd,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,8BAA8B,CAAC;IAC9D,eAAe,EAAE,IAAI,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,iBAAiB,EAAE,mBAAmB;IACtC,GAAG,EAAE,iBAAiB;IACtB,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,aAAa;IACtB,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;IACnC,WAAW,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAC/C,wBAAwB,EAAE,MAAM;IAChC,wBAAwB,EAAE,MAAM,CAAC,QAAQ,EAAE;IAC3C,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5D,WAAW,EAAE,eAAe,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC/B,gBAAgB,EAAE,SAAS;CAC5B,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACvD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,iDAAiD;YAC1D,IAAI,EAAE,CAAC,WAAW,CAAC;SACpB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,gDAAgD;YACzD,IAAI,EAAE,CAAC,UAAU,CAAC;SACnB,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAGL,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,4BAA4B,CAAC;IACxD,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACvD,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,iBAAiB,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE;CAClD,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,4BAA4B,CAAC;IACxD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC3C,0BAA0B;IAC1B,oBAAoB;IACpB,mBAAmB;IACnB,yBAAyB;IACzB,iBAAiB;IACjB,sBAAsB;IACtB,uBAAuB;IACvB,6BAA6B;IAC7B,wBAAwB;IACxB,wBAAwB;IACxB,oCAAoC;CACrC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,UAAU,EAAE,sBAAsB;IAClC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,4BAA4B,CAAC;IACxD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAC7C,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC;IAC9C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,IAAI,CAAC;IAClC,cAAc;IACd,WAAW;IACX,aAAa;IACb,4BAA4B;IAC5B,iBAAiB;IACjB,cAAc;IACd,gBAAgB;IAChB,qBAAqB;IACrB,gBAAgB;IAChB,sBAAsB;CACvB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC;KACzB,MAAM,CAAC;IACN,UAAU,EAAE,aAAa;IACzB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;IACnC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC9D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,4BAA4B,CAAC;IACxD,KAAK,EAAE,WAAW;IAClB,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC;CAC/C,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;AAEhF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,cAAc,EAAE,MAAM;IACtB,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAC3B,CAAC;SACE,MAAM,CAAC;QACN,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,SAAS,EAAE,sBAAsB;QACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;KACvD,CAAC;SACD,MAAM,EAAE,CACZ;IACD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CACtD,CAAC;KACD,MAAM,EAAE,CAAC"}

package/dist/manifest.d.ts

@@ -0,0 +1,110 @@
+import { z } from 'zod';
+/**
+ * Daily Merkle manifest — produced by the Merkle Builder per tenant per UTC day.
+ *
+ * The KMS-signed root commits to every event with `received_at` in [day_start, day_end).
+ * `attestation_document` is nullable in v1 (KMS-only signing); v1.5 will populate it
+ * with a Nitro Enclave attestation. The Verifier CLI handles both modes.
+ */
+export declare const MerkleManifestSchema: z.ZodObject<{
+    manifest_version: z.ZodString;
+    schema_version: z.ZodString;
+    tenant_id: z.ZodString;
+    day_utc: z.ZodString;
+    built_at: z.ZodString;
+    leaf_count: z.ZodNumber;
+    merkle_root: z.ZodString;
+    prev_manifest_root: z.ZodNullable<z.ZodString>;
+    leaves: z.ZodArray<z.ZodObject<{
+        event_id: z.ZodString;
+        event_hash: z.ZodString;
+        leaf_index: z.ZodNumber;
+    }, "strict", z.ZodTypeAny, {
+        event_hash: string;
+        leaf_index: number;
+        event_id: string;
+    }, {
+        event_hash: string;
+        leaf_index: number;
+        event_id: string;
+    }>, "many">;
+    kms_signature: z.ZodObject<{
+        kms_key_arn: z.ZodString;
+        signing_algorithm: z.ZodString;
+        signature_base64: z.ZodString;
+    }, "strict", z.ZodTypeAny, {
+        kms_key_arn: string;
+        signing_algorithm: string;
+        signature_base64: string;
+    }, {
+        kms_key_arn: string;
+        signing_algorithm: string;
+        signature_base64: string;
+    }>;
+    attestation_document: z.ZodNullable<z.ZodString>;
+    rekor_entry: z.ZodOptional<z.ZodObject<{
+        log_index: z.ZodNumber;
+        log_id: z.ZodString;
+        inclusion_proof: z.ZodString;
+    }, "strict", z.ZodTypeAny, {
+        log_index: number;
+        log_id: string;
+        inclusion_proof: string;
+    }, {
+        log_index: number;
+        log_id: string;
+        inclusion_proof: string;
+    }>>;
+}, "strict", z.ZodTypeAny, {
+    merkle_root: string;
+    schema_version: string;
+    tenant_id: string;
+    manifest_version: string;
+    day_utc: string;
+    built_at: string;
+    leaf_count: number;
+    prev_manifest_root: string | null;
+    leaves: {
+        event_hash: string;
+        leaf_index: number;
+        event_id: string;
+    }[];
+    kms_signature: {
+        kms_key_arn: string;
+        signing_algorithm: string;
+        signature_base64: string;
+    };
+    attestation_document: string | null;
+    rekor_entry?: {
+        log_index: number;
+        log_id: string;
+        inclusion_proof: string;
+    } | undefined;
+}, {
+    merkle_root: string;
+    schema_version: string;
+    tenant_id: string;
+    manifest_version: string;
+    day_utc: string;
+    built_at: string;
+    leaf_count: number;
+    prev_manifest_root: string | null;
+    leaves: {
+        event_hash: string;
+        leaf_index: number;
+        event_id: string;
+    }[];
+    kms_signature: {
+        kms_key_arn: string;
+        signing_algorithm: string;
+        signature_base64: string;
+    };
+    attestation_document: string | null;
+    rekor_entry?: {
+        log_index: number;
+        log_id: string;
+        inclusion_proof: string;
+    } | undefined;
+}>;
+export type MerkleManifest = z.infer<typeof MerkleManifestSchema>;
+//# sourceMappingURL=manifest.d.ts.map

package/dist/manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.d.ts","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoCtB,CAAC;AACZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}

package/dist/manifest.js

@@ -0,0 +1,46 @@
+import { z } from 'zod';
+const sha256Hex = z.string().regex(/^sha256:[a-f0-9]{64}$/);
+const semver = z.string().regex(/^\d+\.\d+\.\d+$/);
+/**
+ * Daily Merkle manifest — produced by the Merkle Builder per tenant per UTC day.
+ *
+ * The KMS-signed root commits to every event with `received_at` in [day_start, day_end).
+ * `attestation_document` is nullable in v1 (KMS-only signing); v1.5 will populate it
+ * with a Nitro Enclave attestation. The Verifier CLI handles both modes.
+ */
+export const MerkleManifestSchema = z
+    .object({
+    manifest_version: semver,
+    schema_version: semver,
+    tenant_id: z.string().regex(/^tnt_[0-9a-z]{12}$/),
+    day_utc: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+    built_at: z.string().datetime(),
+    leaf_count: z.number().int().nonnegative(),
+    merkle_root: sha256Hex,
+    prev_manifest_root: sha256Hex.nullable(),
+    leaves: z.array(z
+        .object({
+        event_id: z.string().regex(/^[0-9A-HJKMNP-TV-Z]{26}$/),
+        event_hash: sha256Hex,
+        leaf_index: z.number().int().nonnegative(),
+    })
+        .strict()),
+    kms_signature: z
+        .object({
+        kms_key_arn: z.string(),
+        signing_algorithm: z.string(),
+        signature_base64: z.string(),
+    })
+        .strict(),
+    attestation_document: z.string().nullable(),
+    rekor_entry: z
+        .object({
+        log_index: z.number().int().nonnegative(),
+        log_id: z.string(),
+        inclusion_proof: z.string(),
+    })
+        .strict()
+        .optional(),
+})
+    .strict();
+//# sourceMappingURL=manifest.js.map

package/dist/manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;AAC5D,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,gBAAgB,EAAE,MAAM;IACxB,cAAc,EAAE,MAAM;IACtB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC;IAChD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IAC1C,WAAW,EAAE,SAAS;IACtB,kBAAkB,EAAE,SAAS,CAAC,QAAQ,EAAE;IACxC,MAAM,EAAE,CAAC,CAAC,KAAK,CACb,CAAC;SACE,MAAM,CAAC;QACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,0BAA0B,CAAC;QACtD,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;KAC3C,CAAC;SACD,MAAM,EAAE,CACZ;IACD,aAAa,EAAE,CAAC;SACb,MAAM,CAAC;QACN,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC7B,CAAC;SACD,MAAM,EAAE;IACX,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,CAAC;SACX,MAAM,CAAC;QACN,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;QACzC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;KAC5B,CAAC;SACD,MAAM,EAAE;SACR,QAAQ,EAAE;CACd,CAAC;KACD,MAAM,EAAE,CAAC"}