@vess-id/ai-identity 0.2.0 → 0.3.1

package/dist/index.d.ts

@@ -1,3014 +1,33 @@
-import { VerifiablePresentation, VPRequest, Agent, DIDDocument, VCTemplate, ConnectorResponse, ToolPermissionRequest, OrganizationConfig, Grant, CreateGrantRequest, GrantStatus, CheckGrantPermissionRequest, CheckGrantPermissionResult, UpdateGrantRequest, CredentialType, IssueSDJWTVCRequest, IssueSDJWTVCResult, VerifySDJWTVCResult, GrantConstraints, EvaluationContext, ConstraintEvaluationResult, ConstraintViolation, ConstraintWarning, TimeWindowConstraint, RiskLevel } from '@vess-id/ai-identity-types';
+export { AIdentityClient, getClient } from './client';
+export { configure, AIdentityConfig } from './config';
+export { AgentManager } from './did/agent';
+export { KeyManager } from './did/key-manager';
+export { AgentDIDManager } from './agent/agent-did-manager';
+export { UserIdentityManager } from './identity/user-identity-manager';
+export { UserKeyPairManager } from './identity/user-key-pair-manager';
+export type { KeyPairGenerationResult } from './identity/user-key-pair-manager';
+export { DeviceEnrollManager, DeviceEnrollStartParams, DeviceEnrollServerSideParams, DeviceEnrollStartResult, DeviceEnrollPollResult, } from './identity/device-enroll-manager';
+export { VCManager } from './vc/vc-manager';
+export { APIVCManager } from './vc/api-vc-manager';
+export { VPManager } from './vp/vp-manager';
+export { ToolManager, ToolDefinition } from './tool/tool-manager';
+export { MemoryManager, MemoryDocument, MemoryQuery, MemoryQueryResult, } from './memory/memory-manager';
+export { KeyRotationManager, KeyRotationConfig, KeyRotationInfo, } from './organization/key-rotation-manager';
+export { DisclosureConfigManager, OrganizationDisclosureConfig, CredentialDisclosureConfig, } from './organization/disclosure-config-manager';
+export { MetricsManager, SDJWTMetrics, OperationMetric } from './monitoring/metrics-manager';
+export { RevocationManager, RevocationList, RevocationListEntry, CredentialStatusInfo, } from './revocation/revocation-manager';
+export { ConstraintEvaluator, ConstraintEvaluatorOptions, defaultConstraintEvaluator, evaluateConstraints } from './constraint/constraint-evaluator';
+export * from './storage';
+export type { IStateStore } from './state/state-store.interface';
+export { JsonStateStore } from './state/json-state-store';
+export { GatewayClient, GatewayError, } from './gateway/gateway-client';
+export type { GatewayEvent, GetEventsResponse, GetEventsOptions, AckEventResponse, ApiKeyValidationResult, } from './gateway/gateway-client';
+export { AuthProvider } from './auth/auth-provider';
+export type { AuthState } from './auth/auth-provider';
+export * from './registry';
+export { generateKeyPair, signJWT, verifyJWT, generateNonce } from './utils/crypto';
+export { SDJwtClient } from './utils/sdjwt-client';
+export { createDidJwk, extractPublicKey, extractPublicKeyFromDid, isValidDidJwk, getKeyIdFromDid, } from './did/did-utils';
 export * from '@vess-id/ai-identity-types';
-import * as jose from 'jose';
-import { JWK } from 'jose';
-import Ajv from 'ajv';
-import { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
-import { DisclosureFrame } from '@sd-jwt/types';
-
-/**
- * Interface for key storage persistence
- * Allows different storage backends (filesystem, database, memory, etc.)
- */
-interface KeyStorageProvider {
-    /**
-     * Store an encrypted key
-     * @param id Unique identifier for the key (e.g., DID hash)
-     * @param encryptedKey Encrypted key data
-     */
-    store(id: string, encryptedKey: string): Promise<void>;
-    /**
-     * Retrieve an encrypted key
-     * @param id Unique identifier for the key
-     * @returns Encrypted key data, or null if not found
-     */
-    retrieve(id: string): Promise<string | null>;
-    /**
-     * Delete a key
-     * @param id Unique identifier for the key
-     */
-    delete(id: string): Promise<void>;
-    /**
-     * List all stored key identifiers
-     * @returns Array of key identifiers
-     */
-    list(): Promise<string[]>;
-    /**
-     * Check if the storage is available and initialized
-     */
-    isAvailable(): Promise<boolean>;
-}
-/**
- * Configuration for key storage
- */
-interface KeyStorageConfig {
-    /** Storage type identifier */
-    type: string;
-    /** Storage-specific options */
-    options?: Record<string, any>;
-}
-
-/**
- * Filesystem-based key storage provider
- */
-declare class FilesystemKeyStorage implements KeyStorageProvider {
-    private keyStorePath;
-    constructor(config?: KeyStorageConfig);
-    store(id: string, encryptedKey: string): Promise<void>;
-    retrieve(id: string): Promise<string | null>;
-    delete(id: string): Promise<void>;
-    list(): Promise<string[]>;
-    isAvailable(): Promise<boolean>;
-    private ensureKeyStoreExists;
-    private getKeyPath;
-}
-
-/**
- * In-memory key storage provider (for testing)
- */
-declare class MemoryKeyStorage implements KeyStorageProvider {
-    private keys;
-    store(id: string, encryptedKey: string): Promise<void>;
-    retrieve(id: string): Promise<string | null>;
-    delete(id: string): Promise<void>;
-    list(): Promise<string[]>;
-    isAvailable(): Promise<boolean>;
-    /**
-     * Clear all stored keys (for testing)
-     */
-    clear(): void;
-}
-
-declare class KeyManager {
-    private encryptionKey?;
-    private storageProvider;
-    constructor(password?: string, storageProvider?: KeyStorageProvider);
-    private createDefaultStorageProvider;
-    storeKey(did: string, privateKey: any): Promise<void>;
-    getKey(did: string): Promise<any | null>;
-    deleteKey(did: string): Promise<void>;
-    listDids(): Promise<string[]>;
-    /**
-     * Check if storage is available
-     */
-    isAvailable(): Promise<boolean>;
-    private didFromKeyId;
-    private encrypt;
-    private decrypt;
-}
-
-declare class VPManager {
-    private keyManager;
-    constructor(keyManager?: KeyManager);
-    /**
-     * Create a SD-JWT presentation using the present() method
-     * This properly binds the holder's key to the SD-JWT VC
-     */
-    create(vcs: string[], // Array of SD-JWT VC strings
-    options: {
-        holderDid: string;
-        challenge: string;
-        domain: string;
-        purpose?: string;
-    }): Promise<string>;
-    /**
-     * Verify a Verifiable Presentation
-     */
-    verify(vpJwt: string, options: {
-        expectedChallenge: string;
-        expectedDomain: string;
-        expectedHolder?: string;
-    }): Promise<VerifiablePresentation>;
-    /**
-     * Create a VP request
-     */
-    createRequest(domain: string, query?: {
-        type?: string;
-        credentialQuery?: any;
-    }): VPRequest;
-    /**
-     * Submit VP to a verifier
-     */
-    submit(vpJwt: string, verifierEndpoint: string): Promise<{
-        verified: boolean;
-        result?: any;
-    }>;
-}
-
-interface MemoryDocument {
-    id: string;
-    namespace: string;
-    content: string;
-    metadata?: Record<string, any>;
-    embedding?: number[];
-    createdAt: string;
-    updatedAt: string;
-}
-interface MemoryQuery {
-    query: string;
-    namespace?: string;
-    limit?: number;
-    filter?: Record<string, any>;
-    includeEmbedding?: boolean;
-}
-interface MemoryQueryResult {
-    documents: MemoryDocument[];
-    scores?: number[];
-    total: number;
-}
-declare class MemoryManager {
-    private vpManager;
-    private proxyApiUrl;
-    constructor(vpManager?: VPManager);
-    /**
-     * Write a document to memory
-     */
-    write(content: string, options: {
-        namespace: string;
-        metadata?: Record<string, any>;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryDocument>;
-    /**
-     * Query memory with vector search
-     */
-    query(query: string, options: {
-        namespace?: string;
-        limit?: number;
-        filter?: Record<string, any>;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryQueryResult>;
-    /**
-     * Delete a document from memory
-     */
-    delete(documentId: string, options: {
-        namespace: string;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<void>;
-    /**
-     * List documents in a namespace
-     */
-    list(options: {
-        namespace: string;
-        limit?: number;
-        offset?: number;
-        vcs: string[];
-        holderDid: string;
-    }): Promise<MemoryQueryResult>;
-    /**
-     * Check if VCs authorize memory access
-     */
-    checkAuthorization(vcs: string[], action: 'read' | 'write' | 'delete', resource: string): Promise<boolean>;
-    private matchResource;
-    private generateChallenge;
-}
-
-interface AIdentityConfig {
-    didApi?: {
-        baseUrl: string;
-        apiKey?: string;
-        bearerToken?: string;
-    };
-    issuerApi?: {
-        baseUrl: string;
-        apiKey?: string;
-        bearerToken?: string;
-    };
-    verifierApi?: {
-        baseUrl: string;
-        apiKey?: string;
-        bearerToken?: string;
-    };
-    proxyApi?: {
-        baseUrl: string;
-    };
-    storage?: {
-        keyStorePath?: string;
-    };
-}
-declare function configure(config: AIdentityConfig): void;
-
-declare class AgentManager {
-    private keyManager;
-    private agentDIDManager;
-    constructor(keyManager?: KeyManager);
-    /**
-     * Create a new AI agent with unique ID and DID
-     */
-    create(metadata?: Record<string, any>): Promise<Agent & {
-        id: string;
-    }>;
-    /**
-     * Get agent DID by agent ID
-     */
-    getAgentDID(agentId: string): Promise<string>;
-    /**
-     * Get agent by ID
-     */
-    getAgent(agentId: string): Promise<Agent & {
-        id: string;
-    }>;
-    /**
-     * Delete an agent and its DID
-     */
-    deleteAgent(agentId: string): Promise<void>;
-    /**
-     * Resolve a DID to get DID Document
-     */
-    resolve(did: string): Promise<DIDDocument>;
-    /**
-     * Export agent with private key (for backup)
-     */
-    export(did: string): Promise<{
-        agent: Agent;
-        privateKey: any;
-    }>;
-    /**
-     * Import agent from backup
-     */
-    import(agent: Agent, privateKey: any): Promise<void>;
-    /**
-     * List all locally stored agents
-     */
-    list(): Promise<Array<Agent & {
-        id: string;
-    }>>;
-    private createDidDocument;
-    private resolveDidJwkLocally;
-    private registerDid;
-}
-
-/**
- * User Identity Manager
- * Manages DID generation and lifecycle for Users (Issuers) specifically
- * Separate from Agent management to avoid confusion
- */
-declare class UserIdentityManager {
-    private keyManager;
-    private currentUserDID;
-    constructor(keyManager?: KeyManager);
-    /**
-     * Get or create current user DID
-     * This represents the user who will be the issuer of VCs
-     */
-    getCurrentUserDID(): Promise<string>;
-    /**
-     * Create a new user DID (for issuing VCs)
-     */
-    createUserDID(): Promise<string>;
-    /**
-     * Get user's key pair
-     */
-    getUserKeyPair(): Promise<any>;
-    /**
-     * Resolve user DID to DID Document
-     */
-    resolveUserDID(did?: string): Promise<DIDDocument>;
-    /**
-     * Export user identity for backup
-     */
-    exportUserIdentity(): Promise<{
-        did: string;
-        privateKey: any;
-        didDocument: DIDDocument;
-    }>;
-    /**
-     * Import user identity from backup
-     */
-    importUserIdentity(backup: {
-        did: string;
-        privateKey: any;
-    }): Promise<void>;
-    /**
-     * Reset user identity (create new DID)
-     */
-    resetUserIdentity(): Promise<string>;
-    /**
-     * Resolve did:jwk locally
-     */
-    private resolveDidJwkLocally;
-    /**
-     * Create DID Document
-     */
-    private createDidDocument;
-    /**
-     * Save current user DID to persistent storage
-     */
-    private saveUserDID;
-    /**
-     * Load current user DID from persistent storage
-     */
-    private loadUserDID;
-    /**
-     * Clear saved user DID
-     */
-    private clearUserDID;
-}
-
-declare class VCManager {
-    private keyManager;
-    private templates;
-    private agentManager;
-    private userIdentityManager;
-    constructor(keyManager?: KeyManager, agentManager?: AgentManager, userIdentityManager?: UserIdentityManager);
-    /**
-     * Get fields that should be selectively disclosable based on VC type
-     */
-    private getSelectivelyDisclosableFields;
-    /**
-     * Issue a Verifiable Credential as SD-JWT VC
-     * Enhanced to support User/Agent DID separation
-     */
-    issue(template: string, claims: any, options: {
-        issuerDid?: string;
-        subjectDid?: string;
-        agentId?: string;
-        expiresIn?: string;
-    }): Promise<string>;
-    /**
-     * Get subject's public key for cnf claim
-     */
-    private getSubjectPublicKey;
-    /**
-     * Issue using existing Issuer API (OID4VCI)
-     */
-    issueViaAPI(credentialType: string, claims: any, options: {
-        issuerDid: string;
-        subjectDid: string;
-    }): Promise<string>;
-    /**
-     * Verify a SD-JWT VC
-     */
-    verify(sdjwtVc: string, options?: {
-        expectedIssuer?: string;
-        expectedSubject?: string;
-        requiredClaims?: string[];
-    }): Promise<any>;
-    /**
-     * Revoke a Verifiable Credential
-     */
-    revoke(_vcId: string, _issuerDid: string): Promise<void>;
-    /**
-     * Register a custom VC template
-     */
-    registerTemplate(template: VCTemplate): void;
-    private registerDefaultTemplates;
-    private calculateExpirationDate;
-}
-
-interface ToolDefinition {
-    name: string;
-    description: string;
-    actions: {
-        name: string;
-        description: string;
-        parameters: Record<string, any>;
-    }[];
-}
-declare class ToolManager {
-    private vpManager;
-    private tools;
-    private proxyApiUrl;
-    constructor(vpManager?: VPManager);
-    /**
-     * Invoke a tool action with VC authorization
-     */
-    invoke<T = any>(tool: string, action: string, params: Record<string, any>, options: {
-        vcs: string[];
-        holderDid: string;
-    }): Promise<ConnectorResponse<T>>;
-    /**
-     * List available tools
-     */
-    list(): ToolDefinition[];
-    /**
-     * Get a specific tool definition
-     */
-    getTool(name: string): ToolDefinition | undefined;
-    /**
-     * Register a custom tool
-     */
-    registerTool(tool: ToolDefinition): void;
-    /**
-     * Check if VCs authorize a tool action
-     */
-    checkAuthorization(vcs: string[], tool: string, action: string, resourceScope?: Record<string, any>): Promise<boolean>;
-    private matchScope;
-    private generateChallenge;
-    private registerDefaultTools;
-}
-
-declare class OrganizationManager {
-    private vpManager;
-    private vcManager;
-    private apiBaseUrl;
-    constructor(vpManager?: VPManager, vcManager?: VCManager);
-    /**
-     * Request tool permissions using employee VC
-     */
-    requestToolPermissions(employeeVCJWT: string, requestedTools: ToolPermissionRequest[], holderDid: string): Promise<{
-        permittedPermissions: ToolPermissionRequest[];
-        employee: any;
-    }>;
-    /**
-     * Issue tool permissions to AI Agent based on organization approval
-     */
-    issueOrganizationDelegatedPermissions(agentDid: string, employeeVCJWT: string, requestedTools: ToolPermissionRequest[], issuerDid: string): Promise<string[]>;
-    /**
-     * Create simplified workflow for employee to AI Agent delegation
-     */
-    delegateToAIAgent(employeeVCJWT: string, agentDid: string, tools: string[], // ['slack', 'gmail', 'github']
-    issuerDid: string, options?: {
-        duration?: string;
-        justification?: string;
-    }): Promise<{
-        issuedVCs: string[];
-        permissionSummary: Record<string, string[]>;
-    }>;
-    /**
-     * Register organization with AIdentity
-     */
-    registerOrganization(config: OrganizationConfig): Promise<void>;
-    private generateChallenge;
-    private extractActionFromVC;
-}
-
-/**
- * Grant提案レスポンス
- */
-interface GrantSuggestion {
-    id: string;
-    oauthTokenId: string;
-    userId?: string;
-    projectId: string;
-    provider: string;
-    suggestedActions: string[];
-    suggestedResources: Array<{
-        type: string;
-        id?: string;
-        pattern?: string;
-        name?: string;
-    }>;
-    metadata: {
-        providerInfo: any;
-        scopes: string[];
-    };
-    createdAt: string;
-}
-/**
- * Grant提案確認リクエスト
- */
-interface ConfirmGrantRequest {
-    suggestionId: string;
-    selectedActions: string[];
-    selectedResources: Array<{
-        type: string;
-        id?: string;
-        pattern?: string;
-        name?: string;
-        selected: boolean;
-    }>;
-    constraints: {
-        maxInvocations?: number;
-        expiresAt?: string;
-        timeWindow?: {
-            start: string;
-            end: string;
-            timezone: string;
-            daysOfWeek: number[];
-        };
-    };
-    name?: string;
-    description?: string;
-}
-/**
- * GrantManager
- * Grants APIを操作するSDKクライアント
- */
-declare class GrantManager {
-    constructor(_vpManager: VPManager);
-    /**
-     * Grant提案を取得
-     * @param options - 提案オプション
-     * @param options.oauthTokenId - OAuthトークンID
-     * @param options.userId - 対象ユーザーID
-     * @param options.projectId - プロジェクトID
-     * @param authOptions - 認証オプション（VP or issuerDid）
-     */
-    suggest(options: {
-        oauthTokenId: string;
-        userId: string;
-        projectId: string;
-    }, authOptions: {
-        vpJwt?: string;
-        issuerDid?: string;
-    }): Promise<GrantSuggestion>;
-    /**
-     * Grant提案を確認して作成
-     * @param request - 確認リクエスト
-     * @param authOptions - 認証オプション
-     */
-    confirm(request: ConfirmGrantRequest, authOptions: {
-        vpJwt?: string;
-        issuerDid?: string;
-    }): Promise<Grant>;
-    /**
-     * Grantを直接作成
-     * @param request - Grant作成リクエスト
-     * @param authOptions - 認証オプション
-     */
-    create(request: CreateGrantRequest, authOptions: {
-        vpJwt?: string;
-        issuerDid?: string;
-    }): Promise<Grant>;
-    /**
-     * ユーザー用のGrant一覧を取得
-     * @param userId - ユーザーID
-     * @param status - フィルタするステータス（オプション）
-     */
-    listForUser(userId: string, status?: GrantStatus): Promise<{
-        grants: Grant[];
-        total: number;
-    }>;
-    /**
-     * Issuer用のGrant一覧を取得
-     * @param issuerDid - IssuerのDID
-     * @param status - フィルタするステータス（オプション）
-     */
-    listForIssuer(issuerDid: string, status?: GrantStatus): Promise<{
-        grants: Grant[];
-        total: number;
-    }>;
-    /**
-     * Grantを取得
-     * @param grantId - GrantのID
-     */
-    get(grantId: string): Promise<Grant>;
-    /**
-     * Grantを取り消し
-     * @param grantId - GrantのID
-     * @param reason - 取り消し理由
-     * @param authOptions - 認証オプション
-     */
-    revoke(grantId: string, reason: string, authOptions: {
-        vpJwt?: string;
-        issuerDid?: string;
-    }): Promise<Grant>;
-    /**
-     * Grant権限をチェック
-     * @param request - 権限チェックリクエスト
-     */
-    checkPermission(request: CheckGrantPermissionRequest): Promise<CheckGrantPermissionResult>;
-    /**
-     * Grant更新
-     * @param grantId - GrantのID
-     * @param request - 更新リクエスト
-     * @param authOptions - 認証オプション
-     */
-    update(grantId: string, request: UpdateGrantRequest, authOptions: {
-        vpJwt?: string;
-        issuerDid?: string;
-    }): Promise<Grant>;
-}
-
-declare class AIdentityClient {
-    readonly agent: AgentManager;
-    readonly user: UserIdentityManager;
-    readonly vc: VCManager;
-    readonly vp: VPManager;
-    readonly tool: ToolManager;
-    readonly memory: MemoryManager;
-    readonly organization: OrganizationManager;
-    readonly grant: GrantManager;
-    private keyManager;
-    private currentAgent?;
-    constructor(config?: AIdentityConfig, password?: string);
-    /**
-     * Quick setup: Create or load an agent
-     */
-    setup(did?: string): Promise<Agent>;
-    /**
-     * Get current agent
-     */
-    getCurrentAgent(): Agent | undefined;
-    /**
-     * Get current user DID
-     */
-    getCurrentUserDID(): Promise<string>;
-    /**
-     * Create or reset user identity
-     */
-    resetUserIdentity(): Promise<string>;
-    /**
-     * Issue a VC for tool permission
-     * Enhanced to support User → Agent delegation pattern
-     */
-    issueToolPermission(tool: string, action: string, options: {
-        subjectDid?: string;
-        agentId?: string;
-        issuerDid?: string;
-        resourceScope?: Record<string, any>;
-        expiresIn?: string;
-    }): Promise<string>;
-    /**
-     * Issue a VC for data access
-     * Enhanced to support User → Agent delegation pattern
-     */
-    issueDataAccess(resource: string, actions: ('read' | 'write' | 'delete')[], options: {
-        subjectDid?: string;
-        agentId?: string;
-        issuerDid?: string;
-        expiresIn?: string;
-    }): Promise<string>;
-    /**
-     * Invoke a tool with automatic VP creation
-     */
-    invokeTool<T = any>(tool: string, action: string, params: Record<string, any>, vcs: string[]): Promise<ConnectorResponse<T>>;
-    /**
-     * Write to memory with automatic VP creation
-     */
-    writeMemory(content: string, namespace: string, vcs: string[], metadata?: Record<string, any>): Promise<MemoryDocument>;
-    /**
-     * Query memory with automatic VP creation
-     */
-    queryMemory(query: string, vcs: string[], options?: {
-        namespace?: string;
-        limit?: number;
-        filter?: Record<string, any>;
-    }): Promise<MemoryQueryResult>;
-}
-declare function getClient(config?: AIdentityConfig, password?: string): AIdentityClient;
-
-/**
- * Agent DID Manager
- * Manages DID generation and lifecycle for AI Agents specifically
- */
-declare class AgentDIDManager {
-    private keyManager;
-    private agentDIDMap;
-    constructor(keyManager?: KeyManager);
-    /**
-     * Generate a new DID for an AI Agent
-     */
-    generateAgentDID(agentId: string): Promise<string>;
-    /**
-     * Get DID for a specific agent
-     */
-    getAgentDID(agentId: string): Promise<string>;
-    /**
-     * Check if agent has a DID
-     */
-    hasAgentDID(agentId: string): Promise<boolean>;
-    /**
-     * Get agent's key pair
-     */
-    getAgentKeyPair(agentId: string): Promise<any>;
-    /**
-     * Delete agent DID and associated keys
-     */
-    deleteAgentDID(agentId: string): Promise<void>;
-    /**
-     * List all agent DIDs
-     */
-    listAgentDIDs(): Promise<Array<{
-        agentId: string;
-        did: string;
-    }>>;
-    /**
-     * Save agent ID -> DID mapping to persistent storage
-     */
-    private saveAgentDIDMapping;
-    /**
-     * Load agent ID -> DID mapping from persistent storage
-     */
-    private loadAgentDIDMapping;
-    /**
-     * Delete agent ID -> DID mapping from persistent storage
-     */
-    private deleteAgentDIDMapping;
-}
-
-interface KeyPairGenerationResult {
-    did: string;
-    publicKey: JWK;
-    privateKey: JWK;
-}
-declare class UserKeyPairManager {
-    generateKeyPair(): Promise<KeyPairGenerationResult>;
-    extractPublicKeyInfo(did: string): JWK;
-}
-
-interface OrganizationDisclosureConfig {
-    organizationDid: string;
-    defaultFields: string[];
-    credentialTypeConfigs: Map<CredentialType, CredentialDisclosureConfig>;
-    createdAt: Date;
-    updatedAt: Date;
-}
-interface CredentialDisclosureConfig {
-    type: CredentialType;
-    mandatoryFields: string[];
-    selectiveFields: string[];
-    neverDisclose: string[];
-    decoyFields?: number;
-}
-declare class DisclosureConfigManager {
-    private configs;
-    /**
-     * Set disclosure configuration for an organization
-     */
-    setOrganizationConfig(organizationDid: string, config: Partial<OrganizationDisclosureConfig>): Promise<void>;
-    /**
-     * Get disclosure configuration for an organization
-     */
-    getOrganizationConfig(organizationDid: string): Promise<OrganizationDisclosureConfig | null>;
-    /**
-     * Set credential type specific disclosure configuration
-     */
-    setCredentialTypeConfig(organizationDid: string, credentialType: CredentialType, config: CredentialDisclosureConfig): Promise<void>;
-    /**
-     * Get selective disclosure fields for a specific credential type and organization
-     */
-    getSelectiveDisclosureFields(organizationDid: string, credentialType: CredentialType, requestedFields?: string[]): Promise<{
-        selectiveFields: string[];
-        mandatoryFields: string[];
-        neverDisclose: string[];
-        decoyCount: number;
-    }>;
-    /**
-     * Get default configuration for credential types
-     */
-    private getDefaultConfiguration;
-    /**
-     * Validate disclosure request against organization policy
-     */
-    validateDisclosureRequest(organizationDid: string, credentialType: CredentialType, requestedFields: string[]): Promise<{
-        valid: boolean;
-        allowedFields: string[];
-        rejectedFields: string[];
-        errors: string[];
-    }>;
-    /**
-     * Get all organization configurations (for admin purposes)
-     */
-    getAllConfigurations(): Promise<OrganizationDisclosureConfig[]>;
-    /**
-     * Delete organization configuration
-     */
-    deleteOrganizationConfig(organizationDid: string): Promise<boolean>;
-}
-
-/**
- * API-focused VC Manager for server-side operations
- * Provides stateless SD-JWT operations without local persistence
- */
-declare class APIVCManager {
-    private keyManager;
-    private disclosureManager;
-    constructor(keyManager?: KeyManager, disclosureManager?: DisclosureConfigManager);
-    /**
-     * Issue an SD-JWT VC with selective disclosure
-     */
-    issueSDJWTVC(request: IssueSDJWTVCRequest): Promise<IssueSDJWTVCResult>;
-    /**
-     * Verify an SD-JWT VC
-     */
-    verifySDJWTVC(credential: string): Promise<VerifySDJWTVCResult>;
-    /**
-     * Issue a project access credential
-     */
-    issueProjectAccessCredential(agentDid: string, projectId: string, permissions: string[], issuerDid: string, expirationHours?: number): Promise<IssueSDJWTVCResult>;
-    /**
-     * Issue a tool access credential
-     */
-    issueToolAccessCredential(agentDid: string, toolName: string, actions: string[], projectId: string, issuerDid: string, expirationHours?: number): Promise<IssueSDJWTVCResult>;
-    /**
-     * Issue a multi-tool access credential
-     */
-    issueMultiToolCredential(agentDid: string, toolPermissions: Array<{
-        tool: string;
-        actions: string[];
-    }>, projectId: string, issuerDid: string, expirationHours?: number): Promise<IssueSDJWTVCResult>;
-    /**
-     * Issue an admin credential
-     */
-    issueAdminCredential(agentDid: string, scope: 'project' | 'global', projectId: string | undefined, issuerDid: string, expirationHours?: number): Promise<IssueSDJWTVCResult>;
-}
-
-interface KeyRotationConfig {
-    /** How often keys should be rotated (in hours) */
-    rotationInterval: number;
-    /** How many old keys to keep for verification */
-    keepOldKeys: number;
-    /** Warning threshold before rotation (in hours) */
-    warningThreshold: number;
-}
-interface KeyRotationInfo {
-    currentKeyId: string;
-    nextRotationDate: Date;
-    oldKeys: Array<{
-        keyId: string;
-        rotatedAt: Date;
-        expiresAt: Date;
-    }>;
-    needsRotation: boolean;
-    warningActive: boolean;
-}
-declare class KeyRotationManager {
-    private keyManager;
-    private config;
-    constructor(keyManager: KeyManager, config?: Partial<KeyRotationConfig>);
-    /**
-     * Check if organization keys need rotation
-     */
-    checkRotationStatus(organizationDid: string): Promise<KeyRotationInfo>;
-    /**
-     * Rotate organization keys
-     * NOTE: Currently not implemented for did:jwk
-     */
-    rotateOrganizationKeys(organizationDid: string): Promise<{
-        newDid: string;
-        newPrivateKey: any;
-        rotationDate: Date;
-    }>;
-    /**
-     * Get old keys for verification (useful for grace periods)
-     */
-    getOldKeysForVerification(organizationDid: string): Promise<Array<{
-        keyId: string;
-        publicKey: any;
-        validUntil: Date;
-    }>>;
-    /**
-     * Plan future key rotation (for did:web or other mutable DID methods)
-     */
-    planKeyRotation(organizationDid: string): Promise<{
-        plannedRotationDate: Date;
-        currentKeyAge: number;
-        recommendedAction: 'none' | 'prepare' | 'rotate_now' | 'urgent';
-    }>;
-    /**
-     * Update rotation configuration
-     */
-    updateConfig(newConfig: Partial<KeyRotationConfig>): void;
-    /**
-     * Get current configuration
-     */
-    getConfig(): KeyRotationConfig;
-}
-
-interface SDJWTMetrics {
-    issuanceCount: number;
-    verificationCount: number;
-    failedIssuances: number;
-    failedVerifications: number;
-    averageIssuanceTime: number;
-    averageVerificationTime: number;
-    cacheHitRate: number;
-    lastActivity: Date;
-}
-interface OperationMetric {
-    operation: 'issue' | 'verify';
-    startTime: number;
-    endTime: number;
-    success: boolean;
-    error?: string;
-    issuerDid?: string;
-    credentialType?: string;
-}
-declare class MetricsManager {
-    private metrics;
-    private operations;
-    private maxOperationHistory;
-    /**
-     * Start tracking an operation
-     */
-    startOperation(operation: 'issue' | 'verify', metadata?: Record<string, any>): string;
-    /**
-     * End tracking an operation
-     */
-    endOperation(_operationId: string, success: boolean, error?: string): void;
-    /**
-     * Update aggregated metrics
-     */
-    private updateMetrics;
-    /**
-     * Get metrics for a specific issuer or global
-     */
-    getMetrics(issuerDid?: string): SDJWTMetrics | null;
-    /**
-     * Get all metrics
-     */
-    getAllMetrics(): Map<string, SDJWTMetrics>;
-    /**
-     * Get recent operations
-     */
-    getRecentOperations(limit?: number): OperationMetric[];
-    /**
-     * Get operation statistics
-     */
-    getOperationStats(): {
-        totalOperations: number;
-        successRate: number;
-        averageResponseTime: number;
-        operationsPerMinute: number;
-    };
-    /**
-     * Update cache hit rate
-     */
-    updateCacheHitRate(issuerDid: string, hit: boolean): void;
-    /**
-     * Reset metrics
-     */
-    resetMetrics(issuerDid?: string): void;
-    /**
-     * Export metrics as JSON
-     */
-    exportMetrics(): {
-        aggregatedMetrics: Record<string, SDJWTMetrics>;
-        recentOperations: OperationMetric[];
-        summary: ReturnType<any>;
-    };
-}
-
-interface RevocationListEntry {
-    credentialId: string;
-    revocationDate: Date;
-    reason?: string;
-    revokedBy: string;
-}
-interface RevocationList {
-    id: string;
-    issuer: string;
-    type: 'StatusList2021' | 'BitStringStatusList';
-    statusPurpose: 'revocation' | 'suspension';
-    encodedList: string;
-    entries: RevocationListEntry[];
-    createdAt: Date;
-    updatedAt: Date;
-}
-interface CredentialStatusInfo {
-    id: string;
-    type: string;
-    statusListIndex: number;
-    statusListCredential: string;
-    revocationReason?: string;
-    revocationDate?: Date;
-}
-declare class RevocationManager {
-    private revocationLists;
-    private credentialStatuses;
-    /**
-     * Create a new revocation list
-     */
-    createRevocationList(issuer: string, type?: 'StatusList2021' | 'BitStringStatusList', purpose?: 'revocation' | 'suspension'): Promise<RevocationList>;
-    /**
-     * Add credential to revocation list
-     */
-    addCredentialToRevocationList(credentialId: string, listId: string, statusIndex?: number): Promise<CredentialStatusInfo>;
-    /**
-     * Revoke a credential
-     */
-    revokeCredential(credentialId: string, reason?: string, revokedBy?: string): Promise<boolean>;
-    /**
-     * Check if credential is revoked
-     */
-    isCredentialRevoked(credentialId: string): Promise<{
-        revoked: boolean;
-        reason?: string;
-        revokedDate?: Date;
-        revokedBy?: string;
-    }>;
-    /**
-     * Get credential status info
-     */
-    getCredentialStatus(credentialId: string): Promise<CredentialStatusInfo | null>;
-    /**
-     * Get revocation list
-     */
-    getRevocationList(listId: string): Promise<RevocationList | null>;
-    /**
-     * Get all revocation lists for an issuer
-     */
-    getIssuerRevocationLists(issuer: string): Promise<RevocationList[]>;
-    /**
-     * Restore/unreovke a credential
-     */
-    restoreCredential(credentialId: string): Promise<boolean>;
-    /**
-     * Create empty bit string
-     */
-    private createEmptyBitString;
-    /**
-     * Set bit in encoded string
-     */
-    private setBitInString;
-    /**
-     * Get bit from encoded string
-     */
-    private getBitFromString;
-    /**
-     * Find next available index in revocation list
-     */
-    private findNextAvailableIndex;
-    /**
-     * Export revocation list in standard format
-     */
-    exportRevocationList(listId: string): Promise<{
-        '@context': string[];
-        id: string;
-        type: string[];
-        issuer: string;
-        validFrom: string;
-        credentialSubject: {
-            id: string;
-            type: string;
-            statusPurpose: string;
-            encodedList: string;
-        };
-    } | null>;
-}
-
-/**
- * ConstraintEvaluator
- * Grant制約の評価ロジック
- */
-
-interface ConstraintEvaluatorOptions {
-    /** 警告を発する残り実行回数の閾値 */
-    invocationWarningThreshold?: number;
-    /** 警告を発するリスクスコアの閾値（riskThresholdに対する割合） */
-    riskWarningRatio?: number;
-    /** デフォルトタイムゾーン */
-    defaultTimezone?: string;
-}
-/**
- * 制約評価クラス
- */
-declare class ConstraintEvaluator {
-    private options;
-    constructor(options?: Partial<ConstraintEvaluatorOptions>);
-    /**
-     * 制約を総合評価
-     */
-    evaluate(constraints: GrantConstraints, context: EvaluationContext, currentInvocations: number, expiresAt?: Date): ConstraintEvaluationResult;
-    /**
-     * 期限チェック
-     */
-    checkExpiration(grantExpiresAt?: Date, constraintExpiresAt?: string): {
-        violation?: ConstraintViolation;
-    };
-    /**
-     * 実行回数チェック
-     */
-    checkInvocationLimit(maxInvocations?: number, currentInvocations?: number): {
-        violation?: ConstraintViolation;
-        warning?: ConstraintWarning;
-    };
-    /**
-     * 時間帯チェック
-     */
-    checkTimeWindow(timeWindow: TimeWindowConstraint, currentTime: Date): {
-        violation?: ConstraintViolation;
-        warning?: ConstraintWarning;
-    };
-    /**
-     * IPアドレスチェック
-     */
-    checkIpAllowlist(allowlist: string[], ipAddress: string): {
-        violation?: ConstraintViolation;
-    };
-    /**
-     * リスクスコアチェック
-     */
-    checkRiskThreshold(threshold: number, currentScore: number): {
-        violation?: ConstraintViolation;
-        warning?: ConstraintWarning;
-    };
-    private getDayOfWeekInTimezone;
-    private getTimeInTimezone;
-    private getDayName;
-    private timeToMinutes;
-    private isIpInCidr;
-    private ipToNumber;
-}
-/**
- * デフォルトのConstraintEvaluatorインスタンス
- */
-declare const defaultConstraintEvaluator: ConstraintEvaluator;
-/**
- * 簡易評価関数
- */
-declare function evaluateConstraints(constraints: GrantConstraints, context: EvaluationContext, currentInvocations: number, expiresAt?: Date): ConstraintEvaluationResult;
-
-type Relation = 'viewer' | 'editor' | 'admin' | 'owner' | 'act_as';
-/** MVPの対象リソース（必要に応じて拡張） */
-type ResourceType = 'SlackChannel' | 'GitHubRepo' | 'DriveFile';
-/** JSON Schema を受け取るための型。Ajvで別途メタ検証します。 */
-type JsonSchema = Record<string, unknown>;
-interface ActionMeta {
-    action: string;
-    resource_type: ResourceType;
-    required_relations: Relation[];
-    required_scopes: string[];
-    capability?: string;
-    input_schema?: JsonSchema;
-    constraints?: Record<string, unknown>;
-    effects?: string[];
-    risk?: RiskLevel;
-    version: string;
-}
-interface CapabilityMeta {
-    capability: string;
-    description?: string;
-    includes: string[];
-    version: string;
-}
-interface ActionRegistry {
-    registry_version: string;
-    actions: ActionMeta[];
-    capabilities?: CapabilityMeta[];
-}
-
-/**
- * Ajv インスタンスを作成。
- * - 本体スキーマ（registry/actions/capabilities）を登録
- * - formats 追加
- * - $id付きで利用
- */
-declare function createAjv(): Ajv;
-/**
- * Registry全体の構文検証 + 各Actionの input_schema を「JSON Schemaとして」検証。
- * @returns { ok, errors } 失敗時は diag を含む
- */
-declare function validateRegistryObject(registry: unknown): {
-    ok: boolean;
-    errors?: string[];
-};
-/**
- * JSONファイルからAction Registryを読み込み、完全検証して返す。
- * @throws Error 検証エラー時は詳細メッセージ付きでthrow
- */
-declare function loadActionRegistryFromFile(filePath: string): Promise<ActionRegistry>;
-/**
- * 既にパース済みのオブジェクトを検証して返す。
- * @throws Error 検証エラー時は詳細メッセージ付きでthrow
- */
-declare function loadActionRegistryFromObject(obj: unknown): ActionRegistry;
-/** アクション名→ActionMeta のルックアップを作成 */
-declare function indexActions(reg: ActionRegistry): Map<string, ActionMeta>;
-/** Capability名→CapabilityMeta のルックアップを作成 */
-declare function indexCapabilities(reg: ActionRegistry): Map<string, CapabilityMeta>;
-/** 指定アクションの required_scopes を取得（無ければ空配列） */
-declare function getRequiredScopes(regIndex: Map<string, ActionMeta>, action: string): string[];
-/** 指定アクションの required_relations（OR解釈）を取得（無ければ空配列） */
-declare function getRequiredRelations(regIndex: Map<string, ActionMeta>, action: string): Relation[];
-
-/** ReBAC: 関係性チェック（SpiceDB/Zanzibar想定）。OR解釈で複数relationのいずれか成立でtrue */
-interface ReBACChecker {
-    check(subjectDid: string, // User DID or Agent DID
-    relations: Relation[], // ["editor","act_as"] など
-    resourceRef: ResourceRef): Promise<boolean>;
-}
-/** ABAC: 条件判定（Cerbos/OPA想定）。trueなら許可。 */
-interface ABACPolicyEngine {
-    evaluate(input: AbacInput): Promise<AbacDecision>;
-}
-interface AbacInput {
-    principal: {
-        id: string;
-        roles?: string[];
-        claims?: Record<string, unknown>;
-    };
-    resource: {
-        kind: ResourceType;
-        id: string;
-        attr?: Record<string, unknown>;
-    };
-    action: string;
-    context?: Record<string, unknown>;
-}
-interface AbacDecision {
-    allow: boolean;
-    ruleId?: string;
-    reason?: string;
-}
-/** Credential選択：最小スコープを満たす外部トークンを取得（Bot/Installation/OAuth） */
-interface CredentialStore {
-    pickMinimal(provider: Provider, // "slack" | "github" | "google"
-    iaId: string, // IntegrationAccount ID
-    requiredScopes: string[], subjectDid: string): Promise<CredentialRef | null>;
-}
-type Provider = 'slack' | 'github' | 'google';
-interface CredentialRef {
-    id: string;
-    provider: Provider;
-    scopes: string[];
-}
-/** VP検証（SD-JWT/ISO 23220/mdoc/OID4VP）：成功時にVCクレームを返す */
-interface VpVerifier {
-    verifyAndExtractClaims(vpToken: string): Promise<VerifiedVcClaims>;
-}
-/** 発行した Delegation VC に含めることを想定した最小構造 */
-interface VerifiedVcClaims {
-    allowed_actions: string[];
-    resource_scope: ResourceScope[];
-    expires_at?: string;
-    actor?: string;
-    assurance_level?: number;
-    cnf?: {
-        jwk_thumbprint?: string;
-    };
-    [k: string]: unknown;
-}
-interface ResourceRef {
-    /** プロバイダ別のリソース識別子（例：Slack channel id, GitHub repo full_name, Drive file id） */
-    id: string;
-    type: ResourceType;
-    /** 紐づくIntegrationAccountのID（どのSlackワークスペース/どのGitHub Orgか） */
-    iaId: string;
-    /** 追加属性（機密度など） */
-    attr?: Record<string, unknown>;
-}
-/** VCに刻む「スコープ」表現の一例（最小定義） */
-type ResourceScope = {
-    kind: 'Workspace';
-    id: string;
-} | {
-    kind: 'IntegrationAccount';
-    id: string;
-} | {
-    kind: 'Resource';
-    type: ResourceType;
-    id: string;
-};
-/** 監査用の判定理由 */
-interface DecisionTrace {
-    rebac?: {
-        ok: boolean;
-        relations: Relation[];
-    };
-    delegation?: {
-        ok: boolean;
-        matched_action?: boolean;
-        in_scope?: boolean;
-        notExpired?: boolean;
-    };
-    abac?: {
-        ok: boolean;
-        ruleId?: string;
-        reason?: string;
-    };
-    scope?: {
-        ok: boolean;
-        required: string[];
-        chosenCredentialId?: string;
-    };
-}
-/** Capability名やAction名（混在OK）から、実アクション配列に解決 */
-declare function resolveActionsFromSelection(registry: ActionRegistry, selection: string[]): string[];
-interface PlanDelegationInput {
-    registry: ActionRegistry;
-    issuerUserDid: string;
-    delegateAgentDid: string;
-    /** ユーザーが UI 等で選んだアクション/ケイパビリティ */
-    requested: string[];
-    /** この委任が及ぶスコープ（Workspace/IA/Resource） */
-    resourceScope: ResourceScope[];
-    /** 有効期限（ISO） */
-    expiresAt?: string;
-    /** ABAC前提で要求する最小アシュアランス等（必要なら） */
-    minAssuranceLevel?: number;
-    /** ABAC/Cerbos用のruntime context（時間帯/場所/リスク等） */
-    context?: Record<string, unknown>;
-    /** Provider 推測のためのヒント（Credential選択時に使う） */
-    providerByIa?: Record<string, Provider>;
-    /** 実行時に用いるReBAC/ABAC/Credentialのハンドラ */
-    rebac: ReBACChecker;
-    abac: ABACPolicyEngine;
-    creds: CredentialStore;
-}
-interface PlanDelegationResult {
-    granted_actions: string[];
-    rejected_actions: string[];
-    traceByAction: Record<string, DecisionTrace>;
-}
-/**
- * VC発行前に、リクエストされたアクション群を
- * - Registryに存在
- * - ReBAC（委任元=issuerUserDid が十分な関係を持つ）
- * - ABACポリシー適合
- * - 必要スコープを満たすクレデンシャルが存在
- * の観点で絞り込み、発行して良いものだけ返す。
- */
-declare function planDelegationForVC(input: PlanDelegationInput): Promise<PlanDelegationResult>;
-interface CheckPermissionInput {
-    registry: ActionRegistry;
-    actorDid: string;
-    onBehalfOfDid?: string;
-    action: string;
-    resource: ResourceRef;
-    vpToken: string;
-    context?: Record<string, unknown>;
-    rebac: ReBACChecker;
-    abac: ABACPolicyEngine;
-    creds: CredentialStore;
-    vpVerifier: VpVerifier;
-}
-interface CheckPermissionResult {
-    allow: boolean;
-    reason?: string;
-    trace: DecisionTrace;
-    credential?: CredentialRef | null;
-}
-/**
- * 実行直前のフル判定。
- * 1) ReBAC: actor がresourceに対する 基本関係/act_as を満たすか
- * 2) Delegation(VC): actionがallowedか / resourceがscope内か / 期限内か
- * 3) ABAC: コンテキストやassurance levelに適合するか
- * 4) Scope/Credential: 必要スコープを満たすクレデンシャルが取得できるか
- */
-declare function checkPermissionWithVP(input: CheckPermissionInput): Promise<CheckPermissionResult>;
-declare class AllowAllAbac implements ABACPolicyEngine {
-    evaluate(): Promise<AbacDecision>;
-}
-declare class SimpleRebac implements ReBACChecker {
-    private allowRelations;
-    constructor(allowRelations?: Relation[]);
-    check(_sub: string, relations: Relation[]): Promise<boolean>;
-}
-declare class DummyCreds implements CredentialStore {
-    pickMinimal(provider: Provider, _iaId: string, requiredScopes: string[]): Promise<CredentialRef | null>;
-}
-declare class DummyVpVerifier implements VpVerifier {
-    private vc;
-    constructor(vc: VerifiedVcClaims);
-    verifyAndExtractClaims(): Promise<VerifiedVcClaims>;
-}
-
-declare const ACTION_REGISTRY: {
-    registry_version: string;
-    actions: ({
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                text: {
-                    type: string;
-                    minLength: number;
-                    maxLength: number;
-                };
-                thread_ts: {
-                    type: string;
-                };
-                attachments: {
-                    type: string;
-                };
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                latest: {
-                    type: string;
-                };
-                oldest: {
-                    type: string;
-                };
-                limit: {
-                    type: string;
-                    minimum: number;
-                    maximum: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            additionalProperties: boolean;
-            required?: undefined;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                name: {
-                    type: string;
-                    minLength: number;
-                };
-                timestamp: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                path: {
-                    type: string;
-                };
-                ref: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            additionalProperties: boolean;
-            required?: undefined;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                title: {
-                    type: string;
-                    minLength: number;
-                };
-                body: {
-                    type: string;
-                    minLength?: undefined;
-                };
-                labels: {
-                    type: string;
-                    items: {
-                        type: string;
-                    };
-                };
-                assignees: {
-                    type: string;
-                    items: {
-                        type: string;
-                    };
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                issue_number: {
-                    type: string;
-                    minimum: number;
-                };
-                body: {
-                    type: string;
-                    minLength: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                title: {
-                    type: string;
-                    minLength: number;
-                };
-                head: {
-                    type: string;
-                    minLength: number;
-                };
-                base: {
-                    type: string;
-                    minLength: number;
-                };
-                body: {
-                    type: string;
-                    minLength?: undefined;
-                };
-                draft: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                pr_number: {
-                    type: string;
-                    minimum: number;
-                };
-                merge_method: {
-                    type: string;
-                    enum: string[];
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed: boolean;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                fields: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            additionalProperties: boolean;
-            required?: undefined;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                mimeType: {
-                    type: string;
-                };
-                content_base64: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            max_size_mb: number;
-            requires_reviews_passed?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                name: {
-                    type: string;
-                    minLength: number;
-                };
-                mimeType: {
-                    type: string;
-                };
-                parent_folder_id: {
-                    type: string;
-                };
-                content_base64: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            max_size_mb: number;
-            requires_reviews_passed?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                folder_id: {
-                    type: string;
-                };
-                q: {
-                    type: string;
-                };
-                page_size: {
-                    type: string;
-                    minimum: number;
-                    maximum: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                jql: {
-                    type: string;
-                    minLength: number;
-                };
-                maxResults: {
-                    type: string;
-                    minimum: number;
-                    maximum: number;
-                };
-                startAt: {
-                    type: string;
-                    minimum: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                issueIdOrKey: {
-                    type: string;
-                    minLength: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                recent: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            additionalProperties: boolean;
-            required?: undefined;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                projectKeyOrId: {
-                    type: string;
-                };
-                type: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            additionalProperties: boolean;
-            required?: undefined;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                boardId: {
-                    type: string;
-                    minimum: number;
-                };
-                state: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                sprintId?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                sprintId: {
-                    type: string;
-                    minimum: number;
-                };
-                maxResults: {
-                    type: string;
-                    minimum: number;
-                    maximum: number;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                projectKey?: undefined;
-                summary?: undefined;
-                description?: undefined;
-                issueType?: undefined;
-                priority?: undefined;
-                assignee?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    } | {
-        action: string;
-        resource_type: string;
-        required_relations: string[];
-        required_scopes: string[];
-        capability: string;
-        input_schema: {
-            type: string;
-            properties: {
-                projectKey: {
-                    type: string;
-                    minLength: number;
-                };
-                summary: {
-                    type: string;
-                    minLength: number;
-                };
-                description: {
-                    type: string;
-                };
-                issueType: {
-                    type: string;
-                    minLength: number;
-                };
-                priority: {
-                    type: string;
-                };
-                assignee: {
-                    type: string;
-                };
-                text?: undefined;
-                thread_ts?: undefined;
-                attachments?: undefined;
-                latest?: undefined;
-                oldest?: undefined;
-                limit?: undefined;
-                name?: undefined;
-                timestamp?: undefined;
-                path?: undefined;
-                ref?: undefined;
-                title?: undefined;
-                body?: undefined;
-                labels?: undefined;
-                assignees?: undefined;
-                issue_number?: undefined;
-                head?: undefined;
-                base?: undefined;
-                draft?: undefined;
-                pr_number?: undefined;
-                merge_method?: undefined;
-                fields?: undefined;
-                mimeType?: undefined;
-                content_base64?: undefined;
-                parent_folder_id?: undefined;
-                folder_id?: undefined;
-                q?: undefined;
-                page_size?: undefined;
-                jql?: undefined;
-                maxResults?: undefined;
-                startAt?: undefined;
-                issueIdOrKey?: undefined;
-                recent?: undefined;
-                projectKeyOrId?: undefined;
-                type?: undefined;
-                boardId?: undefined;
-                state?: undefined;
-                sprintId?: undefined;
-            };
-            required: string[];
-            additionalProperties: boolean;
-        };
-        constraints: {
-            rate_bucket: string;
-            requires_reviews_passed?: undefined;
-            max_size_mb?: undefined;
-        };
-        effects: string[];
-        risk: string;
-        version: string;
-    })[];
-    capabilities: {
-        capability: string;
-        description: string;
-        includes: string[];
-        version: string;
-    }[];
-};
-
-interface KeyPair {
-    publicKey: any;
-    privateKey: any;
-}
-declare function generateKeyPair(): Promise<KeyPair>;
-declare function signJWT(payload: any, privateKey: any, options?: {
-    issuer?: string;
-    audience?: string;
-    expiresIn?: string;
-    notBefore?: string;
-    subject?: string;
-    jti?: string;
-}): Promise<string>;
-declare function verifyJWT(jwt: string, publicKey: any, options?: {
-    issuer?: string;
-    audience?: string;
-}): Promise<jose.JWTPayload>;
-declare function generateNonce(): string;
-
-declare class SDJwtClient {
-    private static instances;
-    private static keyManager;
-    private static signerCache;
-    private static verifierCache;
-    private constructor();
-    /**
-     * Initialize with KeyManager for DID-based key management
-     */
-    static setKeyManager(keyManager: KeyManager): void;
-    /**
-     * Get SDJwtVcInstance for issuer role (VC issuance)
-     */
-    static getIssuerInstance(issuerDid: string): Promise<SDJwtVcInstance>;
-    /**
-     * Get SDJwtVcInstance for holder role (VP presentation)
-     */
-    static getHolderInstance(holderDid: string): Promise<SDJwtVcInstance>;
-    /**
-     * Get SDJwtVcInstance with specified role (backward compatibility)
-     */
-    static getSDJwtInstance(did: string, options?: {
-        role?: 'issuer' | 'holder';
-    }): Promise<SDJwtVcInstance>;
-    /**
-     * Create a new SDJwtVcInstance with DID-based keys and role
-     */
-    private static createInstance;
-    /**
-     * Create disclosure frame for selective disclosure
-     */
-    static createDisclosureFrame<T extends Record<string, any>>(claims: T, selectivelyDisclosable?: string[]): DisclosureFrame<T>;
-    /**
-     * Issue an SD-JWT with selective disclosure
-     */
-    static issueSDJWT(payload: Record<string, any>, _privateKey: any, // Not used since we get key from KeyManager based on issuer DID
-    selectiveDisclosureFields?: string[]): Promise<string>;
-    /**
-     * Verify an SD-JWT
-     */
-    static verifySDJWT(credential: string): Promise<{
-        valid: boolean;
-        payload?: any;
-        error?: string;
-    }>;
-    /**
-     * Legacy methods for backward compatibility
-     */
-    static createSignerVerifier(): Promise<{
-        signer: (data: string) => Promise<string>;
-        verifier: (data: string, signatureBase64url: string) => Promise<boolean>;
-    }>;
-    static generateKeyPair(): Promise<KeyPair>;
-    /**
-     * Clear caches for optimization
-     */
-    static clearCaches(): void;
-    /**
-     * Clear cache for specific issuer
-     */
-    static clearIssuerCache(issuerDid: string): void;
-    /**
-     * Get cache statistics
-     */
-    static getCacheStats(): {
-        instanceCount: number;
-        signerCount: number;
-        verifierCount: number;
-    };
-    /**
-     * Create a verifier function from an external public key
-     * This is used for verifying SD-JWTs when you don't have the private key
-     * (e.g., API side verifying credentials issued by MCP)
-     */
-    private static getVerifierFromPublicKey;
-    /**
-     * Get SDJwtVcInstance for verification with an external public key
-     * Used when verifying credentials without having the issuer's private key
-     */
-    private static getVerificationInstance;
-    /**
-     * Get SDJwtVcInstance for decoding without verification
-     */
-    private static getDecodingInstance;
-    /**
-     * Verify an SD-JWT with an external public key
-     * Use this when you have the issuer's public key but not their private key
-     *
-     * @param credential - The SD-JWT credential string
-     * @param publicKey - The issuer's public key (JWK format)
-     * @returns Verification result with valid flag and payload
-     *
-     * @example
-     * ```typescript
-     * const publicKey = extractPublicKeyFromDid(issuerDid)
-     * const result = await SDJwtClient.verifyWithExternalKey(credential, publicKey)
-     * if (result.valid) {
-     *   console.log('Verified claims:', result.payload.claims)
-     * }
-     * ```
-     */
-    static verifyWithExternalKey(credential: string, publicKey: JWK): Promise<{
-        valid: boolean;
-        payload?: any;
-        claims?: any;
-        error?: string;
-    }>;
-    /**
-     * Verify an SD-JWT by extracting the issuer's public key from the DID
-     * Automatically resolves did:jwk DIDs
-     *
-     * @param credential - The SD-JWT credential string
-     * @returns Verification result with valid flag and payload
-     *
-     * @example
-     * ```typescript
-     * const result = await SDJwtClient.verifyWithIssuerDid(credential)
-     * if (result.valid) {
-     *   console.log('Issuer:', result.payload.iss)
-     * }
-     * ```
-     */
-    static verifyWithIssuerDid(credential: string): Promise<{
-        valid: boolean;
-        payload?: any;
-        claims?: any;
-        issuerDid?: string;
-        error?: string;
-    }>;
-    /**
-     * Decode an SD-JWT without verification
-     * Use this when you need to inspect the credential before verification
-     * or when you don't have the issuer's public key
-     *
-     * WARNING: The returned payload has not been verified!
-     * Only use this for inspection purposes, not for authorization decisions.
-     *
-     * @param credential - The SD-JWT credential string
-     * @returns Decoded JWT payload, header, and disclosures
-     *
-     * @example
-     * ```typescript
-     * const decoded = await SDJwtClient.decodeWithoutVerification(credential)
-     * console.log('Issuer (unverified):', decoded.payload?.iss)
-     * console.log('Disclosures:', decoded.disclosures?.length)
-     * ```
-     */
-    static decodeWithoutVerification(credential: string): Promise<{
-        payload?: any;
-        header?: any;
-        disclosures?: any[];
-        claims?: any;
-        error?: string;
-    }>;
-    /**
-     * Extract issuer DID from an SD-JWT without verification
-     * Useful for determining the issuer before verification
-     *
-     * @param credential - The SD-JWT credential string
-     * @returns The issuer DID or null if not found
-     */
-    static extractIssuerDid(credential: string): string | null;
-}
-
-/**
- * DID Utilities
- *
- * Common utility functions for DID operations.
- * These functions are shared across AgentDIDManager, EphemeralDIDManager,
- * UserIdentityManager, and UserRootDIDManager.
- */
-
-/**
- * Public key JWK properties for did:jwk creation
- */
-interface PublicKeyJWK {
-    kty: string;
-    crv?: string;
-    x?: string;
-    y?: string;
-    use?: string;
-    alg?: string;
-}
-/**
- * Create did:jwk from a public key JWK
- *
- * @param publicKey - The public key JWK (can include private key fields, they will be filtered)
- * @returns The did:jwk string
- *
- * @example
- * ```typescript
- * const keyPair = await SDJwtClient.generateKeyPair()
- * const did = createDidJwk(keyPair.publicKey)
- * // => did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ii4uLiIsInkiOiIuLi4ifQ
- * ```
- */
-declare function createDidJwk(publicKey: JWK | PublicKeyJWK): string;
-/**
- * Extract public key JWK from a private key JWK
- *
- * @param privateKey - The private key JWK containing the 'd' parameter
- * @returns The public key JWK (without private key material)
- *
- * @example
- * ```typescript
- * const keyPair = await SDJwtClient.generateKeyPair()
- * const publicKey = extractPublicKey(keyPair.privateKey)
- * ```
- */
-declare function extractPublicKey(privateKey: JWK): JWK;
-/**
- * Extract public key JWK from a did:jwk string
- *
- * @param did - The did:jwk string
- * @returns The public key JWK decoded from the DID
- * @throws Error if the DID is not in did:jwk format
- *
- * @example
- * ```typescript
- * const publicKey = extractPublicKeyFromDid('did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ii4uLiIsInkiOiIuLi4ifQ')
- * ```
- */
-declare function extractPublicKeyFromDid(did: string): JWK;
-/**
- * Validate that a string is a valid did:jwk
- *
- * @param did - The string to validate
- * @returns true if valid did:jwk, false otherwise
- */
-declare function isValidDidJwk(did: string): boolean;
-/**
- * Get the key ID (kid) from a did:jwk
- * Following the did:jwk specification, the key ID is the DID with #0 appended
- *
- * @param did - The did:jwk string
- * @returns The key ID
- */
-declare function getKeyIdFromDid(did: string): string;
-
-declare const version = "0.0.1";
-
-export { type ABACPolicyEngine, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, APIVCManager, type AbacDecision, type AbacInput, type ActionMeta, type ActionRegistry, AgentDIDManager, AgentManager, AllowAllAbac, type CapabilityMeta, type CheckPermissionInput, type CheckPermissionResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type CredentialDisclosureConfig, type CredentialRef, type CredentialStatusInfo, type CredentialStore, type DecisionTrace, DisclosureConfigManager, DummyCreds, DummyVpVerifier, FilesystemKeyStorage, type JsonSchema, KeyManager, type KeyPairGenerationResult, type KeyRotationConfig, type KeyRotationInfo, KeyRotationManager, type KeyStorageConfig, type KeyStorageProvider, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, MetricsManager, type OperationMetric, type OrganizationDisclosureConfig, type PlanDelegationInput, type PlanDelegationResult, type Provider, type ReBACChecker, type Relation, type ResourceRef, type ResourceScope, type ResourceType, type RevocationList, type RevocationListEntry, RevocationManager, type SDJWTMetrics, SDJwtClient, SimpleRebac, type ToolDefinition, ToolManager, UserIdentityManager, UserKeyPairManager, VCManager, VPManager, type VerifiedVcClaims, type VpVerifier, checkPermissionWithVP, configure, createAjv, createDidJwk, defaultConstraintEvaluator, evaluateConstraints, extractPublicKey, extractPublicKeyFromDid, generateKeyPair, generateNonce, getClient, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, indexActions, indexCapabilities, isValidDidJwk, loadActionRegistryFromFile, loadActionRegistryFromObject, planDelegationForVC, resolveActionsFromSelection, signJWT, validateRegistryObject, verifyJWT, version };
+export declare const version = "0.0.1";
+//# sourceMappingURL=index.d.ts.map