@vorionsys/contracts 0.1.0

package/dist/aci/attestation.d.ts

@@ -0,0 +1,648 @@
+/**
+ * @fileoverview ACI Attestation Types
+ *
+ * Defines types for attestations - cryptographic proofs issued by certification
+ * authorities that verify agent capabilities, identity, or compliance.
+ *
+ * Attestations are the foundation of trust in the ACI system, providing
+ * verifiable evidence that an agent has been certified at a particular level.
+ *
+ * @module @vorion/contracts/aci/attestation
+ */
+import { z } from 'zod';
+import { CertificationTier } from './tiers.js';
+import { type DomainCode } from './domains.js';
+/**
+ * Scope types for attestations.
+ *
+ * Defines what aspect of an agent is being attested:
+ * - full: Complete capability attestation
+ * - domain: Single domain attestation
+ * - level: Level-only attestation
+ * - training: Training data/methodology attestation
+ * - security: Security audit attestation
+ * - compliance: Regulatory compliance attestation
+ * - identity: Identity verification attestation
+ */
+export type AttestationScope = 'full' | 'domain' | 'level' | 'training' | 'security' | 'compliance' | 'identity';
+/**
+ * Array of all attestation scopes.
+ */
+export declare const ATTESTATION_SCOPES: readonly AttestationScope[];
+/**
+ * Zod schema for AttestationScope validation.
+ */
+export declare const attestationScopeSchema: z.ZodEnum<["full", "domain", "level", "training", "security", "compliance", "identity"]>;
+/**
+ * Descriptions for attestation scopes.
+ */
+export declare const ATTESTATION_SCOPE_DESCRIPTIONS: Readonly<Record<AttestationScope, string>>;
+/**
+ * Status of an attestation.
+ */
+export type AttestationStatus = 'active' | 'expired' | 'revoked' | 'suspended' | 'pending';
+/**
+ * Zod schema for AttestationStatus validation.
+ */
+export declare const attestationStatusSchema: z.ZodEnum<["active", "expired", "revoked", "suspended", "pending"]>;
+/**
+ * Evidence supporting an attestation.
+ */
+export interface AttestationEvidence {
+    /** URL to test results */
+    testResults?: string;
+    /** URL to audit report */
+    auditReport?: string;
+    /** URL to training data verification */
+    trainingVerification?: string;
+    /** URL to compliance documentation */
+    complianceDocumentation?: string;
+    /** Additional evidence URLs */
+    [key: string]: string | undefined;
+}
+/**
+ * Zod schema for AttestationEvidence validation.
+ */
+export declare const attestationEvidenceSchema: z.ZodObject<{
+    testResults: z.ZodOptional<z.ZodString>;
+    auditReport: z.ZodOptional<z.ZodString>;
+    trainingVerification: z.ZodOptional<z.ZodString>;
+    complianceDocumentation: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodOptional<z.ZodString>, z.objectOutputType<{
+    testResults: z.ZodOptional<z.ZodString>;
+    auditReport: z.ZodOptional<z.ZodString>;
+    trainingVerification: z.ZodOptional<z.ZodString>;
+    complianceDocumentation: z.ZodOptional<z.ZodString>;
+}, z.ZodOptional<z.ZodString>, "strip">, z.objectInputType<{
+    testResults: z.ZodOptional<z.ZodString>;
+    auditReport: z.ZodOptional<z.ZodString>;
+    trainingVerification: z.ZodOptional<z.ZodString>;
+    complianceDocumentation: z.ZodOptional<z.ZodString>;
+}, z.ZodOptional<z.ZodString>, "strip">>;
+/**
+ * Cryptographic proof for an attestation.
+ *
+ * Follows W3C Verifiable Credentials proof format.
+ */
+export interface AttestationProof {
+    /** Proof type (e.g., 'Ed25519Signature2020', 'JsonWebSignature2020') */
+    type: string;
+    /** When the proof was created (ISO 8601) */
+    created: string;
+    /** DID URL of the verification method */
+    verificationMethod: string;
+    /** Purpose of the proof (e.g., 'assertionMethod') */
+    proofPurpose: string;
+    /** JSON Web Signature */
+    jws: string;
+    /** Optional nonce for replay protection */
+    nonce?: string;
+    /** Optional challenge for interactive proofs */
+    challenge?: string;
+    /** Optional domain binding */
+    domain?: string;
+}
+/**
+ * Zod schema for AttestationProof validation.
+ */
+export declare const attestationProofSchema: z.ZodObject<{
+    type: z.ZodString;
+    created: z.ZodString;
+    verificationMethod: z.ZodString;
+    proofPurpose: z.ZodString;
+    jws: z.ZodString;
+    nonce: z.ZodOptional<z.ZodString>;
+    challenge: z.ZodOptional<z.ZodString>;
+    domain: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: string;
+    created: string;
+    verificationMethod: string;
+    proofPurpose: string;
+    jws: string;
+    nonce?: string | undefined;
+    domain?: string | undefined;
+    challenge?: string | undefined;
+}, {
+    type: string;
+    created: string;
+    verificationMethod: string;
+    proofPurpose: string;
+    jws: string;
+    nonce?: string | undefined;
+    domain?: string | undefined;
+    challenge?: string | undefined;
+}>;
+/**
+ * Attestation from a certification authority.
+ *
+ * Represents a verifiable claim about an agent's capabilities, identity,
+ * or compliance status issued by a trusted certification authority.
+ */
+export interface Attestation {
+    /** Unique attestation identifier */
+    id: string;
+    /** DID of the issuing certification authority */
+    issuer: string;
+    /** DID of the attested agent */
+    subject: string;
+    /** Scope of the attestation */
+    scope: AttestationScope;
+    /** Attested certification tier */
+    certificationTier: CertificationTier;
+    /** Specific domains covered (for domain scope) */
+    domains?: readonly DomainCode[];
+    /** When the attestation was issued */
+    issuedAt: Date;
+    /** When the attestation expires */
+    expiresAt: Date;
+    /** Current status */
+    status: AttestationStatus;
+    /** Evidence supporting the attestation */
+    evidence?: AttestationEvidence;
+    /** Cryptographic proof */
+    proof?: AttestationProof;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Zod schema for Attestation validation.
+ */
+export declare const attestationSchema: z.ZodObject<{
+    id: z.ZodString;
+    issuer: z.ZodString;
+    subject: z.ZodString;
+    scope: z.ZodEnum<["full", "domain", "level", "training", "security", "compliance", "identity"]>;
+    certificationTier: z.ZodNativeEnum<typeof CertificationTier>;
+    domains: z.ZodOptional<z.ZodArray<z.ZodEnum<["A", "B", "C", "D", "E", "F", "G", "H", "I", "S"]>, "many">>;
+    issuedAt: z.ZodDate;
+    expiresAt: z.ZodDate;
+    status: z.ZodEnum<["active", "expired", "revoked", "suspended", "pending"]>;
+    evidence: z.ZodOptional<z.ZodObject<{
+        testResults: z.ZodOptional<z.ZodString>;
+        auditReport: z.ZodOptional<z.ZodString>;
+        trainingVerification: z.ZodOptional<z.ZodString>;
+        complianceDocumentation: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodOptional<z.ZodString>, z.objectOutputType<{
+        testResults: z.ZodOptional<z.ZodString>;
+        auditReport: z.ZodOptional<z.ZodString>;
+        trainingVerification: z.ZodOptional<z.ZodString>;
+        complianceDocumentation: z.ZodOptional<z.ZodString>;
+    }, z.ZodOptional<z.ZodString>, "strip">, z.objectInputType<{
+        testResults: z.ZodOptional<z.ZodString>;
+        auditReport: z.ZodOptional<z.ZodString>;
+        trainingVerification: z.ZodOptional<z.ZodString>;
+        complianceDocumentation: z.ZodOptional<z.ZodString>;
+    }, z.ZodOptional<z.ZodString>, "strip">>>;
+    proof: z.ZodOptional<z.ZodObject<{
+        type: z.ZodString;
+        created: z.ZodString;
+        verificationMethod: z.ZodString;
+        proofPurpose: z.ZodString;
+        jws: z.ZodString;
+        nonce: z.ZodOptional<z.ZodString>;
+        challenge: z.ZodOptional<z.ZodString>;
+        domain: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        created: string;
+        verificationMethod: string;
+        proofPurpose: string;
+        jws: string;
+        nonce?: string | undefined;
+        domain?: string | undefined;
+        challenge?: string | undefined;
+    }, {
+        type: string;
+        created: string;
+        verificationMethod: string;
+        proofPurpose: string;
+        jws: string;
+        nonce?: string | undefined;
+        domain?: string | undefined;
+        challenge?: string | undefined;
+    }>>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    status: "active" | "suspended" | "pending" | "expired" | "revoked";
+    expiresAt: Date;
+    scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+    issuer: string;
+    subject: string;
+    certificationTier: CertificationTier;
+    issuedAt: Date;
+    metadata?: Record<string, unknown> | undefined;
+    domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+    evidence?: z.objectOutputType<{
+        testResults: z.ZodOptional<z.ZodString>;
+        auditReport: z.ZodOptional<z.ZodString>;
+        trainingVerification: z.ZodOptional<z.ZodString>;
+        complianceDocumentation: z.ZodOptional<z.ZodString>;
+    }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+    proof?: {
+        type: string;
+        created: string;
+        verificationMethod: string;
+        proofPurpose: string;
+        jws: string;
+        nonce?: string | undefined;
+        domain?: string | undefined;
+        challenge?: string | undefined;
+    } | undefined;
+}, {
+    id: string;
+    status: "active" | "suspended" | "pending" | "expired" | "revoked";
+    expiresAt: Date;
+    scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+    issuer: string;
+    subject: string;
+    certificationTier: CertificationTier;
+    issuedAt: Date;
+    metadata?: Record<string, unknown> | undefined;
+    domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+    evidence?: z.objectInputType<{
+        testResults: z.ZodOptional<z.ZodString>;
+        auditReport: z.ZodOptional<z.ZodString>;
+        trainingVerification: z.ZodOptional<z.ZodString>;
+        complianceDocumentation: z.ZodOptional<z.ZodString>;
+    }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+    proof?: {
+        type: string;
+        created: string;
+        verificationMethod: string;
+        proofPurpose: string;
+        jws: string;
+        nonce?: string | undefined;
+        domain?: string | undefined;
+        challenge?: string | undefined;
+    } | undefined;
+}>;
+/**
+ * Result of attestation verification.
+ */
+export interface AttestationVerificationResult {
+    /** Whether the attestation is valid */
+    valid: boolean;
+    /** Verification errors */
+    errors: AttestationVerificationError[];
+    /** Verification warnings */
+    warnings: AttestationVerificationWarning[];
+    /** Verified attestation data (if valid) */
+    attestation?: Attestation;
+    /** Verification timestamp */
+    verifiedAt: Date;
+    /** Verification method used */
+    verificationMethod?: string;
+}
+/**
+ * Attestation verification error.
+ */
+export interface AttestationVerificationError {
+    /** Error code */
+    code: AttestationVerificationErrorCode;
+    /** Human-readable message */
+    message: string;
+}
+/**
+ * Error codes for attestation verification.
+ */
+export type AttestationVerificationErrorCode = 'INVALID_SIGNATURE' | 'EXPIRED' | 'REVOKED' | 'SUSPENDED' | 'ISSUER_NOT_TRUSTED' | 'SUBJECT_MISMATCH' | 'INVALID_FORMAT' | 'PROOF_MISSING' | 'VERIFICATION_FAILED';
+/**
+ * Attestation verification warning.
+ */
+export interface AttestationVerificationWarning {
+    /** Warning code */
+    code: string;
+    /** Human-readable message */
+    message: string;
+}
+/**
+ * Zod schema for AttestationVerificationError.
+ */
+export declare const attestationVerificationErrorSchema: z.ZodObject<{
+    code: z.ZodEnum<["INVALID_SIGNATURE", "EXPIRED", "REVOKED", "SUSPENDED", "ISSUER_NOT_TRUSTED", "SUBJECT_MISMATCH", "INVALID_FORMAT", "PROOF_MISSING", "VERIFICATION_FAILED"]>;
+    message: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+    message: string;
+}, {
+    code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+    message: string;
+}>;
+/**
+ * Zod schema for AttestationVerificationWarning.
+ */
+export declare const attestationVerificationWarningSchema: z.ZodObject<{
+    code: z.ZodString;
+    message: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    code: string;
+    message: string;
+}, {
+    code: string;
+    message: string;
+}>;
+/**
+ * Zod schema for AttestationVerificationResult.
+ */
+export declare const attestationVerificationResultSchema: z.ZodObject<{
+    valid: z.ZodBoolean;
+    errors: z.ZodArray<z.ZodObject<{
+        code: z.ZodEnum<["INVALID_SIGNATURE", "EXPIRED", "REVOKED", "SUSPENDED", "ISSUER_NOT_TRUSTED", "SUBJECT_MISMATCH", "INVALID_FORMAT", "PROOF_MISSING", "VERIFICATION_FAILED"]>;
+        message: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+        message: string;
+    }, {
+        code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+        message: string;
+    }>, "many">;
+    warnings: z.ZodArray<z.ZodObject<{
+        code: z.ZodString;
+        message: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        code: string;
+        message: string;
+    }, {
+        code: string;
+        message: string;
+    }>, "many">;
+    attestation: z.ZodOptional<z.ZodObject<{
+        id: z.ZodString;
+        issuer: z.ZodString;
+        subject: z.ZodString;
+        scope: z.ZodEnum<["full", "domain", "level", "training", "security", "compliance", "identity"]>;
+        certificationTier: z.ZodNativeEnum<typeof CertificationTier>;
+        domains: z.ZodOptional<z.ZodArray<z.ZodEnum<["A", "B", "C", "D", "E", "F", "G", "H", "I", "S"]>, "many">>;
+        issuedAt: z.ZodDate;
+        expiresAt: z.ZodDate;
+        status: z.ZodEnum<["active", "expired", "revoked", "suspended", "pending"]>;
+        evidence: z.ZodOptional<z.ZodObject<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodOptional<z.ZodString>, z.objectOutputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip">, z.objectInputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip">>>;
+        proof: z.ZodOptional<z.ZodObject<{
+            type: z.ZodString;
+            created: z.ZodString;
+            verificationMethod: z.ZodString;
+            proofPurpose: z.ZodString;
+            jws: z.ZodString;
+            nonce: z.ZodOptional<z.ZodString>;
+            challenge: z.ZodOptional<z.ZodString>;
+            domain: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        }, {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        }>>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        status: "active" | "suspended" | "pending" | "expired" | "revoked";
+        expiresAt: Date;
+        scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+        issuer: string;
+        subject: string;
+        certificationTier: CertificationTier;
+        issuedAt: Date;
+        metadata?: Record<string, unknown> | undefined;
+        domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+        evidence?: z.objectOutputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+        proof?: {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        } | undefined;
+    }, {
+        id: string;
+        status: "active" | "suspended" | "pending" | "expired" | "revoked";
+        expiresAt: Date;
+        scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+        issuer: string;
+        subject: string;
+        certificationTier: CertificationTier;
+        issuedAt: Date;
+        metadata?: Record<string, unknown> | undefined;
+        domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+        evidence?: z.objectInputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+        proof?: {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        } | undefined;
+    }>>;
+    verifiedAt: z.ZodDate;
+    verificationMethod: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    valid: boolean;
+    errors: {
+        code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+        message: string;
+    }[];
+    warnings: {
+        code: string;
+        message: string;
+    }[];
+    verifiedAt: Date;
+    attestation?: {
+        id: string;
+        status: "active" | "suspended" | "pending" | "expired" | "revoked";
+        expiresAt: Date;
+        scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+        issuer: string;
+        subject: string;
+        certificationTier: CertificationTier;
+        issuedAt: Date;
+        metadata?: Record<string, unknown> | undefined;
+        domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+        evidence?: z.objectOutputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+        proof?: {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        } | undefined;
+    } | undefined;
+    verificationMethod?: string | undefined;
+}, {
+    valid: boolean;
+    errors: {
+        code: "EXPIRED" | "INVALID_FORMAT" | "INVALID_SIGNATURE" | "REVOKED" | "SUSPENDED" | "ISSUER_NOT_TRUSTED" | "SUBJECT_MISMATCH" | "PROOF_MISSING" | "VERIFICATION_FAILED";
+        message: string;
+    }[];
+    warnings: {
+        code: string;
+        message: string;
+    }[];
+    verifiedAt: Date;
+    attestation?: {
+        id: string;
+        status: "active" | "suspended" | "pending" | "expired" | "revoked";
+        expiresAt: Date;
+        scope: "training" | "domain" | "security" | "compliance" | "level" | "identity" | "full";
+        issuer: string;
+        subject: string;
+        certificationTier: CertificationTier;
+        issuedAt: Date;
+        metadata?: Record<string, unknown> | undefined;
+        domains?: ("A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "S")[] | undefined;
+        evidence?: z.objectInputType<{
+            testResults: z.ZodOptional<z.ZodString>;
+            auditReport: z.ZodOptional<z.ZodString>;
+            trainingVerification: z.ZodOptional<z.ZodString>;
+            complianceDocumentation: z.ZodOptional<z.ZodString>;
+        }, z.ZodOptional<z.ZodString>, "strip"> | undefined;
+        proof?: {
+            type: string;
+            created: string;
+            verificationMethod: string;
+            proofPurpose: string;
+            jws: string;
+            nonce?: string | undefined;
+            domain?: string | undefined;
+            challenge?: string | undefined;
+        } | undefined;
+    } | undefined;
+    verificationMethod?: string | undefined;
+}>;
+/**
+ * Options for creating an attestation.
+ */
+export interface CreateAttestationOptions {
+    /** Unique identifier (auto-generated if not provided) */
+    id?: string;
+    /** DID of the issuing certification authority */
+    issuer: string;
+    /** DID of the attested agent */
+    subject: string;
+    /** Scope of the attestation */
+    scope: AttestationScope;
+    /** Attested certification tier */
+    certificationTier: CertificationTier;
+    /** Specific domains covered (for domain scope) */
+    domains?: readonly DomainCode[];
+    /** Validity duration in milliseconds */
+    validityMs?: number;
+    /** Evidence supporting the attestation */
+    evidence?: AttestationEvidence;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Creates a new attestation.
+ *
+ * @param options - Attestation creation options
+ * @returns New attestation (without proof - must be signed separately)
+ *
+ * @example
+ * ```typescript
+ * const attestation = createAttestation({
+ *   issuer: 'did:web:certifier.example.com',
+ *   subject: 'did:web:agent.acme.com',
+ *   scope: 'full',
+ *   certificationTier: CertificationTier.T3_CERTIFIED,
+ *   validityMs: 365 * 24 * 60 * 60 * 1000, // 1 year
+ * });
+ * ```
+ */
+export declare function createAttestation(options: CreateAttestationOptions): Attestation;
+/**
+ * Verifies an attestation (basic validation without cryptographic verification).
+ *
+ * This function performs structural and temporal validation. Cryptographic
+ * verification of the proof requires additional libraries and is not
+ * performed here.
+ *
+ * @param attestation - The attestation to verify
+ * @param expectedSubject - Optional expected subject DID
+ * @param trustedIssuers - Optional list of trusted issuer DIDs
+ * @returns Verification result
+ */
+export declare function verifyAttestation(attestation: Attestation, expectedSubject?: string, trustedIssuers?: readonly string[]): AttestationVerificationResult;
+/**
+ * Checks if an attestation is currently valid.
+ *
+ * @param attestation - The attestation to check
+ * @returns True if the attestation is valid
+ */
+export declare function isAttestationValid(attestation: Attestation): boolean;
+/**
+ * Gets the remaining validity duration of an attestation.
+ *
+ * @param attestation - The attestation to check
+ * @returns Remaining validity in milliseconds (negative if expired)
+ */
+export declare function getAttestationRemainingValidity(attestation: Attestation): number;
+/**
+ * Checks if an attestation covers a specific domain.
+ *
+ * @param attestation - The attestation to check
+ * @param domain - The domain to check for
+ * @returns True if the attestation covers the domain
+ */
+export declare function attestationCoversDomain(attestation: Attestation, domain: DomainCode): boolean;
+/**
+ * Type guard to check if a value is a valid AttestationScope.
+ */
+export declare function isAttestationScope(value: unknown): value is AttestationScope;
+/**
+ * Type guard to check if a value is a valid AttestationStatus.
+ */
+export declare function isAttestationStatus(value: unknown): value is AttestationStatus;
+//# sourceMappingURL=attestation.d.ts.map

package/dist/aci/attestation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../src/aci/attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAA2B,MAAM,YAAY,CAAC;AACxE,OAAO,EAAE,KAAK,UAAU,EAAoB,MAAM,cAAc,CAAC;AAMjE;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,gBAAgB,GACxB,MAAM,GACN,QAAQ,GACR,OAAO,GACP,UAAU,GACV,UAAU,GACV,YAAY,GACZ,UAAU,CAAC;AAEf;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,SAAS,gBAAgB,EAQhD,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,sBAAsB,0FAGlC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,EAAE,QAAQ,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAQ5E,CAAC;AAMX;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,QAAQ,GACR,SAAS,GACT,SAAS,GACT,WAAW,GACX,SAAS,CAAC;AAEd;;GAEG;AACH,eAAO,MAAM,uBAAuB,qEAGnC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,sCAAsC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,+BAA+B;IAC/B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;wCAKE,CAAC;AAMzC;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qDAAqD;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;EASjC,CAAC;AAMH;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,oCAAoC;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,KAAK,EAAE,gBAAgB,CAAC;IACxB,kCAAkC;IAClC,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,kDAAkD;IAClD,OAAO,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IAChC,sCAAsC;IACtC,QAAQ,EAAE,IAAI,CAAC;IACf,mCAAmC;IACnC,SAAS,EAAE,IAAI,CAAC;IAChB,qBAAqB;IACrB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa5B,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,uCAAuC;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,0BAA0B;IAC1B,MAAM,EAAE,4BAA4B,EAAE,CAAC;IACvC,4BAA4B;IAC5B,QAAQ,EAAE,8BAA8B,EAAE,CAAC;IAC3C,2CAA2C;IAC3C,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,6BAA6B;IAC7B,UAAU,EAAE,IAAI,CAAC;IACjB,+BAA+B;IAC/B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,iBAAiB;IACjB,IAAI,EAAE,gCAAgC,CAAC;IACvC,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,gCAAgC,GACxC,mBAAmB,GACnB,SAAS,GACT,SAAS,GACT,WAAW,GACX,oBAAoB,GACpB,kBAAkB,GAClB,gBAAgB,GAChB,eAAe,GACf,qBAAqB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,eAAO,MAAM,kCAAkC;;;;;;;;;EAa7C,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,oCAAoC;;;;;;;;;EAG/C,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO9C,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,yDAAyD;IACzD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,KAAK,EAAE,gBAAgB,CAAC;IACxB,kCAAkC;IAClC,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,kDAAkD;IAClD,OAAO,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IAChC,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,WAAW,CAiBhF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,WAAW,EACxB,eAAe,CAAC,EAAE,MAAM,EACxB,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,GACjC,6BAA6B,CAuE/B;AAMD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAOpE;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,CAEhF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,UAAU,GACjB,OAAO,CAYT;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,gBAAgB,CAE5E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,iBAAiB,CAK9E"}