/** * Vault Header Model * * Based on ZK-Vault spec ยง5.1 * Simplified for S3 suite (passphrase-based) initially */ export type SuiteId = 'S3' | 'P1' | 'H1' | string; export type AeadAlgorithm = 'AES-256-GCM' | 'XChaCha20-Poly1305'; export type PolicyMode = 'any-of' | 'all-of' | 'threshold' | 'passphrase'; export interface Argon2Params { memory: number; iterations: number; parallelism: number; } export interface RecipientWrap { kid: string; kem: string; ct: string; } export interface WrapAll { alg: 'HKDF-join'; kids: string[]; ct: string; } export interface ThresholdShare { kid: string; enc_share: { kem: string; ct: string; }; } export interface SignatureData { alg: string; pub: string; sig: string; } export interface GateExtension { type: 'zk-gate' | 'aa-gate' | string; suite: string; context: string; hint?: string; } export interface VaultHeaderMetadata { createdAt?: string; updatedAt?: string; tags?: string[]; description?: string; documentType?: string; filename?: string; signerConnectionId?: string; purpose?: 'signing' | 'signed-response' | string; originalVaultId?: string; signedAt?: string; signatureType?: string; receivedFrom?: string; receivedAt?: string; [key: string]: unknown; } /** * Main Vault Header Interface */ export interface VaultHeader { v: 1; suite: SuiteId; aead: AeadAlgorithm; docId: string; vaultId?: string; epoch: number; nonce: string; kcmp: string; salt?: string; argon2?: Argon2Params; policy?: { mode: PolicyMode; t?: number; n?: number; }; recipients?: RecipientWrap[]; wrap_all?: WrapAll; shares?: ThresholdShare[]; ext?: GateExtension[]; digest?: string; sig?: SignatureData; metadata?: VaultHeaderMetadata; } /** * Type guards */ export declare function isPassphraseVault(header: VaultHeader): boolean; export declare function isAnyOfVault(header: VaultHeader): boolean; export declare function isAllOfVault(header: VaultHeader): boolean; export declare function isThresholdVault(header: VaultHeader): boolean;