/** ZCAP-LD data model — W3C-CCG zcap-spec wire shape. */ export interface CapabilityProof { type: string; created?: string; verificationMethod: string; proofPurpose: string; proofValue: string; } export interface CapabilityDict { '@context': string; id: string; controller: string; invocationTarget: string; parentCapability?: string; allowedAction: string[]; expires?: string; caveat?: Array>; proof?: CapabilityProof; } /** * Mutable capability object. `toDict`/`fromDict` round-trip through * the spec's camelCase wire form. `withoutProof` returns the dict * that gets canonicalized (JCS) and signed. */ export declare class Capability { id: string; controller: string; invocationTarget: string; parentCapability?: string; allowedAction: string[]; expires?: string; caveat: Array>; proof?: CapabilityProof; constructor(opts: { id: string; controller: string; invocationTarget: string; parentCapability?: string; allowedAction: string[]; expires?: string; caveat?: Array>; proof?: CapabilityProof; }); toDict(): CapabilityDict; withoutProof(): Omit; static fromDict(d: CapabilityDict | Record): Capability; } /** * Ed25519 keypair handle for proof creation / verification. * * `verificationMethod` is the DID URL fragment that resolves to the * public key (e.g. `did:example:alice#key-1`); it lands in the proof * and is what a verifier uses to look up the public bytes via DID * resolution. */ export interface KeyMaterial { verificationMethod: string; publicKeyBytes: Uint8Array; privateKeyBytes?: Uint8Array; } /** * Runtime context the verifier evaluates caveats against. Built by * the EDV server (or any resource-fronting service) on each request * from the HTTP verb + target + claimed byte budget + clock. */ export interface InvocationContext { verb: string; invocationTarget: string; requestBytes?: number; nowIso?: string; }