/**
 * Formal error codes for Beltic credential validation and verification.
 *
 * Codes follow the format:
 * - RV-D### : Date ordering rules
 * - RV-F### : Freshness rules
 * - RV-X### : Data category conditional rules (Agent)
 * - SIG-### : Signature/JWT verification errors
 */
/**
 * Date ordering validation rules.
 */
export declare const DATE_ORDER_CODES: {
    /** issuanceDate must be before expirationDate */
    readonly 'RV-D001': "DATE_ORDER_ISSUANCE_EXPIRATION";
    /** issuanceDate <= lastUpdatedDate <= expirationDate */
    readonly 'RV-D002': "DATE_ORDER_LAST_UPDATED";
    /** proof.created must be >= issuanceDate */
    readonly 'RV-D003': "DATE_ORDER_PROOF_CREATED";
};
/**
 * Freshness validation rules.
 */
export declare const FRESHNESS_CODES: {
    /** sanctionsScreeningLastChecked max age 90 days */
    readonly 'RV-F001': "FRESHNESS_SANCTIONS_SCREENING";
    /** pepRiskLastAssessed max age 180 days */
    readonly 'RV-F002': "FRESHNESS_PEP_ASSESSMENT";
    /** adverseMediaLastAssessed max age 180 days */
    readonly 'RV-F003': "FRESHNESS_ADVERSE_MEDIA";
    /** taxIdLastVerifiedDate max age 730 days (2 years) */
    readonly 'RV-F004': "FRESHNESS_TAX_VERIFICATION";
    /** expirationDate must be in the future */
    readonly 'RV-F005': "FRESHNESS_EXPIRATION";
    /** safetyEvaluationDate max age 180 days (Agent) */
    readonly 'RV-F006': "FRESHNESS_SAFETY_EVALUATION";
    /** toolsLastAudited max age 180 days (Agent) */
    readonly 'RV-F007': "FRESHNESS_TOOLS_AUDIT";
};
/**
 * Data category conditional rules (Agent credentials).
 */
export declare const DATA_CATEGORY_CODES: {
    /** PHI in dataCategoriesProcessed requires HIPAA certification */
    readonly 'RV-X001': "DATA_CATEGORY_PHI_HIPAA";
    /** Financial data requires PCI-DSS or SOC2 certification */
    readonly 'RV-X002': "DATA_CATEGORY_FINANCIAL_COMPLIANCE";
    /** children_data requires ageRestrictions and piiDetectionEnabled */
    readonly 'RV-X003': "DATA_CATEGORY_CHILDREN_PROTECTION";
    /** Biometric data requires explicit consent policy */
    readonly 'RV-X004': "DATA_CATEGORY_BIOMETRIC_CONSENT";
    /** Government ID requires additional security measures */
    readonly 'RV-X005': "DATA_CATEGORY_GOVERNMENT_ID";
};
/**
 * All validation error codes.
 */
export declare const VALIDATION_ERRORS: {
    /** PHI in dataCategoriesProcessed requires HIPAA certification */
    readonly 'RV-X001': "DATA_CATEGORY_PHI_HIPAA";
    /** Financial data requires PCI-DSS or SOC2 certification */
    readonly 'RV-X002': "DATA_CATEGORY_FINANCIAL_COMPLIANCE";
    /** children_data requires ageRestrictions and piiDetectionEnabled */
    readonly 'RV-X003': "DATA_CATEGORY_CHILDREN_PROTECTION";
    /** Biometric data requires explicit consent policy */
    readonly 'RV-X004': "DATA_CATEGORY_BIOMETRIC_CONSENT";
    /** Government ID requires additional security measures */
    readonly 'RV-X005': "DATA_CATEGORY_GOVERNMENT_ID";
    /** sanctionsScreeningLastChecked max age 90 days */
    readonly 'RV-F001': "FRESHNESS_SANCTIONS_SCREENING";
    /** pepRiskLastAssessed max age 180 days */
    readonly 'RV-F002': "FRESHNESS_PEP_ASSESSMENT";
    /** adverseMediaLastAssessed max age 180 days */
    readonly 'RV-F003': "FRESHNESS_ADVERSE_MEDIA";
    /** taxIdLastVerifiedDate max age 730 days (2 years) */
    readonly 'RV-F004': "FRESHNESS_TAX_VERIFICATION";
    /** expirationDate must be in the future */
    readonly 'RV-F005': "FRESHNESS_EXPIRATION";
    /** safetyEvaluationDate max age 180 days (Agent) */
    readonly 'RV-F006': "FRESHNESS_SAFETY_EVALUATION";
    /** toolsLastAudited max age 180 days (Agent) */
    readonly 'RV-F007': "FRESHNESS_TOOLS_AUDIT";
    /** issuanceDate must be before expirationDate */
    readonly 'RV-D001': "DATE_ORDER_ISSUANCE_EXPIRATION";
    /** issuanceDate <= lastUpdatedDate <= expirationDate */
    readonly 'RV-D002': "DATE_ORDER_LAST_UPDATED";
    /** proof.created must be >= issuanceDate */
    readonly 'RV-D003': "DATE_ORDER_PROOF_CREATED";
};
export type ValidationErrorCode = keyof typeof VALIDATION_ERRORS;
/**
 * Signature and JWT verification error codes.
 */
export declare const SIGNATURE_ERRORS: {
    /** Invalid JWS structure (not 3-part dot-separated) */
    readonly 'SIG-001': "INVALID_JWS_STRUCTURE";
    /** Unsupported algorithm (not ES256, EdDSA, ES384, ES512) */
    readonly 'SIG-002': "UNSUPPORTED_ALGORITHM";
    /** Algorithm "none" is not allowed */
    readonly 'SIG-003': "ALG_NONE_NOT_ALLOWED";
    /** Missing kid header */
    readonly 'SIG-004': "MISSING_KID_HEADER";
    /** Invalid kid format (must be DID#keyId) */
    readonly 'SIG-005': "INVALID_KID_FORMAT";
    /** Key not found for the specified kid */
    readonly 'SIG-006': "KEY_NOT_FOUND";
    /** Key type does not match algorithm */
    readonly 'SIG-007': "KEY_TYPE_MISMATCH";
    /** Signature verification failed */
    readonly 'SIG-008': "SIGNATURE_VERIFICATION_FAILED";
    /** Token is expired (exp claim) */
    readonly 'SIG-009': "TOKEN_EXPIRED";
    /** Token not yet valid (nbf claim) */
    readonly 'SIG-010': "TOKEN_NOT_YET_VALID";
    /** Invalid audience (aud claim mismatch) */
    readonly 'SIG-011': "INVALID_AUDIENCE";
    /** Credential has been revoked */
    readonly 'SIG-012': "CREDENTIAL_REVOKED";
    /** Status list unavailable for revocation check */
    readonly 'SIG-013': "STATUS_LIST_UNAVAILABLE";
    /** Schema validation failed on decoded credential */
    readonly 'SIG-014': "SCHEMA_VALIDATION_FAILED";
    /** JWT claims inconsistent with credential fields */
    readonly 'SIG-015': "CLAIMS_MAPPING_INCONSISTENT";
    /** Replay attack detected (duplicate jti from same issuer) */
    readonly 'SIG-016': "REPLAY_DETECTED";
};
export type SignatureErrorCode = keyof typeof SIGNATURE_ERRORS;
/**
 * Allowed JWT signing algorithms (EC/EdDSA only).
 */
export declare const ALLOWED_ALGORITHMS: readonly ["ES256", "ES384", "ES512", "EdDSA"];
/**
 * Prohibited algorithms for security reasons.
 */
export declare const PROHIBITED_ALGORITHMS: readonly ["none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512"];
export type AllowedAlgorithm = typeof ALLOWED_ALGORITHMS[number];
/**
 * Error severity levels for validation errors.
 */
export type ErrorSeverity = 'critical' | 'high' | 'medium' | 'low' | 'warning';
/**
 * Default severities for validation error codes.
 */
export declare const ERROR_SEVERITIES: Record<string, ErrorSeverity>;
/**
 * Maximum allowed clock skew in seconds (5 minutes per spec).
 */
export declare const MAX_CLOCK_SKEW_SECONDS = 300;
//# sourceMappingURL=codes.d.ts.map