/** * PEAC Attestation Receipt Types (v0.10.8+) * * Attestation receipts are lightweight signed tokens that attest to API * interactions WITHOUT payment fields. This is a distinct profile from * full payment receipts (PEACReceiptClaims). * * Use cases: * - API interaction logging with evidentiary value * - Middleware-issued receipts for non-payment flows * - Audit trails for agent/tool interactions * * Claims structure: * - Core JWT claims: iss, aud, iat, exp * - PEAC claims: rid (UUIDv7 receipt ID) * - Optional: sub, ext (extensions including interaction binding) * * @see docs/specs/ATTESTATION-RECEIPTS.md */ import { z } from 'zod'; /** * Attestation receipt type constant */ export declare const ATTESTATION_RECEIPT_TYPE: "peac/attestation-receipt"; /** * Extension key for minimal interaction binding (middleware profile) * * This is a simplified binding used by middleware packages. For full * interaction evidence, use INTERACTION_EXTENSION_KEY from ./interaction.ts */ export declare const MIDDLEWARE_INTERACTION_KEY = "org.peacprotocol/middleware-interaction@0.1"; /** * Limits for attestation receipt fields (DoS protection) */ export declare const ATTESTATION_LIMITS: { /** Maximum issuer URL length */ readonly maxIssuerLength: 2048; /** Maximum audience URL length */ readonly maxAudienceLength: 2048; /** Maximum subject length */ readonly maxSubjectLength: 256; /** Maximum path length in interaction binding */ readonly maxPathLength: 2048; /** Maximum method length */ readonly maxMethodLength: 16; /** Maximum HTTP status code */ readonly maxStatusCode: 599; /** Minimum HTTP status code */ readonly minStatusCode: 100; }; /** * Minimal interaction binding schema (for middleware use) * * This is a simplified version of full interaction evidence. * Contains only: method, path, status. * * Privacy note: Query strings are excluded by default to avoid * leaking sensitive data (API keys, tokens, PII in parameters). */ export declare const MinimalInteractionBindingSchema: z.ZodObject<{ method: z.ZodPipe>; path: z.ZodString; status: z.ZodNumber; }, z.core.$strict>; /** * Attestation receipt extensions schema * * Allows interaction binding and other namespaced extensions. */ export declare const AttestationExtensionsSchema: z.ZodRecord; /** * PEAC Attestation Receipt Claims schema * * This is the claims structure for attestation receipts - lightweight * receipts without payment fields. For full payment receipts, use * ReceiptClaimsSchema from ./validators.ts */ export declare const AttestationReceiptClaimsSchema: z.ZodObject<{ iss: z.ZodString; aud: z.ZodString; iat: z.ZodNumber; exp: z.ZodNumber; rid: z.ZodString; sub: z.ZodOptional; ext: z.ZodOptional>; }, z.core.$strict>; export type MinimalInteractionBinding = z.infer; export type AttestationExtensions = z.infer; export type AttestationReceiptClaims = z.infer; /** * Validation result type */ export interface AttestationValidationResult { valid: boolean; error_code?: string; error_message?: string; } /** * Validate attestation receipt claims * * @param input - Raw input to validate * @returns Validation result */ export declare function validateAttestationReceiptClaims(input: unknown): AttestationValidationResult; /** * Check if an object is valid attestation receipt claims (non-throwing) * * @param claims - Object to check * @returns True if valid AttestationReceiptClaims */ export declare function isAttestationReceiptClaims(claims: unknown): claims is AttestationReceiptClaims; /** * Validate minimal interaction binding * * @param input - Raw input to validate * @returns Validation result */ export declare function validateMinimalInteractionBinding(input: unknown): AttestationValidationResult; /** * Check if an object is valid minimal interaction binding (non-throwing) * * @param binding - Object to check * @returns True if valid MinimalInteractionBinding */ export declare function isMinimalInteractionBinding(binding: unknown): binding is MinimalInteractionBinding; /** * Parameters for creating attestation receipt claims */ export interface CreateAttestationReceiptParams { /** Issuer URL (will be normalized) */ issuer: string; /** Audience URL */ audience: string; /** Receipt ID (UUIDv7) */ rid: string; /** Subject identifier (optional) */ sub?: string; /** Interaction binding (optional) */ interaction?: MinimalInteractionBinding; /** Additional extensions (optional) */ extensions?: Record; /** Expiration in seconds from now (default: 300) */ expiresIn?: number; } /** * Create validated attestation receipt claims * * @param params - Attestation receipt parameters * @returns Validated AttestationReceiptClaims * @throws ZodError if validation fails */ export declare function createAttestationReceiptClaims(params: CreateAttestationReceiptParams): AttestationReceiptClaims; /** * Check if claims are attestation-only (no payment fields) * * This helps discriminate between attestation receipts and * full payment receipts at runtime. * * @param claims - Receipt claims to check * @returns True if claims lack payment fields (amt, cur, payment) */ export declare function isAttestationOnly(claims: Record): boolean; /** * Check if claims are payment receipt (has payment fields) * * @param claims - Receipt claims to check * @returns True if claims have payment fields */ export declare function isPaymentReceipt(claims: Record): boolean; //# sourceMappingURL=attestation-receipt.d.ts.map