/** * Evidence Carrier Contract schemas and helpers * * Zod validation schemas for PeacEvidenceCarrier and CarrierMeta, * plus the canonical computeReceiptRef() and validateCarrierConstraints() * functions used by all carrier adapters. */ import { z } from 'zod'; import type { CarrierMeta, CarrierValidationResult, PeacEvidenceCarrier, ReceiptRef } from '@peac/kernel'; /** Maximum carrier size per transport */ export declare const CARRIER_TRANSPORT_LIMITS: { /** MCP _meta: 64 KB */ readonly mcp: 65536; /** A2A metadata: 64 KB */ readonly a2a: 65536; /** ACP embed in body: 64 KB; headers only: 8 KB */ readonly acp_embed: 65536; readonly acp_headers: 8192; /** UCP webhook body: 64 KB */ readonly ucp: 65536; /** x402 embed in body: 64 KB; headers only: 8 KB */ readonly x402_embed: 65536; readonly x402_headers: 8192; /** HTTP headers only: 8 KB */ readonly http: 8192; }; /** Validates a content-addressed receipt reference: sha256:<64 hex chars> */ export declare const ReceiptRefSchema: z.ZodString; /** Validates a compact JWS: header.payload.signature (base64url parts) */ export declare const CompactJwsSchema: z.ZodString; /** Carrier format schema */ export declare const CarrierFormatSchema: z.ZodEnum<{ embed: "embed"; reference: "reference"; }>; /** * Validates receipt_url: HTTPS-only, max 2048 chars, no credentials. * Validation only: no I/O, no fetch. Resolution lives in Layer 4. */ export declare const ReceiptUrlSchema: z.ZodString; /** Schema for PeacEvidenceCarrier */ export declare const PeacEvidenceCarrierSchema: z.ZodObject<{ receipt_ref: z.ZodString; receipt_jws: z.ZodOptional; receipt_url: z.ZodOptional; policy_binding: z.ZodOptional; actor_binding: z.ZodOptional; request_nonce: z.ZodOptional; verification_report_ref: z.ZodOptional; use_policy_ref: z.ZodOptional; representation_ref: z.ZodOptional; attestation_ref: z.ZodOptional; }, z.core.$strip>; /** Schema for CarrierMeta */ export declare const CarrierMetaSchema: z.ZodObject<{ transport: z.ZodString; format: z.ZodEnum<{ embed: "embed"; reference: "reference"; }>; max_size: z.ZodNumber; redaction: z.ZodOptional>; }, z.core.$strip>; /** * Canonical receipt_ref boundary helper. * * Computes SHA-256 over the UTF-8 bytes of the compact JWS string as emitted, * then applies the `sha256:` reference prefix at the receipt_ref boundary. The * digest body is bare lowercase hex; the prefix is part of the reference format, * not the hash primitive. * * Carrier adapters should use this helper rather than recomputing receipt_ref * locally, so receipt references stay byte-identical across transports. * * SHA-256 is implemented here directly via `crypto.subtle` because * `@peac/schema` is Layer 1 and depends only on `@peac/kernel`; importing * `@peac/crypto` would introduce an up-layer dependency. The schema and crypto * digest paths are locked together by the SHA-256 boundary-contract tooling test. */ export declare function computeReceiptRef(jws: string): Promise; /** * Canonical carrier constraint validator. * * Validates a carrier against transport-specific constraints using * the provided CarrierMeta. This is the single validation function * that all CarrierAdapter.validateConstraints() implementations delegate to. * * Checks performed: * 1. receipt_ref format (sha256:) * 2. receipt_jws format (if present): valid compact JWS * 3. Total serialized size within meta.max_size * 4. If receipt_jws present: receipt_ref consistency * 5. All string fields within MAX_STRING_LENGTH */ export declare function validateCarrierConstraints(carrier: PeacEvidenceCarrier, meta: CarrierMeta): CarrierValidationResult; /** * Verify receipt_ref consistency with receipt_jws. * * If both receipt_ref and receipt_jws are present, verifies that * sha256(receipt_jws) equals receipt_ref. This prevents carrier * tampering after attachment. * * Returns null if consistent or receipt_jws is absent; * returns an error string if inconsistent. */ export declare function verifyReceiptRefConsistency(carrier: PeacEvidenceCarrier): Promise; export type { CarrierFormat, CarrierMeta, CarrierValidationResult, PeacEvidenceCarrier, ReceiptRef, CarrierAdapter, } from '@peac/kernel'; //# sourceMappingURL=carrier.d.ts.map