/** * Agent Action Records Extension Schema * * Extension namespace: `org.peacprotocol/agent-action` * Record type URIs: 6 (one per event kind; see AGENT_ACTION_TYPE_URIS) * * Records observations of agent action events reported by a caller, harness, * or runtime. The caller observed the event; the caller's issuer is the * signer-of-record. PEAC provides the record format, validation, and signing * path. PEAC does not approve, deny, authorize, schedule, execute, govern, * enforce, monitor, score, or orchestrate actions. Action decisions * (approved / denied) are reported by the caller; the record describes what * the caller observed, not what PEAC decided. * * No-inline-content invariant (grammar-based, not heuristic-based): * - 20 forbidden top-level keys reject with `agent.action.inline_content_blocked` * - All `*_ref` fields validated by the `OpaqueRefSchema` grammar (no * whitespace, no `@`, recognized prefix, byte-bounded) * - Per-kind required fields enforced via discriminated union * * Validation returns the structured error contract: * `{ ok: true, value }` or `{ ok: false, errors: [{ code, path?, message }] }`. */ import { z } from 'zod'; export declare const AGENT_ACTION_EXTENSION_KEY: "org.peacprotocol/agent-action"; /** All 6 agent action record type URIs (one per event kind). */ export declare const AGENT_ACTION_TYPE_URIS: readonly ["org.peacprotocol/agent-action-invoked-observed", "org.peacprotocol/agent-action-delegated-observed", "org.peacprotocol/agent-action-approved-observed", "org.peacprotocol/agent-action-denied-observed", "org.peacprotocol/agent-action-cancelled-observed", "org.peacprotocol/agent-action-timed-out-observed"]; export type AgentActionTypeUri = (typeof AGENT_ACTION_TYPE_URIS)[number]; /** * Event-kind discriminator literal values. Each `event_kind` corresponds * 1:1 with a type URI in `AGENT_ACTION_TYPE_URIS` (drop the * `org.peacprotocol/` prefix from the URI to get the event_kind). */ declare const EVENT_KINDS: readonly ["agent-action-invoked-observed", "agent-action-delegated-observed", "agent-action-approved-observed", "agent-action-denied-observed", "agent-action-cancelled-observed", "agent-action-timed-out-observed"]; export type AgentActionEventKind = (typeof EVENT_KINDS)[number]; /** Stable error codes for `validateAgentAction` and `validateAgentActionForType`. */ export declare const AGENT_ACTION_ERROR_CODES: { readonly inlineContentBlocked: "agent.action.inline_content_blocked"; readonly unknownField: "agent.action.unknown_field"; readonly opaqueRefGrammarViolation: "agent.action.opaque_ref_grammar_violation"; readonly refMustBeString: "agent.action.ref_must_be_string"; readonly missingRequiredField: "agent.action.missing_required_field"; readonly eventKindUnknown: "agent.action.event_kind_unknown"; readonly invalidObservedAt: "agent.action.invalid_observed_at"; readonly typeEventKindMismatch: "agent.action.type_event_kind_mismatch"; readonly typeUriUnknown: "agent.action.type_uri_unknown"; }; /** * Closed-enum of forbidden top-level keys. These represent classes of * raw content-bearing fields that must not appear at the extension top level. * Any of these keys at the top level rejects with `agent.action.inline_content_blocked`. */ export declare const AGENT_ACTION_FORBIDDEN_TOP_LEVEL_KEYS: readonly ["prompt", "message", "messages", "body", "input", "output", "result", "response", "completion", "stdout", "stderr", "env", "secret", "token", "api_key", "private_key", "credential", "model_output", "tool_input", "tool_output"]; /** * The full agent action record (discriminated by `event_kind`). * * Forbidden-top-level-key checks run as a pre-flight inside * `validateAgentAction` so callers see `agent.action.inline_content_blocked` * with the offending key name rather than Zod's generic `unrecognized_keys`. */ export declare const AgentActionSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{ caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-invoked-observed">; }, z.core.$strict>, z.ZodObject<{ delegated_to_ref: z.ZodString; caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-delegated-observed">; }, z.core.$strict>, z.ZodObject<{ caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-approved-observed">; }, z.core.$strict>, z.ZodObject<{ caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-denied-observed">; }, z.core.$strict>, z.ZodObject<{ cancelled_by_ref: z.ZodOptional; caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-cancelled-observed">; }, z.core.$strict>, z.ZodObject<{ timeout_at: z.ZodOptional; caller_ref: z.ZodOptional; policy_ref: z.ZodOptional; policy_digest: z.ZodOptional; upstream_artifact_ref: z.ZodOptional; upstream_artifact_digest: z.ZodOptional; parent_ref: z.ZodOptional; agent_ref: z.ZodString; action_ref: z.ZodString; observed_at: z.ZodString; event_kind: z.ZodLiteral<"agent-action-timed-out-observed">; }, z.core.$strict>], "event_kind">; export type AgentAction = z.infer; export interface AgentActionValidationError { code: string; path?: string; message: string; } export type AgentActionValidationResult = { ok: true; value: AgentAction; } | { ok: false; errors: AgentActionValidationError[]; }; /** * Validate an agent action payload. * * Pre-flight order: * 1. Forbidden top-level keys -> agent.action.inline_content_blocked * 2. event_kind presence/value -> missing_required_field / event_kind_unknown * 3. observed_at presence -> missing_required_field * 4. Per-kind required fields -> missing_required_field * 5. Zod schema parse with priority-mapped stable codes */ export declare function validateAgentAction(data: unknown): AgentActionValidationResult; /** * Validate an agent action payload AND assert that its `event_kind` agrees * with the caller-supplied type URI. * * The type URI and `event_kind` have a 1:1 relationship: the event_kind * value is always `org.peacprotocol/` stripped of its prefix, * i.e. `typeUri.slice('org.peacprotocol/'.length)`. If they disagree, * `agent.action.type_event_kind_mismatch` is returned in addition to (or * instead of) any schema-level errors. * * Use this helper when the type URI comes from the wire-record envelope * and needs to be verified against the extension payload. */ export declare function validateAgentActionForType(typeUri: string, data: unknown): AgentActionValidationResult; export {}; //# sourceMappingURL=agent-action.d.ts.map