/**
 * Zod validators for PEAC protocol types
 */
import { z } from 'zod';
import { type JsonEvidenceLimits } from './json';
import { type PEACError } from './errors';
export declare const NormalizedPayment: z.ZodObject<{
    rail: z.ZodString;
    reference: z.ZodString;
    amount: z.ZodNumber;
    currency: z.ZodString;
    asset: z.ZodOptional<z.ZodString>;
    env: z.ZodOptional<z.ZodString>;
    evidence: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>>;
    metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
}, z.core.$strict>;
export declare const Subject: z.ZodObject<{
    uri: z.ZodString;
}, z.core.$strict>;
export declare const AIPREFSnapshot: z.ZodObject<{
    url: z.ZodString;
    hash: z.ZodString;
}, z.core.$strict>;
export declare const Extensions: z.ZodObject<{
    aipref_snapshot: z.ZodOptional<z.ZodObject<{
        url: z.ZodString;
        hash: z.ZodString;
    }, z.core.$strict>>;
}, z.core.$catchall<z.ZodUnknown>>;
/**
 * Wire 0.1 JWS header Zod schema (canonical name, v0.12.0-preview.1+).
 *
 * Note: `@peac/crypto` exports a TypeScript discriminated-union type also
 * named `JWSHeader` that covers Wire 0.1, Wire 0.2, and UnTyped variants.
 * This schema validates the runtime shape of Wire 0.1 headers only.
 */
export declare const Wire01JWSHeaderSchema: z.ZodObject<{
    typ: z.ZodLiteral<"peac-receipt/0.1">;
    alg: z.ZodLiteral<"EdDSA">;
    kid: z.ZodString;
}, z.core.$strict>;
/**
 * @deprecated Use `Wire01JWSHeaderSchema`. Kept for backward compatibility;
 * will be removed at v1.0.
 */
export declare const JWSHeader: z.ZodObject<{
    typ: z.ZodLiteral<"peac-receipt/0.1">;
    alg: z.ZodLiteral<"EdDSA">;
    kid: z.ZodString;
}, z.core.$strict>;
export declare const ReceiptClaimsSchema: z.ZodObject<{
    iss: z.ZodString;
    aud: z.ZodString;
    iat: z.ZodNumber;
    exp: z.ZodOptional<z.ZodNumber>;
    rid: z.ZodString;
    amt: z.ZodNumber;
    cur: z.ZodString;
    payment: z.ZodObject<{
        rail: z.ZodString;
        reference: z.ZodString;
        amount: z.ZodNumber;
        currency: z.ZodString;
        asset: z.ZodOptional<z.ZodString>;
        env: z.ZodOptional<z.ZodString>;
        evidence: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>>;
        metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
    }, z.core.$strict>;
    subject: z.ZodOptional<z.ZodObject<{
        uri: z.ZodString;
    }, z.core.$strict>>;
    ext: z.ZodOptional<z.ZodObject<{
        aipref_snapshot: z.ZodOptional<z.ZodObject<{
            url: z.ZodString;
            hash: z.ZodString;
        }, z.core.$strict>>;
    }, z.core.$catchall<z.ZodUnknown>>>;
    purpose_declared: z.ZodOptional<z.ZodArray<z.ZodString>>;
    purpose_enforced: z.ZodOptional<z.ZodEnum<{
        search: "search";
        inference: "inference";
        index: "index";
        train: "train";
        user_action: "user_action";
    }>>;
    purpose_reason: z.ZodOptional<z.ZodEnum<{
        allowed: "allowed";
        constrained: "constrained";
        denied: "denied";
        downgraded: "downgraded";
        undeclared_default: "undeclared_default";
        unknown_preserved: "unknown_preserved";
    }>>;
}, z.core.$strict>;
/**
 * Schema-derived receipt claims type (v0.9.30+)
 *
 * This is the canonical type for receipt claims - derived from the Zod schema.
 * Use this type instead of manually-defined interfaces to ensure type/schema parity.
 */
export type ReceiptClaimsType = z.infer<typeof ReceiptClaimsSchema>;
/**
 * @deprecated Use ReceiptClaimsSchema instead. Renamed in v0.9.30.
 */
export declare const ReceiptClaims: z.ZodObject<{
    iss: z.ZodString;
    aud: z.ZodString;
    iat: z.ZodNumber;
    exp: z.ZodOptional<z.ZodNumber>;
    rid: z.ZodString;
    amt: z.ZodNumber;
    cur: z.ZodString;
    payment: z.ZodObject<{
        rail: z.ZodString;
        reference: z.ZodString;
        amount: z.ZodNumber;
        currency: z.ZodString;
        asset: z.ZodOptional<z.ZodString>;
        env: z.ZodOptional<z.ZodString>;
        evidence: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>>;
        metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
    }, z.core.$strict>;
    subject: z.ZodOptional<z.ZodObject<{
        uri: z.ZodString;
    }, z.core.$strict>>;
    ext: z.ZodOptional<z.ZodObject<{
        aipref_snapshot: z.ZodOptional<z.ZodObject<{
            url: z.ZodString;
            hash: z.ZodString;
        }, z.core.$strict>>;
    }, z.core.$catchall<z.ZodUnknown>>>;
    purpose_declared: z.ZodOptional<z.ZodArray<z.ZodString>>;
    purpose_enforced: z.ZodOptional<z.ZodEnum<{
        search: "search";
        inference: "inference";
        index: "index";
        train: "train";
        user_action: "user_action";
    }>>;
    purpose_reason: z.ZodOptional<z.ZodEnum<{
        allowed: "allowed";
        constrained: "constrained";
        denied: "denied";
        downgraded: "downgraded";
        undeclared_default: "undeclared_default";
        unknown_preserved: "unknown_preserved";
    }>>;
}, z.core.$strict>;
export declare const VerifyRequest: z.ZodObject<{
    receipt_jws: z.ZodString;
}, z.core.$strict>;
/**
 * Control purpose - what the access is for
 *
 * v0.9.17+: Added ai_input, search for RSL alignment
 * v0.9.18+: Added ai_index (RSL 1.0 canonical token). Removed ai_search.
 * v0.9.24+: Added user_action for agent-on-behalf-of-user scenarios.
 *
 * @see https://rslstandard.org/rsl for RSL 1.0 specification
 */
export declare const ControlPurposeSchema: z.ZodEnum<{
    search: "search";
    inference: "inference";
    crawl: "crawl";
    index: "index";
    train: "train";
    user_action: "user_action";
    ai_input: "ai_input";
    ai_index: "ai_index";
}>;
/**
 * Control licensing mode - how access is licensed
 */
export declare const ControlLicensingModeSchema: z.ZodEnum<{
    subscription: "subscription";
    pay_per_crawl: "pay_per_crawl";
    pay_per_inference: "pay_per_inference";
}>;
/**
 * Control decision type
 */
export declare const ControlDecisionSchema: z.ZodEnum<{
    allow: "allow";
    deny: "deny";
    review: "review";
}>;
/**
 * Single control step in governance chain
 */
export declare const ControlStepSchema: z.ZodObject<{
    engine: z.ZodString;
    version: z.ZodOptional<z.ZodString>;
    policy_id: z.ZodOptional<z.ZodString>;
    result: z.ZodEnum<{
        allow: "allow";
        deny: "deny";
        review: "review";
    }>;
    reason: z.ZodOptional<z.ZodString>;
    purpose: z.ZodOptional<z.ZodEnum<{
        search: "search";
        inference: "inference";
        crawl: "crawl";
        index: "index";
        train: "train";
        user_action: "user_action";
        ai_input: "ai_input";
        ai_index: "ai_index";
    }>>;
    licensing_mode: z.ZodOptional<z.ZodEnum<{
        subscription: "subscription";
        pay_per_crawl: "pay_per_crawl";
        pay_per_inference: "pay_per_inference";
    }>>;
    scope: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
    limits_snapshot: z.ZodOptional<z.ZodUnknown>;
    evidence_ref: z.ZodOptional<z.ZodString>;
}, z.core.$strip>;
/**
 * Composable control block - multi-party governance
 */
export declare const ControlBlockSchema: z.ZodObject<{
    chain: z.ZodArray<z.ZodObject<{
        engine: z.ZodString;
        version: z.ZodOptional<z.ZodString>;
        policy_id: z.ZodOptional<z.ZodString>;
        result: z.ZodEnum<{
            allow: "allow";
            deny: "deny";
            review: "review";
        }>;
        reason: z.ZodOptional<z.ZodString>;
        purpose: z.ZodOptional<z.ZodEnum<{
            search: "search";
            inference: "inference";
            crawl: "crawl";
            index: "index";
            train: "train";
            user_action: "user_action";
            ai_input: "ai_input";
            ai_index: "ai_index";
        }>>;
        licensing_mode: z.ZodOptional<z.ZodEnum<{
            subscription: "subscription";
            pay_per_crawl: "pay_per_crawl";
            pay_per_inference: "pay_per_inference";
        }>>;
        scope: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
        limits_snapshot: z.ZodOptional<z.ZodUnknown>;
        evidence_ref: z.ZodOptional<z.ZodString>;
    }, z.core.$strip>>;
    decision: z.ZodEnum<{
        allow: "allow";
        deny: "deny";
        review: "review";
    }>;
    combinator: z.ZodOptional<z.ZodLiteral<"any_can_veto">>;
}, z.core.$strip>;
/**
 * Purpose token validator
 *
 * PurposeToken is a string that matches the purpose grammar:
 * - Lowercase letters, digits, underscores
 * - Optional vendor prefix with colon (e.g., "cf:ai_crawler")
 * - Max 64 characters
 *
 * Uses string type (not enum) to preserve unknown tokens for forward-compat.
 */
export declare const PurposeTokenSchema: z.ZodString;
/**
 * Canonical purpose validator
 *
 * CanonicalPurpose is one of PEAC's normative purpose tokens.
 * Only these tokens have enforcement semantics.
 */
export declare const CanonicalPurposeSchema: z.ZodEnum<{
    search: "search";
    inference: "inference";
    index: "index";
    train: "train";
    user_action: "user_action";
}>;
/**
 * Purpose reason validator
 *
 * PurposeReason is the audit spine explaining enforcement decisions.
 */
export declare const PurposeReasonSchema: z.ZodEnum<{
    allowed: "allowed";
    constrained: "constrained";
    denied: "denied";
    downgraded: "downgraded";
    undeclared_default: "undeclared_default";
    unknown_preserved: "unknown_preserved";
}>;
/**
 * Payment split schema
 *
 * Invariants:
 * - party is required (non-empty string)
 * - amount if present must be >= 0
 * - share if present must be in [0,1]
 * - At least one of amount or share must be specified
 */
export declare const PaymentSplitSchema: z.ZodObject<{
    party: z.ZodString;
    amount: z.ZodOptional<z.ZodNumber>;
    currency: z.ZodOptional<z.ZodString>;
    share: z.ZodOptional<z.ZodNumber>;
    rail: z.ZodOptional<z.ZodString>;
    account_ref: z.ZodOptional<z.ZodString>;
    metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
}, z.core.$strict>;
/**
 * Payment routing mode schema (rail-agnostic)
 *
 * Describes how the payment is routed between payer, aggregator, and merchant.
 * This is a generic hint - specific rails populate it from their native formats.
 *
 * Values:
 * - "direct": Direct payment to merchant (no intermediary)
 * - "callback": Routed via callback URL / payment service
 * - "role": Role-based routing (e.g., "publisher", "platform")
 *
 * Examples of producers:
 * - x402 v2 `payTo.mode` -> routing
 * - Stripe Connect `destination` -> routing = 'direct' or 'callback'
 * - UPI `pa` (payee address) -> routing = 'direct'
 */
export declare const PaymentRoutingSchema: z.ZodEnum<{
    direct: "direct";
    callback: "callback";
    role: "role";
}>;
/**
 * Payment evidence schema
 *
 * Full schema for PaymentEvidence including aggregator/splits support.
 */
export declare const PaymentEvidenceSchema: z.ZodObject<{
    rail: z.ZodString;
    reference: z.ZodString;
    amount: z.ZodNumber;
    currency: z.ZodString;
    asset: z.ZodString;
    env: z.ZodEnum<{
        live: "live";
        test: "test";
    }>;
    network: z.ZodOptional<z.ZodString>;
    facilitator_ref: z.ZodOptional<z.ZodString>;
    evidence: z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>;
    aggregator: z.ZodOptional<z.ZodString>;
    splits: z.ZodOptional<z.ZodArray<z.ZodObject<{
        party: z.ZodString;
        amount: z.ZodOptional<z.ZodNumber>;
        currency: z.ZodOptional<z.ZodString>;
        share: z.ZodOptional<z.ZodNumber>;
        rail: z.ZodOptional<z.ZodString>;
        account_ref: z.ZodOptional<z.ZodString>;
        metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
    }, z.core.$strict>>>;
    routing: z.ZodOptional<z.ZodEnum<{
        direct: "direct";
        callback: "callback";
        role: "role";
    }>>;
}, z.core.$strict>;
/**
 * Subject type schema
 */
export declare const SubjectTypeSchema: z.ZodEnum<{
    human: "human";
    org: "org";
    agent: "agent";
}>;
/**
 * Subject profile schema
 *
 * Invariants:
 * - id is required (non-empty string)
 * - type is required (human, org, or agent)
 * - labels if present must be non-empty strings
 */
export declare const SubjectProfileSchema: z.ZodObject<{
    id: z.ZodString;
    type: z.ZodEnum<{
        human: "human";
        org: "org";
        agent: "agent";
    }>;
    labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
    metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
}, z.core.$strict>;
/**
 * Subject profile snapshot schema
 *
 * Invariants:
 * - subject is required (valid SubjectProfile)
 * - captured_at is required (non-empty string)
 *   MUST be RFC 3339 / ISO 8601 UTC; format not enforced in schema for v0.9.16
 */
export declare const SubjectProfileSnapshotSchema: z.ZodObject<{
    subject: z.ZodObject<{
        id: z.ZodString;
        type: z.ZodEnum<{
            human: "human";
            org: "org";
            agent: "agent";
        }>;
        labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
        metadata: z.ZodOptional<z.ZodType<import("@peac/kernel").JsonObject, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonObject, unknown>>>;
    }, z.core.$strict>;
    captured_at: z.ZodString;
    source: z.ZodOptional<z.ZodString>;
    version: z.ZodOptional<z.ZodString>;
}, z.core.$strict>;
/**
 * Namespaced extensions schema
 *
 * Keys must be namespaced (e.g., "com.example/field", "io.vendor/data").
 * This provides a forward-compatible extension mechanism.
 */
export declare const ExtensionsSchema: z.ZodRecord<z.ZodString, z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>>;
/**
 * Generic attestation schema
 *
 * Invariants:
 * - issuer, type, issued_at, evidence are required
 * - issued_at and expires_at must be RFC 3339 date-time
 * - ref if present must be a valid URI
 */
export declare const AttestationSchema: z.ZodObject<{
    issuer: z.ZodString;
    type: z.ZodString;
    issued_at: z.ZodString;
    expires_at: z.ZodOptional<z.ZodString>;
    ref: z.ZodOptional<z.ZodString>;
    evidence: z.ZodType<import("@peac/kernel").JsonValue, unknown, z.core.$ZodTypeInternals<import("@peac/kernel").JsonValue, unknown>>;
}, z.core.$strict>;
/**
 * Validate a subject snapshot (if present)
 *
 * - Returns validated snapshot or null if absent
 * - Throws ZodError for malformed data
 * - Logs advisory warning if id looks like PII (deduplicated)
 */
export declare function validateSubjectSnapshot(snapshot: unknown): z.infer<typeof SubjectProfileSnapshotSchema> | null;
/**
 * Result type for evidence validation
 */
export type EvidenceValidationResult = {
    ok: true;
    value: unknown;
} | {
    ok: false;
    error: PEACError;
};
/**
 * Validate payment evidence for JSON safety
 *
 * Uses iterative validation (no recursion) to prevent stack overflow on
 * deeply nested structures. Enforces limits on depth, array length,
 * object keys, and string length.
 *
 * @param evidence - Evidence value to validate
 * @param limits - Optional limits (internal, not part of public API)
 * @returns Result indicating success with validated value, or failure with PEACError
 *
 * @example
 * ```ts
 * const result = validateEvidence({ txId: '123', amount: 100 });
 * if (!result.ok) {
 *   console.error(result.error.code, result.error.remediation);
 * }
 * ```
 */
export declare function validateEvidence(evidence: unknown, limits?: JsonEvidenceLimits): EvidenceValidationResult;
//# sourceMappingURL=validators.d.ts.map