/**
 * Wire 0.2 Shared Validator Schemas
 *
 * Protocol-grade Zod validators for common field patterns reused across
 * multiple extension groups. Consolidated to prevent drift, improve interop,
 * and keep Layer 1 clean.
 *
 * All validators are pure Zod schemas with zero I/O.
 *
 * @see HASH.pattern from @peac/kernel for SHA-256 digest grammar
 * @see PolicyBlockSchema.uri for HTTPS URI hint pattern origin
 */
import { z } from 'zod';
/**
 * Validates a SHA-256 digest string in the canonical PEAC format.
 *
 * Format: `sha256:<64 lowercase hex chars>`
 * Max length: 71 chars ("sha256:" = 7 chars + 64 hex chars = 71 total)
 *
 * Reuses `HASH.pattern` from `@peac/kernel` (same regex used in
 * `PolicyBlockSchema.digest` and `ReceiptRefSchema`).
 *
 * INTEROPERABILITY NOTE: This is a PEAC-internal self-describing digest
 * string grammar. It is NOT the same as:
 *   - RFC 9530 `Content-Digest` / `Repr-Digest`, which use structured
 *     HTTP fields with base64 encoding (e.g., `sha-256=:base64:`)
 *   - RFC 9421 HTTP Message Signatures digest components
 * PEAC digest strings are used within JWS payloads and extension fields,
 * not as HTTP headers. When bridging to HTTP digest headers, adapters
 * (Layer 4+) must convert between formats.
 */
export declare const Sha256DigestSchema: z.ZodString;
/**
 * Validates an HTTPS URI hint field.
 *
 * Security hardening beyond basic URL validation:
 * - MUST be https:// scheme (rejects http, ftp, data, javascript, file)
 * - MUST NOT contain embedded credentials (userinfo@)
 * - MUST NOT contain fragment identifiers (#)
 * - MUST NOT contain ASCII control characters (U+0000-U+001F, U+007F)
 * - Max 2048 chars (aligned with POLICY_BLOCK.uriMaxLength)
 *
 * These are locator hints only: callers MUST NOT auto-fetch.
 *
 * NORMATIVE: Localhost and private-network hosts (e.g., 10.x, 192.168.x,
 * localhost) are intentionally accepted at Layer 1 (schema). URI hints
 * are metadata, not fetch targets; restricting to public hosts would
 * break enterprise/internal deployments without improving security at
 * this layer. SSRF prevention is enforced by the non-fetch invariant
 *, not by host filtering in schema validation.
 *
 * Test suite covers: IDN/punycode, IPv6 literals, localhost-style
 * hosts, percent-encoded confusion, and parser ambiguity cases.
 */
export declare const HttpsUriHintSchema: z.ZodString;
/**
 * ISO 8601 duration component descriptor.
 */
interface DurationComponents {
    years: number;
    months: number;
    weeks: number;
    days: number;
    hours: number;
    minutes: number;
    seconds: number;
}
/**
 * Parse an ISO 8601 duration string into components.
 *
 * Enforces:
 * - No duplicate designators (P1Y2Y rejected)
 * - Canonical component ordering (P1D1Y rejected; must be P1Y1D)
 * - Weeks cannot be combined with other date components (ISO 8601)
 * - At least one component must be present (bare P rejected)
 * - At least one time component after T (bare PT rejected)
 * - Zero-value durations are accepted (P0D, PT0S are valid ISO 8601)
 *
 * Zero durations: P0D and PT0S are valid per ISO 8601. The spec says
 * "a zero duration" is representable. Consumers decide if a zero
 * duration is semantically meaningful for their use case.
 *
 * @param value - String to parse
 * @returns Parsed components, or null if invalid
 */
export declare function parseIso8601Duration(value: string): DurationComponents | null;
/**
 * Validates an ISO 8601 duration string.
 *
 * Parser-grade strict validation:
 * - Rejects bare P, bare PT
 * - Rejects duplicate designators (P1Y2Y)
 * - Enforces canonical component ordering (P1D1Y rejected)
 * - Rejects mixed weeks and other date components
 * - Accepts zero-value durations (P0D, PT0S are valid ISO 8601)
 * - Only non-negative integer components (no decimals, no negatives)
 *
 * Examples:
 *   Valid: "P30D", "P1Y", "P1Y6M", "PT1H30M", "P1W", "P0D", "PT0S"
 *   Invalid: "P", "PT", "30D", "", "P1D1Y", "P1Y2Y", "P1WD3", "P-1D"
 */
export declare const Iso8601DurationSchema: z.ZodString;
/**
 * Validates a structurally valid ISO 8601 date string (YYYY-MM-DD).
 *
 * Structural validation only: checks 4-digit year, 2-digit month 01-12,
 * 2-digit day 01-31. Does NOT validate calendar correctness (e.g.,
 * Feb 30 or Jun 31 would pass structural check). Calendar validation
 * is left to the application layer since this is an evidence record,
 * not a scheduling system.
 *
 * Named "StructuralDate" to avoid implying full calendar validation.
 */
export declare const Iso8601DateStringSchema: z.ZodString;
/**
 * @deprecated Use Iso8601DateStringSchema. Alias preserved for backward compat.
 */
export declare const Iso8601DateSchema: z.ZodString;
/**
 * Validates an ISO 8601 datetime string with timezone offset.
 *
 * Uses Zod 4 top-level `z.iso.datetime({ offset: true })` (preferred
 * over the deprecated method-style `z.string().datetime()`).
 *
 * This is NOT strictly RFC 3339: it accepts minute-precision timestamps
 * (e.g., `2026-03-14T12:00+05:30` without seconds), which ISO 8601
 * allows but RFC 3339 does not. Use Rfc3339DateTimeSchema for strict
 * RFC 3339 compliance.
 *
 * Consistent with Wire 0.2 `occurred_at` field validation semantics.
 */
export declare const Iso8601OffsetDateTimeSchema: z.ZodISODateTime;
/**
 * Validates a datetime string against a practical strict RFC 3339 profile.
 *
 * Enforces the key RFC 3339 Section 5.6 constraints:
 * - Timezone offset always present (Z or +/-HH:MM)
 * - Seconds always present (minute-only timestamps rejected)
 * - Fractional seconds optional (after the seconds component)
 * - No local timestamps
 *
 * This is a practical strict profile, not a proven ABNF implementation.
 * It uses `z.iso.datetime({ offset: true })` as the base (which handles
 * most RFC 3339 grammar) plus a seconds-presence refine. Edge cases
 * like leap seconds or two-digit year forms are not explicitly tested.
 *
 * @see https://www.rfc-editor.org/rfc/rfc3339#section-5.6
 */
export declare const Rfc3339DateTimeSchema: z.ZodISODateTime;
/**
 * @deprecated Use Iso8601OffsetDateTimeSchema or Rfc3339DateTimeSchema.
 * This alias points to Iso8601OffsetDateTimeSchema (which accepts
 * minute-precision and is therefore NOT strictly RFC 3339). Preserved
 * for backward compatibility only. Remove-not-before: v0.13.0.
 */
export declare const Rfc3339TimestampSchema: z.ZodISODateTime;
/**
 * SPDX License Expression validator: documented structural subset.
 *
 * This is a structural subset validator for v0.12.2, NOT full SPDX 3.0.1
 * support. It validates expression grammar without checking license IDs
 * against the SPDX license list.
 *
 * Supported subset:
 *   - Simple license IDs: MIT, Apache-2.0, GPL-3.0-only
 *   - LicenseRef custom references: LicenseRef-custom
 *   - Or-later suffix: GPL-2.0+
 *   - Compound expressions: MIT AND Apache-2.0, MIT OR GPL-2.0-only
 *   - Exception clauses: Apache-2.0 WITH Classpath-exception-2.0
 *   - Parenthesized sub-expressions: (MIT OR Apache-2.0) AND GPL-3.0-only
 *
 * NOT supported (deferred to attribution extension PR, v0.12.2 PR 4):
 *   - DocumentRef-*: prefixes (rare in practice; not seen in npm/PyPI/crates.io)
 *
 * @see https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/
 */
declare function isValidSpdxSubsetExpression(expr: string): boolean;
/**
 * Validates an SPDX license expression (documented structural subset).
 *
 * Uses a recursive-descent parser for the supported grammar subset.
 * Does NOT validate against the SPDX license list (structure only).
 * Does NOT support DocumentRef-* prefixes (deferred).
 *
 * @see isValidSpdxSubsetExpression for the supported grammar
 */
export declare const SpdxExpressionSchema: z.ZodString;
/** @internal Exported for testing only */
export { parseIso8601Duration as _parseIso8601Duration };
/** @internal Exported for testing only */
export { isValidSpdxSubsetExpression as _isValidSpdxExpression };
//# sourceMappingURL=shared-validators.d.ts.map