/** * NVIDIA OpenShell Adapter * * Maps APS delegation scopes to OpenShell sandbox policy YAML. * An agent's delegation chain determines what the sandbox can access. * * Usage: * const policy = delegationToPolicy(delegation, basePolicy) * // Write policy to YAML, pass to: openshell sandbox create --policy ./policy.yaml */ import type { Delegation } from '../types/passport.js'; export interface OpenShellPolicy { version: 1; identity_policy?: { agent_public_key: string; issuer_public_key?: string; delegation_chain_depth: number; }; filesystem_policy?: { read_only: string[]; read_write: string[]; }; network_policies?: Record; process?: { run_as_user: string; run_as_group: string; }; } export interface NetworkPolicyEntry { name: string; endpoints: Array<{ host: string; port: number; protocol?: string; }>; binaries?: Array<{ path: string; }>; } export interface ScopeMapping { scope: string; filesystemRead?: string[]; filesystemWrite?: string[]; networkAllow?: Array<{ host: string; port: number; }>; inferenceLocal?: boolean; } /** * Extract effective scopes from a delegation, applying monotonic narrowing. */ export declare function extractEffectiveScopes(delegation: Delegation): string[]; /** * Map APS delegation scopes to OpenShell policy sections. * The output policy is the intersection of the delegation scope and the base policy. */ export declare function delegationToPolicy(delegation: Delegation, agentPublicKey: string, issuerPublicKey?: string, customMappings?: Record>): OpenShellPolicy; /** * Serialize an OpenShell policy to YAML string. * Minimal YAML serializer — no external deps. */ export declare function policyToYaml(policy: OpenShellPolicy): string; //# sourceMappingURL=openshell.d.ts.map