import type { TransformClass, LineageConfidence, DerivationReceipt, ParentArtifact, PostRevocationObligation, RevocationObligation, DecisionLineageReceipt, ContributingSource, RetentionPolicy, TermsVersionPin } from '../types/data-lifecycle.js'; /** * Artifact type → default post-revocation obligation. * Different artifact types have different erasure physics. */ export declare const DEFAULT_OBLIGATIONS: Record; /** * Create an extended derivation receipt with lineage metadata. * Tracks multi-hop derivation with transform class, confidence, * and explicit break markers when provenance crosses boundaries. */ export declare function createDerivationReceipt(opts: { derivativeId: string; derivativeType: string; parentArtifacts: ParentArtifact[]; transformClass: TransformClass; lineageConfidence: LineageConfidence; externalBoundaryBreak?: boolean; breakReason?: string; upstreamObligationsRetained?: boolean; retainedObligationIds?: string[]; isSyntheticDerivative?: boolean; agentId: string; delegationId?: string; privateKey: string; }): DerivationReceipt; /** * Resolve extended lineage from a derivative back through all parents. * Unbounded depth with cycle detection. * Returns the full chain with confidence at each hop. */ export declare function resolveExtendedLineage(derivativeId: string, receiptStore: Map, maxDepth?: number): { chain: DerivationReceipt[]; confidence: LineageConfidence; hasBreaks: boolean; depth: number; }; /** * Evaluate revocation impact across all derivation chains from a source. * Produces a RevocationObligation listing every affected artifact * and its specific obligation based on artifact type. */ export declare function evaluateRevocationImpact(opts: { sourceId: string; receiptStore: Map; privateKey: string; }): RevocationObligation; /** * Create a decision lineage receipt — the bridge between * Module 37 (decision artifacts) and data modules (38-42). * Answers: "what data influenced this decision?" */ export declare function createDecisionLineageReceipt(opts: { decisionArtifactId: string; decisionType: string; contributingSources: ContributingSource[]; lineageCompleteness: LineageConfidence; externalHopsPresent?: boolean; transformChain?: TransformClass[]; governingPurpose?: string; jurisdictionContext?: string; explanation?: string; privateKey: string; }): DecisionLineageReceipt; /** * Check if a requested purpose is permitted under allowed purposes. * Supports wildcard matching: 'research:*' permits 'research:academic'. * Supports exact matching: 'research:academic' only permits that exact purpose. */ export declare function isPurposePermitted(requested: string, allowed: string[]): boolean; /** * Extract the purpose category from a hierarchical purpose string. * e.g. 'research:academic' → 'research' */ export declare function purposeCategory(purpose: string): string; /** * Pin terms at the moment of access. * Settlement should always use the pinned version, not current terms. */ export declare function pinTermsAtAccess(opts: { termsVersion: string; compensationRate: number; currency: string; allowedPurposes: string[]; retentionPolicy?: RetentionPolicy; }): TermsVersionPin; /** * Check if retained data has expired its TTL. */ export declare function isRetentionExpired(accessTimestamp: string, retentionPolicy: RetentionPolicy, accessType?: 'ephemeral' | 'persistent'): boolean; /** * Verify a derivation receipt signature. */ export declare function verifyDerivationReceipt(receipt: DerivationReceipt, publicKey: string): boolean; /** * Verify a decision lineage receipt signature. */ export declare function verifyDecisionLineageReceipt(receipt: DecisionLineageReceipt, publicKey: string): boolean; import type { AggregateConstraint, AggregateAccessLog, JurisdictionEnvelope, TaintRecord, DisputeRecord, CombinationConstraint, AccessSnapshot } from '../types/data-lifecycle.js'; /** * Check if an access would violate aggregate constraints. * Uses a rolling window log per source+agent pair. */ export declare function checkAggregateConstraints(constraint: AggregateConstraint, log: AggregateAccessLog, now?: number): { permitted: boolean; reason?: string; }; /** * Check if a data transfer is permitted under jurisdiction constraints. * The protocol carries context, not legal logic. */ export declare function isTransferPermitted(envelope: JurisdictionEnvelope, targetJurisdiction: string, purpose: string): { permitted: boolean; reason?: string; }; /** * Compute the governance taint level for an artifact based on its * derivation chain and source restrictions. */ export declare function computeGovernanceTaint(artifactId: string, receiptStore: Map, revokedSources?: Set): TaintRecord; /** * File a dispute against a data artifact. * The protocol records the dispute — resolution is external. */ export declare function fileDispute(opts: { artifactId: string; disputeType: DisputeRecord['disputeType']; filedBy: string; evidence: string[]; privateKey: string; }): DisputeRecord; /** * Check if combining data from two sources is permitted. * Prevents prohibited inferences (e.g. health + geolocation). */ export declare function checkCombinationPermitted(sourceConstraints: CombinationConstraint[], otherSourceId: string, otherSourceClasses?: string[]): { permitted: boolean; violations: string[]; }; /** * Create an immutable access snapshot — freezes the exact terms, * jurisdiction, and constraints at the moment of access. * Prevents retroactive term changes from holding downstream models hostage. */ export declare function createAccessSnapshot(opts: { accessReceiptId: string; sourceId: string; pinnedTerms: TermsVersionPin; jurisdiction?: JurisdictionEnvelope; combinationConstraints?: CombinationConstraint[]; privateKey: string; }): AccessSnapshot; /** * Verify an access snapshot signature. */ export declare function verifyAccessSnapshot(snapshot: AccessSnapshot, publicKey: string): boolean; import type { RightsPropagation, RightsPropagationRule, PurposeDriftCheck, ReidentificationRisk, ReidentificationDeclaration } from '../types/data-lifecycle.js'; /** Default rights propagation rules by transform class */ export declare const DEFAULT_RIGHTS_PROPAGATION: Record; /** * Resolve rights propagation for a derivation. * Uses source rules if provided, falls back to defaults by transform class. */ export declare function resolveRightsPropagation(transformClass: string, sourceRule?: RightsPropagationRule): RightsPropagation; /** * Detect purpose drift through a derivation chain. * Compares original access purpose to current usage purpose. * Same category = minor drift. Cross-category = major. Not permitted = violation. */ export declare function detectPurposeDrift(opts: { originalPurpose: string; currentPurpose: string; intermediateSteps?: string[]; allowedPurposes: string[]; }): PurposeDriftCheck; /** * Create a re-identification risk declaration for a derivation. * Attached to synthetic or transformed data to declare * whether source identity might be recoverable. */ export declare function declareReidentificationRisk(opts: { risk: ReidentificationRisk; assessmentMethod?: string; mitigationsApplied?: string[]; assessedBy: string; }): ReidentificationDeclaration; //# sourceMappingURL=data-lifecycle.d.ts.map