/** * Entity Verification v1.0 — pure primitives * * Adopted from WG conformance testing (OATR #2). Behaviors: * 1. Fail-closed: if DID resolution fails, proof MUST NOT be created * with unbound identity * 2. Explicit did_resolution_status: 'live' | 'cached' | 'failed' on * every result * * The DID resolution cache (cacheDIDResolution / getCachedDIDResolution / * clearDIDCache) MOVED to @aeoess/gateway src/sdk-migrated/core/did-cache.ts * on 2026-04-17. Caching is gateway product policy — TTL choice and * cross-tenant isolation are operational concerns, not protocol primitives. * * verifyEntityChain in this module is pure: it does live DID resolution * only. To get the cache-with-staleness behavior described in the original * WG paper, callers wrap this function with the gateway's CachedEntityResolver * (or any caller-supplied cache). */ import type { DIDResolutionCacheEntry, PublicProofSurface, EntityVerificationResult } from '../types/did.js'; /** Compute sender_id per QSP-1 §4: Trunc16(SHA-256(pubkey)) */ export declare function computeSenderId(publicKeyHex: string): string; export declare function cacheDIDResolution(_did: string, _publicKey: string, _ttlMs?: number): DIDResolutionCacheEntry; export declare function getCachedDIDResolution(_did: string): DIDResolutionCacheEntry | null; export declare function clearDIDCache(): void; /** * Verify the full entity chain: DID → public key → entity → status. * * Pure primitive — performs live DID resolution every call. To cache, * wrap this function or supply a memoized entityLookup function. * * @param did - Agent's DID (did:aps:... or did:key:...) * @param entityLookup - Function that fetches entity from Corpo API or equivalent * @param opts.entityId - Entity identifier to look up */ export declare function verifyEntityChain(did: string, entityLookup: (entityId: string) => Promise, opts: { entityId: string; /** Accepted for backward compatibility; ignored — caching is gateway concern. */ allowCached?: boolean; /** Accepted for backward compatibility; ignored — caching is gateway concern. */ cacheTtlMs?: number; }): Promise; //# sourceMappingURL=entity-verification.d.ts.map