import type { ActionIntent, PolicyDecision, PolicyReceipt } from '../types/policy.js'; import type { Delegation } from '../types/passport.js'; import type { ExecutionEnvelope, EnvelopeVerification, EvaluationMethod, RevocationStatus } from '../types/execution-envelope.js'; /** * Create a cross-engine signed execution envelope from APS primitives. * * Maps our 3-signature chain to the standardized envelope format: * - ActionIntent → action_id, agent_did * - PolicyDecision → decision block * - PolicyReceipt → attestation block * - Delegation → capability_ref block */ export declare function createExecutionEnvelope(opts: { intent: ActionIntent; decision: PolicyDecision; receipt: PolicyReceipt; delegation: Delegation; /** Task/run context ID */ runId: string; /** Agent's DID (e.g., did:aps:publickey) */ agentDid: string; /** Evaluator's DID */ evaluatorDid: string; /** Whether the delegation chain is currently active */ revocationStatus: RevocationStatus; /** Delegation chain depth */ chainDepth: number; /** Evaluation method for this decision */ evaluationMethod: EvaluationMethod; /** Signer's private key (for envelope signature) */ signerPrivateKey: string; /** Signer's public key */ signerPublicKey: string; }): ExecutionEnvelope; /** * Verify a cross-engine signed execution envelope. * Any engine can call this — no APS-specific knowledge needed. * * Checks: * 1. Envelope signature (Ed25519 over canonical body) * 2. Capability not revoked * 3. Decision freshness (optional time window) * 4. Evaluator signature present */ export declare function verifyExecutionEnvelope(envelope: ExecutionEnvelope, opts?: { /** Maximum age of the decision in milliseconds */ maxDecisionAgeMs?: number; /** Evaluator's public key (to verify evaluator signature) */ evaluatorPublicKey?: string; }): EnvelopeVerification; /** * Create a minimal envelope from non-APS sources. * For engines that don't have the full 3-signature chain, * this accepts raw fields directly. */ export declare function createMinimalEnvelope(opts: { agentDid: string; runId: string; actionId: string; scope: string[]; revocationStatus: RevocationStatus; decisionHash: string; policyRef: string; evaluationMethod: EvaluationMethod; verdict: 'permit' | 'deny' | 'narrow' | 'audit'; evaluatedAt: string; evaluatorDid: string; evaluatorSignature: string; receiptHash: string; signerPrivateKey: string; signerPublicKey: string; }): ExecutionEnvelope; //# sourceMappingURL=execution-envelope.d.ts.map