import type { SignedPassport } from '../types/passport.js'; import type { DIDDocument } from '../types/did.js'; import type { PrincipalEndorsement } from '../types/principal.js'; import type { ConstraintFailure } from '../types/gateway.js'; export interface GatewayIdentityVerification { /** Agent's DID (derived from public key) */ did: string; /** DID Document (if resolution succeeded) */ didDocument?: DIDDocument; /** Whether DID resolution succeeded */ didResolved: boolean; /** Whether the passport carries a principal endorsement */ hasPrincipalEndorsement: boolean; /** Principal verification result (if endorsement exists) */ principalVerification?: { valid: boolean; principalId?: string; errors: string[]; }; /** Entity verification result (if DID + entity lookup available) */ entityVerification?: { status: 'verified' | 'cached' | 'failed'; entityId?: string; resolvedAt?: string; }; /** Overall identity strength: how much do we know about this agent? */ strength: 'key_only' | 'did_resolved' | 'principal_endorsed' | 'entity_verified'; /** Verification timestamp */ verifiedAt: string; } export interface IdentityVerificationConfig { /** Enable DID resolution during registration. Default: true when identity verification enabled */ resolveDID: boolean; /** Verify principal endorsement chain. Default: true when identity verification enabled */ verifyPrincipal: boolean; /** Verify entity chain (requires entityLookup). Default: false */ verifyEntity: boolean; /** Entity lookup function for entity verification */ entityLookup?: (entityId: string) => Promise<{ did: string; publicKey: string; verifiedAt: string; } | null>; /** Minimum identity strength required for registration. Default: 'key_only' */ minimumStrength: GatewayIdentityVerification['strength']; } export declare const DEFAULT_IDENTITY_CONFIG: IdentityVerificationConfig; export declare function strengthMeetsMinimum(actual: GatewayIdentityVerification['strength'], minimum: GatewayIdentityVerification['strength']): boolean; /** Verify an agent's identity beyond their Ed25519 key. * Called during gateway registration. Returns identity verification * result that gets stored on RegisteredAgent. */ export declare function verifyAgentIdentity(passport: SignedPassport, config: IdentityVerificationConfig): Promise; /** Build an identity constraint failure for the gateway */ export declare function identityStrengthFailure(actual: GatewayIdentityVerification['strength'], required: GatewayIdentityVerification['strength']): ConstraintFailure; /** Synchronous identity verification — DID + principal only, no entity lookup. * This is the fast path used during registerAgent(). Entity verification * can be performed separately via the async verifyAgentIdentity(). */ export declare function verifyAgentIdentitySync(passport: SignedPassport, config: IdentityVerificationConfig, endorsement?: PrincipalEndorsement): GatewayIdentityVerification; //# sourceMappingURL=gateway-identity.d.ts.map