import type { AgentPassport, SignedPassport, KeyPair, CreatePassportOptions } from '../types/passport.js'; export declare function createPassport(options: CreatePassportOptions): { signedPassport: SignedPassport; keyPair: KeyPair; }; export declare function signPassport(passport: AgentPassport, privateKey: string): SignedPassport; export declare function updatePassport(passport: AgentPassport, updates: Partial, privateKey: string): SignedPassport; export declare function isExpired(passport: AgentPassport): boolean; /** * Check full validity window for persistent passports. * Returns true if: notBefore <= now <= expiresAt * For session passports (no notBefore), checks only expiry. */ export declare function isPassportValid(passport: AgentPassport): { valid: boolean; reason?: string; }; /** * Countersign a passport with the issuer's private key. * This is the Certificate Authority operation — proves AEOESS issued this passport. * The issuer signature covers the entire SignedPassport (passport + agent signature + signedAt). */ export declare function countersignPassport(signedPassport: SignedPassport, issuerPrivateKey: string, issuerId?: string): SignedPassport; /** * Verify an issuer countersignature on a passport. * Returns true if the passport was issued by the authority holding issuerPublicKey. */ export declare function verifyIssuerSignature(signedPassport: SignedPassport, issuerPublicKey: string): boolean; /** * Quick presence check: does this passport have an issuer countersignature attached? * NOTE: This does NOT verify the signature cryptographically. * Use verifyIssuerSignature(passport, issuerPublicKey) for real verification. * @deprecated Use verifyIssuerSignature() for security-critical checks. */ export declare function isIssuerVerified(signedPassport: SignedPassport): boolean; /** Alias: presence check for issuer signature (not cryptographic verification) */ export declare const isIssuerSigned: typeof isIssuerVerified; //# sourceMappingURL=passport.d.ts.map