import type { SignedPassport, KeyPair } from '../types/passport.js'; export interface ImportEvidence { source: 'api_key_hash' | 'github_org' | 'ci_signing_key' | 'oauth_token' | 'custom'; provider?: string; identifier_hash: string; verified: boolean; verified_at?: string; assurance_input: 'low' | 'medium' | 'high'; metadata?: Record; } export interface BootstrapResult { passport: SignedPassport; keyPair: KeyPair; importEvidence: ImportEvidence; warnings: string[]; suggestedGrade: number; } /** * Bootstrap from an API key hash. * Caller pre-hashes: HMAC-SHA256(apiKey, provider). SDK NEVER sees raw key. * Fresh Ed25519 keypair generated. Grade suggestion: 0 (no cryptographic proof). */ export declare function bootstrapFromAPIKey(options: { identifierHash: string; provider?: string; name?: string; owner?: string; }): BootstrapResult; /** * Bootstrap from GitHub identity. * If githubToken provided: calls GitHub API to verify org membership. * If not: verified=false, assurance='low', warning emitted. * Grade suggestion: 1 if verified, 0 if unverified. */ export declare function bootstrapFromGitHub(options: { username: string; org: string; githubToken?: string; }): Promise; /** * Bootstrap from CI signing key. * CI public key becomes provider attestation evidence. * Fresh APS keypair generated separately. * Grade suggestion: 2 if key provided. */ export declare function bootstrapFromCIKey(options: { publicKeyHex: string; provider: string; workflowId?: string; repoUrl?: string; }): BootstrapResult; /** * Upgrade a bootstrapped passport to full attested identity. * Links the old bootstrapped identity to the new attested one. * Preserves history: old agent_id in metadata. */ export declare function upgradeBootstrappedPassport(options: { existingPassport: SignedPassport; existingKeyPair: KeyPair; newAttestation: object; }): { upgradedPassport: SignedPassport; previousAgentId: string; }; //# sourceMappingURL=trust-adapters.d.ts.map