export type PassportGrade = 0 | 1 | 2 | 3; export declare const PASSPORT_GRADE_LABELS: Record; export type EvidenceQuality = 'none' | 'issuer_vouched' | 'infrastructure' | 'principal_bound'; export type AttestationProvenance = 'observed' | 'infrastructure_attested' | 'provider_attested' | 'self_declared'; export type SignalStability = 'ephemeral' | 'session' | 'runtime' | 'account' | 'long_lived'; export type VerificationStatus = 'verified' | 'observed' | 'declared' | 'failed'; export interface AttestedSignal { key: string; valueHash: string; provenance: AttestationProvenance; verificationStatus: VerificationStatus; stability: SignalStability; attester?: string; observedAt: string; expiresAt?: string; evidenceRef?: string; } export interface ObservedContext { clientFingerprintHash?: string; ipHash?: string; dailyIpHash?: string; asnHash?: string; tlsJa3Hash?: string; connectionTimingMs?: number; issuanceVelocity?: number; transportType?: string; connectionId?: string; requestPayloadFingerprint?: string; mcpClientId?: string; mcpCapabilitiesHash?: string; userAgentHash?: string; observedAt: string; } export interface RuntimeAttestation { attester: string; nonce: string; publicKeyHash: string; runtimeClass?: string; bootEpoch?: string; runtimeInstanceIdHash?: string; storageIdentityHash?: string; processIdentityHash?: string; networkClass?: string; workspaceManifestHash?: string; issuedAt: string; expiresAt: string; signature: string; /** Typed staleness metadata (A2A#1712). Snapshot (TPM) vs rotating (SPIFFE) vs static. */ freshness?: import('./passport.js').AttestationFreshness; } export interface ProviderAttestation { provider: string; subjectClass: string; subjectIdHash: string; nonce?: string; publicKeyHash?: string; verificationMethod?: string; issuedAt: string; expiresAt?: string; signature?: string; /** Typed staleness metadata (A2A#1712). */ freshness?: import('./passport.js').AttestationFreshness; } export interface IssuanceEvidenceRecord { requestId: string; requestedAt: string; observed: ObservedContext; runtimeAttestations: RuntimeAttestation[]; providerAttestations: ProviderAttestation[]; selfDeclaredSignals: AttestedSignal[]; priorPassportRef?: string; priorContinuityProof?: string; } export interface IssuanceAssessment { passportGrade: PassportGrade; attestationBundleHash: string; flags: AttestationFlag[]; verificationResults: SignalVerificationResult[]; derivedSignals?: DerivedSignal[]; gradeHistory?: GradeChange[]; assessedAt: string; } export interface DerivedSignal { key: string; value: string; derivedFrom: string[]; computedAt: string; } export interface SignalVerificationResult { signalKey: string; status: VerificationStatus; detail?: string; verifiedAt: string; } export interface GradeChange { from: PassportGrade; to: PassportGrade; reason: string; changedAt: string; } export type AttestationFlag = 'issuer_bound' | 'runtime_bound' | 'provider_bound' | 'principal_bound' | 'recovery_linked' | 'continuity_proven'; export interface IssuanceContext { evidence: IssuanceEvidenceRecord; assessment: IssuanceAssessment; } export interface PassportAttestationSummary { passportGrade: PassportGrade; attestationBundleHash?: string; flags: AttestationFlag[]; } export interface IssuanceChallenge { challengeId: string; nonce: string; requiredPublicKeyHash: string; requestedAttestationClasses: AttestationClass[]; expiresAt: string; issuedAt: string; } export type AttestationClass = 'runtime' | 'provider' | 'principal' | 'workspace'; export interface IssuanceChallengeResponse { challengeId: string; runtimeAttestations?: RuntimeAttestation[]; providerAttestations?: ProviderAttestation[]; selfDeclaredSignals?: AttestedSignal[]; priorPassportRef?: string; priorContinuityProof?: string; workspaceManifestHash?: string; } export interface WorkspaceManifest { entries: WorkspaceManifestEntry[]; totalFiles: number; totalSizeBytes: number; computedAt: string; manifestHash: string; } export interface WorkspaceManifestEntry { pathHash: string; sizeBytes: number; lastModifiedBucket: string; } export interface WorkspaceCheckpoint { manifestHash: string; observedAt: string; totalFiles: number; totalSizeBytes: number; signature: string; attester: string; priorCheckpointHash?: string; } export interface RecoveryRequest { environmentSignals: Partial; workspaceManifestHash?: string; runtimeClass?: string; priorKeySignature?: string; recoveryKeySignature?: string; principalAuthorization?: string; } export interface RecoveryResult { matched: boolean; matchedPassportId?: string; confidenceSignals: string[]; recoveryAuthorized: boolean; authorizationMethod?: 'prior_key' | 'recovery_key' | 'principal'; } /** Input conditions for a behavioral evaluation. Immutable after creation. */ export interface EvaluationContext { measurementType?: 'protocol_enforcement' | 'behavioral_fidelity' | 'hybrid'; substrate: string; responseFormatSchema: string; normalizationMethod: string; evaluationProtocolVersion: string; sampleSize: number; evaluatedAt: string; } /** Output of a behavioral evaluation. References context by hash. */ export interface BehavioralAttestationResult { evaluationContextHash: string; dimensionScores: Record; aggregateScore: number; classification: 'hold' | 'bend' | 'break'; confidence: number; formatArtifactCorrected: boolean; dimensionalInversionDetected: boolean; } //# sourceMappingURL=attestation.d.ts.map