export interface TaintLabel { /** Principal who authorized access */ principalId: string; /** Delegation chain that produced this data */ chainId: string; /** Specific delegation ID */ delegationId: string; /** What usage constraints came with this data */ usage: TaintUsage; /** When the taint was applied */ taintedAt: string; /** For derived/multi-principal data: all contributing principal IDs. * Enables per-principal permit matching on derived SAOs. */ sourcePrincipals?: string[]; } /** What the data owner permits */ export type TaintUsage = 'unrestricted' | 'same-context-only' | 'export-with-permit' | 'read-only'; export interface TaintSet { /** All taint labels from all data sources */ labels: TaintLabel[]; /** Unique principal IDs in this set */ principals: string[]; /** Whether this set contains labels from multiple principals */ isCrossChain: boolean; } export interface SignedAuthorityObject { saoId: string; /** The actual data payload */ data: unknown; /** Origin taint — who authorized access and under what chain */ taint: TaintLabel; /** Hash of the data for integrity verification */ dataHash: string; /** Gateway/monitor signature over (dataHash + taint) */ monitorSignature: string; /** Public key of the signing monitor */ monitorPublicKey: string; /** When the SAO was created */ createdAt: string; /** When the SAO expires (data should not be used after this) */ expiresAt: string; } export interface CrossChainPermit { permitId: string; /** Principal A authorizes their data to flow... */ sourceContext: { principalId: string; principalPublicKey: string; /** Which data classes may flow (e.g., 'calendar', 'email', '*') */ dataClasses: string[]; }; /** ...into actions governed by Principal B */ destinationContext: { principalId: string; principalPublicKey: string; /** Which action scopes may receive the data */ allowedScopes: string[]; }; /** What purpose justifies the cross-chain flow */ purpose: string; /** Destination restrictions (e.g., specific recipients, domains) */ destinationConstraints?: string[]; /** When this permit was created */ createdAt: string; /** When this permit expires */ expiresAt: string; /** Whether this permit has been revoked */ revoked: boolean; /** Source principal's signature (over everything above) */ sourceSignature: string; /** Destination principal's signature (over everything above) */ destinationSignature: string; } export interface ExecutionFrame { frameId: string; agentId: string; /** All delegation contexts accessed during this frame */ accessedContexts: TaintLabel[]; /** Accumulated taint set (union of all accessed) */ frameTaint: TaintSet; /** When the frame started */ startedAt: string; /** Whether frame is still active */ active: boolean; /** Hash of the latest step — cryptographic proof of execution order */ chainHead?: string; /** Step counter — monotonic, proves no gaps */ stepCount: number; /** Frame epoch number — monotonically increases on rotation */ epoch: number; /** TTL in minutes — frame expires after this duration (0 = no expiry) */ ttlMinutes: number; /** If this frame was sealed by rotation, the sealed timestamp */ sealedAt?: string; /** Previous frame's chainHead — links epochs into a super-chain */ previousFrameChainHead?: string; /** Principal IDs from previous epochs — survives rotation for cross-chain enforcement. * Prevents the "clean window" attack where rotation clears taint. */ residuePrincipals: string[]; } /** A causally-ordered execution step with hash chain linkage */ export interface ExecutionStep { /** Step number in this frame (0-indexed, monotonic) */ stepIndex: number; /** Hash of the previous step (empty string for step 0) */ previousStepHash: string; /** The taint introduced at this step */ taint: TaintLabel; /** Hash of this step: sha256(previousStepHash + canonical(taint) + stepIndex) */ stepHash: string; /** When this step was recorded */ recordedAt: string; } export type FlowVerdict = 'allowed' | 'blocked' | 'permitted'; export interface FlowCheckResult { /** Was the action allowed? */ verdict: FlowVerdict; /** If blocked: which taint labels caused the block */ blockingLabels?: TaintLabel[]; /** If permitted: which cross-chain permit authorized the flow */ permitId?: string; /** Human-readable explanation */ reason: string; /** The full taint set that was checked */ taintSet: TaintSet; /** Timestamp of the check */ checkedAt: string; } export type TransformationType = 'aggregation' | 'anonymization' | 'hashing' | 'redaction' | 'approved-summary'; export interface TaintTransformation { transformationId: string; /** Original taint labels */ inputTaints: TaintLabel[]; /** What transformation was applied */ type: TransformationType; /** New classification after transformation */ outputClassification: 'declassified' | 'downgraded' | 'unchanged'; /** Who approved this transformation */ approvedBy: string; /** Signature of the approver */ approverSignature: string; /** When the transformation was approved */ approvedAt: string; } export interface ExecutionReceipt { receiptId: string; frameId: string; requestHash: string; tool: string; paramsHash: string; delegationId: string; taintPrincipals: string[]; taintSetHash: string; crossChainDetected: boolean; crossChainAuthorized: boolean; permitId?: string; policyVersion: string; nonce: string; timestamp: string; expiresAt: string; gatewayId: string; gatewaySignature: string; } export interface CrossChainViolation { frameId: string; agentId: string; sourcePrincipalId: string; destinationPrincipalId: string; attemptedTool: string; attemptedScope: string; blockingLabels: TaintLabel[]; timestamp: string; gatewaySignature: string; } //# sourceMappingURL=cross-chain.d.ts.map