/** How the foreign entity's governance posture is classified. * Determines the baseline sandbox restrictions. */ export type ForeignProvenanceClass = 'unknown' | 'partially_governed' | 'legacy_api' | 'human_operated'; /** Trust level earned through interaction history. * Monotonically upgradeable via receipts; demotable on dispute. */ export type ForeignTrustClass = 'untrusted' | 'probationary' | 'attested' | 'vouched'; /** Operational constraints applied to foreign entities. * All foreign interactions are sandboxed — the gateway enforces these limits. */ export interface ForeignSandboxPolicy { /** Maximum spend per single action */ maxSpendPerAction: number; /** Whether a witness must attest all foreign interactions (true for v1) */ requireWitness: boolean; /** Whether escrow is required for all foreign transactions */ requireEscrow: boolean; /** Whether data can leave the gateway to the foreign entity */ dataEgressAllowed: boolean; /** Maximum concurrent actions this foreign entity can have in-flight */ maxConcurrentActions: number; } /** Rules for automatically promoting or demoting foreign trust. * Trust is not static — it changes based on interaction history. */ export interface ForeignReclassificationRules { /** Number of successful receipts needed to auto-promote trust class */ autoPromoteAfterReceipts?: number; /** Automatically demote trust class on any dispute */ autoDemoteOnDispute: boolean; /** Seconds between mandatory reviews of this foreign entity */ reviewIntervalSeconds: number; } /** Gateway-issued envelope wrapping a non-APS entity for interaction. * Every foreign interaction goes through this envelope — no raw foreign access. */ export interface ForeignCounterpartyEnvelope { /** Unique envelope identifier */ envelopeId: string; /** APS-internal alias for this foreign entity */ localAlias: string; /** How the entity's governance posture is classified */ provenanceClass: ForeignProvenanceClass; /** Trust level earned through interaction history */ trustClass: ForeignTrustClass; /** Operations this foreign entity is allowed to perform */ admissibleOperations: string[]; /** Sandbox constraints enforced by the gateway */ sandboxPolicy: ForeignSandboxPolicy; /** ISO datetime — when this envelope was issued */ issuedAt: string; /** ISO datetime — MUST expire. No permanent foreign trust. */ expiresAt: string; /** ISO datetime — last review of this envelope */ reviewedAt?: string; /** Rules for automatic trust promotion/demotion */ reclassificationRules: ForeignReclassificationRules; /** APS agent public key that vouches for this entity */ vouchedBy?: string; /** ISO datetime — when the vouch expires */ vouchExpiresAt?: string; /** Gateway that issued this envelope */ gatewayId: string; /** Gateway signature over the envelope */ gatewaySignature: string; } //# sourceMappingURL=foreign.d.ts.map