export type AgentPostureStatus = 'active' | 'restricted' | 'suspended'; export interface AttestationFreshness { /** 'snapshot' = point-in-time (TPM), 'rotating' = lifetime-bound (SPIFFE), * 'static' = managed externally (CA certificate) */ type: 'snapshot' | 'rotating' | 'static'; /** ISO 8601 — when the evidence was produced */ validAt: string; /** Evidence lifetime in seconds (required for rotating). */ ttl?: number; /** Recommended staleness window in seconds (for snapshot). */ maxAge?: number; } export interface KeyPair { privateKey: string; publicKey: string; } export interface AgentPassport { version: string; agentId: string; agentName: string; ownerAlias: string; publicKey: string; mission: string; capabilities: string[]; runtime: RuntimeInfo; createdAt: string; expiresAt: string; notBefore?: string; voteWeight: number; reputation: ReputationScore; delegations: Delegation[]; metadata: Record; /** * Wallet binding (v2/wallet-binding): external chain addresses bound to this * passport via Ed25519 binding signatures. Composes with issuer-attested wallet * binding (behavioral) from the insumer-examples ecosystem. Optional for * backward compatibility — passports without this field canonicalize unchanged. */ bound_wallets?: import('../v2/wallet-binding/types.js').BoundWallet[]; } export interface RuntimeInfo { platform: string; models: string[]; toolsCount: number; memoryType: string; } export interface ReputationScore { overall: number; collaborationsCompleted: number; proposalsSubmitted: number; proposalsApproved: number; tokensContributed: number; tasksCompleted: number; /** Accumulated penalty deductions from task_failed and incident events */ penaltyDeductions?: number; lastUpdated: string; } export interface Delegation { delegationId: string; delegatedTo: string; delegatedBy: string; scope: string[]; scopeInterpretation?: 'exact' | 'glob' | 'hierarchical'; expiresAt: string; /** Optional: delegation is not valid before this timestamp (replay mitigation) */ notBefore?: string; spendLimit?: number; /** Spend-at-issue for this signed delegation. It is part of the signed payload and is therefore * IMMUTABLE (always 0 at creation); it is NOT a running total and cannot be incremented without * invalidating the signature. Cumulative spend is tracked off the signed credential, on the * unsigned CommerceDelegation via recordSpend(), or by the gateway per delegationId. */ spentAmount?: number; /** Unit discriminator for spendLimit. Default 'currency' (backward compat). * 'invocations' enables count-based bounds used by consultation primitives * (e.g. bounded-escalation advisors where each consult decrements by 1). */ spendLimitUnit?: 'currency' | 'invocations'; maxDepth: number; currentDepth: number; createdAt: string; /** Hash of the obligation IDs accepted with this delegation (Module 20) */ obligationBundleHash?: string; /** Optional: URL that gateways should poll for revocation status (enables future multi-gateway) */ revocationCheckUrl?: string; /** Observation governance: what behavioral patterns may be derived from telemetry */ derivation_rights?: DerivationRights; /** Observation governance: how continuous observation is managed */ observation_policy?: ObservationPolicy; /** * Verification timing policy (v2/credential-check-policy). Declares WHEN * the credential should be re-verified: at acceptance, at every action * evaluation, or both. Optional — when unset, defaults to 'on-process' * which preserves existing behavior. Proposed by @piiiico on * a2aproject/A2A governance metadata thread. */ credentialCheckPolicy?: import('../v2/credential-check-policy/types.js').CredentialCheckPolicy; signature: string; } export interface DerivationRights { retention_permitted: boolean; retention_ttl?: number; derivation_classes?: string[]; export_permitted: boolean; } export interface ObservationPolicy { continuous_access: boolean; review_interval?: number; revocation_behavior: 'purge' | 'freeze' | 'decay'; } export interface ActionReceipt { receiptId: string; version: string; timestamp: string; agentId: string; delegationId: string; action: { type: string; target: string; method?: string; scopeUsed: string; spend?: { amount: number; currency: string; }; }; result: { status: 'success' | 'failure' | 'partial'; summary: string; }; delegationChain: string[]; signature: string; /** Optional: independent witness signature (notary pattern — witness ≠ executor) */ witnessSignature?: string; /** Optional: hash of previous receipt in chain (for append-only chain verification) */ previousReceiptHash?: string; /** M4. Optional monotonic sequence number within an issuer's receipt stream. * Combined with `previousReceiptHash`, a gap (a missing number, or a broken * hash link) makes a deleted or withheld receipt detectable. Mirrors the * messaging-audit `sequenceNumber` pattern. Optional for back-compat; * receipts without it canonicalize and verify unchanged. */ sequenceNumber?: number; /** If tombstoned (GDPR), payload is redacted but hash chain and signature preserved */ tombstoned?: boolean; tombstoneReason?: string; /** Authorization context: links this receipt to the authorization that permitted execution. * Separate from the receipt itself — the AuthorizationRef is compact; the full * AuthorizationWitness is available for deep forensics via witnessId lookup. */ authorizationRef?: import('./gateway.js').AuthorizationRef; /** Receipt maturation: starts 'maturing', becomes 'finalized' after witness or TTL. * Unwitnessed receipts are economically weaker than finalized ones. */ finality?: import('./finality.js').FinalityState; /** Full witness attestation (if witnessed) */ witnessAttestation?: import('./gateway.js').WitnessAttestation; /** Witness conflict record (if gateway and witness disagree) */ witnessConflict?: import('./gateway.js').WitnessConflict; } export interface RevocationRecord { revocationId: string; delegationId: string; revokedBy: string; revokedAt: string; reason: string; signature: string; } export interface DelegationStatus { valid: boolean; revoked: boolean; expired: boolean; notYetValid: boolean; depthExceeded: boolean; revokedAt?: string; errors: string[]; } export interface CascadeRevocationResult { rootRevocation: RevocationRecord; cascadedRevocations: RevocationRecord[]; totalRevoked: number; chainDepth: number; } export interface DelegationChainValidation { valid: boolean; chainLength: number; links: DelegationChainLink[]; firstFailure?: { index: number; delegationId: string; reason: string; }; } export interface DelegationChainLink { delegationId: string; delegatedBy: string; delegatedTo: string; depth: number; status: DelegationStatus; } export interface RevocationEvent { type: 'direct' | 'cascade' | 'agent_batch'; revocation: RevocationRecord; parentDelegationId?: string; batchAgentId?: string; } export interface IssuerSignature { issuerId: string; issuerPublicKey: string; signature: string; signedAt: string; } export type RotationMode = 'planned' | 'emergency'; export type RotationState = 'announced' | 'revocation_in_progress' | 'revocation_complete' | 'activated'; export interface DIDRotationEntry { previousKey: string; newKey: string; mode: RotationMode; announcedAt: string; activationTime: string; state: RotationState; rotationSignature: string; revokedDelegations?: string[]; completedAt?: string; } export interface RotatableVerificationMethod { id: string; type: 'Ed25519VerificationKey2020'; controller: string; publicKeyMultibase: string; /** Set when key is rotated out. Present = key is historical only. */ retiredAt?: string; } export interface RotatableDIDDocument { '@context': string[]; id: string; controller: string; alsoKnownAs?: string[]; verificationMethod: RotatableVerificationMethod[]; authentication: string[]; assertionMethod: string[]; capabilityDelegation: string[]; keyAgreement?: string[]; capabilityInvocation?: string[]; pendingRotation?: { newKeyId: string; mode: RotationMode; activationTime: string; state: RotationState; rotationSignature: string; }; rotationLog: DIDRotationEntry[]; service?: Array<{ id: string; type: string; serviceEndpoint: unknown; }>; created: string; updated: string; } export interface SignedPassport { passport: AgentPassport; signature: string; signedAt: string; issuerSignature?: IssuerSignature; /** Agent attestation summary (Phase 1 attestation architecture). Optional for backward compatibility. */ attestation?: import('./attestation.js').PassportAttestationSummary; /** DID Document with rotation support. Optional for backward compat. */ didDocument?: RotatableDIDDocument; } export interface VerificationResult { valid: boolean; errors: string[]; warnings: string[]; passport?: AgentPassport; } export interface Challenge { challengeId: string; nonce: string; timestamp: string; expiresAt: string; } export interface ChallengeResponse { challengeId: string; signature: string; publicKey: string; } export interface ReputationEvent { type: 'collaboration_completed' | 'proposal_submitted' | 'proposal_approved' | 'tokens_contributed' | 'task_completed' | 'task_failed' | 'incident'; quality?: number; amount?: number; } export interface CreatePassportOptions { agentId: string; agentName: string; ownerAlias: string; mission: string; capabilities: string[]; runtime: RuntimeInfo; expiresInDays?: number; validityWindow?: { notBefore?: string; notAfter: string; }; delegations?: Delegation[]; metadata?: Record; beneficiary?: BeneficiaryInfo; valuesFloor?: FloorReference; } export type EnforcementMode = 'inline' | 'audit' | 'warn'; export declare const ENFORCEMENT_ESCALATION_ORDER: Record; export interface FloorPrinciple { id: string; name: string; principle: string; enforcement: { mode: EnforcementMode; technical?: boolean; mechanism: string; protocolRef?: string; }; weight: 'mandatory' | 'strong_consideration' | 'advisory'; } export interface FloorExtension { id: string; name: string; domain: string; version: string; inherits: string; additionalPrinciples: FloorPrinciple[]; } export interface ValuesFloor { version: string; schema: string; lastUpdated: string; governanceUri: string; floor: FloorPrinciple[]; extensions?: FloorExtension[]; governance?: FloorGovernance; } export interface FloorGovernance { amendmentProcess: string; escalationRules: string[]; versionHistory?: Array<{ version: string; date: string; changes: string; }>; } export interface FloorReference { version: string; extensions: string[]; attestationId?: string; } export interface FloorAttestation { attestationId: string; agentId: string; publicKey: string; floorVersion: string; extensions: string[]; attestedAt: string; expiresAt: string; commitment: string; signature: string; } export interface ComplianceCheck { principleId: string; principleName: string; status: 'enforced' | 'attested' | 'violation' | 'unverifiable'; enforcementMode?: EnforcementMode; evidence?: string; detail: string; } export interface ComplianceReport { reportId: string; agentId: string; floorVersion: string; period: { from: string; to: string; }; receiptsAnalyzed: number; checks: ComplianceCheck[]; overallCompliance: number; generatedAt: string; signature: string; } export interface SharedGround { floorVersion: string | null; sharedExtensions: string[]; agentA: string; agentB: string; negotiatedAt: string; compatible: boolean; incompatibilityReasons: string[]; } export interface BeneficiaryInfo { principalId: string; principalPublicKey?: string; relationship: 'creator' | 'employer' | 'delegator' | 'owner'; registeredAt: string; } export interface BeneficiaryTrace { traceId: string; receiptId: string; executorAgent: string; beneficiary: string; chain: DelegationHop[]; totalDepth: number; resolved: boolean; verified: boolean; } export interface DelegationHop { from: string; to: string; delegationId: string; scope: string[]; depth: number; } export interface AttributionEntry { receiptId: string; agentId: string; action: string; scopeUsed: string; spend: number; resultStatus: string; weight: number; timestamp: string; } export interface AttributionReport { reportId: string; beneficiary: string; agentId: string; period: { from: string; to: string; }; entries: AttributionEntry[]; totalWeight: number; receiptCount: number; merkleRoot: string; entriesHash: string; generatedAt: string; signature: string; } export interface MerkleProof { receiptHash: string; root: string; proof: MerkleProofNode[]; index: number; verified?: boolean; } export interface MerkleProofNode { hash: string; position: 'left' | 'right'; } //# sourceMappingURL=passport.d.ts.map