/** * @fileoverview Reconcile audience binding with the existing cross_chain * confused-deputy constraint. * * Audience binding and cross_chain are complementary, not competing: * * - cross_chain (src/types/cross-chain.ts, FACET 'cross_chain') stops * authority from principal X being COMBINED into a destination governed by * principal Y unless a CrossChainPermit authorizes it. It is a DATA-FLOW * restriction evaluated over a taint set. * * - audience (FACET 'audience') stops a proof minted for recipient A from * being PRESENTED to recipient B. It is a PROOF-PRESENTATION restriction * evaluated over a recipient-identifier set. * * A single attempted misuse can trip both: presenting A's proof at B (audience * mismatch) while also crossing a data-flow boundary (cross_chain block). The * reconciliation rule below makes sure the relying party emits ONE primary * denial, not two contradictory ones, and never a contradiction (one facet * 'pass' while the other 'fail' for the SAME recipient mismatch). * * This module emits denials in the canonical ConstraintFailure shape * (src/types/gateway.ts) using the 'audience' facet. It does NOT invent a * parallel error type and does NOT re-implement cross_chain evaluation; it * consumes a cross_chain result the caller already computed. */ import type { ConstraintFailure, ConstraintStatus } from '../../types/gateway.js'; import type { AudienceCheckResult } from './types.js'; /** * Map an audience check result to the four-valued ConstraintStatus. The * AudienceStatus is already lattice-aligned, so this is a direct projection; * it exists so callers do not depend on the two enums being string-identical. */ export declare function audienceToConstraintStatus(result: AudienceCheckResult): ConstraintStatus; /** * Build a canonical ConstraintFailure for a failed audience check, using the * 'audience' facet. Returns null when the check did not fail (a non-failure * never produces a ConstraintFailure, matching the gateway convention that * failures-only populate ConstraintVector.failures). * * Audience failures are HARD and NOT retryable: a relying party cannot retry * its way into being a named recipient. The reason code becomes the failure * `code` so it is machine-readable. */ export declare function audienceFailure(result: AudienceCheckResult): ConstraintFailure | null; /** * The outcome of reconciling an audience check with a cross_chain evaluation. */ export interface AudienceCrossChainReconciliation { /** * The single set of constraint failures the relying party should surface. * At most one audience failure and at most one cross_chain failure, with the * primary called out. Never contains a contradictory pair (a 'pass' next to * a 'fail' for the same mismatch). */ failures: ConstraintFailure[]; /** * The primary failure: the one that would block even if the other passed. * Audience is checked at proof presentation (cheaper, earlier) and is the * primary when both fail, matching the EVALUATION_ORDER intuition that the * presentation-layer check fronts the data-flow check. */ primary?: ConstraintFailure; /** True when both facets failed (a deliberately scoped-and-routed misuse). */ bothFailed: boolean; /** True when the two facets agree (no contradiction). */ consistent: boolean; } /** * Reconcile an audience check with an already-computed cross_chain failure (if * any). The cross_chain failure, when present, MUST already be in the * canonical ConstraintFailure shape with facet 'cross_chain'. * * Rules: * 1. No double-deny on the SAME facet: only one audience failure is emitted. * 2. No contradiction: the two facets describe different boundaries, so an * audience 'pass' alongside a cross_chain 'fail' (or vice versa) is * CONSISTENT, not contradictory; both are reported and the cross_chain * one is primary. A contradiction would be the same boundary yielding * both pass and fail, which this shape cannot produce. * 3. When both fail, audience is primary (presentation layer fronts the * data-flow layer) but both failures are preserved for the audit trail. */ export declare function reconcileAudienceWithCrossChain(audienceResult: AudienceCheckResult, crossChainFailure: ConstraintFailure | null): AudienceCrossChainReconciliation; //# sourceMappingURL=reconcile.d.ts.map