/** * APS v2 Delegation Versioning * Supersession, renewal hardening, scope expansion with independent review. * Uses v1 crypto (node:crypto Ed25519). */ import type { PolicyContext, V2Delegation, V2ScopeDefinition } from './types.js'; import type { AudienceBinding } from './audience-binding/types.js'; export declare function getV2Delegation(id: string): V2Delegation | undefined; export declare function getV2DelegationsFor(delegatee: string): V2Delegation[]; export declare function getActiveV2Delegation(delegatee: string): V2Delegation | undefined; export interface CreateV2DelegationParams { delegator: string; delegatee: string; scope: V2ScopeDefinition; policy_context: PolicyContext; delegator_private_key: string; /** * Optional audience binding. When set, the delegation is bound to the named * recipient(s) and signed over the binding. When omitted, the signed bytes * are identical to a pre-audience-binding delegation. See * src/v2/audience-binding. */ aud?: AudienceBinding; } export declare function createV2Delegation(params: CreateV2DelegationParams): V2Delegation; export declare function isScopeExpansion(original: V2ScopeDefinition, proposed: V2ScopeDefinition): boolean; export declare function isScopeNarrowing(parent: V2ScopeDefinition, child: V2ScopeDefinition): boolean; export interface SupersedeV2DelegationParams { original_delegation_id: string; new_scope: V2ScopeDefinition; justification: string; policy_context: PolicyContext; delegator_private_key: string; expansion_reviewer?: string; expansion_reviewer_private_key?: string; renewal_reason?: string; /** * Optional audience binding for the superseding delegation. When omitted, the * original delegation's binding (if any) is carried forward unchanged so a * renewal does not silently drop the audience restriction. */ aud?: AudienceBinding; } export declare function supersedeV2Delegation(params: SupersedeV2DelegationParams): V2Delegation; export declare function renewV2Delegation(params: { original_delegation_id: string; policy_context: PolicyContext; delegator_private_key: string; renewal_reason: string; }): V2Delegation; export declare function revokeV2Delegation(id: string): V2Delegation; export declare function validateV2Delegation(d: V2Delegation, now?: Date): { valid: boolean; reason?: string; }; export declare function traceV2DelegationHistory(delegationId: string): V2Delegation[]; export declare function getExpiringV2Delegations(windowMs?: number): V2Delegation[]; export declare function processV2Expirations(gracePeriodMs?: number): { expired: string[]; graced: string[]; }; export declare function clearV2DelegationStore(): void; //# sourceMappingURL=delegation-v2.d.ts.map