import type { ConstraintStatus } from '../../types/gateway.js'; import type { CoSignerEntry, CoSignerRole, SharesRoot } from './types.js'; export interface CoSignatureFact { publicKey: string; role: CoSignerRole; keyClass: string; did?: string; status: ConstraintStatus; } export interface IndependenceEdge { a: string; b: string; sharesRoot: boolean; } export type ApprovalScheme = 'commerce_hex' | 'charter_uuid' | 'unrecognized'; export interface ApprovalReferenceFact { present: boolean; requestId?: string; scheme: ApprovalScheme; /** Whether a hash commitment to the signed approval was recorded. */ commitmentPresent: boolean; } export interface BreakGlassFact { present: boolean; /** Structurally complete (all required fields present and typed). */ wellFormed: boolean; /** Not past its expires_at at evaluation time. */ inForce: boolean; /** Over an allowed class (true when no forbidden class was matched). */ classAllowed: boolean; /** Whether the declaration owes a post-hoc review. */ postReviewRequired: boolean; /** Reasons the declaration is rejected, if any. */ rejections: string[]; } export interface HumanOversightDescriptor { /** Per-signature Belnap results. */ coSignatures: CoSignatureFact[]; /** At least one co_signer entry with role 'human' verified ('pass'). */ humanSignaturePresent: boolean; /** Independence edges across all signer pairs. */ independence: IndependenceEdge[]; /** True when no recorded signer pair shares a root of trust. With a * single signer, there are no pairs, so this is vacuously true; read * it together with coSignatures and humanSignaturePresent. */ allSignersIndependent: boolean; approvalReference: ApprovalReferenceFact; breakGlass: BreakGlassFact; /** ───────── verifier-derived advisory scalar ───────── * Relying-party-policy OUTPUT, computed by this verifier. NOT a field * on any receipt and NOT issuer-set. True only when a human signature * verified AND that human signer is independent of every other signer * in the key and DID graph AND no break_glass declaration is rejected. * A relying party MAY override this with its own policy over the set. */ advisory_independent_human_oversight: boolean; } /** * Build the independence edge set for the recorded signers. The caller * supplies `sharesRoot`, derived from the key and DID graph (M3 key * resolution, trust anchors). This module does not infer roots of trust; * it consumes the relation and records which pairs share one. * * Default when `sharesRoot` is omitted: two signers share a root only * when they present the identical public key or identical DID. That is * the minimal, conservative graph: same key is the same party, same DID * is the same controller. A richer graph (shared gateway anchor, shared * controller document) is the caller's to supply. */ export declare function computeIndependence(signers: CoSignerEntry[], sharesRoot?: SharesRoot): { edges: IndependenceEdge[]; allIndependent: boolean; }; /** * Is a single signer independent of every OTHER recorded signer? Used to * decide whether a verified human signature stands on its own in the key * and DID graph. A signer with no peers is vacuously independent. */ export declare function isSignerIndependent(target: CoSignerEntry, signers: CoSignerEntry[], sharesRoot?: SharesRoot): boolean; //# sourceMappingURL=descriptor.d.ts.map