import type { MutualAuthAttest, MutualAuthCertificate, MutualAuthFailureReason, MutualAuthHello, MutualAuthPolicy, MutualAuthResult, MutualAuthRole, MutualAuthSession, TrustAnchor } from './types.js'; export declare function newNonce(): string; export declare function buildHello(role: MutualAuthRole, supported_versions: string[], now_ms: number, nonce_b64?: string): MutualAuthHello; /** Choose the highest mutually supported version. Returns null if * there is no overlap. Both sides MUST run the same algorithm. */ export declare function chooseVersion(peer_supported: string[], own_accepted: string[]): string | null; export interface BuildAttestInput { role: MutualAuthRole; chosen_version: string; own_nonce_b64: string; peer_nonce_b64: string; certificate: MutualAuthCertificate; now_ms: number; } export declare function buildAttest(input: BuildAttestInput, own_sk_hex: string): MutualAuthAttest; export interface VerifyAttestInput { attest: MutualAuthAttest; expected_peer_nonce_b64: string; expected_own_nonce_b64: string; policy: MutualAuthPolicy; trust_anchors: TrustAnchor[]; revoked_anchor_ids?: string[]; now_ms: number; } export interface VerifyAttestOutcome { ok: boolean; reason?: MutualAuthFailureReason; detail?: string; } export declare function verifyAttest(input: VerifyAttestInput): VerifyAttestOutcome; /** Derive the shared session record from both sides' Attests. Both * parties MUST compute identical session_id values given identical * inputs (canonical JCS + sha256). */ export declare function deriveSession(agent_attest: MutualAuthAttest, is_attest: MutualAuthAttest, policy: MutualAuthPolicy, now_ms: number): MutualAuthResult; /** Check whether a MutualAuthSession is still alive. */ export declare function isSessionActive(session: MutualAuthSession, now_ms: number): boolean; //# sourceMappingURL=handshake.d.ts.map