import type { ActionReceipt } from '../accountability/types/action.js'; import type { WitnessConflict } from '../../types/gateway.js'; import { type ReceiptContext, type RejectReason } from './context.js'; import type { CheckedSignature, EvidenceDescriptor, WitnessObservationFact } from './descriptor-interface.js'; /** Evidence the caller supplies for the descriptor. The verifier does NOT * fetch any of this; it is the caller's already-resolved view. */ export interface OfflineDescriptorInputs { /** Pre-checked signature facts beyond the receipt's own signer. When * omitted, the verifier seeds the descriptor with the single fact it * can recompute itself: the receipt's signer_did over its 'outcome' * claim, with `valid` set to the crypto-layer result. */ signatures?: CheckedSignature[]; /** Witness observation facts (observationBasis + optional divergence). */ witnessObservations?: WitnessObservationFact[]; /** Witness conflict events the verifier holds for this receipt. */ witnessConflicts?: WitnessConflict[]; /** Anchor equivalences for the independence graph. */ anchorEdges?: Array<[string, string]>; } /** Options for the offline verify path. All optional; the verifier reads * no defaults from any network source. */ export interface OfflineVerifyOptions { /** Relying-party context for the context layer. When omitted, ONLY the * crypto layer runs and `contextChecked` is false in the result. A * caller that wants the full envelope check MUST supply this. */ context?: ReceiptContext; /** Descriptor evidence inputs (signatures, witnesses, conflicts, anchors). */ descriptor?: OfflineDescriptorInputs; } export type OfflineVerifyVerdict = 'accept' | 'reject'; export interface OfflineVerifyResult { /** Headline: did the receipt pass every layer that ran? */ verdict: OfflineVerifyVerdict; /** True iff the crypto layer (signature, receipt_id, claim_type) passed. */ cryptoValid: boolean; /** True iff the context layer ran. False when no context was supplied. */ contextChecked: boolean; /** True iff the context layer ran AND passed. Always false when it did * not run. */ contextValid: boolean; /** The first rejecting reason, if any. Undefined on accept. */ reason?: RejectReason; /** Which layer surfaced the rejection, if any. */ rejectedAtLayer?: 'crypto' | 'context'; /** The verifier OUTPUT descriptor. Always present: even a rejected * receipt yields a descriptor reporting the mechanical facts (e.g. a * failed signature shows up as a 'fail' corroboration status). */ descriptor: EvidenceDescriptor; } /** * Verify an ActionReceipt fully offline and return the verdict plus the * W2-A1 Evidence Descriptor. * * Layer order is fixed and matches the conformance corpus: crypto first, * then context. A tampered or unsigned receipt is rejected before any * context is consulted. The descriptor is built from the signature facts * regardless of verdict, so a relying party always has the mechanical * evidence view even on rejection. * * Pure and zero-network: no fetch, no DID resolution, no CRL, no clock * read beyond what the caller supplies in {@link ReceiptContext}. */ export declare function verifyOffline(receipt: ActionReceipt, opts?: OfflineVerifyOptions): OfflineVerifyResult; //# sourceMappingURL=verify.d.ts.map