/** * Registry-backed ACDC verifier. * * KERIpy correspondence: * - ports `keri.vdr.verifying.Verifier` credential save, chain verification, * missing registry/schema/chain escrows, and verifier cue policy * * TypeScript divergence: * - ordinary outcomes are explicit decisions instead of exception-only control * flow; durable corruption and unsupported `DI2I` still fail explicitly */ import { Diger, NumberPrimitive, Prefixer, SerderACDC } from "../../../cesr/mod.js"; import type { AgentCue } from "../core/cues.js"; import { Deck } from "../core/deck.js"; import type { VcStateRecordShape } from "../core/records.js"; import type { Reger } from "../db/reger.js"; import type { Habery } from "./habbing.js"; import type { AcdcDispatchArgs } from "./parsering.js"; export type VerifierEscrowReason = "missingRegistry" | "missingSchema" | "missingChain"; export type VerifierRejectReason = "missingAnchor" | "invalidCredential" | "invalidSchema" | "invalidEdge" | "revokedChain" | "unsupportedChainOperator"; export type VerifierDecision = { kind: "accept"; said: string; } | { kind: "escrow"; reason: VerifierEscrowReason; said: string; } | { kind: "reject"; reason: VerifierRejectReason; said: string; detail?: string; }; export type VerifierCue = Extract; export interface CredentialStateProvider { vcState(vcid: string): VcStateRecordShape | null | undefined; } export interface VerifierOptions { reger: Reger; cues?: Deck; credentialExpiryMs?: number; missingRegistryTimeoutMs?: number; missingIssuerTimeoutMs?: number; } /** * Concrete verifier service consumed by `Reactor` through `VerifierLike`. * * The verifier owns only credential validation/indexing and its own VDR escrows. * TEL processing remains delegated to `Tevery`, and webhook/application policy * belongs above this class. */ export declare class Verifier { static readonly DefaultCredentialExpiryMs = 36000000000000; static readonly DefaultMissingRegistryTimeoutMs = 3600000; static readonly DefaultMissingIssuerTimeoutMs = 3600000; readonly hby: Habery; readonly reger: Reger; readonly cues: Deck; readonly credentialExpiryMs: number; readonly missingRegistryTimeoutMs: number; readonly missingIssuerTimeoutMs: number; constructor(hby: Habery, options: VerifierOptions); /** KERIpy-style registry state machine map. */ get tevers(): Map; /** Parser-compatible ACDC handoff. */ processACDC(args: AcdcDispatchArgs): VerifierDecision; /** Validate and save one registry-backed credential. */ processCredential(args: { creder: SerderACDC; prefixer: Prefixer; seqner: NumberPrimitive; saider: Diger; }): VerifierDecision; /** Missing registry escrow. */ escrowMRE(args: { creder: SerderACDC; prefixer: Prefixer; seqner: NumberPrimitive; saider: Diger; }): boolean; /** Missing chain escrow. */ escrowMCE(args: { creder: SerderACDC; prefixer: Prefixer; seqner: NumberPrimitive; saider: Diger; }): boolean; /** Missing schema escrow. */ escrowMSE(args: { creder: SerderACDC; prefixer: Prefixer; seqner: NumberPrimitive; saider: Diger; }): boolean; /** Replay verifier escrows in KERIpy order: missing chain, schema, registry. */ processEscrows(): void; /** Save a fully processed credential and KERIpy-compatible indexes. */ saveCredential(args: { creder: SerderACDC; prefixer: Prefixer; seqner: NumberPrimitive; saider: Diger; }): void; /** Verify the credential at the far end of an edge. */ verifyChain(nodeSaid: string, op: string | undefined, issuer: string): VcStateRecordShape | null; private processEscrow; private isCredentialStateStale; } //# sourceMappingURL=verifying.d.ts.map