npm - @agentsbank/sdk - Versions diffs - 1.0.12 → 1.0.13 - Mend

@agentsbank/sdk 1.0.12 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agentsbank/sdk",
-  "version": "1.0.12",
+  "version": "1.0.13",
   "description": "🔒 Secure Financial SDK for AgentsBank - Multi-chain wallet & transaction management. Requires explicit credentials and user authorization for financial operations.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -9,6 +9,12 @@
     "build": "tsc",
     "publish": "npm publish"
   },
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md",
+    "package.json"
+  ],
   "keywords": [
     "ai-agents",
     "blockchain",

package/.env DELETED Viewed

@@ -1,38 +0,0 @@
-# AgentsBank SDK - Environment Variables
-# SECURITY WARNING: Never commit .env to version control
-# ============================================
-# API Configuration (REQUIRED)
-# ============================================
-# Base URL of AgentsBank API
-AGENTSBANK_API_URL=https://api.agentsbank.online
-# ============================================
-# Authentication (Choose ONE method)
-# ============================================
-# METHOD 1: API Key (Recommended for production)
-AGENTSBANK_API_KEY=your-api-key-here-do-not-share
-# METHOD 2: Agent Credentials (For testing/setup)
-# Uncomment and fill only if using credential-based auth
-# AGENTSBANK_AGENT_USERNAME=agent_name
-# AGENTSBANK_AGENT_PASSWORD=agent_password_secret
-# ============================================
-# Optional: Pre-authenticated Token
-# ============================================
-# Only needed if you have a pre-issued JWT token
-# AGENTSBANK_AUTH_TOKEN=jwt-token-here
-# ============================================
-# Optional: Runtime Configuration
-# ============================================
-# Timeout for API requests (in milliseconds)
-SDK_REQUEST_TIMEOUT=10000
-# Enable verbose logging for debugging
-SDK_DEBUG=false
-# Custom audit logging endpoint (optional)
-# SDK_AUDIT_LOG_ENDPOINT=https://logs.example.com/audit

package/.env.example DELETED Viewed

@@ -1,53 +0,0 @@
-# AgentsBank SDK - Environment Variables Template
-# Copy this to .env and fill in your actual credentials
-# SECURITY WARNING: Never commit .env to version control
-# ============================================
-# API Configuration (REQUIRED)
-# ============================================
-# Base URL of AgentsBank API
-# For local development: http://localhost:3000
-# For production: https://api.agentsbank.online
-AGENTSBANK_API_URL=https://api.agentsbank.online
-# ============================================
-# Authentication (Choose ONE method)
-# ============================================
-# METHOD 1: API Key (Recommended for production)
-AGENTSBANK_API_KEY=your-api-key-here-do-not-share
-# METHOD 2: Agent Credentials (For testing/setup)
-# Uncomment and fill only if using credential-based auth
-# AGENTSBANK_AGENT_USERNAME=agent_name
-# AGENTSBANK_AGENT_PASSWORD=agent_password_secret
-# ============================================
-# Optional: Pre-authenticated Token
-# ============================================
-# Only needed if you have a pre-issued JWT token
-# AGENTSBANK_AUTH_TOKEN=jwt-token-here
-# ============================================
-# Optional: Runtime Configuration
-# ============================================
-# Environment: 'production' or 'sandbox'
-AGENTSBANK_ENVIRONMENT=production
-# Request timeout in milliseconds
-AGENTSBANK_TIMEOUT_MS=10000
-# Enable audit logging
-AGENTSBANK_AUDIT_LOG=true
-# Webhook URL for transaction notifications (optional)
-# AGENTSBANK_WEBHOOK_URL=https://your-domain.com/webhooks/agentsbank
-# ============================================
-# Security Checklist
-# ============================================
-# ✓ API key obtained from https://dashboard.agentsbank.ai
-# ✓ Never commit this file to git (add to .gitignore)
-# ✓ Rotate API key monthly or when team member leaves
-# ✓ Use different credentials for development vs production
-# ✓ Enable audit logging in production

package/SKILL.md DELETED Viewed

@@ -1,250 +0,0 @@
-# AgentsBank SDK - Financial Operations Skill
-**Status:** Production-grade, requires explicit user invocation for financial operations
-**Version:** 0.1.0
-**Risk Level:** High (financial transactions)
-**Autonomy:** ❌ Disabled for autonomous execution
----
-## ⚠️ Security & Credential Requirements
-This is a **financial transaction SDK** that requires explicit credentials and user authorization. It is **NOT autonomously invocable** for security reasons.
-### Required Environment Variables
-```env
-# API Configuration (REQUIRED - NO DEFAULT)
-AGENTSBANK_API_URL=https://api.agentsbank.ai
-# Authentication (Choose ONE)
-AGENTSBANK_API_KEY=your-api-key-here
-# OR
-AGENTSBANK_AGENT_USERNAME=agent_name
-AGENTSBANK_AGENT_PASSWORD=agent_password_secret
-# Optional runtime token (if pre-authenticated)
-AGENTSBANK_AUTH_TOKEN=jwt-token-here
-```
-- **`AGENTSBANK_API_URL`** (required): Base URL of the AgentsBank API endpoint
-  - No defaults → must be explicitly set
-  - Scope: API connectivity only
-- **`AGENTSBANK_API_KEY`** OR credentials (required for auth):
-  - Primary authentication method
-  - Scope: Wallet creation, transactions, balance queries
-  - Must be rotated regularly
-  - Cannot be embedded in code
-- **`AGENTSBANK_AUTH_TOKEN`** (optional): Pre-issued JWT token
-  - Use if already authenticated
-  - Shorter scope than API key
----
-## 🔐 Credential Security Boundaries
-| Operation | Credential Required | Scope | Risk |
-|-----------|-------------------|-------|------|
-| Wallet Management | API Key + Agent Auth | Read/Write | 🔴 High |
-| Transactions | API Key + Agent Auth | Write only | 🔴 Critical |
-| Balance Query | API Key | Read only | 🟡 Medium |
-| Gas Estimation | API Key | Informational | 🟢 Low |
----
-## 🚫 Autonomous Execution Policy
-**This SDK MUST NOT be autonomously invoked by AI agents.** Financial operations require:
-1. **Explicit User Confirmation** – User must authorize before any transaction
-2. **Human Review** – Transaction details must be reviewed and approved
-3. **Audit Trail** – All operations logged with timestamp and actor
-4. **Rate Limiting** – API enforces per-agent limits to prevent abuse
-### Enforce Constraints in Code
-```typescript
-// REQUIRED: Check for user authorization flag
-if (!context.userApproval) {
-  throw new Error('Financial operations require explicit user authorization');
-}
-// REQUIRED: Log transaction intent before execution
-logger.info('User authorized transaction', {
-  agentId: config.agentId,
-  recipient: toAddress,
-  amount: amount,
-  timestamp: new Date()
-});
-// REQUIRED: Never retry failed financial operations without user re-approval
-```
----
-## 📦 Installation
-```bash
-npm install @agentsbank/sdk
-```
-### Setup Steps
-1. **Obtain Credentials**
-   - Request API key from dashboard: https://dashboard.agentsbank.ai
-   - OR set `AGENTSBANK_AGENT_USERNAME` + `AGENTSBANK_AGENT_PASSWORD`
-   - Securely store credentials (never commit to git)
-2. **Configure Environment**
-   ```bash
-   cp .env.example .env
-   # Edit .env with your credentials
-   ```
-3. **Initialize SDK**
-   ```typescript
-   import { AgentsBankSDK } from '@agentsbank/sdk';
-   const bank = new AgentsBankSDK({
-     apiUrl: process.env.AGENTSBANK_API_URL,
-     apiKey: process.env.AGENTSBANK_API_KEY,
-     // OR credentials:
-     agentUsername: process.env.AGENTSBANK_AGENT_USERNAME,
-     agentPassword: process.env.AGENTSBANK_AGENT_PASSWORD,
-   });
-   ```
----
-## 💰 Core Capabilities
-### Wallet Management
-- **`createWallet(chain, type)`** – Create new multi-chain wallet
-  - Chains: `ethereum`, `bsc`, `solana`
-  - Types: `custodial`, `non-custodial`
-  - ⚠️ Custodial wallets require setup confirmationSecurity
-- **`listWallets()`** – List all wallets for agent
-- **`getWallet(walletId)`** – Retrieve wallet details
-- **`getBalance(walletId)`** – Query wallet balance across assets
-### Transaction Operations
-- **`sendTransaction(walletId, toAddress, amount, currency)`** – Execute transfer
-  - **Requires:** Explicit user approval before execution
-  - **Returns:** Transaction ID for tracking
-  - **Timeout:** 300s default (configurable)
-- **`getTransaction(txId)`** – Retrieve transaction status
-- **`getTransactionHistory(walletId, limit)`** – List recent transactions
-- **`waitForConfirmation(txId)`** – Poll until confirmed or timeout
-### Utilities
-- **`estimateGas(walletId, toAddress, amount)`** – Get gas cost estimate (informational only)
-- **`getStats(walletId, days)`** – Historical transaction metrics
-- **`refreshToken()`** – Renew JWT token before expiry
----
-## 🔍 Audit & Compliance
-All financial operations trigger:
-- ✅ Agent authentication verification
-- ✅ Transaction signature & validation
-- ✅ Rate limit enforcement (per-agent per-minute)
-- ✅ Immutable audit log entry
-- ✅ Optional webhook notification to recipient
----
-## ⚡ Quick Example
-```typescript
-import { AgentsBankSDK } from '@agentsbank/sdk';
-// 1. Initialize with API Key
-const bank = new AgentsBankSDK({
-  apiUrl: 'https://api.agentsbank.ai',
-  apiKey: process.env.AGENTSBANK_API_KEY
-});
-// 2. Get or create wallet
-let wallet = await bank.listWallets().then(w => w[0]);
-if (!wallet) {
-  wallet = await bank.createWallet('ethereum', 'non-custodial');
-}
-// 3. Check balance
-const balance = await bank.getBalance(wallet.wallet_id);
-console.log('Balance:', balance);
-// 4. ONLY with user approval:
-if (userConfirmsTransaction) {
-  const tx = await bank.sendTransaction(
-    wallet.wallet_id,
-    '0xRecipient...',
-    '1.5',
-    'ETH'
-  );
-  console.log('Tx ID:', tx.tx_id);
-  // 5. Wait for confirmation
-  const confirmed = await bank.waitForConfirmation(tx.tx_id);
-  console.log('Status:', confirmed.status);
-}
-```
----
-## 🛑 Error Handling
-```typescript
-try {
-  await bank.sendTransaction(walletId, recipient, amount, currency);
-} catch (error) {
-  if (error.message.includes('Invalid wallet')) {
-    console.error('Wallet not found');
-  } else if (error.message.includes('Insufficient balance')) {
-    console.error('Not enough funds');
-  } else if (error.message.includes('Rate limit exceeded')) {
-    console.error('Too many requests - try again later');
-  }
-}
-```
----
-## 🚀 Best Practices
-1. **Never store credentials in code** – Use environment variables only
-2. **Rotate API keys monthly** – Call `regenerateApiKey()` and update `.env`
-3. **Validate recipient addresses** – Always verify before transaction
-4. **Use non-custodial wallets** for agents when possible
-5. **Monitor transaction history** – Regular audits via `getTransactionHistory()`
-6. **Set low rate limits** – Start with 1-5 transactions/minute per agent
-7. **Enable webhook notifications** – Get real-time transaction confirmations
----
-## 📞 Support & Security Issues
-- Dashboard: https://dashboard.agentsbank.ai
-- Docs: https://docs.agentsbank.ai
-- Report security issues: security@agentsbank.ai (not public issues)
----
-## 📋 Compliance Notes
-- **OAuth2 Support**: Via API Key or JWT bearer token
-- **Webhook Support**: Transaction confirmations, balance updates
-- **Sandbox Mode**: Available via `AGENTSBANK_ENVIRONMENT=sandbox` env var
-- **Audit Trail**: All transactions immutably logged with actor, timestamp, amount
-- **PCI DSS Notes**: Private keys never transmitted over network; stored encrypted at rest
----
-**Last Updated:** February 2026
-**Requires:** Node.js 18+, @agentsbank/sdk ^0.1.0

package/index.ts DELETED Viewed

@@ -1,482 +0,0 @@
-/**
- * 🔒 AgentsBank.ai SDK for Agents - FINANCIAL OPERATIONS
- *
- * ⚠️  SECURITY CONSTRAINTS:
- * - Requires explicit API credentials (apiUrl + apiKey or agent credentials)
- * - Financial operations (sendTransaction) require UserApprovalContext
- * - NOT autonomously invocable - requires human approval
- * - All operations logged with audit trail
- *
- * Usage:
- * import { AgentsBankSDK } from '@agentsbank/sdk';
- *
- * const bank = new AgentsBankSDK({
- *   apiUrl: process.env.AGENTSBANK_API_URL!,
- *   apiKey: process.env.AGENTSBANK_API_KEY!,
- * });
- *
- * // Read-only operations (no approval needed)
- * const wallet = await bank.getWallet(walletId);
- *
- * // Financial operations (REQUIRES USER APPROVAL)
- * const tx = await bank.sendTransaction(
- *   walletId,
- *   toAddress,
- *   amount,
- *   { userId: 'user_123', approvedAt: new Date(), reason: 'User confirmed on UI' }
- * );
- */
-import axios, { AxiosInstance } from 'axios';
-/**
- * ⚠️  REQUIRED: User approval context for financial operations
- * Prevents autonomous execution of transactions
- */
-export interface UserApprovalContext {
-  userId: string;           // ID of human who approved the transaction
-  approvedAt: Date;         // Timestamp when approval was granted
-  reason?: string;          // Human-readable reason for audit trail
-  approvalMethod?: 'ui' | 'api' | '2fa' | 'autonomous'; // How approval was obtained
-}
-export interface SDKConfig {
-  apiUrl: string;
-  agentUsername?: string;
-  agentPassword?: string;
-  apiKey?: string;
-  token?: string;
-  auditLogger?: (event: AuditEvent) => void;
-  /**
-   * ⚠️  AUTONOMOUS MODE (RISKY)
-   * If true, allows financial operations without UserApprovalContext
-   * Use only for trusted autonomous agents with guardrails enabled
-   * Default: false (requires human approval)
-   */
-  autonomousMode?: boolean;
-}
-export interface AuditEvent {
-  timestamp: Date;
-  operation: 'wallet_create' | 'wallet_list' | 'balance_query' | 'transaction_send' | 'auth_login' | 'token_refresh';
-  walletId?: string;
-  txId?: string;
-  userId?: string;
-  amount?: string;
-  toAddress?: string;
-  status: 'initiated' | 'success' | 'failed';
-  error?: string;
-}
-export interface WalletInfo {
-  wallet_id: string;
-  agent_id: string;
-  chain: string;
-  address: string;
-  type: 'custodial' | 'non-custodial';
-  balance: Record<string, string>;
-  created_at: string;
-}
-export interface TransactionInfo {
-  tx_id: string;
-  wallet_id: string;
-  type: string;
-  amount: string;
-  currency: string;
-  from_address: string;
-  to_address: string;
-  tx_hash?: string;
-  status: 'pending' | 'confirmed' | 'failed';
-  fee: string;
-  timestamp: string;
-}
-export class AgentsBankSDK {
-  private client: AxiosInstance;
-  private config: SDKConfig;
-  private token?: string;
-  private auditLogger: (event: AuditEvent) => void;
-  constructor(config: SDKConfig) {
-    // ⚠️  SECURITY: Validate required credentials
-    if (!config.apiUrl) {
-      throw new Error(
-        'SECURITY ERROR: AGENTSBANK_API_URL is required. ' +
-        'See SKILL.md for credential requirements.'
-      );
-    }
-    const hasApiKey = !!config.apiKey;
-    const hasCredentials = !!(config.agentUsername && config.agentPassword);
-    const hasToken = !!config.token;
-    if (!hasApiKey && !hasCredentials && !hasToken) {
-      throw new Error(
-        'SECURITY ERROR: Authentication required. Provide one of: ' +
-        'apiKey, (agentUsername + agentPassword), or token. ' +
-        'See SKILL.md for setup instructions.'
-      );
-    }
-    if (config.autonomousMode) {
-      console.warn(
-        '⚠️  WARNING: AgentsBankSDK running in AUTONOMOUS MODE ⚠️\n' +
-        'Financial transactions will execute WITHOUT human approval.\n' +
-        'Ensure guardrails and spending limits are properly configured.\n' +
-        'This mode should only be used for trusted autonomous agents.'
-      );
-    }
-    this.config = config;
-    this.token = config.token;
-    this.auditLogger = config.auditLogger || this.defaultAuditLogger;
-    this.client = axios.create({
-      baseURL: config.apiUrl,
-      timeout: 10000,
-      headers: {
-        'Content-Type': 'application/json',
-        'User-Agent': 'AgentsBank-SDK/0.1.0',
-      },
-    });
-    // Add token to all requests
-    this.client.interceptors.request.use((conf) => {
-      if (this.token) {
-        conf.headers.Authorization = `Bearer ${this.token}`;
-      }
-      if (config.apiKey) {
-        conf.headers['X-API-Key'] = config.apiKey;
-      }
-      return conf;
-    });
-    // Handle errors with better messages
-    this.client.interceptors.response.use(
-      (response) => response,
-      (error) => {
-        // Improve error messages for debugging
-        if (error.response) {
-          const status = error.response.status;
-          const errorData = error.response.data;
-          const message = errorData?.error || errorData?.message || 'API Error';
-          const enhancedError = new Error(
-            `API Error ${status}: ${message}\nEndpoint: ${error.config?.url}`
-          );
-          enhancedError.name = 'APIError';
-          return Promise.reject(enhancedError);
-        }
-        if (error.request) {
-          const enhancedError = new Error(
-            `Network Error: No response from ${error.config?.baseURL}\nMake sure the API is online`
-          );
-          enhancedError.name = 'NetworkError';
-          return Promise.reject(enhancedError);
-        }
-        return Promise.reject(error);
-      }
-    );
-  }
-  /**
-   * Default audit logger - logs to console (override with custom logger)
-   */
-  private defaultAuditLogger(event: AuditEvent): void {
-    console.log(`[AUDIT] ${event.operation.toUpperCase()} - ${event.status}`, {
-      timestamp: event.timestamp.toISOString(),
-      userId: event.userId || 'system',
-      walletId: event.walletId,
-      txId: event.txId,
-      ...(event.error && { error: event.error }),
-    });
-  }
-  /**
-   * Internal audit logging
-   */
-  private logAudit(event: AuditEvent): void {
-    this.auditLogger(event);
-  }
-  /**
-   * Login with agent credentials
-   */
-  async login(): Promise<string> {
-    if (!this.config.agentUsername || !this.config.agentPassword) {
-      throw new Error('agentUsername and agentPassword required for login');
-    }
-    try {
-      const { data } = await this.client.post('/api/auth/agent/login', {
-        agent_username: this.config.agentUsername,
-        agent_password: this.config.agentPassword,
-      });
-      this.token = data.token;
-      this.logAudit({
-        timestamp: new Date(),
-        operation: 'auth_login',
-        status: 'success',
-      });
-      return data.token;
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
-      this.logAudit({
-        timestamp: new Date(),
-        operation: 'auth_login',
-        status: 'failed',
-        error: errorMessage,
-      });
-      // Re-throw with context
-      if (errorMessage.includes('API Error 401')) {
-        throw new Error('Authentication failed: Invalid credentials. Check agent_username and agent_password.');
-      } else if (errorMessage.includes('Network Error')) {
-        throw new Error(`Cannot reach API at ${this.config.apiUrl}. API may be offline.`);
-      }
-      throw error;
-    }
-  }
-  /**
-   * Create a new wallet
-   */
-  async createWallet(
-    chain: 'ethereum' | 'bsc' | 'solana',
-    type: 'custodial' | 'non-custodial' = 'non-custodial'
-  ): Promise<WalletInfo> {
-    if (!this.token) await this.login();
-    const { data } = await this.client.post('/api/wallets', {
-      chain,
-      type,
-    });
-    return data;
-  }
-  /**
-   * Get wallet details
-   */
-  async getWallet(walletId: string): Promise<WalletInfo> {
-    const { data } = await this.client.get(`/api/wallets/${walletId}`);
-    return data;
-  }
-  /**
-   * List all wallets for agent
-   */
-  async listWallets(): Promise<WalletInfo[]> {
-    const { data } = await this.client.get('/api/wallets');
-    return data.wallets;
-  }
-  /**
-   * Get wallet balance
-   */
-  async getBalance(walletId: string): Promise<Record<string, string>> {
-    const { data } = await this.client.get(`/api/wallets/${walletId}/balance`);
-    return data.balance;
-  }
-  /**
-   * Estimate gas for transaction
-   */
-  async estimateGas(
-    walletId: string,
-    toAddress: string,
-    amount: string
-  ): Promise<{ estimated_gas: string }> {
-    const { data } = await this.client.get(`/api/wallets/${walletId}/estimate-gas`, {
-      params: { to_address: toAddress, amount },
-    });
-    return data;
-  }
-  /**
-   * ⚠️  FINANCIAL OPERATION: Send transaction
-   *
-   * DEFAULT: Requires UserApprovalContext with human approval evidence
-   * - Prevents autonomous execution by default
-   * - Requires userId of approver and approval timestamp
-   * - All transactions logged in audit trail
-   *
-   * AUTONOMOUS MODE: If enabled in SDKConfig, can run without approval
-   * - Use only for trusted autonomous agents with guardrails
-   * - Still requires audit logging and guardrails validation
-   *
-   * @param walletId Source wallet ID
-   * @param toAddress Recipient blockchain address
-   * @param amount Transaction amount
-   * @param approval User approval context (OPTIONAL if autonomousMode enabled)
-   * @param currency Asset to transfer (default: ETH)
-   */
-  async sendTransaction(
-    walletId: string,
-    toAddress: string,
-    amount: string,
-    approval?: UserApprovalContext,
-    currency: string = 'ETH'
-  ): Promise<TransactionInfo> {
-    // ⚠️  SECURITY: Check approval requirement
-    if (!this.config.autonomousMode) {
-      // Default mode: approval REQUIRED
-      if (!approval || !approval.userId || !approval.approvedAt) {
-        throw new Error(
-          'SECURITY ERROR: User approval context required for transactions. ' +
-          'Provide userId and approvedAt timestamp, or enable autonomousMode. ' +
-          'This prevents autonomous financial operations by default.'
-        );
-      }
-    } else if (!approval) {
-      // Autonomous mode: generate synthetic approval context
-      approval = {
-        userId: `agent_autonomous_${this.config.agentUsername || 'system'}`,
-        approvedAt: new Date(),
-        reason: 'Autonomous agent execution - autonomousMode enabled',
-        approvalMethod: 'autonomous',
-      };
-      this.logAudit({
-        timestamp: new Date(),
-        operation: 'transaction_send',
-        status: 'initiated',
-        error: 'AUTONOMOUS_MODE_ENABLED - No human approval provided',
-      });
-    }
-    // Log transaction initiation
-    this.logAudit({
-      timestamp: new Date(),
-      operation: 'transaction_send',
-      status: 'initiated',
-      walletId,
-      userId: approval?.userId,
-      amount,
-      toAddress,
-    });
-    try {
-      const { data } = await this.client.post('/api/transactions', {
-        wallet_id: walletId,
-        to_address: toAddress,
-        amount,
-        currency,
-        type: 'transfer',
-        // Include approval evidence for audit trail
-        approval_user_id: approval.userId,
-        approval_timestamp: approval.approvedAt.toISOString(),
-        approval_reason: approval.reason,
-        approval_method: approval.approvalMethod || 'api',
-      });
-      // Log success
-      this.logAudit({
-        timestamp: new Date(),
-        operation: 'transaction_send',
-        status: 'success',
-        txId: data.tx_id,
-        walletId,
-        userId: approval?.userId,
-        amount,
-        toAddress,
-      });
-      return data;
-    } catch (error) {
-      // Log failure
-      this.logAudit({
-        timestamp: new Date(),
-        operation: 'transaction_send',
-        status: 'failed',
-        walletId,
-        userId: approval?.userId,
-        amount,
-        toAddress,
-        error: error instanceof Error ? error.message : String(error),
-      });
-      throw error;
-    }
-  }
-  /**
-   * Get transaction details
-   */
-  async getTransaction(txId: string): Promise<TransactionInfo> {
-    const { data } = await this.client.get(`/api/transactions/${txId}`);
-    return data;
-  }
-  /**
-   * Get transaction history for wallet
-   */
-  async getTransactionHistory(
-    walletId: string,
-    limit: number = 50
-  ): Promise<TransactionInfo[]> {
-    const { data } = await this.client.get(
-      `/api/transactions/wallet/${walletId}`,
-      { params: { limit } }
-    );
-    return data.transactions;
-  }
-  /**
-   * Get transaction statistics
-   */
-  async getStats(walletId: string, days: number = 30): Promise<any> {
-    const { data } = await this.client.get(
-      `/api/transactions/wallet/${walletId}/stats`,
-      { params: { days } }
-    );
-    return data;
-  }
-  /**
-   * Wait for transaction to be confirmed
-   */
-  async waitForConfirmation(
-    txId: string,
-    maxWaitMs: number = 300000,
-    pollIntervalMs: number = 5000
-  ): Promise<TransactionInfo> {
-    const startTime = Date.now();
-    while (Date.now() - startTime < maxWaitMs) {
-      const tx = await this.getTransaction(txId);
-      if (tx.status !== 'pending') {
-        return tx;
-      }
-      await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
-    }
-    throw new Error('Transaction confirmation timeout');
-  }
-  /**
-   * Update API key
-   */
-  async regenerateApiKey(): Promise<string> {
-    const { data } = await this.client.post('/api/auth/agent/regenerate-key');
-    return data.api_key;
-  }
-  /**
-   * Refresh JWT token
-   */
-  async refreshToken(): Promise<string> {
-    const { data } = await this.client.post('/api/auth/refresh');
-    this.token = data.token;
-    return data.token;
-  }
-}
-// Export for convenience
-export default AgentsBankSDK;

package/security-config.ts DELETED Viewed

@@ -1,268 +0,0 @@
-/**
- * AgentsBank SDK Security Configuration
- *
- * Defines security constraints and validation rules for the SDK
- * To be used during development and deployment validation
- */
-export const SDK_SECURITY_CONFIG = {
-  // ============================================
-  // Required Credentials
-  // ============================================
-  requiredCredentials: [
-    'AGENTSBANK_API_URL',
-    'AGENTSBANK_API_KEY | (AGENTSBANK_AGENT_USERNAME + AGENTSBANK_AGENT_PASSWORD)'
-  ],
-  // ============================================
-  // Risk Assessment
-  // ============================================
-  riskLevel: 'HIGH' as const, // Financial transaction platform
-  financialOperations: true,
-  autonomousExecutionAllowed: false, // DEFAULT: Must not be autonomously invocable
-  autonomousModeSupportedButOptional: true, // Can be enabled via config flag if needed
-  defaultRequiresApproval: true, // By default, all transactions require approval
-  // ============================================
-  // Credential Scope & Constraints
-  // ============================================
-  credentialScopes: {
-    'AGENTSBANK_API_URL': {
-      required: true,
-      type: 'url' as const,
-      description: 'Base URL of AgentsBank API',
-      example: 'https://api.agentsbank.ai',
-      defaultIfMissing: null, // NO DEFAULT - must be explicit
-    },
-    'AGENTSBANK_API_KEY': {
-      required: false,
-      type: 'secret' as const,
-      description: 'API Key for authentication (recommended)',
-      example: 'sk_live_...',
-      rotationInterval: 30 * 24 * 60 * 60 * 1000, // 30 days in ms
-      defaultIfMissing: null,
-    },
-    'AGENTSBANK_AGENT_USERNAME': {
-      required: false,
-      type: 'string' as const,
-      description: 'Agent username (alternative auth method)',
-      example: 'agent_123',
-      defaultIfMissing: null,
-    },
-    'AGENTSBANK_AGENT_PASSWORD': {
-      required: false,
-      type: 'secret' as const,
-      description: 'Agent password (alternative auth method)',
-      example: 'secret_password',
-      defaultIfMissing: null,
-    },
-  },
-  // ============================================
-  // Financial Operation Constraints
-  // ============================================
-  financialOperationConstraints: {
-    sendTransaction: {
-      requiresUserApprovalContext: true, // DEFAULT: Always required
-      canBypassApprovalInAutonomousMode: true, // Can be disabled if autonomousMode=true in SDKConfig
-      requiresUserId: true,
-      requiresApprovalTimestamp: true,
-      auditLoggingRequired: true,
-      atomicity: 'required' as const, // Must succeed or fail completely
-      rollbackOnFailure: true,
-      warningIfAutonomous: 'Executing financial transaction WITHOUT human approval',
-    },
-    createWallet: {
-      requiresUserApprovalContext: false, // Optional for wallet creation
-      auditLoggingRequired: true,
-      typeValidation: ['custodial', 'non-custodial'],
-    },
-    estimateGas: {
-      requiresUserApprovalContext: false,
-      auditLoggingRequired: false, // Informational only
-      cacheable: true, // Can cache results for same params
-    },
-  },
-  // ============================================
-  // Audit Trail Requirements
-  // ============================================
-  auditRequirements: {
-    requiredFields: [
-      'timestamp',
-      'operation',
-      'status',
-      'userId', // For financial operations
-      'walletId', // For wallet operations
-    ],
-    retention: {
-      production: 7 * 365 * 24 * 60 * 60 * 1000, // 7 years
-      development: 90 * 24 * 60 * 60 * 1000,     // 90 days
-    },
-    sensitiveOperations: [
-      'transaction_send',
-      'auth_login',
-      'token_refresh',
-      'wallet_create'
-    ],
-  },
-  // ============================================
-  // Deployment Constraints
-  // ============================================
-  deploymentConstraints: {
-    allowedEnvironments: ['development', 'staging', 'production'],
-    productionRequirements: [
-      'Credentials stored in secrets manager',
-      'Custom audit logger configured',
-      'Rate limiting enabled',
-      'Error monitoring (Sentry, DataDog, etc.)',
-      'Credential rotation scheduled',
-    ],
-    forbiddenPatternsInCode: [
-      'sk_live_', // API keys should not be in code
-      'sk_sandbox_',
-      'password:',
-      'secret:',
-      'token:',
-    ],
-  },
-  // ============================================
-  // Rate Limiting Defaults
-  // ============================================
-  rateLimiting: {
-    transactionsPerMinute: 5,
-    maxAmountPerTransaction: '1000', // Max 1000 of currency
-    maxDailyAmount: '10000', // Max 10000 per day per agent
-  },
-  // ============================================
-  // Validation Functions
-  // ============================================
-  validators: {
-    isValidApiUrl: (url: string | undefined): boolean => {
-      if (!url) return false;
-      try {
-        new URL(url);
-        return url.startsWith('https://');
-      } catch {
-        return false;
-      }
-    },
-    isValidApiKey: (key: string | undefined): boolean => {
-      if (!key) return false;
-      return key.startsWith('sk_') && key.length > 20;
-    },
-    isValidEthereumAddress: (address: string): boolean => {
-      return /^0x[a-fA-F0-9]{40}$/.test(address);
-    },
-    isValidAmount: (amount: string): boolean => {
-      const num = parseFloat(amount);
-      return !isNaN(num) && num > 0;
-    },
-  },
-} as const;
-/**
- * Validates SDK configuration before use
- * Throws error if validation fails
- */
-export function validateSDKConfiguration(config: Record<string, any>): void {
-  // Check required API URL
-  if (!config.apiUrl) {
-    throw new Error(
-      'SECURITY VALIDATION FAILED: AGENTSBANK_API_URL is required. ' +
-      'See SKILL.md for credential requirements.'
-    );
-  }
-  if (!SDK_SECURITY_CONFIG.validators.isValidApiUrl(config.apiUrl)) {
-    throw new Error(
-      'SECURITY VALIDATION FAILED: Invalid API URL. ' +
-      'Must be HTTPS URL. Example: https://api.agentsbank.ai'
-    );
-  }
-  // Check at least one authentication method
-  const hasApiKey = !!config.apiKey && SDK_SECURITY_CONFIG.validators.isValidApiKey(config.apiKey);
-  const hasCredentials = config.agentUsername && config.agentPassword;
-  const hasToken = !!config.token;
-  if (!hasApiKey && !hasCredentials && !hasToken) {
-    throw new Error(
-      'SECURITY VALIDATION FAILED: No authentication provided. ' +
-      'Provide one of: apiKey, (agentUsername + agentPassword), or token. ' +
-      'See SKILL.md for setup instructions.'
-    );
-  }
-}
-/**
- * Validates user approval context for financial operations
- */
-export function validateUserApprovalContext(approval: any): void {
-  if (!approval) {
-    throw new Error(
-      'SECURITY ERROR: User approval context required for financial operations. ' +
-      'Cannot execute financial operations autonomously.'
-    );
-  }
-  if (!approval.userId) {
-    throw new Error(
-      'SECURITY ERROR: approval.userId required. ' +
-      'Must identify human who approved this operation.'
-    );
-  }
-  if (!approval.approvedAt || !(approval.approvedAt instanceof Date)) {
-    throw new Error(
-      'SECURITY ERROR: approval.approvedAt required (Date object). ' +
-      'Must have timestamp of when approval was granted.'
-    );
-  }
-  // Check approval is recent (within last hour)
-  const ageMs = Date.now() - approval.approvedAt.getTime();
-  const maxAgeMs = 60 * 60 * 1000; // 1 hour
-  if (ageMs > maxAgeMs) {
-    throw new Error(
-      `SECURITY ERROR: Approval too old (${Math.round(ageMs / 1000)}s). ` +
-      'User approval must be renewed within 1 hour of transaction.'
-    );
-  }
-}
-/**
- * Validates financial operation parameters
- */
-export function validateFinancialOperationParams(
-  walletId: string,
-  toAddress: string,
-  amount: string
-): void {
-  if (!walletId) {
-    throw new Error('walletId is required');
-  }
-  if (!toAddress) {
-    throw new Error('toAddress is required');
-  }
-  if (!SDK_SECURITY_CONFIG.validators.isValidEthereumAddress(toAddress)) {
-    throw new Error(`Invalid Ethereum address: ${toAddress}`);
-  }
-  if (!amount) {
-    throw new Error('amount is required');
-  }
-  if (!SDK_SECURITY_CONFIG.validators.isValidAmount(amount)) {
-    throw new Error(`Invalid amount: ${amount}. Must be a positive number.`);
-  }
-}

package/tsconfig.json DELETED Viewed

@@ -1,18 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "ESNext",
-    "lib": ["ES2020"],
-    "outDir": "./dist",
-    "rootDir": ".",
-    "strict": true,
-    "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true,
-    "moduleResolution": "bundler",
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true
-  },
-  "include": ["index.ts", "security-config.ts"],
-  "exclude": ["dist", "node_modules"]
-}