@elisym/sdk 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-store.cjs +4 -0
- package/dist/agent-store.cjs.map +1 -1
- package/dist/agent-store.d.cts +11 -9
- package/dist/agent-store.d.ts +11 -9
- package/dist/agent-store.js +4 -1
- package/dist/agent-store.js.map +1 -1
- package/dist/index.cjs +279 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +186 -1
- package/dist/index.d.ts +186 -1
- package/dist/index.js +263 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime.cjs +200 -0
- package/dist/runtime.cjs.map +1 -0
- package/dist/runtime.d.cts +116 -0
- package/dist/runtime.d.ts +116 -0
- package/dist/runtime.js +193 -0
- package/dist/runtime.js.map +1 -0
- package/dist/skills.cjs +673 -0
- package/dist/skills.cjs.map +1 -0
- package/dist/skills.d.cts +172 -0
- package/dist/skills.d.ts +172 -0
- package/dist/skills.js +660 -0
- package/dist/skills.js.map +1 -0
- package/package.json +21 -1
package/dist/index.d.cts
CHANGED
|
@@ -624,6 +624,48 @@ type ParseResult = {
|
|
|
624
624
|
*/
|
|
625
625
|
declare function parsePaymentRequest(input: string, options?: ParseOptions): ParseResult;
|
|
626
626
|
|
|
627
|
+
/**
|
|
628
|
+
* Multi-asset / multi-chain payment model.
|
|
629
|
+
*
|
|
630
|
+
* `Asset` describes a currency a customer can spend: native coins (SOL, ETH, BTC)
|
|
631
|
+
* or tokens (SPL, ERC-20). `assetKey` produces a stable string id for Map lookups.
|
|
632
|
+
*
|
|
633
|
+
* Today only `NATIVE_SOL` is in `KNOWN_ASSETS`. SPL (USDC) and other chains are
|
|
634
|
+
* extended by adding entries to `KNOWN_ASSETS` and, where relevant, to the
|
|
635
|
+
* MCP `DEFAULT_SESSION_LIMITS` catalogue.
|
|
636
|
+
*/
|
|
637
|
+
type Chain = 'solana';
|
|
638
|
+
interface Asset {
|
|
639
|
+
chain: Chain;
|
|
640
|
+
/** Lowercase token id: 'sol', 'usdc', 'btc', 'eth'. */
|
|
641
|
+
token: string;
|
|
642
|
+
/** SPL mint / ERC-20 contract. Undefined for a native coin. */
|
|
643
|
+
mint?: string;
|
|
644
|
+
/** Subunits per whole (9 SOL, 6 USDC, 8 BTC, 18 ETH). */
|
|
645
|
+
decimals: number;
|
|
646
|
+
/** Display symbol: 'SOL', 'USDC'. */
|
|
647
|
+
symbol: string;
|
|
648
|
+
}
|
|
649
|
+
declare const NATIVE_SOL: Asset;
|
|
650
|
+
declare const KNOWN_ASSETS: readonly Asset[];
|
|
651
|
+
/** Stable Map key for `Asset`. Same shape regardless of Asset identity. */
|
|
652
|
+
declare function assetKey(a: Pick<Asset, 'chain' | 'token' | 'mint'>): string;
|
|
653
|
+
/** Find a known asset by (chain, token, mint). Returns undefined if unknown. */
|
|
654
|
+
declare function resolveKnownAsset(chain: string, token: string, mint?: string): Asset | undefined;
|
|
655
|
+
/** Reverse lookup: given an assetKey string, return the known asset or undefined. */
|
|
656
|
+
declare function assetByKey(key: string): Asset | undefined;
|
|
657
|
+
/**
|
|
658
|
+
* Parse a human amount string ("0.5", "1", "0.000001") into raw subunits (BigInt).
|
|
659
|
+
* Uses integer math to avoid float precision issues.
|
|
660
|
+
*
|
|
661
|
+
* Throws on: empty, negative, zero, malformed, too many fractional digits, or
|
|
662
|
+
* a value exceeding `Number.MAX_SAFE_INTEGER` (to keep downstream `Number(...)`
|
|
663
|
+
* call-sites safe).
|
|
664
|
+
*/
|
|
665
|
+
declare function parseAssetAmount(asset: Asset, human: string): bigint;
|
|
666
|
+
/** Format raw subunits back to `"<whole>.<frac> <SYMBOL>"`. Keeps all `decimals` digits. */
|
|
667
|
+
declare function formatAssetAmount(asset: Asset, raw: bigint): string;
|
|
668
|
+
|
|
627
669
|
/**
|
|
628
670
|
* Snapshot of the on-chain elisym-config program state.
|
|
629
671
|
*
|
|
@@ -658,6 +700,73 @@ interface GetProtocolConfigOptions {
|
|
|
658
700
|
*/
|
|
659
701
|
declare function getProtocolConfig(rpc: Rpc<SolanaRpcApi>, programId: Address, options?: GetProtocolConfigOptions): Promise<ProtocolConfig>;
|
|
660
702
|
|
|
703
|
+
/**
|
|
704
|
+
* Global (not per-agent) config stored at `~/.elisym/config.yaml`.
|
|
705
|
+
*
|
|
706
|
+
* Currently holds only session-spend-limit overrides; other top-level fields
|
|
707
|
+
* may be added later. The loader tolerates a missing file (returns `{}`), but
|
|
708
|
+
* fails fast on malformed YAML or schema violations.
|
|
709
|
+
*/
|
|
710
|
+
|
|
711
|
+
declare const SessionSpendLimitEntrySchema: z.ZodObject<{
|
|
712
|
+
chain: z.ZodEnum<["solana"]>;
|
|
713
|
+
token: z.ZodString;
|
|
714
|
+
mint: z.ZodOptional<z.ZodString>;
|
|
715
|
+
amount: z.ZodNumber;
|
|
716
|
+
}, "strict", z.ZodTypeAny, {
|
|
717
|
+
amount: number;
|
|
718
|
+
chain: "solana";
|
|
719
|
+
token: string;
|
|
720
|
+
mint?: string | undefined;
|
|
721
|
+
}, {
|
|
722
|
+
amount: number;
|
|
723
|
+
chain: "solana";
|
|
724
|
+
token: string;
|
|
725
|
+
mint?: string | undefined;
|
|
726
|
+
}>;
|
|
727
|
+
declare const GlobalConfigSchema: z.ZodObject<{
|
|
728
|
+
session_spend_limits: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
729
|
+
chain: z.ZodEnum<["solana"]>;
|
|
730
|
+
token: z.ZodString;
|
|
731
|
+
mint: z.ZodOptional<z.ZodString>;
|
|
732
|
+
amount: z.ZodNumber;
|
|
733
|
+
}, "strict", z.ZodTypeAny, {
|
|
734
|
+
amount: number;
|
|
735
|
+
chain: "solana";
|
|
736
|
+
token: string;
|
|
737
|
+
mint?: string | undefined;
|
|
738
|
+
}, {
|
|
739
|
+
amount: number;
|
|
740
|
+
chain: "solana";
|
|
741
|
+
token: string;
|
|
742
|
+
mint?: string | undefined;
|
|
743
|
+
}>, "many">>;
|
|
744
|
+
}, "strict", z.ZodTypeAny, {
|
|
745
|
+
session_spend_limits?: {
|
|
746
|
+
amount: number;
|
|
747
|
+
chain: "solana";
|
|
748
|
+
token: string;
|
|
749
|
+
mint?: string | undefined;
|
|
750
|
+
}[] | undefined;
|
|
751
|
+
}, {
|
|
752
|
+
session_spend_limits?: {
|
|
753
|
+
amount: number;
|
|
754
|
+
chain: "solana";
|
|
755
|
+
token: string;
|
|
756
|
+
mint?: string | undefined;
|
|
757
|
+
}[] | undefined;
|
|
758
|
+
}>;
|
|
759
|
+
type SessionSpendLimitEntry = z.infer<typeof SessionSpendLimitEntrySchema>;
|
|
760
|
+
type GlobalConfig = z.infer<typeof GlobalConfigSchema>;
|
|
761
|
+
/**
|
|
762
|
+
* Read and validate `~/.elisym/config.yaml`. Returns `{}` if missing. Throws
|
|
763
|
+
* on malformed YAML or schema violations — the MCP server treats these as fatal
|
|
764
|
+
* at startup rather than silently ignoring bad overrides.
|
|
765
|
+
*/
|
|
766
|
+
declare function loadGlobalConfig(path: string): Promise<GlobalConfig>;
|
|
767
|
+
/** Write the config YAML atomically. Validates via Zod before writing. */
|
|
768
|
+
declare function writeGlobalConfig(path: string, config: GlobalConfig): Promise<void>;
|
|
769
|
+
|
|
661
770
|
/** Encrypt plaintext using NIP-44 v2 (sender secret key + recipient public key). */
|
|
662
771
|
declare function nip44Encrypt(plaintext: string, senderSk: Uint8Array, recipientPubkey: string): string;
|
|
663
772
|
/** Decrypt ciphertext using NIP-44 v2 (receiver secret key + sender public key). */
|
|
@@ -685,6 +794,82 @@ declare class BoundedSet<T> {
|
|
|
685
794
|
add(item: T): void;
|
|
686
795
|
}
|
|
687
796
|
|
|
797
|
+
/**
|
|
798
|
+
* Sliding-window rate limiter keyed by an arbitrary string (typically a
|
|
799
|
+
* customer pubkey). Each key gets at most `maxPerWindow` requests inside a
|
|
800
|
+
* rolling `windowMs`. Stale timestamps are pruned lazily on every `check`.
|
|
801
|
+
* When the tracked-key set grows past `maxKeys`, the least-recently-used
|
|
802
|
+
* key is evicted so an attacker cannot exhaust memory by cycling keys.
|
|
803
|
+
*
|
|
804
|
+
* Thread-safety: not required. Designed for single-threaded JS consumers
|
|
805
|
+
* (Node/Bun event loops, browser main thread). No timers - pruning happens
|
|
806
|
+
* inside `check` and `prune`.
|
|
807
|
+
*/
|
|
808
|
+
interface SlidingWindowLimiterOptions {
|
|
809
|
+
/** Rolling window width, in ms. */
|
|
810
|
+
windowMs: number;
|
|
811
|
+
/** Max hits allowed per key inside the window. */
|
|
812
|
+
maxPerWindow: number;
|
|
813
|
+
/** Cap on total tracked keys. LRU-evicted past this cap. */
|
|
814
|
+
maxKeys: number;
|
|
815
|
+
}
|
|
816
|
+
interface RateLimitDecision {
|
|
817
|
+
allowed: boolean;
|
|
818
|
+
/** Wall-clock timestamp (ms) when the limit window will reset for this key. */
|
|
819
|
+
resetAt: number;
|
|
820
|
+
/** Number of hits inside the current window after this call (or the attempted hit if denied). */
|
|
821
|
+
count: number;
|
|
822
|
+
}
|
|
823
|
+
interface SlidingWindowLimiter {
|
|
824
|
+
/** Record a hit against `key`; return whether it was allowed. */
|
|
825
|
+
check(key: string, now?: number): RateLimitDecision;
|
|
826
|
+
/**
|
|
827
|
+
* Inspect the current state for `key` without recording a hit. Useful
|
|
828
|
+
* when a single request must clear multiple limiters and callers want
|
|
829
|
+
* to avoid double-counting against one limiter after another denies.
|
|
830
|
+
*/
|
|
831
|
+
peek(key: string, now?: number): RateLimitDecision;
|
|
832
|
+
/** Drop entries whose windows have fully elapsed. Bounded memory hygiene. */
|
|
833
|
+
prune(now?: number): void;
|
|
834
|
+
/** Current number of tracked keys. */
|
|
835
|
+
size(): number;
|
|
836
|
+
/** Clear all state. */
|
|
837
|
+
reset(): void;
|
|
838
|
+
}
|
|
839
|
+
declare function createSlidingWindowLimiter(options: SlidingWindowLimiterOptions): SlidingWindowLimiter;
|
|
840
|
+
|
|
841
|
+
/**
|
|
842
|
+
* Canonical pino redact paths for the elisym stack. Plugin, CLI, MCP, and
|
|
843
|
+
* any downstream integrator should consume these arrays directly - one
|
|
844
|
+
* source of truth for "fields that carry user input or secrets".
|
|
845
|
+
*
|
|
846
|
+
* Wire them into a pino instance like:
|
|
847
|
+
*
|
|
848
|
+
* import pino from 'pino';
|
|
849
|
+
* import { DEFAULT_REDACT_PATHS, makeCensor } from '@elisym/sdk';
|
|
850
|
+
* const logger = pino({
|
|
851
|
+
* redact: { paths: DEFAULT_REDACT_PATHS, censor: makeCensor() },
|
|
852
|
+
* });
|
|
853
|
+
*/
|
|
854
|
+
/**
|
|
855
|
+
* Field paths that carry Nostr / Solana secret keys or operator secrets.
|
|
856
|
+
* Censored as `[REDACTED]`.
|
|
857
|
+
*/
|
|
858
|
+
declare const SECRET_REDACT_PATHS: string[];
|
|
859
|
+
/**
|
|
860
|
+
* Field paths that carry customer-confidential text (LLM prompts, raw
|
|
861
|
+
* event content, job input). Censored as `[INPUT REDACTED]` so log
|
|
862
|
+
* readers can distinguish redacted input from redacted secrets.
|
|
863
|
+
*/
|
|
864
|
+
declare const INPUT_REDACT_PATHS: string[];
|
|
865
|
+
/**
|
|
866
|
+
* Union of the two arrays, in the order pino's redact engine should
|
|
867
|
+
* visit them. Prefer this when wiring a new logger so no downstream
|
|
868
|
+
* consumer forgets half the set.
|
|
869
|
+
*/
|
|
870
|
+
declare const DEFAULT_REDACT_PATHS: string[];
|
|
871
|
+
declare function makeCensor(): (value: unknown, path: string[]) => string;
|
|
872
|
+
|
|
688
873
|
declare const RELAYS: string[];
|
|
689
874
|
declare const KIND_APP_HANDLER = 31990;
|
|
690
875
|
declare const KIND_JOB_REQUEST_BASE = 5000;
|
|
@@ -760,4 +945,4 @@ declare const LIMITS: {
|
|
|
760
945
|
readonly MAX_CAPABILITY_LENGTH: 64;
|
|
761
946
|
};
|
|
762
947
|
|
|
763
|
-
export { type Agent, BoundedSet, type BuildTransactionOptions, type CapabilityCard, DEFAULTS, DEFAULT_KIND_OFFSET, DiscoveryService, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EstimatePriorityFeeOptions, type GetProtocolConfigOptions, type Job, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_PING, KIND_PONG, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, type Network, type NetworkStats, NostrPool, PROTOCOL_FEE_BPS, PROTOCOL_PROGRAM_ID_DEVNET, PROTOCOL_TREASURY, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, RELAYS, type Signer, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type VerifyOptions, type VerifyResult, assertExpiry, assertLamports, buildPaymentInstructions, calculateProtocolFee, clearPriorityFeeCache, clearProtocolConfigCache, createPaymentRequestWithOnchainConfig, estimatePriorityFeeMicroLamports, formatSol, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, nip44Decrypt, nip44Encrypt, parsePaymentRequest, pickPercentileFee, timeAgo, toDTag, truncateKey, validateAgentName, validateExpiry };
|
|
948
|
+
export { type Agent, type Asset, BoundedSet, type BuildTransactionOptions, type CapabilityCard, type Chain, DEFAULTS, DEFAULT_KIND_OFFSET, DEFAULT_REDACT_PATHS, DiscoveryService, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EstimatePriorityFeeOptions, type GetProtocolConfigOptions, type GlobalConfig, GlobalConfigSchema, INPUT_REDACT_PATHS, type Job, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_PING, KIND_PONG, KNOWN_ASSETS, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, NATIVE_SOL, type Network, type NetworkStats, NostrPool, PROTOCOL_FEE_BPS, PROTOCOL_PROGRAM_ID_DEVNET, PROTOCOL_TREASURY, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, RELAYS, type RateLimitDecision, SECRET_REDACT_PATHS, type SessionSpendLimitEntry, SessionSpendLimitEntrySchema, type Signer, type SlidingWindowLimiter, type SlidingWindowLimiterOptions, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type VerifyOptions, type VerifyResult, assertExpiry, assertLamports, assetByKey, assetKey, buildPaymentInstructions, calculateProtocolFee, clearPriorityFeeCache, clearProtocolConfigCache, createPaymentRequestWithOnchainConfig, createSlidingWindowLimiter, estimatePriorityFeeMicroLamports, formatAssetAmount, formatSol, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, loadGlobalConfig, makeCensor, nip44Decrypt, nip44Encrypt, parseAssetAmount, parsePaymentRequest, pickPercentileFee, resolveKnownAsset, timeAgo, toDTag, truncateKey, validateAgentName, validateExpiry, writeGlobalConfig };
|
package/dist/index.d.ts
CHANGED
|
@@ -624,6 +624,48 @@ type ParseResult = {
|
|
|
624
624
|
*/
|
|
625
625
|
declare function parsePaymentRequest(input: string, options?: ParseOptions): ParseResult;
|
|
626
626
|
|
|
627
|
+
/**
|
|
628
|
+
* Multi-asset / multi-chain payment model.
|
|
629
|
+
*
|
|
630
|
+
* `Asset` describes a currency a customer can spend: native coins (SOL, ETH, BTC)
|
|
631
|
+
* or tokens (SPL, ERC-20). `assetKey` produces a stable string id for Map lookups.
|
|
632
|
+
*
|
|
633
|
+
* Today only `NATIVE_SOL` is in `KNOWN_ASSETS`. SPL (USDC) and other chains are
|
|
634
|
+
* extended by adding entries to `KNOWN_ASSETS` and, where relevant, to the
|
|
635
|
+
* MCP `DEFAULT_SESSION_LIMITS` catalogue.
|
|
636
|
+
*/
|
|
637
|
+
type Chain = 'solana';
|
|
638
|
+
interface Asset {
|
|
639
|
+
chain: Chain;
|
|
640
|
+
/** Lowercase token id: 'sol', 'usdc', 'btc', 'eth'. */
|
|
641
|
+
token: string;
|
|
642
|
+
/** SPL mint / ERC-20 contract. Undefined for a native coin. */
|
|
643
|
+
mint?: string;
|
|
644
|
+
/** Subunits per whole (9 SOL, 6 USDC, 8 BTC, 18 ETH). */
|
|
645
|
+
decimals: number;
|
|
646
|
+
/** Display symbol: 'SOL', 'USDC'. */
|
|
647
|
+
symbol: string;
|
|
648
|
+
}
|
|
649
|
+
declare const NATIVE_SOL: Asset;
|
|
650
|
+
declare const KNOWN_ASSETS: readonly Asset[];
|
|
651
|
+
/** Stable Map key for `Asset`. Same shape regardless of Asset identity. */
|
|
652
|
+
declare function assetKey(a: Pick<Asset, 'chain' | 'token' | 'mint'>): string;
|
|
653
|
+
/** Find a known asset by (chain, token, mint). Returns undefined if unknown. */
|
|
654
|
+
declare function resolveKnownAsset(chain: string, token: string, mint?: string): Asset | undefined;
|
|
655
|
+
/** Reverse lookup: given an assetKey string, return the known asset or undefined. */
|
|
656
|
+
declare function assetByKey(key: string): Asset | undefined;
|
|
657
|
+
/**
|
|
658
|
+
* Parse a human amount string ("0.5", "1", "0.000001") into raw subunits (BigInt).
|
|
659
|
+
* Uses integer math to avoid float precision issues.
|
|
660
|
+
*
|
|
661
|
+
* Throws on: empty, negative, zero, malformed, too many fractional digits, or
|
|
662
|
+
* a value exceeding `Number.MAX_SAFE_INTEGER` (to keep downstream `Number(...)`
|
|
663
|
+
* call-sites safe).
|
|
664
|
+
*/
|
|
665
|
+
declare function parseAssetAmount(asset: Asset, human: string): bigint;
|
|
666
|
+
/** Format raw subunits back to `"<whole>.<frac> <SYMBOL>"`. Keeps all `decimals` digits. */
|
|
667
|
+
declare function formatAssetAmount(asset: Asset, raw: bigint): string;
|
|
668
|
+
|
|
627
669
|
/**
|
|
628
670
|
* Snapshot of the on-chain elisym-config program state.
|
|
629
671
|
*
|
|
@@ -658,6 +700,73 @@ interface GetProtocolConfigOptions {
|
|
|
658
700
|
*/
|
|
659
701
|
declare function getProtocolConfig(rpc: Rpc<SolanaRpcApi>, programId: Address, options?: GetProtocolConfigOptions): Promise<ProtocolConfig>;
|
|
660
702
|
|
|
703
|
+
/**
|
|
704
|
+
* Global (not per-agent) config stored at `~/.elisym/config.yaml`.
|
|
705
|
+
*
|
|
706
|
+
* Currently holds only session-spend-limit overrides; other top-level fields
|
|
707
|
+
* may be added later. The loader tolerates a missing file (returns `{}`), but
|
|
708
|
+
* fails fast on malformed YAML or schema violations.
|
|
709
|
+
*/
|
|
710
|
+
|
|
711
|
+
declare const SessionSpendLimitEntrySchema: z.ZodObject<{
|
|
712
|
+
chain: z.ZodEnum<["solana"]>;
|
|
713
|
+
token: z.ZodString;
|
|
714
|
+
mint: z.ZodOptional<z.ZodString>;
|
|
715
|
+
amount: z.ZodNumber;
|
|
716
|
+
}, "strict", z.ZodTypeAny, {
|
|
717
|
+
amount: number;
|
|
718
|
+
chain: "solana";
|
|
719
|
+
token: string;
|
|
720
|
+
mint?: string | undefined;
|
|
721
|
+
}, {
|
|
722
|
+
amount: number;
|
|
723
|
+
chain: "solana";
|
|
724
|
+
token: string;
|
|
725
|
+
mint?: string | undefined;
|
|
726
|
+
}>;
|
|
727
|
+
declare const GlobalConfigSchema: z.ZodObject<{
|
|
728
|
+
session_spend_limits: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
729
|
+
chain: z.ZodEnum<["solana"]>;
|
|
730
|
+
token: z.ZodString;
|
|
731
|
+
mint: z.ZodOptional<z.ZodString>;
|
|
732
|
+
amount: z.ZodNumber;
|
|
733
|
+
}, "strict", z.ZodTypeAny, {
|
|
734
|
+
amount: number;
|
|
735
|
+
chain: "solana";
|
|
736
|
+
token: string;
|
|
737
|
+
mint?: string | undefined;
|
|
738
|
+
}, {
|
|
739
|
+
amount: number;
|
|
740
|
+
chain: "solana";
|
|
741
|
+
token: string;
|
|
742
|
+
mint?: string | undefined;
|
|
743
|
+
}>, "many">>;
|
|
744
|
+
}, "strict", z.ZodTypeAny, {
|
|
745
|
+
session_spend_limits?: {
|
|
746
|
+
amount: number;
|
|
747
|
+
chain: "solana";
|
|
748
|
+
token: string;
|
|
749
|
+
mint?: string | undefined;
|
|
750
|
+
}[] | undefined;
|
|
751
|
+
}, {
|
|
752
|
+
session_spend_limits?: {
|
|
753
|
+
amount: number;
|
|
754
|
+
chain: "solana";
|
|
755
|
+
token: string;
|
|
756
|
+
mint?: string | undefined;
|
|
757
|
+
}[] | undefined;
|
|
758
|
+
}>;
|
|
759
|
+
type SessionSpendLimitEntry = z.infer<typeof SessionSpendLimitEntrySchema>;
|
|
760
|
+
type GlobalConfig = z.infer<typeof GlobalConfigSchema>;
|
|
761
|
+
/**
|
|
762
|
+
* Read and validate `~/.elisym/config.yaml`. Returns `{}` if missing. Throws
|
|
763
|
+
* on malformed YAML or schema violations — the MCP server treats these as fatal
|
|
764
|
+
* at startup rather than silently ignoring bad overrides.
|
|
765
|
+
*/
|
|
766
|
+
declare function loadGlobalConfig(path: string): Promise<GlobalConfig>;
|
|
767
|
+
/** Write the config YAML atomically. Validates via Zod before writing. */
|
|
768
|
+
declare function writeGlobalConfig(path: string, config: GlobalConfig): Promise<void>;
|
|
769
|
+
|
|
661
770
|
/** Encrypt plaintext using NIP-44 v2 (sender secret key + recipient public key). */
|
|
662
771
|
declare function nip44Encrypt(plaintext: string, senderSk: Uint8Array, recipientPubkey: string): string;
|
|
663
772
|
/** Decrypt ciphertext using NIP-44 v2 (receiver secret key + sender public key). */
|
|
@@ -685,6 +794,82 @@ declare class BoundedSet<T> {
|
|
|
685
794
|
add(item: T): void;
|
|
686
795
|
}
|
|
687
796
|
|
|
797
|
+
/**
|
|
798
|
+
* Sliding-window rate limiter keyed by an arbitrary string (typically a
|
|
799
|
+
* customer pubkey). Each key gets at most `maxPerWindow` requests inside a
|
|
800
|
+
* rolling `windowMs`. Stale timestamps are pruned lazily on every `check`.
|
|
801
|
+
* When the tracked-key set grows past `maxKeys`, the least-recently-used
|
|
802
|
+
* key is evicted so an attacker cannot exhaust memory by cycling keys.
|
|
803
|
+
*
|
|
804
|
+
* Thread-safety: not required. Designed for single-threaded JS consumers
|
|
805
|
+
* (Node/Bun event loops, browser main thread). No timers - pruning happens
|
|
806
|
+
* inside `check` and `prune`.
|
|
807
|
+
*/
|
|
808
|
+
interface SlidingWindowLimiterOptions {
|
|
809
|
+
/** Rolling window width, in ms. */
|
|
810
|
+
windowMs: number;
|
|
811
|
+
/** Max hits allowed per key inside the window. */
|
|
812
|
+
maxPerWindow: number;
|
|
813
|
+
/** Cap on total tracked keys. LRU-evicted past this cap. */
|
|
814
|
+
maxKeys: number;
|
|
815
|
+
}
|
|
816
|
+
interface RateLimitDecision {
|
|
817
|
+
allowed: boolean;
|
|
818
|
+
/** Wall-clock timestamp (ms) when the limit window will reset for this key. */
|
|
819
|
+
resetAt: number;
|
|
820
|
+
/** Number of hits inside the current window after this call (or the attempted hit if denied). */
|
|
821
|
+
count: number;
|
|
822
|
+
}
|
|
823
|
+
interface SlidingWindowLimiter {
|
|
824
|
+
/** Record a hit against `key`; return whether it was allowed. */
|
|
825
|
+
check(key: string, now?: number): RateLimitDecision;
|
|
826
|
+
/**
|
|
827
|
+
* Inspect the current state for `key` without recording a hit. Useful
|
|
828
|
+
* when a single request must clear multiple limiters and callers want
|
|
829
|
+
* to avoid double-counting against one limiter after another denies.
|
|
830
|
+
*/
|
|
831
|
+
peek(key: string, now?: number): RateLimitDecision;
|
|
832
|
+
/** Drop entries whose windows have fully elapsed. Bounded memory hygiene. */
|
|
833
|
+
prune(now?: number): void;
|
|
834
|
+
/** Current number of tracked keys. */
|
|
835
|
+
size(): number;
|
|
836
|
+
/** Clear all state. */
|
|
837
|
+
reset(): void;
|
|
838
|
+
}
|
|
839
|
+
declare function createSlidingWindowLimiter(options: SlidingWindowLimiterOptions): SlidingWindowLimiter;
|
|
840
|
+
|
|
841
|
+
/**
|
|
842
|
+
* Canonical pino redact paths for the elisym stack. Plugin, CLI, MCP, and
|
|
843
|
+
* any downstream integrator should consume these arrays directly - one
|
|
844
|
+
* source of truth for "fields that carry user input or secrets".
|
|
845
|
+
*
|
|
846
|
+
* Wire them into a pino instance like:
|
|
847
|
+
*
|
|
848
|
+
* import pino from 'pino';
|
|
849
|
+
* import { DEFAULT_REDACT_PATHS, makeCensor } from '@elisym/sdk';
|
|
850
|
+
* const logger = pino({
|
|
851
|
+
* redact: { paths: DEFAULT_REDACT_PATHS, censor: makeCensor() },
|
|
852
|
+
* });
|
|
853
|
+
*/
|
|
854
|
+
/**
|
|
855
|
+
* Field paths that carry Nostr / Solana secret keys or operator secrets.
|
|
856
|
+
* Censored as `[REDACTED]`.
|
|
857
|
+
*/
|
|
858
|
+
declare const SECRET_REDACT_PATHS: string[];
|
|
859
|
+
/**
|
|
860
|
+
* Field paths that carry customer-confidential text (LLM prompts, raw
|
|
861
|
+
* event content, job input). Censored as `[INPUT REDACTED]` so log
|
|
862
|
+
* readers can distinguish redacted input from redacted secrets.
|
|
863
|
+
*/
|
|
864
|
+
declare const INPUT_REDACT_PATHS: string[];
|
|
865
|
+
/**
|
|
866
|
+
* Union of the two arrays, in the order pino's redact engine should
|
|
867
|
+
* visit them. Prefer this when wiring a new logger so no downstream
|
|
868
|
+
* consumer forgets half the set.
|
|
869
|
+
*/
|
|
870
|
+
declare const DEFAULT_REDACT_PATHS: string[];
|
|
871
|
+
declare function makeCensor(): (value: unknown, path: string[]) => string;
|
|
872
|
+
|
|
688
873
|
declare const RELAYS: string[];
|
|
689
874
|
declare const KIND_APP_HANDLER = 31990;
|
|
690
875
|
declare const KIND_JOB_REQUEST_BASE = 5000;
|
|
@@ -760,4 +945,4 @@ declare const LIMITS: {
|
|
|
760
945
|
readonly MAX_CAPABILITY_LENGTH: 64;
|
|
761
946
|
};
|
|
762
947
|
|
|
763
|
-
export { type Agent, BoundedSet, type BuildTransactionOptions, type CapabilityCard, DEFAULTS, DEFAULT_KIND_OFFSET, DiscoveryService, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EstimatePriorityFeeOptions, type GetProtocolConfigOptions, type Job, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_PING, KIND_PONG, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, type Network, type NetworkStats, NostrPool, PROTOCOL_FEE_BPS, PROTOCOL_PROGRAM_ID_DEVNET, PROTOCOL_TREASURY, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, RELAYS, type Signer, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type VerifyOptions, type VerifyResult, assertExpiry, assertLamports, buildPaymentInstructions, calculateProtocolFee, clearPriorityFeeCache, clearProtocolConfigCache, createPaymentRequestWithOnchainConfig, estimatePriorityFeeMicroLamports, formatSol, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, nip44Decrypt, nip44Encrypt, parsePaymentRequest, pickPercentileFee, timeAgo, toDTag, truncateKey, validateAgentName, validateExpiry };
|
|
948
|
+
export { type Agent, type Asset, BoundedSet, type BuildTransactionOptions, type CapabilityCard, type Chain, DEFAULTS, DEFAULT_KIND_OFFSET, DEFAULT_REDACT_PATHS, DiscoveryService, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EstimatePriorityFeeOptions, type GetProtocolConfigOptions, type GlobalConfig, GlobalConfigSchema, INPUT_REDACT_PATHS, type Job, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_PING, KIND_PONG, KNOWN_ASSETS, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, NATIVE_SOL, type Network, type NetworkStats, NostrPool, PROTOCOL_FEE_BPS, PROTOCOL_PROGRAM_ID_DEVNET, PROTOCOL_TREASURY, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, RELAYS, type RateLimitDecision, SECRET_REDACT_PATHS, type SessionSpendLimitEntry, SessionSpendLimitEntrySchema, type Signer, type SlidingWindowLimiter, type SlidingWindowLimiterOptions, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type VerifyOptions, type VerifyResult, assertExpiry, assertLamports, assetByKey, assetKey, buildPaymentInstructions, calculateProtocolFee, clearPriorityFeeCache, clearProtocolConfigCache, createPaymentRequestWithOnchainConfig, createSlidingWindowLimiter, estimatePriorityFeeMicroLamports, formatAssetAmount, formatSol, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, loadGlobalConfig, makeCensor, nip44Decrypt, nip44Encrypt, parseAssetAmount, parsePaymentRequest, pickPercentileFee, resolveKnownAsset, timeAgo, toDTag, truncateKey, validateAgentName, validateExpiry, writeGlobalConfig };
|