@enshell/sdk 0.1.0-beta.1 → 0.1.0-beta.3

package/dist/client.d.ts

@@ -1,18 +1,54 @@
-import type { ENShellConfig, Agent, RegisterAgentOptions, ActionResult, QueuedAction } from "./types.js";
+import { ActionDecision } from "./types.js";
+import type { ENShellConfig, Agent, RegisterAgentOptions, ActionResult, QueuedAction, ProtectOptions, ProtectResult } from "./types.js";
 export declare class ENShell {
     private contract;
     private config;
     constructor(config: ENShellConfig);
+    /**
+     * Full registration: creates ENS subdomain + registers on firewall + sets targets.
+     * Use this for a simple one-call flow.
+     */
     registerAgent(agentId: string, options: RegisterAgentOptions): Promise<void>;
+    /**
+     * Create the ENS subdomain for an agent (e.g. trader.enshell.eth).
+     * Sets the default avatar text record on the subdomain.
+     */
+    createAgentSubdomain(agentId: string): Promise<void>;
+    /**
+     * Register an agent on the firewall contract and set allowed targets.
+     * Call this after createAgentSubdomain() if you want separate steps,
+     * or use registerAgent() for both in one call.
+     */
+    registerAgentOnChain(agentId: string, options: RegisterAgentOptions): Promise<void>;
     getAgent(agentId: string): Promise<Agent>;
     getAgentCount(): Promise<bigint>;
     deactivateAgent(agentId: string): Promise<void>;
     reactivateAgent(agentId: string): Promise<void>;
     setAllowedTarget(agentId: string, target: string, allowed: boolean): Promise<void>;
     isTargetAllowed(agentId: string, target: string): Promise<boolean>;
-    submitAction(agentId: string, target: string, value: string, data: string, instruction: string): Promise<ActionResult>;
+    submitAction(agentId: string, target: string, value: string, data: string, instructionHash: string): Promise<ActionResult>;
     approveAction(actionId: bigint): Promise<void>;
     rejectAction(actionId: bigint): Promise<void>;
     getQueuedAction(actionId: bigint): Promise<QueuedAction>;
+    isTrusted(agentId: string): Promise<boolean>;
+    /**
+     * Submit an action through the ENShell firewall.
+     *
+     * 1. Hashes the instruction
+     * 2. Encrypts the instruction with the CRE oracle's public key
+     * 3. Ships the encrypted payload to the relay
+     * 4. Submits the action to the contract (queued for CRE analysis)
+     * 5. Returns a ProtectResult with a waitForResolution() helper
+     */
+    protect(agentId: string, options: ProtectOptions): Promise<ProtectResult>;
+    /**
+     * Poll the contract until a queued action is resolved.
+     * Returns the final decision (APPROVED, ESCALATED, or BLOCKED).
+     *
+     * @param actionId - The queued action ID
+     * @param pollIntervalMs - Polling interval in milliseconds (default 5000)
+     * @param timeoutMs - Maximum wait time in milliseconds (default 5 minutes)
+     */
+    waitForResolution(actionId: bigint, pollIntervalMs?: number, timeoutMs?: number): Promise<ActionDecision>;
 }
 //# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,aAAa,EACb,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACb,MAAM,YAAY,CAAC;AAGpB,qBAAa,OAAO;IAClB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAkB3B,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IAmBV,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAczC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAIhC,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC;IAKV,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMlE,YAAY,CAChB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,YAAY,CAAC;IAkClB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7C,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;CAa/D"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,KAAK,EACV,aAAa,EACb,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,aAAa,EACd,MAAM,YAAY,CAAC;AAEpB,qBAAa,OAAO;IAClB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAkBjC;;;OAGG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IAKhB;;;OAGG;IACG,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D;;;;OAIG;IACG,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IA4BV,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAczC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAIhC,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC;IAKV,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMlE,YAAY,CAChB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,YAAY,CAAC;IA4BlB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7C,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAgBxD,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMlD;;;;;;;;OAQG;IACG,OAAO,CACX,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,CAAC;IA6BzB;;;;;;;OAOG;IACG,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,cAAc,SAAO,EACrB,SAAS,SAAU,GAClB,OAAO,CAAC,cAAc,CAAC;CAoB3B"}

package/dist/client.js

@@ -1,7 +1,10 @@
-import { parseEther } from "ethers";
+import { parseEther, keccak256, toUtf8Bytes } from "ethers";
 import { getFirewallContract } from "./contract.js";
 import { NETWORK_CONFIG } from "./networks.js";
-import { ActionStatus } from "./types.js";
+import { computeEnsNode, createSubdomain } from "./ens.js";
+import { encryptForOracle } from "./crypto.js";
+import { RelayClient } from "./relay.js";
+import { ActionDecision } from "./types.js";
 export class ENShell {
     contract;
     config;
@@ -15,9 +18,38 @@ export class ENShell {
         this.contract = getFirewallContract(address, config.signer);
     }
     // -- Agent Management --
+    /**
+     * Full registration: creates ENS subdomain + registers on firewall + sets targets.
+     * Use this for a simple one-call flow.
+     */
     async registerAgent(agentId, options) {
-        const tx = await this.contract.registerAgentSimple(agentId, options.ensNode, options.agentAddress, parseEther(options.spendLimit));
-        await tx.wait();
+        await this.createAgentSubdomain(agentId);
+        await this.registerAgentOnChain(agentId, options);
+    }
+    /**
+     * Create the ENS subdomain for an agent (e.g. trader.enshell.eth).
+     * Sets the default avatar text record on the subdomain.
+     */
+    async createAgentSubdomain(agentId) {
+        await createSubdomain(agentId, this.config.network, this.config.signer);
+    }
+    /**
+     * Register an agent on the firewall contract and set allowed targets.
+     * Call this after createAgentSubdomain() if you want separate steps,
+     * or use registerAgent() for both in one call.
+     */
+    async registerAgentOnChain(agentId, options) {
+        const ensNode = computeEnsNode(agentId, this.config.network);
+        try {
+            const tx = await this.contract.registerAgentSimple(agentId, ensNode, options.agentAddress, parseEther(options.spendLimit));
+            await tx.wait();
+        }
+        catch (err) {
+            if (err.message?.includes("Agent already registered")) {
+                throw new Error(`Agent "${agentId}" is already registered`);
+            }
+            throw err;
+        }
         if (options.allowedTargets && options.allowedTargets.length > 0) {
             const targetTx = await this.contract.setAllowedTargets(agentId, options.allowedTargets, true);
             await targetTx.wait();
@@ -56,30 +88,24 @@ export class ENShell {
         return this.contract.isTargetAllowed(agentId, target);
     }
     // -- Action Submission --
-    async submitAction(agentId, target, value, data, instruction) {
-        const tx = await this.contract.submitAction(agentId, target, parseEther(value), data, instruction);
+    async submitAction(agentId, target, value, data, instructionHash) {
+        const tx = await this.contract.submitAction(agentId, target, parseEther(value), data, instructionHash);
         const receipt = await tx.wait();
         const iface = this.contract.interface;
         for (const log of receipt.logs) {
             try {
                 const parsed = iface.parseLog(log);
-                if (parsed?.name === "ActionApproved") {
-                    return { actionId: parsed.args[0], status: ActionStatus.APPROVED };
-                }
-                if (parsed?.name === "ActionEscalated") {
-                    return { actionId: parsed.args[0], status: ActionStatus.ESCALATED };
-                }
-                if (parsed?.name === "ActionBlocked") {
-                    return { actionId: parsed.args[0], status: ActionStatus.BLOCKED };
+                if (parsed?.name === "ActionSubmitted") {
+                    return { actionId: parsed.args[0] };
                 }
             }
             catch {
                 // Skip logs from other contracts
             }
         }
-        throw new Error("Could not determine action result from transaction logs");
+        throw new Error("Could not determine action ID from transaction logs");
     }
-    // -- Ledger Approval --
+    // -- Ledger Approval (for escalated actions) --
     async approveAction(actionId) {
         const tx = await this.contract.approveAction(actionId);
         await tx.wait();
@@ -95,11 +121,73 @@ export class ENShell {
             target: raw.target,
             value: raw.value,
             data: raw.data,
-            instruction: raw.instruction,
-            threatScore: raw.threatScore,
+            instructionHash: raw.instructionHash,
             queuedAt: raw.queuedAt,
             resolved: raw.resolved,
+            decision: Number(raw.decision),
         };
     }
+    // -- Trust Mesh --
+    async isTrusted(agentId) {
+        return this.contract.isTrusted(agentId);
+    }
+    // -- Protect (core firewall method) --
+    /**
+     * Submit an action through the ENShell firewall.
+     *
+     * 1. Hashes the instruction
+     * 2. Encrypts the instruction with the CRE oracle's public key
+     * 3. Ships the encrypted payload to the relay
+     * 4. Submits the action to the contract (queued for CRE analysis)
+     * 5. Returns a ProtectResult with a waitForResolution() helper
+     */
+    async protect(agentId, options) {
+        const { instruction, tx } = options;
+        const target = tx.to;
+        const value = tx.value ?? "0";
+        const data = tx.data ?? "0x";
+        // 1. Hash the instruction
+        const instructionHash = keccak256(toUtf8Bytes(instruction));
+        // 2. Encrypt and ship to relay
+        const networkConfig = NETWORK_CONFIG[this.config.network];
+        if (networkConfig.oraclePublicKey && networkConfig.relayUrl) {
+            const encrypted = encryptForOracle(instruction, networkConfig.oraclePublicKey);
+            const relay = new RelayClient(networkConfig.relayUrl);
+            await relay.put(instructionHash, encrypted);
+        }
+        // 3. Submit to contract
+        const result = await this.submitAction(agentId, target, value, data, instructionHash);
+        // 4. Return result with resolution helper
+        return {
+            actionId: result.actionId,
+            instructionHash,
+            tx: { to: target, value, data },
+            waitForResolution: () => this.waitForResolution(result.actionId),
+        };
+    }
+    /**
+     * Poll the contract until a queued action is resolved.
+     * Returns the final decision (APPROVED, ESCALATED, or BLOCKED).
+     *
+     * @param actionId - The queued action ID
+     * @param pollIntervalMs - Polling interval in milliseconds (default 5000)
+     * @param timeoutMs - Maximum wait time in milliseconds (default 5 minutes)
+     */
+    async waitForResolution(actionId, pollIntervalMs = 5000, timeoutMs = 300_000) {
+        const start = Date.now();
+        while (Date.now() - start < timeoutMs) {
+            const action = await this.getQueuedAction(actionId);
+            if (action.decision !== ActionDecision.PENDING) {
+                // If escalated but not yet resolved by Ledger, keep polling
+                if (action.decision === ActionDecision.ESCALATED && !action.resolved) {
+                    await new Promise((r) => setTimeout(r, pollIntervalMs));
+                    continue;
+                }
+                return action.decision;
+            }
+            await new Promise((r) => setTimeout(r, pollIntervalMs));
+        }
+        throw new Error(`Action #${actionId} resolution timed out after ${timeoutMs / 1000}s`);
+    }
 }
 //# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAQ/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,MAAM,OAAO,OAAO;IACV,QAAQ,CAAW;IACnB,MAAM,CAAgB;IAE9B,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,MAAM,OAAO,GACX,MAAM,CAAC,eAAe;YACtB,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC;QAEjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,OAAO,EAAE,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,yBAAyB;IAEzB,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,OAA6B;QAE7B,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAChD,OAAO,EACP,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,YAAY,EACpB,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAC/B,CAAC;QACF,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAEhB,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CACpD,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,IAAI,CACL,CAAC;YACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,gBAAgB,CACpB,OAAe,EACf,MAAc,EACd,OAAgB;QAEhB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1E,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe,EAAE,MAAc;QACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,0BAA0B;IAE1B,KAAK,CAAC,YAAY,CAChB,OAAe,EACf,MAAc,EACd,KAAa,EACb,IAAY,EACZ,WAAmB;QAEnB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CACzC,OAAO,EACP,MAAM,EACN,UAAU,CAAC,KAAK,CAAC,EACjB,IAAI,EACJ,WAAW,CACZ,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAEhC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAEtC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,MAAM,EAAE,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACrE,CAAC;gBACD,IAAI,MAAM,EAAE,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,SAAS,EAAE,CAAC;gBACtE,CAAC;gBACD,IAAI,MAAM,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC;oBACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,OAAO,EAAE,CAAC;gBACpE,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;YACnC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,wBAAwB;IAExB,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAW5C,MAAM,OAAO,OAAO;IACV,QAAQ,CAAW;IACnB,MAAM,CAAgB;IAE9B,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,MAAM,OAAO,GACX,MAAM,CAAC,eAAe;YACtB,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC;QAEjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,OAAO,EAAE,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,yBAAyB;IAEzB;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,OAA6B;QAE7B,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAAe;QACxC,MAAM,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAe,EACf,OAA6B;QAE7B,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAChD,OAAO,EACP,OAAO,EACP,OAAO,CAAC,YAAY,EACpB,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAC/B,CAAC;YACF,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAClB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,UAAU,OAAO,yBAAyB,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CACpD,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,IAAI,CACL,CAAC;YACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,gBAAgB,CACpB,OAAe,EACf,MAAc,EACd,OAAgB;QAEhB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1E,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe,EAAE,MAAc;QACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,0BAA0B;IAE1B,KAAK,CAAC,YAAY,CAChB,OAAe,EACf,MAAc,EACd,KAAa,EACb,IAAY,EACZ,eAAuB;QAEvB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CACzC,OAAO,EACP,MAAM,EACN,UAAU,CAAC,KAAK,CAAC,EACjB,IAAI,EACJ,eAAe,CAChB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAEhC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAEtC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,MAAM,EAAE,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;YACnC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,gDAAgD;IAEhD,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;SAC/B,CAAC;IACJ,CAAC;IAED,mBAAmB;IAEnB,KAAK,CAAC,SAAS,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,uCAAuC;IAEvC;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,CACX,OAAe,EACf,OAAuB;QAEvB,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;QACpC,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,IAAI,GAAG,CAAC;QAC9B,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,IAAI,IAAI,CAAC;QAE7B,0BAA0B;QAC1B,MAAM,eAAe,GAAG,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC;QAE5D,+BAA+B;QAC/B,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,aAAa,CAAC,eAAe,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5D,MAAM,SAAS,GAAG,gBAAgB,CAAC,WAAW,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;YAC/E,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAC9C,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC;QAEtF,0CAA0C;QAC1C,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,eAAe;YACf,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE;YAC/B,iBAAiB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC;SACjE,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,cAAc,GAAG,IAAI,EACrB,SAAS,GAAG,OAAO;QAEnB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,SAAS,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YAEpD,IAAI,MAAM,CAAC,QAAQ,KAAK,cAAc,CAAC,OAAO,EAAE,CAAC;gBAC/C,4DAA4D;gBAC5D,IAAI,MAAM,CAAC,QAAQ,KAAK,cAAc,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACrE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;oBACxD,SAAS;gBACX,CAAC;gBACD,OAAO,MAAM,CAAC,QAA0B,CAAC;YAC3C,CAAC;YAED,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,WAAW,QAAQ,+BAA+B,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC;IACzF,CAAC;CACF"}

package/dist/contract.d.ts

@@ -4,6 +4,6 @@ import { Contract, type Signer, type Provider } from "ethers";
  * Only includes functions currently deployed on-chain.
  * Updated as new features are added to the contract.
  */
-export declare const AGENT_FIREWALL_ABI: readonly ["function registerAgentSimple(string agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit) external", "function getAgent(string agentId) external view returns (tuple(bytes32 ensNode, address agentAddress, uint256 spendLimit, uint256 threatScore, uint256 strikes, bool active, bool worldIdVerified, uint256 registeredAt))", "function getAgentCount() external view returns (uint256)", "function deactivateAgent(string agentId) external", "function reactivateAgent(string agentId) external", "function setAllowedTarget(string agentId, address target, bool allowed) external", "function setAllowedTargets(string agentId, address[] targets, bool allowed) external", "function isTargetAllowed(string agentId, address target) external view returns (bool)", "function submitAction(string agentId, address target, uint256 value, bytes data, string instruction) external returns (uint256 actionId, uint8 status)", "function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, string instruction, uint256 threatScore, uint256 queuedAt, bool resolved))", "function approveAction(uint256 actionId) external", "function rejectAction(uint256 actionId) external", "function updateThreatScore(string agentId, uint256 rawScore) external", "function setMaxStrikes(uint256 _max) external", "event AgentRegistered(string indexed agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit, bool worldIdVerified)", "event AgentDeactivated(string indexed agentId, string reason)", "event AllowedTargetUpdated(string indexed agentId, address target, bool allowed)", "event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, string instruction)", "event ActionApproved(uint256 indexed actionId, string indexed agentId)", "event ActionBlocked(uint256 indexed actionId, string indexed agentId, string reason)", "event ActionEscalated(uint256 indexed actionId, string indexed agentId, uint256 threatScore)", "event ThreatScoreUpdated(string indexed agentId, uint256 previousScore, uint256 newScore, uint256 rawDetectionScore, uint256 strikes)"];
+export declare const AGENT_FIREWALL_ABI: readonly ["function registerAgentSimple(string agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit) external", "function getAgent(string agentId) external view returns (tuple(bytes32 ensNode, address agentAddress, uint256 spendLimit, uint256 threatScore, uint256 strikes, bool active, bool worldIdVerified, uint256 registeredAt))", "function getAgentCount() external view returns (uint256)", "function deactivateAgent(string agentId) external", "function reactivateAgent(string agentId) external", "function setAllowedTarget(string agentId, address target, bool allowed) external", "function setAllowedTargets(string agentId, address[] targets, bool allowed) external", "function isTargetAllowed(string agentId, address target) external view returns (bool)", "function submitAction(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash) external returns (uint256 actionId)", "function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash, uint256 queuedAt, bool resolved, uint8 decision))", "function onReport(bytes metadata, bytes report) external", "function supportsInterface(bytes4 interfaceId) external pure returns (bool)", "function approveAction(uint256 actionId) external", "function rejectAction(uint256 actionId) external", "function checkTrust(string checkerAgentId, string targetAgentId) external returns (bool)", "function isTrusted(string agentId) external view returns (bool)", "function setMaxStrikes(uint256 _max) external", "function setBlockThreshold(uint256 _threshold) external", "function setEscalateThreshold(uint256 _threshold) external", "function setForwarder(address _forwarder) external", "function setENSResolver(address _ensResolver) external", "event AgentRegistered(string indexed agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit, bool worldIdVerified)", "event AgentDeactivated(string indexed agentId, string reason)", "event AllowedTargetUpdated(string indexed agentId, address target, bool allowed)", "event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, bytes32 instructionHash)", "event ActionApproved(uint256 indexed actionId, string indexed agentId)", "event ActionBlocked(uint256 indexed actionId, string indexed agentId, string reason)", "event ActionEscalated(uint256 indexed actionId, string indexed agentId, uint256 threatScore)", "event ThreatScoreUpdated(string indexed agentId, uint256 previousScore, uint256 newScore, uint256 rawDetectionScore, uint256 strikes)", "event TrustChecked(string indexed checkerAgentId, string indexed targetAgentId, uint256 threatScore, uint256 strikes, bool trusted)"];
 export declare function getFirewallContract(address: string, signerOrProvider: Signer | Provider): Contract;
 //# sourceMappingURL=contract.d.ts.map

package/dist/contract.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,qnEAsCrB,CAAC;AAEX,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,QAAQ,GAClC,QAAQ,CAEV"}
+{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,ksFAgDrB,CAAC;AAEX,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,QAAQ,GAClC,QAAQ,CAEV"}

package/dist/contract.js

@@ -16,25 +16,34 @@ export const AGENT_FIREWALL_ABI = [
     "function setAllowedTarget(string agentId, address target, bool allowed) external",
     "function setAllowedTargets(string agentId, address[] targets, bool allowed) external",
     "function isTargetAllowed(string agentId, address target) external view returns (bool)",
-    // Action submission
-    "function submitAction(string agentId, address target, uint256 value, bytes data, string instruction) external returns (uint256 actionId, uint8 status)",
-    "function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, string instruction, uint256 threatScore, uint256 queuedAt, bool resolved))",
-    // Ledger approval
+    // Action submission (always queues, CRE resolves)
+    "function submitAction(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash) external returns (uint256 actionId)",
+    "function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash, uint256 queuedAt, bool resolved, uint8 decision))",
+    // CRE report receiver
+    "function onReport(bytes metadata, bytes report) external",
+    "function supportsInterface(bytes4 interfaceId) external pure returns (bool)",
+    // Ledger approval (for escalated actions only)
     "function approveAction(uint256 actionId) external",
     "function rejectAction(uint256 actionId) external",
-    // Threat scores
-    "function updateThreatScore(string agentId, uint256 rawScore) external",
+    // Trust mesh
+    "function checkTrust(string checkerAgentId, string targetAgentId) external returns (bool)",
+    "function isTrusted(string agentId) external view returns (bool)",
     // Admin
     "function setMaxStrikes(uint256 _max) external",
+    "function setBlockThreshold(uint256 _threshold) external",
+    "function setEscalateThreshold(uint256 _threshold) external",
+    "function setForwarder(address _forwarder) external",
+    "function setENSResolver(address _ensResolver) external",
     // Events
     "event AgentRegistered(string indexed agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit, bool worldIdVerified)",
     "event AgentDeactivated(string indexed agentId, string reason)",
     "event AllowedTargetUpdated(string indexed agentId, address target, bool allowed)",
-    "event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, string instruction)",
+    "event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, bytes32 instructionHash)",
     "event ActionApproved(uint256 indexed actionId, string indexed agentId)",
     "event ActionBlocked(uint256 indexed actionId, string indexed agentId, string reason)",
     "event ActionEscalated(uint256 indexed actionId, string indexed agentId, uint256 threatScore)",
     "event ThreatScoreUpdated(string indexed agentId, uint256 previousScore, uint256 newScore, uint256 rawDetectionScore, uint256 strikes)",
+    "event TrustChecked(string indexed checkerAgentId, string indexed targetAgentId, uint256 threatScore, uint256 strikes, bool trusted)",
 ];
 export function getFirewallContract(address, signerOrProvider) {
     return new Contract(address, AGENT_FIREWALL_ABI, signerOrProvider);

package/dist/contract.js.map

@@ -1 +1 @@
-{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,qBAAqB;IACrB,kHAAkH;IAClH,2NAA2N;IAC3N,0DAA0D;IAE1D,kBAAkB;IAClB,mDAAmD;IACnD,mDAAmD;IAEnD,kBAAkB;IAClB,kFAAkF;IAClF,sFAAsF;IACtF,uFAAuF;IAEvF,oBAAoB;IACpB,wJAAwJ;IACxJ,+MAA+M;IAE/M,kBAAkB;IAClB,mDAAmD;IACnD,kDAAkD;IAElD,gBAAgB;IAChB,uEAAuE;IAEvE,QAAQ;IACR,+CAA+C;IAE/C,SAAS;IACT,gIAAgI;IAChI,+DAA+D;IAC/D,kFAAkF;IAClF,4HAA4H;IAC5H,wEAAwE;IACxE,sFAAsF;IACtF,8FAA8F;IAC9F,uIAAuI;CAC/H,CAAC;AAEX,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,gBAAmC;IAEnC,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;AACrE,CAAC"}
+{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,qBAAqB;IACrB,kHAAkH;IAClH,2NAA2N;IAC3N,0DAA0D;IAE1D,kBAAkB;IAClB,mDAAmD;IACnD,mDAAmD;IAEnD,kBAAkB;IAClB,kFAAkF;IAClF,sFAAsF;IACtF,uFAAuF;IAEvF,kDAAkD;IAClD,+IAA+I;IAC/I,+MAA+M;IAE/M,sBAAsB;IACtB,0DAA0D;IAC1D,6EAA6E;IAE7E,+CAA+C;IAC/C,mDAAmD;IACnD,kDAAkD;IAElD,aAAa;IACb,0FAA0F;IAC1F,iEAAiE;IAEjE,QAAQ;IACR,+CAA+C;IAC/C,yDAAyD;IACzD,4DAA4D;IAC5D,oDAAoD;IACpD,wDAAwD;IAExD,SAAS;IACT,gIAAgI;IAChI,+DAA+D;IAC/D,kFAAkF;IAClF,iIAAiI;IACjI,wEAAwE;IACxE,sFAAsF;IACtF,8FAA8F;IAC9F,uIAAuI;IACvI,qIAAqI;CAC7H,CAAC;AAEX,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,gBAAmC;IAEnC,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;AACrE,CAAC"}

package/dist/crypto.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Encrypt a plaintext string with a secp256k1 public key.
+ * The oracle's public key is hardcoded in network config (safe to ship publicly).
+ * Only the oracle's private key (in Vault DON) can decrypt.
+ */
+export declare function encryptForOracle(plaintext: string, publicKeyHex: string): string;
+/**
+ * Decrypt an ECIES-encrypted payload with a secp256k1 private key.
+ * Used by the CRE oracle inside the TEE.
+ */
+export declare function decryptAsOracle(encryptedHex: string, privateKeyHex: string): string;
+/**
+ * Derive the compressed public key from a private key.
+ */
+export declare function getPublicKeyFromPrivate(privateKeyHex: string): string;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAiCA;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAoBhF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAcnF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,CAGrE"}

package/dist/crypto.js

@@ -0,0 +1,73 @@
+import { getPublicKey, getSharedSecret, utils } from "@noble/secp256k1";
+// @ts-ignore - noble v2 uses subpath exports with .js extension
+import { gcm } from "@noble/ciphers/aes.js";
+// @ts-ignore - noble v2 uses subpath exports with .js extension
+import { sha256 } from "@noble/hashes/sha2.js";
+/**
+ * Custom ECIES implementation using noble-crypto primitives.
+ * Works in Node.js, browsers, and CRE WASM (QuickJS).
+ *
+ * Encryption flow:
+ *   1. Generate ephemeral secp256k1 keypair
+ *   2. ECDH with recipient's public key → shared secret
+ *   3. SHA-256(shared secret) → AES-256-GCM key
+ *   4. Encrypt plaintext with AES-256-GCM
+ *   5. Output: ephemeral public key (33 bytes) + nonce (12 bytes) + ciphertext
+ */
+function hexToBytes(hex) {
+    const clean = hex.replace("0x", "");
+    const bytes = new Uint8Array(clean.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(clean.substring(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+/**
+ * Encrypt a plaintext string with a secp256k1 public key.
+ * The oracle's public key is hardcoded in network config (safe to ship publicly).
+ * Only the oracle's private key (in Vault DON) can decrypt.
+ */
+export function encryptForOracle(plaintext, publicKeyHex) {
+    const ephemeralPrivate = utils.randomSecretKey();
+    const ephemeralPublic = getPublicKey(ephemeralPrivate, true); // compressed, 33 bytes
+    const sharedSecret = getSharedSecret(ephemeralPrivate, hexToBytes(publicKeyHex));
+    const aesKey = sha256(sharedSecret);
+    const nonce = new Uint8Array(12);
+    crypto.getRandomValues(nonce);
+    const cipher = gcm(aesKey, nonce);
+    const ciphertext = cipher.encrypt(new TextEncoder().encode(plaintext));
+    // Pack: ephemeralPublic (33) + nonce (12) + ciphertext (variable)
+    const packed = new Uint8Array(33 + 12 + ciphertext.length);
+    packed.set(ephemeralPublic, 0);
+    packed.set(nonce, 33);
+    packed.set(ciphertext, 45);
+    return "0x" + bytesToHex(packed);
+}
+/**
+ * Decrypt an ECIES-encrypted payload with a secp256k1 private key.
+ * Used by the CRE oracle inside the TEE.
+ */
+export function decryptAsOracle(encryptedHex, privateKeyHex) {
+    const packed = hexToBytes(encryptedHex);
+    const ephemeralPublic = packed.slice(0, 33);
+    const nonce = packed.slice(33, 45);
+    const ciphertext = packed.slice(45);
+    const sharedSecret = getSharedSecret(hexToBytes(privateKeyHex), ephemeralPublic);
+    const aesKey = sha256(sharedSecret);
+    const decipher = gcm(aesKey, nonce);
+    const decrypted = decipher.decrypt(ciphertext);
+    return new TextDecoder().decode(decrypted);
+}
+/**
+ * Derive the compressed public key from a private key.
+ */
+export function getPublicKeyFromPrivate(privateKeyHex) {
+    const pub = getPublicKey(hexToBytes(privateKeyHex), true);
+    return bytesToHex(pub);
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACxE,gEAAgE;AAChE,OAAO,EAAE,GAAG,EAAE,MAAM,uBAAuB,CAAC;AAC5C,gEAAgE;AAChE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;;;;;;;GAUG;AAEH,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,YAAoB;IACtE,MAAM,gBAAgB,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;IACjD,MAAM,eAAe,GAAG,YAAY,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC,CAAC,uBAAuB;IAErF,MAAM,YAAY,GAAG,eAAe,CAAC,gBAAgB,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;IACjF,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAE9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IAEvE,kEAAkE;IAClE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE3B,OAAO,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,YAAoB,EAAE,aAAqB;IACzE,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAEpC,MAAM,YAAY,GAAG,eAAe,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,eAAe,CAAC,CAAC;IACjF,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,aAAqB;IAC3D,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1D,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC"}

package/dist/ens.d.ts

@@ -0,0 +1,20 @@
+import { type Signer } from "ethers";
+import { type Network } from "./networks.js";
+/**
+ * Compute the ENS node (namehash) for an agent ID.
+ * Produces the namehash of `{agentId}.{parentDomain}`.
+ *
+ * Example: computeEnsNode("trader", Network.SEPOLIA) => namehash("trader.enshell.eth")
+ */
+export declare function computeEnsNode(agentId: string, network: Network): string;
+/**
+ * Create an ENS subdomain for an agent under the parent domain.
+ * Creates `{agentId}.{parentDomain}` via the ENS NameWrapper,
+ * then sets the default avatar text record on the subdomain.
+ *
+ * Requires the parent name to be wrapped in the NameWrapper.
+ * The subdomain is owned by the signer and uses the network's ENS resolver.
+ * Throws a clear error if the subdomain already exists.
+ */
+export declare function createSubdomain(agentId: string, network: Network, signer: Signer): Promise<void>;
+//# sourceMappingURL=ens.d.ts.map

package/dist/ens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ens.d.ts","sourceRoot":"","sources":["../src/ens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAkB,KAAK,OAAO,EAAE,MAAM,eAAe,CAAC;AAW7D;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CAGxE;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CA0Df"}

package/dist/ens.js

@@ -0,0 +1,70 @@
+import { Contract, namehash } from "ethers";
+import { NETWORK_CONFIG } from "./networks.js";
+const NAME_WRAPPER_ABI = [
+    "function setSubnodeRecord(bytes32 parentNode, string label, address owner, address resolver, uint64 ttl, uint32 fuses, uint64 expiry) returns (bytes32)",
+    "function ownerOf(uint256 id) view returns (address)",
+];
+const RESOLVER_ABI = [
+    "function setText(bytes32 node, string key, string value)",
+];
+/**
+ * Compute the ENS node (namehash) for an agent ID.
+ * Produces the namehash of `{agentId}.{parentDomain}`.
+ *
+ * Example: computeEnsNode("trader", Network.SEPOLIA) => namehash("trader.enshell.eth")
+ */
+export function computeEnsNode(agentId, network) {
+    const parentDomain = NETWORK_CONFIG[network].ensParentDomain;
+    return namehash(`${agentId}.${parentDomain}`);
+}
+/**
+ * Create an ENS subdomain for an agent under the parent domain.
+ * Creates `{agentId}.{parentDomain}` via the ENS NameWrapper,
+ * then sets the default avatar text record on the subdomain.
+ *
+ * Requires the parent name to be wrapped in the NameWrapper.
+ * The subdomain is owned by the signer and uses the network's ENS resolver.
+ * Throws a clear error if the subdomain already exists.
+ */
+export async function createSubdomain(agentId, network, signer) {
+    const config = NETWORK_CONFIG[network];
+    const parentNode = namehash(config.ensParentDomain);
+    const signerAddress = await signer.getAddress();
+    const nameWrapper = new Contract(config.nameWrapperAddress, NAME_WRAPPER_ABI, signer);
+    // Check if subdomain already exists in NameWrapper
+    const subdomainNode = computeEnsNode(agentId, network);
+    try {
+        const existingOwner = await nameWrapper.ownerOf(subdomainNode);
+        if (existingOwner !== "0x0000000000000000000000000000000000000000") {
+            // If the signer already owns it, skip creation (idempotent)
+            if (existingOwner.toLowerCase() === signerAddress.toLowerCase()) {
+                return;
+            }
+            const domain = `${agentId}.${config.ensParentDomain}`;
+            throw new Error(`ENS subdomain '${domain}' is owned by another address (${existingOwner})`);
+        }
+    }
+    catch (err) {
+        // ownerOf reverts for non-existent tokens, which means the subdomain doesn't exist - that's fine
+        if (err.message?.includes("owned by another") || err.message?.includes("already exists"))
+            throw err;
+    }
+    const maxExpiry = BigInt("18446744073709551615"); // max uint64
+    try {
+        const tx = await nameWrapper.setSubnodeRecord(parentNode, agentId, signerAddress, config.ensResolverAddress, 0, // ttl
+        0, // fuses (no restrictions)
+        maxExpiry);
+        await tx.wait();
+    }
+    catch (err) {
+        const domain = `${agentId}.${config.ensParentDomain}`;
+        throw new Error(`Failed to create ENS subdomain '${domain}': ${err.reason || err.message}`);
+    }
+    // Set default avatar on the subdomain
+    if (config.ensDefaultAvatar) {
+        const resolver = new Contract(config.ensResolverAddress, RESOLVER_ABI, signer);
+        const avatarTx = await resolver.setText(subdomainNode, "avatar", config.ensDefaultAvatar);
+        await avatarTx.wait();
+    }
+}
+//# sourceMappingURL=ens.js.map

package/dist/ens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ens.js","sourceRoot":"","sources":["../src/ens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAe,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,cAAc,EAAgB,MAAM,eAAe,CAAC;AAE7D,MAAM,gBAAgB,GAAG;IACvB,yJAAyJ;IACzJ,qDAAqD;CAC7C,CAAC;AAEX,MAAM,YAAY,GAAG;IACnB,0DAA0D;CAClD,CAAC;AAEX;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,OAAgB;IAC9D,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC;IAC7D,OAAO,QAAQ,CAAC,GAAG,OAAO,IAAI,YAAY,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,OAAgB,EAChB,MAAc;IAEd,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhD,MAAM,WAAW,GAAG,IAAI,QAAQ,CAC9B,MAAM,CAAC,kBAAkB,EACzB,gBAAgB,EAChB,MAAM,CACP,CAAC;IAEF,mDAAmD;IACnD,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC/D,IAAI,aAAa,KAAK,4CAA4C,EAAE,CAAC;YACnE,4DAA4D;YAC5D,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC;gBAChE,OAAO;YACT,CAAC;YACD,MAAM,MAAM,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,kCAAkC,aAAa,GAAG,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,iGAAiG;QACjG,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YAAE,MAAM,GAAG,CAAC;IACtG,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,aAAa;IAE/D,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,gBAAgB,CAC3C,UAAU,EACV,OAAO,EACP,aAAa,EACb,MAAM,CAAC,kBAAkB,EACzB,CAAC,EAAO,MAAM;QACd,CAAC,EAAO,0BAA0B;QAClC,SAAS,CACV,CAAC;QACF,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,mCAAmC,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC3B,MAAM,CAAC,kBAAkB,EACzB,YAAY,EACZ,MAAM,CACP,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC1F,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,7 +1,10 @@
 export { Network, NETWORK_CONFIG } from "./networks.js";
 export type { NetworkConfig } from "./networks.js";
 export { AGENT_FIREWALL_ABI, getFirewallContract } from "./contract.js";
+export { computeEnsNode, createSubdomain } from "./ens.js";
 export { ENShell } from "./client.js";
-export { ActionStatus } from "./types.js";
-export type { Agent, RegisterAgentOptions, ActionResult, QueuedAction, ProtectOptions, ENShellConfig, } from "./types.js";
+export { encryptForOracle, decryptAsOracle, getPublicKeyFromPrivate } from "./crypto.js";
+export { RelayClient } from "./relay.js";
+export { ActionDecision } from "./types.js";
+export type { Agent, RegisterAgentOptions, ActionResult, QueuedAction, ProtectOptions, ProtectResult, ENShellConfig, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,YAAY,EACV,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,aAAa,GACd,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEzF,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,YAAY,EACV,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -1,5 +1,8 @@
 export { Network, NETWORK_CONFIG } from "./networks.js";
 export { AGENT_FIREWALL_ABI, getFirewallContract } from "./contract.js";
+export { computeEnsNode, createSubdomain } from "./ens.js";
 export { ENShell } from "./client.js";
-export { ActionStatus } from "./types.js";
+export { encryptForOracle, decryptAsOracle, getPublicKeyFromPrivate } from "./crypto.js";
+export { RelayClient } from "./relay.js";
+export { ActionDecision } from "./types.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGxD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGxD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEzF,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC"}

package/dist/networks.d.ts

@@ -6,6 +6,12 @@ export interface NetworkConfig {
     chainId: number;
     rpcUrl: string;
     firewallAddress: string;
+    relayUrl: string;
+    oraclePublicKey: string;
+    ensParentDomain: string;
+    nameWrapperAddress: string;
+    ensResolverAddress: string;
+    ensDefaultAvatar: string;
 }
 export declare const NETWORK_CONFIG: Record<Network, NetworkConfig>;
 //# sourceMappingURL=networks.d.ts.map

package/dist/networks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"networks.d.ts","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,oBAAY,OAAO;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa,CAWzD,CAAC"}
+{"version":3,"file":"networks.d.ts","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,oBAAY,OAAO;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa,CAuBzD,CAAC"}

package/dist/networks.js

@@ -8,11 +8,23 @@ export const NETWORK_CONFIG = {
         chainId: 1,
         rpcUrl: "https://eth.llamarpc.com",
         firewallAddress: "",
+        relayUrl: "",
+        oraclePublicKey: "",
+        ensParentDomain: "enshell.eth",
+        nameWrapperAddress: "0xD4416b13d2b3a9aBae7AcD5D6C2BbDBE25686401",
+        ensResolverAddress: "0xF29100983E058B709F3D539b0c765937B804AC15",
+        ensDefaultAvatar: "https://euc.li/enshell.eth",
     },
     [Network.SEPOLIA]: {
         chainId: 11155111,
         rpcUrl: "https://rpc.sepolia.org",
-        firewallAddress: "",
+        firewallAddress: "0xeb91387Ea4B7ADF8fA4901B22B2B72d7c54cbF13",
+        relayUrl: "https://relay.enshell.xyz",
+        oraclePublicKey: "02cea1f34f52c8e8a2d7d5bf4a768677e600be906fb5c68985fe635ac1331409ca",
+        ensParentDomain: "enshell.eth",
+        nameWrapperAddress: "0x0635513f179D50A207757E05759CbD106d7dFcE8",
+        ensResolverAddress: "0xE99638b40E4Fff0129D56f03b55b6bbC4BBE49b5",
+        ensDefaultAvatar: "https://euc.li/sepolia/enshell.eth",
     },
 };
 //# sourceMappingURL=networks.js.map

package/dist/networks.js.map

@@ -1 +1 @@
-{"version":3,"file":"networks.js","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,8BAAmB,CAAA;IACnB,8BAAmB,CAAA;AACrB,CAAC,EAHW,OAAO,KAAP,OAAO,QAGlB;AAQD,MAAM,CAAC,MAAM,cAAc,GAAmC;IAC5D,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,0BAA0B;QAClC,eAAe,EAAE,EAAE;KACpB;IACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,QAAQ;QACjB,MAAM,EAAE,yBAAyB;QACjC,eAAe,EAAE,EAAE;KACpB;CACF,CAAC"}
+{"version":3,"file":"networks.js","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,8BAAmB,CAAA;IACnB,8BAAmB,CAAA;AACrB,CAAC,EAHW,OAAO,KAAP,OAAO,QAGlB;AAcD,MAAM,CAAC,MAAM,cAAc,GAAmC;IAC5D,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,0BAA0B;QAClC,eAAe,EAAE,EAAE;QACnB,QAAQ,EAAE,EAAE;QACZ,eAAe,EAAE,EAAE;QACnB,eAAe,EAAE,aAAa;QAC9B,kBAAkB,EAAE,4CAA4C;QAChE,kBAAkB,EAAE,4CAA4C;QAChE,gBAAgB,EAAE,4BAA4B;KAC/C;IACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,QAAQ;QACjB,MAAM,EAAE,yBAAyB;QACjC,eAAe,EAAE,4CAA4C;QAC7D,QAAQ,EAAE,2BAA2B;QACrC,eAAe,EAAE,oEAAoE;QACrF,eAAe,EAAE,aAAa;QAC9B,kBAAkB,EAAE,4CAA4C;QAChE,kBAAkB,EAAE,4CAA4C;QAChE,gBAAgB,EAAE,oCAAoC;KACvD;CACF,CAAC"}

package/dist/relay.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Client for the ENShell Relay service.
+ * Stores and retrieves encrypted instruction payloads.
+ */
+export declare class RelayClient {
+    private baseUrl;
+    constructor(relayUrl: string);
+    /**
+     * Store an encrypted payload on the relay.
+     * @param instructionHash - bytes32 hex string (0x + 64 chars)
+     * @param encryptedPayload - hex-encoded encrypted data
+     */
+    put(instructionHash: string, encryptedPayload: string): Promise<void>;
+    /**
+     * Retrieve an encrypted payload from the relay.
+     * @param instructionHash - bytes32 hex string
+     * @returns The encrypted payload, or null if not found/expired
+     */
+    get(instructionHash: string): Promise<string | null>;
+    /**
+     * Health check on the relay service.
+     */
+    health(): Promise<{
+        status: string;
+        entries: number;
+    }>;
+}
+//# sourceMappingURL=relay.d.ts.map

package/dist/relay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.d.ts","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAS;gBAEZ,QAAQ,EAAE,MAAM;IAI5B;;;;OAIG;IACG,GAAG,CAAC,eAAe,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB3E;;;;OAIG;IACG,GAAG,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAe1D;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAO7D"}

package/dist/relay.js

@@ -0,0 +1,57 @@
+/**
+ * Client for the ENShell Relay service.
+ * Stores and retrieves encrypted instruction payloads.
+ */
+export class RelayClient {
+    baseUrl;
+    constructor(relayUrl) {
+        this.baseUrl = relayUrl.replace(/\/$/, "");
+    }
+    /**
+     * Store an encrypted payload on the relay.
+     * @param instructionHash - bytes32 hex string (0x + 64 chars)
+     * @param encryptedPayload - hex-encoded encrypted data
+     */
+    async put(instructionHash, encryptedPayload) {
+        const res = await fetch(`${this.baseUrl}/relay/${instructionHash}`, {
+            method: "PUT",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ encryptedPayload }),
+        });
+        if (res.status === 409) {
+            // Already exists - idempotent, not an error
+            return;
+        }
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(`Relay PUT failed (${res.status}): ${body.error || "Unknown error"}`);
+        }
+    }
+    /**
+     * Retrieve an encrypted payload from the relay.
+     * @param instructionHash - bytes32 hex string
+     * @returns The encrypted payload, or null if not found/expired
+     */
+    async get(instructionHash) {
+        const res = await fetch(`${this.baseUrl}/relay/${instructionHash}`);
+        if (res.status === 404) {
+            return null;
+        }
+        if (!res.ok) {
+            throw new Error(`Relay GET failed (${res.status})`);
+        }
+        const body = await res.json();
+        return body.encryptedPayload;
+    }
+    /**
+     * Health check on the relay service.
+     */
+    async health() {
+        const res = await fetch(`${this.baseUrl}/health`);
+        if (!res.ok) {
+            throw new Error(`Relay health check failed (${res.status})`);
+        }
+        return res.json();
+    }
+}
+//# sourceMappingURL=relay.js.map

package/dist/relay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.js","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,OAAO,WAAW;IACd,OAAO,CAAS;IAExB,YAAY,QAAgB;QAC1B,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,eAAuB,EAAE,gBAAwB;QACzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,UAAU,eAAe,EAAE,EAAE;YAClE,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,gBAAgB,EAAE,CAAC;SAC3C,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,4CAA4C;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,MAAO,IAAY,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,eAAuB;QAC/B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,UAAU,eAAe,EAAE,CAAC,CAAC;QAEpE,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAkC,CAAC;QAC9D,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,GAAG,CAAC,IAAI,EAAkD,CAAC;IACpE,CAAC;CACF"}

package/dist/types.d.ts

@@ -13,42 +13,49 @@ export interface Agent {
 export interface RegisterAgentOptions {
     agentAddress: string;
     spendLimit: string;
-    ensNode: string;
     allowedTargets?: string[];
 }
-export declare enum ActionStatus {
-    APPROVED = 0,
-    ESCALATED = 1,
-    BLOCKED = 2
+export declare enum ActionDecision {
+    PENDING = 0,
+    APPROVED = 1,
+    ESCALATED = 2,
+    BLOCKED = 3
 }
 export interface ActionResult {
     actionId: bigint;
-    status: ActionStatus;
 }
 export interface QueuedAction {
     agentId: string;
     target: string;
     value: bigint;
     data: string;
-    instruction: string;
-    threatScore: bigint;
+    instructionHash: string;
     queuedAt: bigint;
     resolved: boolean;
+    decision: number;
 }
 export interface ProtectOptions {
+    instruction: string;
     tx: {
         to: string;
         value?: string;
         data?: string;
     };
-    prompt: string;
+}
+export interface ProtectResult {
+    actionId: bigint;
+    instructionHash: string;
+    tx: {
+        to: string;
+        value: string;
+        data: string;
+    };
+    /** Wait for the CRE oracle to resolve the action. Polls the contract. */
+    waitForResolution: () => Promise<ActionDecision>;
 }
 export interface ENShellConfig {
     network: Network;
     signer: Signer;
     contractAddress?: string;
-    onApproved?: (action: ActionResult) => Promise<void>;
-    onEscalated?: (action: ActionResult) => Promise<void>;
-    onBlocked?: (action: ActionResult) => Promise<void>;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,MAAM,WAAW,KAAK;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAID,oBAAY,YAAY;IACtB,QAAQ,IAAI;IACZ,SAAS,IAAI;IACb,OAAO,IAAI;CACZ;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE;QACF,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtD,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,MAAM,WAAW,KAAK;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAID,oBAAY,cAAc;IACxB,OAAO,IAAI;IACX,QAAQ,IAAI;IACZ,SAAS,IAAI;IACb,OAAO,IAAI;CACZ;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE;QACF,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,EAAE,EAAE;QACF,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,yEAAyE;IACzE,iBAAiB,EAAE,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC;CAClD;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/dist/types.js

@@ -1,8 +1,9 @@
 // -- Actions --
-export var ActionStatus;
-(function (ActionStatus) {
-    ActionStatus[ActionStatus["APPROVED"] = 0] = "APPROVED";
-    ActionStatus[ActionStatus["ESCALATED"] = 1] = "ESCALATED";
-    ActionStatus[ActionStatus["BLOCKED"] = 2] = "BLOCKED";
-})(ActionStatus || (ActionStatus = {}));
+export var ActionDecision;
+(function (ActionDecision) {
+    ActionDecision[ActionDecision["PENDING"] = 0] = "PENDING";
+    ActionDecision[ActionDecision["APPROVED"] = 1] = "APPROVED";
+    ActionDecision[ActionDecision["ESCALATED"] = 2] = "ESCALATED";
+    ActionDecision[ActionDecision["BLOCKED"] = 3] = "BLOCKED";
+})(ActionDecision || (ActionDecision = {}));
 //# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAuBA,gBAAgB;AAEhB,MAAM,CAAN,IAAY,YAIX;AAJD,WAAY,YAAY;IACtB,uDAAY,CAAA;IACZ,yDAAa,CAAA;IACb,qDAAW,CAAA;AACb,CAAC,EAJW,YAAY,KAAZ,YAAY,QAIvB"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAsBA,gBAAgB;AAEhB,MAAM,CAAN,IAAY,cAKX;AALD,WAAY,cAAc;IACxB,yDAAW,CAAA;IACX,2DAAY,CAAA;IACZ,6DAAa,CAAA;IACb,yDAAW,CAAA;AACb,CAAC,EALW,cAAc,KAAd,cAAc,QAKzB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enshell/sdk",
-  "version": "0.1.0-beta.1",
+  "version": "0.1.0-beta.3",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,6 +15,9 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
+    "@noble/ciphers": "^2.1.1",
+    "@noble/hashes": "^2.0.1",
+    "@noble/secp256k1": "^3.0.0",
     "ethers": "^6.15.0"
   },
   "publishConfig": {