@everworker/oneringai 0.4.8 → 0.5.0

package/dist/index.d.ts

@@ -1,15 +1,15 @@
 import { I as IConnectorRegistry, a as IConnectorAccessPolicy, C as ConnectorAccessContext, b as Connector, c as ConnectorConfig, d as ITokenStorage, e as IProvider, f as ConnectorFetchOptions, P as ProviderCapabilities, S as StoredToken$1, g as ConnectorAuth, h as ConnectorConfigResult } from './IProvider-CxDUGl6n.js';
 export { A as APIKeyConnectorAuth, D as DEFAULT_BASE_DELAY_MS, i as DEFAULT_CONNECTOR_TIMEOUT, j as DEFAULT_MAX_DELAY_MS, k as DEFAULT_MAX_RETRIES, l as DEFAULT_RETRYABLE_STATUSES, J as JWTConnectorAuth, O as OAuthConnectorAuth } from './IProvider-CxDUGl6n.js';
-import { C as ContextFeatures, M as MemoryEntry, a as MemoryScope, I as IContextStorage, T as Tool, b as ToolFunction, c as ToolContext, d as ToolPermissionConfig$1, e as ContextBudget$1, f as ToolCall, g as IContextPluginNextGen, W as WorkingMemoryConfig, P as PriorityCalculator, h as MemoryPriority, i as MemoryTier, j as ContextEvents, A as AgentContextNextGenConfig, k as AuthIdentity, l as ICompactionStrategy, B as BeforeCompactionCallback, m as InputItem, n as Content, o as PreparedContext, O as OutputItem, p as ToolResult, q as IHistoryJournal, r as ConsolidationResult, S as SerializedContextState, s as StoredContextSession, t as ITextProvider, u as ContextSessionMetadata, F as FunctionToolDefinition, L as LLMResponse, v as StreamEvent, H as HookConfig, w as HistoryMode, x as AgentEvents, y as AgentResponse, E as ExecutionContext, z as ExecutionMetrics, D as AuditEntry, G as HookName, J as ITokenEstimator$1, K as ToolCategoryScope, N as CompactionContext, Q as CompactionResult, R as AudioChunkReadyEvent, U as ContextStorageListOptions, V as ContextSessionSummary, X as HistoryEntry, Y as HistoryReadOptions, Z as StaleEntryInfo, _ as PriorityContext, $ as MemoryIndex, a0 as TaskStatusForMemory, a1 as WorkingMemoryAccess, a2 as TokenUsage, a3 as StreamEventType, a4 as TextGenerateOptions, a5 as ModelCapabilities, a6 as MessageRole } from './index-13HQuxEB.js';
-export { a7 as AfterToolContext, a8 as AgentEventName, a9 as AgenticLoopEventName, aa as AgenticLoopEvents, ab as ApprovalResult, ac as ApproveToolContext, ad as AudioChunkErrorEvent, ae as AudioStreamCompleteEvent, af as BeforeToolContext, ag as BuiltInTool, ah as CONTEXT_SESSION_FORMAT_VERSION, ai as CatalogRegistryEntry, aj as CatalogToolEntry, ak as CompactionItem, al as ConnectorCategoryInfo, am as ContentType, an as DEFAULT_CONFIG, ao as DEFAULT_FEATURES, ap as DEFAULT_MEMORY_CONFIG, aq as ErrorEvent, ar as ExecutionConfig, as as HistoryEntryType, at as Hook, au as HookManager, av as InputImageContent, aw as InputTextContent, ax as IterationCompleteEvent, ay as JSONSchema, az as MEMORY_PRIORITY_VALUES, aA as MemoryEntryInput, aB as MemoryIndexEntry, aC as Message, aD as ModifyingHook, aE as OutputTextContent, aF as OutputTextDeltaEvent, aG as OutputTextDoneEvent, aH as OversizedInputResult, aI as PluginConfigs, aJ as ReasoningDeltaEvent, aK as ReasoningDoneEvent, aL as ReasoningItem, aM as ResponseCompleteEvent, aN as ResponseCreatedEvent, aO as ResponseInProgressEvent, aP as SimpleScope, aQ as TaskAwareScope, aR as ThinkingContent, aS as ToolCallArgumentsDeltaEvent, aT as ToolCallArgumentsDoneEvent, aU as ToolCallStartEvent, aV as ToolCallState, aW as ToolCatalogRegistry, aX as ToolCategoryDefinition, aY as ToolExecutionContext, aZ as ToolExecutionDoneEvent, a_ as ToolExecutionStartEvent, a$ as ToolModification, b0 as ToolResultContent, b1 as ToolUseContent, b2 as calculateEntrySize, b3 as defaultDescribeCall, b4 as forPlan, b5 as forTasks, b6 as getToolCallDescription, b7 as isAudioChunkError, b8 as isAudioChunkReady, b9 as isAudioStreamComplete, ba as isErrorEvent, bb as isOutputTextDelta, bc as isReasoningDelta, bd as isReasoningDone, be as isResponseComplete, bf as isSimpleScope, bg as isStreamEvent, bh as isTaskAwareScope, bi as isTerminalMemoryStatus, bj as isToolCallArgumentsDelta, bk as isToolCallArgumentsDone, bl as isToolCallStart, bm as scopeEquals, bn as scopeMatches } from './index-13HQuxEB.js';
+import { C as ContextFeatures, M as MemoryEntry, a as MemoryScope, T as ToolCall, I as IContextStorage, b as Tool, c as ToolFunction, d as IDisposable, e as ToolContext, f as ToolPermissionConfig$1, R as ResolvedContextFeatures, g as ContextBudget$1, h as IContextPluginNextGen, i as IStoreHandler, W as WorkingMemoryConfig, P as PriorityCalculator, j as MemoryPriority, S as StoreEntrySchema, k as StoreGetResult, l as StoreSetResult, m as StoreDeleteResult, n as StoreListResult, o as StoreActionResult, p as MemoryTier, q as ContextEvents, A as AgentContextNextGenConfig, r as AuthIdentity, s as ICompactionStrategy, B as BeforeCompactionCallback, t as InputItem, u as Content, v as PreparedContext, O as OutputItem, w as ToolResult, x as IHistoryJournal, y as ConsolidationResult, z as SerializedContextState, D as StoredContextSession, E as ITextProvider, F as ContextSessionMetadata, G as FunctionToolDefinition, L as LLMResponse, H as StreamEvent, J as HookConfig, K as HistoryMode, N as AsyncToolConfig, Q as AgentEvents, U as AgentResponse, V as PendingAsyncTool, X as ExecutionContext, Y as ExecutionMetrics, Z as AuditEntry, _ as HookName, $ as ITokenEstimator$1, a0 as ToolCategoryScope, a1 as CompactionContext, a2 as CompactionResult, a3 as PluginConfigs, a4 as AudioChunkReadyEvent, a5 as ContextStorageListOptions, a6 as ContextSessionSummary, a7 as HistoryEntry, a8 as HistoryReadOptions, a9 as StaleEntryInfo, aa as PriorityContext, ab as MemoryIndex, ac as TaskStatusForMemory, ad as WorkingMemoryAccess, ae as TokenUsage, af as StreamEventType, ag as TextGenerateOptions, ah as ModelCapabilities, ai as MessageRole } from './index-hmTj59TM.js';
+export { aj as AfterToolContext, ak as AgentEventName, al as AgenticLoopEventName, am as AgenticLoopEvents, an as ApprovalResult, ao as ApproveToolContext, ap as AudioChunkErrorEvent, aq as AudioStreamCompleteEvent, ar as BeforeToolContext, as as BuiltInTool, at as CONTEXT_SESSION_FORMAT_VERSION, au as CatalogRegistryEntry, av as CatalogToolEntry, aw as CompactionItem, ax as ConnectorCategoryInfo, ay as ContentType, az as DEFAULT_CONFIG, aA as DEFAULT_FEATURES, aB as DEFAULT_MEMORY_CONFIG, aC as ErrorEvent, aD as ExecutionConfig, aE as HistoryEntryType, aF as Hook, aG as HookManager, aH as IAsyncDisposable, aI as InputImageContent, aJ as InputTextContent, aK as IterationCompleteEvent, aL as JSONSchema, aM as KnownContextFeatures, aN as KnownPluginConfigs, aO as MEMORY_PRIORITY_VALUES, aP as MemoryEntryInput, aQ as MemoryIndexEntry, aR as Message, aS as ModifyingHook, aT as OutputTextContent, aU as OutputTextDeltaEvent, aV as OutputTextDoneEvent, aW as OversizedInputResult, aX as PendingAsyncToolStatus, aY as ReasoningDeltaEvent, aZ as ReasoningDoneEvent, a_ as ReasoningItem, a$ as ResponseCompleteEvent, b0 as ResponseCreatedEvent, b1 as ResponseInProgressEvent, b2 as SimpleScope, b3 as TaskAwareScope, b4 as ThinkingContent, b5 as ToolCallArgumentsDeltaEvent, b6 as ToolCallArgumentsDoneEvent, b7 as ToolCallStartEvent, b8 as ToolCallState, b9 as ToolCatalogRegistry, ba as ToolCategoryDefinition, bb as ToolExecutionContext, bc as ToolExecutionDoneEvent, bd as ToolExecutionStartEvent, be as ToolModification, bf as ToolResultContent, bg as ToolUseContent, bh as assertNotDestroyed, bi as calculateEntrySize, bj as defaultDescribeCall, bk as forPlan, bl as forTasks, bm as getToolCallDescription, bn as isAudioChunkError, bo as isAudioChunkReady, bp as isAudioStreamComplete, bq as isErrorEvent, br as isOutputTextDelta, bs as isReasoningDelta, bt as isReasoningDone, bu as isResponseComplete, bv as isSimpleScope, bw as isStoreHandler, bx as isStreamEvent, by as isTaskAwareScope, bz as isTerminalMemoryStatus, bA as isToolCallArgumentsDelta, bB as isToolCallArgumentsDone, bC as isToolCallStart, bD as scopeEquals, bE as scopeMatches } from './index-hmTj59TM.js';
 import { EventEmitter } from 'eventemitter3';
 import { V as Vendor } from './Vendor-DYh_bzwo.js';
 export { a as VENDORS, i as isVendor } from './Vendor-DYh_bzwo.js';
-import { A as AudioFormat, I as IBaseModelDescription, V as VendorOptionSchema, a as IImageProvider } from './ImageModel-1uP-2vk7.js';
-export { b as AspectRatio, c as IImageModelDescription, d as IMAGE_MODELS, e as IMAGE_MODEL_REGISTRY, f as ISourceLinks, g as ImageEditOptions, h as ImageGenerateOptions, i as ImageGeneration, j as ImageGenerationCreateOptions, k as ImageModelCapabilities, l as ImageModelPricing, m as ImageResponse, n as ImageVariationOptions, O as OutputFormat, Q as QualityLevel, S as SimpleGenerateOptions, o as calculateImageCost, p as getActiveImageModels, q as getImageModelInfo, r as getImageModelsByVendor, s as getImageModelsWithFeature } from './ImageModel-1uP-2vk7.js';
+import { A as AudioFormat, I as IBaseModelDescription, V as VendorOptionSchema, a as IImageProvider } from './ImageModel-CV8OuP3Z.js';
+export { b as AspectRatio, c as IImageModelDescription, d as IMAGE_MODELS, e as IMAGE_MODEL_REGISTRY, f as ISourceLinks, g as ImageEditOptions, h as ImageGenerateOptions, i as ImageGeneration, j as ImageGenerationCreateOptions, k as ImageModelCapabilities, l as ImageModelPricing, m as ImageResponse, n as ImageVariationOptions, O as OutputFormat, Q as QualityLevel, S as SimpleGenerateOptions, o as calculateImageCost, p as getActiveImageModels, q as getImageModelInfo, r as getImageModelsByVendor, s as getImageModelsWithFeature } from './ImageModel-CV8OuP3Z.js';
+import { I as IVoiceInfo, S as ServiceCategory } from './index-BlEwczd4.js';
+export { a as ILLMDescription, L as LLM_MODELS, M as MODEL_REGISTRY, b as SERVICE_DEFINITIONS, c as SERVICE_INFO, d as SERVICE_URL_PATTERNS, e as ServiceDefinition, f as ServiceInfo, g as ServiceType, h as Services, i as calculateCost, j as detectServiceFromURL, k as getActiveModels, l as getAllServiceIds, m as getModelInfo, n as getModelsByVendor, o as getServiceDefinition, p as getServiceInfo, q as getServicesByCategory, r as isKnownService } from './index-BlEwczd4.js';
 import { EventEmitter as EventEmitter$1 } from 'events';
-import { ServiceCategory } from './shared/index.js';
-export { ILLMDescription, LLM_MODELS, MODEL_REGISTRY, SERVICE_DEFINITIONS, SERVICE_INFO, SERVICE_URL_PATTERNS, ServiceDefinition, ServiceInfo, ServiceType, Services, calculateCost, detectServiceFromURL, getActiveModels, getAllServiceIds, getModelInfo, getModelsByVendor, getServiceDefinition, getServiceInfo, getServicesByCategory, isKnownService } from './shared/index.js';
 
 /**
  * ScopedConnectorRegistry - Filtered view over the Connector registry
@@ -743,13 +743,13 @@ type PlanStatus = 'pending' | 'running' | 'suspended' | 'completed' | 'failed' |
 /**
  * Condition operators for conditional task execution
  */
-type ConditionOperator = 'exists' | 'not_exists' | 'equals' | 'contains' | 'truthy' | 'greater_than' | 'less_than';
+type ConditionOperator$1 = 'exists' | 'not_exists' | 'equals' | 'contains' | 'truthy' | 'greater_than' | 'less_than';
 /**
  * Task condition - evaluated before execution
  */
 interface TaskCondition {
     memoryKey: string;
-    operator: ConditionOperator;
+    operator: ConditionOperator$1;
     value?: unknown;
     onFalse: 'skip' | 'fail' | 'wait';
 }
@@ -1355,240 +1355,841 @@ interface IRoutineExecutionStorage {
 }
 
 /**
- * StorageRegistry - Centralized storage backend registry
- *
- * Provides a single point of configuration for all storage backends
- * used across the library. Subsystems resolve their storage at execution
- * time (not construction time) via `resolve()`, which lazily creates
- * and caches a default when nothing has been configured.
+ * ICorrelationStorage - Maps external event IDs to suspended agent sessions
  *
- * Storage types are split into two categories:
- * - **Global singletons**: customTools, media, agentDefinitions, connectorConfig, oauthTokens
- * - **Per-agent factories** (need agentId): sessions, persistentInstructions, workingMemory
+ * When an agent suspends (via SuspendSignal), a correlation entry is saved
+ * linking the external event identifier (e.g., email message ID, ticket ID)
+ * to the agent session. When the external event arrives (webhook, reply, etc.),
+ * the app resolves the correlation to find which session to resume.
  *
- * For multi-user / multi-tenant environments, factories receive an optional
- * `StorageContext` (opaque, like `ConnectorAccessContext`) so backends can
- * partition data by userId, tenantId, or any custom field.
+ * Default implementation: FileCorrelationStorage (~/.oneringai/correlations/)
  *
  * @example
  * ```typescript
- * import { StorageRegistry } from '@everworker/oneringai';
- *
- * // Single-tenant (simple)
- * StorageRegistry.configure({
- *   customTools: new MongoCustomToolStorage(),
- *   media: new S3MediaStorage(),
- *   sessions: (agentId) => new RedisContextStorage(agentId),
+ * // Save correlation when agent suspends
+ * await correlationStorage.save('email:msg_123', {
+ *   agentId: 'my-agent',
+ *   sessionId: 'session-456',
+ *   suspendedAt: new Date().toISOString(),
+ *   expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(),
+ *   resumeAs: 'user_message',
  * });
  *
- * // Multi-tenant
- * StorageRegistry.configure({
- *   sessions: (agentId, ctx) => new RedisContextStorage(agentId, ctx?.userId),
- *   customTools: new MongoCustomToolStorage(),  // global singletons are unaffected
- * });
+ * // Resolve when external event arrives
+ * const ref = await correlationStorage.resolve('email:msg_123');
+ * if (ref) {
+ *   const agent = await Agent.hydrate(ref.sessionId, { agentId: ref.agentId });
+ *   await agent.run(userReply);
+ * }
  * ```
  */
-
 /**
- * Opaque context passed to per-agent storage factories.
- *
- * The library imposes no structure — consumers define their own shape
- * (e.g., `{ userId: 'alice', tenantId: 'acme' }`).
- *
- * Mirrors the `ConnectorAccessContext` pattern used by `Connector.scoped()`.
+ * Reference to a suspended agent session
  */
-type StorageContext = Record<string, unknown>;
+interface SessionRef {
+    /** Agent identifier (used to load agent definition) */
+    agentId: string;
+    /** Session identifier (used to load conversation + plugin state) */
+    sessionId: string;
+    /** ISO timestamp when the session was suspended */
+    suspendedAt: string;
+    /** ISO timestamp when this correlation expires */
+    expiresAt: string;
+    /**
+     * How the external response should be injected:
+     * - `'user_message'`: as a new user message (default)
+     * - `'tool_result'`: as a tool result
+     */
+    resumeAs: 'user_message' | 'tool_result';
+    /** Application-specific metadata from the SuspendSignal */
+    metadata?: Record<string, unknown>;
+}
 /**
- * Storage configuration map.
- *
- * Global singletons are stored directly.
- * Per-agent factories are functions that accept an agentId (and optional
- * StorageContext for multi-tenant scenarios) and return a storage instance.
+ * Options for listing correlations
  */
-interface StorageConfig {
-    media: IMediaStorage;
-    agentDefinitions: IAgentDefinitionStorage;
-    connectorConfig: IConnectorConfigStorage;
-    oauthTokens: ITokenStorage;
-    customTools: (context?: StorageContext) => ICustomToolStorage;
-    sessions: (agentId: string, context?: StorageContext) => IContextStorage;
-    persistentInstructions: (agentId: string, context?: StorageContext) => IPersistentInstructionsStorage;
-    workingMemory: (context?: StorageContext) => IMemoryStorage;
-    userInfo: (context?: StorageContext) => IUserInfoStorage;
-    routineDefinitions: (context?: StorageContext) => IRoutineDefinitionStorage;
-    routineExecutions: (context?: StorageContext) => IRoutineExecutionStorage;
+interface CorrelationListOptions {
+    /** Only return non-expired correlations */
+    activeOnly?: boolean;
+    /** Limit results */
+    limit?: number;
 }
-declare class StorageRegistry {
-    /** Internal storage map */
-    private static entries;
-    /** Default context passed to all factory calls (set via setContext) */
-    private static _context;
-    /**
-     * Configure multiple storage backends at once.
-     *
-     * @example
-     * ```typescript
-     * // Single-tenant
-     * StorageRegistry.configure({
-     *   customTools: new MongoCustomToolStorage(),
-     *   sessions: (agentId) => new RedisContextStorage(agentId),
-     * });
-     *
-     * // Multi-tenant
-     * StorageRegistry.configure({
-     *   sessions: (agentId, ctx) => new TenantContextStorage(agentId, ctx?.tenantId),
-     *   persistentInstructions: (agentId, ctx) => new TenantInstructionsStorage(agentId, ctx?.userId),
-     * });
-     * ```
-     */
-    static configure(config: Partial<StorageConfig>): void;
+/**
+ * Summary of a stored correlation
+ */
+interface CorrelationSummary {
+    correlationId: string;
+    agentId: string;
+    sessionId: string;
+    suspendedAt: string;
+    expiresAt: string;
+    isExpired: boolean;
+}
+/**
+ * Storage interface for correlation mappings between external events and sessions
+ */
+interface ICorrelationStorage {
     /**
-     * Set the default StorageContext.
-     *
-     * This context is automatically passed to all per-agent factory calls
-     * (sessions, persistentInstructions, workingMemory) when no explicit
-     * context is provided. Typically set once at app startup with global
-     * tenant/environment info, or per-request in multi-tenant servers.
-     *
-     * @example
-     * ```typescript
-     * // Single-tenant app — set once at init
-     * StorageRegistry.setContext({ tenantId: 'acme', environment: 'production' });
-     *
-     * // Multi-tenant server — set per-request
-     * app.use((req, res, next) => {
-     *   StorageRegistry.setContext({ userId: req.user.id, tenantId: req.tenant.id });
-     *   next();
-     * });
-     * ```
+     * Save a correlation mapping.
+     * If a correlation with the same ID already exists, it is overwritten.
      */
-    static setContext(context: StorageContext | undefined): void;
+    save(correlationId: string, ref: SessionRef): Promise<void>;
     /**
-     * Get the current default StorageContext.
+     * Resolve a correlation ID to a session reference.
+     * Returns null if not found or expired.
      */
-    static getContext(): StorageContext | undefined;
+    resolve(correlationId: string): Promise<SessionRef | null>;
     /**
-     * Set a single storage backend.
+     * Delete a correlation mapping.
      */
-    static set<K extends keyof StorageConfig>(key: K, value: StorageConfig[K]): void;
+    delete(correlationId: string): Promise<void>;
     /**
-     * Get a storage backend (or undefined if not configured).
+     * Check if a correlation exists and is not expired.
      */
-    static get<K extends keyof StorageConfig>(key: K): StorageConfig[K] | undefined;
+    exists(correlationId: string): Promise<boolean>;
     /**
-     * Resolve a storage backend, lazily creating and caching a default if needed.
-     *
-     * If a value has been configured via `set()` or `configure()`, returns that.
-     * Otherwise, calls `defaultFactory()`, caches the result, and returns it.
+     * List all correlations for a given session.
+     * Useful for cleanup when a session is resumed or deleted.
      */
-    static resolve<K extends keyof StorageConfig>(key: K, defaultFactory: () => StorageConfig[K]): StorageConfig[K];
+    listBySession(sessionId: string): Promise<string[]>;
     /**
-     * Remove a single storage backend.
+     * List all correlations for a given agent.
      */
-    static remove(key: keyof StorageConfig): boolean;
+    listByAgent(agentId: string): Promise<CorrelationSummary[]>;
     /**
-     * Check if a storage backend has been configured.
+     * Remove all expired correlations.
+     * @returns Number of correlations pruned
      */
-    static has(key: keyof StorageConfig): boolean;
+    pruneExpired(): Promise<number>;
     /**
-     * Clear all configured storage backends and context.
-     * Useful for testing.
+     * Get the storage path (for debugging/logging).
      */
-    static reset(): void;
+    getPath(): string;
 }
 
 /**
- * Tool executor interface
+ * Permission scope defines when approval is required for a tool
+ *
+ * - `once` - Require approval for each tool call (most restrictive)
+ * - `session` - Approve once, valid for entire session
+ * - `always` - Auto-approve (allowlisted, no prompts)
+ * - `never` - Always blocked (blocklisted, tool cannot execute)
  */
-
-interface IToolExecutor {
-    /**
-     * Execute a tool function
-     * @param toolName - Name of the tool to execute
-     * @param args - Parsed arguments object
-     * @returns Tool execution result
-     */
-    execute(toolName: string, args: any): Promise<any>;
+type PermissionScope = 'once' | 'session' | 'always' | 'never';
+/**
+ * Risk level classification for tools
+ *
+ * Used to help users understand the potential impact of approving a tool.
+ * Can be used by UI to show different approval dialogs.
+ */
+type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
+/**
+ * Permission configuration for a tool
+ *
+ * Can be set on the tool definition or overridden at registration time.
+ */
+interface ToolPermissionConfig {
     /**
-     * Check if tool is available
+     * When approval is required.
+     * @default 'once'
      */
-    hasToolFunction(toolName: string): boolean;
+    scope?: PermissionScope;
     /**
-     * Get tool definition
+     * Risk classification for the tool.
+     * @default 'low'
      */
-    getToolDefinition(toolName: string): Tool | undefined;
+    riskLevel?: RiskLevel;
     /**
-     * Register a new tool
+     * Custom message shown in approval UI.
+     * Should explain what the tool does and any potential risks.
      */
-    registerTool(tool: ToolFunction): void;
+    approvalMessage?: string;
     /**
-     * Unregister a tool
+     * Argument names that should be highlighted in approval UI.
+     * E.g., ['path', 'url'] for file/network operations.
      */
-    unregisterTool(toolName: string): void;
+    sensitiveArgs?: string[];
     /**
-     * List all registered tools
+     * Optional expiration time for session approvals (milliseconds).
+     * If set, session approvals expire after this duration.
      */
-    listTools(): string[];
+    sessionTTLMs?: number;
 }
-
 /**
- * Interface for objects that manage resources and need explicit cleanup.
- *
- * Implementing classes should release all resources (event listeners, timers,
- * connections, etc.) when destroy() is called. After destruction, the instance
- * should not be used.
+ * Context passed to approval callbacks/hooks
  */
-interface IDisposable {
-    /**
-     * Releases all resources held by this instance.
-     *
-     * After calling destroy():
-     * - All event listeners should be removed
-     * - All timers/intervals should be cleared
-     * - All internal state should be cleaned up
-     * - The instance should not be reused
-     *
-     * Multiple calls to destroy() should be safe (idempotent).
-     */
-    destroy(): void;
-    /**
-     * Returns true if destroy() has been called.
-     * Methods should check this before performing operations.
-     */
-    readonly isDestroyed: boolean;
+interface PermissionCheckContext {
+    /** The tool call being checked */
+    toolCall: ToolCall;
+    /** Parsed arguments (for display/inspection) */
+    parsedArgs: Record<string, unknown>;
+    /** The tool's permission config */
+    config: ToolPermissionConfig;
+    /** Current execution context ID */
+    executionId: string;
+    /** Current iteration (if in agentic loop) */
+    iteration: number;
+    /** Agent type (for context-specific handling) */
+    agentType: 'agent' | 'task-agent' | 'universal-agent';
+    /** Optional task name (for TaskAgent/UniversalAgent) */
+    taskName?: string;
 }
 /**
- * Async version of IDisposable for resources requiring async cleanup.
+ * Entry in the approval cache representing an approved tool
  */
-interface IAsyncDisposable {
-    /**
-     * Asynchronously releases all resources held by this instance.
-     */
-    destroy(): Promise<void>;
-    /**
-     * Returns true if destroy() has been called.
-     */
-    readonly isDestroyed: boolean;
+interface ApprovalCacheEntry {
+    /** Name of the approved tool */
+    toolName: string;
+    /** The scope that was approved */
+    scope: PermissionScope;
+    /** When the approval was granted */
+    approvedAt: Date;
+    /** Optional identifier of who approved (for audit) */
+    approvedBy?: string;
+    /** When this approval expires (for session/TTL approvals) */
+    expiresAt?: Date;
+    /** Arguments hash if approval was for specific arguments */
+    argsHash?: string;
 }
 /**
- * Helper to check if an object is destroyed and throw if so.
- * @param obj - The disposable object to check
- * @param operation - Name of the operation being attempted
+ * Serialized approval state for session persistence
  */
-declare function assertNotDestroyed(obj: IDisposable | IAsyncDisposable, operation: string): void;
-
+interface SerializedApprovalState {
+    /** Version for future migrations */
+    version: number;
+    /** Map of tool name to approval entry */
+    approvals: Record<string, SerializedApprovalEntry>;
+    /** Tools that are always blocked (persisted blocklist) */
+    blocklist: string[];
+    /** Tools that are always allowed (persisted allowlist) */
+    allowlist: string[];
+}
 /**
- * Generic Circuit Breaker implementation
- *
- * Prevents cascading failures by failing fast when a system is down.
- * Works for any async operation (LLM calls, tool execution, etc.)
+ * Serialized version of ApprovalCacheEntry (with ISO date strings)
  */
-
+interface SerializedApprovalEntry {
+    toolName: string;
+    scope: PermissionScope;
+    approvedAt: string;
+    approvedBy?: string;
+    expiresAt?: string;
+    argsHash?: string;
+}
 /**
- * Circuit breaker states
+ * Result of checking if a tool needs approval
  */
-type CircuitState = 'closed' | 'open' | 'half-open';
-/**
+interface PermissionCheckResult {
+    /** Whether the tool can execute without prompting */
+    allowed: boolean;
+    /** Whether approval is needed (user should be prompted) */
+    needsApproval: boolean;
+    /** Whether the tool is blocked (cannot execute at all) */
+    blocked: boolean;
+    /** Reason for the decision */
+    reason: string;
+    /** The tool's permission config (for UI display) */
+    config?: ToolPermissionConfig;
+}
+/**
+ * Result from approval UI/hook
+ */
+interface ApprovalDecision {
+    /** Whether the tool was approved */
+    approved: boolean;
+    /** Scope of the approval (may differ from requested) */
+    scope?: PermissionScope;
+    /** Reason for denial (if not approved) */
+    reason?: string;
+    /** Optional identifier of who approved */
+    approvedBy?: string;
+    /** Whether to remember this decision for future calls */
+    remember?: boolean;
+    /**
+     * If set, creates a persistent user permission rule from this decision.
+     * The approval UI can pre-populate this based on the tool call context.
+     */
+    createRule?: {
+        /** Rule description (shown in settings UI) */
+        description?: string;
+        /** Argument conditions for the rule */
+        conditions?: ArgumentCondition[];
+        /** ISO expiry timestamp (null = never) */
+        expiresAt?: string | null;
+        /** If true, rule cannot be overridden by more specific rules */
+        unconditional?: boolean;
+    };
+}
+/**
+ * Permission configuration for any agent type.
+ *
+ * Used in:
+ * - Agent.create({ permissions: {...} })
+ * - TaskAgent.create({ permissions: {...} })
+ * - UniversalAgent.create({ permissions: {...} })
+ */
+interface AgentPermissionsConfig {
+    /**
+     * Default permission scope for tools without explicit config.
+     * @default 'once'
+     */
+    defaultScope?: PermissionScope;
+    /**
+     * Default risk level for tools without explicit config.
+     * @default 'low'
+     */
+    defaultRiskLevel?: RiskLevel;
+    /**
+     * Tools that are always allowed (never prompt).
+     * Array of tool names.
+     */
+    allowlist?: string[];
+    /**
+     * Tools that are always blocked (cannot execute).
+     * Array of tool names.
+     */
+    blocklist?: string[];
+    /**
+     * Per-tool permission overrides.
+     * Keys are tool names, values are permission configs.
+     */
+    tools?: Record<string, ToolPermissionConfig>;
+    /**
+     * Callback invoked when a tool needs approval.
+     * Receives full ApprovalRequestContext with tool info, risk level, args.
+     * Return an ApprovalDecision to approve/deny.
+     */
+    onApprovalRequired?: (context: ApprovalRequestContext) => Promise<ApprovalDecision>;
+    /**
+     * Whether to inherit permission state from parent session.
+     * Only applies when resuming from a session.
+     * @default true
+     */
+    inheritFromSession?: boolean;
+}
+/**
+ * Events emitted by ToolPermissionManager
+ */
+type PermissionManagerEvent = 'tool:approved' | 'tool:denied' | 'tool:blocked' | 'tool:revoked' | 'allowlist:added' | 'allowlist:removed' | 'blocklist:added' | 'blocklist:removed' | 'session:cleared';
+/**
+ * Current version of serialized approval state
+ */
+declare const APPROVAL_STATE_VERSION = 1;
+/**
+ * Default permission config applied when no config is specified
+ */
+declare const DEFAULT_PERMISSION_CONFIG: Required<Pick<ToolPermissionConfig, 'scope' | 'riskLevel'>>;
+/**
+ * Default allowlist - tools that never require user confirmation.
+ *
+ * These tools are safe to execute without user approval:
+ * - Read-only operations (filesystem reads, searches)
+ * - Internal state management (memory tools)
+ * - Introspection tools (context stats)
+ * - In-context memory tools
+ * - Persistent instructions tools
+ * - Meta-tools for agent coordination
+ *
+ * All other tools (write operations, shell commands, external requests)
+ * require explicit user approval by default.
+ */
+declare const DEFAULT_ALLOWLIST: readonly string[];
+/**
+ * Type for default allowlisted tools
+ */
+type DefaultAllowlistedTool = (typeof DEFAULT_ALLOWLIST)[number];
+/**
+ * Policy verdict for a tool execution check.
+ *
+ * - `allow` - Explicitly permit execution (but later policies can still deny)
+ * - `deny` - Block execution immediately (short-circuits)
+ * - `abstain` - No opinion, defer to other policies
+ */
+type PolicyVerdict = 'allow' | 'deny' | 'abstain';
+/**
+ * Decision returned by a permission policy.
+ */
+interface PolicyDecision {
+    /** The verdict */
+    verdict: PolicyVerdict;
+    /** Human-readable reason for the decision */
+    reason: string;
+    /** Name of the policy that made this decision */
+    policyName: string;
+    /** Optional metadata for downstream processing */
+    metadata?: {
+        /** If true, this deny can be overridden by user approval */
+        needsApproval?: boolean;
+        /** Scoped cache key for argument-aware approval (e.g., "write_file:/workspace/**") */
+        approvalKey?: string;
+        /** How long this approval should be cached */
+        approvalScope?: 'once' | 'session' | 'persistent';
+        /** Additional policy-specific data */
+        [key: string]: unknown;
+    };
+}
+/**
+ * Rich context passed to policies for evaluation.
+ *
+ * Contains tool identity, arguments, user identity, and tool registration metadata.
+ */
+interface PolicyContext {
+    /** Tool being invoked */
+    toolName: string;
+    /** Parsed arguments for the tool call */
+    args: Record<string, unknown>;
+    /** User identity (from ToolContext.userId) */
+    userId?: string;
+    /** User roles (from agent config userRoles) */
+    roles?: string[];
+    /** Agent ID */
+    agentId?: string;
+    /** Parent agent ID (for orchestrator workers) */
+    parentAgentId?: string;
+    /** Session ID */
+    sessionId?: string;
+    /** Execution iteration in agentic loop */
+    iteration?: number;
+    /** Execution ID for tracing */
+    executionId?: string;
+    /** Source identifier (built-in, connector:xxx, mcp, custom) */
+    toolSource?: string;
+    /** Category grouping (filesystem, web, shell, etc.) */
+    toolCategory?: string;
+    /** Registration namespace */
+    toolNamespace?: string;
+    /** Registration tags */
+    toolTags?: string[];
+    /**
+     * Merged permission config from tool definition + registration override.
+     * This is the tool author's declaration of risk/scope, possibly overridden
+     * by the application developer at registration time.
+     */
+    toolPermissionConfig?: ToolPermissionConfig;
+}
+/**
+ * A composable permission policy that evaluates tool execution requests.
+ *
+ * Policies return:
+ * - `allow` to explicitly permit (does NOT short-circuit — later policies can still deny)
+ * - `deny` to block immediately (short-circuits the chain)
+ * - `abstain` to defer to other policies
+ *
+ * Tool authors declare defaults via `ToolFunction.permission`. App developers
+ * can override at registration time. Policies read the merged result from
+ * `PolicyContext.toolPermissionConfig`.
+ */
+interface IPermissionPolicy {
+    /** Unique policy name */
+    readonly name: string;
+    /** Priority — lower runs first. Default: 100 */
+    readonly priority?: number;
+    /** Human-readable description for display/audit */
+    readonly description?: string;
+    /**
+     * Evaluate the policy for a given tool call.
+     * May be sync or async.
+     */
+    evaluate(context: PolicyContext): Promise<PolicyDecision> | PolicyDecision;
+}
+/**
+ * Configuration for the PolicyChain evaluator.
+ */
+interface PolicyChainConfig {
+    /**
+     * What happens when all policies abstain.
+     * @default 'deny'
+     */
+    defaultVerdict?: 'allow' | 'deny';
+}
+/**
+ * Rich result from PermissionPolicyManager.check()
+ */
+interface PolicyCheckResult {
+    /** Whether the tool is allowed to execute */
+    allowed: boolean;
+    /** Whether the tool is hard-blocked (no approval possible) */
+    blocked: boolean;
+    /** Human-readable reason */
+    reason: string;
+    /** Policy that made the deciding verdict */
+    policyName?: string;
+    /** Whether user approval was requested (and possibly granted) */
+    approvalRequired?: boolean;
+    /** Argument-scoped approval key */
+    approvalKey?: string;
+    /** Approval scope that was applied */
+    approvalScope?: 'once' | 'session' | 'persistent';
+    /** ID of audit entry written (if audit storage configured) */
+    auditEntryId?: string;
+    /** Additional metadata from the deciding policy */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Context passed to the onApprovalRequired callback.
+ * Extends PolicyContext with the deny decision and UI-relevant info.
+ */
+interface ApprovalRequestContext extends PolicyContext {
+    /** The deny decision that triggered this approval request */
+    decision: PolicyDecision;
+    /** Tool's risk level (from tool permission config or default) */
+    riskLevel: RiskLevel;
+    /** Custom approval message (from tool permission config) */
+    approvalMessage?: string;
+    /** Argument names to highlight as sensitive in approval UI */
+    sensitiveArgs?: string[];
+    /** Policy-provided approval scope key */
+    approvalKey?: string;
+    /** Suggested approval scope */
+    approvalScope?: 'once' | 'session' | 'persistent';
+}
+/**
+ * Extended agent permissions config with policy support.
+ */
+interface AgentPolicyConfig extends AgentPermissionsConfig {
+    /**
+     * Custom policies (evaluated after legacy-derived policies).
+     * Policies from tool self-declarations and registration overrides
+     * are handled automatically via SessionApprovalPolicy reading
+     * PolicyContext.toolPermissionConfig.
+     */
+    policies?: IPermissionPolicy[];
+    /** Policy chain configuration */
+    policyChain?: PolicyChainConfig;
+    /** Per-user permission rules storage */
+    userRulesStorage?: IUserPermissionRulesStorage;
+}
+/**
+ * Serialized policy state for session persistence.
+ */
+interface SerializedPolicyState {
+    /** Version for future migrations */
+    version: number;
+    /** Approval cache entries keyed by approval key */
+    approvals: Record<string, SerializedApprovalEntry>;
+    /** Blocklisted tool names */
+    blocklist: string[];
+    /** Allowlisted tool names */
+    allowlist: string[];
+}
+/**
+ * Audit entry for permission decisions.
+ */
+interface PermissionAuditEntry {
+    /** Unique entry ID */
+    id: string;
+    /** ISO timestamp */
+    timestamp: string;
+    /** Tool that was checked */
+    toolName: string;
+    /** Policy evaluation result */
+    decision: 'allow' | 'deny';
+    /** Final execution outcome */
+    finalOutcome: 'executed' | 'blocked' | 'approval_granted' | 'approval_denied';
+    /** Human-readable reason */
+    reason: string;
+    /** Policy that made the deciding verdict */
+    policyName?: string;
+    /** User who triggered the check */
+    userId?: string;
+    /** Agent that triggered the check */
+    agentId?: string;
+    /** Redacted arguments (sensitive values replaced) */
+    args?: Record<string, unknown>;
+    /** Execution ID for correlation */
+    executionId?: string;
+    /** Whether approval was required */
+    approvalRequired?: boolean;
+    /** Approval key used */
+    approvalKey?: string;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Comparison operator for argument conditions.
+ */
+type ConditionOperator = 'starts_with' | 'not_starts_with' | 'contains' | 'not_contains' | 'equals' | 'not_equals' | 'matches' | 'not_matches';
+/**
+ * A condition that inspects a tool argument value.
+ *
+ * Multiple conditions on a rule use AND logic — all must match.
+ *
+ * Use `__toolCategory`, `__toolSource`, `__toolNamespace` as argName
+ * to match against tool registration metadata instead of call arguments.
+ */
+interface ArgumentCondition {
+    /** Argument name to inspect (e.g., 'command', 'path', 'url') */
+    argName: string;
+    /** Comparison operator */
+    operator: ConditionOperator;
+    /** Value to compare against. For 'matches'/'not_matches', this is a regex string. */
+    value: string;
+    /** Case-insensitive comparison. @default true */
+    ignoreCase?: boolean;
+}
+/**
+ * A persistent, per-user permission rule.
+ *
+ * User rules have the HIGHEST priority — they override ALL built-in policies.
+ * Resolution uses specificity (conditions > no conditions), not numeric priorities.
+ */
+interface UserPermissionRule {
+    /** Unique rule ID (UUID) */
+    id: string;
+    /** Tool name this rule applies to. '*' for all tools. */
+    toolName: string;
+    /** What to do when this rule matches */
+    action: 'allow' | 'deny' | 'ask';
+    /**
+     * Argument conditions (optional).
+     * ALL conditions must match (AND logic).
+     * If empty/omitted, rule applies to ALL calls of this tool (blanket rule).
+     */
+    conditions?: ArgumentCondition[];
+    /**
+     * If true, this rule is absolute — more specific rules CANNOT override it.
+     * "Allow bash unconditionally" means even a "bash + rm -rf → ask" rule is ignored.
+     * @default false
+     */
+    unconditional?: boolean;
+    /** Whether this rule is active */
+    enabled: boolean;
+    /** Human-readable description (shown in UI) */
+    description?: string;
+    /** How this rule was created */
+    createdBy: 'user' | 'approval_dialog' | 'admin' | 'system';
+    /** ISO timestamp */
+    createdAt: string;
+    /** ISO timestamp */
+    updatedAt: string;
+    /** Optional expiry (ISO timestamp). Null/undefined = never expires. */
+    expiresAt?: string | null;
+}
+/**
+ * Result from evaluating user rules against a tool call.
+ */
+interface UserRuleEvalResult {
+    /** What to do */
+    action: 'allow' | 'deny' | 'ask';
+    /** The rule that matched */
+    rule: UserPermissionRule;
+    /** Human-readable reason */
+    reason: string;
+}
+
+/**
+ * IUserPermissionRulesStorage - Storage interface for per-user permission rules.
+ *
+ * userId is optional — defaults to 'default' in implementations.
+ * Same Clean Architecture pattern as IUserInfoStorage, ICustomToolStorage, etc.
+ *
+ * Implementations:
+ * - FileUserPermissionRulesStorage (reference, JSON)
+ * - Custom: database, Redis, etc.
+ */
+
+interface IUserPermissionRulesStorage {
+    /** Load all rules for a user. Returns null if no rules exist. */
+    load(userId: string | undefined): Promise<UserPermissionRule[] | null>;
+    /** Save all rules for a user (full replacement). */
+    save(userId: string | undefined, rules: UserPermissionRule[]): Promise<void>;
+    /** Delete all rules for a user. */
+    delete(userId: string | undefined): Promise<void>;
+    /** Check if rules exist for a user. */
+    exists(userId: string | undefined): Promise<boolean>;
+    /** Get storage path (for debugging/display). */
+    getPath(userId: string | undefined): string;
+}
+
+/**
+ * StorageRegistry - Centralized storage backend registry
+ *
+ * Provides a single point of configuration for all storage backends
+ * used across the library. Subsystems resolve their storage at execution
+ * time (not construction time) via `resolve()`, which lazily creates
+ * and caches a default when nothing has been configured.
+ *
+ * Storage types are split into two categories:
+ * - **Global singletons**: customTools, media, agentDefinitions, connectorConfig, oauthTokens
+ * - **Per-agent factories** (need agentId): sessions, persistentInstructions, workingMemory
+ *
+ * For multi-user / multi-tenant environments, factories receive an optional
+ * `StorageContext` (opaque, like `ConnectorAccessContext`) so backends can
+ * partition data by userId, tenantId, or any custom field.
+ *
+ * @example
+ * ```typescript
+ * import { StorageRegistry } from '@everworker/oneringai';
+ *
+ * // Single-tenant (simple)
+ * StorageRegistry.configure({
+ *   customTools: new MongoCustomToolStorage(),
+ *   media: new S3MediaStorage(),
+ *   sessions: (agentId) => new RedisContextStorage(agentId),
+ * });
+ *
+ * // Multi-tenant
+ * StorageRegistry.configure({
+ *   sessions: (agentId, ctx) => new RedisContextStorage(agentId, ctx?.userId),
+ *   customTools: new MongoCustomToolStorage(),  // global singletons are unaffected
+ * });
+ * ```
+ */
+
+/**
+ * Opaque context passed to per-agent storage factories.
+ *
+ * The library imposes no structure — consumers define their own shape
+ * (e.g., `{ userId: 'alice', tenantId: 'acme' }`).
+ *
+ * Mirrors the `ConnectorAccessContext` pattern used by `Connector.scoped()`.
+ */
+type StorageContext = Record<string, unknown>;
+/**
+ * Storage configuration map.
+ *
+ * Global singletons are stored directly.
+ * Per-agent factories are functions that accept an agentId (and optional
+ * StorageContext for multi-tenant scenarios) and return a storage instance.
+ */
+interface StorageConfig {
+    media: IMediaStorage;
+    agentDefinitions: IAgentDefinitionStorage;
+    connectorConfig: IConnectorConfigStorage;
+    oauthTokens: ITokenStorage;
+    customTools: (context?: StorageContext) => ICustomToolStorage;
+    sessions: (agentId: string, context?: StorageContext) => IContextStorage;
+    persistentInstructions: (agentId: string, context?: StorageContext) => IPersistentInstructionsStorage;
+    workingMemory: (context?: StorageContext) => IMemoryStorage;
+    userInfo: (context?: StorageContext) => IUserInfoStorage;
+    routineDefinitions: (context?: StorageContext) => IRoutineDefinitionStorage;
+    routineExecutions: (context?: StorageContext) => IRoutineExecutionStorage;
+    correlations: ICorrelationStorage;
+    permissionRules: IUserPermissionRulesStorage;
+}
+declare class StorageRegistry {
+    /** Internal storage map */
+    private static entries;
+    /** Default context passed to all factory calls (set via setContext) */
+    private static _context;
+    /**
+     * Configure multiple storage backends at once.
+     *
+     * @example
+     * ```typescript
+     * // Single-tenant
+     * StorageRegistry.configure({
+     *   customTools: new MongoCustomToolStorage(),
+     *   sessions: (agentId) => new RedisContextStorage(agentId),
+     * });
+     *
+     * // Multi-tenant
+     * StorageRegistry.configure({
+     *   sessions: (agentId, ctx) => new TenantContextStorage(agentId, ctx?.tenantId),
+     *   persistentInstructions: (agentId, ctx) => new TenantInstructionsStorage(agentId, ctx?.userId),
+     * });
+     * ```
+     */
+    static configure(config: Partial<StorageConfig>): void;
+    /**
+     * Set the default StorageContext.
+     *
+     * This context is automatically passed to all per-agent factory calls
+     * (sessions, persistentInstructions, workingMemory) when no explicit
+     * context is provided. Typically set once at app startup with global
+     * tenant/environment info, or per-request in multi-tenant servers.
+     *
+     * @example
+     * ```typescript
+     * // Single-tenant app — set once at init
+     * StorageRegistry.setContext({ tenantId: 'acme', environment: 'production' });
+     *
+     * // Multi-tenant server — set per-request
+     * app.use((req, res, next) => {
+     *   StorageRegistry.setContext({ userId: req.user.id, tenantId: req.tenant.id });
+     *   next();
+     * });
+     * ```
+     */
+    static setContext(context: StorageContext | undefined): void;
+    /**
+     * Get the current default StorageContext.
+     */
+    static getContext(): StorageContext | undefined;
+    /**
+     * Set a single storage backend.
+     */
+    static set<K extends keyof StorageConfig>(key: K, value: StorageConfig[K]): void;
+    /**
+     * Get a storage backend (or undefined if not configured).
+     */
+    static get<K extends keyof StorageConfig>(key: K): StorageConfig[K] | undefined;
+    /**
+     * Resolve a storage backend, lazily creating and caching a default if needed.
+     *
+     * If a value has been configured via `set()` or `configure()`, returns that.
+     * Otherwise, calls `defaultFactory()`, caches the result, and returns it.
+     */
+    static resolve<K extends keyof StorageConfig>(key: K, defaultFactory: () => StorageConfig[K]): StorageConfig[K];
+    /**
+     * Remove a single storage backend.
+     */
+    static remove(key: keyof StorageConfig): boolean;
+    /**
+     * Check if a storage backend has been configured.
+     */
+    static has(key: keyof StorageConfig): boolean;
+    /**
+     * Clear all configured storage backends and context.
+     * Useful for testing.
+     */
+    static reset(): void;
+}
+
+/**
+ * Tool executor interface
+ */
+
+interface IToolExecutor {
+    /**
+     * Execute a tool function
+     * @param toolName - Name of the tool to execute
+     * @param args - Parsed arguments object
+     * @returns Tool execution result
+     */
+    execute(toolName: string, args: any): Promise<any>;
+    /**
+     * Check if tool is available
+     */
+    hasToolFunction(toolName: string): boolean;
+    /**
+     * Get tool definition
+     */
+    getToolDefinition(toolName: string): Tool | undefined;
+    /**
+     * Register a new tool
+     */
+    registerTool(tool: ToolFunction): void;
+    /**
+     * Unregister a tool
+     */
+    unregisterTool(toolName: string): void;
+    /**
+     * List all registered tools
+     */
+    listTools(): string[];
+}
+
+/**
+ * Generic Circuit Breaker implementation
+ *
+ * Prevents cascading failures by failing fast when a system is down.
+ * Works for any async operation (LLM calls, tool execution, etc.)
+ */
+
+/**
+ * Circuit breaker states
+ */
+type CircuitState = 'closed' | 'open' | 'half-open';
+/**
  * Circuit breaker configuration
  */
 interface CircuitBreakerConfig {
@@ -1891,11 +2492,278 @@ interface IToolExecutionPipeline {
  */
 interface ToolExecutionPipelineOptions {
     /**
-     * Whether to generate unique execution IDs using crypto.randomUUID().
-     * If false, uses a simpler counter-based ID.
-     * Default: true (if crypto.randomUUID is available)
+     * Whether to generate unique execution IDs using crypto.randomUUID().
+     * If false, uses a simpler counter-based ID.
+     * Default: true (if crypto.randomUUID is available)
+     */
+    useRandomUUID?: boolean;
+}
+
+/**
+ * UserPermissionRulesEngine - Evaluates per-user permission rules.
+ *
+ * User rules have the HIGHEST priority — they override ALL built-in policies.
+ * Resolution uses specificity-based matching (not numeric priorities):
+ *
+ * 1. Unconditional rules are checked first — if matched, they are FINAL
+ *    (no more specific rule can override them)
+ * 2. Conditional rules are evaluated by specificity — rules with MORE
+ *    matching conditions win over rules with fewer conditions
+ * 3. Blanket rules (no conditions) are the fallback
+ * 4. Ties: most recently updated rule wins
+ *
+ * This ensures:
+ * - "bash → allow (unconditional)" means ALL bash allowed, period
+ * - "bash → allow" + "bash + rm -rf → ask" means rm -rf asks, rest allowed
+ * - No priority numbers needed — specificity is implicit
+ */
+
+declare class UserPermissionRulesEngine {
+    private rules;
+    private storage?;
+    private _loaded;
+    private _destroyed;
+    /** Index: toolName → rules for O(1) lookup. Wildcard '*' rules stored under '*'. */
+    private ruleIndex;
+    constructor(storage?: IUserPermissionRulesStorage);
+    /**
+     * Evaluate user rules against a tool call.
+     *
+     * Returns the matching result, or null if no rule matches (fall through to chain).
+     */
+    evaluate(context: PolicyContext): UserRuleEvalResult | null;
+    /**
+     * Check if ALL conditions of a rule match the context (AND logic).
+     */
+    private matchesConditions;
+    /**
+     * Check if a single condition matches.
+     */
+    private matchesCondition;
+    /**
+     * Add a new rule. Auto-saves if storage is configured.
+     */
+    addRule(rule: UserPermissionRule, userId?: string): Promise<void>;
+    /**
+     * Update an existing rule. Auto-saves if storage is configured.
+     */
+    updateRule(ruleId: string, updates: Partial<UserPermissionRule>, userId?: string): Promise<boolean>;
+    /**
+     * Remove a rule by ID. Auto-saves if storage is configured.
+     */
+    removeRule(ruleId: string, userId?: string): Promise<boolean>;
+    /**
+     * Get a rule by ID.
+     */
+    getRule(ruleId: string): UserPermissionRule | null;
+    /**
+     * Get all rules.
+     */
+    getRules(): UserPermissionRule[];
+    /**
+     * Get all rules for a specific tool.
+     */
+    getRulesForTool(toolName: string): UserPermissionRule[];
+    /**
+     * Enable a rule.
+     */
+    enableRule(ruleId: string, userId?: string): Promise<boolean>;
+    /**
+     * Disable a rule.
+     */
+    disableRule(ruleId: string, userId?: string): Promise<boolean>;
+    /**
+     * Load rules from storage.
+     */
+    load(userId?: string): Promise<void>;
+    /**
+     * Save current rules to storage.
+     */
+    save(userId?: string): Promise<void>;
+    /**
+     * Whether rules have been loaded from storage.
+     */
+    get isLoaded(): boolean;
+    /**
+     * Set the storage backend.
+     */
+    setStorage(storage: IUserPermissionRulesStorage): void;
+    get isDestroyed(): boolean;
+    /**
+     * Destroy the engine, clearing all rules and releasing storage reference.
+     */
+    destroy(): void;
+    /**
+     * Remove expired rules (lazy cleanup).
+     * @returns true if any rules were removed (for save optimization).
+     */
+    private cleanExpired;
+    /**
+     * Rebuild the toolName → rules index for O(1) lookup.
+     */
+    private rebuildIndex;
+}
+
+/**
+ * PermissionPolicyManager - Top-level manager for the policy-based permission system.
+ *
+ * Evaluation order:
+ * 1. USER RULES PRE-CHECK (highest priority, FINAL when matched)
+ * 2. Parent delegation pre-check (orchestrator workers)
+ * 3. Normal policy chain (built-in policies, tool self-declarations)
+ *
+ * Also provides:
+ * - Approval flow (onApprovalRequired callback, can create persistent user rules)
+ * - Argument-scoped approval cache (via SessionApprovalPolicy, in-memory only)
+ * - Centralized audit via events (subscribe to 'permission:audit')
+ * - Backward compatibility with legacy ToolPermissionManager
+ */
+
+interface PolicyManagerEvents {
+    'permission:allow': PermissionAuditEntry;
+    'permission:deny': PermissionAuditEntry;
+    'permission:approval_granted': PermissionAuditEntry;
+    'permission:approval_denied': PermissionAuditEntry;
+    'permission:audit': PermissionAuditEntry;
+    'policy:added': {
+        name: string;
+    };
+    'policy:removed': {
+        name: string;
+    };
+    'session:cleared': {};
+}
+interface PermissionPolicyManagerConfig {
+    /** Policies to register at construction */
+    policies?: IPermissionPolicy[];
+    /** Policy chain configuration */
+    chain?: PolicyChainConfig;
+    /** Callback invoked when a tool needs user approval */
+    onApprovalRequired?: (context: ApprovalRequestContext) => Promise<ApprovalDecision>;
+    /** Per-user permission rules storage (optional) */
+    userRulesStorage?: IUserPermissionRulesStorage;
+}
+declare class PermissionPolicyManager extends EventEmitter {
+    private chain;
+    private _isDestroyed;
+    private parentEvaluator?;
+    private onApprovalRequired?;
+    private _userRulesEngine;
+    private _allowlistPolicy?;
+    private _blocklistPolicy?;
+    private _sessionApprovalPolicy?;
+    constructor(config?: PermissionPolicyManagerConfig);
+    addPolicy(policy: IPermissionPolicy): void;
+    removePolicy(name: string): boolean;
+    hasPolicy(name: string): boolean;
+    listPolicies(): IPermissionPolicy[];
+    /**
+     * Set a read-only parent evaluator for orchestrator delegation.
+     *
+     * - Parent deny is FINAL — worker cannot override
+     * - Parent allow does NOT skip worker restrictions
+     * - Parent approval callback is NOT invoked during delegation check
+     */
+    setParentEvaluator(parent: PermissionPolicyManager): void;
+    /**
+     * Get the parent evaluator (if set).
+     */
+    getParentEvaluator(): PermissionPolicyManager | undefined;
+    /**
+     * Check if a tool call is permitted.
+     *
+     * Evaluation order:
+     * 1. USER RULES PRE-CHECK (highest priority, FINAL when matched)
+     * 2. Parent delegation pre-check (orchestrator workers)
+     * 3. Normal policy chain (built-in policies)
+     * 4. Approval flow (if deny + needsApproval)
+     * 5. Approval→rule creation (if user wants to remember)
+     */
+    check(context: PolicyContext): Promise<PolicyCheckResult>;
+    /**
+     * Handle the approval flow — called when a deny decision has needsApproval.
+     * Also handles approval→rule creation when user wants to remember their decision.
+     */
+    private handleApprovalFlow;
+    /**
+     * Create a persistent user permission rule from an approval decision.
+     */
+    private createRuleFromApproval;
+    /**
+     * Evaluate chain only (no approval flow, no audit).
+     * Used by parent evaluator during delegation.
+     */
+    private evaluateChainOnly;
+    /**
+     * Record an approval in the session cache.
+     */
+    approve(approvalKey: string, options?: {
+        scope?: PermissionScope;
+        approvedBy?: string;
+        ttlMs?: number;
+    }): void;
+    /**
+     * Revoke an approval from the session cache.
+     */
+    revoke(approvalKey: string): void;
+    /**
+     * Check if an approval key is cached.
+     */
+    isApproved(approvalKey: string): boolean;
+    /**
+     * Clear all session approvals.
+     */
+    clearSession(): void;
+    allowlistAdd(toolName: string): void;
+    allowlistRemove(toolName: string): void;
+    blocklistAdd(toolName: string): void;
+    blocklistRemove(toolName: string): void;
+    /**
+     * Centralized audit with redaction.
+     */
+    private audit;
+    /**
+     * Centralized argument redaction.
+     *
+     * Sources:
+     * 1. Tool permission config sensitiveArgs
+     * 2. Built-in sensitive key names (token, password, secret, etc.)
+     * 3. Truncation for large values
+     */
+    private redactArgs;
+    /**
+     * Serialize approval state for session persistence.
+     */
+    getState(): SerializedPolicyState;
+    /**
+     * Load approval state from persistence.
+     */
+    loadState(state: SerializedPolicyState): void;
+    /**
+     * Create a PermissionPolicyManager from legacy AgentPermissionsConfig.
+     *
+     * Translates:
+     * - blocklist → BlocklistPolicy
+     * - allowlist → AllowlistPolicy (merged with DEFAULT_ALLOWLIST)
+     * - defaultScope → SessionApprovalPolicy
+     * - onApprovalRequired → passed through
+     */
+    static fromLegacyConfig(config: AgentPermissionsConfig): PermissionPolicyManager;
+    /**
+     * Create from the new AgentPolicyConfig (extends legacy config).
+     */
+    static fromConfig(config: AgentPolicyConfig): PermissionPolicyManager;
+    /**
+     * Access the user permission rules engine for CRUD operations.
+     * Rules are per-user, persistent, and have the highest evaluation priority.
+     */
+    get userRules(): UserPermissionRulesEngine;
+    get isDestroyed(): boolean;
+    destroy(): void;
+    /**
+     * Track references to built-in policies for direct manipulation.
      */
-    useRandomUUID?: boolean;
+    private trackBuiltinPolicy;
 }
 
 /**
@@ -2060,6 +2928,21 @@ declare class ToolManager extends EventEmitter implements IToolExecutor, IDispos
      * Get current tool context
      */
     getToolContext(): ToolContext | undefined;
+    /**
+     * Set permission policy manager for tool execution enforcement.
+     *
+     * Registers a PermissionEnforcementPlugin on the execution pipeline at priority 1.
+     * This gates ALL tool execution through the policy chain — no bypasses.
+     */
+    setPermissionManager(manager: PermissionPolicyManager): void;
+    /**
+     * Get the permission policy manager (if enforcement is active).
+     */
+    getPermissionManager(): PermissionPolicyManager | undefined;
+    /**
+     * Check if permission enforcement is active on the execution pipeline.
+     */
+    hasPermissionEnforcement(): boolean;
     /**
      * Register a tool with optional configuration
      */
@@ -2311,7 +3194,7 @@ interface IContextSnapshot {
     /** Model name */
     model: string;
     /** Feature flags */
-    features: Required<ContextFeatures>;
+    features: ResolvedContextFeatures;
     /** Token budget breakdown */
     budget: ContextBudget$1;
     /** Compaction strategy name */
@@ -2370,261 +3253,31 @@ interface IToolSnapshot {
  * Used by "View Full Context" UI panels.
  */
 interface IViewContextData {
-    /** Whether the data is available */
-    available: boolean;
-    /** Ordered list of context components */
-    components: IViewContextComponent[];
-    /** Total estimated tokens across all components */
-    totalTokens: number;
-    /** All components concatenated (for "Copy All" functionality) */
-    rawContext: string;
-}
-/**
- * A single component of the prepared context.
- */
-interface IViewContextComponent {
-    /** Component name (e.g., 'System Message', 'User Message', 'Tool Call: search') */
-    name: string;
-    /** Human-readable text content */
-    content: string;
-    /** Estimated token count for this component */
-    tokenEstimate: number;
-}
-/**
- * Convert a plugin name to a human-readable display name.
- * e.g., 'working_memory' → 'Working Memory'
- */
-declare function formatPluginDisplayName(name: string): string;
-
-/**
- * Tool Permission Types
- *
- * Defines permission scopes, risk levels, and approval state for tool execution control.
- *
- * Works with ALL agent types:
- * - Agent (basic)
- * - TaskAgent (task-based)
- * - UniversalAgent (mode-fluid)
- */
-
-/**
- * Permission scope defines when approval is required for a tool
- *
- * - `once` - Require approval for each tool call (most restrictive)
- * - `session` - Approve once, valid for entire session
- * - `always` - Auto-approve (allowlisted, no prompts)
- * - `never` - Always blocked (blocklisted, tool cannot execute)
- */
-type PermissionScope = 'once' | 'session' | 'always' | 'never';
-/**
- * Risk level classification for tools
- *
- * Used to help users understand the potential impact of approving a tool.
- * Can be used by UI to show different approval dialogs.
- */
-type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
-/**
- * Permission configuration for a tool
- *
- * Can be set on the tool definition or overridden at registration time.
- */
-interface ToolPermissionConfig {
-    /**
-     * When approval is required.
-     * @default 'once'
-     */
-    scope?: PermissionScope;
-    /**
-     * Risk classification for the tool.
-     * @default 'low'
-     */
-    riskLevel?: RiskLevel;
-    /**
-     * Custom message shown in approval UI.
-     * Should explain what the tool does and any potential risks.
-     */
-    approvalMessage?: string;
-    /**
-     * Argument names that should be highlighted in approval UI.
-     * E.g., ['path', 'url'] for file/network operations.
-     */
-    sensitiveArgs?: string[];
-    /**
-     * Optional expiration time for session approvals (milliseconds).
-     * If set, session approvals expire after this duration.
-     */
-    sessionTTLMs?: number;
-}
-/**
- * Context passed to approval callbacks/hooks
- */
-interface PermissionCheckContext {
-    /** The tool call being checked */
-    toolCall: ToolCall;
-    /** Parsed arguments (for display/inspection) */
-    parsedArgs: Record<string, unknown>;
-    /** The tool's permission config */
-    config: ToolPermissionConfig;
-    /** Current execution context ID */
-    executionId: string;
-    /** Current iteration (if in agentic loop) */
-    iteration: number;
-    /** Agent type (for context-specific handling) */
-    agentType: 'agent' | 'task-agent' | 'universal-agent';
-    /** Optional task name (for TaskAgent/UniversalAgent) */
-    taskName?: string;
-}
-/**
- * Entry in the approval cache representing an approved tool
- */
-interface ApprovalCacheEntry {
-    /** Name of the approved tool */
-    toolName: string;
-    /** The scope that was approved */
-    scope: PermissionScope;
-    /** When the approval was granted */
-    approvedAt: Date;
-    /** Optional identifier of who approved (for audit) */
-    approvedBy?: string;
-    /** When this approval expires (for session/TTL approvals) */
-    expiresAt?: Date;
-    /** Arguments hash if approval was for specific arguments */
-    argsHash?: string;
-}
-/**
- * Serialized approval state for session persistence
- */
-interface SerializedApprovalState {
-    /** Version for future migrations */
-    version: number;
-    /** Map of tool name to approval entry */
-    approvals: Record<string, SerializedApprovalEntry>;
-    /** Tools that are always blocked (persisted blocklist) */
-    blocklist: string[];
-    /** Tools that are always allowed (persisted allowlist) */
-    allowlist: string[];
-}
-/**
- * Serialized version of ApprovalCacheEntry (with ISO date strings)
- */
-interface SerializedApprovalEntry {
-    toolName: string;
-    scope: PermissionScope;
-    approvedAt: string;
-    approvedBy?: string;
-    expiresAt?: string;
-    argsHash?: string;
-}
-/**
- * Result of checking if a tool needs approval
- */
-interface PermissionCheckResult {
-    /** Whether the tool can execute without prompting */
-    allowed: boolean;
-    /** Whether approval is needed (user should be prompted) */
-    needsApproval: boolean;
-    /** Whether the tool is blocked (cannot execute at all) */
-    blocked: boolean;
-    /** Reason for the decision */
-    reason: string;
-    /** The tool's permission config (for UI display) */
-    config?: ToolPermissionConfig;
-}
-/**
- * Result from approval UI/hook
- */
-interface ApprovalDecision {
-    /** Whether the tool was approved */
-    approved: boolean;
-    /** Scope of the approval (may differ from requested) */
-    scope?: PermissionScope;
-    /** Reason for denial (if not approved) */
-    reason?: string;
-    /** Optional identifier of who approved */
-    approvedBy?: string;
-    /** Whether to remember this decision for future calls */
-    remember?: boolean;
-}
-/**
- * Permission configuration for any agent type.
- *
- * Used in:
- * - Agent.create({ permissions: {...} })
- * - TaskAgent.create({ permissions: {...} })
- * - UniversalAgent.create({ permissions: {...} })
- */
-interface AgentPermissionsConfig {
-    /**
-     * Default permission scope for tools without explicit config.
-     * @default 'once'
-     */
-    defaultScope?: PermissionScope;
-    /**
-     * Default risk level for tools without explicit config.
-     * @default 'low'
-     */
-    defaultRiskLevel?: RiskLevel;
-    /**
-     * Tools that are always allowed (never prompt).
-     * Array of tool names.
-     */
-    allowlist?: string[];
-    /**
-     * Tools that are always blocked (cannot execute).
-     * Array of tool names.
-     */
-    blocklist?: string[];
-    /**
-     * Per-tool permission overrides.
-     * Keys are tool names, values are permission configs.
-     */
-    tools?: Record<string, ToolPermissionConfig>;
-    /**
-     * Callback invoked when a tool needs approval.
-     * Return an ApprovalDecision to approve/deny.
-     *
-     * If not provided, the existing `approve:tool` hook system is used.
-     * This callback runs BEFORE hooks, providing a first-pass check.
-     */
-    onApprovalRequired?: (context: PermissionCheckContext) => Promise<ApprovalDecision>;
-    /**
-     * Whether to inherit permission state from parent session.
-     * Only applies when resuming from a session.
-     * @default true
-     */
-    inheritFromSession?: boolean;
-}
-/**
- * Events emitted by ToolPermissionManager
- */
-type PermissionManagerEvent = 'tool:approved' | 'tool:denied' | 'tool:blocked' | 'tool:revoked' | 'allowlist:added' | 'allowlist:removed' | 'blocklist:added' | 'blocklist:removed' | 'session:cleared';
-/**
- * Current version of serialized approval state
- */
-declare const APPROVAL_STATE_VERSION = 1;
-/**
- * Default permission config applied when no config is specified
- */
-declare const DEFAULT_PERMISSION_CONFIG: Required<Pick<ToolPermissionConfig, 'scope' | 'riskLevel'>>;
-/**
- * Default allowlist - tools that never require user confirmation.
- *
- * These tools are safe to execute without user approval:
- * - Read-only operations (filesystem reads, searches)
- * - Internal state management (memory tools)
- * - Introspection tools (context stats)
- * - In-context memory tools
- * - Persistent instructions tools
- * - Meta-tools for agent coordination
- *
- * All other tools (write operations, shell commands, external requests)
- * require explicit user approval by default.
+    /** Whether the data is available */
+    available: boolean;
+    /** Ordered list of context components */
+    components: IViewContextComponent[];
+    /** Total estimated tokens across all components */
+    totalTokens: number;
+    /** All components concatenated (for "Copy All" functionality) */
+    rawContext: string;
+}
+/**
+ * A single component of the prepared context.
  */
-declare const DEFAULT_ALLOWLIST: readonly string[];
+interface IViewContextComponent {
+    /** Component name (e.g., 'System Message', 'User Message', 'Tool Call: search') */
+    name: string;
+    /** Human-readable text content */
+    content: string;
+    /** Estimated token count for this component */
+    tokenEstimate: number;
+}
 /**
- * Type for default allowlisted tools
+ * Convert a plugin name to a human-readable display name.
+ * e.g., 'working_memory' → 'Working Memory'
  */
-type DefaultAllowlistedTool = (typeof DEFAULT_ALLOWLIST)[number];
+declare function formatPluginDisplayName(name: string): string;
 
 /**
  * ToolPermissionManager - Core class for managing tool permissions
@@ -2799,6 +3452,10 @@ declare class ToolPermissionManager extends EventEmitter {
      * Reset to initial state
      */
     reset(): void;
+    /**
+     * Destroy the permission manager and release all resources
+     */
+    destroy(): void;
 }
 
 /**
@@ -2923,13 +3580,14 @@ declare const logger: FrameworkLogger;
  * WorkingMemoryPluginNextGen - Working memory plugin for NextGen context
  *
  * Provides external storage with an INDEX shown in context.
- * LLM sees descriptions but must use memory_retrieve() to get full values.
+ * LLM sees descriptions but must use store_get("memory", key) to get full values.
  *
  * Features:
- * - Hierarchical tiers: raw → summary → findings
+ * - Hierarchical tiers: raw -> summary -> findings
  * - Priority-based eviction
  * - Task-aware scoping (optional)
  * - Automatic tier-based priorities
+ * - Implements IStoreHandler for unified store_* tools
  */
 
 interface SerializedWorkingMemoryState {
@@ -2953,7 +3611,7 @@ interface WorkingMemoryPluginConfig {
     /** Priority calculator (default: staticPriorityCalculator) */
     priorityCalculator?: PriorityCalculator;
 }
-declare class WorkingMemoryPluginNextGen implements IContextPluginNextGen {
+declare class WorkingMemoryPluginNextGen implements IContextPluginNextGen, IStoreHandler {
     readonly name = "working_memory";
     private storage;
     private config;
@@ -2982,6 +3640,12 @@ declare class WorkingMemoryPluginNextGen implements IContextPluginNextGen {
     destroy(): void;
     getState(): SerializedWorkingMemoryState;
     restoreState(state: unknown): void;
+    getStoreSchema(): StoreEntrySchema;
+    storeGet(key?: string, _context?: ToolContext): Promise<StoreGetResult>;
+    storeSet(key: string, data: Record<string, unknown>, _context?: ToolContext): Promise<StoreSetResult>;
+    storeDelete(key: string, _context?: ToolContext): Promise<StoreDeleteResult>;
+    storeList(filter?: Record<string, unknown>, _context?: ToolContext): Promise<StoreListResult>;
+    storeAction(action: string, params?: Record<string, unknown>, _context?: ToolContext): Promise<StoreActionResult>;
     /**
      * Store a value in memory
      */
@@ -3044,11 +3708,6 @@ declare class WorkingMemoryPluginNextGen implements IContextPluginNextGen {
     private buildMemoryIndex;
     private ensureCapacity;
     private assertNotDestroyed;
-    private createMemoryStoreTool;
-    private createMemoryRetrieveTool;
-    private createMemoryDeleteTool;
-    private createMemoryQueryTool;
-    private createMemoryCleanupRawTool;
 }
 
 /**
@@ -3125,6 +3784,12 @@ declare class AgentContextNextGen extends EventEmitter<ContextEvents> {
     private _historyBuffer;
     /** Filter for journal entry types. When set, only matching types are journaled. */
     private readonly _journalFilter;
+    /** Unified store tools manager — routes store_* tools to IStoreHandler plugins */
+    private readonly _storeToolsManager;
+    /** Whether the 5 generic store_* tools have been registered with ToolManager */
+    private _storeToolsRegistered;
+    /** Plugins that should NOT be destroyed when this context is destroyed (shared across agents) */
+    private _skipDestroyPlugins;
     /**
      * Create a new AgentContextNextGen instance.
      */
@@ -3172,7 +3837,7 @@ declare class AgentContextNextGen extends EventEmitter<ContextEvents> {
     get systemPrompt(): string | undefined;
     set systemPrompt(value: string | undefined);
     /** Get feature configuration */
-    get features(): Required<ContextFeatures>;
+    get features(): ResolvedContextFeatures;
     /** Check if destroyed */
     get isDestroyed(): boolean;
     /** Get current session ID */
@@ -3242,7 +3907,9 @@ declare class AgentContextNextGen extends EventEmitter<ContextEvents> {
      * Register a plugin.
      * Plugin's tools are automatically registered with ToolManager.
      */
-    registerPlugin(plugin: IContextPluginNextGen): void;
+    registerPlugin(plugin: IContextPluginNextGen, options?: {
+        skipDestroyOnContextDestroy?: boolean;
+    }): void;
     /**
      * Get a plugin by name.
      */
@@ -3645,10 +4312,14 @@ interface BaseAgentConfig {
     toolManager?: ToolManager;
     /** Session configuration (uses AgentContext persistence) */
     session?: BaseSessionConfig;
-    /** Permission configuration */
-    permissions?: AgentPermissionsConfig;
+    /** Permission configuration (legacy or policy-based) */
+    permissions?: AgentPermissionsConfig | AgentPolicyConfig;
+    /** User roles for permission policy evaluation */
+    userRoles?: string[];
     /** Lifecycle hooks for customization */
     lifecycleHooks?: AgentLifecycleHooks;
+    /** Parent agent's registryId (for tracking agent hierarchies) */
+    parentAgentId?: string;
     /**
      * Hard timeout in milliseconds for any single tool execution.
      * Acts as a safety net at the ToolManager level: if a tool's own timeout
@@ -3706,12 +4377,15 @@ interface DirectCallOptions {
  * to define their own event interfaces (e.g., AgentEvents for Agent).
  */
 declare abstract class BaseAgent<TConfig extends BaseAgentConfig = BaseAgentConfig, TEvents extends Record<string, any> = BaseAgentEvents> extends EventEmitter<TEvents> {
+    readonly registryId: string;
     readonly name: string;
     readonly connector: Connector;
     readonly model: string;
+    readonly parentAgentId: string | undefined;
     protected _config: TConfig;
     protected _agentContext: AgentContextNextGen;
     protected _permissionManager: ToolPermissionManager;
+    protected _policyManager: PermissionPolicyManager;
     protected _ownsContext: boolean;
     protected _isDestroyed: boolean;
     protected _cleanupCallbacks: Array<() => void | Promise<void>>;
@@ -3739,9 +4413,15 @@ declare abstract class BaseAgent<TConfig extends BaseAgentConfig = BaseAgentConf
      */
     protected initializeAgentContext(config: TConfig): AgentContextNextGen;
     /**
-     * Initialize permission manager
+     * Initialize legacy permission manager (backward compat)
      */
     protected initializePermissionManager(config?: AgentPermissionsConfig, tools?: ToolFunction[]): ToolPermissionManager;
+    /**
+     * Initialize policy-based permission manager.
+     * If config includes `policies` field, uses AgentPolicyConfig path.
+     * Otherwise, translates legacy AgentPermissionsConfig to policies.
+     */
+    protected initializePolicyManager(config: TConfig): PermissionPolicyManager;
     /**
      * Initialize session management (call from subclass constructor after other setup)
      * Now uses AgentContext.save()/load() for persistence.
@@ -3827,8 +4507,15 @@ declare abstract class BaseAgent<TConfig extends BaseAgentConfig = BaseAgentConf
     set identities(value: AuthIdentity[] | undefined);
     /**
      * Permission management. Returns ToolPermissionManager for approval control.
+     * @deprecated Use `policyManager` for the new policy-based system.
      */
     get permissions(): ToolPermissionManager;
+    /**
+     * Policy-based permission manager.
+     * Provides composable policies, argument inspection, role-based access,
+     * centralized audit, and enforcement at the ToolManager pipeline level.
+     */
+    get policyManager(): PermissionPolicyManager;
     /**
      * Add a tool to the agent.
      * Tools are registered with AgentContext (single source of truth).
@@ -4064,6 +4751,8 @@ interface AgentConfig$1 extends BaseAgentConfig {
         toolFailureMode?: 'fail' | 'continue';
         maxConsecutiveErrors?: number;
     };
+    /** Configuration for async (non-blocking) tool execution */
+    asyncTools?: AsyncToolConfig;
     /** Configuration for retrying empty/incomplete LLM responses */
     emptyResponseRetry?: {
         /** Enable retry for empty responses (default: true) */
@@ -4096,6 +4785,14 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
     private _pausePromise;
     private _resumeCallback;
     private _pauseResumeMutex;
+    private _asyncToolTracker;
+    private _asyncBatchTimer;
+    private _asyncResultQueue;
+    private _continuationInProgress;
+    private _executionActive;
+    private _pendingInjections;
+    /** M3: Maximum injection queue size to prevent unbounded growth */
+    private static readonly MAX_PENDING_INJECTIONS;
     /**
      * Create a new agent
      *
@@ -4140,6 +4837,40 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
      * @returns Agent instance, or null if not found
      */
     static fromStorage(agentId: string, storage?: IAgentDefinitionStorage, overrides?: Partial<AgentConfig$1>): Promise<Agent | null>;
+    /**
+     * Hydrate an agent from stored definition + saved session.
+     *
+     * Returns a fully reconstructed Agent with conversation history and plugin
+     * states restored. The caller can customize the agent (add tools, hooks, etc.)
+     * before calling `run()` to continue execution.
+     *
+     * This is the primary API for resuming suspended sessions.
+     *
+     * @param sessionId - Session ID to load
+     * @param options - Agent ID and optional overrides
+     * @returns Agent instance ready for customization and `run()`
+     *
+     * @example
+     * ```typescript
+     * // Reconstruct agent and load session
+     * const agent = await Agent.hydrate('session-456', { agentId: 'my-agent' });
+     *
+     * // Customize (add hooks, tools, etc.)
+     * agent.lifecycleHooks = { onError: myErrorHandler };
+     * agent.tools.register(presentToUser(emailService));
+     *
+     * // Continue with user's reply
+     * const result = await agent.run('Thanks, but also look at Q2 data');
+     * ```
+     */
+    static hydrate(sessionId: string, options: {
+        /** Agent ID to load definition for */
+        agentId: string;
+        /** Optional definition storage override */
+        definitionStorage?: IAgentDefinitionStorage;
+        /** Optional config overrides (e.g., connector, model) */
+        overrides?: Partial<AgentConfig$1>;
+    }): Promise<Agent>;
     private constructor();
     protected getAgentType(): 'agent' | 'task-agent' | 'universal-agent';
     /**
@@ -4179,6 +4910,12 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
      * Run the agent with input
      */
     run(input: string | InputItem[]): Promise<AgentResponse>;
+    /**
+     * Shared agentic loop used by both run() and continueWithAsyncResults().
+     * Includes: iteration loop, empty response retry, context budget logging,
+     * tool execution, max-iterations wrap-up, consolidation, pendingAsyncTools attachment.
+     */
+    private _runAgenticLoop;
     /**
      * Build tool calls array from accumulated map
      */
@@ -4208,7 +4945,10 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
      */
     private extractToolCalls;
     /**
-     * Execute tools with hooks
+     * Execute tools with hooks.
+     * Blocking tools (blocking !== false) are executed sequentially as before.
+     * Async tools (blocking === false) return a placeholder result immediately
+     * and execute in the background.
      */
     private executeToolsWithHooks;
     /**
@@ -4216,9 +4956,53 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
      */
     private executeToolWithHooks;
     /**
-     * Check tool permission before execution
+     * Check tool permission before execution.
+     *
+     * When the PermissionEnforcementPlugin is active on the ToolManager pipeline,
+     * this becomes a no-op — the pipeline handles enforcement for ALL paths.
+     * This legacy path is kept for backward compatibility when pipeline enforcement
+     * is not active.
      */
     private checkToolPermission;
+    /**
+     * Start async (non-blocking) tool execution.
+     * Returns a placeholder ToolResult immediately.
+     * The tool executes in the background and results are delivered
+     * as a new user message when complete.
+     */
+    private _startAsyncExecution;
+    /**
+     * Called when an async tool completes (success or failure).
+     * Queues the result and schedules batch delivery.
+     */
+    private _onAsyncComplete;
+    /**
+     * Flush queued async results by triggering a continuation.
+     */
+    private _flushAsyncResults;
+    /**
+     * Continue the agentic loop with async tool results.
+     * Can be called automatically (autoContinue) or manually by the caller.
+     *
+     * Injects results as a user message and re-enters the agentic loop.
+     */
+    continueWithAsyncResults(results?: ToolResult[]): Promise<AgentResponse>;
+    /**
+     * Check if there are any pending async tools
+     */
+    hasPendingAsyncTools(): boolean;
+    /**
+     * Get info about pending async tools
+     */
+    getPendingAsyncTools(): PendingAsyncTool[];
+    /**
+     * Cancel a specific async tool by toolCallId
+     */
+    cancelAsyncTool(toolCallId: string): void;
+    /**
+     * Cancel all pending async tools
+     */
+    cancelAllAsyncTools(): void;
     /**
      * Pause execution
      */
@@ -4231,6 +5015,17 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
      * Cancel execution
      */
     cancel(reason?: string): void;
+    /**
+     * Inject a message into this agent's context, to be processed on the next
+     * agentic loop iteration. Safe to call while the agent is running.
+     *
+     * Used by orchestrator tools (send_message) to communicate with workers
+     * during or between turns.
+     *
+     * @param message - Text message to inject
+     * @param role - Message role: 'user' (default) or 'developer'
+     */
+    inject(message: string, role?: 'user' | 'developer'): void;
     /**
      * Check if paused and wait
      */
@@ -4303,6 +5098,339 @@ declare class Agent extends BaseAgent<AgentConfig$1, AgentEvents> implements IDi
     destroy(): void;
 }
 
+/** Agent lifecycle status from the registry's perspective */
+type AgentStatus$1 = 'idle' | 'running' | 'paused' | 'cancelled' | 'destroyed';
+/** Lightweight snapshot of an agent's state */
+interface AgentInfo {
+    /** Registry ID (UUID, unique) */
+    id: string;
+    /** Agent name (NOT unique — user-provided or auto-generated) */
+    name: string;
+    /** Model identifier */
+    model: string;
+    /** Connector name */
+    connector: string;
+    /** Current status */
+    status: AgentStatus$1;
+    /** When the agent was registered */
+    createdAt: Date;
+    /** Parent agent's registryId (undefined if root agent) */
+    parentAgentId: string | undefined;
+    /** IDs of child agents spawned by this agent (live lookup) */
+    childAgentIds: string[];
+}
+/** Filter criteria for querying agents (all fields optional, AND logic) */
+interface AgentFilter {
+    /** Exact match on agent name */
+    name?: string;
+    /** Exact match on model */
+    model?: string;
+    /** Exact match on connector name */
+    connector?: string;
+    /** Match any of these statuses */
+    status?: AgentStatus$1 | AgentStatus$1[];
+    /** Filter by parent agent ID */
+    parentAgentId?: string;
+}
+/** Aggregate statistics across all tracked agents */
+interface AgentRegistryStats {
+    total: number;
+    byStatus: Record<AgentStatus$1, number>;
+    byModel: Record<string, number>;
+    byConnector: Record<string, number>;
+}
+/** Aggregate metrics across all tracked agents */
+interface AggregateMetrics {
+    totalAgents: number;
+    activeExecutions: number;
+    totalTokens: number;
+    totalToolCalls: number;
+    totalErrors: number;
+    byModel: Record<string, {
+        agents: number;
+        tokens: number;
+    }>;
+    byConnector: Record<string, {
+        agents: number;
+        tokens: number;
+    }>;
+}
+/** Recursive tree node for parent/child visualization */
+interface AgentTreeNode {
+    info: AgentInfo;
+    children: AgentTreeNode[];
+}
+/** Deep inspection of a single agent */
+interface AgentInspection extends AgentInfo {
+    /** Full context snapshot (plugins, tools, budget, features, systemPrompt) */
+    context: IContextSnapshot;
+    /** Full conversation history */
+    conversation: ReadonlyArray<InputItem>;
+    /** Pending input (about to go to LLM) */
+    currentInput: ReadonlyArray<InputItem>;
+    /** Current execution state */
+    execution: {
+        id: string | null;
+        iteration: number;
+        metrics: ExecutionMetrics | null;
+        auditTrail: readonly AuditEntry[];
+    };
+    /** Tool manager statistics */
+    toolStats: ToolManagerStats;
+    /** Circuit breaker states per tool */
+    circuitBreakers: Map<string, CircuitState>;
+    /** Child agent info snapshots */
+    children: AgentInfo[];
+}
+/** Events emitted by the registry */
+interface AgentRegistryEvents {
+    'agent:registered': {
+        agent: IRegistrableAgent;
+        info: AgentInfo;
+    };
+    'agent:unregistered': {
+        id: string;
+        name: string;
+        reason: 'destroyed' | 'manual';
+    };
+    'agent:statusChanged': {
+        id: string;
+        name: string;
+        previous: AgentStatus$1;
+        current: AgentStatus$1;
+    };
+    'registry:empty': Record<string, never>;
+}
+/** Callback type for agent event fan-in */
+type AgentEventListener = (agentId: string, agentName: string, event: string, data: unknown) => void;
+/**
+ * Minimal interface an agent must satisfy to be tracked.
+ * Agent already satisfies this — avoids circular import with Agent.ts.
+ */
+interface IRegistrableAgent {
+    readonly registryId: string;
+    readonly name: string;
+    readonly model: string;
+    readonly connector: {
+        name: string;
+    };
+    readonly parentAgentId: string | undefined;
+    readonly isDestroyed: boolean;
+    isRunning(): boolean;
+    isPaused(): boolean;
+    isCancelled(): boolean;
+    getMetrics(): ExecutionMetrics | null;
+    getExecutionContext(): ExecutionContext | null;
+    getAuditTrail(): readonly AuditEntry[];
+    getSnapshot(): Promise<IContextSnapshot>;
+    readonly context: {
+        tools: {
+            getStats(): ToolManagerStats;
+            getCircuitBreakerStates(): Map<string, CircuitState>;
+        };
+        getConversation(): ReadonlyArray<InputItem>;
+        getCurrentInput(): ReadonlyArray<InputItem>;
+    };
+    destroy(): void;
+    pause?(): void;
+    resume?(): void;
+    cancel?(reason?: string): void;
+    inject?(message: string, role?: 'user' | 'developer'): void;
+    on(event: string, listener: (...args: unknown[]) => void): this;
+    off(event: string, listener: (...args: unknown[]) => void): this;
+    eventNames(): (string | symbol)[];
+}
+declare class AgentRegistry {
+    private static agents;
+    private static childIndex;
+    private static emitter;
+    private static fanInListeners;
+    /** Per-agent fan-in cleanup functions (only populated when fanInListeners.size > 0) */
+    private static fanInCleanups;
+    /**
+     * Register an agent. Called automatically by Agent constructor.
+     * @internal
+     */
+    static register(agent: IRegistrableAgent): void;
+    /**
+     * Unregister an agent. Called automatically by Agent.destroy().
+     * @internal
+     */
+    static unregister(id: string, reason?: 'destroyed' | 'manual'): void;
+    /** Get agent by registry ID (unique) */
+    static get(id: string): IRegistrableAgent | undefined;
+    /** Get all agents with a given name (names are NOT unique) */
+    static getByName(name: string): IRegistrableAgent[];
+    /** Check if an agent exists in the registry */
+    static has(id: string): boolean;
+    /** List all tracked registry IDs */
+    static list(): string[];
+    /** Return agents matching all provided filter criteria */
+    static filter(filter: AgentFilter): IRegistrableAgent[];
+    /** Number of currently tracked agents */
+    static get count(): number;
+    /** Lightweight info for all agents */
+    static listInfo(): AgentInfo[];
+    /** Lightweight info for agents matching filter */
+    static filterInfo(filter: AgentFilter): AgentInfo[];
+    /** Deep inspection of a single agent */
+    static inspect(id: string): Promise<AgentInspection | null>;
+    /** Deep inspection of all agents */
+    static inspectAll(): Promise<AgentInspection[]>;
+    /** Deep inspection of agents matching filter */
+    static inspectMatching(filter: AgentFilter): Promise<AgentInspection[]>;
+    /** Aggregate counts by status/model/connector */
+    static getStats(): AgentRegistryStats;
+    /** Aggregate metrics across all agents (tokens, tool calls, errors) */
+    static getAggregateMetrics(): AggregateMetrics;
+    /** Get child agents of a parent */
+    static getChildren(parentId: string): IRegistrableAgent[];
+    /** Get parent agent of a child */
+    static getParent(childId: string): IRegistrableAgent | undefined;
+    /** Get recursive tree starting from a root agent */
+    static getTree(rootId: string): AgentTreeNode | null;
+    /** Subscribe to registry lifecycle events */
+    static on<K extends keyof AgentRegistryEvents>(event: K, listener: (data: AgentRegistryEvents[K]) => void): void;
+    /** Unsubscribe from registry lifecycle events */
+    static off<K extends keyof AgentRegistryEvents>(event: K, listener: (data: AgentRegistryEvents[K]) => void): void;
+    /** Subscribe once to a registry lifecycle event */
+    static once<K extends keyof AgentRegistryEvents>(event: K, listener: (data: AgentRegistryEvents[K]) => void): void;
+    /** Fan-in: receive ALL events from ALL agents through one listener */
+    static onAgentEvent(listener: AgentEventListener): void;
+    /** Remove a fan-in listener */
+    static offAgentEvent(listener: AgentEventListener): void;
+    /** Pause a specific agent. Returns true if found and paused. */
+    static pauseAgent(id: string): boolean;
+    /** Resume a specific agent. Returns true if found and resumed. */
+    static resumeAgent(id: string): boolean;
+    /** Cancel a specific agent. Returns true if found and cancelled. */
+    static cancelAgent(id: string, reason?: string): boolean;
+    /** Destroy a specific agent. Returns true if found and destroyed. */
+    static destroyAgent(id: string): boolean;
+    /** Pause all agents matching filter. Returns count paused. */
+    static pauseMatching(filter: AgentFilter): number;
+    /** Cancel all agents matching filter. Returns count cancelled. */
+    static cancelMatching(filter: AgentFilter, reason?: string): number;
+    /** Destroy all agents matching filter. Returns count destroyed. */
+    static destroyMatching(filter: AgentFilter): number;
+    /** Pause all agents. Returns count paused. */
+    static pauseAll(): number;
+    /** Cancel all agents. Returns count cancelled. */
+    static cancelAll(reason?: string): number;
+    /** Destroy ALL tracked agents. Returns count destroyed. */
+    static destroyAll(): number;
+    /** Clear registry without destroying agents (for testing) */
+    static clear(): void;
+    /** Known agent events for fan-in forwarding */
+    private static readonly KNOWN_EVENTS;
+    /**
+     * Wire status tracking listeners on an agent (always done on register).
+     * Returns a cleanup function that removes the listeners.
+     */
+    private static wireStatusTracking;
+    /**
+     * Wire fan-in event forwarding on a single agent.
+     * Only called when fanInListeners.size > 0 (lazy wiring).
+     * Stores cleanup in fanInCleanups map.
+     */
+    private static wireFanInForAgent;
+    /** Enrich AgentInfo with live childAgentIds from the index */
+    private static enrichInfo;
+    /** Build a deep AgentInspection from a registry entry */
+    private static buildInspection;
+    /** Build recursive tree from an entry (with cycle protection) */
+    private static buildTree;
+    /** Check if an AgentInfo matches a filter (AND logic) */
+    private static matchesFilter;
+    /** Bulk control helper — applies action to all matching agents */
+    private static bulkControl;
+}
+
+/**
+ * SuspendSignal - Signal returned by tools to suspend the agent loop
+ *
+ * When a tool returns a SuspendSignal, the agent loop:
+ * 1. Adds the `result` field as the normal tool result (visible to LLM)
+ * 2. Does one final LLM call without tools for a graceful wrap-up message
+ * 3. Saves the session and correlation mapping
+ * 4. Returns an AgentResponse with status: 'suspended'
+ *
+ * Later, `Agent.hydrate()` reconstructs the agent from stored definition +
+ * session, and the caller runs `agent.run(userReply)` to continue.
+ *
+ * @example
+ * ```typescript
+ * import { SuspendSignal } from '@everworker/oneringai';
+ *
+ * const presentToUser: ToolFunction = {
+ *   definition: { ... },
+ *   execute: async (args) => {
+ *     const { messageId } = await emailService.send(args.to, args.subject, args.body);
+ *     return SuspendSignal.create({
+ *       result: `Email sent to ${args.to}. Waiting for reply.`,
+ *       correlationId: `email:${messageId}`,
+ *     });
+ *   },
+ * };
+ * ```
+ */
+/**
+ * Options for creating a SuspendSignal
+ */
+interface SuspendSignalOptions {
+    /** The tool result visible to the LLM (e.g., "Email sent to user@example.com") */
+    result: unknown;
+    /**
+     * Unique identifier for routing external events back to this session.
+     * Typically prefixed by channel (e.g., "email:msg_123", "ticket:T-456")
+     */
+    correlationId: string;
+    /**
+     * How the external response should be injected when the session resumes.
+     * - `'user_message'` (default): added as a new user message
+     * - `'tool_result'`: added as a tool result
+     */
+    resumeAs?: 'user_message' | 'tool_result';
+    /** Time-to-live in milliseconds before the suspended session expires. Default: 7 days */
+    ttl?: number;
+    /** Application-specific metadata (email ID, ticket ID, webhook URL, etc.) */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Signal that a tool has initiated an external operation and the agent
+ * loop should suspend until an external event resumes it.
+ */
+declare class SuspendSignal {
+    /** The tool result visible to the LLM */
+    readonly result: unknown;
+    /** Correlation identifier for routing external events back */
+    readonly correlationId: string;
+    /** How the external response is injected on resume */
+    readonly resumeAs: 'user_message' | 'tool_result';
+    /** Time-to-live in milliseconds */
+    readonly ttl: number;
+    /** Application-specific metadata */
+    readonly metadata?: Record<string, unknown>;
+    private constructor();
+    /**
+     * Create a new SuspendSignal.
+     *
+     * @example
+     * ```typescript
+     * return SuspendSignal.create({
+     *   result: 'Email sent to user@example.com. Waiting for reply.',
+     *   correlationId: `email:${messageId}`,
+     *   metadata: { messageId, sentTo: email },
+     * });
+     * ```
+     */
+    static create(options: SuspendSignalOptions): SuspendSignal;
+    /**
+     * Type guard to check if a value is a SuspendSignal.
+     */
+    static is(value: unknown): value is SuspendSignal;
+}
+
 /**
  * Routine Execution Runner
  *
@@ -4454,6 +5582,66 @@ interface ExecutionRecorder {
  */
 declare function createExecutionRecorder(options: ExecutionRecorderOptions): ExecutionRecorder;
 
+/**
+ * StoreToolsManager - Unified CRUD tools for all IStoreHandler plugins
+ *
+ * Creates 5 generic tools (store_get, store_set, store_delete, store_list, store_action)
+ * that route to the correct plugin handler based on the `store` parameter.
+ *
+ * Registered once on the first IStoreHandler plugin registration.
+ * Subsequent handlers are added dynamically; `descriptionFactory` picks them up.
+ */
+
+declare class StoreToolsManager {
+    private handlers;
+    /**
+     * Register a store handler. Throws on duplicate storeId.
+     */
+    registerHandler(handler: IStoreHandler): void;
+    /**
+     * Unregister a store handler by storeId.
+     */
+    unregisterHandler(storeId: string): boolean;
+    /**
+     * Get a handler by storeId.
+     */
+    getHandler(storeId: string): IStoreHandler | undefined;
+    /**
+     * Get all registered store schemas (for building tool descriptions).
+     */
+    getSchemas(): StoreEntrySchema[];
+    /**
+     * Get all registered store IDs.
+     */
+    getStoreIds(): string[];
+    /**
+     * Create the 5 generic store tools.
+     * Called once when the first IStoreHandler is registered.
+     */
+    getTools(): ToolFunction[];
+    /**
+     * Cleanup.
+     */
+    destroy(): void;
+    /**
+     * Build the unified overview block for system instructions.
+     * Emitted once when any IStoreHandler plugins are registered.
+     * Covers: what store_* tools are, available stores, and when to use each.
+     */
+    buildOverview(): string;
+    /**
+     * Build the store comparison section for tool descriptions.
+     * Called dynamically via descriptionFactory so it always reflects current handlers.
+     */
+    private buildStoreDescriptions;
+    private createStoreGetTool;
+    private createStoreSetTool;
+    private createStoreDeleteTool;
+    private createStoreListTool;
+    private createStoreActionTool;
+    private resolveHandler;
+}
+
 /**
  * BasePluginNextGen - Base class for context plugins
  *
@@ -4822,7 +6010,7 @@ interface InContextMemoryConfig {
 interface SerializedInContextMemoryState {
     entries: InContextEntry[];
 }
-declare class InContextMemoryPluginNextGen implements IContextPluginNextGen {
+declare class InContextMemoryPluginNextGen implements IContextPluginNextGen, IStoreHandler {
     readonly name = "in_context_memory";
     private entries;
     private config;
@@ -4889,9 +6077,11 @@ declare class InContextMemoryPluginNextGen implements IContextPluginNextGen {
      */
     private notifyEntriesChanged;
     private assertNotDestroyed;
-    private createContextSetTool;
-    private createContextDeleteTool;
-    private createContextListTool;
+    getStoreSchema(): StoreEntrySchema;
+    storeGet(key?: string, _context?: ToolContext): Promise<StoreGetResult>;
+    storeSet(key: string, data: Record<string, unknown>, _context?: ToolContext): Promise<StoreSetResult>;
+    storeDelete(key: string, _context?: ToolContext): Promise<StoreDeleteResult>;
+    storeList(_filter?: Record<string, unknown>, _context?: ToolContext): Promise<StoreListResult>;
 }
 
 /**
@@ -4924,7 +6114,7 @@ interface SerializedPersistentInstructionsState {
     agentId: string;
     version: 2;
 }
-declare class PersistentInstructionsPluginNextGen implements IContextPluginNextGen {
+declare class PersistentInstructionsPluginNextGen implements IContextPluginNextGen, IStoreHandler {
     readonly name = "persistent_instructions";
     private _entries;
     private _initialized;
@@ -4981,6 +6171,12 @@ declare class PersistentInstructionsPluginNextGen implements IContextPluginNextG
      * Check if initialized
      */
     get isInitialized(): boolean;
+    getStoreSchema(): StoreEntrySchema;
+    storeGet(key?: string, _context?: ToolContext): Promise<StoreGetResult>;
+    storeSet(key: string, data: Record<string, unknown>, _context?: ToolContext): Promise<StoreSetResult>;
+    storeDelete(key: string, _context?: ToolContext): Promise<StoreDeleteResult>;
+    storeList(_filter?: Record<string, unknown>, _context?: ToolContext): Promise<StoreListResult>;
+    storeAction(action: string, params?: Record<string, unknown>, _context?: ToolContext): Promise<StoreActionResult>;
     private ensureInitialized;
     private assertNotDestroyed;
     /**
@@ -4999,10 +6195,6 @@ declare class PersistentInstructionsPluginNextGen implements IContextPluginNextG
      * Render all entries as markdown for context injection
      */
     private renderContent;
-    private createInstructionsSetTool;
-    private createInstructionsRemoveTool;
-    private createInstructionsListTool;
-    private createInstructionsClearTool;
 }
 
 /**
@@ -5043,7 +6235,7 @@ interface SerializedUserInfoState {
     entries: UserInfoEntry[];
     userId?: string;
 }
-declare class UserInfoPluginNextGen implements IContextPluginNextGen {
+declare class UserInfoPluginNextGen implements IContextPluginNextGen, IStoreHandler {
     readonly name = "user_info";
     private _destroyed;
     private _storage;
@@ -5092,10 +6284,12 @@ declare class UserInfoPluginNextGen implements IContextPluginNextGen {
      * Persist current entries to storage
      */
     private persistToStorage;
-    private createUserInfoSetTool;
-    private createUserInfoGetTool;
-    private createUserInfoRemoveTool;
-    private createUserInfoClearTool;
+    getStoreSchema(): StoreEntrySchema;
+    storeGet(key?: string, _context?: ToolContext): Promise<StoreGetResult>;
+    storeSet(key: string, data: Record<string, unknown>, context?: ToolContext): Promise<StoreSetResult>;
+    storeDelete(key: string, context?: ToolContext): Promise<StoreDeleteResult>;
+    storeList(_filter?: Record<string, unknown>, _context?: ToolContext): Promise<StoreListResult>;
+    storeAction(action: string, params?: Record<string, unknown>, context?: ToolContext): Promise<StoreActionResult>;
     private createTodoAddTool;
     private createTodoUpdateTool;
     private createTodoRemoveTool;
@@ -5199,6 +6393,108 @@ declare class ToolCatalogPluginNextGen extends BasePluginNextGen {
     private estimateToolDefinitionTokens;
 }
 
+/**
+ * SharedWorkspacePluginNextGen - Shared bulletin board for multi-agent coordination
+ *
+ * A storage-agnostic coordination layer where agents share artifacts, status,
+ * and messages. Entries can hold inline content (for collaborative documents)
+ * and/or external references (file paths, DB IDs, URLs) accessed via agent tools.
+ *
+ * Designed to be shared across agent instances: create one instance and
+ * register it on multiple AgentContextNextGen contexts.
+ *
+ * Use for:
+ * - Shared plans, designs, reviews
+ * - Task status tracking across agents
+ * - Collaborative documents (inline content)
+ * - References to external resources
+ *
+ * Do NOT use for:
+ * - Private agent state (use InContextMemory / "context" store)
+ * - Persistent rules (use PersistentInstructions / "instructions" store)
+ */
+
+interface SharedWorkspaceEntry {
+    key: string;
+    /** Inline content (optional — for collaborative documents) */
+    content?: string;
+    /** External references: file paths, DB IDs, URLs, etc. (optional) */
+    references?: string[];
+    /** Required brief summary — always cheap to show in context */
+    summary: string;
+    /** Free-form status */
+    status: string;
+    /** Agent name or ID that last updated this entry */
+    author: string;
+    /** Auto-incremented on each update */
+    version: number;
+    /** Optional tags for filtering */
+    tags?: string[];
+    createdAt: number;
+    updatedAt: number;
+}
+interface WorkspaceLogEntry {
+    author: string;
+    message: string;
+    timestamp: number;
+}
+interface SharedWorkspaceConfig {
+    /** Maximum number of entries (default: 50) */
+    maxEntries?: number;
+    /** Maximum total tokens for context rendering (default: 8000) */
+    maxTotalTokens?: number;
+    /** Maximum log entries to keep (default: 100) */
+    maxLogEntries?: number;
+    /** Callback when entries change */
+    onEntriesChanged?: (entries: SharedWorkspaceEntry[]) => void;
+}
+interface SerializedSharedWorkspaceState {
+    entries: SharedWorkspaceEntry[];
+    log: WorkspaceLogEntry[];
+}
+declare class SharedWorkspacePluginNextGen implements IContextPluginNextGen, IStoreHandler {
+    readonly name = "shared_workspace";
+    private entries;
+    private log;
+    private config;
+    private estimator;
+    private _destroyed;
+    private _tokenCache;
+    private _instructionsTokenCache;
+    constructor(config?: Partial<SharedWorkspaceConfig>);
+    getInstructions(): string;
+    getContent(): Promise<string | null>;
+    getContents(): {
+        entries: SharedWorkspaceEntry[];
+        log: WorkspaceLogEntry[];
+    };
+    getTokenSize(): number;
+    getInstructionsTokenSize(): number;
+    isCompactable(): boolean;
+    compact(targetTokensToFree: number): Promise<number>;
+    getTools(): ToolFunction[];
+    destroy(): void;
+    getState(): SerializedSharedWorkspaceState;
+    restoreState(state: unknown): void;
+    getStoreSchema(): StoreEntrySchema;
+    storeGet(key?: string, _context?: ToolContext): Promise<StoreGetResult>;
+    storeSet(key: string, data: Record<string, unknown>, _context?: ToolContext): Promise<StoreSetResult>;
+    storeDelete(key: string, _context?: ToolContext): Promise<StoreDeleteResult>;
+    storeList(filter?: Record<string, unknown>, _context?: ToolContext): Promise<StoreListResult>;
+    storeAction(action: string, params?: Record<string, unknown>, _context?: ToolContext): Promise<StoreActionResult>;
+    /** Get an entry by key */
+    getEntry(key: string): SharedWorkspaceEntry | undefined;
+    /** Get all entries */
+    getAllEntries(): SharedWorkspaceEntry[];
+    /** Get the conversation log */
+    getLog(): WorkspaceLogEntry[];
+    /** Append to the conversation log */
+    appendLog(author: string, message: string): void;
+    private formatContent;
+    private formatEntry;
+    private enforceMaxEntries;
+}
+
 /**
  * DefaultCompactionStrategy - Standard compaction behavior
  *
@@ -5406,14 +6702,116 @@ declare class StrategyRegistry {
      */
     static remove(name: string): boolean;
     /**
-     * Get a strategy entry without throwing.
-     * Returns undefined if not found.
+     * Get a strategy entry without throwing.
+     * Returns undefined if not found.
+     */
+    static getIfExists(name: string): StrategyRegistryEntry | undefined;
+    /**
+     * Reset the registry to initial state (for testing).
+     * @internal
+     */
+    static _reset(): void;
+}
+
+/**
+ * PluginRegistry — Global registry for external plugin factories.
+ *
+ * Allows external packages to register plugin factories that auto-initialize
+ * when the corresponding feature flag is enabled in ContextFeatures.
+ *
+ * Built-in plugins (workingMemory, inContextMemory, etc.) are NOT registered
+ * here — they remain hardcoded in AgentContextNextGen.initializePlugins().
+ * This registry is exclusively for EXTERNAL plugins.
+ *
+ * Follows the StrategyRegistry pattern: static class, private Map, lazy init.
+ *
+ * @example
+ * ```typescript
+ * // In an external package (e.g., @everworker/react-ui/plugins.ts)
+ * import { PluginRegistry } from '@everworker/oneringai';
+ * import { DynamicUIPlugin } from './DynamicUIPlugin';
+ *
+ * PluginRegistry.register('dynamic_ui', (config) => new DynamicUIPlugin(config), {
+ *   description: 'Rich side-panel content via InContextMemory showInUI',
+ *   dependencies: ['inContextMemory'],
+ * });
+ *
+ * // In app code
+ * import '@everworker/react-ui/plugins'; // side-effect registers factory
+ *
+ * const agent = Agent.create({
+ *   connector: 'openai', model: 'gpt-4',
+ *   context: { features: { dynamicUI: true } }, // auto-initializes!
+ * });
+ * ```
+ */
+
+/** Context passed to plugin factories during auto-initialization */
+interface PluginFactoryContext {
+    agentId: string;
+    userId?: string;
+    features: Record<string, boolean | undefined>;
+}
+/** Plugin factory function — creates a plugin instance from optional config */
+type PluginFactory = (config?: Record<string, unknown>, context?: PluginFactoryContext) => IContextPluginNextGen;
+/** Options for registering a plugin */
+interface PluginRegisterOptions {
+    /**
+     * Feature flag key in camelCase (e.g., 'dynamicUI').
+     * If omitted, derived from pluginName via snake_case → camelCase conversion.
      */
-    static getIfExists(name: string): StrategyRegistryEntry | undefined;
+    featureKey?: string;
+    /** Human-readable description */
+    description?: string;
+    /** Feature keys (camelCase) that must also be enabled for this plugin to work */
+    dependencies?: string[];
+}
+/** Registry entry for an external plugin */
+interface PluginRegistryEntry {
+    /** Feature flag key in ContextFeatures (camelCase, e.g., 'dynamicUI') */
+    featureKey: string;
+    /** Plugin name (snake_case, e.g., 'dynamic_ui') — must match plugin.name */
+    pluginName: string;
+    /** Factory to create plugin instances */
+    factory: PluginFactory;
+    /** Human-readable description */
+    description?: string;
+    /** Feature keys that must be enabled for this plugin to work */
+    dependencies?: string[];
+}
+/** Serializable plugin info (no factory reference) */
+interface PluginRegistryInfo {
+    featureKey: string;
+    pluginName: string;
+    description?: string;
+    dependencies?: string[];
+}
+declare class PluginRegistry {
+    private static registry;
     /**
-     * Reset the registry to initial state (for testing).
-     * @internal
-     */
+     * Register an external plugin factory.
+     *
+     * @param pluginName - Plugin name in snake_case (must match plugin.name)
+     * @param factory - Factory function to create plugin instances
+     * @param options - Registration options (featureKey, description, dependencies)
+     *
+     * @throws If featureKey collides with a built-in plugin
+     * @throws If featureKey is already registered
+     */
+    static register(pluginName: string, factory: PluginFactory, options?: PluginRegisterOptions): void;
+    /** Check if a feature key has a registered factory */
+    static has(featureKey: string): boolean;
+    /** Get a registry entry by feature key */
+    static get(featureKey: string): PluginRegistryEntry | undefined;
+    /** List all registered feature keys */
+    static list(): string[];
+    /** Get serializable info for all registered plugins (no factory references) */
+    static getInfo(): PluginRegistryInfo[];
+    /** Remove a registered plugin by feature key */
+    static remove(featureKey: string): boolean;
+    /** Get all entries as ReadonlyMap (internal use by AgentContextNextGen) */
+    static getAll(): ReadonlyMap<string, PluginRegistryEntry>;
+    /** Reset registry — for testing only */
     static _reset(): void;
 }
 
@@ -5435,6 +6833,122 @@ declare function getVendorDefaultBaseURL(vendor: string): string | undefined;
  */
 declare function createProvider(connector: Connector): ITextProvider;
 
+/**
+ * createOrchestrator - Factory for creating an orchestrator Agent
+ *
+ * The orchestrator is a regular Agent with:
+ * - A SharedWorkspacePlugin (shared with all workers)
+ * - 7 orchestration tools for managing worker agents
+ * - A system prompt that describes available agent types and coordination patterns
+ * - Async tool support for non-blocking turn assignment
+ *
+ * Workers are persistent Agent instances that remember reasoning across turns.
+ * All agents share the same workspace for artifact coordination.
+ */
+
+/**
+ * Configuration for an agent type that the orchestrator can spawn.
+ */
+interface AgentTypeConfig {
+    /** System prompt defining this agent's role and behavior */
+    systemPrompt: string;
+    /** Additional tools specific to this agent type */
+    tools?: ToolFunction[];
+    /** Model override (defaults to orchestrator's model) */
+    model?: string;
+    /** Connector override (defaults to orchestrator's connector) */
+    connector?: string;
+    /** Context features for this agent type */
+    features?: Partial<ContextFeatures>;
+    /** Plugin configurations for this agent type */
+    plugins?: PluginConfigs;
+}
+/**
+ * Configuration for the orchestrator.
+ */
+interface OrchestratorConfig {
+    /** Connector name for LLM access */
+    connector: string;
+    /** Model to use for the orchestrator (also default for workers) */
+    model: string;
+    /** Custom system prompt (overrides the auto-generated one) */
+    systemPrompt?: string;
+    /** Available agent types that can be spawned */
+    agentTypes: Record<string, AgentTypeConfig>;
+    /** SharedWorkspace configuration */
+    workspace?: Partial<SharedWorkspaceConfig>;
+    /** Additional context features for the orchestrator */
+    features?: Partial<ContextFeatures>;
+    /** Plugin configurations for the orchestrator */
+    pluginConfigs?: PluginConfigs;
+    /** Agent name for the orchestrator (default: 'orchestrator') */
+    name?: string;
+    /** Agent ID for session persistence */
+    agentId?: string;
+    /** Max iterations for the orchestrator's agentic loop (default: 100) */
+    maxIterations?: number;
+    /** Maximum number of worker agents (default: 20) */
+    maxAgents?: number;
+}
+/**
+ * Create an orchestrator Agent that can coordinate a team of worker agents.
+ *
+ * @example
+ * ```typescript
+ * const orchestrator = createOrchestrator({
+ *   connector: 'openai',
+ *   model: 'gpt-4',
+ *   agentTypes: {
+ *     architect: {
+ *       systemPrompt: 'You are a senior software architect...',
+ *       tools: [readFile, writeFile],
+ *     },
+ *     critic: {
+ *       systemPrompt: 'You are a thorough code reviewer...',
+ *       tools: [readFile, grep],
+ *     },
+ *     developer: {
+ *       systemPrompt: 'You are a senior developer...',
+ *       tools: [readFile, writeFile, editFile, bash],
+ *     },
+ *   },
+ * });
+ *
+ * const result = await orchestrator.run('Build an auth module with JWT support');
+ * ```
+ */
+declare function createOrchestrator(config: OrchestratorConfig): Agent;
+
+/**
+ * Orchestration Tools - Tools given to the orchestrator Agent for managing worker agents.
+ *
+ * 7 tools:
+ * - create_agent: Spawn a worker agent from predefined types
+ * - list_agents: See team status
+ * - destroy_agent: Remove a worker
+ * - assign_turn: Assign a turn and wait for result (blocking)
+ * - assign_turn_async: Assign a turn without waiting (non-blocking, result delivered via async continuation)
+ * - assign_parallel: Fan-out to multiple agents, wait for all
+ * - send_message: Inject a message into an agent's context
+ */
+
+interface OrchestrationToolsContext {
+    /** Shared workspace plugin instance */
+    workspace: SharedWorkspacePluginNextGen;
+    /** Live worker agent instances (name → Agent) */
+    agents: Map<string, Agent>;
+    /** Registered agent type configurations */
+    agentTypes: Map<string, AgentTypeConfig>;
+    /** Timestamp of each agent's last completed turn (for workspace deltas) */
+    lastTurnTimestamps: Map<string, number>;
+    /** Factory function to create a worker agent */
+    createWorkerAgent: (name: string, type: string) => Agent;
+    /** Maximum number of worker agents (M2, default: 20) */
+    maxAgents?: number;
+}
+declare function buildWorkspaceDelta(agentName: string, workspace: SharedWorkspacePluginNextGen, lastSeen: Map<string, number>): string;
+declare function buildOrchestrationTools(ctx: OrchestrationToolsContext): ToolFunction[];
+
 /**
  * MCP Configuration Types
  *
@@ -5845,6 +7359,10 @@ declare class MCPClient extends EventEmitter implements IMCPClient, IDisposable
      */
     get isDestroyed(): boolean;
     destroy(): void;
+    /**
+     * Create a standardized MCPError for this server
+     */
+    private createMCPError;
     private createTransport;
     private ensureConnected;
     private refreshTools;
@@ -5984,26 +7502,6 @@ declare class MCPResourceError extends MCPError {
     constructor(message: string, resourceUri: string, serverName?: string, cause?: Error);
 }
 
-/**
- * Shared voice definitions and language constants
- * Eliminates duplication across TTS model registries
- */
-/**
- * Voice information structure
- * Used consistently across all TTS providers
- */
-interface IVoiceInfo {
-    id: string;
-    name: string;
-    language: string;
-    gender: 'male' | 'female' | 'neutral';
-    style?: string;
-    previewUrl?: string;
-    isDefault?: boolean;
-    accent?: string;
-    age?: 'child' | 'young' | 'adult' | 'senior';
-}
-
 /**
  * Audio provider interfaces for Text-to-Speech and Speech-to-Text
  */
@@ -7355,138 +8853,994 @@ declare class VoiceStream extends EventEmitter$1 implements IDisposable {
      */
     private executeTTS;
     /**
-     * Drain the audio event buffer, yielding all ready events.
+     * Drain the audio event buffer, yielding all ready events.
+     */
+    private drainAudioBuffer;
+    /** Next chunk_index we're allowed to emit (ordering gate) */
+    private nextEmitChunkIndex;
+    /** Events from future chunks held back until their turn */
+    private holdBackBuffer;
+    /**
+     * Push an audio event, respecting chunk_index ordering.
+     * Events for the current chunk_index go directly to the consumer buffer.
+     * Events from later chunks are held back until earlier chunks complete.
+     */
+    private pushAudioEvent;
+    /**
+     * Called when a TTS chunk_index finishes (all sub-chunks emitted).
+     * Advances the gate and releases any held-back events for the next chunk.
+     */
+    private advanceChunkGate;
+    /**
+     * Wait until a new event is pushed to the audio buffer
+     */
+    private waitForBufferNotify;
+    private waitForTTSSlot;
+    private releaseTTSSlot;
+    private waitForQueueSlot;
+    private releaseQueueWaiter;
+    private releaseAllWaiters;
+    private cleanup;
+}
+
+/**
+ * Sentence boundary detection for voice pseudo-streaming.
+ * Splits streaming text deltas into speakable chunks.
+ */
+
+/**
+ * Default chunking strategy that splits text at sentence boundaries.
+ *
+ * Handles:
+ * - Sentence terminators (. ? !) followed by whitespace
+ * - Abbreviation exclusion (Dr., Mr., U.S., e.g., etc.)
+ * - Numeric decimals (3.14, $1.50)
+ * - Paragraph breaks (\n\n)
+ * - Fenced code block tracking (``` ... ```)
+ * - Markdown stripping
+ * - Min/max chunk length enforcement
+ */
+declare class SentenceChunkingStrategy implements IChunkingStrategy {
+    private buffer;
+    private inCodeBlock;
+    private codeBlockBuffer;
+    private options;
+    private abbreviations;
+    constructor(options?: ChunkingOptions);
+    feed(delta: string): string[];
+    flush(): string | null;
+    reset(): void;
+    private extractChunks;
+    /**
+     * Track and remove fenced code blocks from the buffer.
+     * Text inside code blocks is discarded (not spoken).
+     */
+    private processCodeBlocks;
+    /**
+     * Find the position right after the next sentence boundary.
+     * Returns -1 if no complete sentence boundary found.
+     */
+    private findSentenceBoundary;
+    /**
+     * Check if the period at position `pos` is part of a known abbreviation.
+     */
+    private isAbbreviation;
+    /**
+     * Check if the period at position `pos` is a decimal point.
+     * e.g., 3.14, $1.50
+     */
+    private isDecimalNumber;
+    /**
+     * Check if the period at position `pos` is part of an ellipsis (...).
+     */
+    private isEllipsis;
+    /**
+     * Split text that exceeds maxChunkLength at clause boundaries.
+     */
+    private splitLongText;
+    /**
+     * Merge chunks that are shorter than minChunkLength with the next chunk.
+     */
+    private mergeSmallChunks;
+    /**
+     * Strip markdown formatting from text for natural speech.
+     */
+    private cleanForSpeech;
+}
+
+/**
+ * AudioPlaybackQueue - Consumer-side helper for ordered audio playback
+ *
+ * TTS chunks may complete out of order (chunk 2 finishes before chunk 1).
+ * This queue buffers audio events and delivers them to the callback
+ * in sequential order by chunk_index.
+ *
+ * @example
+ * ```typescript
+ * const queue = new AudioPlaybackQueue((event) => {
+ *   // Play audio chunk — guaranteed to be in order
+ *   playAudio(Buffer.from(event.audio_base64, 'base64'));
+ * });
+ *
+ * for await (const event of voiceStream.wrap(agent.stream('Hello'))) {
+ *   if (isAudioChunkReady(event)) {
+ *     queue.enqueue(event);
+ *   }
+ * }
+ * ```
+ */
+
+declare class AudioPlaybackQueue {
+    private buffer;
+    private nextPlayIndex;
+    private onReady;
+    constructor(onReady: AudioChunkPlaybackCallback);
+    /**
+     * Enqueue an audio chunk event. If it's the next expected chunk,
+     * it (and any subsequent buffered chunks) are immediately delivered
+     * to the callback in order.
+     */
+    enqueue(event: AudioChunkReadyEvent): void;
+    /**
+     * Reset the queue (e.g., on interruption or new stream).
+     */
+    reset(): void;
+    /**
+     * Number of chunks currently buffered waiting for earlier chunks.
+     */
+    get pendingCount(): number;
+    /**
+     * The next chunk index expected for playback.
+     */
+    get nextExpectedIndex(): number;
+    private drain;
+}
+
+/**
+ * Voice capability types
+ *
+ * Defines the interfaces for voice calling integration:
+ * - VoiceBridge: multi-session manager connecting telephony to agents
+ * - VoiceSession: per-call state machine
+ * - IVoicePipeline: strategy pattern for audio ↔ agent routing
+ * - ITelephonyAdapter: abstraction over Twilio, Vonage, etc.
+ */
+
+/**
+ * Audio encoding formats used in voice pipelines.
+ * - pcm_s16le: 16-bit signed little-endian PCM (standard for STT/TTS)
+ * - mulaw: μ-law companded 8-bit (Twilio telephony)
+ * - alaw: A-law companded 8-bit (European telephony)
+ */
+type AudioEncoding = 'pcm_s16le' | 'mulaw' | 'alaw';
+/**
+ * A single frame of audio data exchanged between adapter and pipeline.
+ * All voice processing operates on these frames.
+ */
+interface AudioFrame {
+    /** Raw audio bytes */
+    audio: Buffer;
+    /** Sample rate in Hz (e.g., 8000 for Twilio, 16000/24000 for STT/TTS) */
+    sampleRate: number;
+    /** Encoding format */
+    encoding: AudioEncoding;
+    /** Always mono */
+    channels: 1;
+    /** Milliseconds from call start */
+    timestamp: number;
+}
+/** Result of VAD processing a single audio frame */
+type VADEvent = 'speech_start' | 'speech_end' | null;
+/**
+ * Voice Activity Detector interface.
+ * Implementations detect when the caller starts and stops speaking.
+ */
+interface IVoiceActivityDetector {
+    /** Feed an audio frame, returns speech state change (if any) */
+    process(frame: AudioFrame): VADEvent;
+    /** Reset internal state (e.g., between utterances) */
+    reset(): void;
+}
+/**
+ * Configuration for the default energy-based VAD
+ */
+interface EnergyVADConfig {
+    /** RMS energy threshold to consider as speech (0-1 scale). Default: 0.01 */
+    energyThreshold?: number;
+    /** Consecutive speech frames needed to trigger speech_start. Default: 3 */
+    speechFramesThreshold?: number;
+    /** Silence duration in ms to trigger speech_end. Default: 1500 */
+    silenceTimeout?: number;
+    /** Minimum speech duration in ms to be considered valid. Default: 250 */
+    minSpeechDuration?: number;
+}
+type CallDirection = 'inbound' | 'outbound';
+type SessionState = 'idle' | 'ringing' | 'connected' | 'listening' | 'processing' | 'speaking' | 'ending' | 'ended';
+/**
+ * Read-only snapshot of a voice session's state.
+ * Exposed to lifecycle hooks and event handlers.
+ */
+interface VoiceSessionInfo {
+    /** Unique session identifier */
+    sessionId: string;
+    /** Adapter-specific call identifier (e.g., Twilio CallSid) */
+    callId: string;
+    /** Whether this is an inbound or outbound call */
+    direction: CallDirection;
+    /** Caller identifier (phone number, SIP URI, etc.) */
+    from: string;
+    /** Called identifier */
+    to: string;
+    /** Current session state */
+    state: SessionState;
+    /** When the call was initiated */
+    startedAt: Date;
+    /** When the call ended (undefined if still active) */
+    endedAt?: Date;
+    /** Number of conversation turns completed */
+    turns: number;
+    /** Adapter-specific metadata (e.g., Twilio AccountSid, geographic info) */
+    metadata: Record<string, unknown>;
+}
+type CallEndReason = 'caller_hangup' | 'agent_hangup' | 'timeout' | 'error' | 'rejected';
+interface CallSummary {
+    /** Call duration in seconds */
+    duration: number;
+    /** Number of conversation turns */
+    turns: number;
+    /** Why the call ended */
+    endReason: CallEndReason;
+    /** Total STT processing time in ms */
+    totalSttMs: number;
+    /** Total TTS processing time in ms */
+    totalTtsMs: number;
+    /** Total agent processing time in ms */
+    totalAgentMs: number;
+}
+/**
+ * Lifecycle hooks for voice sessions.
+ * All hooks are async and called in order. Errors in hooks are logged
+ * but do not terminate the call (except onCallStart returning false).
+ */
+interface VoiceHooks {
+    /**
+     * Called when a new call connects (inbound or outbound).
+     * Return `false` to reject the call. Return void or true to accept.
+     */
+    onCallStart?: (session: VoiceSessionInfo) => Promise<boolean | void>;
+    /**
+     * Called after STT produces text, before sending to agent.
+     * Return modified text to alter what the agent sees.
+     */
+    beforeAgentResponse?: (text: string, session: VoiceSessionInfo) => Promise<string>;
+    /**
+     * Called after agent produces text, before TTS.
+     * Return modified text to alter what the caller hears.
+     */
+    afterAgentResponse?: (text: string, session: VoiceSessionInfo) => Promise<string>;
+    /**
+     * Called when the caller interrupts agent speech.
+     */
+    onInterrupt?: (session: VoiceSessionInfo) => Promise<void>;
+    /**
+     * Called when any error occurs during the call.
+     */
+    onError?: (error: Error, session: VoiceSessionInfo) => Promise<void>;
+    /**
+     * Called when the call ends for any reason.
+     */
+    onCallEnd?: (session: VoiceSessionInfo, summary: CallSummary) => Promise<void>;
+}
+/**
+ * Text pipeline configuration — STT → Agent → TTS
+ */
+interface TextPipelineConfig {
+    pipeline: 'text';
+    /** STT configuration */
+    stt: {
+        /** Connector name for the STT provider */
+        connector: string;
+        /** STT model (e.g., 'whisper-1'). Default: provider's default */
+        model?: string;
+        /** BCP-47 language hint (e.g., 'en'). Default: auto-detect */
+        language?: string;
+    };
+    /** TTS configuration */
+    tts: {
+        /** Connector name for the TTS provider */
+        connector: string;
+        /** TTS model (e.g., 'tts-1', 'tts-1-hd'). Default: 'tts-1' */
+        model?: string;
+        /** Voice ID (e.g., 'nova', 'alloy'). Default: 'nova' */
+        voice?: string;
+        /** Speech speed (0.25 to 4.0). Default: 1.0 */
+        speed?: number;
+    };
+}
+/**
+ * Realtime pipeline configuration — direct voice-to-voice via OpenAI Realtime API.
+ * No separate STT/TTS needed — the model handles audio natively.
+ */
+interface RealtimePipelineConfig {
+    pipeline: 'realtime';
+    /** Voice for the realtime model (e.g., 'alloy', 'echo', 'shimmer'). Default: 'alloy' */
+    voice?: string;
+    /**
+     * Turn detection mode:
+     * - 'server_vad': OpenAI handles VAD (default, recommended)
+     * - 'none': Manual turn management
+     */
+    turnDetection?: 'server_vad' | 'none';
+    /** VAD threshold (0.0-1.0) for server_vad mode. Default: 0.5 */
+    vadThreshold?: number;
+    /** Silence duration in ms before end-of-turn. Default: 500 */
+    silenceDurationMs?: number;
+    /** Enable input audio transcription for hooks/logging. Default: true */
+    inputTranscription?: boolean;
+    /** Transcription model for input audio. Default: 'gpt-4o-transcribe' */
+    transcriptionModel?: string;
+}
+type PipelineConfig = TextPipelineConfig | RealtimePipelineConfig;
+/**
+ * A single entry in the voice call transcript.
+ * Emitted by pipelines for UI display and logging.
+ */
+interface TranscriptMessage {
+    /** Who produced this message */
+    role: 'caller' | 'agent' | 'tool_use' | 'tool_result';
+    /** Text content (transcript, tool args JSON, or tool result) */
+    text: string;
+    /** Unix timestamp in ms */
+    timestamp: number;
+    /** Tool name (for tool_use / tool_result) */
+    toolName?: string;
+    /** Tool call ID for correlating use/result pairs */
+    toolCallId?: string;
+}
+/**
+ * Common fields shared by all VoiceBridge configurations.
+ */
+interface VoiceBridgeBaseConfig {
+    /** Agent configuration — connector, model, instructions, tools */
+    agent: AgentConfig$1;
+    /** Silence duration (ms) to consider end-of-utterance. Default: 1500 */
+    silenceTimeout?: number;
+    /** Allow caller to interrupt agent mid-speech. Default: true */
+    interruptible?: boolean;
+    /** First thing agent says when an inbound call connects. */
+    greeting?: string;
+    /** First thing agent says when an outbound call connects. If omitted, no greeting on outbound. */
+    greetingOutbound?: string;
+    /** Max concurrent calls. 0 = unlimited. Default: 10 */
+    maxConcurrentCalls?: number;
+    /** Max call duration in seconds. 0 = unlimited. Default: 3600 */
+    maxCallDuration?: number;
+    /** VAD configuration (for energy-based detector, text pipeline only) */
+    vad?: EnergyVADConfig;
+    /** Lifecycle hooks */
+    hooks?: VoiceHooks;
+}
+/**
+ * VoiceBridge configuration — discriminated union by pipeline type.
+ */
+type VoiceBridgeConfig = (VoiceBridgeBaseConfig & TextPipelineConfig) | (VoiceBridgeBaseConfig & RealtimePipelineConfig);
+/**
+ * Events emitted by a voice pipeline
+ */
+interface VoicePipelinePlaybackAck {
+    /** Telephony/provider specific acknowledgement token */
+    name: string;
+    /** Milliseconds of assistant audio acknowledged as played */
+    playedMs: number;
+}
+interface VoicePipelineEvents {
+    /** Audio ready to send to the caller */
+    'audio:out': (frame: AudioFrame) => void;
+    /** Session state changed */
+    'state:change': (state: SessionState) => void;
+    /** Caller interrupted agent speech (barge-in) */
+    'interrupt': () => void;
+    /** Telephony playback progress acknowledgement */
+    'playback:ack': (ack: VoicePipelinePlaybackAck) => void;
+    /** Transcript entry for UI display (caller text, agent text, tool calls) */
+    'transcript': (entry: TranscriptMessage) => void;
+    /** Error during processing */
+    'error': (error: Error) => void;
+}
+/**
+ * Voice pipeline strategy interface.
+ * TextPipeline and RealtimePipeline both implement this.
+ */
+interface IVoicePipeline {
+    /** Initialize pipeline for a new call session */
+    init(sessionInfo: VoiceSessionInfo): Promise<void>;
+    /** Process an incoming audio frame from the caller */
+    processAudio(frame: AudioFrame): void;
+    /** Signal that the caller stopped speaking (silence detected by VAD) */
+    onSpeechEnd(): Promise<void>;
+    /** Signal that the caller started speaking (interrupt if agent is speaking) */
+    onSpeechStart(): void;
+    /** Interrupt current agent response (e.g., caller spoke during TTS) */
+    interrupt(): void;
+    /** Notify pipeline of telephony playback progress */
+    onPlaybackAck?(ack: VoicePipelinePlaybackAck): void;
+    /** Get current pipeline state */
+    getState(): SessionState;
+    /** Subscribe to pipeline events */
+    on<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): void;
+    off<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): void;
+    /** Clean up all resources (agent, TTS, STT) */
+    destroy(): Promise<void>;
+}
+/**
+ * Metadata for an incoming call from the telephony provider.
+ * The adapter maps provider-specific data to this structure.
+ */
+interface IncomingCallInfo {
+    /** Provider-specific call ID (e.g., Twilio CallSid) */
+    callId: string;
+    /** Caller identifier (phone number, SIP URI) */
+    from: string;
+    /** Called identifier */
+    to: string;
+    /** Adapter-specific metadata */
+    metadata: Record<string, unknown>;
+}
+/**
+ * Telephony adapter events
+ */
+interface TelephonyMediaTimestamp {
+    /** Twilio media timestamp in ms from stream start */
+    timestamp: number;
+}
+interface TelephonyAdapterEvents {
+    /** A new call has been established and audio is flowing */
+    'call:connected': (callId: string, info: IncomingCallInfo) => void;
+    /** Audio frame received from caller */
+    'call:audio': (callId: string, frame: AudioFrame) => void;
+    /** Latest inbound media timestamp from telephony */
+    'call:media_timestamp': (callId: string, info: TelephonyMediaTimestamp) => void;
+    /** Call has ended */
+    'call:ended': (callId: string, reason: string) => void;
+    /** Adapter-level error */
+    'error': (error: Error, callId?: string) => void;
+}
+/**
+ * Abstraction over telephony providers (Twilio, Vonage, etc.).
+ * The adapter handles the provider-specific protocol and exposes
+ * a uniform audio frame interface to the VoiceBridge.
+ */
+interface ITelephonyAdapter {
+    /** Send an audio frame to the caller */
+    sendAudio(callId: string, frame: AudioFrame): void;
+    /** Clear all buffered outbound audio for a call (barge-in/interrupt) */
+    clearAudio?(callId: string): void;
+    /** End a specific call */
+    hangup(callId: string): Promise<void>;
+    /** Initiate an outbound call. Returns the provider-specific call ID. */
+    makeCall?(config: OutboundCallConfig): Promise<string>;
+    /** Get all active call IDs */
+    getActiveCalls(): string[];
+    /** Subscribe to adapter events */
+    on<K extends keyof TelephonyAdapterEvents>(event: K, handler: TelephonyAdapterEvents[K]): void;
+    off<K extends keyof TelephonyAdapterEvents>(event: K, handler: TelephonyAdapterEvents[K]): void;
+    /** Clean up all connections */
+    destroy(): Promise<void>;
+}
+/**
+ * Configuration for initiating an outbound call.
+ */
+interface OutboundCallConfig {
+    /** Destination phone number (E.164 format, e.g., '+15558675310') */
+    to: string;
+    /** Caller ID / from phone number (must be a verified Twilio number) */
+    from: string;
+    /** Ring timeout in seconds before giving up. Default: 30 */
+    timeout?: number;
+    /** Enable answering machine detection. Default: false */
+    machineDetection?: boolean;
+}
+interface TwilioAdapterConfig {
+    /** Twilio connector name (for REST API auth) */
+    connector: string;
+    /**
+     * Twilio Account SID. Required for outbound calls.
+     * For inbound-only, this is extracted from the media stream event.
      */
-    private drainAudioBuffer;
+    accountSid?: string;
     /**
-     * Push an audio event and wake up the consumer in wrap()
+     * WebSocket server mode:
+     * - 'standalone': adapter creates its own HTTP/WS server
+     * - 'external': you provide handlers for your existing server
      */
-    private pushAudioEvent;
+    mode?: 'standalone' | 'external';
+    /** Port for standalone mode. Default: 3000 */
+    port?: number;
+    /** Path for voice webhook. Default: '/voice' */
+    webhookPath?: string;
+    /** Path for media stream WebSocket. Default: '/media-stream' */
+    mediaStreamPath?: string;
     /**
-     * Wait until a new event is pushed to the audio buffer
+     * Public URL where Twilio can reach this server.
+     * Required for standalone mode and outbound calls.
+     * Example: 'https://myserver.com' or 'https://abc123.ngrok.io'
      */
-    private waitForBufferNotify;
-    private waitForTTSSlot;
-    private releaseTTSSlot;
-    private waitForQueueSlot;
-    private releaseQueueWaiter;
-    private releaseAllWaiters;
-    private cleanup;
+    publicUrl?: string;
 }
 
 /**
- * Sentence boundary detection for voice pseudo-streaming.
- * Splits streaming text deltas into speakable chunks.
+ * VoiceBridge - Multi-session voice call manager
+ *
+ * Connects a telephony adapter to agents via voice pipelines.
+ * Creates a fresh Agent and pipeline per call, manages concurrent sessions,
+ * and fires lifecycle hooks.
+ *
+ * @example
+ * ```typescript
+ * const bridge = VoiceBridge.create({
+ *   agent: { connector: 'anthropic', model: 'claude-sonnet-4-6', tools: [...] },
+ *   pipeline: 'text',
+ *   stt: { connector: 'openai', model: 'whisper-1' },
+ *   tts: { connector: 'openai', model: 'tts-1', voice: 'nova' },
+ *   greeting: 'Hello! How can I help you today?',
+ *   hooks: {
+ *     onCallStart: async (session) => { console.log('Call from', session.from); },
+ *     onCallEnd: async (session, summary) => { console.log('Duration:', summary.duration); },
+ *   },
+ * });
+ *
+ * // Attach to a telephony adapter
+ * bridge.attach(twilioAdapter);
+ * ```
  */
 
+interface VoiceBridgeEvents {
+    'session:created': (info: VoiceSessionInfo) => void;
+    'session:ended': (info: VoiceSessionInfo, summary: CallSummary) => void;
+    'transcript': (info: VoiceSessionInfo, entry: TranscriptMessage) => void;
+    'error': (error: Error, sessionId?: string) => void;
+}
+declare class VoiceBridge extends EventEmitter$1 {
+    private config;
+    private sessions;
+    private callToSession;
+    private pendingOutbound;
+    private cleanupTimers;
+    private endingSessions;
+    private adapter;
+    private destroyed;
+    static create(config: VoiceBridgeConfig): VoiceBridge;
+    private constructor();
+    attach(adapter: ITelephonyAdapter): void;
+    detach(): void;
+    getActiveSessions(): VoiceSessionInfo[];
+    getSession(sessionId: string): VoiceSessionInfo | null;
+    get activeSessionCount(): number;
+    hangup(sessionId: string): Promise<void>;
+    /**
+     * Initiate an outbound call.
+     * The adapter places the call via the telephony provider. When the callee
+     * answers and the media stream connects, the normal session lifecycle
+     * (agent creation, pipeline, hooks) kicks in automatically.
+     *
+     * @returns callId from the telephony provider
+     */
+    makeCall(to: string, from: string): Promise<string>;
+    private handleCallConnected;
+    private handleCallAudio;
+    private handleCallEnded;
+    private handleMediaTimestamp;
+    private handleAdapterError;
+    private onCallConnected;
+    private endSession;
+    private createPipeline;
+    private fireHook;
+    destroy(): Promise<void>;
+}
+
 /**
- * Default chunking strategy that splits text at sentence boundaries.
+ * VoiceSession - Per-call state machine
  *
- * Handles:
- * - Sentence terminators (. ? !) followed by whitespace
- * - Abbreviation exclusion (Dr., Mr., U.S., e.g., etc.)
- * - Numeric decimals (3.14, $1.50)
- * - Paragraph breaks (\n\n)
- * - Fenced code block tracking (``` ... ```)
- * - Markdown stripping
- * - Min/max chunk length enforcement
+ * Manages the lifecycle of a single voice call:
+ * - State transitions (idle → ringing → connected → ... → ended)
+ * - Turn counting
+ * - Timing metrics
+ * - Owns one Agent instance and one IVoicePipeline instance
  */
-declare class SentenceChunkingStrategy implements IChunkingStrategy {
-    private buffer;
-    private inCodeBlock;
-    private codeBlockBuffer;
-    private options;
-    private abbreviations;
-    constructor(options?: ChunkingOptions);
-    feed(delta: string): string[];
-    flush(): string | null;
-    reset(): void;
-    private extractChunks;
+
+interface VoiceSessionEvents {
+    'state:change': (prev: SessionState, next: SessionState, info: VoiceSessionInfo) => void;
+    'ended': (summary: CallSummary) => void;
+    'error': (error: Error) => void;
+}
+declare class VoiceSession extends EventEmitter$1 {
+    readonly sessionId: string;
+    readonly direction: CallDirection;
+    readonly callId: string;
+    readonly from: string;
+    readonly to: string;
+    readonly startedAt: Date;
+    readonly metadata: Record<string, unknown>;
+    private _state;
+    private _endedAt?;
+    private _turns;
+    private _endReason;
+    private _totalSttMs;
+    private _totalTtsMs;
+    private _totalAgentMs;
+    private _agent;
+    private _pipeline;
+    private _maxDurationTimer;
+    constructor(callInfo: IncomingCallInfo, direction?: CallDirection);
+    get state(): SessionState;
+    get turns(): number;
+    get agent(): Agent | null;
+    get pipeline(): IVoicePipeline | null;
     /**
-     * Track and remove fenced code blocks from the buffer.
-     * Text inside code blocks is discarded (not spoken).
+     * Transition to a new state. Throws if the transition is invalid.
      */
-    private processCodeBlocks;
+    transition(newState: SessionState): void;
     /**
-     * Find the position right after the next sentence boundary.
-     * Returns -1 if no complete sentence boundary found.
+     * Increment the turn counter (called after each agent response completes)
      */
-    private findSentenceBoundary;
+    incrementTurns(): void;
+    addSttTime(ms: number): void;
+    addTtsTime(ms: number): void;
+    addAgentTime(ms: number): void;
     /**
-     * Check if the period at position `pos` is part of a known abbreviation.
+     * Create and assign the agent for this call session.
      */
-    private isAbbreviation;
+    createAgent(config: AgentConfig$1): Agent;
     /**
-     * Check if the period at position `pos` is a decimal point.
-     * e.g., 3.14, $1.50
+     * Assign the voice pipeline for this call session.
      */
-    private isDecimalNumber;
+    setPipeline(pipeline: IVoicePipeline): void;
     /**
-     * Check if the period at position `pos` is part of an ellipsis (...).
+     * Set a maximum call duration timer.
+     * When it fires, the session transitions to 'ending'.
      */
-    private isEllipsis;
+    setMaxDuration(seconds: number): void;
     /**
-     * Split text that exceeds maxChunkLength at clause boundaries.
+     * Get a read-only snapshot of the session state.
      */
-    private splitLongText;
+    getInfo(): VoiceSessionInfo;
     /**
-     * Merge chunks that are shorter than minChunkLength with the next chunk.
+     * Set the reason the call ended (before calling end()).
      */
-    private mergeSmallChunks;
+    setEndReason(reason: CallEndReason): void;
     /**
-     * Strip markdown formatting from text for natural speech.
+     * Get the call summary. Only meaningful after the session has ended.
      */
-    private cleanForSpeech;
+    getSummary(): CallSummary;
+    /**
+     * End the session and clean up all resources.
+     */
+    end(reason?: CallEndReason): Promise<CallSummary>;
 }
 
 /**
- * AudioPlaybackQueue - Consumer-side helper for ordered audio playback
- *
- * TTS chunks may complete out of order (chunk 2 finishes before chunk 1).
- * This queue buffers audio events and delivers them to the callback
- * in sequential order by chunk_index.
+ * TextPipeline - STT → Agent → TTS voice pipeline
  *
- * @example
- * ```typescript
- * const queue = new AudioPlaybackQueue((event) => {
- *   // Play audio chunk — guaranteed to be in order
- *   playAudio(Buffer.from(event.audio_base64, 'base64'));
- * });
+ * Processes a voice call using the text-based approach:
+ * 1. Accumulate audio frames from caller
+ * 2. VAD detects end of speech
+ * 3. STT transcribes accumulated audio to text
+ * 4. Agent processes text (may call tools)
+ * 5. Agent response streamed through VoiceStream (TTS)
+ * 6. Audio frames sent back to caller
  *
- * for await (const event of voiceStream.wrap(agent.stream('Hello'))) {
- *   if (isAudioChunkReady(event)) {
- *     queue.enqueue(event);
- *   }
- * }
- * ```
+ * This pipeline works with ANY LLM - the agent handles text in/out,
+ * and we handle the audio conversion on both sides.
  */
 
-declare class AudioPlaybackQueue {
-    private buffer;
-    private nextPlayIndex;
-    private onReady;
-    constructor(onReady: AudioChunkPlaybackCallback);
+interface TextPipelineInitConfig {
+    agent: Agent;
+    session: VoiceSession;
+    stt: TextPipelineConfig['stt'];
+    tts: TextPipelineConfig['tts'];
+    vad: IVoiceActivityDetector;
+    interruptible: boolean;
+    greeting?: string;
+    hooks?: VoiceHooks;
+}
+declare class TextPipeline extends EventEmitter$1 implements IVoicePipeline {
+    private agent;
+    private session;
+    private stt;
+    private tts;
+    private voiceStream;
+    private vad;
+    private hooks;
+    private interruptible;
+    private greeting?;
+    private ttsVoice;
+    private _state;
+    private destroyed;
+    private isProcessingUtterance;
+    private utteranceBuffer;
+    private utteranceStartTime;
+    private currentStreamAbort;
+    private audioChunkCount;
+    constructor(config: TextPipelineInitConfig);
+    init(_sessionInfo: VoiceSessionInfo): Promise<void>;
+    /** Consecutive high-energy frames during speaking state (for barge-in) */
+    private bargeInFrames;
+    private bargeInDiagCounter;
+    /** Energy threshold for barge-in during speaking (higher than normal to reject echo) */
+    private static readonly BARGE_IN_ENERGY_THRESHOLD;
+    /** Consecutive frames needed to confirm barge-in (not just a brief noise spike) */
+    private static readonly BARGE_IN_FRAMES_REQUIRED;
+    processAudio(frame: AudioFrame): void;
+    /**
+     * Calculate RMS energy of a single audio frame (for barge-in detection).
+     */
+    private calculateFrameEnergy;
+    onSpeechStart(): void;
+    onSpeechEnd(): Promise<void>;
+    interrupt(): void;
+    getState(): SessionState;
+    on<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): this;
+    off<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): this;
+    destroy(): Promise<void>;
+    private setState;
     /**
-     * Enqueue an audio chunk event. If it's the next expected chunk,
-     * it (and any subsequent buffered chunks) are immediately delivered
-     * to the callback in order.
+     * Synthesize text to speech and emit audio frames.
+     * Used for greeting and other non-agent audio.
      */
-    enqueue(event: AudioChunkReadyEvent): void;
+    private synthesizeAndSend;
+}
+
+/**
+ * RealtimePipeline - OpenAI Realtime WebSocket voice-to-voice pipeline
+ *
+ * Connects directly to OpenAI's Realtime API for native audio-to-audio streaming.
+ * Instead of STT → Agent → TTS, audio goes directly to/from the model over WebSocket.
+ *
+ * Features:
+ * - Native voice-to-voice with <200ms latency
+ * - Built-in server-side VAD (no EnergyVAD needed)
+ * - Function calling via the same WebSocket
+ * - Conversation transcript maintained for UI display
+ * - G.711 μ-law 8kHz audio format (matches Twilio native)
+ */
+
+interface RealtimePipelineInitConfig {
+    agentConfig: AgentConfig$1;
+    session: VoiceSession;
+    voice?: string;
+    turnDetection?: 'server_vad' | 'none';
+    vadThreshold?: number;
+    silenceDurationMs?: number;
+    inputTranscription?: boolean;
+    transcriptionModel?: string;
+    greeting?: string;
+    interruptible?: boolean;
+    hooks?: VoiceHooks;
+}
+declare class RealtimePipeline extends EventEmitter$1 implements IVoicePipeline {
+    private config;
+    private session;
+    private toolManager;
+    private tools;
+    private ws;
+    private state;
+    private destroyed;
+    private ignoringEvents;
+    private sessionInfo;
+    private transcript;
+    private agentTranscriptBuffer;
+    private pendingToolCalls;
+    private isResponseActive;
+    private currentResponseId;
+    private currentAssistantItemId;
+    private currentAssistantContentIndex;
+    private responseStartTimestamp;
+    private latestMediaTimestamp;
+    private hasStartedAudioForCurrentResponse;
+    private interruptingResponseId;
+    private tailResponseId;
+    private tailAssistantItemId;
+    private tailAssistantContentIndex;
+    private tailResponseStartTimestamp;
+    private tailExpiresAt;
+    constructor(config: RealtimePipelineInitConfig);
+    init(sessionInfo: VoiceSessionInfo): Promise<void>;
+    processAudio(frame: AudioFrame): void;
+    onSpeechEnd(): Promise<void>;
+    onSpeechStart(): void;
+    interrupt(): void;
+    onPlaybackAck(_ack: {
+        name: string;
+        playedMs: number;
+    }): void;
+    onTelephonyTimestamp(timestamp: number): void;
+    getState(): SessionState;
+    on<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): this;
+    off<K extends keyof VoicePipelineEvents>(event: K, handler: VoicePipelineEvents[K]): this;
     /**
-     * Reset the queue (e.g., on interruption or new stream).
+     * Get the full conversation transcript for this session.
      */
+    getTranscript(): TranscriptMessage[];
+    destroy(): Promise<void>;
+    private sendSessionUpdate;
+    private handleServerEvent;
+    private executeToolCall;
+    private sendEvent;
+    private setState;
+    private getElapsedPlaybackMs;
+    private getTailElapsedPlaybackMs;
+    private clearPlaybackTailContext;
+    private handleBargeIn;
+    private isAssistantPlaybackActive;
+    private isPlaybackTailActive;
+    private truncateAssistantAudio;
+    private emitError;
+    private addTranscript;
+    private fireHookSafe;
+}
+
+/**
+ * EnergyVAD - Simple energy-based Voice Activity Detection
+ *
+ * Detects speech start/end based on RMS energy threshold and timing.
+ * Suitable for telephony audio where background noise is relatively low.
+ *
+ * Can be replaced with more sophisticated VAD (WebRTC VAD, Silero, etc.)
+ * by implementing IVoiceActivityDetector.
+ */
+
+declare class EnergyVAD implements IVoiceActivityDetector {
+    private config;
+    private isSpeaking;
+    private consecutiveSpeechFrames;
+    private speechStartTime;
+    private lastSpeechTime;
+    private nonPcmWarned;
+    constructor(config?: EnergyVADConfig);
+    process(frame: AudioFrame): VADEvent;
     reset(): void;
     /**
-     * Number of chunks currently buffered waiting for earlier chunks.
+     * Calculate RMS (Root Mean Square) energy of an audio frame.
+     * Expects PCM 16-bit signed little-endian. Non-PCM formats produce
+     * inaccurate results — the adapter should transcode to PCM first.
      */
-    get pendingCount(): number;
+    private calculateRMS;
+}
+
+/**
+ * TwilioAdapter - Telephony adapter for Twilio Voice
+ *
+ * Handles:
+ * - Inbound call webhooks (returns TwiML to connect Media Stream)
+ * - Twilio Media Stream WebSocket protocol
+ * - μ-law ↔ PCM transcoding
+ * - Maps Twilio protocol to ITelephonyAdapter interface
+ *
+ * Usage modes:
+ * 1. Standalone: adapter creates its own HTTP/WS server
+ * 2. External: you get webhook/media handlers for your existing server
+ *
+ * @example Standalone
+ * ```typescript
+ * const adapter = TwilioAdapter.createStandalone({
+ *   connector: 'twilio',
+ *   port: 3000,
+ *   publicUrl: 'https://abc123.ngrok.io',
+ * });
+ * await adapter.start();
+ * ```
+ *
+ * @example External (Express + ws)
+ * ```typescript
+ * const adapter = TwilioAdapter.create({ connector: 'twilio' });
+ * app.post('/voice', adapter.webhookHandler());
+ * wss.on('connection', (ws, req) => {
+ *   if (req.url === '/media-stream') adapter.handleMediaSocket(ws);
+ * });
+ * ```
+ */
+
+declare class TwilioAdapter extends EventEmitter$1 implements ITelephonyAdapter {
+    private config;
+    private connector;
+    private streams;
+    private streamSidToCallId;
+    private pendingOutbound;
+    private destroyed;
+    private server;
+    static create(config: TwilioAdapterConfig): TwilioAdapter;
+    static createStandalone(config: TwilioAdapterConfig & {
+        publicUrl: string;
+        port?: number;
+    }): TwilioAdapter;
+    private constructor();
     /**
-     * The next chunk index expected for playback.
+     * Make a Twilio REST API call with proper Basic Auth.
+     *
+     * Twilio requires HTTP Basic Auth = base64(AccountSid:AuthToken).
+     * The Connector.fetch() doesn't support two-part Basic Auth natively,
+     * so we construct it manually here.
+     */
+    private twilioFetch;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    webhookHandler(): (req: any, res: any) => void;
+    handleMediaSocket(ws: any): void;
+    /** Counter for diagnostic logging (first few frames only) */
+    private sendDiagCount;
+    sendAudio(callId: string, frame: AudioFrame): void;
+    clearAudio(callId: string): void;
+    hangup(callId: string): Promise<void>;
+    getActiveCalls(): string[];
+    on<K extends keyof TelephonyAdapterEvents>(event: K, handler: TelephonyAdapterEvents[K]): this;
+    off<K extends keyof TelephonyAdapterEvents>(event: K, handler: TelephonyAdapterEvents[K]): this;
+    destroy(): Promise<void>;
+    /**
+     * Initiate an outbound call via Twilio REST API.
+     * When the callee answers, Twilio hits /voice-outbound which returns
+     * TwiML to connect a media stream (same pipeline as inbound).
+     *
+     * @returns The Twilio CallSid
      */
-    get nextExpectedIndex(): number;
-    private drain;
+    makeCall(config: OutboundCallConfig): Promise<string>;
+    /**
+     * Returns a webhook handler for outbound calls (external mode).
+     * When callee answers, Twilio POSTs to this endpoint.
+     */
+    outboundWebhookHandler(): (req: any, res: any) => void;
+    private handleOutboundWebhookRequest;
+    private handleWebhookRequest;
+    private handleStreamStart;
+    private handleStreamMedia;
+    private handlePlaybackMark;
+    private handleStreamStop;
+    private cleanupStream;
 }
 
+/**
+ * Audio codec utilities for Twilio integration
+ *
+ * Twilio Media Streams send/receive μ-law encoded audio at 8kHz mono.
+ * OpenAI TTS outputs PCM 16-bit signed LE at 24kHz.
+ *
+ * μ-law encoder and decoder are line-by-line translations of the
+ * Sun Microsystems / ITU-T G.711 reference C implementation.
+ * Source: CCITT Rec. G.711 (1988), also used in FFmpeg, sox, libsndfile.
+ */
+/**
+ * Decode μ-law audio buffer to PCM 16-bit signed little-endian.
+ *
+ * @param mulaw - Buffer of μ-law encoded bytes (8kHz mono)
+ * @returns Buffer of PCM 16-bit signed LE samples (2x the input length)
+ */
+declare function mulawToPcm(mulaw: Buffer): Buffer;
+/**
+ * Encode PCM 16-bit signed little-endian to μ-law.
+ *
+ * @param pcm - Buffer of PCM 16-bit signed LE samples
+ * @returns Buffer of μ-law encoded bytes (half the input length)
+ */
+declare function pcmToMulaw(pcm: Buffer): Buffer;
+/**
+ * Resample PCM 16-bit audio.
+ * Downsampling uses box filter (averaging) for anti-aliasing.
+ * Upsampling uses linear interpolation.
+ *
+ * @param pcm - Input PCM 16-bit signed LE buffer
+ * @param fromRate - Source sample rate (e.g., 24000)
+ * @param toRate - Target sample rate (e.g., 8000)
+ * @returns Resampled PCM 16-bit signed LE buffer
+ */
+declare function resamplePcm(pcm: Buffer, fromRate: number, toRate: number): Buffer;
+/**
+ * Convert Twilio μ-law 8kHz audio to PCM 16-bit at target sample rate.
+ */
+declare function twilioToStt(mulaw: Buffer, targetRate?: number): Buffer;
+/**
+ * Convert PCM 16-bit audio to Twilio μ-law 8kHz format.
+ */
+declare function sttToTwilio(pcm: Buffer, sourceRate?: number): Buffer;
+
 /**
  * SearchProvider - Unified search interface with connector support
  *
@@ -8251,6 +10605,35 @@ declare function documentToContent(result: DocumentResult, options?: DocumentToC
  */
 declare function readDocumentAsContent(source: DocumentSource | string, options?: DocumentReadOptions & DocumentToContentOptions): Promise<Content[]>;
 
+/**
+ * FileUserPermissionRulesStorage - File-based storage for per-user permission rules.
+ *
+ * Path: ~/.oneringai/users/<userId>/permission_rules.json
+ * Windows: %APPDATA%/oneringai/users/<userId>/permission_rules.json
+ *
+ * Same pattern as FileUserInfoStorage — atomic writes, userId sanitization.
+ */
+
+interface FileUserPermissionRulesStorageConfig {
+    /** Override the base directory (default: ~/.oneringai/users) */
+    baseDirectory?: string;
+    /** Override the filename (default: permission_rules.json) */
+    filename?: string;
+}
+declare class FileUserPermissionRulesStorage implements IUserPermissionRulesStorage {
+    private readonly baseDirectory;
+    private readonly filename;
+    constructor(config?: FileUserPermissionRulesStorageConfig);
+    private getUserDirectory;
+    private getUserFilePath;
+    load(userId: string | undefined): Promise<UserPermissionRule[] | null>;
+    save(userId: string | undefined, rules: UserPermissionRule[]): Promise<void>;
+    delete(userId: string | undefined): Promise<void>;
+    exists(userId: string | undefined): Promise<boolean>;
+    getPath(userId: string | undefined): string;
+    private ensureDirectory;
+}
+
 /**
  * Agent state entities for TaskAgent
  *
@@ -8557,6 +10940,8 @@ declare class FileContextStorage implements IContextStorage {
     private readonly indexPath;
     private readonly prettyPrint;
     private index;
+    /** Async mutex to prevent concurrent read-modify-write corruption of the index */
+    private _indexLock;
     /** History journal companion — appends full conversation history as JSONL */
     readonly journal: IHistoryJournal;
     constructor(config: FileContextStorageConfig);
@@ -8607,6 +10992,11 @@ declare class FileContextStorage implements IContextStorage {
     private loadRaw;
     private loadIndex;
     private saveIndex;
+    /**
+     * Acquire the index lock, run fn, then release.
+     * Serializes all index mutations to prevent concurrent read-modify-write corruption.
+     */
+    private withIndexLock;
     private updateIndex;
     private removeFromIndex;
     private storedToIndexEntry;
@@ -8667,6 +11057,10 @@ declare function createFileContextStorage(agentId: string, options?: Omit<FileCo
  * ```
  */
 
+/**
+ * Sanitize ID for use as a filename.
+ * Same logic as FileContextStorage to ensure matching paths.
+ */
 /**
  * File-based history journal using JSONL format.
  */
@@ -8941,6 +11335,10 @@ interface FileUserInfoStorageConfig {
     /** Override the filename (default: user_info.json) */
     filename?: string;
 }
+/**
+ * Sanitize user ID for use as a directory name
+ * Removes or replaces characters that are not safe for filenames
+ */
 /**
  * File-based storage for user information
  *
@@ -9135,6 +11533,53 @@ declare class FileRoutineExecutionStorage implements IRoutineExecutionStorage {
  */
 declare function createFileRoutineExecutionStorage(config?: FileRoutineExecutionStorageConfig): FileRoutineExecutionStorage;
 
+/**
+ * FileCorrelationStorage - File-based storage for correlation mappings
+ *
+ * Stores correlation entries as individual JSON files on disk.
+ * Path: ~/.oneringai/correlations/<correlationId-hash>.json
+ *
+ * Features:
+ * - Safe filename hashing for arbitrary correlation IDs
+ * - Reverse index by sessionId for cleanup on resume
+ * - Automatic expiry checking on resolve
+ * - Atomic file operations (write to temp, then rename)
+ */
+
+/**
+ * Configuration for FileCorrelationStorage
+ */
+interface FileCorrelationStorageConfig {
+    /** Override the base directory (default: ~/.oneringai/correlations) */
+    baseDirectory?: string;
+}
+/**
+ * File-based implementation of ICorrelationStorage
+ */
+declare class FileCorrelationStorage implements ICorrelationStorage {
+    private readonly baseDir;
+    private _initialized;
+    constructor(config?: FileCorrelationStorageConfig);
+    private ensureDir;
+    private getFilePath;
+    save(correlationId: string, ref: SessionRef): Promise<void>;
+    resolve(correlationId: string): Promise<SessionRef | null>;
+    delete(correlationId: string): Promise<void>;
+    exists(correlationId: string): Promise<boolean>;
+    listBySession(sessionId: string): Promise<string[]>;
+    listByAgent(agentId: string): Promise<CorrelationSummary[]>;
+    pruneExpired(): Promise<number>;
+    getPath(): string;
+    /**
+     * Read all stored correlation entries
+     */
+    private _readAll;
+}
+/**
+ * Create a FileCorrelationStorage with default settings
+ */
+declare function createFileCorrelationStorage(config?: FileCorrelationStorageConfig): FileCorrelationStorage;
+
 /**
  * WorkingMemory class - manages indexed working memory for TaskAgent
  *
@@ -11128,10 +13573,11 @@ declare abstract class BaseProvider implements IProvider {
     protected getMaxRetries(): number;
 }
 
-declare abstract class BaseTextProvider extends BaseProvider implements ITextProvider {
+declare abstract class BaseTextProvider extends BaseProvider implements ITextProvider, IDisposable {
     protected circuitBreaker?: CircuitBreaker;
     protected logger: FrameworkLogger;
     private _isObservabilityInitialized;
+    private _isDestroyed;
     constructor(config: any);
     /**
      * Auto-initialize observability on first use (lazy initialization)
@@ -11160,11 +13606,20 @@ declare abstract class BaseTextProvider extends BaseProvider implements ITextPro
      * Normalize input to string (helper for providers that don't support complex input)
      */
     protected normalizeInputToString(input: string | any[]): string;
+    /**
+     * Map common HTTP error codes to typed provider errors.
+     * Subclasses can override for vendor-specific error mapping and call super.mapError() as fallback.
+     */
+    protected mapError(error: unknown, providerName?: string): Error;
     /**
      * List available models from the provider's API.
      * Default returns empty array; providers override when they have SDK support.
      */
     listModels(): Promise<string[]>;
+    /**
+     * Check if the provider has been destroyed
+     */
+    get isDestroyed(): boolean;
     /**
      * Clean up provider resources (circuit breaker listeners, etc.)
      * Should be called when the provider is no longer needed.
@@ -12802,7 +15257,7 @@ declare function isBlockedCommand(command: string, config?: ShellToolConfig): {
  * Features:
  * - Configurable timeouts
  * - Output truncation for large outputs
- * - Background execution support
+ * - Background execution via BackgroundProcessManager
  * - Blocked command patterns for safety
  * - Working directory persistence
  */
@@ -12826,6 +15281,7 @@ interface BashArgs {
 declare function createBashTool(config?: ShellToolConfig): ToolFunction<BashArgs, BashResult>;
 /**
  * Get output from a background process
+ * @deprecated Use BackgroundProcessManager.readOutput() or bg_process_output tool instead
  */
 declare function getBackgroundOutput(bgId: string): {
     found: boolean;
@@ -12834,6 +15290,7 @@ declare function getBackgroundOutput(bgId: string): {
 };
 /**
  * Kill a background process
+ * @deprecated Use BackgroundProcessManager.kill() or bg_process_kill tool instead
  */
 declare function killBackgroundProcess(bgId: string): boolean;
 /**
@@ -14744,7 +17201,7 @@ declare const desktopTools: (ToolFunction<DesktopScreenshotArgs, DesktopScreensh
  * AUTO-GENERATED FILE - DO NOT EDIT MANUALLY
  *
  * Generated by: scripts/generate-tool-registry.ts
- * Generated at: 2026-03-12T18:47:09.908Z
+ * Generated at: 2026-03-17T09:34:42.832Z
  *
  * To regenerate: npm run generate:tools
  */
@@ -15473,4 +17930,4 @@ declare class EventEmitterTrigger implements IDisposable {
     get isDestroyed(): boolean;
 }
 
-export { AGENT_DEFINITION_FORMAT_VERSION, AIError, APPROVAL_STATE_VERSION, Agent, type AgentConfig$1 as AgentConfig, AgentContextNextGen, AgentContextNextGenConfig, type AgentDefinitionListOptions, type AgentDefinitionMetadata, type AgentDefinitionSummary, AgentEvents, type AgentMetrics, type AgentPermissionsConfig, AgentResponse, type AgentSessionConfig, type AgentState, type AgentStatus, type ApprovalCacheEntry, type ApprovalDecision, ApproximateTokenEstimator, type AudioChunkPlaybackCallback, AudioChunkReadyEvent, AudioFormat, AudioPlaybackQueue, AuditEntry, AuthIdentity, type AuthTemplate, type AuthTemplateField, type BackoffConfig, type BackoffStrategyType, BaseMediaProvider, BasePluginNextGen, BaseProvider, type BaseProviderConfig$1 as BaseProviderConfig, type BaseProviderResponse, BaseTextProvider, type BashResult, type BeforeExecuteResult, BraveProvider, CONNECTOR_CONFIG_VERSION, CUSTOM_TOOL_DEFINITION_VERSION, CheckpointManager, type CheckpointStrategy, type ChunkingOptions, CircuitBreaker, type CircuitBreakerConfig, type CircuitBreakerEvents, type CircuitBreakerMetrics, CircuitOpenError, type CircuitState, type ClipboardImageResult, CompactionContext, CompactionResult, Connector, ConnectorAccessContext, ConnectorAuth, ConnectorConfig, ConnectorConfigResult, ConnectorConfigStore, ConnectorFetchOptions, type ConnectorToolEntry, ConnectorTools, type ConnectorToolsOptions, ConsoleMetrics, ConsolidationResult, Content, ContextBudget$1 as ContextBudget, ContextEvents, ContextFeatures, type ContextManagerConfig, type ContextOverflowBudget, ContextOverflowError, ContextSessionMetadata, ContextSessionSummary, ContextStorageListOptions, type ControlFlowResult, type ControlFlowSource, type ConversationMessage, type CreateConnectorOptions, type CustomToolDefinition, type CustomToolListOptions, type CustomToolMetaToolsOptions, type CustomToolMetadata, type CustomToolSummary, type CustomToolTestCase, DEFAULT_ALLOWLIST, DEFAULT_BACKOFF_CONFIG, DEFAULT_CHECKPOINT_STRATEGY, DEFAULT_CIRCUIT_BREAKER_CONFIG, DEFAULT_CONTEXT_CONFIG, DEFAULT_DESKTOP_CONFIG, DEFAULT_FILESYSTEM_CONFIG, DEFAULT_HISTORY_MANAGER_CONFIG, DEFAULT_PERMISSION_CONFIG, DEFAULT_RATE_LIMITER_CONFIG, DEFAULT_SHELL_CONFIG, DESKTOP_TOOL_NAMES, type DefaultAllowlistedTool, DefaultCompactionStrategy, type DefaultCompactionStrategyConfig, DependencyCycleError, type DesktopGetCursorResult, type DesktopGetScreenSizeResult, type DesktopKeyboardKeyArgs, type DesktopKeyboardKeyResult, type DesktopKeyboardTypeArgs, type DesktopKeyboardTypeResult, type DesktopMouseClickArgs, type DesktopMouseClickResult, type DesktopMouseDragArgs, type DesktopMouseDragResult, type DesktopMouseMoveArgs, type DesktopMouseMoveResult, type DesktopMouseScrollArgs, type DesktopMouseScrollResult, type DesktopPoint, type DesktopScreenSize, type DesktopScreenshot, type DesktopScreenshotArgs, type DesktopScreenshotResult, type DesktopToolConfig, type DesktopToolName, type DesktopWindow, type DesktopWindowFocusArgs, type DesktopWindowFocusResult, type DesktopWindowListResult, type DirectCallOptions, type DocumentFamily, type DocumentFormat, type DocumentImagePiece, type DocumentMetadata, type DocumentPiece, type DocumentReadOptions, DocumentReader, type DocumentReaderConfig, type DocumentResult, type DocumentSource, type DocumentTextPiece, type DocumentToContentOptions, type EditFileResult, type ErrorContext, ErrorHandler, type ErrorHandlerConfig, type ErrorHandlerEvents, EventEmitterTrigger, type EvictionStrategy, type ExecuteRoutineOptions, ExecutionContext, ExecutionMetrics, type ExecutionRecorder, type ExecutionRecorderOptions, type ExtendedFetchOptions, type ExternalDependency, type ExternalDependencyEvents, ExternalDependencyHandler, type FetchedContent, FileAgentDefinitionStorage, type FileAgentDefinitionStorageConfig, FileConnectorStorage, type FileConnectorStorageConfig, FileContextStorage, type FileContextStorageConfig, FileCustomToolStorage, type FileCustomToolStorageConfig, FileHistoryJournal, FileMediaStorage as FileMediaOutputHandler, FileMediaStorage, type FileMediaStorageConfig, FilePersistentInstructionsStorage, type FilePersistentInstructionsStorageConfig, FileRoutineDefinitionStorage, type FileRoutineDefinitionStorageConfig, FileRoutineExecutionStorage, type FileRoutineExecutionStorageConfig, FileStorage, type FileStorageConfig, FileUserInfoStorage, type FileUserInfoStorageConfig, type FilesystemToolConfig, type FormatDetectionResult, FormatDetector, FrameworkLogger, FunctionToolDefinition, type GeneratedPlan, type GenericAPICallArgs, type GenericAPICallResult, type GenericAPIToolOptions, type GitHubBranchEntry, type GitHubCreatePRResult, type GitHubGetPRResult, type GitHubListBranchesResult, type GitHubPRCommentEntry, type GitHubPRCommentsResult, type GitHubPRFilesResult, type GitHubReadFileResult, type GitHubRepository, type GitHubSearchCodeResult, type GitHubSearchFilesResult, type GlobResult, type GraphDriveItem, type GrepMatch, type GrepResult, type HTTPTransportConfig, HistoryEntry, type HistoryManagerEvents, type HistoryMessage, HistoryMode, HistoryReadOptions, HookConfig, HookName, type HydrateOptions, type IAgentDefinitionStorage, type IAgentStateStorage, type IAgentStorage, type IAsyncDisposable, IBaseModelDescription, type ICapabilityProvider, type IChunkingStrategy, ICompactionStrategy, IConnectorAccessPolicy, type IConnectorConfigStorage, IConnectorRegistry, type IContextCompactor, type IContextComponent, IContextPluginNextGen, type IContextSnapshot, IContextStorage, type IContextStrategy, type ICustomToolStorage, type IDesktopDriver, type IDisposable, type IDocumentTransformer, type IFormatHandler, IHistoryJournal, type IHistoryManager, type IHistoryManagerConfig, type IHistoryStorage, IImageProvider, type IMCPClient, type IMediaStorage as IMediaOutputHandler, type IMediaStorage, type IMemoryStorage, type IPersistentInstructionsStorage, type IPlanStorage, type IPluginSnapshot, IProvider, type IResearchSource, type IRoutineDefinitionStorage, type IRoutineExecutionStorage, type ISTTModelDescription, type IScheduler, type IScrapeProvider, type ISearchProvider, type ISpeechToTextProvider, type IStreamingTextToSpeechProvider, type ITTSModelDescription, ITextProvider, type ITextToSpeechProvider, ITokenEstimator$1 as ITokenEstimator, ITokenStorage, type IToolExecutionPipeline, type IToolExecutionPlugin, type IToolExecutor, type IToolSnapshot, type IUserInfoStorage, type IVideoModelDescription, type IVideoProvider, type IViewContextComponent, type IViewContextData, type IVoiceInfo, type ImageFilterOptions, type InContextEntry, type InContextMemoryConfig, InContextMemoryPluginNextGen, type InContextPriority, InMemoryAgentStateStorage, InMemoryHistoryStorage, InMemoryMetrics, InMemoryPlanStorage, InMemoryStorage, InputItem, type InstructionEntry, InvalidConfigError, InvalidToolArgumentsError, type JSONExtractionResult, LLMResponse, type LogEntry, type LogLevel, type LoggerConfig, LoggingPlugin, type LoggingPluginOptions, MCPClient, type MCPClientConnectionState, type MCPClientState, type MCPConfiguration, MCPConnectionError, MCPError, type MCPPrompt, type MCPPromptResult, MCPProtocolError, MCPRegistry, type MCPResource, type MCPResourceContent, MCPResourceError, type MCPServerCapabilities, type MCPServerConfig, MCPTimeoutError, type MCPTool, MCPToolError, type MCPToolResult, type MCPTransportType, type MediaStorageMetadata as MediaOutputMetadata, type MediaStorageResult as MediaOutputResult, type MediaStorageEntry, type MediaStorageListOptions, type MediaStorageMetadata, type MediaStorageResult, type MeetingSlotSuggestion, MemoryConnectorStorage, MemoryEntry, MemoryEvictionCompactor, MemoryIndex, MemoryPriority, MemoryScope, MemoryStorage, MessageBuilder, MessageRole, type MetricTags, type MetricsCollector, type MetricsCollectorType, type MicrosoftCreateMeetingResult, type MicrosoftDraftEmailResult, type MicrosoftEditMeetingResult, type MicrosoftFindSlotsResult, type MicrosoftGetTranscriptResult, type MicrosoftListFilesResult, type MicrosoftReadFileResult, type MicrosoftSearchFilesResult, type MicrosoftSendEmailResult, ModelCapabilities, ModelNotSupportedError, type MouseButton, type EvictionStrategy$1 as NextGenEvictionStrategy, NoOpMetrics, NutTreeDriver, type OAuthConfig, type OAuthFlow, OAuthManager, OutputItem, ParallelTasksError, type PermissionCheckContext, type PermissionCheckResult, type PermissionManagerEvent, type PermissionScope, type PersistentInstructionsConfig, PersistentInstructionsPluginNextGen, type PieceMetadata, type Plan, type PlanConcurrency, type PlanInput, type PlanStatus, PlanningAgent, type PlanningAgentConfig, type PluginExecutionContext, PreparedContext, ProviderAuthError, ProviderCapabilities, ProviderConfigAgent, ProviderContextLengthError, ProviderError, ProviderErrorMapper, ProviderNotFoundError, ProviderRateLimitError, ROUTINE_KEYS, RapidAPIProvider, RateLimitError, type RateLimiterConfig, type RateLimiterMetrics, type ReadFileResult, type FetchOptions as ResearchFetchOptions, type ResearchFinding, type ResearchPlan, type ResearchProgress, type ResearchQuery, type ResearchResult, type SearchOptions as ResearchSearchOptions, type SearchResponse as ResearchSearchResponse, type RiskLevel, type RoutineDefinition, type RoutineDefinitionInput, type RoutineExecution, type RoutineExecutionRecord, type RoutineExecutionStatus, type RoutineExecutionStep, type RoutineParameter, type RoutineStepType, type RoutineTaskResult, type RoutineTaskSnapshot, SIMPLE_ICONS_CDN, type STTModelCapabilities, type STTOptions, type STTOutputFormat$1 as STTOutputFormat, type STTResponse, STT_MODELS, STT_MODEL_REGISTRY, type ScheduleHandle, type ScheduleSpec, ScopedConnectorRegistry, type ScrapeFeature, type ScrapeOptions, ScrapeProvider, type ScrapeProviderConfig, type ScrapeProviderFallbackConfig, type ScrapeResponse, type ScrapeResult, type SearchOptions$1 as SearchOptions, SearchProvider, type SearchProviderConfig, type SearchResponse$1 as SearchResponse, type SearchResult, type SegmentTimestamp, SentenceChunkingStrategy, type SerializedApprovalEntry, type SerializedApprovalState, SerializedContextState, type SerializedHistoryState, type SerializedInContextMemoryState, type SerializedPersistentInstructionsState, type SerializedToolState, type SerializedUserInfoState, type SerializedWorkingMemoryState, SerperProvider, ServiceCategory, type ServiceToolFactory, type ShellToolConfig, type SimpleIcon, SimpleScheduler, type SimpleVideoGenerateOptions, type SourceCapabilities, type SourceResult, SpeechToText, type SpeechToTextConfig, type StdioTransportConfig, type StorageConfig, type StorageContext, StorageRegistry, type StoredAgentDefinition, type StoredAgentType, type StoredConnectorConfig, StoredContextSession, type StoredToken, type StrategyInfo, StrategyRegistry, type StrategyRegistryEntry, StreamEvent, StreamEventType, StreamHelpers, StreamState, type SubRoutineSpec, SummarizeCompactor, TERMINAL_TASK_STATUSES, type TTSModelCapabilities, type TTSOptions, type TTSResponse, type TTSStreamChunk, TTS_MODELS, TTS_MODEL_REGISTRY, type Task, type AgentConfig as TaskAgentStateConfig, type TaskCondition, type TaskControlFlow, type TaskExecution, type TaskFailure, type TaskFoldFlow, type TaskInput, type TaskMapFlow, type TaskSourceRef, type TaskStatus, TaskStatusForMemory, TaskTimeoutError, ToolContext as TaskToolContext, type TaskUntilFlow, type TaskValidation, TaskValidationError, type TaskValidationResult, TavilyProvider, type TemplateCredentials, TextGenerateOptions, TextToSpeech, type TextToSpeechConfig, TokenBucketRateLimiter, type TokenContentType, Tool, ToolCall, type ToolCatalogPluginConfig, ToolCatalogPluginNextGen, type ToolCategory, ToolCategoryScope, type ToolCondition, ToolContext, ToolExecutionError, ToolExecutionPipeline, type ToolExecutionPipelineOptions, ToolFunction, ToolManager, type ToolManagerConfig, type ToolManagerEvent, type ToolManagerStats, type ToolMetadata, ToolNotFoundError, type ToolOptions, type ToolPermissionConfig, ToolPermissionManager, type ToolRegistration, ToolRegistry, type ToolRegistryEntry, ToolResult, type ToolSelectionContext, type ToolSource, ToolTimeoutError, type TransportConfig, TruncateCompactor, type UserInfoEntry, type UserInfoPluginConfig, UserInfoPluginNextGen, VENDOR_ICON_MAP, VIDEO_MODELS, VIDEO_MODEL_REGISTRY, type ValidationContext, Vendor, type VendorInfo, type VendorLogo, VendorOptionSchema, type VendorRegistryEntry, type VendorTemplate, type VideoExtendOptions, type VideoGenerateOptions, VideoGeneration, type VideoGenerationCreateOptions, type VideoJob, type VideoModelCapabilities, type VideoModelPricing, type VideoResponse, type VideoStatus, VoiceStream, type VoiceStreamConfig, type VoiceStreamEvents, type WordTimestamp, WorkingMemory, WorkingMemoryAccess, WorkingMemoryConfig, type WorkingMemoryEvents, type WorkingMemoryPluginConfig, WorkingMemoryPluginNextGen, type WriteFileResult, addJitter, allVendorTemplates, assertNotDestroyed, authenticatedFetch, backoffSequence, backoffWait, bash, buildAuthConfig, buildEndpointWithQuery, buildQueryString, calculateBackoff, calculateSTTCost, calculateTTSCost, calculateVideoCost, canTaskExecute, createAgentStorage, createAuthenticatedFetch, createBashTool, createConnectorFromTemplate, createCreatePRTool, createCustomToolDelete, createCustomToolDraft, createCustomToolList, createCustomToolLoad, createCustomToolMetaTools, createCustomToolSave, createCustomToolTest, createDesktopGetCursorTool, createDesktopGetScreenSizeTool, createDesktopKeyboardKeyTool, createDesktopKeyboardTypeTool, createDesktopMouseClickTool, createDesktopMouseDragTool, createDesktopMouseMoveTool, createDesktopMouseScrollTool, createDesktopScreenshotTool, createDesktopWindowFocusTool, createDesktopWindowListTool, createDraftEmailTool, createEditFileTool, createEditMeetingTool, createEstimator, createExecuteJavaScriptTool, createExecutionRecorder, createFileAgentDefinitionStorage, createFileContextStorage, createFileCustomToolStorage, createFileMediaStorage, createFileRoutineDefinitionStorage, createFileRoutineExecutionStorage, createFindMeetingSlotsTool, createGetMeetingTranscriptTool, createGetPRTool, createGitHubReadFileTool, createGlobTool, createGrepTool, createImageGenerationTool, createImageProvider, createListBranchesTool, createListDirectoryTool, createMeetingTool, createMessageWithImages, createMetricsCollector, createMicrosoftListFilesTool, createMicrosoftReadFileTool, createMicrosoftSearchFilesTool, createPRCommentsTool, createPRFilesTool, createPlan, createProvider, createReadFileTool, createRoutineDefinition, createRoutineExecution, createRoutineExecutionRecord, createSearchCodeTool, createSearchFilesTool, createSendEmailTool, createSpeechToTextTool, createTask, createTaskSnapshots, createTextMessage, createTextToSpeechTool, createVideoProvider, createVideoTools, createWriteFileTool, customToolDelete, customToolDraft, customToolList, customToolLoad, customToolSave, customToolTest, desktopGetCursor, desktopGetScreenSize, desktopKeyboardKey, desktopKeyboardType, desktopMouseClick, desktopMouseDrag, desktopMouseMove, desktopMouseScroll, desktopScreenshot, desktopTools, desktopWindowFocus, desktopWindowList, detectDependencyCycle, developerTools, documentToContent, editFile, encodeSharingUrl, evaluateCondition, executeRoutine, extractJSON, extractJSONField, extractNumber, findConnectorByServiceTypes, formatAttendees, formatFileSize, formatPluginDisplayName, formatRecipients, generateEncryptionKey, generateSimplePlan, generateWebAPITool, getActiveSTTModels, getActiveTTSModels, getActiveVideoModels, getAllBuiltInTools, getAllVendorLogos, getAllVendorTemplates, getBackgroundOutput, getConnectorTools, getCredentialsSetupURL, getDesktopDriver, getDocsURL, getDrivePrefix, getMediaOutputHandler, getMediaStorage, getNextExecutableTasks, getRegisteredScrapeProviders, getRoutineProgress, getSTTModelInfo, getSTTModelsByVendor, getSTTModelsWithFeature, getTTSModelInfo, getTTSModelsByVendor, getTTSModelsWithFeature, getTaskDependencies, getToolByName, getToolCategories, getToolRegistry, getToolsByCategory, getToolsRequiringConnector, getUserPathPrefix, getVendorAuthTemplate, getVendorColor, getVendorDefaultBaseURL, getVendorInfo, getVendorLogo, getVendorLogoCdnUrl, getVendorLogoSvg, getVendorTemplate, getVideoModelInfo, getVideoModelsByVendor, getVideoModelsWithAudio, getVideoModelsWithFeature, glob, globalErrorHandler, grep, hasClipboardImage, hasVendorLogo, hydrateCustomTool, isBlockedCommand, isExcludedExtension, isMicrosoftFileUrl, isTaskBlocked, isTeamsMeetingUrl, isTerminalStatus, isWebUrl, killBackgroundProcess, listConnectorsByServiceTypes, listDirectory, listVendorIds, listVendors, listVendorsByAuthType, listVendorsByCategory, listVendorsWithLogos, logger, mergeTextPieces, metrics, microsoftFetch, normalizeEmails, parseKeyCombo, parseRepository, readClipboardImage, readDocumentAsContent, readFile, registerScrapeProvider, resetDefaultDriver, resolveConnector, resolveDependencies, resolveFileEndpoints, resolveFlowSource, resolveMaxContextTokens, resolveMeetingId, resolveModelCapabilities, resolveRepository, resolveTemplates, retryWithBackoff, sanitizeToolName, setMediaOutputHandler, setMediaStorage, setMetricsCollector, simpleTokenEstimator, toConnectorOptions, toolRegistry, index as tools, updateTaskStatus, validatePath, writeFile };
+export { AGENT_DEFINITION_FORMAT_VERSION, AIError, APPROVAL_STATE_VERSION, Agent, type AgentConfig$1 as AgentConfig, AgentContextNextGen, AgentContextNextGenConfig, type AgentDefinitionListOptions, type AgentDefinitionMetadata, type AgentDefinitionSummary, type AgentEventListener, AgentEvents, type AgentFilter, type AgentInfo, type AgentInspection, type AgentMetrics, type AgentPermissionsConfig, type AgentPolicyConfig, AgentRegistry, type AgentRegistryEvents, type AgentRegistryStats, AgentResponse, type AgentSessionConfig, type AgentState, type AgentStatus, type AgentTypeConfig, type ApprovalCacheEntry, type ApprovalDecision, type ApprovalRequestContext, ApproximateTokenEstimator, AsyncToolConfig, type AudioChunkPlaybackCallback, AudioChunkReadyEvent, type AudioEncoding, AudioFormat, type AudioFrame, AudioPlaybackQueue, AuditEntry, AuthIdentity, type AuthTemplate, type AuthTemplateField, type BackoffConfig, type BackoffStrategyType, BaseMediaProvider, BasePluginNextGen, BaseProvider, type BaseProviderConfig$1 as BaseProviderConfig, type BaseProviderResponse, BaseTextProvider, type BashResult, type BeforeExecuteResult, BraveProvider, CONNECTOR_CONFIG_VERSION, CUSTOM_TOOL_DEFINITION_VERSION, type CallDirection, type CallEndReason, type CallSummary, CheckpointManager, type CheckpointStrategy, type ChunkingOptions, CircuitBreaker, type CircuitBreakerConfig, type CircuitBreakerEvents, type CircuitBreakerMetrics, CircuitOpenError, type CircuitState, type ClipboardImageResult, CompactionContext, CompactionResult, Connector, ConnectorAccessContext, ConnectorAuth, ConnectorConfig, ConnectorConfigResult, ConnectorConfigStore, ConnectorFetchOptions, type ConnectorToolEntry, ConnectorTools, type ConnectorToolsOptions, ConsoleMetrics, ConsolidationResult, Content, ContextBudget$1 as ContextBudget, ContextEvents, ContextFeatures, type ContextManagerConfig, type ContextOverflowBudget, ContextOverflowError, ContextSessionMetadata, ContextSessionSummary, ContextStorageListOptions, type ControlFlowResult, type ControlFlowSource, type ConversationMessage, type CorrelationListOptions, type CorrelationSummary, type CreateConnectorOptions, type CustomToolDefinition, type CustomToolListOptions, type CustomToolMetaToolsOptions, type CustomToolMetadata, type CustomToolSummary, type CustomToolTestCase, DEFAULT_ALLOWLIST, DEFAULT_BACKOFF_CONFIG, DEFAULT_CHECKPOINT_STRATEGY, DEFAULT_CIRCUIT_BREAKER_CONFIG, DEFAULT_CONTEXT_CONFIG, DEFAULT_DESKTOP_CONFIG, DEFAULT_FILESYSTEM_CONFIG, DEFAULT_HISTORY_MANAGER_CONFIG, DEFAULT_PERMISSION_CONFIG, DEFAULT_RATE_LIMITER_CONFIG, DEFAULT_SHELL_CONFIG, DESKTOP_TOOL_NAMES, type DefaultAllowlistedTool, DefaultCompactionStrategy, type DefaultCompactionStrategyConfig, DependencyCycleError, type DesktopGetCursorResult, type DesktopGetScreenSizeResult, type DesktopKeyboardKeyArgs, type DesktopKeyboardKeyResult, type DesktopKeyboardTypeArgs, type DesktopKeyboardTypeResult, type DesktopMouseClickArgs, type DesktopMouseClickResult, type DesktopMouseDragArgs, type DesktopMouseDragResult, type DesktopMouseMoveArgs, type DesktopMouseMoveResult, type DesktopMouseScrollArgs, type DesktopMouseScrollResult, type DesktopPoint, type DesktopScreenSize, type DesktopScreenshot, type DesktopScreenshotArgs, type DesktopScreenshotResult, type DesktopToolConfig, type DesktopToolName, type DesktopWindow, type DesktopWindowFocusArgs, type DesktopWindowFocusResult, type DesktopWindowListResult, type DirectCallOptions, type DocumentFamily, type DocumentFormat, type DocumentImagePiece, type DocumentMetadata, type DocumentPiece, type DocumentReadOptions, DocumentReader, type DocumentReaderConfig, type DocumentResult, type DocumentSource, type DocumentTextPiece, type DocumentToContentOptions, type EditFileResult, EnergyVAD, type EnergyVADConfig, type ErrorContext, ErrorHandler, type ErrorHandlerConfig, type ErrorHandlerEvents, EventEmitterTrigger, type EvictionStrategy, type ExecuteRoutineOptions, ExecutionContext, ExecutionMetrics, type ExecutionRecorder, type ExecutionRecorderOptions, type ExtendedFetchOptions, type ExternalDependency, type ExternalDependencyEvents, ExternalDependencyHandler, type FetchedContent, FileAgentDefinitionStorage, type FileAgentDefinitionStorageConfig, FileConnectorStorage, type FileConnectorStorageConfig, FileContextStorage, type FileContextStorageConfig, FileCorrelationStorage, type FileCorrelationStorageConfig, FileCustomToolStorage, type FileCustomToolStorageConfig, FileHistoryJournal, FileMediaStorage as FileMediaOutputHandler, FileMediaStorage, type FileMediaStorageConfig, FilePersistentInstructionsStorage, type FilePersistentInstructionsStorageConfig, FileRoutineDefinitionStorage, type FileRoutineDefinitionStorageConfig, FileRoutineExecutionStorage, type FileRoutineExecutionStorageConfig, FileStorage, type FileStorageConfig, FileUserInfoStorage, type FileUserInfoStorageConfig, FileUserPermissionRulesStorage, type FilesystemToolConfig, type FormatDetectionResult, FormatDetector, FrameworkLogger, FunctionToolDefinition, type GeneratedPlan, type GenericAPICallArgs, type GenericAPICallResult, type GenericAPIToolOptions, type GitHubBranchEntry, type GitHubCreatePRResult, type GitHubGetPRResult, type GitHubListBranchesResult, type GitHubPRCommentEntry, type GitHubPRCommentsResult, type GitHubPRFilesResult, type GitHubReadFileResult, type GitHubRepository, type GitHubSearchCodeResult, type GitHubSearchFilesResult, type GlobResult, type GraphDriveItem, type GrepMatch, type GrepResult, type HTTPTransportConfig, HistoryEntry, type HistoryManagerEvents, type HistoryMessage, HistoryMode, HistoryReadOptions, HookConfig, HookName, type HydrateOptions, type IAgentDefinitionStorage, type IAgentStateStorage, type IAgentStorage, IBaseModelDescription, type ICapabilityProvider, type IChunkingStrategy, ICompactionStrategy, IConnectorAccessPolicy, type IConnectorConfigStorage, IConnectorRegistry, type IContextCompactor, type IContextComponent, IContextPluginNextGen, type IContextSnapshot, IContextStorage, type IContextStrategy, type ICorrelationStorage, type ICustomToolStorage, type IDesktopDriver, IDisposable, type IDocumentTransformer, type IFormatHandler, IHistoryJournal, type IHistoryManager, type IHistoryManagerConfig, type IHistoryStorage, IImageProvider, type IMCPClient, type IMediaStorage as IMediaOutputHandler, type IMediaStorage, type IMemoryStorage, type IPermissionPolicy, type IPersistentInstructionsStorage, type IPlanStorage, type IPluginSnapshot, IProvider, type IResearchSource, type IRoutineDefinitionStorage, type IRoutineExecutionStorage, type ISTTModelDescription, type IScheduler, type IScrapeProvider, type ISearchProvider, type ISpeechToTextProvider, IStoreHandler, type IStreamingTextToSpeechProvider, type ITTSModelDescription, type ITelephonyAdapter, ITextProvider, type ITextToSpeechProvider, ITokenEstimator$1 as ITokenEstimator, ITokenStorage, type IToolExecutionPipeline, type IToolExecutionPlugin, type IToolExecutor, type IToolSnapshot, type IUserInfoStorage, type IUserPermissionRulesStorage, type IVideoModelDescription, type IVideoProvider, type IViewContextComponent, type IViewContextData, type IVoiceActivityDetector, IVoiceInfo, type IVoicePipeline, type ImageFilterOptions, type InContextEntry, type InContextMemoryConfig, InContextMemoryPluginNextGen, type InContextPriority, InMemoryAgentStateStorage, InMemoryHistoryStorage, InMemoryMetrics, InMemoryPlanStorage, InMemoryStorage, type IncomingCallInfo, InputItem, type InstructionEntry, InvalidConfigError, InvalidToolArgumentsError, type JSONExtractionResult, LLMResponse, type LogEntry, type LogLevel, type LoggerConfig, LoggingPlugin, type LoggingPluginOptions, MCPClient, type MCPClientConnectionState, type MCPClientState, type MCPConfiguration, MCPConnectionError, MCPError, type MCPPrompt, type MCPPromptResult, MCPProtocolError, MCPRegistry, type MCPResource, type MCPResourceContent, MCPResourceError, type MCPServerCapabilities, type MCPServerConfig, MCPTimeoutError, type MCPTool, MCPToolError, type MCPToolResult, type MCPTransportType, type MediaStorageMetadata as MediaOutputMetadata, type MediaStorageResult as MediaOutputResult, type MediaStorageEntry, type MediaStorageListOptions, type MediaStorageMetadata, type MediaStorageResult, type MeetingSlotSuggestion, MemoryConnectorStorage, MemoryEntry, MemoryEvictionCompactor, MemoryIndex, MemoryPriority, MemoryScope, MemoryStorage, MessageBuilder, MessageRole, type MetricTags, type MetricsCollector, type MetricsCollectorType, type MicrosoftCreateMeetingResult, type MicrosoftDraftEmailResult, type MicrosoftEditMeetingResult, type MicrosoftFindSlotsResult, type MicrosoftGetTranscriptResult, type MicrosoftListFilesResult, type MicrosoftReadFileResult, type MicrosoftSearchFilesResult, type MicrosoftSendEmailResult, ModelCapabilities, ModelNotSupportedError, type MouseButton, type EvictionStrategy$1 as NextGenEvictionStrategy, NoOpMetrics, NutTreeDriver, type OAuthConfig, type OAuthFlow, OAuthManager, type OrchestrationToolsContext, type OrchestratorConfig, type OutboundCallConfig, OutputItem, ParallelTasksError, PendingAsyncTool, type PermissionAuditEntry, type PermissionCheckContext, type PermissionCheckResult, type PermissionManagerEvent, PermissionPolicyManager, type PermissionPolicyManagerConfig, type PermissionScope, type PersistentInstructionsConfig, PersistentInstructionsPluginNextGen, type PieceMetadata, type PipelineConfig, type Plan, type PlanConcurrency, type PlanInput, type PlanStatus, PlanningAgent, type PlanningAgentConfig, PluginConfigs, type PluginExecutionContext, type PluginFactory, type PluginFactoryContext, type PluginRegisterOptions, PluginRegistry, type PluginRegistryEntry, type PluginRegistryInfo, type PolicyChainConfig, type PolicyCheckResult, type PolicyContext, type PolicyDecision, type PolicyManagerEvents, PreparedContext, ProviderAuthError, ProviderCapabilities, ProviderConfigAgent, ProviderContextLengthError, ProviderError, ProviderErrorMapper, ProviderNotFoundError, ProviderRateLimitError, ROUTINE_KEYS, RapidAPIProvider, RateLimitError, type RateLimiterConfig, type RateLimiterMetrics, type ReadFileResult, RealtimePipeline, type RealtimePipelineConfig, type AgentStatus$1 as RegistryAgentStatus, type FetchOptions as ResearchFetchOptions, type ResearchFinding, type ResearchPlan, type ResearchProgress, type ResearchQuery, type ResearchResult, type SearchOptions as ResearchSearchOptions, type SearchResponse as ResearchSearchResponse, ResolvedContextFeatures, type RiskLevel, type RoutineDefinition, type RoutineDefinitionInput, type RoutineExecution, type RoutineExecutionRecord, type RoutineExecutionStatus, type RoutineExecutionStep, type RoutineParameter, type RoutineStepType, type RoutineTaskResult, type RoutineTaskSnapshot, SIMPLE_ICONS_CDN, type STTModelCapabilities, type STTOptions, type STTOutputFormat$1 as STTOutputFormat, type STTResponse, STT_MODELS, STT_MODEL_REGISTRY, type ScheduleHandle, type ScheduleSpec, ScopedConnectorRegistry, type ScrapeFeature, type ScrapeOptions, ScrapeProvider, type ScrapeProviderConfig, type ScrapeProviderFallbackConfig, type ScrapeResponse, type ScrapeResult, type SearchOptions$1 as SearchOptions, SearchProvider, type SearchProviderConfig, type SearchResponse$1 as SearchResponse, type SearchResult, type SegmentTimestamp, SentenceChunkingStrategy, type SerializedApprovalEntry, type SerializedApprovalState, SerializedContextState, type SerializedHistoryState, type SerializedInContextMemoryState, type SerializedPersistentInstructionsState, type SerializedSharedWorkspaceState, type SerializedToolState, type SerializedUserInfoState, type SerializedWorkingMemoryState, SerperProvider, ServiceCategory, type ServiceToolFactory, type SessionRef, type SessionState, type SharedWorkspaceConfig, type SharedWorkspaceEntry, SharedWorkspacePluginNextGen, type ShellToolConfig, type SimpleIcon, SimpleScheduler, type SimpleVideoGenerateOptions, type SourceCapabilities, type SourceResult, SpeechToText, type SpeechToTextConfig, type StdioTransportConfig, type StorageConfig, type StorageContext, StorageRegistry, StoreActionResult, StoreDeleteResult, StoreEntrySchema, StoreGetResult, StoreListResult, StoreSetResult, StoreToolsManager, type StoredAgentDefinition, type StoredAgentType, type StoredConnectorConfig, StoredContextSession, type StoredToken, type StrategyInfo, StrategyRegistry, type StrategyRegistryEntry, StreamEvent, StreamEventType, StreamHelpers, StreamState, type SubRoutineSpec, SummarizeCompactor, SuspendSignal, type SuspendSignalOptions, TERMINAL_TASK_STATUSES, type TTSModelCapabilities, type TTSOptions, type TTSResponse, type TTSStreamChunk, TTS_MODELS, TTS_MODEL_REGISTRY, type Task, type AgentConfig as TaskAgentStateConfig, type TaskCondition, type TaskControlFlow, type TaskExecution, type TaskFailure, type TaskFoldFlow, type TaskInput, type TaskMapFlow, type TaskSourceRef, type TaskStatus, TaskStatusForMemory, TaskTimeoutError, ToolContext as TaskToolContext, type TaskUntilFlow, type TaskValidation, TaskValidationError, type TaskValidationResult, TavilyProvider, type TelephonyAdapterEvents, type TemplateCredentials, TextGenerateOptions, TextPipeline, type TextPipelineConfig, TextToSpeech, type TextToSpeechConfig, TokenBucketRateLimiter, type TokenContentType, Tool, ToolCall, type ToolCatalogPluginConfig, ToolCatalogPluginNextGen, type ToolCategory, ToolCategoryScope, type ToolCondition, ToolContext, ToolExecutionError, ToolExecutionPipeline, type ToolExecutionPipelineOptions, ToolFunction, ToolManager, type ToolManagerConfig, type ToolManagerEvent, type ToolManagerStats, type ToolMetadata, ToolNotFoundError, type ToolOptions, type ToolPermissionConfig, ToolPermissionManager, type ToolRegistration, ToolRegistry, type ToolRegistryEntry, ToolResult, type ToolSelectionContext, type ToolSource, ToolTimeoutError, type TranscriptMessage, type TransportConfig, TruncateCompactor, TwilioAdapter, type TwilioAdapterConfig, type UserInfoEntry, type UserInfoPluginConfig, UserInfoPluginNextGen, type UserPermissionRule, UserPermissionRulesEngine, type VADEvent, VENDOR_ICON_MAP, VIDEO_MODELS, VIDEO_MODEL_REGISTRY, type ValidationContext, Vendor, type VendorInfo, type VendorLogo, VendorOptionSchema, type VendorRegistryEntry, type VendorTemplate, type VideoExtendOptions, type VideoGenerateOptions, VideoGeneration, type VideoGenerationCreateOptions, type VideoJob, type VideoModelCapabilities, type VideoModelPricing, type VideoResponse, type VideoStatus, VoiceBridge, type VoiceBridgeConfig, type VoiceBridgeEvents, type VoiceHooks, type VoicePipelineEvents, VoiceSession, type VoiceSessionEvents, type VoiceSessionInfo, VoiceStream, type VoiceStreamConfig, type VoiceStreamEvents, type WordTimestamp, WorkingMemory, WorkingMemoryAccess, WorkingMemoryConfig, type WorkingMemoryEvents, type WorkingMemoryPluginConfig, WorkingMemoryPluginNextGen, type WorkspaceLogEntry, type WriteFileResult, addJitter, allVendorTemplates, authenticatedFetch, backoffSequence, backoffWait, bash, buildAuthConfig, buildEndpointWithQuery, buildOrchestrationTools, buildQueryString, buildWorkspaceDelta, calculateBackoff, calculateSTTCost, calculateTTSCost, calculateVideoCost, canTaskExecute, createAgentStorage, createAuthenticatedFetch, createBashTool, createConnectorFromTemplate, createCreatePRTool, createCustomToolDelete, createCustomToolDraft, createCustomToolList, createCustomToolLoad, createCustomToolMetaTools, createCustomToolSave, createCustomToolTest, createDesktopGetCursorTool, createDesktopGetScreenSizeTool, createDesktopKeyboardKeyTool, createDesktopKeyboardTypeTool, createDesktopMouseClickTool, createDesktopMouseDragTool, createDesktopMouseMoveTool, createDesktopMouseScrollTool, createDesktopScreenshotTool, createDesktopWindowFocusTool, createDesktopWindowListTool, createDraftEmailTool, createEditFileTool, createEditMeetingTool, createEstimator, createExecuteJavaScriptTool, createExecutionRecorder, createFileAgentDefinitionStorage, createFileContextStorage, createFileCorrelationStorage, createFileCustomToolStorage, createFileMediaStorage, createFileRoutineDefinitionStorage, createFileRoutineExecutionStorage, createFindMeetingSlotsTool, createGetMeetingTranscriptTool, createGetPRTool, createGitHubReadFileTool, createGlobTool, createGrepTool, createImageGenerationTool, createImageProvider, createListBranchesTool, createListDirectoryTool, createMeetingTool, createMessageWithImages, createMetricsCollector, createMicrosoftListFilesTool, createMicrosoftReadFileTool, createMicrosoftSearchFilesTool, createOrchestrator, createPRCommentsTool, createPRFilesTool, createPlan, createProvider, createReadFileTool, createRoutineDefinition, createRoutineExecution, createRoutineExecutionRecord, createSearchCodeTool, createSearchFilesTool, createSendEmailTool, createSpeechToTextTool, createTask, createTaskSnapshots, createTextMessage, createTextToSpeechTool, createVideoProvider, createVideoTools, createWriteFileTool, customToolDelete, customToolDraft, customToolList, customToolLoad, customToolSave, customToolTest, desktopGetCursor, desktopGetScreenSize, desktopKeyboardKey, desktopKeyboardType, desktopMouseClick, desktopMouseDrag, desktopMouseMove, desktopMouseScroll, desktopScreenshot, desktopTools, desktopWindowFocus, desktopWindowList, detectDependencyCycle, developerTools, documentToContent, editFile, encodeSharingUrl, evaluateCondition, executeRoutine, extractJSON, extractJSONField, extractNumber, findConnectorByServiceTypes, formatAttendees, formatFileSize, formatPluginDisplayName, formatRecipients, generateEncryptionKey, generateSimplePlan, generateWebAPITool, getActiveSTTModels, getActiveTTSModels, getActiveVideoModels, getAllBuiltInTools, getAllVendorLogos, getAllVendorTemplates, getBackgroundOutput, getConnectorTools, getCredentialsSetupURL, getDesktopDriver, getDocsURL, getDrivePrefix, getMediaOutputHandler, getMediaStorage, getNextExecutableTasks, getRegisteredScrapeProviders, getRoutineProgress, getSTTModelInfo, getSTTModelsByVendor, getSTTModelsWithFeature, getTTSModelInfo, getTTSModelsByVendor, getTTSModelsWithFeature, getTaskDependencies, getToolByName, getToolCategories, getToolRegistry, getToolsByCategory, getToolsRequiringConnector, getUserPathPrefix, getVendorAuthTemplate, getVendorColor, getVendorDefaultBaseURL, getVendorInfo, getVendorLogo, getVendorLogoCdnUrl, getVendorLogoSvg, getVendorTemplate, getVideoModelInfo, getVideoModelsByVendor, getVideoModelsWithAudio, getVideoModelsWithFeature, glob, globalErrorHandler, grep, hasClipboardImage, hasVendorLogo, hydrateCustomTool, isBlockedCommand, isExcludedExtension, isMicrosoftFileUrl, isTaskBlocked, isTeamsMeetingUrl, isTerminalStatus, isWebUrl, killBackgroundProcess, listConnectorsByServiceTypes, listDirectory, listVendorIds, listVendors, listVendorsByAuthType, listVendorsByCategory, listVendorsWithLogos, logger, mergeTextPieces, metrics, microsoftFetch, mulawToPcm, normalizeEmails, parseKeyCombo, parseRepository, pcmToMulaw, readClipboardImage, readDocumentAsContent, readFile, registerScrapeProvider, resamplePcm, resetDefaultDriver, resolveConnector, resolveDependencies, resolveFileEndpoints, resolveFlowSource, resolveMaxContextTokens, resolveMeetingId, resolveModelCapabilities, resolveRepository, resolveTemplates, retryWithBackoff, sanitizeToolName, setMediaOutputHandler, setMediaStorage, setMetricsCollector, simpleTokenEstimator, sttToTwilio, toConnectorOptions, toolRegistry, index as tools, twilioToStt, updateTaskStatus, validatePath, writeFile };