@hai.ai/jacs 0.6.0 → 0.8.0

package/README.md

@@ -1,6 +1,10 @@
 # JACS for Node.js
 
-Node.js bindings for JACS (JSON Agent Communication Standard) -- an open data provenance toolkit for signing and verifying AI agent communications. JACS works standalone with no server required; optionally register with [HAI.ai](https://hai.ai) for cross-organization key discovery.
+**Sign it. Prove it.**
+
+Cryptographic signatures for AI agent outputs -- so anyone can verify who said what and whether it was changed. No server. Three lines of code. Optionally register with [HAI.ai](https://hai.ai) for cross-organization key discovery.
+
+[Which integration should I use?](https://humanassisted.github.io/JACS/getting-started/decision-tree.html) | [Full documentation](https://humanassisted.github.io/JACS/)
 
 **Dependencies**: The `overrides` in `package.json` for `body-parser` and `qs` are for security (CVE-2024-45590). Do not remove them without re-auditing.
 
@@ -12,53 +16,91 @@ npm install @hai.ai/jacs
 
 The npm package ships prebuilt native bindings for supported targets and does not compile Rust during `npm install`.
 
+## v0.8.0: Framework Adapters
+
+New in v0.8.0: first-class adapters for **Vercel AI SDK**, **Express**, **Koa**, **LangChain.js**, and a full **MCP tool suite**. All framework dependencies are optional peer deps — install only what you use.
+
+### Async-First API
+
+All NAPI operations return Promises by default. Sync variants are available with a `Sync` suffix, following the Node.js convention (like `fs.readFile` vs `fs.readFileSync`).
+
+```javascript
+// Async (default, recommended -- does not block the event loop)
+const signed = await jacs.signMessage({ action: 'approve' });
+
+// Sync (blocks event loop, use in scripts or CLI tools)
+const signed = jacs.signMessageSync({ action: 'approve' });
+```
+
 ## Quick Start
 
+Zero-config -- one call to start signing:
+
 ```javascript
 const jacs = require('@hai.ai/jacs/simple');
 
-// Load your agent (run `jacs create` first if needed)
-const agent = jacs.load('./jacs.config.json');
+await jacs.quickstart();
+const signed = await jacs.signMessage({ action: 'approve', amount: 100 });
+const result = await jacs.verify(signed.raw);
+console.log(`Valid: ${result.valid}, Signer: ${result.signerId}`);
+```
 
-// Sign a message
-const signed = jacs.signMessage({
-  action: 'approve',
-  amount: 100
-});
+`quickstart()` creates a persistent agent with keys on disk. If `./jacs.config.json` already exists, it loads it; otherwise it creates a new agent. Agent, keys, and config are saved to `./jacs_data`, `./jacs_keys`, and `./jacs.config.json`. If `JACS_PRIVATE_KEY_PASSWORD` is not set, a secure password is auto-generated and saved to `./jacs_keys/.jacs_password`. Pass `{ algorithm: 'ring-Ed25519' }` to override the default (`pq2025`).
 
-// Verify it
-const result = jacs.verify(signed.raw);
-console.log(`Valid: ${result.valid}`);
-console.log(`Signer: ${result.signerId}`);
+**Signed your first document?** Next: [Verify it standalone](#standalone-verification-no-agent-required) | [Add framework adapters](#framework-adapters) | [Multi-agent agreements](#multi-party-agreements) | [Full docs](https://humanassisted.github.io/JACS/getting-started/quick-start.html)
+
+### Advanced: Loading an existing agent
+
+If you already have an agent (e.g., created by a previous `quickstart()` call), load it explicitly:
+
+```javascript
+const jacs = require('@hai.ai/jacs/simple');
+
+await jacs.load('./jacs.config.json');
+
+const signed = await jacs.signMessage({ action: 'approve', amount: 100 });
+const result = await jacs.verify(signed.raw);
+console.log(`Valid: ${result.valid}, Signer: ${result.signerId}`);
 ```
 
 ## Core API
 
+Every function that calls into NAPI has both async (default) and sync variants:
+
+| Function | Sync Variant | Description |
+|----------|-------------|-------------|
+| `quickstart(options?)` | `quickstartSync(options?)` | Create a persistent agent with keys on disk |
+| `create(options)` | `createSync(options)` | Create a new agent programmatically |
+| `load(configPath)` | `loadSync(configPath)` | Load agent from config file |
+| `verifySelf()` | `verifySelfSync()` | Verify agent's own integrity |
+| `updateAgent(data)` | `updateAgentSync(data)` | Update agent document |
+| `updateDocument(id, data)` | `updateDocumentSync(id, data)` | Update existing document |
+| `signMessage(data)` | `signMessageSync(data)` | Sign any JSON data |
+| `signFile(path, embed)` | `signFileSync(path, embed)` | Sign a file |
+| `verify(doc)` | `verifySync(doc)` | Verify signed document |
+| `verifyById(id)` | `verifyByIdSync(id)` | Verify by storage ID |
+| `reencryptKey(old, new)` | `reencryptKeySync(old, new)` | Re-encrypt private key |
+| `getSetupInstructions(domain)` | `getSetupInstructionsSync(domain)` | Get DNS/well-known setup |
+| `createAgreement(doc, ids, ...)` | `createAgreementSync(doc, ids, ...)` | Create multi-party agreement |
+| `signAgreement(doc)` | `signAgreementSync(doc)` | Sign an agreement |
+| `checkAgreement(doc)` | `checkAgreementSync(doc)` | Check agreement status |
+| `audit(options?)` | `auditSync(options?)` | Run a security audit |
+
+Pure sync functions (no NAPI call, no suffix needed):
+
 | Function | Description |
 |----------|-------------|
-| `create(options)` | Create a new agent programmatically (non-interactive) |
-| `load(configPath)` | Load agent from config file |
-| `verifySelf()` | Verify agent's own integrity |
-| `updateAgent(data)` | Update agent document with new data |
-| `updateDocument(id, data)` | Update existing document with new data |
-| `signMessage(data)` | Sign any JSON data |
-| `signFile(path, embed)` | Sign a file |
-| `verify(doc)` | Verify signed document (JSON string) |
-| `verifyStandalone(doc, opts?)` | Verify without loading an agent (one-off) |
-| `verifyById(id)` | Verify a document by storage ID (`uuid:version`) |
-| `registerWithHai(opts?)` | Register the loaded agent with HAI.ai |
-| `getDnsRecord(domain, ttl?)` | Get DNS TXT record line for the agent |
-| `getWellKnownJson()` | Get well-known JSON for `/.well-known/jacs-pubkey.json` |
-| `reencryptKey(oldPw, newPw)` | Re-encrypt private key with new password |
-| `getPublicKey()` | Get public key for sharing |
+| `verifyStandalone(doc, opts?)` | Verify without loading an agent |
+| `getPublicKey()` | Get public key |
 | `isLoaded()` | Check if agent is loaded |
-| `trustAgent(json)` | Add an agent to the local trust store |
-| `listTrustedAgents()` | List all trusted agent IDs |
-| `untrustAgent(id)` | Remove an agent from the trust store |
-| `isTrusted(id)` | Check if an agent is trusted |
-| `getTrustedAgent(id)` | Get a trusted agent's JSON document |
-| `audit(options?)` | Run a read-only security audit; optional `configPath`, `recentN` |
-| `generateVerifyLink(doc, baseUrl?)` | Generate a shareable hai.ai verification URL for a signed document |
+| `getDnsRecord(domain, ttl?)` | Get DNS TXT record |
+| `getWellKnownJson()` | Get well-known JSON |
+| `trustAgent(json)` | Add agent to trust store |
+| `listTrustedAgents()` | List trusted agent IDs |
+| `untrustAgent(id)` | Remove from trust store |
+| `isTrusted(id)` | Check if agent is trusted |
+| `getTrustedAgent(id)` | Get trusted agent's JSON |
+| `generateVerifyLink(doc, baseUrl?)` | Generate verification URL |
 
 ## Types
 
@@ -85,7 +127,7 @@ interface VerificationResult {
 ```typescript
 const jacs = require('@hai.ai/jacs/simple');
 
-const agent = jacs.create({
+const agent = await jacs.create({
   name: 'my-agent',
   password: process.env.JACS_PRIVATE_KEY_PASSWORD,  // required
   algorithm: 'pq2025',                  // default; also: "ring-Ed25519", "RSA-PSS"
@@ -95,17 +137,39 @@ const agent = jacs.create({
 console.log(`Created: ${agent.agentId}`);
 ```
 
+### Standalone Verification (No Agent Required)
+
+Verify a signed document without loading an agent. Useful for one-off verification, CI/CD pipelines, or services that only need to verify, not sign.
+
+```typescript
+import { verifyStandalone, generateVerifyLink } from '@hai.ai/jacs/simple';
+
+const result = verifyStandalone(signedJson, {
+  keyResolution: 'local',
+  keyDirectory: './trusted-keys/',
+});
+if (result.valid) {
+  console.log(`Signed by: ${result.signerId}`);
+}
+
+// Generate a shareable verification link
+const url = generateVerifyLink(signed.raw);
+// https://hai.ai/jacs/verify?s=<base64url-encoded-document>
+```
+
+Documents signed by Rust or Python agents verify identically in Node.js -- cross-language interop is tested on every commit with Ed25519 and pq2025 (ML-DSA-87). See the full [Verification Guide](https://humanassisted.github.io/JACS/getting-started/verification.html) for CLI, DNS, and cross-language examples.
+
 ### Verify by Document ID
 
 ```javascript
-const result = jacs.verifyById('550e8400-e29b-41d4-a716-446655440000:1');
+const result = await jacs.verifyById('550e8400-e29b-41d4-a716-446655440000:1');
 console.log(`Valid: ${result.valid}`);
 ```
 
 ### Re-encrypt Private Key
 
 ```javascript
-jacs.reencryptKey('old-password-123!', 'new-Str0ng-P@ss!');
+await jacs.reencryptKey('old-password-123!', 'new-Str0ng-P@ss!');
 ```
 
 ### Password Requirements
@@ -123,17 +187,17 @@ The `pq-dilithium` algorithm is deprecated. Use `pq2025` (ML-DSA-87, FIPS-204) i
 ```javascript
 const jacs = require('@hai.ai/jacs/simple');
 
-jacs.load('./jacs.config.json');
+await jacs.load('./jacs.config.json');
 
 // Sign data
-const signed = jacs.signMessage({
+const signed = await jacs.signMessage({
   action: 'transfer',
   amount: 500,
   to: 'agent-123'
 });
 
 // Later, verify received data
-const result = jacs.verify(receivedJson);
+const result = await jacs.verify(receivedJson);
 if (result.valid) {
   console.log(`Signed by: ${result.signerId}`);
   console.log(`Data: ${JSON.stringify(result.data)}`);
@@ -146,7 +210,7 @@ if (result.valid) {
 // Get current agent, modify, and update
 const agentDoc = JSON.parse(jacs.exportAgent());
 agentDoc.jacsAgentType = 'updated-service';
-const updated = jacs.updateAgent(agentDoc);
+const updated = await jacs.updateAgent(agentDoc);
 console.log('Agent updated with new version');
 ```
 
@@ -154,12 +218,12 @@ console.log('Agent updated with new version');
 
 ```javascript
 // Create a document
-const signed = jacs.signMessage({ status: 'pending', amount: 100 });
+const signed = await jacs.signMessage({ status: 'pending', amount: 100 });
 
 // Later, update it
 const doc = JSON.parse(signed.raw);
 doc.content.status = 'approved';
-const updated = jacs.updateDocument(signed.documentId, doc);
+const updated = await jacs.updateDocument(signed.documentId, doc);
 console.log('Document updated with new version');
 ```
 
@@ -167,28 +231,247 @@ console.log('Document updated with new version');
 
 ```javascript
 // Reference only (stores hash)
-const signed = jacs.signFile('contract.pdf', false);
+const signed = await jacs.signFile('contract.pdf', false);
 
 // Embed content (portable document)
-const embedded = jacs.signFile('contract.pdf', true);
+const embedded = await jacs.signFile('contract.pdf', true);
 ```
 
-### MCP Integration
+## Framework Adapters
 
-JACS provides a transport proxy that wraps any MCP transport with automatic signing and verification at the network boundary:
+### Vercel AI SDK (`@hai.ai/jacs/vercel-ai`)
 
-```javascript
+Sign AI model outputs with cryptographic provenance using the AI SDK's middleware pattern:
+
+```typescript
+import { JacsClient } from '@hai.ai/jacs/client';
+import { withProvenance } from '@hai.ai/jacs/vercel-ai';
+import { openai } from '@ai-sdk/openai';
+import { generateText } from 'ai';
+
+const client = await JacsClient.quickstart();
+const model = withProvenance(openai('gpt-4o'), { client });
+
+const { text, providerMetadata } = await generateText({ model, prompt: 'Hello!' });
+console.log(providerMetadata?.jacs?.text?.documentId); // signed proof
+```
+
+Works with `generateText`, `streamText` (signs after stream completes), and tool calls. Compose with other middleware via `jacsProvenance()`.
+
+**Peer deps**: `npm install ai @ai-sdk/provider`
+
+### Express Middleware (`@hai.ai/jacs/express`)
+
+Verify incoming signed requests, optionally auto-sign responses:
+
+```typescript
+import express from 'express';
+import { JacsClient } from '@hai.ai/jacs/client';
+import { jacsMiddleware } from '@hai.ai/jacs/express';
+
+const client = await JacsClient.quickstart();
+const app = express();
+app.use(express.text({ type: 'application/json' }));
+app.use(jacsMiddleware({ client, verify: true }));
+
+app.post('/api/data', (req, res) => {
+  console.log(req.jacsPayload); // verified payload
+  // Manual signing via req.jacsClient:
+  req.jacsClient.signMessage({ status: 'ok' }).then(signed => {
+    res.type('text/plain').send(signed.raw);
+  });
+});
+```
+
+Options: `client`, `configPath`, `sign` (auto-sign, default false), `verify` (default true), `optional` (allow unsigned, default false). Supports Express v4 + v5.
+
+**Peer dep**: `npm install express`
+
+### Koa Middleware (`@hai.ai/jacs/koa`)
+
+```typescript
+import Koa from 'koa';
+import { jacsKoaMiddleware } from '@hai.ai/jacs/koa';
+
+const app = new Koa();
+app.use(jacsKoaMiddleware({ client, verify: true, sign: true }));
+app.use(async (ctx) => {
+  console.log(ctx.state.jacsPayload); // verified
+  ctx.body = { status: 'ok' };        // auto-signed when sign: true
+});
+```
+
+**Peer dep**: `npm install koa`
+
+### LangChain.js (`@hai.ai/jacs/langchain`)
+
+Two integration patterns — full toolkit or auto-signing wrappers:
+
+**Full toolkit** — give your LangChain agent access to all JACS operations (sign, verify, agreements, trust, audit):
+
+```typescript
+import { JacsClient } from '@hai.ai/jacs/client';
+import { createJacsTools } from '@hai.ai/jacs/langchain';
+
+const client = await JacsClient.quickstart();
+const jacsTools = createJacsTools({ client });
+
+// Bind to your LLM — agent can now sign, verify, create agreements, etc.
+const llm = model.bindTools([...myTools, ...jacsTools]);
+```
+
+Returns 11 tools: `jacs_sign`, `jacs_verify`, `jacs_create_agreement`, `jacs_sign_agreement`, `jacs_check_agreement`, `jacs_verify_self`, `jacs_trust_agent`, `jacs_list_trusted`, `jacs_is_trusted`, `jacs_audit`, `jacs_agent_info`.
+
+**Auto-signing wrappers** — transparently sign existing tool outputs:
+
+```typescript
+import { signedTool, jacsToolNode } from '@hai.ai/jacs/langchain';
+
+// Wrap a single tool
+const signed = signedTool(myTool, { client });
+
+// Or wrap all tools in a ToolNode (LangGraph)
+const node = jacsToolNode([tool1, tool2], { client });
+```
+
+**Peer deps**: `npm install @langchain/core` (and optionally `@langchain/langgraph` for `jacsToolNode`)
+
+### MCP (`@hai.ai/jacs/mcp`)
+
+Two integration patterns — transport proxy or full tool registration:
+
+**Transport proxy** — wrap any MCP transport with signing/verification:
+
+```typescript
+import { JacsClient } from '@hai.ai/jacs/client';
 import { createJACSTransportProxy } from '@hai.ai/jacs/mcp';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 
-// Wrap any MCP transport with JACS signing
+const client = await JacsClient.quickstart();
 const baseTransport = new StdioServerTransport();
-const jacsTransport = createJACSTransportProxy(
-  baseTransport, './jacs.config.json', 'server'
+const secureTransport = createJACSTransportProxy(baseTransport, client, 'server');
+```
+
+**MCP tool registration** — add all JACS tools to your MCP server (mirrors the Rust `jacs-mcp` server):
+
+```typescript
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { JacsClient } from '@hai.ai/jacs/client';
+import { registerJacsTools } from '@hai.ai/jacs/mcp';
+
+const server = new Server({ name: 'my-server', version: '1.0.0' }, { capabilities: { tools: {} } });
+const client = await JacsClient.quickstart();
+registerJacsTools(server, client);
+```
+
+Registers 17 tools: signing, verification, agreements, trust store, audit, HAI integration, file signing, and more. Use `getJacsMcpToolDefinitions()` and `handleJacsMcpToolCall()` for custom integration.
+
+**Peer dep**: `npm install @modelcontextprotocol/sdk`
+
+### Legacy: `@hai.ai/jacs/http`
+
+The old `JACSExpressMiddleware` and `JACSKoaMiddleware` are still available from `@hai.ai/jacs/http` for backward compatibility. New code should use `@hai.ai/jacs/express` and `@hai.ai/jacs/koa`.
+
+## JacsClient (Instance-Based API)
+
+`JacsClient` is the recommended API for new code. Each instance owns its own agent, so multiple clients can coexist in the same process without shared global state.
+
+```typescript
+import { JacsClient } from '@hai.ai/jacs/client';
+
+// Zero-config: loads or creates a persistent agent
+const client = await JacsClient.quickstart({ algorithm: 'ring-Ed25519' });
+
+const signed = await client.signMessage({ action: 'approve', amount: 100 });
+const result = await client.verify(signed.raw);
+console.log(`Valid: ${result.valid}, Signer: ${result.signerId}`);
+```
+
+### Ephemeral Clients
+
+For testing or throwaway use, create an in-memory client with no files or env vars:
+
+```typescript
+const client = await JacsClient.ephemeral('ring-Ed25519');
+const signed = await client.signMessage({ hello: 'world' });
+const result = await client.verify(signed.raw);
+```
+
+Sync variants are also available:
+
+```typescript
+const client = JacsClient.ephemeralSync('ring-Ed25519');
+const signed = client.signMessageSync({ hello: 'world' });
+const result = client.verifySync(signed.raw);
+```
+
+### Multi-Party Agreements
+
+Create agreements that require signatures from multiple agents, with optional constraints:
+
+```typescript
+const agreement = await client.createAgreement(
+  { action: 'deploy', version: '2.0' },
+  [agentA.agentId, agentB.agentId],
+  {
+    question: 'Approve deployment?',
+    timeout: '2026-03-01T00:00:00Z',    // ISO 8601 deadline
+    quorum: 2,                            // M-of-N signatures required
+    requiredAlgorithms: ['ring-Ed25519'], // restrict signing algorithms
+    minimumStrength: 'classical',         // "classical" or "post-quantum"
+  },
 );
+
+// Other agents sign the agreement
+const signed = await agentB.signAgreement(agreement.raw);
+
+// Check agreement status
+const status = await client.checkAgreement(signed.raw);
+console.log(`Complete: ${status.complete}, Signatures: ${status.signedCount}/${status.totalRequired}`);
 ```
 
-See `examples/mcp.simple.server.js` for a complete MCP server example with JACS-signed tools.
+### JacsClient API
+
+All instance methods have async (default) and sync variants:
+
+| Method | Sync Variant | Description |
+|--------|-------------|-------------|
+| `JacsClient.quickstart(options?)` | `JacsClient.quickstartSync(options?)` | Load or create a persistent agent |
+| `JacsClient.ephemeral(algorithm?)` | `JacsClient.ephemeralSync(algorithm?)` | Create an in-memory agent |
+| `client.load(configPath?)` | `client.loadSync(configPath?)` | Load agent from config file |
+| `client.create(options)` | `client.createSync(options)` | Create a new agent |
+| `client.signMessage(data)` | `client.signMessageSync(data)` | Sign any JSON data |
+| `client.verify(doc)` | `client.verifySync(doc)` | Verify a signed document |
+| `client.verifySelf()` | `client.verifySelfSync()` | Verify agent's own integrity |
+| `client.verifyById(id)` | `client.verifyByIdSync(id)` | Verify by storage ID |
+| `client.signFile(path, embed?)` | `client.signFileSync(path, embed?)` | Sign a file |
+| `client.createAgreement(...)` | `client.createAgreementSync(...)` | Create multi-party agreement |
+| `client.signAgreement(...)` | `client.signAgreementSync(...)` | Sign an agreement |
+| `client.checkAgreement(...)` | `client.checkAgreementSync(...)` | Check agreement status |
+| `client.updateAgent(data)` | `client.updateAgentSync(data)` | Update agent document |
+| `client.updateDocument(id, data)` | `client.updateDocumentSync(id, data)` | Update a document |
+
+See [`examples/multi_agent_agreement.ts`](./examples/multi_agent_agreement.ts) for a complete multi-agent agreement demo.
+
+## Testing
+
+The `@hai.ai/jacs/testing` module provides zero-setup test helpers:
+
+```typescript
+import { createTestClient, createTestClientSync } from '@hai.ai/jacs/testing';
+
+// Async (preferred)
+const client = await createTestClient('ring-Ed25519');
+const signed = await client.signMessage({ hello: 'test' });
+const result = await client.verify(signed.raw);
+assert(result.valid);
+
+// Sync
+const client2 = createTestClientSync('ring-Ed25519');
+const signed2 = client2.signMessageSync({ hello: 'test' });
+const result2 = client2.verifySync(signed2.raw);
+assert(result2.valid);
+```
 
 ## HAI Integration
 
@@ -232,6 +515,7 @@ interface RemotePublicKeyInfo {
 
 - [JACS Book](https://humanassisted.github.io/JACS/) - Full documentation (published book)
 - [Quick Start](https://humanassisted.github.io/JACS/getting-started/quick-start.html)
+- [Verification Guide](https://humanassisted.github.io/JACS/getting-started/verification.html) - CLI, standalone, DNS verification
 - [Source](https://github.com/HumanAssisted/JACS) - GitHub repository
 - [HAI Developer Portal](https://hai.ai/dev)
 - [Examples](./examples/)

package/client.d.ts

@@ -0,0 +1,96 @@
+/**
+ * JACS Instance-Based Client API
+ *
+ * v0.7.0: Async-first API. All methods that call native JACS operations
+ * return Promises by default. Use `*Sync` variants for synchronous execution.
+ *
+ * @example
+ * ```typescript
+ * import { JacsClient } from '@hai.ai/jacs/client';
+ *
+ * const client = await JacsClient.quickstart({ algorithm: 'ring-Ed25519' });
+ * const signed = await client.signMessage({ action: 'approve' });
+ * const result = await client.verify(signed.raw);
+ * console.log(`Valid: ${result.valid}`);
+ * ```
+ */
+import { hashString, createConfig } from './index';
+import { generateVerifyLink, MAX_VERIFY_URL_LEN, MAX_VERIFY_DOCUMENT_BYTES } from './simple';
+import type { AgentInfo, SignedDocument, VerificationResult, Attachment, AgreementStatus, AuditOptions, QuickstartOptions, QuickstartInfo, CreateAgentOptions, LoadOptions } from './simple';
+export type { AgentInfo, SignedDocument, VerificationResult, Attachment, AgreementStatus, AuditOptions, QuickstartOptions, QuickstartInfo, CreateAgentOptions, LoadOptions, };
+export { hashString, createConfig, generateVerifyLink, MAX_VERIFY_URL_LEN, MAX_VERIFY_DOCUMENT_BYTES };
+export interface AgreementOptions {
+    question?: string;
+    context?: string;
+    fieldName?: string;
+    timeout?: string;
+    quorum?: number;
+    requiredAlgorithms?: string[];
+    minimumStrength?: string;
+}
+export interface JacsClientOptions {
+    configPath?: string;
+    algorithm?: string;
+    strict?: boolean;
+}
+export declare class JacsClient {
+    private agent;
+    private info;
+    private _strict;
+    constructor(options?: JacsClientOptions);
+    /**
+     * Zero-config factory: loads or creates a persistent agent.
+     */
+    static quickstart(options?: QuickstartOptions): Promise<JacsClient>;
+    /**
+     * Zero-config factory (sync variant).
+     */
+    static quickstartSync(options?: QuickstartOptions): JacsClient;
+    /**
+     * Create an ephemeral in-memory client for testing.
+     */
+    static ephemeral(algorithm?: string): Promise<JacsClient>;
+    /**
+     * Create an ephemeral in-memory client (sync variant).
+     */
+    static ephemeralSync(algorithm?: string): JacsClient;
+    load(configPath?: string, options?: LoadOptions): Promise<AgentInfo>;
+    loadSync(configPath?: string, options?: LoadOptions): AgentInfo;
+    create(options: CreateAgentOptions): Promise<AgentInfo>;
+    createSync(options: CreateAgentOptions): AgentInfo;
+    reset(): void;
+    dispose(): void;
+    [Symbol.dispose](): void;
+    get agentId(): string;
+    get name(): string;
+    get strict(): boolean;
+    private requireAgent;
+    signMessage(data: any): Promise<SignedDocument>;
+    signMessageSync(data: any): SignedDocument;
+    verify(signedDocument: string): Promise<VerificationResult>;
+    verifySync(signedDocument: string): VerificationResult;
+    verifySelf(): Promise<VerificationResult>;
+    verifySelfSync(): VerificationResult;
+    verifyById(documentId: string): Promise<VerificationResult>;
+    verifyByIdSync(documentId: string): VerificationResult;
+    signFile(filePath: string, embed?: boolean): Promise<SignedDocument>;
+    signFileSync(filePath: string, embed?: boolean): SignedDocument;
+    createAgreement(document: any, agentIds: string[], options?: AgreementOptions): Promise<SignedDocument>;
+    createAgreementSync(document: any, agentIds: string[], options?: AgreementOptions): SignedDocument;
+    signAgreement(document: any, fieldName?: string): Promise<SignedDocument>;
+    signAgreementSync(document: any, fieldName?: string): SignedDocument;
+    checkAgreement(document: any, fieldName?: string): Promise<AgreementStatus>;
+    checkAgreementSync(document: any, fieldName?: string): AgreementStatus;
+    updateAgent(newAgentData: any): Promise<string>;
+    updateAgentSync(newAgentData: any): string;
+    updateDocument(documentId: string, newDocumentData: any, attachments?: string[], embed?: boolean): Promise<SignedDocument>;
+    updateDocumentSync(documentId: string, newDocumentData: any, attachments?: string[], embed?: boolean): SignedDocument;
+    trustAgent(agentJson: string): string;
+    listTrustedAgents(): string[];
+    untrustAgent(agentId: string): void;
+    isTrusted(agentId: string): boolean;
+    getTrustedAgent(agentId: string): string;
+    audit(options?: AuditOptions): Promise<Record<string, unknown>>;
+    auditSync(options?: AuditOptions): Record<string, unknown>;
+    generateVerifyLink(document: string, baseUrl?: string): string;
+}