@hol-org/rb-client 0.1.172 → 0.1.173

package/dist/index.js

@@ -1,8 +1,7 @@
-// ../../src/services/registry-broker/client/encryption.ts
-import * as path from "path";
-import { Buffer as Buffer2 } from "buffer";
-import { randomBytes } from "crypto";
-import { secp256k1 } from "@noble/curves/secp256k1.js";
+// ../../src/services/registry-broker/client/base-client.ts
+import { Buffer as Buffer5 } from "buffer";
+import { secp256k1 as secp256k12 } from "@noble/curves/secp256k1.js";
+import { ZodError } from "zod";
 
 // ../../src/services/registry-broker/schemas.ts
 import { z as z2 } from "zod";
@@ -1582,296 +1581,182 @@ var skillVerificationDomainProofVerifyResponseSchema = z2.object({
   signal: skillVerificationDomainProofSignalSchema
 }).passthrough();
 
-// ../../src/utils/is-browser.ts
-var isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined";
-
-// ../../src/utils/dynamic-import.ts
-var nodeRequire;
-function isModuleNotFound(specifier, error) {
-  if (!error || typeof error !== "object") {
+// ../../src/services/registry-broker/client/chat-history.ts
+import { Buffer as Buffer2 } from "buffer";
+function identitiesMatch(a, b) {
+  if (!a && !b) {
+    return true;
+  }
+  if (!a || !b) {
     return false;
   }
-  const code = Reflect.get(error, "code");
-  const message = Reflect.get(error, "message");
-  const messageText = typeof message === "string" ? message : "";
-  if (typeof code === "string" && code.includes("MODULE_NOT_FOUND")) {
-    return messageText.includes(specifier);
+  if (a.uaid && b.uaid && a.uaid.toLowerCase() === b.uaid.toLowerCase()) {
+    return true;
   }
-  if (messageText) {
-    const lowered = messageText.toLowerCase();
-    if (lowered.includes("cannot find module") || lowered.includes("module not found") || lowered.includes("cannot find package")) {
-      return lowered.includes(specifier.toLowerCase());
-    }
+  if (a.ledgerAccountId && b.ledgerAccountId && a.ledgerAccountId.toLowerCase() === b.ledgerAccountId.toLowerCase()) {
+    return true;
+  }
+  if (a.userId && b.userId && a.userId === b.userId) {
+    return true;
+  }
+  if (a.email && b.email && a.email.toLowerCase() === b.email.toLowerCase()) {
+    return true;
   }
   return false;
 }
-async function resolveNodeRequire() {
-  if (nodeRequire !== void 0) {
-    return nodeRequire;
+async function fetchHistorySnapshot(conversationContexts, client, sessionId, options) {
+  if (!sessionId || sessionId.trim().length === 0) {
+    throw new Error("sessionId is required to fetch chat history");
   }
-  if (isBrowser) {
-    nodeRequire = null;
-    return nodeRequire;
+  const raw = await client.requestJson(
+    `/chat/session/${encodeURIComponent(sessionId)}/history`,
+    {
+      method: "GET"
+    }
+  );
+  const snapshot = client.parseWithSchema(
+    raw,
+    chatHistorySnapshotResponseSchema,
+    "chat history snapshot response"
+  );
+  return attachDecryptedHistory(
+    conversationContexts,
+    client,
+    sessionId,
+    snapshot,
+    options
+  );
+}
+function attachDecryptedHistory(conversationContexts, client, sessionId, snapshot, options) {
+  const shouldDecrypt = options?.decrypt !== void 0 ? options.decrypt : client.encryptionOptions?.autoDecryptHistory === true;
+  if (!shouldDecrypt) {
+    return snapshot;
   }
-  try {
-    const globalObject = typeof global !== "undefined" ? global : globalThis;
-    const req = globalObject.process?.mainModule?.require ?? globalObject.require;
-    nodeRequire = typeof req === "function" && typeof req.resolve === "function" ? req : null;
-  } catch {
-    nodeRequire = null;
+  const requiresContext = snapshot.history.some(
+    (entry) => Boolean(entry.cipherEnvelope)
+  );
+  if (!requiresContext) {
+    return {
+      ...snapshot,
+      decryptedHistory: snapshot.history.map((entry) => ({
+        entry,
+        plaintext: entry.content
+      }))
+    };
   }
-  return nodeRequire;
+  const context = resolveDecryptionContext(
+    conversationContexts,
+    client,
+    sessionId,
+    options
+  );
+  if (!context) {
+    throw new Error(
+      "Unable to decrypt chat history: encryption context unavailable"
+    );
+  }
+  const decryptedHistory = snapshot.history.map((entry) => ({
+    entry,
+    plaintext: decryptHistoryEntryFromContext(client, entry, context)
+  }));
+  return { ...snapshot, decryptedHistory };
 }
-async function dynamicImport(specifier) {
-  try {
-    return await import(specifier);
-  } catch (error) {
-    if (isModuleNotFound(specifier, error)) {
-      return null;
-    }
-    throw error;
+function registerConversationContextForEncryption(conversationContexts, context) {
+  const normalized = {
+    sessionId: context.sessionId,
+    sharedSecret: Buffer2.from(context.sharedSecret),
+    identity: context.identity ? { ...context.identity } : void 0
+  };
+  const entries = conversationContexts.get(context.sessionId) ?? [];
+  const existingIndex = entries.findIndex(
+    (existing) => identitiesMatch(existing.identity, normalized.identity)
+  );
+  if (existingIndex >= 0) {
+    entries[existingIndex] = normalized;
+  } else {
+    entries.push(normalized);
   }
+  conversationContexts.set(context.sessionId, entries);
 }
-async function optionalImport(specifier, options = {}) {
-  if (isBrowser) {
-    return dynamicImport(specifier);
+function resolveDecryptionContext(conversationContexts, client, sessionId, options) {
+  if (options?.sharedSecret) {
+    return {
+      sessionId,
+      sharedSecret: client.normalizeSharedSecret(options.sharedSecret),
+      identity: options.identity
+    };
   }
-  if (!options.preferImport) {
-    const requireFn = await resolveNodeRequire();
-    if (requireFn) {
-      try {
-        return requireFn(specifier);
-      } catch (error) {
-        if (!isModuleNotFound(specifier, error)) {
-          throw error;
-        }
-      }
+  const contexts = conversationContexts.get(sessionId);
+  if (!contexts || contexts.length === 0) {
+    return null;
+  }
+  if (options?.identity) {
+    const match = contexts.find(
+      (context) => identitiesMatch(context.identity, options.identity)
+    );
+    if (match) {
+      return match;
     }
   }
-  return dynamicImport(specifier);
+  return contexts[0];
 }
-function optionalImportSync(specifier) {
-  if (isBrowser) {
-    return null;
+function decryptHistoryEntryFromContext(client, entry, context) {
+  const envelope = entry.cipherEnvelope;
+  if (!envelope) {
+    return entry.content;
   }
+  const secret = Buffer2.from(context.sharedSecret);
   try {
-    const globalObject = typeof global !== "undefined" ? global : globalThis;
-    const req = globalObject.process?.mainModule?.require ?? globalObject.require;
-    if (typeof req === "function" && typeof req.resolve === "function") {
-      return req(specifier);
-    }
-  } catch (error) {
-    if (!isModuleNotFound(specifier, error)) {
-      throw error;
-    }
+    return client.encryption.decryptCipherEnvelope({
+      envelope,
+      sharedSecret: secret
+    });
+  } catch (_error) {
+    return null;
   }
-  return null;
 }
 
-// ../../src/services/registry-broker/client/encryption.ts
-var getFs = async () => {
-  const fsModule = await optionalImport("node:fs");
-  if (fsModule && typeof fsModule.existsSync === "function" && typeof fsModule.readFileSync === "function" && typeof fsModule.writeFileSync === "function" && typeof fsModule.appendFileSync === "function") {
-    return fsModule;
+// ../../src/services/registry-broker/client/utils.ts
+var DEFAULT_USER_AGENT = "@hol-org/rb-client";
+var DEFAULT_PROGRESS_INTERVAL_MS = 1500;
+var DEFAULT_PROGRESS_TIMEOUT_MS = 5 * 60 * 1e3;
+var DEFAULT_BASE_URL = "https://hol.org/registry/api/v1";
+var JSON_CONTENT_TYPE = /application\/json/i;
+var DEFAULT_HISTORY_TOP_UP_HBAR = 0.25;
+var MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS = 1;
+var stripTrailingSlashes = (value) => {
+  let end = value.length;
+  while (end > 0 && value.charCodeAt(end - 1) === 47) {
+    end -= 1;
   }
-  return null;
+  return end === value.length ? value : value.slice(0, end);
 };
-async function registerEncryptionKey(client, payload) {
-  const raw = await client.requestJson("/encryption/keys", {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: payload
-  });
-  return client.parseWithSchema(
-    raw,
-    registerEncryptionKeyResponseSchema,
-    "register encryption key response"
-  );
-}
-function normalizeAutoRegisterIdentity(config) {
-  const identity = {};
-  if (config.uaid) {
-    identity.uaid = config.uaid;
-  }
-  if (config.ledgerAccountId) {
-    identity.ledgerAccountId = config.ledgerAccountId;
-    if (config.ledgerNetwork) {
-      identity.ledgerNetwork = config.ledgerNetwork;
-    }
+var createAbortError = () => typeof DOMException === "function" ? new DOMException("Aborted", "AbortError") : new Error("The operation was aborted");
+var normaliseHeaderName = (name) => name.trim().toLowerCase();
+var isBrowserRuntime = () => typeof window !== "undefined" && typeof window.fetch === "function";
+var toJsonValue = (value) => {
+  if (value === null) {
+    return null;
   }
-  if (config.email) {
-    identity.email = config.email;
+  if (value instanceof Date) {
+    return value.toISOString();
   }
-  if (identity.uaid || identity.ledgerAccountId || identity.email) {
-    return identity;
+  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+    return value;
   }
-  return null;
-}
-function derivePublicKeyFromPrivateKey(client, privateKey) {
-  const normalized = client.hexToBuffer(privateKey);
-  const publicKey = secp256k1.getPublicKey(normalized, true);
-  return Buffer2.from(publicKey).toString("hex");
-}
-async function resolveAutoRegisterKeyMaterial(client, config) {
-  if (config.publicKey?.trim()) {
-    return { publicKey: config.publicKey.trim() };
+  if (Array.isArray(value)) {
+    return value.map((item) => item === void 0 ? null : toJsonValue(item));
   }
-  let privateKey = config.privateKey?.trim();
-  const envVar = config.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
-  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {
-    privateKey = process.env[envVar]?.trim();
-  }
-  if (!privateKey && config.generateIfMissing) {
-    const pair = await client.generateEncryptionKeyPair({
-      keyType: config.keyType ?? "secp256k1",
-      envVar,
-      envPath: config.envPath,
-      overwrite: config.overwriteEnv
-    });
-    return { publicKey: pair.publicKey, privateKey: pair.privateKey };
-  }
-  if (privateKey) {
-    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);
-    return { publicKey, privateKey };
-  }
-  return null;
-}
-async function autoRegisterEncryptionKey(client, config) {
-  const identity = normalizeAutoRegisterIdentity(config);
-  if (!identity) {
-    throw new Error(
-      "Auto-registration requires uaid, ledgerAccountId, or email"
-    );
-  }
-  const material = await resolveAutoRegisterKeyMaterial(client, config);
-  if (!material) {
-    throw new Error(
-      "Unable to resolve encryption public key for auto-registration"
-    );
-  }
-  await registerEncryptionKey(client, {
-    keyType: config.keyType ?? "secp256k1",
-    publicKey: material.publicKey,
-    ...identity
-  });
-  return material;
-}
-async function ensureAgentEncryptionKey(client, options) {
-  return autoRegisterEncryptionKey(client, {
-    ...options,
-    uaid: options.uaid,
-    enabled: true
-  });
-}
-function createEncryptionApi(client) {
-  return {
-    registerKey: (payload) => registerEncryptionKey(client, payload),
-    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),
-    deriveSharedSecret: (options) => client.deriveSharedSecret(options),
-    encryptCipherEnvelope: (options) => client.buildCipherEnvelope(options),
-    decryptCipherEnvelope: (options) => client.openCipherEnvelope(options),
-    ensureAgentKey: (options) => ensureAgentEncryptionKey(client, options)
-  };
-}
-async function bootstrapEncryptionOptions(client, options) {
-  if (!options?.autoRegister || options.autoRegister.enabled === false) {
-    return null;
-  }
-  return autoRegisterEncryptionKey(client, options.autoRegister);
-}
-async function generateEncryptionKeyPair(client, options = {}) {
-  client.assertNodeRuntime("generateEncryptionKeyPair");
-  const keyType = options.keyType ?? "secp256k1";
-  if (keyType !== "secp256k1") {
-    throw new Error("Only secp256k1 key generation is supported currently");
-  }
-  const privateKeyBytes = randomBytes(32);
-  const privateKey = Buffer2.from(privateKeyBytes).toString("hex");
-  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);
-  const publicKey = Buffer2.from(publicKeyBytes).toString("hex");
-  const envVar = options.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
-  const resolvedPath = options.envPath ? path.resolve(options.envPath) : void 0;
-  if (resolvedPath) {
-    const fsModule = await getFs();
-    if (!fsModule) {
-      throw new Error(
-        "File system module is not available; cannot write encryption key env file"
-      );
-    }
-    const envLine = `${envVar}=${privateKey}`;
-    if (fsModule.existsSync(resolvedPath)) {
-      const content = fsModule.readFileSync(resolvedPath, "utf-8");
-      const lineRegex = new RegExp(`^${envVar}=.*$`, "m");
-      if (lineRegex.test(content)) {
-        if (!options.overwrite) {
-          throw new Error(
-            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`
-          );
-        }
-        const updated = content.replace(lineRegex, envLine);
-        fsModule.writeFileSync(resolvedPath, updated);
-      } else {
-        const needsNewline = !content.endsWith("\n");
-        fsModule.appendFileSync(
-          resolvedPath,
-          `${needsNewline ? "\n" : ""}${envLine}
-`
-        );
-      }
-    } else {
-      fsModule.writeFileSync(resolvedPath, `${envLine}
-`);
-    }
-  }
-  return {
-    privateKey,
-    publicKey,
-    envPath: resolvedPath,
-    envVar
-  };
-}
-
-// ../../src/services/registry-broker/client/utils.ts
-var DEFAULT_USER_AGENT = "@hol-org/rb-client";
-var DEFAULT_PROGRESS_INTERVAL_MS = 1500;
-var DEFAULT_PROGRESS_TIMEOUT_MS = 5 * 60 * 1e3;
-var DEFAULT_BASE_URL = "https://hol.org/registry/api/v1";
-var JSON_CONTENT_TYPE = /application\/json/i;
-var DEFAULT_HISTORY_TOP_UP_HBAR = 0.25;
-var MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS = 1;
-var stripTrailingSlashes = (value) => {
-  let end = value.length;
-  while (end > 0 && value.charCodeAt(end - 1) === 47) {
-    end -= 1;
-  }
-  return end === value.length ? value : value.slice(0, end);
-};
-var createAbortError = () => typeof DOMException === "function" ? new DOMException("Aborted", "AbortError") : new Error("The operation was aborted");
-var normaliseHeaderName = (name) => name.trim().toLowerCase();
-var isBrowserRuntime = () => typeof window !== "undefined" && typeof window.fetch === "function";
-var toJsonValue = (value) => {
-  if (value === null) {
-    return null;
-  }
-  if (value instanceof Date) {
-    return value.toISOString();
-  }
-  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
-    return value;
-  }
-  if (Array.isArray(value)) {
-    return value.map((item) => item === void 0 ? null : toJsonValue(item));
-  }
-  if (typeof value === "object") {
-    const result = {};
-    Object.entries(value).forEach(
-      ([key, entryValue]) => {
-        if (entryValue !== void 0) {
-          result[key] = toJsonValue(entryValue);
-        }
-      }
-    );
-    return result;
+  if (typeof value === "object") {
+    const result = {};
+    Object.entries(value).forEach(
+      ([key, entryValue]) => {
+        if (entryValue !== void 0) {
+          result[key] = toJsonValue(entryValue);
+        }
+      }
+    );
+    return result;
   }
   throw new TypeError("Only JSON-compatible values are supported");
 };
@@ -2054,1926 +1939,2090 @@ function buildSearchQuery(params) {
   return queryString.length > 0 ? `?${queryString}` : "";
 }
 
-// ../../src/services/registry-broker/client/errors.ts
-var RegistryBrokerError = class extends Error {
-  constructor(message, details) {
-    super(message);
-    this.status = details.status;
-    this.statusText = details.statusText;
-    this.body = details.body;
-  }
-};
-var RegistryBrokerParseError = class extends Error {
-  constructor(message, cause, rawValue) {
-    super(message);
-    this.cause = cause;
-    this.rawValue = rawValue;
+// ../../src/services/registry-broker/client/encrypted-chat-manager.ts
+var EncryptionUnavailableError = class extends Error {
+  constructor(sessionId, summary) {
+    super("Encryption is not enabled for this session");
+    this.sessionId = sessionId;
+    this.summary = summary;
   }
 };
-
-// ../../src/services/registry-broker/client/search.ts
-function buildVectorFallbackSearchParams(request) {
-  const params = {
-    q: request.query
-  };
-  let effectiveLimit;
-  if (typeof request.limit === "number" && Number.isFinite(request.limit)) {
-    effectiveLimit = request.limit;
-    params.limit = request.limit;
-  }
-  if (typeof request.offset === "number" && Number.isFinite(request.offset) && request.offset > 0) {
-    const limit = effectiveLimit && effectiveLimit > 0 ? effectiveLimit : 20;
-    params.limit = limit;
-    params.page = Math.floor(request.offset / limit) + 1;
-  }
-  if (request.filter?.registry) {
-    params.registry = request.filter.registry;
+var EncryptedChatManager = class {
+  constructor(client) {
+    this.client = client;
   }
-  if (request.filter?.protocols?.length) {
-    params.protocols = [...request.filter.protocols];
+  registerConversationContext(context) {
+    this.client.registerConversationContextForEncryption(context);
   }
-  if (request.filter?.adapter?.length) {
-    params.adapters = [...request.filter.adapter];
+  async startSession(options) {
+    await this.client.encryptionReady();
+    const session = await this.client.chat.createSession({
+      uaid: options.uaid,
+      senderUaid: options.senderUaid,
+      encryptionRequested: true,
+      historyTtlSeconds: options.historyTtlSeconds,
+      auth: options.auth
+    });
+    options.onSessionCreated?.(session.sessionId);
+    const summary = session.encryption;
+    if (!summary?.enabled) {
+      throw new EncryptionUnavailableError(
+        session.sessionId,
+        session.encryption ?? null
+      );
+    }
+    const handle = await this.establishRequesterContext({
+      sessionId: session.sessionId,
+      summary,
+      senderUaid: options.senderUaid,
+      handshakeTimeoutMs: options.handshakeTimeoutMs,
+      pollIntervalMs: options.pollIntervalMs
+    });
+    return handle;
   }
-  if (request.filter?.capabilities?.length) {
-    params.capabilities = request.filter.capabilities.map(
-      (value) => typeof value === "number" ? value.toString(10) : value
+  async acceptSession(options) {
+    await this.client.encryptionReady();
+    const summary = await this.waitForEncryptionSummary(
+      options.sessionId,
+      options.handshakeTimeoutMs,
+      options.pollIntervalMs
     );
+    const handle = await this.establishResponderContext({
+      sessionId: options.sessionId,
+      summary,
+      responderUaid: options.responderUaid,
+      handshakeTimeoutMs: options.handshakeTimeoutMs,
+      pollIntervalMs: options.pollIntervalMs
+    });
+    return handle;
   }
-  if (request.filter?.type) {
-    params.type = request.filter.type;
-  }
-  return params;
-}
-function convertSearchResultToVectorResponse(result) {
-  const hits = result.hits.map((agent) => ({
-    agent,
-    score: 0,
-    highlights: {}
-  }));
-  const total = result.total;
-  const limit = result.limit;
-  const page = result.page;
-  const totalVisible = page * limit;
-  const limited = total > totalVisible || page > 1;
-  return {
-    hits,
-    total,
-    took: 0,
-    totalAvailable: total,
-    visible: hits.length,
-    limited,
-    credits_used: 0
-  };
-}
-async function search(client, params = {}) {
-  const query = buildSearchQuery(params);
-  const raw = await client.requestJson(`/search${query}`, {
-    method: "GET"
-  });
-  return client.parseWithSchema(raw, searchResponseSchema, "search response");
-}
-async function delegate(client, request) {
-  const raw = await client.requestJson("/delegate", {
-    method: "POST",
-    body: request,
-    headers: { "content-type": "application/json" }
-  });
-  return client.parseWithSchema(
-    raw,
-    delegationPlanResponseSchema,
-    "delegate response"
-  );
-}
-async function stats(client) {
-  const raw = await client.requestJson("/stats", { method: "GET" });
-  return client.parseWithSchema(raw, statsResponseSchema, "stats response");
-}
-async function registries(client) {
-  const raw = await client.requestJson("/registries", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    registriesResponseSchema,
-    "registries response"
-  );
-}
-async function getAdditionalRegistries(client) {
-  const raw = await client.requestJson(
-    "/register/additional-registries",
-    {
-      method: "GET"
+  async establishRequesterContext(params) {
+    const keyPair = this.client.encryption.generateEphemeralKeyPair();
+    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
+      role: "requester",
+      keyType: "secp256k1",
+      ephemeralPublicKey: keyPair.publicKey,
+      uaid: params.senderUaid ?? params.summary.requester?.uaid ?? void 0
+    });
+    const { summary, record } = await this.waitForHandshakeCompletion(
+      params.sessionId,
+      params.handshakeTimeoutMs,
+      params.pollIntervalMs
+    );
+    const responderKey = record.responder?.ephemeralPublicKey;
+    if (!responderKey) {
+      throw new Error("Responder handshake was not completed in time");
     }
-  );
-  return client.parseWithSchema(
-    raw,
-    additionalRegistryCatalogResponseSchema,
-    "additional registry catalog response"
-  );
-}
-async function popularSearches(client) {
-  const raw = await client.requestJson("/popular", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    popularResponseSchema,
-    "popular searches response"
-  );
-}
-async function listProtocols(client) {
-  const raw = await client.requestJson("/protocols", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    protocolsResponseSchema,
-    "protocols response"
-  );
-}
-async function detectProtocol(client, message) {
-  const raw = await client.requestJson("/detect-protocol", {
-    method: "POST",
-    body: { message },
-    headers: { "content-type": "application/json" }
-  });
-  return client.parseWithSchema(
-    raw,
-    detectProtocolResponseSchema,
-    "detect protocol response"
-  );
-}
-async function registrySearchByNamespace(client, registry, query) {
-  const params = new URLSearchParams();
-  if (query) {
-    params.set("q", query);
+    const sharedSecret = this.client.encryption.deriveSharedSecret({
+      privateKey: keyPair.privateKey,
+      peerPublicKey: responderKey
+    }).subarray();
+    const recipients = this.buildRecipients(summary);
+    return this.createHandle({
+      sessionId: params.sessionId,
+      sharedSecret,
+      summary,
+      recipients,
+      identity: summary.requester ?? void 0
+    });
   }
-  const suffix = params.size > 0 ? `?${params.toString()}` : "";
-  const raw = await client.requestJson(
-    `/registries/${encodeURIComponent(registry)}/search${suffix}`,
-    {
-      method: "GET"
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    registrySearchByNamespaceSchema,
-    "registry search response"
-  );
-}
-async function vectorSearch(client, request) {
-  try {
-    const raw = await client.requestJson("/search", {
-      method: "POST",
-      body: request,
-      headers: { "content-type": "application/json" }
+  async establishResponderContext(params) {
+    const keyPair = this.client.encryption.generateEphemeralKeyPair();
+    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
+      role: "responder",
+      keyType: "secp256k1",
+      ephemeralPublicKey: keyPair.publicKey,
+      uaid: params.responderUaid ?? params.summary.responder?.uaid ?? void 0
     });
-    return client.parseWithSchema(
-      raw,
-      vectorSearchResponseSchema,
-      "vector search response"
+    const { summary, record } = await this.waitForHandshakeCompletion(
+      params.sessionId,
+      params.handshakeTimeoutMs,
+      params.pollIntervalMs
     );
-  } catch (error) {
-    if (error instanceof RegistryBrokerError && error.status === 501) {
-      const fallback = await search(
-        client,
-        buildVectorFallbackSearchParams(request)
-      );
-      return convertSearchResultToVectorResponse(fallback);
+    const requesterKey = record.requester?.ephemeralPublicKey;
+    if (!requesterKey) {
+      throw new Error("Requester handshake was not detected in time");
     }
-    throw error;
-  }
-}
-async function searchStatus(client) {
-  const raw = await client.requestJson("/search/status", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    searchStatusResponseSchema,
-    "search status response"
-  );
-}
-async function websocketStats(client) {
-  const raw = await client.requestJson("/websocket/stats", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    websocketStatsResponseSchema,
-    "websocket stats response"
-  );
-}
-async function metricsSummary(client) {
-  const raw = await client.requestJson("/metrics", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    metricsSummaryResponseSchema,
-    "metrics summary response"
-  );
-}
-async function facets(client, adapter) {
-  const params = new URLSearchParams();
-  if (adapter) {
-    params.set("adapter", adapter);
+    const sharedSecret = this.client.encryption.deriveSharedSecret({
+      privateKey: keyPair.privateKey,
+      peerPublicKey: requesterKey
+    }).subarray();
+    const recipients = this.buildRecipients(summary);
+    return this.createHandle({
+      sessionId: params.sessionId,
+      sharedSecret,
+      summary,
+      recipients,
+      identity: summary.responder ?? void 0
+    });
   }
-  const suffix = params.size > 0 ? `?${params.toString()}` : "";
-  const raw = await client.requestJson(`/search/facets${suffix}`, {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    searchFacetsResponseSchema,
-    "search facets response"
-  );
-}
-
-// ../../src/services/registry-broker/client/adapters.ts
-async function adapters(client) {
-  const raw = await client.requestJson("/adapters", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    adaptersResponseSchema,
-    "adapters response"
-  );
-}
-async function adaptersDetailed(client) {
-  const raw = await client.requestJson("/adapters/details", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    adapterDetailsResponseSchema,
-    "adapter details response"
-  );
-}
-async function adapterRegistryCategories(client) {
-  const raw = await client.requestJson(
-    "/adapters/registry/categories",
-    {
-      method: "GET"
+  async waitForHandshakeCompletion(sessionId, timeoutMs = 3e4, pollIntervalMs = 1e3) {
+    const deadline = Date.now() + timeoutMs;
+    while (true) {
+      const status = await this.client.chat.getEncryptionStatus(sessionId);
+      const summary = status.encryption;
+      const record = summary?.handshake;
+      if (summary && record && record.status === "complete") {
+        return { summary, record };
+      }
+      if (Date.now() >= deadline) {
+        throw new Error("Timed out waiting for encrypted handshake completion");
+      }
+      await this.delay(pollIntervalMs);
     }
-  );
-  return client.parseWithSchema(
-    raw,
-    adapterRegistryCategoriesResponseSchema,
-    "adapter registry categories response"
-  );
-}
-async function adapterRegistryAdapters(client, filters = {}) {
-  const params = new URLSearchParams();
-  if (filters.category) {
-    params.set("category", filters.category);
   }
-  if (filters.entity) {
-    params.set("entity", filters.entity);
-  }
-  if (filters.keywords?.length) {
-    params.set("keywords", filters.keywords.join(","));
-  }
-  if (filters.query) {
-    params.set("query", filters.query);
-  }
-  if (typeof filters.limit === "number") {
-    params.set("limit", String(filters.limit));
-  }
-  if (typeof filters.offset === "number") {
-    params.set("offset", String(filters.offset));
-  }
-  const suffix = params.size > 0 ? `?${params.toString()}` : "";
-  const raw = await client.requestJson(
-    `/adapters/registry/adapters${suffix}`,
-    {
-      method: "GET"
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    adapterRegistryAdaptersResponseSchema,
-    "adapter registry adapters response"
-  );
-}
-async function createAdapterRegistryCategory(client, payload) {
-  const raw = await client.requestJson(
-    "/adapters/registry/categories",
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: toJsonObject(payload)
+  async waitForEncryptionSummary(sessionId, _timeoutMs = 3e4, _pollIntervalMs = 1e3) {
+    const status = await this.client.chat.getEncryptionStatus(sessionId);
+    if (!status.encryption?.enabled) {
+      throw new EncryptionUnavailableError(
+        sessionId,
+        status.encryption ?? null
+      );
     }
-  );
-  const parsed = client.parseWithSchema(
-    raw,
-    adapterRegistryCreateCategoryResponseSchema,
-    "adapter registry create category response"
-  );
-  return parsed.category;
-}
-async function submitAdapterRegistryAdapter(client, payload) {
-  const raw = await client.requestJson(
-    "/adapters/registry/adapters",
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: toJsonObject(payload)
+    return status.encryption;
+  }
+  buildRecipients(summary) {
+    const candidates = [summary.requester, summary.responder].filter(Boolean);
+    const normalized = candidates.map((candidate) => {
+      if (!candidate) {
+        return null;
+      }
+      const recipient = {};
+      if (candidate.uaid) {
+        recipient.uaid = candidate.uaid;
+      }
+      if (candidate.ledgerAccountId) {
+        recipient.ledgerAccountId = candidate.ledgerAccountId;
+      }
+      if (candidate.userId) {
+        recipient.userId = candidate.userId;
+      }
+      if (candidate.email) {
+        recipient.email = candidate.email;
+      }
+      return recipient;
+    }).filter(
+      (entry) => Boolean(
+        entry?.uaid || entry?.ledgerAccountId || entry?.userId || entry?.email
+      )
+    );
+    if (normalized.length > 0) {
+      return normalized;
     }
-  );
-  return client.parseWithSchema(
-    raw,
-    adapterRegistrySubmitAdapterAcceptedResponseSchema,
-    "adapter registry submit adapter response"
-  );
-}
-async function adapterRegistrySubmissionStatus(client, submissionId) {
-  const raw = await client.requestJson(
-    `/adapters/registry/submissions/${encodeURIComponent(submissionId)}`,
-    {
-      method: "GET"
+    if (summary.responder?.uaid) {
+      return [{ uaid: summary.responder.uaid }];
     }
-  );
-  return client.parseWithSchema(
-    raw,
-    adapterRegistrySubmissionStatusResponseSchema,
-    "adapter registry submission status response"
-  );
-}
-
-// ../../src/services/registry-broker/client/credits.ts
-async function loadX402Dependencies(client) {
-  const [{ default: axios }, x402Axios, x402Types] = await Promise.all([
-    import("axios"),
-    optionalImport("x402-axios"),
-    optionalImport("x402/types")
-  ]);
-  if (!x402Axios || !x402Types) {
-    throw new Error(
-      "x402-axios and x402/types are required for X402 flows. Install them to enable ledger payments."
-    );
+    return [];
   }
-  const withPaymentInterceptor = x402Axios.withPaymentInterceptor;
-  const decodePaymentResponse = x402Axios.decodeXPaymentResponse;
-  const createX402Signer = x402Types.createSigner;
-  const createPaymentClient = (walletClient) => {
-    const axiosClient = axios.create({
-      baseURL: client.baseUrl,
-      headers: {
-        ...client.getDefaultHeaders(),
-        "content-type": "application/json"
+  createHandle(context) {
+    const sharedSecret = context.sharedSecret;
+    const uaid = context.summary.requester?.uaid ?? context.summary.responder?.uaid ?? context.identity?.uaid;
+    const decryptHistoryEntry = (entry) => this.decryptEntry(entry, context.identity, sharedSecret);
+    const fetchHistory = async (options) => {
+      const snapshot = await this.client.fetchHistorySnapshot(
+        context.sessionId,
+        options
+      );
+      if (snapshot.decryptedHistory) {
+        return snapshot.decryptedHistory;
       }
+      return snapshot.history.map((entry) => ({
+        entry,
+        plaintext: decryptHistoryEntry(entry)
+      }));
+    };
+    const handle = {
+      sessionId: context.sessionId,
+      mode: "encrypted",
+      summary: context.summary,
+      send: async (options) => {
+        const recipients = options.recipients ?? context.recipients;
+        return this.client.chat.sendMessage({
+          sessionId: context.sessionId,
+          message: options.message ?? "[ciphertext omitted]",
+          streaming: options.streaming,
+          auth: options.auth,
+          uaid,
+          encryption: {
+            plaintext: options.plaintext,
+            sharedSecret: Buffer.from(sharedSecret),
+            recipients
+          }
+        });
+      },
+      decryptHistoryEntry,
+      fetchHistory
+    };
+    this.registerConversationContext({
+      sessionId: context.sessionId,
+      sharedSecret,
+      identity: context.identity
     });
-    const paymentClient = withPaymentInterceptor(axiosClient, walletClient);
-    return paymentClient;
-  };
-  return { createPaymentClient, decodePaymentResponse, createX402Signer };
-}
-function calculateHbarAmountParam(hbarAmount) {
-  const tinybars = Math.ceil(hbarAmount * 1e8);
-  if (tinybars <= 0) {
-    throw new Error("Calculated purchase amount must be positive");
+    return handle;
   }
-  return tinybars / 1e8;
-}
-async function purchaseCreditsWithHbar(client, params) {
-  const body = {
-    accountId: params.accountId,
-    payerKey: params.privateKey,
-    hbarAmount: calculateHbarAmountParam(params.hbarAmount)
-  };
-  if (params.memo) {
-    body.memo = params.memo;
+  decryptEntry(entry, identity, fallbackSecret) {
+    const envelope = entry.cipherEnvelope;
+    if (!envelope) {
+      return null;
+    }
+    const secret = Buffer.from(fallbackSecret);
+    try {
+      return this.client.encryption.decryptCipherEnvelope({
+        envelope,
+        sharedSecret: secret
+      });
+    } catch (_error) {
+      return null;
+    }
+  }
+  recipientMatches(candidate, target) {
+    if (target.uaid && candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()) {
+      return true;
+    }
+    if (target.ledgerAccountId && candidate.ledgerAccountId?.toLowerCase() === target.ledgerAccountId.toLowerCase()) {
+      return true;
+    }
+    if (target.userId && candidate.userId === target.userId) {
+      return true;
+    }
+    if (target.email && candidate.email?.toLowerCase() === target.email.toLowerCase()) {
+      return true;
+    }
+    return false;
   }
-  if (params.metadata) {
-    body.metadata = params.metadata;
+  async delay(ms) {
+    if (ms <= 0) {
+      return;
+    }
+    await new Promise((resolve) => setTimeout(resolve, ms));
   }
-  const raw = await client.requestJson("/credits/purchase", {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body
-  });
-  return client.parseWithSchema(
-    raw,
-    creditPurchaseResponseSchema,
-    "credit purchase response"
-  );
-}
-async function getX402Minimums(client) {
-  const raw = await client.requestJson(
-    "/credits/purchase/x402/minimums",
-    { method: "GET" }
-  );
-  return client.parseWithSchema(
-    raw,
-    x402MinimumsResponseSchema,
-    "x402 minimums response"
-  );
+};
+
+// ../../src/services/registry-broker/client/chat.ts
+function createChatApi(client, encryptedManager) {
+  return {
+    start: (options) => client.startChat(options),
+    createSession: (payload) => client.createSession(payload),
+    sendMessage: (payload) => client.sendMessage(payload),
+    endSession: (sessionId) => client.endSession(sessionId),
+    getHistory: (sessionId, options) => client.fetchHistorySnapshot(sessionId, options),
+    compactHistory: (payload) => client.compactHistory(payload),
+    getEncryptionStatus: (sessionId) => client.fetchEncryptionStatus(sessionId),
+    submitEncryptionHandshake: (sessionId, payload) => client.postEncryptionHandshake(sessionId, payload),
+    startConversation: (options) => client.startConversation(options),
+    acceptConversation: (options) => client.acceptConversation(options),
+    createEncryptedSession: (options) => encryptedManager.startSession(options),
+    acceptEncryptedSession: (options) => encryptedManager.acceptSession(options)
+  };
 }
-async function purchaseCreditsWithX402(client, params) {
-  const { createPaymentClient, decodePaymentResponse } = await loadX402Dependencies(client);
-  if (!Number.isFinite(params.credits) || params.credits <= 0) {
-    throw new Error("credits must be a positive number");
+async function createSession(client, payload, allowHistoryAutoTopUp = true) {
+  const body = {};
+  if ("uaid" in payload && payload.uaid) {
+    body.uaid = payload.uaid;
   }
-  if (params.usdAmount !== void 0 && (!Number.isFinite(params.usdAmount) || params.usdAmount <= 0)) {
-    throw new Error("usdAmount must be a positive number when provided");
+  if ("agentUrl" in payload && payload.agentUrl) {
+    body.agentUrl = payload.agentUrl;
   }
-  const body = {
-    accountId: params.accountId,
-    credits: params.credits
-  };
-  if (params.usdAmount !== void 0) {
-    body.usdAmount = params.usdAmount;
+  if (payload.auth) {
+    body.auth = serialiseAuthConfig(payload.auth);
   }
-  if (params.description) {
-    body.description = params.description;
+  if (payload.historyTtlSeconds !== void 0) {
+    body.historyTtlSeconds = payload.historyTtlSeconds;
   }
-  if (params.metadata) {
-    body.metadata = params.metadata;
+  if (payload.encryptionRequested !== void 0) {
+    body.encryptionRequested = payload.encryptionRequested;
   }
-  const paymentClient = createPaymentClient(params.walletClient);
-  const response = await paymentClient.post("/credits/purchase/x402", body);
-  const parsed = client.parseWithSchema(
-    response.data,
-    x402CreditPurchaseResponseSchema,
-    "x402 credit purchase response"
-  );
-  const responseHeaders = response.headers ?? {};
-  const paymentHeader = typeof responseHeaders["x-payment-response"] === "string" ? responseHeaders["x-payment-response"] : void 0;
-  const decodedPayment = paymentHeader !== void 0 ? decodePaymentResponse(paymentHeader) : void 0;
-  return {
-    ...parsed,
-    paymentResponseHeader: paymentHeader,
-    paymentResponse: decodedPayment
-  };
-}
-async function buyCreditsWithX402(client, params) {
-  const network = params.network ?? "base";
-  const { createX402Signer } = await loadX402Dependencies(client);
-  const normalizedKey = normalizeHexPrivateKey(params.evmPrivateKey);
-  const walletClient = await createX402Signer(network, normalizedKey);
-  return purchaseCreditsWithX402(client, {
-    accountId: params.accountId,
-    credits: params.credits,
-    usdAmount: params.usdAmount,
-    description: params.description,
-    metadata: params.metadata,
-    walletClient
-  });
-}
-
-// ../../src/services/registry-broker/client/agents.ts
-async function performRegisterAgent(client, payload) {
-  const raw = await client.requestJson("/register", {
-    method: "POST",
-    body: serialiseAgentRegistrationRequest(payload),
-    headers: { "content-type": "application/json" }
-  });
-  return client.parseWithSchema(
-    raw,
-    registerAgentResponseSchema,
-    "register agent response"
-  );
-}
-function calculateHbarAmount(creditsToPurchase, creditsPerHbar) {
-  if (creditsPerHbar <= 0) {
-    throw new Error("creditsPerHbar must be positive");
+  if (payload.senderUaid) {
+    body.senderUaid = payload.senderUaid;
   }
-  if (creditsToPurchase <= 0) {
-    throw new Error("creditsToPurchase must be positive");
+  try {
+    const raw = await client.requestJson("/chat/session", {
+      method: "POST",
+      body,
+      headers: { "content-type": "application/json" }
+    });
+    return client.parseWithSchema(
+      raw,
+      createSessionResponseSchema,
+      "chat session response"
+    );
+  } catch (error) {
+    const maybeError = error instanceof Error ? error : null;
+    if (allowHistoryAutoTopUp && client.shouldAutoTopUpHistory(payload, maybeError)) {
+      await client.executeHistoryAutoTopUp("chat.session");
+      return createSession(client, payload, false);
+    }
+    throw error;
   }
-  const rawHbar = creditsToPurchase / creditsPerHbar;
-  const tinybars = Math.ceil(rawHbar * 1e8);
-  return tinybars / 1e8;
 }
-function resolveCreditsToPurchase(shortfallCredits) {
-  if (!Number.isFinite(shortfallCredits) || shortfallCredits <= 0) {
-    return 0;
+async function startChat(client, encryptedManager, options) {
+  if ("uaid" in options && options.uaid) {
+    return startConversation(client, encryptedManager, {
+      uaid: options.uaid,
+      senderUaid: options.senderUaid,
+      historyTtlSeconds: options.historyTtlSeconds,
+      auth: options.auth,
+      encryption: options.encryption,
+      onSessionCreated: options.onSessionCreated
+    });
   }
-  return Math.max(
-    Math.ceil(shortfallCredits),
-    MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS
-  );
+  if ("agentUrl" in options && options.agentUrl) {
+    const session = await createSession(client, {
+      agentUrl: options.agentUrl,
+      auth: options.auth,
+      historyTtlSeconds: options.historyTtlSeconds,
+      senderUaid: options.senderUaid
+    });
+    options.onSessionCreated?.(session.sessionId);
+    return createPlaintextConversationHandle(
+      client,
+      session.sessionId,
+      session.encryption ?? null,
+      options.auth,
+      { agentUrl: options.agentUrl, uaid: options.uaid }
+    );
+  }
+  throw new Error("startChat requires either uaid or agentUrl");
 }
-async function ensureCreditsForRegistration(client, payload, autoTopUp) {
-  const details = autoTopUp ?? null;
-  if (!details) {
-    return;
+async function startConversation(client, encryptedManager, options) {
+  const preference = options.encryption?.preference ?? "preferred";
+  const requestEncryption = preference !== "disabled";
+  if (!requestEncryption) {
+    const session = await createSession(client, {
+      uaid: options.uaid,
+      auth: options.auth,
+      historyTtlSeconds: options.historyTtlSeconds,
+      senderUaid: options.senderUaid,
+      encryptionRequested: false
+    });
+    options.onSessionCreated?.(session.sessionId);
+    return createPlaintextConversationHandle(
+      client,
+      session.sessionId,
+      session.encryption ?? null,
+      options.auth,
+      { uaid: options.uaid }
+    );
   }
-  if (!details.accountId || !details.accountId.trim()) {
-    throw new Error("autoTopUp.accountId is required");
+  try {
+    const handle = await encryptedManager.startSession({
+      uaid: options.uaid,
+      senderUaid: options.senderUaid,
+      historyTtlSeconds: options.historyTtlSeconds,
+      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
+      pollIntervalMs: options.encryption?.pollIntervalMs,
+      onSessionCreated: (sessionId) => {
+        options.onSessionCreated?.(sessionId);
+      },
+      auth: options.auth
+    });
+    return handle;
+  } catch (error) {
+    if (error instanceof EncryptionUnavailableError) {
+      if (preference === "required") {
+        throw error;
+      }
+      return createPlaintextConversationHandle(
+        client,
+        error.sessionId,
+        error.summary ?? null,
+        options.auth,
+        { uaid: options.uaid }
+      );
+    }
+    throw error;
   }
-  if (!details.privateKey || !details.privateKey.trim()) {
-    throw new Error("autoTopUp.privateKey is required");
+}
+async function acceptConversation(client, encryptedManager, options) {
+  const preference = options.encryption?.preference ?? "preferred";
+  if (preference === "disabled") {
+    return createPlaintextConversationHandle(client, options.sessionId, null);
   }
-  for (let attempt = 0; attempt < 3; attempt += 1) {
-    const quote = await getRegistrationQuote(client, payload);
-    const shortfall = quote.shortfallCredits ?? 0;
-    if (shortfall <= 0) {
-      return;
-    }
-    const creditsToPurchase = resolveCreditsToPurchase(shortfall);
-    if (creditsToPurchase <= 0) {
-      return;
+  try {
+    const handle = await encryptedManager.acceptSession({
+      sessionId: options.sessionId,
+      responderUaid: options.responderUaid,
+      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
+      pollIntervalMs: options.encryption?.pollIntervalMs
+    });
+    return handle;
+  } catch (error) {
+    if (error instanceof EncryptionUnavailableError && preference !== "required") {
+      return createPlaintextConversationHandle(
+        client,
+        options.sessionId,
+        null,
+        void 0,
+        { uaid: options.responderUaid }
+      );
     }
-    const creditsPerHbar = quote.creditsPerHbar ?? null;
-    if (!creditsPerHbar || creditsPerHbar <= 0) {
-      throw new Error("Unable to determine credits per HBAR for auto top-up");
+    throw error;
+  }
+}
+function createPlaintextConversationHandle(client, sessionId, summary, defaultAuth, context) {
+  const uaid = context?.uaid?.trim();
+  const agentUrl = context?.agentUrl?.trim();
+  const fetchHistory = async (options) => {
+    const snapshot = await client.fetchHistorySnapshot(sessionId, options);
+    if (snapshot.decryptedHistory) {
+      return snapshot.decryptedHistory;
     }
-    const hbarAmount = calculateHbarAmount(creditsToPurchase, creditsPerHbar);
-    await purchaseCreditsWithHbar(client, {
-      accountId: details.accountId.trim(),
-      privateKey: details.privateKey.trim(),
-      hbarAmount,
-      memo: details.memo ?? "Registry Broker auto top-up",
-      metadata: {
-        shortfallCredits: shortfall,
-        requiredCredits: quote.requiredCredits,
-        purchasedCredits: creditsToPurchase
+    return snapshot.history.map((entry) => ({
+      entry,
+      plaintext: entry.content
+    }));
+  };
+  return {
+    sessionId,
+    mode: "plaintext",
+    summary: summary ?? null,
+    send: async (options) => {
+      const plaintext = options.plaintext;
+      if (!plaintext || plaintext.trim().length === 0) {
+        throw new Error("plaintext is required for chat messages");
       }
-    });
+      const message = options.message ?? plaintext;
+      return sendMessage(client, {
+        sessionId,
+        message,
+        streaming: options.streaming,
+        auth: options.auth ?? defaultAuth,
+        uaid,
+        agentUrl
+      });
+    },
+    decryptHistoryEntry: (entry) => entry.content,
+    fetchHistory
+  };
+}
+async function compactHistory(client, payload) {
+  if (!payload.sessionId || payload.sessionId.trim().length === 0) {
+    throw new Error("sessionId is required to compact chat history");
   }
-  const finalQuote = await getRegistrationQuote(client, payload);
-  if ((finalQuote.shortfallCredits ?? 0) > 0) {
-    throw new Error("Unable to purchase sufficient credits for registration");
+  const body = {};
+  if (typeof payload.preserveEntries === "number" && Number.isFinite(payload.preserveEntries) && payload.preserveEntries >= 0) {
+    body.preserveEntries = Math.floor(payload.preserveEntries);
   }
-}
-async function resolveUaid(client, uaid) {
   const raw = await client.requestJson(
-    `/resolve/${encodeURIComponent(uaid)}`,
+    `/chat/session/${encodeURIComponent(payload.sessionId)}/compact`,
     {
-      method: "GET"
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body
     }
   );
   return client.parseWithSchema(
     raw,
-    resolveResponseSchema,
-    "resolve UAID response"
+    chatHistoryCompactionResponseSchema,
+    "chat history compaction response"
   );
 }
-async function registerAgent(client, payload, options) {
-  const autoTopUp = options?.autoTopUp ?? client.registrationAutoTopUp;
-  if (!autoTopUp) {
-    return performRegisterAgent(client, payload);
+async function fetchEncryptionStatus(client, sessionId) {
+  if (!sessionId || sessionId.trim().length === 0) {
+    throw new Error("sessionId is required for encryption status");
   }
-  await ensureCreditsForRegistration(client, payload, autoTopUp);
-  let retried = false;
-  while (true) {
-    try {
-      return await performRegisterAgent(client, payload);
-    } catch (error) {
-      const shortfall = client.extractInsufficientCreditsDetails(error);
-      if (shortfall && !retried) {
-        await ensureCreditsForRegistration(client, payload, autoTopUp);
-        retried = true;
-        continue;
-      }
-      throw error;
+  const raw = await client.requestJson(
+    `/chat/session/${encodeURIComponent(sessionId)}/encryption`,
+    {
+      method: "GET"
     }
-  }
-}
-async function getRegistrationQuote(client, payload) {
-  const raw = await client.requestJson("/register/quote", {
-    method: "POST",
-    body: serialiseAgentRegistrationRequest(payload),
-    headers: { "content-type": "application/json" }
-  });
+  );
   return client.parseWithSchema(
     raw,
-    registrationQuoteResponseSchema,
-    "registration quote response"
+    sessionEncryptionStatusResponseSchema,
+    "session encryption status response"
   );
 }
-async function updateAgent(client, uaid, payload) {
+async function postEncryptionHandshake(client, sessionId, payload) {
+  if (!sessionId || sessionId.trim().length === 0) {
+    throw new Error("sessionId is required for encryption handshake");
+  }
   const raw = await client.requestJson(
-    `/register/${encodeURIComponent(uaid)}`,
+    `/chat/session/${encodeURIComponent(sessionId)}/encryption-handshake`,
     {
-      method: "PUT",
-      body: serialiseAgentRegistrationRequest(payload),
-      headers: { "content-type": "application/json" }
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: {
+        role: payload.role,
+        keyType: payload.keyType,
+        ephemeralPublicKey: payload.ephemeralPublicKey,
+        longTermPublicKey: payload.longTermPublicKey,
+        signature: payload.signature,
+        uaid: payload.uaid,
+        userId: payload.userId,
+        ledgerAccountId: payload.ledgerAccountId,
+        metadata: payload.metadata
+      }
     }
   );
-  return client.parseWithSchema(
+  const response = client.parseWithSchema(
     raw,
-    registerAgentResponseSchema,
-    "update agent response"
+    encryptionHandshakeResponseSchema,
+    "encryption handshake response"
   );
+  return response.handshake;
 }
-async function getRegistrationProgress(client, attemptId) {
-  const normalisedAttemptId = attemptId.trim();
-  if (!normalisedAttemptId) {
-    throw new Error("attemptId is required");
+async function sendMessage(client, payload) {
+  const body = {
+    message: payload.message
+  };
+  if (payload.streaming !== void 0) {
+    body.streaming = payload.streaming;
   }
-  try {
-    const raw = await client.requestJson(
-      `/register/progress/${encodeURIComponent(normalisedAttemptId)}`,
-      { method: "GET" }
-    );
-    const parsed = client.parseWithSchema(
-      raw,
-      registrationProgressResponseSchema,
-      "registration progress response"
-    );
-    return parsed.progress;
-  } catch (error) {
-    if (error instanceof RegistryBrokerError && error.status === 404) {
-      return null;
-    }
-    throw error;
+  if (payload.auth) {
+    body.auth = serialiseAuthConfig(payload.auth);
   }
-}
-async function waitForRegistrationCompletion(client, attemptId, options = {}) {
-  const normalisedAttemptId = attemptId.trim();
-  if (!normalisedAttemptId) {
-    throw new Error("attemptId is required");
+  if ("uaid" in payload) {
+    body.uaid = payload.uaid;
   }
-  const interval = Math.max(
-    250,
-    options.intervalMs ?? DEFAULT_PROGRESS_INTERVAL_MS
-  );
-  const timeoutMs = options.timeoutMs ?? DEFAULT_PROGRESS_TIMEOUT_MS;
-  const throwOnFailure = options.throwOnFailure ?? true;
-  const signal = options.signal;
-  const startedAt = Date.now();
-  while (true) {
-    if (signal?.aborted) {
-      throw createAbortError();
-    }
-    const progress = await client.getRegistrationProgress(normalisedAttemptId);
-    if (progress) {
-      options.onProgress?.(progress);
-      if (progress.status === "completed") {
-        return progress;
-      }
-      if (progress.status === "partial" || progress.status === "failed") {
-        if (throwOnFailure) {
-          throw new RegistryBrokerError(
-            "Registration did not complete successfully",
-            {
-              status: 409,
-              statusText: progress.status,
-              body: progress
-            }
-          );
-        }
-        return progress;
-      }
-    }
-    if (Date.now() - startedAt >= timeoutMs) {
+  if ("sessionId" in payload && payload.sessionId) {
+    body.sessionId = payload.sessionId;
+  }
+  if ("agentUrl" in payload && payload.agentUrl) {
+    body.agentUrl = payload.agentUrl;
+  }
+  let cipherEnvelope = payload.cipherEnvelope ?? null;
+  if (payload.encryption) {
+    const sessionIdForEncryption = payload.encryption.sessionId ?? (typeof body.sessionId === "string" ? body.sessionId : void 0);
+    if (!sessionIdForEncryption) {
       throw new Error(
-        `Registration progress polling timed out after ${timeoutMs}ms`
+        "sessionId is required when using encrypted chat payloads"
       );
     }
-    await client.delay(interval, signal);
-  }
-}
-async function validateUaid(client, uaid) {
-  const raw = await client.requestJson(
-    `/uaids/validate/${encodeURIComponent(uaid)}`,
-    {
-      method: "GET"
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    uaidValidationResponseSchema,
-    "UAID validation response"
-  );
-}
-async function getUaidConnectionStatus(client, uaid) {
-  const raw = await client.requestJson(
-    `/uaids/connections/${encodeURIComponent(uaid)}/status`,
-    {
-      method: "GET"
+    if (!payload.encryption.recipients?.length) {
+      throw new Error("recipients are required for encrypted chat payloads");
     }
-  );
+    cipherEnvelope = client.encryption.encryptCipherEnvelope({
+      ...payload.encryption,
+      sessionId: sessionIdForEncryption
+    });
+  }
+  if (cipherEnvelope) {
+    body.cipherEnvelope = toJsonObject(cipherEnvelope);
+  }
+  const raw = await client.requestJson("/chat/message", {
+    method: "POST",
+    body,
+    headers: { "content-type": "application/json" }
+  });
   return client.parseWithSchema(
     raw,
-    uaidConnectionStatusSchema,
-    "UAID connection status"
+    sendMessageResponseSchema,
+    "chat message response"
   );
 }
-async function closeUaidConnection(client, uaid) {
-  await client.request(`/uaids/connections/${encodeURIComponent(uaid)}`, {
+async function endSession(client, sessionId) {
+  await client.request(`/chat/session/${encodeURIComponent(sessionId)}`, {
     method: "DELETE"
   });
 }
-async function dashboardStats(client) {
-  const raw = await client.requestJson("/dashboard/stats", {
-    method: "GET"
-  });
-  return client.parseWithSchema(
-    raw,
-    dashboardStatsResponseSchema,
-    "dashboard stats response"
-  );
-}
 
-// ../../src/services/registry-broker/client/ledger-auth.ts
+// ../../src/services/registry-broker/client/encryption.ts
 import { Buffer as Buffer3 } from "buffer";
+import { secp256k1 } from "@noble/curves/secp256k1.js";
 
-// ../../src/services/registry-broker/ledger-network.ts
-var normalise = (value) => value.trim().toLowerCase();
-var HEDERA_NETWORK_ALIASES = /* @__PURE__ */ new Map([
-  ["hedera:mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
-  ["mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
-  ["hedera-mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
-  ["hedera_mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
-  ["hedera:testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
-  ["testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
-  ["hedera-testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
-  ["hedera_testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }]
-]);
-var EVM_NETWORK_CHAIN_IDS = {
-  abstract: 2741,
-  "abstract-testnet": 11124,
-  base: 8453,
-  "base-sepolia": 84532,
-  avalanche: 43114,
-  "avalanche-fuji": 43113,
-  iotex: 4689,
-  sei: 1329,
-  "sei-testnet": 1328,
-  polygon: 137,
-  "polygon-amoy": 80002,
-  peaq: 3338
-};
-var CHAIN_ID_TO_ALIAS = new Map(
-  Object.entries(EVM_NETWORK_CHAIN_IDS).map(([alias, id]) => [id, alias])
-);
-var parseChainId = (value) => {
-  if (/^eip155:\d+$/i.test(value)) {
-    return Number.parseInt(value.split(":")[1], 10);
-  }
-  if (/^\d+$/.test(value)) {
-    return Number.parseInt(value, 10);
-  }
-  return void 0;
-};
-var normaliseEvmNetwork = (value) => {
-  const trimmed = normalise(value);
-  let chainId = parseChainId(trimmed);
-  let alias;
-  if (chainId === void 0) {
-    const mapped = EVM_NETWORK_CHAIN_IDS[trimmed];
-    if (mapped !== void 0) {
-      chainId = mapped;
-      alias = trimmed;
+// ../../src/utils/is-browser.ts
+var isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined";
+
+// ../../src/utils/dynamic-import.ts
+var nodeRequire;
+var isNodeRuntime = () => typeof process !== "undefined" && Boolean(process.versions?.node);
+function getNodeRequireSync() {
+  try {
+    const moduleNamespace = process.getBuiltinModule?.("module");
+    if (typeof moduleNamespace?.createRequire === "function") {
+      const requireFromModule = moduleNamespace.createRequire(import.meta.url);
+      if (typeof requireFromModule.resolve === "function") {
+        return requireFromModule;
+      }
     }
-  } else if (CHAIN_ID_TO_ALIAS.has(chainId)) {
-    alias = CHAIN_ID_TO_ALIAS.get(chainId);
-  }
-  if (chainId === void 0) {
-    throw new Error(
-      'Unsupported EVM ledger network. Provide an alias like "base-sepolia" or a canonical eip155:<chainId> string.'
-    );
-  }
-  return {
-    canonical: `eip155:${chainId}`,
-    kind: "evm",
-    chainId,
-    legacyName: alias
-  };
-};
-var normaliseHederaNetwork = (value) => {
-  const trimmed = normalise(value);
-  const mapping = HEDERA_NETWORK_ALIASES.get(trimmed);
-  if (!mapping) {
-    throw new Error(
-      'Unsupported Hedera network. Use hedera:mainnet or hedera:testnet (legacy "mainnet"/"testnet" also accepted).'
-    );
-  }
-  return {
-    canonical: mapping.canonical,
-    kind: "hedera",
-    hederaNetwork: mapping.hederaNetwork
-  };
-};
-var canonicalizeLedgerNetwork = (network) => {
-  if (typeof network !== "string" || network.trim().length === 0) {
-    throw new Error("Ledger network is required.");
-  }
-  const trimmed = normalise(network);
-  if (trimmed.startsWith("hedera:") || trimmed.includes("hedera-") || trimmed.includes("hedera_") || trimmed === "mainnet" || trimmed === "testnet") {
-    return normaliseHederaNetwork(trimmed);
+    const globalObject = typeof global !== "undefined" ? global : globalThis;
+    const runtimeRequire = globalObject.process?.mainModule?.require ?? globalObject.require ?? Function('return typeof require === "function" ? require : undefined;')();
+    if (typeof runtimeRequire === "function" && typeof runtimeRequire.resolve === "function") {
+      return runtimeRequire;
+    }
+  } catch {
+    return null;
   }
-  return normaliseEvmNetwork(trimmed);
-};
-
-// ../../src/services/registry-broker/private-key-signer.ts
-var unsupported = (method) => new Error(`${method} is not supported by the in-memory signer`);
-var cachedSdk = null;
-var loadHashgraphSdk = () => {
-  if (cachedSdk) {
-    return cachedSdk;
+  return null;
+}
+function isModuleNotFound(specifier, error) {
+  if (!error || typeof error !== "object") {
+    return false;
   }
-  const resolved = optionalImportSync("@hashgraph/sdk");
-  if (resolved) {
-    cachedSdk = resolved;
-    return resolved;
+  const code = Reflect.get(error, "code");
+  const message = Reflect.get(error, "message");
+  const messageText = typeof message === "string" ? message : "";
+  if (typeof code === "string" && code.includes("MODULE_NOT_FOUND")) {
+    return messageText.includes(specifier);
   }
-  const message = "@hashgraph/sdk is required for ledger signing. Install it as a dependency to enable createPrivateKeySigner.";
-  throw new Error(message);
-};
-var loadHashgraphSdkAsync = async () => {
-  if (cachedSdk) {
-    return cachedSdk;
+  if (messageText) {
+    const lowered = messageText.toLowerCase();
+    if (lowered.includes("cannot find module") || lowered.includes("module not found") || lowered.includes("cannot find package")) {
+      return lowered.includes(specifier.toLowerCase());
+    }
   }
-  const resolved = await optionalImport("@hashgraph/sdk");
-  if (resolved) {
-    cachedSdk = resolved;
-    return resolved;
+  return false;
+}
+async function resolveNodeRequire() {
+  if (nodeRequire !== void 0) {
+    return nodeRequire;
   }
-  const message = "@hashgraph/sdk is required for ledger signing. Install it as a dependency to enable createPrivateKeySigner.";
-  throw new Error(message);
-};
-var buildSigner = (sdk, options) => {
-  const { AccountId, LedgerId, PrivateKey, SignerSignature } = sdk;
-  if (!options.privateKey) {
-    throw new Error("privateKey is required to create a ledger signer.");
+  if (isBrowser && !isNodeRuntime()) {
+    nodeRequire = null;
+    return nodeRequire;
   }
-  if (!options.accountId) {
-    throw new Error("accountId is required to create a ledger signer.");
+  try {
+    nodeRequire = getNodeRequireSync();
+  } catch {
+    nodeRequire = null;
   }
-  const accountId = AccountId.fromString(options.accountId);
-  const privateKey = PrivateKey.fromString(options.privateKey);
-  const ledgerId = LedgerId.fromString(options.network);
-  return {
-    getLedgerId: () => ledgerId,
-    getAccountId: () => accountId,
-    getAccountKey: () => privateKey.publicKey,
-    getNetwork: () => ({}),
-    getMirrorNetwork: () => [],
-    sign: async (messages) => Promise.all(
-      messages.map(async (message) => {
-        const signature = await privateKey.sign(message);
-        return new SignerSignature({
-          publicKey: privateKey.publicKey,
-          signature,
-          accountId
-        });
-      })
-    ),
-    getAccountBalance: async () => {
-      throw unsupported("getAccountBalance");
-    },
-    getAccountInfo: async () => {
-      throw unsupported("getAccountInfo");
-    },
-    getAccountRecords: async () => {
-      throw unsupported("getAccountRecords");
-    },
-    signTransaction: async (_) => {
-      throw unsupported("signTransaction");
-    },
-    checkTransaction: async (_) => {
-      throw unsupported("checkTransaction");
-    },
-    populateTransaction: async (_) => {
-      throw unsupported("populateTransaction");
-    },
-    call: async (_request) => {
-      throw unsupported("call");
-    }
-  };
-};
-var createPrivateKeySigner = (options) => buildSigner(loadHashgraphSdk(), options);
-var createPrivateKeySignerAsync = async (options) => buildSigner(await loadHashgraphSdkAsync(), options);
-
-// ../../src/services/registry-broker/client/ledger-auth.ts
-async function loadViemAccount(privateKey) {
+  return nodeRequire;
+}
+async function dynamicImport(specifier) {
   try {
-    const viem = await import("viem/accounts");
-    return viem.privateKeyToAccount(privateKey);
-  } catch (error) {
-    const err = new Error(
-      'EVM ledger authentication requires the optional dependency "viem". Install it to use evmPrivateKey flows.'
+    return await import(
+      /* webpackIgnore: true */
+      specifier
     );
-    err.cause = error;
-    throw err;
+  } catch (error) {
+    if (isModuleNotFound(specifier, error)) {
+      return null;
+    }
+    throw error;
+  }
+}
+async function optionalImport(specifier, options = {}) {
+  if (isBrowser && !isNodeRuntime()) {
+    return dynamicImport(specifier);
+  }
+  if (!options.preferImport) {
+    const requireFn = await resolveNodeRequire();
+    if (requireFn) {
+      try {
+        return requireFn(specifier);
+      } catch (error) {
+        if (!isModuleNotFound(specifier, error)) {
+          throw error;
+        }
+      }
+    }
   }
+  return dynamicImport(specifier);
 }
-async function resolveLedgerAuthSignature(message, options) {
-  if (typeof options.sign === "function") {
-    const result = await options.sign(message);
-    if (!result || typeof result.signature !== "string" || result.signature.length === 0) {
-      throw new Error("Custom ledger signer failed to produce a signature.");
+function optionalImportSync(specifier) {
+  if (isBrowser && !isNodeRuntime()) {
+    return null;
+  }
+  try {
+    const requireFn = getNodeRequireSync();
+    if (requireFn) {
+      return requireFn(specifier);
+    }
+  } catch (error) {
+    if (!isModuleNotFound(specifier, error)) {
+      throw error;
     }
-    return result;
   }
-  if (!options.signer || typeof options.signer.sign !== "function") {
-    throw new Error(
-      "Ledger authentication requires a Hedera Signer or custom sign function."
-    );
+  return null;
+}
+
+// ../../src/services/registry-broker/client/encryption.ts
+var getFs = async () => {
+  const fsModule = await optionalImport("node:fs") ?? await optionalImport("fs");
+  if (fsModule && typeof fsModule.existsSync === "function" && typeof fsModule.readFileSync === "function" && typeof fsModule.writeFileSync === "function" && typeof fsModule.appendFileSync === "function") {
+    return fsModule;
   }
-  const payload = Buffer3.from(message, "utf8");
-  const signatures = await options.signer.sign([payload]);
-  const signatureEntry = signatures?.[0];
-  if (!signatureEntry) {
-    throw new Error("Signer did not return any signatures.");
+  return null;
+};
+var getNodePath = async () => {
+  const pathModule = await optionalImport("node:path") ?? await optionalImport("path");
+  if (pathModule && typeof pathModule.resolve === "function") {
+    return pathModule;
   }
-  let derivedPublicKey;
-  if (signatureEntry.publicKey) {
-    derivedPublicKey = signatureEntry.publicKey.toString();
-  } else if (typeof options.signer.getAccountKey === "function") {
-    const accountKey = await options.signer.getAccountKey();
-    if (accountKey && typeof accountKey.toString === "function") {
-      derivedPublicKey = accountKey.toString();
-    }
+  return null;
+};
+var getNodeCrypto = async () => {
+  const cryptoModule = await optionalImport("node:crypto") ?? await optionalImport("crypto");
+  if (cryptoModule && typeof cryptoModule.randomBytes === "function") {
+    return cryptoModule;
   }
-  return {
-    signature: Buffer3.from(signatureEntry.signature).toString("base64"),
-    signatureKind: "raw",
-    publicKey: derivedPublicKey
-  };
-}
-async function createLedgerChallenge(client, payload) {
-  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
-  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
-  const raw = await client.requestJson("/auth/ledger/challenge", {
+  return null;
+};
+async function registerEncryptionKey(client, payload) {
+  const raw = await client.requestJson("/encryption/keys", {
     method: "POST",
     headers: { "content-type": "application/json" },
-    body: {
-      accountId: payload.accountId,
-      network
-    }
+    body: payload
   });
   return client.parseWithSchema(
     raw,
-    ledgerChallengeResponseSchema,
-    "ledger challenge response"
+    registerEncryptionKeyResponseSchema,
+    "register encryption key response"
   );
 }
-async function verifyLedgerChallenge(client, payload) {
-  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
-  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
-  const body = {
-    challengeId: payload.challengeId,
-    accountId: payload.accountId,
-    network,
-    signature: payload.signature
-  };
-  if (payload.signatureKind) {
-    body.signatureKind = payload.signatureKind;
+function normalizeAutoRegisterIdentity(config) {
+  const identity = {};
+  if (config.uaid) {
+    identity.uaid = config.uaid;
   }
-  if (payload.publicKey) {
-    body.publicKey = payload.publicKey;
+  if (config.ledgerAccountId) {
+    identity.ledgerAccountId = config.ledgerAccountId;
+    if (config.ledgerNetwork) {
+      identity.ledgerNetwork = config.ledgerNetwork;
+    }
   }
-  if (typeof payload.expiresInMinutes === "number") {
-    body.expiresInMinutes = payload.expiresInMinutes;
+  if (config.email) {
+    identity.email = config.email;
   }
-  const raw = await client.requestJson("/auth/ledger/verify", {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body
-  });
-  const result = client.parseWithSchema(
-    raw,
-    ledgerVerifyResponseSchema,
-    "ledger verification response"
-  );
-  client.setLedgerApiKey(result.key);
-  return result;
+  if (identity.uaid || identity.ledgerAccountId || identity.email) {
+    return identity;
+  }
+  return null;
 }
-async function authenticateWithLedger(client, options) {
-  const challenge = await client.createLedgerChallenge({
-    accountId: options.accountId,
-    network: options.network
+function derivePublicKeyFromPrivateKey(client, privateKey) {
+  const normalized = client.hexToBuffer(privateKey);
+  const publicKey = secp256k1.getPublicKey(normalized, true);
+  return Buffer3.from(publicKey).toString("hex");
+}
+async function resolveAutoRegisterKeyMaterial(client, config) {
+  if (config.publicKey?.trim()) {
+    return { publicKey: config.publicKey.trim() };
+  }
+  let privateKey = config.privateKey?.trim();
+  const envVar = config.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {
+    privateKey = process.env[envVar]?.trim();
+  }
+  if (!privateKey && config.generateIfMissing) {
+    const pair = await client.generateEncryptionKeyPair({
+      keyType: config.keyType ?? "secp256k1",
+      envVar,
+      envPath: config.envPath,
+      overwrite: config.overwriteEnv
+    });
+    return { publicKey: pair.publicKey, privateKey: pair.privateKey };
+  }
+  if (privateKey) {
+    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);
+    return { publicKey, privateKey };
+  }
+  return null;
+}
+async function autoRegisterEncryptionKey(client, config) {
+  const identity = normalizeAutoRegisterIdentity(config);
+  if (!identity) {
+    throw new Error(
+      "Auto-registration requires uaid, ledgerAccountId, or email"
+    );
+  }
+  const material = await resolveAutoRegisterKeyMaterial(client, config);
+  if (!material) {
+    throw new Error(
+      "Unable to resolve encryption public key for auto-registration"
+    );
+  }
+  await registerEncryptionKey(client, {
+    keyType: config.keyType ?? "secp256k1",
+    publicKey: material.publicKey,
+    ...identity
   });
-  const signed = await resolveLedgerAuthSignature(challenge.message, options);
-  const verification = await client.verifyLedgerChallenge({
-    challengeId: challenge.challengeId,
-    accountId: options.accountId,
-    network: options.network,
-    signature: signed.signature,
-    signatureKind: signed.signatureKind,
-    publicKey: signed.publicKey,
-    expiresInMinutes: options.expiresInMinutes
+  return material;
+}
+async function ensureAgentEncryptionKey(client, options) {
+  return autoRegisterEncryptionKey(client, {
+    ...options,
+    uaid: options.uaid,
+    enabled: true
   });
-  return verification;
 }
-async function authenticateWithLedgerCredentials(client, options) {
-  const {
-    accountId,
-    network,
-    signer,
-    sign,
-    hederaPrivateKey,
-    evmPrivateKey,
-    expiresInMinutes,
-    setAccountHeader = true,
-    label,
-    logger
-  } = options;
-  const resolvedNetwork = canonicalizeLedgerNetwork(network);
-  const labelSuffix = label ? ` for ${label}` : "";
-  const networkPayload = resolvedNetwork.canonical;
-  const authOptions = {
-    accountId,
-    network: networkPayload,
-    expiresInMinutes
+function createEncryptionApi(client) {
+  return {
+    registerKey: (payload) => registerEncryptionKey(client, payload),
+    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),
+    deriveSharedSecret: (options) => client.deriveSharedSecret(options),
+    encryptCipherEnvelope: (options) => client.buildCipherEnvelope(options),
+    decryptCipherEnvelope: (options) => client.openCipherEnvelope(options),
+    ensureAgentKey: (options) => ensureAgentEncryptionKey(client, options)
   };
-  if (sign) {
-    authOptions.sign = sign;
-  } else if (signer) {
-    authOptions.signer = signer;
-  } else if (hederaPrivateKey) {
-    if (resolvedNetwork.kind !== "hedera" || !resolvedNetwork.hederaNetwork) {
+}
+async function bootstrapEncryptionOptions(client, options) {
+  if (!options?.autoRegister || options.autoRegister.enabled === false) {
+    return null;
+  }
+  return autoRegisterEncryptionKey(client, options.autoRegister);
+}
+async function generateEncryptionKeyPair(client, options = {}) {
+  client.assertNodeRuntime("generateEncryptionKeyPair");
+  const keyType = options.keyType ?? "secp256k1";
+  if (keyType !== "secp256k1") {
+    throw new Error("Only secp256k1 key generation is supported currently");
+  }
+  const cryptoModule = await getNodeCrypto();
+  if (!cryptoModule) {
+    throw new Error(
+      "Node.js crypto module is not available; cannot generate encryption key pair"
+    );
+  }
+  const privateKeyBytes = cryptoModule.randomBytes(32);
+  const privateKey = Buffer3.from(privateKeyBytes).toString("hex");
+  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);
+  const publicKey = Buffer3.from(publicKeyBytes).toString("hex");
+  const envVar = options.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  const pathModule = options.envPath ? await getNodePath() : null;
+  const resolvedPath = options.envPath && pathModule ? pathModule.resolve(options.envPath) : void 0;
+  if (options.envPath && !resolvedPath) {
+    throw new Error(
+      "Node.js path module is not available; cannot resolve encryption key env path"
+    );
+  }
+  if (resolvedPath) {
+    const fsModule = await getFs();
+    if (!fsModule) {
       throw new Error(
-        "hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks."
+        "File system module is not available; cannot write encryption key env file"
       );
     }
-    authOptions.signer = await createPrivateKeySignerAsync({
-      accountId,
-      privateKey: hederaPrivateKey,
-      network: resolvedNetwork.hederaNetwork
-    });
-  } else if (evmPrivateKey) {
-    if (resolvedNetwork.kind !== "evm") {
-      throw new Error(
-        "evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>)."
-      );
+    const envLine = `${envVar}=${privateKey}`;
+    if (fsModule.existsSync(resolvedPath)) {
+      const content = fsModule.readFileSync(resolvedPath, "utf-8");
+      const lineRegex = new RegExp(`^${envVar}=.*$`, "m");
+      if (lineRegex.test(content)) {
+        if (!options.overwrite) {
+          throw new Error(
+            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`
+          );
+        }
+        const updated = content.replace(lineRegex, envLine);
+        fsModule.writeFileSync(resolvedPath, updated);
+      } else {
+        const needsNewline = !content.endsWith("\n");
+        fsModule.appendFileSync(
+          resolvedPath,
+          `${needsNewline ? "\n" : ""}${envLine}
+`
+        );
+      }
+    } else {
+      fsModule.writeFileSync(resolvedPath, `${envLine}
+`);
     }
-    const formattedKey = evmPrivateKey.startsWith("0x") ? evmPrivateKey : `0x${evmPrivateKey}`;
-    const account = await loadViemAccount(formattedKey);
-    authOptions.sign = async (message) => ({
-      signature: await account.signMessage({ message }),
-      signatureKind: "evm",
-      publicKey: account.publicKey
-    });
-  } else {
-    throw new Error(
-      "Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger."
-    );
   }
-  logger?.info?.(
-    `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`
+  return {
+    privateKey,
+    publicKey,
+    envPath: resolvedPath,
+    envVar
+  };
+}
+
+// ../../src/services/registry-broker/client/adapters.ts
+async function adapters(client) {
+  const raw = await client.requestJson("/adapters", {
+    method: "GET"
+  });
+  return client.parseWithSchema(
+    raw,
+    adaptersResponseSchema,
+    "adapters response"
   );
-  const verification = await client.authenticateWithLedger(authOptions);
-  if (setAccountHeader) {
-    client.setDefaultHeader("x-account-id", verification.accountId);
-  }
-  logger?.info?.(
-    `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}\u2026${verification.apiKey.lastFour}`
+}
+async function adaptersDetailed(client) {
+  const raw = await client.requestJson("/adapters/details", {
+    method: "GET"
+  });
+  return client.parseWithSchema(
+    raw,
+    adapterDetailsResponseSchema,
+    "adapter details response"
   );
-  return verification;
 }
-
-// ../../src/services/registry-broker/client/chat-history.ts
-import { Buffer as Buffer4 } from "buffer";
-function identitiesMatch(a, b) {
-  if (!a && !b) {
-    return true;
-  }
-  if (!a || !b) {
-    return false;
+async function adapterRegistryCategories(client) {
+  const raw = await client.requestJson(
+    "/adapters/registry/categories",
+    {
+      method: "GET"
+    }
+  );
+  return client.parseWithSchema(
+    raw,
+    adapterRegistryCategoriesResponseSchema,
+    "adapter registry categories response"
+  );
+}
+async function adapterRegistryAdapters(client, filters = {}) {
+  const params = new URLSearchParams();
+  if (filters.category) {
+    params.set("category", filters.category);
   }
-  if (a.uaid && b.uaid && a.uaid.toLowerCase() === b.uaid.toLowerCase()) {
-    return true;
+  if (filters.entity) {
+    params.set("entity", filters.entity);
   }
-  if (a.ledgerAccountId && b.ledgerAccountId && a.ledgerAccountId.toLowerCase() === b.ledgerAccountId.toLowerCase()) {
-    return true;
+  if (filters.keywords?.length) {
+    params.set("keywords", filters.keywords.join(","));
   }
-  if (a.userId && b.userId && a.userId === b.userId) {
-    return true;
+  if (filters.query) {
+    params.set("query", filters.query);
   }
-  if (a.email && b.email && a.email.toLowerCase() === b.email.toLowerCase()) {
-    return true;
+  if (typeof filters.limit === "number") {
+    params.set("limit", String(filters.limit));
   }
-  return false;
-}
-async function fetchHistorySnapshot(conversationContexts, client, sessionId, options) {
-  if (!sessionId || sessionId.trim().length === 0) {
-    throw new Error("sessionId is required to fetch chat history");
+  if (typeof filters.offset === "number") {
+    params.set("offset", String(filters.offset));
   }
+  const suffix = params.size > 0 ? `?${params.toString()}` : "";
   const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(sessionId)}/history`,
+    `/adapters/registry/adapters${suffix}`,
     {
       method: "GET"
     }
   );
-  const snapshot = client.parseWithSchema(
+  return client.parseWithSchema(
     raw,
-    chatHistorySnapshotResponseSchema,
-    "chat history snapshot response"
+    adapterRegistryAdaptersResponseSchema,
+    "adapter registry adapters response"
   );
-  return attachDecryptedHistory(
-    conversationContexts,
-    client,
-    sessionId,
-    snapshot,
-    options
+}
+async function createAdapterRegistryCategory(client, payload) {
+  const raw = await client.requestJson(
+    "/adapters/registry/categories",
+    {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: toJsonObject(payload)
+    }
   );
+  const parsed = client.parseWithSchema(
+    raw,
+    adapterRegistryCreateCategoryResponseSchema,
+    "adapter registry create category response"
+  );
+  return parsed.category;
 }
-function attachDecryptedHistory(conversationContexts, client, sessionId, snapshot, options) {
-  const shouldDecrypt = options?.decrypt !== void 0 ? options.decrypt : client.encryptionOptions?.autoDecryptHistory === true;
-  if (!shouldDecrypt) {
-    return snapshot;
-  }
-  const requiresContext = snapshot.history.some(
-    (entry) => Boolean(entry.cipherEnvelope)
+async function submitAdapterRegistryAdapter(client, payload) {
+  const raw = await client.requestJson(
+    "/adapters/registry/adapters",
+    {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: toJsonObject(payload)
+    }
   );
-  if (!requiresContext) {
-    return {
-      ...snapshot,
-      decryptedHistory: snapshot.history.map((entry) => ({
-        entry,
-        plaintext: entry.content
-      }))
-    };
-  }
-  const context = resolveDecryptionContext(
-    conversationContexts,
-    client,
-    sessionId,
-    options
+  return client.parseWithSchema(
+    raw,
+    adapterRegistrySubmitAdapterAcceptedResponseSchema,
+    "adapter registry submit adapter response"
   );
-  if (!context) {
+}
+async function adapterRegistrySubmissionStatus(client, submissionId) {
+  const raw = await client.requestJson(
+    `/adapters/registry/submissions/${encodeURIComponent(submissionId)}`,
+    {
+      method: "GET"
+    }
+  );
+  return client.parseWithSchema(
+    raw,
+    adapterRegistrySubmissionStatusResponseSchema,
+    "adapter registry submission status response"
+  );
+}
+
+// ../../src/services/registry-broker/client/credits.ts
+async function loadX402Dependencies(client) {
+  const [{ default: axios }, x402Axios, x402Types] = await Promise.all([
+    import("axios"),
+    optionalImport("x402-axios"),
+    optionalImport("x402/types")
+  ]);
+  if (!x402Axios || !x402Types) {
     throw new Error(
-      "Unable to decrypt chat history: encryption context unavailable"
+      "x402-axios and x402/types are required for X402 flows. Install them to enable ledger payments."
     );
   }
-  const decryptedHistory = snapshot.history.map((entry) => ({
-    entry,
-    plaintext: decryptHistoryEntryFromContext(client, entry, context)
-  }));
-  return { ...snapshot, decryptedHistory };
+  const withPaymentInterceptor = x402Axios.withPaymentInterceptor;
+  const decodePaymentResponse = x402Axios.decodeXPaymentResponse;
+  const createX402Signer = x402Types.createSigner;
+  const createPaymentClient = (walletClient) => {
+    const axiosClient = axios.create({
+      baseURL: client.baseUrl,
+      headers: {
+        ...client.getDefaultHeaders(),
+        "content-type": "application/json"
+      }
+    });
+    const paymentClient = withPaymentInterceptor(axiosClient, walletClient);
+    return paymentClient;
+  };
+  return { createPaymentClient, decodePaymentResponse, createX402Signer };
 }
-function registerConversationContextForEncryption(conversationContexts, context) {
-  const normalized = {
-    sessionId: context.sessionId,
-    sharedSecret: Buffer4.from(context.sharedSecret),
-    identity: context.identity ? { ...context.identity } : void 0
+function calculateHbarAmountParam(hbarAmount) {
+  const tinybars = Math.ceil(hbarAmount * 1e8);
+  if (tinybars <= 0) {
+    throw new Error("Calculated purchase amount must be positive");
+  }
+  return tinybars / 1e8;
+}
+async function purchaseCreditsWithHbar(client, params) {
+  const body = {
+    accountId: params.accountId,
+    payerKey: params.privateKey,
+    hbarAmount: calculateHbarAmountParam(params.hbarAmount)
   };
-  const entries = conversationContexts.get(context.sessionId) ?? [];
-  const existingIndex = entries.findIndex(
-    (existing) => identitiesMatch(existing.identity, normalized.identity)
+  if (params.memo) {
+    body.memo = params.memo;
+  }
+  if (params.metadata) {
+    body.metadata = params.metadata;
+  }
+  const raw = await client.requestJson("/credits/purchase", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body
+  });
+  return client.parseWithSchema(
+    raw,
+    creditPurchaseResponseSchema,
+    "credit purchase response"
+  );
+}
+async function getX402Minimums(client) {
+  const raw = await client.requestJson(
+    "/credits/purchase/x402/minimums",
+    { method: "GET" }
+  );
+  return client.parseWithSchema(
+    raw,
+    x402MinimumsResponseSchema,
+    "x402 minimums response"
   );
-  if (existingIndex >= 0) {
-    entries[existingIndex] = normalized;
-  } else {
-    entries.push(normalized);
-  }
-  conversationContexts.set(context.sessionId, entries);
 }
-function resolveDecryptionContext(conversationContexts, client, sessionId, options) {
-  if (options?.sharedSecret) {
-    return {
-      sessionId,
-      sharedSecret: client.normalizeSharedSecret(options.sharedSecret),
-      identity: options.identity
-    };
+async function purchaseCreditsWithX402(client, params) {
+  const { createPaymentClient, decodePaymentResponse } = await loadX402Dependencies(client);
+  if (!Number.isFinite(params.credits) || params.credits <= 0) {
+    throw new Error("credits must be a positive number");
   }
-  const contexts = conversationContexts.get(sessionId);
-  if (!contexts || contexts.length === 0) {
-    return null;
+  if (params.usdAmount !== void 0 && (!Number.isFinite(params.usdAmount) || params.usdAmount <= 0)) {
+    throw new Error("usdAmount must be a positive number when provided");
   }
-  if (options?.identity) {
-    const match = contexts.find(
-      (context) => identitiesMatch(context.identity, options.identity)
-    );
-    if (match) {
-      return match;
-    }
+  const body = {
+    accountId: params.accountId,
+    credits: params.credits
+  };
+  if (params.usdAmount !== void 0) {
+    body.usdAmount = params.usdAmount;
   }
-  return contexts[0];
-}
-function decryptHistoryEntryFromContext(client, entry, context) {
-  const envelope = entry.cipherEnvelope;
-  if (!envelope) {
-    return entry.content;
+  if (params.description) {
+    body.description = params.description;
   }
-  const secret = Buffer4.from(context.sharedSecret);
-  try {
-    return client.encryption.decryptCipherEnvelope({
-      envelope,
-      sharedSecret: secret
-    });
-  } catch (_error) {
-    return null;
+  if (params.metadata) {
+    body.metadata = params.metadata;
   }
+  const paymentClient = createPaymentClient(params.walletClient);
+  const response = await paymentClient.post("/credits/purchase/x402", body);
+  const parsed = client.parseWithSchema(
+    response.data,
+    x402CreditPurchaseResponseSchema,
+    "x402 credit purchase response"
+  );
+  const responseHeaders = response.headers ?? {};
+  const paymentHeader = typeof responseHeaders["x-payment-response"] === "string" ? responseHeaders["x-payment-response"] : void 0;
+  const decodedPayment = paymentHeader !== void 0 ? decodePaymentResponse(paymentHeader) : void 0;
+  return {
+    ...parsed,
+    paymentResponseHeader: paymentHeader,
+    paymentResponse: decodedPayment
+  };
+}
+async function buyCreditsWithX402(client, params) {
+  const network = params.network ?? "base";
+  const { createX402Signer } = await loadX402Dependencies(client);
+  const normalizedKey = normalizeHexPrivateKey(params.evmPrivateKey);
+  const walletClient = await createX402Signer(network, normalizedKey);
+  return purchaseCreditsWithX402(client, {
+    accountId: params.accountId,
+    credits: params.credits,
+    usdAmount: params.usdAmount,
+    description: params.description,
+    metadata: params.metadata,
+    walletClient
+  });
 }
 
-// ../../src/services/registry-broker/client/encrypted-chat-manager.ts
-var EncryptionUnavailableError = class extends Error {
-  constructor(sessionId, summary) {
-    super("Encryption is not enabled for this session");
-    this.sessionId = sessionId;
-    this.summary = summary;
+// ../../src/services/registry-broker/client/errors.ts
+var RegistryBrokerError = class extends Error {
+  constructor(message, details) {
+    super(message);
+    this.status = details.status;
+    this.statusText = details.statusText;
+    this.body = details.body;
   }
 };
-var EncryptedChatManager = class {
-  constructor(client) {
-    this.client = client;
+var RegistryBrokerParseError = class extends Error {
+  constructor(message, cause, rawValue) {
+    super(message);
+    this.cause = cause;
+    this.rawValue = rawValue;
   }
-  registerConversationContext(context) {
-    this.client.registerConversationContextForEncryption(context);
+};
+
+// ../../src/services/registry-broker/client/agents.ts
+async function performRegisterAgent(client, payload) {
+  const raw = await client.requestJson("/register", {
+    method: "POST",
+    body: serialiseAgentRegistrationRequest(payload),
+    headers: { "content-type": "application/json" }
+  });
+  return client.parseWithSchema(
+    raw,
+    registerAgentResponseSchema,
+    "register agent response"
+  );
+}
+function calculateHbarAmount(creditsToPurchase, creditsPerHbar) {
+  if (creditsPerHbar <= 0) {
+    throw new Error("creditsPerHbar must be positive");
   }
-  async startSession(options) {
-    await this.client.encryptionReady();
-    const session = await this.client.chat.createSession({
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      encryptionRequested: true,
-      historyTtlSeconds: options.historyTtlSeconds,
-      auth: options.auth
-    });
-    options.onSessionCreated?.(session.sessionId);
-    const summary = session.encryption;
-    if (!summary?.enabled) {
-      throw new EncryptionUnavailableError(
-        session.sessionId,
-        session.encryption ?? null
-      );
-    }
-    const handle = await this.establishRequesterContext({
-      sessionId: session.sessionId,
-      summary,
-      senderUaid: options.senderUaid,
-      handshakeTimeoutMs: options.handshakeTimeoutMs,
-      pollIntervalMs: options.pollIntervalMs
-    });
-    return handle;
+  if (creditsToPurchase <= 0) {
+    throw new Error("creditsToPurchase must be positive");
   }
-  async acceptSession(options) {
-    await this.client.encryptionReady();
-    const summary = await this.waitForEncryptionSummary(
-      options.sessionId,
-      options.handshakeTimeoutMs,
-      options.pollIntervalMs
-    );
-    const handle = await this.establishResponderContext({
-      sessionId: options.sessionId,
-      summary,
-      responderUaid: options.responderUaid,
-      handshakeTimeoutMs: options.handshakeTimeoutMs,
-      pollIntervalMs: options.pollIntervalMs
-    });
-    return handle;
+  const rawHbar = creditsToPurchase / creditsPerHbar;
+  const tinybars = Math.ceil(rawHbar * 1e8);
+  return tinybars / 1e8;
+}
+function resolveCreditsToPurchase(shortfallCredits) {
+  if (!Number.isFinite(shortfallCredits) || shortfallCredits <= 0) {
+    return 0;
   }
-  async establishRequesterContext(params) {
-    const keyPair = this.client.encryption.generateEphemeralKeyPair();
-    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
-      role: "requester",
-      keyType: "secp256k1",
-      ephemeralPublicKey: keyPair.publicKey,
-      uaid: params.senderUaid ?? params.summary.requester?.uaid ?? void 0
-    });
-    const { summary, record } = await this.waitForHandshakeCompletion(
-      params.sessionId,
-      params.handshakeTimeoutMs,
-      params.pollIntervalMs
-    );
-    const responderKey = record.responder?.ephemeralPublicKey;
-    if (!responderKey) {
-      throw new Error("Responder handshake was not completed in time");
-    }
-    const sharedSecret = this.client.encryption.deriveSharedSecret({
-      privateKey: keyPair.privateKey,
-      peerPublicKey: responderKey
-    }).subarray();
-    const recipients = this.buildRecipients(summary);
-    return this.createHandle({
-      sessionId: params.sessionId,
-      sharedSecret,
-      summary,
-      recipients,
-      identity: summary.requester ?? void 0
-    });
+  return Math.max(
+    Math.ceil(shortfallCredits),
+    MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS
+  );
+}
+async function ensureCreditsForRegistration(client, payload, autoTopUp) {
+  const details = autoTopUp ?? null;
+  if (!details) {
+    return;
   }
-  async establishResponderContext(params) {
-    const keyPair = this.client.encryption.generateEphemeralKeyPair();
-    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
-      role: "responder",
-      keyType: "secp256k1",
-      ephemeralPublicKey: keyPair.publicKey,
-      uaid: params.responderUaid ?? params.summary.responder?.uaid ?? void 0
+  if (!details.accountId || !details.accountId.trim()) {
+    throw new Error("autoTopUp.accountId is required");
+  }
+  if (!details.privateKey || !details.privateKey.trim()) {
+    throw new Error("autoTopUp.privateKey is required");
+  }
+  for (let attempt = 0; attempt < 3; attempt += 1) {
+    const quote = await getRegistrationQuote(client, payload);
+    const shortfall = quote.shortfallCredits ?? 0;
+    if (shortfall <= 0) {
+      return;
+    }
+    const creditsToPurchase = resolveCreditsToPurchase(shortfall);
+    if (creditsToPurchase <= 0) {
+      return;
+    }
+    const creditsPerHbar = quote.creditsPerHbar ?? null;
+    if (!creditsPerHbar || creditsPerHbar <= 0) {
+      throw new Error("Unable to determine credits per HBAR for auto top-up");
+    }
+    const hbarAmount = calculateHbarAmount(creditsToPurchase, creditsPerHbar);
+    await purchaseCreditsWithHbar(client, {
+      accountId: details.accountId.trim(),
+      privateKey: details.privateKey.trim(),
+      hbarAmount,
+      memo: details.memo ?? "Registry Broker auto top-up",
+      metadata: {
+        shortfallCredits: shortfall,
+        requiredCredits: quote.requiredCredits,
+        purchasedCredits: creditsToPurchase
+      }
     });
-    const { summary, record } = await this.waitForHandshakeCompletion(
-      params.sessionId,
-      params.handshakeTimeoutMs,
-      params.pollIntervalMs
-    );
-    const requesterKey = record.requester?.ephemeralPublicKey;
-    if (!requesterKey) {
-      throw new Error("Requester handshake was not detected in time");
+  }
+  const finalQuote = await getRegistrationQuote(client, payload);
+  if ((finalQuote.shortfallCredits ?? 0) > 0) {
+    throw new Error("Unable to purchase sufficient credits for registration");
+  }
+}
+async function resolveUaid(client, uaid) {
+  const raw = await client.requestJson(
+    `/resolve/${encodeURIComponent(uaid)}`,
+    {
+      method: "GET"
     }
-    const sharedSecret = this.client.encryption.deriveSharedSecret({
-      privateKey: keyPair.privateKey,
-      peerPublicKey: requesterKey
-    }).subarray();
-    const recipients = this.buildRecipients(summary);
-    return this.createHandle({
-      sessionId: params.sessionId,
-      sharedSecret,
-      summary,
-      recipients,
-      identity: summary.responder ?? void 0
-    });
+  );
+  return client.parseWithSchema(
+    raw,
+    resolveResponseSchema,
+    "resolve UAID response"
+  );
+}
+async function registerAgent(client, payload, options) {
+  const autoTopUp = options?.autoTopUp ?? client.registrationAutoTopUp;
+  if (!autoTopUp) {
+    return performRegisterAgent(client, payload);
   }
-  async waitForHandshakeCompletion(sessionId, timeoutMs = 3e4, pollIntervalMs = 1e3) {
-    const deadline = Date.now() + timeoutMs;
-    while (true) {
-      const status = await this.client.chat.getEncryptionStatus(sessionId);
-      const summary = status.encryption;
-      const record = summary?.handshake;
-      if (summary && record && record.status === "complete") {
-        return { summary, record };
-      }
-      if (Date.now() >= deadline) {
-        throw new Error("Timed out waiting for encrypted handshake completion");
+  await ensureCreditsForRegistration(client, payload, autoTopUp);
+  let retried = false;
+  while (true) {
+    try {
+      return await performRegisterAgent(client, payload);
+    } catch (error) {
+      const shortfall = client.extractInsufficientCreditsDetails(error);
+      if (shortfall && !retried) {
+        await ensureCreditsForRegistration(client, payload, autoTopUp);
+        retried = true;
+        continue;
       }
-      await this.delay(pollIntervalMs);
+      throw error;
     }
   }
-  async waitForEncryptionSummary(sessionId, _timeoutMs = 3e4, _pollIntervalMs = 1e3) {
-    const status = await this.client.chat.getEncryptionStatus(sessionId);
-    if (!status.encryption?.enabled) {
-      throw new EncryptionUnavailableError(
-        sessionId,
-        status.encryption ?? null
-      );
+}
+async function getRegistrationQuote(client, payload) {
+  const raw = await client.requestJson("/register/quote", {
+    method: "POST",
+    body: serialiseAgentRegistrationRequest(payload),
+    headers: { "content-type": "application/json" }
+  });
+  return client.parseWithSchema(
+    raw,
+    registrationQuoteResponseSchema,
+    "registration quote response"
+  );
+}
+async function updateAgent(client, uaid, payload) {
+  const raw = await client.requestJson(
+    `/register/${encodeURIComponent(uaid)}`,
+    {
+      method: "PUT",
+      body: serialiseAgentRegistrationRequest(payload),
+      headers: { "content-type": "application/json" }
     }
-    return status.encryption;
+  );
+  return client.parseWithSchema(
+    raw,
+    registerAgentResponseSchema,
+    "update agent response"
+  );
+}
+async function getRegistrationProgress(client, attemptId) {
+  const normalisedAttemptId = attemptId.trim();
+  if (!normalisedAttemptId) {
+    throw new Error("attemptId is required");
   }
-  buildRecipients(summary) {
-    const candidates = [summary.requester, summary.responder].filter(Boolean);
-    const normalized = candidates.map((candidate) => {
-      if (!candidate) {
-        return null;
-      }
-      const recipient = {};
-      if (candidate.uaid) {
-        recipient.uaid = candidate.uaid;
-      }
-      if (candidate.ledgerAccountId) {
-        recipient.ledgerAccountId = candidate.ledgerAccountId;
-      }
-      if (candidate.userId) {
-        recipient.userId = candidate.userId;
-      }
-      if (candidate.email) {
-        recipient.email = candidate.email;
-      }
-      return recipient;
-    }).filter(
-      (entry) => Boolean(
-        entry?.uaid || entry?.ledgerAccountId || entry?.userId || entry?.email
-      )
+  try {
+    const raw = await client.requestJson(
+      `/register/progress/${encodeURIComponent(normalisedAttemptId)}`,
+      { method: "GET" }
     );
-    if (normalized.length > 0) {
-      return normalized;
-    }
-    if (summary.responder?.uaid) {
-      return [{ uaid: summary.responder.uaid }];
+    const parsed = client.parseWithSchema(
+      raw,
+      registrationProgressResponseSchema,
+      "registration progress response"
+    );
+    return parsed.progress;
+  } catch (error) {
+    if (error instanceof RegistryBrokerError && error.status === 404) {
+      return null;
     }
-    return [];
+    throw error;
   }
-  createHandle(context) {
-    const sharedSecret = context.sharedSecret;
-    const uaid = context.summary.requester?.uaid ?? context.summary.responder?.uaid ?? context.identity?.uaid;
-    const decryptHistoryEntry = (entry) => this.decryptEntry(entry, context.identity, sharedSecret);
-    const fetchHistory = async (options) => {
-      const snapshot = await this.client.fetchHistorySnapshot(
-        context.sessionId,
-        options
-      );
-      if (snapshot.decryptedHistory) {
-        return snapshot.decryptedHistory;
-      }
-      return snapshot.history.map((entry) => ({
-        entry,
-        plaintext: decryptHistoryEntry(entry)
-      }));
-    };
-    const handle = {
-      sessionId: context.sessionId,
-      mode: "encrypted",
-      summary: context.summary,
-      send: async (options) => {
-        const recipients = options.recipients ?? context.recipients;
-        return this.client.chat.sendMessage({
-          sessionId: context.sessionId,
-          message: options.message ?? "[ciphertext omitted]",
-          streaming: options.streaming,
-          auth: options.auth,
-          uaid,
-          encryption: {
-            plaintext: options.plaintext,
-            sharedSecret: Buffer.from(sharedSecret),
-            recipients
-          }
-        });
-      },
-      decryptHistoryEntry,
-      fetchHistory
-    };
-    this.registerConversationContext({
-      sessionId: context.sessionId,
-      sharedSecret,
-      identity: context.identity
-    });
-    return handle;
+}
+async function waitForRegistrationCompletion(client, attemptId, options = {}) {
+  const normalisedAttemptId = attemptId.trim();
+  if (!normalisedAttemptId) {
+    throw new Error("attemptId is required");
   }
-  decryptEntry(entry, identity, fallbackSecret) {
-    const envelope = entry.cipherEnvelope;
-    if (!envelope) {
-      return null;
+  const interval = Math.max(
+    250,
+    options.intervalMs ?? DEFAULT_PROGRESS_INTERVAL_MS
+  );
+  const timeoutMs = options.timeoutMs ?? DEFAULT_PROGRESS_TIMEOUT_MS;
+  const throwOnFailure = options.throwOnFailure ?? true;
+  const signal = options.signal;
+  const startedAt = Date.now();
+  while (true) {
+    if (signal?.aborted) {
+      throw createAbortError();
     }
-    const secret = Buffer.from(fallbackSecret);
-    try {
-      return this.client.encryption.decryptCipherEnvelope({
-        envelope,
-        sharedSecret: secret
-      });
-    } catch (_error) {
-      return null;
+    const progress = await client.getRegistrationProgress(normalisedAttemptId);
+    if (progress) {
+      options.onProgress?.(progress);
+      if (progress.status === "completed") {
+        return progress;
+      }
+      if (progress.status === "partial" || progress.status === "failed") {
+        if (throwOnFailure) {
+          throw new RegistryBrokerError(
+            "Registration did not complete successfully",
+            {
+              status: 409,
+              statusText: progress.status,
+              body: progress
+            }
+          );
+        }
+        return progress;
+      }
+    }
+    if (Date.now() - startedAt >= timeoutMs) {
+      throw new Error(
+        `Registration progress polling timed out after ${timeoutMs}ms`
+      );
     }
+    await client.delay(interval, signal);
   }
-  recipientMatches(candidate, target) {
-    if (target.uaid && candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()) {
-      return true;
+}
+async function validateUaid(client, uaid) {
+  const raw = await client.requestJson(
+    `/uaids/validate/${encodeURIComponent(uaid)}`,
+    {
+      method: "GET"
     }
-    if (target.ledgerAccountId && candidate.ledgerAccountId?.toLowerCase() === target.ledgerAccountId.toLowerCase()) {
-      return true;
+  );
+  return client.parseWithSchema(
+    raw,
+    uaidValidationResponseSchema,
+    "UAID validation response"
+  );
+}
+async function getUaidConnectionStatus(client, uaid) {
+  const raw = await client.requestJson(
+    `/uaids/connections/${encodeURIComponent(uaid)}/status`,
+    {
+      method: "GET"
     }
-    if (target.userId && candidate.userId === target.userId) {
-      return true;
+  );
+  return client.parseWithSchema(
+    raw,
+    uaidConnectionStatusSchema,
+    "UAID connection status"
+  );
+}
+async function closeUaidConnection(client, uaid) {
+  await client.request(`/uaids/connections/${encodeURIComponent(uaid)}`, {
+    method: "DELETE"
+  });
+}
+async function dashboardStats(client) {
+  const raw = await client.requestJson("/dashboard/stats", {
+    method: "GET"
+  });
+  return client.parseWithSchema(
+    raw,
+    dashboardStatsResponseSchema,
+    "dashboard stats response"
+  );
+}
+
+// ../../src/services/registry-broker/client/verification.ts
+async function getVerificationStatus(client, uaid) {
+  const raw = await client.requestJson(
+    `/verification/status/${encodeURIComponent(uaid)}`,
+    { method: "GET" }
+  );
+  return client.parseWithSchema(
+    raw,
+    verificationStatusResponseSchema,
+    "verification status response"
+  );
+}
+async function createVerificationChallenge(client, uaid) {
+  const raw = await client.requestJson("/verification/challenge", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: { uaid }
+  });
+  return client.parseWithSchema(
+    raw,
+    verificationChallengeResponseSchema,
+    "verification challenge response"
+  );
+}
+async function getVerificationChallenge(client, challengeId) {
+  const raw = await client.requestJson(
+    `/verification/challenge/${encodeURIComponent(challengeId)}`,
+    { method: "GET" }
+  );
+  return client.parseWithSchema(
+    raw,
+    verificationChallengeDetailsResponseSchema,
+    "verification challenge details response"
+  );
+}
+async function verifyVerificationChallenge(client, params) {
+  const raw = await client.requestJson("/verification/verify", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: {
+      challengeId: params.challengeId,
+      method: params.method ?? "moltbook-post"
     }
-    if (target.email && candidate.email?.toLowerCase() === target.email.toLowerCase()) {
-      return true;
+  });
+  return client.parseWithSchema(
+    raw,
+    verificationVerifyResponseSchema,
+    "verification verify response"
+  );
+}
+async function getVerificationOwnership(client, uaid) {
+  const raw = await client.requestJson(
+    `/verification/ownership/${encodeURIComponent(uaid)}`,
+    { method: "GET" }
+  );
+  return client.parseWithSchema(
+    raw,
+    verificationOwnershipResponseSchema,
+    "verification ownership response"
+  );
+}
+async function verifySenderOwnership(client, uaid) {
+  const raw = await client.requestJson(
+    "/verification/verify-sender",
+    {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: { uaid }
     }
-    return false;
-  }
-  async delay(ms) {
-    if (ms <= 0) {
-      return;
+  );
+  return client.parseWithSchema(
+    raw,
+    verificationVerifySenderResponseSchema,
+    "verification sender response"
+  );
+}
+async function verifyUaidDnsTxt(client, payload) {
+  const raw = await client.requestJson("/verification/dns/verify", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: {
+      uaid: payload.uaid,
+      ...payload.persist !== void 0 ? { persist: payload.persist } : {}
     }
-    await new Promise((resolve2) => setTimeout(resolve2, ms));
+  });
+  return client.parseWithSchema(
+    raw,
+    verificationDnsStatusResponseSchema,
+    "verification dns verify response"
+  );
+}
+async function getVerificationDnsStatus(client, uaid, query) {
+  const params = new URLSearchParams();
+  if (query?.refresh !== void 0) {
+    params.set("refresh", String(query.refresh));
   }
-};
-
-// ../../src/services/registry-broker/client/chat.ts
-function createChatApi(client, encryptedManager) {
-  return {
-    start: (options) => client.startChat(options),
-    createSession: (payload) => client.createSession(payload),
-    sendMessage: (payload) => client.sendMessage(payload),
-    endSession: (sessionId) => client.endSession(sessionId),
-    getHistory: (sessionId, options) => client.fetchHistorySnapshot(sessionId, options),
-    compactHistory: (payload) => client.compactHistory(payload),
-    getEncryptionStatus: (sessionId) => client.fetchEncryptionStatus(sessionId),
-    submitEncryptionHandshake: (sessionId, payload) => client.postEncryptionHandshake(sessionId, payload),
-    startConversation: (options) => client.startConversation(options),
-    acceptConversation: (options) => client.acceptConversation(options),
-    createEncryptedSession: (options) => encryptedManager.startSession(options),
-    acceptEncryptedSession: (options) => encryptedManager.acceptSession(options)
-  };
+  if (query?.persist !== void 0) {
+    params.set("persist", String(query.persist));
+  }
+  const queryString = params.toString();
+  const path = `/verification/dns/status/${encodeURIComponent(uaid)}${queryString ? `?${queryString}` : ""}`;
+  const raw = await client.requestJson(path, {
+    method: "GET"
+  });
+  return client.parseWithSchema(
+    raw,
+    verificationDnsStatusResponseSchema,
+    "verification dns status response"
+  );
 }
-async function createSession(client, payload, allowHistoryAutoTopUp = true) {
-  const body = {};
-  if ("uaid" in payload && payload.uaid) {
-    body.uaid = payload.uaid;
+async function getRegisterStatus(client, uaid) {
+  const raw = await client.requestJson(
+    `/register/status/${encodeURIComponent(uaid)}`,
+    { method: "GET" }
+  );
+  return client.parseWithSchema(
+    raw,
+    registerStatusResponseSchema,
+    "register status response"
+  );
+}
+async function registerOwnedMoltbookAgent(client, uaid, request) {
+  const raw = await client.requestJson(
+    `/register/${encodeURIComponent(uaid)}`,
+    {
+      method: "PUT",
+      headers: { "content-type": "application/json" },
+      body: {
+        registered: request.registered ?? true,
+        ...request.name ? { name: request.name } : {},
+        ...request.description ? { description: request.description } : {},
+        ...request.endpoint ? { endpoint: request.endpoint } : {},
+        ...request.metadata ? { metadata: request.metadata } : {}
+      }
+    }
+  );
+  return client.parseWithSchema(
+    raw,
+    moltbookOwnerRegistrationUpdateResponseSchema,
+    "moltbook owner registration update response"
+  );
+}
+
+// ../../src/services/registry-broker/client/ledger-auth.ts
+import { Buffer as Buffer4 } from "buffer";
+
+// ../../src/services/registry-broker/ledger-network.ts
+var normalise = (value) => value.trim().toLowerCase();
+var HEDERA_NETWORK_ALIASES = /* @__PURE__ */ new Map([
+  ["hedera:mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
+  ["mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
+  ["hedera-mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
+  ["hedera_mainnet", { canonical: "hedera:mainnet", hederaNetwork: "mainnet" }],
+  ["hedera:testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
+  ["testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
+  ["hedera-testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }],
+  ["hedera_testnet", { canonical: "hedera:testnet", hederaNetwork: "testnet" }]
+]);
+var EVM_NETWORK_CHAIN_IDS = {
+  abstract: 2741,
+  "abstract-testnet": 11124,
+  base: 8453,
+  "base-sepolia": 84532,
+  avalanche: 43114,
+  "avalanche-fuji": 43113,
+  iotex: 4689,
+  sei: 1329,
+  "sei-testnet": 1328,
+  polygon: 137,
+  "polygon-amoy": 80002,
+  peaq: 3338
+};
+var CHAIN_ID_TO_ALIAS = new Map(
+  Object.entries(EVM_NETWORK_CHAIN_IDS).map(([alias, id]) => [id, alias])
+);
+var parseChainId = (value) => {
+  if (/^eip155:\d+$/i.test(value)) {
+    return Number.parseInt(value.split(":")[1], 10);
   }
-  if ("agentUrl" in payload && payload.agentUrl) {
-    body.agentUrl = payload.agentUrl;
+  if (/^\d+$/.test(value)) {
+    return Number.parseInt(value, 10);
   }
-  if (payload.auth) {
-    body.auth = serialiseAuthConfig(payload.auth);
+  return void 0;
+};
+var normaliseEvmNetwork = (value) => {
+  const trimmed = normalise(value);
+  let chainId = parseChainId(trimmed);
+  let alias;
+  if (chainId === void 0) {
+    const mapped = EVM_NETWORK_CHAIN_IDS[trimmed];
+    if (mapped !== void 0) {
+      chainId = mapped;
+      alias = trimmed;
+    }
+  } else if (CHAIN_ID_TO_ALIAS.has(chainId)) {
+    alias = CHAIN_ID_TO_ALIAS.get(chainId);
   }
-  if (payload.historyTtlSeconds !== void 0) {
-    body.historyTtlSeconds = payload.historyTtlSeconds;
+  if (chainId === void 0) {
+    throw new Error(
+      'Unsupported EVM ledger network. Provide an alias like "base-sepolia" or a canonical eip155:<chainId> string.'
+    );
   }
-  if (payload.encryptionRequested !== void 0) {
-    body.encryptionRequested = payload.encryptionRequested;
+  return {
+    canonical: `eip155:${chainId}`,
+    kind: "evm",
+    chainId,
+    legacyName: alias
+  };
+};
+var normaliseHederaNetwork = (value) => {
+  const trimmed = normalise(value);
+  const mapping = HEDERA_NETWORK_ALIASES.get(trimmed);
+  if (!mapping) {
+    throw new Error(
+      'Unsupported Hedera network. Use hedera:mainnet or hedera:testnet (legacy "mainnet"/"testnet" also accepted).'
+    );
   }
-  if (payload.senderUaid) {
-    body.senderUaid = payload.senderUaid;
+  return {
+    canonical: mapping.canonical,
+    kind: "hedera",
+    hederaNetwork: mapping.hederaNetwork
+  };
+};
+var canonicalizeLedgerNetwork = (network) => {
+  if (typeof network !== "string" || network.trim().length === 0) {
+    throw new Error("Ledger network is required.");
   }
-  try {
-    const raw = await client.requestJson("/chat/session", {
-      method: "POST",
-      body,
-      headers: { "content-type": "application/json" }
-    });
-    return client.parseWithSchema(
-      raw,
-      createSessionResponseSchema,
-      "chat session response"
-    );
-  } catch (error) {
-    const maybeError = error instanceof Error ? error : null;
-    if (allowHistoryAutoTopUp && client.shouldAutoTopUpHistory(payload, maybeError)) {
-      await client.executeHistoryAutoTopUp("chat.session");
-      return createSession(client, payload, false);
-    }
-    throw error;
+  const trimmed = normalise(network);
+  if (trimmed.startsWith("hedera:") || trimmed.includes("hedera-") || trimmed.includes("hedera_") || trimmed === "mainnet" || trimmed === "testnet") {
+    return normaliseHederaNetwork(trimmed);
   }
-}
-async function startChat(client, encryptedManager, options) {
-  if ("uaid" in options && options.uaid) {
-    return startConversation(client, encryptedManager, {
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      historyTtlSeconds: options.historyTtlSeconds,
-      auth: options.auth,
-      encryption: options.encryption,
-      onSessionCreated: options.onSessionCreated
-    });
+  return normaliseEvmNetwork(trimmed);
+};
+
+// ../../src/services/registry-broker/private-key-signer.ts
+var unsupported = (method) => new Error(`${method} is not supported by the in-memory signer`);
+var cachedSdk = null;
+var loadHashgraphSdk = () => {
+  if (cachedSdk) {
+    return cachedSdk;
   }
-  if ("agentUrl" in options && options.agentUrl) {
-    const session = await createSession(client, {
-      agentUrl: options.agentUrl,
-      auth: options.auth,
-      historyTtlSeconds: options.historyTtlSeconds,
-      senderUaid: options.senderUaid
-    });
-    options.onSessionCreated?.(session.sessionId);
-    return createPlaintextConversationHandle(
-      client,
-      session.sessionId,
-      session.encryption ?? null,
-      options.auth,
-      { agentUrl: options.agentUrl, uaid: options.uaid }
-    );
+  const resolved = optionalImportSync("@hashgraph/sdk");
+  if (resolved) {
+    cachedSdk = resolved;
+    return resolved;
   }
-  throw new Error("startChat requires either uaid or agentUrl");
-}
-async function startConversation(client, encryptedManager, options) {
-  const preference = options.encryption?.preference ?? "preferred";
-  const requestEncryption = preference !== "disabled";
-  if (!requestEncryption) {
-    const session = await createSession(client, {
-      uaid: options.uaid,
-      auth: options.auth,
-      historyTtlSeconds: options.historyTtlSeconds,
-      senderUaid: options.senderUaid,
-      encryptionRequested: false
-    });
-    options.onSessionCreated?.(session.sessionId);
-    return createPlaintextConversationHandle(
-      client,
-      session.sessionId,
-      session.encryption ?? null,
-      options.auth,
-      { uaid: options.uaid }
-    );
+  const message = "@hashgraph/sdk is required for ledger signing. Install it as a dependency to enable createPrivateKeySigner.";
+  throw new Error(message);
+};
+var loadHashgraphSdkAsync = async () => {
+  if (cachedSdk) {
+    return cachedSdk;
   }
-  try {
-    const handle = await encryptedManager.startSession({
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      historyTtlSeconds: options.historyTtlSeconds,
-      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
-      pollIntervalMs: options.encryption?.pollIntervalMs,
-      onSessionCreated: (sessionId) => {
-        options.onSessionCreated?.(sessionId);
-      },
-      auth: options.auth
-    });
-    return handle;
-  } catch (error) {
-    if (error instanceof EncryptionUnavailableError) {
-      if (preference === "required") {
-        throw error;
-      }
-      return createPlaintextConversationHandle(
-        client,
-        error.sessionId,
-        error.summary ?? null,
-        options.auth,
-        { uaid: options.uaid }
-      );
-    }
-    throw error;
+  const resolved = await optionalImport("@hashgraph/sdk");
+  if (resolved) {
+    cachedSdk = resolved;
+    return resolved;
   }
-}
-async function acceptConversation(client, encryptedManager, options) {
-  const preference = options.encryption?.preference ?? "preferred";
-  if (preference === "disabled") {
-    return createPlaintextConversationHandle(client, options.sessionId, null);
+  const message = "@hashgraph/sdk is required for ledger signing. Install it as a dependency to enable createPrivateKeySigner.";
+  throw new Error(message);
+};
+var buildSigner = (sdk, options) => {
+  const { AccountId, LedgerId, PrivateKey, SignerSignature } = sdk;
+  if (!options.privateKey) {
+    throw new Error("privateKey is required to create a ledger signer.");
   }
-  try {
-    const handle = await encryptedManager.acceptSession({
-      sessionId: options.sessionId,
-      responderUaid: options.responderUaid,
-      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
-      pollIntervalMs: options.encryption?.pollIntervalMs
-    });
-    return handle;
-  } catch (error) {
-    if (error instanceof EncryptionUnavailableError && preference !== "required") {
-      return createPlaintextConversationHandle(
-        client,
-        options.sessionId,
-        null,
-        void 0,
-        { uaid: options.responderUaid }
-      );
-    }
-    throw error;
+  if (!options.accountId) {
+    throw new Error("accountId is required to create a ledger signer.");
   }
-}
-function createPlaintextConversationHandle(client, sessionId, summary, defaultAuth, context) {
-  const uaid = context?.uaid?.trim();
-  const agentUrl = context?.agentUrl?.trim();
-  const fetchHistory = async (options) => {
-    const snapshot = await client.fetchHistorySnapshot(sessionId, options);
-    if (snapshot.decryptedHistory) {
-      return snapshot.decryptedHistory;
-    }
-    return snapshot.history.map((entry) => ({
-      entry,
-      plaintext: entry.content
-    }));
-  };
+  const accountId = AccountId.fromString(options.accountId);
+  const privateKey = PrivateKey.fromString(options.privateKey);
+  const ledgerId = LedgerId.fromString(options.network);
   return {
-    sessionId,
-    mode: "plaintext",
-    summary: summary ?? null,
-    send: async (options) => {
-      const plaintext = options.plaintext;
-      if (!plaintext || plaintext.trim().length === 0) {
-        throw new Error("plaintext is required for chat messages");
-      }
-      const message = options.message ?? plaintext;
-      return sendMessage(client, {
-        sessionId,
-        message,
-        streaming: options.streaming,
-        auth: options.auth ?? defaultAuth,
-        uaid,
-        agentUrl
-      });
+    getLedgerId: () => ledgerId,
+    getAccountId: () => accountId,
+    getAccountKey: () => privateKey.publicKey,
+    getNetwork: () => ({}),
+    getMirrorNetwork: () => [],
+    sign: async (messages) => Promise.all(
+      messages.map(async (message) => {
+        const signature = await privateKey.sign(message);
+        return new SignerSignature({
+          publicKey: privateKey.publicKey,
+          signature,
+          accountId
+        });
+      })
+    ),
+    getAccountBalance: async () => {
+      throw unsupported("getAccountBalance");
     },
-    decryptHistoryEntry: (entry) => entry.content,
-    fetchHistory
+    getAccountInfo: async () => {
+      throw unsupported("getAccountInfo");
+    },
+    getAccountRecords: async () => {
+      throw unsupported("getAccountRecords");
+    },
+    signTransaction: async (_) => {
+      throw unsupported("signTransaction");
+    },
+    checkTransaction: async (_) => {
+      throw unsupported("checkTransaction");
+    },
+    populateTransaction: async (_) => {
+      throw unsupported("populateTransaction");
+    },
+    call: async (_request) => {
+      throw unsupported("call");
+    }
   };
+};
+var createPrivateKeySigner = (options) => buildSigner(loadHashgraphSdk(), options);
+var createPrivateKeySignerAsync = async (options) => buildSigner(await loadHashgraphSdkAsync(), options);
+
+// ../../src/services/registry-broker/client/ledger-auth.ts
+async function loadViemAccount(privateKey) {
+  try {
+    const viem = await import("viem/accounts");
+    return viem.privateKeyToAccount(privateKey);
+  } catch (error) {
+    const err = new Error(
+      'EVM ledger authentication requires the optional dependency "viem". Install it to use evmPrivateKey flows.'
+    );
+    err.cause = error;
+    throw err;
+  }
 }
-async function compactHistory(client, payload) {
-  if (!payload.sessionId || payload.sessionId.trim().length === 0) {
-    throw new Error("sessionId is required to compact chat history");
+async function resolveLedgerAuthSignature(message, options) {
+  if (typeof options.sign === "function") {
+    const result = await options.sign(message);
+    if (!result || typeof result.signature !== "string" || result.signature.length === 0) {
+      throw new Error("Custom ledger signer failed to produce a signature.");
+    }
+    return result;
   }
-  const body = {};
-  if (typeof payload.preserveEntries === "number" && Number.isFinite(payload.preserveEntries) && payload.preserveEntries >= 0) {
-    body.preserveEntries = Math.floor(payload.preserveEntries);
+  if (!options.signer || typeof options.signer.sign !== "function") {
+    throw new Error(
+      "Ledger authentication requires a Hedera Signer or custom sign function."
+    );
   }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(payload.sessionId)}/compact`,
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    chatHistoryCompactionResponseSchema,
-    "chat history compaction response"
-  );
-}
-async function fetchEncryptionStatus(client, sessionId) {
-  if (!sessionId || sessionId.trim().length === 0) {
-    throw new Error("sessionId is required for encryption status");
+  const payload = Buffer4.from(message, "utf8");
+  const signatures = await options.signer.sign([payload]);
+  const signatureEntry = signatures?.[0];
+  if (!signatureEntry) {
+    throw new Error("Signer did not return any signatures.");
   }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(sessionId)}/encryption`,
-    {
-      method: "GET"
+  let derivedPublicKey;
+  if (signatureEntry.publicKey) {
+    derivedPublicKey = signatureEntry.publicKey.toString();
+  } else if (typeof options.signer.getAccountKey === "function") {
+    const accountKey = await options.signer.getAccountKey();
+    if (accountKey && typeof accountKey.toString === "function") {
+      derivedPublicKey = accountKey.toString();
     }
-  );
-  return client.parseWithSchema(
-    raw,
-    sessionEncryptionStatusResponseSchema,
-    "session encryption status response"
-  );
-}
-async function postEncryptionHandshake(client, sessionId, payload) {
-  if (!sessionId || sessionId.trim().length === 0) {
-    throw new Error("sessionId is required for encryption handshake");
   }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(sessionId)}/encryption-handshake`,
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: {
-        role: payload.role,
-        keyType: payload.keyType,
-        ephemeralPublicKey: payload.ephemeralPublicKey,
-        longTermPublicKey: payload.longTermPublicKey,
-        signature: payload.signature,
-        uaid: payload.uaid,
-        userId: payload.userId,
-        ledgerAccountId: payload.ledgerAccountId,
-        metadata: payload.metadata
-      }
+  return {
+    signature: Buffer4.from(signatureEntry.signature).toString("base64"),
+    signatureKind: "raw",
+    publicKey: derivedPublicKey
+  };
+}
+async function createLedgerChallenge(client, payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
+  const raw = await client.requestJson("/auth/ledger/challenge", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: {
+      accountId: payload.accountId,
+      network
     }
-  );
-  const response = client.parseWithSchema(
+  });
+  return client.parseWithSchema(
     raw,
-    encryptionHandshakeResponseSchema,
-    "encryption handshake response"
+    ledgerChallengeResponseSchema,
+    "ledger challenge response"
   );
-  return response.handshake;
 }
-async function sendMessage(client, payload) {
+async function verifyLedgerChallenge(client, payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
   const body = {
-    message: payload.message
+    challengeId: payload.challengeId,
+    accountId: payload.accountId,
+    network,
+    signature: payload.signature
   };
-  if (payload.streaming !== void 0) {
-    body.streaming = payload.streaming;
-  }
-  if (payload.auth) {
-    body.auth = serialiseAuthConfig(payload.auth);
-  }
-  if ("uaid" in payload) {
-    body.uaid = payload.uaid;
+  if (payload.signatureKind) {
+    body.signatureKind = payload.signatureKind;
   }
-  if ("sessionId" in payload && payload.sessionId) {
-    body.sessionId = payload.sessionId;
+  if (payload.publicKey) {
+    body.publicKey = payload.publicKey;
   }
-  if ("agentUrl" in payload && payload.agentUrl) {
-    body.agentUrl = payload.agentUrl;
+  if (typeof payload.expiresInMinutes === "number") {
+    body.expiresInMinutes = payload.expiresInMinutes;
   }
-  let cipherEnvelope = payload.cipherEnvelope ?? null;
-  if (payload.encryption) {
-    const sessionIdForEncryption = payload.encryption.sessionId ?? (typeof body.sessionId === "string" ? body.sessionId : void 0);
-    if (!sessionIdForEncryption) {
+  const raw = await client.requestJson("/auth/ledger/verify", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body
+  });
+  const result = client.parseWithSchema(
+    raw,
+    ledgerVerifyResponseSchema,
+    "ledger verification response"
+  );
+  client.setLedgerApiKey(result.key);
+  return result;
+}
+async function authenticateWithLedger(client, options) {
+  const challenge = await client.createLedgerChallenge({
+    accountId: options.accountId,
+    network: options.network
+  });
+  const signed = await resolveLedgerAuthSignature(challenge.message, options);
+  const verification = await client.verifyLedgerChallenge({
+    challengeId: challenge.challengeId,
+    accountId: options.accountId,
+    network: options.network,
+    signature: signed.signature,
+    signatureKind: signed.signatureKind,
+    publicKey: signed.publicKey,
+    expiresInMinutes: options.expiresInMinutes
+  });
+  return verification;
+}
+async function authenticateWithLedgerCredentials(client, options) {
+  const {
+    accountId,
+    network,
+    signer,
+    sign,
+    hederaPrivateKey,
+    evmPrivateKey,
+    expiresInMinutes,
+    setAccountHeader = true,
+    label,
+    logger
+  } = options;
+  const resolvedNetwork = canonicalizeLedgerNetwork(network);
+  const labelSuffix = label ? ` for ${label}` : "";
+  const networkPayload = resolvedNetwork.canonical;
+  const authOptions = {
+    accountId,
+    network: networkPayload,
+    expiresInMinutes
+  };
+  if (sign) {
+    authOptions.sign = sign;
+  } else if (signer) {
+    authOptions.signer = signer;
+  } else if (hederaPrivateKey) {
+    if (resolvedNetwork.kind !== "hedera" || !resolvedNetwork.hederaNetwork) {
       throw new Error(
-        "sessionId is required when using encrypted chat payloads"
+        "hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks."
       );
     }
-    if (!payload.encryption.recipients?.length) {
-      throw new Error("recipients are required for encrypted chat payloads");
+    authOptions.signer = await createPrivateKeySignerAsync({
+      accountId,
+      privateKey: hederaPrivateKey,
+      network: resolvedNetwork.hederaNetwork
+    });
+  } else if (evmPrivateKey) {
+    if (resolvedNetwork.kind !== "evm") {
+      throw new Error(
+        "evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>)."
+      );
     }
-    cipherEnvelope = client.encryption.encryptCipherEnvelope({
-      ...payload.encryption,
-      sessionId: sessionIdForEncryption
+    const formattedKey = evmPrivateKey.startsWith("0x") ? evmPrivateKey : `0x${evmPrivateKey}`;
+    const account = await loadViemAccount(formattedKey);
+    authOptions.sign = async (message) => ({
+      signature: await account.signMessage({ message }),
+      signatureKind: "evm",
+      publicKey: account.publicKey
     });
+  } else {
+    throw new Error(
+      "Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger."
+    );
+  }
+  logger?.info?.(
+    `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`
+  );
+  const verification = await client.authenticateWithLedger(authOptions);
+  if (setAccountHeader) {
+    client.setDefaultHeader("x-account-id", verification.accountId);
+  }
+  logger?.info?.(
+    `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}\u2026${verification.apiKey.lastFour}`
+  );
+  return verification;
+}
+
+// ../../src/services/registry-broker/client/search.ts
+function buildVectorFallbackSearchParams(request) {
+  const params = {
+    q: request.query
+  };
+  let effectiveLimit;
+  if (typeof request.limit === "number" && Number.isFinite(request.limit)) {
+    effectiveLimit = request.limit;
+    params.limit = request.limit;
+  }
+  if (typeof request.offset === "number" && Number.isFinite(request.offset) && request.offset > 0) {
+    const limit = effectiveLimit && effectiveLimit > 0 ? effectiveLimit : 20;
+    params.limit = limit;
+    params.page = Math.floor(request.offset / limit) + 1;
   }
-  if (cipherEnvelope) {
-    body.cipherEnvelope = toJsonObject(cipherEnvelope);
+  if (request.filter?.registry) {
+    params.registry = request.filter.registry;
   }
-  const raw = await client.requestJson("/chat/message", {
+  if (request.filter?.protocols?.length) {
+    params.protocols = [...request.filter.protocols];
+  }
+  if (request.filter?.adapter?.length) {
+    params.adapters = [...request.filter.adapter];
+  }
+  if (request.filter?.capabilities?.length) {
+    params.capabilities = request.filter.capabilities.map(
+      (value) => typeof value === "number" ? value.toString(10) : value
+    );
+  }
+  if (request.filter?.type) {
+    params.type = request.filter.type;
+  }
+  return params;
+}
+function convertSearchResultToVectorResponse(result) {
+  const hits = result.hits.map((agent) => ({
+    agent,
+    score: 0,
+    highlights: {}
+  }));
+  const total = result.total;
+  const limit = result.limit;
+  const page = result.page;
+  const totalVisible = page * limit;
+  const limited = total > totalVisible || page > 1;
+  return {
+    hits,
+    total,
+    took: 0,
+    totalAvailable: total,
+    visible: hits.length,
+    limited,
+    credits_used: 0
+  };
+}
+async function search(client, params = {}) {
+  const query = buildSearchQuery(params);
+  const raw = await client.requestJson(`/search${query}`, {
+    method: "GET"
+  });
+  return client.parseWithSchema(raw, searchResponseSchema, "search response");
+}
+async function delegate(client, request) {
+  const raw = await client.requestJson("/delegate", {
     method: "POST",
-    body,
+    body: request,
     headers: { "content-type": "application/json" }
   });
   return client.parseWithSchema(
     raw,
-    sendMessageResponseSchema,
-    "chat message response"
+    delegationPlanResponseSchema,
+    "delegate response"
   );
 }
-async function endSession(client, sessionId) {
-  await client.request(`/chat/session/${encodeURIComponent(sessionId)}`, {
-    method: "DELETE"
+async function stats(client) {
+  const raw = await client.requestJson("/stats", { method: "GET" });
+  return client.parseWithSchema(raw, statsResponseSchema, "stats response");
+}
+async function registries(client) {
+  const raw = await client.requestJson("/registries", {
+    method: "GET"
   });
+  return client.parseWithSchema(
+    raw,
+    registriesResponseSchema,
+    "registries response"
+  );
 }
-
-// ../../src/services/registry-broker/client/verification.ts
-async function getVerificationStatus(client, uaid) {
+async function getAdditionalRegistries(client) {
   const raw = await client.requestJson(
-    `/verification/status/${encodeURIComponent(uaid)}`,
-    { method: "GET" }
+    "/register/additional-registries",
+    {
+      method: "GET"
+    }
   );
   return client.parseWithSchema(
     raw,
-    verificationStatusResponseSchema,
-    "verification status response"
+    additionalRegistryCatalogResponseSchema,
+    "additional registry catalog response"
   );
 }
-async function createVerificationChallenge(client, uaid) {
-  const raw = await client.requestJson("/verification/challenge", {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: { uaid }
+async function popularSearches(client) {
+  const raw = await client.requestJson("/popular", {
+    method: "GET"
   });
   return client.parseWithSchema(
     raw,
-    verificationChallengeResponseSchema,
-    "verification challenge response"
+    popularResponseSchema,
+    "popular searches response"
   );
 }
-async function getVerificationChallenge(client, challengeId) {
-  const raw = await client.requestJson(
-    `/verification/challenge/${encodeURIComponent(challengeId)}`,
-    { method: "GET" }
-  );
+async function listProtocols(client) {
+  const raw = await client.requestJson("/protocols", {
+    method: "GET"
+  });
   return client.parseWithSchema(
     raw,
-    verificationChallengeDetailsResponseSchema,
-    "verification challenge details response"
+    protocolsResponseSchema,
+    "protocols response"
   );
 }
-async function verifyVerificationChallenge(client, params) {
-  const raw = await client.requestJson("/verification/verify", {
+async function detectProtocol(client, message) {
+  const raw = await client.requestJson("/detect-protocol", {
     method: "POST",
-    headers: { "content-type": "application/json" },
-    body: {
-      challengeId: params.challengeId,
-      method: params.method ?? "moltbook-post"
-    }
+    body: { message },
+    headers: { "content-type": "application/json" }
   });
   return client.parseWithSchema(
     raw,
-    verificationVerifyResponseSchema,
-    "verification verify response"
-  );
-}
-async function getVerificationOwnership(client, uaid) {
-  const raw = await client.requestJson(
-    `/verification/ownership/${encodeURIComponent(uaid)}`,
-    { method: "GET" }
-  );
-  return client.parseWithSchema(
-    raw,
-    verificationOwnershipResponseSchema,
-    "verification ownership response"
+    detectProtocolResponseSchema,
+    "detect protocol response"
   );
 }
-async function verifySenderOwnership(client, uaid) {
+async function registrySearchByNamespace(client, registry, query) {
+  const params = new URLSearchParams();
+  if (query) {
+    params.set("q", query);
+  }
+  const suffix = params.size > 0 ? `?${params.toString()}` : "";
   const raw = await client.requestJson(
-    "/verification/verify-sender",
+    `/registries/${encodeURIComponent(registry)}/search${suffix}`,
     {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: { uaid }
+      method: "GET"
     }
   );
   return client.parseWithSchema(
     raw,
-    verificationVerifySenderResponseSchema,
-    "verification sender response"
+    registrySearchByNamespaceSchema,
+    "registry search response"
   );
 }
-async function verifyUaidDnsTxt(client, payload) {
-  const raw = await client.requestJson("/verification/dns/verify", {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: {
-      uaid: payload.uaid,
-      ...payload.persist !== void 0 ? { persist: payload.persist } : {}
+async function vectorSearch(client, request) {
+  try {
+    const raw = await client.requestJson("/search", {
+      method: "POST",
+      body: request,
+      headers: { "content-type": "application/json" }
+    });
+    return client.parseWithSchema(
+      raw,
+      vectorSearchResponseSchema,
+      "vector search response"
+    );
+  } catch (error) {
+    if (error instanceof RegistryBrokerError && error.status === 501) {
+      const fallback = await search(
+        client,
+        buildVectorFallbackSearchParams(request)
+      );
+      return convertSearchResultToVectorResponse(fallback);
     }
+    throw error;
+  }
+}
+async function searchStatus(client) {
+  const raw = await client.requestJson("/search/status", {
+    method: "GET"
   });
   return client.parseWithSchema(
     raw,
-    verificationDnsStatusResponseSchema,
-    "verification dns verify response"
+    searchStatusResponseSchema,
+    "search status response"
   );
 }
-async function getVerificationDnsStatus(client, uaid, query) {
-  const params = new URLSearchParams();
-  if (query?.refresh !== void 0) {
-    params.set("refresh", String(query.refresh));
-  }
-  if (query?.persist !== void 0) {
-    params.set("persist", String(query.persist));
-  }
-  const queryString = params.toString();
-  const path2 = `/verification/dns/status/${encodeURIComponent(uaid)}${queryString ? `?${queryString}` : ""}`;
-  const raw = await client.requestJson(path2, {
+async function websocketStats(client) {
+  const raw = await client.requestJson("/websocket/stats", {
     method: "GET"
   });
   return client.parseWithSchema(
     raw,
-    verificationDnsStatusResponseSchema,
-    "verification dns status response"
+    websocketStatsResponseSchema,
+    "websocket stats response"
   );
 }
-async function getRegisterStatus(client, uaid) {
-  const raw = await client.requestJson(
-    `/register/status/${encodeURIComponent(uaid)}`,
-    { method: "GET" }
-  );
+async function metricsSummary(client) {
+  const raw = await client.requestJson("/metrics", {
+    method: "GET"
+  });
   return client.parseWithSchema(
     raw,
-    registerStatusResponseSchema,
-    "register status response"
+    metricsSummaryResponseSchema,
+    "metrics summary response"
   );
 }
-async function registerOwnedMoltbookAgent(client, uaid, request) {
-  const raw = await client.requestJson(
-    `/register/${encodeURIComponent(uaid)}`,
-    {
-      method: "PUT",
-      headers: { "content-type": "application/json" },
-      body: {
-        registered: request.registered ?? true,
-        ...request.name ? { name: request.name } : {},
-        ...request.description ? { description: request.description } : {},
-        ...request.endpoint ? { endpoint: request.endpoint } : {},
-        ...request.metadata ? { metadata: request.metadata } : {}
-      }
-    }
-  );
+async function facets(client, adapter) {
+  const params = new URLSearchParams();
+  if (adapter) {
+    params.set("adapter", adapter);
+  }
+  const suffix = params.size > 0 ? `?${params.toString()}` : "";
+  const raw = await client.requestJson(`/search/facets${suffix}`, {
+    method: "GET"
+  });
   return client.parseWithSchema(
     raw,
-    moltbookOwnerRegistrationUpdateResponseSchema,
-    "moltbook owner registration update response"
+    searchFacetsResponseSchema,
+    "search facets response"
   );
 }
 
@@ -4503,15 +4552,6 @@ async function verifySkillDomainProof(client, payload) {
 }
 
 // ../../src/services/registry-broker/client/base-client.ts
-import { Buffer as Buffer5 } from "buffer";
-import {
-  createCipheriv,
-  createDecipheriv,
-  createHash,
-  randomBytes as randomBytes2
-} from "crypto";
-import { secp256k1 as secp256k12 } from "@noble/curves/secp256k1.js";
-import { ZodError } from "zod";
 var RegistryBrokerClient = class _RegistryBrokerClient {
   constructor(options = {}) {
     this.encryptionBootstrapPromise = null;
@@ -4628,11 +4668,11 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
     }
     await this.encryptionBootstrapPromise;
   }
-  buildUrl(path2) {
-    const normalisedPath = path2.startsWith("/") ? path2 : `/${path2}`;
+  buildUrl(path) {
+    const normalisedPath = path.startsWith("/") ? path : `/${path}`;
     return `${this.baseUrl}${normalisedPath}`;
   }
-  async request(path2, config) {
+  async request(path, config) {
     const headers = new Headers();
     Object.entries(this.defaultHeaders).forEach(([key, value]) => {
       headers.set(key, value);
@@ -4658,7 +4698,7 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
         headers.set("content-type", "application/json");
       }
     }
-    const response = await this.fetchImpl(this.buildUrl(path2), init);
+    const response = await this.fetchImpl(this.buildUrl(path), init);
     if (response.ok) {
       return response;
     }
@@ -4669,8 +4709,8 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
       body: errorBody
     });
   }
-  async requestJson(path2, config) {
-    const response = await this.request(path2, config);
+  async requestJson(path, config) {
+    const response = await this.request(path, config);
     const contentType = response.headers?.get("content-type") ?? "";
     if (!JSON_CONTENT_TYPE.test(contentType)) {
       const body = await response.text();
@@ -5240,12 +5280,12 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
       }
       return;
     }
-    await new Promise((resolve2, reject) => {
+    await new Promise((resolve, reject) => {
       const timer = setTimeout(() => {
         if (signal) {
           signal.removeEventListener("abort", onAbort);
         }
-        resolve2();
+        resolve();
       }, ms);
       const onAbort = () => {
         clearTimeout(timer);
@@ -5267,9 +5307,17 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
       throw new Error(`${feature} is only available in Node.js environments`);
     }
   }
+  getNodeCrypto(feature) {
+    this.assertNodeRuntime(feature);
+    const nodeCrypto = optionalImportSync("node:crypto") ?? optionalImportSync("crypto");
+    if (!nodeCrypto) {
+      throw new Error(`${feature} requires the Node.js crypto module`);
+    }
+    return nodeCrypto;
+  }
   createEphemeralKeyPair() {
-    this.assertNodeRuntime("generateEphemeralKeyPair");
-    const privateKeyBytes = randomBytes2(32);
+    const { randomBytes } = this.getNodeCrypto("generateEphemeralKeyPair");
+    const privateKeyBytes = randomBytes(32);
     const publicKey = secp256k12.getPublicKey(privateKeyBytes, true);
     return {
       privateKey: Buffer5.from(privateKeyBytes).toString("hex"),
@@ -5277,16 +5325,18 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
     };
   }
   deriveSharedSecret(options) {
-    this.assertNodeRuntime("deriveSharedSecret");
+    const { createHash } = this.getNodeCrypto("deriveSharedSecret");
     const privateKey = this.hexToBuffer(options.privateKey);
     const peerPublicKey = this.hexToBuffer(options.peerPublicKey);
     const shared = secp256k12.getSharedSecret(privateKey, peerPublicKey, true);
     return createHash("sha256").update(Buffer5.from(shared)).digest();
   }
   buildCipherEnvelope(options) {
-    this.assertNodeRuntime("encryptCipherEnvelope");
+    const { createCipheriv, randomBytes } = this.getNodeCrypto(
+      "encryptCipherEnvelope"
+    );
     const sharedSecret = this.normalizeSharedSecret(options.sharedSecret);
-    const iv = randomBytes2(12);
+    const iv = randomBytes(12);
     const cipher = createCipheriv("aes-256-gcm", sharedSecret, iv);
     const aadSource = options.associatedData ?? options.sessionId;
     const associatedDataEncoded = aadSource ? Buffer5.from(aadSource, "utf8").toString("base64") : void 0;
@@ -5315,7 +5365,7 @@ var RegistryBrokerClient = class _RegistryBrokerClient {
     };
   }
   openCipherEnvelope(options) {
-    this.assertNodeRuntime("decryptCipherEnvelope");
+    const { createDecipheriv } = this.getNodeCrypto("decryptCipherEnvelope");
     const sharedSecret = this.normalizeSharedSecret(options.sharedSecret);
     const payload = Buffer5.from(options.envelope.ciphertext, "base64");
     const nonce = Buffer5.from(options.envelope.nonce, "base64");