@lawrenceliang-btc/atel-sdk 0.8.7

package/dist/anchor/solana.js

@@ -0,0 +1,298 @@
+/**
+ * Solana Anchor Provider.
+ *
+ * Anchors hashes on Solana using the official Memo Program
+ * (`MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr`).
+ *
+ * The memo content is formatted as `ATEL_ANCHOR:<hash>` so anchored
+ * transactions are easily identifiable.
+ *
+ * @remarks
+ * ⚠️ SECURITY: The `privateKey` (Base58-encoded) is used to sign
+ * transactions. Never hard-code it — use environment variables or a vault.
+ */
+import { Connection, Keypair, PublicKey, Transaction, TransactionInstruction, sendAndConfirmTransaction, } from '@solana/web3.js';
+import bs58 from 'bs58';
+/** Solana Memo Program address */
+const MEMO_PROGRAM_ID = new PublicKey('MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr');
+/** Prefix prepended to the hash in the memo (legacy format) */
+const ANCHOR_PREFIX = 'ATEL_ANCHOR:';
+/** V2 structured memo format: ATEL:1:<executorDID>:<requesterDID>:<taskId>:<trace_root> */
+const ANCHOR_V2_PREFIX = 'ATEL:1:';
+/**
+ * Anchor provider for the Solana blockchain.
+ */
+export class SolanaAnchorProvider {
+    name = 'Solana';
+    chain = 'solana';
+    /** Solana RPC connection */
+    connection;
+    /** Keypair for signing (undefined when no private key is supplied) */
+    keypair;
+    /** Default Solana mainnet-beta RPC URL */
+    static DEFAULT_RPC_URL = 'https://api.mainnet-beta.solana.com';
+    /**
+     * @param config - RPC URL and optional private key.
+     *   If `rpcUrl` is omitted, the Solana mainnet-beta default is used.
+     */
+    constructor(config) {
+        this.connection = new Connection(config?.rpcUrl ?? SolanaAnchorProvider.DEFAULT_RPC_URL, 'confirmed');
+        if (config?.privateKey) {
+            // ⚠️ SECURITY: The keypair holds the private key in memory.
+            const secretKey = bs58.decode(config.privateKey);
+            this.keypair = Keypair.fromSecretKey(secretKey);
+        }
+    }
+    /**
+     * Encode a hash into the memo data buffer (v2 structured format).
+     * Falls back to legacy format if no metadata provided.
+     */
+    static encodeMemo(hash, meta) {
+        if (meta?.executorDid && meta?.requesterDid && meta?.taskId) {
+            return Buffer.from(`${ANCHOR_V2_PREFIX}${meta.executorDid}:${meta.requesterDid}:${meta.taskId}:${hash}`, 'utf-8');
+        }
+        return Buffer.from(`${ANCHOR_PREFIX}${hash}`, 'utf-8');
+    }
+    /**
+     * Decode a hash from memo data. Supports both v2 structured and legacy format.
+     *
+     * @returns The decoded hash, or `null` if the data doesn't match.
+     */
+    static decodeMemo(data) {
+        const text = typeof data === 'string' ? data : Buffer.from(data).toString('utf-8');
+        // V2 structured format
+        if (text.startsWith(ANCHOR_V2_PREFIX)) {
+            const parts = text.slice(ANCHOR_V2_PREFIX.length).split(':');
+            if (parts.length >= 4)
+                return parts[parts.length - 1]; // last part is trace_root
+        }
+        // Legacy format
+        if (text.startsWith(ANCHOR_PREFIX)) {
+            return text.slice(ANCHOR_PREFIX.length);
+        }
+        return null;
+    }
+    /**
+     * Decode full structured memo (v2 only).
+     * Returns null for legacy format memos.
+     */
+    static decodeMemoV2(data) {
+        const text = typeof data === 'string' ? data : Buffer.from(data).toString('utf-8');
+        if (!text.startsWith(ANCHOR_V2_PREFIX))
+            return null;
+        const rest = text.slice(ANCHOR_V2_PREFIX.length);
+        // Format: executorDID:requesterDID:taskId:traceRoot
+        // DIDs contain colons (did:atel:ed25519:xxx), so we need smart parsing
+        // Split by ':' and reconstruct DIDs
+        const parts = rest.split(':');
+        // Minimum: did:atel:ed25519:key : did:atel:ed25519:key : taskId : traceRoot = 4+4+1+1 = 10 parts
+        if (parts.length < 10)
+            return null;
+        // Each DID is 4 parts: did:atel:ed25519:base58
+        const executorDid = parts.slice(0, 4).join(':');
+        const requesterDid = parts.slice(4, 8).join(':');
+        const taskId = parts[8];
+        const traceRoot = parts.slice(9).join(':');
+        if (!executorDid.startsWith('did:atel:') || !requesterDid.startsWith('did:atel:'))
+            return null;
+        return { version: 1, executorDid, requesterDid, taskId, traceRoot };
+    }
+    /** @inheritdoc */
+    async anchor(hash, metadata) {
+        if (!this.keypair) {
+            throw new Error('Solana: Cannot anchor without a private key');
+        }
+        const memoData = SolanaAnchorProvider.encodeMemo(hash, metadata);
+        const instruction = new TransactionInstruction({
+            keys: [{ pubkey: this.keypair.publicKey, isSigner: true, isWritable: true }],
+            programId: MEMO_PROGRAM_ID,
+            data: memoData,
+        });
+        const transaction = new Transaction().add(instruction);
+        try {
+            const signature = await sendAndConfirmTransaction(this.connection, transaction, [this.keypair], { commitment: 'confirmed' });
+            // Fetch the confirmed transaction to get slot/block info
+            let blockNumber;
+            try {
+                const txInfo = await this.connection.getTransaction(signature, {
+                    commitment: 'confirmed',
+                    maxSupportedTransactionVersion: 0,
+                });
+                blockNumber = txInfo?.slot;
+            }
+            catch {
+                // Non-critical
+            }
+            return {
+                hash,
+                txHash: signature,
+                chain: 'solana',
+                timestamp: Date.now(),
+                blockNumber,
+                metadata,
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            throw new Error(`Solana anchor failed: ${message}`);
+        }
+    }
+    /** @inheritdoc */
+    async verify(hash, txHash) {
+        try {
+            const txInfo = await this.connection.getTransaction(txHash, {
+                commitment: 'confirmed',
+                maxSupportedTransactionVersion: 0,
+            });
+            if (!txInfo) {
+                return {
+                    valid: false,
+                    hash,
+                    txHash,
+                    chain: this.chain,
+                    detail: 'Transaction not found',
+                };
+            }
+            // Search through instructions for a memo matching our hash
+            const message = txInfo.transaction.message;
+            let foundHash = null;
+            for (let i = 0; i < message.compiledInstructions.length; i++) {
+                const ix = message.compiledInstructions[i];
+                const keys = message.getAccountKeys();
+                const programId = keys.get(ix.programIdIndex);
+                if (programId?.equals(MEMO_PROGRAM_ID)) {
+                    foundHash = SolanaAnchorProvider.decodeMemo(Buffer.from(ix.data));
+                    if (foundHash)
+                        break;
+                }
+            }
+            // Fallback: check log messages for memo content
+            if (!foundHash && txInfo.meta?.logMessages) {
+                for (const log of txInfo.meta.logMessages) {
+                    if (log.includes(ANCHOR_PREFIX)) {
+                        const idx = log.indexOf(ANCHOR_PREFIX);
+                        foundHash = log.slice(idx + ANCHOR_PREFIX.length);
+                        break;
+                    }
+                }
+            }
+            if (foundHash === null) {
+                return {
+                    valid: false,
+                    hash,
+                    txHash,
+                    chain: this.chain,
+                    detail: 'No anchor memo found in transaction',
+                };
+            }
+            const valid = foundHash === hash;
+            const blockTimestamp = txInfo.blockTime ? txInfo.blockTime * 1000 : undefined;
+            return {
+                valid,
+                hash,
+                txHash,
+                chain: this.chain,
+                blockTimestamp,
+                detail: valid
+                    ? 'Hash matches on-chain memo'
+                    : `Hash mismatch: expected "${hash}", found "${foundHash}"`,
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return {
+                valid: false,
+                hash,
+                txHash,
+                chain: this.chain,
+                detail: `Verification error: ${message}`,
+            };
+        }
+    }
+    /** @inheritdoc */
+    async lookup(hash) {
+        // On-chain lookup without an indexer is not feasible for Solana.
+        // In production, integrate with a Solana indexer or Helius API.
+        return [];
+    }
+    /** @inheritdoc */
+    async isAvailable() {
+        try {
+            await this.connection.getSlot();
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Query all ATEL anchor transactions for a given wallet address.
+     * Parses v2 structured memos to extract DID and task info.
+     *
+     * @param walletAddress - Solana wallet public key (base58)
+     * @param options - limit (default 100), filterDid (only return records involving this DID)
+     * @returns Array of parsed anchor memos with tx info
+     */
+    async queryByWallet(walletAddress, options) {
+        const limit = options?.limit ?? 100;
+        const pubkey = new PublicKey(walletAddress);
+        const results = [];
+        try {
+            const signatures = await this.connection.getSignaturesForAddress(pubkey, { limit });
+            for (const sig of signatures) {
+                try {
+                    const txInfo = await this.connection.getTransaction(sig.signature, {
+                        commitment: 'confirmed',
+                        maxSupportedTransactionVersion: 0,
+                    });
+                    if (!txInfo)
+                        continue;
+                    // Search for ATEL memo in instructions
+                    const message = txInfo.transaction.message;
+                    for (let i = 0; i < message.compiledInstructions.length; i++) {
+                        const ix = message.compiledInstructions[i];
+                        const keys = message.getAccountKeys();
+                        const programId = keys.get(ix.programIdIndex);
+                        if (!programId?.equals(MEMO_PROGRAM_ID))
+                            continue;
+                        const memoText = Buffer.from(ix.data).toString('utf-8');
+                        const parsed = SolanaAnchorProvider.decodeMemoV2(memoText);
+                        if (!parsed)
+                            continue;
+                        // Filter by DID if requested
+                        if (options?.filterDid && parsed.executorDid !== options.filterDid && parsed.requesterDid !== options.filterDid)
+                            continue;
+                        results.push({
+                            ...parsed,
+                            txHash: sig.signature,
+                            blockTime: txInfo.blockTime ? txInfo.blockTime * 1000 : undefined,
+                        });
+                    }
+                    // Fallback: check log messages
+                    if (txInfo.meta?.logMessages) {
+                        for (const log of txInfo.meta.logMessages) {
+                            if (!log.includes(ANCHOR_V2_PREFIX))
+                                continue;
+                            const idx = log.indexOf(ANCHOR_V2_PREFIX);
+                            const parsed = SolanaAnchorProvider.decodeMemoV2(log.slice(idx));
+                            if (!parsed)
+                                continue;
+                            if (options?.filterDid && parsed.executorDid !== options.filterDid && parsed.requesterDid !== options.filterDid)
+                                continue;
+                            if (!results.some(r => r.txHash === sig.signature)) {
+                                results.push({ ...parsed, txHash: sig.signature, blockTime: txInfo.blockTime ? txInfo.blockTime * 1000 : undefined });
+                            }
+                        }
+                    }
+                }
+                catch {
+                    // Skip individual tx failures
+                }
+            }
+        }
+        catch {
+            // Query failed — return empty
+        }
+        return results;
+    }
+}

package/dist/auditor/index.d.ts

@@ -0,0 +1,54 @@
+/**
+ * ContentAuditor — Protocol-level security auditing for ATEL payloads
+ *
+ * Detects common attack patterns that should be blocked at protocol level,
+ * regardless of agent capabilities or business logic.
+ */
+export interface AuditResult {
+    safe: boolean;
+    reason?: string;
+    severity?: 'low' | 'medium' | 'high' | 'critical';
+    pattern?: string;
+}
+export interface AuditConfig {
+    enableInjectionCheck?: boolean;
+    enablePathTraversalCheck?: boolean;
+    enableCommandCheck?: boolean;
+    enableCredentialCheck?: boolean;
+    enableRecursionCheck?: boolean;
+    maxDepth?: number;
+    customPatterns?: Array<{
+        pattern: RegExp;
+        reason: string;
+        severity: AuditResult['severity'];
+    }>;
+}
+export declare class ContentAuditor {
+    private config;
+    constructor(config?: AuditConfig);
+    /**
+     * Audit a payload for protocol-level security issues
+     */
+    audit(payload: unknown, context?: {
+        action?: string;
+        from?: string;
+    }): AuditResult;
+    /**
+     * Calculate nesting depth of an object (DoS protection)
+     */
+    private getDepth;
+    /**
+     * Audit multiple payloads in batch
+     */
+    auditBatch(payloads: Array<{
+        payload: unknown;
+        context?: {
+            action?: string;
+            from?: string;
+        };
+    }>): AuditResult[];
+}
+/**
+ * Default auditor instance with standard config
+ */
+export declare const defaultAuditor: ContentAuditor;

package/dist/auditor/index.js

@@ -0,0 +1,141 @@
+/**
+ * ContentAuditor — Protocol-level security auditing for ATEL payloads
+ *
+ * Detects common attack patterns that should be blocked at protocol level,
+ * regardless of agent capabilities or business logic.
+ */
+const DEFAULT_CONFIG = {
+    enableInjectionCheck: true,
+    enablePathTraversalCheck: true,
+    enableCommandCheck: true,
+    enableCredentialCheck: true,
+    enableRecursionCheck: true,
+    maxDepth: 10,
+    customPatterns: [],
+};
+/**
+ * Protocol-level attack patterns
+ * These should be blocked regardless of agent capabilities
+ */
+const ATTACK_PATTERNS = {
+    // SQL/NoSQL injection
+    injection: [
+        { pattern: /(\bOR\b|\bAND\b)\s+['"]?\d+['"]?\s*=\s*['"]?\d+/i, reason: 'SQL injection pattern', severity: 'critical' },
+        { pattern: /UNION\s+SELECT/i, reason: 'SQL UNION injection', severity: 'critical' },
+        { pattern: /;\s*DROP\s+TABLE/i, reason: 'SQL DROP command', severity: 'critical' },
+        { pattern: /\$where\s*:/i, reason: 'MongoDB $where injection', severity: 'critical' },
+        { pattern: /\{\s*\$ne\s*:\s*null\s*\}/i, reason: 'NoSQL injection pattern', severity: 'high' },
+    ],
+    // Path traversal
+    pathTraversal: [
+        { pattern: /\.\.[\/\\]/g, reason: 'Path traversal attempt', severity: 'high' },
+        { pattern: /[\/\\]etc[\/\\]passwd/i, reason: 'System file access attempt', severity: 'critical' },
+        { pattern: /[\/\\]\.ssh[\/\\]/i, reason: 'SSH directory access', severity: 'critical' },
+        { pattern: /[\/\\]\.aws[\/\\]/i, reason: 'AWS credentials access', severity: 'critical' },
+    ],
+    // Command injection
+    command: [
+        { pattern: /\b(rm|del|rmdir)\s+-[rf]+/i, reason: 'Destructive file operation', severity: 'critical' },
+        { pattern: /`[^`]*`/g, reason: 'Shell command backticks', severity: 'high' },
+        { pattern: /\$\([^)]*\)/g, reason: 'Shell command substitution', severity: 'high' },
+        { pattern: /&&|\|\|/g, reason: 'Shell command chaining', severity: 'medium' },
+        { pattern: />\s*[\/\\]/g, reason: 'Shell output redirection', severity: 'medium' },
+        { pattern: /\bsudo\b/i, reason: 'Privilege escalation attempt', severity: 'critical' },
+        { pattern: /\bchmod\s+777/i, reason: 'Dangerous permission change', severity: 'high' },
+    ],
+    // Credential/secret access
+    credential: [
+        { pattern: /private[_-]?key/i, reason: 'Private key access', severity: 'critical' },
+        { pattern: /secret[_-]?key/i, reason: 'Secret key access', severity: 'critical' },
+        { pattern: /api[_-]?key/i, reason: 'API key access', severity: 'high' },
+        { pattern: /password/i, reason: 'Password access', severity: 'high' },
+        { pattern: /\.env/i, reason: 'Environment file access', severity: 'high' },
+        { pattern: /\.pem\b/i, reason: 'Certificate file access', severity: 'high' },
+    ],
+};
+export class ContentAuditor {
+    config;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Audit a payload for protocol-level security issues
+     */
+    audit(payload, context) {
+        // Convert payload to searchable string
+        const payloadStr = JSON.stringify(payload);
+        // Check recursion depth (nested objects can cause DoS)
+        if (this.config.enableRecursionCheck) {
+            const depth = this.getDepth(payload);
+            if (depth > this.config.maxDepth) {
+                return {
+                    safe: false,
+                    reason: `Payload depth (${depth}) exceeds limit (${this.config.maxDepth})`,
+                    severity: 'high',
+                };
+            }
+        }
+        // Check injection patterns
+        if (this.config.enableInjectionCheck) {
+            for (const { pattern, reason, severity } of ATTACK_PATTERNS.injection) {
+                if (pattern.test(payloadStr)) {
+                    return { safe: false, reason, severity, pattern: pattern.source };
+                }
+            }
+        }
+        // Check path traversal
+        if (this.config.enablePathTraversalCheck) {
+            for (const { pattern, reason, severity } of ATTACK_PATTERNS.pathTraversal) {
+                if (pattern.test(payloadStr)) {
+                    return { safe: false, reason, severity, pattern: pattern.source };
+                }
+            }
+        }
+        // Check command injection
+        if (this.config.enableCommandCheck) {
+            for (const { pattern, reason, severity } of ATTACK_PATTERNS.command) {
+                if (pattern.test(payloadStr)) {
+                    return { safe: false, reason, severity, pattern: pattern.source };
+                }
+            }
+        }
+        // Check credential access
+        if (this.config.enableCredentialCheck) {
+            for (const { pattern, reason, severity } of ATTACK_PATTERNS.credential) {
+                if (pattern.test(payloadStr)) {
+                    return { safe: false, reason, severity, pattern: pattern.source };
+                }
+            }
+        }
+        // Check custom patterns
+        for (const { pattern, reason, severity } of this.config.customPatterns) {
+            if (pattern.test(payloadStr)) {
+                return { safe: false, reason, severity, pattern: pattern.source };
+            }
+        }
+        return { safe: true };
+    }
+    /**
+     * Calculate nesting depth of an object (DoS protection)
+     */
+    getDepth(obj, currentDepth = 0) {
+        if (obj === null || typeof obj !== 'object') {
+            return currentDepth;
+        }
+        if (Array.isArray(obj)) {
+            return Math.max(currentDepth, ...obj.map(item => this.getDepth(item, currentDepth + 1)));
+        }
+        const depths = Object.values(obj).map(value => this.getDepth(value, currentDepth + 1));
+        return depths.length > 0 ? Math.max(...depths) : currentDepth;
+    }
+    /**
+     * Audit multiple payloads in batch
+     */
+    auditBatch(payloads) {
+        return payloads.map(({ payload, context }) => this.audit(payload, context));
+    }
+}
+/**
+ * Default auditor instance with standard config
+ */
+export const defaultAuditor = new ContentAuditor();

package/dist/collaboration/index.d.ts

@@ -0,0 +1,146 @@
+/**
+ * Module: Collaboration Anchor
+ *
+ * Enhanced on-chain anchoring for multi-agent collaboration scenarios.
+ * Records the full lifecycle of agent collaboration on-chain:
+ *
+ *   1. Handshake Anchor — proves two agents established a verified session
+ *   2. Task Delegation Anchor — proves a task was delegated with consent
+ *   3. Execution Proof Anchor — proves task execution result (existing ProofBundle)
+ *   4. Trust Score Anchor — proves trust score at a point in time
+ *   5. Dispute Evidence Anchor — immutable evidence for dispute resolution
+ *
+ * Each anchor is a SHA-256 hash of the relevant data, stored on-chain
+ * via the existing AnchorManager infrastructure.
+ */
+import type { AnchorManager, AnchorRecord, ChainId } from '../anchor/index.js';
+import type { ProofBundle } from '../proof/index.js';
+import type { Session } from '../handshake/index.js';
+/** Types of collaboration events that can be anchored */
+export type CollaborationAnchorType = 'handshake' | 'task_delegation' | 'execution_proof' | 'trust_score' | 'dispute_evidence' | 'key_rotation';
+/** A collaboration anchor record with typed metadata */
+export interface CollaborationAnchorRecord {
+    /** The type of collaboration event */
+    type: CollaborationAnchorType;
+    /** The hash that was anchored */
+    hash: string;
+    /** The on-chain anchor record */
+    anchor: AnchorRecord;
+    /** Participants involved */
+    participants: string[];
+    /** Human-readable description */
+    description: string;
+    /** Timestamp of the collaboration event */
+    eventTimestamp: string;
+}
+/** Task delegation data for anchoring */
+export interface TaskDelegationData {
+    /** Requestor DID */
+    requestorDid: string;
+    /** Executor DID */
+    executorDid: string;
+    /** Task type */
+    taskType: string;
+    /** Consent token hash */
+    consentHash: string;
+    /** Policy hash */
+    policyHash: string;
+    /** Delegation timestamp */
+    timestamp: string;
+    /** Negotiated terms hash (if any) */
+    termsHash?: string;
+}
+/** Trust score snapshot for anchoring */
+export interface TrustScoreSnapshot {
+    /** Agent DID */
+    agentDid: string;
+    /** Trust score at this point */
+    score: number;
+    /** Number of completed tasks */
+    completedTasks: number;
+    /** Number of failed tasks */
+    failedTasks: number;
+    /** Snapshot timestamp */
+    timestamp: string;
+    /** Previous snapshot hash (for chain linking) */
+    previousHash?: string;
+}
+/** Dispute evidence for anchoring */
+export interface DisputeEvidence {
+    /** Dispute ID */
+    disputeId: string;
+    /** Complainant DID */
+    complainantDid: string;
+    /** Respondent DID */
+    respondentDid: string;
+    /** Related proof bundle hash */
+    proofHash: string;
+    /** Related task delegation hash */
+    delegationHash: string;
+    /** Evidence description */
+    description: string;
+    /** Timestamp */
+    timestamp: string;
+}
+/**
+ * Manages on-chain anchoring of multi-agent collaboration events.
+ *
+ * Builds on top of AnchorManager to provide typed, structured
+ * anchoring for the full collaboration lifecycle.
+ */
+export declare class CollaborationAnchor {
+    private readonly anchorManager;
+    private readonly defaultChain;
+    private readonly records;
+    constructor(anchorManager: AnchorManager, defaultChain?: ChainId | string);
+    /**
+     * Anchor a handshake session establishment.
+     * Proves that two agents verified each other's identity at a specific time.
+     */
+    anchorHandshake(session: Session, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Anchor a task delegation event.
+     * Proves that a task was delegated with specific consent and policy.
+     */
+    anchorTaskDelegation(delegation: TaskDelegationData, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Anchor an execution proof bundle.
+     * Proves the result of a task execution with full Merkle proof.
+     */
+    anchorExecutionProof(proof: ProofBundle, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Anchor a trust score snapshot.
+     * Creates an immutable record of an agent's trust score at a point in time.
+     * Links to previous snapshot for chain integrity.
+     */
+    anchorTrustScore(snapshot: TrustScoreSnapshot, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Anchor dispute evidence.
+     * Creates an immutable record for dispute resolution.
+     */
+    anchorDisputeEvidence(evidence: DisputeEvidence, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Anchor a key rotation event.
+     * Proves that an agent rotated their encryption keys at a specific time.
+     */
+    anchorKeyRotation(agentDid: string, rotationSeq: number, newPublicKeyHash: string, chain?: ChainId | string): Promise<CollaborationAnchorRecord>;
+    /**
+     * Get all collaboration anchor records.
+     */
+    getRecords(): CollaborationAnchorRecord[];
+    /**
+     * Get records by type.
+     */
+    getRecordsByType(type: CollaborationAnchorType): CollaborationAnchorRecord[];
+    /**
+     * Get records involving a specific agent.
+     */
+    getRecordsByParticipant(did: string): CollaborationAnchorRecord[];
+    /**
+     * Verify a collaboration anchor against the chain.
+     */
+    verifyAnchor(record: CollaborationAnchorRecord): Promise<{
+        valid: boolean;
+        detail: string;
+    }>;
+}