@motebit/protocol 1.2.0 → 2.0.0

package/dist/event-type.js

@@ -0,0 +1,123 @@
+/**
+ * `EventType` canonical-registry tooling.
+ *
+ * The `EventType` enum (in `./index.ts`) is the closed vocabulary of
+ * event-log entry discriminators that flow through every motebit's
+ * append-only event substrate. Every `EventLogEntry` carries an
+ * `event_type` field; sync peers, federation participants, audit
+ * verifiers, and consolidation cycles dispatch on it. Cross-
+ * implementation drift would break interop — a motebit emitting an
+ * unknown event_type to a peer would surface as a silent
+ * type-narrowing failure on the receiving side.
+ *
+ * Promoted to a registered registry per
+ * `docs/doctrine/registry-pattern-canonical.md` on 2026-05-14 — the
+ * sixth instance after `SuiteId`, `TokenAudience`,
+ * `ContentArtifactType`, `TaskShape`, and `SensitivityLevel`. The
+ * arc validates the meta-gate's claim that adding a sixth registry
+ * is template growth, not new design.
+ *
+ * Same shape as `audience.ts`, `artifact-type.ts`, `routing.ts`'s
+ * `ALL_TASK_SHAPES`/`isTaskShape` pair, and `sensitivity.ts`'s
+ * `ALL_SENSITIVITY_LEVELS`/`isSensitivityLevel` pair.
+ *
+ * Pure deterministic data + type guard. Permissive-floor primitive
+ * per `packages/protocol/CLAUDE.md` rule 1 (closed-registry tooling
+ * is structural, not policy).
+ */
+/**
+ * Canonical iteration order over `EventType`, frozen. The single
+ * source of truth for "every event type" — drift gates, exhaustive
+ * switches, sync filters, and the protocol's registry-coverage gate
+ * (`check-event-type-canonical`) all enumerate through this array.
+ *
+ * Ordered in declaration order from the enum in `index.ts`. The
+ * gate's sibling-alignment block verifies the array mirrors the
+ * enum exactly — a registry append in the enum without a
+ * corresponding array append fails CI.
+ *
+ * Same shape as `ALL_SUITE_IDS`, `ALL_TOKEN_AUDIENCES`,
+ * `ALL_CONTENT_ARTIFACT_TYPES`, `ALL_TASK_SHAPES`,
+ * `ALL_SENSITIVITY_LEVELS`. Adding an event type is intentional
+ * protocol-level work: new enum entry + new entry here + gate
+ * reference update + spec/event-log entry if wire-format-relevant.
+ *
+ * Values are the enum's string literals (not enum members) to avoid
+ * the init-order cycle the file's `import type` already documents.
+ */
+export const ALL_EVENT_TYPES = Object.freeze([
+    "identity_created",
+    "state_updated",
+    "memory_formed",
+    "memory_decayed",
+    "memory_deleted",
+    "memory_accessed",
+    "provider_swapped",
+    "export_requested",
+    "delete_requested",
+    "sync_completed",
+    "audit_entry",
+    "tool_used",
+    "policy_violation",
+    "goal_created",
+    "goal_executed",
+    "goal_removed",
+    "approval_requested",
+    "approval_approved",
+    "approval_denied",
+    "approval_expired",
+    "goal_completed",
+    "goal_progress",
+    "memory_audit",
+    "memory_pinned",
+    "plan_created",
+    "plan_step_started",
+    "plan_step_completed",
+    "plan_step_failed",
+    "plan_completed",
+    "plan_step_delegated",
+    "credential_revoked",
+    "identity_revoked",
+    "plan_failed",
+    "housekeeping_run",
+    "reflection_completed",
+    "idle_tick_fired",
+    "memory_consolidated",
+    "memory_promoted",
+    "consolidation_cycle_run",
+    "consolidation_receipt_signed",
+    "consolidation_receipts_anchored",
+    "agent_task_completed",
+    "agent_task_failed",
+    "agent_task_denied",
+    "proposal_created",
+    "proposal_accepted",
+    "proposal_rejected",
+    "proposal_countered",
+    "collaborative_step_completed",
+    "chain_trust_computed",
+    "trust_level_changed",
+    "key_rotated",
+    "computer_session_opened",
+    "computer_session_closed",
+    "computer_session_summarized",
+    "co_browse_control_changed",
+    "user_input_forwarded",
+    "skill_loaded",
+    "sensitivity_gate_fired",
+]);
+/**
+ * Type guard — narrows `unknown` to `EventType`. Drift-gate-driven
+ * literal scanners use this to validate values pulled from
+ * wire-format payloads; consumers that derive event types from
+ * external sources (sync intake, federation peer payloads) call
+ * this before dispatching so an unchecked cast is a fail-open path
+ * the type system can't catch.
+ *
+ * Same shape as `isSuiteId`, `isTokenAudience`,
+ * `isContentArtifactType`, `isTaskShape`, `isSensitivityLevel`.
+ */
+export function isEventType(value) {
+    return typeof value === "string" && ALL_EVENT_TYPES.includes(value);
+}
+//# sourceMappingURL=event-type.js.map

package/dist/event-type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-type.js","sourceRoot":"","sources":["../src/event-type.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AASH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,eAAe,GAAyB,MAAM,CAAC,MAAM,CAAC;IACjE,kBAAkB;IAClB,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,cAAc;IACd,oBAAoB;IACpB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,cAAc;IACd,eAAe;IACf,cAAc;IACd,mBAAmB;IACnB,qBAAqB;IACrB,kBAAkB;IAClB,gBAAgB;IAChB,qBAAqB;IACrB,oBAAoB;IACpB,kBAAkB;IAClB,aAAa;IACb,kBAAkB;IAClB,sBAAsB;IACtB,iBAAiB;IACjB,qBAAqB;IACrB,iBAAiB;IACjB,yBAAyB;IACzB,8BAA8B;IAC9B,iCAAiC;IACjC,sBAAsB;IACtB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,mBAAmB;IACnB,mBAAmB;IACnB,oBAAoB;IACpB,8BAA8B;IAC9B,sBAAsB;IACtB,qBAAqB;IACrB,aAAa;IACb,yBAAyB;IACzB,yBAAyB;IACzB,6BAA6B;IAC7B,2BAA2B;IAC3B,sBAAsB;IACtB,cAAc;IACd,wBAAwB;CACV,CAAC,CAAC;AAElB;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAK,eAAqC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC7F,CAAC"}

package/dist/index.d.ts

@@ -248,7 +248,11 @@ export declare enum EventType {
     KeyRotated = "key_rotated",
     ComputerSessionOpened = "computer_session_opened",
     ComputerSessionClosed = "computer_session_closed",
-    SkillLoaded = "skill_loaded"
+    ComputerSessionSummarized = "computer_session_summarized",
+    CoBrowseControlChanged = "co_browse_control_changed",
+    UserInputForwarded = "user_input_forwarded",
+    SkillLoaded = "skill_loaded",
+    SensitivityGateFired = "sensitivity_gate_fired"
 }
 export declare enum MemoryType {
     Episodic = "episodic",
@@ -419,11 +423,82 @@ export interface ToolDefinition {
      * `check-sensitivity-routing` for the outbound enforcement gate.
      */
     outbound?: boolean;
+    /**
+     * Embodiment mode the slab item should stamp when this tool's
+     * activity lands on the slab. One of: `"mind"` | `"tool_result"` |
+     * `"virtual_browser"` | `"shared_gaze"` | `"desktop_drive"` |
+     * `"peer_viewport"`. The string union is canonically declared as
+     * `EmbodimentMode` in `@motebit/render-engine` (typed as `string`
+     * here to avoid the protocol→render-engine layer break — promoting
+     * the type into `@motebit/protocol` is a separate slice the doctrine
+     * names as deferred).
+     *
+     * Why this lives on the tool definition (not on each chunk): the
+     * embodiment is determined at registration time by the surface
+     * wiring the dispatcher. The `computer` tool's wire format is
+     * surface-agnostic but its embodiment is dispatcher-specific:
+     * `apps/web/src/computer-tool.ts` registers it with
+     * `embodimentMode: "virtual_browser"` (cloud Chromium); the desktop
+     * surface registers the same name with `embodimentMode:
+     * "desktop_drive"` (real OS). The runtime's slab-projection picks
+     * `chunk.mode` (sourced from this field) over `tool-policy.ts`'s
+     * generic floor — so the same tool name produces the right
+     * embodiment per surface without forcing surface-aware code into
+     * the central registry. Doctrine: motebit-computer.md §"v1
+     * implementation status — Deferred to v1.5+: per-dispatcher mode
+     * stamping" — landed as v1.1 of the virtual_browser arc.
+     */
+    embodimentMode?: string;
+    /**
+     * Slab-projection policy for this tool. Closed string-literal union:
+     *
+     *   - `"tool_call"` (default when omitted) — open a generic
+     *     `tool_call` slab item on each invocation. The familiar
+     *     "REQUEST_X / calling…" card. Right for tools that produce
+     *     body acts (web_search, read_file, computer).
+     *   - `"none"` — do NOT open a slab item. The tool is **state
+     *     chrome**, not a body act, and its visible representation is
+     *     a different surface (e.g. `request_control`'s visible
+     *     surface is the slab control band, not a tool_call card).
+     *     Without this, state-chrome tools would render duplicate UI:
+     *     the affordance card AND the chrome both visible, competing
+     *     for attention and obscuring the band's Grant/Deny buttons.
+     *
+     * Doctrine: motebit-computer.md — slab content is body acts
+     * (browser, peer viewport, memory artifact, tool result, desktop
+     * surface). Slab CHROME is state-aware overlays (control band,
+     * address bar, halt indicator). State-chrome tools belong in the
+     * latter; the slab item projection is for the former.
+     *
+     * Plumbing: read on the tool_status chunk by ai-core's loop.ts
+     * and consumed by the runtime's slab-projection at open time.
+     * The closed-string-literal union keeps additions backward
+     * compatible (a future `"observation"` variant could narrow
+     * further without breaking existing consumers).
+     */
+    slabProjection?: "none" | "tool_call";
 }
 export interface ToolResult {
     ok: boolean;
     data?: unknown;
     error?: string;
+    /**
+     * Optional structured failure category, set by handlers that wrap
+     * a typed error carrying its own `reason` field (e.g.
+     * `ComputerDispatcherError`). Lets downstream consumers route on
+     * category without parsing the human-readable `error` text.
+     *
+     * v1 carriers:
+     *   - `not_in_control` — Slice 1 co-browse gate denial. The
+     *     runtime's slab projection uses this to suppress a body
+     *     `tool_call` item: control-state denials' canonical surface
+     *     is the slab control band (Slice 2b doorbell), not the body.
+     *
+     * Open string-literal — additive. New reason categories land
+     * without breaking existing callers (consumers either route on
+     * the value they care about or ignore the field).
+     */
+    reason?: string;
     /** Set by adapters that already applied boundary wrapping (e.g. MCP client). */
     _sanitized?: boolean;
 }
@@ -1164,7 +1239,13 @@ export interface ExecutionStepSummary {
     };
 }
 export interface GoalExecutionManifest {
-    spec: "motebit/execution-ledger@1.0";
+    /**
+     * `motebit/execution-ledger@1.0` for legacy ledgers, `motebit/execution-ledger@1.1`
+     * for ledgers that embed byte-identical inner signed receipts via `signed_receipts`.
+     * v1.1 is purely additive — every v1.0 consumer continues to parse v1.1 bodies
+     * by ignoring the optional field. See `spec/execution-ledger-v1.md` §4.3.
+     */
+    spec: "motebit/execution-ledger@1.0" | "motebit/execution-ledger@1.1";
     motebit_id: string;
     goal_id: string;
     plan_id: string;
@@ -1174,6 +1255,19 @@ export interface GoalExecutionManifest {
     timeline: ExecutionTimelineEntry[];
     steps: ExecutionStepSummary[];
     delegation_receipts: DelegationReceiptSummary[];
+    /**
+     * Byte-identical canonical-JSON of each delegated motebit's signed
+     * `ExecutionReceipt`. Optional and only present in v1.1 reconstructions
+     * where the relay has the receipts archived (per
+     * `services/relay/CLAUDE.md` Rule 11). Each element is the JSON-stringified
+     * receipt the motebit signed; verifiers MAY parse + recursively verify
+     * each one's Ed25519 signature independently. Closes the operator-trust
+     * gap that v1.0 summaries leave open — a relay that lies about which
+     * motebit did the work is detectable because the inner signature can be
+     * checked against the named motebit's public key without trusting the
+     * relay. See `spec/execution-ledger-v1.md` §4.3.
+     */
+    signed_receipts?: string[];
     content_hash: string;
     signature?: string;
 }
@@ -1186,6 +1280,14 @@ export interface DelegationReceiptSummary {
     tools_used: string[];
     signature_prefix: string;
 }
+/**
+ * Canonical spec identifiers for the execution-ledger reconstruction.
+ * v1.1 adds the optional `signed_receipts` field; the wire shape is
+ * otherwise identical to v1.0. Verifiers that recognize v1.1 SHOULD
+ * iterate `signed_receipts` and verify each inner signature when present.
+ */
+export declare const EXECUTION_LEDGER_SPEC_V1_0: "motebit/execution-ledger@1.0";
+export declare const EXECUTION_LEDGER_SPEC_V1_1: "motebit/execution-ledger@1.1";
 export interface AgentCapabilities {
     motebit_id: MotebitId;
     public_key: string;
@@ -1287,6 +1389,22 @@ export interface SettlementRecord {
     platform_fee: number;
     /** Fee rate applied (e.g. 0.05 = 5%). Recorded per-settlement for auditability. */
     platform_fee_rate: number;
+    /**
+     * How the money moved for this settlement: `relay` (relay holds custody;
+     * virtual-account credit/debit on the relay's books) or `p2p` (peer-to-
+     * peer onchain transfer; relay records the audit but never held the
+     * funds). Closed registry — see `SettlementMode` in `./settlement-mode.ts`.
+     *
+     * Carried in the signed body so the lane is part of the relay's
+     * attestation, not a derivable side-fact. Auditors and counsel reading
+     * the receipt see the custody posture directly; the relay cannot
+     * silently re-label a custodied settlement as p2p after the fact.
+     *
+     * Treasury reconciliation (operator fee accrual vs. onchain balance)
+     * is structurally NOT a settlement and never appears here — see
+     * `docs/doctrine/settlement-rails.md` § "Lanes for external readers".
+     */
+    settlement_mode: SettlementMode;
     /** x402 payment transaction hash (when paid on-chain). */
     x402_tx_hash?: string;
     /** x402 network used for payment (CAIP-2 identifier). */
@@ -1391,6 +1509,26 @@ export interface GuestRail extends SettlementRail {
     readonly railType: "fiat" | "protocol" | "orchestration";
     /** Whether this rail supports proactive deposits. False for pay-per-request rails (x402, MPP). */
     readonly supportsDeposit: boolean;
+    /**
+     * Whether this rail supports user-facing withdrawal — i.e., the relay
+     * may invoke `rail.withdraw(...)` to transmit user funds to an
+     * external destination on the user's behalf. When `false`, the rail
+     * is registered for other purposes (treasury orchestration, deposit
+     * intake, anchor submission) but NEVER appears in the user-withdrawal
+     * dispatch path.
+     *
+     * `BridgeSettlementRail.supportsWithdraw = false` is the structural
+     * embodiment of the off-ramp doctrine: Motebit is not a transmitter
+     * of user funds. Bridge stays registered for own-account treasury
+     * conversion via `BridgeOfframpAdapter`, but the rail itself cannot
+     * be a withdrawal target — `withdraw()` is structurally absent from
+     * the type (it lives on `WithdrawableGuestRail`, not on the base).
+     *
+     * Mirrors `supportsDeposit` + `DepositableGuestRail` and `supportsBatch`
+     * + `BatchableGuestRail` as a discriminant narrowing to
+     * `WithdrawableGuestRail`.
+     */
+    readonly supportsWithdraw: boolean;
     /**
      * Whether the rail exposes a single-call batch withdrawal primitive.
      * When true, `withdrawBatch` MUST be implemented. When false (the
@@ -1399,21 +1537,11 @@ export interface GuestRail extends SettlementRail {
      * defers sub-threshold items and fires serially once the policy
      * clears — but the rail itself settles one item per call.
      * Mirrors `supportsDeposit` + `DepositableGuestRail` as a
-     * discriminant narrowing to `BatchableGuestRail`.
+     * discriminant narrowing to `BatchableGuestRail`. Implies
+     * `supportsWithdraw: true` — batch is a specialization of single
+     * withdraw.
      */
     readonly supportsBatch: boolean;
-    /**
-     * Execute a withdrawal to an external destination.
-     * Fail-closed: throws on any error.
-     */
-    withdraw(motebitId: string, amount: number, currency: string, destination: string, idempotencyKey: string): Promise<WithdrawalResult>;
-    /**
-     * Submit multiple withdrawals in one rail call when the rail
-     * supports a native batch primitive (e.g., a future x402 multi-
-     * authorization, a Bridge bulk-transfer). Present only when
-     * `supportsBatch` is true — narrow with `isBatchableRail`.
-     */
-    withdrawBatch?(items: readonly BatchWithdrawalItem[]): Promise<BatchWithdrawalResult>;
     /**
      * Record a payment proof with a settlement (e.g., x402 tx hash, Stripe charge ID).
      * Called after settleOnReceipt() computes the settlement record.
@@ -1448,11 +1576,46 @@ export interface BatchWithdrawalResult {
         reason: string;
     }>;
 }
+/**
+ * A guest rail that supports user-facing withdrawal — the relay may
+ * invoke `withdraw()` to transmit user funds to an external destination.
+ *
+ * Use the `supportsWithdraw` discriminant for runtime narrowing from
+ * `GuestRail`. The marker exists so `BridgeSettlementRail` (orchestration,
+ * treasury-only) is structurally distinct from `StripeSettlementRail`
+ * (fiat, user-facing) and `X402SettlementRail` (protocol, user-facing).
+ *
+ * The doctrinal frame: Motebit is not a transmitter of user funds. User-
+ * facing withdrawal is permitted only to user-held wallets (the sovereign
+ * Solana path via `OperatorSolanaTransfer` on the operator side, or to
+ * a user-held EVM wallet via x402 on a `WithdrawableGuestRail`). Bridge
+ * is excluded structurally — the method does not exist on its type, so
+ * the relay cannot orchestrate user-facing transfers through Bridge no
+ * matter what env vars are set. The doctrine is enforced by absence.
+ */
+export interface WithdrawableGuestRail extends GuestRail {
+    readonly supportsWithdraw: true;
+    /**
+     * Execute a withdrawal to an external destination.
+     * Fail-closed: throws on any error.
+     */
+    withdraw(motebitId: string, amount: number, currency: string, destination: string, idempotencyKey: string): Promise<WithdrawalResult>;
+    /**
+     * Submit multiple withdrawals in one rail call when the rail
+     * supports a native batch primitive (e.g., a future x402 multi-
+     * authorization). Present only when `supportsBatch` is true — narrow
+     * with `isBatchableRail`. A rail can be withdrawable without being
+     * batchable, but the reverse is forbidden by the type hierarchy:
+     * `BatchableGuestRail extends WithdrawableGuestRail`.
+     */
+    withdrawBatch?(items: readonly BatchWithdrawalItem[]): Promise<BatchWithdrawalResult>;
+}
 /**
  * A guest rail that supports batch withdrawal submission.
  * Use the `supportsBatch` discriminant for runtime narrowing from `GuestRail`.
+ * Batchable implies withdrawable — batch is a specialization of single withdraw.
  */
-export interface BatchableGuestRail extends GuestRail {
+export interface BatchableGuestRail extends WithdrawableGuestRail {
     readonly supportsBatch: true;
     withdrawBatch(items: readonly BatchWithdrawalItem[]): Promise<BatchWithdrawalResult>;
 }
@@ -1472,6 +1635,19 @@ export interface DepositableGuestRail extends GuestRail {
 }
 /** Type guard: narrows GuestRail to DepositableGuestRail. */
 export declare function isDepositableRail(rail: GuestRail): rail is DepositableGuestRail;
+/**
+ * Type guard: narrows GuestRail to WithdrawableGuestRail.
+ *
+ * The relay's user-withdrawal dispatch (services/relay/src/budget.ts)
+ * MUST narrow through this guard before calling `rail.withdraw(...)`.
+ * Compile-time enforcement: `withdraw` does not exist on bare `GuestRail`,
+ * so an un-narrowed call site fails to typecheck. Runtime defense-in-
+ * depth: a rail with `supportsWithdraw: true` AND a non-function
+ * `withdraw` property would shape-match the interface but fail this
+ * guard, surfacing as "this rail does not support withdrawal" rather
+ * than a `TypeError: rail.withdraw is not a function` at the dispatch.
+ */
+export declare function isWithdrawableRail(rail: GuestRail): rail is WithdrawableGuestRail;
 /** Type guard: narrows GuestRail to BatchableGuestRail. */
 export declare function isBatchableRail(rail: GuestRail): rail is BatchableGuestRail;
 /**
@@ -1496,8 +1672,13 @@ export interface SovereignRail extends SettlementRail {
     readonly custody: "agent";
     /** Chain identifier (e.g., "solana"). Future: "aptos", "sui". */
     readonly chain: string;
-    /** Asset symbol (e.g., "USDC"). */
-    readonly asset: string;
+    /**
+     * Settlement asset this rail clears in. Closed union — see
+     * `SettlementAsset` in `./settlement-asset.ts`. Sub-phase A: USDC
+     * only at land; second-asset promotion lifts the registry to the
+     * 8th registered registry per `registry-pattern-canonical.md`.
+     */
+    readonly asset: SettlementAsset;
     /** Agent's own address on this chain. Equals the motebit identity public key for Ed25519-native chains. */
     readonly address: string;
     /** Current balance in micro-units (1e6 = 1 unit of asset). */
@@ -1851,6 +2032,41 @@ export interface AuditStatsSince {
     blocked: number;
     failed: number;
 }
+/**
+ * audit-chain — single entry in the hash-linked tamper-evident
+ * audit trail. Each entry's `hash` is `SHA-256(canonical({
+ * previous_hash, entry_id, timestamp, event_type, actor_id, data
+ * }))`; `previous_hash` references the prior entry's `hash` (or
+ * `"genesis"` for the first entry). The runtime computes hashes on
+ * append; verifiers recompute and compare.
+ *
+ * Lives in protocol (permissive-floor wire-format type) so
+ * `StorageAdapters.auditChainStore` can reference it without sdk
+ * importing the BSL `@motebit/policy` package. The concrete
+ * primitives (`appendAuditEntry`, `verifyAuditChain`, the
+ * `crypto.subtle` hashing) live in `@motebit/policy`'s
+ * `audit-chain.ts` — that's where the algorithm runs.
+ */
+export interface AuditChainEntry {
+    readonly entry_id: string;
+    readonly timestamp: number;
+    readonly event_type: string;
+    readonly actor_id: string;
+    readonly data: Record<string, unknown>;
+    readonly previous_hash: string;
+    readonly hash: string;
+}
+/**
+ * audit-chain — minimal storage interface adapters implement.
+ * Append-only — the chain breaks if entries are deleted or
+ * reordered, which is the whole tamper-evidence point.
+ */
+export interface AuditChainStoreAdapter {
+    append(entry: AuditChainEntry): Promise<void>;
+    getEntries(from?: number, to?: number): Promise<AuditChainEntry[]>;
+    getHead(): Promise<AuditChainEntry | undefined>;
+    count(): Promise<number>;
+}
 export interface AuditLogSink {
     append(entry: ToolAuditEntry): void;
     query(turnId: string): ToolAuditEntry[];
@@ -1926,7 +2142,10 @@ export type { AgentSettlementAnchorBatch, AgentSettlementChainAnchor, AgentSettl
 export type { RelayMetadata, RelayMetadataPeer, AgentResolutionResult } from "./discovery.js";
 export type { MigrationState, MigrationRequest, MigrationToken, DepartureAttestation, CredentialBundle, BalanceWaiver, MigrationPresentation, } from "./migration.js";
 export type { DisputeState, DisputeOutcome, DisputeCategory, DisputeFundAction, DisputeRequest, DisputeEvidence, DisputeEvidenceType, AdjudicatorVote, VoteRequest, DisputeResolution, DisputeAppeal, WitnessOmissionDispute, WitnessOmissionEvidence, WitnessOmissionInclusionProofEvidence, WitnessOmissionAlternativePeeringEvidence, } from "./dispute.js";
-export type { SettlementMode, P2pPaymentProof, PaymentVerificationStatus, SettlementEligibility, SolvencyProof, } from "./settlement-mode.js";
+export type { SettlementMode, WritableSettlementMode, P2pPaymentProof, PaymentVerificationStatus, SettlementEligibility, SolvencyProof, } from "./settlement-mode.js";
+export { ALL_SETTLEMENT_MODES, isSettlementMode } from "./settlement-mode.js";
+export type { SettlementAsset } from "./settlement-asset.js";
+export { ALL_SETTLEMENT_ASSETS, isSettlementAsset } from "./settlement-asset.js";
 export type { SuiteId, SuiteEntry, SuiteStatus, SuiteAlgorithm, SuiteCanonicalization, SuiteSignatureEncoding, SuitePublicKeyEncoding, } from "./crypto-suite.js";
 export { SUITE_REGISTRY, ALL_SUITE_IDS, isSuiteId, getSuiteEntry } from "./crypto-suite.js";
 export { MAX_RETENTION_DAYS_BY_SENSITIVITY, REFERENCE_RETENTION_DAYS_BY_SENSITIVITY, RUNTIME_RETENTION_REGISTRY, EMPTY_FEDERATION_GRAPH_ANCHOR, } from "./retention-policy.js";
@@ -1934,11 +2153,29 @@ export type { RetentionCeilingDays, RetentionShape, RetentionShapeDeclaration, R
 export type { MemoryDecayedPayload, MemoryFormedPayload, MemoryAccessedPayload, MemoryPinnedPayload, MemoryDeletedPayload, MemoryConsolidatedPayload, MemoryAuditPayload, MemoryPromotedPayload, } from "./memory-events.js";
 export type { GoalCreatedPayload, GoalExecutedPayload, GoalProgressPayload, GoalCompletedPayload, GoalRemovedPayload, } from "./goal-lifecycle.js";
 export type { PlanCreatedPayload, PlanStepStartedPayload, PlanStepCompletedPayload, PlanStepFailedPayload, PlanStepDelegatedPayload, PlanCompletedPayload, PlanFailedPayload, } from "./plan-lifecycle.js";
-export type { ComputerPoint, ComputerTargetHint, ScreenshotAction, CursorPositionAction, ClickAction, DoubleClickAction, MouseMoveAction, DragAction, TypeAction, KeyAction, ScrollAction, ComputerAction, ComputerActionKind, ComputerActionRequest, ComputerObservationResult, ComputerRedaction, ScreenshotObservation, CursorPositionObservation, ComputerSessionOpened, ComputerSessionClosed, ComputerFailureReason, } from "./computer-use.js";
+export type { ComputerPoint, ComputerTargetHint, ScreenshotAction, CursorPositionAction, ClickAction, DoubleClickAction, MouseMoveAction, DragAction, TypeAction, KeyAction, ScrollAction, NavigateAction, ClickElementAction, FocusElementAction, TypeIntoAction, ComputerAction, ComputerActionKind, ComputerActionRequest, ComputerObservationResult, ComputerRedaction, ScreenshotObservation, CursorPositionObservation, ReadPageResult, ReadPageHeading, ReadPageLink, ReadPageInput, ReadPageButton, ComputerSessionOpened, ComputerSessionClosed, ComputerFailureReason, ComputerSessionActionRecord, SignableComputerSessionReceipt, ComputerSessionReceipt, ScreencastFrame, ScreencastFrameSource, } from "./computer-use.js";
 export { COMPUTER_ACTION_KINDS, COMPUTER_FAILURE_REASONS } from "./computer-use.js";
+export type { ControlHolder, ControlState, CoBrowseTransitionKind, CoBrowseControlChangedPayload, KeyModifiers, UserInputEvent, UserInputForwardOutcome, UserInputRejectionReason, CharacterClass, KeyRole, UserInputForwardedDetail, UserInputForwardedPayload, } from "./co-browse.js";
+export { CO_BROWSE_TRANSITION_KINDS } from "./co-browse.js";
 export type { ToolMode } from "./tool-mode.js";
 export { TOOL_MODES, toolModePriority } from "./tool-mode.js";
+export type { DropPayloadKind, DropTarget, DropPayload, UserActionAttestation, SensitivityGateEntry, SensitivityElevationSource, SensitivityGateFiredPayload, } from "./perception.js";
+export { resolveDropTarget } from "./perception.js";
+export { rankSensitivity, maxSensitivity, sensitivityPermits, ALL_SENSITIVITY_LEVELS, isSensitivityLevel, } from "./sensitivity.js";
+export type { SensitivityCleared } from "./sensitivity.js";
+export { ALL_EVENT_TYPES, isEventType } from "./event-type.js";
+export { MICRO, CENTS, toMicro, fromMicro, toCents, fromCents } from "./money.js";
+export type { InferenceHost, ModelLab, Jurisdiction, TaskShape, ProviderCapability, RoutingConstraint, RoutingDecision, } from "./routing.js";
+export { ALL_TASK_SHAPES, isTaskShape, QUICK_TASK_SHAPE, CHAT_TASK_SHAPE, REASONING_TASK_SHAPE, CODE_TASK_SHAPE, RESEARCH_TASK_SHAPE, CREATIVE_TASK_SHAPE, MATH_TASK_SHAPE, } from "./routing.js";
+export type { TokenAudience } from "./audience.js";
+export { ALL_TOKEN_AUDIENCES, isTokenAudience, SYNC_AUDIENCE, DEVICE_AUTH_AUDIENCE, PAIR_AUDIENCE, ROTATE_KEY_AUDIENCE, PUSH_REGISTER_AUDIENCE, TASK_SUBMIT_AUDIENCE, ADMIN_QUERY_AUDIENCE, PROPOSAL_AUDIENCE, ACCOUNT_BALANCE_AUDIENCE, ACCOUNT_DEPOSIT_AUDIENCE, ACCOUNT_WITHDRAW_AUDIENCE, ACCOUNT_WITHDRAWALS_AUDIENCE, ACCOUNT_CHECKOUT_AUDIENCE, BROWSER_SANDBOX_GRANT_AUDIENCE, BROWSER_SANDBOX_AUDIENCE, } from "./audience.js";
+export type { ContentArtifactType } from "./artifact-type.js";
+export { ALL_CONTENT_ARTIFACT_TYPES, isContentArtifactType, STATE_SNAPSHOT_ARTIFACT, MEMORY_EXPORT_ARTIFACT, GOAL_LIST_ARTIFACT, CONVERSATION_LIST_ARTIFACT, CONVERSATION_MESSAGES_ARTIFACT, DEVICE_LIST_ARTIFACT, AUDIT_TRAIL_ARTIFACT, PLAN_LIST_ARTIFACT, PLAN_DETAIL_ARTIFACT, GRADIENT_HISTORY_ARTIFACT, SYNC_PULL_ARTIFACT, EXECUTION_LEDGER_ARTIFACT, GOAL_RESULT_ARTIFACT, } from "./artifact-type.js";
+export type { SignedTransparencyDeclaration, TransparencySignedPayload, TransparencyAnchorRecord, } from "./transparency.js";
+export { TRANSPARENCY_SUITE, TRANSPARENCY_ANCHOR_MEMO_PREFIX, TRANSPARENCY_SPEC_ID, isSignedTransparencyDeclaration, } from "./transparency.js";
 import type { ToolMode } from "./tool-mode.js";
+import type { SettlementMode } from "./settlement-mode.js";
+import type { SettlementAsset } from "./settlement-asset.js";
 export type { SkillSensitivity, SkillPlatform, SkillHardwareAttestationGate, SkillSignature, SkillManifestMetadata, SkillManifestMotebit, SkillManifest, SkillEnvelopeFile, SkillEnvelopeSkillRef, SkillEnvelope, SkillLoadPayload, } from "./skills.js";
 export { SKILL_SENSITIVITY_TIERS, SKILL_AUTO_LOADABLE_TIERS, SKILL_PLATFORMS } from "./skills.js";
 export type { SkillRegistryEntry, SkillRegistrySubmitRequest, SkillRegistrySubmitResponse, SkillRegistryListing, SkillRegistryBundle, } from "./skills.js";