@obelyzk/sdk 1.1.0 → 1.2.0

package/dist/firewall/index.d.mts

@@ -0,0 +1,166 @@
+import * as starknet from 'starknet';
+
+/**
+ * Types for the ZKML Agent Firewall SDK.
+ *
+ * These types map 1:1 to the Rust classifier and Cairo AgentFirewallZK contract.
+ */
+/** Transaction features sent to the classifier. */
+interface TransactionFeatures {
+    /** Target contract address (hex, 0x-prefixed). */
+    target: string;
+    /** Transaction value (decimal string, u256). */
+    value?: string;
+    /** Function selector (hex, 4 bytes, 0x-prefixed). */
+    selector?: string;
+    /** Calldata (hex, after selector, 0x-prefixed). */
+    calldata?: string;
+    /** Agent's current trust score (0-100000). */
+    agentTrustScore?: number;
+    /** Agent's current strike count. */
+    agentStrikes?: number;
+    /** Agent age in blocks since registration. */
+    agentAgeBlocks?: number;
+    /** Target contract metadata. */
+    targetVerified?: boolean;
+    targetIsProxy?: boolean;
+    targetHasSource?: boolean;
+    targetInteractionCount?: number;
+    /** Behavioral features. */
+    txFrequency?: number;
+    uniqueTargets24h?: number;
+    avgValue24h?: number;
+    maxValue24h?: number;
+}
+/** Classifier decision. */
+type Decision = "approve" | "escalate" | "block";
+/** Result from evaluating a transaction through the ZKML classifier. */
+interface ClassifyResult {
+    /** Unique request ID. */
+    requestId: string;
+    /** Classifier decision. */
+    decision: Decision;
+    /** Threat score (0-100000). */
+    threatScore: number;
+    /** Raw output scores: [safe, suspicious, malicious]. */
+    scores: [number, number, number];
+    /** IO commitment (Poseidon hash of classifier input + output). */
+    ioCommitment: string;
+    /** Policy commitment (strict policy hash). */
+    policyCommitment: string;
+    /** Proving time in milliseconds. */
+    proveTimeMs: number;
+}
+/** Result from submitting an action to the firewall contract. */
+interface SubmitActionResult {
+    /** Action ID assigned by the contract. */
+    actionId: number;
+    /** Transaction hash. */
+    txHash: string;
+}
+/** Result from resolving an action with a verified proof. */
+interface ResolveResult {
+    /** Final decision after proof verification. */
+    decision: Decision;
+    /** Threat score applied to the agent. */
+    threatScore: number;
+    /** Transaction hash. */
+    txHash: string;
+}
+/** Agent trust status. */
+interface AgentStatus {
+    /** Whether the agent is registered. */
+    registered: boolean;
+    /** Whether the agent is active (not frozen). */
+    active: boolean;
+    /** Current trust score (0-100000, EMA smoothed). */
+    trustScore: number;
+    /** Current strike count. */
+    strikes: number;
+    /** Whether the agent is trusted (active + score < threshold + strikes < max). */
+    trusted: boolean;
+}
+/** Firewall SDK configuration. */
+interface FirewallConfig {
+    /** Prover server URL (for /api/v1/classify). */
+    proverUrl: string;
+    /** AgentFirewallZK contract address on Starknet. */
+    firewallContract: string;
+    /** ObelyskVerifier contract address on Starknet. */
+    verifierContract: string;
+    /** Starknet RPC URL. */
+    rpcUrl: string;
+    /** Starknet account for signing transactions. */
+    account?: starknet.Account;
+    /** API key for the prover server (optional). */
+    apiKey?: string;
+}
+
+/**
+ * AgentFirewallSDK — ZKML-powered transaction guardrails for AI agents.
+ *
+ * Wraps the full flow:
+ *   1. Classify transaction via prove-server (/api/v1/classify)
+ *   2. Submit action to AgentFirewallZK contract
+ *   3. Submit ZKML proof to ObelyskVerifier (streaming or recursive)
+ *   4. Resolve action with proven threat score
+ *   5. Query approval status
+ *
+ * @example
+ * ```typescript
+ * import { AgentFirewallSDK } from '@obelyzk/sdk/firewall';
+ *
+ * const firewall = new AgentFirewallSDK({
+ *   proverUrl: 'https://prover.bitsage.network',
+ *   firewallContract: '0x...',
+ *   verifierContract: '0x...',
+ *   rpcUrl: process.env.STARKNET_RPC!,
+ *   account: myAccount,
+ * });
+ *
+ * const result = await firewall.evaluateAction({
+ *   target: '0x1234...',
+ *   value: '1000000000',
+ *   selector: '0xa9059cbb',
+ * });
+ *
+ * if (result.decision === 'approve') {
+ *   // safe to execute
+ * }
+ * ```
+ */
+
+declare class AgentFirewallSDK {
+    private config;
+    private provider;
+    constructor(config: FirewallConfig);
+    /**
+     * Classify a transaction through the ZKML classifier.
+     *
+     * Sends the transaction features to the prove-server, which runs
+     * the MLP classifier and generates a GKR+STARK proof. Returns the
+     * proven threat score and decision.
+     *
+     * Does NOT submit anything on-chain — use `evaluateAction()` for
+     * the full flow including on-chain submission.
+     */
+    classify(tx: TransactionFeatures): Promise<ClassifyResult>;
+    /**
+     * Register a new agent on the firewall contract.
+     * The calling account becomes the agent owner.
+     */
+    registerAgent(agentId: string): Promise<string>;
+    /** Deactivate an agent (owner or contract admin). */
+    deactivateAgent(agentId: string): Promise<string>;
+    /** Reactivate an agent and reset strikes (agent owner only). */
+    reactivateAgent(agentId: string): Promise<string>;
+    /** Get the full status of an agent. */
+    getAgentStatus(agentId: string): Promise<AgentStatus>;
+    /** Check if a specific action has been approved. */
+    isActionApproved(actionId: number): Promise<boolean>;
+    /** Check if an agent is trusted. */
+    isAgentTrusted(agentId: string): Promise<boolean>;
+    private requireAccount;
+}
+
+export { AgentFirewallSDK, type AgentStatus, type ClassifyResult, type Decision, type FirewallConfig, type ResolveResult, type SubmitActionResult, type TransactionFeatures };

package/dist/firewall/index.d.ts

@@ -0,0 +1,166 @@
+import * as starknet from 'starknet';
+
+/**
+ * Types for the ZKML Agent Firewall SDK.
+ *
+ * These types map 1:1 to the Rust classifier and Cairo AgentFirewallZK contract.
+ */
+/** Transaction features sent to the classifier. */
+interface TransactionFeatures {
+    /** Target contract address (hex, 0x-prefixed). */
+    target: string;
+    /** Transaction value (decimal string, u256). */
+    value?: string;
+    /** Function selector (hex, 4 bytes, 0x-prefixed). */
+    selector?: string;
+    /** Calldata (hex, after selector, 0x-prefixed). */
+    calldata?: string;
+    /** Agent's current trust score (0-100000). */
+    agentTrustScore?: number;
+    /** Agent's current strike count. */
+    agentStrikes?: number;
+    /** Agent age in blocks since registration. */
+    agentAgeBlocks?: number;
+    /** Target contract metadata. */
+    targetVerified?: boolean;
+    targetIsProxy?: boolean;
+    targetHasSource?: boolean;
+    targetInteractionCount?: number;
+    /** Behavioral features. */
+    txFrequency?: number;
+    uniqueTargets24h?: number;
+    avgValue24h?: number;
+    maxValue24h?: number;
+}
+/** Classifier decision. */
+type Decision = "approve" | "escalate" | "block";
+/** Result from evaluating a transaction through the ZKML classifier. */
+interface ClassifyResult {
+    /** Unique request ID. */
+    requestId: string;
+    /** Classifier decision. */
+    decision: Decision;
+    /** Threat score (0-100000). */
+    threatScore: number;
+    /** Raw output scores: [safe, suspicious, malicious]. */
+    scores: [number, number, number];
+    /** IO commitment (Poseidon hash of classifier input + output). */
+    ioCommitment: string;
+    /** Policy commitment (strict policy hash). */
+    policyCommitment: string;
+    /** Proving time in milliseconds. */
+    proveTimeMs: number;
+}
+/** Result from submitting an action to the firewall contract. */
+interface SubmitActionResult {
+    /** Action ID assigned by the contract. */
+    actionId: number;
+    /** Transaction hash. */
+    txHash: string;
+}
+/** Result from resolving an action with a verified proof. */
+interface ResolveResult {
+    /** Final decision after proof verification. */
+    decision: Decision;
+    /** Threat score applied to the agent. */
+    threatScore: number;
+    /** Transaction hash. */
+    txHash: string;
+}
+/** Agent trust status. */
+interface AgentStatus {
+    /** Whether the agent is registered. */
+    registered: boolean;
+    /** Whether the agent is active (not frozen). */
+    active: boolean;
+    /** Current trust score (0-100000, EMA smoothed). */
+    trustScore: number;
+    /** Current strike count. */
+    strikes: number;
+    /** Whether the agent is trusted (active + score < threshold + strikes < max). */
+    trusted: boolean;
+}
+/** Firewall SDK configuration. */
+interface FirewallConfig {
+    /** Prover server URL (for /api/v1/classify). */
+    proverUrl: string;
+    /** AgentFirewallZK contract address on Starknet. */
+    firewallContract: string;
+    /** ObelyskVerifier contract address on Starknet. */
+    verifierContract: string;
+    /** Starknet RPC URL. */
+    rpcUrl: string;
+    /** Starknet account for signing transactions. */
+    account?: starknet.Account;
+    /** API key for the prover server (optional). */
+    apiKey?: string;
+}
+
+/**
+ * AgentFirewallSDK — ZKML-powered transaction guardrails for AI agents.
+ *
+ * Wraps the full flow:
+ *   1. Classify transaction via prove-server (/api/v1/classify)
+ *   2. Submit action to AgentFirewallZK contract
+ *   3. Submit ZKML proof to ObelyskVerifier (streaming or recursive)
+ *   4. Resolve action with proven threat score
+ *   5. Query approval status
+ *
+ * @example
+ * ```typescript
+ * import { AgentFirewallSDK } from '@obelyzk/sdk/firewall';
+ *
+ * const firewall = new AgentFirewallSDK({
+ *   proverUrl: 'https://prover.bitsage.network',
+ *   firewallContract: '0x...',
+ *   verifierContract: '0x...',
+ *   rpcUrl: process.env.STARKNET_RPC!,
+ *   account: myAccount,
+ * });
+ *
+ * const result = await firewall.evaluateAction({
+ *   target: '0x1234...',
+ *   value: '1000000000',
+ *   selector: '0xa9059cbb',
+ * });
+ *
+ * if (result.decision === 'approve') {
+ *   // safe to execute
+ * }
+ * ```
+ */
+
+declare class AgentFirewallSDK {
+    private config;
+    private provider;
+    constructor(config: FirewallConfig);
+    /**
+     * Classify a transaction through the ZKML classifier.
+     *
+     * Sends the transaction features to the prove-server, which runs
+     * the MLP classifier and generates a GKR+STARK proof. Returns the
+     * proven threat score and decision.
+     *
+     * Does NOT submit anything on-chain — use `evaluateAction()` for
+     * the full flow including on-chain submission.
+     */
+    classify(tx: TransactionFeatures): Promise<ClassifyResult>;
+    /**
+     * Register a new agent on the firewall contract.
+     * The calling account becomes the agent owner.
+     */
+    registerAgent(agentId: string): Promise<string>;
+    /** Deactivate an agent (owner or contract admin). */
+    deactivateAgent(agentId: string): Promise<string>;
+    /** Reactivate an agent and reset strikes (agent owner only). */
+    reactivateAgent(agentId: string): Promise<string>;
+    /** Get the full status of an agent. */
+    getAgentStatus(agentId: string): Promise<AgentStatus>;
+    /** Check if a specific action has been approved. */
+    isActionApproved(actionId: number): Promise<boolean>;
+    /** Check if an agent is trusted. */
+    isAgentTrusted(agentId: string): Promise<boolean>;
+    private requireAccount;
+}
+
+export { AgentFirewallSDK, type AgentStatus, type ClassifyResult, type Decision, type FirewallConfig, type ResolveResult, type SubmitActionResult, type TransactionFeatures };

package/dist/firewall/index.js

@@ -0,0 +1,232 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/firewall/index.ts
+var firewall_exports = {};
+__export(firewall_exports, {
+  AgentFirewallSDK: () => AgentFirewallSDK
+});
+module.exports = __toCommonJS(firewall_exports);
+
+// src/firewall/client.ts
+var import_starknet = require("starknet");
+var AgentFirewallSDK = class {
+  config;
+  provider;
+  constructor(config) {
+    this.config = config;
+    this.provider = new import_starknet.RpcProvider({ nodeUrl: config.rpcUrl });
+  }
+  // ── Classification ─────────────────────────────────────────────────
+  /**
+   * Classify a transaction through the ZKML classifier.
+   *
+   * Sends the transaction features to the prove-server, which runs
+   * the MLP classifier and generates a GKR+STARK proof. Returns the
+   * proven threat score and decision.
+   *
+   * Does NOT submit anything on-chain — use `evaluateAction()` for
+   * the full flow including on-chain submission.
+   */
+  async classify(tx) {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.config.apiKey) {
+      headers["Authorization"] = `Bearer ${this.config.apiKey}`;
+    }
+    const body = {
+      target: tx.target,
+      value: tx.value || "0",
+      selector: tx.selector || "0x0",
+      calldata: tx.calldata || "0x",
+      agent_trust_score: tx.agentTrustScore || 0,
+      agent_strikes: tx.agentStrikes || 0,
+      agent_age_blocks: tx.agentAgeBlocks || 0,
+      target_verified: tx.targetVerified || false,
+      target_is_proxy: tx.targetIsProxy || false,
+      target_has_source: tx.targetHasSource || false,
+      target_interaction_count: tx.targetInteractionCount || 0,
+      tx_frequency: tx.txFrequency || 0,
+      unique_targets_24h: tx.uniqueTargets24h || 0,
+      avg_value_24h: tx.avgValue24h || 0,
+      max_value_24h: tx.maxValue24h || 0
+    };
+    const response = await fetch(`${this.config.proverUrl}/api/v1/classify`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: response.statusText }));
+      throw new Error(`Classification failed (${response.status}): ${error.error || response.statusText}`);
+    }
+    const data = await response.json();
+    return {
+      requestId: data.request_id,
+      decision: data.decision,
+      threatScore: data.threat_score,
+      scores: data.scores,
+      ioCommitment: data.io_commitment,
+      policyCommitment: data.policy_commitment,
+      proveTimeMs: data.prove_time_ms
+    };
+  }
+  // ── Agent Management ───────────────────────────────────────────────
+  /**
+   * Register a new agent on the firewall contract.
+   * The calling account becomes the agent owner.
+   */
+  async registerAgent(agentId) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "register_agent",
+      calldata: import_starknet.CallData.compile({ agent_id: agentId })
+    });
+    await this.provider.waitForTransaction(tx.transaction_hash);
+    return tx.transaction_hash;
+  }
+  /** Deactivate an agent (owner or contract admin). */
+  async deactivateAgent(agentId) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "deactivate_agent",
+      calldata: import_starknet.CallData.compile({ agent_id: agentId })
+    });
+    await this.provider.waitForTransaction(tx.transaction_hash);
+    return tx.transaction_hash;
+  }
+  /** Reactivate an agent and reset strikes (agent owner only). */
+  async reactivateAgent(agentId) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "reactivate_agent",
+      calldata: import_starknet.CallData.compile({ agent_id: agentId })
+    });
+    await this.provider.waitForTransaction(tx.transaction_hash);
+    return tx.transaction_hash;
+  }
+  // ── Queries ────────────────────────────────────────────────────────
+  /** Get the full status of an agent. */
+  async getAgentStatus(agentId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    const [registered, active, trustScore, strikes, trusted] = await Promise.all([
+      contract.is_agent_registered(agentId),
+      contract.is_agent_active(agentId),
+      contract.get_trust_score(agentId),
+      contract.get_strikes(agentId),
+      contract.is_trusted(agentId)
+    ]);
+    return {
+      registered,
+      active,
+      trustScore: Number(trustScore),
+      strikes: Number(strikes),
+      trusted
+    };
+  }
+  /** Check if a specific action has been approved. */
+  async isActionApproved(actionId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    return contract.is_action_approved(actionId);
+  }
+  /** Check if an agent is trusted. */
+  async isAgentTrusted(agentId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    return contract.is_trusted(agentId);
+  }
+  // ── Helpers ────────────────────────────────────────────────────────
+  requireAccount() {
+    if (!this.config.account) {
+      throw new Error(
+        "Account required for write operations. Pass `account` in FirewallConfig."
+      );
+    }
+  }
+};
+var FIREWALL_ABI = [
+  {
+    name: "is_agent_registered",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "is_agent_active",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_trust_score",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_strikes",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "is_trusted",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "is_action_approved",
+    type: "function",
+    inputs: [{ name: "action_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_action_decision",
+    type: "function",
+    inputs: [{ name: "action_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  }
+];
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AgentFirewallSDK
+});

package/dist/firewall/index.mjs

@@ -0,0 +1,7 @@
+import {
+  AgentFirewallSDK
+} from "../chunk-BHUXKNDT.mjs";
+import "../chunk-Y6FXYEAI.mjs";
+export {
+  AgentFirewallSDK
+};

package/dist/index.d.mts

@@ -1,6 +1,8 @@
 import { W as WsConfig, a as WebSocketClient, b as WsEvent, P as PrivacyKeyPair, E as ECPoint, c as ElGamalCiphertext, A as AEHint, d as EncryptedBalance, S as SchnorrProof, T as TransferProof } from './tee-CiR0hpfm.mjs';
 export { cv as AccountHints, cz as AuditReport, ag as BatchClient, aS as BatchJobResponse, aV as BatchOperation, aU as BatchOperationType, bZ as BatchStatus, aT as BatchStatusResponse, aX as BatchVerifyRequest, aY as BatchVerifyResponse, B as BitSageClient, bH as BurnEvent, au as CAPABILITY_FLAGS, c6 as ChallengeParams, c7 as ChallengeStatus, cL as CheckpointStatus, C as ClientConfig, c4 as CompressedProof, c3 as CompressionStats, cK as ComputeCheckpoint, I as ContractClient, _ as ContractConfig, aa as ContractRegistry, bN as CreateProposalParams, co as DAILY_CAPS, D as DEFAULT_CONFIG, K as DEFAULT_CONTRACT_CONFIG, cP as DEFAULT_DISCOUNT_TIERS, cQ as DEFAULT_FEE_DISTRIBUTION, y as DEFAULT_HTTP_CONFIG, z as DEFAULT_WS_CONFIG, bs as DKGShare, ch as DailyStats, ae as DashboardClient, bP as DelegationInfo, cD as DiscountTiers, b7 as DisputeRecord, cR as DisputeStatus, bI as EcosystemEmissionStatus, c5 as EnclaveInfo, cT as ExecutionMetrics, ab as ExternalTokens, v as FaucetClaimResponse, F as FaucetStatus, cE as FeeDistribution, az as GOVERNANCE_CONFIG, cp as GPU_MULTIPLIERS, aW as GasEstimate, ax as GovernanceClient, bx as GovernanceClientConfig, bB as GovernanceProposal, bC as GovernanceRights, bD as GovernanceStats, by as GovernanceTransactionResult, ce as GpuAttestation, aI as GpuMetrics, aJ as GpuMetricsResponse, bY as GpuTeeProofParams, G as GpuTier, cq as HALVENING_SCHEDULE, aL as HistoryPeriod, b2 as HolderTier, H as HttpClient, U as HttpConfig, aO as JobAnalytics, J as JobId, cH as JobPaymentRecord, t as JobResult, i as JobStatus, s as JobStatusResponse, h as JobType, V as JobUpdateEvent, a3 as LOCAL_CONTRACTS, bg as LeaderboardEntry, bf as LeaderboardMetric, L as ListJobsParams, u as ListJobsResponse, a2 as MAINNET_CONTRACTS, a7 as MAINNET_TOKENS, ai as MAX_BATCH_SIZE, an as MIN_STAKE, bK as MilestoneStatus, ac as MiningClient, aF as MiningClientConfig, ck as MiningConfig, cm as MiningGpuTier, cj as MiningPoolStatus, bq as MixingOutput, bp as MixingTransaction, cy as MultiAssetBalance, bu as MultiAssetBalances, N as Network, o as NetworkStats, Y as NetworkStatsEvent, aR as NetworkWorkersResponse, cF as OTCConfig, a9 as PRAGMA_ORACLE, cC as PaymentQuote, cG as PaymentStats, cI as PaymentStatus, cB as PaymentToken, aj as PaymentsClient, aZ as PaymentsClientConfig, bM as PendingTransfer, be as PerformanceData, bE as PoolBalances, bk as PrivacyAsset, av as PrivacyClient, bi as PrivacyClientConfig, cM as PrivacyCreditDeposit, cN as PrivacyCreditUsage, bj as PrivacyTransactionResult, bl as PrivateAccount, bv as PrivateSwapParams, bm as PrivateTransferParams, bn as PrivateTransferWithAuditParams, cA as PrivateWorkerPayment, n as ProofDetails, b_ as ProofJobSpec, bX as ProofMetadata, c0 as ProofPriority, bU as ProofSource, c1 as ProofSubmission, b$ as ProofType, k as ProofVerificationStatus, Z as ProofVerifiedEvent, bz as ProposalStatus, bA as ProposalType, c2 as ProverMetrics, br as RagequitProof, bL as RateLimitInfo, aP as RecentJob, bh as RegisterWorkerParams, aM as RewardHistoryEntry, aN as RewardHistoryResponse, cl as RewardResult, aK as RewardsInfo, cw as RingMember, cx as RingSignature, a1 as SEPOLIA_CONTRACTS, a6 as SEPOLIA_TOKENS, ao as SLASH_PERCENTAGES, cn as STAKE_TIER_THRESHOLDS, cu as SameEncryption3Proof, e as SdkError, bG as SecurityBudget, b3 as SlashReason, b6 as SlashRecord, p as StakeInfo, cg as StakeTier, al as StakingClient, a_ as StakingClientConfig, b5 as StakingConfig, a$ as StakingTransactionResult, bw as StealthAddress, bo as SteganographicTransaction, aA as StwoClient, bR as StwoClientConfig, bV as StwoTeeType, bS as StwoTransactionResult, q as SubmitJobRequest, r as SubmitJobResponse, bW as TeeAttestation, cc as TeeChallengeParams, cd as TeeChallengeStatus, aD as TeeClient, c8 as TeeClientConfig, cb as TeeJobResult, cS as TeeQuote, ca as TeeResultParams, c9 as TeeTransactionResult, b0 as TeeType, bt as ThresholdDecryptionRequest, bJ as TokenFlowSummary, $ as TransactionReceipt, cO as TransactionResult, a0 as TxStatus, ap as UNSTAKE_LOCKUP_SECS, b9 as UnstakeRequest, aC as VERIFICATION_CONFIG, aG as ValidatorStatus, aH as ValidatorStatusResponse, cJ as VerificationSource, bT as VerificationStatus, bF as VestingStatus, bO as VoteDirection, bQ as VoterInfo, f as WalletConfig, l as WorkerCapabilities, bc as WorkerCapabilitiesExtended, g as WorkerId, m as WorkerInfo, ci as WorkerMiningStats, bd as WorkerProfile, b4 as WorkerStake, j as WorkerStatus, aQ as WorkerSummary, cf as WorkerTeeStatus, b1 as WorkerTier, b8 as WorkerTierBenefits, X as WorkerUpdateEvent, as as WorkersClient, ba as WorkersClientConfig, bb as WorkersTransactionResult, ah as createBatchClient, af as createDashboardClient, ay as createGovernanceClient, ad as createMiningClient, ak as createPaymentsClient, aw as createPrivacyClient, am as createStakingClient, aB as createStwoClient, aE as createTeeClient, at as createWorkersClient, O as fromFelt, a4 as getContractsForNetwork, cs as getDailyCapForTier, ct as getGpuMultiplier, x as getGpuTier, w as getMinStake, ar as getMinStakeForTier, cr as getStakeTierFromAmount, a8 as getTokensForNetwork, a5 as isContractConfigured, aq as isWorkerEligible, R as joinU256, Q as splitU256, M as toFelt } from './tee-CiR0hpfm.mjs';
+export { AgentFirewallSDK, AgentStatus, ClassifyResult, Decision, FirewallConfig, TransactionFeatures } from './firewall/index.mjs';
 export { AssetId, BalanceProof, CURVE_ORDER, ConfidentialOrder, ConfidentialSwapClient, ConfidentialSwapConfig, CreateOrderRequest, CreateOrderResponse, ElGamalKeyPair, FIELD_PRIME, GENERATOR_G, GENERATOR_H, ElGamalCiphertext as ObelyskCiphertext, EncryptionProof as ObelyskEncryptionProof, default as ObelyskPrivacy, RangeProof, RateProof, SwapHistoryEntry, SwapProofBundle, TakeOrderResponse, addMod, ecAdd, ecDouble, ecMul, invMod, isIdentity, mulMod, poseidonHash, powMod, randomScalar, subMod } from './privacy/index.mjs';
+import 'starknet';
 
 /**
  * WebSocket Module
@@ -400,7 +402,7 @@ declare function verifyTransferProof(proof: TransferProof, senderPublicKey: ECPo
  *
  * @example
  * ```typescript
- * import { createStwoProverClient } from '@bitsage/sdk';
+ * import { createStwoProverClient } from '@obelyzk/sdk';
  *
  * const prover = createStwoProverClient({
  *   baseUrl: 'https://prover.bitsage.network',
@@ -724,13 +726,17 @@ declare class StwoProverClient {
 declare function createStwoProverClient(config?: Partial<StwoProverConfig>): StwoProverClient;
 interface ZkmlLoadModelRequest {
     /** Path to ONNX model on the prover server filesystem */
-    modelPath: string;
+    modelPath?: string;
+    /** Path to HuggingFace model directory on the prover */
+    model_dir?: string;
     /** Optional description for on-chain registration */
     description?: string;
 }
 interface ZkmlModelInfo {
     /** Model identifier (hex) */
     modelId: string;
+    /** Human-readable model name (e.g., "smollm2-135m") */
+    name: string;
     /** Poseidon hash of weight matrices (hex) */
     weightCommitment: string;
     /** Number of model layers */
@@ -739,7 +745,7 @@ interface ZkmlModelInfo {
     inputShape: [number, number];
 }
 interface ZkmlProveRequest {
-    /** Model ID (must be loaded first) */
+    /** Model ID or name (e.g., "smollm2-135m" or "0x1cb4f9...") */
     modelId: string;
     /** Flat array of f32 input values (optional — random if omitted) */
     input?: number[];
@@ -781,7 +787,9 @@ interface ZkmlProveResult {
 }
 declare module './stwo-prover' {
     interface StwoProverClient {
-        /** Load an ONNX model on the prover server */
+        /** List all loaded models on the prover */
+        listZkmlModels(): Promise<ZkmlModelInfo[]>;
+        /** Load a model on the prover server (ONNX or HuggingFace) */
         loadZkmlModel(req: ZkmlLoadModelRequest): Promise<ZkmlModelInfo>;
         /** Submit a ZKML proving job (returns immediately with job_id) */
         submitZkmlProve(req: ZkmlProveRequest): Promise<{
@@ -798,8 +806,46 @@ declare module './stwo-prover' {
             timeoutMs?: number;
             onProgress?: (status: ZkmlProveStatus) => void;
         }): Promise<ZkmlProveResult>;
+        /** Full attestation: prove + on-chain verification in one call */
+        attest(req: ZkmlAttestRequest): Promise<ZkmlAttestResult>;
     }
 }
+interface ZkmlAttestRequest {
+    /** Model name or hex ID */
+    modelId: string;
+    /** Flat input array */
+    input: number[];
+    /** GPU acceleration (default: true) */
+    gpu?: boolean;
+    /** Submit on-chain (default: true) */
+    submitOnchain?: boolean;
+}
+interface ZkmlAttestResult {
+    /** Proof identifier */
+    proofId: string;
+    /** IO commitment (Poseidon hash of inputs + outputs) */
+    ioCommitment: string;
+    /** Weight commitment (Poseidon Merkle root of all weights) */
+    weightCommitment: string;
+    /** Number of computation nodes proven */
+    numProvenLayers: number;
+    /** Proof generation time in ms */
+    proveTimeMs: number;
+    /** Number of calldata felts */
+    calldataFelts: number;
+    /** Estimated gas for on-chain verification */
+    estimatedGas: number;
+    /** On-chain verification status */
+    onchain: {
+        submitted: boolean;
+        txHashes: string[];
+        network: string;
+        contract: string;
+        verified: boolean;
+        explorerUrl: string | null;
+        error: string | null;
+    };
+}
 declare const PROOF_TYPES: {
     BATCH_PAYMENTS: ProofType;
     AI_INFERENCE: ProofType;