@obelyzk/sdk 1.4.0 → 1.6.0

package/dist/firewall/index.js

@@ -20,7 +20,10 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/firewall/index.ts
 var firewall_exports = {};
 __export(firewall_exports, {
-  AgentFirewallSDK: () => AgentFirewallSDK
+  AgentFirewallSDK: () => AgentFirewallSDK,
+  CiroClient: () => CiroClient,
+  PolicyEnforcer: () => PolicyEnforcer,
+  createPolicyEnforcer: () => createPolicyEnforcer
 });
 module.exports = __toCommonJS(firewall_exports);
 
@@ -166,6 +169,124 @@ var AgentFirewallSDK = class {
     );
     return contract.is_trusted(agentId);
   }
+  /** Get the decision for an action (0=pending, 1=approved, 2=escalated, 3=blocked). */
+  async getActionDecision(actionId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    return Number(await contract.get_action_decision(actionId));
+  }
+  /** Get the threat score for a resolved action. */
+  async getActionThreatScore(actionId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    return Number(await contract.get_action_threat_score(actionId));
+  }
+  /** Get the IO commitment for an action. */
+  async getActionIoCommitment(actionId) {
+    const contract = new import_starknet.Contract(
+      FIREWALL_ABI,
+      this.config.firewallContract,
+      this.provider
+    );
+    const result = await contract.get_action_io_commitment(actionId);
+    return `0x${BigInt(result).toString(16)}`;
+  }
+  // ── On-Chain Actions ────────────────────────────────────────────────
+  /**
+   * Submit a pending action to the firewall contract.
+   * Returns the action_id assigned by the contract.
+   */
+  async submitAction(agentId, target, value, selector, ioCommitment) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "submit_action",
+      calldata: import_starknet.CallData.compile({
+        agent_id: agentId,
+        target,
+        value,
+        selector,
+        io_commitment: ioCommitment
+      })
+    });
+    const receipt = await this.provider.waitForTransaction(tx.transaction_hash);
+    let actionId = 0;
+    const events = receipt.events;
+    if (Array.isArray(events)) {
+      for (const event of events) {
+        if (event.data && event.data.length >= 2) {
+          const candidateId = Number(BigInt(event.data[0]));
+          if (candidateId > 0) {
+            actionId = candidateId;
+            break;
+          }
+        }
+      }
+    }
+    return { actionId, txHash: tx.transaction_hash };
+  }
+  /**
+   * Resolve a pending action with a verified ZKML proof.
+   * The proof must already be verified on the ObelyskVerifier contract.
+   */
+  async resolveAction(actionId, proofHash, originalIoLen, packedRawIo) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "resolve_action_with_proof",
+      calldata: import_starknet.CallData.compile({
+        action_id: actionId,
+        proof_hash: proofHash,
+        original_io_len: originalIoLen,
+        packed_raw_io: packedRawIo
+      })
+    });
+    const receipt = await this.provider.waitForTransaction(tx.transaction_hash);
+    let decision = "approve";
+    let threatScore = 0;
+    const resolveEvents = receipt.events;
+    if (Array.isArray(resolveEvents)) {
+      for (const event of resolveEvents) {
+        if (event.data && event.data.length >= 4) {
+          const decisionCode = Number(BigInt(event.data[2]));
+          threatScore = Number(BigInt(event.data[3]));
+          if (decisionCode === 1) decision = "approve";
+          else if (decisionCode === 2) decision = "escalate";
+          else if (decisionCode === 3) decision = "block";
+          break;
+        }
+      }
+    }
+    return { decision, threatScore, txHash: tx.transaction_hash };
+  }
+  /** Approve an escalated action (human-in-the-loop). */
+  async approveEscalated(actionId) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "approve_escalated",
+      calldata: import_starknet.CallData.compile({ action_id: actionId })
+    });
+    await this.provider.waitForTransaction(tx.transaction_hash);
+    return tx.transaction_hash;
+  }
+  /** Reject an escalated action and add a strike. */
+  async rejectEscalated(actionId) {
+    this.requireAccount();
+    const tx = await this.config.account.execute({
+      contractAddress: this.config.firewallContract,
+      entrypoint: "reject_escalated",
+      calldata: import_starknet.CallData.compile({ action_id: actionId })
+    });
+    await this.provider.waitForTransaction(tx.transaction_hash);
+    return tx.transaction_hash;
+  }
   // ── Helpers ────────────────────────────────────────────────────────
   requireAccount() {
     if (!this.config.account) {
@@ -224,9 +345,365 @@ var FIREWALL_ABI = [
     inputs: [{ name: "action_id", type: "felt" }],
     outputs: [{ type: "felt" }],
     state_mutability: "view"
+  },
+  {
+    name: "get_action_threat_score",
+    type: "function",
+    inputs: [{ name: "action_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_action_io_commitment",
+    type: "function",
+    inputs: [{ name: "action_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_owner",
+    type: "function",
+    inputs: [],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_verifier",
+    type: "function",
+    inputs: [],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_classifier_model_id",
+    type: "function",
+    inputs: [],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_thresholds",
+    type: "function",
+    inputs: [],
+    outputs: [{ type: "felt" }, { type: "felt" }, { type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_agent_owner",
+    type: "function",
+    inputs: [{ name: "agent_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "get_action_agent",
+    type: "function",
+    inputs: [{ name: "action_id", type: "felt" }],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
+  },
+  {
+    name: "is_paused",
+    type: "function",
+    inputs: [],
+    outputs: [{ type: "felt" }],
+    state_mutability: "view"
   }
 ];
+
+// src/firewall/middleware.ts
+function createPolicyEnforcer(config) {
+  return new PolicyEnforcer(config);
+}
+var PolicyEnforcer = class {
+  sdk;
+  config;
+  blockThreshold;
+  escalateThreshold;
+  constructor(config) {
+    this.config = config;
+    this.blockThreshold = config.blockThreshold ?? 7e4;
+    this.escalateThreshold = config.escalateThreshold ?? 4e4;
+    this.sdk = new AgentFirewallSDK({
+      proverUrl: config.proverUrl,
+      firewallContract: config.firewallContract ?? "",
+      verifierContract: config.verifierContract ?? "",
+      rpcUrl: config.rpcUrl ?? "https://starknet-sepolia.public.blastapi.io",
+      apiKey: config.apiKey
+    });
+  }
+  /**
+   * Check whether an action should be allowed.
+   * Calls the ZKML classifier and returns a structured decision.
+   */
+  async checkAction(tx) {
+    const result = await this.sdk.classify(tx);
+    const allowed = result.decision === "approve";
+    let reason;
+    switch (result.decision) {
+      case "approve":
+        reason = `Approved: threat_score=${result.threatScore}`;
+        break;
+      case "escalate":
+        reason = `Escalated: threat_score=${result.threatScore}. Requires human approval.`;
+        break;
+      case "block":
+        reason = `Blocked: threat_score=${result.threatScore}. Action rejected by ZKML classifier.`;
+        break;
+    }
+    return {
+      allowed,
+      decision: result.decision,
+      threatScore: result.threatScore,
+      reason,
+      ioCommitment: result.ioCommitment,
+      policyCommitment: result.policyCommitment,
+      proveTimeMs: result.proveTimeMs
+    };
+  }
+  /**
+   * Check if a Bash command contains an on-chain transaction pattern.
+   * Returns the target address if found, null otherwise.
+   */
+  extractTarget(command) {
+    if (!/(?:starkli|sncast)\s+(?:invoke|deploy)/.test(command) && !/(?:cast\s+send|transfer|approve)/.test(command)) {
+      return null;
+    }
+    const match = command.match(/0x[0-9a-fA-F]{10,66}/);
+    return match ? match[0] : null;
+  }
+  /**
+   * Build a canUseTool callback for the Claude Agent SDK.
+   *
+   * Returns an async function that:
+   * - Auto-allows ObelyZK policy tools
+   * - Auto-allows safe read-only tools (Read, Glob, Grep)
+   * - Classifies Bash commands containing on-chain transactions
+   * - Blocks everything else
+   */
+  buildCanUseTool() {
+    return async (tool, input) => {
+      if (tool.startsWith("mcp__obelyzk-policy__")) {
+        return { approved: true };
+      }
+      const safeTools = ["Read", "Glob", "Grep", "Bash"];
+      if (!safeTools.includes(tool)) {
+        return {
+          approved: false,
+          reason: `Tool '${tool}' not in allowlist. Only safe tools and ObelyZK policy tools are allowed.`
+        };
+      }
+      if (tool === "Bash") {
+        const command = input.command || "";
+        const target = this.extractTarget(command);
+        if (target) {
+          const check = await this.checkAction({ target });
+          if (!check.allowed) {
+            return { approved: false, reason: check.reason };
+          }
+        }
+      }
+      return { approved: true };
+    };
+  }
+  /**
+   * Get the MCP server configuration for .claude/settings.json
+   * or Claude Agent SDK's mcpServers option.
+   */
+  getMcpServerConfig() {
+    const mcpPath = this.config.mcpServerPath ?? "./node_modules/@obelyzk/sdk/src/mcp-policy/index.ts";
+    return {
+      "obelyzk-policy": {
+        command: "npx",
+        args: ["ts-node", mcpPath],
+        env: {
+          PROVER_URL: this.config.proverUrl,
+          STARKNET_RPC: this.config.rpcUrl ?? "",
+          FIREWALL_CONTRACT: this.config.firewallContract ?? "",
+          VERIFIER_CONTRACT: this.config.verifierContract ?? "",
+          PROVER_API_KEY: this.config.apiKey ?? ""
+        }
+      }
+    };
+  }
+  /**
+   * Get the list of allowed tools for Claude Agent SDK.
+   * Includes safe read-only tools and all ObelyZK policy tools.
+   */
+  getAllowedTools() {
+    return [
+      "Read",
+      "Glob",
+      "Grep",
+      "Bash",
+      "mcp__obelyzk-policy__obelyzk_classify",
+      "mcp__obelyzk-policy__obelyzk_agent_status",
+      "mcp__obelyzk-policy__obelyzk_check_action",
+      "mcp__obelyzk-policy__obelyzk_health",
+      "mcp__obelyzk-policy__obelyzk_get_policy",
+      "mcp__obelyzk-policy__obelyzk_list_models",
+      "mcp__obelyzk-policy__obelyzk_verify_proof",
+      "mcp__obelyzk-policy__obelyzk_register_agent",
+      "mcp__obelyzk-policy__obelyzk_submit_action",
+      "mcp__obelyzk-policy__obelyzk_resolve_action",
+      "mcp__obelyzk-policy__obelyzk_approve_escalated",
+      "mcp__obelyzk-policy__obelyzk_reject_escalated"
+    ];
+  }
+  /** Get the underlying AgentFirewallSDK for advanced use. */
+  getSDK() {
+    return this.sdk;
+  }
+};
+
+// src/firewall/ciro.ts
+var CiroClient = class {
+  baseUrl;
+  apiKey;
+  org;
+  timeout;
+  constructor(config) {
+    this.baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this.apiKey = config.apiKey;
+    this.org = config.org ?? "obelyzk";
+    this.timeout = config.timeout ?? 1e4;
+  }
+  get apiBase() {
+    return `${this.baseUrl}/api/v1/blockchain`;
+  }
+  async request(method, path, body) {
+    const url = `${this.apiBase}${path}`;
+    const headers = {
+      Authorization: `Bearer ${this.apiKey}`,
+      "Content-Type": "application/json",
+      "X-Client": "obelyzk-sdk/1.0"
+    };
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : void 0,
+        signal: controller.signal
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: response.statusText }));
+        throw new Error(
+          `CIRO API error (${response.status}): ${error.error || response.statusText}`
+        );
+      }
+      return await response.json();
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  /**
+   * Enrich a transaction with CIRO intelligence.
+   * Returns target risk, sanctions status, Forta alerts, and behavioral context.
+   */
+  async enrichTransaction(params) {
+    const raw = await this.request(
+      "POST",
+      "/transactions/enrich",
+      {
+        target: params.target,
+        sender: params.sender,
+        value: params.value ?? "0",
+        selector: params.selector ?? "0x0",
+        chain: "starknet"
+      }
+    );
+    return {
+      targetRisk: raw.target_risk ?? "unknown",
+      targetRiskScore: raw.target_risk_score ?? 0,
+      targetVerified: raw.target_verified ?? false,
+      targetIsProxy: raw.target_is_proxy ?? false,
+      targetHasSource: raw.target_has_source ?? false,
+      targetInteractionCount: raw.target_interaction_count ?? 0,
+      targetUniqueCallers: raw.target_unique_callers ?? 0,
+      targetFirstSeenBlocksAgo: raw.target_first_seen_blocks_ago ?? 0,
+      isSanctioned: raw.is_sanctioned ?? false,
+      sanctionLists: raw.sanction_lists ?? [],
+      fortaAlerts24h: raw.forta_alerts_24h ?? 0,
+      fortaSeverityMax: raw.forta_severity_max ?? null,
+      senderTxFrequency: raw.sender_tx_frequency ?? 0,
+      senderUniqueTargets24h: raw.sender_unique_targets_24h ?? 0,
+      senderAvgValue24h: raw.sender_avg_value_24h ?? 0,
+      senderMaxValue24h: raw.sender_max_value_24h ?? 0,
+      senderAgeBlocks: raw.sender_age_blocks ?? 0,
+      dataFreshnessS: raw.data_freshness_s ?? 0,
+      enrichmentTimeMs: raw.enrichment_time_ms ?? 0
+    };
+  }
+  /**
+   * Get risk assessment for a specific address.
+   */
+  async getAddressRisk(address) {
+    const raw = await this.request(
+      "GET",
+      `/addresses/${address}/risk`
+    );
+    return {
+      address: raw.address ?? address,
+      chain: raw.chain ?? "starknet",
+      riskLevel: raw.risk ?? "unknown",
+      riskScore: raw.risk_score ?? 0,
+      isContract: raw.is_contract ?? false,
+      isVerified: raw.is_verified ?? false,
+      isProxy: raw.is_proxy ?? false,
+      isSanctioned: raw.is_sanctioned ?? false,
+      sanctionLists: raw.sanction_lists ?? [],
+      fortaAlertsCount: raw.forta_alerts_count ?? 0,
+      knownExploitInvolvement: raw.known_exploit_involvement ?? false,
+      exploitNames: raw.exploit_names ?? [],
+      totalTxCount: raw.total_tx_count ?? 0,
+      clusterSize: raw.cluster_size ?? 0
+    };
+  }
+  /**
+   * Get recent alerts from CIRO's detection pipeline.
+   */
+  async getRecentAlerts(params) {
+    const query = new URLSearchParams();
+    if (params?.severity) query.set("severity", params.severity);
+    if (params?.limit) query.set("limit", String(params.limit));
+    const queryStr = query.toString();
+    const path = `/alerts/recent${queryStr ? `?${queryStr}` : ""}`;
+    const raw = await this.request("GET", path);
+    const alerts = raw.alerts ?? [];
+    return alerts.map((a) => ({
+      alertId: a.alert_id ?? "",
+      source: a.source ?? "",
+      severity: a.severity ?? "INFO",
+      chain: a.chain ?? "starknet",
+      timestamp: a.timestamp ?? "",
+      addresses: a.addresses ?? [],
+      txHash: a.tx_hash ?? null,
+      name: a.name ?? "",
+      description: a.description ?? ""
+    }));
+  }
+  /**
+   * Get data lake statistics.
+   */
+  async getStats() {
+    const raw = await this.request("GET", "/stats");
+    return {
+      totalTransactions: raw.total_transactions ?? 0,
+      labeledTransactions: raw.labeled_transactions ?? 0,
+      labelDistribution: raw.label_distribution ?? {},
+      lastUpdated: raw.last_updated ?? "",
+      fortaBotsActive: raw.forta_bots_active ?? 0,
+      addressesIndexed: raw.addresses_indexed ?? 0,
+      sanctionedAddresses: raw.sanctioned_addresses ?? 0
+    };
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  AgentFirewallSDK
+  AgentFirewallSDK,
+  CiroClient,
+  PolicyEnforcer,
+  createPolicyEnforcer
 });

package/dist/firewall/index.mjs

@@ -1,7 +1,15 @@
 import {
-  AgentFirewallSDK
-} from "../chunk-BHUXKNDT.mjs";
-import "../chunk-Y6FXYEAI.mjs";
+  PolicyEnforcer,
+  createPolicyEnforcer
+} from "../chunk-DGYMDV5X.mjs";
+import {
+  AgentFirewallSDK,
+  CiroClient
+} from "../chunk-Y4PBMUWM.mjs";
+import "../chunk-XGB3TDIC.mjs";
 export {
-  AgentFirewallSDK
+  AgentFirewallSDK,
+  CiroClient,
+  PolicyEnforcer,
+  createPolicyEnforcer
 };

package/dist/index.d.mts

@@ -1,6 +1,6 @@
 import { W as WsConfig, a as WebSocketClient, b as WsEvent, P as PrivacyKeyPair, E as ECPoint, c as ElGamalCiphertext, A as AEHint, d as EncryptedBalance, S as SchnorrProof, T as TransferProof } from './tee-CiR0hpfm.mjs';
 export { cv as AccountHints, cz as AuditReport, ag as BatchClient, aS as BatchJobResponse, aV as BatchOperation, aU as BatchOperationType, bZ as BatchStatus, aT as BatchStatusResponse, aX as BatchVerifyRequest, aY as BatchVerifyResponse, B as BitSageClient, bH as BurnEvent, au as CAPABILITY_FLAGS, c6 as ChallengeParams, c7 as ChallengeStatus, cL as CheckpointStatus, C as ClientConfig, c4 as CompressedProof, c3 as CompressionStats, cK as ComputeCheckpoint, I as ContractClient, _ as ContractConfig, aa as ContractRegistry, bN as CreateProposalParams, co as DAILY_CAPS, D as DEFAULT_CONFIG, K as DEFAULT_CONTRACT_CONFIG, cP as DEFAULT_DISCOUNT_TIERS, cQ as DEFAULT_FEE_DISTRIBUTION, y as DEFAULT_HTTP_CONFIG, z as DEFAULT_WS_CONFIG, bs as DKGShare, ch as DailyStats, ae as DashboardClient, bP as DelegationInfo, cD as DiscountTiers, b7 as DisputeRecord, cR as DisputeStatus, bI as EcosystemEmissionStatus, c5 as EnclaveInfo, cT as ExecutionMetrics, ab as ExternalTokens, v as FaucetClaimResponse, F as FaucetStatus, cE as FeeDistribution, az as GOVERNANCE_CONFIG, cp as GPU_MULTIPLIERS, aW as GasEstimate, ax as GovernanceClient, bx as GovernanceClientConfig, bB as GovernanceProposal, bC as GovernanceRights, bD as GovernanceStats, by as GovernanceTransactionResult, ce as GpuAttestation, aI as GpuMetrics, aJ as GpuMetricsResponse, bY as GpuTeeProofParams, G as GpuTier, cq as HALVENING_SCHEDULE, aL as HistoryPeriod, b2 as HolderTier, H as HttpClient, U as HttpConfig, aO as JobAnalytics, J as JobId, cH as JobPaymentRecord, t as JobResult, i as JobStatus, s as JobStatusResponse, h as JobType, V as JobUpdateEvent, a3 as LOCAL_CONTRACTS, bg as LeaderboardEntry, bf as LeaderboardMetric, L as ListJobsParams, u as ListJobsResponse, a2 as MAINNET_CONTRACTS, a7 as MAINNET_TOKENS, ai as MAX_BATCH_SIZE, an as MIN_STAKE, bK as MilestoneStatus, ac as MiningClient, aF as MiningClientConfig, ck as MiningConfig, cm as MiningGpuTier, cj as MiningPoolStatus, bq as MixingOutput, bp as MixingTransaction, cy as MultiAssetBalance, bu as MultiAssetBalances, N as Network, o as NetworkStats, Y as NetworkStatsEvent, aR as NetworkWorkersResponse, cF as OTCConfig, a9 as PRAGMA_ORACLE, cC as PaymentQuote, cG as PaymentStats, cI as PaymentStatus, cB as PaymentToken, aj as PaymentsClient, aZ as PaymentsClientConfig, bM as PendingTransfer, be as PerformanceData, bE as PoolBalances, bk as PrivacyAsset, av as PrivacyClient, bi as PrivacyClientConfig, cM as PrivacyCreditDeposit, cN as PrivacyCreditUsage, bj as PrivacyTransactionResult, bl as PrivateAccount, bv as PrivateSwapParams, bm as PrivateTransferParams, bn as PrivateTransferWithAuditParams, cA as PrivateWorkerPayment, n as ProofDetails, b_ as ProofJobSpec, bX as ProofMetadata, c0 as ProofPriority, bU as ProofSource, c1 as ProofSubmission, b$ as ProofType, k as ProofVerificationStatus, Z as ProofVerifiedEvent, bz as ProposalStatus, bA as ProposalType, c2 as ProverMetrics, br as RagequitProof, bL as RateLimitInfo, aP as RecentJob, bh as RegisterWorkerParams, aM as RewardHistoryEntry, aN as RewardHistoryResponse, cl as RewardResult, aK as RewardsInfo, cw as RingMember, cx as RingSignature, a1 as SEPOLIA_CONTRACTS, a6 as SEPOLIA_TOKENS, ao as SLASH_PERCENTAGES, cn as STAKE_TIER_THRESHOLDS, cu as SameEncryption3Proof, e as SdkError, bG as SecurityBudget, b3 as SlashReason, b6 as SlashRecord, p as StakeInfo, cg as StakeTier, al as StakingClient, a_ as StakingClientConfig, b5 as StakingConfig, a$ as StakingTransactionResult, bw as StealthAddress, bo as SteganographicTransaction, aA as StwoClient, bR as StwoClientConfig, bV as StwoTeeType, bS as StwoTransactionResult, q as SubmitJobRequest, r as SubmitJobResponse, bW as TeeAttestation, cc as TeeChallengeParams, cd as TeeChallengeStatus, aD as TeeClient, c8 as TeeClientConfig, cb as TeeJobResult, cS as TeeQuote, ca as TeeResultParams, c9 as TeeTransactionResult, b0 as TeeType, bt as ThresholdDecryptionRequest, bJ as TokenFlowSummary, $ as TransactionReceipt, cO as TransactionResult, a0 as TxStatus, ap as UNSTAKE_LOCKUP_SECS, b9 as UnstakeRequest, aC as VERIFICATION_CONFIG, aG as ValidatorStatus, aH as ValidatorStatusResponse, cJ as VerificationSource, bT as VerificationStatus, bF as VestingStatus, bO as VoteDirection, bQ as VoterInfo, f as WalletConfig, l as WorkerCapabilities, bc as WorkerCapabilitiesExtended, g as WorkerId, m as WorkerInfo, ci as WorkerMiningStats, bd as WorkerProfile, b4 as WorkerStake, j as WorkerStatus, aQ as WorkerSummary, cf as WorkerTeeStatus, b1 as WorkerTier, b8 as WorkerTierBenefits, X as WorkerUpdateEvent, as as WorkersClient, ba as WorkersClientConfig, bb as WorkersTransactionResult, ah as createBatchClient, af as createDashboardClient, ay as createGovernanceClient, ad as createMiningClient, ak as createPaymentsClient, aw as createPrivacyClient, am as createStakingClient, aB as createStwoClient, aE as createTeeClient, at as createWorkersClient, O as fromFelt, a4 as getContractsForNetwork, cs as getDailyCapForTier, ct as getGpuMultiplier, x as getGpuTier, w as getMinStake, ar as getMinStakeForTier, cr as getStakeTierFromAmount, a8 as getTokensForNetwork, a5 as isContractConfigured, aq as isWorkerEligible, R as joinU256, Q as splitU256, M as toFelt } from './tee-CiR0hpfm.mjs';
-export { AgentFirewallSDK, AgentStatus, ClassifyResult, Decision, FirewallConfig, TransactionFeatures } from './firewall/index.mjs';
+export { A as AgentFirewallSDK, a as AgentStatus, C as ClassifyResult, D as Decision, F as FirewallConfig, T as TransactionFeatures } from './client-DFxKbDns.mjs';
 export { AssetId, BalanceProof, CURVE_ORDER, ConfidentialOrder, ConfidentialSwapClient, ConfidentialSwapConfig, CreateOrderRequest, CreateOrderResponse, ElGamalKeyPair, FIELD_PRIME, GENERATOR_G, GENERATOR_H, ElGamalCiphertext as ObelyskCiphertext, EncryptionProof as ObelyskEncryptionProof, default as ObelyskPrivacy, RangeProof, RateProof, SwapHistoryEntry, SwapProofBundle, TakeOrderResponse, addMod, ecAdd, ecDouble, ecMul, invMod, isIdentity, mulMod, poseidonHash, powMod, randomScalar, subMod } from './privacy/index.mjs';
 import 'starknet';
 
@@ -692,6 +692,34 @@ declare class StwoProverClient {
     /**
      * Generate proof for AI/ML inference
      */
+    /**
+     * Verifiable chat inference — send a prompt, get a response with on-chain proof.
+     *
+     * @example
+     * ```typescript
+     * const result = await prover.chat("What is 2+2?", { model: "local", maxTokens: 1 });
+     * console.log(result.text);           // model output
+     * console.log(result.txHash);         // Starknet TX hash
+     * console.log(result.explorerUrl);    // Starkscan link
+     * console.log(result.calldataFelts);  // ~950 felts
+     * console.log(result.modelId);        // weight commitment hash
+     * ```
+     */
+    chat(prompt: string, options?: {
+        model?: string;
+        maxTokens?: number;
+        sessionId?: string;
+    }): Promise<{
+        text: string;
+        txHash?: string;
+        proofHash?: string;
+        modelId?: string;
+        ioCommitment?: string;
+        calldataFelts?: number;
+        explorerUrl?: string;
+        proveTimeSecs?: number;
+        trustModel: string;
+    }>;
     proveInference(modelId: string, inputs: bigint[], outputs: bigint[], options?: {
         priority?: ProofJobPriority;
         requireTee?: boolean;
@@ -911,4 +939,4 @@ declare function printObelyskanBanner(): void;
  */
 declare function getVersionBanner(version: string): string;
 
-export { AEHint, BITSAGE_BANNER, BITSAGE_LOGO, BITSAGE_TAGLINE, type BatchProofRequest, type BatchProofResponse, DEFAULT_PROVER_CONFIG, ECPoint, ElGamalCiphertext, EncryptedBalance, EncryptionHelper, GPU_TIERS, OBELYSK_BANNER, OBELYSK_LOGO, OBELYSK_TAGLINE, PROOF_TYPES, PrivacyKeyManager, PrivacyKeyPair, type ProofCostEstimate, type ProofGenerationStatus, type ProofJobPriority, type ProofJobRequest, type ProofJobResponse, type ProofJobStatus, type ProofResult, SchnorrProof, type GpuTier as StwoGpuTier, type ProofType as StwoProofType, StwoProverClient, type StwoProverConfig, type ProverMetrics as StwoProverMetrics, TransferProof, type UseWebSocketResult, WebSocketClient, WsConfig, WsEvent, createStwoProverClient, createTransferProof, createWebSocketClient, getPrivacyDerivationMessage, getVersionBanner, isValidPublicKey, printBitsageBanner, printObelyskanBanner, verifyTransferProof };
+export { AEHint, BITSAGE_BANNER, BITSAGE_LOGO, BITSAGE_TAGLINE, type BatchProofRequest, type BatchProofResponse, DEFAULT_PROVER_CONFIG, ECPoint, ElGamalCiphertext, EncryptedBalance, EncryptionHelper, GPU_TIERS, OBELYSK_BANNER, OBELYSK_LOGO, OBELYSK_TAGLINE, PROOF_TYPES, PrivacyKeyManager, PrivacyKeyPair, type ProofCostEstimate, type ProofGenerationStatus, type ProofJobPriority, type ProofJobRequest, type ProofJobResponse, type ProofJobStatus, type ProofResult, SchnorrProof, type GpuTier as StwoGpuTier, type ProofType as StwoProofType, StwoProverClient, type StwoProverConfig, type ProverMetrics as StwoProverMetrics, TransferProof, type UseWebSocketResult, WebSocketClient, WsConfig, WsEvent, createStwoProverClient as createProverClient, createStwoProverClient, createTransferProof, createWebSocketClient, getPrivacyDerivationMessage, getVersionBanner, isValidPublicKey, printBitsageBanner, printObelyskanBanner, verifyTransferProof };

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import { W as WsConfig, a as WebSocketClient, b as WsEvent, P as PrivacyKeyPair, E as ECPoint, c as ElGamalCiphertext, A as AEHint, d as EncryptedBalance, S as SchnorrProof, T as TransferProof } from './tee-CiR0hpfm.js';
 export { cv as AccountHints, cz as AuditReport, ag as BatchClient, aS as BatchJobResponse, aV as BatchOperation, aU as BatchOperationType, bZ as BatchStatus, aT as BatchStatusResponse, aX as BatchVerifyRequest, aY as BatchVerifyResponse, B as BitSageClient, bH as BurnEvent, au as CAPABILITY_FLAGS, c6 as ChallengeParams, c7 as ChallengeStatus, cL as CheckpointStatus, C as ClientConfig, c4 as CompressedProof, c3 as CompressionStats, cK as ComputeCheckpoint, I as ContractClient, _ as ContractConfig, aa as ContractRegistry, bN as CreateProposalParams, co as DAILY_CAPS, D as DEFAULT_CONFIG, K as DEFAULT_CONTRACT_CONFIG, cP as DEFAULT_DISCOUNT_TIERS, cQ as DEFAULT_FEE_DISTRIBUTION, y as DEFAULT_HTTP_CONFIG, z as DEFAULT_WS_CONFIG, bs as DKGShare, ch as DailyStats, ae as DashboardClient, bP as DelegationInfo, cD as DiscountTiers, b7 as DisputeRecord, cR as DisputeStatus, bI as EcosystemEmissionStatus, c5 as EnclaveInfo, cT as ExecutionMetrics, ab as ExternalTokens, v as FaucetClaimResponse, F as FaucetStatus, cE as FeeDistribution, az as GOVERNANCE_CONFIG, cp as GPU_MULTIPLIERS, aW as GasEstimate, ax as GovernanceClient, bx as GovernanceClientConfig, bB as GovernanceProposal, bC as GovernanceRights, bD as GovernanceStats, by as GovernanceTransactionResult, ce as GpuAttestation, aI as GpuMetrics, aJ as GpuMetricsResponse, bY as GpuTeeProofParams, G as GpuTier, cq as HALVENING_SCHEDULE, aL as HistoryPeriod, b2 as HolderTier, H as HttpClient, U as HttpConfig, aO as JobAnalytics, J as JobId, cH as JobPaymentRecord, t as JobResult, i as JobStatus, s as JobStatusResponse, h as JobType, V as JobUpdateEvent, a3 as LOCAL_CONTRACTS, bg as LeaderboardEntry, bf as LeaderboardMetric, L as ListJobsParams, u as ListJobsResponse, a2 as MAINNET_CONTRACTS, a7 as MAINNET_TOKENS, ai as MAX_BATCH_SIZE, an as MIN_STAKE, bK as MilestoneStatus, ac as MiningClient, aF as MiningClientConfig, ck as MiningConfig, cm as MiningGpuTier, cj as MiningPoolStatus, bq as MixingOutput, bp as MixingTransaction, cy as MultiAssetBalance, bu as MultiAssetBalances, N as Network, o as NetworkStats, Y as NetworkStatsEvent, aR as NetworkWorkersResponse, cF as OTCConfig, a9 as PRAGMA_ORACLE, cC as PaymentQuote, cG as PaymentStats, cI as PaymentStatus, cB as PaymentToken, aj as PaymentsClient, aZ as PaymentsClientConfig, bM as PendingTransfer, be as PerformanceData, bE as PoolBalances, bk as PrivacyAsset, av as PrivacyClient, bi as PrivacyClientConfig, cM as PrivacyCreditDeposit, cN as PrivacyCreditUsage, bj as PrivacyTransactionResult, bl as PrivateAccount, bv as PrivateSwapParams, bm as PrivateTransferParams, bn as PrivateTransferWithAuditParams, cA as PrivateWorkerPayment, n as ProofDetails, b_ as ProofJobSpec, bX as ProofMetadata, c0 as ProofPriority, bU as ProofSource, c1 as ProofSubmission, b$ as ProofType, k as ProofVerificationStatus, Z as ProofVerifiedEvent, bz as ProposalStatus, bA as ProposalType, c2 as ProverMetrics, br as RagequitProof, bL as RateLimitInfo, aP as RecentJob, bh as RegisterWorkerParams, aM as RewardHistoryEntry, aN as RewardHistoryResponse, cl as RewardResult, aK as RewardsInfo, cw as RingMember, cx as RingSignature, a1 as SEPOLIA_CONTRACTS, a6 as SEPOLIA_TOKENS, ao as SLASH_PERCENTAGES, cn as STAKE_TIER_THRESHOLDS, cu as SameEncryption3Proof, e as SdkError, bG as SecurityBudget, b3 as SlashReason, b6 as SlashRecord, p as StakeInfo, cg as StakeTier, al as StakingClient, a_ as StakingClientConfig, b5 as StakingConfig, a$ as StakingTransactionResult, bw as StealthAddress, bo as SteganographicTransaction, aA as StwoClient, bR as StwoClientConfig, bV as StwoTeeType, bS as StwoTransactionResult, q as SubmitJobRequest, r as SubmitJobResponse, bW as TeeAttestation, cc as TeeChallengeParams, cd as TeeChallengeStatus, aD as TeeClient, c8 as TeeClientConfig, cb as TeeJobResult, cS as TeeQuote, ca as TeeResultParams, c9 as TeeTransactionResult, b0 as TeeType, bt as ThresholdDecryptionRequest, bJ as TokenFlowSummary, $ as TransactionReceipt, cO as TransactionResult, a0 as TxStatus, ap as UNSTAKE_LOCKUP_SECS, b9 as UnstakeRequest, aC as VERIFICATION_CONFIG, aG as ValidatorStatus, aH as ValidatorStatusResponse, cJ as VerificationSource, bT as VerificationStatus, bF as VestingStatus, bO as VoteDirection, bQ as VoterInfo, f as WalletConfig, l as WorkerCapabilities, bc as WorkerCapabilitiesExtended, g as WorkerId, m as WorkerInfo, ci as WorkerMiningStats, bd as WorkerProfile, b4 as WorkerStake, j as WorkerStatus, aQ as WorkerSummary, cf as WorkerTeeStatus, b1 as WorkerTier, b8 as WorkerTierBenefits, X as WorkerUpdateEvent, as as WorkersClient, ba as WorkersClientConfig, bb as WorkersTransactionResult, ah as createBatchClient, af as createDashboardClient, ay as createGovernanceClient, ad as createMiningClient, ak as createPaymentsClient, aw as createPrivacyClient, am as createStakingClient, aB as createStwoClient, aE as createTeeClient, at as createWorkersClient, O as fromFelt, a4 as getContractsForNetwork, cs as getDailyCapForTier, ct as getGpuMultiplier, x as getGpuTier, w as getMinStake, ar as getMinStakeForTier, cr as getStakeTierFromAmount, a8 as getTokensForNetwork, a5 as isContractConfigured, aq as isWorkerEligible, R as joinU256, Q as splitU256, M as toFelt } from './tee-CiR0hpfm.js';
-export { AgentFirewallSDK, AgentStatus, ClassifyResult, Decision, FirewallConfig, TransactionFeatures } from './firewall/index.js';
+export { A as AgentFirewallSDK, a as AgentStatus, C as ClassifyResult, D as Decision, F as FirewallConfig, T as TransactionFeatures } from './client-DFxKbDns.js';
 export { AssetId, BalanceProof, CURVE_ORDER, ConfidentialOrder, ConfidentialSwapClient, ConfidentialSwapConfig, CreateOrderRequest, CreateOrderResponse, ElGamalKeyPair, FIELD_PRIME, GENERATOR_G, GENERATOR_H, ElGamalCiphertext as ObelyskCiphertext, EncryptionProof as ObelyskEncryptionProof, default as ObelyskPrivacy, RangeProof, RateProof, SwapHistoryEntry, SwapProofBundle, TakeOrderResponse, addMod, ecAdd, ecDouble, ecMul, invMod, isIdentity, mulMod, poseidonHash, powMod, randomScalar, subMod } from './privacy/index.js';
 import 'starknet';
 
@@ -692,6 +692,34 @@ declare class StwoProverClient {
     /**
      * Generate proof for AI/ML inference
      */
+    /**
+     * Verifiable chat inference — send a prompt, get a response with on-chain proof.
+     *
+     * @example
+     * ```typescript
+     * const result = await prover.chat("What is 2+2?", { model: "local", maxTokens: 1 });
+     * console.log(result.text);           // model output
+     * console.log(result.txHash);         // Starknet TX hash
+     * console.log(result.explorerUrl);    // Starkscan link
+     * console.log(result.calldataFelts);  // ~950 felts
+     * console.log(result.modelId);        // weight commitment hash
+     * ```
+     */
+    chat(prompt: string, options?: {
+        model?: string;
+        maxTokens?: number;
+        sessionId?: string;
+    }): Promise<{
+        text: string;
+        txHash?: string;
+        proofHash?: string;
+        modelId?: string;
+        ioCommitment?: string;
+        calldataFelts?: number;
+        explorerUrl?: string;
+        proveTimeSecs?: number;
+        trustModel: string;
+    }>;
     proveInference(modelId: string, inputs: bigint[], outputs: bigint[], options?: {
         priority?: ProofJobPriority;
         requireTee?: boolean;
@@ -911,4 +939,4 @@ declare function printObelyskanBanner(): void;
  */
 declare function getVersionBanner(version: string): string;
 
-export { AEHint, BITSAGE_BANNER, BITSAGE_LOGO, BITSAGE_TAGLINE, type BatchProofRequest, type BatchProofResponse, DEFAULT_PROVER_CONFIG, ECPoint, ElGamalCiphertext, EncryptedBalance, EncryptionHelper, GPU_TIERS, OBELYSK_BANNER, OBELYSK_LOGO, OBELYSK_TAGLINE, PROOF_TYPES, PrivacyKeyManager, PrivacyKeyPair, type ProofCostEstimate, type ProofGenerationStatus, type ProofJobPriority, type ProofJobRequest, type ProofJobResponse, type ProofJobStatus, type ProofResult, SchnorrProof, type GpuTier as StwoGpuTier, type ProofType as StwoProofType, StwoProverClient, type StwoProverConfig, type ProverMetrics as StwoProverMetrics, TransferProof, type UseWebSocketResult, WebSocketClient, WsConfig, WsEvent, createStwoProverClient, createTransferProof, createWebSocketClient, getPrivacyDerivationMessage, getVersionBanner, isValidPublicKey, printBitsageBanner, printObelyskanBanner, verifyTransferProof };
+export { AEHint, BITSAGE_BANNER, BITSAGE_LOGO, BITSAGE_TAGLINE, type BatchProofRequest, type BatchProofResponse, DEFAULT_PROVER_CONFIG, ECPoint, ElGamalCiphertext, EncryptedBalance, EncryptionHelper, GPU_TIERS, OBELYSK_BANNER, OBELYSK_LOGO, OBELYSK_TAGLINE, PROOF_TYPES, PrivacyKeyManager, PrivacyKeyPair, type ProofCostEstimate, type ProofGenerationStatus, type ProofJobPriority, type ProofJobRequest, type ProofJobResponse, type ProofJobStatus, type ProofResult, SchnorrProof, type GpuTier as StwoGpuTier, type ProofType as StwoProofType, StwoProverClient, type StwoProverConfig, type ProverMetrics as StwoProverMetrics, TransferProof, type UseWebSocketResult, WebSocketClient, WsConfig, WsEvent, createStwoProverClient as createProverClient, createStwoProverClient, createTransferProof, createWebSocketClient, getPrivacyDerivationMessage, getVersionBanner, isValidPublicKey, printBitsageBanner, printObelyskanBanner, verifyTransferProof };