@rookdaemon/agora 0.2.7 → 0.2.9

package/dist/index.d.ts

@@ -1,25 +1,1613 @@
-export * from './identity/keypair.js';
-export * from './message/envelope.js';
-export * from './registry/capability.js';
-export * from './registry/peer.js';
-export * from './registry/peer-store.js';
-export * from './registry/messages.js';
-export * from './registry/discovery-service.js';
-export * from './message/types/paper-discovery.js';
-export * from './message/types/peer-discovery.js';
-export * from './transport/http.js';
-export * from './transport/peer-config.js';
-export * from './config.js';
-export * from './relay/server.js';
-export * from './relay/client.js';
-export * from './relay/types.js';
-export * from './utils.js';
-export * from './service.js';
-export * from './discovery/peer-discovery.js';
-export * from './discovery/bootstrap.js';
-export * from './reputation/types.js';
-export * from './reputation/verification.js';
-export * from './reputation/commit-reveal.js';
-export * from './reputation/scoring.js';
-export * from './reputation/store.js';
-//# sourceMappingURL=index.d.ts.map
+import { EventEmitter } from 'node:events';
+import { WebSocket } from 'ws';
+import { Request, Response, NextFunction, Router } from 'express';
+import http from 'node:http';
+
+/**
+ * Represents an ed25519 key pair for agent identity
+ */
+interface KeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+/**
+ * Generates a new ed25519 key pair
+ * @returns KeyPair with hex-encoded public and private keys
+ */
+declare function generateKeyPair(): KeyPair;
+/**
+ * Signs a message with the private key
+ * @param message - The message to sign (string or Buffer)
+ * @param privateKeyHex - The private key in hex format
+ * @returns Signature as hex string
+ */
+declare function signMessage(message: string | Buffer, privateKeyHex: string): string;
+/**
+ * Verifies a signature with the public key
+ * @param message - The original message (string or Buffer)
+ * @param signatureHex - The signature in hex format
+ * @param publicKeyHex - The public key in hex format
+ * @returns true if signature is valid, false otherwise
+ */
+declare function verifySignature(message: string | Buffer, signatureHex: string, publicKeyHex: string): boolean;
+/**
+ * Exports a key pair to a JSON-serializable format
+ * @param keyPair - The key pair to export
+ * @returns KeyPair object with hex-encoded keys
+ */
+declare function exportKeyPair(keyPair: KeyPair): KeyPair;
+/**
+ * Imports a key pair from hex strings
+ * @param publicKeyHex - The public key in hex format
+ * @param privateKeyHex - The private key in hex format
+ * @returns KeyPair object
+ * @throws Error if keys are not valid hex strings
+ */
+declare function importKeyPair(publicKeyHex: string, privateKeyHex: string): KeyPair;
+
+/**
+ * Message types on the Agora network.
+ * Every piece of data flowing between agents is wrapped in an envelope.
+ */
+type MessageType = 'announce' | 'discover' | 'request' | 'response' | 'publish' | 'subscribe' | 'verify' | 'ack' | 'error' | 'paper_discovery' | 'peer_list_request' | 'peer_list_response' | 'peer_referral' | 'capability_announce' | 'capability_query' | 'capability_response' | 'commit' | 'reveal' | 'verification' | 'revocation' | 'reputation_query' | 'reputation_response';
+/**
+ * The signed envelope that wraps every message on the network.
+ * Content-addressed: the ID is the hash of the canonical payload.
+ * Signed: every envelope carries a signature from the sender's private key.
+ */
+interface Envelope<T = unknown> {
+    /** Content-addressed ID: SHA-256 hash of canonical payload */
+    id: string;
+    /** Message type */
+    type: MessageType;
+    /** Sender's public key (hex-encoded ed25519) */
+    sender: string;
+    /** Unix timestamp (ms) when the message was created */
+    timestamp: number;
+    /** Optional: ID of the message this is responding to */
+    inReplyTo?: string;
+    /** The actual payload */
+    payload: T;
+    /** ed25519 signature over the canonical form (hex-encoded) */
+    signature: string;
+}
+/**
+ * Canonical form of an envelope for signing/hashing.
+ * Deterministic JSON serialization: recursively sorted keys, no whitespace.
+ */
+declare function canonicalize(type: MessageType, sender: string, timestamp: number, payload: unknown, inReplyTo?: string): string;
+/**
+ * Compute the content-addressed ID for a message.
+ */
+declare function computeId(canonical: string): string;
+/**
+ * Create a signed envelope.
+ * @param type - Message type
+ * @param sender - Sender's public key (hex)
+ * @param privateKey - Sender's private key (hex) for signing
+ * @param payload - The message payload
+ * @param timestamp - Timestamp for the envelope (ms), defaults to Date.now()
+ * @param inReplyTo - Optional ID of the message being replied to
+ * @returns A signed Envelope
+ */
+declare function createEnvelope<T>(type: MessageType, sender: string, privateKey: string, payload: T, timestamp?: number, inReplyTo?: string): Envelope<T>;
+/**
+ * Verify an envelope's integrity and authenticity.
+ * Checks:
+ * 1. Canonical form matches the ID (content-addressing)
+ * 2. Signature is valid for the sender's public key
+ *
+ * @returns Object with `valid` boolean and optional `reason` for failure
+ */
+declare function verifyEnvelope(envelope: Envelope): {
+    valid: boolean;
+    reason?: string;
+};
+
+/**
+ * A capability describes something an agent can do
+ */
+interface Capability {
+    /** Unique ID (content-addressed hash of name + version + schema) */
+    id: string;
+    /** Human-readable name: 'code-review', 'summarization', 'translation' */
+    name: string;
+    /** Semantic version */
+    version: string;
+    /** What the capability does */
+    description: string;
+    /** JSON Schema for expected input */
+    inputSchema?: object;
+    /** JSON Schema for expected output */
+    outputSchema?: object;
+    /** Discovery tags: ['code', 'typescript', 'review'] */
+    tags: string[];
+}
+/**
+ * Creates a capability with a content-addressed ID.
+ *
+ * @param name - Human-readable capability name
+ * @param version - Semantic version string
+ * @param description - Description of what the capability does
+ * @param options - Optional input/output schemas and tags
+ * @returns A Capability object with computed ID
+ */
+declare function createCapability(name: string, version: string, description: string, options?: {
+    inputSchema?: object;
+    outputSchema?: object;
+    tags?: string[];
+}): Capability;
+/**
+ * Validates that a capability has all required fields.
+ *
+ * @param capability - The capability to validate
+ * @returns Object with `valid` boolean and optional `errors` array
+ */
+declare function validateCapability(capability: unknown): {
+    valid: boolean;
+    errors?: string[];
+};
+
+/**
+ * A peer is an agent on the network
+ */
+interface Peer {
+    /** Identity (hex-encoded ed25519 public key) */
+    publicKey: string;
+    /** Capabilities this peer offers */
+    capabilities: Capability[];
+    /** Unix timestamp (ms) when this peer was last seen */
+    lastSeen: number;
+    /** Optional metadata about the peer */
+    metadata?: {
+        /** Human-readable alias */
+        name?: string;
+        /** Agent software version */
+        version?: string;
+    };
+}
+
+/**
+ * In-memory store for known peers on the network
+ */
+declare class PeerStore {
+    private peers;
+    /**
+     * Add or update a peer in the store.
+     * If a peer with the same publicKey exists, it will be updated.
+     *
+     * @param peer - The peer to add or update
+     */
+    addOrUpdatePeer(peer: Peer): void;
+    /**
+     * Remove a peer from the store.
+     *
+     * @param publicKey - The public key of the peer to remove
+     * @returns true if the peer was removed, false if it didn't exist
+     */
+    removePeer(publicKey: string): boolean;
+    /**
+     * Get a peer by their public key.
+     *
+     * @param publicKey - The public key of the peer to retrieve
+     * @returns The peer if found, undefined otherwise
+     */
+    getPeer(publicKey: string): Peer | undefined;
+    /**
+     * Find all peers that offer a specific capability by name.
+     *
+     * @param name - The capability name to search for
+     * @returns Array of peers that have a capability with the given name
+     */
+    findByCapability(name: string): Peer[];
+    /**
+     * Find all peers that have capabilities with a specific tag.
+     *
+     * @param tag - The tag to search for
+     * @returns Array of peers that have at least one capability with the given tag
+     */
+    findByTag(tag: string): Peer[];
+    /**
+     * Get all peers in the store.
+     *
+     * @returns Array of all peers
+     */
+    allPeers(): Peer[];
+    /**
+     * Remove peers that haven't been seen within the specified time window.
+     *
+     * @param maxAgeMs - Maximum age in milliseconds. Peers older than this will be removed.
+     * @param currentTime - Current timestamp (ms), defaults to Date.now()
+     * @returns Number of peers removed
+     */
+    prune(maxAgeMs: number, currentTime?: number): number;
+}
+
+/**
+ * Payload for 'announce' messages.
+ * An agent publishes its capabilities and metadata to the network.
+ */
+interface AnnouncePayload {
+    /** Capabilities this agent offers */
+    capabilities: Capability[];
+    /** Optional metadata about the agent */
+    metadata?: {
+        /** Human-readable agent name */
+        name?: string;
+        /** Agent software version */
+        version?: string;
+    };
+}
+/**
+ * Payload for 'discover' messages.
+ * An agent queries the network to find peers with specific capabilities.
+ */
+interface DiscoverPayload {
+    /** Query parameters for discovery */
+    query: {
+        /** Filter by capability name */
+        capabilityName?: string;
+        /** Filter by capability tag */
+        tag?: string;
+    };
+}
+/**
+ * Payload for responses to 'discover' messages.
+ * Returns a list of peers matching the discovery query.
+ */
+interface DiscoverResponsePayload {
+    /** Peers matching the discovery query */
+    peers: Array<{
+        /** Public key of the peer */
+        publicKey: string;
+        /** Capabilities the peer offers */
+        capabilities: Capability[];
+        /** Optional metadata about the peer */
+        metadata?: {
+            /** Human-readable peer name */
+            name?: string;
+            /** Peer software version */
+            version?: string;
+        };
+    }>;
+}
+/**
+ * Payload for 'capability_announce' messages.
+ * An agent publishes its capabilities to the network.
+ */
+interface CapabilityAnnouncePayload {
+    /** Agent's Ed25519 public key */
+    publicKey: string;
+    /** List of capabilities offered */
+    capabilities: Capability[];
+    /** Optional metadata */
+    metadata?: {
+        name?: string;
+        version?: string;
+        lastSeen?: number;
+    };
+}
+/**
+ * Payload for 'capability_query' messages.
+ * An agent queries the network for peers with specific capabilities.
+ */
+interface CapabilityQueryPayload {
+    /** Query type: by name, tag, or schema */
+    queryType: 'name' | 'tag' | 'schema';
+    /** Query value (capability name, tag, or JSON schema) */
+    query: string | object;
+    /** Optional filters */
+    filters?: {
+        /** Minimum trust score (RFC-001 integration) */
+        minTrustScore?: number;
+        /** Maximum results to return */
+        limit?: number;
+    };
+}
+/**
+ * Payload for 'capability_response' messages.
+ * Response to a capability_query with matching peers.
+ */
+interface CapabilityResponsePayload {
+    /** Query ID this is responding to */
+    queryId: string;
+    /** Matching peers */
+    peers: Array<{
+        publicKey: string;
+        capabilities: Capability[];
+        metadata?: {
+            name?: string;
+            version?: string;
+            lastSeen?: number;
+        };
+        /** Trust score from RFC-001 (Phase 2b) */
+        trustScore?: number;
+    }>;
+    /** Total matching peers (may be > peers.length if limited) */
+    totalMatches: number;
+}
+
+/**
+ * DiscoveryService manages capability-based peer discovery.
+ * It maintains a local index of peer capabilities and handles
+ * capability announce, query, and response messages.
+ */
+declare class DiscoveryService {
+    private peerStore;
+    private identity;
+    constructor(peerStore: PeerStore, identity: {
+        publicKey: string;
+        privateKey: string;
+    });
+    /**
+     * Announce own capabilities to the network.
+     * Creates a capability_announce envelope that can be broadcast to peers.
+     *
+     * @param capabilities - List of capabilities this agent offers
+     * @param metadata - Optional metadata about this agent
+     * @returns A signed capability_announce envelope
+     */
+    announce(capabilities: Capability[], metadata?: {
+        name?: string;
+        version?: string;
+    }): Envelope<CapabilityAnnouncePayload>;
+    /**
+     * Handle an incoming capability_announce message.
+     * Updates the peer store with the announced capabilities.
+     *
+     * @param envelope - The capability_announce envelope to process
+     */
+    handleAnnounce(envelope: Envelope<CapabilityAnnouncePayload>): void;
+    /**
+     * Create a capability query payload.
+     *
+     * @param queryType - Type of query: 'name', 'tag', or 'schema'
+     * @param query - The query value (capability name, tag, or schema)
+     * @param filters - Optional filters (limit, minTrustScore)
+     * @returns A capability_query payload
+     */
+    query(queryType: 'name' | 'tag' | 'schema', query: string | object, filters?: {
+        limit?: number;
+        minTrustScore?: number;
+    }): CapabilityQueryPayload;
+    /**
+     * Handle an incoming capability_query message.
+     * Searches the local peer store and returns matching peers.
+     *
+     * @param envelope - The capability_query envelope to process
+     * @returns A capability_response envelope with matching peers
+     */
+    handleQuery(envelope: Envelope<CapabilityQueryPayload>): Envelope<CapabilityResponsePayload>;
+    /**
+     * Remove peers that haven't been seen within the specified time window.
+     *
+     * @param maxAgeMs - Maximum age in milliseconds
+     * @returns Number of peers removed
+     */
+    pruneStale(maxAgeMs: number, currentTime?: number): number;
+}
+
+/**
+ * Payload for 'paper_discovery' messages.
+ * An agent publishes a discovered academic paper to the network.
+ * Each paper gets its own envelope for easy referencing and threading.
+ */
+interface PaperDiscoveryPayload {
+    /** arXiv identifier (e.g. "2501.12345") */
+    arxiv_id: string;
+    /** Paper title */
+    title: string;
+    /** List of author names */
+    authors: string[];
+    /** Key contribution in 1-2 sentences */
+    claim: string;
+    /** Confidence score (0-1) in the relevance/importance assessment */
+    confidence: number;
+    /** Tags describing relevance domains */
+    relevance_tags: string[];
+    /** Agent ID of the discoverer */
+    discoverer: string;
+    /** ISO 8601 timestamp of discovery */
+    timestamp: string;
+    /** URL to the abstract page */
+    abstract_url: string;
+    /** URL to the PDF (optional) */
+    pdf_url?: string;
+}
+
+/**
+ * Peer discovery message types for the Agora network.
+ */
+/**
+ * Request peer list from relay
+ */
+interface PeerListRequestPayload {
+    /** Optional filters */
+    filters?: {
+        /** Only peers seen in last N ms */
+        activeWithin?: number;
+        /** Maximum peers to return */
+        limit?: number;
+    };
+}
+/**
+ * Relay responds with connected peers
+ */
+interface PeerListResponsePayload {
+    /** List of known peers */
+    peers: Array<{
+        /** Peer's Ed25519 public key */
+        publicKey: string;
+        /** Optional metadata (if peer announced) */
+        metadata?: {
+            name?: string;
+            version?: string;
+            capabilities?: string[];
+        };
+        /** Last seen timestamp (ms) */
+        lastSeen: number;
+    }>;
+    /** Total peer count (may be > peers.length if limited) */
+    totalPeers: number;
+    /** Relay's public key (for trust verification) */
+    relayPublicKey: string;
+}
+/**
+ * Agent recommends another agent
+ */
+interface PeerReferralPayload {
+    /** Referred peer's public key */
+    publicKey: string;
+    /** Optional endpoint (if known) */
+    endpoint?: string;
+    /** Optional metadata */
+    metadata?: {
+        name?: string;
+        version?: string;
+        capabilities?: string[];
+    };
+    /** Referrer's comment */
+    comment?: string;
+    /** Trust hint (RFC-001 integration) */
+    trustScore?: number;
+}
+/**
+ * Validate PeerListRequestPayload
+ */
+declare function validatePeerListRequest(payload: unknown): {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * Validate PeerListResponsePayload
+ */
+declare function validatePeerListResponse(payload: unknown): {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * Validate PeerReferralPayload
+ */
+declare function validatePeerReferral(payload: unknown): {
+    valid: boolean;
+    errors: string[];
+};
+
+interface PeerConfig {
+    /** Peer's webhook URL, e.g. http://localhost:18790/hooks (undefined for relay-only peers) */
+    url?: string;
+    /** Peer's webhook auth token (undefined for relay-only peers) */
+    token?: string;
+    /** Peer's public key (hex) for verifying responses */
+    publicKey: string;
+}
+interface TransportConfig {
+    /** This agent's keypair */
+    identity: {
+        publicKey: string;
+        privateKey: string;
+    };
+    /** Known peers */
+    peers: Map<string, PeerConfig>;
+}
+/**
+ * Send a signed envelope to a peer via HTTP webhook.
+ * Creates the envelope, signs it, and POSTs to the peer's /hooks/agent endpoint.
+ * Returns the HTTP status code.
+ */
+declare function sendToPeer(config: TransportConfig, peerPublicKey: string, type: MessageType, payload: unknown, inReplyTo?: string): Promise<{
+    ok: boolean;
+    status: number;
+    error?: string;
+}>;
+/**
+ * Decode and verify an inbound Agora envelope from a webhook message.
+ * Expects the message to start with [AGORA_ENVELOPE] followed by base64.
+ * Returns the verified envelope or an error.
+ */
+declare function decodeInboundEnvelope(message: string, knownPeers: Map<string, PeerConfig>): {
+    ok: true;
+    envelope: Envelope;
+} | {
+    ok: false;
+    reason: string;
+};
+
+interface PeerConfigFile {
+    identity: {
+        publicKey: string;
+        privateKey: string;
+        name?: string;
+    };
+    relay?: string | {
+        url: string;
+        name?: string;
+    };
+    peers: Record<string, {
+        url?: string;
+        token?: string;
+        publicKey: string;
+        name?: string;
+    }>;
+}
+/**
+ * Load peer configuration from a JSON file.
+ * @param path - Path to the config file
+ * @returns The parsed configuration
+ * @throws Error if file doesn't exist or contains invalid JSON
+ */
+declare function loadPeerConfig(path: string): PeerConfigFile;
+/**
+ * Save peer configuration to a JSON file.
+ * @param path - Path to the config file
+ * @param config - The configuration to save
+ */
+declare function savePeerConfig(path: string, config: PeerConfigFile): void;
+/**
+ * Initialize peer configuration, generating a new keypair if the file doesn't exist.
+ * If the file exists, loads and returns it.
+ * @param path - Path to the config file
+ * @returns The configuration (loaded or newly created)
+ */
+declare function initPeerConfig(path: string): PeerConfigFile;
+
+/**
+ * Normalized relay configuration (supports both string and object in config file).
+ */
+interface RelayConfig {
+    url: string;
+    autoConnect: boolean;
+    name?: string;
+    reconnectMaxMs?: number;
+}
+/**
+ * Peer entry in config (webhook URL, token, public key).
+ */
+interface AgoraPeerConfig {
+    publicKey: string;
+    /** Webhook URL (undefined for relay-only peers) */
+    url?: string;
+    /** Webhook auth token (undefined for relay-only peers) */
+    token?: string;
+    name?: string;
+}
+/**
+ * Identity with optional display name (e.g. for relay registration).
+ */
+interface AgoraIdentity {
+    publicKey: string;
+    privateKey: string;
+    name?: string;
+}
+/**
+ * Canonical Agora configuration shape.
+ * Use loadAgoraConfig() to load from file with normalized relay.
+ */
+interface AgoraConfig {
+    identity: AgoraIdentity;
+    peers: Record<string, AgoraPeerConfig>;
+    relay?: RelayConfig;
+}
+/**
+ * Default config file path: AGORA_CONFIG env or ~/.config/agora/config.json
+ */
+declare function getDefaultConfigPath(): string;
+/**
+ * Load and normalize Agora configuration from a JSON file (sync).
+ * Supports relay as string (backward compat) or object { url?, autoConnect?, name?, reconnectMaxMs? }.
+ *
+ * @param path - Config file path; defaults to getDefaultConfigPath()
+ * @returns Normalized AgoraConfig
+ * @throws Error if file doesn't exist or config is invalid
+ */
+declare function loadAgoraConfig(path?: string): AgoraConfig;
+/**
+ * Load and normalize Agora configuration from a JSON file (async).
+ *
+ * @param path - Config file path; defaults to getDefaultConfigPath()
+ * @returns Normalized AgoraConfig
+ * @throws Error if file doesn't exist or config is invalid
+ */
+declare function loadAgoraConfigAsync(path?: string): Promise<AgoraConfig>;
+
+/**
+ * Represents a connected agent in the relay
+ */
+interface ConnectedAgent {
+    /** Agent's public key */
+    publicKey: string;
+    /** Optional agent name */
+    name?: string;
+    /** WebSocket connection */
+    socket: WebSocket;
+    /** Last seen timestamp (ms) */
+    lastSeen: number;
+    /** Optional metadata */
+    metadata?: {
+        version?: string;
+        capabilities?: string[];
+    };
+}
+/**
+ * Events emitted by RelayServer
+ */
+interface RelayServerEvents {
+    'agent-registered': (publicKey: string) => void;
+    'agent-disconnected': (publicKey: string) => void;
+    'message-relayed': (from: string, to: string, envelope: Envelope) => void;
+    'error': (error: Error) => void;
+}
+/**
+ * WebSocket relay server for routing messages between agents.
+ *
+ * Agents connect to the relay and register with their public key.
+ * Messages are routed to recipients based on the 'to' field.
+ * All envelopes are verified before being forwarded.
+ */
+interface RelayServerOptions {
+    /** Optional relay identity for peer_list_request handling */
+    identity?: {
+        publicKey: string;
+        privateKey: string;
+    };
+    /** Public keys that should have messages stored when offline */
+    storagePeers?: string[];
+    /** Directory for persisting messages for storage peers */
+    storageDir?: string;
+}
+declare class RelayServer extends EventEmitter {
+    private wss;
+    private agents;
+    private identity?;
+    private storagePeers;
+    private store;
+    constructor(options?: {
+        publicKey: string;
+        privateKey: string;
+    } | RelayServerOptions);
+    /**
+     * Start the relay server
+     * @param port - Port to listen on
+     * @param host - Optional host (default: all interfaces)
+     */
+    start(port: number, host?: string): Promise<void>;
+    /**
+     * Stop the relay server
+     */
+    stop(): Promise<void>;
+    /**
+     * Get all connected agents
+     */
+    getAgents(): Map<string, ConnectedAgent>;
+    /**
+     * Handle incoming connection
+     */
+    private handleConnection;
+    /**
+     * Send an error message to a client
+     */
+    private sendError;
+    /**
+     * Broadcast a peer event to all connected agents
+     */
+    private broadcastPeerEvent;
+    /**
+     * Handle peer list request from an agent
+     */
+    private handlePeerListRequest;
+}
+
+/**
+ * Messages sent from client to relay server
+ */
+interface RelayClientMessage {
+    type: 'register' | 'message' | 'broadcast' | 'ping';
+    publicKey?: string;
+    name?: string;
+    to?: string;
+    envelope?: Envelope;
+}
+/**
+ * Messages received from relay server
+ */
+interface RelayServerMessage {
+    type: 'registered' | 'message' | 'error' | 'pong' | 'peer_online' | 'peer_offline';
+    publicKey?: string;
+    name?: string;
+    from?: string;
+    envelope?: Envelope;
+    peers?: Array<{
+        publicKey: string;
+        name?: string;
+    }>;
+    code?: string;
+    message?: string;
+}
+/**
+ * Peer presence information
+ */
+interface RelayPeer {
+    publicKey: string;
+    name?: string;
+}
+
+/**
+ * Configuration for RelayClient
+ */
+interface RelayClientConfig {
+    /** WebSocket URL of the relay server */
+    relayUrl: string;
+    /** Agent's public key */
+    publicKey: string;
+    /** Agent's private key (for signing) */
+    privateKey: string;
+    /** Optional name for this agent */
+    name?: string;
+    /** Keepalive ping interval in milliseconds (default: 30000) */
+    pingInterval?: number;
+    /** Maximum reconnection delay in milliseconds (default: 60000) */
+    maxReconnectDelay?: number;
+}
+/**
+ * Events emitted by RelayClient
+ */
+interface RelayClientEvents {
+    /** Emitted when successfully connected and registered */
+    'connected': () => void;
+    /** Emitted when disconnected from relay */
+    'disconnected': () => void;
+    /** Emitted when a verified message is received */
+    'message': (envelope: Envelope, from: string, fromName?: string) => void;
+    /** Emitted when a peer comes online */
+    'peer_online': (peer: RelayPeer) => void;
+    /** Emitted when a peer goes offline */
+    'peer_offline': (peer: RelayPeer) => void;
+    /** Emitted on errors */
+    'error': (error: Error) => void;
+}
+/**
+ * Persistent WebSocket client for the Agora relay server.
+ * Maintains a long-lived connection, handles reconnection, and routes messages.
+ */
+declare class RelayClient extends EventEmitter {
+    private ws;
+    private config;
+    private reconnectAttempts;
+    private reconnectTimeout;
+    private pingInterval;
+    private isConnected;
+    private isRegistered;
+    private shouldReconnect;
+    private onlinePeers;
+    constructor(config: RelayClientConfig);
+    /**
+     * Connect to the relay server
+     */
+    connect(): Promise<void>;
+    /**
+     * Disconnect from the relay server
+     */
+    disconnect(): void;
+    /**
+     * Check if currently connected and registered
+     */
+    connected(): boolean;
+    /**
+     * Send a message to a specific peer
+     */
+    send(to: string, envelope: Envelope): Promise<{
+        ok: boolean;
+        error?: string;
+    }>;
+    /**
+     * Broadcast a message to all connected peers
+     */
+    broadcast(envelope: Envelope): Promise<{
+        ok: boolean;
+        error?: string;
+    }>;
+    /**
+     * Get list of currently online peers
+     */
+    getOnlinePeers(): RelayPeer[];
+    /**
+     * Check if a specific peer is online
+     */
+    isPeerOnline(publicKey: string): boolean;
+    /**
+     * Internal: Perform connection
+     */
+    private doConnect;
+    /**
+     * Handle incoming message from relay
+     */
+    private handleMessage;
+    /**
+     * Schedule reconnection with exponential backoff
+     */
+    private scheduleReconnect;
+    /**
+     * Start periodic ping messages
+     */
+    private startPingInterval;
+    /**
+     * Stop ping interval
+     */
+    private stopPingInterval;
+    /**
+     * Cleanup resources
+     */
+    private cleanup;
+}
+
+/**
+ * message-buffer.ts — In-memory bounded message queue per agent.
+ *
+ * When messages are delivered to an agent via the relay, they are also
+ * stored here so that HTTP polling clients can retrieve them via GET /v1/messages.
+ */
+interface BufferedMessage {
+    id: string;
+    from: string;
+    fromName?: string;
+    type: string;
+    payload: unknown;
+    timestamp: number;
+    inReplyTo?: string;
+}
+/**
+ * MessageBuffer stores inbound messages per agent public key.
+ * FIFO eviction when the buffer is full (max 100 messages).
+ */
+declare class MessageBuffer {
+    private buffers;
+    /**
+     * Add a message to an agent's buffer.
+     * Evicts the oldest message if the buffer is full.
+     */
+    add(publicKey: string, message: BufferedMessage): void;
+    /**
+     * Retrieve messages for an agent, optionally filtering by `since` timestamp.
+     * Returns messages with timestamp > since (exclusive).
+     */
+    get(publicKey: string, since?: number): BufferedMessage[];
+    /**
+     * Clear all messages for an agent (after polling without `since`).
+     */
+    clear(publicKey: string): void;
+    /**
+     * Remove all state for a disconnected agent.
+     */
+    delete(publicKey: string): void;
+}
+
+/**
+ * store.ts — File-based message store for offline peers.
+ * When the relay has storage enabled for certain public keys, messages
+ * for offline recipients are persisted and delivered when they connect.
+ */
+interface StoredMessage {
+    from: string;
+    name?: string;
+    envelope: object;
+}
+declare class MessageStore {
+    private storageDir;
+    constructor(storageDir: string);
+    private recipientDir;
+    save(recipientKey: string, message: StoredMessage): void;
+    load(recipientKey: string): StoredMessage[];
+    clear(recipientKey: string): void;
+}
+
+/**
+ * jwt-auth.ts — JWT token creation and validation middleware.
+ *
+ * Tokens are signed with AGORA_RELAY_JWT_SECRET (required env var).
+ * Expiry defaults to 3600 seconds (1 hour), configurable via AGORA_JWT_EXPIRY_SECONDS.
+ *
+ * Token payload: { publicKey, name }
+ */
+
+interface JwtPayload {
+    publicKey: string;
+    name?: string;
+}
+/**
+ * Augment Express Request to carry decoded JWT payload.
+ */
+interface AuthenticatedRequest extends Request {
+    agent?: JwtPayload;
+}
+/**
+ * Create a signed JWT for a registered agent.
+ * Returns the token string and its expiry timestamp (ms since epoch).
+ */
+declare function createToken(payload: JwtPayload): {
+    token: string;
+    expiresAt: number;
+};
+/**
+ * Revoke a token by its jti claim so it cannot be used again.
+ * The revocation entry is stored with the token's expiry so it can be
+ * pruned automatically once the token would no longer be valid anyway.
+ */
+declare function revokeToken(token: string): void;
+/**
+ * Express middleware that validates the Authorization: Bearer <token> header.
+ * Attaches decoded payload to `req.agent` on success.
+ * Responds with 401 if missing/invalid/expired/revoked.
+ */
+declare function requireAuth(req: AuthenticatedRequest, res: Response, next: NextFunction): void;
+
+/**
+ * rest-api.ts — Express router implementing the Agora relay REST API.
+ *
+ * Endpoints:
+ *   POST   /v1/register   — Register agent, obtain JWT session token
+ *   POST   /v1/send       — Send message to a peer (requires auth)
+ *   GET    /v1/peers      — List online peers (requires auth)
+ *   GET    /v1/messages   — Poll for new inbound messages (requires auth)
+ *   DELETE /v1/disconnect — Invalidate token and disconnect (requires auth)
+ */
+
+/**
+ * A session for a REST-connected agent.
+ * privateKey is held only in memory and never logged or persisted.
+ */
+interface RestSession {
+    publicKey: string;
+    privateKey: string;
+    name?: string;
+    metadata?: {
+        version?: string;
+        capabilities?: string[];
+    };
+    registeredAt: number;
+    expiresAt: number;
+    token: string;
+}
+/**
+ * Minimal interface for the relay server that the REST API depends on.
+ */
+interface RelayInterface {
+    getAgents(): Map<string, {
+        publicKey: string;
+        name?: string;
+        lastSeen: number;
+        metadata?: {
+            version?: string;
+            capabilities?: string[];
+        };
+        socket: unknown;
+    }>;
+    on(event: 'message-relayed', handler: (from: string, to: string, envelope: unknown) => void): void;
+}
+/**
+ * Envelope creation function interface (matches createEnvelope from message/envelope).
+ */
+type CreateEnvelopeFn = (type: string, sender: string, privateKey: string, payload: unknown, timestamp?: number, inReplyTo?: string) => {
+    id: string;
+    type: string;
+    sender: string;
+    timestamp: number;
+    payload: unknown;
+    signature: string;
+    inReplyTo?: string;
+};
+/**
+ * Envelope verification function interface.
+ */
+type VerifyEnvelopeFn = (envelope: unknown) => {
+    valid: boolean;
+    reason?: string;
+};
+/**
+ * Create the REST API router.
+ */
+declare function createRestRouter(relay: RelayInterface, buffer: MessageBuffer, sessions: Map<string, RestSession>, createEnv: CreateEnvelopeFn, verifyEnv: VerifyEnvelopeFn): Router;
+
+/**
+ * run-relay.ts — Start Agora relay: WebSocket server and optional REST API.
+ *
+ * When REST is enabled, starts:
+ *   1. WebSocket relay (RelayServer) on wsPort
+ *   2. REST API server (Express) on restPort (default wsPort + 1)
+ *
+ * Environment variables (when REST enabled):
+ *   AGORA_RELAY_JWT_SECRET   — Required for REST (JWT signing)
+ *   AGORA_JWT_EXPIRY_SECONDS — JWT expiry in seconds (default: 3600)
+ *   PORT                     — WebSocket port (default: 3001); REST uses PORT+1
+ */
+
+interface RunRelayOptions {
+    /** WebSocket port (default from PORT env or 3001) */
+    wsPort?: number;
+    /** REST API port (default: wsPort + 1). Ignored if enableRest is false. */
+    restPort?: number;
+    /** Enable REST API (requires AGORA_RELAY_JWT_SECRET). Default: true if AGORA_RELAY_JWT_SECRET is set. */
+    enableRest?: boolean;
+    /** Relay server options (identity, storagePeers, storageDir) */
+    relayOptions?: RelayServerOptions;
+}
+/**
+ * Start WebSocket relay and optionally REST API.
+ * Returns { relay, httpServer } where httpServer is set only when REST is enabled.
+ */
+declare function runRelay(options?: RunRelayOptions): Promise<{
+    relay: RelayServer;
+    httpServer?: http.Server;
+}>;
+
+/**
+ * Get a short display version of a public key using the last 8 characters.
+ * Ed25519 public keys all share the same OID prefix, so the last 8 characters
+ * are more distinguishable than the first 8.
+ *
+ * @param publicKey - The full public key hex string
+ * @returns "..." followed by the last 8 characters of the key
+ */
+declare function shortKey(publicKey: string): string;
+/**
+ * Resolves the name to broadcast when connecting to a relay.
+ * Priority order:
+ * 1. CLI --name flag
+ * 2. config.relay.name (if relay is an object with name property)
+ * 3. config.identity.name
+ * 4. undefined (no name broadcast)
+ *
+ * @param config - The Agora configuration (or compatible config with identity and optional relay)
+ * @param cliName - Optional name from CLI --name flag
+ * @returns The resolved name to broadcast, or undefined if none available
+ */
+declare function resolveBroadcastName(config: {
+    identity: {
+        name?: string;
+    };
+    relay?: {
+        name?: string;
+    } | string;
+}, cliName?: string): string | undefined;
+/**
+ * Formats a display name with short ID postfix.
+ * If name exists: "name (...3f8c2247)"
+ * If no name: "...3f8c2247" (short ID only)
+ *
+ * @param name - Optional name to display (should not be a short ID)
+ * @param publicKey - The public key to use for short ID
+ * @returns Formatted display string
+ */
+declare function formatDisplayName(name: string | undefined, publicKey: string): string;
+
+/**
+ * Service config: identity, peers keyed by name, optional relay.
+ */
+interface AgoraServiceConfig {
+    identity: AgoraIdentity;
+    peers: Map<string, PeerConfig>;
+    relay?: RelayConfig;
+}
+interface SendMessageOptions {
+    peerName: string;
+    type: MessageType;
+    payload: unknown;
+    inReplyTo?: string;
+}
+interface SendMessageResult {
+    ok: boolean;
+    status: number;
+    error?: string;
+}
+interface DecodeInboundResult {
+    ok: boolean;
+    envelope?: Envelope;
+    reason?: string;
+}
+type RelayMessageHandler = (envelope: Envelope) => void;
+type RelayMessageHandlerWithName = (envelope: Envelope, from: string, fromName?: string) => void;
+interface Logger {
+    debug(message: string): void;
+}
+interface RelayClientLike {
+    connect(): Promise<void>;
+    disconnect(): void;
+    connected(): boolean;
+    send(to: string, envelope: Envelope): Promise<{
+        ok: boolean;
+        error?: string;
+    }>;
+    on(event: 'message', handler: (envelope: Envelope, from: string, fromName?: string) => void): void;
+    on(event: 'error', handler: (error: Error) => void): void;
+}
+interface RelayClientFactory {
+    (opts: {
+        relayUrl: string;
+        publicKey: string;
+        privateKey: string;
+        name?: string;
+        pingInterval: number;
+        maxReconnectDelay: number;
+    }): RelayClientLike;
+}
+/**
+ * High-level Agora service: send by peer name, decode inbound, relay lifecycle.
+ */
+declare class AgoraService {
+    private config;
+    private relayClient;
+    private relayMessageHandler;
+    private relayMessageHandlerWithName;
+    private logger;
+    private relayClientFactory;
+    constructor(config: AgoraServiceConfig, logger?: Logger, relayClientFactory?: RelayClientFactory);
+    /**
+     * Send a signed message to a named peer.
+     * Tries HTTP webhook first; falls back to relay if HTTP is unavailable.
+     */
+    sendMessage(options: SendMessageOptions): Promise<SendMessageResult>;
+    /**
+     * Decode and verify an inbound envelope from a webhook message.
+     */
+    decodeInbound(message: string): Promise<DecodeInboundResult>;
+    getPeers(): string[];
+    getPeerConfig(name: string): PeerConfig | undefined;
+    /**
+     * Connect to the relay server.
+     */
+    connectRelay(url: string): Promise<void>;
+    setRelayMessageHandler(handler: RelayMessageHandler): void;
+    setRelayMessageHandlerWithName(handler: RelayMessageHandlerWithName): void;
+    disconnectRelay(): Promise<void>;
+    isRelayConnected(): boolean;
+    /**
+     * Load Agora configuration and return service config (peers as Map).
+     */
+    static loadConfig(path?: string): Promise<AgoraServiceConfig>;
+}
+
+/**
+ * Configuration for PeerDiscoveryService
+ */
+interface PeerDiscoveryConfig {
+    /** Agent's public key */
+    publicKey: string;
+    /** Agent's private key for signing */
+    privateKey: string;
+    /** RelayClient instance for communication */
+    relayClient: RelayClient;
+    /** Public key of the relay server (for sending peer list requests) */
+    relayPublicKey?: string;
+}
+/**
+ * Events emitted by PeerDiscoveryService
+ */
+interface PeerDiscoveryEvents {
+    /** Emitted when peers are discovered */
+    'peers-discovered': (peers: PeerListResponsePayload['peers']) => void;
+    /** Emitted when a peer referral is received */
+    'peer-referral': (referral: PeerReferralPayload, from: string) => void;
+    /** Emitted on errors */
+    'error': (error: Error) => void;
+}
+/**
+ * Service for discovering peers on the Agora network
+ */
+declare class PeerDiscoveryService extends EventEmitter {
+    private config;
+    constructor(config: PeerDiscoveryConfig);
+    /**
+     * Request peer list from relay
+     */
+    discoverViaRelay(filters?: PeerListRequestPayload['filters']): Promise<PeerListResponsePayload | null>;
+    /**
+     * Send peer referral to another agent
+     */
+    referPeer(recipientPublicKey: string, referredPublicKey: string, metadata?: {
+        name?: string;
+        endpoint?: string;
+        comment?: string;
+        trustScore?: number;
+    }): Promise<{
+        ok: boolean;
+        error?: string;
+    }>;
+    /**
+     * Handle incoming peer referral
+     */
+    private handleReferral;
+    /**
+     * Handle incoming peer list from relay
+     */
+    private handlePeerList;
+}
+
+/**
+ * Bootstrap configuration for peer discovery on the Agora network.
+ * Provides default bootstrap relays for initial network entry.
+ */
+/**
+ * Default bootstrap relay servers
+ * These are well-known relays that serve as initial entry points to the network
+ */
+declare const DEFAULT_BOOTSTRAP_RELAYS: {
+    url: string;
+    name: string;
+}[];
+/**
+ * Configuration for bootstrap connection
+ */
+interface BootstrapConfig {
+    /** Bootstrap relay URL */
+    relayUrl: string;
+    /** Optional relay public key (for verification) */
+    relayPublicKey?: string;
+    /** Connection timeout in ms (default: 10000) */
+    timeout?: number;
+}
+/**
+ * Get default bootstrap relay configuration
+ */
+declare function getDefaultBootstrapRelay(): BootstrapConfig;
+/**
+ * Parse bootstrap relay URL and optional public key
+ */
+declare function parseBootstrapRelay(url: string, publicKey?: string): BootstrapConfig;
+
+/**
+ * Core data structures for the Agora reputation layer.
+ * Phase 1: Verification records, commit-reveal patterns, and trust scoring.
+ */
+/**
+ * A cryptographically signed verification of another agent's output or claim.
+ * Core primitive for building computational reputation.
+ */
+interface VerificationRecord {
+    /** Content-addressed ID (hash of canonical JSON) */
+    id: string;
+    /** Public key of verifying agent */
+    verifier: string;
+    /** ID of message/output being verified */
+    target: string;
+    /** Capability domain (e.g., 'ocr', 'summarization', 'code_review') */
+    domain: string;
+    /** Verification verdict */
+    verdict: 'correct' | 'incorrect' | 'disputed';
+    /** Verifier's confidence in their check (0-1) */
+    confidence: number;
+    /** Optional link to independent verification data */
+    evidence?: string;
+    /** Unix timestamp (ms) */
+    timestamp: number;
+    /** Ed25519 signature over canonical JSON */
+    signature: string;
+}
+/**
+ * A commitment to a prediction before outcome is known.
+ * Prevents post-hoc editing of predictions.
+ */
+interface CommitRecord {
+    /** Content-addressed ID */
+    id: string;
+    /** Public key of committing agent */
+    agent: string;
+    /** Domain of prediction */
+    domain: string;
+    /** SHA-256 hash of prediction string */
+    commitment: string;
+    /** Unix timestamp (ms) */
+    timestamp: number;
+    /** Expiry time (ms) - commitment invalid after this */
+    expiry: number;
+    /** Ed25519 signature */
+    signature: string;
+}
+/**
+ * Reveals the prediction and outcome after commitment expiry.
+ * Enables verification of prediction accuracy.
+ */
+interface RevealRecord {
+    /** Content-addressed ID */
+    id: string;
+    /** Public key of revealing agent */
+    agent: string;
+    /** ID of original commit message */
+    commitmentId: string;
+    /** Original prediction (plaintext) */
+    prediction: string;
+    /** Observed outcome */
+    outcome: string;
+    /** Evidence for outcome (optional) */
+    evidence?: string;
+    /** Unix timestamp (ms) */
+    timestamp: number;
+    /** Ed25519 signature */
+    signature: string;
+}
+/**
+ * Computed reputation score for an agent in a specific domain.
+ * Derived from verification history, not stored directly.
+ */
+interface TrustScore {
+    /** Public key of agent being scored */
+    agent: string;
+    /** Domain of reputation */
+    domain: string;
+    /** Computed score (0-1, where 1 = highest trust) */
+    score: number;
+    /** Number of verifications considered */
+    verificationCount: number;
+    /** Timestamp of most recent verification (ms) */
+    lastVerified: number;
+    /** Public keys of top verifiers (by weight) */
+    topVerifiers: string[];
+}
+/**
+ * Request for reputation data about a specific agent.
+ */
+interface ReputationQuery {
+    /** Public key of agent being queried */
+    agent: string;
+    /** Optional: filter by capability domain */
+    domain?: string;
+    /** Optional: only include verifications after this timestamp */
+    after?: number;
+}
+/**
+ * Response containing reputation data for a queried agent.
+ */
+interface ReputationResponse {
+    /** Public key of agent being reported on */
+    agent: string;
+    /** Domain filter (if requested) */
+    domain?: string;
+    /** Verification records matching the query */
+    verifications: VerificationRecord[];
+    /** Computed trust scores by domain */
+    scores: Record<string, TrustScore>;
+}
+/**
+ * Revocation of a previously issued verification.
+ * Used when a verifier discovers their verification was incorrect.
+ */
+interface RevocationRecord {
+    /** Content-addressed ID of this revocation */
+    id: string;
+    /** Public key of agent revoking (must match original verifier) */
+    verifier: string;
+    /** ID of verification being revoked */
+    verificationId: string;
+    /** Reason for revocation */
+    reason: string;
+    /** Unix timestamp (ms) */
+    timestamp: number;
+    /** Ed25519 signature */
+    signature: string;
+}
+/**
+ * Validation result structure
+ */
+interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+}
+/**
+ * Validate a verification record structure
+ */
+declare function validateVerificationRecord(record: unknown): ValidationResult;
+/**
+ * Validate a commit record structure
+ */
+declare function validateCommitRecord(record: unknown): ValidationResult;
+/**
+ * Validate a reveal record structure
+ */
+declare function validateRevealRecord(record: unknown): ValidationResult;
+
+/**
+ * Verification record creation and validation.
+ * Core primitive for computational reputation.
+ */
+
+/**
+ * Create a signed verification record
+ * @param verifier - Public key of the verifying agent
+ * @param privateKey - Private key for signing
+ * @param target - ID of the message/output being verified
+ * @param domain - Capability domain
+ * @param verdict - Verification verdict
+ * @param confidence - Verifier's confidence (0-1)
+ * @param timestamp - Timestamp for the verification (ms)
+ * @param evidence - Optional link to verification evidence
+ * @returns Signed VerificationRecord
+ */
+declare function createVerification(verifier: string, privateKey: string, target: string, domain: string, verdict: 'correct' | 'incorrect' | 'disputed', confidence: number, timestamp: number, evidence?: string): VerificationRecord;
+/**
+ * Verify the cryptographic signature of a verification record
+ * @param record - The verification record to verify
+ * @returns Object with valid flag and optional reason for failure
+ */
+declare function verifyVerificationSignature(record: VerificationRecord): {
+    valid: boolean;
+    reason?: string;
+};
+
+/**
+ * Commit-reveal pattern implementation for tamper-proof predictions.
+ * Agents commit to predictions before outcomes are known, then reveal after.
+ */
+
+/**
+ * Create a commitment hash for a prediction
+ * @param prediction - The prediction string
+ * @returns SHA-256 hash of the prediction (hex string)
+ */
+declare function hashPrediction(prediction: string): string;
+/**
+ * Create a signed commit record
+ * @param agent - Public key of the committing agent
+ * @param privateKey - Private key for signing
+ * @param domain - Domain of the prediction
+ * @param prediction - The prediction to commit to
+ * @param timestamp - Timestamp for the commit (ms)
+ * @param expiryMs - Expiry time in milliseconds from timestamp
+ * @returns Signed CommitRecord
+ */
+declare function createCommit(agent: string, privateKey: string, domain: string, prediction: string, timestamp: number, expiryMs: number): CommitRecord;
+/**
+ * Create a signed reveal record
+ * @param agent - Public key of the revealing agent
+ * @param privateKey - Private key for signing
+ * @param commitmentId - ID of the original commit record
+ * @param prediction - The original prediction (plaintext)
+ * @param outcome - The observed outcome
+ * @param timestamp - Timestamp for the reveal (ms)
+ * @param evidence - Optional evidence for the outcome
+ * @returns Signed RevealRecord
+ */
+declare function createReveal(agent: string, privateKey: string, commitmentId: string, prediction: string, outcome: string, timestamp: number, evidence?: string): RevealRecord;
+/**
+ * Verify a reveal against its commitment
+ * @param commit - The original commit record
+ * @param reveal - The reveal record
+ * @returns Object with valid flag and optional reason for failure
+ */
+declare function verifyReveal(commit: CommitRecord, reveal: RevealRecord): {
+    valid: boolean;
+    reason?: string;
+};
+
+/**
+ * Trust score computation with exponential time decay.
+ * Domain-specific reputation scoring from verification history.
+ */
+
+/**
+ * Exponential decay function for time-based reputation degradation.
+ * @param deltaTimeMs - Time since verification (milliseconds)
+ * @param lambda - Decay rate (default: ln(2)/70 ≈ 0.0099, giving 70-day half-life)
+ * @returns Weight multiplier (0-1)
+ */
+declare function decay(deltaTimeMs: number, lambda?: number): number;
+/**
+ * Compute trust score for an agent in a specific domain
+ * @param agent - Public key of the agent being scored
+ * @param domain - Capability domain
+ * @param verifications - All verification records (will be filtered by target and domain)
+ * @param currentTime - Current timestamp (ms)
+ * @returns TrustScore object with computed reputation
+ */
+declare function computeTrustScore(agent: string, domain: string, verifications: VerificationRecord[], currentTime: number): TrustScore;
+/**
+ * Compute trust scores for an agent across multiple domains
+ * @param agent - Public key of the agent being scored
+ * @param verifications - All verification records
+ * @param currentTime - Current timestamp (ms)
+ * @returns Map of domain to TrustScore
+ */
+declare function computeTrustScores(agent: string, verifications: VerificationRecord[], currentTime: number): Map<string, TrustScore>;
+declare const computeAllTrustScores: typeof computeTrustScores;
+
+/**
+ * Local reputation store using JSONL append-only log.
+ * Stores verification records, commits, and reveals.
+ */
+
+/**
+ * Reputation store with JSONL persistence
+ */
+declare class ReputationStore {
+    private filePath;
+    private verifications;
+    private commits;
+    private reveals;
+    private loaded;
+    constructor(filePath: string);
+    /**
+     * Load records from JSONL file
+     */
+    load(): Promise<void>;
+    /**
+     * Ensure the store is loaded
+     */
+    private ensureLoaded;
+    /**
+     * Append a record to the JSONL file
+     */
+    private appendToFile;
+    /**
+     * Add a verification record
+     */
+    addVerification(verification: VerificationRecord): Promise<void>;
+    /**
+     * Add a commit record
+     */
+    addCommit(commit: CommitRecord): Promise<void>;
+    /**
+     * Add a reveal record
+     */
+    addReveal(reveal: RevealRecord): Promise<void>;
+    /**
+     * Get all verifications
+     */
+    getVerifications(): Promise<VerificationRecord[]>;
+    /**
+     * Get verifications for a specific target
+     */
+    getVerificationsByTarget(target: string): Promise<VerificationRecord[]>;
+    /**
+     * Get verifications by domain
+     */
+    getVerificationsByDomain(domain: string): Promise<VerificationRecord[]>;
+    /**
+     * Get verifications for an agent (where they are the target of verification)
+     * This requires looking up the target message to find the agent
+     * For now, we'll return all verifications and let the caller filter
+     */
+    getVerificationsByDomainForAgent(domain: string): Promise<VerificationRecord[]>;
+    /**
+     * Get all commits
+     */
+    getCommits(): Promise<CommitRecord[]>;
+    /**
+     * Get commit by ID
+     */
+    getCommit(id: string): Promise<CommitRecord | null>;
+    /**
+     * Get commits by agent
+     */
+    getCommitsByAgent(agent: string): Promise<CommitRecord[]>;
+    /**
+     * Get all reveals
+     */
+    getReveals(): Promise<RevealRecord[]>;
+    /**
+     * Get reveal by commitment ID
+     */
+    getRevealByCommitment(commitmentId: string): Promise<RevealRecord | null>;
+    /**
+     * Get reveals by agent
+     */
+    getRevealsByAgent(agent: string): Promise<RevealRecord[]>;
+}
+
+export { type AgoraConfig, type AgoraIdentity, type AgoraPeerConfig, AgoraService, type AgoraServiceConfig, type AnnouncePayload, type AuthenticatedRequest, type BootstrapConfig, type BufferedMessage, type Capability, type CapabilityAnnouncePayload, type CapabilityQueryPayload, type CapabilityResponsePayload, type CommitRecord, type CreateEnvelopeFn, DEFAULT_BOOTSTRAP_RELAYS, type DecodeInboundResult, type DiscoverPayload, type DiscoverResponsePayload, DiscoveryService, type Envelope, type JwtPayload, type KeyPair, type Logger, MessageBuffer, MessageStore, type MessageType, type PaperDiscoveryPayload, type Peer, type PeerConfig, type PeerConfigFile, type PeerDiscoveryConfig, type PeerDiscoveryEvents, PeerDiscoveryService, type PeerListRequestPayload, type PeerListResponsePayload, type PeerReferralPayload, PeerStore, RelayClient, type RelayClientConfig, type RelayClientEvents, type RelayClientFactory, type RelayClientLike, type RelayClientMessage, type RelayConfig, type RelayInterface, type RelayMessageHandler, type RelayMessageHandlerWithName, type RelayPeer, RelayServer, type RelayServerEvents, type RelayServerMessage, type RelayServerOptions, type ReputationQuery, type ReputationResponse, ReputationStore, type RestSession, type RevealRecord, type RevocationRecord, type RunRelayOptions, type SendMessageOptions, type SendMessageResult, type StoredMessage, type TransportConfig, type TrustScore, type ValidationResult, type VerificationRecord, type VerifyEnvelopeFn, canonicalize, computeAllTrustScores, computeId, computeTrustScore, computeTrustScores, createCapability, createCommit, createEnvelope, createRestRouter, createReveal, createToken, createVerification, decay, decodeInboundEnvelope, exportKeyPair, formatDisplayName, generateKeyPair, getDefaultBootstrapRelay, getDefaultConfigPath, hashPrediction, importKeyPair, initPeerConfig, loadAgoraConfig, loadAgoraConfigAsync, loadPeerConfig, parseBootstrapRelay, requireAuth, resolveBroadcastName, revokeToken, runRelay, savePeerConfig, sendToPeer, shortKey, signMessage, validateCapability, validateCommitRecord, validatePeerListRequest, validatePeerListResponse, validatePeerReferral, validateRevealRecord, validateVerificationRecord, verifyEnvelope, verifyReveal, verifySignature, verifyVerificationSignature };