@sekuire/sdk 0.1.24 → 0.2.0

package/dist/index.d.ts

@@ -1,7 +1,4 @@
 import * as z from 'zod';
-import { Tracer } from '@opentelemetry/api';
-import { ExportResult } from '@opentelemetry/core';
-import { SpanExporter, ReadableSpan } from '@opentelemetry/sdk-trace-base';
 
 interface ActivePolicy {
     policy_id: string;
@@ -49,8 +46,8 @@ interface CustomRule {
         agents?: string[];
     };
     conditions: RuleCondition[];
-    logic: "any" | "all";
-    action: "deny" | "warn";
+    logic: 'any' | 'all';
+    action: 'deny' | 'warn';
     message: string;
 }
 interface RuleCondition {
@@ -59,7 +56,7 @@ interface RuleCondition {
     value: unknown;
     case_sensitive?: boolean;
 }
-type ConditionOperator = "contains" | "not_contains" | "equals" | "not_equals" | "starts_with" | "ends_with" | "matches" | "in" | "not_in" | "greater_than" | "less_than";
+type ConditionOperator = 'contains' | 'not_contains' | 'equals' | 'not_equals' | 'starts_with' | 'ends_with' | 'matches' | 'in' | 'not_in' | 'greater_than' | 'less_than';
 interface PolicyDecision {
     allowed: boolean;
     violations: PolicyViolation[];
@@ -634,16 +631,12 @@ declare class AgentIdentity {
     verify(message: string, signatureHex: string): boolean;
 }
 
-/**
- * 🛡️ Sekuire Logger - Asynchronous Event Logging for TypeScript SDK
- *
- * Provides batched, fire-and-forget logging to Sekuire Registry API
- */
 type EventType = "tool_execution" | "model_call" | "policy_violation" | "policy_check" | "network_access" | "file_access" | "health";
 type Severity = "debug" | "info" | "warn" | "error";
+type FallbackMode = "console" | "file" | "silent";
 interface LoggerConfig$1 {
     sekuireId: string;
-    apiBaseUrl: string;
+    apiBaseUrl?: string;
     apiKey?: string;
     sessionId?: string;
     workspaceId?: string;
@@ -651,10 +644,16 @@ interface LoggerConfig$1 {
     enabled?: boolean;
     batchSize?: number;
     flushInterval?: number;
+    maxRetries?: number;
+    retryBaseDelay?: number;
     onError?: (error: Error, context: {
         operation: string;
         eventsLost?: number;
     }) => void;
+    fallback?: FallbackMode;
+    fallbackFilePath?: string;
+    maxBufferSize?: number;
+    privateKey?: string;
 }
 interface EventLog {
     sekuire_id: string;
@@ -665,68 +664,46 @@ interface EventLog {
     event_timestamp: string;
     event_data: Record<string, any>;
     metadata: Record<string, any>;
+    signature?: string;
 }
-/**
- * Asynchronous logger for Sekuire compliance events
- *
- * Features:
- * - Buffered batching (flush every N events or X seconds)
- * - Fire-and-forget (non-blocking)
- * - Health heartbeat tracking
- * - Graceful shutdown
- */
 declare class SekuireLogger {
     private config;
     private buffer;
+    private retryQueue;
+    private overflowEventsTotal;
     private flushTimer?;
     private heartbeatTimer?;
     private isFlushing;
     private client;
     private readonly sdkVersion;
+    private readonly apiAvailable;
+    private readonly fallbackMode;
+    private readonly maxBufferSize;
+    private readonly maxRetries;
+    private readonly retryBaseDelay;
+    private readonly privateKey?;
     constructor(config: LoggerConfig$1);
-    /**
-     * Log an event (buffered, non-blocking)
-     */
     logEvent(eventType: EventType, severity: Severity, eventData: Record<string, any>): void;
-    /**
-     * Flush buffer to API (fire-and-forget)
-     */
     flush(): Promise<void>;
-    /**
-     * Send health heartbeat to API
-     */
+    private sendBatch;
+    private processRetryQueue;
+    private writeFallback;
+    private writeFallbackToFile;
     private sendHealthHeartbeat;
-    /**
-     * Start flush timer (every N milliseconds)
-     */
     private startFlushTimer;
-    /**
-     * Start heartbeat timer (every 30 seconds)
-     */
     private startHeartbeatTimer;
-    /**
-     * Stop timers
-     */
     private stopTimers;
-    /**
-     * Shutdown logger gracefully
-     * - Stops timers
-     * - Flushes remaining events
-     * - Safe to call multiple times
-     */
     shutdown(): Promise<void>;
-    /**
-     * Get logger status for debugging
-     */
     getStatus(): {
         enabled: boolean;
         bufferedEvents: number;
         sessionId: string;
         environment: string;
+        apiAvailable: boolean;
+        fallbackMode: FallbackMode;
+        overflowEventsTotal: number;
+        retryQueueSize: number;
     };
-    /**
-     * Enable/disable logging at runtime
-     */
     setEnabled(enabled: boolean): void;
 }
 
@@ -803,6 +780,7 @@ declare class TaskWorker {
     private credentialsStore?;
     private tokenProvider?;
     private policyGateway?;
+    private degradedMode;
     constructor(config: WorkerConfig);
     private getEnvVar;
     /**
@@ -1538,10 +1516,31 @@ interface HandshakeWelcome {
     agentId: string;
     agentNonce: string;
     signatureC: string;
+    agentPublicKey: string;
     credentials: string[];
 }
 interface HandshakeAuth {
     signatureA: string;
+    clientPublicKey: string;
+    clientNonce?: string;
+}
+interface HandshakeAuthResult {
+    success: true;
+    sessionToken: string;
+    expiresInSeconds: number;
+}
+interface SignedRequestVerificationInput {
+    method: string;
+    path: string;
+    body?: unknown;
+    sessionToken: string | string[] | undefined;
+    timestamp: string | number | string[] | undefined;
+    signature: string | string[] | undefined;
+}
+interface VerifiedRequestContext {
+    sessionToken: string;
+    clientPublicKey: string;
+    timestampMs: number;
 }
 interface VerifyAgentRequest {
     sekuireId: string;
@@ -1618,6 +1617,7 @@ interface HandshakeResult {
     agentId: string;
     verified: boolean;
     credentials: string[];
+    sessionToken?: string;
 }
 declare class SekuireError extends Error {
     readonly code: string;
@@ -1648,6 +1648,7 @@ type AgentId = string;
 declare class SekuireClient {
     private readonly keyPair;
     private readonly httpClient;
+    private sessionToken?;
     constructor(keyPair: KeyPair, config: SekuireClientConfig);
     /**
      * Perform the full handshake with a remote agent
@@ -1673,6 +1674,20 @@ declare class SekuireClient {
      * Sign data with the client's private key
      */
     sign(data: string): string;
+    private buildRequestSignatureMessage;
+    /**
+     * Build signed headers for protected agent endpoints (for example /chat, /webhook, /a2a/tasks).
+     * Requires a successful connect() call to obtain a session token.
+     */
+    createSignedRequestHeaders(method: string, path: string, body?: unknown, timestampMs?: number): Record<string, string>;
+    /**
+     * Get the current authenticated session token, if any.
+     */
+    getSessionToken(): string | undefined;
+    /**
+     * Clear the local session token.
+     */
+    clearSession(): void;
     /**
      * Get the client's public key
      */
@@ -1901,6 +1916,21 @@ interface AgentConfig {
     llm: LLMConfig;
     memory?: MemoryConfig;
     compliance?: ComplianceConfig;
+    allowed_tools?: string[];
+    blocked_tools?: string[];
+    network?: {
+        enabled?: boolean;
+        require_tls?: boolean;
+        allow?: string[];
+        block?: string[];
+    };
+    filesystem?: {
+        enabled?: boolean;
+        allow_read?: string[];
+        allow_write?: string[];
+        block_all?: string[];
+        allowed_extensions?: string[];
+    };
     models?: {
         allowed_models?: string[];
         blocked_models?: string[];
@@ -1923,7 +1953,7 @@ interface LLMConfig {
     base_url?: string;
 }
 interface MemoryConfig {
-    type: 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex' | string;
+    type: 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'file' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex' | string;
     max_messages?: number;
     redis?: {
         url?: string;
@@ -1946,6 +1976,9 @@ interface MemoryConfig {
         filename: string;
         tableName?: string;
     };
+    file?: {
+        path: string;
+    };
     upstash?: {
         url: string;
         token: string;
@@ -1978,7 +2011,40 @@ interface MemoryConfig {
         url: string;
         adminKey?: string;
     };
-    config?: Record<string, unknown>;
+    config?: {
+        filename?: string;
+        path?: string;
+        url?: string;
+        token?: string;
+        table_name?: string;
+        tableName?: string;
+        namespace_id?: string;
+        namespaceId?: string;
+        database_id?: string;
+        databaseId?: string;
+        account_id?: string;
+        accountId?: string;
+        api_token?: string;
+        apiToken?: string;
+        auth_token?: string;
+        authToken?: string;
+        admin_key?: string;
+        adminKey?: string;
+        connection_string?: string;
+        connectionString?: string;
+        host?: string;
+        port?: number;
+        database?: string;
+        user?: string;
+        password?: string;
+        db?: number;
+        keyPrefix?: string;
+        endpoint?: string;
+        create_table?: boolean;
+        createTable?: boolean;
+        readonly?: boolean;
+        [key: string]: unknown;
+    };
 }
 interface ComplianceConfig {
     framework?: string;
@@ -2044,9 +2110,40 @@ declare class SekuireCrypto {
      */
     static hash(data: string | Uint8Array): HexString;
     /**
-     * Calculate Sekuire ID from agent components
+     * Calculate Sekuire ID using the canonical algorithm (V2).
+     *
+     * Matches the CLI reference implementation (auth.rs:243-250):
+     *   fingerprint = "model:{model}|prompt:{BLAKE3(trim(prompt))}|tools:{BLAKE3(canonical_json(tools))}"
+     *   sekuire_id  = BLAKE3(fingerprint)
+     *
+     * projectName and projectVersion are accepted for backwards compatibility
+     * but are NOT used in the ID computation.
      */
     static calculateSekuireId(params: {
+        model: string;
+        systemPrompt: string;
+        tools: string;
+        projectName?: string;
+        projectVersion?: string;
+    }): HexString;
+    /**
+     * Canonical identity algorithm aligned with CLI (auth.rs:243-250).
+     *
+     * 1. promptHash  = BLAKE3(trim(systemPrompt))
+     * 2. toolsHash   = BLAKE3(JSON.stringify(JSON.parse(tools)))  // canonical JSON
+     * 3. fingerprint = "model:{model}|prompt:{promptHash}|tools:{toolsHash}"
+     * 4. sekuireId   = BLAKE3(fingerprint)
+     */
+    static calculateSekuireIdV2(params: {
+        model: string;
+        systemPrompt: string;
+        tools: string;
+    }): HexString;
+    /**
+     * @deprecated Use calculateSekuireId (V2) instead. This legacy algorithm
+     * concatenates all fields in a single pass and does not match the CLI.
+     */
+    static calculateSekuireIdLegacy(params: {
         model: string;
         systemPrompt: string;
         tools: string;
@@ -2074,7 +2171,7 @@ declare class SekuireCrypto {
      */
     static isValidPublicKey(hex: string): boolean;
     /**
-     * Validate Ed25519 private key format (64 bytes)
+     * Validate Ed25519 private key format (32-byte seed or 64-byte secret key)
      */
     static isValidPrivateKey(hex: string): boolean;
     /**
@@ -2083,6 +2180,31 @@ declare class SekuireCrypto {
     static isValidNonce(hex: string): boolean;
 }
 
+type ViolationHandler = (rule: string, reason: string) => void;
+declare class PolicyEnforcer {
+    private readonly policy;
+    private readonly onViolation?;
+    private readonly override;
+    private rateLimitWindows;
+    constructor(policy: ActivePolicy, override?: boolean, onViolation?: ViolationHandler | undefined);
+    enforceNetwork(domain: string, protocol: string): void;
+    enforceFilesystem(path: string, operation: string): void;
+    enforceTool(toolName: string): void;
+    private matchesCategoryPattern;
+    private toolMatchesCategory;
+    private toolMatchesCategoryOperation;
+    enforceModel(model: string): void;
+    enforceApi(service: string): void;
+    enforceRateLimit(type: "request" | "token", count?: number): void;
+    isOverrideEnabled(): boolean;
+    private checkWindow;
+    private cleanupStaleWindows;
+    private throw;
+    private warnOnly;
+    private matches;
+    private pathMatch;
+}
+
 interface ToolDefinition {
     type: 'function';
     function: {
@@ -2138,30 +2260,13 @@ interface ChatChunk {
  * Base interface for LLM providers
  */
 interface LLMProvider {
-    /**
-     * Send chat messages and get response
-     */
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
-    /**
-     * Stream chat response
-     */
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
-    /**
-     * Count tokens in text (approximate)
-     */
     countTokens(text: string): number;
-    /**
-     * Get maximum context window size
-     */
     getMaxTokens(): number;
-    /**
-     * Get provider name
-     */
     getProviderName(): string;
-    /**
-     * Get model name
-     */
     getModelName(): string;
+    setPolicyEnforcer?(enforcer: unknown): void;
 }
 /**
  * Configuration for creating LLM providers
@@ -2178,7 +2283,14 @@ interface LLMProviderConfig {
 declare abstract class BaseLLMProvider implements LLMProvider {
     protected model: string;
     protected maxTokens: number;
+    private _policyEnforcer?;
     constructor(config: LLMProviderConfig);
+    setPolicyEnforcer(enforcer: PolicyEnforcer): void;
+    getPolicyEnforcer(): PolicyEnforcer | undefined;
+    protected enforcePreCall(): void;
+    protected enforcePostCall(usage?: {
+        total_tokens: number;
+    }): void;
     abstract chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     abstract chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
     abstract getProviderName(): string;
@@ -2191,6 +2303,7 @@ declare abstract class BaseLLMProvider implements LLMProvider {
 declare class AnthropicProvider extends BaseLLMProvider {
     private client;
     constructor(config: LLMProviderConfig);
+    static create(config: LLMProviderConfig): Promise<AnthropicProvider>;
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
     getProviderName(): string;
@@ -2200,10 +2313,13 @@ declare class AnthropicProvider extends BaseLLMProvider {
 declare class GoogleProvider extends BaseLLMProvider {
     private client;
     constructor(config: LLMProviderConfig);
+    static create(config: LLMProviderConfig): Promise<GoogleProvider>;
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
     getProviderName(): string;
     protected getMaxTokensForModel(model: string): number;
+    private buildTools;
+    private buildHistory;
 }
 
 declare class OllamaProvider extends BaseLLMProvider {
@@ -2218,6 +2334,7 @@ declare class OllamaProvider extends BaseLLMProvider {
 declare class OpenAIProvider extends BaseLLMProvider {
     private client;
     constructor(config: LLMProviderConfig);
+    static create(config: LLMProviderConfig): Promise<OpenAIProvider>;
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
     getProviderName(): string;
@@ -2227,20 +2344,20 @@ declare class OpenAIProvider extends BaseLLMProvider {
 /**
  * Create an LLM provider based on provider name
  */
-declare function createLLMProvider(provider: string, config: LLMProviderConfig): LLMProvider;
+declare function createLLMProvider(provider: string, config: LLMProviderConfig): Promise<LLMProvider>;
 /**
  * Factory functions for easy LLM instantiation
  */
 declare const llm: {
     openai: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
-    }) => OpenAIProvider;
+    }) => Promise<OpenAIProvider>;
     anthropic: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
-    }) => AnthropicProvider;
+    }) => Promise<AnthropicProvider>;
     google: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
-    }) => GoogleProvider;
+    }) => Promise<GoogleProvider>;
     ollama: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
     }) => OllamaProvider;
@@ -2351,6 +2468,7 @@ declare class SQLiteStorage extends BaseMemoryStorage {
     private connectionPromise;
     constructor(config: SQLiteConfig);
     connect(): Promise<void>;
+    private loadDatabaseDriver;
     private ensureTableExists;
     private ensureConnected;
     add(sessionId: string, message: MemoryMessage): Promise<void>;
@@ -2361,6 +2479,10 @@ declare class SQLiteStorage extends BaseMemoryStorage {
     disconnect(): Promise<void>;
 }
 
+interface FileStorageConfig {
+    path: string;
+}
+
 interface UpstashConfig {
     url: string;
     token: string;
@@ -2513,13 +2635,14 @@ declare function getStorageInfo(): Array<{
     description?: string;
 }>;
 
-type BuiltInMemoryType = 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex';
+type BuiltInMemoryType = 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'file' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex';
 type MemoryType = BuiltInMemoryType | string;
 interface MemoryFactoryConfig {
     type: MemoryType;
     redis?: RedisConfig;
     postgres?: PostgresConfig;
     sqlite?: SQLiteConfig;
+    file?: FileStorageConfig;
     upstash?: UpstashConfig;
     cloudflareKV?: CloudflareKVConfig;
     cloudflareD1?: CloudflareD1Config;
@@ -2531,28 +2654,6 @@ interface MemoryFactoryConfig {
 }
 declare function createMemoryStorage(config: MemoryFactoryConfig): MemoryStorage;
 
-type ViolationHandler = (rule: string, reason: string) => void;
-declare class PolicyEnforcer {
-    private readonly policy;
-    private readonly onViolation?;
-    private readonly override;
-    private rateLimitWindows;
-    constructor(policy: ActivePolicy, override?: boolean, onViolation?: ViolationHandler | undefined);
-    enforceNetwork(domain: string, protocol: string): void;
-    enforceFilesystem(path: string, operation: string): void;
-    enforceTool(toolName: string): void;
-    private getCategoryPrefix;
-    enforceModel(model: string): void;
-    enforceApi(service: string): void;
-    enforceRateLimit(type: "request" | "token", count?: number): void;
-    private checkWindow;
-    private cleanupStaleWindows;
-    private throw;
-    private warnOnly;
-    private matches;
-    private pathMatch;
-}
-
 /**
  * Options for overriding agent configuration
  */
@@ -2690,7 +2791,17 @@ declare function getTools(agentName?: string, configPath?: string): Promise<Tool
 declare abstract class SekuireServer {
     protected readonly agentId: string;
     protected readonly keyPair: KeyPair;
+    private readonly pendingHandshakes;
+    private readonly activeSessions;
+    private static readonly HANDSHAKE_TTL_MS;
+    private static readonly SESSION_TTL_MS;
+    private static readonly REQUEST_CLOCK_SKEW_MS;
     constructor(agentId: string, keyPair: KeyPair);
+    private purgeExpiredHandshakes;
+    private purgeExpiredSessions;
+    private firstHeaderValue;
+    private parseTimestamp;
+    private buildRequestSignatureMessage;
     /**
      * Handle the HELLO handshake message
      */
@@ -2698,7 +2809,12 @@ declare abstract class SekuireServer {
     /**
      * Handle the AUTH handshake message
      */
-    handleAuth(auth: HandshakeAuth, clientNonce: string): Promise<void>;
+    handleAuth(auth: HandshakeAuth, clientNonce: string): Promise<HandshakeAuthResult>;
+    /**
+     * Verify a signed request for protected application endpoints (for example /chat, /webhook, /a2a/tasks).
+     * Requires a valid handshake session token and Ed25519 signature by the authenticated client key.
+     */
+    verifySignedRequest(input: SignedRequestVerificationInput): Promise<VerifiedRequestContext>;
     /**
      * Get the agent's public key
      */
@@ -2716,10 +2832,23 @@ declare abstract class SekuireServer {
  * Express.js middleware for Sekuire protocol
  */
 declare function createSekuireExpressMiddleware(server: SekuireServer): any[];
+interface RequestAuthOptions {
+    protectedPaths?: string[];
+}
+/**
+ * Express middleware that enforces signed-request authentication for protected paths.
+ * Defaults to protecting POST /chat, POST /webhook, and POST /a2a/tasks.
+ */
+declare function createSekuireExpressRequestAuthMiddleware(server: SekuireServer, options?: RequestAuthOptions): (req: any, res: any, next: any) => Promise<any>;
 /**
  * Fastify plugin for Sekuire protocol
  */
 declare function createSekuireFastifyPlugin(server: SekuireServer): (fastify: any, options: any) => Promise<void>;
+/**
+ * Fastify preHandler that enforces signed-request authentication for protected paths.
+ * Defaults to protecting POST /chat, POST /webhook, and POST /a2a/tasks.
+ */
+declare function createSekuireFastifyRequestAuthHook(server: SekuireServer, options?: RequestAuthOptions): (request: any, reply: any) => Promise<void>;
 
 interface ToolInput {
     [key: string]: string | number | boolean | object;
@@ -3296,9 +3425,22 @@ declare function createDelegationTool(client: SekuireClient): ToolDefinition$2;
  */
 declare function generateKeyPair(): KeyPair;
 /**
- * Calculate Sekuire ID from agent configuration
+ * Calculate Sekuire ID from agent configuration (canonical V2 algorithm).
+ *
+ * projectName and projectVersion are accepted for backwards compatibility
+ * but are NOT used in the ID computation.
  */
 declare function calculateSekuireId(params: {
+    model: string;
+    systemPrompt: string;
+    tools: string;
+    projectName?: string;
+    projectVersion?: string;
+}): string;
+/**
+ * @deprecated Use calculateSekuireId (V2) instead.
+ */
+declare function calculateSekuireIdLegacy(params: {
     model: string;
     systemPrompt: string;
     tools: string;
@@ -3316,11 +3458,11 @@ interface SekuireExporterConfig {
     authToken?: string;
     workspaceId?: string;
 }
-declare class SekuireSpanExporter implements SpanExporter {
+declare class SekuireSpanExporter {
     private config;
     private pendingExport;
     constructor(config: SekuireExporterConfig);
-    export(spans: ReadableSpan[], resultCallback: (result: ExportResult) => void): void;
+    export(spans: any[], resultCallback: (result: any) => void): void;
     private spanToEvent;
     private mapSpanToEventType;
     private getDurationMs;
@@ -3346,8 +3488,8 @@ interface TelemetryConfig {
         scheduledDelayMillis?: number;
     };
 }
-declare function initTelemetry(config: TelemetryConfig): Tracer;
-declare function getTracer(): Tracer;
+declare function initTelemetry(config: TelemetryConfig): any;
+declare function getTracer(): any;
 declare function shutdownTelemetry(): Promise<void>;
 
 declare function detectDeploymentUrl(): string | undefined;
@@ -3567,5 +3709,5 @@ declare class A2AServer {
     private generateId;
 }
 
-export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, applyBootstrapResponse, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
-export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BootstrapResponseData, BootstrapTarget, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ConditionOperator, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, CustomRule, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PerAgentLimits, PolicyDecision, PolicyViolation, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RateLimitsConfig$1 as RateLimitsConfig, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RuleCondition, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };
+export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, applyBootstrapResponse, builtInTools, calculateSekuireId, calculateSekuireIdLegacy, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireExpressRequestAuthMiddleware, createSekuireFastifyPlugin, createSekuireFastifyRequestAuthHook, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
+export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BootstrapResponseData, BootstrapTarget, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ConditionOperator, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, CustomRule, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, FallbackMode, HandshakeAuth, HandshakeAuthResult, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PerAgentLimits, PolicyDecision, PolicyViolation, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RateLimitsConfig$1 as RateLimitsConfig, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RequestAuthOptions, RuleCondition, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SignedRequestVerificationInput, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifiedRequestContext, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };