@sekuire/sdk 0.1.4

package/README.md

@@ -0,0 +1,77 @@
+# Sekuire TypeScript SDK
+
+TypeScript/JavaScript SDK for building AI agents with the Sekuire Trust Protocol.
+
+## Installation
+
+```bash
+npm install @sekuire/sdk
+# or
+pnpm add @sekuire/sdk
+```
+
+## Quick Start
+
+### Config-First Approach (Recommended)
+
+Create a `sekuire.yml` file:
+
+```yaml
+project:
+  name: "my-agent"
+  version: "1.0.0"
+
+agents:
+  assistant:
+    name: "AI Assistant"
+    system_prompt: "./prompts/assistant.md"
+    tools: "./tools.json"
+    llm:
+      provider: "openai"
+      model: "gpt-4-turbo"
+      api_key_env: "OPENAI_API_KEY"
+      temperature: 0.7
+    memory:
+      type: "buffer"
+      max_messages: 10
+```
+
+Load and use your agent:
+
+```typescript
+import { getAgent } from '@sekuire/sdk';
+
+const agent = await getAgent('assistant');
+const response = await agent.chat('Hello!');
+console.log(response);
+```
+
+## Features
+
+- ✅ **4 LLM Providers**: OpenAI, Anthropic, Google, Ollama
+- ✅ **Built-in Tools**: Calculator, Web Search, HTTP, File Operations
+- ✅ **Streaming**: Token-by-token responses
+- ✅ **Config-First**: Declarative YAML configuration
+- ✅ **Type-Safe**: Full TypeScript support
+
+## API Reference
+
+### `getAgent(name?, configPath?)`
+Load a single agent from configuration.
+
+### `getAgents(configPath?)`
+Load all agents from configuration.
+
+### `SekuireAgent`
+- `chat(message, options?)` - Send message and get response
+- `chatStream(message, options?)` - Stream response
+- `getHistory()` - Get conversation history
+- `clearHistory()` - Clear history
+
+## Examples
+
+See [examples](../../examples/config-first-agent/) for full examples.
+
+## License
+
+MIT

package/dist/agent.d.ts

@@ -0,0 +1,186 @@
+/**
+ * Sekuire Agent Framework
+ *
+ * High-level API for building compliant AI agents with automatic
+ * identity verification, compliance enforcement, and event logging.
+ */
+import type * as z from "zod";
+import { ComplianceMonitor } from "./compliance";
+import { AgentIdentity } from "./identity";
+import { SekuireLogger } from "./logger";
+export interface SekuireAgentConfig {
+    /** Agent identity (sekuire.json) */
+    identity?: AgentIdentity;
+    /** Compliance configuration file path */
+    configPath?: string;
+    /** Logger configuration */
+    logger?: {
+        apiBaseUrl?: string;
+        environment?: string;
+        enabled?: boolean;
+    };
+    /** Optional custom compliance monitor */
+    compliance?: ComplianceMonitor;
+}
+export interface ToolDefinition<T extends z.ZodObject<any> = any> {
+    /** Unique tool name */
+    name: string;
+    /** Human-readable description */
+    description: string;
+    /** Zod schema for input validation */
+    schema: T;
+    /** Tool execution function */
+    execute: (input: z.infer<T>) => Promise<any> | any;
+    /** Optional: Additional compliance checks */
+    beforeExecute?: (input: z.infer<T>) => Promise<void> | void;
+}
+export interface Message {
+    role: "user" | "assistant" | "system";
+    content: string;
+}
+export interface AgentInvokeOptions {
+    messages: Message[];
+    tools?: string[];
+}
+export interface AgentResponse {
+    message: string;
+    toolCalls?: ToolCall[];
+    metadata?: {
+        tokensUsed?: number;
+        toolsInvoked?: string[];
+        complianceViolations?: number;
+    };
+}
+export interface ToolCall {
+    tool: string;
+    input: any;
+    output: any;
+    allowed: boolean;
+    reason?: string;
+}
+export declare class SekuireAgent {
+    private identity;
+    private compliance;
+    private logger;
+    private tools;
+    constructor(identity: AgentIdentity, compliance: ComplianceMonitor, logger: SekuireLogger);
+    /**
+     * Get agent identity
+     */
+    getIdentity(): AgentIdentity;
+    /**
+     * Get compliance monitor
+     */
+    getCompliance(): ComplianceMonitor;
+    /**
+     * Get logger
+     */
+    getLogger(): SekuireLogger;
+    /**
+     * Register a tool with the agent
+     */
+    registerTool<T extends z.ZodObject<any>>(tool: ToolDefinition<T>): this;
+    /**
+     * Register multiple tools at once
+     */
+    registerTools(tools: ToolDefinition[]): this;
+    /**
+     * Get registered tools
+     */
+    getTools(names?: string[]): ToolDefinition[];
+    /**
+     * Execute a tool by name
+     */
+    executeTool(name: string, input: any): Promise<any>;
+    /**
+     * Invoke the agent (to be implemented by subclasses or plugins)
+     */
+    invoke(options: AgentInvokeOptions): Promise<AgentResponse>;
+    /**
+     * Shutdown agent and flush logs
+     */
+    shutdown(): Promise<void>;
+}
+export declare class SekuireAgentBuilder {
+    private config;
+    private tools;
+    /**
+     * Set agent identity
+     */
+    withIdentity(identity: AgentIdentity): this;
+    /**
+     * Load identity from disk
+     */
+    loadIdentity(path?: string): Promise<this>;
+    /**
+     * Set compliance config path
+     */
+    withConfig(path: string): this;
+    /**
+     * Set logger options
+     */
+    withLogger(options: NonNullable<SekuireAgentConfig["logger"]>): this;
+    /**
+     * Add a tool
+     */
+    withTool<T extends z.ZodObject<any>>(tool: ToolDefinition<T>): this;
+    /**
+     * Add multiple tools
+     */
+    withTools(tools: ToolDefinition[]): this;
+    /**
+     * Build the agent
+     */
+    build(): Promise<SekuireAgent>;
+}
+/**
+ * Create a new Sekuire agent with compliance and identity
+ *
+ * @example
+ * ```typescript
+ * const agent = await createAgent({
+ *   configPath: './sekuire.yaml',
+ *   tools: [weatherTool, calculatorTool],
+ * });
+ * ```
+ */
+export declare function createAgent(config?: {
+    identity?: AgentIdentity;
+    configPath?: string;
+    tools?: ToolDefinition[];
+    logger?: SekuireAgentConfig["logger"];
+}): Promise<SekuireAgent>;
+/**
+ * Create a compliant tool definition
+ *
+ * @example
+ * ```typescript
+ * const weatherTool = tool({
+ *   name: 'get_weather',
+ *   description: 'Get weather for a city',
+ *   schema: z.object({
+ *     city: z.string(),
+ *   }),
+ *   execute: async ({ city }) => {
+ *     return `Weather in ${city}: Sunny`;
+ *   },
+ * });
+ * ```
+ */
+export declare function tool<T extends z.ZodObject<any>>(definition: ToolDefinition<T>): ToolDefinition<T>;
+/**
+ * Create multiple tools at once
+ *
+ * @example
+ * ```typescript
+ * const [weather, calc] = tools(
+ *   { name: 'weather', ... },
+ *   { name: 'calculator', ... }
+ * );
+ * ```
+ */
+export declare function tools<T extends ToolDefinition[]>(...definitions: T): T;
+/**
+ * Get tools registered with an agent
+ */
+export declare function getTools(agent: SekuireAgent, names?: string[]): ToolDefinition[];

package/dist/client.d.ts

@@ -0,0 +1,37 @@
+import { type AgentResponse, type HandshakeResult, type KeyPair, type SekuireClientConfig } from "./types";
+/**
+ * Sekuire client for verifying agents and performing handshakes
+ */
+export declare class SekuireClient {
+    private readonly keyPair;
+    private readonly httpClient;
+    constructor(keyPair: KeyPair, config: SekuireClientConfig);
+    /**
+     * Perform the full handshake with a remote agent
+     */
+    connect(agentUrl: string, expectedAgentId?: string): Promise<HandshakeResult>;
+    /**
+     * Verify an agent's signature
+     */
+    private verifyAgentSignature;
+    /**
+     * Fetch agent's public key from the registry
+     */
+    fetchAgentPublicKey(agentId: string): Promise<string>;
+    /**
+     * Get agent information from the registry
+     */
+    getAgentInfo(agentId: string): Promise<AgentResponse>;
+    /**
+     * Search for agents in the registry
+     */
+    searchAgents(query: string): Promise<AgentResponse[]>;
+    /**
+     * Sign data with the client's private key
+     */
+    sign(data: string): string;
+    /**
+     * Get the client's public key
+     */
+    getPublicKey(): string;
+}

package/dist/compliance.d.ts

@@ -0,0 +1,236 @@
+/**
+ * 🛡️ Sekuire Compliance Enforcement System for TypeScript
+ *
+ * Runtime compliance enforcement that blocks all unauthorized behavior.
+ * Everything blocked unless explicitly allowed in sekuire.yaml.
+ */
+import type { SekuireLogger } from "./logger";
+export interface ComplianceConfig {
+    agent: {
+        name: string;
+        version: string;
+        tenant?: string;
+        compliance_level?: string;
+    };
+    permissions: {
+        network: {
+            default_deny?: boolean;
+            allow: string[];
+            block?: string[];
+        };
+        filesystem: {
+            default_deny?: boolean;
+            allow_read: string[];
+            allow_write: string[];
+            block_all?: string[];
+        };
+        env: {
+            default_deny?: boolean;
+            allow: string[];
+            block?: string[];
+        };
+        tools: {
+            enforce_whitelist: boolean;
+            audit_all_calls?: boolean;
+            blocked_patterns: string[];
+            timeout_seconds?: number;
+        };
+        model: {
+            allowed_models: string[];
+            max_temperature: number;
+            max_tokens: number;
+            audit_api_calls?: boolean;
+        };
+        content: {
+            blocked_input_patterns: string[];
+            blocked_output_patterns: string[];
+            max_response_length?: number;
+        };
+    };
+    logging?: {
+        level: string;
+        audit_all_requests?: boolean;
+        audit_all_tool_calls?: boolean;
+        log_network_requests?: boolean;
+        log_file_access?: boolean;
+        retention_days?: number;
+    };
+    alerts?: {
+        real_time_monitoring?: boolean;
+        security_violation_alerts?: boolean;
+        compliance_breach_alerts?: boolean;
+        performance_anomaly_alerts?: boolean;
+    };
+    enterprise?: {
+        tenant_id?: string;
+        department?: string;
+        cost_center?: string;
+    };
+}
+export interface ComplianceViolation {
+    timestamp: Date;
+    category: string;
+    message: string;
+    details: Record<string, any>;
+    agentId: string;
+}
+export declare class ComplianceError extends Error {
+    readonly category: string;
+    readonly details: Record<string, any>;
+    constructor(message: string, category?: string, details?: Record<string, any>);
+}
+export declare class NetworkComplianceError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+export declare class FileAccessError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+export declare class ToolUsageError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+export declare class ContentPolicyError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+/**
+ * 🔒 Runtime compliance enforcement system
+ *
+ * Enforces all rules defined in sekuire.yaml:
+ * - Network access control
+ * - File system restrictions
+ * - Tool usage limits
+ * - Content filtering
+ * - Environment variable access
+ */
+export declare class ComplianceMonitor {
+    private configPath;
+    private config;
+    private violations;
+    private logger?;
+    private networkAllowSet;
+    private networkBlockSet;
+    private filesReadSet;
+    private filesWriteSet;
+    private filesBlockPatterns;
+    private envAllowSet;
+    private envBlockSet;
+    private allowedToolsSet;
+    private toolBlockPatterns;
+    private inputBlockPatterns;
+    private outputBlockPatterns;
+    private allowedModelsSet;
+    private networkCache;
+    private contentCache;
+    private readonly maxCacheSize;
+    constructor(configPath?: string, logger?: SekuireLogger);
+    private loadConfig;
+    private buildIndexes;
+    private loadAllowedTools;
+    /**
+     * 🌐 Check if network access is allowed
+     *
+     * @param url Target URL
+     * @param method HTTP method (GET, POST, etc.)
+     * @throws NetworkComplianceError If access is blocked
+     */
+    checkNetworkAccess(url: string, method?: string): boolean;
+    /**
+     * Create a safe fetch function with compliance enforcement
+     */
+    createSafeFetch(originalFetch?: typeof fetch): typeof fetch;
+    /**
+     * 📁 Check if file access is allowed
+     *
+     * @param filePath File path
+     * @param mode 'read', 'write', 'execute'
+     * @throws FileAccessError If access is blocked
+     */
+    checkFileAccess(filePath: string, mode?: "read" | "write" | "execute"): boolean;
+    /**
+     * Safe file reading with compliance check
+     */
+    safeReadFile(filePath: string, encoding?: BufferEncoding): string;
+    /**
+     * Safe file writing with compliance check
+     */
+    safeWriteFile(filePath: string, data: string | Buffer, encoding?: BufferEncoding): void;
+    /**
+     * 🔐 Check if environment variable access is allowed
+     *
+     * @param varName Environment variable name
+     * @throws ComplianceError If access is blocked
+     */
+    checkEnvAccess(varName: string): boolean;
+    /**
+     * Safe environment variable access
+     */
+    safeGetEnv(varName: string, defaultValue?: string): string | undefined;
+    /**
+     * 🛠️ Check if tool usage is allowed
+     *
+     * @param toolName Name of the tool
+     * @param codeSnippet Code snippet for pattern checking
+     * @throws ToolUsageError If tool usage is blocked
+     */
+    checkToolUsage(toolName: string, codeSnippet?: string): boolean;
+    /**
+     * 💬 Check input content for policy violations
+     *
+     * @param content Input content to check
+     * @throws ContentPolicyError If content violates policy
+     */
+    checkInputContent(content: string): boolean;
+    /**
+     * 📤 Check output content for policy violations
+     *
+     * @param content Output content to check
+     * @throws ContentPolicyError If content violates policy
+     */
+    checkOutputContent(content: string): boolean;
+    private checkContent;
+    /**
+     * 🤖 Check AI model usage compliance
+     *
+     * @param model Model name
+     * @param temperature Temperature setting
+     * @param maxTokens Max tokens setting
+     * @throws ComplianceError If model usage violates rules
+     */
+    checkModelUsage(model: string, temperature?: number, maxTokens?: number): boolean;
+    /**
+     * 🔢 Generate BLAKE3 hash for content integrity checking
+     */
+    hashContent(content: string): string;
+    /**
+     * Verify file hasn't been modified
+     */
+    checkFileIntegrity(filePath: string, expectedHash: string): boolean;
+    /**
+     * Log compliance violation
+     */
+    private logViolation;
+    /**
+     * 🚨 Send security alert to monitoring systems
+     */
+    private sendSecurityAlert;
+    /**
+     * 📊 Get current compliance status and statistics
+     */
+    getComplianceStatus(): Record<string, any>;
+    /**
+     * Get recent violations
+     */
+    getViolations(category?: string, limit?: number): ComplianceViolation[];
+    /**
+     * Clear violation log
+     */
+    clearViolations(): void;
+    /**
+     * Set cache value with size limit
+     */
+    private setCacheValue;
+    /**
+     * Pre-warm caches with common operations
+     */
+    preWarmCaches(): void;
+}
+export default ComplianceMonitor;

package/dist/config/loader.d.ts

@@ -0,0 +1,138 @@
+export interface SekuireConfig {
+    project: {
+        name: string;
+        version: string;
+        description?: string;
+        author?: string;
+        license?: string;
+    };
+    agents?: {
+        [key: string]: AgentConfig;
+    };
+    agent?: AgentConfig;
+    llm?: LLMConfig;
+    logger?: LoggerConfig;
+    permissions?: PermissionsConfig;
+    rate_limits?: RateLimitsConfig;
+}
+export interface PermissionsConfig {
+    network?: {
+        enabled?: boolean;
+        require_tls?: boolean;
+        allowed_domains?: string[];
+        blocked_domains?: string[];
+    };
+    filesystem?: {
+        enabled?: boolean;
+        allowed_paths?: string[];
+        blocked_paths?: string[];
+        allowed_extensions?: string[];
+    };
+    api?: {
+        enabled?: boolean;
+        allowed_services?: Array<{
+            service_name: string;
+            endpoints?: string[];
+        }>;
+    };
+}
+export interface RateLimitsConfig {
+    per_agent?: {
+        requests_per_minute?: number;
+        tokens_per_hour?: number;
+    };
+}
+export interface AgentConfig {
+    name: string;
+    system_prompt: string;
+    tools: string;
+    llm: LLMConfig;
+    memory?: MemoryConfig;
+    compliance?: ComplianceConfig;
+    models?: {
+        allowed_models?: string[];
+        blocked_models?: string[];
+    };
+    toolsets?: {
+        allowed_tools?: Array<{
+            name: string;
+            description?: string;
+        }>;
+        blocked_tools?: string[];
+    };
+}
+export interface LLMConfig {
+    provider: string;
+    model: string;
+    api_key_env: string;
+    temperature?: number;
+    max_tokens?: number;
+    streaming?: boolean;
+    base_url?: string;
+}
+export interface MemoryConfig {
+    type: "in-memory" | "redis" | "postgres";
+    max_messages?: number;
+    redis?: {
+        url?: string;
+        host?: string;
+        port?: number;
+        password?: string;
+        db?: number;
+        keyPrefix?: string;
+    };
+    postgres?: {
+        connectionString?: string;
+        host?: string;
+        port?: number;
+        database?: string;
+        user?: string;
+        password?: string;
+        tableName?: string;
+    };
+}
+export interface ComplianceConfig {
+    framework?: string;
+    audit_logging?: boolean;
+    sensitive_data_detection?: boolean;
+    require_approval?: string[];
+}
+export interface LoggerConfig {
+    api_base_url?: string;
+    environment?: string;
+    enabled?: boolean;
+}
+export interface ToolsSchema {
+    version: string;
+    tools: ToolDefinition[];
+}
+export interface ToolDefinition {
+    name: string;
+    description: string;
+    category?: string;
+    schema: {
+        type: string;
+        properties: Record<string, unknown>;
+        required?: string[];
+    };
+    implementation: string;
+    permissions?: any;
+    compliance?: any;
+}
+/**
+ * Load sekuire.yml configuration file
+ */
+export declare function loadConfig(configPath?: string): Promise<SekuireConfig>;
+/**
+ * Load system prompt from file
+ */
+export declare function loadSystemPrompt(promptPath: string, basePath?: string): Promise<string>;
+/**
+ * Load tools configuration from JSON file
+ */
+export declare function loadTools(toolsPath: string, basePath?: string): Promise<ToolsSchema>;
+/**
+ * Get agent configuration by name
+ * Supports both single agent and multi-agent configs
+ */
+export declare function getAgentConfig(config: SekuireConfig, agentName?: string): AgentConfig;