@sekuire/sdk 0.1.4

package/dist/index.d.ts

@@ -0,0 +1,1987 @@
+import * as z from 'zod';
+
+/**
+ * 🛡️ Sekuire Logger - Asynchronous Event Logging for TypeScript SDK
+ *
+ * Provides batched, fire-and-forget logging to Sekuire Registry API
+ */
+type EventType = "tool_execution" | "model_call" | "policy_violation" | "policy_check" | "network_access" | "file_access" | "health";
+type Severity = "debug" | "info" | "warn" | "error";
+interface LoggerConfig$1 {
+    sekuireId: string;
+    apiBaseUrl: string;
+    apiKey?: string;
+    sessionId?: string;
+    workspaceId?: string;
+    environment?: string;
+    enabled?: boolean;
+    batchSize?: number;
+    flushInterval?: number;
+}
+interface EventLog {
+    sekuire_id: string;
+    session_id: string;
+    workspace_id?: string;
+    event_type: EventType;
+    severity: Severity;
+    event_timestamp: string;
+    event_data: Record<string, any>;
+    metadata: Record<string, any>;
+}
+/**
+ * Asynchronous logger for Sekuire compliance events
+ *
+ * Features:
+ * - Buffered batching (flush every N events or X seconds)
+ * - Fire-and-forget (non-blocking)
+ * - Health heartbeat tracking
+ * - Graceful shutdown
+ */
+declare class SekuireLogger {
+    private config;
+    private buffer;
+    private flushTimer?;
+    private heartbeatTimer?;
+    private isFlushing;
+    private client;
+    private readonly sdkVersion;
+    constructor(config: LoggerConfig$1);
+    /**
+     * Log an event (buffered, non-blocking)
+     */
+    logEvent(eventType: EventType, severity: Severity, eventData: Record<string, any>): void;
+    /**
+     * Flush buffer to API (fire-and-forget)
+     */
+    flush(): Promise<void>;
+    /**
+     * Send health heartbeat to API
+     */
+    private sendHealthHeartbeat;
+    /**
+     * Start flush timer (every N milliseconds)
+     */
+    private startFlushTimer;
+    /**
+     * Start heartbeat timer (every 30 seconds)
+     */
+    private startHeartbeatTimer;
+    /**
+     * Stop timers
+     */
+    private stopTimers;
+    /**
+     * Shutdown logger gracefully
+     * - Stops timers
+     * - Flushes remaining events
+     * - Safe to call multiple times
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Get logger status for debugging
+     */
+    getStatus(): {
+        enabled: boolean;
+        bufferedEvents: number;
+        sessionId: string;
+        environment: string;
+    };
+    /**
+     * Enable/disable logging at runtime
+     */
+    setEnabled(enabled: boolean): void;
+}
+
+/**
+ * 🛡️ Sekuire Compliance Enforcement System for TypeScript
+ *
+ * Runtime compliance enforcement that blocks all unauthorized behavior.
+ * Everything blocked unless explicitly allowed in sekuire.yaml.
+ */
+
+interface ComplianceViolation {
+    timestamp: Date;
+    category: string;
+    message: string;
+    details: Record<string, any>;
+    agentId: string;
+}
+declare class ComplianceError extends Error {
+    readonly category: string;
+    readonly details: Record<string, any>;
+    constructor(message: string, category?: string, details?: Record<string, any>);
+}
+declare class NetworkComplianceError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+declare class FileAccessError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+declare class ToolUsageError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+declare class ContentPolicyError extends ComplianceError {
+    constructor(message: string, details?: Record<string, any>);
+}
+/**
+ * 🔒 Runtime compliance enforcement system
+ *
+ * Enforces all rules defined in sekuire.yaml:
+ * - Network access control
+ * - File system restrictions
+ * - Tool usage limits
+ * - Content filtering
+ * - Environment variable access
+ */
+declare class ComplianceMonitor {
+    private configPath;
+    private config;
+    private violations;
+    private logger?;
+    private networkAllowSet;
+    private networkBlockSet;
+    private filesReadSet;
+    private filesWriteSet;
+    private filesBlockPatterns;
+    private envAllowSet;
+    private envBlockSet;
+    private allowedToolsSet;
+    private toolBlockPatterns;
+    private inputBlockPatterns;
+    private outputBlockPatterns;
+    private allowedModelsSet;
+    private networkCache;
+    private contentCache;
+    private readonly maxCacheSize;
+    constructor(configPath?: string, logger?: SekuireLogger);
+    private loadConfig;
+    private buildIndexes;
+    private loadAllowedTools;
+    /**
+     * 🌐 Check if network access is allowed
+     *
+     * @param url Target URL
+     * @param method HTTP method (GET, POST, etc.)
+     * @throws NetworkComplianceError If access is blocked
+     */
+    checkNetworkAccess(url: string, method?: string): boolean;
+    /**
+     * Create a safe fetch function with compliance enforcement
+     */
+    createSafeFetch(originalFetch?: typeof fetch): typeof fetch;
+    /**
+     * 📁 Check if file access is allowed
+     *
+     * @param filePath File path
+     * @param mode 'read', 'write', 'execute'
+     * @throws FileAccessError If access is blocked
+     */
+    checkFileAccess(filePath: string, mode?: "read" | "write" | "execute"): boolean;
+    /**
+     * Safe file reading with compliance check
+     */
+    safeReadFile(filePath: string, encoding?: BufferEncoding): string;
+    /**
+     * Safe file writing with compliance check
+     */
+    safeWriteFile(filePath: string, data: string | Buffer, encoding?: BufferEncoding): void;
+    /**
+     * 🔐 Check if environment variable access is allowed
+     *
+     * @param varName Environment variable name
+     * @throws ComplianceError If access is blocked
+     */
+    checkEnvAccess(varName: string): boolean;
+    /**
+     * Safe environment variable access
+     */
+    safeGetEnv(varName: string, defaultValue?: string): string | undefined;
+    /**
+     * 🛠️ Check if tool usage is allowed
+     *
+     * @param toolName Name of the tool
+     * @param codeSnippet Code snippet for pattern checking
+     * @throws ToolUsageError If tool usage is blocked
+     */
+    checkToolUsage(toolName: string, codeSnippet?: string): boolean;
+    /**
+     * 💬 Check input content for policy violations
+     *
+     * @param content Input content to check
+     * @throws ContentPolicyError If content violates policy
+     */
+    checkInputContent(content: string): boolean;
+    /**
+     * 📤 Check output content for policy violations
+     *
+     * @param content Output content to check
+     * @throws ContentPolicyError If content violates policy
+     */
+    checkOutputContent(content: string): boolean;
+    private checkContent;
+    /**
+     * 🤖 Check AI model usage compliance
+     *
+     * @param model Model name
+     * @param temperature Temperature setting
+     * @param maxTokens Max tokens setting
+     * @throws ComplianceError If model usage violates rules
+     */
+    checkModelUsage(model: string, temperature?: number, maxTokens?: number): boolean;
+    /**
+     * 🔢 Generate BLAKE3 hash for content integrity checking
+     */
+    hashContent(content: string): string;
+    /**
+     * Verify file hasn't been modified
+     */
+    checkFileIntegrity(filePath: string, expectedHash: string): boolean;
+    /**
+     * Log compliance violation
+     */
+    private logViolation;
+    /**
+     * 🚨 Send security alert to monitoring systems
+     */
+    private sendSecurityAlert;
+    /**
+     * 📊 Get current compliance status and statistics
+     */
+    getComplianceStatus(): Record<string, any>;
+    /**
+     * Get recent violations
+     */
+    getViolations(category?: string, limit?: number): ComplianceViolation[];
+    /**
+     * Clear violation log
+     */
+    clearViolations(): void;
+    /**
+     * Set cache value with size limit
+     */
+    private setCacheValue;
+    /**
+     * Pre-warm caches with common operations
+     */
+    preWarmCaches(): void;
+}
+
+declare class AgentIdentity {
+    readonly name: string;
+    readonly sekuireId: string;
+    private readonly privateKey?;
+    private readonly publicKey?;
+    constructor(name: string, sekuireId: string, privateKey?: string | undefined, publicKey?: string | undefined);
+    static load(manifestPath?: string): Promise<AgentIdentity>;
+    sign(payload: any): Promise<string>;
+}
+
+/**
+ * Sekuire Agent Framework
+ *
+ * High-level API for building compliant AI agents with automatic
+ * identity verification, compliance enforcement, and event logging.
+ */
+
+interface SekuireAgentConfig {
+    /** Agent identity (sekuire.json) */
+    identity?: AgentIdentity;
+    /** Compliance configuration file path */
+    configPath?: string;
+    /** Logger configuration */
+    logger?: {
+        apiBaseUrl?: string;
+        environment?: string;
+        enabled?: boolean;
+    };
+    /** Optional custom compliance monitor */
+    compliance?: ComplianceMonitor;
+}
+interface ToolDefinition$1<T extends z.ZodObject<any> = any> {
+    /** Unique tool name */
+    name: string;
+    /** Human-readable description */
+    description: string;
+    /** Zod schema for input validation */
+    schema: T;
+    /** Tool execution function */
+    execute: (input: z.infer<T>) => Promise<any> | any;
+    /** Optional: Additional compliance checks */
+    beforeExecute?: (input: z.infer<T>) => Promise<void> | void;
+}
+interface Message$1 {
+    role: "user" | "assistant" | "system";
+    content: string;
+}
+interface AgentInvokeOptions {
+    messages: Message$1[];
+    tools?: string[];
+}
+interface AgentResponse$1 {
+    message: string;
+    toolCalls?: ToolCall[];
+    metadata?: {
+        tokensUsed?: number;
+        toolsInvoked?: string[];
+        complianceViolations?: number;
+    };
+}
+interface ToolCall {
+    tool: string;
+    input: any;
+    output: any;
+    allowed: boolean;
+    reason?: string;
+}
+declare class SekuireAgent$1 {
+    private identity;
+    private compliance;
+    private logger;
+    private tools;
+    constructor(identity: AgentIdentity, compliance: ComplianceMonitor, logger: SekuireLogger);
+    /**
+     * Get agent identity
+     */
+    getIdentity(): AgentIdentity;
+    /**
+     * Get compliance monitor
+     */
+    getCompliance(): ComplianceMonitor;
+    /**
+     * Get logger
+     */
+    getLogger(): SekuireLogger;
+    /**
+     * Register a tool with the agent
+     */
+    registerTool<T extends z.ZodObject<any>>(tool: ToolDefinition$1<T>): this;
+    /**
+     * Register multiple tools at once
+     */
+    registerTools(tools: ToolDefinition$1[]): this;
+    /**
+     * Get registered tools
+     */
+    getTools(names?: string[]): ToolDefinition$1[];
+    /**
+     * Execute a tool by name
+     */
+    executeTool(name: string, input: any): Promise<any>;
+    /**
+     * Invoke the agent (to be implemented by subclasses or plugins)
+     */
+    invoke(options: AgentInvokeOptions): Promise<AgentResponse$1>;
+    /**
+     * Shutdown agent and flush logs
+     */
+    shutdown(): Promise<void>;
+}
+declare class SekuireAgentBuilder {
+    private config;
+    private tools;
+    /**
+     * Set agent identity
+     */
+    withIdentity(identity: AgentIdentity): this;
+    /**
+     * Load identity from disk
+     */
+    loadIdentity(path?: string): Promise<this>;
+    /**
+     * Set compliance config path
+     */
+    withConfig(path: string): this;
+    /**
+     * Set logger options
+     */
+    withLogger(options: NonNullable<SekuireAgentConfig["logger"]>): this;
+    /**
+     * Add a tool
+     */
+    withTool<T extends z.ZodObject<any>>(tool: ToolDefinition$1<T>): this;
+    /**
+     * Add multiple tools
+     */
+    withTools(tools: ToolDefinition$1[]): this;
+    /**
+     * Build the agent
+     */
+    build(): Promise<SekuireAgent$1>;
+}
+/**
+ * Create a new Sekuire agent with compliance and identity
+ *
+ * @example
+ * ```typescript
+ * const agent = await createAgent({
+ *   configPath: './sekuire.yaml',
+ *   tools: [weatherTool, calculatorTool],
+ * });
+ * ```
+ */
+declare function createAgent(config?: {
+    identity?: AgentIdentity;
+    configPath?: string;
+    tools?: ToolDefinition$1[];
+    logger?: SekuireAgentConfig["logger"];
+}): Promise<SekuireAgent$1>;
+/**
+ * Create a compliant tool definition
+ *
+ * @example
+ * ```typescript
+ * const weatherTool = tool({
+ *   name: 'get_weather',
+ *   description: 'Get weather for a city',
+ *   schema: z.object({
+ *     city: z.string(),
+ *   }),
+ *   execute: async ({ city }) => {
+ *     return `Weather in ${city}: Sunny`;
+ *   },
+ * });
+ * ```
+ */
+declare function tool<T extends z.ZodObject<any>>(definition: ToolDefinition$1<T>): ToolDefinition$1<T>;
+/**
+ * Create multiple tools at once
+ *
+ * @example
+ * ```typescript
+ * const [weather, calc] = tools(
+ *   { name: 'weather', ... },
+ *   { name: 'calculator', ... }
+ * );
+ * ```
+ */
+declare function tools<T extends ToolDefinition$1[]>(...definitions: T): T;
+/**
+ * Get tools registered with an agent
+ */
+declare function getTools$1(agent: SekuireAgent$1, names?: string[]): ToolDefinition$1[];
+
+interface ActivePolicyResponse {
+    policy_id: string;
+    workspace_id: string;
+    version: string;
+    status: string;
+    hash: string;
+    content: unknown;
+    activated_at?: string;
+    updated_at?: string;
+    signature?: string;
+    signing_key_id?: string;
+    signing_public_key?: string;
+}
+
+interface Manifest {
+    project: ProjectMetadata;
+    identity: IdentityConfig;
+}
+interface ProjectMetadata {
+    name: string;
+    version: string;
+    description?: string;
+    authors: string[];
+    license?: string;
+}
+interface IdentityConfig {
+    /** The model identifier (e.g., "gpt-4-0613") */
+    model: string;
+    /** Path to the system prompt file (relative to sekuire.json) */
+    systemPromptPath: string;
+    /** Path to the tools definition file (relative to sekuire.json) */
+    toolsPath: string;
+    /** The Blake3 hash of the system prompt content */
+    systemPromptHash?: string;
+    /** The Blake3 hash of the tools definition content */
+    toolsHash?: string;
+}
+interface PublishRequest {
+    manifest: Manifest;
+    sekuireId: string;
+    signature: string;
+    publicKey: string;
+}
+interface AgentResponse {
+    sekuireId: string;
+    name: string;
+    version: string;
+    description?: string;
+    authorKey: string;
+    createdAt: string;
+    verificationStatus: VerificationStatus;
+    reputationScore: number;
+}
+type VerificationStatus = 'unverified' | 'pending' | 'verified' | 'suspended';
+interface ReputationResponse {
+    score: number;
+    taskCount: number;
+    verificationBadge?: string;
+    recentLogs: ReputationLog[];
+}
+interface ReputationLog {
+    id: string;
+    taskHash: string;
+    rating: number;
+    comment?: string;
+    timestamp: string;
+}
+interface SubmitReputationRequest {
+    sekuireId: string;
+    taskHash: string;
+    rating: number;
+    comment?: string;
+    signature: string;
+}
+
+interface HandshakeHello {
+    clientNonce: string;
+}
+interface HandshakeWelcome {
+    agentId: string;
+    agentNonce: string;
+    signatureC: string;
+    credentials: string[];
+}
+interface HandshakeAuth {
+    signatureA: string;
+}
+interface VerifyAgentRequest {
+    sekuireId: string;
+    status: VerificationStatus;
+    badge?: string;
+    reason?: string;
+}
+interface DisputeRequest {
+    sekuireId: string;
+    accuserId: string;
+    reason: string;
+    evidenceLog: string;
+}
+interface CreateOrgRequest {
+    slug: string;
+    displayName: string;
+    billingEmail: string;
+}
+interface OrgResponse {
+    id: string;
+    slug: string;
+    role: string;
+}
+interface CreateWorkspaceRequest {
+    name: string;
+    policyPreset: string;
+}
+interface WorkspaceResponse {
+    id: string;
+    name: string;
+}
+interface InviteRequest {
+    email: string;
+    role: string;
+}
+interface InviteResponse {
+    id: string;
+    status: string;
+}
+interface UserContextResponse {
+    id: string;
+    email: string;
+    onboarded: boolean;
+    mfa_enabled: boolean;
+    role?: string;
+    full_name?: string;
+    avatar_url?: string;
+    onboarding_step?: number;
+    profile_completed?: boolean;
+    orgs: OrgSummary[];
+    workspaces: WorkspaceSummary[];
+}
+interface OrgSummary {
+    id: string;
+    slug: string;
+    workspaces?: WorkspaceSummary[];
+}
+interface WorkspaceSummary {
+    id: string;
+    name: string;
+    org_id: string;
+}
+interface SekuireClientConfig {
+    registryUrl: string;
+    timeout?: number;
+    retries?: number;
+}
+interface KeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+interface HandshakeResult {
+    agentId: string;
+    verified: boolean;
+    credentials: string[];
+}
+declare class SekuireError extends Error {
+    readonly code: string;
+    readonly details?: any | undefined;
+    constructor(message: string, code: string, details?: any | undefined);
+}
+declare class NetworkError extends SekuireError {
+    readonly originalError?: Error | undefined;
+    constructor(message: string, originalError?: Error | undefined);
+}
+declare class ProtocolError extends SekuireError {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined);
+}
+declare class CryptoError extends SekuireError {
+    constructor(message: string);
+}
+declare class PolicyViolationError extends SekuireError {
+    readonly rule: string;
+    constructor(message: string, rule: string);
+}
+type HexString = string;
+type AgentId = string;
+
+/**
+ * Sekuire client for verifying agents and performing handshakes
+ */
+declare class SekuireClient {
+    private readonly keyPair;
+    private readonly httpClient;
+    constructor(keyPair: KeyPair, config: SekuireClientConfig);
+    /**
+     * Perform the full handshake with a remote agent
+     */
+    connect(agentUrl: string, expectedAgentId?: string): Promise<HandshakeResult>;
+    /**
+     * Verify an agent's signature
+     */
+    private verifyAgentSignature;
+    /**
+     * Fetch agent's public key from the registry
+     */
+    fetchAgentPublicKey(agentId: string): Promise<string>;
+    /**
+     * Get agent information from the registry
+     */
+    getAgentInfo(agentId: string): Promise<AgentResponse>;
+    /**
+     * Search for agents in the registry
+     */
+    searchAgents(query: string): Promise<AgentResponse[]>;
+    /**
+     * Sign data with the client's private key
+     */
+    sign(data: string): string;
+    /**
+     * Get the client's public key
+     */
+    getPublicKey(): string;
+}
+
+interface SekuireConfig {
+    project: {
+        name: string;
+        version: string;
+        description?: string;
+        author?: string;
+        license?: string;
+    };
+    agents?: {
+        [key: string]: AgentConfig;
+    };
+    agent?: AgentConfig;
+    llm?: LLMConfig;
+    logger?: LoggerConfig;
+    permissions?: PermissionsConfig;
+    rate_limits?: RateLimitsConfig;
+}
+interface PermissionsConfig {
+    network?: {
+        enabled?: boolean;
+        require_tls?: boolean;
+        allowed_domains?: string[];
+        blocked_domains?: string[];
+    };
+    filesystem?: {
+        enabled?: boolean;
+        allowed_paths?: string[];
+        blocked_paths?: string[];
+        allowed_extensions?: string[];
+    };
+    api?: {
+        enabled?: boolean;
+        allowed_services?: Array<{
+            service_name: string;
+            endpoints?: string[];
+        }>;
+    };
+}
+interface RateLimitsConfig {
+    per_agent?: {
+        requests_per_minute?: number;
+        tokens_per_hour?: number;
+    };
+}
+interface AgentConfig {
+    name: string;
+    system_prompt: string;
+    tools: string;
+    llm: LLMConfig;
+    memory?: MemoryConfig;
+    compliance?: ComplianceConfig;
+    models?: {
+        allowed_models?: string[];
+        blocked_models?: string[];
+    };
+    toolsets?: {
+        allowed_tools?: Array<{
+            name: string;
+            description?: string;
+        }>;
+        blocked_tools?: string[];
+    };
+}
+interface LLMConfig {
+    provider: string;
+    model: string;
+    api_key_env: string;
+    temperature?: number;
+    max_tokens?: number;
+    streaming?: boolean;
+    base_url?: string;
+}
+interface MemoryConfig {
+    type: "in-memory" | "redis" | "postgres";
+    max_messages?: number;
+    redis?: {
+        url?: string;
+        host?: string;
+        port?: number;
+        password?: string;
+        db?: number;
+        keyPrefix?: string;
+    };
+    postgres?: {
+        connectionString?: string;
+        host?: string;
+        port?: number;
+        database?: string;
+        user?: string;
+        password?: string;
+        tableName?: string;
+    };
+}
+interface ComplianceConfig {
+    framework?: string;
+    audit_logging?: boolean;
+    sensitive_data_detection?: boolean;
+    require_approval?: string[];
+}
+interface LoggerConfig {
+    api_base_url?: string;
+    environment?: string;
+    enabled?: boolean;
+}
+interface ToolsSchema {
+    version: string;
+    tools: ToolDefinition[];
+}
+interface ToolDefinition {
+    name: string;
+    description: string;
+    category?: string;
+    schema: {
+        type: string;
+        properties: Record<string, unknown>;
+        required?: string[];
+    };
+    implementation: string;
+    permissions?: any;
+    compliance?: any;
+}
+/**
+ * Load sekuire.yml configuration file
+ */
+declare function loadConfig(configPath?: string): Promise<SekuireConfig>;
+/**
+ * Load system prompt from file
+ */
+declare function loadSystemPrompt(promptPath: string, basePath?: string): Promise<string>;
+/**
+ * Load tools configuration from JSON file
+ */
+declare function loadTools(toolsPath: string, basePath?: string): Promise<ToolsSchema>;
+/**
+ * Get agent configuration by name
+ * Supports both single agent and multi-agent configs
+ */
+declare function getAgentConfig(config: SekuireConfig, agentName?: string): AgentConfig;
+
+/**
+ * Cryptographic utilities for Sekuire protocol
+ */
+declare class SekuireCrypto {
+    /**
+     * Generate a new Ed25519 keypair
+     */
+    static generateKeyPair(): KeyPair;
+    /**
+     * Sign a message with a private key
+     */
+    static sign(message: string | Uint8Array, privateKeyHex: string): HexString;
+    /**
+     * Verify a signature
+     */
+    static verify(message: string | Uint8Array, signatureHex: string, publicKeyHex: string): boolean;
+    /**
+     * Calculate Blake3 hash of data
+     */
+    static hash(data: string | Uint8Array): HexString;
+    /**
+     * Calculate Sekuire ID from agent components
+     */
+    static calculateSekuireId(params: {
+        model: string;
+        systemPrompt: string;
+        tools: string;
+        projectName: string;
+        projectVersion: string;
+    }): HexString;
+    /**
+     * Generate a cryptographically secure random nonce (32 bytes)
+     */
+    static generateNonce(): HexString;
+    /**
+     * Convert hex string to Uint8Array
+     */
+    static hexToBytes(hex: string): Uint8Array;
+    /**
+     * Convert Uint8Array to hex string
+     */
+    static bytesToHex(bytes: Uint8Array): HexString;
+    /**
+     * Validate hex string format
+     */
+    static isValidHex(hex: string): boolean;
+    /**
+     * Validate Ed25519 public key format (32 bytes)
+     */
+    static isValidPublicKey(hex: string): boolean;
+    /**
+     * Validate Ed25519 private key format (64 bytes)
+     */
+    static isValidPrivateKey(hex: string): boolean;
+    /**
+     * Validate nonce format (32 bytes)
+     */
+    static isValidNonce(hex: string): boolean;
+}
+
+/**
+ * Message format for chat conversations
+ */
+interface Message {
+    role: "system" | "user" | "assistant" | "function" | "tool";
+    content: string | null;
+    name?: string;
+    tool_call_id?: string;
+    tool_calls?: any[];
+}
+/**
+ * Options for chat completion
+ */
+interface ChatOptions {
+    temperature?: number;
+    max_tokens?: number;
+    top_p?: number;
+    frequency_penalty?: number;
+    presence_penalty?: number;
+    stop?: string[];
+    stream?: boolean;
+    tools?: any[];
+}
+/**
+ * Response from chat completion
+ */
+interface ChatResponse {
+    content: string;
+    model: string;
+    finish_reason?: string;
+    tool_calls?: any[];
+    usage?: {
+        prompt_tokens: number;
+        completion_tokens: number;
+        total_tokens: number;
+    };
+}
+/**
+ * Streaming chunk from chat completion
+ */
+interface ChatChunk {
+    content: string;
+    finish_reason?: string;
+}
+/**
+ * Base interface for LLM providers
+ */
+interface LLMProvider {
+    /**
+     * Send chat messages and get response
+     */
+    chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    /**
+     * Stream chat response
+     */
+    chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    /**
+     * Count tokens in text (approximate)
+     */
+    countTokens(text: string): number;
+    /**
+     * Get maximum context window size
+     */
+    getMaxTokens(): number;
+    /**
+     * Get provider name
+     */
+    getProviderName(): string;
+    /**
+     * Get model name
+     */
+    getModelName(): string;
+}
+/**
+ * Configuration for creating LLM providers
+ */
+interface LLMProviderConfig {
+    apiKey: string;
+    model: string;
+    baseUrl?: string;
+    organization?: string;
+    temperature?: number;
+    maxTokens?: number;
+}
+
+/**
+ * Anthropic LLM Provider
+ * Supports Claude models (Claude 3, Claude 3.5, etc.)
+ */
+declare class AnthropicProvider implements LLMProvider {
+    private client;
+    private model;
+    private maxTokens;
+    constructor(config: LLMProviderConfig);
+    chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    countTokens(text: string): number;
+    getMaxTokens(): number;
+    getProviderName(): string;
+    getModelName(): string;
+    private getMaxTokensForModel;
+}
+
+/**
+ * Google Gemini LLM Provider
+ * Supports Gemini Pro, Gemini Pro Vision, and other Google models
+ */
+declare class GoogleProvider implements LLMProvider {
+    private client;
+    private model;
+    private maxTokens;
+    constructor(config: LLMProviderConfig);
+    chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    countTokens(text: string): number;
+    getMaxTokens(): number;
+    getProviderName(): string;
+    getModelName(): string;
+    private getMaxTokensForModel;
+}
+
+/**
+ * Ollama LLM Provider
+ * Supports local models via Ollama (Llama 2, Mistral, CodeLlama, etc.)
+ */
+declare class OllamaProvider implements LLMProvider {
+    private baseUrl;
+    private model;
+    private maxTokens;
+    constructor(config: LLMProviderConfig);
+    chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    countTokens(text: string): number;
+    getMaxTokens(): number;
+    getProviderName(): string;
+    getModelName(): string;
+}
+
+/**
+ * OpenAI LLM Provider
+ * Supports GPT-3.5, GPT-4, and other OpenAI models
+ */
+declare class OpenAIProvider implements LLMProvider {
+    private client;
+    private model;
+    private maxTokens;
+    constructor(config: LLMProviderConfig);
+    chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    countTokens(text: string): number;
+    getMaxTokens(): number;
+    getProviderName(): string;
+    getModelName(): string;
+    private getMaxTokensForModel;
+}
+
+/**
+ * Create an LLM provider based on provider name
+ */
+declare function createLLMProvider(provider: string, config: LLMProviderConfig): LLMProvider;
+/**
+ * Factory functions for easy LLM instantiation
+ */
+declare const llm: {
+    /**
+     * Create OpenAI provider (GPT-4, GPT-3.5, etc.)
+     */
+    openai: (config: Omit<LLMProviderConfig, "model"> & {
+        model?: string;
+    }) => OpenAIProvider;
+    /**
+     * Create Anthropic provider (Claude 3, Claude 3.5, etc.)
+     */
+    anthropic: (config: Omit<LLMProviderConfig, "model"> & {
+        model?: string;
+    }) => AnthropicProvider;
+    /**
+     * Create Google provider (Gemini Pro, Gemini 1.5, etc.)
+     */
+    google: (config: Omit<LLMProviderConfig, "model"> & {
+        model?: string;
+    }) => GoogleProvider;
+    /**
+     * Create Ollama provider (local models: Llama 2, Mistral, etc.)
+     */
+    ollama: (config: Omit<LLMProviderConfig, "model"> & {
+        model?: string;
+    }) => OllamaProvider;
+};
+
+interface ActivePolicy {
+    policy_id: string;
+    workspace_id: string;
+    version: string;
+    status: string;
+    hash: string;
+    content: any;
+    activated_at?: string;
+    updated_at?: string;
+    signature?: string;
+    signing_key_id?: string;
+    signing_public_key?: string;
+}
+declare class PolicyClient {
+    private readonly baseUrl;
+    private cache;
+    constructor(baseUrl: string);
+    fetchActivePolicy(workspaceId: string): Promise<ActivePolicy>;
+    verify(policy: ActivePolicy): void;
+}
+
+type ViolationHandler = (rule: string, reason: string) => void;
+declare class PolicyEnforcer {
+    private readonly policy;
+    private readonly onViolation?;
+    private readonly override;
+    constructor(policy: ActivePolicy, override?: boolean, onViolation?: ViolationHandler | undefined);
+    enforceNetwork(domain: string, protocol: string): void;
+    enforceFilesystem(path: string, operation: string): void;
+    enforceTool(toolName: string): void;
+    private getCategoryPrefix;
+    enforceModel(model: string): void;
+    enforceApi(service: string): void;
+    enforceRateLimit(type: "request" | "token", count?: number): void;
+    private throw;
+    private warnOnly;
+    private matches;
+    private pathMatch;
+}
+
+interface MemoryMessage {
+    role: "user" | "assistant" | "system";
+    content: string;
+    timestamp: number;
+    metadata?: Record<string, unknown>;
+}
+interface MemoryStorage {
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+declare abstract class BaseMemoryStorage implements MemoryStorage {
+    abstract add(sessionId: string, message: MemoryMessage): Promise<void>;
+    abstract get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    abstract clear(sessionId: string): Promise<void>;
+    abstract delete(sessionId: string): Promise<void>;
+    abstract exists(sessionId: string): Promise<boolean>;
+}
+
+declare class InMemoryStorage extends BaseMemoryStorage {
+    private storage;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+
+interface PostgresConfig {
+    connectionString?: string;
+    host?: string;
+    port?: number;
+    database?: string;
+    user?: string;
+    password?: string;
+    tableName?: string;
+}
+declare class PostgresStorage extends BaseMemoryStorage {
+    private pool;
+    private tableName;
+    private initialized;
+    constructor(config: PostgresConfig);
+    private initPool;
+    private createTableIfNotExists;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface RedisConfig {
+    host?: string;
+    port?: number;
+    password?: string;
+    db?: number;
+    url?: string;
+    keyPrefix?: string;
+}
+declare class RedisStorage extends BaseMemoryStorage {
+    private client;
+    private keyPrefix;
+    private connected;
+    constructor(config: RedisConfig);
+    private initClient;
+    private getKey;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+type MemoryType = "in-memory" | "redis" | "postgres";
+interface MemoryFactoryConfig {
+    type: MemoryType;
+    redis?: RedisConfig;
+    postgres?: PostgresConfig;
+}
+declare function createMemoryStorage(config: MemoryFactoryConfig): MemoryStorage;
+
+/**
+ * Options for overriding agent configuration
+ */
+interface AgentOptions {
+    llm?: LLMProvider;
+    tools?: ToolDefinition[];
+    memory?: MemoryStorage;
+    systemPrompt?: string;
+    policyPath?: string;
+}
+/**
+ * Sekuire Agent - Config-first AI agent
+ */
+declare class SekuireAgent {
+    readonly name: string;
+    private llm;
+    private systemPrompt;
+    private tools;
+    private sessionId;
+    private memory?;
+    private maxHistoryMessages;
+    private policyEnforcer?;
+    constructor(config: {
+        name: string;
+        llm: LLMProvider;
+        systemPrompt: string;
+        tools: ToolDefinition[];
+        memory?: MemoryStorage;
+        maxHistoryMessages?: number;
+        policyEnforcer?: PolicyEnforcer;
+    });
+    setSessionId(sessionId: string): void;
+    /**
+     * Chat with the agent
+     */
+    chat(userMessage: string, options?: ChatOptions): Promise<string>;
+    /**
+     * Execute a tool by name
+     */
+    executeTool(name: string, args: any): Promise<any>;
+    /**
+     * Stream chat response
+     */
+    chatStream(userMessage: string, options?: ChatOptions): AsyncGenerator<string>;
+    /**
+     * Clear conversation history
+     */
+    clearHistory(): Promise<void>;
+    /**
+     * Get conversation history
+     */
+    getHistory(): Promise<Message[]>;
+    /**
+     * Get LLM provider name
+     */
+    getLLMProvider(): string;
+    /**
+     * Get LLM model name
+     */
+    getModelName(): string;
+    /**
+     * Get available tools
+     */
+    getTools(): ToolDefinition[];
+    /**
+     * Get the active policy enforcer
+     */
+    getPolicyEnforcer(): PolicyEnforcer | undefined;
+}
+/**
+ * Load an agent from sekuire.yml configuration
+ *
+ * @param agentName - Name of the agent to load (for multi-agent configs)
+ * @param overrides - Optional overrides for agent configuration
+ * @param configPath - Path to sekuire.yml (defaults to './sekuire.yml')
+ * @returns Initialized agent instance
+ *
+ * @example
+ * ```typescript
+ * // Load agent from config
+ * const agent = await getAgent('my-agent-openai');
+ *
+ * // Chat with the agent
+ * const response = await agent.chat('Hello!');
+ * console.log(response);
+ * ```
+ */
+declare function getAgent(agentName?: string, overrides?: AgentOptions, configPath?: string): Promise<SekuireAgent>;
+/**
+ * Load all agents from configuration
+ *
+ * @param configPath - Path to sekuire.yml
+ * @returns Map of agent name to agent instance
+ *
+ * @example
+ * ```typescript
+ * const agents = await getAgents();
+ * const openai = agents.get('my-agent-openai');
+ * const claude = agents.get('my-agent-claude');
+ * ```
+ */
+declare function getAgents(configPath?: string): Promise<Map<string, SekuireAgent>>;
+/**
+ * Get system prompt for a specific agent from configuration
+ *
+ * @param agentName - Name of the agent (optional for single-agent configs)
+ * @param configPath - Path to sekuire.yml (defaults to './sekuire.yml')
+ * @returns The system prompt content
+ *
+ * @example
+ * ```typescript
+ * const prompt = await getSystemPrompt('my-agent-openai');
+ * console.log(prompt);
+ * ```
+ */
+declare function getSystemPrompt(agentName?: string, configPath?: string): Promise<string>;
+/**
+ * Get tools for a specific agent from configuration
+ *
+ * @param agentName - Name of the agent (optional for single-agent configs)
+ * @param configPath - Path to sekuire.yml (defaults to './sekuire.yml')
+ * @returns The tools schema with tool definitions
+ *
+ * @example
+ * ```typescript
+ * const toolsSchema = await getTools('my-agent-openai');
+ * console.log(toolsSchema.tools);
+ * ```
+ */
+declare function getTools(agentName?: string, configPath?: string): Promise<ToolDefinition[]>;
+
+/**
+ * Base class for implementing Sekuire protocol servers
+ */
+declare abstract class SekuireServer {
+    protected readonly agentId: string;
+    protected readonly keyPair: KeyPair;
+    constructor(agentId: string, keyPair: KeyPair);
+    /**
+     * Handle the HELLO handshake message
+     */
+    handleHello(hello: HandshakeHello): Promise<HandshakeWelcome>;
+    /**
+     * Handle the AUTH handshake message
+     */
+    handleAuth(auth: HandshakeAuth, clientNonce: string): Promise<void>;
+    /**
+     * Get the agent's public key
+     */
+    getPublicKey(): string;
+    /**
+     * Get the agent's ID
+     */
+    getAgentId(): string;
+}
+/**
+ * Express.js middleware for Sekuire protocol
+ */
+declare function createSekuireExpressMiddleware(server: SekuireServer): any[];
+/**
+ * Fastify plugin for Sekuire protocol
+ */
+declare function createSekuireFastifyPlugin(server: SekuireServer): (fastify: any, options: any) => Promise<void>;
+
+interface ToolInput {
+    [key: string]: string | number | boolean | object;
+}
+interface ToolParameter {
+    name: string;
+    type: "string" | "number" | "boolean" | "object";
+    description: string;
+    required: boolean;
+    default?: string | number | boolean | object;
+}
+interface ToolMetadata {
+    name: string;
+    description: string;
+    parameters: ToolParameter[];
+    category?: string;
+    compliance_level?: "public" | "internal" | "restricted" | "system";
+    requires_approval?: boolean;
+}
+declare abstract class Tool {
+    abstract metadata: ToolMetadata;
+    protected policyEnforcer?: PolicyEnforcer;
+    abstract execute(input: ToolInput): Promise<string | object>;
+    setPolicyEnforcer(enforcer: PolicyEnforcer): void;
+    validate(input: ToolInput): boolean;
+    toSchema(): object;
+}
+declare class ToolRegistry {
+    private tools;
+    private categories;
+    register(tool: Tool): void;
+    get(name: string): Tool | undefined;
+    getTool(name: string): Tool | undefined;
+    list(): Tool[];
+    getAllTools(): Tool[];
+    getSchemas(): object[];
+    getToolsByCategory(category: string): string[];
+    getAllCategories(): string[];
+    hasCategory(category: string): boolean;
+}
+
+/**
+ * Agent Discovery Tool - Find other agents by capability
+ */
+declare class AgentDiscoveryTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+/**
+ * Agent Delegation Tool - Delegate tasks to other agents
+ */
+declare class AgentDelegationTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+/**
+ * Agent Status Check Tool - Check if an agent is available
+ */
+declare class AgentStatusTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+
+/**
+ * Tool for invoking other Sekuire agents
+ * Performs handshake and sends requests to verified agents
+ */
+declare class InvokeAgentTool implements Tool {
+    private readonly privateKey?;
+    private readonly publicKey?;
+    private readonly registryUrl;
+    name: string;
+    description: string;
+    parameters: {
+        type: "object";
+        properties: {
+            agent_url: {
+                type: "string";
+                description: string;
+            };
+            agent_id: {
+                type: "string";
+                description: string;
+            };
+            request: {
+                type: "string";
+                description: string;
+            };
+            parameters: {
+                type: "object";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    metadata: ToolMetadata;
+    private client;
+    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
+    execute(args: Record<string, any>): Promise<string>;
+}
+/**
+ * Tool for searching the Sekuire registry for agents
+ */
+declare class SearchAgentsTool implements Tool {
+    private readonly privateKey?;
+    private readonly publicKey?;
+    private readonly registryUrl;
+    name: string;
+    description: string;
+    parameters: {
+        type: "object";
+        properties: {
+            query: {
+                type: "string";
+                description: string;
+            };
+            limit: {
+                type: "number";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    metadata: ToolMetadata;
+    private client;
+    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
+    execute(args: Record<string, any>): Promise<string>;
+}
+/**
+ * Tool for getting detailed information about a specific agent
+ */
+declare class GetAgentInfoTool implements Tool {
+    private readonly privateKey?;
+    private readonly publicKey?;
+    private readonly registryUrl;
+    name: string;
+    description: string;
+    parameters: {
+        type: "object";
+        properties: {
+            agent_id: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    metadata: ToolMetadata;
+    private client;
+    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
+    execute(args: Record<string, any>): Promise<string>;
+}
+
+declare class CalculatorTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+
+declare class AuditLogTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        action: string;
+        actor?: string;
+        resource?: string;
+        metadata?: any;
+    }): Promise<{
+        logged: boolean;
+    }>;
+}
+declare class PiiDetectTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        text: string;
+    }): Promise<{
+        detected: boolean;
+        types: string[];
+        matches: any[];
+    }>;
+}
+declare class EncryptDataTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        data: string;
+        key?: string;
+    }): Promise<{
+        encrypted: string;
+        iv: string;
+    }>;
+}
+declare class DecryptDataTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        encrypted: string;
+        iv: string;
+        key: string;
+    }): Promise<string>;
+}
+
+declare class JsonStringifyTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        data: any;
+        pretty?: boolean;
+    }): Promise<string>;
+}
+declare class CsvParseTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        csv: string;
+        delimiter?: string;
+        headers?: boolean;
+    }): Promise<any[]>;
+}
+declare class CsvWriteTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        data: any[];
+        delimiter?: string;
+        headers?: boolean;
+    }): Promise<string>;
+}
+declare class YamlParseTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        yaml: string;
+    }): Promise<any>;
+}
+declare class XmlParseTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        xml: string;
+    }): Promise<any>;
+}
+
+declare class JsonParseTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class Base64EncodeTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class Base64DecodeTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class HashTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+
+declare class DirectoryListTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class DirectoryMkdirTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class DirectoryRmdirTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class DirectoryRmRecursiveTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class DirectoryExistsTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class DirectoryMoveTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        source: string;
+        destination: string;
+    }): Promise<{
+        moved: boolean;
+    }>;
+}
+declare class DirectoryCopyTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        source: string;
+        destination: string;
+    }): Promise<{
+        copied: boolean;
+    }>;
+}
+declare class DirectoryTreeTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        path: string;
+        depth?: number;
+    }): Promise<any>;
+}
+
+declare class FileReadTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileWriteTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileListTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileAppendTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileDeleteTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileMoveTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileCopyTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileStatTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileExistsTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+declare class FileChmodTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        path: string;
+        mode: string | number;
+    }): Promise<{
+        changed: boolean;
+    }>;
+}
+
+declare class HttpRequestTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string | object>;
+}
+
+declare class HttpPostTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        url: string;
+        body?: any;
+        headers?: Record<string, string>;
+    }): Promise<any>;
+}
+declare class HttpPutTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        url: string;
+        body?: any;
+        headers?: Record<string, string>;
+    }): Promise<any>;
+}
+declare class HttpDeleteTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        url: string;
+        headers?: Record<string, string>;
+    }): Promise<any>;
+}
+declare class DownloadFileTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        url: string;
+        destination: string;
+    }): Promise<{
+        path: string;
+        size: number;
+    }>;
+}
+declare class DnsLookupTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        hostname: string;
+    }): Promise<{
+        addresses: string[];
+    }>;
+}
+declare class PingTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        host: string;
+        count?: number;
+    }): Promise<{
+        alive: boolean;
+        time?: number;
+    }>;
+}
+
+declare class ToolPatternParser {
+    /**
+     * Get the tool name prefix for a category
+     * "files" -> "file"
+     * "directories" -> "dir"
+     * "network" -> "http" or "network"
+     */
+    private static getCategoryPrefix;
+    /**
+     * Parse tool patterns:
+     *   "calculator" => ["calculator"]
+     *   "files:*" => ["file_read", "file_write", "file_delete", ...]
+     *   "files:[read,write]" => ["file_read", "file_write"]
+     */
+    static parse(pattern: string, registry: ToolRegistry): string[];
+    /**
+     * Expand multiple patterns into unique tool names
+     */
+    static expandPatterns(patterns: string[], registry: ToolRegistry): string[];
+    /**
+     * Filter allowed tools by removing blocked ones
+     */
+    static filterBlocked(allowedTools: string[], blockedTools: string[]): string[];
+}
+
+declare class GetCwdTool extends Tool {
+    metadata: ToolMetadata;
+    execute(): Promise<string>;
+}
+declare class GetPlatformTool extends Tool {
+    metadata: ToolMetadata;
+    execute(): Promise<any>;
+}
+declare class EnvGetTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        key: string;
+    }): Promise<string>;
+}
+declare class EnvSetTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        key: string;
+        value: string;
+    }): Promise<{
+        set: boolean;
+    }>;
+}
+
+declare class DateFormatTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        date?: string | number;
+        format?: string;
+    }): Promise<string>;
+}
+declare class GenerateUuidTool extends Tool {
+    metadata: ToolMetadata;
+    execute(): Promise<string>;
+}
+declare class RandomNumberTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        min?: number;
+        max?: number;
+    }): Promise<string>;
+}
+declare class SleepTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        milliseconds: number;
+    }): Promise<{
+        slept: number;
+    }>;
+}
+declare class RegexMatchTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        text: string;
+        pattern: string;
+        flags?: string;
+    }): Promise<{
+        matches: string[];
+        groups?: any[];
+    }>;
+}
+declare class UrlParseTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: {
+        url: string;
+    }): Promise<any>;
+}
+
+/**
+ * ⚠️ CRITICAL SYSTEM TOOL - DO NOT EDIT OR DELETE ⚠️
+ *
+ * This tool is automatically included by Sekuire to verify agent compliance
+ * and verification status. Removing or modifying this tool will prevent your
+ * agent from being properly verified and may result in trust protocol violations.
+ *
+ * This tool queries the Sekuire registry to check:
+ * - Agent verification status (verified/unverified/pending)
+ * - Compliance framework adherence
+ * - Security score and reputation
+ * - Code review status
+ */
+
+declare class VerificationStatusTool extends Tool {
+    metadata: ToolMetadata;
+    private registryUrl;
+    constructor(registryUrl?: string);
+    execute(input: ToolInput): Promise<string>;
+    /**
+     * Get the current agent's Sekuire ID from environment or config
+     */
+    private getAgentId;
+    /**
+     * Extract compliance frameworks from manifest
+     */
+    private extractComplianceFrameworks;
+    /**
+     * Determine if agent is compliant based on verification status and checks
+     */
+    private isCompliant;
+    /**
+     * Calculate overall compliance score
+     */
+    private calculateComplianceScore;
+    /**
+     * Format the response for the agent
+     */
+    private formatResponse;
+}
+
+declare class WebSearchTool extends Tool {
+    metadata: ToolMetadata;
+    execute(input: ToolInput): Promise<string>;
+}
+
+interface ToolRegistryOptions {
+    privateKey?: string;
+    publicKey?: string;
+    registryUrl?: string;
+}
+declare function createDefaultToolRegistry(options?: ToolRegistryOptions): ToolRegistry;
+declare const builtInTools: {
+    FileReadTool: typeof FileReadTool;
+    FileWriteTool: typeof FileWriteTool;
+    FileAppendTool: typeof FileAppendTool;
+    FileDeleteTool: typeof FileDeleteTool;
+    FileMoveTool: typeof FileMoveTool;
+    FileCopyTool: typeof FileCopyTool;
+    FileStatTool: typeof FileStatTool;
+    FileExistsTool: typeof FileExistsTool;
+    FileListTool: typeof FileListTool;
+    FileChmodTool: typeof FileChmodTool;
+    DirectoryListTool: typeof DirectoryListTool;
+    DirectoryMkdirTool: typeof DirectoryMkdirTool;
+    DirectoryRmdirTool: typeof DirectoryRmdirTool;
+    DirectoryRmRecursiveTool: typeof DirectoryRmRecursiveTool;
+    DirectoryExistsTool: typeof DirectoryExistsTool;
+    DirectoryMoveTool: typeof DirectoryMoveTool;
+    DirectoryCopyTool: typeof DirectoryCopyTool;
+    DirectoryTreeTool: typeof DirectoryTreeTool;
+    WebSearchTool: typeof WebSearchTool;
+    HttpRequestTool: typeof HttpRequestTool;
+    HttpPostTool: typeof HttpPostTool;
+    HttpPutTool: typeof HttpPutTool;
+    HttpDeleteTool: typeof HttpDeleteTool;
+    DownloadFileTool: typeof DownloadFileTool;
+    DnsLookupTool: typeof DnsLookupTool;
+    PingTool: typeof PingTool;
+    JsonParseTool: typeof JsonParseTool;
+    JsonStringifyTool: typeof JsonStringifyTool;
+    CsvParseTool: typeof CsvParseTool;
+    CsvWriteTool: typeof CsvWriteTool;
+    YamlParseTool: typeof YamlParseTool;
+    XmlParseTool: typeof XmlParseTool;
+    Base64EncodeTool: typeof Base64EncodeTool;
+    Base64DecodeTool: typeof Base64DecodeTool;
+    HashTool: typeof HashTool;
+    CalculatorTool: typeof CalculatorTool;
+    DateFormatTool: typeof DateFormatTool;
+    GenerateUuidTool: typeof GenerateUuidTool;
+    RandomNumberTool: typeof RandomNumberTool;
+    SleepTool: typeof SleepTool;
+    RegexMatchTool: typeof RegexMatchTool;
+    UrlParseTool: typeof UrlParseTool;
+    GetCwdTool: typeof GetCwdTool;
+    GetPlatformTool: typeof GetPlatformTool;
+    EnvGetTool: typeof EnvGetTool;
+    EnvSetTool: typeof EnvSetTool;
+    SearchAgentsTool: typeof SearchAgentsTool;
+    GetAgentInfoTool: typeof GetAgentInfoTool;
+    InvokeAgentTool: typeof InvokeAgentTool;
+    AgentDiscoveryTool: typeof AgentDiscoveryTool;
+    AgentDelegationTool: typeof AgentDelegationTool;
+    AgentStatusTool: typeof AgentStatusTool;
+    VerificationStatusTool: typeof VerificationStatusTool;
+    AuditLogTool: typeof AuditLogTool;
+    PiiDetectTool: typeof PiiDetectTool;
+    EncryptDataTool: typeof EncryptDataTool;
+    DecryptDataTool: typeof DecryptDataTool;
+};
+
+/**
+ * Generate a new Ed25519 keypair for Sekuire operations
+ */
+declare function generateKeyPair(): KeyPair;
+/**
+ * Calculate Sekuire ID from agent configuration
+ */
+declare function calculateSekuireId(params: {
+    model: string;
+    systemPrompt: string;
+    tools: string;
+    projectName: string;
+    projectVersion: string;
+}): string;
+/**
+ * Create a SekuireClient with sensible defaults
+ */
+declare function createSekuireClient(keyPair: KeyPair, registryUrl?: string, options?: Partial<SekuireClientConfig>): SekuireClient;
+
+export { SekuireAgent as Agent, AgentIdentity, AnthropicProvider, ComplianceError, ComplianceMonitor, ContentPolicyError, CryptoError, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireServer, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, builtInTools, calculateSekuireId, createAgent, createDefaultToolRegistry, createLLMProvider, createMemoryStorage, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getSystemPrompt, getTools, llm, loadConfig, loadSystemPrompt, loadTools, tool, tools };
+export type { ActivePolicy, ActivePolicyResponse, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentResponse$1 as AgentResponse, ChatChunk, ChatOptions, ChatResponse, ComplianceConfig, ComplianceViolation, ToolDefinition as ConfigToolDefinition, CreateOrgRequest, CreateWorkspaceRequest, DisputeRequest, EventLog, EventType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InviteRequest, InviteResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PostgresConfig, ProjectMetadata, PublishRequest, RedisConfig, ReputationLog, ReputationResponse, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, Severity, SubmitReputationRequest, ToolCall, ToolDefinition$1 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, UserContextResponse, VerificationStatus, VerifyAgentRequest, WorkspaceResponse, WorkspaceSummary };