@sekuire/sdk 0.1.9 → 0.1.11

package/dist/index.d.ts

@@ -1,4 +1,127 @@
 import * as z from 'zod';
+import { Tracer } from '@opentelemetry/api';
+import { ExportResult } from '@opentelemetry/core';
+import { SpanExporter, ReadableSpan } from '@opentelemetry/sdk-trace-base';
+
+/**
+ * Sekuire Beacon - Deployment Registration & Heartbeat
+ *
+ * Automatically registers the agent with Sekuire and sends periodic heartbeats
+ * to show online status in the Dashboard.
+ *
+ * Supports two authentication modes:
+ * 1. Install Token (recommended): Use an install token from the dashboard
+ * 2. API Key: Use an API key for SDK-initiated bootstrap (requires workspace)
+ */
+interface BeaconConfig {
+    /** Sekuire Core API base URL */
+    apiBaseUrl: string;
+    /** Install token from dashboard (preferred for BYOC deployments) */
+    installToken?: string;
+    /** API key for authentication (reads from SEKUIRE_API_KEY if not set) */
+    apiKey?: string;
+    /** Agent ID to register */
+    agentId: string;
+    /** Workspace ID (required when using API key without install token) */
+    workspaceId?: string;
+    /** Heartbeat interval in seconds (default: 60) */
+    heartbeatIntervalSeconds?: number;
+    /** Optional explicit deployment URL (auto-detected if not set) */
+    deploymentUrl?: string;
+    /** Optional capabilities this agent provides */
+    capabilities?: string[];
+    /** Optional callback invoked on status changes */
+    onStatusChange?: (status: BeaconStatus) => void;
+}
+interface BeaconStatus {
+    isRunning: boolean;
+    installationId?: string;
+    runtimeToken?: string;
+    deploymentUrl?: string;
+    lastHeartbeat?: Date;
+    failedHeartbeats: number;
+}
+interface BootstrapResponse {
+    installation_id: string;
+    runtime_token: string;
+    refresh_token: string;
+    expires_at: string;
+    heartbeat_interval: number;
+}
+declare class Beacon {
+    private config;
+    private intervalId;
+    private installationId;
+    private runtimeToken;
+    private refreshToken;
+    private lastHeartbeat;
+    private failedHeartbeats;
+    constructor(config: BeaconConfig);
+    /**
+     * Start the beacon - registers with Sekuire and begins heartbeat loop
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the beacon
+     */
+    stop(): void;
+    /**
+     * Get current beacon status
+     */
+    getStatus(): BeaconStatus;
+    /**
+     * Bootstrap registration with Sekuire
+     *
+     * Exchanges an install token for runtime credentials (installation_id + runtime_token).
+     * The install token is obtained from the dashboard or CLI.
+     */
+    private bootstrap;
+    /**
+     * Send heartbeat (lease renewal) to Sekuire
+     *
+     * Uses the installation-based lease endpoint with runtime token authentication.
+     */
+    private heartbeat;
+    /**
+     * Refresh the runtime token using the refresh token
+     */
+    private refreshRuntimeToken;
+    /**
+     * Notify status change callback
+     */
+    private notifyStatusChange;
+    /**
+     * Get API key from environment
+     */
+    private getApiKey;
+    /**
+     * Get install token from environment
+     */
+    private getInstallToken;
+}
+/**
+ * Create a new beacon instance
+ */
+declare function createBeacon(config: BeaconConfig): Beacon;
+
+declare class AgentIdentity {
+    readonly name: string;
+    readonly sekuireId: string;
+    private readonly privateKey?;
+    readonly publicKey?: string | undefined;
+    constructor(name: string, sekuireId: string, privateKey?: string | undefined, publicKey?: string | undefined);
+    static load(manifestPath?: string): Promise<AgentIdentity>;
+    /**
+     * Sign a message using Ed25519
+     * @param message The message string to sign
+     * @returns Hex-encoded signature
+     */
+    sign(message: string): Promise<string>;
+    /**
+     * Verify a signature (useful for testing)
+     */
+    verify(message: string, signatureHex: string): boolean;
+}
 
 /**
  * 🛡️ Sekuire Logger - Asynchronous Event Logging for TypeScript SDK
@@ -17,6 +140,10 @@ interface LoggerConfig$1 {
     enabled?: boolean;
     batchSize?: number;
     flushInterval?: number;
+    onError?: (error: Error, context: {
+        operation: string;
+        eventsLost?: number;
+    }) => void;
 }
 interface EventLog {
     sekuire_id: string;
@@ -92,6 +219,122 @@ declare class SekuireLogger {
     setEnabled(enabled: boolean): void;
 }
 
+/**
+ * SekuireSDK - Main SDK entry point for TypeScript agents
+ *
+ * Combines identity, logging, and heartbeat functionality with a simple API.
+ */
+
+declare const DEFAULT_API_URL = "https://api.sekuire.ai";
+interface SekuireSDKConfig {
+    privateKey?: string;
+    agentId: string;
+    agentName?: string;
+    apiUrl?: string;
+    apiKey?: string;
+    /** Install token from dashboard (preferred for BYOC deployments) */
+    installToken?: string;
+    workspaceId?: string;
+    environment?: string;
+    autoHeartbeat?: boolean;
+    /** Heartbeat interval in seconds (default: 60) */
+    heartbeatIntervalSeconds?: number;
+    loggingEnabled?: boolean;
+    /** Capabilities this agent provides */
+    capabilities?: string[];
+}
+declare class SekuireSDK {
+    private config;
+    private identity;
+    private logger;
+    private client;
+    private beacon;
+    private isRunning;
+    constructor(config: SekuireSDKConfig);
+    /**
+     * Create SDK instance from environment variables.
+     *
+     * Required env vars:
+     *   SEKUIRE_AGENT_ID - The agent's sekuire_id
+     *   SEKUIRE_INSTALL_TOKEN - Install token from dashboard (required for heartbeat)
+     *
+     * Optional env vars:
+     *   SEKUIRE_API_KEY - API key for authentication (X-API-Key header)
+     *   SEKUIRE_PRIVATE_KEY - Private key for signing
+     *   SEKUIRE_AGENT_NAME - Human-readable agent name
+     *   SEKUIRE_API_URL - API base URL (default: https://api.sekuire.ai)
+     *   SEKUIRE_WORKSPACE_ID - Workspace ID for policy enforcement
+     *   SEKUIRE_ENVIRONMENT - Environment name (default: production)
+     */
+    static fromEnv(options?: {
+        autoHeartbeat?: boolean;
+        loggingEnabled?: boolean;
+    }): SekuireSDK;
+    /**
+     * Start the SDK.
+     *
+     * - Bootstraps with Sekuire using the install token
+     * - Starts auto-heartbeat loop if enabled
+     *
+     * Requires SEKUIRE_INSTALL_TOKEN to be set (from dashboard or CLI).
+     */
+    start(): Promise<void>;
+    /**
+     * Check if the beacon is connected and sending heartbeats.
+     *
+     * @returns True if the beacon has successfully bootstrapped
+     */
+    isConnected(): boolean;
+    /**
+     * Log an event to Sekuire.
+     *
+     * @param eventType Type of event (tool_execution, model_call, policy_check, etc.)
+     * @param data Event-specific data
+     * @param severity Severity level (debug, info, warn, error)
+     */
+    log(eventType: EventType, data: Record<string, unknown>, severity?: Severity): void;
+    /**
+     * Check if an action is allowed by the workspace policy.
+     *
+     * @param action The action to check (e.g., "read_file", "network_access")
+     * @param context Context for the action (e.g., {path: "/etc/passwd"})
+     * @returns True if allowed, False if denied
+     */
+    checkPolicy(action: string, context: Record<string, unknown>): Promise<boolean>;
+    /**
+     * Shutdown the SDK gracefully.
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Get the current beacon status (heartbeat health, connection info).
+     */
+    getBeaconStatus(): BeaconStatus;
+    /**
+     * Get the agent ID.
+     */
+    get agentId(): string;
+    /**
+     * Get the agent's public key.
+     */
+    get publicKey(): string | undefined;
+    /**
+     * Sign a message with the agent's private key.
+     */
+    sign(message: string): Promise<string>;
+    /**
+     * Verify a signature using the agent's public key.
+     */
+    verify(message: string, signature: string): boolean;
+    /**
+     * Get the underlying identity object.
+     */
+    getIdentity(): AgentIdentity;
+    /**
+     * Get the underlying logger object.
+     */
+    getLogger(): SekuireLogger;
+}
+
 /**
  * 🛡️ Sekuire Compliance Enforcement System for TypeScript
  *
@@ -203,21 +446,21 @@ declare class ComplianceMonitor {
      * @param codeSnippet Code snippet for pattern checking
      * @throws ToolUsageError If tool usage is blocked
      */
-    checkToolUsage(toolName: string, codeSnippet?: string): boolean;
+    checkToolUsage(toolName: string, codeSnippet?: string): void;
     /**
      * 💬 Check input content for policy violations
      *
      * @param content Input content to check
      * @throws ContentPolicyError If content violates policy
      */
-    checkInputContent(content: string): boolean;
+    checkInputContent(content: string): void;
     /**
      * 📤 Check output content for policy violations
      *
      * @param content Output content to check
      * @throws ContentPolicyError If content violates policy
      */
-    checkOutputContent(content: string): boolean;
+    checkOutputContent(content: string): void;
     private checkContent;
     /**
      * 🤖 Check AI model usage compliance
@@ -266,16 +509,6 @@ declare class ComplianceMonitor {
     preWarmCaches(): void;
 }
 
-declare class AgentIdentity {
-    readonly name: string;
-    readonly sekuireId: string;
-    private readonly privateKey?;
-    private readonly publicKey?;
-    constructor(name: string, sekuireId: string, privateKey?: string | undefined, publicKey?: string | undefined);
-    static load(manifestPath?: string): Promise<AgentIdentity>;
-    sign(payload: any): Promise<string>;
-}
-
 /**
  * Sekuire Agent Framework
  *
@@ -297,7 +530,7 @@ interface SekuireAgentConfig {
     /** Optional custom compliance monitor */
     compliance?: ComplianceMonitor;
 }
-interface ToolDefinition$1<T extends z.ZodObject<any> = any> {
+interface ToolDefinition$2<T extends z.ZodObject<any> = any> {
     /** Unique tool name */
     name: string;
     /** Human-readable description */
@@ -305,7 +538,7 @@ interface ToolDefinition$1<T extends z.ZodObject<any> = any> {
     /** Zod schema for input validation */
     schema: T;
     /** Tool execution function */
-    execute: (input: z.infer<T>) => Promise<any> | any;
+    execute: (input: z.infer<T>) => Promise<unknown> | unknown;
     /** Optional: Additional compliance checks */
     beforeExecute?: (input: z.infer<T>) => Promise<void> | void;
 }
@@ -354,15 +587,15 @@ declare class SekuireAgent$1 {
     /**
      * Register a tool with the agent
      */
-    registerTool<T extends z.ZodObject<any>>(tool: ToolDefinition$1<T>): this;
+    registerTool<T extends z.ZodObject<any>>(tool: ToolDefinition$2<T>): this;
     /**
      * Register multiple tools at once
      */
-    registerTools(tools: ToolDefinition$1[]): this;
+    registerTools(tools: ToolDefinition$2[]): this;
     /**
      * Get registered tools
      */
-    getTools(names?: string[]): ToolDefinition$1[];
+    getTools(names?: string[]): ToolDefinition$2[];
     /**
      * Execute a tool by name
      */
@@ -398,11 +631,11 @@ declare class SekuireAgentBuilder {
     /**
      * Add a tool
      */
-    withTool<T extends z.ZodObject<any>>(tool: ToolDefinition$1<T>): this;
+    withTool<T extends z.ZodObject<any>>(tool: ToolDefinition$2<T>): this;
     /**
      * Add multiple tools
      */
-    withTools(tools: ToolDefinition$1[]): this;
+    withTools(tools: ToolDefinition$2[]): this;
     /**
      * Build the agent
      */
@@ -422,7 +655,7 @@ declare class SekuireAgentBuilder {
 declare function createAgent(config?: {
     identity?: AgentIdentity;
     configPath?: string;
-    tools?: ToolDefinition$1[];
+    tools?: ToolDefinition$2[];
     logger?: SekuireAgentConfig["logger"];
 }): Promise<SekuireAgent$1>;
 /**
@@ -442,7 +675,7 @@ declare function createAgent(config?: {
  * });
  * ```
  */
-declare function tool<T extends z.ZodObject<any>>(definition: ToolDefinition$1<T>): ToolDefinition$1<T>;
+declare function tool<T extends z.ZodObject<any>>(definition: ToolDefinition$2<T>): ToolDefinition$2<T>;
 /**
  * Create multiple tools at once
  *
@@ -454,11 +687,11 @@ declare function tool<T extends z.ZodObject<any>>(definition: ToolDefinition$1<T
  * );
  * ```
  */
-declare function tools<T extends ToolDefinition$1[]>(...definitions: T): T;
+declare function tools<T extends ToolDefinition$2[]>(...definitions: T): T;
 /**
  * Get tools registered with an agent
  */
-declare function getTools$1(agent: SekuireAgent$1, names?: string[]): ToolDefinition$1[];
+declare function getTools$1(agent: SekuireAgent$1, names?: string[]): ToolDefinition$2[];
 
 interface ActivePolicyResponse {
     policy_id: string;
@@ -610,6 +843,7 @@ interface WorkspaceSummary {
 }
 interface SekuireClientConfig {
     registryUrl: string;
+    apiKey?: string;
     timeout?: number;
     retries?: number;
 }
@@ -682,6 +916,177 @@ declare class SekuireClient {
     getPublicKey(): string;
 }
 
+interface RegistryClientConfig {
+    apiUrl: string;
+    apiKey?: string;
+    timeout?: number;
+    retries?: number;
+}
+interface PublishAgentOptions {
+    manifest: Manifest;
+    privateKeyHex: string;
+    systemPrompt: string;
+    tools: string;
+    publisherOrgId?: string;
+    visibility?: "public" | "private" | "internal";
+}
+interface UpdateAgentOptions {
+    manifest?: Partial<Manifest>;
+    visibility?: "public" | "private" | "internal";
+    gitRepository?: string;
+}
+interface SearchAgentsOptions {
+    query?: string;
+    tags?: string[];
+    verificationStatus?: VerificationStatus;
+    category?: string;
+    limit?: number;
+    offset?: number;
+}
+interface TaskCompletion {
+    taskId: string;
+    taskHash: string;
+    rating: number;
+    comment?: string;
+    evidence?: string;
+}
+interface LeaderboardEntry {
+    sekuireId: string;
+    name: string;
+    reputationScore: number;
+    taskCount: number;
+    verificationStatus: VerificationStatus;
+    rank: number;
+}
+interface PublishResponse {
+    sekuireId: string;
+    name: string;
+    version: string;
+    verificationStatus: VerificationStatus;
+    createdAt: string;
+}
+interface DisputeResponse {
+    id: string;
+    sekuireId: string;
+    status: "pending" | "reviewing" | "resolved" | "rejected";
+    createdAt: string;
+}
+interface VerificationRequest {
+    sekuireId: string;
+    repositoryUrl?: string;
+    commitHash?: string;
+    complianceFramework?: string;
+}
+interface VerificationResult {
+    passed: boolean;
+    securityScore: number;
+    complianceScore: number;
+    issues: VerificationIssue[];
+    timestamp: string;
+}
+interface VerificationIssue {
+    severity: "critical" | "high" | "medium" | "low";
+    category: string;
+    message: string;
+    file?: string;
+    line?: number;
+}
+interface TrustHeadersRequest {
+    agentId: string;
+    action?: string;
+    context?: Record<string, unknown>;
+}
+interface TrustHeaders {
+    "X-Sekuire-Agent-ID": string;
+    "X-Sekuire-Reputation": string;
+    "X-Sekuire-Verification": string;
+    "X-Sekuire-Badges": string;
+    "X-Sekuire-Timestamp": string;
+    "X-Sekuire-Signature": string;
+}
+declare class SekuireRegistryClient {
+    private readonly http;
+    constructor(config: RegistryClientConfig | string, authToken?: string);
+    setAuthToken(token: string): void;
+    setApiKey(apiKey: string): void;
+    publishAgent(options: PublishAgentOptions): Promise<PublishResponse>;
+    getAgent(sekuireId: string): Promise<AgentResponse>;
+    updateAgent(sekuireId: string, options: UpdateAgentOptions): Promise<AgentResponse>;
+    deleteAgent(sekuireId: string): Promise<void>;
+    listAgents(options?: SearchAgentsOptions): Promise<AgentResponse[]>;
+    searchAgents(query: string, options?: Omit<SearchAgentsOptions, "query">): Promise<AgentResponse[]>;
+    getMyAgents(): Promise<AgentResponse[]>;
+    getReputation(sekuireId: string): Promise<ReputationResponse>;
+    recordTaskCompletion(sekuireId: string, task: TaskCompletion, privateKeyHex: string): Promise<void>;
+    getLeaderboard(limit?: number): Promise<LeaderboardEntry[]>;
+    fileDispute(sekuireId: string, reason: string, evidenceLog: string, accuserId: string): Promise<DisputeResponse>;
+    verifyAgentQuick(sekuireId: string): Promise<VerificationResult>;
+    verifyAgentComprehensive(request: VerificationRequest): Promise<VerificationResult>;
+    getVerificationHistory(sekuireId: string): Promise<VerificationResult[]>;
+    getLatestVerification(sekuireId: string): Promise<VerificationResult | null>;
+    generateTrustHeaders(request: TrustHeadersRequest): Promise<TrustHeaders>;
+    getTrustProfile(agentDid: string): Promise<Record<string, unknown>>;
+    getTransactionHistory(agentDid: string): Promise<unknown[]>;
+    createTask(task: {
+        description: string;
+        capabilities: string[];
+        priority?: number;
+        callbackUrl?: string;
+    }): Promise<{
+        taskId: string;
+        status: string;
+    }>;
+    getTask(taskId: string): Promise<{
+        taskId: string;
+        status: string;
+        result?: unknown;
+        error?: string;
+    }>;
+    completeTask(taskId: string, result: unknown, privateKeyHex: string): Promise<void>;
+    getRegistryStats(): Promise<{
+        totalAgents: number;
+        verifiedAgents: number;
+        totalTasks: number;
+        categories: string[];
+    }>;
+    getCategories(): Promise<Array<{
+        slug: string;
+        name: string;
+        agentCount: number;
+    }>>;
+    getAgentsByCategory(categorySlug: string): Promise<AgentResponse[]>;
+    getWorkspace(workspaceId: string): Promise<Record<string, unknown>>;
+    getWorkspacePolicies(workspaceId: string): Promise<unknown[]>;
+    getActivePolicy(workspaceId: string): Promise<unknown>;
+    getPolicyTemplates(): Promise<unknown[]>;
+    evaluatePolicy(workspaceId: string, action: {
+        type: string;
+        resource: string;
+        context?: Record<string, unknown>;
+    }): Promise<{
+        allowed: boolean;
+        violations: string[];
+    }>;
+    logAgentEvents(sekuireId: string, events: Array<{
+        type: string;
+        severity: string;
+        data: Record<string, unknown>;
+        timestamp?: string;
+    }>): Promise<void>;
+    logAgentHealth(sekuireId: string, health: {
+        status: "healthy" | "degraded" | "unhealthy";
+        uptime: number;
+        memoryMb?: number;
+        cpuPercent?: number;
+    }): Promise<void>;
+    getAgentLogs(sekuireId: string, options?: {
+        limit?: number;
+        offset?: number;
+        type?: string;
+    }): Promise<unknown[]>;
+}
+declare function createRegistryClient(apiUrl: string, authToken?: string, apiKey?: string): SekuireRegistryClient;
+
 interface SekuireConfig {
     project: {
         name: string;
@@ -755,7 +1160,7 @@ interface LLMConfig {
     base_url?: string;
 }
 interface MemoryConfig {
-    type: 'in-memory' | 'redis' | 'postgres';
+    type: 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex' | string;
     max_messages?: number;
     redis?: {
         url?: string;
@@ -774,6 +1179,43 @@ interface MemoryConfig {
         password?: string;
         tableName?: string;
     };
+    sqlite?: {
+        filename: string;
+        tableName?: string;
+    };
+    upstash?: {
+        url: string;
+        token: string;
+        keyPrefix?: string;
+    };
+    cloudflareKV?: {
+        namespaceId?: string;
+        accountId?: string;
+        apiToken?: string;
+        keyPrefix?: string;
+    };
+    cloudflareD1?: {
+        databaseId?: string;
+        accountId?: string;
+        apiToken?: string;
+        tableName?: string;
+    };
+    dynamodb?: {
+        tableName: string;
+        region?: string;
+        endpoint?: string;
+        createTable?: boolean;
+    };
+    turso?: {
+        url: string;
+        authToken?: string;
+        tableName?: string;
+    };
+    convex?: {
+        url: string;
+        adminKey?: string;
+    };
+    config?: Record<string, unknown>;
 }
 interface ComplianceConfig {
     framework?: string;
@@ -788,9 +1230,9 @@ interface LoggerConfig {
 }
 interface ToolsSchema {
     version: string;
-    tools: ToolDefinition[];
+    tools: ToolDefinition$1[];
 }
-interface ToolDefinition {
+interface ToolDefinition$1 {
     name: string;
     description: string;
     category?: string;
@@ -821,9 +1263,6 @@ declare function loadTools(toolsPath: string, basePath?: string): Promise<ToolsS
  */
 declare function getAgentConfig(config: SekuireConfig, agentName?: string): AgentConfig;
 
-/**
- * Cryptographic utilities for Sekuire protocol
- */
 declare class SekuireCrypto {
     /**
      * Generate a new Ed25519 keypair
@@ -881,19 +1320,29 @@ declare class SekuireCrypto {
     static isValidNonce(hex: string): boolean;
 }
 
-/**
- * Message format for chat conversations
- */
+interface ToolDefinition {
+    type: 'function';
+    function: {
+        name: string;
+        description?: string;
+        parameters?: Record<string, unknown>;
+    };
+}
+interface ToolCallFunction {
+    id: string;
+    type: 'function';
+    function: {
+        name: string;
+        arguments: string;
+    };
+}
 interface Message {
     role: 'system' | 'user' | 'assistant' | 'function' | 'tool';
     content: string | null;
     name?: string;
     tool_call_id?: string;
-    tool_calls?: any[];
+    tool_calls?: ToolCallFunction[];
 }
-/**
- * Options for chat completion
- */
 interface ChatOptions {
     temperature?: number;
     max_tokens?: number;
@@ -902,16 +1351,13 @@ interface ChatOptions {
     presence_penalty?: number;
     stop?: string[];
     stream?: boolean;
-    tools?: any[];
+    tools?: ToolDefinition[];
 }
-/**
- * Response from chat completion
- */
 interface ChatResponse {
     content: string;
     model: string;
     finish_reason?: string;
-    tool_calls?: any[];
+    tool_calls?: ToolCallFunction[];
     usage?: {
         prompt_tokens: number;
         completion_tokens: number;
@@ -966,75 +1412,53 @@ interface LLMProviderConfig {
     maxTokens?: number;
 }
 
-/**
- * Anthropic LLM Provider
- * Supports Claude models (Claude 3, Claude 3.5, etc.)
- */
-declare class AnthropicProvider implements LLMProvider {
+declare abstract class BaseLLMProvider implements LLMProvider {
+    protected model: string;
+    protected maxTokens: number;
+    constructor(config: LLMProviderConfig);
+    abstract chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
+    abstract chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
+    abstract getProviderName(): string;
+    protected abstract getMaxTokensForModel(model: string): number;
+    countTokens(text: string): number;
+    getMaxTokens(): number;
+    getModelName(): string;
+}
+
+declare class AnthropicProvider extends BaseLLMProvider {
     private client;
-    private model;
-    private maxTokens;
     constructor(config: LLMProviderConfig);
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
-    countTokens(text: string): number;
-    getMaxTokens(): number;
     getProviderName(): string;
-    getModelName(): string;
-    private getMaxTokensForModel;
+    protected getMaxTokensForModel(model: string): number;
 }
 
-/**
- * Google Gemini LLM Provider
- * Supports Gemini Pro, Gemini Pro Vision, and other Google models
- */
-declare class GoogleProvider implements LLMProvider {
+declare class GoogleProvider extends BaseLLMProvider {
     private client;
-    private model;
-    private maxTokens;
     constructor(config: LLMProviderConfig);
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
-    countTokens(text: string): number;
-    getMaxTokens(): number;
     getProviderName(): string;
-    getModelName(): string;
-    private getMaxTokensForModel;
+    protected getMaxTokensForModel(model: string): number;
 }
 
-/**
- * Ollama LLM Provider
- * Supports local models via Ollama (Llama 2, Mistral, CodeLlama, etc.)
- */
-declare class OllamaProvider implements LLMProvider {
+declare class OllamaProvider extends BaseLLMProvider {
     private baseUrl;
-    private model;
-    private maxTokens;
     constructor(config: LLMProviderConfig);
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
-    countTokens(text: string): number;
-    getMaxTokens(): number;
     getProviderName(): string;
-    getModelName(): string;
+    protected getMaxTokensForModel(_model: string): number;
 }
 
-/**
- * OpenAI LLM Provider
- * Supports GPT-3.5, GPT-4, and other OpenAI models
- */
-declare class OpenAIProvider implements LLMProvider {
+declare class OpenAIProvider extends BaseLLMProvider {
     private client;
-    private model;
-    private maxTokens;
     constructor(config: LLMProviderConfig);
     chat(messages: Message[], options?: ChatOptions): Promise<ChatResponse>;
     chatStream(messages: Message[], options?: ChatOptions): AsyncGenerator<ChatChunk>;
-    countTokens(text: string): number;
-    getMaxTokens(): number;
     getProviderName(): string;
-    getModelName(): string;
-    private getMaxTokensForModel;
+    protected getMaxTokensForModel(model: string): number;
 }
 
 /**
@@ -1045,27 +1469,15 @@ declare function createLLMProvider(provider: string, config: LLMProviderConfig):
  * Factory functions for easy LLM instantiation
  */
 declare const llm: {
-    /**
-     * Create OpenAI provider (GPT-4, GPT-3.5, etc.)
-     */
     openai: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
     }) => OpenAIProvider;
-    /**
-     * Create Anthropic provider (Claude 3, Claude 3.5, etc.)
-     */
     anthropic: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
     }) => AnthropicProvider;
-    /**
-     * Create Google provider (Gemini Pro, Gemini 1.5, etc.)
-     */
     google: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
     }) => GoogleProvider;
-    /**
-     * Create Ollama provider (local models: Llama 2, Mistral, etc.)
-     */
     ollama: (config: Omit<LLMProviderConfig, "model"> & {
         model?: string;
     }) => OllamaProvider;
@@ -1083,17 +1495,25 @@ interface MemoryStorage {
     clear(sessionId: string): Promise<void>;
     delete(sessionId: string): Promise<void>;
     exists(sessionId: string): Promise<boolean>;
+    connect?(): Promise<void>;
+    disconnect?(): Promise<void>;
+    isConnected?(): boolean;
 }
 declare abstract class BaseMemoryStorage implements MemoryStorage {
+    protected _connected: boolean;
     abstract add(sessionId: string, message: MemoryMessage): Promise<void>;
     abstract get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
     abstract clear(sessionId: string): Promise<void>;
     abstract delete(sessionId: string): Promise<void>;
     abstract exists(sessionId: string): Promise<boolean>;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    isConnected(): boolean;
 }
 
 declare class InMemoryStorage extends BaseMemoryStorage {
     private storage;
+    constructor();
     add(sessionId: string, message: MemoryMessage): Promise<void>;
     get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
     clear(sessionId: string): Promise<void>;
@@ -1109,13 +1529,17 @@ interface PostgresConfig {
     user?: string;
     password?: string;
     tableName?: string;
+    lazyConnect?: boolean;
 }
 declare class PostgresStorage extends BaseMemoryStorage {
     private pool;
     private tableName;
-    private initialized;
+    private config;
+    private connectionPromise;
     constructor(config: PostgresConfig);
+    connect(): Promise<void>;
     private initPool;
+    private ensureConnected;
     private createTableIfNotExists;
     add(sessionId: string, message: MemoryMessage): Promise<void>;
     get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
@@ -1132,14 +1556,181 @@ interface RedisConfig {
     db?: number;
     url?: string;
     keyPrefix?: string;
+    lazyConnect?: boolean;
 }
 declare class RedisStorage extends BaseMemoryStorage {
     private client;
     private keyPrefix;
-    private connected;
+    private config;
+    private connectionPromise;
     constructor(config: RedisConfig);
+    connect(): Promise<void>;
     private initClient;
+    private ensureConnected;
+    private getKey;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface SQLiteConfig {
+    filename: string;
+    tableName?: string;
+    readonly?: boolean;
+}
+declare class SQLiteStorage extends BaseMemoryStorage {
+    private db;
+    private config;
+    private tableName;
+    private connectionPromise;
+    constructor(config: SQLiteConfig);
+    connect(): Promise<void>;
+    private ensureTableExists;
+    private ensureConnected;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface UpstashConfig {
+    url: string;
+    token: string;
+    keyPrefix?: string;
+}
+declare class UpstashStorage extends BaseMemoryStorage {
+    private client;
+    private keyPrefix;
+    private config;
+    private connectionPromise;
+    constructor(config: UpstashConfig);
+    connect(): Promise<void>;
+    private ensureConnected;
+    private getKey;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface CloudflareKVConfig {
+    binding?: any;
+    accountId?: string;
+    namespaceId?: string;
+    apiToken?: string;
+    keyPrefix?: string;
+}
+declare class CloudflareKVStorage extends BaseMemoryStorage {
+    private binding;
+    private config;
+    private keyPrefix;
+    private useRestApi;
+    constructor(config: CloudflareKVConfig);
     private getKey;
+    private kvGet;
+    private kvPut;
+    private kvDelete;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface CloudflareD1Config {
+    binding?: any;
+    accountId?: string;
+    databaseId?: string;
+    apiToken?: string;
+    tableName?: string;
+}
+declare class CloudflareD1Storage extends BaseMemoryStorage {
+    private binding;
+    private config;
+    private tableName;
+    private useRestApi;
+    private tableInitialized;
+    constructor(config: CloudflareD1Config);
+    private executeQuery;
+    private ensureTableExists;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface DynamoDBConfig {
+    tableName: string;
+    region?: string;
+    endpoint?: string;
+    credentials?: {
+        accessKeyId: string;
+        secretAccessKey: string;
+    };
+    createTable?: boolean;
+}
+declare class DynamoDBStorage extends BaseMemoryStorage {
+    private client;
+    private docClient;
+    private config;
+    private connectionPromise;
+    private tableReady;
+    constructor(config: DynamoDBConfig);
+    connect(): Promise<void>;
+    private ensureTableExists;
+    private ensureConnected;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface TursoConfig {
+    url: string;
+    authToken?: string;
+    tableName?: string;
+}
+declare class TursoStorage extends BaseMemoryStorage {
+    private client;
+    private config;
+    private tableName;
+    private connectionPromise;
+    private tableInitialized;
+    constructor(config: TursoConfig);
+    connect(): Promise<void>;
+    private ensureTableExists;
+    private ensureConnected;
+    add(sessionId: string, message: MemoryMessage): Promise<void>;
+    get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
+    clear(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+
+interface ConvexConfig {
+    url: string;
+    adminKey?: string;
+}
+declare class ConvexStorage extends BaseMemoryStorage {
+    private client;
+    private config;
+    private connectionPromise;
+    constructor(config: ConvexConfig);
+    connect(): Promise<void>;
+    private ensureConnected;
     add(sessionId: string, message: MemoryMessage): Promise<void>;
     get(sessionId: string, limit?: number): Promise<MemoryMessage[]>;
     clear(sessionId: string): Promise<void>;
@@ -1147,12 +1738,33 @@ declare class RedisStorage extends BaseMemoryStorage {
     exists(sessionId: string): Promise<boolean>;
     disconnect(): Promise<void>;
 }
+declare const CONVEX_SCHEMA_TEMPLATE = "\n// convex/schema.ts\nimport { defineSchema, defineTable } from \"convex/server\";\nimport { v } from \"convex/values\";\n\nexport default defineSchema({\n  sekuireMemory: defineTable({\n    sessionId: v.string(),\n    role: v.union(v.literal(\"user\"), v.literal(\"assistant\"), v.literal(\"system\")),\n    content: v.string(),\n    timestamp: v.number(),\n    metadata: v.optional(v.any()),\n  }).index(\"by_session\", [\"sessionId\", \"timestamp\"]),\n});\n";
+declare const CONVEX_FUNCTIONS_TEMPLATE = "\n// convex/sekuireMemory.ts\nimport { mutation, query } from \"./_generated/server\";\nimport { v } from \"convex/values\";\n\nexport const add = mutation({\n  args: {\n    sessionId: v.string(),\n    role: v.union(v.literal(\"user\"), v.literal(\"assistant\"), v.literal(\"system\")),\n    content: v.string(),\n    timestamp: v.number(),\n    metadata: v.optional(v.any()),\n  },\n  handler: async (ctx, args) => {\n    await ctx.db.insert(\"sekuireMemory\", args);\n  },\n});\n\nexport const get = query({\n  args: {\n    sessionId: v.string(),\n    limit: v.optional(v.number()),\n  },\n  handler: async (ctx, args) => {\n    let query = ctx.db\n      .query(\"sekuireMemory\")\n      .withIndex(\"by_session\", (q) => q.eq(\"sessionId\", args.sessionId))\n      .order(\"asc\");\n\n    const messages = await query.collect();\n\n    if (args.limit) {\n      return messages.slice(-args.limit);\n    }\n    return messages;\n  },\n});\n\nexport const clear = mutation({\n  args: {\n    sessionId: v.string(),\n  },\n  handler: async (ctx, args) => {\n    const messages = await ctx.db\n      .query(\"sekuireMemory\")\n      .withIndex(\"by_session\", (q) => q.eq(\"sessionId\", args.sessionId))\n      .collect();\n\n    for (const message of messages) {\n      await ctx.db.delete(message._id);\n    }\n  },\n});\n\nexport const exists = query({\n  args: {\n    sessionId: v.string(),\n  },\n  handler: async (ctx, args) => {\n    const message = await ctx.db\n      .query(\"sekuireMemory\")\n      .withIndex(\"by_session\", (q) => q.eq(\"sessionId\", args.sessionId))\n      .first();\n    return message !== null;\n  },\n});\n";
+
+type StorageFactory = (config: any) => MemoryStorage;
+declare function registerStorage(type: string, factory: StorageFactory, description?: string): void;
+declare function hasStorage(type: string): boolean;
+declare function listStorageTypes(): string[];
+declare function getStorageInfo(): Array<{
+    type: string;
+    description?: string;
+}>;
 
-type MemoryType = 'in-memory' | 'redis' | 'postgres';
+type BuiltInMemoryType = 'in-memory' | 'buffer' | 'redis' | 'postgres' | 'sqlite' | 'upstash' | 'cloudflare-kv' | 'cloudflare-d1' | 'dynamodb' | 'turso' | 'convex';
+type MemoryType = BuiltInMemoryType | string;
 interface MemoryFactoryConfig {
     type: MemoryType;
     redis?: RedisConfig;
     postgres?: PostgresConfig;
+    sqlite?: SQLiteConfig;
+    upstash?: UpstashConfig;
+    cloudflareKV?: CloudflareKVConfig;
+    cloudflareD1?: CloudflareD1Config;
+    dynamodb?: DynamoDBConfig;
+    turso?: TursoConfig;
+    convex?: ConvexConfig;
+    options?: Record<string, unknown>;
+    instance?: MemoryStorage;
 }
 declare function createMemoryStorage(config: MemoryFactoryConfig): MemoryStorage;
 
@@ -1201,7 +1813,7 @@ declare class PolicyEnforcer {
  */
 interface AgentOptions {
     llm?: LLMProvider;
-    tools?: ToolDefinition[];
+    tools?: ToolDefinition$1[];
     memory?: MemoryStorage;
     systemPrompt?: string;
     policyPath?: string;
@@ -1222,7 +1834,7 @@ declare class SekuireAgent {
         name: string;
         llm: LLMProvider;
         systemPrompt: string;
-        tools: ToolDefinition[];
+        tools: ToolDefinition$1[];
         memory?: MemoryStorage;
         maxHistoryMessages?: number;
         policyEnforcer?: PolicyEnforcer;
@@ -1259,7 +1871,7 @@ declare class SekuireAgent {
     /**
      * Get available tools
      */
-    getTools(): ToolDefinition[];
+    getTools(): ToolDefinition$1[];
     /**
      * Get the active policy enforcer
      */
@@ -1325,7 +1937,7 @@ declare function getSystemPrompt(agentName?: string, configPath?: string): Promi
  * console.log(toolsSchema.tools);
  * ```
  */
-declare function getTools(agentName?: string, configPath?: string): Promise<ToolDefinition[]>;
+declare function getTools(agentName?: string, configPath?: string): Promise<ToolDefinition$1[]>;
 
 /**
  * Base class for implementing Sekuire protocol servers
@@ -1430,90 +2042,38 @@ declare class AgentStatusTool extends Tool {
  * Tool for invoking other Sekuire agents
  * Performs handshake and sends requests to verified agents
  */
-declare class InvokeAgentTool implements Tool {
+declare class InvokeAgentTool extends Tool {
+    metadata: ToolMetadata;
+    private client;
     private readonly privateKey?;
     private readonly publicKey?;
     private readonly registryUrl;
-    name: string;
-    description: string;
-    parameters: {
-        type: "object";
-        properties: {
-            agent_url: {
-                type: "string";
-                description: string;
-            };
-            agent_id: {
-                type: "string";
-                description: string;
-            };
-            request: {
-                type: "string";
-                description: string;
-            };
-            parameters: {
-                type: "object";
-                description: string;
-            };
-        };
-        required: string[];
-    };
-    metadata: ToolMetadata;
-    private client;
-    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
-    execute(args: Record<string, any>): Promise<string>;
+    constructor(privateKey?: string, publicKey?: string, registryUrl?: string);
+    execute(input: ToolInput): Promise<string>;
 }
 /**
  * Tool for searching the Sekuire registry for agents
  */
-declare class SearchAgentsTool implements Tool {
+declare class SearchAgentsTool extends Tool {
+    metadata: ToolMetadata;
+    private client;
     private readonly privateKey?;
     private readonly publicKey?;
     private readonly registryUrl;
-    name: string;
-    description: string;
-    parameters: {
-        type: "object";
-        properties: {
-            query: {
-                type: "string";
-                description: string;
-            };
-            limit: {
-                type: "number";
-                description: string;
-            };
-        };
-        required: string[];
-    };
-    metadata: ToolMetadata;
-    private client;
-    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
-    execute(args: Record<string, any>): Promise<string>;
+    constructor(privateKey?: string, publicKey?: string, registryUrl?: string);
+    execute(input: ToolInput): Promise<string>;
 }
 /**
  * Tool for getting detailed information about a specific agent
  */
-declare class GetAgentInfoTool implements Tool {
+declare class GetAgentInfoTool extends Tool {
+    metadata: ToolMetadata;
+    private client;
     private readonly privateKey?;
     private readonly publicKey?;
     private readonly registryUrl;
-    name: string;
-    description: string;
-    parameters: {
-        type: "object";
-        properties: {
-            agent_id: {
-                type: "string";
-                description: string;
-            };
-        };
-        required: string[];
-    };
-    metadata: ToolMetadata;
-    private client;
-    constructor(privateKey?: string | undefined, publicKey?: string | undefined, registryUrl?: string);
-    execute(args: Record<string, any>): Promise<string>;
+    constructor(privateKey?: string, publicKey?: string, registryUrl?: string);
+    execute(input: ToolInput): Promise<string>;
 }
 
 declare class CalculatorTool extends Tool {
@@ -1980,11 +2540,11 @@ declare const builtInTools: {
 /**
  * Create a tool for discovering other agents in the Sekuire network
  */
-declare function createDiscoveryTool(client: SekuireClient): ToolDefinition$1;
+declare function createDiscoveryTool(client: SekuireClient): ToolDefinition$2;
 /**
  * Create a tool for delegating tasks to other agents
  */
-declare function createDelegationTool(client: SekuireClient): ToolDefinition$1;
+declare function createDelegationTool(client: SekuireClient): ToolDefinition$2;
 
 /**
  * Generate a new Ed25519 keypair for Sekuire operations
@@ -2005,5 +2565,585 @@ declare function calculateSekuireId(params: {
  */
 declare function createSekuireClient(keyPair: KeyPair, registryUrl?: string, options?: Partial<SekuireClientConfig>): SekuireClient;
 
-export { SekuireAgent as Agent, AgentIdentity, AnthropicProvider, ComplianceError, ComplianceMonitor, ContentPolicyError, CryptoError, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireServer, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, builtInTools, calculateSekuireId, createAgent, createDefaultToolRegistry, createDelegationTool, createDiscoveryTool, createLLMProvider, createMemoryStorage, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getSystemPrompt, getTools, llm, loadConfig, loadSystemPrompt, loadTools, tool, tools };
-export type { ActivePolicy, ActivePolicyResponse, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentResponse$1 as AgentResponse, ChatChunk, ChatOptions, ChatResponse, ComplianceConfig, ComplianceViolation, ToolDefinition as ConfigToolDefinition, CreateOrgRequest, CreateWorkspaceRequest, DisputeRequest, EventLog, EventType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InviteRequest, InviteResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PostgresConfig, ProjectMetadata, PublishRequest, RedisConfig, ReputationLog, ReputationResponse, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, Severity, SubmitReputationRequest, ToolCall, ToolDefinition$1 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, UserContextResponse, VerificationStatus, VerifyAgentRequest, WorkspaceResponse, WorkspaceSummary };
+/**
+ * Sekuire Task Worker
+ *
+ * Handles SSE connection to Core for real-time task delivery.
+ * Provides `onTask()` API for agents to register task handlers.
+ */
+interface TaskEvent {
+    task_id: string;
+    capability?: string;
+    tool?: string;
+    input: Record<string, unknown>;
+    workspace_id: string;
+    requester_agent_id?: string;
+    parent_task_id?: string;
+    trace_id?: string;
+    workflow_id?: string;
+}
+interface TaskContext {
+    taskId: string;
+    workspaceId: string;
+    requesterId?: string;
+    parentTaskId?: string;
+    traceId?: string;
+    workflowId?: string;
+}
+type TaskHandler = (ctx: TaskContext, input: Record<string, unknown>) => Promise<unknown>;
+interface WorkerConfig {
+    apiBaseUrl: string;
+    token: string;
+    agentId?: string;
+    apiKey?: string;
+    heartbeatIntervalMs?: number;
+    reconnectDelayMs?: number;
+    maxReconnectDelayMs?: number;
+    deploymentUrl?: string;
+}
+declare class TaskWorker {
+    private eventSource;
+    private handlers;
+    private config;
+    private heartbeatInterval;
+    private reconnectDelay;
+    private isConnected;
+    private isPaused;
+    private installationId;
+    private onCommandCallback?;
+    constructor(config: WorkerConfig);
+    /**
+     * Register a handler for a specific capability
+     */
+    onTask(capability: string, handler: TaskHandler): this;
+    /**
+     * Start the worker (connects to SSE stream and starts heartbeat)
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the worker gracefully
+     */
+    stop(): Promise<void>;
+    /**
+     * Check if the worker is currently paused
+     */
+    getIsPaused(): boolean;
+    /**
+     * Register a callback for control commands
+     */
+    onCommand(callback: (cmd: {
+        type: string;
+        reason?: string;
+    }) => void): this;
+    /**
+     * Handle control commands from SSE or heartbeat fallback
+     */
+    private handleCommand;
+    /**
+     * Get API key from config or environment
+     */
+    private getApiKey;
+    /**
+     * Connect to SSE stream
+     */
+    private connect;
+    /**
+     * Schedule reconnection with exponential backoff
+     */
+    private scheduleReconnect;
+    /**
+     * Handle incoming task
+     */
+    private handleTask;
+    /**
+     * Report task completion to Core
+     */
+    private completeTask;
+    /**
+     * Register this agent installation with Sekuire
+     */
+    private bootstrap;
+    /**
+     * Start heartbeat loop
+     */
+    private startHeartbeat;
+}
+declare function createWorker(config: WorkerConfig): TaskWorker;
+
+interface SekuireExporterConfig {
+    apiUrl: string;
+    agentId: string;
+    authToken?: string;
+    workspaceId?: string;
+}
+declare class SekuireSpanExporter implements SpanExporter {
+    private config;
+    private pendingExport;
+    constructor(config: SekuireExporterConfig);
+    export(spans: ReadableSpan[], resultCallback: (result: ExportResult) => void): void;
+    private spanToEvent;
+    private mapSpanToEventType;
+    private getDurationMs;
+    private extractAttributes;
+    private sendEvents;
+    shutdown(): Promise<void>;
+    forceFlush(): Promise<void>;
+}
+
+type ExporterType = 'otlp' | 'sekuire' | 'console' | 'none';
+interface TelemetryConfig {
+    enabled?: boolean;
+    agentId: string;
+    exporter?: ExporterType;
+    otlpEndpoint?: string;
+    sekuireApiUrl?: string;
+    authToken?: string;
+    workspaceId?: string;
+    debug?: boolean;
+    batchConfig?: {
+        maxQueueSize?: number;
+        maxExportBatchSize?: number;
+        scheduledDelayMillis?: number;
+    };
+}
+declare function initTelemetry(config: TelemetryConfig): Tracer;
+declare function getTracer(): Tracer;
+declare function shutdownTelemetry(): Promise<void>;
+
+declare function detectDeploymentUrl(): string | undefined;
+
+/**
+ * A2A Protocol Type Definitions
+ *
+ * Types implementing the A2A Protocol specification for agent interoperability.
+ * See: https://github.com/a2aproject/A2A
+ */
+/** Full A2A-compliant Agent Card */
+interface AgentCard {
+    /** Unique agent identifier (e.g., "sekuire:workspace:agent-name") */
+    agentId: string;
+    /** Human-readable agent name */
+    name: string;
+    /** Agent description */
+    description: string;
+    /** Semantic version */
+    version: string;
+    /** Provider information */
+    provider?: AgentProvider;
+    /** Supported A2A protocol versions */
+    protocolVersions: string[];
+    /** Agent capabilities */
+    capabilities: AgentCapabilities;
+    /** Skills the agent provides */
+    skills: AgentSkill[];
+    /** Default input MIME types accepted */
+    defaultInputModes?: string[];
+    /** Default output MIME types produced */
+    defaultOutputModes?: string[];
+    /** Security schemes supported */
+    securitySchemes?: Record<string, SecurityScheme>;
+    /** Required security scheme names */
+    security?: string[];
+    /** Base URL for A2A endpoints */
+    url: string;
+}
+/** Provider information */
+interface AgentProvider {
+    name: string;
+    url?: string;
+}
+/** Agent capabilities */
+interface AgentCapabilities {
+    /** Supports streaming responses via SSE */
+    streaming: boolean;
+    /** Supports push notifications */
+    pushNotifications: boolean;
+    /** Supports extended agent card endpoint */
+    extendedAgentCard: boolean;
+}
+/** Security scheme definition */
+interface SecurityScheme {
+    type: string;
+    scheme?: string;
+    bearerFormat?: string;
+}
+/** Structured skill definition */
+interface AgentSkill {
+    /** Skill identifier (e.g., "document:summarize") */
+    id: string;
+    /** Human-readable skill name */
+    name: string;
+    /** Skill description */
+    description?: string;
+    /** Tags for categorization */
+    tags?: string[];
+    /** Input MIME types accepted */
+    inputModes?: string[];
+    /** Output MIME types produced */
+    outputModes?: string[];
+    /** Example prompts */
+    examples?: string[];
+}
+/** A2A message with role and parts */
+interface A2AMessage {
+    /** Message role: "user" or "agent" */
+    role: "user" | "agent";
+    /** Message content parts */
+    parts: A2AMessagePart[];
+}
+/** Message part content */
+type A2AMessagePart = {
+    type: "text";
+    text: string;
+} | {
+    type: "file";
+    uri: string;
+    mimeType?: string;
+} | {
+    type: "data";
+    data: unknown;
+};
+/** A2A task states */
+type A2ATaskState = "pending" | "working" | "input-required" | "completed" | "failed" | "cancelled";
+/** A2A task status with timestamp */
+interface A2ATaskStatus {
+    state: A2ATaskState;
+    timestamp: string;
+}
+/** Full A2A task */
+interface A2ATask {
+    taskId: string;
+    contextId?: string;
+    status: A2ATaskStatus;
+    artifacts: A2AArtifact[];
+    history: A2AMessage[];
+    /** ID of the task that delegated to this task */
+    parentTaskId?: string;
+    /** Trace ID shared across the delegation chain */
+    traceId?: string;
+}
+/** Task artifact output */
+interface A2AArtifact {
+    name?: string;
+    parts: A2AMessagePart[];
+    index?: number;
+}
+/** Request for skill-based auto-discovery routing */
+interface A2ARouteRequest {
+    /** Required skill (e.g., "document:summarize") */
+    skill: string;
+    /** Message to send to the agent */
+    message: A2AMessage;
+    /** Optional conversation context ID */
+    contextId?: string;
+    /** Parent task ID for delegation tracking */
+    parentTaskId?: string;
+    /** Trace ID for the entire delegation chain */
+    traceId?: string;
+}
+/** Response from skill-based routing */
+interface A2ARouteResponse {
+    /** Created task ID */
+    taskId: string;
+    /** Current task status */
+    status: A2ATaskState;
+    /** ID of the selected agent */
+    agentId: string;
+    /** Initial response message (if any) */
+    message?: A2AMessage;
+    /** Trace ID for the delegation chain */
+    traceId?: string;
+}
+/** JSON-RPC 2.0 Request */
+interface JsonRpcRequest {
+    jsonrpc: "2.0";
+    method: string;
+    id: string | number;
+    params?: unknown;
+}
+/** JSON-RPC 2.0 Response */
+interface JsonRpcResponse<T = unknown> {
+    jsonrpc: "2.0";
+    id: string | number;
+    result?: T;
+    error?: JsonRpcError;
+}
+/** JSON-RPC 2.0 Error */
+interface JsonRpcError {
+    code: number;
+    message: string;
+    data?: unknown;
+}
+/** Parameters for tasks/send method */
+interface TasksSendParams {
+    /** Optional existing task ID to continue */
+    taskId?: string;
+    /** Message to send */
+    message: A2AMessage;
+    /** Optional context ID for grouping tasks */
+    contextId?: string;
+}
+/** Parameters for tasks/get method */
+interface TasksGetParams {
+    taskId: string;
+}
+/** Parameters for tasks/cancel method */
+interface TasksCancelParams {
+    taskId: string;
+}
+/** Parameters for tasks/sendSubscribe method */
+interface TasksSendSubscribeParams {
+    /** Optional existing task ID to continue */
+    taskId?: string;
+    /** Message to send */
+    message: A2AMessage;
+}
+/** SSE task update event */
+interface TaskUpdateEvent {
+    taskId: string;
+    status: A2ATaskState;
+    updatedAt: string;
+    message?: A2AMessage;
+    artifacts?: A2AArtifact[];
+}
+
+/**
+ * A2A Protocol Client
+ *
+ * Client for interacting with A2A-compliant agents via the Sekuire API.
+ */
+
+interface A2AClientOptions {
+    /** Base URL for the Sekuire API */
+    baseUrl: string;
+    /** Authentication token */
+    authToken: string;
+    /** Optional timeout in milliseconds (default: 30000) */
+    timeout?: number;
+}
+/**
+ * A2A Protocol Client
+ *
+ * @example
+ * ```typescript
+ * const client = new A2AClient({
+ *   baseUrl: "https://api.sekuire.ai",
+ *   authToken: "your-token",
+ * });
+ *
+ * // Auto-discover and send task by skill
+ * const result = await client.sendBySkill({
+ *   skill: "document:summarize",
+ *   message: {
+ *     role: "user",
+ *     parts: [{ type: "text", text: "Summarize this document" }],
+ *   },
+ * });
+ *
+ * // Stream task updates
+ * for await (const event of client.subscribe(result.taskId)) {
+ *   console.log(event.status, event.artifacts);
+ * }
+ * ```
+ */
+declare class A2AClient {
+    private baseUrl;
+    private authToken;
+    private timeout;
+    constructor(options: A2AClientOptions);
+    /**
+     * Send a task by skill using auto-discovery routing.
+     * The API will find an agent with the matching skill and forward the task.
+     */
+    sendBySkill(request: A2ARouteRequest): Promise<A2ARouteResponse>;
+    /**
+     * Send a message directly to a specific agent.
+     */
+    send(agentUrl: string, message: A2AMessage, taskId?: string): Promise<A2ATask>;
+    /**
+     * Send a task via JSON-RPC to the Sekuire API.
+     */
+    sendTask(params: TasksSendParams): Promise<A2ATask>;
+    /**
+     * Get task status and details.
+     */
+    getTask(taskId: string): Promise<A2ATask>;
+    /**
+     * Cancel a running task.
+     */
+    cancelTask(taskId: string): Promise<A2ATask>;
+    /**
+     * Subscribe to task updates via SSE.
+     *
+     * @example
+     * ```typescript
+     * for await (const event of client.subscribe(taskId)) {
+     *   console.log(event.status);
+     *   if (event.status === "completed") break;
+     * }
+     * ```
+     */
+    subscribe(taskId: string): AsyncGenerator<TaskUpdateEvent>;
+    /**
+     * Get an agent's card (capabilities, skills).
+     */
+    getAgentCard(agentId: string): Promise<AgentCard>;
+    /**
+     * Make a JSON-RPC call to the A2A endpoint.
+     */
+    private jsonRpc;
+    private fetch;
+}
+/**
+ * A2A Protocol Error
+ */
+declare class A2AError extends Error {
+    readonly code: string;
+    readonly jsonRpcCode?: number | undefined;
+    constructor(message: string, code: string, jsonRpcCode?: number | undefined);
+}
+
+/**
+ * A2A Protocol Server
+ *
+ * Server implementation for creating A2A-compliant agents with streaming support.
+ */
+
+interface A2AServerOptions {
+    card: AgentCard;
+    identity?: AgentIdentity;
+    port?: number;
+    handlers: Record<string, SkillHandler>;
+    streamingHandlers?: Record<string, StreamingSkillHandler>;
+}
+type SkillHandler = (message: A2AMessage, context: SkillContext) => Promise<A2AMessage | A2AArtifact[]>;
+type StreamingSkillHandler = (message: A2AMessage, context: StreamingSkillContext) => AsyncGenerator<StreamingUpdate>;
+interface SkillContext {
+    taskId: string;
+    contextId?: string;
+    history: A2AMessage[];
+}
+interface StreamingSkillContext extends SkillContext {
+    emit: (update: StreamingUpdate) => void;
+}
+type StreamingUpdate = {
+    type: "progress";
+    message: string;
+    percent?: number;
+} | {
+    type: "artifact";
+    artifact: A2AArtifact;
+} | {
+    type: "message";
+    message: A2AMessage;
+} | {
+    type: "status";
+    status: A2ATaskState;
+};
+interface TaskState {
+    id: string;
+    contextId?: string;
+    status: A2ATaskState;
+    history: A2AMessage[];
+    artifacts: A2AArtifact[];
+    createdAt: Date;
+    updatedAt: Date;
+    subscribers: Set<(event: TaskUpdateEvent) => void>;
+}
+declare class A2AServer {
+    private card;
+    private identity?;
+    private handlers;
+    private streamingHandlers;
+    private tasks;
+    private heartbeatInterval?;
+    constructor(options: A2AServerOptions);
+    /**
+     * Start sending heartbeats to the registry
+     * @param publicUrl The public URL where this agent is reachable
+     * @param registryUrl The registry API base URL (default: http://localhost:3000)
+     */
+    startHeartbeat(publicUrl: string, registryUrl?: string): Promise<void>;
+    stopHeartbeat(): void;
+    getAgentCard(): AgentCard;
+    getTask(taskId: string): TaskState | undefined;
+    handleRequest(request: JsonRpcRequest): Promise<JsonRpcResponse>;
+    handleStreamingRequest(request: JsonRpcRequest): AsyncGenerator<TaskUpdateEvent>;
+    subscribeToTask(taskId: string): AsyncGenerator<TaskUpdateEvent> | null;
+    formatSSE(event: TaskUpdateEvent): string;
+    notifySubscribers(taskId: string): void;
+    private handleTasksSend;
+    private handleTasksGet;
+    private handleTasksCancel;
+    private findHandler;
+    private findStreamingHandler;
+    private findHandlerInMap;
+    private extractText;
+    private createUpdateEvent;
+    private taskToResponse;
+    private success;
+    private error;
+    private generateId;
+}
+
+/**
+ * A2A Task Delegator
+ *
+ * Enables agents to delegate tasks to other agents and receive completion callbacks.
+ * Provides a complete feedback loop for multi-agent orchestration.
+ */
+
+interface DelegatorConfig {
+    apiUrl: string;
+    authToken: string;
+    workspaceId: string;
+    agentId: string;
+    timeout?: number;
+    pollInterval?: number;
+}
+interface DelegationRequest {
+    skill: string;
+    message: string | A2AMessage;
+    contextId?: string;
+    parentTaskId?: string;
+    traceId?: string;
+    timeout?: number;
+    onProgress?: (event: TaskUpdateEvent) => void;
+}
+interface DelegationResult {
+    taskId: string;
+    agentId: string;
+    traceId?: string;
+    status: A2ATaskState;
+    result?: A2AMessage;
+    artifacts?: Array<{
+        name?: string;
+        parts: Array<{
+            type: string;
+            text?: string;
+        }>;
+    }>;
+    error?: string;
+    executionTimeMs: number;
+}
+declare class A2ATaskDelegator {
+    private client;
+    private config;
+    private activeDelegations;
+    constructor(config: DelegatorConfig);
+    delegate(request: DelegationRequest): Promise<DelegationResult>;
+    delegateWithStreaming(request: DelegationRequest): AsyncGenerator<TaskUpdateEvent, DelegationResult>;
+    cancelDelegation(taskId: string): void;
+    cancelAllDelegations(): void;
+    discoverAgents(skill: string): Promise<Array<{
+        agentId: string;
+        name: string;
+    }>>;
+    private waitForCompletion;
+    private pollForCompletion;
+    private sleep;
+}
+declare function createDelegator(config: DelegatorConfig): A2ATaskDelegator;
+
+export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
+export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };