@tangle-network/agent-runtime 0.52.0 → 0.53.0

package/dist/intelligence.d.ts

@@ -1,3 +1,9 @@
+import { e as LoopTraceEvent } from './types-CklkW4Eh.js';
+import { AgentProfileMcpServer } from '@tangle-network/sandbox';
+import { T as ToolSpec } from './router-client-B0Qi1NiN.js';
+import '@tangle-network/agent-eval';
+import './runtime-hooks-C7JwKb9E.js';
+
 /**
  * @experimental
  *
@@ -69,6 +75,46 @@ declare function resolveEffort(tier: EffortTier, overrides?: EffortOverrides): E
  * OFF floor and the wrapper treats them as an intelligence-enabled run.
  */
 declare function isIntelligenceOff(settings: EffortSettings): boolean;
+/**
+ * The run-config overrides an `EffortSettings` compiles to — the bridge between the
+ * pure effort policy and the orchestration entrypoints (`runPersonified` / the
+ * improvement cycle). This is ONLY data: it never constructs an analyst or runs a
+ * loop. The caller reads these flags to decide WHAT to pass:
+ *
+ *  - `withAnalyst: false` ⇒ DO NOT construct/pass a `ScopeAnalyst` to `runPersonified`
+ *    (the dormant empty-findings path runs; the base agent still works). This is the
+ *    PRODUCT fail-closed at `off`/`eco` — "don't construct the analyst" — distinct from
+ *    the EXPERIMENT fail-closed inside `createScopeAnalyst` ("hard abort"), which stays
+ *    untouched. Degrade, never throw.
+ *  - `fanout` ⇒ the `ShapeBudget.fanout` width to pass (`1` at `off`, the tier's breadth
+ *    otherwise). Overrides the personify default fanout.
+ *  - `withLoops: false` ⇒ the improvement cycle is a no-op for this run (no refine /
+ *    fanout-vote multi-step loop spawns).
+ *  - `intelligenceBudgetUsd` ⇒ the intelligence-class spend ceiling carried through for
+ *    the billing clamp (passed verbatim; `0` refuses every intelligence spawn).
+ */
+interface EffortOverridesCompiled {
+    /** Construct + pass a `ScopeAnalyst`? `false` ⇒ omit it (degrade to the base agent). */
+    withAnalyst: boolean;
+    /** `ShapeBudget.fanout` width to pass to `runPersonified`. */
+    fanout: number;
+    /** Run the multi-step improvement cycle, or no-op it for this run? */
+    withLoops: boolean;
+    /** Intelligence-class spend ceiling. `0` refuses every intelligence spawn; `null` uncapped. */
+    intelligenceBudgetUsd: number | null;
+}
+/**
+ * Compile resolved `EffortSettings` into the orchestration overrides above. Pure: same
+ * input → same object, no I/O, no execution, no construction. It is the single place that
+ * maps the effort axes onto the run-config knobs, so no `if (effort)` leaks into the
+ * supervise kernel — the kernel stays effort-blind, the caller reads these flags once.
+ *
+ * `off`/`eco` (`analysts: false`) compile to `withAnalyst: false` ⇒ the caller omits the
+ * analyst and the run degrades to the dormant base agent rather than throwing. `fanout: 1`
+ * (no breadth) at `off`; `withLoops: false` no-ops the improvement cycle. `standard`+
+ * compile to `withAnalyst: true`, the tier's `fanout`, and `withLoops: true`.
+ */
+declare function compileEffort(settings: EffortSettings): EffortOverridesCompiled;
 
 /**
  * @experimental
@@ -174,6 +220,10 @@ interface PullCertifiedOptions {
     baseUrl?: string;
     /** fetch impl (tests / non-global-fetch runtimes). Defaults to global fetch. */
     fetchImpl?: typeof fetch;
+    /** Abort the pull after this many ms so a hung plane never blocks the caller.
+     *  Default 10000. The timeout surfaces as a normal fail-closed `succeeded:
+     *  false` (the agent runs on its base surface). */
+    timeoutMs?: number;
 }
 /**
  * Pull the certified composed profile for a target. Fail-closed: a network
@@ -183,10 +233,11 @@ interface PullCertifiedOptions {
  */
 declare function pullCertified(opts: PullCertifiedOptions): Promise<PullOutcome>;
 /**
- * Fold the certified prompt surface (and any certified `prompt-surface` /
- * `skill` artifacts) into a base system prompt under a marked section, so the
- * deployed agent prompt == base + the gate-certified additions. Order is stable
- * (prompt surface first, then artifacts by type then path) so the same profile
+ * Fold the certified prompt surface (and any certified prompt-folding artifacts:
+ * `prompt-surface` / `skill` / `instructions`) into a base system prompt under a
+ * marked section, so the deployed agent prompt == base + the gate-certified
+ * additions. Order is stable (prompt surface first, then artifact buckets in
+ * `promptFoldTypes` order, then by path within a bucket) so the same profile
  * renders byte-identically each call. Returns `base` unchanged when there is no
  * usable certified content.
  */
@@ -211,6 +262,8 @@ interface DeliveryConfig extends IntelligenceConfig {
     baseUrl?: string;
     /** Min interval between certified-profile pulls. Default 5m. */
     refreshMs?: number;
+    /** Per-pull timeout in ms (fail-closed on a hung plane). Default 10000. */
+    timeoutMs?: number;
     /** fetch impl for the pull (tests). Defaults to global fetch. */
     fetchImpl?: typeof fetch;
 }
@@ -226,6 +279,405 @@ declare function withCertifiedDelivery<I, O>(agent: DeliveredAgent<I, O>, config
     refresh(): Promise<void>;
 };
 
+/**
+ * @experimental
+ *
+ * The Capability-Delivery Manifest — the unified, future-proof structure for
+ * delivering ONE certified unit of agent power = `{ interface, binding }`.
+ *
+ * The law that makes it future-proof: **interfaces are closed; bindings are
+ * open.** The interface is the only thing the agent and the certify lane ever
+ * reason about (a tool / an MCP toolset / a prompt-context / a retrieval surface
+ * / a hook / a subagent). The binding is a tagged union over runtime kinds that
+ * the resolver collapses (inline / file / http / sandbox-code / mcp-stdio /
+ * mcp-remote / process-on-infra / rag-index / memory-store / wasm / a2a). A new
+ * runtime kind = one new binding arm + one resolver case; nothing else moves.
+ *
+ * This module owns the manifest TYPES and the lowering of TODAY's wire
+ * (`CertifiedProfile`) into a `CapabilityManifest`. The resolver — the single
+ * place that knows binding kinds and produces a uniform `ResolvedSurface` — lives
+ * in `./resolver`. The shipped prompt-only path (`composeCertifiedPrompt` in
+ * `./delivery`) is preserved verbatim: a prompt is a `Capability{ surface:
+ * 'context', binding:{ kind:'inline' } }`, so the existing
+ * `pullCertified → composeCertifiedPrompt → fail-closed` lane is a strict subset.
+ *
+ * Layering: this depends DOWN on `@tangle-network/sandbox` (the SDK
+ * `AgentProfileMcpServer` shape the mcp binding lowers to) and on the runtime's
+ * own `ToolSpec`. It never imports agent-eval and never reaches upward.
+ */
+
+/** A JSON Schema object describing a tool's parameters. Kept structural — the
+ *  resolver forwards it verbatim into a `ToolSpec` / MCP `tools/list` check. */
+type JsonSchema = Record<string, unknown>;
+/**
+ * What the agent consumes. CLOSED — a new runtime kind NEVER extends this. Each
+ * arm maps slot-for-slot onto `AgentProfile` + the host `RouterToolsSeam`.
+ */
+type CapabilityInterface = {
+    surface: 'tool';
+    name: string;
+    description?: string;
+    parameters: JsonSchema;
+    returns?: JsonSchema;
+} | {
+    surface: 'mcp';
+    serverName: string;
+    toolset?: string[];
+} | {
+    surface: 'context';
+    kind: 'prompt-surface' | 'skill' | 'instructions';
+    name: string;
+} | {
+    surface: 'retrieval';
+    name: string;
+    description?: string;
+    topK?: number;
+} | {
+    surface: 'hook';
+    event: string;
+    matcher?: string;
+} | {
+    surface: 'subagent';
+    name: string;
+    description?: string;
+};
+/** Every interface surface tag — the closed set the resolver fans into slots. */
+type CapabilitySurface = CapabilityInterface['surface'];
+/**
+ * Where a capability's bytes live. A leaked manifest carries no live secret and
+ * no inlined blob: `github`/`blob` are pointers resolved at provision time.
+ */
+type ContentRef = {
+    kind: 'inline';
+    content: string;
+} | {
+    kind: 'github';
+    repository?: string;
+    path: string;
+    ref?: string;
+} | {
+    kind: 'blob';
+    uri: string;
+    sha256: string;
+    bytes?: number;
+};
+/** A named secret a binding requires — declared, never carried. */
+interface CredentialRef {
+    key: string;
+}
+/**
+ * How a binding authenticates at resolve time. Declared as a REQUIREMENT in the
+ * manifest; the live secret is resolved per-tenant by the resolver context,
+ * never inlined here.
+ */
+type CapabilityAuth = {
+    mode: 'none';
+} | {
+    mode: 'tangle-key';
+} | {
+    mode: 'hub-connection';
+    providerId: string;
+    scopes?: string[];
+} | {
+    mode: 'secret-ref';
+    key: string;
+};
+/**
+ * The host a `process-on-infra` binding provisions before its inner binding.
+ * Reuses `createExecutor`'s backend-as-data vocabulary — no new runtime invented.
+ * `image` is the sandbox image tag; `warm`/`idleTtlMs`/`costTag` meter standing
+ * cost; `ports` are the inner server's listen ports the host must expose.
+ */
+interface HostSpec {
+    backend: 'sandbox' | 'router' | 'cli';
+    image?: string;
+    ports?: number[];
+    warm?: boolean;
+    idleTtlMs?: number;
+    costTag?: string;
+}
+/**
+ * How a capability is backed. OPEN tagged union — THE extension point. All arms
+ * are typed even when the resolver does not yet admit them; an un-admitted arm
+ * throws {@link CapabilityNotAdmittedError} at resolve, never silently no-ops.
+ */
+type DeliveryBinding = {
+    kind: 'inline';
+    content: ContentRef;
+} | {
+    kind: 'file';
+    path: string;
+    content: ContentRef;
+    executable?: boolean;
+} | {
+    kind: 'http';
+    url: string;
+    method?: string;
+    auth?: CapabilityAuth;
+} | {
+    kind: 'sandbox-code';
+    entry: string;
+    code: ContentRef;
+    runtime?: string;
+    harness?: string;
+} | {
+    kind: 'mcp-stdio';
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    cwd?: string;
+} | {
+    kind: 'mcp-remote';
+    url: string;
+    transport: 'http' | 'sse';
+    headers?: Record<string, string>;
+} | {
+    kind: 'process-on-infra';
+    host: HostSpec;
+    inner: DeliveryBinding;
+} | {
+    kind: 'rag-index';
+    index: ContentRef;
+    embedModel: string;
+    topK?: number;
+} | {
+    kind: 'memory-store';
+    provision: 'sqlite' | 'neo4j' | 'vector';
+    seed?: ContentRef;
+} | {
+    kind: 'wasm';
+    module: ContentRef;
+    exports: string[];
+} | {
+    kind: 'a2a';
+    endpoint: string;
+    card: ContentRef;
+    auth?: CapabilityAuth;
+};
+/** Every binding kind — the open set the resolver dispatches over. */
+type DeliveryBindingKind = DeliveryBinding['kind'];
+/**
+ * The certify lane's held-out lift travelling WITH delivery. The shipped
+ * `CertifiedArtifact` envelope minus its content (which moves into the binding
+ * arm): `version`/`contentHash`/`lift` are stamped by the promote step, never
+ * the author.
+ *
+ * `sourcePath` is the artifact's ORIGINAL path (including `null`). It is the
+ * byte-stable fold sort key — the resolver folds context artifacts in
+ * `composeCertifiedPrompt` order, which sorts by `path ?? ''`, so a `null` path
+ * is load-bearing and MUST round-trip exactly. It is distinct from a context
+ * `iface.name` (display only): collapsing the two flips the fold order for a
+ * mix of null-path and non-null-path artifacts.
+ */
+interface CertProvenance {
+    contentHash: string;
+    version: number | null;
+    lift: string | null;
+    promotedAt: string;
+    sourcePath: string | null;
+}
+/** One certified unit of agent power. */
+interface CertifiedCapability {
+    id: string;
+    iface: CapabilityInterface;
+    binding: DeliveryBinding;
+    auth: CapabilityAuth;
+    provenance: CertProvenance;
+}
+/**
+ * The strict generalization of `CertifiedProfile`. `promptSurface` is kept
+ * during the migration window (the shipped pull lane still emits it); new
+ * capabilities live in `capabilities`.
+ */
+interface CapabilityManifest {
+    target: string;
+    generatedAt: string;
+    promptSurface: CertifiedPromptSurface | null;
+    capabilities: CertifiedCapability[];
+}
+/** One retrieval handle. The agent never learns vector vs graph vs index. */
+interface ResolvedRetrieval {
+    name: string;
+    retrieve(query: string, k?: number): Promise<Array<{
+        text: string;
+        score?: number;
+    }>>;
+}
+/** One resolved hook — event + the command/matcher the seam folds into
+ *  `AgentProfile.hooks`. */
+interface ResolvedHook {
+    event: string;
+    command: string;
+    matcher?: string;
+}
+/** One resolved subagent — folded into `AgentProfile.subagents`. */
+interface ResolvedSubagent {
+    name: string;
+    description?: string;
+    prompt?: string;
+}
+/**
+ * What `composeCertifiedProfile` produces. Every binding fans into the same
+ * slots, consumed identically by the in-process seam (`RouterToolsSeam.{tools,
+ * executeToolCall}` + folded prompt) and the sandbox seam (`AgentProfile`).
+ * `dispose()` tears provisioned hosts down in REVERSE dependency order.
+ */
+interface ResolvedSurface {
+    /** Host-side tool defs → `RouterToolsSeam.tools` / agent-app `extraTools`. */
+    tools: ToolSpec[];
+    /** Host-side dispatch for a resolved tool. Throws when `name` is unknown so a
+     *  mis-dispatch is loud, never a silent empty string. */
+    execute(name: string, args: Record<string, unknown>, task: unknown): Promise<string>;
+    /** Sandbox-side tool delivery → `AgentProfile.mcp` / in-proc `createMcpEnvironment`. */
+    mcpConnections: Record<string, AgentProfileMcpServer>;
+    /** Prompt-context additions, byte-stable-ordered → folded system prompt. */
+    promptAdditions: string[];
+    /** Workspace files → `AgentProfile.resources.files`. */
+    files: Array<{
+        path: string;
+        content: string;
+        executable?: boolean;
+    }>;
+    /** Uniform retrieval handles. */
+    retrieval: ResolvedRetrieval[];
+    /** Hooks → `AgentProfile.hooks`. */
+    hooks: ResolvedHook[];
+    /** Subagents → `AgentProfile.subagents`. */
+    subagents: ResolvedSubagent[];
+    /** The folded system prompt — base + the byte-stable prompt additions, exactly
+     *  as `composeCertifiedPrompt` renders the inline/context capabilities. */
+    systemPrompt: string;
+    /** Tear down provisioned hosts (reverse dependency order). */
+    dispose(): Promise<void>;
+}
+/**
+ * A binding kind whose resolver case is typed but not yet admitted (rag-index,
+ * memory-store, wasm, a2a). Thrown by the resolver — NEVER faked into a working
+ * surface. The TYPE arms exist so the union is closed against the spec; the
+ * resolver grows them later behind their lifecycle + admission gate.
+ */
+declare class CapabilityNotAdmittedError extends Error {
+    readonly kind: DeliveryBindingKind;
+    readonly capabilityId: string;
+    constructor(kind: DeliveryBindingKind, capabilityId: string, reason: string);
+}
+/**
+ * Lower the EXISTING plane wire (`CertifiedProfile`) into a `CapabilityManifest`.
+ * `prompt-surface`/`skill` artifacts → `context`/inline capabilities (the
+ * shipped fold, generalized); any other artifact type → best-effort binding
+ * inference (see {@link inferCapability}). `promptSurface` is carried through so
+ * the resolver folds it first, exactly as `composeCertifiedPrompt` does today.
+ * This delivers the spine against today's wire before the plane changes.
+ */
+declare function manifestFromProfile(profile: CertifiedProfile): CapabilityManifest;
+
+/**
+ * @experimental
+ *
+ * The capability resolver — the ONLY place that knows binding kinds. It lowers a
+ * `CapabilityManifest` into a uniform `ResolvedSurface` consumed identically by
+ * the in-process seam (`RouterToolsSeam.{tools, executeToolCall}` + a folded
+ * prompt) and the sandbox seam (`AgentProfile`).
+ *
+ * The spine (zero new infra) resolves inline/file, mcp-stdio/mcp-remote, and
+ * http tools for BOTH seams, reusing shipped primitives:
+ *   - inline/context → `composeCertifiedPrompt` (delivery.ts) — byte-stable order;
+ *   - http           → a `ToolSpec` + a host-side fetch `execute`;
+ *   - mcp-stdio/remote → an `AgentProfileMcpServer` (the strict union widens to
+ *     the SDK's flat shape — an always-valid lowering).
+ *
+ * The ladder rungs that need infra are INJECTED capabilities of the resolve
+ * context (`runSandboxCode`, `provisionHost`), so the substrate-free caller wires
+ * only what it can host — a binding that needs an absent provider throws loudly,
+ * it is NEVER faked into a working surface. The not-yet-admitted arms (rag-index,
+ * memory-store, wasm, a2a) throw {@link CapabilityNotAdmittedError}.
+ *
+ * Fail-closed by construction (mirroring `pullCertified`): a `null` manifest
+ * returns the base surface only; a per-capability resolve failure DROPS that
+ * capability (never a half-wired tool); a post-resolve drift check drops any tool
+ * whose live names diverge from the certified interface.
+ */
+
+/** A live, provisioned host the resolver tore up for a `process-on-infra` arm.
+ *  `teardown()` runs at `dispose()` in reverse provisioning order. */
+interface ProvisionedHost {
+    /** Lower the inner binding's mcp connection now that the host is up; the URL/
+     *  command points at the host. Absent when the host serves a non-mcp inner. */
+    mcpConnection?: AgentProfileMcpServer;
+    teardown(): Promise<void>;
+}
+/**
+ * Per-call, per-tenant context the resolver reads. Everything that touches the
+ * network, a secret, or an infra provisioner is INJECTED so the manifest carries
+ * no live secret and the substrate-free caller wires only what it can host.
+ */
+interface ResolveCtx {
+    /** Stable tenant id — namespaces billing + teardown (`tenant#target`). */
+    tenant?: string;
+    /** fetch impl for http tools. Defaults to global fetch; absent ⇒ http tools fail loud. */
+    fetchImpl?: typeof fetch;
+    /**
+     * Resolve a declared credential to a live secret for THIS tenant. Returns a
+     * typed outcome — inspect `succeeded` before `value`. Absent ⇒ a binding that
+     * declares non-`none` auth fails loud (never a request with no credential).
+     */
+    resolveSecret?: (auth: CapabilityAuth, tenant: string | undefined) => Promise<{
+        succeeded: true;
+        value: string;
+    } | {
+        succeeded: false;
+        error: string;
+    }>;
+    /**
+     * Run a `sandbox-code` body per call. Injected by the host that owns a sandbox
+     * client (the spine does not import the sandbox executor). Absent ⇒
+     * `sandbox-code` bindings fail loud.
+     */
+    runSandboxCode?: (code: ContentRef, entry: string, args: Record<string, unknown>, task: unknown) => Promise<string>;
+    /**
+     * Provision a host for a `process-on-infra` binding, then serve the inner
+     * binding inside it. Injected by the host that owns `createExecutor`. Absent ⇒
+     * `process-on-infra` bindings fail loud. The provider resolves the inner
+     * binding INSIDE the host and returns the connection + a teardown.
+     */
+    provisionHost?: (host: HostSpec, inner: DeliveryBinding, costTag: string) => Promise<ProvisionedHost>;
+    /**
+     * Drift probe: return the LIVE tool names a resolved surface exposes for a
+     * given capability id (a `tools/list` over an mcp connection, the agent's
+     * actual registered tool names for a host tool). When present, the post-resolve
+     * drift check drops any tool/mcp whose live names diverge from the certified
+     * interface — the only callable surfaces are gate-blessed ones. Absent ⇒ the
+     * check enforces only the host-side executor↔spec parity (no live probe).
+     */
+    probeLiveToolNames?: (capabilityId: string) => Promise<string[]>;
+    /**
+     * Observe a DROPPED capability — a per-capability resolve failure that is
+     * fail-closed (the capability is omitted, never half-wired). The drop is the
+     * contract; this surfaces the diagnostic so it is never silently erased. NOT
+     * called for {@link CapabilityNotAdmittedError} (that rethrows — a manifest
+     * carrying an un-admitted binding kind is a hard error, not a soft drop).
+     */
+    onDrop?: (capabilityId: string, error: Error) => void;
+}
+/**
+ * Compose a certified profile into a uniform `ResolvedSurface`. Additive over
+ * `composeCertifiedPrompt`: the inline/context fold is delegated to
+ * `composeCertifiedPrompt` so the byte-stable ordering (prompt surface first,
+ * then type alphabetic, then path locale-compare) is reused EXACTLY — the
+ * prompt-only path is a strict subset of this.
+ *
+ * Fail-closed: a `null` manifest returns the base surface only.
+ */
+declare function composeCertifiedProfile(base: {
+    systemPrompt: string;
+}, manifest: CapabilityManifest | null, ctx?: ResolveCtx): Promise<ResolvedSurface>;
+/** Lower a plane `CertifiedProfile` straight into a `ResolvedSurface` via
+ *  `manifestFromProfile` — the convenience the shipped pull lane calls when it
+ *  already holds a `CertifiedProfile` (today's wire) rather than a manifest. */
+declare function composeCertifiedProfileFromWire(base: {
+    systemPrompt: string;
+}, profile: CertifiedProfile | null, ctx?: ResolveCtx): Promise<ResolvedSurface>;
+
 /**
  * @experimental
  *
@@ -343,6 +795,14 @@ interface TraceHandle {
         usage?: Partial<UsageSplit>;
     }): void;
 }
+/** Metadata for {@link IntelligenceClient.recordTrace}. */
+interface RecordTraceMeta {
+    /** 32-hex trace id to anchor every span to. Defaults to a fresh id. */
+    traceId?: string;
+    /** Span id of an enclosing span the loop root should parent under (e.g. a
+     *  `traceRun` span). Omitted ⇒ the loop root is the trace root. */
+    rootParentSpanId?: string;
+}
 /** The resolved outcome of one traced run, surfaced on the export span and
  *  available to the caller for downstream billing assertions. */
 interface TraceOutcome {
@@ -370,6 +830,16 @@ interface IntelligenceClient {
      * `fn` propagates to the caller (the agent's own failures are not masked).
      */
     traceRun<T>(meta: TraceMeta, fn: (trace: TraceHandle) => Promise<T>): Promise<T>;
+    /**
+     * Export a run's full loop topology — the ordered `LoopTraceEvent` stream a
+     * `runLoop`/`Supervisor` run emits — as a nested OTLP span tree (loop → round →
+     * iteration) into ONE trace. Reuses the shipped `buildLoopOtelSpans` builder
+     * (NO second span builder), so the topology a viewer renders matches the
+     * kernel's. `traceId` defaults to a fresh id; `rootParentSpanId` parents the
+     * loop root under an enclosing span (e.g. a `traceRun` span) when given.
+     * Best-effort: export failures are swallowed. Returns the resolved `traceId`.
+     */
+    recordTrace(events: ReadonlyArray<LoopTraceEvent>, meta?: RecordTraceMeta): string;
     /**
      * Network-free readiness report: which adoption modes are reachable given
      * this config. Observe is always reachable; Recommend needs outcomes; PR
@@ -420,4 +890,4 @@ type ClientOrConfig = IntelligenceClient | IntelligenceConfig;
  */
 declare function withTangleIntelligence<TInput, TOutput>(agent: Agent<TInput, TOutput>, clientOrConfig: ClientOrConfig): Agent<TInput, TOutput>;
 
-export { type Agent, type AppliedIntelligence, type CertifiedArtifact, type CertifiedProfile, type CertifiedPromptSurface, type ClientOrConfig, type CorpusAccess, type DeliveredAgent, type DeliveryConfig, type DoctorReport, type EffortOverrides, type EffortSettings, type EffortTier, type IntelligenceClient, type IntelligenceConfig, type ModeReadiness, type PullCertifiedOptions, type PullOutcome, type Redactor, type RepoConfig, type TraceHandle, type TraceMeta, type TraceOutcome, type UsageClass, type UsageSplit, composeCertifiedPrompt, createIntelligenceClient, defaultEffortTier, defaultRedactor, isIntelligenceOff, pullCertified, resolveEffort, resolveRedactor, withCertifiedDelivery, withTangleIntelligence };
+export { type Agent, type AppliedIntelligence, type CapabilityAuth, type CapabilityInterface, type CapabilityManifest, CapabilityNotAdmittedError, type CapabilitySurface, type CertProvenance, type CertifiedArtifact, type CertifiedCapability, type CertifiedProfile, type CertifiedPromptSurface, type ClientOrConfig, type ContentRef, type CorpusAccess, type CredentialRef, type DeliveredAgent, type DeliveryBinding, type DeliveryBindingKind, type DeliveryConfig, type DoctorReport, type EffortOverrides, type EffortOverridesCompiled, type EffortSettings, type EffortTier, type HostSpec, type IntelligenceClient, type IntelligenceConfig, type JsonSchema, type ModeReadiness, type ProvisionedHost, type PullCertifiedOptions, type PullOutcome, type RecordTraceMeta, type Redactor, type RepoConfig, type ResolveCtx, type ResolvedHook, type ResolvedRetrieval, type ResolvedSubagent, type ResolvedSurface, type TraceHandle, type TraceMeta, type TraceOutcome, type UsageClass, type UsageSplit, compileEffort, composeCertifiedProfile, composeCertifiedProfileFromWire, composeCertifiedPrompt, createIntelligenceClient, defaultEffortTier, defaultRedactor, isIntelligenceOff, manifestFromProfile, pullCertified, resolveEffort, resolveRedactor, withCertifiedDelivery, withTangleIntelligence };