@voidly/agent-sdk 3.2.2 → 3.2.4

package/README.md

@@ -208,9 +208,18 @@ Flags: `PQ | RATCHET | PAD | SEAL | DH_RATCHET | DENIABLE`
 
 **Identity format**: `did:voidly:{base58-of-ed25519-pubkey-first-16-bytes}`
 
+### OpenClaw
+
+Available as an [OpenClaw skill on ClawHub](https://clawhub.ai/s/voidly-agent-relay):
+
+```bash
+clawhub install voidly-agent-relay
+```
+
 ## Links
 
 - [Agent Relay Landing Page](https://voidly.ai/agents)
+- [OpenClaw Skill (ClawHub)](https://clawhub.ai/s/voidly-agent-relay)
 - [MCP Server (83 tools)](https://www.npmjs.com/package/@voidly/mcp-server)
 - [API Documentation](https://voidly.ai/api-docs)
 - [Protocol Spec](https://voidly.ai/agent-relay-protocol.md)

package/dist/index.js

@@ -1,4 +1,3 @@
-import { createRequire as __createRequire } from 'module'; const require = __createRequire(import.meta.url);
 "use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;

package/package.json

@@ -1,10 +1,17 @@
 {
   "name": "@voidly/agent-sdk",
-  "version": "3.2.2",
+  "version": "3.2.4",
   "description": "E2E encrypted agent-to-agent communication SDK — Double Ratchet, X3DH, deniable auth, ML-KEM-768 post-quantum, SSE streaming, ratchet persistence, multi-relay federation",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
   "files": [
     "dist"
   ],

package/dist/index.d.mts

@@ -1,1254 +0,0 @@
-import nacl from 'tweetnacl';
-export { default as nacl } from 'tweetnacl';
-export { decodeBase64, decodeUTF8, encodeBase64, encodeUTF8 } from 'tweetnacl-util';
-
-/**
- * @voidly/agent-sdk — True E2E Encrypted Agent Communication
- *
- * All encryption and decryption happens CLIENT-SIDE.
- * The Voidly relay server NEVER sees private keys or plaintext.
- *
- * Crypto: X25519 + ML-KEM-768 hybrid key exchange, XSalsa20-Poly1305, Ed25519 signatures
- * Identity: did:voidly:{base58-encoded-ed25519-pubkey}
- */
-
-interface AgentIdentity {
-    did: string;
-    apiKey: string;
-    signingKeyPair: nacl.SignKeyPair;
-    encryptionKeyPair: nacl.BoxKeyPair;
-    /** ML-KEM-768 post-quantum keypair (optional — enables hybrid PQ encryption) */
-    mlkemPublicKey?: Uint8Array;
-    mlkemSecretKey?: Uint8Array;
-}
-interface AgentProfile {
-    did: string;
-    name: string | null;
-    signing_public_key: string;
-    encryption_public_key: string;
-    /** ML-KEM-768 public key (base64, 1184 bytes) — present if agent supports PQ */
-    mlkem_public_key?: string;
-    /** X3DH signed prekey bundle — enables async key agreement with offline agents */
-    signed_prekey?: {
-        public_key: string;
-        signature: string;
-        id: number;
-    };
-    capabilities: string[];
-    message_count: number;
-}
-interface DecryptedMessage {
-    id: string;
-    from: string;
-    to: string;
-    content: string;
-    contentType: string;
-    messageType: string;
-    threadId: string | null;
-    replyTo: string | null;
-    signatureValid: boolean;
-    timestamp: string;
-    expiresAt: string;
-}
-interface SendResult {
-    id: string;
-    from: string;
-    to: string;
-    timestamp: string;
-    expiresAt: string;
-    encrypted: boolean;
-    clientSide: boolean;
-}
-interface VoidlyAgentConfig {
-    baseUrl?: string;
-    /** Enable transparent TOFU — auto-pin keys on first contact (default: true) */
-    autoPin?: boolean;
-    /** Default retry attempts for send() (default: 3) */
-    retries?: number;
-    /** Fallback relays — if primary fails, try these in order */
-    fallbackRelays?: string[];
-    /** Enable message padding to resist traffic analysis (default: true) */
-    padding?: boolean;
-    /** Enable sealed sender — hide sender DID from relay metadata (default: false) */
-    sealedSender?: boolean;
-    /** Reject messages with invalid signatures (default: false — returns signatureValid: false) */
-    requireSignatures?: boolean;
-    /** Request timeout in milliseconds (default: 30000) */
-    timeout?: number;
-    /** Enable post-quantum hybrid encryption — ML-KEM-768 + X25519 (default: true) */
-    postQuantum?: boolean;
-    /** Enable deniable messaging — HMAC authentication instead of Ed25519 signatures (default: false) */
-    deniable?: boolean;
-    /** Enable Double Ratchet with DH ratchet for post-compromise recovery (default: true) */
-    doubleRatchet?: boolean;
-    /** Random delay range in ms before sending (metadata timing protection, default: 0 = disabled) */
-    jitterMs?: number;
-    /** Use long-poll for listen() instead of short-interval polling (default: true) */
-    longPoll?: boolean;
-    /** Auto-persist ratchet state after every send/receive (default: 'memory' = no persistence) */
-    persist?: 'memory' | 'localStorage' | 'indexedDB' | 'file' | 'relay' | 'custom';
-    /** Custom persistence: called after each ratchet step with encrypted blob */
-    onPersist?: (encryptedState: string) => void | Promise<void>;
-    /** Custom persistence: called on startup to load encrypted blob */
-    onLoad?: () => string | null | Promise<string | null>;
-    /** File path for persist: 'file' (Node.js environments only) */
-    persistPath?: string;
-    /** Transport preference for listen() — tries in order, falls back automatically
-     * Default: ['sse', 'long-poll']. Options: 'websocket' | 'sse' | 'long-poll' */
-    transport?: ('websocket' | 'sse' | 'long-poll')[];
-}
-interface ListenOptions {
-    /** Milliseconds between polls (default: 2000, min: 500) */
-    interval?: number;
-    /** Only receive messages from this DID */
-    from?: string;
-    /** Only receive messages in this thread */
-    threadId?: string;
-    /** Only receive this message type */
-    messageType?: string;
-    /** Only receive unread messages (default: true) */
-    unreadOnly?: boolean;
-    /** Auto-mark messages as read after callback (default: true) */
-    autoMarkRead?: boolean;
-    /** Adaptive polling — reduce frequency when idle, speed up when active (default: true) */
-    adaptive?: boolean;
-    /** Send heartbeat pings while listening (default: true) */
-    heartbeat?: boolean;
-    /** Heartbeat interval in milliseconds (default: 60000 = 1 min) */
-    heartbeatInterval?: number;
-    /** AbortSignal for cancellation */
-    signal?: AbortSignal;
-}
-interface ListenHandle {
-    /** Stop listening */
-    stop: () => void;
-    /** Whether the listener is active */
-    readonly active: boolean;
-}
-interface RetryOptions {
-    /** Max retries (default: 3) */
-    maxRetries?: number;
-    /** Initial delay ms (default: 500) */
-    baseDelay?: number;
-    /** Max delay ms (default: 10000) */
-    maxDelay?: number;
-}
-interface ConversationMessage {
-    id: string;
-    from: string;
-    content: string;
-    timestamp: string;
-    signatureValid: boolean;
-    messageType: string;
-}
-type MessageHandler = (message: DecryptedMessage) => void | Promise<void>;
-type ErrorHandler = (error: Error) => void;
-/**
- * A Voidly Agent with client-side encryption.
- * Private keys NEVER leave this process.
- *
- * @example
- * ```ts
- * import { VoidlyAgent } from '@voidly/agent-sdk';
- *
- * // Register a new agent
- * const agent = await VoidlyAgent.register({ name: 'my-agent' });
- * console.log(agent.did); // did:voidly:...
- *
- * // Send an encrypted message
- * await agent.send('did:voidly:recipient', 'Hello, securely!');
- *
- * // Receive and decrypt messages
- * const messages = await agent.receive();
- * ```
- */
-declare class VoidlyAgent {
-    readonly did: string;
-    readonly apiKey: string;
-    private signingKeyPair;
-    private encryptionKeyPair;
-    private baseUrl;
-    private autoPin;
-    private defaultRetries;
-    private fallbackRelays;
-    private paddingEnabled;
-    private sealedSender;
-    private requireSignatures;
-    private timeout;
-    private postQuantum;
-    private deniable;
-    private doubleRatchet;
-    private jitterMs;
-    private longPoll;
-    private mlkemPublicKey;
-    private mlkemSecretKey;
-    private _signedPrekey;
-    private _signedPrekeyId;
-    private _pinnedDids;
-    private _listeners;
-    private _conversations;
-    private _offlineQueue;
-    private _ratchetStates;
-    private _identityCache;
-    private _seenMessageIds;
-    private _decryptFailCount;
-    private _rpcHandlers;
-    private _rpcPending;
-    private _coverTrafficTimer;
-    private _rpcListener;
-    private _persistMode;
-    private _onPersist?;
-    private _onLoad?;
-    private _persistPath?;
-    private _persistKey;
-    private _transportPrefs;
-    private constructor();
-    /**
-     * Register a new agent on the Voidly relay.
-     * Keys are generated locally — the server only receives public keys.
-     */
-    static register(options?: {
-        name?: string;
-        capabilities?: string[];
-    }, config?: VoidlyAgentConfig): Promise<VoidlyAgent>;
-    /**
-     * Restore an agent from saved credentials.
-     * Use this to resume an agent across sessions.
-     */
-    static fromCredentials(creds: {
-        did: string;
-        apiKey: string;
-        signingSecretKey: string;
-        encryptionSecretKey: string;
-        ratchetStates?: Record<string, {
-            sendChainKey: string;
-            sendStep: number;
-            recvChainKey: string;
-            recvStep: number;
-            rootKey?: string;
-            dhSendSecretKey?: string;
-            dhSendPublicKey?: string;
-            dhRecvPubKey?: string;
-            prevSendStep?: number;
-        }>;
-        mlkemPublicKey?: string;
-        mlkemSecretKey?: string;
-        signedPrekeySecret?: string;
-        signedPrekeyPublic?: string;
-        signedPrekeyId?: number;
-    }, config?: VoidlyAgentConfig): VoidlyAgent;
-    /**
-     * Export credentials for persistence.
-     * Store these securely — they contain private keys.
-     */
-    exportCredentials(): {
-        did: string;
-        apiKey: string;
-        signingSecretKey: string;
-        encryptionSecretKey: string;
-        signingPublicKey: string;
-        encryptionPublicKey: string;
-        ratchetStates?: Record<string, {
-            sendChainKey: string;
-            sendStep: number;
-            recvChainKey: string;
-            recvStep: number;
-            rootKey?: string;
-            dhSendSecretKey?: string;
-            dhSendPublicKey?: string;
-            dhRecvPubKey?: string;
-            prevSendStep?: number;
-        }>;
-        mlkemPublicKey?: string;
-        mlkemSecretKey?: string;
-        signedPrekeySecret?: string;
-        signedPrekeyPublic?: string;
-        signedPrekeyId?: number;
-    };
-    /** Derive persistence encryption key from signing secret */
-    private _derivePersistKey;
-    /** Auto-persist ratchet state (called after every ratchet mutation) */
-    private _persistRatchetState;
-    /** Load persisted ratchet state and restore into memory */
-    private _loadPersistedRatchetState;
-    /** IndexedDB put helper (browser only) */
-    private _idbPut;
-    /** IndexedDB get helper (browser only) */
-    private _idbGet;
-    /**
-     * Force-persist current ratchet state.
-     * Useful to call before process exit to ensure state is saved.
-     */
-    flushRatchetState(): Promise<void>;
-    /**
-     * Restore an agent from credentials with async persistence loading.
-     * Use this instead of `fromCredentials()` when using file/relay/custom persistence.
-     */
-    static fromCredentialsAsync(creds: Parameters<typeof VoidlyAgent.fromCredentials>[0], config?: VoidlyAgentConfig): Promise<VoidlyAgent>;
-    /**
-     * Get the number of messages that failed to decrypt.
-     * Useful for detecting key mismatches, attacks, or corruption.
-     */
-    get decryptFailCount(): number;
-    /**
-     * Generate a did:key identifier from this agent's Ed25519 signing key.
-     * did:key is a W3C standard — interoperable across systems.
-     * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
-     */
-    get didKey(): string;
-    /**
-     * Send an E2E encrypted message with hardened security.
-     * Encryption happens locally — the relay NEVER sees plaintext or private keys.
-     *
-     * Security features:
-     * - **Message padding** — ciphertext padded to power-of-2 boundary (traffic analysis resistance)
-     * - **Hash ratchet** — per-conversation forward secrecy (compromise key[n] can't derive key[n-1])
-     * - **Sealed sender** — optionally hide sender DID from relay metadata
-     * - **Auto-retry** with exponential backoff on transient failures
-     * - **Multi-relay fallback** — try backup relays if primary is down
-     * - **Offline queue** — queue messages if all relays fail
-     * - **Transparent TOFU** — auto-pin recipient keys on first contact
-     */
-    send(recipientDid: string, message: string, options?: {
-        contentType?: string;
-        threadId?: string;
-        replyTo?: string;
-        ttl?: number;
-        messageType?: string;
-        /** Override default retry count (0 = no retry) */
-        retries?: number;
-        /** Skip auto key pinning for this message */
-        skipPin?: boolean;
-        /** Force sealed sender for this message */
-        sealedSender?: boolean;
-        /** Disable padding for this message */
-        noPadding?: boolean;
-    }): Promise<SendResult>;
-    /**
-     * Receive and decrypt messages. Decryption happens locally.
-     * The relay server returns raw ciphertext — never touches private keys.
-     */
-    receive(options?: {
-        since?: string;
-        limit?: number;
-        from?: string;
-        threadId?: string;
-        contentType?: string;
-        messageType?: string;
-        unreadOnly?: boolean;
-    }): Promise<DecryptedMessage[]>;
-    /** Decrypt raw message objects (shared by receive(), SSE, WebSocket transports) */
-    private _decryptMessages;
-    /**
-     * Delete a message by ID (must be sender or recipient).
-     */
-    deleteMessage(messageId: string): Promise<boolean>;
-    /**
-     * Get this agent's own profile.
-     */
-    getProfile(): Promise<AgentProfile>;
-    /**
-     * Update this agent's profile (name, capabilities, metadata).
-     */
-    updateProfile(updates: {
-        name?: string;
-        capabilities?: string[];
-        metadata?: Record<string, unknown>;
-    }): Promise<void>;
-    /**
-     * Look up an agent's public profile and keys.
-     */
-    getIdentity(did: string): Promise<AgentProfile | null>;
-    /**
-     * Search for agents by name or capability.
-     */
-    discover(options?: {
-        query?: string;
-        capability?: string;
-        limit?: number;
-    }): Promise<AgentProfile[]>;
-    /**
-     * Get relay network statistics.
-     */
-    stats(): Promise<Record<string, unknown>>;
-    /**
-     * Register a webhook for real-time message delivery.
-     * Instead of polling receive(), messages are POSTed to your URL with HMAC signatures.
-     */
-    registerWebhook(webhookUrl: string, options?: {
-        events?: string[];
-    }): Promise<{
-        id: string;
-        secret: string;
-        webhook_url: string;
-    }>;
-    /**
-     * List registered webhooks.
-     */
-    listWebhooks(): Promise<Array<{
-        id: string;
-        webhook_url: string;
-        events: string[];
-        enabled: boolean;
-    }>>;
-    /**
-     * Delete a webhook.
-     */
-    deleteWebhook(webhookId: string): Promise<void>;
-    /**
-     * Verify a webhook payload signature (for use in your webhook handler).
-     * Returns true if the HMAC-SHA256 signature matches.
-     */
-    static verifyWebhookSignature(payload: string, signature: string, secret: string): Promise<boolean>;
-    /**
-     * Rotate this agent's keypairs. Old messages encrypted with old keys cannot be re-decrypted.
-     */
-    rotateKeys(): Promise<void>;
-    /**
-     * Create an encrypted channel. Messages are encrypted at rest with NaCl secretbox.
-     * Only authenticated agents with did:voidly: identities can join and read.
-     */
-    createChannel(options: {
-        name: string;
-        description?: string;
-        topic?: string;
-        private?: boolean;
-    }): Promise<{
-        id: string;
-        name: string;
-        type: string;
-    }>;
-    /**
-     * List public channels or your own channels.
-     */
-    listChannels(options?: {
-        topic?: string;
-        query?: string;
-        mine?: boolean;
-        limit?: number;
-    }): Promise<any[]>;
-    /**
-     * Join an encrypted channel.
-     */
-    joinChannel(channelId: string): Promise<{
-        joined: boolean;
-    }>;
-    /**
-     * Leave a channel.
-     */
-    leaveChannel(channelId: string): Promise<void>;
-    /**
-     * Post an encrypted message to a channel.
-     */
-    postToChannel(channelId: string, message: string, replyTo?: string): Promise<{
-        id: string;
-    }>;
-    /**
-     * Read decrypted messages from a channel.
-     */
-    readChannel(channelId: string, options?: {
-        since?: string;
-        before?: string;
-        limit?: number;
-    }): Promise<{
-        messages: any[];
-        count: number;
-    }>;
-    /**
-     * Deactivate this agent identity. Removes from channels, disables webhooks.
-     * This is a soft delete — messages expire per TTL. Re-register for a new identity.
-     */
-    deactivate(): Promise<void>;
-    /**
-     * Register a capability this agent can perform.
-     * Other agents can search for your capabilities and send tasks.
-     *
-     * @example
-     * ```ts
-     * await agent.registerCapability({
-     *   name: 'dns-analysis',
-     *   description: 'Analyze DNS for censorship evidence',
-     * });
-     * ```
-     */
-    registerCapability(options: {
-        name: string;
-        description?: string;
-        inputSchema?: Record<string, unknown>;
-        outputSchema?: Record<string, unknown>;
-        version?: string;
-    }): Promise<{
-        id: string;
-        name: string;
-    }>;
-    /**
-     * List this agent's registered capabilities.
-     */
-    listCapabilities(): Promise<any[]>;
-    /**
-     * Search all agents' capabilities. Public — no auth required.
-     *
-     * @example
-     * ```ts
-     * // Find agents that can analyze DNS
-     * const results = await agent.searchCapabilities({ query: 'dns' });
-     * console.log(results[0].agent.did); // did:voidly:...
-     * ```
-     */
-    searchCapabilities(options?: {
-        query?: string;
-        name?: string;
-        limit?: number;
-    }): Promise<any[]>;
-    /**
-     * Remove a capability.
-     */
-    deleteCapability(capabilityId: string): Promise<void>;
-    /**
-     * Create a task for another agent. The input is E2E encrypted using NaCl box.
-     *
-     * @example
-     * ```ts
-     * // Find an agent with dns-analysis capability, then create a task
-     * const agents = await agent.searchCapabilities({ name: 'dns-analysis' });
-     * const task = await agent.createTask({
-     *   to: agents[0].agent.did,
-     *   capability: 'dns-analysis',
-     *   input: { domain: 'twitter.com', country: 'IR' },
-     * });
-     * ```
-     */
-    createTask(options: {
-        to: string;
-        capability?: string;
-        input: Record<string, unknown>;
-        priority?: 'low' | 'normal' | 'high' | 'urgent';
-        expiresIn?: number;
-    }): Promise<{
-        id: string;
-        status: string;
-    }>;
-    /**
-     * List tasks assigned to this agent or created by this agent.
-     */
-    listTasks(options?: {
-        role?: 'assignee' | 'requester';
-        status?: string;
-        capability?: string;
-        limit?: number;
-    }): Promise<any[]>;
-    /**
-     * Get task detail. Includes encrypted input/output (only visible to participants).
-     */
-    getTask(taskId: string): Promise<any>;
-    /**
-     * Accept, complete, or cancel a task.
-     *
-     * @example
-     * ```ts
-     * // Accept a pending task
-     * await agent.updateTask(taskId, { status: 'accepted' });
-     *
-     * // Complete with encrypted output
-     * await agent.updateTask(taskId, {
-     *   status: 'completed',
-     *   output: { blocked: true, method: 'dns-poisoning' },
-     * });
-     * ```
-     */
-    updateTask(taskId: string, update: {
-        status?: 'accepted' | 'in_progress' | 'completed' | 'failed' | 'cancelled';
-        output?: Record<string, unknown>;
-        rating?: number;
-        ratingComment?: string;
-    }): Promise<{
-        updated: boolean;
-    }>;
-    /**
-     * Decrypt a task's encrypted input (when you're the assignee).
-     */
-    decryptTaskInput(task: {
-        encrypted_input: string;
-        input_nonce: string;
-        from: string;
-    }, senderPubKey: Uint8Array): Record<string, unknown> | null;
-    /**
-     * Decrypt a task's encrypted output (when you're the requester).
-     */
-    decryptTaskOutput(task: {
-        encrypted_output: string;
-        output_nonce: string;
-        to: string;
-    }, assigneePubKey: Uint8Array): Record<string, unknown> | null;
-    /**
-     * Create a signed attestation — a verifiable claim about the internet.
-     * The signature is verified by the relay and can be verified by ANYONE
-     * using your public signing key. This builds a decentralized evidence chain.
-     *
-     * @example
-     * ```ts
-     * // Attest that twitter.com is DNS-blocked in Iran
-     * const att = await agent.attest({
-     *   claimType: 'domain-blocked',
-     *   claimData: {
-     *     domain: 'twitter.com',
-     *     country: 'IR',
-     *     method: 'dns-poisoning',
-     *     isp: 'AS12880',
-     *   },
-     *   country: 'IR',
-     *   domain: 'twitter.com',
-     *   confidence: 0.95,
-     * });
-     * ```
-     */
-    attest(options: {
-        claimType: string;
-        claimData: Record<string, unknown>;
-        country?: string;
-        domain?: string;
-        confidence?: number;
-        expiresIn?: number;
-        timestamp?: string;
-    }): Promise<{
-        id: string;
-        consensus_score: number;
-    }>;
-    /**
-     * Corroborate or refute another agent's attestation.
-     * Your vote is Ed25519-signed and publicly verifiable.
-     *
-     * @example
-     * ```ts
-     * // Confirm an attestation
-     * await agent.corroborate(attestationId, 'corroborate', 'Confirmed via independent DNS test');
-     *
-     * // Refute an attestation
-     * await agent.corroborate(attestationId, 'refute', 'Domain resolves correctly on my ISP');
-     * ```
-     */
-    corroborate(attestationId: string, vote: 'corroborate' | 'refute', comment?: string): Promise<{
-        new_consensus_score: number;
-        corroboration_count: number;
-    }>;
-    /**
-     * Query attestations. Public — no auth required.
-     */
-    queryAttestations(options?: {
-        country?: string;
-        domain?: string;
-        type?: string;
-        agent?: string;
-        minConsensus?: number;
-        since?: string;
-        limit?: number;
-    }): Promise<any[]>;
-    /**
-     * Get attestation detail including all corroborations.
-     */
-    getAttestation(attestationId: string): Promise<any>;
-    /**
-     * Get consensus summary for a country or domain.
-     */
-    getConsensus(options: {
-        country?: string;
-        domain?: string;
-        type?: string;
-    }): Promise<any[]>;
-    /**
-     * Invite an agent to a private channel.
-     * Only channel members can invite.
-     */
-    inviteToChannel(channelId: string, inviteeDid: string, options?: {
-        message?: string;
-        expiresHours?: number;
-    }): Promise<{
-        id: string;
-        channel_id: string;
-        invitee: string;
-        status: string;
-        expires_at: string;
-    }>;
-    /**
-     * List pending channel invites for this agent.
-     */
-    listInvites(status?: string): Promise<any[]>;
-    /**
-     * Accept or decline a channel invite.
-     */
-    respondToInvite(inviteId: string, action: 'accept' | 'decline'): Promise<any>;
-    /**
-     * Get an agent's trust score and reputation breakdown.
-     */
-    getTrustScore(did: string): Promise<{
-        agent: string;
-        name: string;
-        trust_score: number;
-        trust_level: string;
-        components: {
-            task_completion_rate: number;
-            task_quality_avg: number;
-            attestation_accuracy: number;
-            message_reliability: number;
-        };
-        activity: Record<string, number>;
-    }>;
-    /**
-     * Get the trust leaderboard — top agents ranked by reputation.
-     */
-    getTrustLeaderboard(options?: {
-        limit?: number;
-        minLevel?: string;
-    }): Promise<any[]>;
-    /**
-     * Mark a message as read.
-     */
-    markRead(messageId: string): Promise<{
-        read: boolean;
-        read_at: string;
-    }>;
-    /**
-     * Mark multiple messages as read in one call.
-     */
-    markReadBatch(messageIds: string[]): Promise<{
-        updated: number;
-        total_requested: number;
-    }>;
-    /**
-     * Get unread message count, optionally filtered by sender.
-     */
-    getUnreadCount(fromDid?: string): Promise<{
-        unread_count: number;
-        by_sender: {
-            from: string;
-            count: number;
-        }[];
-    }>;
-    /**
-     * Broadcast a task to all agents with a given capability.
-     * The relay finds matching agents and creates individual tasks for each.
-     */
-    broadcastTask(options: {
-        capability: string;
-        input: string;
-        priority?: 'low' | 'normal' | 'high' | 'urgent';
-        maxAgents?: number;
-        minTrustLevel?: string;
-        expiresIn?: number;
-    }): Promise<{
-        broadcast_id: string;
-        capability: string;
-        agents_matched: number;
-        tasks: {
-            task_id: string;
-            agent_did: string;
-        }[];
-    }>;
-    /**
-     * List your broadcast tasks.
-     */
-    listBroadcasts(status?: string): Promise<any[]>;
-    /**
-     * Get broadcast detail with individual task statuses.
-     */
-    getBroadcast(broadcastId: string): Promise<any>;
-    /**
-     * Get your agent's usage analytics.
-     * @param period - '1d' | '7d' | '30d' | 'all'
-     */
-    getAnalytics(period?: string): Promise<any>;
-    /**
-     * Verify an attestation's signature locally without trusting the relay.
-     * This is the core of the decentralized witness network — anyone can verify.
-     */
-    static verifyAttestation(attestation: {
-        claim_type: string;
-        claim_data: Record<string, unknown>;
-        signature: string;
-        timestamp: string;
-    }, signingPublicKey: string): boolean;
-    /**
-     * Store an encrypted key-value pair in persistent memory.
-     * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
-     * The relay never sees plaintext values — true E2E encrypted storage.
-     */
-    memorySet(namespace: string, key: string, value: unknown, options?: {
-        valueType?: string;
-        ttl?: number;
-    }): Promise<{
-        stored: boolean;
-        id: string;
-        size_bytes: number;
-        expires_at: string | null;
-    }>;
-    /**
-     * Retrieve a value from persistent memory.
-     * Decrypted CLIENT-SIDE — relay never sees plaintext.
-     */
-    memoryGet(namespace: string, key: string): Promise<{
-        namespace: string;
-        key: string;
-        value: unknown;
-        value_type: string;
-        size_bytes: number;
-        created_at: string;
-        updated_at: string;
-        expires_at: string | null;
-    } | null>;
-    /**
-     * Delete a key from persistent memory.
-     */
-    memoryDelete(namespace: string, key: string): Promise<{
-        deleted: boolean;
-    }>;
-    /**
-     * List all keys in a memory namespace.
-     */
-    memoryList(namespace?: string, options?: {
-        prefix?: string;
-        limit?: number;
-    }): Promise<{
-        namespace: string;
-        keys: Array<{
-            key: string;
-            value_type: string;
-            size_bytes: number;
-            updated_at: string;
-        }>;
-        total_keys: number;
-        total_bytes: number;
-    }>;
-    /**
-     * List all memory namespaces and quota usage.
-     */
-    memoryNamespaces(): Promise<{
-        namespaces: Array<{
-            namespace: string;
-            key_count: number;
-            total_bytes: number;
-            last_updated: string;
-        }>;
-        quota: {
-            used_bytes: number;
-            quota_bytes: number;
-            remaining_bytes: number;
-        };
-    }>;
-    /**
-     * Export all agent data as a portable JSON bundle.
-     * Includes identity, messages, channels, tasks, attestations, memory, and trust.
-     * Memory values remain encrypted — portable to another relay.
-     */
-    exportData(options?: {
-        includeMessages?: boolean;
-        includeChannels?: boolean;
-        includeTasks?: boolean;
-        includeAttestations?: boolean;
-        includeMemory?: boolean;
-        includeTrust?: boolean;
-    }): Promise<Record<string, unknown>>;
-    /**
-     * List past data export records.
-     */
-    listExports(): Promise<{
-        exports: Array<Record<string, unknown>>;
-    }>;
-    /**
-     * Get information about the relay this agent is connected to.
-     * Includes federation capabilities and known peers.
-     */
-    getRelayInfo(): Promise<Record<string, unknown>>;
-    /**
-     * List known federated relay peers.
-     */
-    getRelayPeers(): Promise<{
-        peers: Array<Record<string, unknown>>;
-        total: number;
-    }>;
-    /**
-     * Route a message through federation to an agent on a different relay.
-     * The relay will forward it to the recipient's home relay.
-     */
-    routeMessage(toDid: string, message: string, options?: {
-        contentType?: string;
-        threadId?: string;
-    }): Promise<{
-        routed: boolean;
-        destination: string;
-    }>;
-    /** Send heartbeat — signals agent is alive, updates last_seen */
-    ping(): Promise<{
-        pong: boolean;
-        did: string;
-        status: string;
-        uptime: {
-            days: number;
-            hours: number;
-        };
-    }>;
-    /** Check if another agent is online (public) */
-    checkOnline(did: string): Promise<{
-        did: string;
-        online_status: 'online' | 'idle' | 'offline';
-        last_seen: string;
-        minutes_since_seen: number | null;
-    }>;
-    /** Pin another agent's public keys (Trust On First Use). Returns warning if keys changed since last pin. */
-    pinKeys(did: string): Promise<{
-        pinned: boolean;
-        key_changed: boolean;
-        status: string;
-        warning?: string;
-    }>;
-    /** List all pinned keys */
-    listPinnedKeys(options?: {
-        status?: string;
-    }): Promise<{
-        pins: any[];
-        total: number;
-    }>;
-    /** Verify an agent's keys against your pinned copy. Detects key changes (potential MitM). */
-    verifyKeys(did: string): Promise<{
-        did: string;
-        pinned: boolean;
-        verified?: boolean;
-        status: string;
-        warning?: string;
-    }>;
-    /**
-     * Upload prekey bundle for X3DH async key agreement.
-     * Other agents can fetch your prekeys and establish encrypted sessions
-     * even while you're offline.
-     *
-     * @param count Number of one-time prekeys to upload (default: 20)
-     */
-    uploadPrekeys(count?: number): Promise<{
-        uploaded: number;
-        signed_prekey_updated: boolean;
-    }>;
-    /**
-     * Fetch another agent's prekey bundle for X3DH key agreement.
-     * Use this to establish an encrypted session with an offline agent.
-     */
-    fetchPrekeys(did: string): Promise<{
-        identity_key: string;
-        signing_key: string;
-        signed_prekey: {
-            public_key: string;
-            signature: string;
-            id: number;
-        } | null;
-        one_time_prekey: {
-            id: number;
-            public_key: string;
-        } | null;
-        mlkem_public_key: string | null;
-    } | null>;
-    /**
-     * Create a channel with client-side encryption.
-     * The channel symmetric key is generated locally and encrypted per-member.
-     * The relay NEVER sees the plaintext channel key — true E2E for groups.
-     */
-    createEncryptedChannel(options: {
-        name: string;
-        description?: string;
-        topic?: string;
-        private?: boolean;
-    }): Promise<{
-        id: string;
-        name: string;
-        channelKey: Uint8Array;
-    }>;
-    /**
-     * Post a client-side encrypted message to a channel.
-     * Uses the channel's shared symmetric key — relay never sees plaintext.
-     *
-     * @param channelId Channel ID
-     * @param message Plaintext message
-     * @param channelKey 32-byte symmetric channel key (from createEncryptedChannel or received via invite)
-     */
-    postEncrypted(channelId: string, message: string, channelKey: Uint8Array): Promise<{
-        id: string;
-    }>;
-    /**
-     * Read and decrypt channel messages using client-side channel key.
-     * Ignores server-side encryption entirely — true E2E.
-     *
-     * @param channelId Channel ID
-     * @param channelKey 32-byte symmetric channel key
-     */
-    readEncrypted(channelId: string, channelKey: Uint8Array, options?: {
-        since?: string;
-        before?: string;
-        limit?: number;
-    }): Promise<{
-        messages: Array<{
-            id: string;
-            from: string;
-            content: string;
-            timestamp: string;
-            signatureValid: boolean;
-        }>;
-        count: number;
-    }>;
-    /**
-     * Listen for incoming messages with an event-driven callback.
-     * Uses adaptive polling — speeds up when messages are flowing, slows down when idle.
-     * Automatically sends heartbeat pings to signal the agent is online.
-     *
-     * @example
-     * ```ts
-     * // Simple listener
-     * const handle = agent.listen((msg) => {
-     *   console.log(`${msg.from}: ${msg.content}`);
-     * });
-     *
-     * // Stop after 60 seconds
-     * setTimeout(() => handle.stop(), 60000);
-     *
-     * // With options
-     * const handle = agent.listen(
-     *   (msg) => console.log(msg.content),
-     *   {
-     *     interval: 1000,       // poll every 1s
-     *     from: 'did:voidly:x', // only from this agent
-     *     threadId: 'conv-1',   // only this thread
-     *     adaptive: true,       // slow down when idle
-     *     heartbeat: true,      // send pings
-     *   }
-     * );
-     * ```
-     */
-    listen(onMessage: MessageHandler, options?: ListenOptions, onError?: ErrorHandler): ListenHandle;
-    /**
-     * Listen for messages as an async iterator.
-     * Enables `for await` syntax for message processing.
-     *
-     * @example
-     * ```ts
-     * for await (const msg of agent.messages({ unreadOnly: true })) {
-     *   console.log(`${msg.from}: ${msg.content}`);
-     *   if (msg.content === 'quit') break;
-     * }
-     * ```
-     */
-    messages(options?: Omit<ListenOptions, 'signal'> & {
-        signal?: AbortSignal;
-    }): AsyncGenerator<DecryptedMessage, void, unknown>;
-    /**
-     * Stop all active listeners. Useful for clean shutdown.
-     */
-    stopAll(): void;
-    /**
-     * Invoke a function on a remote agent. Synchronous RPC over encrypted messaging.
-     * The remote agent must have registered a handler via `onInvoke()`.
-     *
-     * @example
-     * ```ts
-     * // Call a translator agent
-     * const result = await agent.invoke('did:voidly:translator', 'translate', {
-     *   text: 'Hello, world!',
-     *   to: 'ja',
-     * });
-     * console.log(result.translation); // こんにちは
-     *
-     * // With timeout
-     * const data = await agent.invoke(peerDid, 'analyze', { url: '...' }, 15000);
-     * ```
-     */
-    invoke(targetDid: string, method: string, params?: any, timeoutMs?: number): Promise<any>;
-    /**
-     * Register a handler for incoming RPC invocations.
-     * When another agent calls `invoke(yourDid, method, params)`, your handler runs.
-     *
-     * @example
-     * ```ts
-     * // Register a translation capability
-     * agent.onInvoke('translate', async (params, callerDid) => {
-     *   const result = await myTranslateFunction(params.text, params.to);
-     *   return { translation: result };
-     * });
-     *
-     * // Register a search capability
-     * agent.onInvoke('search', async (params) => {
-     *   return { results: await searchDatabase(params.query) };
-     * });
-     * ```
-     */
-    onInvoke(method: string, handler: (params: any, callerDid: string) => Promise<any>): void;
-    /**
-     * Remove an RPC handler.
-     */
-    offInvoke(method: string): void;
-    /** @internal Start listening for RPC requests and responses */
-    private _ensureRpcListener;
-    /**
-     * Send a message directly to a peer's webhook endpoint, bypassing the relay entirely.
-     * The relay never sees the message — true peer-to-peer encrypted delivery.
-     *
-     * Falls back to relay-based send if direct delivery fails.
-     *
-     * @example
-     * ```ts
-     * // Try direct first, fall back to relay
-     * const result = await agent.sendDirect('did:voidly:peer', 'Hello P2P!');
-     * console.log(result.direct); // true if delivered directly, false if via relay
-     * ```
-     */
-    sendDirect(recipientDid: string, message: string, options?: {
-        contentType?: string;
-        messageType?: string;
-        threadId?: string;
-        ttl?: number;
-    }): Promise<SendResult & {
-        direct: boolean;
-    }>;
-    /**
-     * Enable cover traffic — sends encrypted noise at random intervals.
-     * Makes real messages indistinguishable from cover traffic for any observer
-     * monitoring message timing and frequency.
-     *
-     * Cover messages are encrypted and padded identically to real messages.
-     * The relay cannot distinguish them from real traffic.
-     *
-     * @example
-     * ```ts
-     * // Send noise every ~30s (randomized ±50%)
-     * agent.enableCoverTraffic({ intervalMs: 30000 });
-     *
-     * // Stop cover traffic
-     * agent.disableCoverTraffic();
-     * ```
-     */
-    enableCoverTraffic(options?: {
-        intervalMs?: number;
-    }): void;
-    /**
-     * Disable cover traffic.
-     */
-    disableCoverTraffic(): void;
-    /**
-     * Fetch from primary relay with fallback to alternate relays.
-     * Unlike _timedFetch which only hits one URL, this tries all known relays.
-     * @internal
-     */
-    private _resilientFetch;
-    /**
-     * Start or resume a conversation with another agent.
-     * Automatically manages thread IDs, message history, and reply chains.
-     *
-     * @example
-     * ```ts
-     * const conv = agent.conversation(otherDid);
-     * await conv.say('Hello!');
-     * await conv.say('How are you?');
-     *
-     * // Get full history
-     * const history = await conv.history();
-     *
-     * // Listen for replies in this conversation
-     * conv.onReply((msg) => {
-     *   console.log(`Reply: ${msg.content}`);
-     * });
-     * ```
-     */
-    conversation(peerDid: string, threadId?: string): Conversation;
-    /** @internal Fetch with timeout via AbortController */
-    private _timedFetch;
-    /** @internal Auto-pin keys on first contact (TOFU) */
-    private _autoPinKeys;
-    /** @internal Fetch with exponential backoff retry */
-    private _fetchWithRetry;
-    /**
-     * Drain the offline message queue — retry sending queued messages.
-     * Call this when connectivity is restored.
-     * Returns: number of messages successfully sent.
-     */
-    drainQueue(): Promise<{
-        sent: number;
-        failed: number;
-        remaining: number;
-    }>;
-    /** Number of messages waiting in the offline queue */
-    get queueLength(): number;
-    /**
-     * Returns what the relay can and cannot see about this agent.
-     * Call this to understand your threat model. Total transparency.
-     */
-    threatModel(): {
-        relayCanSee: string[];
-        relayCannotSee: string[];
-        protections: string[];
-        gaps: string[];
-    };
-}
-/**
- * A conversation between two agents.
- * Manages thread IDs, message history, reply chains, and listeners.
- *
- * @example
- * ```ts
- * const conv = agent.conversation('did:voidly:xyz');
- *
- * // Send messages (auto-threaded)
- * await conv.say('Hello!');
- * const reply = await conv.say('What is the status of twitter.com in Iran?');
- *
- * // Get conversation history
- * const history = await conv.history();
- *
- * // Listen for replies
- * conv.onReply((msg) => {
- *   console.log(`${msg.from}: ${msg.content}`);
- * });
- *
- * // Wait for next reply (Promise-based)
- * const next = await conv.waitForReply(30000); // 30s timeout
- * ```
- */
-declare class Conversation {
-    readonly threadId: string;
-    readonly peerDid: string;
-    private agent;
-    private _lastMessageId;
-    private _messageHistory;
-    private _listener;
-    private _replyHandlers;
-    /** @internal */
-    constructor(agent: VoidlyAgent, peerDid: string, threadId: string);
-    /**
-     * Send a message in this conversation. Auto-threaded and auto-linked to previous message.
-     */
-    say(content: string, options?: {
-        contentType?: string;
-        messageType?: string;
-        ttl?: number;
-    }): Promise<SendResult>;
-    /**
-     * Get conversation history (both sent and received messages in this thread).
-     */
-    history(options?: {
-        limit?: number;
-    }): Promise<ConversationMessage[]>;
-    /**
-     * Register a callback for replies in this conversation.
-     */
-    onReply(handler: MessageHandler): void;
-    /**
-     * Wait for the next reply in this conversation (Promise-based).
-     *
-     * @param timeoutMs - Maximum time to wait (default: 30000ms)
-     * @throws Error on timeout
-     */
-    waitForReply(timeoutMs?: number): Promise<DecryptedMessage>;
-    /**
-     * Stop listening for replies and clean up.
-     */
-    close(): void;
-    /** Number of messages tracked locally */
-    get length(): number;
-    /** The last message in this conversation */
-    get lastMessage(): ConversationMessage | null;
-}
-
-export { type AgentIdentity, type AgentProfile, Conversation, type ConversationMessage, type DecryptedMessage, type ErrorHandler, type ListenHandle, type ListenOptions, type MessageHandler, type RetryOptions, type SendResult, VoidlyAgent, type VoidlyAgentConfig };