@vorionsys/cognigate 1.0.1 → 1.0.2

package/dist/index.d.cts

@@ -1,282 +1,8 @@
-import { z } from 'zod';
-export { z } from 'zod';
+import { T as TrustStatus, I as IntentParseResult, a as Intent, G as GovernanceResult, P as ProofRecord, b as PaginatedResponse, c as ProofChainStats, C as CognigateConfig, A as Agent, d as CreateAgentRequest, U as UpdateAgentRequest } from './proof-bridge-BBmb7kVP.cjs';
+export { e as AgentSchema, f as ApiError, g as ApiResponse, h as GovernanceDecision, i as GovernanceResultSchema, j as ProofBridgeConfig, k as ProofBridgeHandle, l as ProofPlaneEmitter, m as ProofRecordSchema, n as TrustStatusSchema, W as WebhookEvent, o as WebhookEventType, p as WebhookHandler, q as WebhookRouter, r as createProofBridge, s as parseWebhookPayload, v as verifyWebhookSignature } from './proof-bridge-BBmb7kVP.cjs';
 import { TrustTier } from '@vorionsys/shared-constants';
 export { TIER_THRESHOLDS, TrustTier } from '@vorionsys/shared-constants';
-
-/**
- * Cognigate TypeScript SDK - Type Definitions
- *
- * Core types for the Cognigate AI governance API
- */
-
-type GovernanceDecision = 'ALLOW' | 'DENY' | 'ESCALATE' | 'DEGRADE';
-interface GovernanceResult {
-    decision: GovernanceDecision;
-    trustScore: number;
-    trustTier: TrustTier;
-    grantedCapabilities: string[];
-    deniedCapabilities: string[];
-    reasoning: string;
-    constraints?: Record<string, unknown>;
-    proofId?: string;
-    timestamp: Date;
-}
-interface Intent {
-    id: string;
-    entityId: string;
-    rawInput: string;
-    parsedAction: string;
-    parameters: Record<string, unknown>;
-    riskLevel: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
-    requiredCapabilities: string[];
-    timestamp: Date;
-}
-interface IntentParseResult {
-    intent: Intent;
-    confidence: number;
-    alternativeInterpretations?: Intent[];
-}
-interface TrustStatus {
-    entityId: string;
-    trustScore: number;
-    trustTier: TrustTier;
-    tierName: string;
-    capabilities: string[];
-    factorScores: Record<string, number>;
-    lastEvaluated: Date;
-    compliant: boolean;
-    warnings: string[];
-}
-interface ProofRecord {
-    id: string;
-    entityId: string;
-    intentId: string;
-    decision: GovernanceDecision;
-    action: string;
-    outcome: 'SUCCESS' | 'FAILURE' | 'PARTIAL' | 'PENDING';
-    trustScoreBefore: number;
-    trustScoreAfter: number;
-    timestamp: Date;
-    hash: string;
-    previousHash: string;
-    metadata?: Record<string, unknown>;
-}
-interface ProofChainStats {
-    totalRecords: number;
-    successRate: number;
-    averageTrustScore: number;
-    chainIntegrity: boolean;
-    lastVerified: Date;
-}
-interface Agent {
-    id: string;
-    name: string;
-    description: string;
-    ownerId: string;
-    trustScore: number;
-    trustTier: TrustTier;
-    status: 'ACTIVE' | 'PAUSED' | 'SUSPENDED' | 'TERMINATED';
-    capabilities: string[];
-    executions: number;
-    successRate: number;
-    createdAt: Date;
-    updatedAt: Date;
-    metadata?: Record<string, unknown>;
-}
-interface CreateAgentRequest {
-    name: string;
-    description?: string;
-    template?: string;
-    initialCapabilities?: string[];
-    metadata?: Record<string, unknown>;
-}
-interface UpdateAgentRequest {
-    name?: string;
-    description?: string;
-    status?: 'ACTIVE' | 'PAUSED';
-    metadata?: Record<string, unknown>;
-}
-interface ApiResponse<T> {
-    success: boolean;
-    data?: T;
-    error?: ApiError;
-    requestId: string;
-    timestamp: Date;
-}
-interface ApiError {
-    code: string;
-    message: string;
-    details?: Record<string, unknown>;
-}
-interface PaginatedResponse<T> {
-    items: T[];
-    total: number;
-    page: number;
-    pageSize: number;
-    hasMore: boolean;
-}
-interface WebhookEvent {
-    id: string;
-    type: WebhookEventType;
-    entityId: string;
-    payload: Record<string, unknown>;
-    timestamp: Date;
-    signature: string;
-}
-type WebhookEventType = 'agent.created' | 'agent.updated' | 'agent.deleted' | 'agent.status_changed' | 'trust.score_changed' | 'trust.tier_changed' | 'governance.decision' | 'proof.recorded' | 'alert.triggered';
-interface CognigateConfig {
-    apiKey: string;
-    baseUrl?: string;
-    timeout?: number;
-    retries?: number;
-    debug?: boolean;
-    webhookSecret?: string;
-}
-declare const TrustStatusSchema: z.ZodObject<{
-    entityId: z.ZodString;
-    trustScore: z.ZodNumber;
-    trustTier: z.ZodNativeEnum<typeof TrustTier>;
-    tierName: z.ZodString;
-    capabilities: z.ZodArray<z.ZodString, "many">;
-    factorScores: z.ZodRecord<z.ZodString, z.ZodNumber>;
-    lastEvaluated: z.ZodDate;
-    compliant: z.ZodBoolean;
-    warnings: z.ZodArray<z.ZodString, "many">;
-}, "strip", z.ZodTypeAny, {
-    entityId: string;
-    trustScore: number;
-    trustTier: TrustTier;
-    tierName: string;
-    capabilities: string[];
-    factorScores: Record<string, number>;
-    lastEvaluated: Date;
-    compliant: boolean;
-    warnings: string[];
-}, {
-    entityId: string;
-    trustScore: number;
-    trustTier: TrustTier;
-    tierName: string;
-    capabilities: string[];
-    factorScores: Record<string, number>;
-    lastEvaluated: Date;
-    compliant: boolean;
-    warnings: string[];
-}>;
-declare const GovernanceResultSchema: z.ZodObject<{
-    decision: z.ZodEnum<["ALLOW", "DENY", "ESCALATE", "DEGRADE"]>;
-    trustScore: z.ZodNumber;
-    trustTier: z.ZodNativeEnum<typeof TrustTier>;
-    grantedCapabilities: z.ZodArray<z.ZodString, "many">;
-    deniedCapabilities: z.ZodArray<z.ZodString, "many">;
-    reasoning: z.ZodString;
-    constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-    proofId: z.ZodOptional<z.ZodString>;
-    timestamp: z.ZodDate;
-}, "strip", z.ZodTypeAny, {
-    trustScore: number;
-    trustTier: TrustTier;
-    decision: "ALLOW" | "DENY" | "ESCALATE" | "DEGRADE";
-    grantedCapabilities: string[];
-    deniedCapabilities: string[];
-    reasoning: string;
-    timestamp: Date;
-    constraints?: Record<string, unknown> | undefined;
-    proofId?: string | undefined;
-}, {
-    trustScore: number;
-    trustTier: TrustTier;
-    decision: "ALLOW" | "DENY" | "ESCALATE" | "DEGRADE";
-    grantedCapabilities: string[];
-    deniedCapabilities: string[];
-    reasoning: string;
-    timestamp: Date;
-    constraints?: Record<string, unknown> | undefined;
-    proofId?: string | undefined;
-}>;
-declare const ProofRecordSchema: z.ZodObject<{
-    id: z.ZodString;
-    entityId: z.ZodString;
-    intentId: z.ZodString;
-    decision: z.ZodEnum<["ALLOW", "DENY", "ESCALATE", "DEGRADE"]>;
-    action: z.ZodString;
-    outcome: z.ZodEnum<["SUCCESS", "FAILURE", "PARTIAL", "PENDING"]>;
-    trustScoreBefore: z.ZodNumber;
-    trustScoreAfter: z.ZodNumber;
-    timestamp: z.ZodDate;
-    hash: z.ZodString;
-    previousHash: z.ZodString;
-    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-}, "strip", z.ZodTypeAny, {
-    entityId: string;
-    decision: "ALLOW" | "DENY" | "ESCALATE" | "DEGRADE";
-    timestamp: Date;
-    id: string;
-    intentId: string;
-    action: string;
-    outcome: "SUCCESS" | "FAILURE" | "PARTIAL" | "PENDING";
-    trustScoreBefore: number;
-    trustScoreAfter: number;
-    hash: string;
-    previousHash: string;
-    metadata?: Record<string, unknown> | undefined;
-}, {
-    entityId: string;
-    decision: "ALLOW" | "DENY" | "ESCALATE" | "DEGRADE";
-    timestamp: Date;
-    id: string;
-    intentId: string;
-    action: string;
-    outcome: "SUCCESS" | "FAILURE" | "PARTIAL" | "PENDING";
-    trustScoreBefore: number;
-    trustScoreAfter: number;
-    hash: string;
-    previousHash: string;
-    metadata?: Record<string, unknown> | undefined;
-}>;
-declare const AgentSchema: z.ZodObject<{
-    id: z.ZodString;
-    name: z.ZodString;
-    description: z.ZodString;
-    ownerId: z.ZodString;
-    trustScore: z.ZodNumber;
-    trustTier: z.ZodNativeEnum<typeof TrustTier>;
-    status: z.ZodEnum<["ACTIVE", "PAUSED", "SUSPENDED", "TERMINATED"]>;
-    capabilities: z.ZodArray<z.ZodString, "many">;
-    executions: z.ZodNumber;
-    successRate: z.ZodNumber;
-    createdAt: z.ZodDate;
-    updatedAt: z.ZodDate;
-    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-}, "strip", z.ZodTypeAny, {
-    trustScore: number;
-    trustTier: TrustTier;
-    status: "ACTIVE" | "PAUSED" | "SUSPENDED" | "TERMINATED";
-    capabilities: string[];
-    id: string;
-    name: string;
-    description: string;
-    ownerId: string;
-    executions: number;
-    successRate: number;
-    createdAt: Date;
-    updatedAt: Date;
-    metadata?: Record<string, unknown> | undefined;
-}, {
-    trustScore: number;
-    trustTier: TrustTier;
-    status: "ACTIVE" | "PAUSED" | "SUSPENDED" | "TERMINATED";
-    capabilities: string[];
-    id: string;
-    name: string;
-    description: string;
-    ownerId: string;
-    executions: number;
-    successRate: number;
-    createdAt: Date;
-    updatedAt: Date;
-    metadata?: Record<string, unknown> | undefined;
-}>;
+export { z } from 'zod';
 
 /**
  * Cognigate TypeScript SDK - Client
@@ -448,53 +174,99 @@ declare class ProofsClient {
 }
 
 /**
- * Cognigate TypeScript SDK - Webhook Utilities
+ * Worker Sandbox
  *
- * Helpers for handling Cognigate webhooks
- */
-
-/**
- * Verify webhook signature
+ * Provides isolated code execution for agents using Node.js worker_threads.
+ * Enforces resource limits (memory, CPU time), timeout enforcement, and
+ * message-based communication for safe agent code execution within Cognigate.
+ *
+ * @packageDocumentation
  */
-declare function verifyWebhookSignature(payload: string, signature: string, secret: string): Promise<boolean>;
 /**
- * Parse and validate a webhook payload
+ * Context provided to the sandbox for each execution.
+ * Determines isolation constraints and identity.
  */
-declare function parseWebhookPayload(body: string, signature: string, secret: string): Promise<WebhookEvent>;
+interface SandboxContext {
+    /** Tenant that owns this agent */
+    tenantId: string;
+    /** Agent being sandboxed */
+    agentId: string;
+    /** Numeric trust level (0-7, maps to TrustTier) */
+    trustLevel: number;
+    /** List of module names the agent is permitted to require */
+    allowedModules: string[];
+    /** Maximum execution time in milliseconds */
+    timeout: number;
+    /** Maximum heap memory in megabytes for the worker */
+    memoryLimitMb: number;
+}
 /**
- * Webhook handler type
+ * Result returned from a sandbox execution.
  */
-type WebhookHandler<T extends WebhookEventType = WebhookEventType> = (event: WebhookEvent & {
-    type: T;
-}) => void | Promise<void>;
+interface SandboxResult {
+    /** Whether execution completed without errors */
+    success: boolean;
+    /** The return value from the executed code */
+    output: unknown;
+    /** Error message if execution failed */
+    error?: string;
+    /** Wall-clock execution duration in milliseconds */
+    durationMs: number;
+    /** Approximate memory used during execution in bytes */
+    memoryUsedBytes: number;
+}
 /**
- * Webhook router for handling different event types
+ * Executes agent code in an isolated worker thread with resource limits.
+ *
+ * Each call to execute() spawns a fresh worker with V8 memory limits,
+ * runs the code in a vm context with restricted globals, and enforces
+ * a timeout from the main thread. Workers are terminated after each
+ * execution to ensure complete isolation between runs.
+ *
+ * @example
+ * ```typescript
+ * const sandbox = new WorkerSandbox();
+ *
+ * const result = await sandbox.execute('return 2 + 2;', {
+ *   tenantId: 'tenant-1',
+ *   agentId: 'agent-42',
+ *   trustLevel: 3,
+ *   allowedModules: [],
+ *   timeout: 5000,
+ *   memoryLimitMb: 32,
+ * });
+ *
+ * console.log(result.output); // 4
+ *
+ * await sandbox.shutdown();
+ * ```
  */
-declare class WebhookRouter {
-    private handlers;
-    /**
-     * Register a handler for a specific event type
-     */
-    on<T extends WebhookEventType>(type: T, handler: WebhookHandler<T>): this;
+declare class WorkerSandbox {
+    private worker;
+    private isShutdown;
     /**
-     * Register a handler for all events
+     * Execute code in an isolated worker thread.
+     *
+     * Spawns a new worker for each execution to ensure full isolation.
+     * The worker has memory limits enforced by V8 via `resourceLimits`,
+     * a vm-level timeout for synchronous code, and a main-thread timeout
+     * as a fallback for async code or hangs.
+     *
+     * @param code - JavaScript code string to execute inside the sandbox.
+     *   The code is wrapped in an async IIFE, so `return` and `await` are valid.
+     * @param context - Execution context with identity and resource constraints
+     * @returns Promise resolving to a SandboxResult
      */
-    onAll(handler: WebhookHandler): this;
+    execute(code: string, context: SandboxContext): Promise<SandboxResult>;
     /**
-     * Handle a webhook event
+     * Gracefully shut down the sandbox.
+     * Terminates any running worker and prevents future executions.
      */
-    handle(event: WebhookEvent): Promise<void>;
+    shutdown(): Promise<void>;
     /**
-     * Create an Express/Connect compatible middleware
+     * Check whether the sandbox has been shut down.
      */
-    middleware(secret: string): (req: {
-        headers: Record<string, string>;
-        body: unknown;
-    }, res: {
-        status: (code: number) => {
-            json: (data: unknown) => void;
-        };
-    }) => Promise<void>;
+    get terminated(): boolean;
 }
 
-export { type Agent, AgentSchema, AgentsClient, type ApiError, type ApiResponse, Cognigate, type CognigateConfig, CognigateError, type CreateAgentRequest, GovernanceClient, type GovernanceDecision, type GovernanceResult, GovernanceResultSchema, type Intent, type IntentParseResult, type PaginatedResponse, type ProofChainStats, type ProofRecord, ProofRecordSchema, ProofsClient, TrustClient, type TrustStatus, TrustStatusSchema, type UpdateAgentRequest, type WebhookEvent, type WebhookEventType, type WebhookHandler, WebhookRouter, parseWebhookPayload, verifyWebhookSignature };
+export { Agent, AgentsClient, Cognigate, CognigateConfig, CognigateError, CreateAgentRequest, GovernanceClient, GovernanceResult, Intent, IntentParseResult, PaginatedResponse, ProofChainStats, ProofRecord, ProofsClient, type SandboxContext, type SandboxResult, TrustClient, TrustStatus, UpdateAgentRequest, WorkerSandbox };

package/dist/index.d.ts

@@ -0,0 +1,272 @@
+import { T as TrustStatus, I as IntentParseResult, a as Intent, G as GovernanceResult, P as ProofRecord, b as PaginatedResponse, c as ProofChainStats, C as CognigateConfig, A as Agent, d as CreateAgentRequest, U as UpdateAgentRequest } from './proof-bridge-BBmb7kVP.js';
+export { e as AgentSchema, f as ApiError, g as ApiResponse, h as GovernanceDecision, i as GovernanceResultSchema, j as ProofBridgeConfig, k as ProofBridgeHandle, l as ProofPlaneEmitter, m as ProofRecordSchema, n as TrustStatusSchema, W as WebhookEvent, o as WebhookEventType, p as WebhookHandler, q as WebhookRouter, r as createProofBridge, s as parseWebhookPayload, v as verifyWebhookSignature } from './proof-bridge-BBmb7kVP.js';
+import { TrustTier } from '@vorionsys/shared-constants';
+export { TIER_THRESHOLDS, TrustTier } from '@vorionsys/shared-constants';
+export { z } from 'zod';
+
+/**
+ * Cognigate TypeScript SDK - Client
+ *
+ * Main client class for interacting with the Cognigate API
+ */
+
+declare class CognigateError extends Error {
+    code: string;
+    status?: number | undefined;
+    details?: Record<string, unknown> | undefined;
+    constructor(message: string, code: string, status?: number | undefined, details?: Record<string, unknown> | undefined);
+}
+declare class Cognigate {
+    private readonly config;
+    readonly agents: AgentsClient;
+    readonly trust: TrustClient;
+    readonly governance: GovernanceClient;
+    readonly proofs: ProofsClient;
+    constructor(config: CognigateConfig);
+    /**
+     * Make an authenticated request to the Cognigate API
+     */
+    request<T>(method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE', path: string, body?: unknown): Promise<T>;
+    /**
+     * Check API health
+     */
+    health(): Promise<{
+        status: string;
+        version: string;
+        timestamp: Date;
+    }>;
+    /**
+     * Get tier from trust score
+     */
+    static getTierFromScore(score: number): TrustTier;
+    /**
+     * Get tier name
+     */
+    static getTierName(tier: TrustTier): string;
+    /**
+     * Get tier thresholds
+     */
+    static getTierThresholds(tier: TrustTier): {
+        min: number;
+        max: number;
+        name: string;
+    };
+}
+declare class AgentsClient {
+    private client;
+    constructor(client: Cognigate);
+    /**
+     * List all agents
+     */
+    list(params?: {
+        page?: number;
+        pageSize?: number;
+        status?: 'ACTIVE' | 'PAUSED' | 'SUSPENDED';
+    }): Promise<PaginatedResponse<Agent>>;
+    /**
+     * Get a specific agent
+     */
+    get(agentId: string): Promise<Agent>;
+    /**
+     * Create a new agent
+     */
+    create(data: CreateAgentRequest): Promise<Agent>;
+    /**
+     * Update an agent
+     */
+    update(agentId: string, data: UpdateAgentRequest): Promise<Agent>;
+    /**
+     * Delete an agent
+     */
+    delete(agentId: string): Promise<void>;
+    /**
+     * Pause an agent
+     */
+    pause(agentId: string): Promise<Agent>;
+    /**
+     * Resume an agent
+     */
+    resume(agentId: string): Promise<Agent>;
+}
+declare class TrustClient {
+    private client;
+    constructor(client: Cognigate);
+    /**
+     * Get trust status for an entity
+     */
+    getStatus(entityId: string): Promise<TrustStatus>;
+    /**
+     * Get trust history
+     */
+    getHistory(entityId: string, params?: {
+        from?: Date;
+        to?: Date;
+        limit?: number;
+    }): Promise<Array<{
+        score: number;
+        tier: TrustTier;
+        timestamp: Date;
+    }>>;
+    /**
+     * Submit an outcome to update trust score
+     */
+    submitOutcome(entityId: string, proofId: string, outcome: {
+        success: boolean;
+        metrics?: Record<string, number>;
+        notes?: string;
+    }): Promise<TrustStatus>;
+}
+declare class GovernanceClient {
+    private client;
+    constructor(client: Cognigate);
+    /**
+     * Parse user intent into structured format
+     */
+    parseIntent(entityId: string, rawInput: string): Promise<IntentParseResult>;
+    /**
+     * Enforce governance rules on an intent
+     */
+    enforce(intent: Intent): Promise<GovernanceResult>;
+    /**
+     * Convenience method: parse and enforce in one call
+     */
+    evaluate(entityId: string, rawInput: string): Promise<{
+        intent: Intent;
+        result: GovernanceResult;
+    }>;
+    /**
+     * Check if an action is allowed without creating a proof record
+     */
+    canPerform(entityId: string, action: string, capabilities: string[]): Promise<{
+        allowed: boolean;
+        reason: string;
+    }>;
+}
+declare class ProofsClient {
+    private client;
+    constructor(client: Cognigate);
+    /**
+     * Get a specific proof record
+     */
+    get(proofId: string): Promise<ProofRecord>;
+    /**
+     * List proof records for an entity
+     */
+    list(entityId: string, params?: {
+        page?: number;
+        pageSize?: number;
+        from?: Date;
+        to?: Date;
+        outcome?: 'SUCCESS' | 'FAILURE' | 'PARTIAL';
+    }): Promise<PaginatedResponse<ProofRecord>>;
+    /**
+     * Get proof chain statistics
+     */
+    getStats(entityId: string): Promise<ProofChainStats>;
+    /**
+     * Verify proof chain integrity
+     */
+    verify(entityId: string): Promise<{
+        valid: boolean;
+        errors: string[];
+        lastVerified: Date;
+    }>;
+}
+
+/**
+ * Worker Sandbox
+ *
+ * Provides isolated code execution for agents using Node.js worker_threads.
+ * Enforces resource limits (memory, CPU time), timeout enforcement, and
+ * message-based communication for safe agent code execution within Cognigate.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Context provided to the sandbox for each execution.
+ * Determines isolation constraints and identity.
+ */
+interface SandboxContext {
+    /** Tenant that owns this agent */
+    tenantId: string;
+    /** Agent being sandboxed */
+    agentId: string;
+    /** Numeric trust level (0-7, maps to TrustTier) */
+    trustLevel: number;
+    /** List of module names the agent is permitted to require */
+    allowedModules: string[];
+    /** Maximum execution time in milliseconds */
+    timeout: number;
+    /** Maximum heap memory in megabytes for the worker */
+    memoryLimitMb: number;
+}
+/**
+ * Result returned from a sandbox execution.
+ */
+interface SandboxResult {
+    /** Whether execution completed without errors */
+    success: boolean;
+    /** The return value from the executed code */
+    output: unknown;
+    /** Error message if execution failed */
+    error?: string;
+    /** Wall-clock execution duration in milliseconds */
+    durationMs: number;
+    /** Approximate memory used during execution in bytes */
+    memoryUsedBytes: number;
+}
+/**
+ * Executes agent code in an isolated worker thread with resource limits.
+ *
+ * Each call to execute() spawns a fresh worker with V8 memory limits,
+ * runs the code in a vm context with restricted globals, and enforces
+ * a timeout from the main thread. Workers are terminated after each
+ * execution to ensure complete isolation between runs.
+ *
+ * @example
+ * ```typescript
+ * const sandbox = new WorkerSandbox();
+ *
+ * const result = await sandbox.execute('return 2 + 2;', {
+ *   tenantId: 'tenant-1',
+ *   agentId: 'agent-42',
+ *   trustLevel: 3,
+ *   allowedModules: [],
+ *   timeout: 5000,
+ *   memoryLimitMb: 32,
+ * });
+ *
+ * console.log(result.output); // 4
+ *
+ * await sandbox.shutdown();
+ * ```
+ */
+declare class WorkerSandbox {
+    private worker;
+    private isShutdown;
+    /**
+     * Execute code in an isolated worker thread.
+     *
+     * Spawns a new worker for each execution to ensure full isolation.
+     * The worker has memory limits enforced by V8 via `resourceLimits`,
+     * a vm-level timeout for synchronous code, and a main-thread timeout
+     * as a fallback for async code or hangs.
+     *
+     * @param code - JavaScript code string to execute inside the sandbox.
+     *   The code is wrapped in an async IIFE, so `return` and `await` are valid.
+     * @param context - Execution context with identity and resource constraints
+     * @returns Promise resolving to a SandboxResult
+     */
+    execute(code: string, context: SandboxContext): Promise<SandboxResult>;
+    /**
+     * Gracefully shut down the sandbox.
+     * Terminates any running worker and prevents future executions.
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Check whether the sandbox has been shut down.
+     */
+    get terminated(): boolean;
+}
+
+export { Agent, AgentsClient, Cognigate, CognigateConfig, CognigateError, CreateAgentRequest, GovernanceClient, GovernanceResult, Intent, IntentParseResult, PaginatedResponse, ProofChainStats, ProofRecord, ProofsClient, type SandboxContext, type SandboxResult, TrustClient, TrustStatus, UpdateAgentRequest, WorkerSandbox };