agentaos 0.2.0

package/dist/lib/policy-conversions.js

@@ -0,0 +1,62 @@
+/**
+ * Policy conversion utilities for the CLI.
+ * Mirrors the app's policy-builder/conversions.ts but for CLI use.
+ */
+import { CRITERION_CATALOG } from '@agentaos/core';
+/**
+ * Convert form state → PolicyRule[] for the API.
+ * Reject rules first, then one accept rule with all AND'd criteria.
+ */
+export function buildRules(values, enabled) {
+    const rules = [];
+    const rejectCriteria = [];
+    const acceptCriteria = [];
+    for (const meta of CRITERION_CATALOG) {
+        if (meta.alwaysOn)
+            continue;
+        if (!enabled[meta.type])
+            continue;
+        const fieldValues = values[meta.type] ?? {};
+        const criterion = meta.toCriterion(fieldValues);
+        if (meta.type === 'evmAddressBlocked' || meta.type === 'blockInfiniteApprovals') {
+            rejectCriteria.push(criterion);
+        }
+        else {
+            acceptCriteria.push(criterion);
+        }
+    }
+    for (const c of rejectCriteria) {
+        rules.push({ action: 'reject', criteria: [c] });
+    }
+    if (acceptCriteria.length > 0) {
+        rules.push({ action: 'accept', criteria: acceptCriteria });
+    }
+    return rules;
+}
+/**
+ * Parse a PolicyRule[] back to form state.
+ */
+export function parseFormValues(rules) {
+    const values = {};
+    const enabled = {};
+    const metaByType = new Map();
+    for (const meta of CRITERION_CATALOG) {
+        metaByType.set(meta.type, meta);
+    }
+    for (const rule of rules) {
+        const criteria = rule.criteria ?? [];
+        for (const criterion of criteria) {
+            const type = criterion.type;
+            if (!type)
+                continue;
+            const resolvedType = type === 'evmAddress' && criterion.operator === 'not_in' ? 'evmAddressBlocked' : type;
+            const meta = metaByType.get(resolvedType);
+            if (!meta)
+                continue;
+            enabled[resolvedType] = true;
+            values[resolvedType] = meta.fromCriterion(criterion);
+        }
+    }
+    return { values, enabled };
+}
+//# sourceMappingURL=policy-conversions.js.map

package/dist/lib/policy-conversions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-conversions.js","sourceRoot":"","sources":["../../src/lib/policy-conversions.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAMnD;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,MAAkB,EAAE,OAAmB;IACjE,MAAM,KAAK,GAA8B,EAAE,CAAC;IAC5C,MAAM,cAAc,GAA8B,EAAE,CAAC;IACrD,MAAM,cAAc,GAA8B,EAAE,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,QAAQ;YAAE,SAAS;QAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAElC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAEhD,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,IAAI,IAAI,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;YACjF,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAgC;IAI/D,MAAM,MAAM,GAAe,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAyB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAI,IAAiD,CAAC,QAAQ,IAAI,EAAE,CAAC;QACnF,KAAK,MAAM,SAAS,IAAI,QAAQ,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,SAAS,CAAC,IAAc,CAAC;YACtC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,MAAM,YAAY,GACjB,IAAI,KAAK,YAAY,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC;YAEvF,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,OAAO,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC;YAC7B,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC;IACF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC"}

package/dist/lib/signer-manager.d.ts

@@ -0,0 +1,17 @@
+import { AgentaApi, HttpClient, ThresholdSigner } from '@agentaos/sdk';
+export declare class SignerManager {
+    private signer;
+    private signerPromise;
+    private httpClient;
+    private api;
+    private getConfig;
+    getSigner(): Promise<ThresholdSigner>;
+    getHttpClient(): HttpClient;
+    getApi(): AgentaApi;
+    /** AGENTA_NETWORK — network name matching server's GET /api/v1/networks (e.g. "base-sepolia", "mainnet"). */
+    getNetwork(): string | null;
+    requireNetwork(networkParam?: string): string;
+    getSignerAddress(): string | undefined;
+    destroy(): void;
+}
+//# sourceMappingURL=signer-manager.d.ts.map

package/dist/lib/signer-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer-manager.d.ts","sourceRoot":"","sources":["../../src/lib/signer-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEvE,qBAAa,aAAa;IACzB,OAAO,CAAC,MAAM,CAAgC;IAC9C,OAAO,CAAC,aAAa,CAAyC;IAC9D,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,GAAG,CAA0B;IAErC,OAAO,CAAC,SAAS;IAWX,SAAS,IAAI,OAAO,CAAC,eAAe,CAAC;IA2B3C,aAAa,IAAI,UAAU;IAQ3B,MAAM,IAAI,SAAS;IAMnB,6GAA6G;IAC7G,UAAU,IAAI,MAAM,GAAG,IAAI;IAI3B,cAAc,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM;IAU7C,gBAAgB,IAAI,MAAM,GAAG,SAAS;IAItC,OAAO,IAAI,IAAI;CASf"}

package/dist/lib/signer-manager.js

@@ -0,0 +1,80 @@
+import { CGGMP24Scheme } from '@agentaos/engine';
+import { AgentaApi, HttpClient, ThresholdSigner } from '@agentaos/sdk';
+export class SignerManager {
+    signer = null;
+    signerPromise = null;
+    httpClient = null;
+    api = null;
+    getConfig() {
+        const apiSecret = process.env.AGENTA_API_SECRET;
+        const serverUrl = process.env.AGENTA_SERVER || 'https://api.agentaos.ai';
+        const apiKey = process.env.AGENTA_API_KEY;
+        if (!apiSecret)
+            throw new Error('AGENTA_API_SECRET is required');
+        if (!apiKey)
+            throw new Error('AGENTA_API_KEY is required');
+        return { apiSecret, serverUrl, apiKey };
+    }
+    async getSigner() {
+        if (this.signer && !this.signer.isDestroyed)
+            return this.signer;
+        // Prevent concurrent creation — reuse the in-flight promise
+        if (this.signerPromise)
+            return this.signerPromise;
+        this.signer = null;
+        const { apiSecret, serverUrl, apiKey } = this.getConfig();
+        this.signerPromise = ThresholdSigner.fromSecret({
+            apiSecret,
+            serverUrl,
+            apiKey,
+            scheme: new CGGMP24Scheme(),
+        })
+            .then((s) => {
+            this.signer = s;
+            this.signerPromise = null;
+            return s;
+        })
+            .catch((err) => {
+            this.signerPromise = null;
+            throw err;
+        });
+        return this.signerPromise;
+    }
+    getHttpClient() {
+        if (this.httpClient)
+            return this.httpClient;
+        const { serverUrl, apiKey } = this.getConfig();
+        this.httpClient = new HttpClient({ baseUrl: serverUrl, apiKey });
+        return this.httpClient;
+    }
+    getApi() {
+        if (this.api)
+            return this.api;
+        this.api = new AgentaApi(this.getHttpClient());
+        return this.api;
+    }
+    /** AGENTA_NETWORK — network name matching server's GET /api/v1/networks (e.g. "base-sepolia", "mainnet"). */
+    getNetwork() {
+        return process.env.AGENTA_NETWORK || null;
+    }
+    requireNetwork(networkParam) {
+        const network = networkParam || this.getNetwork();
+        if (!network) {
+            throw new Error('No network specified. Call agenta_list_networks first to see available networks, then pass the "network" parameter to this tool.');
+        }
+        return network;
+    }
+    getSignerAddress() {
+        return this.signer?.address;
+    }
+    destroy() {
+        if (this.signer && !this.signer.isDestroyed) {
+            this.signer.destroy();
+        }
+        this.signer = null;
+        this.signerPromise = null;
+        this.httpClient = null;
+        this.api = null;
+    }
+}
+//# sourceMappingURL=signer-manager.js.map

package/dist/lib/signer-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer-manager.js","sourceRoot":"","sources":["../../src/lib/signer-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEvE,MAAM,OAAO,aAAa;IACjB,MAAM,GAA2B,IAAI,CAAC;IACtC,aAAa,GAAoC,IAAI,CAAC;IACtD,UAAU,GAAsB,IAAI,CAAC;IACrC,GAAG,GAAqB,IAAI,CAAC;IAE7B,SAAS;QAChB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAChD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,yBAAyB,CAAC;QACzE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAE1C,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAE3D,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,SAAS;QACd,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAEhE,4DAA4D;QAC5D,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAElD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1D,IAAI,CAAC,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC;YAC/C,SAAS;YACT,SAAS;YACT,MAAM;YACN,MAAM,EAAE,IAAI,aAAa,EAAE;SAC3B,CAAC;aACA,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACX,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;YAChB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO,CAAC,CAAC;QACV,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACd,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,MAAM,GAAG,CAAC;QACX,CAAC,CAAC,CAAC;QAEJ,OAAO,IAAI,CAAC,aAAa,CAAC;IAC3B,CAAC;IAED,aAAa;QACZ,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAE5C,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,UAAU,CAAC;IACxB,CAAC;IAED,MAAM;QACL,IAAI,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,GAAG,CAAC;IACjB,CAAC;IAED,6GAA6G;IAC7G,UAAU;QACT,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,cAAc,CAAC,YAAqB;QACnC,MAAM,OAAO,GAAG,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QAClD,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CACd,kIAAkI,CAClI,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,gBAAgB;QACf,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;IAC7B,CAAC;IAED,OAAO;QACN,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;IACjB,CAAC;CACD"}

package/dist/lib/transfer-crypto.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Generate a 6-word BIP39 transfer code and derive the corresponding AES-256-GCM key.
+ *
+ * The words are randomly chosen from the BIP39 English wordlist (2048 words).
+ * 6 words = ~66 bits of entropy — sufficient for a 10-minute expiry window.
+ *
+ * The AES key is derived via HKDF-SHA256 with a fixed salt and transfer-specific info,
+ * binding the key to a specific transfer ID to prevent cross-transfer reuse.
+ */
+export declare function generateTransferCode(transferId: string): {
+    words: string[];
+    transferKey: Uint8Array;
+};
+/**
+ * Derive the AES-256-GCM key from 6 BIP39 words and a transfer ID.
+ *
+ * Uses HKDF-SHA256 with:
+ * - IKM: space-joined lowercase words
+ * - Salt: 'agentaos-transfer-v1'
+ * - Info: 'aes-256-gcm:{transferId}'
+ */
+export declare function deriveTransferKey(words: string[], transferId: string): Uint8Array;
+/**
+ * Encrypt share bytes with AES-256-GCM using the transfer key.
+ *
+ * Returns base64-encoded ciphertext: IV (12 bytes) || ciphertext || tag (16 bytes).
+ */
+export declare function encryptShareForTransfer(shareBytes: Uint8Array, transferKey: Uint8Array): Promise<string>;
+/**
+ * Decrypt share bytes from AES-256-GCM ciphertext.
+ *
+ * Input: base64-encoded IV (12 bytes) || ciphertext || tag (16 bytes).
+ * Throws on wrong key (GCM tag verification failure).
+ */
+export declare function decryptShareFromTransfer(ciphertextBase64: string, transferKey: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=transfer-crypto.d.ts.map

package/dist/lib/transfer-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer-crypto.d.ts","sourceRoot":"","sources":["../../src/lib/transfer-crypto.ts"],"names":[],"mappings":"AAmBA;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG;IACzD,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,UAAU,CAAC;CACxB,CAcA;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,CAkBjF;AAeD;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC5C,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,UAAU,GACrB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC7C,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,CAAC,CA6BrB"}

package/dist/lib/transfer-crypto.js

@@ -0,0 +1,109 @@
+import { randomBytes } from 'node:crypto';
+import { hkdf } from '@noble/hashes/hkdf';
+import { sha256 } from '@noble/hashes/sha256';
+import { wordlist } from '@scure/bip39/wordlists/english.js';
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const HKDF_SALT = 'agentaos-transfer-v1';
+const HKDF_INFO_PREFIX = 'aes-256-gcm:';
+const WORD_COUNT = 6;
+const AES_KEY_BYTES = 32;
+const AES_IV_BYTES = 12;
+// ---------------------------------------------------------------------------
+// Transfer code generation & key derivation
+// ---------------------------------------------------------------------------
+/**
+ * Generate a 6-word BIP39 transfer code and derive the corresponding AES-256-GCM key.
+ *
+ * The words are randomly chosen from the BIP39 English wordlist (2048 words).
+ * 6 words = ~66 bits of entropy — sufficient for a 10-minute expiry window.
+ *
+ * The AES key is derived via HKDF-SHA256 with a fixed salt and transfer-specific info,
+ * binding the key to a specific transfer ID to prevent cross-transfer reuse.
+ */
+export function generateTransferCode(transferId) {
+    const entropy = randomBytes(WORD_COUNT * 2); // 2 bytes per word → 0..65535 mod 2048
+    const words = [];
+    for (let i = 0; i < WORD_COUNT; i++) {
+        const hi = entropy[i * 2];
+        const lo = entropy[i * 2 + 1];
+        const index = ((hi << 8) | lo) % wordlist.length;
+        words.push(wordlist[index]);
+    }
+    const transferKey = deriveTransferKey(words, transferId);
+    entropy.fill(0);
+    return { words, transferKey };
+}
+/**
+ * Derive the AES-256-GCM key from 6 BIP39 words and a transfer ID.
+ *
+ * Uses HKDF-SHA256 with:
+ * - IKM: space-joined lowercase words
+ * - Salt: 'agentaos-transfer-v1'
+ * - Info: 'aes-256-gcm:{transferId}'
+ */
+export function deriveTransferKey(words, transferId) {
+    if (words.length !== WORD_COUNT) {
+        throw new Error(`Expected ${WORD_COUNT} words, got ${words.length}`);
+    }
+    // Validate all words are in the BIP39 wordlist
+    const wordSet = new Set(wordlist);
+    for (const word of words) {
+        if (!wordSet.has(word.toLowerCase())) {
+            throw new Error(`Invalid word: "${word}". Must be a valid BIP39 word.`);
+        }
+    }
+    const ikm = new TextEncoder().encode(words.join(' ').toLowerCase());
+    const salt = new TextEncoder().encode(HKDF_SALT);
+    const info = new TextEncoder().encode(`${HKDF_INFO_PREFIX}${transferId}`);
+    return hkdf(sha256, ikm, salt, info, AES_KEY_BYTES);
+}
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+/** Extract a plain ArrayBuffer from a Uint8Array (handles Buffer subarrays). */
+function toArrayBuffer(buf) {
+    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+}
+// ---------------------------------------------------------------------------
+// AES-256-GCM encrypt / decrypt
+// ---------------------------------------------------------------------------
+/**
+ * Encrypt share bytes with AES-256-GCM using the transfer key.
+ *
+ * Returns base64-encoded ciphertext: IV (12 bytes) || ciphertext || tag (16 bytes).
+ */
+export async function encryptShareForTransfer(shareBytes, transferKey) {
+    const iv = randomBytes(AES_IV_BYTES);
+    const key = await crypto.subtle.importKey('raw', toArrayBuffer(transferKey), { name: 'AES-GCM' }, false, ['encrypt']);
+    const ciphertext = new Uint8Array(await crypto.subtle.encrypt({ name: 'AES-GCM', iv: toArrayBuffer(iv) }, key, toArrayBuffer(shareBytes)));
+    // Pack: IV || ciphertext (includes GCM tag)
+    const packed = new Uint8Array(iv.length + ciphertext.length);
+    packed.set(iv, 0);
+    packed.set(ciphertext, iv.length);
+    return Buffer.from(packed).toString('base64');
+}
+/**
+ * Decrypt share bytes from AES-256-GCM ciphertext.
+ *
+ * Input: base64-encoded IV (12 bytes) || ciphertext || tag (16 bytes).
+ * Throws on wrong key (GCM tag verification failure).
+ */
+export async function decryptShareFromTransfer(ciphertextBase64, transferKey) {
+    const packed = Buffer.from(ciphertextBase64, 'base64');
+    if (packed.length < AES_IV_BYTES + 16) {
+        throw new Error('Ciphertext too short — expected at least IV + GCM tag');
+    }
+    const iv = packed.subarray(0, AES_IV_BYTES);
+    const ciphertext = packed.subarray(AES_IV_BYTES);
+    const key = await crypto.subtle.importKey('raw', toArrayBuffer(transferKey), { name: 'AES-GCM' }, false, ['decrypt']);
+    try {
+        const plaintext = new Uint8Array(await crypto.subtle.decrypt({ name: 'AES-GCM', iv: toArrayBuffer(iv) }, key, toArrayBuffer(ciphertext)));
+        return plaintext;
+    }
+    catch {
+        throw new Error('Decryption failed — wrong transfer code or corrupted data');
+    }
+}
+//# sourceMappingURL=transfer-crypto.js.map

package/dist/lib/transfer-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer-crypto.js","sourceRoot":"","sources":["../../src/lib/transfer-crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,mCAAmC,CAAC;AAE7D,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,SAAS,GAAG,sBAAsB,CAAC;AACzC,MAAM,gBAAgB,GAAG,cAAc,CAAC;AACxC,MAAM,UAAU,GAAG,CAAC,CAAC;AACrB,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,YAAY,GAAG,EAAE,CAAC;AAExB,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IAItD,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,uCAAuC;IACpF,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAW,CAAC;QACpC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAW,CAAC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAW,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChB,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAe,EAAE,UAAkB;IACpE,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,YAAY,UAAU,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,kBAAkB,IAAI,gCAAgC,CAAC,CAAC;QACzE,CAAC;IACF,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,gBAAgB,GAAG,UAAU,EAAE,CAAC,CAAC;IAE1E,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;AACrD,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,gFAAgF;AAChF,SAAS,aAAa,CAAC,GAAe;IACrC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAgB,CAAC;AACzF,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC5C,UAAsB,EACtB,WAAuB;IAEvB,MAAM,EAAE,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACxC,KAAK,EACL,aAAa,CAAC,WAAW,CAAC,EAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACX,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,UAAU,CAChC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,EAC1C,GAAG,EACH,aAAa,CAAC,UAAU,CAAC,CACzB,CACD,CAAC;IAEF,4CAA4C;IAC5C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAClB,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;IAElC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC7C,gBAAwB,EACxB,WAAuB;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,MAAM,GAAG,YAAY,GAAG,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAEjD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACxC,KAAK,EACL,aAAa,CAAC,WAAW,CAAC,EAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACX,CAAC;IAEF,IAAI,CAAC;QACJ,MAAM,SAAS,GAAG,IAAI,UAAU,CAC/B,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,EAC1C,GAAG,EACH,aAAa,CAAC,UAAU,CAAC,CACzB,CACD,CAAC;QACF,OAAO,SAAS,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACR,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC9E,CAAC;AACF,CAAC"}

package/dist/lib/x402-client.d.ts

@@ -0,0 +1,63 @@
+/**
+ * x402 Protocol Client for AgentaOS
+ *
+ * Supports the x402 **exact** payment scheme (ERC-3009 / Permit2) via @x402/evm.
+ * Both v2 (CAIP-2 networks, PAYMENT-REQUIRED/PAYMENT-SIGNATURE headers) and
+ * v1 (legacy network names, X-PAYMENT header) are supported.
+ */
+import type { ThresholdSigner } from '@agentaos/sdk';
+import type { PaymentRequired } from '@x402/core/types';
+export interface X402CheckResult {
+    requires402: boolean;
+    url: string;
+    paymentRequired?: PaymentRequired;
+}
+export interface X402FetchResult {
+    status: number;
+    url: string;
+    paid: boolean;
+    scheme?: string;
+    transaction?: string;
+    payer?: string;
+    contentType?: string;
+    body: string;
+}
+export interface X402DiscoverResult {
+    domain: string;
+    endpoints: Array<{
+        path: string;
+        method: string;
+        scheme?: string;
+        network?: string;
+        amount?: string;
+        asset?: string;
+        description?: string;
+    }>;
+}
+export interface X402FetchOptions {
+    /** Maximum amount willing to pay in atomic units (e.g., "1000000" = 1 USDC). */
+    maxAmount?: string;
+    /** Preferred token addresses in order. Reorders the accepts list. */
+    preferTokens?: string[];
+}
+/**
+ * Check if a URL requires x402 payment. No signer needed.
+ */
+export declare function checkX402(url: string): Promise<X402CheckResult>;
+/**
+ * Discover x402-protected endpoints on a domain.
+ * Checks .well-known/x402 first, then probes common paths.
+ */
+export declare function discoverX402(domain: string): Promise<X402DiscoverResult>;
+/**
+ * Fetch a 402-protected resource, automatically paying via the x402 exact scheme.
+ *
+ * 1. GET → if not 402, return response
+ * 2. Parse PAYMENT-REQUIRED header → PaymentRequirements[]
+ * 3. Apply policies (maxAmount, preferTokens)
+ * 4. Sign EIP-712 payment payload via threshold signer
+ * 5. Retry with PAYMENT-SIGNATURE header
+ * 6. Parse settlement from PAYMENT-RESPONSE header
+ */
+export declare function fetchWithX402(url: string, signer: ThresholdSigner, opts?: X402FetchOptions): Promise<X402FetchResult>;
+//# sourceMappingURL=x402-client.d.ts.map

package/dist/lib/x402-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402-client.d.ts","sourceRoot":"","sources":["../../src/lib/x402-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,KAAK,EAAE,eAAe,EAAuB,MAAM,kBAAkB,CAAC;AAO7E,MAAM,WAAW,eAAe;IAC/B,WAAW,EAAE,OAAO,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,CAAC,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,kBAAkB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAChC,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AA+HD;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAarE;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAuD9E;AAED;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,eAAe,EACvB,IAAI,CAAC,EAAE,gBAAgB,GACrB,OAAO,CAAC,eAAe,CAAC,CA6C1B"}

package/dist/lib/x402-client.js

@@ -0,0 +1,236 @@
+/**
+ * x402 Protocol Client for AgentaOS
+ *
+ * Supports the x402 **exact** payment scheme (ERC-3009 / Permit2) via @x402/evm.
+ * Both v2 (CAIP-2 networks, PAYMENT-REQUIRED/PAYMENT-SIGNATURE headers) and
+ * v1 (legacy network names, X-PAYMENT header) are supported.
+ */
+// ---------------------------------------------------------------------------
+// Signer Bridge
+// ---------------------------------------------------------------------------
+/**
+ * Bridge ThresholdSigner → ClientEvmSigner for @x402/evm.
+ * ThresholdSigner.signMessage() detects EIP-712 typed data via `{ domain }`.
+ */
+function toX402Signer(signer) {
+    return {
+        address: signer.address,
+        async signTypedData(message) {
+            const result = await signer.signMessage(message);
+            return result.signature;
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Header Parsing (for checkX402 / discoverX402 — no signer needed)
+// ---------------------------------------------------------------------------
+const PAYMENT_REQUIRED_HEADERS = ['payment-required', 'x-payment'];
+const PAYMENT_RESPONSE_HEADERS = ['payment-response', 'x-payment-response'];
+function decodeBase64Header(raw) {
+    return JSON.parse(Buffer.from(raw, 'base64').toString('utf-8'));
+}
+function readHeader(headers, names) {
+    for (const name of names) {
+        const val = headers.get(name);
+        if (val)
+            return val;
+    }
+    return null;
+}
+async function parsePaymentRequired(response) {
+    const raw = readHeader(response.headers, PAYMENT_REQUIRED_HEADERS);
+    if (raw) {
+        try {
+            return decodeBase64Header(raw);
+        }
+        catch {
+            // Malformed header — try body
+        }
+    }
+    const ct = response.headers.get('content-type') || '';
+    if (ct.includes('json')) {
+        try {
+            const body = (await response.json());
+            if (Array.isArray(body.accepts))
+                return body;
+        }
+        catch {
+            // Not JSON
+        }
+    }
+    return null;
+}
+function parseSettlement(headers) {
+    const raw = readHeader(headers, PAYMENT_RESPONSE_HEADERS);
+    if (!raw)
+        return null;
+    try {
+        return decodeBase64Header(raw);
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Policies
+// ---------------------------------------------------------------------------
+function maxAmountPolicy(max) {
+    const limit = BigInt(max);
+    return (_v, reqs) => reqs.filter((r) => BigInt(r.amount) <= limit);
+}
+function preferTokensPolicy(tokens) {
+    const normalized = tokens.map((t) => t.toLowerCase());
+    return (_v, reqs) => {
+        const preferred = new Array(normalized.length);
+        const rest = [];
+        for (const r of reqs) {
+            const idx = normalized.indexOf(r.asset.toLowerCase());
+            if (idx >= 0)
+                preferred[idx] = r;
+            else
+                rest.push(r);
+        }
+        return [...preferred.filter(Boolean), ...rest];
+    };
+}
+// ---------------------------------------------------------------------------
+// x402 Client Factory
+// ---------------------------------------------------------------------------
+async function createHttpClient(signer, opts) {
+    const { x402Client, x402HTTPClient } = await import('@x402/core/client');
+    const { registerExactEvmScheme } = await import('@x402/evm/exact/client');
+    const client = new x402Client();
+    registerExactEvmScheme(client, { signer: toX402Signer(signer) });
+    if (opts?.maxAmount)
+        client.registerPolicy(maxAmountPolicy(opts.maxAmount));
+    if (opts?.preferTokens?.length)
+        client.registerPolicy(preferTokensPolicy(opts.preferTokens));
+    return new x402HTTPClient(client);
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Check if a URL requires x402 payment. No signer needed.
+ */
+export async function checkX402(url) {
+    const response = await fetch(url, {
+        method: 'GET',
+        signal: AbortSignal.timeout(15_000),
+        redirect: 'follow',
+    });
+    if (response.status !== 402) {
+        return { requires402: false, url };
+    }
+    const paymentRequired = await parsePaymentRequired(response);
+    return { requires402: true, url, paymentRequired: paymentRequired ?? undefined };
+}
+/**
+ * Discover x402-protected endpoints on a domain.
+ * Checks .well-known/x402 first, then probes common paths.
+ */
+export async function discoverX402(domain) {
+    const baseUrl = domain.startsWith('http') ? domain : `https://${domain}`;
+    const endpoints = [];
+    // 1. Try .well-known/x402 (returns endpoint manifest)
+    try {
+        const wellKnown = await fetch(`${baseUrl}/.well-known/x402`, {
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (wellKnown.ok) {
+            const body = (await wellKnown.json());
+            if (body.endpoints) {
+                for (const ep of body.endpoints) {
+                    endpoints.push({
+                        path: String(ep.path || '/'),
+                        method: String(ep.method || 'GET'),
+                        scheme: ep.scheme ? String(ep.scheme) : undefined,
+                        network: ep.network ? String(ep.network) : undefined,
+                        amount: ep.amount ? String(ep.amount) : undefined,
+                        asset: ep.asset ? String(ep.asset) : undefined,
+                        description: ep.description ? String(ep.description) : undefined,
+                    });
+                }
+                return { domain, endpoints };
+            }
+        }
+    }
+    catch {
+        // No well-known endpoint
+    }
+    // 2. Probe common paths (well-known not included — already checked above)
+    const probePaths = ['/', '/api', '/api/v1', '/data', '/premium', '/content'];
+    const probes = probePaths.map(async (path) => {
+        try {
+            const result = await checkX402(`${baseUrl}${path}`);
+            if (result.requires402 && result.paymentRequired) {
+                for (const req of result.paymentRequired.accepts) {
+                    endpoints.push({
+                        path,
+                        method: 'GET',
+                        scheme: req.scheme,
+                        network: req.network,
+                        amount: req.amount,
+                        asset: req.asset,
+                    });
+                }
+            }
+        }
+        catch {
+            // Unreachable
+        }
+    });
+    await Promise.allSettled(probes);
+    return { domain, endpoints };
+}
+/**
+ * Fetch a 402-protected resource, automatically paying via the x402 exact scheme.
+ *
+ * 1. GET → if not 402, return response
+ * 2. Parse PAYMENT-REQUIRED header → PaymentRequirements[]
+ * 3. Apply policies (maxAmount, preferTokens)
+ * 4. Sign EIP-712 payment payload via threshold signer
+ * 5. Retry with PAYMENT-SIGNATURE header
+ * 6. Parse settlement from PAYMENT-RESPONSE header
+ */
+export async function fetchWithX402(url, signer, opts) {
+    const initial = await fetch(url, {
+        method: 'GET',
+        signal: AbortSignal.timeout(15_000),
+        redirect: 'follow',
+    });
+    if (initial.status !== 402) {
+        return {
+            status: initial.status,
+            url,
+            paid: false,
+            contentType: initial.headers.get('content-type') || undefined,
+            body: await initial.text(),
+        };
+    }
+    const paymentRequired = await parsePaymentRequired(initial);
+    if (!paymentRequired?.accepts?.length) {
+        throw new Error('402 response but could not parse payment requirements');
+    }
+    const httpClient = await createHttpClient(signer, opts);
+    const paymentPayload = await httpClient.createPaymentPayload(paymentRequired);
+    const paymentHeaders = httpClient.encodePaymentSignatureHeader(paymentPayload);
+    const paidResponse = await fetch(url, {
+        method: 'GET',
+        headers: paymentHeaders,
+        signal: AbortSignal.timeout(30_000),
+        redirect: 'follow',
+    });
+    const settlement = parseSettlement(paidResponse.headers);
+    return {
+        status: paidResponse.status,
+        url,
+        paid: true,
+        scheme: 'exact',
+        transaction: settlement?.transaction,
+        payer: settlement?.payer,
+        contentType: paidResponse.headers.get('content-type') || undefined,
+        body: await paidResponse.text(),
+    };
+}
+//# sourceMappingURL=x402-client.js.map

package/dist/lib/x402-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"x402-client.js","sourceRoot":"","sources":["../../src/lib/x402-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,YAAY,CAAC,MAAuB;IAC5C,OAAO;QACN,OAAO,EAAE,MAAM,CAAC,OAAwB;QACxC,KAAK,CAAC,aAAa,CAAC,OAKnB;YACA,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO,MAAM,CAAC,SAA0B,CAAC;QAC1C,CAAC;KACD,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E,MAAM,wBAAwB,GAAG,CAAC,kBAAkB,EAAE,WAAW,CAAU,CAAC;AAC5E,MAAM,wBAAwB,GAAG,CAAC,kBAAkB,EAAE,oBAAoB,CAAU,CAAC;AAErF,SAAS,kBAAkB,CAAI,GAAW;IACzC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,UAAU,CAAC,OAAgB,EAAE,KAAwB;IAC7D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,QAAkB;IACrD,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC;IACnE,IAAI,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACJ,OAAO,kBAAkB,CAAkB,GAAG,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACR,8BAA8B;QAC/B,CAAC;IACF,CAAC;IAED,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACtD,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;YAChE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAkC,CAAC;QAC5E,CAAC;QAAC,MAAM,CAAC;YACR,WAAW;QACZ,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAOD,SAAS,eAAe,CAAC,OAAgB;IACxC,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC;IAC1D,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACJ,OAAO,kBAAkB,CAAiB,GAAG,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,eAAe,CAAC,GAAW;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,CAAC,EAAU,EAAE,IAA2B,EAAyB,EAAE,CACzE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAgB;IAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,EAAU,EAAE,IAA2B,EAAyB,EAAE;QACzE,MAAM,SAAS,GAAwC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpF,MAAM,IAAI,GAA0B,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;YACtD,IAAI,GAAG,IAAI,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;;gBAC5B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,OAAO,CAAC,GAAI,SAAS,CAAC,MAAM,CAAC,OAAO,CAA2B,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3E,CAAC,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,KAAK,UAAU,gBAAgB,CAAC,MAAuB,EAAE,IAAuB;IAC/E,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACzE,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IAE1E,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;IAChC,sBAAsB,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEjE,IAAI,IAAI,EAAE,SAAS;QAAE,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5E,IAAI,IAAI,EAAE,YAAY,EAAE,MAAM;QAAE,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAE7F,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW;IAC1C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,QAAQ;KAClB,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,EAAE,eAAe,EAAE,eAAe,IAAI,SAAS,EAAE,CAAC;AAClF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAc;IAChD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,EAAE,CAAC;IACzE,MAAM,SAAS,GAAoC,EAAE,CAAC;IAEtD,sDAAsD;IACtD,IAAI,CAAC;QACJ,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,mBAAmB,EAAE;YAC5D,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACnC,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAmD,CAAC;YACxF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACjC,SAAS,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,GAAG,CAAC;wBAC5B,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,IAAI,KAAK,CAAC;wBAClC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;wBACjD,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;wBACpD,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;wBACjD,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;wBAC9C,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;qBAChE,CAAC,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;YAC9B,CAAC;QACF,CAAC;IACF,CAAC;IAAC,MAAM,CAAC;QACR,yBAAyB;IAC1B,CAAC;IAED,0EAA0E;IAC1E,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5C,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,CAAC,CAAC;YACpD,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBAClD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;oBAClD,SAAS,CAAC,IAAI,CAAC;wBACd,IAAI;wBACJ,MAAM,EAAE,KAAK;wBACb,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,KAAK,EAAE,GAAG,CAAC,KAAK;qBAChB,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,cAAc;QACf,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,GAAW,EACX,MAAuB,EACvB,IAAuB;IAEvB,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,QAAQ;KAClB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO;YACN,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG;YACH,IAAI,EAAE,KAAK;YACX,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS;YAC7D,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE;SAC1B,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,CAAC,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC;IAC9E,MAAM,cAAc,GAAG,UAAU,CAAC,4BAA4B,CAAC,cAAc,CAAC,CAAC;IAE/E,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACrC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,cAAc;QACvB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,QAAQ;KAClB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,eAAe,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEzD,OAAO;QACN,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,GAAG;QACH,IAAI,EAAE,IAAI;QACV,MAAM,EAAE,OAAO;QACf,WAAW,EAAE,UAAU,EAAE,WAAW;QACpC,KAAK,EAAE,UAAU,EAAE,KAAK;QACxB,WAAW,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS;QAClE,IAAI,EAAE,MAAM,YAAY,CAAC,IAAI,EAAE;KAC/B,CAAC;AACH,CAAC"}

package/dist/mcp/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Start the AgentaOS MCP server with all tools.
+ * Connects via stdio transport.
+ */
+export declare function runMcp(): Promise<void>;
+//# sourceMappingURL=index.d.ts.map