hedera-curb 0.1.0

package/README.md

@@ -0,0 +1,60 @@
+# hedera-curb
+
+**Verifiable spend-control for Hedera AI agents.** Drop-in [Hedera Agent Kit](https://github.com/hashgraph/hedera-agent-kit-js) hooks that govern every payment your agent makes — per-task & daily budgets, a counterparty allowlist, and single-use human approval — and write every decision immutably to the Hedera Consensus Service.
+
+> ProveAI proves the model; Curb proves the spend.
+
+## Install
+
+```bash
+npm i hedera-curb @hashgraph/hedera-agent-kit @hiero-ledger/sdk
+```
+
+## Use (≈12 lines)
+
+```ts
+import { buildCurbHooks, InMemoryCurbStore } from 'hedera-curb';
+import { AgentMode } from '@hashgraph/hedera-agent-kit';
+import { coreAccountPlugin } from '@hashgraph/hedera-agent-kit/plugins';
+import { HederaAIToolkit } from '@hashgraph/hedera-agent-kit-ai-sdk';
+
+const store = new InMemoryCurbStore();
+store.allowAccount(AGENT_ID, PROVIDER_ID); // who the agent may pay
+
+const cfg = { agentAccountId: AGENT_ID, auditTopicId: TOPIC_ID,
+  currency: 'HBAR' as const, perTask: 10, perDay: 25, autoUnder: 3, approveUnder: 10 };
+
+const toolkit = new HederaAIToolkit({ client, configuration: {
+  plugins: [coreAccountPlugin],
+  context: { mode: AgentMode.AUTONOMOUS, accountId: AGENT_ID,
+    hooks: buildCurbHooks({ cfg, store }) }, // ← that's the whole integration
+}});
+```
+
+Now every `transfer_hbar` the agent attempts passes the budget, allowlist, and approval policies **before** it executes, and every decision lands on your HCS audit topic.
+
+## Production storage
+
+`InMemoryCurbStore` is for tests / single-instance apps. For production, implement the 6-method `CurbStore` interface against Redis, Postgres, etc. — the policies stay durable and complete (never derived from a windowed read):
+
+```ts
+interface CurbStore {
+  isAllowed(agent, account): Promise<boolean>;
+  getDailySpend(agent): Promise<number>;
+  incrDailySpend(agent, amount): Promise<void>;
+  getApproval(requestId): Promise<'pending' | 'approved' | 'rejected' | null>;
+  setApproval(requestId, status, meta?): Promise<void>;
+  consumeApproval(requestId): Promise<void>;
+}
+```
+
+## Exports
+
+- `SpendLimitPolicy`, `CounterpartyAllowlistPolicy`, `ApprovalTierPolicy` — composable `AbstractPolicy`s.
+- `CurbAuditHook` — an immutable HCS record per settled payment.
+- `buildCurbHooks(deps)` — the ordered policy + audit stack for `context.hooks`.
+- `CurbStore` + `InMemoryCurbStore`, `extractPayment`, `writeRecord`, and the `CurbConfig` / `CurbRecord` types.
+
+## License
+
+MIT

package/dist/audit.d.ts

@@ -0,0 +1,5 @@
+import { Client } from '@hiero-ledger/sdk';
+import type { CurbConfig } from './config';
+import type { CurbRecord } from './records';
+/** Append an immutable record to the Curb audit topic on HCS. */
+export declare function writeRecord(client: Client, cfg: CurbConfig, partial: Omit<CurbRecord, 'v' | 'agent' | 'ts'>): Promise<CurbRecord>;

package/dist/audit.js

@@ -0,0 +1,10 @@
+import { TopicMessageSubmitTransaction } from '@hiero-ledger/sdk';
+/** Append an immutable record to the Curb audit topic on HCS. */
+export async function writeRecord(client, cfg, partial) {
+    const rec = { v: 1, agent: cfg.agentAccountId, ts: Date.now(), ...partial };
+    await new TopicMessageSubmitTransaction({
+        topicId: cfg.auditTopicId,
+        message: JSON.stringify(rec),
+    }).execute(client);
+    return rec;
+}

package/dist/build-hooks.d.ts

@@ -0,0 +1,12 @@
+import { RejectToolPolicy } from '@hashgraph/hedera-agent-kit/policies';
+import { HcsAuditTrailHook } from '@hashgraph/hedera-agent-kit/hooks';
+import { SpendLimitPolicy } from './policies/spend-limit';
+import { CounterpartyAllowlistPolicy } from './policies/counterparty-allowlist';
+import { ApprovalTierPolicy } from './policies/approval-tier';
+import { CurbAuditHook } from './hooks/curb-audit-hook';
+import type { CurbDeps } from './deps';
+/**
+ * The ordered Curb policy + audit stack, ready to drop into `configuration.context.hooks`.
+ * Hard-disables every account-mutating / allowance tool, then governs `transfer_hbar`.
+ */
+export declare function buildCurbHooks(d: CurbDeps): (SpendLimitPolicy | CounterpartyAllowlistPolicy | ApprovalTierPolicy | CurbAuditHook | RejectToolPolicy | HcsAuditTrailHook)[];

package/dist/build-hooks.js

@@ -0,0 +1,28 @@
+import { RejectToolPolicy } from '@hashgraph/hedera-agent-kit/policies';
+import { HcsAuditTrailHook } from '@hashgraph/hedera-agent-kit/hooks';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+import { SpendLimitPolicy } from './policies/spend-limit';
+import { CounterpartyAllowlistPolicy } from './policies/counterparty-allowlist';
+import { ApprovalTierPolicy } from './policies/approval-tier';
+import { CurbAuditHook } from './hooks/curb-audit-hook';
+/**
+ * The ordered Curb policy + audit stack, ready to drop into `configuration.context.hooks`.
+ * Hard-disables every account-mutating / allowance tool, then governs `transfer_hbar`.
+ */
+export function buildCurbHooks(d) {
+    return [
+        new RejectToolPolicy([
+            coreAccountPluginToolNames.CREATE_ACCOUNT_TOOL,
+            coreAccountPluginToolNames.DELETE_ACCOUNT_TOOL,
+            coreAccountPluginToolNames.UPDATE_ACCOUNT_TOOL,
+            coreAccountPluginToolNames.APPROVE_HBAR_ALLOWANCE_TOOL,
+            coreAccountPluginToolNames.DELETE_HBAR_ALLOWANCE_TOOL,
+            coreAccountPluginToolNames.TRANSFER_HBAR_WITH_ALLOWANCE_TOOL,
+        ]),
+        new CounterpartyAllowlistPolicy(d),
+        new SpendLimitPolicy(d),
+        new ApprovalTierPolicy(d),
+        new CurbAuditHook(d),
+        new HcsAuditTrailHook([coreAccountPluginToolNames.TRANSFER_HBAR_TOOL], d.cfg.auditTopicId),
+    ];
+}

package/dist/config.d.ts

@@ -0,0 +1,17 @@
+export type Currency = 'HBAR' | 'USDC';
+export interface CurbConfig {
+    /** The agent's Hedera account id (the bounded-allowance account). */
+    agentAccountId: string;
+    /** HCS topic id every policy decision is written to. */
+    auditTopicId: string;
+    currency: Currency;
+    /** Max value of a single payment (display units). */
+    perTask: number;
+    /** Rolling daily cap (display units). */
+    perDay: number;
+    /** Below this, payments auto-approve. */
+    autoUnder: number;
+    /** At/above this, approvals are flagged high-value. */
+    approveUnder: number;
+}
+export declare const DEFAULT_CONFIG: Omit<CurbConfig, 'agentAccountId' | 'auditTopicId'>;

package/dist/config.js

@@ -0,0 +1,7 @@
+export const DEFAULT_CONFIG = {
+    currency: 'HBAR',
+    perTask: 10,
+    perDay: 25,
+    autoUnder: 3,
+    approveUnder: 10,
+};

package/dist/deps.d.ts

@@ -0,0 +1,7 @@
+import type { CurbConfig } from './config';
+import type { CurbStore } from './store';
+/** Everything every Curb policy and hook needs at construction time. */
+export interface CurbDeps {
+    cfg: CurbConfig;
+    store: CurbStore;
+}

package/dist/deps.js

@@ -0,0 +1 @@
+export {};

package/dist/extract.d.ts

@@ -0,0 +1,11 @@
+export interface PaymentIntent {
+    amount: number;
+    currency: 'HBAR' | 'USDC';
+    recipients: string[];
+}
+/**
+ * Pull the payment amount + recipients out of a tool's normalised params.
+ * HBAR transfers normalise to `{ hbarTransfers: [{ accountId, amount }] }` and include the
+ * sender as a negative entry — we keep only the positive credits.
+ */
+export declare function extractPayment(method: string, normalised: any): PaymentIntent | null;

package/dist/extract.js

@@ -0,0 +1,28 @@
+import { Hbar } from '@hiero-ledger/sdk';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+function hbarToNumber(a) {
+    if (a instanceof Hbar)
+        return a.toBigNumber().toNumber();
+    if (typeof a === 'number')
+        return a;
+    if (typeof a === 'string')
+        return Number(a);
+    return Number(a?.toString?.() ?? 0);
+}
+/**
+ * Pull the payment amount + recipients out of a tool's normalised params.
+ * HBAR transfers normalise to `{ hbarTransfers: [{ accountId, amount }] }` and include the
+ * sender as a negative entry — we keep only the positive credits.
+ */
+export function extractPayment(method, normalised) {
+    if (method === coreAccountPluginToolNames.TRANSFER_HBAR_TOOL) {
+        const transfers = normalised?.hbarTransfers ?? [];
+        const credits = transfers.filter((t) => hbarToNumber(t.amount) > 0);
+        return {
+            amount: credits.reduce((sum, t) => sum + hbarToNumber(t.amount), 0),
+            currency: 'HBAR',
+            recipients: credits.map((t) => String(t.accountId)),
+        };
+    }
+    return null;
+}

package/dist/hooks/curb-audit-hook.d.ts

@@ -0,0 +1,11 @@
+import { AbstractHook, type PostSecondaryActionParams } from '@hashgraph/hedera-agent-kit';
+import type { CurbDeps } from '../deps';
+/** Records every settled payment on HCS and advances the durable daily-spend counter. */
+export declare class CurbAuditHook extends AbstractHook {
+    private d;
+    name: string;
+    description: string;
+    relevantTools: string[];
+    constructor(d: CurbDeps);
+    postToolExecutionHook(params: PostSecondaryActionParams, method: string): Promise<void>;
+}

package/dist/hooks/curb-audit-hook.js

@@ -0,0 +1,40 @@
+import { AbstractHook } from '@hashgraph/hedera-agent-kit';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+import { extractPayment } from '../extract';
+import { writeRecord } from '../audit';
+// `toolResult` is typed `any` in the kit; these are the observed shapes for tx id.
+function extractTxId(toolResult) {
+    return (toolResult?.raw?.transactionId ??
+        toolResult?.transactionId ??
+        toolResult?.txId ??
+        toolResult?.receipt?.transactionId ??
+        undefined);
+}
+/** Records every settled payment on HCS and advances the durable daily-spend counter. */
+export class CurbAuditHook extends AbstractHook {
+    d;
+    name = 'curb.audit';
+    description = 'Records every settled payment on HCS';
+    relevantTools = [coreAccountPluginToolNames.TRANSFER_HBAR_TOOL];
+    constructor(d) {
+        super();
+        this.d = d;
+    }
+    async postToolExecutionHook(params, method) {
+        if (!this.relevantTools.includes(method))
+            return;
+        const intent = extractPayment(method, params.normalisedParams);
+        await writeRecord(params.client, this.d.cfg, {
+            type: 'executed',
+            method,
+            amount: intent?.amount,
+            currency: this.d.cfg.currency,
+            counterparty: intent?.recipients[0],
+            txId: extractTxId(params.toolResult),
+            allowed: true,
+            reason: 'settled',
+        });
+        if (intent?.amount)
+            await this.d.store.incrDailySpend(this.d.cfg.agentAccountId, intent.amount);
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+export * from './config';
+export * from './records';
+export * from './store';
+export * from './deps';
+export * from './extract';
+export * from './audit';
+export * from './policies/spend-limit';
+export * from './policies/counterparty-allowlist';
+export * from './policies/approval-tier';
+export * from './hooks/curb-audit-hook';
+export * from './build-hooks';

package/dist/index.js

@@ -0,0 +1,11 @@
+export * from './config';
+export * from './records';
+export * from './store';
+export * from './deps';
+export * from './extract';
+export * from './audit';
+export * from './policies/spend-limit';
+export * from './policies/counterparty-allowlist';
+export * from './policies/approval-tier';
+export * from './hooks/curb-audit-hook';
+export * from './build-hooks';

package/dist/policies/approval-tier.d.ts

@@ -0,0 +1,16 @@
+import { AbstractPolicy, type PostParamsNormalizationParams } from '@hashgraph/hedera-agent-kit';
+import type { CurbDeps } from '../deps';
+/**
+ * Tiered human-in-the-loop:
+ *  - below `autoUnder`  → auto-approve
+ *  - at/above          → block until a human approves (payments ≥ `approveUnder` are flagged
+ *    high-value). Each approval is SINGLE-USE.
+ */
+export declare class ApprovalTierPolicy extends AbstractPolicy {
+    private d;
+    name: string;
+    description: string;
+    relevantTools: string[];
+    constructor(d: CurbDeps);
+    protected shouldBlockPostParamsNormalization(params: PostParamsNormalizationParams, method: string): Promise<boolean>;
+}

package/dist/policies/approval-tier.js

@@ -0,0 +1,58 @@
+import crypto from 'node:crypto';
+import { AbstractPolicy } from '@hashgraph/hedera-agent-kit';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+import { extractPayment } from '../extract';
+import { writeRecord } from '../audit';
+/**
+ * Tiered human-in-the-loop:
+ *  - below `autoUnder`  → auto-approve
+ *  - at/above          → block until a human approves (payments ≥ `approveUnder` are flagged
+ *    high-value). Each approval is SINGLE-USE.
+ */
+export class ApprovalTierPolicy extends AbstractPolicy {
+    d;
+    name = 'curb.approval-tier';
+    description = 'Requires single-use human approval for larger payments';
+    relevantTools = [coreAccountPluginToolNames.TRANSFER_HBAR_TOOL];
+    constructor(d) {
+        super();
+        this.d = d;
+    }
+    async shouldBlockPostParamsNormalization(params, method) {
+        const intent = extractPayment(method, params.normalisedParams);
+        if (!intent)
+            return false;
+        const { cfg, store } = this.d;
+        if (intent.amount < cfg.autoUnder)
+            return false; // tier 1: auto-approve
+        const requestId = crypto
+            .createHash('sha256')
+            .update(`${cfg.agentAccountId}:${intent.recipients[0]}:${intent.amount}`)
+            .digest('hex')
+            .slice(0, 16);
+        const status = await store.getApproval(requestId);
+        if (status === 'approved') {
+            await store.consumeApproval(requestId); // single-use
+            return false;
+        }
+        if (status !== 'pending') {
+            const highValue = intent.amount >= cfg.approveUnder;
+            await store.setApproval(requestId, 'pending', {
+                amount: intent.amount,
+                counterparty: intent.recipients[0],
+                method,
+            });
+            await writeRecord(params.client, cfg, {
+                type: 'approval_request',
+                policy: this.name,
+                method,
+                amount: intent.amount,
+                counterparty: intent.recipients[0],
+                allowed: false,
+                reason: highValue ? 'approval_required_high_value' : 'approval_required',
+                requestId,
+            });
+        }
+        return true;
+    }
+}

package/dist/policies/counterparty-allowlist.d.ts

@@ -0,0 +1,11 @@
+import { AbstractPolicy, type PostParamsNormalizationParams } from '@hashgraph/hedera-agent-kit';
+import type { CurbDeps } from '../deps';
+/** Blocks payments to any account not on the allowlist. */
+export declare class CounterpartyAllowlistPolicy extends AbstractPolicy {
+    private d;
+    name: string;
+    description: string;
+    relevantTools: string[];
+    constructor(d: CurbDeps);
+    protected shouldBlockPostParamsNormalization(params: PostParamsNormalizationParams, method: string): Promise<boolean>;
+}

package/dist/policies/counterparty-allowlist.js

@@ -0,0 +1,37 @@
+import { AbstractPolicy } from '@hashgraph/hedera-agent-kit';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+import { extractPayment } from '../extract';
+import { writeRecord } from '../audit';
+/** Blocks payments to any account not on the allowlist. */
+export class CounterpartyAllowlistPolicy extends AbstractPolicy {
+    d;
+    name = 'curb.allowlist';
+    description = 'Blocks payments to accounts not on the allowlist';
+    relevantTools = [coreAccountPluginToolNames.TRANSFER_HBAR_TOOL];
+    constructor(d) {
+        super();
+        this.d = d;
+    }
+    async shouldBlockPostParamsNormalization(params, method) {
+        const intent = extractPayment(method, params.normalisedParams);
+        if (!intent)
+            return false;
+        const { cfg, store } = this.d;
+        const bad = [];
+        for (const acc of intent.recipients) {
+            if (!(await store.isAllowed(cfg.agentAccountId, acc)))
+                bad.push(acc);
+        }
+        const block = bad.length > 0;
+        await writeRecord(params.client, cfg, {
+            type: 'decision',
+            policy: this.name,
+            method,
+            amount: intent.amount,
+            counterparty: intent.recipients[0],
+            allowed: !block,
+            reason: block ? `not_allowlisted:${bad.join(',')}` : 'allowlisted',
+        });
+        return block;
+    }
+}

package/dist/policies/spend-limit.d.ts

@@ -0,0 +1,11 @@
+import { AbstractPolicy, type PostParamsNormalizationParams } from '@hashgraph/hedera-agent-kit';
+import type { CurbDeps } from '../deps';
+/** Blocks a payment that would breach the per-task or rolling daily budget (durable store counter). */
+export declare class SpendLimitPolicy extends AbstractPolicy {
+    private d;
+    name: string;
+    description: string;
+    relevantTools: string[];
+    constructor(d: CurbDeps);
+    protected shouldBlockPostParamsNormalization(params: PostParamsNormalizationParams, method: string): Promise<boolean>;
+}

package/dist/policies/spend-limit.js

@@ -0,0 +1,36 @@
+import { AbstractPolicy } from '@hashgraph/hedera-agent-kit';
+import { coreAccountPluginToolNames } from '@hashgraph/hedera-agent-kit/plugins';
+import { extractPayment } from '../extract';
+import { writeRecord } from '../audit';
+/** Blocks a payment that would breach the per-task or rolling daily budget (durable store counter). */
+export class SpendLimitPolicy extends AbstractPolicy {
+    d;
+    name = 'curb.spend-limit';
+    description = 'Blocks a payment that would exceed the per-task or rolling daily budget';
+    relevantTools = [coreAccountPluginToolNames.TRANSFER_HBAR_TOOL];
+    constructor(d) {
+        super();
+        this.d = d;
+    }
+    async shouldBlockPostParamsNormalization(params, method) {
+        const intent = extractPayment(method, params.normalisedParams);
+        if (!intent)
+            return false;
+        const { cfg, store } = this.d;
+        const already = await store.getDailySpend(cfg.agentAccountId);
+        const overTask = intent.amount > cfg.perTask;
+        const overDay = already + intent.amount > cfg.perDay;
+        const block = overTask || overDay;
+        await writeRecord(params.client, cfg, {
+            type: 'decision',
+            policy: this.name,
+            method,
+            amount: intent.amount,
+            currency: intent.currency,
+            counterparty: intent.recipients[0],
+            allowed: !block,
+            reason: block ? (overTask ? 'per_task_exceeded' : 'per_day_exceeded') : 'within_budget',
+        });
+        return block;
+    }
+}

package/dist/records.d.ts

@@ -0,0 +1,17 @@
+export type RecordType = 'decision' | 'executed' | 'approval_request' | 'approved' | 'rejected' | 'config' | 'allowlist';
+/** One immutable line in the Curb audit trail (written to HCS). */
+export interface CurbRecord {
+    v: 1;
+    type: RecordType;
+    agent: string;
+    policy?: string;
+    method?: string;
+    amount?: number;
+    currency?: string;
+    counterparty?: string;
+    allowed?: boolean;
+    reason?: string;
+    requestId?: string;
+    txId?: string;
+    ts: number;
+}

package/dist/records.js

@@ -0,0 +1 @@
+export {};

package/dist/store.d.ts

@@ -0,0 +1,34 @@
+export type ApprovalStatus = 'pending' | 'approved' | 'rejected';
+export interface ApprovalMeta {
+    amount?: number;
+    counterparty?: string;
+    method?: string;
+}
+/**
+ * The operational state Curb needs at runtime. Bring your own implementation
+ * (Redis, Postgres, …) or use {@link InMemoryCurbStore} for tests / single-process apps.
+ * Everything here is durable and complete — never derived from a windowed read.
+ */
+export interface CurbStore {
+    isAllowed(agent: string, account: string): Promise<boolean>;
+    getDailySpend(agent: string): Promise<number>;
+    incrDailySpend(agent: string, amount: number): Promise<void>;
+    getApproval(requestId: string): Promise<ApprovalStatus | null>;
+    setApproval(requestId: string, status: ApprovalStatus, meta?: ApprovalMeta): Promise<void>;
+    consumeApproval(requestId: string): Promise<void>;
+}
+/** Zero-dependency in-memory store — great for tests and single-instance deployments. */
+export declare class InMemoryCurbStore implements CurbStore {
+    private allow;
+    private spend;
+    private approvals;
+    private day;
+    /** Seed an allowed counterparty. */
+    allowAccount(agent: string, account: string): void;
+    isAllowed(agent: string, account: string): Promise<boolean>;
+    getDailySpend(agent: string): Promise<number>;
+    incrDailySpend(agent: string, amount: number): Promise<void>;
+    getApproval(requestId: string): Promise<ApprovalStatus | null>;
+    setApproval(requestId: string, status: ApprovalStatus): Promise<void>;
+    consumeApproval(requestId: string): Promise<void>;
+}

package/dist/store.js

@@ -0,0 +1,30 @@
+/** Zero-dependency in-memory store — great for tests and single-instance deployments. */
+export class InMemoryCurbStore {
+    allow = new Set();
+    spend = new Map();
+    approvals = new Map();
+    day = () => new Date().toISOString().slice(0, 10);
+    /** Seed an allowed counterparty. */
+    allowAccount(agent, account) {
+        this.allow.add(`${agent}:${account}`);
+    }
+    async isAllowed(agent, account) {
+        return this.allow.has(`${agent}:${account}`);
+    }
+    async getDailySpend(agent) {
+        return this.spend.get(`${agent}:${this.day()}`) ?? 0;
+    }
+    async incrDailySpend(agent, amount) {
+        const k = `${agent}:${this.day()}`;
+        this.spend.set(k, (this.spend.get(k) ?? 0) + amount);
+    }
+    async getApproval(requestId) {
+        return this.approvals.get(requestId) ?? null;
+    }
+    async setApproval(requestId, status) {
+        this.approvals.set(requestId, status);
+    }
+    async consumeApproval(requestId) {
+        this.approvals.delete(requestId);
+    }
+}

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "hedera-curb",
+  "version": "0.1.0",
+  "description": "Verifiable spend-control policies for Hedera AI agents — drop-in Hedera Agent Kit hooks for budgets, allowlists, human approval, and an immutable HCS audit trail.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": ["dist", "README.md"],
+  "sideEffects": false,
+  "keywords": ["hedera", "ai-agent", "agent-kit", "x402", "policy", "guardrails", "hcs"],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "peerDependencies": {
+    "@hashgraph/hedera-agent-kit": ">=4",
+    "@hiero-ledger/sdk": ">=2"
+  },
+  "devDependencies": {
+    "@hashgraph/hedera-agent-kit": "4.0.0",
+    "@hiero-ledger/sdk": "^2.85.0",
+    "@types/node": "^22",
+    "typescript": "^5.6.0",
+    "vitest": "^4.1.9"
+  }
+}