hiloop-sdk 0.1.0

package/dist/crypto.d.ts

@@ -0,0 +1,113 @@
+/** E2E encryption for the Hiloop SDK using tweetnacl (X25519 + XSalsa20-Poly1305). */
+export interface KeyPair {
+    publicKey: string;
+    secretKey: string;
+}
+/** Generate an X25519 keypair. */
+export declare function generateKeyPair(): KeyPair;
+/** Encrypt plaintext for a recipient using NaCl box. Returns base64 ciphertext. */
+export declare function encrypt(plaintext: string, senderSecretKeyB64: string, recipientPublicKeyB64: string): string;
+/** Decrypt base64 ciphertext. Returns plaintext. */
+export declare function decrypt(ciphertextB64: string, recipientSecretKeyB64: string, senderPublicKeyB64: string): string;
+export interface ContentWrapping {
+    scope: string;
+    recipientKeyId: string;
+    encryptedSymmetricKey: string;
+    nonce: string;
+}
+export interface WrappedContent {
+    ciphertext: string;
+    wrappings: ContentWrapping[];
+}
+/** Content wrapping result for ECDH + HKDF + AES-GCM scheme (session titles). */
+export interface ContentWrappingResult {
+    ciphertext: string;
+    wrappings: Array<{
+        scope: string;
+        recipientKeyId: string;
+        wrappedContentKey: string;
+    }>;
+}
+/**
+ * Derive a symmetric wrapping key from an X25519 shared secret using HKDF-SHA256.
+ * Compatible with the frontend's deriveWrappingKey function.
+ */
+export declare function deriveWrappingKey(sharedSecretB64: string, context: string): Promise<string>;
+/** Encrypt content with AES-256-GCM and wrap the content key for a recipient via NaCl box. */
+export declare function encryptContent(plaintext: string, recipientPublicKeyB64: string, recipientKeyId: string, senderSecretKeyB64: string, scope?: string): WrappedContent;
+/** Decrypt wrapped content using the sender's public key and recipient's secret key. */
+export declare function decryptContent(wrapped: WrappedContent, recipientKeyId: string, recipientSecretKeyB64: string, senderPublicKeyB64: string): string;
+/** Manages encryption/decryption context for SDK operations. */
+export declare class CryptoContext {
+    private secretKeyB64;
+    private publicKeyB64;
+    private recipientPublicKeyB64;
+    private recipientKeyId;
+    private serverKeyId?;
+    constructor(secretKeyB64: string, publicKeyB64: string, recipientPublicKeyB64: string, recipientKeyId: string, serverKeyId?: string | undefined);
+    /** Compute X25519 ECDH shared secret with the recipient (space) public key. */
+    getSharedSecret(): string;
+    /** Get the agent's public key (base64). */
+    getPublicKey(): string;
+    /** Get the space key ID. */
+    getSpaceKeyId(): string;
+    encryptField(plaintext: string): WrappedContent;
+    decryptField(wrapped: WrappedContent, senderPublicKeyB64: string): string;
+    /** Encrypt a plaintext field, returning the ciphertext and wrappings separately. */
+    encryptForApi(plaintext: string): {
+        ciphertext: string;
+        wrappings: ContentWrapping[];
+    };
+    /**
+     * Decrypt content encrypted with encryptWithWrapping (ECDH + HKDF + AES-GCM).
+     * Finds the wrapping matching this context's space key, unwraps the content key,
+     * then decrypts the ciphertext. Returns null on any failure.
+     */
+    decryptWrappedContent(ciphertext: string, wrappings: Array<{
+        recipientKeyId?: string;
+        wrappedContentKey?: string;
+    }>): Promise<string | null>;
+    /**
+     * Derive the session message key for encrypting/decrypting conv session messages.
+     * Session messages use the format `{agentPubBase64}:{AES-GCM ciphertext}`.
+     */
+    getSessionMessageKey(): Promise<string>;
+    /**
+     * Encrypt a conv session message: `{agentPubBase64}:{AES-256-GCM ciphertext}`.
+     */
+    encryptSessionMessage(content: string): Promise<string>;
+    /**
+     * Decrypt a conv session message. Handles both `{pubKey}:{ciphertext}` format
+     * and raw AES-GCM ciphertext. Returns null on failure.
+     */
+    decryptSessionMessage(encryptedContent: string): Promise<string | null>;
+    /**
+     * Encrypt content using the content wrapping scheme (ECDH + HKDF + AES-GCM).
+     * Compatible with the frontend's decryptContent function.
+     *
+     * This generates a random content key, encrypts the plaintext with AES-256-GCM,
+     * then wraps (encrypts) the content key using a wrapping key derived from
+     * ECDH(agentSecretKey, spacePublicKey) + HKDF.
+     *
+     * @param plaintext - Text to encrypt
+     * @param spaceKeyId - ID of the space public key (used as recipientKeyId in wrapping)
+     */
+    encryptWithWrapping(plaintext: string, spaceKeyId?: string): Promise<ContentWrappingResult>;
+}
+/**
+ * Encrypt plaintext using AES-256-GCM.
+ * Returns base64(12-byte nonce || ciphertext || 16-byte auth tag).
+ * Compatible with the Hiloop frontend's session message encryption.
+ *
+ * @param plaintext - The text to encrypt
+ * @param keyBase64 - Base64-encoded 32-byte AES-256 key
+ */
+export declare function encryptAes(plaintext: string, keyBase64: string): Promise<string>;
+/**
+ * Decrypt AES-256-GCM ciphertext.
+ * Expects base64(12-byte nonce || ciphertext || 16-byte auth tag).
+ *
+ * @param ciphertextBase64 - Base64-encoded ciphertext
+ * @param keyBase64 - Base64-encoded 32-byte AES-256 key
+ */
+export declare function decryptAes(ciphertextBase64: string, keyBase64: string): Promise<string>;

package/dist/crypto.js

@@ -0,0 +1,278 @@
+/** E2E encryption for the Hiloop SDK using tweetnacl (X25519 + XSalsa20-Poly1305). */
+import nacl from "tweetnacl";
+import util from "tweetnacl-util";
+/** Generate an X25519 keypair. */
+export function generateKeyPair() {
+    const kp = nacl.box.keyPair();
+    return {
+        publicKey: util.encodeBase64(kp.publicKey),
+        secretKey: util.encodeBase64(kp.secretKey),
+    };
+}
+/** Encrypt plaintext for a recipient using NaCl box. Returns base64 ciphertext. */
+export function encrypt(plaintext, senderSecretKeyB64, recipientPublicKeyB64) {
+    const sk = util.decodeBase64(senderSecretKeyB64);
+    const pk = util.decodeBase64(recipientPublicKeyB64);
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const msg = util.decodeUTF8(plaintext);
+    const ct = nacl.box(msg, nonce, pk, sk);
+    if (ct === null)
+        throw new Error("Encryption failed");
+    // Combine nonce + ciphertext
+    const combined = new Uint8Array(nonce.length + ct.length);
+    combined.set(nonce);
+    combined.set(ct, nonce.length);
+    return util.encodeBase64(combined);
+}
+/** Decrypt base64 ciphertext. Returns plaintext. */
+export function decrypt(ciphertextB64, recipientSecretKeyB64, senderPublicKeyB64) {
+    const sk = util.decodeBase64(recipientSecretKeyB64);
+    const pk = util.decodeBase64(senderPublicKeyB64);
+    const combined = util.decodeBase64(ciphertextB64);
+    const nonce = combined.slice(0, nacl.box.nonceLength);
+    const ct = combined.slice(nacl.box.nonceLength);
+    const pt = nacl.box.open(ct, nonce, pk, sk);
+    if (pt === null)
+        throw new Error("Decryption failed");
+    return util.encodeUTF8(pt);
+}
+/**
+ * Derive a symmetric wrapping key from an X25519 shared secret using HKDF-SHA256.
+ * Compatible with the frontend's deriveWrappingKey function.
+ */
+export async function deriveWrappingKey(sharedSecretB64, context) {
+    const sharedSecret = util.decodeBase64(sharedSecretB64);
+    const keyMaterial = await crypto.subtle.importKey("raw", sharedSecret.buffer.slice(sharedSecret.byteOffset, sharedSecret.byteOffset + sharedSecret.byteLength), "HKDF", false, ["deriveBits"]);
+    const derivedBits = await crypto.subtle.deriveBits({
+        name: "HKDF",
+        hash: "SHA-256",
+        salt: new Uint8Array(32),
+        info: new TextEncoder().encode(context),
+    }, keyMaterial, 256);
+    return util.encodeBase64(new Uint8Array(derivedBits));
+}
+/** Encrypt content with AES-256-GCM and wrap the content key for a recipient via NaCl box. */
+export function encryptContent(plaintext, recipientPublicKeyB64, recipientKeyId, senderSecretKeyB64, scope = "space") {
+    // Generate random 32-byte content key
+    const contentKey = nacl.randomBytes(32);
+    // Encrypt content with the content key using XSalsa20-Poly1305 (NaCl secretbox)
+    const contentNonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+    const contentBytes = util.decodeUTF8(plaintext);
+    const encrypted = nacl.secretbox(contentBytes, contentNonce, contentKey);
+    // Combine nonce + ciphertext for the content
+    const combined = new Uint8Array(contentNonce.length + encrypted.length);
+    combined.set(contentNonce);
+    combined.set(encrypted, contentNonce.length);
+    const ciphertext = util.encodeBase64(combined);
+    // Wrap content key for the recipient using NaCl box
+    const wrapNonce = nacl.randomBytes(nacl.box.nonceLength);
+    const sk = util.decodeBase64(senderSecretKeyB64);
+    const pk = util.decodeBase64(recipientPublicKeyB64);
+    const wrappedKey = nacl.box(contentKey, wrapNonce, pk, sk);
+    if (wrappedKey === null)
+        throw new Error("Failed to wrap content key");
+    return {
+        ciphertext,
+        wrappings: [{
+                scope,
+                recipientKeyId,
+                encryptedSymmetricKey: util.encodeBase64(wrappedKey),
+                nonce: util.encodeBase64(wrapNonce),
+            }],
+    };
+}
+/** Decrypt wrapped content using the sender's public key and recipient's secret key. */
+export function decryptContent(wrapped, recipientKeyId, recipientSecretKeyB64, senderPublicKeyB64) {
+    const wrapping = wrapped.wrappings.find((w) => w.recipientKeyId === recipientKeyId);
+    if (wrapping === undefined) {
+        throw new Error("No matching wrapping found for the provided key ID");
+    }
+    // Unwrap content key
+    const sk = util.decodeBase64(recipientSecretKeyB64);
+    const pk = util.decodeBase64(senderPublicKeyB64);
+    const wrapNonce = util.decodeBase64(wrapping.nonce);
+    const wrappedKey = util.decodeBase64(wrapping.encryptedSymmetricKey);
+    const contentKey = nacl.box.open(wrappedKey, wrapNonce, pk, sk);
+    if (contentKey === null)
+        throw new Error("Failed to unwrap content key");
+    // Decrypt content
+    const combined = util.decodeBase64(wrapped.ciphertext);
+    const contentNonce = combined.slice(0, nacl.secretbox.nonceLength);
+    const ct = combined.slice(nacl.secretbox.nonceLength);
+    const plaintext = nacl.secretbox.open(ct, contentNonce, contentKey);
+    if (plaintext === null)
+        throw new Error("Decryption failed");
+    return util.encodeUTF8(plaintext);
+}
+/** Manages encryption/decryption context for SDK operations. */
+export class CryptoContext {
+    constructor(secretKeyB64, publicKeyB64, recipientPublicKeyB64, recipientKeyId, serverKeyId) {
+        this.secretKeyB64 = secretKeyB64;
+        this.publicKeyB64 = publicKeyB64;
+        this.recipientPublicKeyB64 = recipientPublicKeyB64;
+        this.recipientKeyId = recipientKeyId;
+        this.serverKeyId = serverKeyId;
+    }
+    /** Compute X25519 ECDH shared secret with the recipient (space) public key. */
+    getSharedSecret() {
+        const sk = util.decodeBase64(this.secretKeyB64);
+        const pk = util.decodeBase64(this.recipientPublicKeyB64);
+        return util.encodeBase64(nacl.scalarMult(sk, pk));
+    }
+    /** Get the agent's public key (base64). */
+    getPublicKey() {
+        return this.publicKeyB64;
+    }
+    /** Get the space key ID. */
+    getSpaceKeyId() {
+        return this.recipientKeyId;
+    }
+    encryptField(plaintext) {
+        return encryptContent(plaintext, this.recipientPublicKeyB64, this.recipientKeyId, this.secretKeyB64);
+    }
+    decryptField(wrapped, senderPublicKeyB64) {
+        return decryptContent(wrapped, this.recipientKeyId, this.secretKeyB64, senderPublicKeyB64);
+    }
+    /** Encrypt a plaintext field, returning the ciphertext and wrappings separately. */
+    encryptForApi(plaintext) {
+        const wrapped = this.encryptField(plaintext);
+        return { ciphertext: wrapped.ciphertext, wrappings: wrapped.wrappings };
+    }
+    /**
+     * Decrypt content encrypted with encryptWithWrapping (ECDH + HKDF + AES-GCM).
+     * Finds the wrapping matching this context's space key, unwraps the content key,
+     * then decrypts the ciphertext. Returns null on any failure.
+     */
+    async decryptWrappedContent(ciphertext, wrappings) {
+        if (!wrappings?.length)
+            return null;
+        try {
+            const wrapping = wrappings.find((w) => w.recipientKeyId === this.recipientKeyId);
+            if (!wrapping?.wrappedContentKey)
+                return null;
+            const sharedSecret = this.getSharedSecret();
+            const wrappingKey = await deriveWrappingKey(sharedSecret, "space");
+            const contentKey = await decryptAes(wrapping.wrappedContentKey, wrappingKey);
+            return await decryptAes(ciphertext, contentKey);
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Derive the session message key for encrypting/decrypting conv session messages.
+     * Session messages use the format `{agentPubBase64}:{AES-GCM ciphertext}`.
+     */
+    async getSessionMessageKey() {
+        const sharedSecret = this.getSharedSecret();
+        return deriveWrappingKey(sharedSecret, "session-message");
+    }
+    /**
+     * Encrypt a conv session message: `{agentPubBase64}:{AES-256-GCM ciphertext}`.
+     */
+    async encryptSessionMessage(content) {
+        const key = await this.getSessionMessageKey();
+        const ciphertext = await encryptAes(content, key);
+        return `${this.publicKeyB64}:${ciphertext}`;
+    }
+    /**
+     * Decrypt a conv session message. Handles both `{pubKey}:{ciphertext}` format
+     * and raw AES-GCM ciphertext. Returns null on failure.
+     */
+    async decryptSessionMessage(encryptedContent) {
+        const key = await this.getSessionMessageKey();
+        const colonIdx = encryptedContent.indexOf(":");
+        if (colonIdx <= 0) {
+            try {
+                return await decryptAes(encryptedContent, key);
+            }
+            catch {
+                return null;
+            }
+        }
+        const prefix = encryptedContent.slice(0, colonIdx);
+        const ciphertext = encryptedContent.slice(colonIdx + 1);
+        // Base64 public keys are 44 chars and don't contain hyphens
+        if (prefix.length === 44 && !prefix.includes("-")) {
+            try {
+                return await decryptAes(ciphertext, key);
+            }
+            catch {
+                return null;
+            }
+        }
+        return null;
+    }
+    /**
+     * Encrypt content using the content wrapping scheme (ECDH + HKDF + AES-GCM).
+     * Compatible with the frontend's decryptContent function.
+     *
+     * This generates a random content key, encrypts the plaintext with AES-256-GCM,
+     * then wraps (encrypts) the content key using a wrapping key derived from
+     * ECDH(agentSecretKey, spacePublicKey) + HKDF.
+     *
+     * @param plaintext - Text to encrypt
+     * @param spaceKeyId - ID of the space public key (used as recipientKeyId in wrapping)
+     */
+    async encryptWithWrapping(plaintext, spaceKeyId) {
+        if (this.recipientPublicKeyB64 === undefined) {
+            return { ciphertext: plaintext, wrappings: [] };
+        }
+        const keyId = spaceKeyId ?? this.recipientKeyId;
+        // 1. Compute raw X25519 shared secret
+        const sk = util.decodeBase64(this.secretKeyB64);
+        const pk = util.decodeBase64(this.recipientPublicKeyB64);
+        const rawSharedSecret = nacl.scalarMult(sk, pk);
+        const sharedSecretB64 = util.encodeBase64(rawSharedSecret);
+        // 2. Derive wrapping key via HKDF-SHA256 (same as frontend)
+        const wrappingKey = await deriveWrappingKey(sharedSecretB64, "space");
+        // 3. Generate random content key
+        const contentKeyBytes = crypto.getRandomValues(new Uint8Array(32));
+        const contentKeyB64 = util.encodeBase64(contentKeyBytes);
+        // 4. Encrypt plaintext with AES-256-GCM using content key
+        const ciphertext = await encryptAes(plaintext, contentKeyB64);
+        // 5. Wrap (encrypt) content key with AES-256-GCM using wrapping key
+        const wrappedContentKey = await encryptAes(contentKeyB64, wrappingKey);
+        return {
+            ciphertext,
+            wrappings: [{ scope: "space", recipientKeyId: keyId, wrappedContentKey }],
+        };
+    }
+}
+// -- AES-256-GCM utilities (for conv session messages) ----------------------
+/**
+ * Encrypt plaintext using AES-256-GCM.
+ * Returns base64(12-byte nonce || ciphertext || 16-byte auth tag).
+ * Compatible with the Hiloop frontend's session message encryption.
+ *
+ * @param plaintext - The text to encrypt
+ * @param keyBase64 - Base64-encoded 32-byte AES-256 key
+ */
+export async function encryptAes(plaintext, keyBase64) {
+    const keyBytes = util.decodeBase64(keyBase64);
+    const key = await crypto.subtle.importKey("raw", keyBytes.buffer.slice(keyBytes.byteOffset, keyBytes.byteOffset + keyBytes.byteLength), "AES-GCM", false, ["encrypt"]);
+    const nonce = crypto.getRandomValues(new Uint8Array(12));
+    const encoded = new TextEncoder().encode(plaintext);
+    const ct = await crypto.subtle.encrypt({ name: "AES-GCM", iv: nonce, tagLength: 128 }, key, encoded);
+    const buf = new Uint8Array(12 + ct.byteLength);
+    buf.set(nonce);
+    buf.set(new Uint8Array(ct), 12);
+    return util.encodeBase64(buf);
+}
+/**
+ * Decrypt AES-256-GCM ciphertext.
+ * Expects base64(12-byte nonce || ciphertext || 16-byte auth tag).
+ *
+ * @param ciphertextBase64 - Base64-encoded ciphertext
+ * @param keyBase64 - Base64-encoded 32-byte AES-256 key
+ */
+export async function decryptAes(ciphertextBase64, keyBase64) {
+    const keyBytes = util.decodeBase64(keyBase64);
+    const key = await crypto.subtle.importKey("raw", keyBytes.buffer.slice(keyBytes.byteOffset, keyBytes.byteOffset + keyBytes.byteLength), "AES-GCM", false, ["decrypt"]);
+    const buf = util.decodeBase64(ciphertextBase64);
+    const nonce = buf.slice(0, 12);
+    const ct = buf.slice(12);
+    const ctBuf = ct.buffer.slice(ct.byteOffset, ct.byteOffset + ct.byteLength);
+    const pt = await crypto.subtle.decrypt({ name: "AES-GCM", iv: nonce, tagLength: 128 }, key, ctBuf);
+    return new TextDecoder().decode(pt);
+}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { HiloopClient, HiloopError } from "./client.js";
+export type { HiloopClientOptions } from "./client.js";
+export { generateKeyPair, encrypt, decrypt, encryptAes, decryptAes, deriveWrappingKey, CryptoContext } from "./crypto.js";
+export type { KeyPair, ContentWrappingResult } from "./crypto.js";
+export type { Interaction, InteractionType, InteractionStatus, Priority, Message, PaginatedResult, CreateInteractionOptions, ConvSession, ConvSessionType, ConvSessionStatus, ConvSessionRole, ConvSessionParticipant, ConvSessionMessage, GuestToken, CreateConvSessionOptions, Channel, ChannelStatus, ChannelMessage, ChannelParticipant, CreateChannelOptions, FileChangeStatus, CommandInvocationStatus, AgentCommand, CommandInvocation, } from "./types.js";
+export { parseInteraction, parseMessage, parseConvSession, parseConvSessionMessage, parseGuestToken, parseChannel, parseChannelMessage, parseChannelParticipant, } from "./types.js";

package/dist/index.js

@@ -0,0 +1,3 @@
+export { HiloopClient, HiloopError } from "./client.js";
+export { generateKeyPair, encrypt, decrypt, encryptAes, decryptAes, deriveWrappingKey, CryptoContext } from "./crypto.js";
+export { parseInteraction, parseMessage, parseConvSession, parseConvSessionMessage, parseGuestToken, parseChannel, parseChannelMessage, parseChannelParticipant, } from "./types.js";

package/dist/types.d.ts

@@ -0,0 +1,204 @@
+/** Core types for the Hiloop SDK. */
+export type InteractionType = "approval" | "review" | "payment" | "form" | "notification" | "report" | "question" | "activity";
+export type InteractionStatus = "created" | "pending" | "viewed" | "responded" | "completed" | "expired" | "escalated" | "cancelled";
+export type Priority = "critical" | "high" | "normal" | "low";
+export interface Interaction {
+    id: string;
+    type: InteractionType;
+    status: InteractionStatus;
+    priority: Priority;
+    title: string;
+    description?: string;
+    options?: string;
+    context?: string;
+    formSchema?: string;
+    response?: string;
+    comment?: string;
+    routeToUser?: string;
+    routeToTeam?: string;
+    deadlineAt?: string;
+    createdAt: string;
+    updatedAt: string;
+    assignedAt?: string;
+    viewedAt?: string;
+    respondedAt?: string;
+    completedAt?: string;
+    raw: Record<string, unknown>;
+}
+export interface Message {
+    id: string;
+    senderType: string;
+    content: string;
+    createdAt: string;
+    raw: Record<string, unknown>;
+}
+export interface PaginatedResult<T> {
+    items: T[];
+    total: number;
+    page: number;
+    pageSize: number;
+}
+export interface CreateInteractionOptions {
+    type: string;
+    title: string;
+    description?: string;
+    options?: string;
+    context?: string;
+    formSchema?: string;
+    priority?: string;
+    presentation?: string;
+    routeToUser?: string;
+    routeToTeam?: string;
+    deadlineMinutes?: number;
+    callbackUrl?: string;
+    convSessionId?: string;
+}
+export type ConvSessionType = "direct" | "group" | "public";
+export type ConvSessionStatus = "open" | "closed" | "archived";
+export type ConvSessionRole = "owner" | "admin" | "member" | "viewer" | "guest";
+export interface ConvSession {
+    id: string;
+    sessionType: ConvSessionType;
+    status: ConvSessionStatus;
+    isPublic: boolean;
+    /** Encrypted title (base64). Use decryptAes to decrypt. */
+    encryptedTitle: string | null;
+    agentId: string | null;
+    createdByUserId: string;
+    participantCount?: number;
+    createdAt: string;
+    updatedAt: string;
+    raw: Record<string, unknown>;
+}
+export interface ConvSessionParticipant {
+    id: string;
+    sessionId: string;
+    userId: string;
+    role: ConvSessionRole;
+    addedAt: string;
+    raw: Record<string, unknown>;
+}
+export interface ConvSessionMessage {
+    id: string;
+    sessionId: string;
+    senderType: "agent" | "user" | "guest";
+    senderAgentId: string | null;
+    senderUserId: string | null;
+    /** Encrypted content (base64). */
+    encryptedContent: string;
+    /** Decrypted content (populated when decryption succeeds). */
+    content?: string;
+    editedAt: string | null;
+    deletedAt: string | null;
+    createdAt: string;
+    raw: Record<string, unknown>;
+}
+export interface GuestToken {
+    id: string;
+    sessionId: string;
+    token: string;
+    displayName: string | null;
+    expiresAt: string | null;
+    createdAt: string;
+}
+export interface CreateConvSessionOptions {
+    sessionType?: ConvSessionType;
+    isPublic?: boolean;
+    publicMode?: "private" | "shared";
+    /** Plaintext title -- auto-encrypted via content wrapping when crypto is configured. */
+    title?: string;
+    /** Space key ID for content wrapping. Auto-fetched via getEncryptionInfo() if not provided. */
+    spaceKeyId?: string;
+    /** @deprecated Pre-encrypted title (base64). Use `title` instead for automatic content wrapping. */
+    encryptedTitle?: string;
+    /** @deprecated Content wrappings for pre-encrypted title. Use `title` instead. */
+    titleContentWrappings?: Array<{
+        scope: string;
+        recipientKeyId: string;
+        wrappedContentKey: string;
+    }>;
+    maxGuests?: number;
+    participantIds?: string[];
+}
+export declare function parseConvSession(data: Record<string, unknown>): ConvSession;
+export declare function parseConvSessionMessage(data: Record<string, unknown>): ConvSessionMessage;
+export declare function parseGuestToken(data: Record<string, unknown>): GuestToken;
+export type ChannelStatus = "open" | "closed";
+export interface Channel {
+    id: string;
+    spaceId: string;
+    externalId: string | null;
+    encryptedName: string | null;
+    encryptedDescription: string | null;
+    status: ChannelStatus;
+    createdByAgentId: string;
+    lastMessageAt: string | null;
+    closedAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+    raw: Record<string, unknown>;
+}
+export interface ChannelMessage {
+    id: string;
+    channelId: string;
+    senderAgentId: string;
+    encryptedContent: string;
+    /** Decrypted content (populated when decryption succeeds). */
+    content?: string;
+    createdAt: string;
+    raw: Record<string, unknown>;
+}
+export interface ChannelParticipant {
+    id: string;
+    channelId: string;
+    agentId: string;
+    joinedAt: string;
+    leftAt: string | null;
+    raw: Record<string, unknown>;
+}
+export interface CreateChannelOptions {
+    name?: string;
+    description?: string;
+    externalId?: string;
+    participantAgentIds?: string[];
+}
+export declare function parseChannel(data: Record<string, unknown>): Channel;
+export declare function parseChannelMessage(data: Record<string, unknown>): ChannelMessage;
+export declare function parseChannelParticipant(data: Record<string, unknown>): ChannelParticipant;
+type DecryptFn = (text: string) => string;
+export declare function parseInteraction(data: Record<string, unknown>, decrypt?: DecryptFn): Interaction;
+export declare function parseMessage(data: Record<string, unknown>, decrypt?: DecryptFn): Message;
+export type FileChangeStatus = "modified" | "added" | "deleted" | "renamed";
+export type CommandInvocationStatus = "pending" | "running" | "completed" | "failed" | "cancelled";
+export interface AgentCommand {
+    id: string;
+    name: string;
+    encryptedDescription: string | null;
+    encryptedArgumentHint: string | null;
+    encryptedParameters: string | null;
+    annotations: {
+        destructive?: boolean;
+        longRunning?: boolean;
+    } | null;
+    agentId: string;
+    agentName?: string;
+    agentAvatarUrl?: string | null;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface CommandInvocation {
+    id: string;
+    commandName: string;
+    agentId: string;
+    spaceId: string;
+    convSessionId: string;
+    invokedBy: string;
+    status: CommandInvocationStatus;
+    encryptedArguments: string | null;
+    encryptedResult: string | null;
+    createdAt: string;
+    ackedAt: string | null;
+    completedAt: string | null;
+    updatedAt: string;
+}
+export {};