kontext-sdk 0.10.0 → 0.11.1

package/README.md

@@ -1,180 +1,45 @@
 # kontext-sdk
 
-Compliance audit trail CLI and SDK for AI agents making stablecoin payments on Base.
+The trust layer for agentic stablecoin and fiat payments.
 
-**USDC** · **USDT** · **DAI** · **EURC** · **USDP** · **USDG** · **x402** · **Circle Programmable Wallets**
-
----
-
-## 30-Second Demo
-
-```bash
-npx kontext-sdk check 0xAgentWallet 0xMerchant --amount 5000 --token USDC
-```
-
-```
-OFAC Sanctions:  CLEAR
-Travel Rule:     TRIGGERED ($5,000 >= $3,000 EDD threshold)
-CTR Threshold:   CLEAR ($5,000 < $10,000)
-Large TX Alert:  CLEAR ($5,000 < $50,000)
-Risk Level:      medium
-```
-
-No install. No config. No API key. One command.
+Cryptographic verifiable intent for org-wide payments using one line of code and a CLI.
 
 ## Install
 
 ```bash
-npm install -g kontext-sdk
-```
-
-Then run `kontext` from anywhere. Or use `npx kontext-sdk` for one-off checks.
-
-## Claude Code / Cursor / Windsurf
-
-```json
-{
-  "mcpServers": {
-    "kontext": {
-      "command": "npx",
-      "args": ["-y", "kontext-sdk", "mcp"]
-    }
-  }
-}
-```
-
-Then ask: *"verify this USDC transaction for compliance"*
-
-## CLI Commands
-
-### `kontext check <from> <to>` — stateless compliance check
-
-```bash
-npx kontext-sdk check 0xSender 0xReceiver --amount 5000 --token USDC
-```
-
-Instant OFAC screening + threshold checks. No state, no persistence.
-
-### `kontext verify` — log + check + digest proof
-
-```bash
-npx kontext-sdk verify --tx 0xabc123 --amount 5000 --token USDC \
-  --from 0xAgent --to 0xMerchant --agent my-bot
-```
-
-Runs compliance checks, logs the transaction, appends to the tamper-evident digest chain. Persists to `.kontext/` in the current directory.
-
-### `kontext reason` — log agent reasoning
-
-```bash
-npx kontext-sdk reason "API returned data I need. Price within budget." \
-  --agent my-bot --session sess_abc --step 1
+npm install kontext-sdk
 ```
 
-### `kontext cert` — export compliance certificate
+## Auto-instrumentation (recommended)
 
 ```bash
-npx kontext-sdk cert --agent my-bot --output cert.json
-```
-
-### `kontext audit` — verify digest chain integrity
-
-```bash
-npx kontext-sdk audit --verify
-```
-
-### `kontext mcp` — MCP server mode
-
-```bash
-npx kontext-sdk mcp
+npx kontext init
+# Creates kontext.config.json with your wallets, tokens, chains, and compliance mode
 ```
 
-Starts an MCP server on stdio for Claude Code, Cursor, and Windsurf.
-
-### Flags
-
-- `--json` on any command outputs structured JSON
-- `--amount <number>` transaction amount in token units
-- `--token <symbol>` one of USDC, USDT, DAI, EURC, USDP, USDG
-
-## SDK — Programmatic Usage
-
-For tighter integration, use the SDK directly:
-
 ```typescript
-import { Kontext, FileStorage } from 'kontext-sdk';
-
-const ctx = Kontext.init({
-  projectId: 'my-agent',
-  environment: 'production',
-  storage: new FileStorage('.kontext'),
-});
-
-// One-call: compliance check + transaction log + digest proof
-const result = await ctx.verify({
-  txHash: '0xabc...',
-  chain: 'base',
-  amount: '5000',
-  token: 'USDC',
-  from: '0xAgent...',
-  to: '0xMerchant...',
-  agentId: 'payment-agent',
-});
-
-// result.compliant = true/false
-// result.checks = [{ name: 'OFAC Sanctions', passed: true }, ...]
-// result.riskLevel = 'low' | 'medium' | 'high' | 'critical'
-// result.digestProof = 'sha256:a1b2c3...'
-```
-
-### Log Reasoning
-
-```typescript
-await ctx.logReasoning({
-  agentId: 'payment-agent',
-  action: 'approve-transfer',
-  reasoning: 'Price within budget. Merchant verified.',
-  confidence: 0.95,
-});
-```
+import { Kontext, withKontextCompliance } from 'kontext-sdk';
 
-### Compliance Certificate
+const kontext = Kontext.init();  // reads kontext.config.json
+const client = withKontextCompliance(walletClient, kontext);
 
-```typescript
-const cert = await ctx.generateComplianceCertificate({
-  agentId: 'payment-agent',
-  includeReasoning: true,
-});
+// Every USDC/USDT/DAI/EURC transfer is now auto-verified
+await client.sendTransaction({ to: usdcAddress, data: transferCalldata });
 ```
 
-### Trust Score
+Two interception layers for full coverage:
+- **Code wrap** -- intercepts `sendTransaction`/`writeContract` on your viem client
+- **Chain listener** -- watches monitored wallets on-chain for all outgoing stablecoin transfers
 
-```typescript
-const score = await ctx.getTrustScore('payment-agent');
-// score.score = 87, score.level = 'high'
-```
+## Explicit verify
 
-### Verify Digest Chain
+For direct control over individual transactions:
 
 ```typescript
-const chain = ctx.verifyDigestChain();
-console.log(chain.valid); // true — no tampering
-```
-
-### Agent Provenance
-
-Three layers of accountability: session delegation, action binding, and human attestation.
+import { Kontext } from 'kontext-sdk';
 
-```typescript
-// Layer 1: Session delegation — record who authorized the agent
-const session = await ctx.createAgentSession({
-  agentId: 'treasury-agent',
-  delegatedBy: 'user:vinay',
-  scope: ['transfer', 'approve'],
-  expiresAt: new Date(Date.now() + 3600_000).toISOString(),
-});
+const ctx = Kontext.init({ projectId: 'my-agent' });
 
-// Layer 2: Action binding — tie every call to the session
 const result = await ctx.verify({
   txHash: '0xabc...',
   chain: 'base',
@@ -182,138 +47,67 @@ const result = await ctx.verify({
   token: 'USDC',
   from: '0xAgent...',
   to: '0xMerchant...',
-  agentId: 'treasury-agent',
-  sessionId: session.sessionId,
-});
-
-// Layer 3: Human attestation — reviewer signs off
-const checkpoint = await ctx.createCheckpoint({
-  sessionId: session.sessionId,
-  actionIds: [result.transaction.id],
-  summary: 'Reviewed $5K transfer to known vendor',
-});
-
-await ctx.attestCheckpoint({
-  checkpointId: checkpoint.checkpointId,
-  attestedBy: 'compliance@company.com',
-  signature: reviewerSignature,
-});
-
-// End session, list sessions, list checkpoints
-await ctx.endAgentSession(session.sessionId);
-const sessions = ctx.getAgentSessions('treasury-agent');
-const checkpoints = ctx.getCheckpoints(session.sessionId);
-```
-
-#### CLI Commands
-
-```bash
-npx kontext-sdk session create --agent treasury-agent --delegated-by user:vinay --scope transfer,approve
-npx kontext-sdk session list --agent treasury-agent
-npx kontext-sdk session end <sessionId>
-npx kontext-sdk checkpoint create --session <sessionId> --actions act_1,act_2 --summary "Reviewed transfers"
-npx kontext-sdk checkpoint attest <checkpointId> --attested-by compliance@company.com
-npx kontext-sdk checkpoint list --session <sessionId>
-```
-
-### Persist Across Restarts
-
-```typescript
-import { FileStorage } from 'kontext-sdk';
-
-const ctx = Kontext.init({
-  projectId: 'my-agent',
-  environment: 'production',
-  storage: new FileStorage('.kontext'),
+  agentId: 'payment-agent',
 });
 
-// Data persists to .kontext/ directory
-// Call ctx.flush() to write, ctx.restore() to reload
+// result.compliant -- true/false
+// result.checks -- OFAC, Travel Rule, CTR thresholds
+// result.riskLevel -- low | medium | high | critical
+// result.digestProof -- tamper-evident SHA-256 chain
 ```
 
-## Auto-Instrumentation (viem)
-
-Run `npx kontext init` to generate a config file, then wrap your viem client — every stablecoin transfer is automatically logged.
-
-```bash
-npx kontext init
-# Wizard asks: project name, agent ID, wallets to monitor, tokens, chains, mode
-# Creates kontext.config.json
-```
-
-```typescript
-import { Kontext, withKontextCompliance } from 'kontext-sdk';
-import { createWalletClient, http } from 'viem';
-import { base } from 'viem/chains';
+## What's verified
 
-const kontext = Kontext.init();  // reads kontext.config.json
-const client = withKontextCompliance(
-  createWalletClient({ chain: base, transport: http() }),
-  kontext,
-);
-
-// Every USDC/USDT/DAI/EURC transfer now auto-logged with compliance proof
-await client.sendTransaction({ to: USDC_ADDRESS, data: transferCalldata });
-```
-
-**Two interception layers:**
-- **Code wrap:** `withKontextCompliance()` intercepts `sendTransaction`/`writeContract` calls. Can block pre-send if non-compliant.
-- **Chain listener:** SDK watches monitored wallet addresses on-chain for ERC-20 Transfer events — catches ALL outgoing stablecoin transfers regardless of origin.
+Every stablecoin transfer gets:
+- OFAC sanctions screening (built-in SDN list, no API key)
+- Travel Rule threshold detection ($3K EDD, $10K CTR, $50K large tx)
+- Tamper-evident audit trail (patented digest chain)
+- Agent trust score (0-100)
+- Compliance certificate with SHA-256 proof
 
-## Pluggable Sanctions Screening
+## Pluggable screening
 
-Multi-provider screening with consensus strategies. Bring your own API keys, or use the built-in OFAC SDN list at zero cost.
+Bring your own providers or use the built-in OFAC list:
 
 ```typescript
-import {
-  ScreeningAggregator,
-  OFACAddressProvider,
-  UKOFSIProvider,
-  OpenSanctionsProvider,
-  ChainalysisOracleProvider,
-} from 'kontext-sdk';
+import { ScreeningAggregator, OFACAddressProvider, OpenSanctionsProvider } from 'kontext-sdk';
 
 const screener = new ScreeningAggregator({
   providers: [
-    new OFACAddressProvider(),                             // built-in, no API key
-    new UKOFSIProvider(),                                  // built-in, no API key
-    new OpenSanctionsProvider({ apiKey: 'os_...' }),       // 331+ sources
-    new ChainalysisOracleProvider({ apiKey: 'ch_...' }),   // on-chain oracle
+    new OFACAddressProvider(),                          // built-in, free
+    new OpenSanctionsProvider({ apiKey: 'os_...' }),    // 331+ sources
   ],
   consensus: 'ANY_MATCH',
 });
-
-const result = await screener.screenAddress('0x...');
-// result.flagged = true/false
-// result.matches = [{ provider, list, matchType, confidence, ... }]
-// result.providerResults = per-provider breakdown
 ```
 
-**Built-in providers (no API key):** OFAC SDN addresses, UK OFSI addresses
-**API providers:** OpenSanctions (address + entity), Chainalysis Oracle (address), Chainalysis Free API (address)
-**Local providers:** OpenSanctions local dataset (download via `kontext sync`)
+## Agent reasoning
 
-## Compliance Thresholds
+```typescript
+await ctx.logReasoning({
+  agentId: 'payment-agent',
+  action: 'approve-transfer',
+  reasoning: 'Amount within daily limit. Recipient on allowlist.',
+  confidence: 0.95,
+});
+```
 
-| Threshold | Amount | Trigger |
-|-----------|--------|---------|
-| **EDD / Travel Rule** | $3,000 | Enhanced Due Diligence required |
-| **CTR** | $10,000 | Currency Transaction Report |
-| **Large TX Alert** | $50,000 | Large Transaction Alert |
+## MCP server
 
-OFAC sanctions screening uses the built-in SDN list. No API key required.
+```json
+{
+  "mcpServers": {
+    "kontext": {
+      "command": "npx",
+      "args": ["-y", "@kontext-sdk/cli", "mcp"]
+    }
+  }
+}
+```
 
-## What's Included
+## Zero runtime dependencies
 
-- Tamper-evident audit trail (patented digest chain)
-- OFAC sanctions screening (SDN list, no API key)
-- Pluggable multi-provider screening (OFAC, UK OFSI, OpenSanctions, Chainalysis)
-- Compliance certificates with SHA-256 proof
-- Agent reasoning logs
-- Trust scoring and anomaly detection
-- Agent provenance — session delegation, action binding, human attestation
-- MCP server mode for AI coding tools
-- Zero runtime dependencies
+The SDK has no `dependencies`. Works in Node.js 18+, TypeScript 5.0+.
 
 ## License
 
@@ -321,6 +115,4 @@ MIT
 
 ---
 
-Kontext provides compliance logging tools. Regulatory responsibility remains with the operator. This software does not constitute legal advice and does not guarantee regulatory compliance. Consult qualified legal counsel for your specific obligations.
-
 Built by [Legaci Labs](https://www.getkontext.com)

package/dist/index.d.mts

@@ -981,6 +981,8 @@ interface VerifyResult {
     task?: Task;
     /** ERC-8021 builder attribution (present when erc8021 config provided and tx has attribution) */
     attribution?: ERC8021Attribution;
+    /** Coverage warning when using built-in screening only (no external providers configured) */
+    coverageWarning?: string;
 }
 /**
  * Input for logging an agent's reasoning/decision step.
@@ -3849,6 +3851,103 @@ declare class ChainalysisOracleProvider implements ScreeningProvider {
     private errorResult;
 }
 
+interface KontextCloudScreeningConfig {
+    /** Kontext API key (not a third-party key) */
+    apiKey: string;
+    /** Kontext project ID */
+    projectId: string;
+    /** API base URL (default: https://api.getkontext.com) */
+    apiUrl?: string;
+    /** Fuzzy match threshold for entity names (default: 0.85) */
+    threshold?: number;
+    /** Max entity results (default: 5) */
+    maxResults?: number;
+}
+/**
+ * Kontext Cloud Screening Provider.
+ *
+ * Screens addresses and entity names against Kontext's pre-cached
+ * government sanctions data. Covers OFAC SDN (~69K entities, ~1,245
+ * crypto addresses), UK Sanctions List (~12K entities), and EU FSF
+ * (~14K entities).
+ *
+ * - **Pay-as-you-go**, requires Kontext API key
+ * - **Browser-compatible** — all HTTP
+ * - Supports address + entity name queries
+ *
+ * @example
+ * ```typescript
+ * const provider = new KontextCloudScreeningProvider({
+ *   apiKey: 'sk_live_...',
+ *   projectId: 'my-project',
+ * });
+ *
+ * // Address lookup (O(1) sub-ms on server)
+ * const result = await provider.screen('0x1234...');
+ *
+ * // Entity name search (fuzzy, 1-5ms on server)
+ * const result = await provider.screen('Lazarus Group');
+ * ```
+ */
+declare class KontextCloudScreeningProvider implements ScreeningProvider {
+    readonly id = "kontext-cloud";
+    readonly name = "Kontext Cloud Screening";
+    readonly lists: readonly SanctionsList[];
+    readonly requiresApiKey = true;
+    readonly browserCompatible = true;
+    readonly queryTypes: readonly QueryType[];
+    private readonly apiKey;
+    private readonly projectId;
+    private readonly apiUrl;
+    private readonly threshold;
+    private readonly maxResults;
+    constructor(config: KontextCloudScreeningConfig);
+    isAvailable(): boolean;
+    screen(query: string, _context?: ScreeningContext): Promise<ScreeningResult>;
+    private screenAddress;
+    private screenEntity;
+    private errorResult;
+}
+
+interface TRMLabsConfig {
+    /** TRM Labs API key */
+    apiKey: string;
+    /** API base URL (default: https://api.trmlabs.com/public/v2) */
+    baseUrl?: string;
+}
+/**
+ * TRM Labs Sanctions Screening Provider.
+ *
+ * Screens blockchain addresses via the TRM Labs free sanctions API.
+ * Covers 25 blockchains with cross-chain detection. Address-only —
+ * does not support entity name screening.
+ *
+ * - **Free** — 100K req/day with API key
+ * - **Browser-compatible** — simple REST API
+ *
+ * @example
+ * ```typescript
+ * const provider = new TRMLabsProvider({
+ *   apiKey: process.env.TRM_API_KEY!,
+ * });
+ * const result = await provider.screen('0x098B716B8Aaf21512996dC57EB0615e2383E2f96');
+ * ```
+ */
+declare class TRMLabsProvider implements ScreeningProvider {
+    readonly id = "trm-labs";
+    readonly name = "TRM Labs Sanctions Screening";
+    readonly lists: readonly SanctionsList[];
+    readonly requiresApiKey = true;
+    readonly browserCompatible = true;
+    readonly queryTypes: readonly QueryType[];
+    private readonly apiKey;
+    private readonly baseUrl;
+    constructor(config: TRMLabsConfig);
+    isAvailable(): boolean;
+    screen(query: string, _context?: ScreeningContext): Promise<ScreeningResult>;
+    private errorResult;
+}
+
 type ConsensusStrategy = 'ANY_MATCH' | 'ALL_MATCH' | 'MAJORITY';
 interface ScreeningAggregatorConfig {
     providers: ScreeningProvider[];
@@ -4034,4 +4133,4 @@ interface KontextConfigFile {
  */
 declare function loadConfigFile(startDir?: string): KontextConfigFile | null;
 
-export { type ActionLog, type AgentCard, type AgentData, type AgentIdentity, AgentIdentityRegistry, type AgentLink, type AgentSession, type AggregatedScreeningResult, type AnchorResult, type AnchorVerification, type AnomalyCallback, type AnomalyDetectionConfig, AnomalyDetector, type AnomalyEvent, type AnomalyRuleType, type AnomalySeverity, type AnomalyThresholds, type AttestationDecision, type AttestationPayload, type AttestationRequest, type AttestationResponse, type AttestationSignature, type BehavioralEmbedding, BehavioralFingerprinter, CHAIN_ID_MAP, CURRENCY_REQUIRED_LISTS, type Chain, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, type CheckpointStatus, type ClusteringEvidence, type ClusteringHeuristic, type ComplianceCertificate, type ComplianceCheckResult, type ComplianceReport, type ConfirmTaskInput, type ConsensusStrategy, ConsoleExporter, type CounterpartyAttestation, type CounterpartyConfig, type CreateCheckpointInput, type CreateSessionInput, type CreateTaskInput, CrossSessionLinker, type CrossSessionLinkerConfig, type DateRange, DigestChain, type DigestLink, type DigestVerification, type ERC8021Attribution, type ERC8021Config, type EntityStatus, type EntityType, type Environment, type EventExporter, type ExportFormat, type ExportOptions, type ExportResult, type ExporterResult, type FeatureFlag, type FeatureFlagConfig, FeatureFlagManager, FileStorage, type FinancialFeatures, type FlagPlanTargeting, type FlagScope, type FlagTargeting, type GatedFeature, type GenerateComplianceCertificateInput, type HumanAttestation, JsonFileExporter, type Jurisdiction, KONTEXT_BUILDER_CODE, type KYAConfidenceLevel, type KYAConfidenceScore, KYAConfidenceScorer, type KYAConfidenceScorerConfig, type KYAEnvelope, type KYAScoreComponent, type KYCProviderReference, type KYCStatus, Kontext, type KontextConfig, KontextError, KontextErrorCode, type KontextMode, type LimitEvent, type LinkSignal, type LinkStatus, type LogActionInput, type LogLevel, type LogReasoningInput, type LogTransactionInput, type MatchType, MemoryStorage, type MetadataValidator, type NetworkFeatures, NoopExporter, OFACAddressProvider, OFACEntityProvider, type OnChainAnchorConfig, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, type OperationalFeatures, PLAN_LIMITS, PaymentCompliance, type PlanConfig, PlanManager, type PlanTier, type PlanUsage, type PolicyConfig, type PrecisionTimestamp, type ProvenanceAction, type ProvenanceAttestor, type ProvenanceBundle, type ProvenanceBundleVerification, type ProvenanceCheckpoint, ProvenanceManager, type QueryType, type ReasoningEntry, type RegisterIdentityInput, type ReportOptions, type ReportType, type RiskFactor, STABLECOIN_CONTRACTS, type SanctionsCheckResult, type SanctionsList, ScreeningAggregator, type ScreeningAggregatorConfig, type ScreeningConfig, type ScreeningContext, type ScreeningMatch, type ScreeningProvider, type ScreeningResult, type SessionConstraints, type SessionStatus, type StorageAdapter, TOKEN_REQUIRED_LISTS, type Task, type TaskEvidence, type TaskStatus, type TemporalFeatures, type Token, type TransactionEvaluation, type TransactionRecord, type TrustFactor, type TrustScore, TrustScorer, UKOFSIProvider, type UpdateIdentityInput, UsdcCompliance, type UsdcComplianceCheck, type VerificationKey, type VerifyInput, type VerifyResult, ViemComplianceError, type ViemInstrumentationOptions, type WalletClientLike, type WalletCluster, WalletClusterer, type WalletClusteringConfig, type WalletMapping, WalletMonitor, type WalletMonitoringConfig, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, loadConfigFile, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain, withKontextCompliance };
+export { type ActionLog, type AgentCard, type AgentData, type AgentIdentity, AgentIdentityRegistry, type AgentLink, type AgentSession, type AggregatedScreeningResult, type AnchorResult, type AnchorVerification, type AnomalyCallback, type AnomalyDetectionConfig, AnomalyDetector, type AnomalyEvent, type AnomalyRuleType, type AnomalySeverity, type AnomalyThresholds, type AttestationDecision, type AttestationPayload, type AttestationRequest, type AttestationResponse, type AttestationSignature, type BehavioralEmbedding, BehavioralFingerprinter, CHAIN_ID_MAP, CURRENCY_REQUIRED_LISTS, type Chain, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, type CheckpointStatus, type ClusteringEvidence, type ClusteringHeuristic, type ComplianceCertificate, type ComplianceCheckResult, type ComplianceReport, type ConfirmTaskInput, type ConsensusStrategy, ConsoleExporter, type CounterpartyAttestation, type CounterpartyConfig, type CreateCheckpointInput, type CreateSessionInput, type CreateTaskInput, CrossSessionLinker, type CrossSessionLinkerConfig, type DateRange, DigestChain, type DigestLink, type DigestVerification, type ERC8021Attribution, type ERC8021Config, type EntityStatus, type EntityType, type Environment, type EventExporter, type ExportFormat, type ExportOptions, type ExportResult, type ExporterResult, type FeatureFlag, type FeatureFlagConfig, FeatureFlagManager, FileStorage, type FinancialFeatures, type FlagPlanTargeting, type FlagScope, type FlagTargeting, type GatedFeature, type GenerateComplianceCertificateInput, type HumanAttestation, JsonFileExporter, type Jurisdiction, KONTEXT_BUILDER_CODE, type KYAConfidenceLevel, type KYAConfidenceScore, KYAConfidenceScorer, type KYAConfidenceScorerConfig, type KYAEnvelope, type KYAScoreComponent, type KYCProviderReference, type KYCStatus, Kontext, type KontextCloudScreeningConfig, KontextCloudScreeningProvider, type KontextConfig, KontextError, KontextErrorCode, type KontextMode, type LimitEvent, type LinkSignal, type LinkStatus, type LogActionInput, type LogLevel, type LogReasoningInput, type LogTransactionInput, type MatchType, MemoryStorage, type MetadataValidator, type NetworkFeatures, NoopExporter, OFACAddressProvider, OFACEntityProvider, type OnChainAnchorConfig, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, type OperationalFeatures, PLAN_LIMITS, PaymentCompliance, type PlanConfig, PlanManager, type PlanTier, type PlanUsage, type PolicyConfig, type PrecisionTimestamp, type ProvenanceAction, type ProvenanceAttestor, type ProvenanceBundle, type ProvenanceBundleVerification, type ProvenanceCheckpoint, ProvenanceManager, type QueryType, type ReasoningEntry, type RegisterIdentityInput, type ReportOptions, type ReportType, type RiskFactor, STABLECOIN_CONTRACTS, type SanctionsCheckResult, type SanctionsList, ScreeningAggregator, type ScreeningAggregatorConfig, type ScreeningConfig, type ScreeningContext, type ScreeningMatch, type ScreeningProvider, type ScreeningResult, type SessionConstraints, type SessionStatus, type StorageAdapter, TOKEN_REQUIRED_LISTS, type TRMLabsConfig, TRMLabsProvider, type Task, type TaskEvidence, type TaskStatus, type TemporalFeatures, type Token, type TransactionEvaluation, type TransactionRecord, type TrustFactor, type TrustScore, TrustScorer, UKOFSIProvider, type UpdateIdentityInput, UsdcCompliance, type UsdcComplianceCheck, type VerificationKey, type VerifyInput, type VerifyResult, ViemComplianceError, type ViemInstrumentationOptions, type WalletClientLike, type WalletCluster, WalletClusterer, type WalletClusteringConfig, type WalletMapping, WalletMonitor, type WalletMonitoringConfig, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, loadConfigFile, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain, withKontextCompliance };

package/dist/index.d.ts

@@ -981,6 +981,8 @@ interface VerifyResult {
     task?: Task;
     /** ERC-8021 builder attribution (present when erc8021 config provided and tx has attribution) */
     attribution?: ERC8021Attribution;
+    /** Coverage warning when using built-in screening only (no external providers configured) */
+    coverageWarning?: string;
 }
 /**
  * Input for logging an agent's reasoning/decision step.
@@ -3849,6 +3851,103 @@ declare class ChainalysisOracleProvider implements ScreeningProvider {
     private errorResult;
 }
 
+interface KontextCloudScreeningConfig {
+    /** Kontext API key (not a third-party key) */
+    apiKey: string;
+    /** Kontext project ID */
+    projectId: string;
+    /** API base URL (default: https://api.getkontext.com) */
+    apiUrl?: string;
+    /** Fuzzy match threshold for entity names (default: 0.85) */
+    threshold?: number;
+    /** Max entity results (default: 5) */
+    maxResults?: number;
+}
+/**
+ * Kontext Cloud Screening Provider.
+ *
+ * Screens addresses and entity names against Kontext's pre-cached
+ * government sanctions data. Covers OFAC SDN (~69K entities, ~1,245
+ * crypto addresses), UK Sanctions List (~12K entities), and EU FSF
+ * (~14K entities).
+ *
+ * - **Pay-as-you-go**, requires Kontext API key
+ * - **Browser-compatible** — all HTTP
+ * - Supports address + entity name queries
+ *
+ * @example
+ * ```typescript
+ * const provider = new KontextCloudScreeningProvider({
+ *   apiKey: 'sk_live_...',
+ *   projectId: 'my-project',
+ * });
+ *
+ * // Address lookup (O(1) sub-ms on server)
+ * const result = await provider.screen('0x1234...');
+ *
+ * // Entity name search (fuzzy, 1-5ms on server)
+ * const result = await provider.screen('Lazarus Group');
+ * ```
+ */
+declare class KontextCloudScreeningProvider implements ScreeningProvider {
+    readonly id = "kontext-cloud";
+    readonly name = "Kontext Cloud Screening";
+    readonly lists: readonly SanctionsList[];
+    readonly requiresApiKey = true;
+    readonly browserCompatible = true;
+    readonly queryTypes: readonly QueryType[];
+    private readonly apiKey;
+    private readonly projectId;
+    private readonly apiUrl;
+    private readonly threshold;
+    private readonly maxResults;
+    constructor(config: KontextCloudScreeningConfig);
+    isAvailable(): boolean;
+    screen(query: string, _context?: ScreeningContext): Promise<ScreeningResult>;
+    private screenAddress;
+    private screenEntity;
+    private errorResult;
+}
+
+interface TRMLabsConfig {
+    /** TRM Labs API key */
+    apiKey: string;
+    /** API base URL (default: https://api.trmlabs.com/public/v2) */
+    baseUrl?: string;
+}
+/**
+ * TRM Labs Sanctions Screening Provider.
+ *
+ * Screens blockchain addresses via the TRM Labs free sanctions API.
+ * Covers 25 blockchains with cross-chain detection. Address-only —
+ * does not support entity name screening.
+ *
+ * - **Free** — 100K req/day with API key
+ * - **Browser-compatible** — simple REST API
+ *
+ * @example
+ * ```typescript
+ * const provider = new TRMLabsProvider({
+ *   apiKey: process.env.TRM_API_KEY!,
+ * });
+ * const result = await provider.screen('0x098B716B8Aaf21512996dC57EB0615e2383E2f96');
+ * ```
+ */
+declare class TRMLabsProvider implements ScreeningProvider {
+    readonly id = "trm-labs";
+    readonly name = "TRM Labs Sanctions Screening";
+    readonly lists: readonly SanctionsList[];
+    readonly requiresApiKey = true;
+    readonly browserCompatible = true;
+    readonly queryTypes: readonly QueryType[];
+    private readonly apiKey;
+    private readonly baseUrl;
+    constructor(config: TRMLabsConfig);
+    isAvailable(): boolean;
+    screen(query: string, _context?: ScreeningContext): Promise<ScreeningResult>;
+    private errorResult;
+}
+
 type ConsensusStrategy = 'ANY_MATCH' | 'ALL_MATCH' | 'MAJORITY';
 interface ScreeningAggregatorConfig {
     providers: ScreeningProvider[];
@@ -4034,4 +4133,4 @@ interface KontextConfigFile {
  */
 declare function loadConfigFile(startDir?: string): KontextConfigFile | null;
 
-export { type ActionLog, type AgentCard, type AgentData, type AgentIdentity, AgentIdentityRegistry, type AgentLink, type AgentSession, type AggregatedScreeningResult, type AnchorResult, type AnchorVerification, type AnomalyCallback, type AnomalyDetectionConfig, AnomalyDetector, type AnomalyEvent, type AnomalyRuleType, type AnomalySeverity, type AnomalyThresholds, type AttestationDecision, type AttestationPayload, type AttestationRequest, type AttestationResponse, type AttestationSignature, type BehavioralEmbedding, BehavioralFingerprinter, CHAIN_ID_MAP, CURRENCY_REQUIRED_LISTS, type Chain, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, type CheckpointStatus, type ClusteringEvidence, type ClusteringHeuristic, type ComplianceCertificate, type ComplianceCheckResult, type ComplianceReport, type ConfirmTaskInput, type ConsensusStrategy, ConsoleExporter, type CounterpartyAttestation, type CounterpartyConfig, type CreateCheckpointInput, type CreateSessionInput, type CreateTaskInput, CrossSessionLinker, type CrossSessionLinkerConfig, type DateRange, DigestChain, type DigestLink, type DigestVerification, type ERC8021Attribution, type ERC8021Config, type EntityStatus, type EntityType, type Environment, type EventExporter, type ExportFormat, type ExportOptions, type ExportResult, type ExporterResult, type FeatureFlag, type FeatureFlagConfig, FeatureFlagManager, FileStorage, type FinancialFeatures, type FlagPlanTargeting, type FlagScope, type FlagTargeting, type GatedFeature, type GenerateComplianceCertificateInput, type HumanAttestation, JsonFileExporter, type Jurisdiction, KONTEXT_BUILDER_CODE, type KYAConfidenceLevel, type KYAConfidenceScore, KYAConfidenceScorer, type KYAConfidenceScorerConfig, type KYAEnvelope, type KYAScoreComponent, type KYCProviderReference, type KYCStatus, Kontext, type KontextConfig, KontextError, KontextErrorCode, type KontextMode, type LimitEvent, type LinkSignal, type LinkStatus, type LogActionInput, type LogLevel, type LogReasoningInput, type LogTransactionInput, type MatchType, MemoryStorage, type MetadataValidator, type NetworkFeatures, NoopExporter, OFACAddressProvider, OFACEntityProvider, type OnChainAnchorConfig, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, type OperationalFeatures, PLAN_LIMITS, PaymentCompliance, type PlanConfig, PlanManager, type PlanTier, type PlanUsage, type PolicyConfig, type PrecisionTimestamp, type ProvenanceAction, type ProvenanceAttestor, type ProvenanceBundle, type ProvenanceBundleVerification, type ProvenanceCheckpoint, ProvenanceManager, type QueryType, type ReasoningEntry, type RegisterIdentityInput, type ReportOptions, type ReportType, type RiskFactor, STABLECOIN_CONTRACTS, type SanctionsCheckResult, type SanctionsList, ScreeningAggregator, type ScreeningAggregatorConfig, type ScreeningConfig, type ScreeningContext, type ScreeningMatch, type ScreeningProvider, type ScreeningResult, type SessionConstraints, type SessionStatus, type StorageAdapter, TOKEN_REQUIRED_LISTS, type Task, type TaskEvidence, type TaskStatus, type TemporalFeatures, type Token, type TransactionEvaluation, type TransactionRecord, type TrustFactor, type TrustScore, TrustScorer, UKOFSIProvider, type UpdateIdentityInput, UsdcCompliance, type UsdcComplianceCheck, type VerificationKey, type VerifyInput, type VerifyResult, ViemComplianceError, type ViemInstrumentationOptions, type WalletClientLike, type WalletCluster, WalletClusterer, type WalletClusteringConfig, type WalletMapping, WalletMonitor, type WalletMonitoringConfig, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, loadConfigFile, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain, withKontextCompliance };
+export { type ActionLog, type AgentCard, type AgentData, type AgentIdentity, AgentIdentityRegistry, type AgentLink, type AgentSession, type AggregatedScreeningResult, type AnchorResult, type AnchorVerification, type AnomalyCallback, type AnomalyDetectionConfig, AnomalyDetector, type AnomalyEvent, type AnomalyRuleType, type AnomalySeverity, type AnomalyThresholds, type AttestationDecision, type AttestationPayload, type AttestationRequest, type AttestationResponse, type AttestationSignature, type BehavioralEmbedding, BehavioralFingerprinter, CHAIN_ID_MAP, CURRENCY_REQUIRED_LISTS, type Chain, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, type CheckpointStatus, type ClusteringEvidence, type ClusteringHeuristic, type ComplianceCertificate, type ComplianceCheckResult, type ComplianceReport, type ConfirmTaskInput, type ConsensusStrategy, ConsoleExporter, type CounterpartyAttestation, type CounterpartyConfig, type CreateCheckpointInput, type CreateSessionInput, type CreateTaskInput, CrossSessionLinker, type CrossSessionLinkerConfig, type DateRange, DigestChain, type DigestLink, type DigestVerification, type ERC8021Attribution, type ERC8021Config, type EntityStatus, type EntityType, type Environment, type EventExporter, type ExportFormat, type ExportOptions, type ExportResult, type ExporterResult, type FeatureFlag, type FeatureFlagConfig, FeatureFlagManager, FileStorage, type FinancialFeatures, type FlagPlanTargeting, type FlagScope, type FlagTargeting, type GatedFeature, type GenerateComplianceCertificateInput, type HumanAttestation, JsonFileExporter, type Jurisdiction, KONTEXT_BUILDER_CODE, type KYAConfidenceLevel, type KYAConfidenceScore, KYAConfidenceScorer, type KYAConfidenceScorerConfig, type KYAEnvelope, type KYAScoreComponent, type KYCProviderReference, type KYCStatus, Kontext, type KontextCloudScreeningConfig, KontextCloudScreeningProvider, type KontextConfig, KontextError, KontextErrorCode, type KontextMode, type LimitEvent, type LinkSignal, type LinkStatus, type LogActionInput, type LogLevel, type LogReasoningInput, type LogTransactionInput, type MatchType, MemoryStorage, type MetadataValidator, type NetworkFeatures, NoopExporter, OFACAddressProvider, OFACEntityProvider, type OnChainAnchorConfig, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, type OperationalFeatures, PLAN_LIMITS, PaymentCompliance, type PlanConfig, PlanManager, type PlanTier, type PlanUsage, type PolicyConfig, type PrecisionTimestamp, type ProvenanceAction, type ProvenanceAttestor, type ProvenanceBundle, type ProvenanceBundleVerification, type ProvenanceCheckpoint, ProvenanceManager, type QueryType, type ReasoningEntry, type RegisterIdentityInput, type ReportOptions, type ReportType, type RiskFactor, STABLECOIN_CONTRACTS, type SanctionsCheckResult, type SanctionsList, ScreeningAggregator, type ScreeningAggregatorConfig, type ScreeningConfig, type ScreeningContext, type ScreeningMatch, type ScreeningProvider, type ScreeningResult, type SessionConstraints, type SessionStatus, type StorageAdapter, TOKEN_REQUIRED_LISTS, type TRMLabsConfig, TRMLabsProvider, type Task, type TaskEvidence, type TaskStatus, type TemporalFeatures, type Token, type TransactionEvaluation, type TransactionRecord, type TrustFactor, type TrustScore, TrustScorer, UKOFSIProvider, type UpdateIdentityInput, UsdcCompliance, type UsdcComplianceCheck, type VerificationKey, type VerifyInput, type VerifyResult, ViemComplianceError, type ViemInstrumentationOptions, type WalletClientLike, type WalletCluster, WalletClusterer, type WalletClusteringConfig, type WalletMapping, WalletMonitor, type WalletMonitoringConfig, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, loadConfigFile, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain, withKontextCompliance };