export interface EncryptionKeyAnnouncement { agentId: string; /** X25519 public key for encryption (base64) */ encryptionPublicKey: string; /** Ed25519 public key for identity (base64) */ identityPublicKey: string; /** Ed25519 signature over canonical(agentId + encryptionPublicKey) */ signature: string; createdAt: string; } export interface EncryptedAgoraMessage { message: { id: string; timestamp: string; author: { agentId: string; publicKey: string; encryptionPublicKey: string; }; recipient: { agentId: string; publicKey: string; }; topic: string; type: 'encrypted'; /** Delegation authorizing this communication */ delegationId: string; /** Sender's one-time X25519 public key (ephemeral-static ECDH) */ ephemeralPublicKey: string; /** 24-byte random nonce (base64) */ nonce: string; /** sha256 hashes of taint principal IDs (cleartext for Module 18 enforcement) */ taintHashes: string[]; /** Cross-chain permit ID if cross-context flow */ permitId?: string; /** Monotonic within a conversation */ sequenceNumber: number; /** Padded ciphertext size in bytes */ paddedSize: number; /** Encrypted payload (base64) — contains plaintext + inner signature */ ciphertext: string; }; /** Ed25519 signature over canonical(message) — outer signature for public verifiability */ outerSignature: string; } export interface DecryptedPayload { subject: string; content: string; /** Explicit recipient ID (prevents surreptitious forwarding) */ recipientAgentId: string; /** Nonce from the envelope (bound into inner signature) */ nonce: string; /** Inner Ed25519 signature over canonical(subject + content + recipientAgentId + nonce) */ innerSignature: string; metadata?: Record; } export interface EncryptionKeypair { /** X25519 public key (base64) */ publicKey: string; /** X25519 private key (base64) */ privateKey: string; } export interface MessageValidation { /** Outer signature valid (Ed25519 over ciphertext envelope) */ outerSignatureValid: boolean; /** Inner signature valid (Ed25519 over plaintext + recipient + nonce) */ innerSignatureValid: boolean; /** Delegation still active at receive time */ delegationValid: boolean; /** Recipient matches the intended recipient */ recipientMatch: boolean; /** Message not expired */ notExpired: boolean; /** Overall: all checks pass */ valid: boolean; error?: string; } //# sourceMappingURL=encrypted-messaging.d.ts.map