docs: add supported models section and HMAC security documentation

Author: ciro-maciel

README.md

@@ -20,7 +20,23 @@
 -   **📝 Intelligent Logging** with contextual insights
 -   **🌐 HTTP Endpoints** to expose agents as REST APIs
 
-**From startup MVPs to enterprise solutions** - RiLiGar Agents SDK scales with you.
+## 🌐 Supported Models
+
+Via **OpenRouter** (configure `OPENROUTER_API_KEY`):
+
+-   OpenAI (GPT-4, GPT-3.5)
+-   Anthropic (Claude)
+-   Google (Gemini)
+-   Meta (Llama)
+-   Perplexity, Cohere, etc.
+
+```javascript
+const llm = model.create({
+    modelName: 'openai/gpt-4', // or 'anthropic/claude-3', 'google/gemini-pro'
+    apiKey: process.env.OPENROUTER_API_KEY,
+    temperature: 0.7,
+});
+```
 
 ## 🚀 Installation
 
@@ -93,40 +109,34 @@ const data = await response.json();
 console.log(data.result.text); // "Hello, Sarah! 👋"
 ```
 
-## 🎯 Key Features
-
-| Feature           | Description                                 | Example                                       |
-| ----------------- | ------------------------------------------- | --------------------------------------------- |
-| **🤖 Agents**     | Intelligent agents with custom instructions | `new Agent({ name, instructions, model })`    |
-| **🔧 Tools**      | Local tools and MCP integration             | `tool.build([{ type: 'local', executeFn }])`  |
-| **📝 Logging**    | Contextual and configurable logging system  | `new Logger({ level: 'info' })`               |
-| **🛡️ Guardrails** | Input and output validation                 | `guardrails: { input: [...], output: [...] }` |
-| **🔐 Security**   | HMAC authentication for secure APIs        | `security.generateHMACAuth(id, key, ...)`     |
-| **🔄 Handoffs**   | Transfer between agents                     | `{ type: 'agent', agent: otherAgent }`        |
-| **📡 Streaming**  | Real-time responses                         | `result.textStream`                           |
-| **🌐 HTTP API**   | Expose agents as REST endpoints             | `new Endpoint(agent, { port: 3001 })`         |
+## 🔐 HMAC Security
 
-## 🌐 Supported Models
+Secure your agent endpoints with enterprise-grade HMAC authentication. Perfect for production APIs that need to verify client identity and request integrity.
 
-Via **OpenRouter** (configure `OPENROUTER_API_KEY`):
+### 🔑 Security Features
 
--   OpenAI (GPT-4, GPT-3.5)
--   Anthropic (Claude)
--   Google (Gemini)
--   Meta (Llama)
--   Perplexity, Cohere, etc.
+-   **🛡️ HMAC-SHA256**: Industry-standard message authentication
+-   **⏱️ Timestamp Protection**: Prevents replay attacks
+-   **👥 Multi-Client Support**: Individual keys per client
+-   **🔐 Timing-Safe Validation**: Resistant to timing attacks
+-   **🚫 Request Integrity**: Detects message tampering
+-   **⚙️ Configurable Tolerance**: Flexible timestamp validation
 
-```javascript
-const llm = model.create({
-    modelName: 'openai/gpt-4', // or 'anthropic/claude-3', 'google/gemini-pro'
-    apiKey: process.env.OPENROUTER_API_KEY,
-    temperature: 0.7,
-});
-```
+### 📋 Environment Variables
 
-## 🔐 HMAC Security
+```bash
+# Server configuration
+OPENROUTER_API_KEY=your-openrouter-api-key
+HMAC_MASTER_SECRET=your-master-secret-key
+FRONTEND_SECRET=frontend-client-secret-key
+MOBILE_SECRET=mobile-client-secret-key
+ADMIN_SECRET=admin-client-secret-key
 
-Secure your agent endpoints with enterprise-grade HMAC authentication. Perfect for production APIs that need to verify client identity and request integrity.
+# Client configuration
+AGENT_CLIENT_ID=frontend-app
+AGENT_SECRET_KEY=frontend-client-secret-key
+AGENT_BASE_URL=https://your-agent-api.com
+```
 
 ### 🛡️ Secure Server Implementation
 
@@ -138,7 +148,7 @@ const agent = new Agent({
     name: 'SecureAgent',
     instructions: 'You are a secure AI assistant.',
     model: model.create({ apiKey: process.env.OPENROUTER_API_KEY }),
-    logger: new Logger({ level: 'info' })
+    logger: new Logger({ level: 'info' }),
 });
 
 // Create endpoint with HMAC security
@@ -148,11 +158,11 @@ const endpoint = new Endpoint(agent, {
     hmacClients: {
         'frontend-app': process.env.FRONTEND_SECRET,
         'mobile-app': process.env.MOBILE_SECRET,
-        'admin-panel': process.env.ADMIN_SECRET
+        'admin-panel': process.env.ADMIN_SECRET,
     },
     // Option 2: Master secret (simpler)
     hmacSecret: process.env.HMAC_MASTER_SECRET,
-    hmacTolerance: 300 // 5 minutes tolerance
+    hmacTolerance: 300, // 5 minutes tolerance
 });
 
 await endpoint.start();
@@ -173,23 +183,17 @@ class SecureAgentClient {
 
     async processTask(task) {
         const body = { task };
-        
+
         // Generate HMAC authentication
-        const authHeader = security.generateHMACAuth(
-            this.clientId,
-            this.secretKey,
-            'POST',
-            '/process',
-            body
-        );
+        const authHeader = security.generateHMACAuth(this.clientId, this.secretKey, 'POST', '/process', body);
 
         const response = await fetch(`${this.baseUrl}/process`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'Authorization': authHeader
+                Authorization: authHeader,
             },
-            body: JSON.stringify(body)
+            body: JSON.stringify(body),
         });
 
         if (!response.ok) {
@@ -200,66 +204,32 @@ class SecureAgentClient {
     }
 
     async checkHealth() {
-        const authHeader = security.generateHMACAuth(
-            this.clientId,
-            this.secretKey,
-            'GET',
-            '/health'
-        );
+        const authHeader = security.generateHMACAuth(this.clientId, this.secretKey, 'GET', '/health');
 
         const response = await fetch(`${this.baseUrl}/health`, {
-            headers: { 'Authorization': authHeader }
+            headers: { Authorization: authHeader },
         });
 
         return response.json();
     }
 }
 
 // Usage
-const client = new SecureAgentClient(
-    'frontend-app',
-    process.env.FRONTEND_SECRET,
-    'https://your-agent-api.com'
-);
+const client = new SecureAgentClient('frontend-app', process.env.FRONTEND_SECRET, 'https://your-agent-api.com');
 
 const result = await client.processTask('Analyze customer data');
 console.log(result.result.text);
 ```
 
-### 🔑 Security Features
-
-- **🛡️ HMAC-SHA256**: Industry-standard message authentication
-- **⏱️ Timestamp Protection**: Prevents replay attacks
-- **👥 Multi-Client Support**: Individual keys per client
-- **🔐 Timing-Safe Validation**: Resistant to timing attacks
-- **🚫 Request Integrity**: Detects message tampering
-- **⚙️ Configurable Tolerance**: Flexible timestamp validation
-
-### 📋 Environment Variables
-
-```bash
-# Server configuration
-OPENROUTER_API_KEY=your-openrouter-api-key
-HMAC_MASTER_SECRET=your-master-secret-key
-FRONTEND_SECRET=frontend-client-secret-key
-MOBILE_SECRET=mobile-client-secret-key
-ADMIN_SECRET=admin-client-secret-key
-
-# Client configuration  
-AGENT_CLIENT_ID=frontend-app
-AGENT_SECRET_KEY=frontend-client-secret-key
-AGENT_BASE_URL=https://your-agent-api.com
-```
-
 ## 📚 Practical Examples
 
-| Example        | File                    | Description             |
-| -------------- | ----------------------- | ----------------------- |
-| **Basic**      | `examples/hello.js`     | Simple agent with tools |
+| Example        | File                    | Description              |
+| -------------- | ----------------------- | ------------------------ |
+| **Basic**      | `examples/hello.js`     | Simple agent with tools  |
 | **Security**   | `examples/security.js`  | HMAC authentication demo |
-| **Guardrails** | `examples/guardrail.js` | Input/output validation |
-| **Handoffs**   | `examples/handoffs.js`  | Transfer between agents |
-| **MCP**        | `examples/mcp/`         | MCP server integration  |
+| **Guardrails** | `examples/guardrail.js` | Input/output validation  |
+| **Handoffs**   | `examples/handoffs.js`  | Transfer between agents  |
+| **MCP**        | `examples/mcp/`         | MCP server integration   |
 
 Run any example: