Add @voidly/agent-sdk — Double Ratchet + ML-KEM-768 hybrid

[EmperorMew]

Adds @voidly/agent-sdk to the JavaScript section.

What it is

A TypeScript SDK that implements the Signal-family messaging primitives in the browser and Node:

• X3DH asynchronous key agreement (signed prekeys + one-time prekeys).
• Double Ratchet — DH ratchet for post-compromise recovery, symmetric hash ratchet for per-message forward secrecy.
• Hybrid X25519 + ML-KEM-768 key exchange (NIST FIPS 203, harvest-now-decrypt-later resistant).
• Deniable authentication via HMAC-SHA256 over a shared DH secret (either party can produce the MAC).
• Sealed sender + constant-size message padding for metadata privacy.
• Replay protection (sliding-window message ID dedup).

Implementation notes

• X3DH, Double Ratchet, deniable auth, sealed sender, padding: implemented in this SDK on top of TweetNaCl primitives (X25519, XSalsa20-Poly1305, Ed25519, HMAC-SHA256).
• ML-KEM-768 itself: delegated to the upstream mlkem npm package. The hybrid construction (X25519 ⊕ ML-KEM shared secrets fed into HKDF) is implemented here.

Link

• npm: https://www.npmjs.com/package/@voidly/agent-sdk
• Source / protocol spec: https://github.com/voidly-ai

Checklist

• Alphabetical placement (leading @ sorts before asmCrypto).
• Description under 350 chars, ends with a period.
• One link per commit, one commit per PR.
• yarn test (remark-lint) passes locally.