@a0n/aeon 5.0.1

package/dist/core/index.d.ts

@@ -0,0 +1,212 @@
+/**
+ * Aeon Core Types
+ *
+ * Shared type definitions for the Aeon synchronization and versioning system.
+ */
+/**
+ * Operation type - what action is being performed
+ */
+type OperationType = 'create' | 'update' | 'delete' | 'sync' | 'batch';
+/**
+ * Operation priority for sync ordering
+ */
+type OperationPriority = 'high' | 'normal' | 'low';
+/**
+ * Operation sync status
+ */
+type OperationStatus = 'pending' | 'syncing' | 'synced' | 'failed';
+/**
+ * Queued operation for offline-first synchronization
+ */
+interface Operation {
+    id: string;
+    type: OperationType;
+    sessionId: string;
+    status: OperationStatus;
+    data: Record<string, unknown>;
+    priority?: OperationPriority;
+    createdAt?: number;
+    syncedAt?: number;
+    retryCount?: number;
+    maxRetries?: number;
+}
+/**
+ * Conflict detection result
+ */
+interface ConflictDetectionResult {
+    hasConflict: boolean;
+    type?: 'update_update' | 'delete_update' | 'update_delete' | 'concurrent';
+    severity?: 'low' | 'medium' | 'high';
+    similarity?: number;
+}
+/**
+ * Conflict resolution strategy
+ */
+type ResolutionStrategy = 'local_wins' | 'remote_wins' | 'last_modified' | 'merge' | 'manual';
+/**
+ * Sync batch for uploading multiple operations
+ */
+interface SyncBatch {
+    batchId: string;
+    operations: Operation[];
+    totalSize: number;
+    createdAt: number;
+    priority: OperationPriority;
+}
+/**
+ * Sync result from server
+ */
+interface SyncResult {
+    success: boolean;
+    synced: string[];
+    failed: Array<{
+        operationId: string;
+        error: string;
+    }>;
+    conflicts: Array<{
+        operationId: string;
+        remoteVersion: Record<string, unknown>;
+        strategy: ResolutionStrategy;
+    }>;
+}
+/**
+ * Network state for adaptive sync
+ */
+type NetworkState = 'online' | 'offline' | 'poor' | 'unknown';
+/**
+ * Bandwidth profile for sync adaptation
+ */
+interface BandwidthProfile {
+    bandwidth: number;
+    latency: number;
+    timestamp: number;
+    reliability: number;
+}
+/**
+ * Sync coordinator configuration
+ */
+interface SyncCoordinatorConfig {
+    maxBatchSize: number;
+    maxBatchBytes: number;
+    maxRetries: number;
+    retryDelayMs: number;
+    enableCompression: boolean;
+    enableDeltaSync: boolean;
+    adaptateBatchSize: boolean;
+}
+/**
+ * Vector clock for causality tracking
+ */
+interface VectorClock {
+    [nodeId: string]: number;
+}
+/**
+ * CRDT operation for conflict-free updates
+ */
+interface CRDTOperation {
+    id: string;
+    type: 'insert' | 'delete' | 'update';
+    path: string[];
+    value?: unknown;
+    timestamp: number;
+    nodeId: string;
+    vectorClock: VectorClock;
+}
+/**
+ * Presence selection range
+ */
+interface PresenceSelection {
+    start: number;
+    end: number;
+    direction?: 'forward' | 'backward' | 'none';
+    path?: string;
+}
+/**
+ * Presence typing signal
+ */
+interface PresenceTyping {
+    isTyping: boolean;
+    field?: string;
+    isComposing?: boolean;
+    startedAt?: number;
+    stoppedAt?: number;
+}
+/**
+ * Presence scroll signal
+ */
+interface PresenceScroll {
+    depth: number;
+    y?: number;
+    viewportHeight?: number;
+    documentHeight?: number;
+    path?: string;
+}
+/**
+ * Presence viewport signal
+ */
+interface PresenceViewport {
+    width: number;
+    height: number;
+}
+/**
+ * Presence input signal
+ */
+interface PresenceInputState {
+    field: string;
+    hasFocus: boolean;
+    valueLength?: number;
+    selectionStart?: number;
+    selectionEnd?: number;
+    isComposing?: boolean;
+    inputMode?: string;
+}
+/**
+ * Presence emotional state signal
+ */
+interface PresenceEmotion {
+    primary?: string;
+    secondary?: string;
+    confidence?: number;
+    intensity?: number;
+    valence?: number;
+    arousal?: number;
+    dominance?: number;
+    source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
+    updatedAt?: number;
+}
+/**
+ * Presence information for real-time collaboration
+ */
+interface PresenceInfo {
+    userId: string;
+    nodeId: string;
+    cursor?: {
+        x: number;
+        y: number;
+        path?: string;
+    };
+    focusNode?: string;
+    selection?: PresenceSelection;
+    typing?: PresenceTyping;
+    scroll?: PresenceScroll;
+    viewport?: PresenceViewport;
+    inputState?: PresenceInputState;
+    emotion?: PresenceEmotion;
+    metadata?: Record<string, unknown>;
+    lastActivity: number;
+}
+/**
+ * Event emitter types
+ */
+type EventCallback<T = unknown> = (data: T) => void;
+type EventUnsubscribe = () => void;
+/**
+ * Generic event emitter interface
+ */
+interface IEventEmitter {
+    on<T = unknown>(event: string, callback: EventCallback<T>): EventUnsubscribe;
+    off(event: string, callback: EventCallback): void;
+    emit<T = unknown>(event: string, data?: T): void;
+}
+
+export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceEmotion, PresenceInfo, PresenceInputState, PresenceScroll, PresenceSelection, PresenceTyping, PresenceViewport, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };

package/dist/core/index.js

@@ -0,0 +1,3 @@
+
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}

package/dist/crypto/index.cjs

@@ -0,0 +1,130 @@
+'use strict';
+
+// src/crypto/types.ts
+var AEON_CAPABILITIES = {
+  // Basic sync operations
+  SYNC_READ: "aeon:sync:read",
+  SYNC_WRITE: "aeon:sync:write",
+  SYNC_ADMIN: "aeon:sync:admin",
+  // Node operations
+  NODE_REGISTER: "aeon:node:register",
+  NODE_HEARTBEAT: "aeon:node:heartbeat",
+  // Replication operations
+  REPLICATE_READ: "aeon:replicate:read",
+  REPLICATE_WRITE: "aeon:replicate:write",
+  // State operations
+  STATE_READ: "aeon:state:read",
+  STATE_WRITE: "aeon:state:write",
+  STATE_RECONCILE: "aeon:state:reconcile"
+};
+var DEFAULT_CRYPTO_CONFIG = {
+  defaultEncryptionMode: "none",
+  requireSignatures: false,
+  requireCapabilities: false,
+  allowedSignatureAlgorithms: ["ES256", "Ed25519"],
+  allowedEncryptionAlgorithms: ["ECIES-P256", "AES-256-GCM"],
+  sessionKeyExpiration: 24 * 60 * 60 * 1e3
+  // 24 hours
+};
+
+// src/crypto/CryptoProvider.ts
+var NullCryptoProvider = class {
+  notConfiguredError() {
+    return new Error("Crypto provider not configured");
+  }
+  async generateIdentity() {
+    throw this.notConfiguredError();
+  }
+  getLocalDID() {
+    return null;
+  }
+  async exportPublicIdentity() {
+    return null;
+  }
+  async registerRemoteNode() {
+  }
+  async getRemotePublicKey() {
+    return null;
+  }
+  async sign() {
+    throw this.notConfiguredError();
+  }
+  async signData(_data) {
+    throw this.notConfiguredError();
+  }
+  async verify() {
+    return true;
+  }
+  async verifySignedData() {
+    return true;
+  }
+  async encrypt() {
+    throw this.notConfiguredError();
+  }
+  async decrypt() {
+    throw this.notConfiguredError();
+  }
+  async getSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async encryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async decryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async createUCAN() {
+    throw this.notConfiguredError();
+  }
+  async verifyUCAN() {
+    return { authorized: true };
+  }
+  async delegateCapabilities() {
+    throw this.notConfiguredError();
+  }
+  async hash() {
+    throw this.notConfiguredError();
+  }
+  randomBytes(length) {
+    return crypto.getRandomValues(new Uint8Array(length));
+  }
+  isInitialized() {
+    return false;
+  }
+};
+
+// src/crypto/transactionSigner.ts
+var NullTransactionSigner = class {
+  async execute(request) {
+    return {
+      success: false,
+      action: request.action,
+      chainId: request.chainId || 0,
+      errorCode: "signer_unavailable",
+      errorMessage: "Transaction signer not configured"
+    };
+  }
+  async getSigner(action) {
+    throw new Error(
+      `Transaction signer metadata unavailable for action: ${action}`
+    );
+  }
+  async health() {
+    return {
+      ok: false,
+      service: "transaction-signer",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+};
+function createTransactionSignerAdapter(contract) {
+  return contract;
+}
+
+exports.AEON_CAPABILITIES = AEON_CAPABILITIES;
+exports.DEFAULT_CRYPTO_CONFIG = DEFAULT_CRYPTO_CONFIG;
+exports.NullCryptoProvider = NullCryptoProvider;
+exports.NullTransactionSigner = NullTransactionSigner;
+exports.createTransactionSignerAdapter = createTransactionSignerAdapter;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/crypto/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts","../../src/crypto/transactionSigner.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF;;;AC7OO,IAAM,wBAAN,MAGP;AAAA,EACE,MAAM,QACJ,OAAA,EACoD;AACpD,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAA,EAAS,QAAQ,OAAA,IAAW,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAA;AAAA,MACX,YAAA,EAAc;AAAA,KAChB;AAAA,EACF;AAAA,EAEA,MAAM,UACJ,MAAA,EAC6C;AAC7C,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,uDAAuD,MAAM,CAAA;AAAA,KAC/D;AAAA,EACF;AAAA,EAEA,MAAM,MAAA,GAA2C;AAC/C,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,oBAAA;AAAA,MACT,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AAAA,EACF;AACF;AAEO,SAAS,+BAEd,QAAA,EAAwE;AACxE,EAAA,OAAO,QAAA;AACT","file":"index.cjs","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/auth and @affectively/auth.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n  algorithm: SigningAlgorithm;\n  publicKey: JsonWebKey;\n  privateKey?: JsonWebKey;\n  fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n  did: DID;\n  signingKey: KeyPair;\n  encryptionKey?: KeyPair;\n  createdAt: number;\n  displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n  can: string;\n  with: string;\n  constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n  iss: DID;\n  aud: DID;\n  exp: number;\n  nbf?: number;\n  iat?: number;\n  nonce?: string;\n  jti?: string;\n  att: Capability[];\n  prf?: string[];\n  fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n  payload: UCANPayload;\n  raw: string;\n  signature: Uint8Array;\n  algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n  valid: boolean;\n  payload?: UCANPayload;\n  error?: string;\n  expired?: boolean;\n  shouldRotate?: boolean;\n  expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n  | 'default'\n  | 'sync'\n  | 'message'\n  | 'api-key'\n  | 'personal-data'\n  | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n  publicKey: JsonWebKey;\n  privateKey: JsonWebKey;\n  keyId: string;\n  createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n  alg: EncryptionAlgorithm;\n  ct: string;\n  iv: string;\n  tag: string;\n  epk?: JsonWebKey;\n  category?: DomainCategory;\n  nonce?: string;\n  encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n  plaintext: Uint8Array;\n  category?: DomainCategory;\n  encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n  | 'none' // No encryption (development/testing)\n  | 'transport' // Encrypt in transit only (session keys)\n  | 'at-rest' // Encrypt for storage\n  | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n  // Basic sync operations\n  SYNC_READ: 'aeon:sync:read',\n  SYNC_WRITE: 'aeon:sync:write',\n  SYNC_ADMIN: 'aeon:sync:admin',\n\n  // Node operations\n  NODE_REGISTER: 'aeon:node:register',\n  NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n  // Replication operations\n  REPLICATE_READ: 'aeon:replicate:read',\n  REPLICATE_WRITE: 'aeon:replicate:write',\n\n  // State operations\n  STATE_READ: 'aeon:state:read',\n  STATE_WRITE: 'aeon:state:write',\n  STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n  (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n  /** Default encryption mode for sync messages */\n  defaultEncryptionMode: AeonEncryptionMode;\n  /** Require all messages to be signed */\n  requireSignatures: boolean;\n  /** Require UCAN capability verification */\n  requireCapabilities: boolean;\n  /** Allowed signature algorithms */\n  allowedSignatureAlgorithms: string[];\n  /** Allowed encryption algorithms */\n  allowedEncryptionAlgorithms: string[];\n  /** UCAN audience DID for verification */\n  ucanAudience?: string;\n  /** Session key expiration (ms) */\n  sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n  defaultEncryptionMode: 'none',\n  requireSignatures: false,\n  requireCapabilities: false,\n  allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n  allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n  sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n  /** Sender DID */\n  senderDID?: string;\n  /** Receiver DID */\n  receiverDID?: string;\n  /** UCAN token for capability verification */\n  ucan?: string;\n  /** Message signature (base64url) */\n  signature?: string;\n  /** Whether payload is encrypted */\n  encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n  id: string;\n  initiator: string;\n  participants: string[];\n  sessionKey?: Uint8Array;\n  encryptionMode: AeonEncryptionMode;\n  requiredCapabilities: string[];\n  status: 'pending' | 'active' | 'completed' | 'failed';\n  startTime: string;\n  endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n  id: string;\n  did?: string;\n  publicSigningKey?: JsonWebKey;\n  publicEncryptionKey?: JsonWebKey;\n  capabilities?: string[];\n  lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n  authorized: boolean;\n  error?: string;\n  issuer?: string;\n  grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n  payload: T;\n  signature: string;\n  signer: string;\n  algorithm: string;\n  signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n  AeonCapabilityResult,\n  SignedSyncData,\n  SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/auth and @affectively/auth\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n  // ===========================================================================\n  // IDENTITY OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Generate a new identity with DID and key pairs\n   */\n  generateIdentity(displayName?: string): Promise<{\n    did: string;\n    publicSigningKey: JsonWebKey;\n    publicEncryptionKey?: JsonWebKey;\n  }>;\n\n  /**\n   * Get the local identity's DID\n   */\n  getLocalDID(): string | null;\n\n  /**\n   * Export local identity's public info for sharing\n   */\n  exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n  /**\n   * Register a known remote node's public keys\n   */\n  registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n  /**\n   * Get a remote node's public key\n   */\n  getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n  // ===========================================================================\n  // SIGNING OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Sign data with local identity's private key\n   */\n  sign(data: Uint8Array): Promise<Uint8Array>;\n\n  /**\n   * Sign structured data and wrap in SignedSyncData envelope\n   */\n  signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n  /**\n   * Verify a signature from a remote node\n   */\n  verify(\n    did: string,\n    signature: Uint8Array,\n    data: Uint8Array\n  ): Promise<boolean>;\n\n  /**\n   * Verify a SignedSyncData envelope\n   */\n  verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n  // ===========================================================================\n  // ENCRYPTION OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Encrypt data for a recipient\n   */\n  encrypt(\n    plaintext: Uint8Array,\n    recipientDID: string\n  ): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    epk?: JsonWebKey;\n    encryptedAt: number;\n  }>;\n\n  /**\n   * Decrypt data\n   */\n  decrypt(\n    encrypted: {\n      alg: string;\n      ct: string;\n      iv: string;\n      tag: string;\n      epk?: JsonWebKey;\n    },\n    senderDID?: string\n  ): Promise<Uint8Array>;\n\n  /**\n   * Derive or get a session key for communication with a peer\n   */\n  getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n  /**\n   * Encrypt with a session key\n   */\n  encryptWithSessionKey(\n    plaintext: Uint8Array,\n    sessionKey: Uint8Array\n  ): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    encryptedAt: number;\n  }>;\n\n  /**\n   * Decrypt with a session key\n   */\n  decryptWithSessionKey(\n    encrypted: {\n      ct: string;\n      iv: string;\n      tag: string;\n    },\n    sessionKey: Uint8Array\n  ): Promise<Uint8Array>;\n\n  // ===========================================================================\n  // UCAN OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Create a UCAN token\n   */\n  createUCAN(\n    audience: string,\n    capabilities: Array<{ can: string; with: string }>,\n    options?: {\n      expirationSeconds?: number;\n      proofs?: string[];\n    }\n  ): Promise<string>;\n\n  /**\n   * Verify a UCAN token\n   */\n  verifyUCAN(\n    token: string,\n    options?: {\n      expectedAudience?: string;\n      requiredCapabilities?: Array<{ can: string; with: string }>;\n    }\n  ): Promise<AeonCapabilityResult>;\n\n  /**\n   * Delegate capabilities\n   */\n  delegateCapabilities(\n    parentToken: string,\n    audience: string,\n    capabilities: Array<{ can: string; with: string }>,\n    options?: {\n      expirationSeconds?: number;\n    }\n  ): Promise<string>;\n\n  // ===========================================================================\n  // UTILITY OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Compute hash of data\n   */\n  hash(data: Uint8Array): Promise<Uint8Array>;\n\n  /**\n   * Generate random bytes\n   */\n  randomBytes(length: number): Uint8Array;\n\n  /**\n   * Check if crypto is properly initialized\n   */\n  isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n  private notConfiguredError(): Error {\n    return new Error('Crypto provider not configured');\n  }\n\n  async generateIdentity(): Promise<{\n    did: string;\n    publicSigningKey: JsonWebKey;\n    publicEncryptionKey?: JsonWebKey;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  getLocalDID(): string | null {\n    return null;\n  }\n\n  async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n    return null;\n  }\n\n  async registerRemoteNode(): Promise<void> {\n    // No-op when crypto disabled\n  }\n\n  async getRemotePublicKey(): Promise<JsonWebKey | null> {\n    return null;\n  }\n\n  async sign(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n    throw this.notConfiguredError();\n  }\n\n  async verify(): Promise<boolean> {\n    // Permissive when crypto disabled\n    return true;\n  }\n\n  async verifySignedData(): Promise<boolean> {\n    // Permissive when crypto disabled\n    return true;\n  }\n\n  async encrypt(): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    epk?: JsonWebKey;\n    encryptedAt: number;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  async decrypt(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async getSessionKey(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async encryptWithSessionKey(): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    encryptedAt: number;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  async decryptWithSessionKey(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async createUCAN(): Promise<string> {\n    throw this.notConfiguredError();\n  }\n\n  async verifyUCAN(): Promise<AeonCapabilityResult> {\n    // Permissive when crypto disabled\n    return { authorized: true };\n  }\n\n  async delegateCapabilities(): Promise<string> {\n    throw this.notConfiguredError();\n  }\n\n  async hash(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  randomBytes(length: number): Uint8Array {\n    // Use crypto.getRandomValues even without full crypto setup\n    return crypto.getRandomValues(new Uint8Array(length));\n  }\n\n  isInitialized(): boolean {\n    return false;\n  }\n}\n","/**\n * Aeon Transaction Signer Abstraction\n *\n * Keeps sync cryptography (`ICryptoProvider`) decoupled from on-chain write signing.\n * This interface matches custodial signer semantics so server and Aeon callers\n * converge on one contract shape.\n */\n\nexport type HexString = `0x${string}`;\n\nexport type TransactionSignerPayloadMap = Record<string, unknown>;\n\nexport type TransactionSignerExecuteRequest<\n  TPayloads extends TransactionSignerPayloadMap,\n  TAction extends keyof TPayloads & string = keyof TPayloads & string\n> = {\n  action: TAction;\n  payload: TPayloads[TAction];\n  chainId?: number;\n  waitForReceipt?: boolean;\n  requestId?: string;\n};\n\nexport type TransactionSignerErrorCode =\n  | 'invalid_request'\n  | 'signer_unavailable'\n  | 'signer_denied'\n  | 'tx_failed'\n  | 'tx_reverted'\n  | 'unauthorized'\n  | 'forbidden'\n  | 'unknown_action'\n  | 'upstream_error';\n\nexport interface TransactionSignerExecuteResponse<\n  TAction extends string = string\n> {\n  success: boolean;\n  action: TAction;\n  chainId: number;\n  txHash?: HexString;\n  receiptStatus?: 'pending' | 'success' | 'reverted';\n  signerAddress?: HexString;\n  keyVersion?: string;\n  errorCode?: TransactionSignerErrorCode;\n  errorMessage?: string;\n  revertReason?: string;\n}\n\nexport interface TransactionSignerMetadata<TAction extends string = string> {\n  action: TAction;\n  chainId: number;\n  signerAddress: HexString;\n  keyVersion: string;\n  keyName: string;\n}\n\nexport interface TransactionSignerHealth {\n  ok: boolean;\n  service: string;\n  timestamp: string;\n}\n\nexport interface ITransactionSigner<\n  TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> {\n  execute<TAction extends keyof TPayloads & string>(\n    request: TransactionSignerExecuteRequest<TPayloads, TAction>\n  ): Promise<TransactionSignerExecuteResponse<TAction>>;\n\n  getSigner<TAction extends keyof TPayloads & string>(\n    action: TAction\n  ): Promise<TransactionSignerMetadata<TAction>>;\n\n  health(): Promise<TransactionSignerHealth>;\n}\n\nexport class NullTransactionSigner<\n  TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> implements ITransactionSigner<TPayloads>\n{\n  async execute<TAction extends keyof TPayloads & string>(\n    request: TransactionSignerExecuteRequest<TPayloads, TAction>\n  ): Promise<TransactionSignerExecuteResponse<TAction>> {\n    return {\n      success: false,\n      action: request.action,\n      chainId: request.chainId || 0,\n      errorCode: 'signer_unavailable',\n      errorMessage: 'Transaction signer not configured',\n    };\n  }\n\n  async getSigner<TAction extends keyof TPayloads & string>(\n    action: TAction\n  ): Promise<TransactionSignerMetadata<TAction>> {\n    throw new Error(\n      `Transaction signer metadata unavailable for action: ${action}`\n    );\n  }\n\n  async health(): Promise<TransactionSignerHealth> {\n    return {\n      ok: false,\n      service: 'transaction-signer',\n      timestamp: new Date().toISOString(),\n    };\n  }\n}\n\nexport function createTransactionSignerAdapter<\n  TPayloads extends TransactionSignerPayloadMap\n>(contract: ITransactionSigner<TPayloads>): ITransactionSigner<TPayloads> {\n  return contract;\n}\n"]}

package/dist/crypto/index.d.cts

@@ -0,0 +1,56 @@
+export { A as AEON_CAPABILITIES, a as AeonCapability, b as AeonCapabilityResult, c as AeonCryptoConfig, d as AeonEncryptionMode, e as AuthenticatedMessageFields, C as Capability, D as DEFAULT_CRYPTO_CONFIG, f as DID, g as DecryptionResult, h as DomainCategory, E as ECKeyPair, i as EncryptedPayload, j as EncryptionAlgorithm, I as ICryptoProvider, k as Identity, K as KeyPair, N as NullCryptoProvider, S as SecureNodeInfo, l as SecureSyncSession, m as SignedSyncData, n as SigningAlgorithm, U as UCANPayload, o as UCANToken, V as VerificationResult } from '../CryptoProvider-SLWjqByk.cjs';
+
+/**
+ * Aeon Transaction Signer Abstraction
+ *
+ * Keeps sync cryptography (`ICryptoProvider`) decoupled from on-chain write signing.
+ * This interface matches custodial signer semantics so server and Aeon callers
+ * converge on one contract shape.
+ */
+type HexString = `0x${string}`;
+type TransactionSignerPayloadMap = Record<string, unknown>;
+type TransactionSignerExecuteRequest<TPayloads extends TransactionSignerPayloadMap, TAction extends keyof TPayloads & string = keyof TPayloads & string> = {
+    action: TAction;
+    payload: TPayloads[TAction];
+    chainId?: number;
+    waitForReceipt?: boolean;
+    requestId?: string;
+};
+type TransactionSignerErrorCode = 'invalid_request' | 'signer_unavailable' | 'signer_denied' | 'tx_failed' | 'tx_reverted' | 'unauthorized' | 'forbidden' | 'unknown_action' | 'upstream_error';
+interface TransactionSignerExecuteResponse<TAction extends string = string> {
+    success: boolean;
+    action: TAction;
+    chainId: number;
+    txHash?: HexString;
+    receiptStatus?: 'pending' | 'success' | 'reverted';
+    signerAddress?: HexString;
+    keyVersion?: string;
+    errorCode?: TransactionSignerErrorCode;
+    errorMessage?: string;
+    revertReason?: string;
+}
+interface TransactionSignerMetadata<TAction extends string = string> {
+    action: TAction;
+    chainId: number;
+    signerAddress: HexString;
+    keyVersion: string;
+    keyName: string;
+}
+interface TransactionSignerHealth {
+    ok: boolean;
+    service: string;
+    timestamp: string;
+}
+interface ITransactionSigner<TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap> {
+    execute<TAction extends keyof TPayloads & string>(request: TransactionSignerExecuteRequest<TPayloads, TAction>): Promise<TransactionSignerExecuteResponse<TAction>>;
+    getSigner<TAction extends keyof TPayloads & string>(action: TAction): Promise<TransactionSignerMetadata<TAction>>;
+    health(): Promise<TransactionSignerHealth>;
+}
+declare class NullTransactionSigner<TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap> implements ITransactionSigner<TPayloads> {
+    execute<TAction extends keyof TPayloads & string>(request: TransactionSignerExecuteRequest<TPayloads, TAction>): Promise<TransactionSignerExecuteResponse<TAction>>;
+    getSigner<TAction extends keyof TPayloads & string>(action: TAction): Promise<TransactionSignerMetadata<TAction>>;
+    health(): Promise<TransactionSignerHealth>;
+}
+declare function createTransactionSignerAdapter<TPayloads extends TransactionSignerPayloadMap>(contract: ITransactionSigner<TPayloads>): ITransactionSigner<TPayloads>;
+
+export { type ITransactionSigner, NullTransactionSigner, type TransactionSignerErrorCode, type TransactionSignerExecuteRequest, type TransactionSignerExecuteResponse, type TransactionSignerHealth, type TransactionSignerMetadata, type TransactionSignerPayloadMap, createTransactionSignerAdapter };

package/dist/crypto/index.d.ts

@@ -0,0 +1,56 @@
+export { A as AEON_CAPABILITIES, a as AeonCapability, b as AeonCapabilityResult, c as AeonCryptoConfig, d as AeonEncryptionMode, e as AuthenticatedMessageFields, C as Capability, D as DEFAULT_CRYPTO_CONFIG, f as DID, g as DecryptionResult, h as DomainCategory, E as ECKeyPair, i as EncryptedPayload, j as EncryptionAlgorithm, I as ICryptoProvider, k as Identity, K as KeyPair, N as NullCryptoProvider, S as SecureNodeInfo, l as SecureSyncSession, m as SignedSyncData, n as SigningAlgorithm, U as UCANPayload, o as UCANToken, V as VerificationResult } from '../CryptoProvider-SLWjqByk.js';
+
+/**
+ * Aeon Transaction Signer Abstraction
+ *
+ * Keeps sync cryptography (`ICryptoProvider`) decoupled from on-chain write signing.
+ * This interface matches custodial signer semantics so server and Aeon callers
+ * converge on one contract shape.
+ */
+type HexString = `0x${string}`;
+type TransactionSignerPayloadMap = Record<string, unknown>;
+type TransactionSignerExecuteRequest<TPayloads extends TransactionSignerPayloadMap, TAction extends keyof TPayloads & string = keyof TPayloads & string> = {
+    action: TAction;
+    payload: TPayloads[TAction];
+    chainId?: number;
+    waitForReceipt?: boolean;
+    requestId?: string;
+};
+type TransactionSignerErrorCode = 'invalid_request' | 'signer_unavailable' | 'signer_denied' | 'tx_failed' | 'tx_reverted' | 'unauthorized' | 'forbidden' | 'unknown_action' | 'upstream_error';
+interface TransactionSignerExecuteResponse<TAction extends string = string> {
+    success: boolean;
+    action: TAction;
+    chainId: number;
+    txHash?: HexString;
+    receiptStatus?: 'pending' | 'success' | 'reverted';
+    signerAddress?: HexString;
+    keyVersion?: string;
+    errorCode?: TransactionSignerErrorCode;
+    errorMessage?: string;
+    revertReason?: string;
+}
+interface TransactionSignerMetadata<TAction extends string = string> {
+    action: TAction;
+    chainId: number;
+    signerAddress: HexString;
+    keyVersion: string;
+    keyName: string;
+}
+interface TransactionSignerHealth {
+    ok: boolean;
+    service: string;
+    timestamp: string;
+}
+interface ITransactionSigner<TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap> {
+    execute<TAction extends keyof TPayloads & string>(request: TransactionSignerExecuteRequest<TPayloads, TAction>): Promise<TransactionSignerExecuteResponse<TAction>>;
+    getSigner<TAction extends keyof TPayloads & string>(action: TAction): Promise<TransactionSignerMetadata<TAction>>;
+    health(): Promise<TransactionSignerHealth>;
+}
+declare class NullTransactionSigner<TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap> implements ITransactionSigner<TPayloads> {
+    execute<TAction extends keyof TPayloads & string>(request: TransactionSignerExecuteRequest<TPayloads, TAction>): Promise<TransactionSignerExecuteResponse<TAction>>;
+    getSigner<TAction extends keyof TPayloads & string>(action: TAction): Promise<TransactionSignerMetadata<TAction>>;
+    health(): Promise<TransactionSignerHealth>;
+}
+declare function createTransactionSignerAdapter<TPayloads extends TransactionSignerPayloadMap>(contract: ITransactionSigner<TPayloads>): ITransactionSigner<TPayloads>;
+
+export { type ITransactionSigner, NullTransactionSigner, type TransactionSignerErrorCode, type TransactionSignerExecuteRequest, type TransactionSignerExecuteResponse, type TransactionSignerHealth, type TransactionSignerMetadata, type TransactionSignerPayloadMap, createTransactionSignerAdapter };

package/dist/crypto/index.js

@@ -0,0 +1,124 @@
+// src/crypto/types.ts
+var AEON_CAPABILITIES = {
+  // Basic sync operations
+  SYNC_READ: "aeon:sync:read",
+  SYNC_WRITE: "aeon:sync:write",
+  SYNC_ADMIN: "aeon:sync:admin",
+  // Node operations
+  NODE_REGISTER: "aeon:node:register",
+  NODE_HEARTBEAT: "aeon:node:heartbeat",
+  // Replication operations
+  REPLICATE_READ: "aeon:replicate:read",
+  REPLICATE_WRITE: "aeon:replicate:write",
+  // State operations
+  STATE_READ: "aeon:state:read",
+  STATE_WRITE: "aeon:state:write",
+  STATE_RECONCILE: "aeon:state:reconcile"
+};
+var DEFAULT_CRYPTO_CONFIG = {
+  defaultEncryptionMode: "none",
+  requireSignatures: false,
+  requireCapabilities: false,
+  allowedSignatureAlgorithms: ["ES256", "Ed25519"],
+  allowedEncryptionAlgorithms: ["ECIES-P256", "AES-256-GCM"],
+  sessionKeyExpiration: 24 * 60 * 60 * 1e3
+  // 24 hours
+};
+
+// src/crypto/CryptoProvider.ts
+var NullCryptoProvider = class {
+  notConfiguredError() {
+    return new Error("Crypto provider not configured");
+  }
+  async generateIdentity() {
+    throw this.notConfiguredError();
+  }
+  getLocalDID() {
+    return null;
+  }
+  async exportPublicIdentity() {
+    return null;
+  }
+  async registerRemoteNode() {
+  }
+  async getRemotePublicKey() {
+    return null;
+  }
+  async sign() {
+    throw this.notConfiguredError();
+  }
+  async signData(_data) {
+    throw this.notConfiguredError();
+  }
+  async verify() {
+    return true;
+  }
+  async verifySignedData() {
+    return true;
+  }
+  async encrypt() {
+    throw this.notConfiguredError();
+  }
+  async decrypt() {
+    throw this.notConfiguredError();
+  }
+  async getSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async encryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async decryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async createUCAN() {
+    throw this.notConfiguredError();
+  }
+  async verifyUCAN() {
+    return { authorized: true };
+  }
+  async delegateCapabilities() {
+    throw this.notConfiguredError();
+  }
+  async hash() {
+    throw this.notConfiguredError();
+  }
+  randomBytes(length) {
+    return crypto.getRandomValues(new Uint8Array(length));
+  }
+  isInitialized() {
+    return false;
+  }
+};
+
+// src/crypto/transactionSigner.ts
+var NullTransactionSigner = class {
+  async execute(request) {
+    return {
+      success: false,
+      action: request.action,
+      chainId: request.chainId || 0,
+      errorCode: "signer_unavailable",
+      errorMessage: "Transaction signer not configured"
+    };
+  }
+  async getSigner(action) {
+    throw new Error(
+      `Transaction signer metadata unavailable for action: ${action}`
+    );
+  }
+  async health() {
+    return {
+      ok: false,
+      service: "transaction-signer",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+};
+function createTransactionSignerAdapter(contract) {
+  return contract;
+}
+
+export { AEON_CAPABILITIES, DEFAULT_CRYPTO_CONFIG, NullCryptoProvider, NullTransactionSigner, createTransactionSignerAdapter };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map