@affectively/aeon 1.0.0 → 1.2.0

package/dist/core/index.d.cts

@@ -112,6 +112,68 @@ interface CRDTOperation {
     nodeId: string;
     vectorClock: VectorClock;
 }
+/**
+ * Presence selection range
+ */
+interface PresenceSelection {
+    start: number;
+    end: number;
+    direction?: 'forward' | 'backward' | 'none';
+    path?: string;
+}
+/**
+ * Presence typing signal
+ */
+interface PresenceTyping {
+    isTyping: boolean;
+    field?: string;
+    isComposing?: boolean;
+    startedAt?: number;
+    stoppedAt?: number;
+}
+/**
+ * Presence scroll signal
+ */
+interface PresenceScroll {
+    depth: number;
+    y?: number;
+    viewportHeight?: number;
+    documentHeight?: number;
+    path?: string;
+}
+/**
+ * Presence viewport signal
+ */
+interface PresenceViewport {
+    width: number;
+    height: number;
+}
+/**
+ * Presence input signal
+ */
+interface PresenceInputState {
+    field: string;
+    hasFocus: boolean;
+    valueLength?: number;
+    selectionStart?: number;
+    selectionEnd?: number;
+    isComposing?: boolean;
+    inputMode?: string;
+}
+/**
+ * Presence emotional state signal
+ */
+interface PresenceEmotion {
+    primary?: string;
+    secondary?: string;
+    confidence?: number;
+    intensity?: number;
+    valence?: number;
+    arousal?: number;
+    dominance?: number;
+    source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
+    updatedAt?: number;
+}
 /**
  * Presence information for real-time collaboration
  */
@@ -122,10 +184,13 @@ interface PresenceInfo {
         x: number;
         y: number;
     };
-    selection?: {
-        start: number;
-        end: number;
-    };
+    focusNode?: string;
+    selection?: PresenceSelection;
+    typing?: PresenceTyping;
+    scroll?: PresenceScroll;
+    viewport?: PresenceViewport;
+    inputState?: PresenceInputState;
+    emotion?: PresenceEmotion;
     metadata?: Record<string, unknown>;
     lastActivity: number;
 }
@@ -143,4 +208,4 @@ interface IEventEmitter {
     emit<T = unknown>(event: string, data?: T): void;
 }
 
-export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceInfo, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };
+export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceEmotion, PresenceInfo, PresenceInputState, PresenceScroll, PresenceSelection, PresenceTyping, PresenceViewport, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };

package/dist/core/index.d.ts

@@ -112,6 +112,68 @@ interface CRDTOperation {
     nodeId: string;
     vectorClock: VectorClock;
 }
+/**
+ * Presence selection range
+ */
+interface PresenceSelection {
+    start: number;
+    end: number;
+    direction?: 'forward' | 'backward' | 'none';
+    path?: string;
+}
+/**
+ * Presence typing signal
+ */
+interface PresenceTyping {
+    isTyping: boolean;
+    field?: string;
+    isComposing?: boolean;
+    startedAt?: number;
+    stoppedAt?: number;
+}
+/**
+ * Presence scroll signal
+ */
+interface PresenceScroll {
+    depth: number;
+    y?: number;
+    viewportHeight?: number;
+    documentHeight?: number;
+    path?: string;
+}
+/**
+ * Presence viewport signal
+ */
+interface PresenceViewport {
+    width: number;
+    height: number;
+}
+/**
+ * Presence input signal
+ */
+interface PresenceInputState {
+    field: string;
+    hasFocus: boolean;
+    valueLength?: number;
+    selectionStart?: number;
+    selectionEnd?: number;
+    isComposing?: boolean;
+    inputMode?: string;
+}
+/**
+ * Presence emotional state signal
+ */
+interface PresenceEmotion {
+    primary?: string;
+    secondary?: string;
+    confidence?: number;
+    intensity?: number;
+    valence?: number;
+    arousal?: number;
+    dominance?: number;
+    source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
+    updatedAt?: number;
+}
 /**
  * Presence information for real-time collaboration
  */
@@ -122,10 +184,13 @@ interface PresenceInfo {
         x: number;
         y: number;
     };
-    selection?: {
-        start: number;
-        end: number;
-    };
+    focusNode?: string;
+    selection?: PresenceSelection;
+    typing?: PresenceTyping;
+    scroll?: PresenceScroll;
+    viewport?: PresenceViewport;
+    inputState?: PresenceInputState;
+    emotion?: PresenceEmotion;
     metadata?: Record<string, unknown>;
     lastActivity: number;
 }
@@ -143,4 +208,4 @@ interface IEventEmitter {
     emit<T = unknown>(event: string, data?: T): void;
 }
 
-export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceInfo, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };
+export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceEmotion, PresenceInfo, PresenceInputState, PresenceScroll, PresenceSelection, PresenceTyping, PresenceViewport, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };

package/dist/crypto/index.cjs

@@ -0,0 +1,100 @@
+'use strict';
+
+// src/crypto/types.ts
+var AEON_CAPABILITIES = {
+  // Basic sync operations
+  SYNC_READ: "aeon:sync:read",
+  SYNC_WRITE: "aeon:sync:write",
+  SYNC_ADMIN: "aeon:sync:admin",
+  // Node operations
+  NODE_REGISTER: "aeon:node:register",
+  NODE_HEARTBEAT: "aeon:node:heartbeat",
+  // Replication operations
+  REPLICATE_READ: "aeon:replicate:read",
+  REPLICATE_WRITE: "aeon:replicate:write",
+  // State operations
+  STATE_READ: "aeon:state:read",
+  STATE_WRITE: "aeon:state:write",
+  STATE_RECONCILE: "aeon:state:reconcile"
+};
+var DEFAULT_CRYPTO_CONFIG = {
+  defaultEncryptionMode: "none",
+  requireSignatures: false,
+  requireCapabilities: false,
+  allowedSignatureAlgorithms: ["ES256", "Ed25519"],
+  allowedEncryptionAlgorithms: ["ECIES-P256", "AES-256-GCM"],
+  sessionKeyExpiration: 24 * 60 * 60 * 1e3
+  // 24 hours
+};
+
+// src/crypto/CryptoProvider.ts
+var NullCryptoProvider = class {
+  notConfiguredError() {
+    return new Error("Crypto provider not configured");
+  }
+  async generateIdentity() {
+    throw this.notConfiguredError();
+  }
+  getLocalDID() {
+    return null;
+  }
+  async exportPublicIdentity() {
+    return null;
+  }
+  async registerRemoteNode() {
+  }
+  async getRemotePublicKey() {
+    return null;
+  }
+  async sign() {
+    throw this.notConfiguredError();
+  }
+  async signData(_data) {
+    throw this.notConfiguredError();
+  }
+  async verify() {
+    return true;
+  }
+  async verifySignedData() {
+    return true;
+  }
+  async encrypt() {
+    throw this.notConfiguredError();
+  }
+  async decrypt() {
+    throw this.notConfiguredError();
+  }
+  async getSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async encryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async decryptWithSessionKey() {
+    throw this.notConfiguredError();
+  }
+  async createUCAN() {
+    throw this.notConfiguredError();
+  }
+  async verifyUCAN() {
+    return { authorized: true };
+  }
+  async delegateCapabilities() {
+    throw this.notConfiguredError();
+  }
+  async hash() {
+    throw this.notConfiguredError();
+  }
+  randomBytes(length) {
+    return crypto.getRandomValues(new Uint8Array(length));
+  }
+  isInitialized() {
+    return false;
+  }
+};
+
+exports.AEON_CAPABILITIES = AEON_CAPABILITIES;
+exports.DEFAULT_CRYPTO_CONFIG = DEFAULT_CRYPTO_CONFIG;
+exports.NullCryptoProvider = NullCryptoProvider;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/crypto/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/ucan and @affectively/zk-encryption.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/ucan)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n  algorithm: SigningAlgorithm;\n  publicKey: JsonWebKey;\n  privateKey?: JsonWebKey;\n  fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n  did: DID;\n  signingKey: KeyPair;\n  encryptionKey?: KeyPair;\n  createdAt: number;\n  displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n  can: string;\n  with: string;\n  constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n  iss: DID;\n  aud: DID;\n  exp: number;\n  nbf?: number;\n  iat?: number;\n  nonce?: string;\n  jti?: string;\n  att: Capability[];\n  prf?: string[];\n  fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n  payload: UCANPayload;\n  raw: string;\n  signature: Uint8Array;\n  algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n  valid: boolean;\n  payload?: UCANPayload;\n  error?: string;\n  expired?: boolean;\n  shouldRotate?: boolean;\n  expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/zk-encryption)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n  | 'default'\n  | 'sync'\n  | 'message'\n  | 'api-key'\n  | 'personal-data'\n  | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n  publicKey: JsonWebKey;\n  privateKey: JsonWebKey;\n  keyId: string;\n  createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n  alg: EncryptionAlgorithm;\n  ct: string;\n  iv: string;\n  tag: string;\n  epk?: JsonWebKey;\n  category?: DomainCategory;\n  nonce?: string;\n  encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n  plaintext: Uint8Array;\n  category?: DomainCategory;\n  encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n  | 'none' // No encryption (development/testing)\n  | 'transport' // Encrypt in transit only (session keys)\n  | 'at-rest' // Encrypt for storage\n  | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n  // Basic sync operations\n  SYNC_READ: 'aeon:sync:read',\n  SYNC_WRITE: 'aeon:sync:write',\n  SYNC_ADMIN: 'aeon:sync:admin',\n\n  // Node operations\n  NODE_REGISTER: 'aeon:node:register',\n  NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n  // Replication operations\n  REPLICATE_READ: 'aeon:replicate:read',\n  REPLICATE_WRITE: 'aeon:replicate:write',\n\n  // State operations\n  STATE_READ: 'aeon:state:read',\n  STATE_WRITE: 'aeon:state:write',\n  STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n  (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n  /** Default encryption mode for sync messages */\n  defaultEncryptionMode: AeonEncryptionMode;\n  /** Require all messages to be signed */\n  requireSignatures: boolean;\n  /** Require UCAN capability verification */\n  requireCapabilities: boolean;\n  /** Allowed signature algorithms */\n  allowedSignatureAlgorithms: string[];\n  /** Allowed encryption algorithms */\n  allowedEncryptionAlgorithms: string[];\n  /** UCAN audience DID for verification */\n  ucanAudience?: string;\n  /** Session key expiration (ms) */\n  sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n  defaultEncryptionMode: 'none',\n  requireSignatures: false,\n  requireCapabilities: false,\n  allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n  allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n  sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n  /** Sender DID */\n  senderDID?: string;\n  /** Receiver DID */\n  receiverDID?: string;\n  /** UCAN token for capability verification */\n  ucan?: string;\n  /** Message signature (base64url) */\n  signature?: string;\n  /** Whether payload is encrypted */\n  encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n  id: string;\n  initiator: string;\n  participants: string[];\n  sessionKey?: Uint8Array;\n  encryptionMode: AeonEncryptionMode;\n  requiredCapabilities: string[];\n  status: 'pending' | 'active' | 'completed' | 'failed';\n  startTime: string;\n  endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n  id: string;\n  did?: string;\n  publicSigningKey?: JsonWebKey;\n  publicEncryptionKey?: JsonWebKey;\n  capabilities?: string[];\n  lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n  authorized: boolean;\n  error?: string;\n  issuer?: string;\n  grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n  payload: T;\n  signature: string;\n  signer: string;\n  algorithm: string;\n  signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n  AeonCapabilityResult,\n  SignedSyncData,\n  SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/ucan and @affectively/zk-encryption\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n  // ===========================================================================\n  // IDENTITY OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Generate a new identity with DID and key pairs\n   */\n  generateIdentity(displayName?: string): Promise<{\n    did: string;\n    publicSigningKey: JsonWebKey;\n    publicEncryptionKey?: JsonWebKey;\n  }>;\n\n  /**\n   * Get the local identity's DID\n   */\n  getLocalDID(): string | null;\n\n  /**\n   * Export local identity's public info for sharing\n   */\n  exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n  /**\n   * Register a known remote node's public keys\n   */\n  registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n  /**\n   * Get a remote node's public key\n   */\n  getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n  // ===========================================================================\n  // SIGNING OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Sign data with local identity's private key\n   */\n  sign(data: Uint8Array): Promise<Uint8Array>;\n\n  /**\n   * Sign structured data and wrap in SignedSyncData envelope\n   */\n  signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n  /**\n   * Verify a signature from a remote node\n   */\n  verify(\n    did: string,\n    signature: Uint8Array,\n    data: Uint8Array,\n  ): Promise<boolean>;\n\n  /**\n   * Verify a SignedSyncData envelope\n   */\n  verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n  // ===========================================================================\n  // ENCRYPTION OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Encrypt data for a recipient\n   */\n  encrypt(\n    plaintext: Uint8Array,\n    recipientDID: string,\n  ): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    epk?: JsonWebKey;\n    encryptedAt: number;\n  }>;\n\n  /**\n   * Decrypt data\n   */\n  decrypt(\n    encrypted: {\n      alg: string;\n      ct: string;\n      iv: string;\n      tag: string;\n      epk?: JsonWebKey;\n    },\n    senderDID?: string,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Derive or get a session key for communication with a peer\n   */\n  getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n  /**\n   * Encrypt with a session key\n   */\n  encryptWithSessionKey(\n    plaintext: Uint8Array,\n    sessionKey: Uint8Array,\n  ): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    encryptedAt: number;\n  }>;\n\n  /**\n   * Decrypt with a session key\n   */\n  decryptWithSessionKey(\n    encrypted: {\n      ct: string;\n      iv: string;\n      tag: string;\n    },\n    sessionKey: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  // ===========================================================================\n  // UCAN OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Create a UCAN token\n   */\n  createUCAN(\n    audience: string,\n    capabilities: Array<{ can: string; with: string }>,\n    options?: {\n      expirationSeconds?: number;\n      proofs?: string[];\n    },\n  ): Promise<string>;\n\n  /**\n   * Verify a UCAN token\n   */\n  verifyUCAN(\n    token: string,\n    options?: {\n      expectedAudience?: string;\n      requiredCapabilities?: Array<{ can: string; with: string }>;\n    },\n  ): Promise<AeonCapabilityResult>;\n\n  /**\n   * Delegate capabilities\n   */\n  delegateCapabilities(\n    parentToken: string,\n    audience: string,\n    capabilities: Array<{ can: string; with: string }>,\n    options?: {\n      expirationSeconds?: number;\n    },\n  ): Promise<string>;\n\n  // ===========================================================================\n  // UTILITY OPERATIONS\n  // ===========================================================================\n\n  /**\n   * Compute hash of data\n   */\n  hash(data: Uint8Array): Promise<Uint8Array>;\n\n  /**\n   * Generate random bytes\n   */\n  randomBytes(length: number): Uint8Array;\n\n  /**\n   * Check if crypto is properly initialized\n   */\n  isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n  private notConfiguredError(): Error {\n    return new Error('Crypto provider not configured');\n  }\n\n  async generateIdentity(): Promise<{\n    did: string;\n    publicSigningKey: JsonWebKey;\n    publicEncryptionKey?: JsonWebKey;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  getLocalDID(): string | null {\n    return null;\n  }\n\n  async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n    return null;\n  }\n\n  async registerRemoteNode(): Promise<void> {\n    // No-op when crypto disabled\n  }\n\n  async getRemotePublicKey(): Promise<JsonWebKey | null> {\n    return null;\n  }\n\n  async sign(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n    throw this.notConfiguredError();\n  }\n\n  async verify(): Promise<boolean> {\n    // Permissive when crypto disabled\n    return true;\n  }\n\n  async verifySignedData(): Promise<boolean> {\n    // Permissive when crypto disabled\n    return true;\n  }\n\n  async encrypt(): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    epk?: JsonWebKey;\n    encryptedAt: number;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  async decrypt(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async getSessionKey(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async encryptWithSessionKey(): Promise<{\n    alg: string;\n    ct: string;\n    iv: string;\n    tag: string;\n    encryptedAt: number;\n  }> {\n    throw this.notConfiguredError();\n  }\n\n  async decryptWithSessionKey(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  async createUCAN(): Promise<string> {\n    throw this.notConfiguredError();\n  }\n\n  async verifyUCAN(): Promise<AeonCapabilityResult> {\n    // Permissive when crypto disabled\n    return { authorized: true };\n  }\n\n  async delegateCapabilities(): Promise<string> {\n    throw this.notConfiguredError();\n  }\n\n  async hash(): Promise<Uint8Array> {\n    throw this.notConfiguredError();\n  }\n\n  randomBytes(length: number): Uint8Array {\n    // Use crypto.getRandomValues even without full crypto setup\n    return crypto.getRandomValues(new Uint8Array(length));\n  }\n\n  isInitialized(): boolean {\n    return false;\n  }\n}\n"]}