@affectively/aeon 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/compression/index.cjs.map +1 -1
  2. package/dist/compression/index.js.map +1 -1
  3. package/dist/core/index.d.cts +105 -100
  4. package/dist/core/index.d.ts +105 -100
  5. package/dist/crypto/index.cjs.map +1 -1
  6. package/dist/crypto/index.d.cts +310 -271
  7. package/dist/crypto/index.d.ts +310 -271
  8. package/dist/crypto/index.js.map +1 -1
  9. package/dist/distributed/index.cjs +8 -2
  10. package/dist/distributed/index.cjs.map +1 -1
  11. package/dist/distributed/index.d.cts +871 -756
  12. package/dist/distributed/index.d.ts +871 -756
  13. package/dist/distributed/index.js +8 -2
  14. package/dist/distributed/index.js.map +1 -1
  15. package/dist/index.cjs +26 -10
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.d.cts +1 -1
  18. package/dist/index.d.ts +1 -1
  19. package/dist/index.js +26 -10
  20. package/dist/index.js.map +1 -1
  21. package/dist/offline/index.cjs.map +1 -1
  22. package/dist/offline/index.d.cts +128 -122
  23. package/dist/offline/index.d.ts +128 -122
  24. package/dist/offline/index.js.map +1 -1
  25. package/dist/optimization/index.cjs.map +1 -1
  26. package/dist/optimization/index.js.map +1 -1
  27. package/dist/persistence/index.cjs.map +1 -1
  28. package/dist/persistence/index.d.cts +38 -38
  29. package/dist/persistence/index.d.ts +38 -38
  30. package/dist/persistence/index.js.map +1 -1
  31. package/dist/presence/index.cjs.map +1 -1
  32. package/dist/presence/index.js.map +1 -1
  33. package/dist/{types-CMxO7QF0.d.cts → types-B7gCpNX9.d.cts} +6 -6
  34. package/dist/{types-CMxO7QF0.d.ts → types-B7gCpNX9.d.ts} +6 -6
  35. package/dist/utils/index.d.cts +4 -4
  36. package/dist/utils/index.d.ts +4 -4
  37. package/dist/versioning/index.cjs +18 -8
  38. package/dist/versioning/index.cjs.map +1 -1
  39. package/dist/versioning/index.d.cts +1 -1
  40. package/dist/versioning/index.d.ts +1 -1
  41. package/dist/versioning/index.js +18 -8
  42. package/dist/versioning/index.js.map +1 -1
  43. package/package.json +6 -2
package/dist/core/index.d.cts CHANGED
@@ -19,55 +19,60 @@ type OperationStatus = 'pending' | 'syncing' | 'synced' | 'failed';
19
19
  * Queued operation for offline-first synchronization
20
20
  */
21
21
  interface Operation {
22
- id: string;
23
- type: OperationType;
24
- sessionId: string;
25
- status: OperationStatus;
26
- data: Record<string, unknown>;
27
- priority?: OperationPriority;
28
- createdAt?: number;
29
- syncedAt?: number;
30
- retryCount?: number;
31
- maxRetries?: number;
22
+ id: string;
23
+ type: OperationType;
24
+ sessionId: string;
25
+ status: OperationStatus;
26
+ data: Record<string, unknown>;
27
+ priority?: OperationPriority;
28
+ createdAt?: number;
29
+ syncedAt?: number;
30
+ retryCount?: number;
31
+ maxRetries?: number;
32
32
  }
33
33
  /**
34
34
  * Conflict detection result
35
35
  */
36
36
  interface ConflictDetectionResult {
37
- hasConflict: boolean;
38
- type?: 'update_update' | 'delete_update' | 'update_delete' | 'concurrent';
39
- severity?: 'low' | 'medium' | 'high';
40
- similarity?: number;
37
+ hasConflict: boolean;
38
+ type?: 'update_update' | 'delete_update' | 'update_delete' | 'concurrent';
39
+ severity?: 'low' | 'medium' | 'high';
40
+ similarity?: number;
41
41
  }
42
42
  /**
43
43
  * Conflict resolution strategy
44
44
  */
45
- type ResolutionStrategy = 'local_wins' | 'remote_wins' | 'last_modified' | 'merge' | 'manual';
45
+ type ResolutionStrategy =
46
+ | 'local_wins'
47
+ | 'remote_wins'
48
+ | 'last_modified'
49
+ | 'merge'
50
+ | 'manual';
46
51
  /**
47
52
  * Sync batch for uploading multiple operations
48
53
  */
49
54
  interface SyncBatch {
50
- batchId: string;
51
- operations: Operation[];
52
- totalSize: number;
53
- createdAt: number;
54
- priority: OperationPriority;
55
+ batchId: string;
56
+ operations: Operation[];
57
+ totalSize: number;
58
+ createdAt: number;
59
+ priority: OperationPriority;
55
60
  }
56
61
  /**
57
62
  * Sync result from server
58
63
  */
59
64
  interface SyncResult {
60
- success: boolean;
61
- synced: string[];
62
- failed: Array<{
63
- operationId: string;
64
- error: string;
65
- }>;
66
- conflicts: Array<{
67
- operationId: string;
68
- remoteVersion: Record<string, unknown>;
69
- strategy: ResolutionStrategy;
70
- }>;
65
+ success: boolean;
66
+ synced: string[];
67
+ failed: Array<{
68
+ operationId: string;
69
+ error: string;
70
+ }>;
71
+ conflicts: Array<{
72
+ operationId: string;
73
+ remoteVersion: Record<string, unknown>;
74
+ strategy: ResolutionStrategy;
75
+ }>;
71
76
  }
72
77
  /**
73
78
  * Network state for adaptive sync
@@ -77,122 +82,122 @@ type NetworkState = 'online' | 'offline' | 'poor' | 'unknown';
77
82
  * Bandwidth profile for sync adaptation
78
83
  */
79
84
  interface BandwidthProfile {
80
- bandwidth: number;
81
- latency: number;
82
- timestamp: number;
83
- reliability: number;
85
+ bandwidth: number;
86
+ latency: number;
87
+ timestamp: number;
88
+ reliability: number;
84
89
  }
85
90
  /**
86
91
  * Sync coordinator configuration
87
92
  */
88
93
  interface SyncCoordinatorConfig {
89
- maxBatchSize: number;
90
- maxBatchBytes: number;
91
- maxRetries: number;
92
- retryDelayMs: number;
93
- enableCompression: boolean;
94
- enableDeltaSync: boolean;
95
- adaptateBatchSize: boolean;
94
+ maxBatchSize: number;
95
+ maxBatchBytes: number;
96
+ maxRetries: number;
97
+ retryDelayMs: number;
98
+ enableCompression: boolean;
99
+ enableDeltaSync: boolean;
100
+ adaptateBatchSize: boolean;
96
101
  }
97
102
  /**
98
103
  * Vector clock for causality tracking
99
104
  */
100
105
  interface VectorClock {
101
- [nodeId: string]: number;
106
+ [nodeId: string]: number;
102
107
  }
103
108
  /**
104
109
  * CRDT operation for conflict-free updates
105
110
  */
106
111
  interface CRDTOperation {
107
- id: string;
108
- type: 'insert' | 'delete' | 'update';
109
- path: string[];
110
- value?: unknown;
111
- timestamp: number;
112
- nodeId: string;
113
- vectorClock: VectorClock;
112
+ id: string;
113
+ type: 'insert' | 'delete' | 'update';
114
+ path: string[];
115
+ value?: unknown;
116
+ timestamp: number;
117
+ nodeId: string;
118
+ vectorClock: VectorClock;
114
119
  }
115
120
  /**
116
121
  * Presence selection range
117
122
  */
118
123
  interface PresenceSelection {
119
- start: number;
120
- end: number;
121
- direction?: 'forward' | 'backward' | 'none';
122
- path?: string;
124
+ start: number;
125
+ end: number;
126
+ direction?: 'forward' | 'backward' | 'none';
127
+ path?: string;
123
128
  }
124
129
  /**
125
130
  * Presence typing signal
126
131
  */
127
132
  interface PresenceTyping {
128
- isTyping: boolean;
129
- field?: string;
130
- isComposing?: boolean;
131
- startedAt?: number;
132
- stoppedAt?: number;
133
+ isTyping: boolean;
134
+ field?: string;
135
+ isComposing?: boolean;
136
+ startedAt?: number;
137
+ stoppedAt?: number;
133
138
  }
134
139
  /**
135
140
  * Presence scroll signal
136
141
  */
137
142
  interface PresenceScroll {
138
- depth: number;
139
- y?: number;
140
- viewportHeight?: number;
141
- documentHeight?: number;
142
- path?: string;
143
+ depth: number;
144
+ y?: number;
145
+ viewportHeight?: number;
146
+ documentHeight?: number;
147
+ path?: string;
143
148
  }
144
149
  /**
145
150
  * Presence viewport signal
146
151
  */
147
152
  interface PresenceViewport {
148
- width: number;
149
- height: number;
153
+ width: number;
154
+ height: number;
150
155
  }
151
156
  /**
152
157
  * Presence input signal
153
158
  */
154
159
  interface PresenceInputState {
155
- field: string;
156
- hasFocus: boolean;
157
- valueLength?: number;
158
- selectionStart?: number;
159
- selectionEnd?: number;
160
- isComposing?: boolean;
161
- inputMode?: string;
160
+ field: string;
161
+ hasFocus: boolean;
162
+ valueLength?: number;
163
+ selectionStart?: number;
164
+ selectionEnd?: number;
165
+ isComposing?: boolean;
166
+ inputMode?: string;
162
167
  }
163
168
  /**
164
169
  * Presence emotional state signal
165
170
  */
166
171
  interface PresenceEmotion {
167
- primary?: string;
168
- secondary?: string;
169
- confidence?: number;
170
- intensity?: number;
171
- valence?: number;
172
- arousal?: number;
173
- dominance?: number;
174
- source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
175
- updatedAt?: number;
172
+ primary?: string;
173
+ secondary?: string;
174
+ confidence?: number;
175
+ intensity?: number;
176
+ valence?: number;
177
+ arousal?: number;
178
+ dominance?: number;
179
+ source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
180
+ updatedAt?: number;
176
181
  }
177
182
  /**
178
183
  * Presence information for real-time collaboration
179
184
  */
180
185
  interface PresenceInfo {
181
- userId: string;
182
- nodeId: string;
183
- cursor?: {
184
- x: number;
185
- y: number;
186
- };
187
- focusNode?: string;
188
- selection?: PresenceSelection;
189
- typing?: PresenceTyping;
190
- scroll?: PresenceScroll;
191
- viewport?: PresenceViewport;
192
- inputState?: PresenceInputState;
193
- emotion?: PresenceEmotion;
194
- metadata?: Record<string, unknown>;
195
- lastActivity: number;
186
+ userId: string;
187
+ nodeId: string;
188
+ cursor?: {
189
+ x: number;
190
+ y: number;
191
+ };
192
+ focusNode?: string;
193
+ selection?: PresenceSelection;
194
+ typing?: PresenceTyping;
195
+ scroll?: PresenceScroll;
196
+ viewport?: PresenceViewport;
197
+ inputState?: PresenceInputState;
198
+ emotion?: PresenceEmotion;
199
+ metadata?: Record<string, unknown>;
200
+ lastActivity: number;
196
201
  }
197
202
  /**
198
203
  * Event emitter types
@@ -203,9 +208,9 @@ type EventUnsubscribe = () => void;
203
208
  * Generic event emitter interface
204
209
  */
205
210
  interface IEventEmitter {
206
- on<T = unknown>(event: string, callback: EventCallback<T>): EventUnsubscribe;
207
- off(event: string, callback: EventCallback): void;
208
- emit<T = unknown>(event: string, data?: T): void;
211
+ on<T = unknown>(event: string, callback: EventCallback<T>): EventUnsubscribe;
212
+ off(event: string, callback: EventCallback): void;
213
+ emit<T = unknown>(event: string, data?: T): void;
209
214
  }
210
215
 
211
216
  export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceEmotion, PresenceInfo, PresenceInputState, PresenceScroll, PresenceSelection, PresenceTyping, PresenceViewport, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };
package/dist/core/index.d.ts CHANGED
@@ -19,55 +19,60 @@ type OperationStatus = 'pending' | 'syncing' | 'synced' | 'failed';
19
19
  * Queued operation for offline-first synchronization
20
20
  */
21
21
  interface Operation {
22
- id: string;
23
- type: OperationType;
24
- sessionId: string;
25
- status: OperationStatus;
26
- data: Record<string, unknown>;
27
- priority?: OperationPriority;
28
- createdAt?: number;
29
- syncedAt?: number;
30
- retryCount?: number;
31
- maxRetries?: number;
22
+ id: string;
23
+ type: OperationType;
24
+ sessionId: string;
25
+ status: OperationStatus;
26
+ data: Record<string, unknown>;
27
+ priority?: OperationPriority;
28
+ createdAt?: number;
29
+ syncedAt?: number;
30
+ retryCount?: number;
31
+ maxRetries?: number;
32
32
  }
33
33
  /**
34
34
  * Conflict detection result
35
35
  */
36
36
  interface ConflictDetectionResult {
37
- hasConflict: boolean;
38
- type?: 'update_update' | 'delete_update' | 'update_delete' | 'concurrent';
39
- severity?: 'low' | 'medium' | 'high';
40
- similarity?: number;
37
+ hasConflict: boolean;
38
+ type?: 'update_update' | 'delete_update' | 'update_delete' | 'concurrent';
39
+ severity?: 'low' | 'medium' | 'high';
40
+ similarity?: number;
41
41
  }
42
42
  /**
43
43
  * Conflict resolution strategy
44
44
  */
45
- type ResolutionStrategy = 'local_wins' | 'remote_wins' | 'last_modified' | 'merge' | 'manual';
45
+ type ResolutionStrategy =
46
+ | 'local_wins'
47
+ | 'remote_wins'
48
+ | 'last_modified'
49
+ | 'merge'
50
+ | 'manual';
46
51
  /**
47
52
  * Sync batch for uploading multiple operations
48
53
  */
49
54
  interface SyncBatch {
50
- batchId: string;
51
- operations: Operation[];
52
- totalSize: number;
53
- createdAt: number;
54
- priority: OperationPriority;
55
+ batchId: string;
56
+ operations: Operation[];
57
+ totalSize: number;
58
+ createdAt: number;
59
+ priority: OperationPriority;
55
60
  }
56
61
  /**
57
62
  * Sync result from server
58
63
  */
59
64
  interface SyncResult {
60
- success: boolean;
61
- synced: string[];
62
- failed: Array<{
63
- operationId: string;
64
- error: string;
65
- }>;
66
- conflicts: Array<{
67
- operationId: string;
68
- remoteVersion: Record<string, unknown>;
69
- strategy: ResolutionStrategy;
70
- }>;
65
+ success: boolean;
66
+ synced: string[];
67
+ failed: Array<{
68
+ operationId: string;
69
+ error: string;
70
+ }>;
71
+ conflicts: Array<{
72
+ operationId: string;
73
+ remoteVersion: Record<string, unknown>;
74
+ strategy: ResolutionStrategy;
75
+ }>;
71
76
  }
72
77
  /**
73
78
  * Network state for adaptive sync
@@ -77,122 +82,122 @@ type NetworkState = 'online' | 'offline' | 'poor' | 'unknown';
77
82
  * Bandwidth profile for sync adaptation
78
83
  */
79
84
  interface BandwidthProfile {
80
- bandwidth: number;
81
- latency: number;
82
- timestamp: number;
83
- reliability: number;
85
+ bandwidth: number;
86
+ latency: number;
87
+ timestamp: number;
88
+ reliability: number;
84
89
  }
85
90
  /**
86
91
  * Sync coordinator configuration
87
92
  */
88
93
  interface SyncCoordinatorConfig {
89
- maxBatchSize: number;
90
- maxBatchBytes: number;
91
- maxRetries: number;
92
- retryDelayMs: number;
93
- enableCompression: boolean;
94
- enableDeltaSync: boolean;
95
- adaptateBatchSize: boolean;
94
+ maxBatchSize: number;
95
+ maxBatchBytes: number;
96
+ maxRetries: number;
97
+ retryDelayMs: number;
98
+ enableCompression: boolean;
99
+ enableDeltaSync: boolean;
100
+ adaptateBatchSize: boolean;
96
101
  }
97
102
  /**
98
103
  * Vector clock for causality tracking
99
104
  */
100
105
  interface VectorClock {
101
- [nodeId: string]: number;
106
+ [nodeId: string]: number;
102
107
  }
103
108
  /**
104
109
  * CRDT operation for conflict-free updates
105
110
  */
106
111
  interface CRDTOperation {
107
- id: string;
108
- type: 'insert' | 'delete' | 'update';
109
- path: string[];
110
- value?: unknown;
111
- timestamp: number;
112
- nodeId: string;
113
- vectorClock: VectorClock;
112
+ id: string;
113
+ type: 'insert' | 'delete' | 'update';
114
+ path: string[];
115
+ value?: unknown;
116
+ timestamp: number;
117
+ nodeId: string;
118
+ vectorClock: VectorClock;
114
119
  }
115
120
  /**
116
121
  * Presence selection range
117
122
  */
118
123
  interface PresenceSelection {
119
- start: number;
120
- end: number;
121
- direction?: 'forward' | 'backward' | 'none';
122
- path?: string;
124
+ start: number;
125
+ end: number;
126
+ direction?: 'forward' | 'backward' | 'none';
127
+ path?: string;
123
128
  }
124
129
  /**
125
130
  * Presence typing signal
126
131
  */
127
132
  interface PresenceTyping {
128
- isTyping: boolean;
129
- field?: string;
130
- isComposing?: boolean;
131
- startedAt?: number;
132
- stoppedAt?: number;
133
+ isTyping: boolean;
134
+ field?: string;
135
+ isComposing?: boolean;
136
+ startedAt?: number;
137
+ stoppedAt?: number;
133
138
  }
134
139
  /**
135
140
  * Presence scroll signal
136
141
  */
137
142
  interface PresenceScroll {
138
- depth: number;
139
- y?: number;
140
- viewportHeight?: number;
141
- documentHeight?: number;
142
- path?: string;
143
+ depth: number;
144
+ y?: number;
145
+ viewportHeight?: number;
146
+ documentHeight?: number;
147
+ path?: string;
143
148
  }
144
149
  /**
145
150
  * Presence viewport signal
146
151
  */
147
152
  interface PresenceViewport {
148
- width: number;
149
- height: number;
153
+ width: number;
154
+ height: number;
150
155
  }
151
156
  /**
152
157
  * Presence input signal
153
158
  */
154
159
  interface PresenceInputState {
155
- field: string;
156
- hasFocus: boolean;
157
- valueLength?: number;
158
- selectionStart?: number;
159
- selectionEnd?: number;
160
- isComposing?: boolean;
161
- inputMode?: string;
160
+ field: string;
161
+ hasFocus: boolean;
162
+ valueLength?: number;
163
+ selectionStart?: number;
164
+ selectionEnd?: number;
165
+ isComposing?: boolean;
166
+ inputMode?: string;
162
167
  }
163
168
  /**
164
169
  * Presence emotional state signal
165
170
  */
166
171
  interface PresenceEmotion {
167
- primary?: string;
168
- secondary?: string;
169
- confidence?: number;
170
- intensity?: number;
171
- valence?: number;
172
- arousal?: number;
173
- dominance?: number;
174
- source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
175
- updatedAt?: number;
172
+ primary?: string;
173
+ secondary?: string;
174
+ confidence?: number;
175
+ intensity?: number;
176
+ valence?: number;
177
+ arousal?: number;
178
+ dominance?: number;
179
+ source?: 'self-report' | 'inferred' | 'sensor' | 'hybrid';
180
+ updatedAt?: number;
176
181
  }
177
182
  /**
178
183
  * Presence information for real-time collaboration
179
184
  */
180
185
  interface PresenceInfo {
181
- userId: string;
182
- nodeId: string;
183
- cursor?: {
184
- x: number;
185
- y: number;
186
- };
187
- focusNode?: string;
188
- selection?: PresenceSelection;
189
- typing?: PresenceTyping;
190
- scroll?: PresenceScroll;
191
- viewport?: PresenceViewport;
192
- inputState?: PresenceInputState;
193
- emotion?: PresenceEmotion;
194
- metadata?: Record<string, unknown>;
195
- lastActivity: number;
186
+ userId: string;
187
+ nodeId: string;
188
+ cursor?: {
189
+ x: number;
190
+ y: number;
191
+ };
192
+ focusNode?: string;
193
+ selection?: PresenceSelection;
194
+ typing?: PresenceTyping;
195
+ scroll?: PresenceScroll;
196
+ viewport?: PresenceViewport;
197
+ inputState?: PresenceInputState;
198
+ emotion?: PresenceEmotion;
199
+ metadata?: Record<string, unknown>;
200
+ lastActivity: number;
196
201
  }
197
202
  /**
198
203
  * Event emitter types
@@ -203,9 +208,9 @@ type EventUnsubscribe = () => void;
203
208
  * Generic event emitter interface
204
209
  */
205
210
  interface IEventEmitter {
206
- on<T = unknown>(event: string, callback: EventCallback<T>): EventUnsubscribe;
207
- off(event: string, callback: EventCallback): void;
208
- emit<T = unknown>(event: string, data?: T): void;
211
+ on<T = unknown>(event: string, callback: EventCallback<T>): EventUnsubscribe;
212
+ off(event: string, callback: EventCallback): void;
213
+ emit<T = unknown>(event: string, data?: T): void;
209
214
  }
210
215
 
211
216
  export type { BandwidthProfile, CRDTOperation, ConflictDetectionResult, EventCallback, EventUnsubscribe, IEventEmitter, NetworkState, Operation, OperationPriority, OperationStatus, OperationType, PresenceEmotion, PresenceInfo, PresenceInputState, PresenceScroll, PresenceSelection, PresenceTyping, PresenceViewport, ResolutionStrategy, SyncBatch, SyncCoordinatorConfig, SyncResult, VectorClock };
package/dist/crypto/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/ucan and @affectively/zk-encryption.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/ucan)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n algorithm: SigningAlgorithm;\n publicKey: JsonWebKey;\n privateKey?: JsonWebKey;\n fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n did: DID;\n signingKey: KeyPair;\n encryptionKey?: KeyPair;\n createdAt: number;\n displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n can: string;\n with: string;\n constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n iss: DID;\n aud: DID;\n exp: number;\n nbf?: number;\n iat?: number;\n nonce?: string;\n jti?: string;\n att: Capability[];\n prf?: string[];\n fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n payload: UCANPayload;\n raw: string;\n signature: Uint8Array;\n algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n valid: boolean;\n payload?: UCANPayload;\n error?: string;\n expired?: boolean;\n shouldRotate?: boolean;\n expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/zk-encryption)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n | 'default'\n | 'sync'\n | 'message'\n | 'api-key'\n | 'personal-data'\n | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n publicKey: JsonWebKey;\n privateKey: JsonWebKey;\n keyId: string;\n createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n alg: EncryptionAlgorithm;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n category?: DomainCategory;\n nonce?: string;\n encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n plaintext: Uint8Array;\n category?: DomainCategory;\n encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n | 'none' // No encryption (development/testing)\n | 'transport' // Encrypt in transit only (session keys)\n | 'at-rest' // Encrypt for storage\n | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n // Basic sync operations\n SYNC_READ: 'aeon:sync:read',\n SYNC_WRITE: 'aeon:sync:write',\n SYNC_ADMIN: 'aeon:sync:admin',\n\n // Node operations\n NODE_REGISTER: 'aeon:node:register',\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n // Replication operations\n REPLICATE_READ: 'aeon:replicate:read',\n REPLICATE_WRITE: 'aeon:replicate:write',\n\n // State operations\n STATE_READ: 'aeon:state:read',\n STATE_WRITE: 'aeon:state:write',\n STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n /** Default encryption mode for sync messages */\n defaultEncryptionMode: AeonEncryptionMode;\n /** Require all messages to be signed */\n requireSignatures: boolean;\n /** Require UCAN capability verification */\n requireCapabilities: boolean;\n /** Allowed signature algorithms */\n allowedSignatureAlgorithms: string[];\n /** Allowed encryption algorithms */\n allowedEncryptionAlgorithms: string[];\n /** UCAN audience DID for verification */\n ucanAudience?: string;\n /** Session key expiration (ms) */\n sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n defaultEncryptionMode: 'none',\n requireSignatures: false,\n requireCapabilities: false,\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n /** Sender DID */\n senderDID?: string;\n /** Receiver DID */\n receiverDID?: string;\n /** UCAN token for capability verification */\n ucan?: string;\n /** Message signature (base64url) */\n signature?: string;\n /** Whether payload is encrypted */\n encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n id: string;\n initiator: string;\n participants: string[];\n sessionKey?: Uint8Array;\n encryptionMode: AeonEncryptionMode;\n requiredCapabilities: string[];\n status: 'pending' | 'active' | 'completed' | 'failed';\n startTime: string;\n endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n id: string;\n did?: string;\n publicSigningKey?: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n capabilities?: string[];\n lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n authorized: boolean;\n error?: string;\n issuer?: string;\n grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n payload: T;\n signature: string;\n signer: string;\n algorithm: string;\n signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n AeonCapabilityResult,\n SignedSyncData,\n SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/ucan and @affectively/zk-encryption\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n // ===========================================================================\n // IDENTITY OPERATIONS\n // ===========================================================================\n\n /**\n * Generate a new identity with DID and key pairs\n */\n generateIdentity(displayName?: string): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }>;\n\n /**\n * Get the local identity's DID\n */\n getLocalDID(): string | null;\n\n /**\n * Export local identity's public info for sharing\n */\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n /**\n * Register a known remote node's public keys\n */\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n /**\n * Get a remote node's public key\n */\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n // ===========================================================================\n // SIGNING OPERATIONS\n // ===========================================================================\n\n /**\n * Sign data with local identity's private key\n */\n sign(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Sign structured data and wrap in SignedSyncData envelope\n */\n signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n /**\n * Verify a signature from a remote node\n */\n verify(\n did: string,\n signature: Uint8Array,\n data: Uint8Array,\n ): Promise<boolean>;\n\n /**\n * Verify a SignedSyncData envelope\n */\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n // ===========================================================================\n // ENCRYPTION OPERATIONS\n // ===========================================================================\n\n /**\n * Encrypt data for a recipient\n */\n encrypt(\n plaintext: Uint8Array,\n recipientDID: string,\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt data\n */\n decrypt(\n encrypted: {\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n },\n senderDID?: string,\n ): Promise<Uint8Array>;\n\n /**\n * Derive or get a session key for communication with a peer\n */\n getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n /**\n * Encrypt with a session key\n */\n encryptWithSessionKey(\n plaintext: Uint8Array,\n sessionKey: Uint8Array,\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt with a session key\n */\n decryptWithSessionKey(\n encrypted: {\n ct: string;\n iv: string;\n tag: string;\n },\n sessionKey: Uint8Array,\n ): Promise<Uint8Array>;\n\n // ===========================================================================\n // UCAN OPERATIONS\n // ===========================================================================\n\n /**\n * Create a UCAN token\n */\n createUCAN(\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n proofs?: string[];\n },\n ): Promise<string>;\n\n /**\n * Verify a UCAN token\n */\n verifyUCAN(\n token: string,\n options?: {\n expectedAudience?: string;\n requiredCapabilities?: Array<{ can: string; with: string }>;\n },\n ): Promise<AeonCapabilityResult>;\n\n /**\n * Delegate capabilities\n */\n delegateCapabilities(\n parentToken: string,\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n },\n ): Promise<string>;\n\n // ===========================================================================\n // UTILITY OPERATIONS\n // ===========================================================================\n\n /**\n * Compute hash of data\n */\n hash(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Generate random bytes\n */\n randomBytes(length: number): Uint8Array;\n\n /**\n * Check if crypto is properly initialized\n */\n isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n private notConfiguredError(): Error {\n return new Error('Crypto provider not configured');\n }\n\n async generateIdentity(): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }> {\n throw this.notConfiguredError();\n }\n\n getLocalDID(): string | null {\n return null;\n }\n\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n return null;\n }\n\n async registerRemoteNode(): Promise<void> {\n // No-op when crypto disabled\n }\n\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\n return null;\n }\n\n async sign(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n throw this.notConfiguredError();\n }\n\n async verify(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async verifySignedData(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async encrypt(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decrypt(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async getSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async encryptWithSessionKey(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decryptWithSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async createUCAN(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async verifyUCAN(): Promise<AeonCapabilityResult> {\n // Permissive when crypto disabled\n return { authorized: true };\n }\n\n async delegateCapabilities(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async hash(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n randomBytes(length: number): Uint8Array {\n // Use crypto.getRandomValues even without full crypto setup\n return crypto.getRandomValues(new Uint8Array(length));\n }\n\n isInitialized(): boolean {\n return false;\n }\n}\n"]}
1
+ {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/ucan and @affectively/zk-encryption.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/ucan)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n algorithm: SigningAlgorithm;\n publicKey: JsonWebKey;\n privateKey?: JsonWebKey;\n fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n did: DID;\n signingKey: KeyPair;\n encryptionKey?: KeyPair;\n createdAt: number;\n displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n can: string;\n with: string;\n constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n iss: DID;\n aud: DID;\n exp: number;\n nbf?: number;\n iat?: number;\n nonce?: string;\n jti?: string;\n att: Capability[];\n prf?: string[];\n fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n payload: UCANPayload;\n raw: string;\n signature: Uint8Array;\n algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n valid: boolean;\n payload?: UCANPayload;\n error?: string;\n expired?: boolean;\n shouldRotate?: boolean;\n expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/zk-encryption)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n | 'default'\n | 'sync'\n | 'message'\n | 'api-key'\n | 'personal-data'\n | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n publicKey: JsonWebKey;\n privateKey: JsonWebKey;\n keyId: string;\n createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n alg: EncryptionAlgorithm;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n category?: DomainCategory;\n nonce?: string;\n encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n plaintext: Uint8Array;\n category?: DomainCategory;\n encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n | 'none' // No encryption (development/testing)\n | 'transport' // Encrypt in transit only (session keys)\n | 'at-rest' // Encrypt for storage\n | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n // Basic sync operations\n SYNC_READ: 'aeon:sync:read',\n SYNC_WRITE: 'aeon:sync:write',\n SYNC_ADMIN: 'aeon:sync:admin',\n\n // Node operations\n NODE_REGISTER: 'aeon:node:register',\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n // Replication operations\n REPLICATE_READ: 'aeon:replicate:read',\n REPLICATE_WRITE: 'aeon:replicate:write',\n\n // State operations\n STATE_READ: 'aeon:state:read',\n STATE_WRITE: 'aeon:state:write',\n STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n /** Default encryption mode for sync messages */\n defaultEncryptionMode: AeonEncryptionMode;\n /** Require all messages to be signed */\n requireSignatures: boolean;\n /** Require UCAN capability verification */\n requireCapabilities: boolean;\n /** Allowed signature algorithms */\n allowedSignatureAlgorithms: string[];\n /** Allowed encryption algorithms */\n allowedEncryptionAlgorithms: string[];\n /** UCAN audience DID for verification */\n ucanAudience?: string;\n /** Session key expiration (ms) */\n sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n defaultEncryptionMode: 'none',\n requireSignatures: false,\n requireCapabilities: false,\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n /** Sender DID */\n senderDID?: string;\n /** Receiver DID */\n receiverDID?: string;\n /** UCAN token for capability verification */\n ucan?: string;\n /** Message signature (base64url) */\n signature?: string;\n /** Whether payload is encrypted */\n encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n id: string;\n initiator: string;\n participants: string[];\n sessionKey?: Uint8Array;\n encryptionMode: AeonEncryptionMode;\n requiredCapabilities: string[];\n status: 'pending' | 'active' | 'completed' | 'failed';\n startTime: string;\n endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n id: string;\n did?: string;\n publicSigningKey?: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n capabilities?: string[];\n lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n authorized: boolean;\n error?: string;\n issuer?: string;\n grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n payload: T;\n signature: string;\n signer: string;\n algorithm: string;\n signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n AeonCapabilityResult,\n SignedSyncData,\n SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/ucan and @affectively/zk-encryption\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n // ===========================================================================\n // IDENTITY OPERATIONS\n // ===========================================================================\n\n /**\n * Generate a new identity with DID and key pairs\n */\n generateIdentity(displayName?: string): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }>;\n\n /**\n * Get the local identity's DID\n */\n getLocalDID(): string | null;\n\n /**\n * Export local identity's public info for sharing\n */\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n /**\n * Register a known remote node's public keys\n */\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n /**\n * Get a remote node's public key\n */\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n // ===========================================================================\n // SIGNING OPERATIONS\n // ===========================================================================\n\n /**\n * Sign data with local identity's private key\n */\n sign(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Sign structured data and wrap in SignedSyncData envelope\n */\n signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n /**\n * Verify a signature from a remote node\n */\n verify(\n did: string,\n signature: Uint8Array,\n data: Uint8Array\n ): Promise<boolean>;\n\n /**\n * Verify a SignedSyncData envelope\n */\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n // ===========================================================================\n // ENCRYPTION OPERATIONS\n // ===========================================================================\n\n /**\n * Encrypt data for a recipient\n */\n encrypt(\n plaintext: Uint8Array,\n recipientDID: string\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt data\n */\n decrypt(\n encrypted: {\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n },\n senderDID?: string\n ): Promise<Uint8Array>;\n\n /**\n * Derive or get a session key for communication with a peer\n */\n getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n /**\n * Encrypt with a session key\n */\n encryptWithSessionKey(\n plaintext: Uint8Array,\n sessionKey: Uint8Array\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt with a session key\n */\n decryptWithSessionKey(\n encrypted: {\n ct: string;\n iv: string;\n tag: string;\n },\n sessionKey: Uint8Array\n ): Promise<Uint8Array>;\n\n // ===========================================================================\n // UCAN OPERATIONS\n // ===========================================================================\n\n /**\n * Create a UCAN token\n */\n createUCAN(\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n proofs?: string[];\n }\n ): Promise<string>;\n\n /**\n * Verify a UCAN token\n */\n verifyUCAN(\n token: string,\n options?: {\n expectedAudience?: string;\n requiredCapabilities?: Array<{ can: string; with: string }>;\n }\n ): Promise<AeonCapabilityResult>;\n\n /**\n * Delegate capabilities\n */\n delegateCapabilities(\n parentToken: string,\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n }\n ): Promise<string>;\n\n // ===========================================================================\n // UTILITY OPERATIONS\n // ===========================================================================\n\n /**\n * Compute hash of data\n */\n hash(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Generate random bytes\n */\n randomBytes(length: number): Uint8Array;\n\n /**\n * Check if crypto is properly initialized\n */\n isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n private notConfiguredError(): Error {\n return new Error('Crypto provider not configured');\n }\n\n async generateIdentity(): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }> {\n throw this.notConfiguredError();\n }\n\n getLocalDID(): string | null {\n return null;\n }\n\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n return null;\n }\n\n async registerRemoteNode(): Promise<void> {\n // No-op when crypto disabled\n }\n\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\n return null;\n }\n\n async sign(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n throw this.notConfiguredError();\n }\n\n async verify(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async verifySignedData(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async encrypt(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decrypt(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async getSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async encryptWithSessionKey(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decryptWithSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async createUCAN(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async verifyUCAN(): Promise<AeonCapabilityResult> {\n // Permissive when crypto disabled\n return { authorized: true };\n }\n\n async delegateCapabilities(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async hash(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n randomBytes(length: number): Uint8Array {\n // Use crypto.getRandomValues even without full crypto setup\n return crypto.getRandomValues(new Uint8Array(length));\n }\n\n isInitialized(): boolean {\n return false;\n }\n}\n"]}