@affectively/aeon 1.3.1 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/LICENSE +15 -21
  2. package/README.md +422 -342
  3. package/dist/compression/index.cjs +20 -3
  4. package/dist/compression/index.cjs.map +1 -1
  5. package/dist/compression/index.js +20 -3
  6. package/dist/compression/index.js.map +1 -1
  7. package/dist/crypto/index.cjs +30 -0
  8. package/dist/crypto/index.cjs.map +1 -1
  9. package/dist/crypto/index.js +29 -1
  10. package/dist/crypto/index.js.map +1 -1
  11. package/dist/distributed/index.cjs +15 -8
  12. package/dist/distributed/index.cjs.map +1 -1
  13. package/dist/distributed/index.js +15 -8
  14. package/dist/distributed/index.js.map +1 -1
  15. package/dist/index.cjs +6686 -3118
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.js +6642 -3117
  18. package/dist/index.js.map +1 -1
  19. package/dist/offline/index.cjs.map +1 -1
  20. package/dist/offline/index.js.map +1 -1
  21. package/dist/optimization/index.cjs +6 -3
  22. package/dist/optimization/index.cjs.map +1 -1
  23. package/dist/optimization/index.js +6 -3
  24. package/dist/optimization/index.js.map +1 -1
  25. package/dist/persistence/index.cjs +91 -29
  26. package/dist/persistence/index.cjs.map +1 -1
  27. package/dist/persistence/index.js +91 -29
  28. package/dist/persistence/index.js.map +1 -1
  29. package/dist/presence/index.cjs.map +1 -1
  30. package/dist/presence/index.js.map +1 -1
  31. package/dist/utils/index.cjs.map +1 -1
  32. package/dist/utils/index.js.map +1 -1
  33. package/dist/versioning/index.cjs +4 -3
  34. package/dist/versioning/index.cjs.map +1 -1
  35. package/dist/versioning/index.js +4 -3
  36. package/dist/versioning/index.js.map +1 -1
  37. package/package.json +195 -196
  38. package/dist/compression/index.d.cts +0 -189
  39. package/dist/compression/index.d.ts +0 -189
  40. package/dist/core/index.d.cts +0 -216
  41. package/dist/core/index.d.ts +0 -216
  42. package/dist/crypto/index.d.cts +0 -446
  43. package/dist/crypto/index.d.ts +0 -446
  44. package/dist/distributed/index.d.cts +0 -1016
  45. package/dist/distributed/index.d.ts +0 -1016
  46. package/dist/index.d.cts +0 -57
  47. package/dist/index.d.ts +0 -57
  48. package/dist/offline/index.d.cts +0 -154
  49. package/dist/offline/index.d.ts +0 -154
  50. package/dist/optimization/index.d.cts +0 -347
  51. package/dist/optimization/index.d.ts +0 -347
  52. package/dist/persistence/index.d.cts +0 -63
  53. package/dist/persistence/index.d.ts +0 -63
  54. package/dist/presence/index.d.cts +0 -283
  55. package/dist/presence/index.d.ts +0 -283
  56. package/dist/types-B7CxsoLh.d.cts +0 -33
  57. package/dist/types-B7CxsoLh.d.ts +0 -33
  58. package/dist/utils/index.d.cts +0 -38
  59. package/dist/utils/index.d.ts +0 -38
  60. package/dist/versioning/index.d.cts +0 -537
  61. package/dist/versioning/index.d.ts +0 -537
package/dist/crypto/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\r\n * Aeon Crypto Types\r\n *\r\n * Type definitions for cryptographic operations in Aeon.\r\n * These are compatible with @affectively/ucan and @affectively/zk-encryption.\r\n */\r\n\r\n// =============================================================================\r\n// IDENTITY TYPES (compatible with @affectively/ucan)\r\n// =============================================================================\r\n\r\n/**\r\n * Decentralized Identifier (DID)\r\n * Format: did:method:identifier\r\n */\r\nexport type DID = `did:${string}:${string}`;\r\n\r\n/**\r\n * Supported signing algorithms\r\n */\r\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\r\n\r\n/**\r\n * Key pair for signing and verification\r\n */\r\nexport interface KeyPair {\r\n algorithm: SigningAlgorithm;\r\n publicKey: JsonWebKey;\r\n privateKey?: JsonWebKey;\r\n fingerprint: string;\r\n}\r\n\r\n/**\r\n * Identity representing a user or node\r\n */\r\nexport interface Identity {\r\n did: DID;\r\n signingKey: KeyPair;\r\n encryptionKey?: KeyPair;\r\n createdAt: number;\r\n displayName?: string;\r\n}\r\n\r\n/**\r\n * UCAN Capability structure\r\n */\r\nexport interface Capability {\r\n can: string;\r\n with: string;\r\n constraints?: Record<string, unknown>;\r\n}\r\n\r\n/**\r\n * UCAN Token payload\r\n */\r\nexport interface UCANPayload {\r\n iss: DID;\r\n aud: DID;\r\n exp: number;\r\n nbf?: number;\r\n iat?: number;\r\n nonce?: string;\r\n jti?: string;\r\n att: Capability[];\r\n prf?: string[];\r\n fct?: Record<string, unknown>;\r\n}\r\n\r\n/**\r\n * Parsed UCAN Token\r\n */\r\nexport interface UCANToken {\r\n payload: UCANPayload;\r\n raw: string;\r\n signature: Uint8Array;\r\n algorithm: string;\r\n}\r\n\r\n/**\r\n * UCAN verification result\r\n */\r\nexport interface VerificationResult {\r\n valid: boolean;\r\n payload?: UCANPayload;\r\n error?: string;\r\n expired?: boolean;\r\n shouldRotate?: boolean;\r\n expiresIn?: number;\r\n}\r\n\r\n// =============================================================================\r\n// ENCRYPTION TYPES (compatible with @affectively/zk-encryption)\r\n// =============================================================================\r\n\r\n/**\r\n * Encryption algorithms supported\r\n */\r\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\r\n\r\n/**\r\n * HKDF domain separator categories\r\n */\r\nexport type DomainCategory =\r\n | 'default'\r\n | 'sync'\r\n | 'message'\r\n | 'api-key'\r\n | 'personal-data'\r\n | string;\r\n\r\n/**\r\n * EC Key pair for ECDH operations\r\n */\r\nexport interface ECKeyPair {\r\n publicKey: JsonWebKey;\r\n privateKey: JsonWebKey;\r\n keyId: string;\r\n createdAt: string;\r\n}\r\n\r\n/**\r\n * Encrypted data envelope\r\n */\r\nexport interface EncryptedPayload {\r\n alg: EncryptionAlgorithm;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n category?: DomainCategory;\r\n nonce?: string;\r\n encryptedAt: number;\r\n}\r\n\r\n/**\r\n * Decryption result\r\n */\r\nexport interface DecryptionResult {\r\n plaintext: Uint8Array;\r\n category?: DomainCategory;\r\n encryptedAt: number;\r\n}\r\n\r\n// =============================================================================\r\n// AEON-SPECIFIC TYPES\r\n// =============================================================================\r\n\r\n/**\r\n * Aeon encryption mode\r\n */\r\nexport type AeonEncryptionMode =\r\n | 'none' // No encryption (development/testing)\r\n | 'transport' // Encrypt in transit only (session keys)\r\n | 'at-rest' // Encrypt for storage\r\n | 'end-to-end'; // Full E2E encryption between nodes\r\n\r\n/**\r\n * Aeon sync capability namespace\r\n */\r\nexport const AEON_CAPABILITIES = {\r\n // Basic sync operations\r\n SYNC_READ: 'aeon:sync:read',\r\n SYNC_WRITE: 'aeon:sync:write',\r\n SYNC_ADMIN: 'aeon:sync:admin',\r\n\r\n // Node operations\r\n NODE_REGISTER: 'aeon:node:register',\r\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\r\n\r\n // Replication operations\r\n REPLICATE_READ: 'aeon:replicate:read',\r\n REPLICATE_WRITE: 'aeon:replicate:write',\r\n\r\n // State operations\r\n STATE_READ: 'aeon:state:read',\r\n STATE_WRITE: 'aeon:state:write',\r\n STATE_RECONCILE: 'aeon:state:reconcile',\r\n} as const;\r\n\r\nexport type AeonCapability =\r\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\r\n\r\n/**\r\n * Crypto configuration for Aeon\r\n */\r\nexport interface AeonCryptoConfig {\r\n /** Default encryption mode for sync messages */\r\n defaultEncryptionMode: AeonEncryptionMode;\r\n /** Require all messages to be signed */\r\n requireSignatures: boolean;\r\n /** Require UCAN capability verification */\r\n requireCapabilities: boolean;\r\n /** Allowed signature algorithms */\r\n allowedSignatureAlgorithms: string[];\r\n /** Allowed encryption algorithms */\r\n allowedEncryptionAlgorithms: string[];\r\n /** UCAN audience DID for verification */\r\n ucanAudience?: string;\r\n /** Session key expiration (ms) */\r\n sessionKeyExpiration?: number;\r\n}\r\n\r\n/**\r\n * Default crypto configuration\r\n */\r\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\r\n defaultEncryptionMode: 'none',\r\n requireSignatures: false,\r\n requireCapabilities: false,\r\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\r\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\r\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\r\n};\r\n\r\n/**\r\n * Authenticated sync message fields\r\n */\r\nexport interface AuthenticatedMessageFields {\r\n /** Sender DID */\r\n senderDID?: string;\r\n /** Receiver DID */\r\n receiverDID?: string;\r\n /** UCAN token for capability verification */\r\n ucan?: string;\r\n /** Message signature (base64url) */\r\n signature?: string;\r\n /** Whether payload is encrypted */\r\n encrypted?: boolean;\r\n}\r\n\r\n/**\r\n * Secure sync session\r\n */\r\nexport interface SecureSyncSession {\r\n id: string;\r\n initiator: string;\r\n participants: string[];\r\n sessionKey?: Uint8Array;\r\n encryptionMode: AeonEncryptionMode;\r\n requiredCapabilities: string[];\r\n status: 'pending' | 'active' | 'completed' | 'failed';\r\n startTime: string;\r\n endTime?: string;\r\n}\r\n\r\n/**\r\n * Node with identity information\r\n */\r\nexport interface SecureNodeInfo {\r\n id: string;\r\n did?: string;\r\n publicSigningKey?: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n capabilities?: string[];\r\n lastSeen?: number;\r\n}\r\n\r\n/**\r\n * Capability verification result\r\n */\r\nexport interface AeonCapabilityResult {\r\n authorized: boolean;\r\n error?: string;\r\n issuer?: string;\r\n grantedCapabilities?: Array<{ can: string; with: string }>;\r\n}\r\n\r\n/**\r\n * Signed data envelope for sync operations\r\n */\r\nexport interface SignedSyncData<T = unknown> {\r\n payload: T;\r\n signature: string;\r\n signer: string;\r\n algorithm: string;\r\n signedAt: number;\r\n}\r\n","/**\r\n * Aeon Crypto Provider Interface\r\n *\r\n * Abstract interface for cryptographic operations.\r\n * Aeon core remains zero-dependency - crypto is injected through this interface.\r\n */\r\n\r\nimport type {\r\n AeonCapabilityResult,\r\n SignedSyncData,\r\n SecureNodeInfo,\r\n} from './types';\r\n\r\n/**\r\n * Abstract crypto provider interface\r\n *\r\n * Implementations use @affectively/ucan and @affectively/zk-encryption\r\n * or other compatible libraries.\r\n */\r\nexport interface ICryptoProvider {\r\n // ===========================================================================\r\n // IDENTITY OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Generate a new identity with DID and key pairs\r\n */\r\n generateIdentity(displayName?: string): Promise<{\r\n did: string;\r\n publicSigningKey: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n }>;\r\n\r\n /**\r\n * Get the local identity's DID\r\n */\r\n getLocalDID(): string | null;\r\n\r\n /**\r\n * Export local identity's public info for sharing\r\n */\r\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\r\n\r\n /**\r\n * Register a known remote node's public keys\r\n */\r\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\r\n\r\n /**\r\n * Get a remote node's public key\r\n */\r\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\r\n\r\n // ===========================================================================\r\n // SIGNING OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Sign data with local identity's private key\r\n */\r\n sign(data: Uint8Array): Promise<Uint8Array>;\r\n\r\n /**\r\n * Sign structured data and wrap in SignedSyncData envelope\r\n */\r\n signData<T>(data: T): Promise<SignedSyncData<T>>;\r\n\r\n /**\r\n * Verify a signature from a remote node\r\n */\r\n verify(\r\n did: string,\r\n signature: Uint8Array,\r\n data: Uint8Array\r\n ): Promise<boolean>;\r\n\r\n /**\r\n * Verify a SignedSyncData envelope\r\n */\r\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\r\n\r\n // ===========================================================================\r\n // ENCRYPTION OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Encrypt data for a recipient\r\n */\r\n encrypt(\r\n plaintext: Uint8Array,\r\n recipientDID: string\r\n ): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n encryptedAt: number;\r\n }>;\r\n\r\n /**\r\n * Decrypt data\r\n */\r\n decrypt(\r\n encrypted: {\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n },\r\n senderDID?: string\r\n ): Promise<Uint8Array>;\r\n\r\n /**\r\n * Derive or get a session key for communication with a peer\r\n */\r\n getSessionKey(peerDID: string): Promise<Uint8Array>;\r\n\r\n /**\r\n * Encrypt with a session key\r\n */\r\n encryptWithSessionKey(\r\n plaintext: Uint8Array,\r\n sessionKey: Uint8Array\r\n ): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n encryptedAt: number;\r\n }>;\r\n\r\n /**\r\n * Decrypt with a session key\r\n */\r\n decryptWithSessionKey(\r\n encrypted: {\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n },\r\n sessionKey: Uint8Array\r\n ): Promise<Uint8Array>;\r\n\r\n // ===========================================================================\r\n // UCAN OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Create a UCAN token\r\n */\r\n createUCAN(\r\n audience: string,\r\n capabilities: Array<{ can: string; with: string }>,\r\n options?: {\r\n expirationSeconds?: number;\r\n proofs?: string[];\r\n }\r\n ): Promise<string>;\r\n\r\n /**\r\n * Verify a UCAN token\r\n */\r\n verifyUCAN(\r\n token: string,\r\n options?: {\r\n expectedAudience?: string;\r\n requiredCapabilities?: Array<{ can: string; with: string }>;\r\n }\r\n ): Promise<AeonCapabilityResult>;\r\n\r\n /**\r\n * Delegate capabilities\r\n */\r\n delegateCapabilities(\r\n parentToken: string,\r\n audience: string,\r\n capabilities: Array<{ can: string; with: string }>,\r\n options?: {\r\n expirationSeconds?: number;\r\n }\r\n ): Promise<string>;\r\n\r\n // ===========================================================================\r\n // UTILITY OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Compute hash of data\r\n */\r\n hash(data: Uint8Array): Promise<Uint8Array>;\r\n\r\n /**\r\n * Generate random bytes\r\n */\r\n randomBytes(length: number): Uint8Array;\r\n\r\n /**\r\n * Check if crypto is properly initialized\r\n */\r\n isInitialized(): boolean;\r\n}\r\n\r\n/**\r\n * Null crypto provider for when crypto is disabled\r\n *\r\n * All operations either throw or return permissive defaults.\r\n */\r\nexport class NullCryptoProvider implements ICryptoProvider {\r\n private notConfiguredError(): Error {\r\n return new Error('Crypto provider not configured');\r\n }\r\n\r\n async generateIdentity(): Promise<{\r\n did: string;\r\n publicSigningKey: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n getLocalDID(): string | null {\r\n return null;\r\n }\r\n\r\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\r\n return null;\r\n }\r\n\r\n async registerRemoteNode(): Promise<void> {\r\n // No-op when crypto disabled\r\n }\r\n\r\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\r\n return null;\r\n }\r\n\r\n async sign(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async verify(): Promise<boolean> {\r\n // Permissive when crypto disabled\r\n return true;\r\n }\r\n\r\n async verifySignedData(): Promise<boolean> {\r\n // Permissive when crypto disabled\r\n return true;\r\n }\r\n\r\n async encrypt(): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n encryptedAt: number;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async decrypt(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async getSessionKey(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async encryptWithSessionKey(): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n encryptedAt: number;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async decryptWithSessionKey(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async createUCAN(): Promise<string> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async verifyUCAN(): Promise<AeonCapabilityResult> {\r\n // Permissive when crypto disabled\r\n return { authorized: true };\r\n }\r\n\r\n async delegateCapabilities(): Promise<string> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async hash(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n randomBytes(length: number): Uint8Array {\r\n // Use crypto.getRandomValues even without full crypto setup\r\n return crypto.getRandomValues(new Uint8Array(length));\r\n }\r\n\r\n isInitialized(): boolean {\r\n return false;\r\n }\r\n}\r\n"]}
1
+ {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts","../../src/crypto/transactionSigner.ts"],"names":[],"mappings":";;;AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF;;;AC7OO,IAAM,wBAAN,MAGP;AAAA,EACE,MAAM,QACJ,OAAA,EACoD;AACpD,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAA,EAAS,QAAQ,OAAA,IAAW,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAA;AAAA,MACX,YAAA,EAAc;AAAA,KAChB;AAAA,EACF;AAAA,EAEA,MAAM,UACJ,MAAA,EAC6C;AAC7C,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,uDAAuD,MAAM,CAAA;AAAA,KAC/D;AAAA,EACF;AAAA,EAEA,MAAM,MAAA,GAA2C;AAC/C,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,oBAAA;AAAA,MACT,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AAAA,EACF;AACF;AAEO,SAAS,+BAEd,QAAA,EAAwE;AACxE,EAAA,OAAO,QAAA;AACT","file":"index.cjs","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/auth and @affectively/auth.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n algorithm: SigningAlgorithm;\n publicKey: JsonWebKey;\n privateKey?: JsonWebKey;\n fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n did: DID;\n signingKey: KeyPair;\n encryptionKey?: KeyPair;\n createdAt: number;\n displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n can: string;\n with: string;\n constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n iss: DID;\n aud: DID;\n exp: number;\n nbf?: number;\n iat?: number;\n nonce?: string;\n jti?: string;\n att: Capability[];\n prf?: string[];\n fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n payload: UCANPayload;\n raw: string;\n signature: Uint8Array;\n algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n valid: boolean;\n payload?: UCANPayload;\n error?: string;\n expired?: boolean;\n shouldRotate?: boolean;\n expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n | 'default'\n | 'sync'\n | 'message'\n | 'api-key'\n | 'personal-data'\n | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n publicKey: JsonWebKey;\n privateKey: JsonWebKey;\n keyId: string;\n createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n alg: EncryptionAlgorithm;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n category?: DomainCategory;\n nonce?: string;\n encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n plaintext: Uint8Array;\n category?: DomainCategory;\n encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n | 'none' // No encryption (development/testing)\n | 'transport' // Encrypt in transit only (session keys)\n | 'at-rest' // Encrypt for storage\n | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n // Basic sync operations\n SYNC_READ: 'aeon:sync:read',\n SYNC_WRITE: 'aeon:sync:write',\n SYNC_ADMIN: 'aeon:sync:admin',\n\n // Node operations\n NODE_REGISTER: 'aeon:node:register',\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n // Replication operations\n REPLICATE_READ: 'aeon:replicate:read',\n REPLICATE_WRITE: 'aeon:replicate:write',\n\n // State operations\n STATE_READ: 'aeon:state:read',\n STATE_WRITE: 'aeon:state:write',\n STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n /** Default encryption mode for sync messages */\n defaultEncryptionMode: AeonEncryptionMode;\n /** Require all messages to be signed */\n requireSignatures: boolean;\n /** Require UCAN capability verification */\n requireCapabilities: boolean;\n /** Allowed signature algorithms */\n allowedSignatureAlgorithms: string[];\n /** Allowed encryption algorithms */\n allowedEncryptionAlgorithms: string[];\n /** UCAN audience DID for verification */\n ucanAudience?: string;\n /** Session key expiration (ms) */\n sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n defaultEncryptionMode: 'none',\n requireSignatures: false,\n requireCapabilities: false,\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n /** Sender DID */\n senderDID?: string;\n /** Receiver DID */\n receiverDID?: string;\n /** UCAN token for capability verification */\n ucan?: string;\n /** Message signature (base64url) */\n signature?: string;\n /** Whether payload is encrypted */\n encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n id: string;\n initiator: string;\n participants: string[];\n sessionKey?: Uint8Array;\n encryptionMode: AeonEncryptionMode;\n requiredCapabilities: string[];\n status: 'pending' | 'active' | 'completed' | 'failed';\n startTime: string;\n endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n id: string;\n did?: string;\n publicSigningKey?: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n capabilities?: string[];\n lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n authorized: boolean;\n error?: string;\n issuer?: string;\n grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n payload: T;\n signature: string;\n signer: string;\n algorithm: string;\n signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n AeonCapabilityResult,\n SignedSyncData,\n SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/auth and @affectively/auth\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n // ===========================================================================\n // IDENTITY OPERATIONS\n // ===========================================================================\n\n /**\n * Generate a new identity with DID and key pairs\n */\n generateIdentity(displayName?: string): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }>;\n\n /**\n * Get the local identity's DID\n */\n getLocalDID(): string | null;\n\n /**\n * Export local identity's public info for sharing\n */\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n /**\n * Register a known remote node's public keys\n */\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n /**\n * Get a remote node's public key\n */\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n // ===========================================================================\n // SIGNING OPERATIONS\n // ===========================================================================\n\n /**\n * Sign data with local identity's private key\n */\n sign(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Sign structured data and wrap in SignedSyncData envelope\n */\n signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n /**\n * Verify a signature from a remote node\n */\n verify(\n did: string,\n signature: Uint8Array,\n data: Uint8Array\n ): Promise<boolean>;\n\n /**\n * Verify a SignedSyncData envelope\n */\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n // ===========================================================================\n // ENCRYPTION OPERATIONS\n // ===========================================================================\n\n /**\n * Encrypt data for a recipient\n */\n encrypt(\n plaintext: Uint8Array,\n recipientDID: string\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt data\n */\n decrypt(\n encrypted: {\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n },\n senderDID?: string\n ): Promise<Uint8Array>;\n\n /**\n * Derive or get a session key for communication with a peer\n */\n getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n /**\n * Encrypt with a session key\n */\n encryptWithSessionKey(\n plaintext: Uint8Array,\n sessionKey: Uint8Array\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt with a session key\n */\n decryptWithSessionKey(\n encrypted: {\n ct: string;\n iv: string;\n tag: string;\n },\n sessionKey: Uint8Array\n ): Promise<Uint8Array>;\n\n // ===========================================================================\n // UCAN OPERATIONS\n // ===========================================================================\n\n /**\n * Create a UCAN token\n */\n createUCAN(\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n proofs?: string[];\n }\n ): Promise<string>;\n\n /**\n * Verify a UCAN token\n */\n verifyUCAN(\n token: string,\n options?: {\n expectedAudience?: string;\n requiredCapabilities?: Array<{ can: string; with: string }>;\n }\n ): Promise<AeonCapabilityResult>;\n\n /**\n * Delegate capabilities\n */\n delegateCapabilities(\n parentToken: string,\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n }\n ): Promise<string>;\n\n // ===========================================================================\n // UTILITY OPERATIONS\n // ===========================================================================\n\n /**\n * Compute hash of data\n */\n hash(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Generate random bytes\n */\n randomBytes(length: number): Uint8Array;\n\n /**\n * Check if crypto is properly initialized\n */\n isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n private notConfiguredError(): Error {\n return new Error('Crypto provider not configured');\n }\n\n async generateIdentity(): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }> {\n throw this.notConfiguredError();\n }\n\n getLocalDID(): string | null {\n return null;\n }\n\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n return null;\n }\n\n async registerRemoteNode(): Promise<void> {\n // No-op when crypto disabled\n }\n\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\n return null;\n }\n\n async sign(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n throw this.notConfiguredError();\n }\n\n async verify(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async verifySignedData(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async encrypt(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decrypt(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async getSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async encryptWithSessionKey(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decryptWithSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async createUCAN(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async verifyUCAN(): Promise<AeonCapabilityResult> {\n // Permissive when crypto disabled\n return { authorized: true };\n }\n\n async delegateCapabilities(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async hash(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n randomBytes(length: number): Uint8Array {\n // Use crypto.getRandomValues even without full crypto setup\n return crypto.getRandomValues(new Uint8Array(length));\n }\n\n isInitialized(): boolean {\n return false;\n }\n}\n","/**\n * Aeon Transaction Signer Abstraction\n *\n * Keeps sync cryptography (`ICryptoProvider`) decoupled from on-chain write signing.\n * This interface matches custodial signer semantics so server and Aeon callers\n * converge on one contract shape.\n */\n\nexport type HexString = `0x${string}`;\n\nexport type TransactionSignerPayloadMap = Record<string, unknown>;\n\nexport type TransactionSignerExecuteRequest<\n TPayloads extends TransactionSignerPayloadMap,\n TAction extends keyof TPayloads & string = keyof TPayloads & string\n> = {\n action: TAction;\n payload: TPayloads[TAction];\n chainId?: number;\n waitForReceipt?: boolean;\n requestId?: string;\n};\n\nexport type TransactionSignerErrorCode =\n | 'invalid_request'\n | 'signer_unavailable'\n | 'signer_denied'\n | 'tx_failed'\n | 'tx_reverted'\n | 'unauthorized'\n | 'forbidden'\n | 'unknown_action'\n | 'upstream_error';\n\nexport interface TransactionSignerExecuteResponse<\n TAction extends string = string\n> {\n success: boolean;\n action: TAction;\n chainId: number;\n txHash?: HexString;\n receiptStatus?: 'pending' | 'success' | 'reverted';\n signerAddress?: HexString;\n keyVersion?: string;\n errorCode?: TransactionSignerErrorCode;\n errorMessage?: string;\n revertReason?: string;\n}\n\nexport interface TransactionSignerMetadata<TAction extends string = string> {\n action: TAction;\n chainId: number;\n signerAddress: HexString;\n keyVersion: string;\n keyName: string;\n}\n\nexport interface TransactionSignerHealth {\n ok: boolean;\n service: string;\n timestamp: string;\n}\n\nexport interface ITransactionSigner<\n TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> {\n execute<TAction extends keyof TPayloads & string>(\n request: TransactionSignerExecuteRequest<TPayloads, TAction>\n ): Promise<TransactionSignerExecuteResponse<TAction>>;\n\n getSigner<TAction extends keyof TPayloads & string>(\n action: TAction\n ): Promise<TransactionSignerMetadata<TAction>>;\n\n health(): Promise<TransactionSignerHealth>;\n}\n\nexport class NullTransactionSigner<\n TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> implements ITransactionSigner<TPayloads>\n{\n async execute<TAction extends keyof TPayloads & string>(\n request: TransactionSignerExecuteRequest<TPayloads, TAction>\n ): Promise<TransactionSignerExecuteResponse<TAction>> {\n return {\n success: false,\n action: request.action,\n chainId: request.chainId || 0,\n errorCode: 'signer_unavailable',\n errorMessage: 'Transaction signer not configured',\n };\n }\n\n async getSigner<TAction extends keyof TPayloads & string>(\n action: TAction\n ): Promise<TransactionSignerMetadata<TAction>> {\n throw new Error(\n `Transaction signer metadata unavailable for action: ${action}`\n );\n }\n\n async health(): Promise<TransactionSignerHealth> {\n return {\n ok: false,\n service: 'transaction-signer',\n timestamp: new Date().toISOString(),\n };\n }\n}\n\nexport function createTransactionSignerAdapter<\n TPayloads extends TransactionSignerPayloadMap\n>(contract: ITransactionSigner<TPayloads>): ITransactionSigner<TPayloads> {\n return contract;\n}\n"]}
package/dist/crypto/index.js CHANGED
@@ -91,6 +91,34 @@ var NullCryptoProvider = class {
91
91
  }
92
92
  };
93
93
 
94
- export { AEON_CAPABILITIES, DEFAULT_CRYPTO_CONFIG, NullCryptoProvider };
94
+ // src/crypto/transactionSigner.ts
95
+ var NullTransactionSigner = class {
96
+ async execute(request) {
97
+ return {
98
+ success: false,
99
+ action: request.action,
100
+ chainId: request.chainId || 0,
101
+ errorCode: "signer_unavailable",
102
+ errorMessage: "Transaction signer not configured"
103
+ };
104
+ }
105
+ async getSigner(action) {
106
+ throw new Error(
107
+ `Transaction signer metadata unavailable for action: ${action}`
108
+ );
109
+ }
110
+ async health() {
111
+ return {
112
+ ok: false,
113
+ service: "transaction-signer",
114
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
115
+ };
116
+ }
117
+ };
118
+ function createTransactionSignerAdapter(contract) {
119
+ return contract;
120
+ }
121
+
122
+ export { AEON_CAPABILITIES, DEFAULT_CRYPTO_CONFIG, NullCryptoProvider, NullTransactionSigner, createTransactionSignerAdapter };
95
123
  //# sourceMappingURL=index.js.map
96
124
  //# sourceMappingURL=index.js.map
package/dist/crypto/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts"],"names":[],"mappings":";AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["/**\r\n * Aeon Crypto Types\r\n *\r\n * Type definitions for cryptographic operations in Aeon.\r\n * These are compatible with @affectively/ucan and @affectively/zk-encryption.\r\n */\r\n\r\n// =============================================================================\r\n// IDENTITY TYPES (compatible with @affectively/ucan)\r\n// =============================================================================\r\n\r\n/**\r\n * Decentralized Identifier (DID)\r\n * Format: did:method:identifier\r\n */\r\nexport type DID = `did:${string}:${string}`;\r\n\r\n/**\r\n * Supported signing algorithms\r\n */\r\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\r\n\r\n/**\r\n * Key pair for signing and verification\r\n */\r\nexport interface KeyPair {\r\n algorithm: SigningAlgorithm;\r\n publicKey: JsonWebKey;\r\n privateKey?: JsonWebKey;\r\n fingerprint: string;\r\n}\r\n\r\n/**\r\n * Identity representing a user or node\r\n */\r\nexport interface Identity {\r\n did: DID;\r\n signingKey: KeyPair;\r\n encryptionKey?: KeyPair;\r\n createdAt: number;\r\n displayName?: string;\r\n}\r\n\r\n/**\r\n * UCAN Capability structure\r\n */\r\nexport interface Capability {\r\n can: string;\r\n with: string;\r\n constraints?: Record<string, unknown>;\r\n}\r\n\r\n/**\r\n * UCAN Token payload\r\n */\r\nexport interface UCANPayload {\r\n iss: DID;\r\n aud: DID;\r\n exp: number;\r\n nbf?: number;\r\n iat?: number;\r\n nonce?: string;\r\n jti?: string;\r\n att: Capability[];\r\n prf?: string[];\r\n fct?: Record<string, unknown>;\r\n}\r\n\r\n/**\r\n * Parsed UCAN Token\r\n */\r\nexport interface UCANToken {\r\n payload: UCANPayload;\r\n raw: string;\r\n signature: Uint8Array;\r\n algorithm: string;\r\n}\r\n\r\n/**\r\n * UCAN verification result\r\n */\r\nexport interface VerificationResult {\r\n valid: boolean;\r\n payload?: UCANPayload;\r\n error?: string;\r\n expired?: boolean;\r\n shouldRotate?: boolean;\r\n expiresIn?: number;\r\n}\r\n\r\n// =============================================================================\r\n// ENCRYPTION TYPES (compatible with @affectively/zk-encryption)\r\n// =============================================================================\r\n\r\n/**\r\n * Encryption algorithms supported\r\n */\r\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\r\n\r\n/**\r\n * HKDF domain separator categories\r\n */\r\nexport type DomainCategory =\r\n | 'default'\r\n | 'sync'\r\n | 'message'\r\n | 'api-key'\r\n | 'personal-data'\r\n | string;\r\n\r\n/**\r\n * EC Key pair for ECDH operations\r\n */\r\nexport interface ECKeyPair {\r\n publicKey: JsonWebKey;\r\n privateKey: JsonWebKey;\r\n keyId: string;\r\n createdAt: string;\r\n}\r\n\r\n/**\r\n * Encrypted data envelope\r\n */\r\nexport interface EncryptedPayload {\r\n alg: EncryptionAlgorithm;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n category?: DomainCategory;\r\n nonce?: string;\r\n encryptedAt: number;\r\n}\r\n\r\n/**\r\n * Decryption result\r\n */\r\nexport interface DecryptionResult {\r\n plaintext: Uint8Array;\r\n category?: DomainCategory;\r\n encryptedAt: number;\r\n}\r\n\r\n// =============================================================================\r\n// AEON-SPECIFIC TYPES\r\n// =============================================================================\r\n\r\n/**\r\n * Aeon encryption mode\r\n */\r\nexport type AeonEncryptionMode =\r\n | 'none' // No encryption (development/testing)\r\n | 'transport' // Encrypt in transit only (session keys)\r\n | 'at-rest' // Encrypt for storage\r\n | 'end-to-end'; // Full E2E encryption between nodes\r\n\r\n/**\r\n * Aeon sync capability namespace\r\n */\r\nexport const AEON_CAPABILITIES = {\r\n // Basic sync operations\r\n SYNC_READ: 'aeon:sync:read',\r\n SYNC_WRITE: 'aeon:sync:write',\r\n SYNC_ADMIN: 'aeon:sync:admin',\r\n\r\n // Node operations\r\n NODE_REGISTER: 'aeon:node:register',\r\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\r\n\r\n // Replication operations\r\n REPLICATE_READ: 'aeon:replicate:read',\r\n REPLICATE_WRITE: 'aeon:replicate:write',\r\n\r\n // State operations\r\n STATE_READ: 'aeon:state:read',\r\n STATE_WRITE: 'aeon:state:write',\r\n STATE_RECONCILE: 'aeon:state:reconcile',\r\n} as const;\r\n\r\nexport type AeonCapability =\r\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\r\n\r\n/**\r\n * Crypto configuration for Aeon\r\n */\r\nexport interface AeonCryptoConfig {\r\n /** Default encryption mode for sync messages */\r\n defaultEncryptionMode: AeonEncryptionMode;\r\n /** Require all messages to be signed */\r\n requireSignatures: boolean;\r\n /** Require UCAN capability verification */\r\n requireCapabilities: boolean;\r\n /** Allowed signature algorithms */\r\n allowedSignatureAlgorithms: string[];\r\n /** Allowed encryption algorithms */\r\n allowedEncryptionAlgorithms: string[];\r\n /** UCAN audience DID for verification */\r\n ucanAudience?: string;\r\n /** Session key expiration (ms) */\r\n sessionKeyExpiration?: number;\r\n}\r\n\r\n/**\r\n * Default crypto configuration\r\n */\r\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\r\n defaultEncryptionMode: 'none',\r\n requireSignatures: false,\r\n requireCapabilities: false,\r\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\r\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\r\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\r\n};\r\n\r\n/**\r\n * Authenticated sync message fields\r\n */\r\nexport interface AuthenticatedMessageFields {\r\n /** Sender DID */\r\n senderDID?: string;\r\n /** Receiver DID */\r\n receiverDID?: string;\r\n /** UCAN token for capability verification */\r\n ucan?: string;\r\n /** Message signature (base64url) */\r\n signature?: string;\r\n /** Whether payload is encrypted */\r\n encrypted?: boolean;\r\n}\r\n\r\n/**\r\n * Secure sync session\r\n */\r\nexport interface SecureSyncSession {\r\n id: string;\r\n initiator: string;\r\n participants: string[];\r\n sessionKey?: Uint8Array;\r\n encryptionMode: AeonEncryptionMode;\r\n requiredCapabilities: string[];\r\n status: 'pending' | 'active' | 'completed' | 'failed';\r\n startTime: string;\r\n endTime?: string;\r\n}\r\n\r\n/**\r\n * Node with identity information\r\n */\r\nexport interface SecureNodeInfo {\r\n id: string;\r\n did?: string;\r\n publicSigningKey?: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n capabilities?: string[];\r\n lastSeen?: number;\r\n}\r\n\r\n/**\r\n * Capability verification result\r\n */\r\nexport interface AeonCapabilityResult {\r\n authorized: boolean;\r\n error?: string;\r\n issuer?: string;\r\n grantedCapabilities?: Array<{ can: string; with: string }>;\r\n}\r\n\r\n/**\r\n * Signed data envelope for sync operations\r\n */\r\nexport interface SignedSyncData<T = unknown> {\r\n payload: T;\r\n signature: string;\r\n signer: string;\r\n algorithm: string;\r\n signedAt: number;\r\n}\r\n","/**\r\n * Aeon Crypto Provider Interface\r\n *\r\n * Abstract interface for cryptographic operations.\r\n * Aeon core remains zero-dependency - crypto is injected through this interface.\r\n */\r\n\r\nimport type {\r\n AeonCapabilityResult,\r\n SignedSyncData,\r\n SecureNodeInfo,\r\n} from './types';\r\n\r\n/**\r\n * Abstract crypto provider interface\r\n *\r\n * Implementations use @affectively/ucan and @affectively/zk-encryption\r\n * or other compatible libraries.\r\n */\r\nexport interface ICryptoProvider {\r\n // ===========================================================================\r\n // IDENTITY OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Generate a new identity with DID and key pairs\r\n */\r\n generateIdentity(displayName?: string): Promise<{\r\n did: string;\r\n publicSigningKey: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n }>;\r\n\r\n /**\r\n * Get the local identity's DID\r\n */\r\n getLocalDID(): string | null;\r\n\r\n /**\r\n * Export local identity's public info for sharing\r\n */\r\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\r\n\r\n /**\r\n * Register a known remote node's public keys\r\n */\r\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\r\n\r\n /**\r\n * Get a remote node's public key\r\n */\r\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\r\n\r\n // ===========================================================================\r\n // SIGNING OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Sign data with local identity's private key\r\n */\r\n sign(data: Uint8Array): Promise<Uint8Array>;\r\n\r\n /**\r\n * Sign structured data and wrap in SignedSyncData envelope\r\n */\r\n signData<T>(data: T): Promise<SignedSyncData<T>>;\r\n\r\n /**\r\n * Verify a signature from a remote node\r\n */\r\n verify(\r\n did: string,\r\n signature: Uint8Array,\r\n data: Uint8Array\r\n ): Promise<boolean>;\r\n\r\n /**\r\n * Verify a SignedSyncData envelope\r\n */\r\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\r\n\r\n // ===========================================================================\r\n // ENCRYPTION OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Encrypt data for a recipient\r\n */\r\n encrypt(\r\n plaintext: Uint8Array,\r\n recipientDID: string\r\n ): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n encryptedAt: number;\r\n }>;\r\n\r\n /**\r\n * Decrypt data\r\n */\r\n decrypt(\r\n encrypted: {\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n },\r\n senderDID?: string\r\n ): Promise<Uint8Array>;\r\n\r\n /**\r\n * Derive or get a session key for communication with a peer\r\n */\r\n getSessionKey(peerDID: string): Promise<Uint8Array>;\r\n\r\n /**\r\n * Encrypt with a session key\r\n */\r\n encryptWithSessionKey(\r\n plaintext: Uint8Array,\r\n sessionKey: Uint8Array\r\n ): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n encryptedAt: number;\r\n }>;\r\n\r\n /**\r\n * Decrypt with a session key\r\n */\r\n decryptWithSessionKey(\r\n encrypted: {\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n },\r\n sessionKey: Uint8Array\r\n ): Promise<Uint8Array>;\r\n\r\n // ===========================================================================\r\n // UCAN OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Create a UCAN token\r\n */\r\n createUCAN(\r\n audience: string,\r\n capabilities: Array<{ can: string; with: string }>,\r\n options?: {\r\n expirationSeconds?: number;\r\n proofs?: string[];\r\n }\r\n ): Promise<string>;\r\n\r\n /**\r\n * Verify a UCAN token\r\n */\r\n verifyUCAN(\r\n token: string,\r\n options?: {\r\n expectedAudience?: string;\r\n requiredCapabilities?: Array<{ can: string; with: string }>;\r\n }\r\n ): Promise<AeonCapabilityResult>;\r\n\r\n /**\r\n * Delegate capabilities\r\n */\r\n delegateCapabilities(\r\n parentToken: string,\r\n audience: string,\r\n capabilities: Array<{ can: string; with: string }>,\r\n options?: {\r\n expirationSeconds?: number;\r\n }\r\n ): Promise<string>;\r\n\r\n // ===========================================================================\r\n // UTILITY OPERATIONS\r\n // ===========================================================================\r\n\r\n /**\r\n * Compute hash of data\r\n */\r\n hash(data: Uint8Array): Promise<Uint8Array>;\r\n\r\n /**\r\n * Generate random bytes\r\n */\r\n randomBytes(length: number): Uint8Array;\r\n\r\n /**\r\n * Check if crypto is properly initialized\r\n */\r\n isInitialized(): boolean;\r\n}\r\n\r\n/**\r\n * Null crypto provider for when crypto is disabled\r\n *\r\n * All operations either throw or return permissive defaults.\r\n */\r\nexport class NullCryptoProvider implements ICryptoProvider {\r\n private notConfiguredError(): Error {\r\n return new Error('Crypto provider not configured');\r\n }\r\n\r\n async generateIdentity(): Promise<{\r\n did: string;\r\n publicSigningKey: JsonWebKey;\r\n publicEncryptionKey?: JsonWebKey;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n getLocalDID(): string | null {\r\n return null;\r\n }\r\n\r\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\r\n return null;\r\n }\r\n\r\n async registerRemoteNode(): Promise<void> {\r\n // No-op when crypto disabled\r\n }\r\n\r\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\r\n return null;\r\n }\r\n\r\n async sign(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async verify(): Promise<boolean> {\r\n // Permissive when crypto disabled\r\n return true;\r\n }\r\n\r\n async verifySignedData(): Promise<boolean> {\r\n // Permissive when crypto disabled\r\n return true;\r\n }\r\n\r\n async encrypt(): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n epk?: JsonWebKey;\r\n encryptedAt: number;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async decrypt(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async getSessionKey(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async encryptWithSessionKey(): Promise<{\r\n alg: string;\r\n ct: string;\r\n iv: string;\r\n tag: string;\r\n encryptedAt: number;\r\n }> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async decryptWithSessionKey(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async createUCAN(): Promise<string> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async verifyUCAN(): Promise<AeonCapabilityResult> {\r\n // Permissive when crypto disabled\r\n return { authorized: true };\r\n }\r\n\r\n async delegateCapabilities(): Promise<string> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n async hash(): Promise<Uint8Array> {\r\n throw this.notConfiguredError();\r\n }\r\n\r\n randomBytes(length: number): Uint8Array {\r\n // Use crypto.getRandomValues even without full crypto setup\r\n return crypto.getRandomValues(new Uint8Array(length));\r\n }\r\n\r\n isInitialized(): boolean {\r\n return false;\r\n }\r\n}\r\n"]}
1
+ {"version":3,"sources":["../../src/crypto/types.ts","../../src/crypto/CryptoProvider.ts","../../src/crypto/transactionSigner.ts"],"names":[],"mappings":";AA+JO,IAAM,iBAAA,GAAoB;AAAA;AAAA,EAE/B,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,iBAAA;AAAA,EACZ,UAAA,EAAY,iBAAA;AAAA;AAAA,EAGZ,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,qBAAA;AAAA,EAChB,eAAA,EAAiB,sBAAA;AAAA;AAAA,EAGjB,UAAA,EAAY,iBAAA;AAAA,EACZ,WAAA,EAAa,kBAAA;AAAA,EACb,eAAA,EAAiB;AACnB;AA4BO,IAAM,qBAAA,GAA0C;AAAA,EACrD,qBAAA,EAAuB,MAAA;AAAA,EACvB,iBAAA,EAAmB,KAAA;AAAA,EACnB,mBAAA,EAAqB,KAAA;AAAA,EACrB,0BAAA,EAA4B,CAAC,OAAA,EAAS,SAAS,CAAA;AAAA,EAC/C,2BAAA,EAA6B,CAAC,YAAA,EAAc,aAAa,CAAA;AAAA,EACzD,oBAAA,EAAsB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA;AACvC;;;ACHO,IAAM,qBAAN,MAAoD;AAAA,EACjD,kBAAA,GAA4B;AAClC,IAAA,OAAO,IAAI,MAAM,gCAAgC,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAA,GAIH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,WAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,GAAuD;AAC3D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,kBAAA,GAAoC;AAAA,EAE1C;AAAA,EAEA,MAAM,kBAAA,GAAiD;AACrD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,SAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,MAAA,GAA2B;AAE/B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAA,GAAqC;AAEzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,OAAA,GAOH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,aAAA,GAAqC;AACzC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAMH;AACD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,qBAAA,GAA6C;AACjD,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,UAAA,GAA4C;AAEhD,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,oBAAA,GAAwC;AAC5C,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,KAAK,kBAAA,EAAmB;AAAA,EAChC;AAAA,EAEA,YAAY,MAAA,EAA4B;AAEtC,IAAA,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,EACtD;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,KAAA;AAAA,EACT;AACF;;;AC7OO,IAAM,wBAAN,MAGP;AAAA,EACE,MAAM,QACJ,OAAA,EACoD;AACpD,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAA,EAAS,QAAQ,OAAA,IAAW,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAA;AAAA,MACX,YAAA,EAAc;AAAA,KAChB;AAAA,EACF;AAAA,EAEA,MAAM,UACJ,MAAA,EAC6C;AAC7C,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,uDAAuD,MAAM,CAAA;AAAA,KAC/D;AAAA,EACF;AAAA,EAEA,MAAM,MAAA,GAA2C;AAC/C,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,oBAAA;AAAA,MACT,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AAAA,EACF;AACF;AAEO,SAAS,+BAEd,QAAA,EAAwE;AACxE,EAAA,OAAO,QAAA;AACT","file":"index.js","sourcesContent":["/**\n * Aeon Crypto Types\n *\n * Type definitions for cryptographic operations in Aeon.\n * These are compatible with @affectively/auth and @affectively/auth.\n */\n\n// =============================================================================\n// IDENTITY TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Decentralized Identifier (DID)\n * Format: did:method:identifier\n */\nexport type DID = `did:${string}:${string}`;\n\n/**\n * Supported signing algorithms\n */\nexport type SigningAlgorithm = 'ES256' | 'Ed25519' | 'ES384' | 'ES512';\n\n/**\n * Key pair for signing and verification\n */\nexport interface KeyPair {\n algorithm: SigningAlgorithm;\n publicKey: JsonWebKey;\n privateKey?: JsonWebKey;\n fingerprint: string;\n}\n\n/**\n * Identity representing a user or node\n */\nexport interface Identity {\n did: DID;\n signingKey: KeyPair;\n encryptionKey?: KeyPair;\n createdAt: number;\n displayName?: string;\n}\n\n/**\n * UCAN Capability structure\n */\nexport interface Capability {\n can: string;\n with: string;\n constraints?: Record<string, unknown>;\n}\n\n/**\n * UCAN Token payload\n */\nexport interface UCANPayload {\n iss: DID;\n aud: DID;\n exp: number;\n nbf?: number;\n iat?: number;\n nonce?: string;\n jti?: string;\n att: Capability[];\n prf?: string[];\n fct?: Record<string, unknown>;\n}\n\n/**\n * Parsed UCAN Token\n */\nexport interface UCANToken {\n payload: UCANPayload;\n raw: string;\n signature: Uint8Array;\n algorithm: string;\n}\n\n/**\n * UCAN verification result\n */\nexport interface VerificationResult {\n valid: boolean;\n payload?: UCANPayload;\n error?: string;\n expired?: boolean;\n shouldRotate?: boolean;\n expiresIn?: number;\n}\n\n// =============================================================================\n// ENCRYPTION TYPES (compatible with @affectively/auth)\n// =============================================================================\n\n/**\n * Encryption algorithms supported\n */\nexport type EncryptionAlgorithm = 'ECIES-P256' | 'AES-256-GCM';\n\n/**\n * HKDF domain separator categories\n */\nexport type DomainCategory =\n | 'default'\n | 'sync'\n | 'message'\n | 'api-key'\n | 'personal-data'\n | string;\n\n/**\n * EC Key pair for ECDH operations\n */\nexport interface ECKeyPair {\n publicKey: JsonWebKey;\n privateKey: JsonWebKey;\n keyId: string;\n createdAt: string;\n}\n\n/**\n * Encrypted data envelope\n */\nexport interface EncryptedPayload {\n alg: EncryptionAlgorithm;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n category?: DomainCategory;\n nonce?: string;\n encryptedAt: number;\n}\n\n/**\n * Decryption result\n */\nexport interface DecryptionResult {\n plaintext: Uint8Array;\n category?: DomainCategory;\n encryptedAt: number;\n}\n\n// =============================================================================\n// AEON-SPECIFIC TYPES\n// =============================================================================\n\n/**\n * Aeon encryption mode\n */\nexport type AeonEncryptionMode =\n | 'none' // No encryption (development/testing)\n | 'transport' // Encrypt in transit only (session keys)\n | 'at-rest' // Encrypt for storage\n | 'end-to-end'; // Full E2E encryption between nodes\n\n/**\n * Aeon sync capability namespace\n */\nexport const AEON_CAPABILITIES = {\n // Basic sync operations\n SYNC_READ: 'aeon:sync:read',\n SYNC_WRITE: 'aeon:sync:write',\n SYNC_ADMIN: 'aeon:sync:admin',\n\n // Node operations\n NODE_REGISTER: 'aeon:node:register',\n NODE_HEARTBEAT: 'aeon:node:heartbeat',\n\n // Replication operations\n REPLICATE_READ: 'aeon:replicate:read',\n REPLICATE_WRITE: 'aeon:replicate:write',\n\n // State operations\n STATE_READ: 'aeon:state:read',\n STATE_WRITE: 'aeon:state:write',\n STATE_RECONCILE: 'aeon:state:reconcile',\n} as const;\n\nexport type AeonCapability =\n (typeof AEON_CAPABILITIES)[keyof typeof AEON_CAPABILITIES];\n\n/**\n * Crypto configuration for Aeon\n */\nexport interface AeonCryptoConfig {\n /** Default encryption mode for sync messages */\n defaultEncryptionMode: AeonEncryptionMode;\n /** Require all messages to be signed */\n requireSignatures: boolean;\n /** Require UCAN capability verification */\n requireCapabilities: boolean;\n /** Allowed signature algorithms */\n allowedSignatureAlgorithms: string[];\n /** Allowed encryption algorithms */\n allowedEncryptionAlgorithms: string[];\n /** UCAN audience DID for verification */\n ucanAudience?: string;\n /** Session key expiration (ms) */\n sessionKeyExpiration?: number;\n}\n\n/**\n * Default crypto configuration\n */\nexport const DEFAULT_CRYPTO_CONFIG: AeonCryptoConfig = {\n defaultEncryptionMode: 'none',\n requireSignatures: false,\n requireCapabilities: false,\n allowedSignatureAlgorithms: ['ES256', 'Ed25519'],\n allowedEncryptionAlgorithms: ['ECIES-P256', 'AES-256-GCM'],\n sessionKeyExpiration: 24 * 60 * 60 * 1000, // 24 hours\n};\n\n/**\n * Authenticated sync message fields\n */\nexport interface AuthenticatedMessageFields {\n /** Sender DID */\n senderDID?: string;\n /** Receiver DID */\n receiverDID?: string;\n /** UCAN token for capability verification */\n ucan?: string;\n /** Message signature (base64url) */\n signature?: string;\n /** Whether payload is encrypted */\n encrypted?: boolean;\n}\n\n/**\n * Secure sync session\n */\nexport interface SecureSyncSession {\n id: string;\n initiator: string;\n participants: string[];\n sessionKey?: Uint8Array;\n encryptionMode: AeonEncryptionMode;\n requiredCapabilities: string[];\n status: 'pending' | 'active' | 'completed' | 'failed';\n startTime: string;\n endTime?: string;\n}\n\n/**\n * Node with identity information\n */\nexport interface SecureNodeInfo {\n id: string;\n did?: string;\n publicSigningKey?: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n capabilities?: string[];\n lastSeen?: number;\n}\n\n/**\n * Capability verification result\n */\nexport interface AeonCapabilityResult {\n authorized: boolean;\n error?: string;\n issuer?: string;\n grantedCapabilities?: Array<{ can: string; with: string }>;\n}\n\n/**\n * Signed data envelope for sync operations\n */\nexport interface SignedSyncData<T = unknown> {\n payload: T;\n signature: string;\n signer: string;\n algorithm: string;\n signedAt: number;\n}\n","/**\n * Aeon Crypto Provider Interface\n *\n * Abstract interface for cryptographic operations.\n * Aeon core remains zero-dependency - crypto is injected through this interface.\n */\n\nimport type {\n AeonCapabilityResult,\n SignedSyncData,\n SecureNodeInfo,\n} from './types';\n\n/**\n * Abstract crypto provider interface\n *\n * Implementations use @affectively/auth and @affectively/auth\n * or other compatible libraries.\n */\nexport interface ICryptoProvider {\n // ===========================================================================\n // IDENTITY OPERATIONS\n // ===========================================================================\n\n /**\n * Generate a new identity with DID and key pairs\n */\n generateIdentity(displayName?: string): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }>;\n\n /**\n * Get the local identity's DID\n */\n getLocalDID(): string | null;\n\n /**\n * Export local identity's public info for sharing\n */\n exportPublicIdentity(): Promise<SecureNodeInfo | null>;\n\n /**\n * Register a known remote node's public keys\n */\n registerRemoteNode(node: SecureNodeInfo): Promise<void>;\n\n /**\n * Get a remote node's public key\n */\n getRemotePublicKey(did: string): Promise<JsonWebKey | null>;\n\n // ===========================================================================\n // SIGNING OPERATIONS\n // ===========================================================================\n\n /**\n * Sign data with local identity's private key\n */\n sign(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Sign structured data and wrap in SignedSyncData envelope\n */\n signData<T>(data: T): Promise<SignedSyncData<T>>;\n\n /**\n * Verify a signature from a remote node\n */\n verify(\n did: string,\n signature: Uint8Array,\n data: Uint8Array\n ): Promise<boolean>;\n\n /**\n * Verify a SignedSyncData envelope\n */\n verifySignedData<T>(signedData: SignedSyncData<T>): Promise<boolean>;\n\n // ===========================================================================\n // ENCRYPTION OPERATIONS\n // ===========================================================================\n\n /**\n * Encrypt data for a recipient\n */\n encrypt(\n plaintext: Uint8Array,\n recipientDID: string\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt data\n */\n decrypt(\n encrypted: {\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n },\n senderDID?: string\n ): Promise<Uint8Array>;\n\n /**\n * Derive or get a session key for communication with a peer\n */\n getSessionKey(peerDID: string): Promise<Uint8Array>;\n\n /**\n * Encrypt with a session key\n */\n encryptWithSessionKey(\n plaintext: Uint8Array,\n sessionKey: Uint8Array\n ): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }>;\n\n /**\n * Decrypt with a session key\n */\n decryptWithSessionKey(\n encrypted: {\n ct: string;\n iv: string;\n tag: string;\n },\n sessionKey: Uint8Array\n ): Promise<Uint8Array>;\n\n // ===========================================================================\n // UCAN OPERATIONS\n // ===========================================================================\n\n /**\n * Create a UCAN token\n */\n createUCAN(\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n proofs?: string[];\n }\n ): Promise<string>;\n\n /**\n * Verify a UCAN token\n */\n verifyUCAN(\n token: string,\n options?: {\n expectedAudience?: string;\n requiredCapabilities?: Array<{ can: string; with: string }>;\n }\n ): Promise<AeonCapabilityResult>;\n\n /**\n * Delegate capabilities\n */\n delegateCapabilities(\n parentToken: string,\n audience: string,\n capabilities: Array<{ can: string; with: string }>,\n options?: {\n expirationSeconds?: number;\n }\n ): Promise<string>;\n\n // ===========================================================================\n // UTILITY OPERATIONS\n // ===========================================================================\n\n /**\n * Compute hash of data\n */\n hash(data: Uint8Array): Promise<Uint8Array>;\n\n /**\n * Generate random bytes\n */\n randomBytes(length: number): Uint8Array;\n\n /**\n * Check if crypto is properly initialized\n */\n isInitialized(): boolean;\n}\n\n/**\n * Null crypto provider for when crypto is disabled\n *\n * All operations either throw or return permissive defaults.\n */\nexport class NullCryptoProvider implements ICryptoProvider {\n private notConfiguredError(): Error {\n return new Error('Crypto provider not configured');\n }\n\n async generateIdentity(): Promise<{\n did: string;\n publicSigningKey: JsonWebKey;\n publicEncryptionKey?: JsonWebKey;\n }> {\n throw this.notConfiguredError();\n }\n\n getLocalDID(): string | null {\n return null;\n }\n\n async exportPublicIdentity(): Promise<SecureNodeInfo | null> {\n return null;\n }\n\n async registerRemoteNode(): Promise<void> {\n // No-op when crypto disabled\n }\n\n async getRemotePublicKey(): Promise<JsonWebKey | null> {\n return null;\n }\n\n async sign(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async signData<T>(_data: T): Promise<SignedSyncData<T>> {\n throw this.notConfiguredError();\n }\n\n async verify(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async verifySignedData(): Promise<boolean> {\n // Permissive when crypto disabled\n return true;\n }\n\n async encrypt(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n epk?: JsonWebKey;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decrypt(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async getSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async encryptWithSessionKey(): Promise<{\n alg: string;\n ct: string;\n iv: string;\n tag: string;\n encryptedAt: number;\n }> {\n throw this.notConfiguredError();\n }\n\n async decryptWithSessionKey(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n async createUCAN(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async verifyUCAN(): Promise<AeonCapabilityResult> {\n // Permissive when crypto disabled\n return { authorized: true };\n }\n\n async delegateCapabilities(): Promise<string> {\n throw this.notConfiguredError();\n }\n\n async hash(): Promise<Uint8Array> {\n throw this.notConfiguredError();\n }\n\n randomBytes(length: number): Uint8Array {\n // Use crypto.getRandomValues even without full crypto setup\n return crypto.getRandomValues(new Uint8Array(length));\n }\n\n isInitialized(): boolean {\n return false;\n }\n}\n","/**\n * Aeon Transaction Signer Abstraction\n *\n * Keeps sync cryptography (`ICryptoProvider`) decoupled from on-chain write signing.\n * This interface matches custodial signer semantics so server and Aeon callers\n * converge on one contract shape.\n */\n\nexport type HexString = `0x${string}`;\n\nexport type TransactionSignerPayloadMap = Record<string, unknown>;\n\nexport type TransactionSignerExecuteRequest<\n TPayloads extends TransactionSignerPayloadMap,\n TAction extends keyof TPayloads & string = keyof TPayloads & string\n> = {\n action: TAction;\n payload: TPayloads[TAction];\n chainId?: number;\n waitForReceipt?: boolean;\n requestId?: string;\n};\n\nexport type TransactionSignerErrorCode =\n | 'invalid_request'\n | 'signer_unavailable'\n | 'signer_denied'\n | 'tx_failed'\n | 'tx_reverted'\n | 'unauthorized'\n | 'forbidden'\n | 'unknown_action'\n | 'upstream_error';\n\nexport interface TransactionSignerExecuteResponse<\n TAction extends string = string\n> {\n success: boolean;\n action: TAction;\n chainId: number;\n txHash?: HexString;\n receiptStatus?: 'pending' | 'success' | 'reverted';\n signerAddress?: HexString;\n keyVersion?: string;\n errorCode?: TransactionSignerErrorCode;\n errorMessage?: string;\n revertReason?: string;\n}\n\nexport interface TransactionSignerMetadata<TAction extends string = string> {\n action: TAction;\n chainId: number;\n signerAddress: HexString;\n keyVersion: string;\n keyName: string;\n}\n\nexport interface TransactionSignerHealth {\n ok: boolean;\n service: string;\n timestamp: string;\n}\n\nexport interface ITransactionSigner<\n TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> {\n execute<TAction extends keyof TPayloads & string>(\n request: TransactionSignerExecuteRequest<TPayloads, TAction>\n ): Promise<TransactionSignerExecuteResponse<TAction>>;\n\n getSigner<TAction extends keyof TPayloads & string>(\n action: TAction\n ): Promise<TransactionSignerMetadata<TAction>>;\n\n health(): Promise<TransactionSignerHealth>;\n}\n\nexport class NullTransactionSigner<\n TPayloads extends TransactionSignerPayloadMap = TransactionSignerPayloadMap\n> implements ITransactionSigner<TPayloads>\n{\n async execute<TAction extends keyof TPayloads & string>(\n request: TransactionSignerExecuteRequest<TPayloads, TAction>\n ): Promise<TransactionSignerExecuteResponse<TAction>> {\n return {\n success: false,\n action: request.action,\n chainId: request.chainId || 0,\n errorCode: 'signer_unavailable',\n errorMessage: 'Transaction signer not configured',\n };\n }\n\n async getSigner<TAction extends keyof TPayloads & string>(\n action: TAction\n ): Promise<TransactionSignerMetadata<TAction>> {\n throw new Error(\n `Transaction signer metadata unavailable for action: ${action}`\n );\n }\n\n async health(): Promise<TransactionSignerHealth> {\n return {\n ok: false,\n service: 'transaction-signer',\n timestamp: new Date().toISOString(),\n };\n }\n}\n\nexport function createTransactionSignerAdapter<\n TPayloads extends TransactionSignerPayloadMap\n>(contract: ITransactionSigner<TPayloads>): ITransactionSigner<TPayloads> {\n return contract;\n}\n"]}
package/dist/distributed/index.cjs CHANGED
@@ -31,7 +31,8 @@ var logger = {
31
31
  };
32
32
 
33
33
  // src/distributed/SyncCoordinator.ts
34
- var SyncCoordinator = class extends eventemitter3.EventEmitter {
34
+ var SyncCoordinator = class _SyncCoordinator extends eventemitter3.EventEmitter {
35
+ static MAX_SYNC_EVENTS = 1e4;
35
36
  nodes = /* @__PURE__ */ new Map();
36
37
  sessions = /* @__PURE__ */ new Map();
37
38
  syncEvents = [];
@@ -44,6 +45,12 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
44
45
  constructor() {
45
46
  super();
46
47
  }
48
+ addSyncEvent(event) {
49
+ this.syncEvents.push(event);
50
+ if (this.syncEvents.length > _SyncCoordinator.MAX_SYNC_EVENTS) {
51
+ this.syncEvents = this.syncEvents.slice(-_SyncCoordinator.MAX_SYNC_EVENTS);
52
+ }
53
+ }
47
54
  /**
48
55
  * Configure cryptographic provider for authenticated sync
49
56
  */
@@ -83,7 +90,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
83
90
  timestamp: (/* @__PURE__ */ new Date()).toISOString(),
84
91
  data: { did: nodeInfo.did, authenticated: true }
85
92
  };
86
- this.syncEvents.push(event);
93
+ this.addSyncEvent(event);
87
94
  this.emit("node-joined", node);
88
95
  logger.debug("[SyncCoordinator] Authenticated node registered", {
89
96
  nodeId: node.id,
@@ -161,7 +168,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
161
168
  encryptionMode: session.encryptionMode
162
169
  }
163
170
  };
164
- this.syncEvents.push(event);
171
+ this.addSyncEvent(event);
165
172
  this.emit("sync-started", session);
166
173
  logger.debug("[SyncCoordinator] Authenticated sync session created", {
167
174
  sessionId: session.id,
@@ -208,7 +215,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
208
215
  nodeId: node.id,
209
216
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
210
217
  };
211
- this.syncEvents.push(event);
218
+ this.addSyncEvent(event);
212
219
  this.emit("node-joined", node);
213
220
  logger.debug("[SyncCoordinator] Node registered", {
214
221
  nodeId: node.id,
@@ -231,7 +238,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
231
238
  nodeId,
232
239
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
233
240
  };
234
- this.syncEvents.push(event);
241
+ this.addSyncEvent(event);
235
242
  this.emit("node-left", node);
236
243
  logger.debug("[SyncCoordinator] Node deregistered", { nodeId });
237
244
  }
@@ -260,7 +267,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
260
267
  nodeId: initiatorId,
261
268
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
262
269
  };
263
- this.syncEvents.push(event);
270
+ this.addSyncEvent(event);
264
271
  this.emit("sync-started", session);
265
272
  logger.debug("[SyncCoordinator] Sync session created", {
266
273
  sessionId: session.id,
@@ -287,7 +294,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
287
294
  timestamp: (/* @__PURE__ */ new Date()).toISOString(),
288
295
  data: { status: updates.status, itemsSynced: session.itemsSynced }
289
296
  };
290
- this.syncEvents.push(event);
297
+ this.addSyncEvent(event);
291
298
  this.emit("sync-completed", session);
292
299
  }
293
300
  logger.debug("[SyncCoordinator] Sync session updated", {
@@ -310,7 +317,7 @@ var SyncCoordinator = class extends eventemitter3.EventEmitter {
310
317
  timestamp: (/* @__PURE__ */ new Date()).toISOString(),
311
318
  data: conflictData
312
319
  };
313
- this.syncEvents.push(event);
320
+ this.addSyncEvent(event);
314
321
  this.emit("conflict-detected", { session, nodeId, conflictData });
315
322
  logger.debug("[SyncCoordinator] Conflict recorded", {
316
323
  sessionId,