@agentdock/crypto 0.4.0

package/dist/encoding.js

@@ -0,0 +1,55 @@
+/**
+ * Base64 and Base64URL encoding/decoding utilities.
+ *
+ * Uses browser-compatible APIs (no Node.js Buffer dependency).
+ * Works in both browser and Node.js 22+ environments.
+ */
+/**
+ * Encode a Uint8Array to a standard Base64 string.
+ */
+export function encodeBase64(buffer) {
+    if (buffer.length === 0)
+        return '';
+    // Convert Uint8Array to binary string, then use btoa
+    let binary = '';
+    for (let i = 0; i < buffer.length; i++) {
+        binary += String.fromCharCode(buffer[i]);
+    }
+    return btoa(binary);
+}
+/**
+ * Decode a standard Base64 string to a Uint8Array.
+ */
+export function decodeBase64(base64) {
+    if (base64 === '')
+        return new Uint8Array(0);
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+/**
+ * Encode a Uint8Array to a Base64URL string (no padding).
+ *
+ * Base64URL replaces `+` with `-`, `/` with `_`, and strips `=` padding.
+ */
+export function encodeBase64Url(buffer) {
+    const base64 = encodeBase64(buffer);
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+/**
+ * Decode a Base64URL string to a Uint8Array.
+ */
+export function decodeBase64Url(base64url) {
+    if (base64url === '')
+        return new Uint8Array(0);
+    // Convert base64url back to standard base64
+    let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
+    // Restore padding
+    const paddingNeeded = (4 - (base64.length % 4)) % 4;
+    base64 += '='.repeat(paddingNeeded);
+    return decodeBase64(base64);
+}
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAAkB;IAC7C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEnC,qDAAqD;IACrD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAW,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,IAAI,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAkB;IAChD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,SAAiB;IAC/C,IAAI,SAAS,KAAK,EAAE;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAE/C,4CAA4C;IAC5C,IAAI,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,kBAAkB;IAClB,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEpC,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC"}

package/dist/hmac.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Compute HMAC-SHA512 of data using the given key.
+ *
+ * Uses Web Crypto API (globalThis.crypto.subtle) for cross-platform
+ * compatibility between browsers and Node.js 22+.
+ *
+ * @param key  - HMAC key (must be at least 1 byte; will be hashed if > block size)
+ * @param data - Data to authenticate
+ * @returns 64-byte HMAC-SHA512 digest
+ * @throws Error if key is empty (zero-length keys are not supported by Web Crypto API)
+ */
+export declare function hmacSha512(key: Uint8Array, data: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=hmac.d.ts.map

package/dist/hmac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac.d.ts","sourceRoot":"","sources":["../src/hmac.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAcvF"}

package/dist/hmac.js

@@ -0,0 +1,25 @@
+// @agentdock/crypto — HMAC-SHA512 using Web Crypto API
+// Browser + Node.js 22+ compatible (no node:crypto)
+/**
+ * Compute HMAC-SHA512 of data using the given key.
+ *
+ * Uses Web Crypto API (globalThis.crypto.subtle) for cross-platform
+ * compatibility between browsers and Node.js 22+.
+ *
+ * @param key  - HMAC key (must be at least 1 byte; will be hashed if > block size)
+ * @param data - Data to authenticate
+ * @returns 64-byte HMAC-SHA512 digest
+ * @throws Error if key is empty (zero-length keys are not supported by Web Crypto API)
+ */
+export async function hmacSha512(key, data) {
+    if (key.byteLength === 0) {
+        throw new Error('HMAC key must not be empty');
+    }
+    const algorithm = { name: 'HMAC', hash: 'SHA-512' };
+    const cryptoKey = await crypto.subtle.importKey('raw', key, algorithm, false, [
+        'sign',
+    ]);
+    const signature = await crypto.subtle.sign('HMAC', cryptoKey, data);
+    return new Uint8Array(signature);
+}
+//# sourceMappingURL=hmac.js.map

package/dist/hmac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac.js","sourceRoot":"","sources":["../src/hmac.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,oDAAoD;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAe,EAAE,IAAgB;IAChE,IAAI,GAAG,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAW,CAAC;IAE7D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAmB,EAAE,SAAS,EAAE,KAAK,EAAE;QAC5F,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,IAAoB,CAAC,CAAC;IAEpF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;AACnC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { encodeBase64, decodeBase64, encodeBase64Url, decodeBase64Url } from './encoding.js';
+export { getRandomBytes } from './random.js';
+export { encryptAesGcm, decryptAesGcm } from './aes.js';
+export { hmacSha512 } from './hmac.js';
+export { deriveSecretKeyTreeRoot, deriveSecretKeyTreeChild, deriveKey } from './keys.js';
+export type { KeyTreeState } from './keys.js';
+export { authChallenge, signChallenge, verifyChallenge } from './auth.js';
+export type { AuthChallengeResult } from './auth.js';
+export { encryptBox, decryptBox, boxPublicKeyFromSecretKey, generateBoxKeyPair } from './box.js';
+export type { BoxKeyPair } from './box.js';
+export { encryptSecretBox, decryptSecretBox } from './secretbox.js';
+export { deriveContentKeyPair } from './content.js';
+export { generateSessionKeys, unwrapSessionKey, encryptEnvelope, decryptEnvelope, } from './session.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAG7F,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACzF,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC1E,YAAY,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AACjG,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAGpD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,eAAe,GAChB,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,23 @@
+// @agentdock/crypto — E2E encryption for AgentBox
+// Web Crypto API + tweetnacl, browser + Node.js 22+ compatible
+// Base64 encoding/decoding
+export { encodeBase64, decodeBase64, encodeBase64Url, decodeBase64Url } from './encoding.js';
+// Secure random number generation
+export { getRandomBytes } from './random.js';
+// AES-256-GCM encryption/decryption
+export { encryptAesGcm, decryptAesGcm } from './aes.js';
+// HMAC-SHA512
+export { hmacSha512 } from './hmac.js';
+// Key derivation tree
+export { deriveSecretKeyTreeRoot, deriveSecretKeyTreeChild, deriveKey } from './keys.js';
+// Authentication challenge (Ed25519)
+export { authChallenge, signChallenge, verifyChallenge } from './auth.js';
+// NaCl Box encryption (public key / key delivery)
+export { encryptBox, decryptBox, boxPublicKeyFromSecretKey, generateBoxKeyPair } from './box.js';
+// NaCl SecretBox encryption (symmetric / legacy)
+export { encryptSecretBox, decryptSecretBox } from './secretbox.js';
+// Content keypair derivation
+export { deriveContentKeyPair } from './content.js';
+// Session encryption (high-level API)
+export { generateSessionKeys, unwrapSessionKey, encryptEnvelope, decryptEnvelope, } from './session.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,+DAA+D;AAE/D,2BAA2B;AAC3B,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAE7F,kCAAkC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,oCAAoC;AACpC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAExD,cAAc;AACd,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,sBAAsB;AACtB,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGzF,qCAAqC;AACrC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAG1E,kDAAkD;AAClD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAGjG,iDAAiD;AACjD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEpE,6BAA6B;AAC7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,sCAAsC;AACtC,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,eAAe,GAChB,MAAM,cAAc,CAAC"}

package/dist/keys.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Immutable state of a node in the key derivation tree.
+ * Splitting the HMAC-SHA512 output (64 bytes) into:
+ * - key (first 32 bytes): the derived secret key
+ * - chainCode (last 32 bytes): used to derive child keys
+ */
+export type KeyTreeState = {
+    readonly key: Uint8Array;
+    readonly chainCode: Uint8Array;
+};
+/**
+ * Derive the root key tree state from a seed and usage string.
+ *
+ * Formula: HMAC-SHA512(encode(usage + " Master Seed"), seed)
+ * - The HMAC key is the UTF-8 encoding of `usage + " Master Seed"`
+ * - The HMAC data is the raw seed bytes
+ *
+ * @param seed  - Root seed material
+ * @param usage - Purpose string (e.g., "encryption", "authentication")
+ * @returns Root KeyTreeState with key and chainCode
+ */
+export declare function deriveSecretKeyTreeRoot(seed: Uint8Array, usage: string): Promise<KeyTreeState>;
+/**
+ * Derive a child key tree state from a parent chain code and index.
+ *
+ * Formula: HMAC-SHA512(parentChainCode, [0x00, ...encode(index)])
+ * - Prepends a 0x00 byte before the index string encoding
+ *
+ * @param chainCode - Parent node's chain code (32 bytes)
+ * @param index     - Child index identifier string
+ * @returns Child KeyTreeState with key and chainCode
+ */
+export declare function deriveSecretKeyTreeChild(chainCode: Uint8Array, index: string): Promise<KeyTreeState>;
+/**
+ * Convenience function: derive a final key by walking a path from root.
+ *
+ * 1. Derive root from master seed + usage
+ * 2. For each segment in path, derive child from current chainCode
+ * 3. Return the final key (32 bytes)
+ *
+ * @param master - Master seed material
+ * @param usage  - Purpose string for root derivation
+ * @param path   - Array of path segments to walk
+ * @returns Final derived key (32 bytes)
+ */
+export declare function deriveKey(master: Uint8Array, usage: string, path: readonly string[]): Promise<Uint8Array>;
+//# sourceMappingURL=keys.d.ts.map

package/dist/keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":"AAKA;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC,CAAC;AAcF;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,UAAU,EAChB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,YAAY,CAAC,CAIvB;AAED;;;;;;;;;GASG;AACH,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,UAAU,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,YAAY,CAAC,CAQvB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,SAAS,MAAM,EAAE,GACtB,OAAO,CAAC,UAAU,CAAC,CAQrB"}

package/dist/keys.js

@@ -0,0 +1,67 @@
+// @agentdock/crypto — HMAC-SHA512 key derivation tree
+// Compatible with Happy project's key tree pattern, using Web Crypto API
+import { hmacSha512 } from './hmac.js';
+const encoder = new TextEncoder();
+/**
+ * Split a 64-byte HMAC output into key (first 32) and chainCode (last 32).
+ */
+function splitHmacOutput(hmacOutput) {
+    return {
+        key: hmacOutput.slice(0, 32),
+        chainCode: hmacOutput.slice(32, 64),
+    };
+}
+/**
+ * Derive the root key tree state from a seed and usage string.
+ *
+ * Formula: HMAC-SHA512(encode(usage + " Master Seed"), seed)
+ * - The HMAC key is the UTF-8 encoding of `usage + " Master Seed"`
+ * - The HMAC data is the raw seed bytes
+ *
+ * @param seed  - Root seed material
+ * @param usage - Purpose string (e.g., "encryption", "authentication")
+ * @returns Root KeyTreeState with key and chainCode
+ */
+export async function deriveSecretKeyTreeRoot(seed, usage) {
+    const hmacKey = encoder.encode(usage + ' Master Seed');
+    const hmacOutput = await hmacSha512(hmacKey, seed);
+    return splitHmacOutput(hmacOutput);
+}
+/**
+ * Derive a child key tree state from a parent chain code and index.
+ *
+ * Formula: HMAC-SHA512(parentChainCode, [0x00, ...encode(index)])
+ * - Prepends a 0x00 byte before the index string encoding
+ *
+ * @param chainCode - Parent node's chain code (32 bytes)
+ * @param index     - Child index identifier string
+ * @returns Child KeyTreeState with key and chainCode
+ */
+export async function deriveSecretKeyTreeChild(chainCode, index) {
+    const indexBytes = encoder.encode(index);
+    const data = new Uint8Array(1 + indexBytes.byteLength);
+    data[0] = 0x00;
+    data.set(indexBytes, 1);
+    const hmacOutput = await hmacSha512(chainCode, data);
+    return splitHmacOutput(hmacOutput);
+}
+/**
+ * Convenience function: derive a final key by walking a path from root.
+ *
+ * 1. Derive root from master seed + usage
+ * 2. For each segment in path, derive child from current chainCode
+ * 3. Return the final key (32 bytes)
+ *
+ * @param master - Master seed material
+ * @param usage  - Purpose string for root derivation
+ * @param path   - Array of path segments to walk
+ * @returns Final derived key (32 bytes)
+ */
+export async function deriveKey(master, usage, path) {
+    let state = await deriveSecretKeyTreeRoot(master, usage);
+    for (const segment of path) {
+        state = await deriveSecretKeyTreeChild(state.chainCode, segment);
+    }
+    return state.key;
+}
+//# sourceMappingURL=keys.js.map

package/dist/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,yEAAyE;AAEzE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAavC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC;;GAEG;AACH,SAAS,eAAe,CAAC,UAAsB;IAC7C,OAAO;QACL,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAC5B,SAAS,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAgB,EAChB,KAAa;IAEb,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,cAAc,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACnD,OAAO,eAAe,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,KAAa;IAEb,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACvD,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACf,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACrD,OAAO,eAAe,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAkB,EAClB,KAAa,EACb,IAAuB;IAEvB,IAAI,KAAK,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEzD,KAAK,MAAM,OAAO,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC"}

package/dist/random.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Cryptographically secure random number generation.
+ *
+ * Uses the Web Crypto API (globalThis.crypto.getRandomValues),
+ * compatible with both browsers and Node.js 22+.
+ */
+/**
+ * Generate cryptographically secure random bytes.
+ *
+ * @param size - Number of random bytes to generate (0 or more).
+ * @returns A new Uint8Array filled with random bytes.
+ */
+export declare function getRandomBytes(size: number): Uint8Array;
+//# sourceMappingURL=random.d.ts.map

package/dist/random.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"random.d.ts","sourceRoot":"","sources":["../src/random.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAMvD"}

package/dist/random.js

@@ -0,0 +1,20 @@
+/**
+ * Cryptographically secure random number generation.
+ *
+ * Uses the Web Crypto API (globalThis.crypto.getRandomValues),
+ * compatible with both browsers and Node.js 22+.
+ */
+/**
+ * Generate cryptographically secure random bytes.
+ *
+ * @param size - Number of random bytes to generate (0 or more).
+ * @returns A new Uint8Array filled with random bytes.
+ */
+export function getRandomBytes(size) {
+    const buffer = new Uint8Array(size);
+    if (size > 0) {
+        globalThis.crypto.getRandomValues(buffer);
+    }
+    return buffer;
+}
+//# sourceMappingURL=random.js.map

package/dist/random.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"random.js","sourceRoot":"","sources":["../src/random.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/secretbox.d.ts

@@ -0,0 +1,27 @@
+/**
+ * NaCl SecretBox encryption — aligned with Happy.
+ *
+ * Symmetric authenticated encryption (XSalsa20-Poly1305).
+ * Used for legacy encryption mode.
+ *
+ * Bundle format: nonce(24) + ciphertext
+ */
+/**
+ * Encrypt data with a secret key using NaCl SecretBox.
+ *
+ * JSON-serializes the data, then encrypts with XSalsa20-Poly1305.
+ *
+ * @param data - Data to encrypt (will be JSON-serialized)
+ * @param secret - 32-byte secret key
+ * @returns Bundle: nonce(24) + ciphertext
+ */
+export declare function encryptSecretBox(data: unknown, secret: Uint8Array): Uint8Array;
+/**
+ * Decrypt a NaCl SecretBox bundle with a secret key.
+ *
+ * @param bundle - Bundle: nonce(24) + ciphertext
+ * @param secret - 32-byte secret key
+ * @returns Deserialized data, or null if decryption fails
+ */
+export declare function decryptSecretBox(bundle: Uint8Array, secret: Uint8Array): unknown | null;
+//# sourceMappingURL=secretbox.d.ts.map

package/dist/secretbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretbox.d.ts","sourceRoot":"","sources":["../src/secretbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAS9E;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,GAAG,IAAI,CAcvF"}

package/dist/secretbox.js

@@ -0,0 +1,51 @@
+/**
+ * NaCl SecretBox encryption — aligned with Happy.
+ *
+ * Symmetric authenticated encryption (XSalsa20-Poly1305).
+ * Used for legacy encryption mode.
+ *
+ * Bundle format: nonce(24) + ciphertext
+ */
+import nacl from 'tweetnacl';
+import { getRandomBytes } from './random.js';
+/**
+ * Encrypt data with a secret key using NaCl SecretBox.
+ *
+ * JSON-serializes the data, then encrypts with XSalsa20-Poly1305.
+ *
+ * @param data - Data to encrypt (will be JSON-serialized)
+ * @param secret - 32-byte secret key
+ * @returns Bundle: nonce(24) + ciphertext
+ */
+export function encryptSecretBox(data, secret) {
+    const nonce = getRandomBytes(nacl.secretbox.nonceLength);
+    const plaintext = new TextEncoder().encode(JSON.stringify(data));
+    const encrypted = nacl.secretbox(plaintext, nonce, secret);
+    const result = new Uint8Array(nonce.length + encrypted.length);
+    result.set(nonce);
+    result.set(encrypted, nonce.length);
+    return result;
+}
+/**
+ * Decrypt a NaCl SecretBox bundle with a secret key.
+ *
+ * @param bundle - Bundle: nonce(24) + ciphertext
+ * @param secret - 32-byte secret key
+ * @returns Deserialized data, or null if decryption fails
+ */
+export function decryptSecretBox(bundle, secret) {
+    try {
+        if (bundle.length < nacl.secretbox.nonceLength)
+            return null;
+        const nonce = bundle.slice(0, nacl.secretbox.nonceLength);
+        const ciphertext = bundle.slice(nacl.secretbox.nonceLength);
+        const decrypted = nacl.secretbox.open(ciphertext, nonce, secret);
+        if (!decrypted)
+            return null;
+        return JSON.parse(new TextDecoder().decode(decrypted));
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=secretbox.js.map

package/dist/secretbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretbox.js","sourceRoot":"","sources":["../src/secretbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAa,EAAE,MAAkB;IAChE,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC/D,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAkB,EAAE,MAAkB;IACrE,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE5D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAE5D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACjE,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Session encryption — high-level API composing AES-GCM + NaCl Box.
+ *
+ * Provides per-session data encryption key (DEK) generation, wrapping,
+ * unwrapping, and envelope encrypt/decrypt. Compatible with Happy protocol.
+ *
+ * Key flow:
+ *   masterSecret → deriveContentKeyPair → contentPublicKey
+ *   random DEK (32 bytes) → NaCl Box(DEK, contentPublicKey) → wrappedDek
+ *   envelope → AES-256-GCM(DEK) → ciphertext (base64)
+ */
+/**
+ * Generate a per-session data encryption key and wrap it with NaCl Box.
+ *
+ * 1. Derive content keypair from masterSecret
+ * 2. Generate random 32-byte DEK
+ * 3. Wrap DEK: NaCl Box(DEK, contentPublicKey)
+ * 4. Prepend version byte
+ *
+ * @param masterSecret - 32-byte master secret shared between daemon and web
+ * @returns DEK (for local use) and wrappedDekBase64 (for server storage)
+ */
+export declare function generateSessionKeys(masterSecret: Uint8Array): Promise<{
+    readonly dek: Uint8Array;
+    readonly wrappedDekBase64: string;
+}>;
+/**
+ * Unwrap a session DEK using the master secret.
+ *
+ * 1. Base64-decode the wrapped key
+ * 2. Check version byte (must be 0)
+ * 3. Derive content keypair from masterSecret
+ * 4. Decrypt with NaCl Box using content secret key
+ *
+ * @param wrappedDekBase64 - Base64-encoded wrapped key from server
+ * @param masterSecret - Same master secret used during generation
+ * @returns 32-byte DEK, or null if unwrapping fails
+ */
+export declare function unwrapSessionKey(wrappedDekBase64: string, masterSecret: Uint8Array): Promise<Uint8Array | null>;
+/**
+ * Encrypt a SessionEnvelope (or any JSON-serializable value) for transmission.
+ *
+ * @param envelope - Data to encrypt (JSON-serializable)
+ * @param dek - 32-byte data encryption key
+ * @returns Base64-encoded AES-256-GCM ciphertext
+ */
+export declare function encryptEnvelope(envelope: unknown, dek: Uint8Array): Promise<string>;
+/**
+ * Decrypt a base64-encoded ciphertext back to the original data.
+ *
+ * @param ciphertextBase64 - Base64-encoded AES-256-GCM bundle
+ * @param dek - 32-byte data encryption key
+ * @returns Decrypted data, or null if decryption fails
+ */
+export declare function decryptEnvelope(ciphertextBase64: string, dek: Uint8Array): Promise<unknown | null>;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAiBH;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,UAAU,GACvB,OAAO,CAAC;IAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;IAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CAa1E;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CACpC,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE,UAAU,GACvB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAkB5B;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAGzF;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,gBAAgB,EAAE,MAAM,EACxB,GAAG,EAAE,UAAU,GACd,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAWzB"}

package/dist/session.js

@@ -0,0 +1,106 @@
+/**
+ * Session encryption — high-level API composing AES-GCM + NaCl Box.
+ *
+ * Provides per-session data encryption key (DEK) generation, wrapping,
+ * unwrapping, and envelope encrypt/decrypt. Compatible with Happy protocol.
+ *
+ * Key flow:
+ *   masterSecret → deriveContentKeyPair → contentPublicKey
+ *   random DEK (32 bytes) → NaCl Box(DEK, contentPublicKey) → wrappedDek
+ *   envelope → AES-256-GCM(DEK) → ciphertext (base64)
+ */
+import { encryptAesGcm, decryptAesGcm } from './aes.js';
+import { encryptBox, decryptBox } from './box.js';
+import { deriveContentKeyPair } from './content.js';
+import { getRandomBytes } from './random.js';
+import { encodeBase64, decodeBase64 } from './encoding.js';
+/** Current wrapped key version. */
+const WRAPPED_KEY_VERSION = 0;
+/** Expected DEK size in bytes. */
+const DEK_SIZE = 32;
+/** Minimum wrapped key bundle size: version(1) + NaCl Box overhead (32+24+16+32). */
+const MIN_WRAPPED_SIZE = 1 + 32 + 24 + DEK_SIZE;
+/**
+ * Generate a per-session data encryption key and wrap it with NaCl Box.
+ *
+ * 1. Derive content keypair from masterSecret
+ * 2. Generate random 32-byte DEK
+ * 3. Wrap DEK: NaCl Box(DEK, contentPublicKey)
+ * 4. Prepend version byte
+ *
+ * @param masterSecret - 32-byte master secret shared between daemon and web
+ * @returns DEK (for local use) and wrappedDekBase64 (for server storage)
+ */
+export async function generateSessionKeys(masterSecret) {
+    const { publicKey } = await deriveContentKeyPair(masterSecret);
+    const dek = getRandomBytes(DEK_SIZE);
+    // Wrap DEK with NaCl Box
+    const boxBundle = encryptBox(dek, publicKey);
+    // Prepend version byte
+    const wrapped = new Uint8Array(1 + boxBundle.length);
+    wrapped[0] = WRAPPED_KEY_VERSION;
+    wrapped.set(boxBundle, 1);
+    return { dek, wrappedDekBase64: encodeBase64(wrapped) };
+}
+/**
+ * Unwrap a session DEK using the master secret.
+ *
+ * 1. Base64-decode the wrapped key
+ * 2. Check version byte (must be 0)
+ * 3. Derive content keypair from masterSecret
+ * 4. Decrypt with NaCl Box using content secret key
+ *
+ * @param wrappedDekBase64 - Base64-encoded wrapped key from server
+ * @param masterSecret - Same master secret used during generation
+ * @returns 32-byte DEK, or null if unwrapping fails
+ */
+export async function unwrapSessionKey(wrappedDekBase64, masterSecret) {
+    let wrapped;
+    try {
+        wrapped = decodeBase64(wrappedDekBase64);
+    }
+    catch {
+        return null;
+    }
+    if (wrapped.length < MIN_WRAPPED_SIZE)
+        return null;
+    if (wrapped[0] !== WRAPPED_KEY_VERSION)
+        return null;
+    const boxBundle = wrapped.slice(1);
+    const { secretKey } = await deriveContentKeyPair(masterSecret);
+    const dek = decryptBox(boxBundle, secretKey);
+    if (!dek || dek.length !== DEK_SIZE)
+        return null;
+    return dek;
+}
+/**
+ * Encrypt a SessionEnvelope (or any JSON-serializable value) for transmission.
+ *
+ * @param envelope - Data to encrypt (JSON-serializable)
+ * @param dek - 32-byte data encryption key
+ * @returns Base64-encoded AES-256-GCM ciphertext
+ */
+export async function encryptEnvelope(envelope, dek) {
+    const bundle = await encryptAesGcm(envelope, dek);
+    return encodeBase64(bundle);
+}
+/**
+ * Decrypt a base64-encoded ciphertext back to the original data.
+ *
+ * @param ciphertextBase64 - Base64-encoded AES-256-GCM bundle
+ * @param dek - 32-byte data encryption key
+ * @returns Decrypted data, or null if decryption fails
+ */
+export async function decryptEnvelope(ciphertextBase64, dek) {
+    let bundle;
+    try {
+        bundle = decodeBase64(ciphertextBase64);
+    }
+    catch {
+        return null;
+    }
+    if (bundle.length === 0)
+        return null;
+    return decryptAesGcm(bundle, dek);
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE3D,mCAAmC;AACnC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAE9B,kCAAkC;AAClC,MAAM,QAAQ,GAAG,EAAE,CAAC;AAEpB,qFAAqF;AACrF,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC;AAEhD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAAwB;IAExB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAErC,yBAAyB;IACzB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAE7C,uBAAuB;IACvB,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,CAAC,GAAG,mBAAmB,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAE1B,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,gBAAwB,EACxB,YAAwB;IAExB,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,mBAAmB;QAAE,OAAO,IAAI,CAAC;IAEpD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAE/D,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC7C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEjD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,QAAiB,EAAE,GAAe;IACtE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,gBAAwB,EACxB,GAAe;IAEf,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErC,OAAO,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AACpC,CAAC"}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@agentdock/crypto",
+  "version": "0.4.0",
+  "description": "E2E encryption for AgentDock — AES-256-GCM, key derivation, Web Crypto API",
+  "license": "UNLICENSED",
+  "author": "kevin8536945",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  },
+  "dependencies": {
+    "tweetnacl": "^1.0.3",
+    "@agentdock/wire": "0.4.0"
+  },
+  "devDependencies": {
+    "@vitest/coverage-v8": "^3.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src/ && tsc --noEmit",
+    "typecheck": "tsc --noEmit"
+  }
+}