@agentunion/fastaun-browser 0.2.13

package/dist/namespaces/custody.js

@@ -0,0 +1,230 @@
+import { AUNError, ValidationError } from '../errors.js';
+import { isJsonObject } from '../types.js';
+const CUSTODY_HTTP_TIMEOUT_MS = 30_000;
+function issuerDomainFromAid(aid) {
+    const parts = String(aid || '').trim().split('.', 2);
+    return parts.length > 1 ? parts[1] : parts[0] || '';
+}
+function custodyWellKnownUrls(aid, discoveryPort, verifySsl) {
+    const portSuffix = discoveryPort ? `:${discoveryPort}` : '';
+    const issuerDomain = issuerDomainFromAid(aid);
+    const aidUrl = `https://${aid}${portSuffix}/.well-known/aun-custody`;
+    const fallbackUrl = `https://aid_custody.${issuerDomain}${portSuffix}/.well-known/aun-custody`;
+    const urls = verifySsl ? [aidUrl, fallbackUrl] : [fallbackUrl, aidUrl];
+    return [...new Set(urls)];
+}
+function extractCustodyUrl(payload) {
+    for (const key of ['custody_url', 'custodyUrl', 'url']) {
+        const value = String(payload[key] ?? '').trim();
+        if (value)
+            return value;
+    }
+    if (isJsonObject(payload.custody)) {
+        const value = String(payload.custody.url ?? '').trim();
+        if (value)
+            return value;
+    }
+    for (const key of ['custody_services', 'custodyServices', 'services']) {
+        const items = payload[key];
+        if (Array.isArray(items)) {
+            const candidates = items
+                .filter(isJsonObject)
+                .sort((a, b) => Number(a.priority ?? 999) - Number(b.priority ?? 999));
+            for (const item of candidates) {
+                const value = String(item.url ?? '').trim();
+                if (value)
+                    return value;
+            }
+        }
+    }
+    throw new ValidationError('custody well-known missing custody url');
+}
+function normalizeCustodyUrl(url) {
+    const value = String(url ?? '').trim().replace(/\/+$/, '');
+    if (!value)
+        return null;
+    try {
+        const parsed = new URL(value);
+        if ((parsed.protocol !== 'http:' && parsed.protocol !== 'https:') || !parsed.hostname) {
+            return null;
+        }
+        return value;
+    }
+    catch {
+        return null;
+    }
+}
+async function fetchJsonWithTimeout(input, init, timeoutMs = CUSTODY_HTTP_TIMEOUT_MS) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const response = await fetch(input, { ...init, signal: controller.signal });
+        const payload = await response.json();
+        if (response.ok) {
+            return payload;
+        }
+        const error = isJsonObject(payload) && isJsonObject(payload.error) ? payload.error : null;
+        const code = String(error?.code ?? '');
+        const message = String(error?.message ?? '');
+        throw new AUNError(message ? `custody ${code || response.status}: ${message}` : `custody HTTP ${response.status}`);
+    }
+    catch (error) {
+        if (controller.signal.aborted) {
+            throw new AUNError(`custody request timed out after ${timeoutMs}ms`);
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export class CustodyNamespace {
+    _client;
+    _custodyUrl = '';
+    constructor(client) {
+        this._client = client;
+    }
+    get _internal() {
+        return this._client;
+    }
+    setUrl(url) {
+        this._custodyUrl = String(url ?? '').trim().replace(/\/+$/, '');
+    }
+    configureUrl(url) {
+        this.setUrl(url);
+    }
+    async discoverUrl(params = {}) {
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        if (!aid) {
+            throw new ValidationError('custody.discoverUrl requires aid or authenticated client');
+        }
+        let lastError = null;
+        const urls = custodyWellKnownUrls(aid, this._client.configModel.discoveryPort, this._client.configModel.verifySsl);
+        for (const wellKnownUrl of urls) {
+            try {
+                const payload = await fetchJsonWithTimeout(wellKnownUrl, { method: 'GET' }, params.timeout ?? 5_000);
+                if (!isJsonObject(payload)) {
+                    throw new ValidationError('custody well-known returned invalid payload');
+                }
+                const custodyUrl = normalizeCustodyUrl(extractCustodyUrl(payload));
+                if (!custodyUrl) {
+                    throw new ValidationError('custody well-known returned invalid custody url');
+                }
+                this._custodyUrl = custodyUrl;
+                return custodyUrl;
+            }
+            catch (error) {
+                lastError = error;
+            }
+        }
+        throw new AUNError(`custody discovery failed for ${aid}: ${lastError instanceof Error ? lastError.message : String(lastError)}`);
+    }
+    async _resolveCustodyUrl(aid) {
+        const custodyUrl = normalizeCustodyUrl(this._custodyUrl);
+        if (custodyUrl) {
+            if (custodyUrl !== this._custodyUrl) {
+                this._custodyUrl = custodyUrl;
+            }
+            return custodyUrl;
+        }
+        return this.discoverUrl({ aid });
+    }
+    _getAccessToken() {
+        const identity = this._internal._identity;
+        if (identity) {
+            const token = String(identity.access_token ?? '').trim();
+            if (token)
+                return token;
+        }
+        throw new ValidationError('no access_token available: call auth.authenticate() first');
+    }
+    async _post(path, body, opts = {}) {
+        const headers = { 'Content-Type': 'application/json' };
+        const token = String(opts.token ?? '').trim();
+        if (token) {
+            headers.Authorization = `Bearer ${token}`;
+        }
+        const payload = await fetchJsonWithTimeout(`${await this._resolveCustodyUrl(String(body.aid ?? '') || this._client.aid)}${path}`, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+        });
+        if (!isJsonObject(payload)) {
+            throw new AUNError('custody returned invalid JSON payload');
+        }
+        return payload;
+    }
+    async sendCode(params) {
+        const phone = String(params.phone ?? '').trim();
+        const aid = String(params.aid ?? '').trim();
+        if (!phone) {
+            throw new ValidationError('custody.sendCode requires non-empty phone');
+        }
+        const body = { phone };
+        let token = null;
+        if (aid) {
+            body.aid = aid;
+        }
+        else {
+            token = this._getAccessToken();
+        }
+        return this._post('/custody/accounts/send-code', body, { token });
+    }
+    async bindPhone(params) {
+        const phone = String(params.phone ?? '').trim();
+        const code = String(params.code ?? '').trim();
+        const cert = String(params.cert ?? '').trim();
+        const key = String(params.key ?? '').trim();
+        if (!phone || !code || !cert || !key) {
+            throw new ValidationError('custody.bindPhone requires phone, code, cert and key');
+        }
+        const body = { phone, code, cert, key };
+        if (params.metadata && isJsonObject(params.metadata)) {
+            body.metadata = params.metadata;
+        }
+        return this._post('/custody/accounts/bind-phone', body, {
+            token: this._getAccessToken(),
+        });
+    }
+    async restorePhone(params) {
+        const phone = String(params.phone ?? '').trim();
+        const code = String(params.code ?? '').trim();
+        const aid = String(params.aid ?? '').trim();
+        if (!phone || !code || !aid) {
+            throw new ValidationError('custody.restorePhone requires phone, code and aid');
+        }
+        return this._post('/custody/accounts/restore-phone', { phone, code, aid });
+    }
+    async createDeviceCopy(params = {}) {
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        if (!aid) {
+            throw new ValidationError('custody.createDeviceCopy requires aid or authenticated client');
+        }
+        return this._post('/custody/transfers', { aid }, { token: this._getAccessToken() });
+    }
+    async uploadDeviceCopyMaterials(params) {
+        const transferCode = String(params.transferCode ?? '').trim();
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        const cert = String(params.cert ?? '').trim();
+        const key = String(params.key ?? '').trim();
+        if (!transferCode || !aid || !cert || !key) {
+            throw new ValidationError('custody.uploadDeviceCopyMaterials requires transferCode, aid, cert and key');
+        }
+        const body = { aid, cert, key };
+        if (params.metadata && isJsonObject(params.metadata)) {
+            body.metadata = params.metadata;
+        }
+        return this._post(`/custody/transfers/${encodeURIComponent(transferCode)}/materials`, body, {
+            token: this._getAccessToken(),
+        });
+    }
+    async claimDeviceCopy(params) {
+        const aid = String(params.aid ?? '').trim();
+        const transferCode = String(params.transferCode ?? '').trim();
+        if (!aid || !transferCode) {
+            throw new ValidationError('custody.claimDeviceCopy requires aid and transferCode');
+        }
+        return this._post('/custody/transfers/claim', { aid, transfer_code: transferCode });
+    }
+}
+//# sourceMappingURL=custody.js.map

package/dist/namespaces/custody.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"custody.js","sourceRoot":"","sources":["../../src/namespaces/custody.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAmC,MAAM,aAAa,CAAC;AAE5E,MAAM,uBAAuB,GAAG,MAAM,CAAC;AAMvC,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW,EAAE,aAAwC,EAAE,SAAkB;IACrG,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,GAAG,GAAG,UAAU,0BAA0B,CAAC;IACrE,MAAM,WAAW,GAAG,uBAAuB,YAAY,GAAG,UAAU,0BAA0B,CAAC;IAC/F,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAmB;IAC5C,KAAK,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,KAAK,CAAU,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,UAAU,CAAU,EAAE,CAAC;QAC/E,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,KAAK;iBACrB,MAAM,CAAC,YAAY,CAAC;iBACpB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC;YACzE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,KAAK;oBAAE,OAAO,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,IAAI,eAAe,CAAC,wCAAwC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,KAAa,EACb,IAAiB,EACjB,YAAoB,uBAAuB;IAE3C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAe,CAAC;QACnD,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1F,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,IAAI,QAAQ,CAChB,OAAO,CAAC,CAAC,CAAC,WAAW,IAAI,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAC/F,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,QAAQ,CAAC,mCAAmC,SAAS,IAAI,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,OAAO,gBAAgB;IACnB,OAAO,CAAY;IACnB,WAAW,GAAG,EAAE,CAAC;IAEzB,YAAY,MAAiB;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,OAAkC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,YAAY,CAAC,GAAW;QACtB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAAoD,EAAE;QACtE,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,eAAe,CAAC,0DAA0D,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,SAAS,GAAY,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACnH,KAAK,MAAM,YAAY,IAAI,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC;gBACrG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;gBAC3E,CAAC;gBACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAC;gBAC/E,CAAC;gBACD,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;gBAC9B,OAAO,UAAU,CAAC;YACpB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QACD,MAAM,IAAI,QAAQ,CAAC,gCAAgC,GAAG,KAAK,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACnI,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAmB;QAClD,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,UAAU,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;YAChC,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC;IAEO,eAAe;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,MAAM,IAAI,eAAe,CAAC,2DAA2D,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,KAAK,CACjB,IAAY,EACZ,IAAgB,EAChB,OAAkC,EAAE;QAEpC,MAAM,OAAO,GAA2B,EAAC,cAAc,EAAE,kBAAkB,EAAC,CAAC;QAC7E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,CACxC,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EACrF;YACE,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CACF,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,QAAQ,CAAC,uCAAuC,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAA8C;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,eAAe,CAAC,2CAA2C,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,KAAK,EAAC,CAAC;QACjC,IAAI,KAAK,GAAkB,IAAI,CAAC;QAChC,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACjC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,6BAA6B,EAAE,IAAI,EAAE,EAAC,KAAK,EAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAMf;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACrC,MAAM,IAAI,eAAe,CAAC,sDAAsD,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC;QAClD,IAAI,MAAM,CAAC,QAAQ,IAAI,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE,IAAI,EAAE;YACtD,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,eAAe,CAAC,mDAAmD,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,SAAkC,EAAE;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,eAAe,CAAC,+DAA+D,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAC,GAAG,EAAC,EAAE,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,EAAC,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,MAM/B;QACC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,YAAY,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3C,MAAM,IAAI,eAAe,CAAC,4EAA4E,CAAC,CAAC;QAC1G,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,QAAQ,IAAI,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,sBAAsB,kBAAkB,CAAC,YAAY,CAAC,YAAY,EAAE,IAAI,EAAE;YAC1F,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAGrB;QACC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,eAAe,CAAC,uDAAuD,CAAC,CAAC;QACrF,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAC,GAAG,EAAE,aAAa,EAAE,YAAY,EAAC,CAAC,CAAC;IACpF,CAAC;CACF"}

package/dist/secret-store/index.d.ts

@@ -0,0 +1,20 @@
+import type { SecretRecord } from '../types.js';
+/**
+ * 密钥保护存储接口。
+ *
+ * 浏览器环境下所有方法均为异步（SubtleCrypto / IndexedDB 要求），
+ * 与 Python SDK 的同步接口不同。
+ */
+export interface SecretStore {
+    /** 保护（加密）敏感数据 */
+    protect(scope: string, name: string, plaintext: Uint8Array): Promise<SecretRecord>;
+    /** 还原（解密）敏感数据 */
+    reveal(scope: string, name: string, record: SecretRecord): Promise<Uint8Array | null>;
+}
+/**
+ * 创建默认 SecretStore 实例。
+ *
+ * 浏览器环境下使用 IndexedDBSecretStore（基于 PBKDF2 + AES-256-GCM）。
+ */
+export declare function createDefaultSecretStore(encryptionSeed?: string | null): Promise<SecretStore>;
+//# sourceMappingURL=index.d.ts.map

package/dist/secret-store/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/secret-store/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,iBAAiB;IACjB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACnF,iBAAiB;IACjB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvF;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,GAC7B,OAAO,CAAC,WAAW,CAAC,CAItB"}

package/dist/secret-store/index.js

@@ -0,0 +1,12 @@
+// ── SecretStore 接口定义（浏览器版 — 全异步）──────────────
+/**
+ * 创建默认 SecretStore 实例。
+ *
+ * 浏览器环境下使用 IndexedDBSecretStore（基于 PBKDF2 + AES-256-GCM）。
+ */
+export async function createDefaultSecretStore(encryptionSeed) {
+    // 延迟导入，避免循环依赖
+    const { IndexedDBSecretStore } = await import('./indexeddb-store.js');
+    return new IndexedDBSecretStore(encryptionSeed ?? undefined);
+}
+//# sourceMappingURL=index.js.map

package/dist/secret-store/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/secret-store/index.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAiBhD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,cAA8B;IAE9B,cAAc;IACd,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACtE,OAAO,IAAI,oBAAoB,CAAC,cAAc,IAAI,SAAS,CAAC,CAAC;AAC/D,CAAC"}

package/dist/secret-store/indexeddb-store.d.ts

@@ -0,0 +1,22 @@
+import type { SecretStore } from './index.js';
+import type { SecretRecord } from '../types.js';
+/**
+ * 基于 IndexedDB + SubtleCrypto 的 SecretStore。
+ *
+ * 使用 PBKDF2 从种子派生主密钥，AES-256-GCM 加解密。
+ * 主密钥存储在 IndexedDB 的 'master' 仓库中（首次自动生成）。
+ */
+export declare class IndexedDBSecretStore implements SecretStore {
+    private _encryptionSeed;
+    private _masterKeyPromise;
+    constructor(encryptionSeed?: string);
+    /** 获取或生成主密钥（惰性初始化，只初始化一次） */
+    private _getMasterKey;
+    private _initMasterKey;
+    private _deriveKeyFromSeed;
+    /** 加密并存储 */
+    protect(scope: string, name: string, plaintext: Uint8Array): Promise<SecretRecord>;
+    /** 解密还原 */
+    reveal(scope: string, name: string, record: SecretRecord): Promise<Uint8Array | null>;
+}
+//# sourceMappingURL=indexeddb-store.d.ts.map

package/dist/secret-store/indexeddb-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"indexeddb-store.d.ts","sourceRoot":"","sources":["../../src/secret-store/indexeddb-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAmDhD;;;;;GAKG;AACH,qBAAa,oBAAqB,YAAW,WAAW;IACtD,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,iBAAiB,CAAmC;gBAEhD,cAAc,CAAC,EAAE,MAAM;IAInC,6BAA6B;IAC7B,OAAO,CAAC,aAAa;YAOP,cAAc;YAoBd,kBAAkB;IAwBhC,YAAY;IACN,OAAO,CACX,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,YAAY,CAAC;IAyBxB,WAAW;IACL,MAAM,CACV,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CAwB9B"}

package/dist/secret-store/indexeddb-store.js

@@ -0,0 +1,133 @@
+// ── IndexedDB SecretStore 实现 ──────────────────────────
+import { uint8ToBase64, base64ToUint8, toBufferSource } from '../crypto.js';
+const SECRET_DB_NAME = 'aun-secret-store';
+const SECRET_DB_VERSION = 1;
+const STORE_SECRETS = 'secrets';
+const STORE_MASTER = 'master';
+/** 打开 secret store 数据库 */
+function openSecretDB() {
+    return new Promise((resolve, reject) => {
+        const request = indexedDB.open(SECRET_DB_NAME, SECRET_DB_VERSION);
+        request.onupgradeneeded = () => {
+            const db = request.result;
+            if (!db.objectStoreNames.contains(STORE_SECRETS)) {
+                db.createObjectStore(STORE_SECRETS);
+            }
+            if (!db.objectStoreNames.contains(STORE_MASTER)) {
+                db.createObjectStore(STORE_MASTER);
+            }
+        };
+        request.onsuccess = () => resolve(request.result);
+        request.onerror = () => reject(request.error);
+    });
+}
+/** 读取 */
+async function secretGet(storeName, key) {
+    const db = await openSecretDB();
+    return new Promise((resolve, reject) => {
+        const tx = db.transaction(storeName, 'readonly');
+        const store = tx.objectStore(storeName);
+        const req = store.get(key);
+        req.onsuccess = () => resolve(req.result ?? null);
+        req.onerror = () => reject(req.error);
+        tx.oncomplete = () => db.close();
+    });
+}
+/** 写入 */
+async function secretPut(storeName, key, value) {
+    const db = await openSecretDB();
+    return new Promise((resolve, reject) => {
+        const tx = db.transaction(storeName, 'readwrite');
+        const store = tx.objectStore(storeName);
+        const req = store.put(value, key);
+        req.onsuccess = () => resolve();
+        req.onerror = () => reject(req.error);
+        tx.oncomplete = () => db.close();
+    });
+}
+/**
+ * 基于 IndexedDB + SubtleCrypto 的 SecretStore。
+ *
+ * 使用 PBKDF2 从种子派生主密钥，AES-256-GCM 加解密。
+ * 主密钥存储在 IndexedDB 的 'master' 仓库中（首次自动生成）。
+ */
+export class IndexedDBSecretStore {
+    _encryptionSeed;
+    _masterKeyPromise = null;
+    constructor(encryptionSeed) {
+        this._encryptionSeed = encryptionSeed;
+    }
+    /** 获取或生成主密钥（惰性初始化，只初始化一次） */
+    _getMasterKey() {
+        if (!this._masterKeyPromise) {
+            this._masterKeyPromise = this._initMasterKey();
+        }
+        return this._masterKeyPromise;
+    }
+    async _initMasterKey() {
+        // 如果提供了 encryptionSeed，通过 PBKDF2 派生
+        if (this._encryptionSeed) {
+            return this._deriveKeyFromSeed(this._encryptionSeed);
+        }
+        // 否则尝试从 IndexedDB 加载已有的种子
+        const storedSeed = await secretGet(STORE_MASTER, 'seed');
+        if (typeof storedSeed === 'string' && storedSeed) {
+            return this._deriveKeyFromSeed(storedSeed);
+        }
+        // 首次使用：生成随机种子并持久化
+        const seedBytes = new Uint8Array(32);
+        crypto.getRandomValues(seedBytes);
+        const seed = uint8ToBase64(seedBytes);
+        await secretPut(STORE_MASTER, 'seed', seed);
+        return this._deriveKeyFromSeed(seed);
+    }
+    async _deriveKeyFromSeed(seed) {
+        const encoder = new TextEncoder();
+        const keyMaterial = await crypto.subtle.importKey('raw', toBufferSource(encoder.encode(seed)), 'PBKDF2', false, ['deriveKey']);
+        return crypto.subtle.deriveKey({
+            name: 'PBKDF2',
+            salt: toBufferSource(encoder.encode('aun-secret-store-salt')),
+            iterations: 100000,
+            hash: 'SHA-256',
+        }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+    }
+    /** 加密并存储 */
+    async protect(scope, name, plaintext) {
+        const masterKey = await this._getMasterKey();
+        const iv = new Uint8Array(12);
+        crypto.getRandomValues(iv);
+        const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: toBufferSource(iv) }, masterKey, toBufferSource(plaintext));
+        const record = {
+            scheme: 'indexeddb_aes_gcm',
+            name,
+            iv: uint8ToBase64(iv),
+            ciphertext: uint8ToBase64(new Uint8Array(ciphertext)),
+            persisted: true,
+        };
+        const storeKey = `${scope}:${name}`;
+        await secretPut(STORE_SECRETS, storeKey, record);
+        return record;
+    }
+    /** 解密还原 */
+    async reveal(scope, name, record) {
+        if (record.scheme !== 'indexeddb_aes_gcm')
+            return null;
+        if (String(record.name ?? '') !== name)
+            return null;
+        const ivB64 = record.iv;
+        const ctB64 = record.ciphertext;
+        if (!ivB64 || !ctB64)
+            return null;
+        try {
+            const masterKey = await this._getMasterKey();
+            const iv = base64ToUint8(ivB64);
+            const ciphertext = base64ToUint8(ctB64);
+            const plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: toBufferSource(iv) }, masterKey, toBufferSource(ciphertext));
+            return new Uint8Array(plaintext);
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=indexeddb-store.js.map

package/dist/secret-store/indexeddb-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"indexeddb-store.js","sourceRoot":"","sources":["../../src/secret-store/indexeddb-store.ts"],"names":[],"mappings":"AAAA,yDAAyD;AAGzD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG5E,MAAM,cAAc,GAAG,kBAAkB,CAAC;AAC1C,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,aAAa,GAAG,SAAS,CAAC;AAChC,MAAM,YAAY,GAAG,QAAQ,CAAC;AAE9B,0BAA0B;AAC1B,SAAS,YAAY;IACnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;QAClE,OAAO,CAAC,eAAe,GAAG,GAAG,EAAE;YAC7B,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjD,EAAE,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;YACtC,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChD,EAAE,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,CAAC;QACF,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS;AACT,KAAK,UAAU,SAAS,CAAC,SAAiB,EAAE,GAAW;IACrD,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;QAClD,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,EAAE,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS;AACT,KAAK,UAAU,SAAS,CAAC,SAAiB,EAAE,GAAW,EAAE,KAA4B;IACnF,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAClC,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,EAAE,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,oBAAoB;IACvB,eAAe,CAAqB;IACpC,iBAAiB,GAA8B,IAAI,CAAC;IAE5D,YAAY,cAAuB;QACjC,IAAI,CAAC,eAAe,GAAG,cAAc,CAAC;IACxC,CAAC;IAED,6BAA6B;IACrB,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,oCAAoC;QACpC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QAED,kBAAkB;QAClB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,SAAS,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,IAAY;QAC3C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EACpC,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;QAEF,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAC7D,UAAU,EAAE,MAAM;YAClB,IAAI,EAAE,SAAS;SAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;IACJ,CAAC;IAED,YAAY;IACZ,KAAK,CAAC,OAAO,CACX,KAAa,EACb,IAAY,EACZ,SAAqB;QAErB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC9B,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAE3B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,EAAE,EAC3C,SAAS,EACT,cAAc,CAAC,SAAS,CAAC,CAC1B,CAAC;QAEF,MAAM,MAAM,GAAG;YACb,MAAM,EAAE,mBAAmB;YAC3B,IAAI;YACJ,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC;YACrB,UAAU,EAAE,aAAa,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;YACrD,SAAS,EAAE,IAAI;SAChB,CAAC;QAEF,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,IAAI,EAAE,CAAC;QACpC,MAAM,SAAS,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEjD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,WAAW;IACX,KAAK,CAAC,MAAM,CACV,KAAa,EACb,IAAY,EACZ,MAAoB;QAEpB,IAAI,MAAM,CAAC,MAAM,KAAK,mBAAmB;YAAE,OAAO,IAAI,CAAC;QACvD,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAEpD,MAAM,KAAK,GAAG,MAAM,CAAC,EAAY,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAoB,CAAC;QAC1C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAElC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC7C,MAAM,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YAExC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,EAAE,EAC3C,SAAS,EACT,cAAc,CAAC,UAAU,CAAC,CAC3B,CAAC;YAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/seq-tracker.d.ts

@@ -0,0 +1,30 @@
+import type { JsonObject } from './types.js';
+export declare class SeqTracker {
+    private _trackers;
+    private _get;
+    getContiguousSeq(ns: string): number;
+    getMaxSeenSeq(ns: string): number;
+    /** S2: 从持久化（keystore 最近 ack seq）恢复 baseline，
+     *  以便首条 push 消息能构造 [baseline+1, seq-1] 的历史 gap。
+     *  必须在收到首条消息前调用。 */
+    setBaseline(ns: string, baselineSeq: number): void;
+    /** 记录收到的 seq，返回 true 表示需要 pull 补齐空洞 */
+    onMessageSeq(ns: string, seq: number): boolean;
+    /** pull 返回后更新 tracker 状态 */
+    onPullResult(ns: string, messages: JsonObject[]): void;
+    private _tryAdvance;
+    private _shouldProbe;
+    /** S2: 服务端明确告知某区间无消息（tombstone）→ 将 gap 标记为 resolved */
+    markGapResolvedByTombstone(ns: string, gapStart: number, gapEnd: number): void;
+    /** 删除指定命名空间的所有跟踪状态（群组解散时使用） */
+    removeNamespace(ns: string): void;
+    /** 强制跳过不连续区间，将 contiguousSeq 拨到指定位置。
+     *  当服务端返回 server_ack_seq 且本地 contiguousSeq 落后时调用，
+     *  跳过 [contiguousSeq, server_ack_seq) 这段不连续区间。 */
+    forceContiguousSeq(ns: string, seq: number): void;
+    /** 导出各命名空间的 contiguousSeq，用于持久化 */
+    exportState(): Record<string, number>;
+    /** 从持久化数据恢复各命名空间的 contiguousSeq */
+    restoreState(state: Record<string, number>): void;
+}
+//# sourceMappingURL=seq-tracker.d.ts.map

package/dist/seq-tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seq-tracker.d.ts","sourceRoot":"","sources":["../src/seq-tracker.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AA8B7C,qBAAa,UAAU;IACrB,OAAO,CAAC,SAAS,CAAwC;IAEzD,OAAO,CAAC,IAAI;IASZ,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM;IAIpC,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM;IAIjC;;wBAEoB;IACpB,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IASlD,uCAAuC;IACvC,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO;IAyD9C,4BAA4B;IAC5B,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,IAAI;IAoCtD,OAAO,CAAC,WAAW;IAoBnB,OAAO,CAAC,YAAY;IASpB,uDAAuD;IACvD,0BAA0B,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAU9E,+BAA+B;IAC/B,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIjC;;sDAEkD;IAClD,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IAmBjD,mCAAmC;IACnC,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAQrC,mCAAmC;IACnC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;CASlD"}