npm - @agentunion/fastaun-browser - Versions diffs - 0.2.19 → 0.3.0 - Mend

@agentunion/fastaun-browser 0.2.19 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/CHANGELOG.md +50 -0
package/_packed_docs/CHANGELOG.md +50 -0
package/_packed_docs/agent.md/SCHEMA.md +173 -0
package/_packed_docs/agent.md/examples/codeagent-claudecode.md +61 -0
package/_packed_docs/agent.md/examples/human-developer.md +60 -0
package/_packed_docs/agent.md/examples/openclaw-lobster.md +52 -0
package/_packed_docs/agent.md/examples/signed-openclaw-lobster.md +43 -0
package/_packed_docs/protocol/00-/346/200/273/350/247/210/344/270/216/345/210/206/345/261/202.md +205 -0
package/_packed_docs/protocol/00A-/350/256/276/350/256/241/345/216/237/345/210/231-/344/270/272Agent/350/200/214/347/224/237.md +197 -0
package/_packed_docs/protocol/01-/350/272/253/344/273/275/344/270/216/345/207/255/350/257/201/345/215/217/350/256/256-auth.md +549 -0
package/_packed_docs/protocol/02-/350/257/201/344/271/246/344/270/216/344/277/241/344/273/273/344/275/223/347/263/273.md +810 -0
package/_packed_docs/protocol/03-Gateway-/350/277/236/346/216/245/346/250/241/345/274/217.md +262 -0
package/_packed_docs/protocol/04-Peer-/345/255/220/345/215/217/350/256/256.md +180 -0
package/_packed_docs/protocol/05-Relay-/345/255/220/345/215/217/350/256/256.md +164 -0
package/_packed_docs/protocol/06-/346/234/215/345/212/241/345/215/217/350/256/256.md +1135 -0
package/_packed_docs/protocol/07-/351/224/231/350/257/257/347/240/201/344/270/216/347/212/266/346/200/201/346/234/272.md +234 -0
package/_packed_docs/protocol/08-AUN-E2EE-Group.md +900 -0
package/_packed_docs/protocol/08-AUN-E2EE.md +413 -0
package/_packed_docs/protocol/09-/345/256/211/345/205/250/350/200/203/350/231/221.md +316 -0
package/_packed_docs/protocol/10-Group-/345/255/220/345/215/217/350/256/256.md +804 -0
package/_packed_docs/protocol/11-Storage-/345/255/220/345/215/217/350/256/256.md +271 -0
package/_packed_docs/protocol/12-Stream-/345/255/220/345/215/217/350/256/256.md +329 -0
package/_packed_docs/protocol/13-Agent/350/241/214/344/270/272/350/247/204/350/214/203.md +141 -0
package/_packed_docs/protocol/14-/344/272/244/344/272/222/346/234/272/345/210/266-/345/223/215/345/272/224/346/250/241/345/274/217/344/270/216/350/207/252/344/270/273/346/250/241/345/274/217.md +170 -0
package/_packed_docs/protocol/15-/347/246/273/347/272/277/346/216/250/351/200/201/351/200/232/347/237/245/345/215/217/350/256/256.md +419 -0
package/_packed_docs/protocol/README.md +71 -0
package/_packed_docs/protocol/agent.md/SCHEMA.md +118 -0
package/_packed_docs/protocol/agent.md/examples/codeagent-claudecode.md +61 -0
package/_packed_docs/protocol/agent.md/examples/human-developer.md +60 -0
package/_packed_docs/protocol/agent.md/examples/openclaw-lobster.md +52 -0
package/_packed_docs/protocol/aun-docs-guide.md +49 -0
package/_packed_docs/protocol/index.md +124 -0
package/_packed_docs/protocol//350/215/211/346/241/210-agent.md/347/255/276/345/220/215/345/215/217/350/256/256.md +205 -0
package/_packed_docs/protocol//350/215/211/346/241/210-/346/213/222/347/273/235/344/277/241/345/217/267/345/215/217/350/256/256.md +249 -0
package/_packed_docs/protocol//351/231/204/345/275/225A-/346/234/257/350/257/255/350/241/250.md +337 -0
package/_packed_docs/protocol//351/231/204/345/275/225B-/346/211/251/345/261/225/346/200/247/346/214/207/345/215/227.md +80 -0
package/_packed_docs/protocol//351/231/204/345/275/225C-/347/247/201/351/222/245/347/256/241/347/220/206/344/270/216/350/272/253/344/273/275/346/201/242/345/244/215.md +704 -0
package/_packed_docs/protocol//351/231/204/345/275/225D-Root_CA_/346/262/273/347/220/206/346/234/272/345/210/266.md +620 -0
package/_packed_docs/protocol//351/231/204/345/275/225E-Root_CA_/345/207/206/345/205/245/346/265/201/347/250/213.md +605 -0
package/_packed_docs/protocol//351/231/204/345/275/225F-Issuer_CA_/347/224/263/350/257/267/346/265/201/347/250/213.md +548 -0
package/_packed_docs/protocol//351/231/204/345/275/225G-AID_/345/255/244/345/204/277/351/242/204/351/230/262/344/270/216/346/225/221/346/217/264/346/234/272/345/210/266.md +513 -0
package/_packed_docs/protocol//351/231/204/345/275/225H-Identity/346/234/215/345/212/241/345/256/236/347/216/260/346/214/207/345/215/227.md +619 -0
package/_packed_docs/protocol//351/231/204/345/275/225I-/350/267/250/345/237/237/346/266/210/346/201/257/350/267/257/347/224/261/345/256/236/347/216/260/346/214/207/345/215/227.md +492 -0
package/_packed_docs/protocol//351/231/204/345/275/225J-/345/256/242/346/210/267/347/253/257/346/216/245/345/205/245/347/244/272/344/276/213.md +402 -0
package/_packed_docs/protocol//351/231/204/345/275/225K-Agent_Web/345/217/221/347/216/260/345/215/217/350/256/256.md +130 -0
package/_packed_docs/protocol//351/231/204/345/275/225L-E2EE/345/256/236/347/216/260/346/214/207/345/215/227.md +267 -0
package/_packed_docs/protocol//351/231/204/345/275/225M-JWT/350/256/244/350/257/201/345/256/236/347/216/260/346/214/207/345/215/227.md +367 -0
package/_packed_docs/python-sdk-v2-only-changelog.md +189 -0
package/_packed_docs/sdk/01-/345/277/253/351/200/237/345/274/200/345/247/213.md +223 -0
package/_packed_docs/sdk/02-WebSocket/345/215/217/350/256/256.md +354 -0
package/_packed_docs/sdk/03-/346/240/270/345/277/203/346/246/202/345/277/265.md +172 -0
package/_packed_docs/sdk/04-/350/277/236/346/216/245/344/270/216/350/256/244/350/257/201.md +396 -0
package/_packed_docs/sdk/05-E2EE/345/212/240/345/257/206/351/200/232/344/277/241.md +611 -0
package/_packed_docs/sdk/06-API/346/211/213/345/206/214.md +1203 -0
package/_packed_docs/sdk/07-/351/224/231/350/257/257/345/244/204/347/220/206.md +150 -0
package/_packed_docs/sdk/08-/346/234/200/344/275/263/345/256/236/350/267/265.md +89 -0
package/_packed_docs/sdk/09-custody-api-manual.md +445 -0
package/_packed_docs/sdk/09-group-rpc-manual.md +1895 -0
package/_packed_docs/sdk/09-message-rpc-manual.md +597 -0
package/_packed_docs/sdk/09-meta-rpc-manual.md +142 -0
package/_packed_docs/sdk/09-payload-reference.md +702 -0
package/_packed_docs/sdk/09-storage-rpc-manual.md +408 -0
package/_packed_docs/sdk/09-stream-rpc-manual.md +275 -0
package/_packed_docs/sdk/AUN_DOCS_GUIDE.md +72 -0
package/_packed_docs/sdk/INDEX.md +131 -0
package/_packed_docs/sdk/README.md +307 -0
package/dist/auth.d.ts +2 -1
package/dist/auth.d.ts.map +1 -1
package/dist/auth.js +33 -14
package/dist/auth.js.map +1 -1
package/dist/bundle.js +14300 -0
package/dist/client.d.ts +200 -178
package/dist/client.d.ts.map +1 -1
package/dist/client.js +3096 -4019
package/dist/client.js.map +1 -1
package/dist/config.d.ts +0 -4
package/dist/config.d.ts.map +1 -1
package/dist/config.js +0 -4
package/dist/config.js.map +1 -1
package/dist/crypto.d.ts +8 -1
package/dist/crypto.d.ts.map +1 -1
package/dist/crypto.js +114 -1
package/dist/crypto.js.map +1 -1
package/dist/e2ee.d.ts +5 -210
package/dist/e2ee.d.ts.map +1 -1
package/dist/e2ee.js +4 -1379
package/dist/e2ee.js.map +1 -1
package/dist/index.d.ts +7 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +5 -4
package/dist/index.js.map +1 -1
package/dist/namespaces/auth.d.ts +1 -0
package/dist/namespaces/auth.d.ts.map +1 -1
package/dist/namespaces/auth.js +23 -8
package/dist/namespaces/auth.js.map +1 -1
package/dist/protected-headers.d.ts +14 -0
package/dist/protected-headers.d.ts.map +1 -0
package/dist/protected-headers.js +47 -0
package/dist/protected-headers.js.map +1 -0
package/dist/seq-tracker.d.ts +7 -2
package/dist/seq-tracker.d.ts.map +1 -1
package/dist/seq-tracker.js +31 -10
package/dist/seq-tracker.js.map +1 -1
package/dist/transport.d.ts +9 -1
package/dist/transport.d.ts.map +1 -1
package/dist/transport.js +24 -0
package/dist/transport.js.map +1 -1
package/dist/v2/crypto/aead.d.ts +26 -0
package/dist/v2/crypto/aead.d.ts.map +1 -0
package/dist/v2/crypto/aead.js +63 -0
package/dist/v2/crypto/aead.js.map +1 -0
package/dist/v2/crypto/canonical.d.ts +21 -0
package/dist/v2/crypto/canonical.d.ts.map +1 -0
package/dist/v2/crypto/canonical.js +111 -0
package/dist/v2/crypto/canonical.js.map +1 -0
package/dist/v2/crypto/dh-path.d.ts +21 -0
package/dist/v2/crypto/dh-path.d.ts.map +1 -0
package/dist/v2/crypto/dh-path.js +50 -0
package/dist/v2/crypto/dh-path.js.map +1 -0
package/dist/v2/crypto/ecdh.d.ts +19 -0
package/dist/v2/crypto/ecdh.d.ts.map +1 -0
package/dist/v2/crypto/ecdh.js +101 -0
package/dist/v2/crypto/ecdh.js.map +1 -0
package/dist/v2/crypto/ecdsa.d.ts +16 -0
package/dist/v2/crypto/ecdsa.d.ts.map +1 -0
package/dist/v2/crypto/ecdsa.js +52 -0
package/dist/v2/crypto/ecdsa.js.map +1 -0
package/dist/v2/crypto/hkdf.d.ts +21 -0
package/dist/v2/crypto/hkdf.d.ts.map +1 -0
package/dist/v2/crypto/hkdf.js +32 -0
package/dist/v2/crypto/hkdf.js.map +1 -0
package/dist/v2/crypto/index.d.ts +9 -0
package/dist/v2/crypto/index.d.ts.map +1 -0
package/dist/v2/crypto/index.js +8 -0
package/dist/v2/crypto/index.js.map +1 -0
package/dist/v2/crypto/recipients.d.ts +43 -0
package/dist/v2/crypto/recipients.d.ts.map +1 -0
package/dist/v2/crypto/recipients.js +188 -0
package/dist/v2/crypto/recipients.js.map +1 -0
package/dist/v2/e2ee/decrypt.d.ts +13 -0
package/dist/v2/e2ee/decrypt.d.ts.map +1 -0
package/dist/v2/e2ee/decrypt.js +176 -0
package/dist/v2/e2ee/decrypt.js.map +1 -0
package/dist/v2/e2ee/encrypt-group.d.ts +14 -0
package/dist/v2/e2ee/encrypt-group.d.ts.map +1 -0
package/dist/v2/e2ee/encrypt-group.js +196 -0
package/dist/v2/e2ee/encrypt-group.js.map +1 -0
package/dist/v2/e2ee/encrypt-p2p.d.ts +15 -0
package/dist/v2/e2ee/encrypt-p2p.d.ts.map +1 -0
package/dist/v2/e2ee/encrypt-p2p.js +240 -0
package/dist/v2/e2ee/encrypt-p2p.js.map +1 -0
package/dist/v2/e2ee/index.d.ts +9 -0
package/dist/v2/e2ee/index.d.ts.map +1 -0
package/dist/v2/e2ee/index.js +9 -0
package/dist/v2/e2ee/index.js.map +1 -0
package/dist/v2/e2ee/metadata-auth.d.ts +9 -0
package/dist/v2/e2ee/metadata-auth.d.ts.map +1 -0
package/dist/v2/e2ee/metadata-auth.js +60 -0
package/dist/v2/e2ee/metadata-auth.js.map +1 -0
package/dist/v2/e2ee/types.d.ts +57 -0
package/dist/v2/e2ee/types.d.ts.map +1 -0
package/dist/v2/e2ee/types.js +7 -0
package/dist/v2/e2ee/types.js.map +1 -0
package/dist/v2/session/index.d.ts +4 -0
package/dist/v2/session/index.d.ts.map +1 -0
package/dist/v2/session/index.js +3 -0
package/dist/v2/session/index.js.map +1 -0
package/dist/v2/session/keystore.d.ts +48 -0
package/dist/v2/session/keystore.d.ts.map +1 -0
package/dist/v2/session/keystore.js +184 -0
package/dist/v2/session/keystore.js.map +1 -0
package/dist/v2/session/session.d.ts +98 -0
package/dist/v2/session/session.d.ts.map +1 -0
package/dist/v2/session/session.js +270 -0
package/dist/v2/session/session.js.map +1 -0
package/dist/v2/state/commitment.d.ts +10 -0
package/dist/v2/state/commitment.d.ts.map +1 -0
package/dist/v2/state/commitment.js +86 -0
package/dist/v2/state/commitment.js.map +1 -0
package/dist/v2/state/index.d.ts +2 -0
package/dist/v2/state/index.d.ts.map +1 -0
package/dist/v2/state/index.js +2 -0
package/dist/v2/state/index.js.map +1 -0
package/package.json +43 -37

package/_packed_docs/sdk/02-WebSocket/345/215/217/350/256/256.md ADDED Viewed

@@ -0,0 +1,354 @@
+# AUN SDK Python - WebSocket 协议
+本章介绍 AUN Gateway 的 WebSocket 协议细节。掌握这些内容后，可以用任何语言（或直接用 `websockets` 库）实现客户端，不依赖 SDK 的高层 API。
+---
+## 连接握手
+```mermaid
+sequenceDiagram
+    participant C as 客户端
+    participant G as Gateway
+    C->>G: WebSocket 连接
+    G->>C: challenge（nonce, protocol, auth_methods）
+    C->>G: auth.connect（nonce, token, protocol, device, client, delivery_mode, options, capabilities）
+    G->>C: hello-ok（identity, capabilities）
+    Note over C,G: 握手完成，进入双向 RPC / 事件通信
+```
+### (1) challenge — 服务器发送挑战
+连接建立后，Gateway 立即发送：
+```json
+{
+    "jsonrpc": "2.0",
+    "method": "challenge",
+    "params": {
+        "nonce": "随机字符串（防重放）",
+        "server": "kite-gateway",
+        "protocol": { "min": "1.0", "max": "1.0" },
+        "auth_methods": ["pairing_code", "kite_token", "aid"],
+        "capabilities": { ... },
+        "server_time": 1774878000.123
+    }
+}
+```
+### (2) auth.connect — 客户端认证
+客户端回复，携带 token 和从 challenge 中获取的 nonce：
+```json
+{
+    "jsonrpc": "2.0",
+    "id": "rpc-xxxx",
+    "method": "auth.connect",
+    "params": {
+        "nonce": "从 challenge 中获取",
+        "auth": {
+            "method": "kite_token",
+            "token": "authenticate() 返回的 access_token"
+        },
+        "protocol": { "min": "1.0", "max": "1.0" },
+        "device": { "id": "来自 ~/.aun/.device_id", "type": "desktop" },
+        "client": { "slot_id": "slot-a" },
+        "delivery_mode": {
+            "mode": "queue",
+            "routing": "sender_affinity",
+            "affinity_ttl_ms": 300000
+        },
+        "options": { "kind": "long" },
+        "capabilities": {
+            "e2ee": true,
+            "group_e2ee": true
+        }
+    }
+}
+```
+说明：
+- `protocol.min/max` 在 `auth.connect` 阶段完成 Gateway 会话版本协商；详细规则见协议文档 `03-Gateway-连接模式.md`。
+- `device.id` 是设备级稳定标识，Python SDK 默认从 `~/.aun/.device_id` 读取。
+- `client.slot_id` 由应用层显式传入，用于区分同设备上的多个实例槽位。
+- `delivery_mode` 决定该 AID 当前连接的投递语义；同一 AID 的所有在线连接必须保持一致。
+- `options.kind` 声明连接类型：`"long"`（默认）= 长连接，承担服务端推送 / 事件订阅；`"short"` = 短连接，仅用于发送 RPC 并等待响应即断开。同 `(aid, device.id, client.slot_id)` 槽位下，长连接最多 1 条，短连接最多 10 条；短连接不会顶掉长连接。
+- `options.short_ttl_ms` 仅在 `kind="short"` 时有效，可选；服务端兜底超时后主动关闭短连接，防止占名额。
+- `capabilities` 是客户端能力声明；`hello-ok.result.capabilities` 是服务端能力公告，不是双方能力交集。
+### (3) hello-ok — 握手完成
+认证成功后 Gateway 返回：
+```json
+{
+    "jsonrpc": "2.0",
+    "id": "rpc-xxxx",
+    "result": {
+        "status": "ok",
+        "protocol": "1.0",
+        "server_time": 1774878000.456,
+        "authenticated": true,
+        "identity": {
+            "module_id": "gateway-client-xxxx",
+            "role": "agent",
+            "aid": "alice1234.agentid.pub"
+        },
+        "connection": {
+            "id": "conn_gateway-client-xxxx",
+            "device_id": "dev-001",
+            "kind": "long"
+        },
+        "capabilities": { ... }
+    }
+}
+```
+---
+## 消息格式
+所有消息遵循 JSON-RPC 2.0 格式，通过以下规则区分类型：
+| 类型 | 特征 | 示例 |
+|------|------|------|
+| **RPC 请求** | 有 `id` + `method` | `{"id": "rpc-1", "method": "message.send", "params": {...}}` |
+| **RPC 响应** | 有 `id` + `result`/`error` | `{"id": "rpc-1", "result": {...}}` |
+| **事件通知** | 无 `id`，`method` 以 `event/` 开头 | `{"method": "event/message.received", "params": {...}}` |
+### RPC 请求
+```json
+{
+    "jsonrpc": "2.0",
+    "id": "rpc-随机hex",
+    "method": "message.send",
+    "params": {
+        "to": "bob.agentid.pub",
+        "payload": {"type": "text", "text": "Hello"}
+    }
+}
+```
+### RPC 响应
+成功：
+```json
+{
+    "jsonrpc": "2.0",
+    "id": "rpc-随机hex",
+    "result": {
+        "message_id": "uuid",
+        "seq": 1,
+        "status": "delivered"
+    }
+}
+```
+错误：
+```json
+{
+    "jsonrpc": "2.0",
+    "id": "rpc-随机hex",
+    "error": {
+        "code": -32603,
+        "message": "错误描述"
+    }
+}
+```
+### 事件通知
+服务器推送，无 `id` 字段：
+```json
+{
+    "jsonrpc": "2.0",
+    "method": "event/message.received",
+    "params": {
+        "from": "alice.agentid.pub",
+        "to": "bob.agentid.pub",
+        "payload": {"type": "text", "text": "Hello"}
+    }
+}
+```
+---
+## 完整示例
+以下示例仅用 SDK 完成认证，其余所有操作（连接、握手、RPC 调用、事件接收）全部通过裸 WebSocket 实现：
+```python
+import asyncio, json, random, secrets
+from datetime import datetime
+from aun_core import AUNClient
+from aun_core.errors import AUNError, ConnectionError, AuthError
+import websockets
+DOMAIN = "agentid.pub"
+ALICE = f"alice{random.randint(1000,9999)}.{DOMAIN}"
+BOB = f"bob{random.randint(1000,9999)}.{DOMAIN}"
+def ts():
+    return datetime.now().strftime("%H:%M:%S.%f")[:-3]
+def make_rpc(method: str, params: dict) -> tuple[str, str]:
+    """构造 JSON-RPC 2.0 请求，返回 (rpc_id, json_str)"""
+    rpc_id = f"rpc-{secrets.token_hex(4)}"
+    msg = {"jsonrpc": "2.0", "id": rpc_id, "method": method, "params": params}
+    return rpc_id, json.dumps(msg)
+async def authenticate(aid: str) -> dict:
+    """用 SDK 完成 AID 创建和认证，返回 auth 结果（含 access_token + gateway）"""
+    try:
+        client = AUNClient({"aun_path": f"~/.aun/{aid}"})
+        if not client._auth.load_identity_or_none(aid):
+            await client.auth.create_aid({"aid": aid})
+        auth = await client.auth.authenticate({"aid": aid})
+        return auth
+    except AuthError as e:
+        print(f"[错误] 认证失败 ({aid}): {e}")
+        raise
+    except ConnectionError as e:
+        print(f"[错误] 网络连接失败: {e}")
+        raise
+async def ws_connect(gateway_url: str, token: str) -> websockets.ClientConnection:
+    """建立 WebSocket 连接并完成握手（challenge → auth.connect → hello-ok）"""
+    ws = await websockets.connect(gateway_url, ping_interval=None)
+    # 1. 接收 challenge
+    raw = await ws.recv()
+    challenge = json.loads(raw)
+    nonce = challenge["params"]["nonce"]
+    # 2. 发送 auth.connect
+    rpc_id, req = make_rpc("auth.connect", {
+        "nonce": nonce,
+        "auth": {"method": "kite_token", "token": token},
+        "protocol": {"min": "1.0", "max": "1.0"},
+    })
+    await ws.send(req)
+    # 3. 接收 hello-ok
+    raw = await ws.recv()
+    hello = json.loads(raw)
+    if "error" in hello:
+        raise Exception(f"握手失败: {hello['error']}")
+    identity = hello["result"]["identity"]
+    print(f"[{ts()}] 已连接: {identity.get('aid')} (module={identity.get('module_id')})")
+    return ws
+async def ws_call(ws, method: str, params: dict, timeout: float = 10.0) -> dict:
+    """发送 RPC 调用并等待响应（从消息流中匹配 id）"""
+    rpc_id, req = make_rpc(method, params)
+    await ws.send(req)
+    deadline = asyncio.get_event_loop().time() + timeout
+    while True:
+        remaining = deadline - asyncio.get_event_loop().time()
+        if remaining <= 0:
+            raise TimeoutError(f"RPC 超时: {method}")
+        raw = await asyncio.wait_for(ws.recv(), timeout=remaining)
+        msg = json.loads(raw)
+        if msg.get("id") == rpc_id:
+            if "error" in msg:
+                raise Exception(f"RPC 错误: {msg['error']}")
+            return msg.get("result", {})
+async def ws_wait_event(ws, event_name: str, timeout: float = 5.0) -> dict | None:
+    """等待指定事件（method 字段以 event/ 为前缀）"""
+    target = f"event/{event_name}"
+    deadline = asyncio.get_event_loop().time() + timeout
+    while True:
+        remaining = deadline - asyncio.get_event_loop().time()
+        if remaining <= 0:
+            return None
+        try:
+            raw = await asyncio.wait_for(ws.recv(), timeout=remaining)
+        except asyncio.TimeoutError:
+            return None
+        msg = json.loads(raw)
+        if msg.get("method") == target:
+            return msg.get("params", {})
+async def main():
+    alice_ws = None
+    bob_ws = None
+    try:
+        # ── 第一阶段：用 SDK 认证，拿到 token + gateway ──
+        alice_auth = await authenticate(ALICE)
+        bob_auth = await authenticate(BOB)
+        # ── 第二阶段：裸 WebSocket 连接（使用 auth 返回的 gateway）──
+        try:
+            alice_ws = await ws_connect(alice_auth["gateway"], alice_auth["access_token"])
+            bob_ws = await ws_connect(bob_auth["gateway"], bob_auth["access_token"])
+        except Exception as e:
+            print(f"[错误] WebSocket 连接失败: {e}")
+            raise
+        # ── 第三阶段：Alice 发消息 ──
+        try:
+            result = await ws_call(alice_ws, "message.send", {
+                "to": BOB,
+                "payload": {"type": "text", "text": "Hello from Alice (raw WebSocket)!"},
+            })
+            print(f"[{ts()}] [Alice 发送] status={result.get('status')}, seq={result.get('seq')}")
+        except TimeoutError as e:
+            print(f"[错误] RPC 调用超时: {e}")
+        except Exception as e:
+            print(f"[错误] 发送消息失败: {e}")
+        # ── 第四阶段：Bob 等待事件推送 ──
+        event = await ws_wait_event(bob_ws, "message.received", timeout=5.0)
+        if event:
+            print(f"[{ts()}] [Bob 收到事件] {event.get('payload')}")
+        else:
+            # 事件未推送，主动拉取
+            try:
+                pull = await ws_call(bob_ws, "message.pull", {"after_seq": 0, "limit": 10})
+                msgs = pull.get("messages", [])
+                if msgs:
+                    print(f"[{ts()}] [Bob 拉取] 收到 {len(msgs)} 条消息:")
+                    for m in msgs:
+                        print(f"  {m.get('payload')}")
+                else:
+                    print(f"[{ts()}] [Bob] 未收到消息")
+            except Exception as e:
+                print(f"[错误] 拉取消息失败: {e}")
+        print(f"[{ts()}] 完成")
+    except KeyboardInterrupt:
+        print(f"\n[{ts()}] 用户中断")
+    except Exception as e:
+        print(f"[{ts()}] 程序异常: {e}")
+        raise
+    finally:
+        # ── 关闭 WebSocket ──
+        if alice_ws:
+            try:
+                await alice_ws.close()
+            except Exception:
+                pass
+        if bob_ws:
+            try:
+                await bob_ws.close()
+            except Exception:
+                pass
+asyncio.run(main())
+```

package/_packed_docs/sdk/03-/346/240/270/345/277/203/346/246/202/345/277/265.md ADDED Viewed

@@ -0,0 +1,172 @@
+# AUN SDK Python - 核心概念
+---
+## AID (Agent Identity)
+AID 是 Agent 的全局唯一身份，格式为域名形式：`alice.agentid.pub`
+### 特点
+- **本地生成密钥对**：私钥永不离开本地
+- **Issuer / Auth 服务签发证书**：基于 X.509 PKI 体系，Gateway 主要负责接入和转发
+- **双向认证**：ECDSA 挑战-响应，防中间人攻击
+- **多 AID 支持**：一个 `aun_path` 可管理多个 AID，各自数据在 `{aun_path}/AIDs/{aid}/` 下隔离
+### 操作
+```python
+import random
+MY_AID = f"alice-{random.randint(1000,9999)}.agentid.pub"
+# 创建（仅首次）
+await client.auth.create_aid({"aid": MY_AID})
+# 认证
+auth = await client.auth.authenticate({"aid": MY_AID})
+```
+---
+## 连接状态机
+```mermaid
+stateDiagram-v2
+    [*] --> idle
+    idle --> connecting: connect()
+    connecting --> authenticating
+    authenticating --> connected
+    connected --> disconnected: 断线
+    disconnected --> reconnecting: 自动重连
+    reconnecting --> connecting: 重试
+    reconnecting --> terminal_failed: 不可恢复
+    connected --> closed: close()
+    disconnected --> closed: close()
+    closed --> [*]
+```
+| 状态 | 说明 | 可用操作 |
+|------|------|----------|
+| `idle` | 初始状态 | `connect()` |
+| `connecting` | 建立 WebSocket | — |
+| `authenticating` | 双向 ECDSA 认证 | — |
+| `connected` | 正常工作 | `call()`, `ping()`, `close()` |
+| `disconnected` | 已断开 | 自动进入 reconnecting |
+| `reconnecting` | 正在重连 | 自动退避重试 |
+| `terminal_failed` | 重连不可恢复（如证书吊销） | 需重新 `connect()` |
+| `closed` | 已关闭 | 需重新 `connect()` |
+### 状态查询
+```python
+print(client.state)  # "connected"
+print(client.aid)    # "alice.agentid.pub"
+```
+---
+## 认证流程
+AUN 使用双向 ECDSA 挑战-响应认证，防止中间人攻击和重放攻击。
+### 时序图
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Gateway
+    Client->>Gateway: WebSocket Connect
+    Gateway->>Client: challenge (server_nonce)
+    Client->>Gateway: auth.aid_login1 (client_nonce)
+    Gateway->>Client: server_signature + cert_chain
+    Client->>Gateway: auth.aid_login2 (client_signature)
+    Gateway->>Client: access_token (JWT)
+    Client->>Gateway: auth.connect (bearer auth)
+    Gateway->>Client: session OK
+```
+### 关键步骤
+1. **WebSocket 握手**：建立传输层连接
+2. **Challenge**：Gateway 发送会话 challenge nonce
+3. **Login Phase 1**：Client 调用 `auth.aid_login1`，Auth 服务返回签名和 `auth_cert`
+4. **证书验证**：Client 验证 Auth 服务证书链（含 CRL/OCSP 检查）
+5. **Login Phase 2**：Client 对 Auth 服务返回的 nonce 签名，Auth 服务验证后返回 JWT
+6. **Session 建立**：Client 用 JWT 调用 `auth.connect`，建立会话
+### 令牌管理
+- **Access Token**：短期令牌（默认 1 小时），用于 RPC 调用
+- **Refresh Token**：长期令牌（默认 7 天），用于刷新 Access Token
+- **自动刷新**：SDK 在 Access Token 过期前 60 秒自动刷新
+---
+## E2EE (端到端加密)
+### 加密套件
+**P256_HKDF_SHA256_AES_256_GCM**
+- **密钥协商**：ECDH (Elliptic Curve Diffie-Hellman)
+- **密钥派生**：HKDF-SHA256
+- **对称加密**：AES-256-GCM
+- **签名算法**：ECDSA-P256
+### 加密流程
+每条消息独立加密，一消息一密钥，无需在线协商：
+```mermaid
+sequenceDiagram
+    participant Sender
+    participant Gateway
+    participant Receiver
+    Receiver->>Gateway: 上传 prekey（公钥 + 签名）
+    Sender->>Gateway: 获取 Receiver 的 prekey 和证书
+    Note over Sender: 验证 prekey 签名 → 临时 ECDH → message_key
+    Sender->>Gateway: e2ee.encrypted (ciphertext + tag + AAD)
+    Gateway->>Receiver: 推送或 pull
+    Note over Receiver: 用 prekey 私钥 + 临时公钥 → ECDH → message_key → 解密
+```
+### 加密模式
+1. **prekey_ecdh_v2**（优先）：对方有 prekey → 四路 ECDH（ephemeral×prekey + ephemeral×identity + sender×prekey + sender×identity），前向安全
+2. **long_term_key**（降级）：对方无 prekey → 双路 ECDH（ephemeral×recipient_identity + sender×recipient_identity）+ HKDF 派生密钥，无严格前向安全
+> Python SDK 默认 `require_forward_secrecy=true`，无 prekey 时拒绝 long_term_key 降级。
+### AAD (Additional Authenticated Data)
+每条加密消息的 AAD 包含：
+```json
+{
+  "from": "alice.agentid.pub",
+  "to": "bob.agentid.pub",
+  "message_id": "uuid",
+  "timestamp": 1234567890000,
+  "encryption_mode": "prekey_ecdh_v2",
+  "suite": "P256_HKDF_SHA256_AES_256_GCM",
+  "ephemeral_public_key": "base64",
+  "recipient_cert_fingerprint": "sha256:...",
+  "sender_cert_fingerprint": "sha256:...",
+  "prekey_id": "uuid"
+}
+```
+### 防重放
+- **本地 seen set**：E2EEManager 内置，按 `{sender_aid}:{message_id}` 去重
+- **服务端 replay guard**：可选增强，跨进程持久化防重放
+### Prekey 管理
+- SDK 连接时自动上传 prekey，定时轮换（默认每小时）
+- 旧 prekey 私钥本地保留 7 天，确保在途消息可解密