@agentunion/fastaun-browser 0.2.19 → 0.3.0

package/dist/v2/e2ee/types.d.ts

@@ -0,0 +1,57 @@
+/**
+ * AUN E2EE V2: 加解密引擎类型定义
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_p2p` / `encrypt_group` / `decrypt` 对齐。
+ */
+export declare const SUITE_NAME: "P256_HKDF_SHA256_AES_256_GCM";
+/** 发送方身份。 */
+export interface Sender {
+    /** 发送方 AID。 */
+    aid: string;
+    /** 发送方 device_id。 */
+    deviceId: string;
+    /** 32 字节 P-256 私钥标量（AID 主私钥）。 */
+    ikPriv: Uint8Array;
+    /** SPKI DER 编码的公钥（用于签名指纹计算）。 */
+    ikPubDer: Uint8Array;
+}
+/** 接收方目标设备。 */
+export interface Target {
+    aid: string;
+    deviceId: string;
+    /** "peer" | "member" | "self_sync" | "audit" 等。 */
+    role: string;
+    /** "peer_device_prekey" | "group_device_prekey" | "aid_master"。 */
+    keySource: string;
+    /** 接收方 IK 公钥（DER SPKI）。 */
+    ikPkDer: Uint8Array;
+    /** 接收方 SPK 公钥（DER SPKI）；undefined 表示走 1DH 路径。 */
+    spkPkDer?: Uint8Array;
+    /** SPK 标识；3DH 时为非空字符串，1DH 时为空串/未定义。 */
+    spkId?: string;
+}
+/** 接收方集合（P2P）。 */
+export interface TargetSet {
+    /** 普通接收设备。 */
+    targets: Target[];
+    /** 监管方设备（可选）。 */
+    auditRecipients?: Target[];
+}
+/** 加密可选参数。 */
+export interface EncryptOptions {
+    /** 消息 ID；不传则自动生成 `m-{uuid4 hex}`。 */
+    messageId?: string;
+    /** 时间戳（毫秒）；不传则用 Date.now()。 */
+    timestamp?: number;
+    /** 受保护头部（HMAC 签名后附加到 envelope.protected_headers）。 */
+    protectedHeaders?: Record<string, unknown>;
+    /** 上下文元数据（HMAC 签名后附加到 envelope.context）。 */
+    context?: Record<string, unknown>;
+}
+/** Group AAD 中的 state_commitment 子结构。 */
+export interface StateCommitmentAAD {
+    state_version: number;
+    state_hash: string;
+    state_chain: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/v2/e2ee/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,UAAU,EAAG,8BAAuC,CAAC;AAElE,aAAa;AACb,MAAM,WAAW,MAAM;IACrB,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,MAAM,EAAE,UAAU,CAAC;IACnB,gCAAgC;IAChC,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,eAAe;AACf,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,OAAO,EAAE,UAAU,CAAC;IACpB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,uCAAuC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,kBAAkB;AAClB,MAAM,WAAW,SAAS;IACxB,cAAc;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,iBAAiB;IACjB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,cAAc;AACd,MAAM,WAAW,cAAc;IAC7B,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,yCAAyC;AACzC,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/v2/e2ee/types.js

@@ -0,0 +1,7 @@
+/**
+ * AUN E2EE V2: 加解密引擎类型定义
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_p2p` / `encrypt_group` / `decrypt` 对齐。
+ */
+export const SUITE_NAME = 'P256_HKDF_SHA256_AES_256_GCM';
+//# sourceMappingURL=types.js.map

package/dist/v2/e2ee/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/v2/e2ee/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,8BAAuC,CAAC"}

package/dist/v2/session/index.d.ts

@@ -0,0 +1,4 @@
+export { V2KeyStore, V2_DB_NAME, V2_DB_VERSION, V2_STORE_NAME } from './keystore';
+export { V2Session, PEER_KEY_CACHE_TTL_MS, DESTROY_DELAY_MS, RECENT_GENERATIONS, } from './session';
+export type { CallFn, SenderIdentity, DecryptKeys } from './session';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/session/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAClF,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC"}

package/dist/v2/session/index.js

@@ -0,0 +1,3 @@
+export { V2KeyStore, V2_DB_NAME, V2_DB_VERSION, V2_STORE_NAME } from './keystore';
+export { V2Session, PEER_KEY_CACHE_TTL_MS, DESTROY_DELAY_MS, RECENT_GENERATIONS, } from './session';
+//# sourceMappingURL=index.js.map

package/dist/v2/session/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAClF,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,WAAW,CAAC"}

package/dist/v2/session/keystore.d.ts

@@ -0,0 +1,48 @@
+/**
+ * AUN E2EE V2: 设备密钥存储（IndexedDB 持久化）
+ *
+ * 与 Python `aun_core.v2.keystore.V2KeyStore` 行为对齐：
+ * - 每个 `(device_id)` 持有一对 IK 与若干 SPK（按 spk_id 索引）
+ * - SPK 按 created_at 排序，支持 `loadCurrentSPK` / `listRecentSPKIds(n)`
+ *
+ * 浏览器目标：所有 IO 是 async（IndexedDB 事务）。
+ */
+export declare const V2_DB_NAME = "aun_v2";
+export declare const V2_DB_VERSION = 1;
+export declare const V2_STORE_NAME = "v2_device_keys";
+export declare const V2_INDEX_BY_DEVICE_TYPE_CREATED = "by_device_type_created";
+/**
+ * V2 设备密钥持久化存储。复合主键 [device_id, key_type, key_id]。
+ *
+ * 使用 IndexedDB；在浏览器内置 indexedDB 不可用时（如 jsdom）请提前安装
+ * `fake-indexeddb/auto` 作为 polyfill（见 `tests/setup.ts`）。
+ */
+export declare class V2KeyStore {
+    private readonly db;
+    constructor(db: IDBDatabase);
+    /** 打开/创建 V2 keystore 数据库。 */
+    static open(dbName?: string): Promise<V2KeyStore>;
+    /** 关闭数据库连接（测试或释放资源时使用）。 */
+    close(): void;
+    private store;
+    saveSPK(deviceId: string, spkId: string, priv: Uint8Array, pubDer: Uint8Array): Promise<void>;
+    loadSPK(deviceId: string, spkId: string): Promise<Uint8Array | null>;
+    /** 取最新 SPK（按 created_at DESC LIMIT 1）。 */
+    loadCurrentSPK(deviceId: string): Promise<{
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    } | null>;
+    deleteSPK(deviceId: string, spkId: string): Promise<void>;
+    /** 返回最近 N 代 SPK 的 spk_id（按 created_at DESC）。 */
+    listRecentSPKIds(deviceId: string, n: number): Promise<string[]>;
+    listExpiredSPKIds(deviceId: string, maxAgeMs: number): Promise<string[]>;
+    saveIK(deviceId: string, priv: Uint8Array, pubDer: Uint8Array): Promise<void>;
+    loadIK(deviceId: string): Promise<{
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    } | null>;
+    /** 测试用：清空 store。 */
+    _clear(): Promise<void>;
+}
+//# sourceMappingURL=keystore.d.ts.map

package/dist/v2/session/keystore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystore.d.ts","sourceRoot":"","sources":["../../../src/v2/session/keystore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,UAAU,WAAW,CAAC;AACnC,eAAO,MAAM,aAAa,IAAI,CAAC;AAC/B,eAAO,MAAM,aAAa,mBAAmB,CAAC;AAC9C,eAAO,MAAM,+BAA+B,2BAA2B,CAAC;AAaxE;;;;;GAKG;AACH,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAE5C,6BAA6B;WAChB,IAAI,CAAC,MAAM,GAAE,MAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAqBnE,2BAA2B;IAC3B,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,KAAK;IAMP,OAAO,CACX,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,IAAI,CAAC;IAgBV,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAY1E,0CAA0C;IACpC,cAAc,CAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI,CAAC;IAyBpE,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D,gDAAgD;IAC1C,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAuBhE,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA0BxE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB7E,MAAM,CACV,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI,CAAC;IAe3D,oBAAoB;IACd,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAO9B"}

package/dist/v2/session/keystore.js

@@ -0,0 +1,184 @@
+/**
+ * AUN E2EE V2: 设备密钥存储（IndexedDB 持久化）
+ *
+ * 与 Python `aun_core.v2.keystore.V2KeyStore` 行为对齐：
+ * - 每个 `(device_id)` 持有一对 IK 与若干 SPK（按 spk_id 索引）
+ * - SPK 按 created_at 排序，支持 `loadCurrentSPK` / `listRecentSPKIds(n)`
+ *
+ * 浏览器目标：所有 IO 是 async（IndexedDB 事务）。
+ */
+export const V2_DB_NAME = 'aun_v2';
+export const V2_DB_VERSION = 1;
+export const V2_STORE_NAME = 'v2_device_keys';
+export const V2_INDEX_BY_DEVICE_TYPE_CREATED = 'by_device_type_created';
+/**
+ * V2 设备密钥持久化存储。复合主键 [device_id, key_type, key_id]。
+ *
+ * 使用 IndexedDB；在浏览器内置 indexedDB 不可用时（如 jsdom）请提前安装
+ * `fake-indexeddb/auto` 作为 polyfill（见 `tests/setup.ts`）。
+ */
+export class V2KeyStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    /** 打开/创建 V2 keystore 数据库。 */
+    static async open(dbName = V2_DB_NAME) {
+        return new Promise((resolve, reject) => {
+            const req = indexedDB.open(dbName, V2_DB_VERSION);
+            req.onupgradeneeded = () => {
+                const db = req.result;
+                if (!db.objectStoreNames.contains(V2_STORE_NAME)) {
+                    const store = db.createObjectStore(V2_STORE_NAME, {
+                        keyPath: ['device_id', 'key_type', 'key_id'],
+                    });
+                    store.createIndex(V2_INDEX_BY_DEVICE_TYPE_CREATED, ['device_id', 'key_type', 'created_at']);
+                }
+            };
+            req.onsuccess = () => resolve(new V2KeyStore(req.result));
+            req.onerror = () => reject(req.error);
+            req.onblocked = () => reject(new Error('V2KeyStore.open: blocked'));
+        });
+    }
+    /** 关闭数据库连接（测试或释放资源时使用）。 */
+    close() {
+        this.db.close();
+    }
+    store(mode) {
+        return this.db.transaction(V2_STORE_NAME, mode).objectStore(V2_STORE_NAME);
+    }
+    // ---------- SPK ----------
+    async saveSPK(deviceId, spkId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'spk',
+            key_id: spkId,
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'spk', spkId]);
+            req.onsuccess = () => {
+                const r = req.result;
+                // 用 new Uint8Array(...) 拷贝，规避 fake-indexeddb / 跨 realm 实例对象
+                resolve(r ? new Uint8Array(r.private_key) : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 取最新 SPK（按 created_at DESC LIMIT 1）。 */
+    async loadCurrentSPK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (!cursor) {
+                    resolve(null);
+                    return;
+                }
+                const r = cursor.value;
+                resolve({
+                    spkId: r.key_id,
+                    priv: new Uint8Array(r.private_key),
+                    pubDer: new Uint8Array(r.public_key),
+                });
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async deleteSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').delete([deviceId, 'spk', spkId]);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 返回最近 N 代 SPK 的 spk_id（按 created_at DESC）。 */
+    async listRecentSPKIds(deviceId, n) {
+        if (n <= 0)
+            return [];
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor && out.length < n) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async listExpiredSPKIds(deviceId, maxAgeMs) {
+        const cutoff = Date.now() - maxAgeMs;
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', cutoff], false, true);
+            const req = idx.openCursor(range);
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- IK ----------
+    async saveIK(deviceId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'ik',
+            key_id: '',
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadIK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'ik', '']);
+            req.onsuccess = () => {
+                const r = req.result;
+                resolve(r ? { priv: new Uint8Array(r.private_key), pubDer: new Uint8Array(r.public_key) } : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- 测试用 ----------
+    /** 测试用：清空 store。 */
+    async _clear() {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').clear();
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+}
+//# sourceMappingURL=keystore.js.map

package/dist/v2/session/keystore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystore.js","sourceRoot":"","sources":["../../../src/v2/session/keystore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC;AACnC,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AAC9C,MAAM,CAAC,MAAM,+BAA+B,GAAG,wBAAwB,CAAC;AAaxE;;;;;GAKG;AACH,MAAM,OAAO,UAAU;IACQ;IAA7B,YAA6B,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEhD,6BAA6B;IAC7B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAiB,UAAU;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAClD,GAAG,CAAC,eAAe,GAAG,GAAG,EAAE;gBACzB,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBACtB,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,KAAK,GAAG,EAAE,CAAC,iBAAiB,CAAC,aAAa,EAAE;wBAChD,OAAO,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,CAAC;qBAC7C,CAAC,CAAC;oBACH,KAAK,CAAC,WAAW,CACf,+BAA+B,EAC/B,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CACxC,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtC,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,IAAwB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7E,CAAC;IAED,4BAA4B;IAE5B,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,KAAa,EACb,IAAgB,EAChB,MAAkB;QAElB,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,KAAa;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACjE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,4DAA4D;gBAC5D,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc,CAClB,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAoB,CAAC;gBACtC,OAAO,CAAC;oBACN,KAAK,EAAE,CAAC,CAAC,MAAM;oBACf,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;oBACnC,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;iBACrC,CAAC,CAAC;YACL,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,KAAa;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,CAAS;QAChD,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,QAAgB;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,EACzB,KAAK,EAAE,IAAI,CACZ,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,EAAE,CAAC;oBACX,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAgB,EAAE,MAAkB;QACjE,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,EAAE;YACV,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC7D,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,OAAO,CACL,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CACzF,CAAC;YACJ,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAE5B,oBAAoB;IACpB,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC;YAC5C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/v2/session/session.d.ts

@@ -0,0 +1,98 @@
+/**
+ * AUN E2EE V2 Session Manager（浏览器版，全 async）。
+ *
+ * 与 Python `aun_core.v2.session.V2Session` 行为对齐：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），由构造函数注入，不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *     contig_seq >= 该 SPK 引用的最大 seq
+ *  && now - last_seen >= 7 小时
+ *  && 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：`callFn("message.v2.put_peer_pk", ...)`
+ *
+ * 浏览器目标：所有 store 调用均 `await`，签名走 noble（确定性 ECDSA）。
+ */
+import { V2KeyStore } from './keystore';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export declare const PEER_KEY_CACHE_TTL_MS: number;
+/** SPK 销毁安全窗口（毫秒）。 */
+export declare const DESTROY_DELAY_MS: number;
+/** SPK 销毁时保留的最近代数。 */
+export declare const RECENT_GENERATIONS = 7;
+/** SPK 180 天硬上限。 */
+export declare const HARD_LIMIT_MS: number;
+/** 服务端 RPC 调用函数签名（与 Python `call_fn` 等价）。 */
+export type CallFn = (method: string, params: Record<string, unknown>) => Promise<Record<string, unknown> | unknown>;
+/** 加密所需的发送方身份。 */
+export interface SenderIdentity {
+    aid: string;
+    deviceId: string;
+    ikPriv: Uint8Array;
+    ikPubDer: Uint8Array;
+}
+/** 解密所需的私钥。 */
+export interface DecryptKeys {
+    ikPriv: Uint8Array;
+    spkPriv?: Uint8Array;
+}
+export declare class V2Session {
+    private readonly _store;
+    private readonly _deviceId;
+    private readonly _aid;
+    private readonly _ikPriv;
+    private readonly _ikPubDer;
+    private _spkId;
+    private _spkPriv?;
+    private _spkPubDer?;
+    private _registered;
+    private _peerIKCache;
+    private _verifiedSPKs;
+    private _oldSPKMaxSeq;
+    private _nowFn;
+    constructor(store: V2KeyStore, deviceId: string, aid: string, ikPriv: Uint8Array, ikPubDer: Uint8Array);
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn: () => number): void;
+    get deviceId(): string;
+    get aid(): string;
+    get currentSpkId(): string;
+    get currentIkPubDer(): Uint8Array;
+    /** 暴露 store 以便测试（与 Python 同等私有约定）。 */
+    get _storeForTest(): V2KeyStore;
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    ensureKeys(): Promise<void>;
+    private _generateNewSPK;
+    /** SPK 由 AID 私钥（IK）签名背书并上报到 message.v2.put_peer_pk。 */
+    private _registerSPK;
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。幂等。 */
+    ensureRegistered(callFn: CallFn): Promise<void>;
+    /** 返回加密所需的 sender 结构。 */
+    getSenderIdentity(): Promise<SenderIdentity>;
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能 undefined = 已销毁）
+     */
+    getDecryptKeys(spkId: string | null | undefined): Promise<DecryptKeys>;
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId: string | null | undefined): boolean;
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId: string, seq: number): void;
+    /**
+     * contig_seq 已覆盖、超过 7h 安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq
+     * - 自最后一次见到该 spk_id 引用 >= 7 小时
+     * - 不在最近 7 代 SPK 保留窗口内
+     */
+    maybeDestroyOldSPKs(contigSeq: number): Promise<string[]>;
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    rotateSPK(callFn: CallFn): Promise<void>;
+    cachePeerIK(peerAid: string, deviceId: string, ikPubDer: Uint8Array): void;
+    getPeerIK(peerAid: string, deviceId: string): Uint8Array | null;
+    isPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): boolean;
+    markPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): void;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/v2/session/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/v2/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,0BAA0B;AAC1B,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AACpD,sBAAsB;AACtB,eAAO,MAAM,gBAAgB,QAAqB,CAAC;AACnD,sBAAsB;AACtB,eAAO,MAAM,kBAAkB,IAAI,CAAC;AACpC,oBAAoB;AACpB,eAAO,MAAM,aAAa,QAA4B,CAAC;AAEvD,6CAA6C;AAC7C,MAAM,MAAM,MAAM,GAAG,CACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAEhD,kBAAkB;AAClB,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,eAAe;AACf,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB;AA4BD,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAa;IAEvC,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,QAAQ,CAAC,CAAa;IAC9B,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO,CAAC,YAAY,CAA+D;IACnF,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,aAAa,CAA0D;IAC/E,OAAO,CAAC,MAAM,CAAkC;gBAG9C,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,UAAU;IAYtB,kBAAkB;IAClB,SAAS,CAAC,EAAE,EAAE,MAAM,MAAM,GAAG,IAAI;IAIjC,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,GAAG,IAAI,MAAM,CAEhB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,eAAe,IAAI,UAAU,CAEhC;IAED,sCAAsC;IACtC,IAAI,aAAa,IAAI,UAAU,CAE9B;IAED,mCAAmC;IAC7B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;YAYnB,eAAe;IAU7B,uDAAuD;YACzC,YAAY;IAmB1B,4CAA4C;IACtC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOrD,yBAAyB;IACnB,iBAAiB,IAAI,OAAO,CAAC,cAAc,CAAC;IAUlD;;;;;OAKG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IAS5E,6BAA6B;IAC7B,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO;IAIvD,mCAAmC;IACnC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IASnD;;;;;;;OAOG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA2C/D,6CAA6C;IACvC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,IAAI;IAO1E,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAW/D,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAG5E"}