@agentunion/fastaun-browser 0.2.19 → 0.3.0

package/dist/v2/session/session.js

@@ -0,0 +1,270 @@
+/**
+ * AUN E2EE V2 Session Manager（浏览器版，全 async）。
+ *
+ * 与 Python `aun_core.v2.session.V2Session` 行为对齐：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），由构造函数注入，不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *     contig_seq >= 该 SPK 引用的最大 seq
+ *  && now - last_seen >= 7 小时
+ *  && 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：`callFn("message.v2.put_peer_pk", ...)`
+ *
+ * 浏览器目标：所有 store 调用均 `await`，签名走 noble（确定性 ECDSA）。
+ */
+import { generateP256Keypair, ecdsaSignRaw } from '../crypto/index';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export const PEER_KEY_CACHE_TTL_MS = 60 * 60 * 1000; // 1h
+/** SPK 销毁安全窗口（毫秒）。 */
+export const DESTROY_DELAY_MS = 7 * 60 * 60 * 1000; // 7h
+/** SPK 销毁时保留的最近代数。 */
+export const RECENT_GENERATIONS = 7;
+/** SPK 180 天硬上限。 */
+export const HARD_LIMIT_MS = 180 * 24 * 60 * 60 * 1000;
+async function sha256Hex(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    const arr = new Uint8Array(buf);
+    let hex = '';
+    for (let i = 0; i < arr.length; i++)
+        hex += arr[i].toString(16).padStart(2, '0');
+    return hex;
+}
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+function concatBytes(...parts) {
+    let total = 0;
+    for (const p of parts)
+        total += p.length;
+    const out = new Uint8Array(total);
+    let offset = 0;
+    for (const p of parts) {
+        out.set(p, offset);
+        offset += p.length;
+    }
+    return out;
+}
+export class V2Session {
+    _store;
+    _deviceId;
+    _aid;
+    _ikPriv;
+    _ikPubDer;
+    _spkId = '';
+    _spkPriv;
+    _spkPubDer;
+    _registered = false;
+    _peerIKCache = new Map();
+    _verifiedSPKs = new Set();
+    _oldSPKMaxSeq = new Map();
+    _nowFn = () => Date.now();
+    constructor(store, deviceId, aid, ikPriv, ikPubDer) {
+        if (!ikPriv || !ikPubDer) {
+            throw new Error('V2Session requires AID priv/pub keys (IK = AID identity)');
+        }
+        this._store = store;
+        this._deviceId = deviceId;
+        this._aid = aid;
+        this._ikPriv = ikPriv;
+        this._ikPubDer = ikPubDer;
+    }
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn) {
+        this._nowFn = fn;
+    }
+    get deviceId() {
+        return this._deviceId;
+    }
+    get aid() {
+        return this._aid;
+    }
+    get currentSpkId() {
+        return this._spkId;
+    }
+    get currentIkPubDer() {
+        return this._ikPubDer;
+    }
+    /** 暴露 store 以便测试（与 Python 同等私有约定）。 */
+    get _storeForTest() {
+        return this._store;
+    }
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    async ensureKeys() {
+        if (this._spkPriv)
+            return;
+        const cur = await this._store.loadCurrentSPK(this._deviceId);
+        if (cur) {
+            this._spkId = cur.spkId;
+            this._spkPriv = cur.priv;
+            this._spkPubDer = cur.pubDer;
+            return;
+        }
+        await this._generateNewSPK();
+    }
+    async _generateNewSPK() {
+        const [priv, pubDer] = await generateP256Keypair();
+        const hex = await sha256Hex(pubDer);
+        const spkId = `sha256:${hex.substring(0, 16)}`;
+        await this._store.saveSPK(this._deviceId, spkId, priv, pubDer);
+        this._spkId = spkId;
+        this._spkPriv = priv;
+        this._spkPubDer = pubDer;
+    }
+    /** SPK 由 AID 私钥（IK）签名背书并上报到 message.v2.put_peer_pk。 */
+    async _registerSPK(callFn) {
+        const spkTimestamp = Math.floor(this._nowFn() / 1000);
+        const enc = new TextEncoder();
+        const signData = concatBytes(this._spkPubDer, enc.encode(this._spkId), enc.encode(String(spkTimestamp)));
+        const signature = await ecdsaSignRaw(this._ikPriv, signData);
+        await callFn('message.v2.put_peer_pk', {
+            peer_aid: this._aid,
+            key_source: 'peer_device_prekey',
+            spk_id: this._spkId,
+            spk_pk: bytesToBase64(this._spkPubDer),
+            spk_signature: bytesToBase64(signature),
+            spk_timestamp: spkTimestamp,
+        });
+    }
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。幂等。 */
+    async ensureRegistered(callFn) {
+        if (this._registered)
+            return;
+        await this.ensureKeys();
+        await this._registerSPK(callFn);
+        this._registered = true;
+    }
+    /** 返回加密所需的 sender 结构。 */
+    async getSenderIdentity() {
+        await this.ensureKeys();
+        return {
+            aid: this._aid,
+            deviceId: this._deviceId,
+            ikPriv: this._ikPriv,
+            ikPubDer: this._ikPubDer,
+        };
+    }
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能 undefined = 已销毁）
+     */
+    async getDecryptKeys(spkId) {
+        await this.ensureKeys();
+        if (!spkId)
+            return { ikPriv: this._ikPriv };
+        if (spkId === this._spkId)
+            return { ikPriv: this._ikPriv, spkPriv: this._spkPriv };
+        const oldSPK = await this._store.loadSPK(this._deviceId, spkId);
+        if (!oldSPK)
+            return { ikPriv: this._ikPriv };
+        return { ikPriv: this._ikPriv, spkPriv: oldSPK };
+    }
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId) {
+        return Boolean(spkId) && spkId === this._spkId;
+    }
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId, seq) {
+        if (!spkId || spkId === this._spkId)
+            return;
+        const cur = this._oldSPKMaxSeq.get(spkId);
+        const curSeq = cur ? cur.seq : 0;
+        if (seq > curSeq) {
+            this._oldSPKMaxSeq.set(spkId, { seq, lastSeenAt: this._nowFn() });
+        }
+    }
+    /**
+     * contig_seq 已覆盖、超过 7h 安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq
+     * - 自最后一次见到该 spk_id 引用 >= 7 小时
+     * - 不在最近 7 代 SPK 保留窗口内
+     */
+    async maybeDestroyOldSPKs(contigSeq) {
+        const destroyed = [];
+        const now = this._nowFn();
+        let recentKeep;
+        try {
+            recentKeep = new Set(await this._store.listRecentSPKIds(this._deviceId, RECENT_GENERATIONS));
+        }
+        catch {
+            // 列表失败时退化为空集，保持销毁行为可继续推进
+            recentKeep = new Set();
+        }
+        for (const [spkId, info] of Array.from(this._oldSPKMaxSeq.entries())) {
+            if (spkId === this._spkId)
+                continue;
+            if (contigSeq < info.seq)
+                continue;
+            if (now - info.lastSeenAt < DESTROY_DELAY_MS)
+                continue;
+            if (recentKeep.has(spkId))
+                continue;
+            try {
+                await this._store.deleteSPK(this._deviceId, spkId);
+            }
+            catch (err) {
+                // 销毁失败时记录到控制台并跳过本轮，下次再重试
+                // eslint-disable-next-line no-console
+                console.warn('[V2Session] deleteSPK failed', { spkId, err });
+                continue;
+            }
+            this._oldSPKMaxSeq.delete(spkId);
+            destroyed.push(spkId);
+        }
+        // 180 天硬上限：无论是否被引用，超龄 SPK 强制销毁
+        try {
+            const expired = await this._store.listExpiredSPKIds(this._deviceId, HARD_LIMIT_MS);
+            for (const spkId of expired) {
+                if (spkId === this._spkId)
+                    continue;
+                try {
+                    await this._store.deleteSPK(this._deviceId, spkId);
+                }
+                catch {
+                    continue;
+                }
+                this._oldSPKMaxSeq.delete(spkId);
+                if (!destroyed.includes(spkId))
+                    destroyed.push(spkId);
+            }
+        }
+        catch { /* ignore */ }
+        return destroyed;
+    }
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    async rotateSPK(callFn) {
+        await this._generateNewSPK();
+        await this._registerSPK(callFn);
+    }
+    cachePeerIK(peerAid, deviceId, ikPubDer) {
+        this._peerIKCache.set(`${peerAid}#${deviceId}`, {
+            pubDer: ikPubDer,
+            cachedAt: this._nowFn(),
+        });
+    }
+    getPeerIK(peerAid, deviceId) {
+        const key = `${peerAid}#${deviceId}`;
+        const entry = this._peerIKCache.get(key);
+        if (!entry)
+            return null;
+        if (this._nowFn() - entry.cachedAt >= PEER_KEY_CACHE_TTL_MS) {
+            this._peerIKCache.delete(key);
+            return null;
+        }
+        return entry.pubDer;
+    }
+    isPeerSPKVerified(peerAid, deviceId, spkId) {
+        return this._verifiedSPKs.has(`${peerAid}#${deviceId}#${spkId}`);
+    }
+    markPeerSPKVerified(peerAid, deviceId, spkId) {
+        this._verifiedSPKs.add(`${peerAid}#${deviceId}#${spkId}`);
+    }
+}
+//# sourceMappingURL=session.js.map

package/dist/v2/session/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../src/v2/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAGpE,0BAA0B;AAC1B,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK;AAC1D,sBAAsB;AACtB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK;AACzD,sBAAsB;AACtB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC;AACpC,oBAAoB;AACpB,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAsBvD,KAAK,UAAU,SAAS,CAAC,IAAgB;IACvC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,CAAa;IAClC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,GAAG,KAAmB;IACzC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC;IACrB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,OAAO,SAAS;IACH,MAAM,CAAa;IACnB,SAAS,CAAS;IAClB,IAAI,CAAS;IACb,OAAO,CAAa;IACpB,SAAS,CAAa;IAE/B,MAAM,GAAG,EAAE,CAAC;IACZ,QAAQ,CAAc;IACtB,UAAU,CAAc;IACxB,WAAW,GAAG,KAAK,CAAC;IAEpB,YAAY,GAAG,IAAI,GAAG,EAAoD,CAAC;IAC3E,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,aAAa,GAAG,IAAI,GAAG,EAA+C,CAAC;IACvE,MAAM,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEhD,YACE,KAAiB,EACjB,QAAgB,EAChB,GAAW,EACX,MAAkB,EAClB,QAAoB;QAEpB,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,kBAAkB;IAClB,SAAS,CAAC,EAAgB;QACxB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,sCAAsC;IACtC,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC;YACxB,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;YACzB,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;YAC7B,OAAO;QACT,CAAC;QACD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACnD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,UAAU,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;IAC3B,CAAC;IAED,uDAAuD;IAC/C,KAAK,CAAC,YAAY,CAAC,MAAc;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,WAAW,CAC1B,IAAI,CAAC,UAAW,EAChB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EACvB,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CACjC,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC7D,MAAM,MAAM,CAAC,wBAAwB,EAAE;YACrC,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,UAAU,EAAE,oBAAoB;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,aAAa,CAAC,IAAI,CAAC,UAAW,CAAC;YACvC,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC;YACvC,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,iBAAiB;QACrB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,IAAI;YACd,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,cAAc,CAAC,KAAgC;QACnD,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5C,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IACnD,CAAC;IAED,6BAA6B;IAC7B,YAAY,CAAC,KAAgC;QAC3C,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,mCAAmC;IACnC,iBAAiB,CAAC,KAAa,EAAE,GAAW;QAC1C,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1B,IAAI,UAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,GAAG,CAClB,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CACvE,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;YACzB,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,CAAC;QACD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACrE,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;gBAAE,SAAS;YACpC,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnC,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,GAAG,gBAAgB;gBAAE,SAAS;YACvD,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,yBAAyB;gBACzB,sCAAsC;gBACtC,OAAO,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC7D,SAAS;YACX,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YACnF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;oBAAE,SAAS;gBACpC,IAAI,CAAC;oBAAC,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,SAAS;gBAAC,CAAC;gBAC/E,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAAE,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,WAAW,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAoB;QACjE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,EAAE,EAAE;YAC9C,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,QAAgB;QACzC,MAAM,GAAG,GAAG,GAAG,OAAO,IAAI,QAAQ,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,IAAI,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,qBAAqB,EAAE,CAAC;YAC5D,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAED,iBAAiB,CAAC,OAAe,EAAE,QAAgB,EAAE,KAAa;QAChE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,mBAAmB,CAAC,OAAe,EAAE,QAAgB,EAAE,KAAa;QAClE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;CACF"}

package/dist/v2/state/commitment.d.ts

@@ -0,0 +1,10 @@
+export declare const STATE_PREFIX: Uint8Array<ArrayBuffer>;
+/**
+ * 计算 state_commitment（64 hex）。
+ *
+ * @param groupId      群 ID
+ * @param epoch        当前 epoch（uint32 big-endian 编入）
+ * @param statePayload 状态负载（members / audit_aids / admin_set / ...）
+ */
+export declare function computeStateCommitment(groupId: string, epoch: number, statePayload: unknown): Promise<string>;
+//# sourceMappingURL=commitment.d.ts.map

package/dist/v2/state/commitment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.d.ts","sourceRoot":"","sources":["../../../src/v2/state/commitment.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,YAAY,yBAA2C,CAAC;AA0DrE;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,OAAO,GACpB,OAAO,CAAC,MAAM,CAAC,CA2BjB"}

package/dist/v2/state/commitment.js

@@ -0,0 +1,86 @@
+/**
+ * AUN E2EE V2: State Commitment 计算
+ *
+ * 规范引用: §6.2
+ *
+ * state_commitment = SHA256(
+ *   "AUN-V2-SC-v1" || group_id || uint32(epoch) || canonical_json(sorted_payload)
+ * )
+ *
+ * sorted_payload 规则：
+ *  - members 按 aid 排序，每个 member 的 devices 按 device_id 排序
+ *  - audit_aids 排序
+ *  - admin_set.admin_aids 排序
+ *  - recovery_quorum.quorum_aids 排序
+ *
+ * 浏览器实现：使用 WebCrypto subtle.digest('SHA-256')，async。
+ */
+import { canonicalJson } from '../crypto/canonical';
+export const STATE_PREFIX = new TextEncoder().encode('AUN-V2-SC-v1');
+/** 深拷贝（state_payload 仅含 JSON 兼容值） */
+function deepClone(x) {
+    return JSON.parse(JSON.stringify(x));
+}
+function sortPayload(payload) {
+    if (Array.isArray(payload.members)) {
+        payload.members.sort((a, b) => {
+            const ka = a.aid ?? '';
+            const kb = b.aid ?? '';
+            return ka < kb ? -1 : ka > kb ? 1 : 0;
+        });
+        for (const m of payload.members) {
+            if (Array.isArray(m.devices)) {
+                m.devices.sort((a, b) => {
+                    const ka = a.device_id ?? '';
+                    const kb = b.device_id ?? '';
+                    return ka < kb ? -1 : ka > kb ? 1 : 0;
+                });
+            }
+        }
+    }
+    if (Array.isArray(payload.audit_aids))
+        payload.audit_aids.sort();
+    if (payload.admin_set
+        && typeof payload.admin_set === 'object'
+        && Array.isArray(payload.admin_set.admin_aids)) {
+        payload.admin_set.admin_aids.sort();
+    }
+    if (payload.recovery_quorum
+        && typeof payload.recovery_quorum === 'object'
+        && Array.isArray(payload.recovery_quorum.quorum_aids)) {
+        payload.recovery_quorum.quorum_aids.sort();
+    }
+}
+/**
+ * 计算 state_commitment（64 hex）。
+ *
+ * @param groupId      群 ID
+ * @param epoch        当前 epoch（uint32 big-endian 编入）
+ * @param statePayload 状态负载（members / audit_aids / admin_set / ...）
+ */
+export async function computeStateCommitment(groupId, epoch, statePayload) {
+    const sorted = deepClone(statePayload);
+    sortPayload(sorted);
+    const groupBytes = new TextEncoder().encode(groupId);
+    const epochBytes = new Uint8Array(4);
+    // big-endian uint32
+    new DataView(epochBytes.buffer).setUint32(0, epoch >>> 0, false);
+    const payloadBytes = canonicalJson(sorted);
+    const total = STATE_PREFIX.length + groupBytes.length + 4 + payloadBytes.length;
+    const data = new Uint8Array(total);
+    let pos = 0;
+    data.set(STATE_PREFIX, pos);
+    pos += STATE_PREFIX.length;
+    data.set(groupBytes, pos);
+    pos += groupBytes.length;
+    data.set(epochBytes, pos);
+    pos += 4;
+    data.set(payloadBytes, pos);
+    const hashBuf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    const hash = new Uint8Array(hashBuf);
+    let hex = '';
+    for (let i = 0; i < hash.length; i++)
+        hex += hash[i].toString(16).padStart(2, '0');
+    return hex;
+}
+//# sourceMappingURL=commitment.js.map

package/dist/v2/state/commitment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.js","sourceRoot":"","sources":["../../../src/v2/state/commitment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;AAmBrE,qCAAqC;AACrC,SAAS,SAAS,CAAI,CAAI;IACxB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,WAAW,CAAC,OAAqB;IACxC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACvB,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QACH,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;oBACtB,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;oBAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;oBAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IACjE,IACE,OAAO,CAAC,SAAS;WACd,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ;WACrC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,EAC9C,CAAC;QACD,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IACD,IACE,OAAO,CAAC,eAAe;WACpB,OAAO,OAAO,CAAC,eAAe,KAAK,QAAQ;WAC3C,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,EACrD,CAAC;QACD,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAe,EACf,KAAa,EACb,YAAqB;IAErB,MAAM,MAAM,GAAG,SAAS,CAAC,YAA4B,CAAC,CAAC;IACvD,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpB,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,oBAAoB;IACpB,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAE3C,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC;IAChF,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC5B,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC1B,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC1B,GAAG,IAAI,CAAC,CAAC;IACT,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAE5B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IAC3E,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnF,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/v2/state/index.d.ts

@@ -0,0 +1,2 @@
+export { computeStateCommitment, STATE_PREFIX } from './commitment';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/state/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/state/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}

package/dist/v2/state/index.js

@@ -0,0 +1,2 @@
+export { computeStateCommitment, STATE_PREFIX } from './commitment';
+//# sourceMappingURL=index.js.map

package/dist/v2/state/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/state/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}

package/package.json

@@ -1,37 +1,43 @@
-{
-  "name": "@agentunion/fastaun-browser",
-  "version": "0.2.19",
-  "description": "AUN Protocol Core SDK for Browser",
-  "type": "module",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "browser": "dist/index.js",
-  "exports": {
-    ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    }
-  },
-  "license": "Apache-2.0",
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "scripts": {
-    "build": "tsc",
-    "test": "vitest run --environment jsdom",
-    "test:unit": "vitest run --environment jsdom tests/unit",
-    "test:integration": "vitest run --environment jsdom tests/integration",
-    "test:e2e": "npm run build && playwright test --config=playwright.agentid-local.config.ts tests/e2e-browser/e2ee.spec.ts --reporter=line",
-    "test:e2e:smoke": "npm run build && playwright test --config=playwright.agentid-local.config.ts tests/e2e-browser/e2ee.spec.ts --grep \"SDK 创建 AID\" --reporter=line"
-  },
-  "devDependencies": {
-    "@playwright/test": "^1.59.1",
-    "esbuild": "^0.24.0",
-    "fake-indexeddb": "^6.2.5",
-    "jsdom": "^25.0.0",
-    "typescript": "^5.6.0",
-    "vitest": "^2.0.0"
-  }
-}
+{
+  "name": "@agentunion/fastaun-browser",
+  "version": "0.3.0",
+  "description": "AUN Protocol Core SDK for Browser",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "browser": "dist/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "license": "Apache-2.0",
+  "files": [
+    "dist",
+    "_packed_docs",
+    "README.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc && esbuild src/index.ts --bundle --format=esm --outfile=dist/bundle.js --platform=browser --target=es2020",
+    "prepack": "python ../scripts/sync_packed_docs.py js",
+    "test": "vitest run --environment jsdom",
+    "test:unit": "vitest run --environment jsdom tests/unit",
+    "test:integration": "vitest run --environment jsdom --no-file-parallelism --maxWorkers=1 tests/integration",
+    "test:e2e": "npm run build && playwright test --config=playwright.agentid-local.config.ts tests/e2e-browser/v2-p2p.spec.ts tests/e2e-browser/v2-group.spec.ts tests/e2e-browser/v2-thought.spec.ts --reporter=line",
+    "test:e2e:smoke": "npm run build && playwright test --config=playwright.agentid-local.config.ts tests/e2e-browser/v2-p2p.spec.ts --grep \"V2 session 自动初始化\" --reporter=line"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.59.1",
+    "esbuild": "^0.24.0",
+    "fake-indexeddb": "^6.2.5",
+    "jsdom": "^25.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.0.0"
+  },
+  "dependencies": {
+    "@noble/curves": "^2.2.0"
+  }
+}