@agentunion/fastaun-browser 0.2.20 → 0.3.0

package/dist/v2/e2ee/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,UAAU,EAAG,8BAAuC,CAAC;AAElE,aAAa;AACb,MAAM,WAAW,MAAM;IACrB,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,MAAM,EAAE,UAAU,CAAC;IACnB,gCAAgC;IAChC,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,eAAe;AACf,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,OAAO,EAAE,UAAU,CAAC;IACpB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,uCAAuC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,kBAAkB;AAClB,MAAM,WAAW,SAAS;IACxB,cAAc;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,iBAAiB;IACjB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,cAAc;AACd,MAAM,WAAW,cAAc;IAC7B,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,yCAAyC;AACzC,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/v2/e2ee/types.js

@@ -0,0 +1,7 @@
+/**
+ * AUN E2EE V2: 加解密引擎类型定义
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_p2p` / `encrypt_group` / `decrypt` 对齐。
+ */
+export const SUITE_NAME = 'P256_HKDF_SHA256_AES_256_GCM';
+//# sourceMappingURL=types.js.map

package/dist/v2/e2ee/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/v2/e2ee/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,8BAAuC,CAAC"}

package/dist/v2/session/index.d.ts

@@ -0,0 +1,4 @@
+export { V2KeyStore, V2_DB_NAME, V2_DB_VERSION, V2_STORE_NAME } from './keystore';
+export { V2Session, PEER_KEY_CACHE_TTL_MS, DESTROY_DELAY_MS, RECENT_GENERATIONS, } from './session';
+export type { CallFn, SenderIdentity, DecryptKeys } from './session';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/session/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAClF,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC"}

package/dist/v2/session/index.js

@@ -0,0 +1,3 @@
+export { V2KeyStore, V2_DB_NAME, V2_DB_VERSION, V2_STORE_NAME } from './keystore';
+export { V2Session, PEER_KEY_CACHE_TTL_MS, DESTROY_DELAY_MS, RECENT_GENERATIONS, } from './session';
+//# sourceMappingURL=index.js.map

package/dist/v2/session/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAClF,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,WAAW,CAAC"}

package/dist/v2/session/keystore.d.ts

@@ -0,0 +1,48 @@
+/**
+ * AUN E2EE V2: 设备密钥存储（IndexedDB 持久化）
+ *
+ * 与 Python `aun_core.v2.keystore.V2KeyStore` 行为对齐：
+ * - 每个 `(device_id)` 持有一对 IK 与若干 SPK（按 spk_id 索引）
+ * - SPK 按 created_at 排序，支持 `loadCurrentSPK` / `listRecentSPKIds(n)`
+ *
+ * 浏览器目标：所有 IO 是 async（IndexedDB 事务）。
+ */
+export declare const V2_DB_NAME = "aun_v2";
+export declare const V2_DB_VERSION = 1;
+export declare const V2_STORE_NAME = "v2_device_keys";
+export declare const V2_INDEX_BY_DEVICE_TYPE_CREATED = "by_device_type_created";
+/**
+ * V2 设备密钥持久化存储。复合主键 [device_id, key_type, key_id]。
+ *
+ * 使用 IndexedDB；在浏览器内置 indexedDB 不可用时（如 jsdom）请提前安装
+ * `fake-indexeddb/auto` 作为 polyfill（见 `tests/setup.ts`）。
+ */
+export declare class V2KeyStore {
+    private readonly db;
+    constructor(db: IDBDatabase);
+    /** 打开/创建 V2 keystore 数据库。 */
+    static open(dbName?: string): Promise<V2KeyStore>;
+    /** 关闭数据库连接（测试或释放资源时使用）。 */
+    close(): void;
+    private store;
+    saveSPK(deviceId: string, spkId: string, priv: Uint8Array, pubDer: Uint8Array): Promise<void>;
+    loadSPK(deviceId: string, spkId: string): Promise<Uint8Array | null>;
+    /** 取最新 SPK（按 created_at DESC LIMIT 1）。 */
+    loadCurrentSPK(deviceId: string): Promise<{
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    } | null>;
+    deleteSPK(deviceId: string, spkId: string): Promise<void>;
+    /** 返回最近 N 代 SPK 的 spk_id（按 created_at DESC）。 */
+    listRecentSPKIds(deviceId: string, n: number): Promise<string[]>;
+    listExpiredSPKIds(deviceId: string, maxAgeMs: number): Promise<string[]>;
+    saveIK(deviceId: string, priv: Uint8Array, pubDer: Uint8Array): Promise<void>;
+    loadIK(deviceId: string): Promise<{
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    } | null>;
+    /** 测试用：清空 store。 */
+    _clear(): Promise<void>;
+}
+//# sourceMappingURL=keystore.d.ts.map

package/dist/v2/session/keystore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystore.d.ts","sourceRoot":"","sources":["../../../src/v2/session/keystore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,UAAU,WAAW,CAAC;AACnC,eAAO,MAAM,aAAa,IAAI,CAAC;AAC/B,eAAO,MAAM,aAAa,mBAAmB,CAAC;AAC9C,eAAO,MAAM,+BAA+B,2BAA2B,CAAC;AAaxE;;;;;GAKG;AACH,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAE5C,6BAA6B;WAChB,IAAI,CAAC,MAAM,GAAE,MAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAqBnE,2BAA2B;IAC3B,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,KAAK;IAMP,OAAO,CACX,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,IAAI,CAAC;IAgBV,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAY1E,0CAA0C;IACpC,cAAc,CAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI,CAAC;IAyBpE,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D,gDAAgD;IAC1C,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAuBhE,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA0BxE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB7E,MAAM,CACV,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,IAAI,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI,CAAC;IAe3D,oBAAoB;IACd,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAO9B"}

package/dist/v2/session/keystore.js

@@ -0,0 +1,184 @@
+/**
+ * AUN E2EE V2: 设备密钥存储（IndexedDB 持久化）
+ *
+ * 与 Python `aun_core.v2.keystore.V2KeyStore` 行为对齐：
+ * - 每个 `(device_id)` 持有一对 IK 与若干 SPK（按 spk_id 索引）
+ * - SPK 按 created_at 排序，支持 `loadCurrentSPK` / `listRecentSPKIds(n)`
+ *
+ * 浏览器目标：所有 IO 是 async（IndexedDB 事务）。
+ */
+export const V2_DB_NAME = 'aun_v2';
+export const V2_DB_VERSION = 1;
+export const V2_STORE_NAME = 'v2_device_keys';
+export const V2_INDEX_BY_DEVICE_TYPE_CREATED = 'by_device_type_created';
+/**
+ * V2 设备密钥持久化存储。复合主键 [device_id, key_type, key_id]。
+ *
+ * 使用 IndexedDB；在浏览器内置 indexedDB 不可用时（如 jsdom）请提前安装
+ * `fake-indexeddb/auto` 作为 polyfill（见 `tests/setup.ts`）。
+ */
+export class V2KeyStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    /** 打开/创建 V2 keystore 数据库。 */
+    static async open(dbName = V2_DB_NAME) {
+        return new Promise((resolve, reject) => {
+            const req = indexedDB.open(dbName, V2_DB_VERSION);
+            req.onupgradeneeded = () => {
+                const db = req.result;
+                if (!db.objectStoreNames.contains(V2_STORE_NAME)) {
+                    const store = db.createObjectStore(V2_STORE_NAME, {
+                        keyPath: ['device_id', 'key_type', 'key_id'],
+                    });
+                    store.createIndex(V2_INDEX_BY_DEVICE_TYPE_CREATED, ['device_id', 'key_type', 'created_at']);
+                }
+            };
+            req.onsuccess = () => resolve(new V2KeyStore(req.result));
+            req.onerror = () => reject(req.error);
+            req.onblocked = () => reject(new Error('V2KeyStore.open: blocked'));
+        });
+    }
+    /** 关闭数据库连接（测试或释放资源时使用）。 */
+    close() {
+        this.db.close();
+    }
+    store(mode) {
+        return this.db.transaction(V2_STORE_NAME, mode).objectStore(V2_STORE_NAME);
+    }
+    // ---------- SPK ----------
+    async saveSPK(deviceId, spkId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'spk',
+            key_id: spkId,
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'spk', spkId]);
+            req.onsuccess = () => {
+                const r = req.result;
+                // 用 new Uint8Array(...) 拷贝，规避 fake-indexeddb / 跨 realm 实例对象
+                resolve(r ? new Uint8Array(r.private_key) : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 取最新 SPK（按 created_at DESC LIMIT 1）。 */
+    async loadCurrentSPK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (!cursor) {
+                    resolve(null);
+                    return;
+                }
+                const r = cursor.value;
+                resolve({
+                    spkId: r.key_id,
+                    priv: new Uint8Array(r.private_key),
+                    pubDer: new Uint8Array(r.public_key),
+                });
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async deleteSPK(deviceId, spkId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').delete([deviceId, 'spk', spkId]);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    /** 返回最近 N 代 SPK 的 spk_id（按 created_at DESC）。 */
+    async listRecentSPKIds(deviceId, n) {
+        if (n <= 0)
+            return [];
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', Infinity]);
+            const req = idx.openCursor(range, 'prev');
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor && out.length < n) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async listExpiredSPKIds(deviceId, maxAgeMs) {
+        const cutoff = Date.now() - maxAgeMs;
+        return new Promise((resolve, reject) => {
+            const idx = this.store('readonly').index(V2_INDEX_BY_DEVICE_TYPE_CREATED);
+            const range = IDBKeyRange.bound([deviceId, 'spk', -Infinity], [deviceId, 'spk', cutoff], false, true);
+            const req = idx.openCursor(range);
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor) {
+                    out.push(cursor.value.key_id);
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- IK ----------
+    async saveIK(deviceId, priv, pubDer) {
+        const record = {
+            device_id: deviceId,
+            key_type: 'ik',
+            key_id: '',
+            private_key: priv,
+            public_key: pubDer,
+            created_at: Date.now(),
+        };
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').put(record);
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async loadIK(deviceId) {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readonly').get([deviceId, 'ik', '']);
+            req.onsuccess = () => {
+                const r = req.result;
+                resolve(r ? { priv: new Uint8Array(r.private_key), pubDer: new Uint8Array(r.public_key) } : null);
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    // ---------- 测试用 ----------
+    /** 测试用：清空 store。 */
+    async _clear() {
+        return new Promise((resolve, reject) => {
+            const req = this.store('readwrite').clear();
+            req.onsuccess = () => resolve();
+            req.onerror = () => reject(req.error);
+        });
+    }
+}
+//# sourceMappingURL=keystore.js.map

package/dist/v2/session/keystore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystore.js","sourceRoot":"","sources":["../../../src/v2/session/keystore.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC;AACnC,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,MAAM,CAAC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AAC9C,MAAM,CAAC,MAAM,+BAA+B,GAAG,wBAAwB,CAAC;AAaxE;;;;;GAKG;AACH,MAAM,OAAO,UAAU;IACQ;IAA7B,YAA6B,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEhD,6BAA6B;IAC7B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAiB,UAAU;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAClD,GAAG,CAAC,eAAe,GAAG,GAAG,EAAE;gBACzB,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBACtB,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjD,MAAM,KAAK,GAAG,EAAE,CAAC,iBAAiB,CAAC,aAAa,EAAE;wBAChD,OAAO,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,CAAC;qBAC7C,CAAC,CAAC;oBACH,KAAK,CAAC,WAAW,CACf,+BAA+B,EAC/B,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CACxC,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtC,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,IAAwB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7E,CAAC;IAED,4BAA4B;IAE5B,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,KAAa,EACb,IAAgB,EAChB,MAAkB;QAElB,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,KAAa;QAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACjE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,4DAA4D;gBAC5D,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc,CAClB,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAoB,CAAC;gBACtC,OAAO,CAAC;oBACN,KAAK,EAAE,CAAC,CAAC,MAAM;oBACf,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;oBACnC,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;iBACrC,CAAC,CAAC;YACL,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,KAAa;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,CAAS;QAChD,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAC5B,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,QAAgB;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAC7B,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAC5B,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,EACzB,KAAK,EAAE,IAAI,CACZ,CAAC;YACF,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;gBAC1B,IAAI,MAAM,EAAE,CAAC;oBACX,GAAG,CAAC,IAAI,CAAE,MAAM,CAAC,KAAqB,CAAC,MAAM,CAAC,CAAC;oBAC/C,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC;YACH,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAgB,EAAE,MAAkB;QACjE,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,EAAE;YACV,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC7D,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE;gBACnB,MAAM,CAAC,GAAG,GAAG,CAAC,MAAiC,CAAC;gBAChD,OAAO,CACL,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CACzF,CAAC;YACJ,CAAC,CAAC;YACF,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAE5B,oBAAoB;IACpB,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC;YAC5C,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/v2/session/session.d.ts

@@ -0,0 +1,98 @@
+/**
+ * AUN E2EE V2 Session Manager（浏览器版，全 async）。
+ *
+ * 与 Python `aun_core.v2.session.V2Session` 行为对齐：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），由构造函数注入，不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *     contig_seq >= 该 SPK 引用的最大 seq
+ *  && now - last_seen >= 7 小时
+ *  && 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：`callFn("message.v2.put_peer_pk", ...)`
+ *
+ * 浏览器目标：所有 store 调用均 `await`，签名走 noble（确定性 ECDSA）。
+ */
+import { V2KeyStore } from './keystore';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export declare const PEER_KEY_CACHE_TTL_MS: number;
+/** SPK 销毁安全窗口（毫秒）。 */
+export declare const DESTROY_DELAY_MS: number;
+/** SPK 销毁时保留的最近代数。 */
+export declare const RECENT_GENERATIONS = 7;
+/** SPK 180 天硬上限。 */
+export declare const HARD_LIMIT_MS: number;
+/** 服务端 RPC 调用函数签名（与 Python `call_fn` 等价）。 */
+export type CallFn = (method: string, params: Record<string, unknown>) => Promise<Record<string, unknown> | unknown>;
+/** 加密所需的发送方身份。 */
+export interface SenderIdentity {
+    aid: string;
+    deviceId: string;
+    ikPriv: Uint8Array;
+    ikPubDer: Uint8Array;
+}
+/** 解密所需的私钥。 */
+export interface DecryptKeys {
+    ikPriv: Uint8Array;
+    spkPriv?: Uint8Array;
+}
+export declare class V2Session {
+    private readonly _store;
+    private readonly _deviceId;
+    private readonly _aid;
+    private readonly _ikPriv;
+    private readonly _ikPubDer;
+    private _spkId;
+    private _spkPriv?;
+    private _spkPubDer?;
+    private _registered;
+    private _peerIKCache;
+    private _verifiedSPKs;
+    private _oldSPKMaxSeq;
+    private _nowFn;
+    constructor(store: V2KeyStore, deviceId: string, aid: string, ikPriv: Uint8Array, ikPubDer: Uint8Array);
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn: () => number): void;
+    get deviceId(): string;
+    get aid(): string;
+    get currentSpkId(): string;
+    get currentIkPubDer(): Uint8Array;
+    /** 暴露 store 以便测试（与 Python 同等私有约定）。 */
+    get _storeForTest(): V2KeyStore;
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    ensureKeys(): Promise<void>;
+    private _generateNewSPK;
+    /** SPK 由 AID 私钥（IK）签名背书并上报到 message.v2.put_peer_pk。 */
+    private _registerSPK;
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。幂等。 */
+    ensureRegistered(callFn: CallFn): Promise<void>;
+    /** 返回加密所需的 sender 结构。 */
+    getSenderIdentity(): Promise<SenderIdentity>;
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能 undefined = 已销毁）
+     */
+    getDecryptKeys(spkId: string | null | undefined): Promise<DecryptKeys>;
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId: string | null | undefined): boolean;
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId: string, seq: number): void;
+    /**
+     * contig_seq 已覆盖、超过 7h 安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq
+     * - 自最后一次见到该 spk_id 引用 >= 7 小时
+     * - 不在最近 7 代 SPK 保留窗口内
+     */
+    maybeDestroyOldSPKs(contigSeq: number): Promise<string[]>;
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    rotateSPK(callFn: CallFn): Promise<void>;
+    cachePeerIK(peerAid: string, deviceId: string, ikPubDer: Uint8Array): void;
+    getPeerIK(peerAid: string, deviceId: string): Uint8Array | null;
+    isPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): boolean;
+    markPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): void;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/v2/session/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/v2/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,0BAA0B;AAC1B,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AACpD,sBAAsB;AACtB,eAAO,MAAM,gBAAgB,QAAqB,CAAC;AACnD,sBAAsB;AACtB,eAAO,MAAM,kBAAkB,IAAI,CAAC;AACpC,oBAAoB;AACpB,eAAO,MAAM,aAAa,QAA4B,CAAC;AAEvD,6CAA6C;AAC7C,MAAM,MAAM,MAAM,GAAG,CACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAEhD,kBAAkB;AAClB,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,eAAe;AACf,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB;AA4BD,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAa;IAEvC,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,QAAQ,CAAC,CAAa;IAC9B,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO,CAAC,YAAY,CAA+D;IACnF,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,aAAa,CAA0D;IAC/E,OAAO,CAAC,MAAM,CAAkC;gBAG9C,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,UAAU;IAYtB,kBAAkB;IAClB,SAAS,CAAC,EAAE,EAAE,MAAM,MAAM,GAAG,IAAI;IAIjC,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,GAAG,IAAI,MAAM,CAEhB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,eAAe,IAAI,UAAU,CAEhC;IAED,sCAAsC;IACtC,IAAI,aAAa,IAAI,UAAU,CAE9B;IAED,mCAAmC;IAC7B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;YAYnB,eAAe;IAU7B,uDAAuD;YACzC,YAAY;IAmB1B,4CAA4C;IACtC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOrD,yBAAyB;IACnB,iBAAiB,IAAI,OAAO,CAAC,cAAc,CAAC;IAUlD;;;;;OAKG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IAS5E,6BAA6B;IAC7B,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO;IAIvD,mCAAmC;IACnC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IASnD;;;;;;;OAOG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA2C/D,6CAA6C;IACvC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,IAAI;IAO1E,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAW/D,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAG5E"}

package/dist/v2/session/session.js

@@ -0,0 +1,270 @@
+/**
+ * AUN E2EE V2 Session Manager（浏览器版，全 async）。
+ *
+ * 与 Python `aun_core.v2.session.V2Session` 行为对齐：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），由构造函数注入，不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *     contig_seq >= 该 SPK 引用的最大 seq
+ *  && now - last_seen >= 7 小时
+ *  && 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：`callFn("message.v2.put_peer_pk", ...)`
+ *
+ * 浏览器目标：所有 store 调用均 `await`，签名走 noble（确定性 ECDSA）。
+ */
+import { generateP256Keypair, ecdsaSignRaw } from '../crypto/index';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export const PEER_KEY_CACHE_TTL_MS = 60 * 60 * 1000; // 1h
+/** SPK 销毁安全窗口（毫秒）。 */
+export const DESTROY_DELAY_MS = 7 * 60 * 60 * 1000; // 7h
+/** SPK 销毁时保留的最近代数。 */
+export const RECENT_GENERATIONS = 7;
+/** SPK 180 天硬上限。 */
+export const HARD_LIMIT_MS = 180 * 24 * 60 * 60 * 1000;
+async function sha256Hex(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    const arr = new Uint8Array(buf);
+    let hex = '';
+    for (let i = 0; i < arr.length; i++)
+        hex += arr[i].toString(16).padStart(2, '0');
+    return hex;
+}
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+function concatBytes(...parts) {
+    let total = 0;
+    for (const p of parts)
+        total += p.length;
+    const out = new Uint8Array(total);
+    let offset = 0;
+    for (const p of parts) {
+        out.set(p, offset);
+        offset += p.length;
+    }
+    return out;
+}
+export class V2Session {
+    _store;
+    _deviceId;
+    _aid;
+    _ikPriv;
+    _ikPubDer;
+    _spkId = '';
+    _spkPriv;
+    _spkPubDer;
+    _registered = false;
+    _peerIKCache = new Map();
+    _verifiedSPKs = new Set();
+    _oldSPKMaxSeq = new Map();
+    _nowFn = () => Date.now();
+    constructor(store, deviceId, aid, ikPriv, ikPubDer) {
+        if (!ikPriv || !ikPubDer) {
+            throw new Error('V2Session requires AID priv/pub keys (IK = AID identity)');
+        }
+        this._store = store;
+        this._deviceId = deviceId;
+        this._aid = aid;
+        this._ikPriv = ikPriv;
+        this._ikPubDer = ikPubDer;
+    }
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn) {
+        this._nowFn = fn;
+    }
+    get deviceId() {
+        return this._deviceId;
+    }
+    get aid() {
+        return this._aid;
+    }
+    get currentSpkId() {
+        return this._spkId;
+    }
+    get currentIkPubDer() {
+        return this._ikPubDer;
+    }
+    /** 暴露 store 以便测试（与 Python 同等私有约定）。 */
+    get _storeForTest() {
+        return this._store;
+    }
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    async ensureKeys() {
+        if (this._spkPriv)
+            return;
+        const cur = await this._store.loadCurrentSPK(this._deviceId);
+        if (cur) {
+            this._spkId = cur.spkId;
+            this._spkPriv = cur.priv;
+            this._spkPubDer = cur.pubDer;
+            return;
+        }
+        await this._generateNewSPK();
+    }
+    async _generateNewSPK() {
+        const [priv, pubDer] = await generateP256Keypair();
+        const hex = await sha256Hex(pubDer);
+        const spkId = `sha256:${hex.substring(0, 16)}`;
+        await this._store.saveSPK(this._deviceId, spkId, priv, pubDer);
+        this._spkId = spkId;
+        this._spkPriv = priv;
+        this._spkPubDer = pubDer;
+    }
+    /** SPK 由 AID 私钥（IK）签名背书并上报到 message.v2.put_peer_pk。 */
+    async _registerSPK(callFn) {
+        const spkTimestamp = Math.floor(this._nowFn() / 1000);
+        const enc = new TextEncoder();
+        const signData = concatBytes(this._spkPubDer, enc.encode(this._spkId), enc.encode(String(spkTimestamp)));
+        const signature = await ecdsaSignRaw(this._ikPriv, signData);
+        await callFn('message.v2.put_peer_pk', {
+            peer_aid: this._aid,
+            key_source: 'peer_device_prekey',
+            spk_id: this._spkId,
+            spk_pk: bytesToBase64(this._spkPubDer),
+            spk_signature: bytesToBase64(signature),
+            spk_timestamp: spkTimestamp,
+        });
+    }
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。幂等。 */
+    async ensureRegistered(callFn) {
+        if (this._registered)
+            return;
+        await this.ensureKeys();
+        await this._registerSPK(callFn);
+        this._registered = true;
+    }
+    /** 返回加密所需的 sender 结构。 */
+    async getSenderIdentity() {
+        await this.ensureKeys();
+        return {
+            aid: this._aid,
+            deviceId: this._deviceId,
+            ikPriv: this._ikPriv,
+            ikPubDer: this._ikPubDer,
+        };
+    }
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能 undefined = 已销毁）
+     */
+    async getDecryptKeys(spkId) {
+        await this.ensureKeys();
+        if (!spkId)
+            return { ikPriv: this._ikPriv };
+        if (spkId === this._spkId)
+            return { ikPriv: this._ikPriv, spkPriv: this._spkPriv };
+        const oldSPK = await this._store.loadSPK(this._deviceId, spkId);
+        if (!oldSPK)
+            return { ikPriv: this._ikPriv };
+        return { ikPriv: this._ikPriv, spkPriv: oldSPK };
+    }
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId) {
+        return Boolean(spkId) && spkId === this._spkId;
+    }
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId, seq) {
+        if (!spkId || spkId === this._spkId)
+            return;
+        const cur = this._oldSPKMaxSeq.get(spkId);
+        const curSeq = cur ? cur.seq : 0;
+        if (seq > curSeq) {
+            this._oldSPKMaxSeq.set(spkId, { seq, lastSeenAt: this._nowFn() });
+        }
+    }
+    /**
+     * contig_seq 已覆盖、超过 7h 安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq
+     * - 自最后一次见到该 spk_id 引用 >= 7 小时
+     * - 不在最近 7 代 SPK 保留窗口内
+     */
+    async maybeDestroyOldSPKs(contigSeq) {
+        const destroyed = [];
+        const now = this._nowFn();
+        let recentKeep;
+        try {
+            recentKeep = new Set(await this._store.listRecentSPKIds(this._deviceId, RECENT_GENERATIONS));
+        }
+        catch {
+            // 列表失败时退化为空集，保持销毁行为可继续推进
+            recentKeep = new Set();
+        }
+        for (const [spkId, info] of Array.from(this._oldSPKMaxSeq.entries())) {
+            if (spkId === this._spkId)
+                continue;
+            if (contigSeq < info.seq)
+                continue;
+            if (now - info.lastSeenAt < DESTROY_DELAY_MS)
+                continue;
+            if (recentKeep.has(spkId))
+                continue;
+            try {
+                await this._store.deleteSPK(this._deviceId, spkId);
+            }
+            catch (err) {
+                // 销毁失败时记录到控制台并跳过本轮，下次再重试
+                // eslint-disable-next-line no-console
+                console.warn('[V2Session] deleteSPK failed', { spkId, err });
+                continue;
+            }
+            this._oldSPKMaxSeq.delete(spkId);
+            destroyed.push(spkId);
+        }
+        // 180 天硬上限：无论是否被引用，超龄 SPK 强制销毁
+        try {
+            const expired = await this._store.listExpiredSPKIds(this._deviceId, HARD_LIMIT_MS);
+            for (const spkId of expired) {
+                if (spkId === this._spkId)
+                    continue;
+                try {
+                    await this._store.deleteSPK(this._deviceId, spkId);
+                }
+                catch {
+                    continue;
+                }
+                this._oldSPKMaxSeq.delete(spkId);
+                if (!destroyed.includes(spkId))
+                    destroyed.push(spkId);
+            }
+        }
+        catch { /* ignore */ }
+        return destroyed;
+    }
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    async rotateSPK(callFn) {
+        await this._generateNewSPK();
+        await this._registerSPK(callFn);
+    }
+    cachePeerIK(peerAid, deviceId, ikPubDer) {
+        this._peerIKCache.set(`${peerAid}#${deviceId}`, {
+            pubDer: ikPubDer,
+            cachedAt: this._nowFn(),
+        });
+    }
+    getPeerIK(peerAid, deviceId) {
+        const key = `${peerAid}#${deviceId}`;
+        const entry = this._peerIKCache.get(key);
+        if (!entry)
+            return null;
+        if (this._nowFn() - entry.cachedAt >= PEER_KEY_CACHE_TTL_MS) {
+            this._peerIKCache.delete(key);
+            return null;
+        }
+        return entry.pubDer;
+    }
+    isPeerSPKVerified(peerAid, deviceId, spkId) {
+        return this._verifiedSPKs.has(`${peerAid}#${deviceId}#${spkId}`);
+    }
+    markPeerSPKVerified(peerAid, deviceId, spkId) {
+        this._verifiedSPKs.add(`${peerAid}#${deviceId}#${spkId}`);
+    }
+}
+//# sourceMappingURL=session.js.map