npm - @agentunion/fastaun-browser - Versions diffs - 0.4.2 → 0.4.4 - Mend

@agentunion/fastaun-browser 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/_packed_docs/sdk/09-payload-reference.md CHANGED Viewed

@@ -2,7 +2,7 @@
 `message.send.params.payload`、`message.thought.put.params.payload`、`group.send.params.payload` 和 `group.thought.put.params.payload` 使用同一套业务负载约定。`payload` 是应用层 JSON 对象，服务端只做大小、JSON 可序列化、信封/封装类型和加密相关的必要检查；业务字段由发送端和接收端协商，服务端不按本文字段做强制校验。
-示例展示的是 `payload` 片段：P2P 完整请求仍需要在同级传入 `to`；群消息完整请求仍需要在同级传入 `group_id`；思考内容需要在顶层通过 `context.type + context.id` 指定 selector。文本、图片、文件、思考内容等业务消息类型只能放在 `payload.type`；`message.send.params.type` / `message.thought.put.params.type` / `group.send.params.type` / `group.thought.put.params.type` 是信封或封装类型，例如 SDK 加密发送时自动填充的 `e2ee.encrypted` / `e2ee.group_encrypted`。
+示例展示的是 `payload` 片段：P2P 完整请求仍需要在同级传入 `to`；群消息完整请求仍需要在同级传入 `group_id`；思考内容需要在顶层通过 `context.type + context.id` 指定 selector。文本、图片、文件、思考内容等业务消息类型只能放在 `payload.type`；`message.send.params.type` / `message.thought.put.params.type` / `group.send.params.type` / `group.thought.put.params.type` 是信封或封装类型，例如 SDK 加密发送时自动填充的 `e2ee.encrypted` / `e2ee.group_encrypted`。
 ## 类型总览
@@ -10,7 +10,7 @@
 |----------|------|----------|
 | `text` | 纯文本或 Markdown 文本 | 普通对话、任务说明、通知正文 |
 | `quote` | 带引用摘要的回复 | 回复某条消息、保留上下文 |
-| `thought` | 思考过程片段 | Agent 针对某个 P2P 或群上下文的非广播思考内容 |
+| `thought` | 思考过程片段 | Agent 针对某个 P2P 或群上下文的非广播思考内容 |
 | `voice` | 语音文件引用及转写信息 | 语音消息、语音备忘 |
 | `image` | 图片对象引用及展示信息 | 截图、流程图、图片分享 |
 | `video` | 视频对象引用及封面信息 | 录屏、演示视频 |
@@ -38,19 +38,19 @@
 | 字段 | 所在位置 | 说明 |
 |------|----------|------|
 | `to` | `message.send.params` | P2P 接收方 AID |
-| `group_id` | `group.send.params` 和群消息信封 | 群组 ID |
-| `context.type + context.id` | `message.thought.put/get.params` 和 `group.thought.put/get.params` | 思考内容 selector；必填，不要只放在 payload 内 |
-| `protected_headers` / `headers` | `message.send` / `message.thought.put` / `group.send` / `group.thought.put` 参数 | E2EE 信封元数据，类似 HTTP headers；SDK 验 `_auth` 后在 `e2ee.protected_headers` 暴露 |
-| `from` / `sender_aid` | 服务端生成的消息信封 | 发送方身份 |
+| `group_id` | `group.send.params` 和群消息信封 | 群组 ID |
+| `context.type + context.id` | `message.thought.put/get.params` 和 `group.thought.put/get.params` | 思考内容 selector；必填，不要只放在 payload 内 |
+| `protected_headers` / `headers` | `message.send` / `message.thought.put` / `group.send` / `group.thought.put` 参数 | E2EE 信封元数据，类似 HTTP headers；SDK 验 `_auth` 后在 `e2ee.protected_headers` 暴露 |
+| `from` / `sender_aid` | 服务端生成的消息信封 | 发送方身份 |
 | `message_id` / `seq` / `timestamp` / `created_at` | 服务端生成或发送参数 | 当前消息 ID、序号和服务端时间 |
 | `encrypted` / `delivery_mode` | 发送参数或连接上下文 | 加密和 P2P 投递语义 |
 | `dispatch_mode` | 群消息信封和 SDK 注入的群消息 payload | 群消息应用层分发模式标签：`broadcast` / `mention`；由群设置决定，不作为 `group.send` 单次入参 |
 | `type` / `message_type` | 发送参数或消息信封 | 信封/封装类型，如 `e2ee.encrypted` / `e2ee.group_encrypted` |
-| `dispatch` / `duty_state` / `message_dispatch` | `group.send` 响应和群消息事件 | 群消息运行时分发状态和值班分发结果 |
-`protected_headers` 用于可见但需防篡改的信封元数据，例如 `device_id`、`slot_id`、`sdk_version`。它不属于业务 payload，也不提供机密性；需要端到端保密的上下文仍应放在 `payload.client_context` 或其他 payload 字段内。
-## 公共辅助字段
+| `dispatch` / `duty_state` / `message_dispatch` | `group.send` 响应和群消息事件 | 群消息运行时分发状态和值班分发结果 |
+`protected_headers` 用于可见但需防篡改的信封元数据，例如 `device_id`、`slot_id`、`sdk_version`。它不属于业务 payload，也不提供机密性；需要端到端保密的上下文仍应放在 `payload.client_context` 或其他 payload 字段内。
+## 公共辅助字段
 以下字段可出现在多数 payload 中；如无需要，不必携带。
@@ -128,7 +128,7 @@
 ### `thought`：思考内容
-`thought` 用于 Agent 暴露针对某个 P2P 或群上下文的思考过程片段。它只应通过 `message.thought.put` 或 `group.thought.put` 发送，不作为普通 `message.send` / `group.send` 消息广播；有兴趣的客户端通过对应的 `*.thought.get` 主动读取。
+`thought` 用于 Agent 暴露针对某个 P2P 或群上下文的思考过程片段。它只应通过 `message.thought.put` 或 `group.thought.put` 发送，不作为普通 `message.send` / `group.send` 消息广播；有兴趣的客户端通过对应的 `*.thought.get` 主动读取。
 | 字段 | 类型 | 必填 | 说明 |
 |------|------|:----:|------|
@@ -146,7 +146,7 @@
 }
 ```
-`message.thought.put` / `group.thought.put` 的顶层 selector 用于定位 thought head，只使用 `context.type + context.id`。`payload` 内如需展示引用摘要，可另行携带 `quote` 或 `client_context`，但不能替代顶层 selector。
+`message.thought.put` / `group.thought.put` 的顶层 selector 用于定位 thought head，只使用 `context.type + context.id`。`payload` 内如需展示引用摘要，可另行携带 `quote` 或 `client_context`，但不能替代顶层 selector。
 ### `voice`：语音消息

package/_packed_docs/sdk/E2EE_V2/346/266/210/346/201/257/351/200/232/344/277/241/346/227/266/345/272/217/345/233/276.md CHANGED Viewed

@@ -1,171 +1,171 @@
-# E2EE V2 消息通信时序图
-本文只描述当前 V2-only 链路下的主要时序：P2P/GROUP 明文消息、P2P/GROUP 加密消息，以及 V2 设备密钥注册前置流程。不包含 V1 E2EE、旧 group epoch secret 分发、thought 内容读写。
-## 范围约定
-- SDK 默认 `message.send` / `group.send` 为 `encrypt=true`，由 SDK 本地构造 V2 加密 envelope。
-- 显式 `encrypt=false` 时走明文发送；V2 SDK 接收端仍通过 `message.v2.pull` / `group.v2.pull` 合并拉取明文历史行。
-- P2P 加密 envelope 类型为 `e2ee.p2p_encrypted`，通过 `message.send` 提交，服务端按 V2 分流处理。
-- GROUP 加密 envelope 类型为 `e2ee.group_encrypted`，通过 `group.v2.send` 提交。
-- 服务端只做认证、路由、结构校验、密文存储和事件通知，不持有明文 payload，也不执行端到端解密。
-## V2 设备密钥注册
-```mermaid
-sequenceDiagram
-    participant SDK as 接收方 SDK
-    participant Message as message 服务
-    participant Group as group 服务
-    participant CA as CA/Auth
-    SDK->>SDK: 初始化 V2Session<br/>IK=AID 长期密钥，生成或加载 P2P SPK
-    SDK->>Message: message.v2.put_peer_pk<br/>peer_device_prekey + SPK 签名
-    Message->>CA: ca.get_cert / 校验 AID 公钥
-    Message-->>SDK: ok
-    opt 已加入某个群
-        SDK->>SDK: ensure_group_spk(group_id)
-        SDK->>Group: group.v2.put_group_pk<br/>group_device_prekey + SPK 签名
-        Group->>CA: ca.get_cert / 校验 AID 公钥
-        Group-->>SDK: ok
-    end
-```
-## P2P 明文消息
-```mermaid
-sequenceDiagram
-    participant A as Sender SDK
-    participant M as message 服务
-    participant G as gateway
-    participant B as Receiver SDK
-    A->>M: message.send<br/>encrypt=false, payload=明文
-    alt 目标跨域
-        M->>G: gateway.forward_federation<br/>namespace=message, method=send
-        G->>M: 转发到目标域 message 服务
-    end
-    M->>M: 按接收方 device 分配 seq<br/>写普通消息存储
-    M->>G: dispatch_event(message.received)
-    G-->>B: event/message.received 或通知
-    B->>M: message.v2.pull(after_seq, limit)
-    M-->>B: messages[]<br/>明文行 version=v1 / legacy_v1
-    B->>B: 直接发布 message.received<br/>不做 E2EE 解密
-    B->>M: message.v2.ack(up_to_seq)
-```
-## P2P 加密消息
-```mermaid
-sequenceDiagram
-    participant A as Sender SDK
-    participant M as message 服务
-    participant G as gateway
-    participant B as Receiver SDK
-    A->>M: message.v2.bootstrap(peer_aid=B)
-    M-->>A: B active devices<br/>IK + peer_device_prekey SPK<br/>self_devices + audit_recipients
-    A->>A: 构造 recipients<br/>peer + self_sync + audit
-    A->>A: 生成 master_key / msg_nonce / sender_session_key
-    A->>A: 3DH/1DH wrap master_key<br/>AES-GCM 加密 payload<br/>ECDSA 签名 ct+tag+AAD+recipients_digest
-    A->>M: message.send<br/>payload.type=e2ee.p2p_encrypted, version=v2, encrypt=false
-    alt 目标跨域
-        M->>G: gateway.forward_federation<br/>namespace=message, method=send
-        G->>M: 转发到目标域 message 服务
-    end
-    M->>M: 校验 AAD/from/to/device、t_send、recipients_digest、audit wrap
-    M->>M: 写 v2_peer_messages 共享密文体
-    M->>M: 按 device 写 v2_peer_wraps<br/>seq per owner_aid + device_id
-    M->>G: dispatch_event(peer.v2.message_received)<br/>只含 seq/message_id/device_id
-    G-->>B: peer.v2.message_received
-    B->>M: message.v2.pull(after_seq, limit)
-    M-->>B: per-device envelope_json<br/>recipient wrap + merkle_proof
-    B->>B: 验 sender_signature / recipients proof
-    B->>B: 用本地 IK/SPK 解 wrap_key -> master_key
-    B->>B: AES-GCM 解密 payload
-    B-->>B: 发布 message.received
-    B->>M: message.v2.ack(up_to_seq)
-    B->>B: 若消费当前 SPK，异步 rotate_spk()
-```
-## GROUP 明文消息
-```mermaid
-sequenceDiagram
-    participant A as Sender SDK
-    participant Group as group 服务
-    participant G as gateway
-    participant B as Member SDK
-    A->>Group: group.send<br/>encrypt=false, payload=明文
-    Group->>Group: 校验成员/禁言/消息类型/epoch 边界
-    Group->>Group: 写 group_messages + group_events<br/>递增 group.message_seq / event_seq
-    Group->>G: dispatch_event(group.message_created)<br/>member_aids / dispatch 信息
-    G-->>B: group.message_created 通知
-    B->>Group: group.v2.pull(group_id, after_seq, limit)
-    Group->>Group: 合并普通明文 group_messages
-    Group-->>B: messages[]<br/>明文行 version=v1 + payload
-    B->>B: 直接发布 group.message_created
-    B->>Group: group.v2.ack(group_id, up_to_seq)
-```
-## GROUP 加密消息
-```mermaid
-sequenceDiagram
-    participant A as Sender SDK
-    participant Group as group 服务
-    participant Msg as message 服务
-    participant G as gateway
-    participant B as Member SDK
-    A->>Group: group.v2.bootstrap(group_id)
-    Group->>Group: 校验成员资格，读取 epoch/state_chain
-    Group->>Group: 读取 v2_group_devices<br/>group_device_prekey
-    Group->>Msg: message.v2.group_bootstrap(member_aids)
-    Msg-->>Group: fallback P2P device prekeys + audit_recipients
-    Group-->>A: devices + epoch + state_commitment<br/>pending/committed members + audit_recipients
-    A->>A: 校验 group state 签名 / 分叉
-    A->>A: 构造 targets<br/>member + self_sync + audit
-    A->>A: 生成 e2ee.group_encrypted envelope<br/>AAD 含 group_id/epoch/state_commitment
-    A->>Group: group.v2.send(group_id, envelope)
-    alt 群在异域
-        Group->>G: gateway.forward_federation<br/>namespace=group, method=v2.send
-        G->>Group: 转发到群归属域 group 服务
-    end
-    Group->>Group: 校验成员、e2ee_version=v2、epoch 匹配
-    Group->>Group: 校验 AAD/from/group_id/from_device/message_id
-    Group->>Group: 校验 recipients 排序、digest、audit wrap
-    Group->>Group: 写 v2_group_messages 共享密文体
-    Group->>Group: 按 recipient 写 v2_group_wraps
-    Group->>G: dispatch_event(group.v2.message_created)<br/>seq/message_id/sender/member_aids
-    G-->>B: group.v2.message_created 通知
-    B->>Group: group.v2.pull(group_id, after_seq, limit)
-    Group-->>B: per-device envelope_json<br/>recipient wrap + merkle_proof
-    B->>B: 选择 group_id 对应 group SPK<br/>fallback 到 P2P SPK 仅兼容旧 wrap
-    B->>B: 验签 / 验 proof / 解 wrap / 解密 payload
-    B-->>B: 发布 group.message_created
-    B->>Group: group.v2.ack(group_id, up_to_seq)
-    B->>B: 若消费 group_device_prekey，异步 rotate_group_spk()
-```
-## 核心差异
-| 场景 | 发送入口 | 服务端存储 | 接收入口 | 解密位置 |
-|------|----------|------------|----------|----------|
-| P2P 明文 | `message.send(encrypt=false)` | 普通 device message | `message.v2.pull` 合并明文行 | 不解密 |
-| P2P 加密 | `message.send` 承载 `e2ee.p2p_encrypted` | `v2_peer_messages` + `v2_peer_wraps` | `message.v2.pull` | 接收方 SDK |
-| GROUP 明文 | `group.send(encrypt=false)` | `group_messages` + `group_events` | `group.v2.pull` 合并明文行 | 不解密 |
-| GROUP 加密 | `group.v2.send` 承载 `e2ee.group_encrypted` | `v2_group_messages` + `v2_group_wraps` | `group.v2.pull` | 接收方 SDK |
+# E2EE V2 消息通信时序图
+本文只描述当前 V2-only 链路下的主要时序：P2P/GROUP 明文消息、P2P/GROUP 加密消息，以及 V2 设备密钥注册前置流程。不包含 V1 E2EE、旧 group epoch secret 分发、thought 内容读写。
+## 范围约定
+- SDK 默认 `message.send` / `group.send` 为 `encrypt=true`，由 SDK 本地构造 V2 加密 envelope。
+- 显式 `encrypt=false` 时走明文发送；V2 SDK 接收端仍通过 `message.v2.pull` / `group.v2.pull` 合并拉取明文历史行。
+- P2P 加密 envelope 类型为 `e2ee.p2p_encrypted`，通过 `message.send` 提交，服务端按 V2 分流处理。
+- GROUP 加密 envelope 类型为 `e2ee.group_encrypted`，通过 `group.v2.send` 提交。
+- 服务端只做认证、路由、结构校验、密文存储和事件通知，不持有明文 payload，也不执行端到端解密。
+## V2 设备密钥注册
+```mermaid
+sequenceDiagram
+    participant SDK as 接收方 SDK
+    participant Message as message 服务
+    participant Group as group 服务
+    participant CA as CA/Auth
+    SDK->>SDK: 初始化 V2Session<br/>IK=AID 长期密钥，生成或加载 P2P SPK
+    SDK->>Message: message.v2.put_peer_pk<br/>peer_device_prekey + SPK 签名
+    Message->>CA: ca.get_cert / 校验 AID 公钥
+    Message-->>SDK: ok
+    opt 已加入某个群
+        SDK->>SDK: ensure_group_spk(group_id)
+        SDK->>Group: group.v2.put_group_pk<br/>group_device_prekey + SPK 签名
+        Group->>CA: ca.get_cert / 校验 AID 公钥
+        Group-->>SDK: ok
+    end
+```
+## P2P 明文消息
+```mermaid
+sequenceDiagram
+    participant A as Sender SDK
+    participant M as message 服务
+    participant G as gateway
+    participant B as Receiver SDK
+    A->>M: message.send<br/>encrypt=false, payload=明文
+    alt 目标跨域
+        M->>G: gateway.forward_federation<br/>namespace=message, method=send
+        G->>M: 转发到目标域 message 服务
+    end
+    M->>M: 按接收方 device 分配 seq<br/>写普通消息存储
+    M->>G: dispatch_event(message.received)
+    G-->>B: event/message.received 或通知
+    B->>M: message.v2.pull(after_seq, limit)
+    M-->>B: messages[]<br/>明文行 version=v1 / legacy_v1
+    B->>B: 直接发布 message.received<br/>不做 E2EE 解密
+    B->>M: message.v2.ack(up_to_seq)
+```
+## P2P 加密消息
+```mermaid
+sequenceDiagram
+    participant A as Sender SDK
+    participant M as message 服务
+    participant G as gateway
+    participant B as Receiver SDK
+    A->>M: message.v2.bootstrap(peer_aid=B)
+    M-->>A: B active devices<br/>IK + peer_device_prekey SPK<br/>self_devices + audit_recipients
+    A->>A: 构造 recipients<br/>peer + self_sync + audit
+    A->>A: 生成 master_key / msg_nonce / sender_session_key
+    A->>A: 3DH/1DH wrap master_key<br/>AES-GCM 加密 payload<br/>ECDSA 签名 ct+tag+AAD+recipients_digest
+    A->>M: message.send<br/>payload.type=e2ee.p2p_encrypted, version=v2, encrypt=false
+    alt 目标跨域
+        M->>G: gateway.forward_federation<br/>namespace=message, method=send
+        G->>M: 转发到目标域 message 服务
+    end
+    M->>M: 校验 AAD/from/to/device、t_send、recipients_digest、audit wrap
+    M->>M: 写 v2_peer_messages 共享密文体
+    M->>M: 按 device 写 v2_peer_wraps<br/>seq per owner_aid + device_id
+    M->>G: dispatch_event(peer.v2.message_received)<br/>只含 seq/message_id/device_id
+    G-->>B: peer.v2.message_received
+    B->>M: message.v2.pull(after_seq, limit)
+    M-->>B: per-device envelope_json<br/>recipient wrap + merkle_proof
+    B->>B: 验 sender_signature / recipients proof
+    B->>B: 用本地 IK/SPK 解 wrap_key -> master_key
+    B->>B: AES-GCM 解密 payload
+    B-->>B: 发布 message.received
+    B->>M: message.v2.ack(up_to_seq)
+    B->>B: 若消费当前 SPK，异步 rotate_spk()
+```
+## GROUP 明文消息
+```mermaid
+sequenceDiagram
+    participant A as Sender SDK
+    participant Group as group 服务
+    participant G as gateway
+    participant B as Member SDK
+    A->>Group: group.send<br/>encrypt=false, payload=明文
+    Group->>Group: 校验成员/禁言/消息类型/epoch 边界
+    Group->>Group: 写 group_messages + group_events<br/>递增 group.message_seq / event_seq
+    Group->>G: dispatch_event(group.message_created)<br/>member_aids / dispatch 信息
+    G-->>B: group.message_created 通知
+    B->>Group: group.v2.pull(group_id, after_seq, limit)
+    Group->>Group: 合并普通明文 group_messages
+    Group-->>B: messages[]<br/>明文行 version=v1 + payload
+    B->>B: 直接发布 group.message_created
+    B->>Group: group.v2.ack(group_id, up_to_seq)
+```
+## GROUP 加密消息
+```mermaid
+sequenceDiagram
+    participant A as Sender SDK
+    participant Group as group 服务
+    participant Msg as message 服务
+    participant G as gateway
+    participant B as Member SDK
+    A->>Group: group.v2.bootstrap(group_id)
+    Group->>Group: 校验成员资格，读取 epoch/state_chain
+    Group->>Group: 读取 v2_group_devices<br/>group_device_prekey
+    Group->>Msg: message.v2.group_bootstrap(member_aids)
+    Msg-->>Group: fallback P2P device prekeys + audit_recipients
+    Group-->>A: devices + epoch + state_commitment<br/>pending/committed members + audit_recipients
+    A->>A: 校验 group state 签名 / 分叉
+    A->>A: 构造 targets<br/>member + self_sync + audit
+    A->>A: 生成 e2ee.group_encrypted envelope<br/>AAD 含 group_id/epoch/state_commitment
+    A->>Group: group.v2.send(group_id, envelope)
+    alt 群在异域
+        Group->>G: gateway.forward_federation<br/>namespace=group, method=v2.send
+        G->>Group: 转发到群归属域 group 服务
+    end
+    Group->>Group: 校验成员、e2ee_version=v2、epoch 匹配
+    Group->>Group: 校验 AAD/from/group_id/from_device/message_id
+    Group->>Group: 校验 recipients 排序、digest、audit wrap
+    Group->>Group: 写 v2_group_messages 共享密文体
+    Group->>Group: 按 recipient 写 v2_group_wraps
+    Group->>G: dispatch_event(group.v2.message_created)<br/>seq/message_id/sender/member_aids
+    G-->>B: group.v2.message_created 通知
+    B->>Group: group.v2.pull(group_id, after_seq, limit)
+    Group-->>B: per-device envelope_json<br/>recipient wrap + merkle_proof
+    B->>B: 选择 group_id 对应 group SPK<br/>fallback 到 P2P SPK 仅兼容旧 wrap
+    B->>B: 验签 / 验 proof / 解 wrap / 解密 payload
+    B-->>B: 发布 group.message_created
+    B->>Group: group.v2.ack(group_id, up_to_seq)
+    B->>B: 若消费 group_device_prekey，异步 rotate_group_spk()
+```
+## 核心差异
+| 场景 | 发送入口 | 服务端存储 | 接收入口 | 解密位置 |
+|------|----------|------------|----------|----------|
+| P2P 明文 | `message.send(encrypt=false)` | 普通 device message | `message.v2.pull` 合并明文行 | 不解密 |
+| P2P 加密 | `message.send` 承载 `e2ee.p2p_encrypted` | `v2_peer_messages` + `v2_peer_wraps` | `message.v2.pull` | 接收方 SDK |
+| GROUP 明文 | `group.send(encrypt=false)` | `group_messages` + `group_events` | `group.v2.pull` 合并明文行 | 不解密 |
+| GROUP 加密 | `group.v2.send` 承载 `e2ee.group_encrypted` | `v2_group_messages` + `v2_group_wraps` | `group.v2.pull` | 接收方 SDK |

package/_packed_docs/sdk/README.md CHANGED Viewed

@@ -70,12 +70,12 @@ asyncio.run(main())
 | 语言 | options-only | AID + options |
 |------|--------------|---------------|
-| Python | `AUNClient(debug=True)` | `AUNClient(aid, debug=True)` |
-| TypeScript | `new AUNClient({ debug: true })` | `new AUNClient(aid, { debug: true })` |
-| JavaScript | `new AUNClient({ debug: true })` | `new AUNClient(aid, { debug: true })` |
-| Go | `aun.NewAUNClient(aun.AUNClientOptions{Debug: true})` | `aun.NewAUNClient(aid, aun.AUNClientOptions{Debug: true})` |
+| Python | `AUNClient()` | `AUNClient(aid)` |
+| TypeScript | `new AUNClient()` | `new AUNClient(aid)` |
+| JavaScript | `new AUNClient()` | `new AUNClient(aid)` |
+| Go | `aun.NewAUNClientEmpty()` | `aun.NewAUNClient(aid)` |
-`aid` 必须是 AID 对象，不是字符串。不要把 aid 放进 options，也不要使用旧的 `(config, debug)` 构造形态。
+`aid` 必须是 AIDStore.load() 返回的 AID 对象，不是字符串。debug/verify_ssl/root_ca_path 等配置由 AID 携带，不再通过构造参数传入。
 ---

package/dist/aid-store.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"aid-store.d.ts","sourceRoot":"","sources":["../src/aid-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAU/B,OAAO,EAAuB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAE/D,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,IAAI,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,GAAG,CAAC;IACT,QAAQ,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IACpG,MAAM,EAAE;QAAE,eAAe,EAAE,OAAO,CAAC;QAAC,gBAAgB,EAAE,OAAO,CAAA;KAAE,CAAC;CACjE,CAAC;AACF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;CACvD,CAAC;AACF,MAAM,MAAM,iBAAiB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC;AAC7H,MAAM,MAAM,kBAAkB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAChL,MAAM,MAAM,cAAc,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,OAAO,CAAC;IAAC,iBAAiB,EAAE,OAAO,CAAC;IAAC,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC;AACvM,MAAM,MAAM,eAAe,GAAG;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,kBAAkB,EAAE,IAAI,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC;AACnG,MAAM,MAAM,WAAW,GAAG;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,kBAAkB,EAAE,IAAI,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC;AAC/F,MAAM,MAAM,gBAAgB,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AACnE,MAAM,MAAM,UAAU,GAAG;IAAE,UAAU,EAAE,OAAO,EAAE,CAAA;CAAE,CAAC;~~AA4NnD~~,qBAAa,QAAQ;IACnB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,SAAS,CAAoB;IACrC,OAAO,CAAC,KAAK,CAAW;IACxB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,aAAa,CAA6C;gBAEtD,IAAI,EAAE;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB;~~IAqBD~~,KAAK,IAAI,IAAI;IAKP,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,CAAC,CAAC;IA8FhD,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAqBnC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAU/E,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,UAAU,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IAsB5D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAazD,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAiCxE,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAyDjF,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IA+B5D,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,SAAI,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IA+B3E,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAmCtD,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IA2CxD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAqDxC,eAAe;YA+Bf,qBAAqB;YAoBrB,kBAAkB;CASjC"}
1	+ {"version":3,"file":"aid-store.d.ts","sourceRoot":"","sources":["../src/aid-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAU/B,OAAO,EAAuB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAE/D,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,IAAI,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,GAAG,CAAC;IACT,QAAQ,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IACpG,MAAM,EAAE;QAAE,eAAe,EAAE,OAAO,CAAC;QAAC,gBAAgB,EAAE,OAAO,CAAA;KAAE,CAAC;CACjE,CAAC;AACF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;CACvD,CAAC;AACF,MAAM,MAAM,iBAAiB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC;AAC7H,MAAM,MAAM,kBAAkB,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAChL,MAAM,MAAM,cAAc,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,OAAO,CAAC;IAAC,iBAAiB,EAAE,OAAO,CAAC;IAAC,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC;AACvM,MAAM,MAAM,eAAe,GAAG;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,kBAAkB,EAAE,IAAI,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC;AACnG,MAAM,MAAM,WAAW,GAAG;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,kBAAkB,EAAE,IAAI,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC;AAC/F,MAAM,MAAM,gBAAgB,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AACnE,MAAM,MAAM,UAAU,GAAG;IAAE,UAAU,EAAE,OAAO,EAAE,CAAA;CAAE,CAAC;AAuNnD,qBAAa,QAAQ;IACnB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,SAAS,CAAoB;IACrC,OAAO,CAAC,KAAK,CAAW;IACxB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,aAAa,CAA6C;gBAEtD,IAAI,EAAE;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB;IAwBD,KAAK,IAAI,IAAI;IAKP,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,CAAC,CAAC;IA8FhD,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAqBnC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAU/E,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,UAAU,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IAsB5D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAazD,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAiCxE,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAyDjF,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IA+B5D,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,SAAI,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IA+B3E,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAmCtD,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IA2CxD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAqDxC,eAAe;YA+Bf,qBAAqB;YAoBrB,kBAAkB;CASjC"}

package/dist/aid-store.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { AuthFlow } from './auth.js';
 import { GatewayDiscovery } from './discovery.js';
 import { IdentityConflictError, ValidationError } from './errors.js';
 import { IndexedDBKeyStore } from './keystore/indexeddb.js';
-import { getDeviceId, normalizeInstanceId } from './config.js';
+import { getDeviceId, normalizeInstanceId, normalizeSlotId } from './config.js';
 import { resultErr, resultOk } from './result.js';
 // ── 证书 DER 解析工具 ────────────────────────────────────────────
 function _derReadLength(data, offset) {
@@ -228,10 +228,6 @@ function parseCertCN(certPem) {
         return null;
     }
 }
-function normalizeSlotId(slotId) {
-    const value = String(slotId ?? 'default').trim();
-    return value || 'default';
-}
 function issuerFromAid(aid) {
     const target = String(aid ?? '').trim();
     const dotIdx = target.indexOf('.');
@@ -296,7 +292,10 @@ export class AIDStore {
             ? normalizeInstanceId(opts.deviceId, 'deviceId', { allowEmpty: true })
             : getDeviceId();
         this.slotId = normalizeSlotId(opts.slotId);
-        this._verifySsl = opts.verifySsl ?? true;
+        if (opts.verifySsl === false) {
+            console.warn('[aun_core.config] verify_ssl=false 在浏览器环境中不受支持，SSL 证书验证将保持启用。');
+        }
+        this._verifySsl = opts.verifySsl === false ? true : (opts.verifySsl ?? true);
         this._keystore = new IndexedDBKeyStore({ encryptionSeed: this._encryptionSeed || undefined });
         this._crypto = new CryptoProvider();
         this._discovery = new GatewayDiscovery();