@agentunion/fastaun 0.2.13

package/dist/namespaces/auth.js

@@ -0,0 +1,248 @@
+/**
+ * Auth 命名空间
+ *
+ * 提供 auth.createAid / auth.authenticate 等高层方法，
+ * 内部通过 AUNClient 的 transport、auth、discovery 完成实际流程。
+ *
+ * 与 Python SDK 的 AuthNamespace 完全对齐。
+ */
+import { AUNError, NotFoundError, StateError, ValidationError } from '../errors.js';
+import { isJsonObject } from '../types.js';
+const AGENT_MD_HTTP_TIMEOUT_MS = 30_000;
+function agentMdHttpScheme(gatewayUrl) {
+    const raw = String(gatewayUrl ?? '').trim().toLowerCase();
+    return raw.startsWith('ws://') ? 'http' : 'https';
+}
+function agentMdAuthority(aid, discoveryPort) {
+    const host = String(aid ?? '').trim();
+    if (!host)
+        return '';
+    if (discoveryPort && !host.includes(':')) {
+        return `${host}:${discoveryPort}`;
+    }
+    return host;
+}
+async function fetchWithTimeout(input, init, timeoutMs = AGENT_MD_HTTP_TIMEOUT_MS) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        return await fetch(input, { ...init, signal: controller.signal });
+    }
+    catch (error) {
+        if (controller.signal.aborted) {
+            throw new AUNError(`agent.md request timed out after ${timeoutMs}ms`);
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export class AuthNamespace {
+    _client;
+    constructor(client) {
+        this._client = client;
+    }
+    get _internal() {
+        return this._client;
+    }
+    /**
+     * 解析 Gateway URL。
+     * 优先使用已预置的 _gatewayUrl，否则基于 AID 自动发现。
+     *
+     * 发现流程：
+     * 发现流程：
+     * 1. 若 _gatewayUrl 已预置，直接返回
+     * 2. 开发环境：先 gateway.{issuer}，再 fallback {aid}（泛域名在开发环境可能不可用）
+     * 3. 生产环境：先 {aid}（泛域名 nameservice），再 fallback gateway.{issuer}
+     */
+    async _resolveGateway(aid) {
+        // 访问内部属性
+        const client = this._internal;
+        const gatewayUrl = client._gatewayUrl;
+        if (gatewayUrl)
+            return gatewayUrl;
+        const resolvedAid = aid ?? client._aid;
+        if (resolvedAid) {
+            const parts = resolvedAid.split('.');
+            const issuerDomain = parts.length > 1 ? parts.slice(1).join('.') : resolvedAid;
+            const configModel = client._configModel;
+            const port = configModel.discoveryPort;
+            const portSuffix = port ? `:${port}` : '';
+            const aidUrl = `https://${resolvedAid}${portSuffix}/.well-known/aun-gateway`;
+            const gatewayDomainUrl = `https://gateway.${issuerDomain}${portSuffix}/.well-known/aun-gateway`;
+            const discovery = client._discovery;
+            // 开发环境：先 gateway.{issuer}（固定域名），再 fallback {aid}（泛域名）
+            // 生产环境：先 {aid}（泛域名），再 fallback gateway.{issuer}
+            const [primaryUrl, fallbackUrl] = configModel.verifySsl
+                ? [aidUrl, gatewayDomainUrl]
+                : [gatewayDomainUrl, aidUrl];
+            try {
+                return await discovery.discover(primaryUrl);
+            }
+            catch {
+                // 主路径失败，尝试 fallback
+            }
+            return await discovery.discover(fallbackUrl);
+        }
+        throw new ValidationError("unable to resolve gateway: set client._gatewayUrl or provide 'aid' for auto-discovery");
+    }
+    /** 创建新 AID */
+    async createAid(params) {
+        const aid = String(params?.aid ?? '');
+        if (!aid)
+            throw new Error("auth.create_aid requires 'aid'");
+        const client = this._internal;
+        const gatewayUrl = await this._resolveGateway(aid);
+        client._gatewayUrl = gatewayUrl;
+        const auth = client._auth;
+        const result = await auth.createAid(gatewayUrl, aid);
+        client._aid = result.aid ?? null;
+        client._identity = auth.loadIdentityOrNone(String(result.aid));
+        return {
+            aid: result.aid,
+            cert_pem: result.cert,
+            gateway: gatewayUrl,
+        };
+    }
+    /** 认证（登录） */
+    async authenticate(params) {
+        const request = { ...(params ?? {}) };
+        const aid = request.aid;
+        const client = this._internal;
+        const gatewayUrl = await this._resolveGateway(aid);
+        client._gatewayUrl = gatewayUrl;
+        const auth = client._auth;
+        const result = await auth.authenticate(gatewayUrl, { aid });
+        client._aid = result.aid ?? null;
+        client._identity = auth.loadIdentityOrNone(String(result.aid));
+        return result;
+    }
+    async _resolveAgentMdUrl(aid) {
+        const resolvedAid = String(aid ?? '').trim();
+        if (!resolvedAid) {
+            throw new ValidationError('agent.md requires non-empty aid');
+        }
+        const client = this._internal;
+        let gatewayUrl = client._gatewayUrl ?? '';
+        if (!gatewayUrl) {
+            try {
+                gatewayUrl = await this._resolveGateway(resolvedAid);
+            }
+            catch {
+                gatewayUrl = '';
+            }
+        }
+        const configModel = client._configModel;
+        const discoveryPort = configModel.discoveryPort;
+        const authority = agentMdAuthority(resolvedAid, discoveryPort);
+        return `${agentMdHttpScheme(gatewayUrl)}://${authority}/agent.md`;
+    }
+    async _ensureAgentMdUploadToken(aid, gatewayUrl) {
+        const auth = this._internal._auth;
+        let identity = auth.loadIdentityOrNone(aid);
+        if (!identity) {
+            throw new StateError('no local identity found, call auth.createAid() first');
+        }
+        const cachedToken = String(identity.access_token ?? '');
+        const expiresAt = auth.getAccessTokenExpiry ? auth.getAccessTokenExpiry(identity) : null;
+        if (cachedToken && (expiresAt === null || expiresAt > Date.now() / 1000 + 30)) {
+            return cachedToken;
+        }
+        if (typeof auth.refreshCachedTokens === 'function' && identity.refresh_token) {
+            try {
+                identity = await auth.refreshCachedTokens(gatewayUrl, identity);
+                const refreshedToken = String(identity.access_token ?? '');
+                const refreshedExpiry = auth.getAccessTokenExpiry ? auth.getAccessTokenExpiry(identity) : null;
+                if (refreshedToken && (refreshedExpiry === null || refreshedExpiry > Date.now() / 1000 + 30)) {
+                    return refreshedToken;
+                }
+            }
+            catch {
+                // refresh 失败时回退到完整 authenticate
+            }
+        }
+        const result = await this.authenticate({ aid });
+        const token = String(result.access_token ?? '');
+        if (!token) {
+            throw new StateError('authenticate did not return access_token');
+        }
+        return token;
+    }
+    async uploadAgentMd(content) {
+        const client = this._internal;
+        const auth = client._auth;
+        const identity = auth.loadIdentityOrNone(client._aid ?? undefined);
+        if (!identity) {
+            throw new StateError('no local identity found, call auth.createAid() first');
+        }
+        const aid = String(identity.aid ?? client._aid ?? '').trim();
+        if (!aid) {
+            throw new StateError('no local identity found, call auth.createAid() first');
+        }
+        const gatewayUrl = await this._resolveGateway(aid);
+        client._gatewayUrl = gatewayUrl;
+        const token = await this._ensureAgentMdUploadToken(aid, gatewayUrl);
+        const response = await fetchWithTimeout(await this._resolveAgentMdUrl(aid), {
+            method: 'PUT',
+            headers: {
+                Authorization: `Bearer ${token}`,
+                'Content-Type': 'text/markdown; charset=utf-8',
+            },
+            body: content,
+        });
+        if (response.status === 404) {
+            throw new NotFoundError(`agent.md endpoint not found for aid: ${aid}`);
+        }
+        if (!response.ok) {
+            const message = (await response.text()).trim();
+            throw new AUNError(`upload agent.md failed: HTTP ${response.status}${message ? ` - ${message}` : ''}`);
+        }
+        const payload = await response.json();
+        if (!isJsonObject(payload)) {
+            throw new AUNError('upload agent.md returned invalid JSON payload');
+        }
+        return payload;
+    }
+    async downloadAgentMd(aid) {
+        const targetAid = String(aid ?? '').trim();
+        if (!targetAid) {
+            throw new ValidationError('downloadAgentMd requires non-empty aid');
+        }
+        const response = await fetchWithTimeout(await this._resolveAgentMdUrl(targetAid), {
+            method: 'GET',
+            headers: {
+                Accept: 'text/markdown',
+            },
+        });
+        if (response.status === 404) {
+            throw new NotFoundError(`agent.md not found for aid: ${targetAid}`);
+        }
+        if (!response.ok) {
+            const message = (await response.text()).trim();
+            throw new AUNError(`download agent.md failed: HTTP ${response.status}${message ? ` - ${message}` : ''}`);
+        }
+        return await response.text();
+    }
+    /** 下载证书 */
+    async downloadCert(params) {
+        return await this._client.call('auth.download_cert', params ?? {});
+    }
+    /** 请求签发证书 */
+    async requestCert(params) {
+        return await this._client.call('auth.request_cert', params);
+    }
+    /** 续期证书 */
+    async renewCert(params) {
+        return await this._client.call('auth.renew_cert', params ?? {});
+    }
+    /** 密钥轮换 */
+    async rekey(params) {
+        return await this._client.call('auth.rekey', params ?? {});
+    }
+    /** 获取信任根证书列表 */
+    async trustRoots(params) {
+        return await this._client.call('meta.trust_roots', params ?? {});
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/namespaces/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/namespaces/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGpF,OAAO,EAAE,YAAY,EAAwF,MAAM,aAAa,CAAC;AAEjI,MAAM,wBAAwB,GAAG,MAAM,CAAC;AA0BxC,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1D,OAAO,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;AACpD,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,aAAwC;IAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,IAAI,aAAa,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,GAAG,IAAI,IAAI,aAAa,EAAE,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,KAAa,EACb,IAAiB,EACjB,YAAoB,wBAAwB;IAE5C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,QAAQ,CAAC,oCAAoC,SAAS,IAAI,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,OAAO,aAAa;IAChB,OAAO,CAAY;IAE3B,YAAY,MAAiB;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,OAA8B,CAAC;IAC7C,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CAAC,GAAY;QAChC,SAAS;QACT,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,UAAU;YAAE,OAAO,UAAU,CAAC;QAElC,MAAM,WAAW,GAAG,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC;QACvC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YAE/E,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;YACxC,MAAM,IAAI,GAAG,WAAW,CAAC,aAAa,CAAC;YACvC,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAE1C,MAAM,MAAM,GAAG,WAAW,WAAW,GAAG,UAAU,0BAA0B,CAAC;YAC7E,MAAM,gBAAgB,GAAG,mBAAmB,YAAY,GAAG,UAAU,0BAA0B,CAAC;YAChG,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;YAEpC,sDAAsD;YACtD,gDAAgD;YAChD,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC,SAAS;gBACrD,CAAC,CAAC,CAAC,MAAM,EAAE,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;YAE/B,IAAI,CAAC;gBACH,OAAO,MAAM,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC9C,CAAC;YAAC,MAAM,CAAC;gBACP,oBAAoB;YACtB,CAAC;YAED,OAAO,MAAM,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,eAAe,CACvB,uFAAuF,CACxF,CAAC;IACJ,CAAC;IAED,cAAc;IACd,KAAK,CAAC,SAAS,CAAC,MAAiB;QAC/B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAE5D,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC;QAEhC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC;QACjC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAE/D,OAAO;YACL,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,QAAQ,EAAE,MAAM,CAAC,IAAI;YACrB,OAAO,EAAE,UAAU;SACpB,CAAC;IACJ,CAAC;IAED,aAAa;IACb,KAAK,CAAC,YAAY,CAAC,MAAkB;QACnC,MAAM,OAAO,GAAG,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAyB,CAAC;QAE9C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC;QAEhC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC;QACjC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAE/D,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAW;QAC1C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,eAAe,CAAC,iCAAiC,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,IAAI,UAAU,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,GAAG,EAAE,CAAC;YAClB,CAAC;QACH,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC;QAChD,MAAM,SAAS,GAAG,gBAAgB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/D,OAAO,GAAG,iBAAiB,CAAC,UAAU,CAAC,MAAM,SAAS,WAAW,CAAC;IACpE,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,GAAW,EAAE,UAAkB;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAElC,IAAI,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,UAAU,CAAC,sDAAsD,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACzF,IAAI,WAAW,IAAI,CAAC,SAAS,KAAK,IAAI,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;YAC9E,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,mBAAmB,KAAK,UAAU,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC7E,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBAChE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;gBAC3D,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC/F,IAAI,cAAc,IAAI,CAAC,eAAe,KAAK,IAAI,IAAI,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC7F,OAAO,cAAc,CAAC;gBACxB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,UAAU,CAAC,0CAA0C,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC;QACnE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,UAAU,CAAC,sDAAsD,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,UAAU,CAAC,sDAAsD,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE;YAC1E,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,8BAA8B;aAC/C;YACD,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,aAAa,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,QAAQ,CAChB,gCAAgC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACnF,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAe,CAAC;QACnD,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,QAAQ,CAAC,+CAA+C,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAW;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,eAAe,CAAC,wCAAwC,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE;YAChF,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,MAAM,EAAE,eAAe;aACxB;SACF,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,aAAa,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,QAAQ,CAChB,kCAAkC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACrF,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,WAAW;IACX,KAAK,CAAC,YAAY,CAAC,MAAkB;QACnC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,aAAa;IACb,KAAK,CAAC,WAAW,CAAC,MAAiB;QACjC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,WAAW;IACX,KAAK,CAAC,SAAS,CAAC,MAAkB;QAChC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,WAAW;IACX,KAAK,CAAC,KAAK,CAAC,MAAkB;QAC5B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,gBAAgB;IAChB,KAAK,CAAC,UAAU,CAAC,MAAkB;QACjC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;CACF"}

package/dist/namespaces/custody.d.ts

@@ -0,0 +1,47 @@
+import type { AUNClient } from '../client.js';
+import { type JsonObject } from '../types.js';
+export declare class CustodyNamespace {
+    private _client;
+    private _custodyUrl;
+    constructor(client: AUNClient);
+    private get _internal();
+    setUrl(url: string): void;
+    configureUrl(url: string): void;
+    discoverUrl(params?: {
+        aid?: string | null;
+        timeout?: number;
+    }): Promise<string>;
+    private _resolveCustodyUrl;
+    private _getAccessToken;
+    private _post;
+    sendCode(params: {
+        phone: string;
+        aid?: string | null;
+    }): Promise<JsonObject>;
+    bindPhone(params: {
+        phone: string;
+        code: string;
+        cert: string;
+        key: string;
+        metadata?: JsonObject | null;
+    }): Promise<JsonObject>;
+    restorePhone(params: {
+        phone: string;
+        code: string;
+        aid: string;
+    }): Promise<JsonObject>;
+    createDeviceCopy(params?: {
+        aid?: string | null;
+    }): Promise<JsonObject>;
+    uploadDeviceCopyMaterials(params: {
+        transferCode: string;
+        cert: string;
+        key: string;
+        aid?: string | null;
+        metadata?: JsonObject | null;
+    }): Promise<JsonObject>;
+    claimDeviceCopy(params: {
+        aid: string;
+        transferCode: string;
+    }): Promise<JsonObject>;
+}

package/dist/namespaces/custody.js

@@ -0,0 +1,231 @@
+import { AUNError, ValidationError } from '../errors.js';
+import { isJsonObject } from '../types.js';
+const CUSTODY_HTTP_TIMEOUT_MS = 30_000;
+function issuerDomainFromAid(aid) {
+    const parts = String(aid || '').trim().split('.', 2);
+    return parts.length > 1 ? parts[1] : parts[0] || '';
+}
+function custodyWellKnownUrls(aid, discoveryPort, verifySsl) {
+    const portSuffix = discoveryPort ? `:${discoveryPort}` : '';
+    const issuerDomain = issuerDomainFromAid(aid);
+    const aidUrl = `https://${aid}${portSuffix}/.well-known/aun-custody`;
+    const fallbackUrl = `https://aid_custody.${issuerDomain}${portSuffix}/.well-known/aun-custody`;
+    const urls = verifySsl ? [aidUrl, fallbackUrl] : [fallbackUrl, aidUrl];
+    return [...new Set(urls)];
+}
+function extractCustodyUrl(payload) {
+    for (const key of ['custody_url', 'custodyUrl', 'url']) {
+        const value = String(payload[key] ?? '').trim();
+        if (value)
+            return value;
+    }
+    if (isJsonObject(payload.custody)) {
+        const value = String(payload.custody.url ?? '').trim();
+        if (value)
+            return value;
+    }
+    for (const key of ['custody_services', 'custodyServices', 'services']) {
+        const items = payload[key];
+        if (Array.isArray(items)) {
+            const candidates = items
+                .filter(isJsonObject)
+                .sort((a, b) => Number(a.priority ?? 999) - Number(b.priority ?? 999));
+            for (const item of candidates) {
+                const value = String(item.url ?? '').trim();
+                if (value)
+                    return value;
+            }
+        }
+    }
+    throw new ValidationError('custody well-known missing custody url');
+}
+function normalizeCustodyUrl(url) {
+    const value = String(url ?? '').trim().replace(/\/+$/, '');
+    if (!value)
+        return null;
+    try {
+        const parsed = new URL(value);
+        if ((parsed.protocol !== 'http:' && parsed.protocol !== 'https:') || !parsed.hostname) {
+            return null;
+        }
+        return value;
+    }
+    catch {
+        return null;
+    }
+}
+async function fetchJsonWithTimeout(input, init, timeoutMs = CUSTODY_HTTP_TIMEOUT_MS) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const response = await fetch(input, { ...init, signal: controller.signal });
+        const payload = await response.json();
+        if (response.ok) {
+            return payload;
+        }
+        const error = isJsonObject(payload) && isJsonObject(payload.error) ? payload.error : null;
+        const code = String(error?.code ?? '');
+        const message = String(error?.message ?? '');
+        throw new AUNError(message ? `custody ${code || response.status}: ${message}` : `custody HTTP ${response.status}`);
+    }
+    catch (error) {
+        if (controller.signal.aborted) {
+            throw new AUNError(`custody request timed out after ${timeoutMs}ms`);
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export class CustodyNamespace {
+    _client;
+    _custodyUrl = '';
+    constructor(client) {
+        this._client = client;
+    }
+    get _internal() {
+        return this._client;
+    }
+    setUrl(url) {
+        this._custodyUrl = String(url ?? '').trim().replace(/\/+$/, '');
+    }
+    configureUrl(url) {
+        this.setUrl(url);
+    }
+    async discoverUrl(params = {}) {
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        if (!aid) {
+            throw new ValidationError('custody.discoverUrl requires aid or authenticated client');
+        }
+        let lastError = null;
+        const config = this._internal._configModel;
+        const urls = custodyWellKnownUrls(aid, config.discoveryPort, config.verifySsl ?? true);
+        for (const wellKnownUrl of urls) {
+            try {
+                const payload = await fetchJsonWithTimeout(wellKnownUrl, { method: 'GET' }, params.timeout ?? 5_000);
+                if (!isJsonObject(payload)) {
+                    throw new ValidationError('custody well-known returned invalid payload');
+                }
+                const custodyUrl = normalizeCustodyUrl(extractCustodyUrl(payload));
+                if (!custodyUrl) {
+                    throw new ValidationError('custody well-known returned invalid custody url');
+                }
+                this._custodyUrl = custodyUrl;
+                return custodyUrl;
+            }
+            catch (error) {
+                lastError = error;
+            }
+        }
+        throw new AUNError(`custody discovery failed for ${aid}: ${lastError instanceof Error ? lastError.message : String(lastError)}`);
+    }
+    async _resolveCustodyUrl(aid) {
+        const custodyUrl = normalizeCustodyUrl(this._custodyUrl);
+        if (custodyUrl) {
+            if (custodyUrl !== this._custodyUrl) {
+                this._custodyUrl = custodyUrl;
+            }
+            return custodyUrl;
+        }
+        return this.discoverUrl({ aid });
+    }
+    _getAccessToken() {
+        const identity = this._internal._identity;
+        if (identity) {
+            const token = String(identity.access_token ?? '').trim();
+            if (token)
+                return token;
+        }
+        throw new ValidationError('no access_token available: call auth.authenticate() first');
+    }
+    async _post(path, body, opts = {}) {
+        const headers = { 'Content-Type': 'application/json' };
+        const token = String(opts.token ?? '').trim();
+        if (token) {
+            headers.Authorization = `Bearer ${token}`;
+        }
+        const payload = await fetchJsonWithTimeout(`${await this._resolveCustodyUrl(String(body.aid ?? '') || this._client.aid)}${path}`, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+        });
+        if (!isJsonObject(payload)) {
+            throw new AUNError('custody returned invalid JSON payload');
+        }
+        return payload;
+    }
+    async sendCode(params) {
+        const phone = String(params.phone ?? '').trim();
+        const aid = String(params.aid ?? '').trim();
+        if (!phone) {
+            throw new ValidationError('custody.sendCode requires non-empty phone');
+        }
+        const body = { phone };
+        let token = null;
+        if (aid) {
+            body.aid = aid;
+        }
+        else {
+            token = this._getAccessToken();
+        }
+        return this._post('/custody/accounts/send-code', body, { token });
+    }
+    async bindPhone(params) {
+        const phone = String(params.phone ?? '').trim();
+        const code = String(params.code ?? '').trim();
+        const cert = String(params.cert ?? '').trim();
+        const key = String(params.key ?? '').trim();
+        if (!phone || !code || !cert || !key) {
+            throw new ValidationError('custody.bindPhone requires phone, code, cert and key');
+        }
+        const body = { phone, code, cert, key };
+        if (params.metadata && isJsonObject(params.metadata)) {
+            body.metadata = params.metadata;
+        }
+        return this._post('/custody/accounts/bind-phone', body, {
+            token: this._getAccessToken(),
+        });
+    }
+    async restorePhone(params) {
+        const phone = String(params.phone ?? '').trim();
+        const code = String(params.code ?? '').trim();
+        const aid = String(params.aid ?? '').trim();
+        if (!phone || !code || !aid) {
+            throw new ValidationError('custody.restorePhone requires phone, code and aid');
+        }
+        return this._post('/custody/accounts/restore-phone', { phone, code, aid });
+    }
+    async createDeviceCopy(params = {}) {
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        if (!aid) {
+            throw new ValidationError('custody.createDeviceCopy requires aid or authenticated client');
+        }
+        return this._post('/custody/transfers', { aid }, { token: this._getAccessToken() });
+    }
+    async uploadDeviceCopyMaterials(params) {
+        const transferCode = String(params.transferCode ?? '').trim();
+        const aid = String(params.aid ?? this._client.aid ?? '').trim();
+        const cert = String(params.cert ?? '').trim();
+        const key = String(params.key ?? '').trim();
+        if (!transferCode || !aid || !cert || !key) {
+            throw new ValidationError('custody.uploadDeviceCopyMaterials requires transferCode, aid, cert and key');
+        }
+        const body = { aid, cert, key };
+        if (params.metadata && isJsonObject(params.metadata)) {
+            body.metadata = params.metadata;
+        }
+        return this._post(`/custody/transfers/${encodeURIComponent(transferCode)}/materials`, body, {
+            token: this._getAccessToken(),
+        });
+    }
+    async claimDeviceCopy(params) {
+        const aid = String(params.aid ?? '').trim();
+        const transferCode = String(params.transferCode ?? '').trim();
+        if (!aid || !transferCode) {
+            throw new ValidationError('custody.claimDeviceCopy requires aid and transferCode');
+        }
+        return this._post('/custody/transfers/claim', { aid, transfer_code: transferCode });
+    }
+}
+//# sourceMappingURL=custody.js.map

package/dist/namespaces/custody.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"custody.js","sourceRoot":"","sources":["../../src/namespaces/custody.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,YAAY,EAAmC,MAAM,aAAa,CAAC;AAE5E,MAAM,uBAAuB,GAAG,MAAM,CAAC;AAOvC,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW,EAAE,aAAwC,EAAE,SAAkB;IACrG,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,GAAG,GAAG,UAAU,0BAA0B,CAAC;IACrE,MAAM,WAAW,GAAG,uBAAuB,YAAY,GAAG,UAAU,0BAA0B,CAAC;IAC/F,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAmB;IAC5C,KAAK,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,KAAK,CAAU,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,UAAU,CAAU,EAAE,CAAC;QAC/E,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,KAAK;iBACrB,MAAM,CAAC,YAAY,CAAC;iBACpB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC;YACzE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,KAAK;oBAAE,OAAO,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,IAAI,eAAe,CAAC,wCAAwC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,KAAa,EACb,IAAiB,EACjB,YAAoB,uBAAuB;IAE3C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAe,CAAC;QACnD,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1F,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,IAAI,QAAQ,CAChB,OAAO,CAAC,CAAC,CAAC,WAAW,IAAI,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAC/F,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,QAAQ,CAAC,mCAAmC,SAAS,IAAI,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,OAAO,gBAAgB;IACnB,OAAO,CAAY;IACnB,WAAW,GAAG,EAAE,CAAC;IAEzB,YAAY,MAAiB;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,OAAkC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,YAAY,CAAC,GAAW;QACtB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAAoD,EAAE;QACtE,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,eAAe,CAAC,0DAA0D,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,SAAS,GAAY,IAAI,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;QAC3C,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC;QACvF,KAAK,MAAM,YAAY,IAAI,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC;gBACrG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;gBAC3E,CAAC;gBACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAC;gBAC/E,CAAC;gBACD,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;gBAC9B,OAAO,UAAU,CAAC;YACpB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QACD,MAAM,IAAI,QAAQ,CAAC,gCAAgC,GAAG,KAAK,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACnI,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAmB;QAClD,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,UAAU,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;YAChC,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC;IAEO,eAAe;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,MAAM,IAAI,eAAe,CAAC,2DAA2D,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,KAAK,CACjB,IAAY,EACZ,IAAgB,EAChB,OAAkC,EAAE;QAEpC,MAAM,OAAO,GAA2B,EAAC,cAAc,EAAE,kBAAkB,EAAC,CAAC;QAC7E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,CACxC,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EACrF;YACE,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CACF,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,QAAQ,CAAC,uCAAuC,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAA8C;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,eAAe,CAAC,2CAA2C,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,KAAK,EAAC,CAAC;QACjC,IAAI,KAAK,GAAkB,IAAI,CAAC;QAChC,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACjC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,6BAA6B,EAAE,IAAI,EAAE,EAAC,KAAK,EAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAMf;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACrC,MAAM,IAAI,eAAe,CAAC,sDAAsD,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC;QAClD,IAAI,MAAM,CAAC,QAAQ,IAAI,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE,IAAI,EAAE;YACtD,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,eAAe,CAAC,mDAAmD,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,SAAkC,EAAE;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,eAAe,CAAC,+DAA+D,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAC,GAAG,EAAC,EAAE,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,EAAC,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,MAM/B;QACC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,YAAY,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3C,MAAM,IAAI,eAAe,CAAC,4EAA4E,CAAC,CAAC;QAC1G,CAAC;QACD,MAAM,IAAI,GAAe,EAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,QAAQ,IAAI,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,sBAAsB,kBAAkB,CAAC,YAAY,CAAC,YAAY,EAAE,IAAI,EAAE;YAC1F,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAGrB;QACC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,eAAe,CAAC,uDAAuD,CAAC,CAAC;QACrF,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAC,GAAG,EAAE,aAAa,EAAE,YAAY,EAAC,CAAC,CAAC;IACpF,CAAC;CACF"}

package/dist/secret-store/file-store.d.ts

@@ -0,0 +1,25 @@
+/**
+ * 基于文件的 SecretStore（AES-256-GCM 加密）
+ *
+ * 密钥派生：
+ *   - 传入 encryptionSeed → 从 seed 字符串派生
+ *   - 未传 → 从 {root}/.seed 文件派生（首次自动生成）
+ *
+ * 与 Python SDK 的 FileSecretStore 完全对齐。
+ */
+import type { SecretStore } from './index.js';
+import type { SecretRecord } from '../types.js';
+export declare class FileSecretStore implements SecretStore {
+    private _root;
+    private _masterKey;
+    constructor(root: string, encryptionSeed?: string, sqliteBackup?: {
+        backupSeed(seed: Buffer): void;
+        restoreSeed(): Buffer | null;
+    });
+    protect(scope: string, name: string, plaintext: Buffer): SecretRecord;
+    reveal(scope: string, name: string, record: SecretRecord): Buffer | null;
+    /** 使用 HMAC-SHA256 从主密钥派生子密钥 */
+    private _deriveKey;
+    /** 三级恢复：文件 → SQLite → 新建，双写确保一致 */
+    private _loadOrCreateSeed;
+}