@agentunion/fastaun 0.2.20 → 0.3.1

package/dist/v2/session/session.d.ts

@@ -0,0 +1,124 @@
+/**
+ * V2 E2EE Session Manager。
+ *
+ * 管理本设备的 IK/SPK 生命周期、服务端注册、加解密密钥获取。
+ *
+ * 设计要点：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *   - contig_seq >= 该 SPK 引用的最大 seq
+ *   - 自最后一次见到该 spk_id >= 7 天
+ *   - 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：调 callFn("message.v2.put_peer_pk", ...)
+ */
+import { V2KeyStore } from './keystore.js';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export declare const PEER_KEY_CACHE_TTL_MS: number;
+/** SPK 销毁安全窗口（毫秒）。 */
+export declare const DESTROY_DELAY_MS: number;
+/** SPK 销毁时保留的最近代数。 */
+export declare const RECENT_GENERATIONS = 7;
+export declare const HARD_LIMIT_MS: number;
+/** 服务端 RPC 调用函数签名（与 Python `call_fn` 等价）。 */
+export type CallFn = (method: string, params: Record<string, unknown>) => Promise<Record<string, unknown> | unknown>;
+/** 加密所需的发送方身份。 */
+export interface SenderIdentity {
+    aid: string;
+    deviceId: string;
+    ikPriv: Uint8Array;
+    ikPubDer: Uint8Array;
+}
+export declare class V2Session {
+    private readonly _store;
+    private readonly _deviceId;
+    private readonly _aid;
+    private readonly _ikPriv;
+    private readonly _ikPubDer;
+    private _spkId;
+    private _spkPriv?;
+    private _spkPubDer?;
+    private _registered;
+    private _lastUploadedSPKId;
+    private _lastUploadedGroupSPKIds;
+    private _peerIKCache;
+    private _verifiedSPKs;
+    private _oldSPKMaxSeq;
+    private _nowFn;
+    constructor(store: V2KeyStore, deviceId: string, aid: string, ikPriv: Uint8Array, ikPubDer: Uint8Array);
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn: () => number): void;
+    get deviceId(): string;
+    get aid(): string;
+    get currentSpkId(): string;
+    get currentIkPubDer(): Uint8Array;
+    /** 暴露 store 便于测试（与 Python 同等私有约定）。 */
+    get _storeForTest(): V2KeyStore;
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    ensureKeys(): void;
+    private _generateNewSPK;
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。 */
+    ensureRegistered(callFn: CallFn): Promise<void>;
+    /** SPK 由 AID 私钥（IK）签名背书，并上报到 message.v2.put_peer_pk。 */
+    private _registerSPK;
+    /** 返回加密所需的 sender 结构。 */
+    getSenderIdentity(): SenderIdentity;
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能为 null = 已销毁）
+     */
+    getDecryptKeys(spkId: string | null | undefined): {
+        ikPriv: Uint8Array;
+        spkPriv?: Uint8Array;
+    };
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId: string | null | undefined): boolean;
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId: string, seq: number): void;
+    /**
+     * contig_seq 已覆盖、超过 7 天安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq（接收方已消费完所有引用此 SPK 的消息）
+     * - 自最后一次见到该 spk_id 引用 >= 7 天
+     * - 不在最近 7 代 SPK 保留窗口内
+     *
+     * 7 天 + 7 代双兜底：低频群即便 contig_seq 已覆盖也至少留 7 代或 7 天，
+     * 避免发送方陈旧 bootstrap 缓存导致新消息加密失败。
+     */
+    maybeDestroyOldSPKs(contigSeq: number): string[];
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    rotateSPK(callFn: CallFn): Promise<void>;
+    cachePeerIK(peerAid: string, deviceId: string, ikPubDer: Uint8Array): void;
+    getPeerIK(peerAid: string, deviceId: string): Uint8Array | null;
+    isPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): boolean;
+    markPeerSPKVerified(peerAid: string, deviceId: string, spkId: string): void;
+    /** 确保指定群有独立 group SPK，返回 { spkId, priv, pubDER }。 */
+    ensureGroupSPK(groupId: string): {
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    };
+    /** 注册指定群的 group SPK 到服务端。group 服务负责成员鉴权。 */
+    ensureGroupRegistered(groupId: string, callFn: CallFn): Promise<void>;
+    /** 轮换指定群的 group SPK，保留旧私钥用于缓存窗口内的历史 wrap 解密。 */
+    rotateGroupSPK(groupId: string, callFn: CallFn): Promise<{
+        spkId: string;
+        priv: Uint8Array;
+        pubDer: Uint8Array;
+    }>;
+    /** 群消息解密优先查 group SPK；找不到时 fallback 旧 P2P SPK 兼容历史消息。 */
+    getGroupDecryptKeys(groupId: string, spkId: string): {
+        ikPriv: Uint8Array;
+        spkPriv: Uint8Array | null;
+    };
+    /** 判断 spk_id 是否为本进程最后一次成功上传的 P2P SPK。 */
+    isLastUploadedSPK(spkId: string): boolean;
+    /** 判断 spk_id 是否为本进程在该群最后一次成功上传的 group SPK。 */
+    isLastUploadedGroupSPK(groupId: string, spkId: string): boolean;
+    /** 签名并上传 group SPK 到 group.v2.put_group_pk。 */
+    private _publishGroupSPK;
+}

package/dist/v2/session/session.js

@@ -0,0 +1,318 @@
+/**
+ * V2 E2EE Session Manager。
+ *
+ * 管理本设备的 IK/SPK 生命周期、服务端注册、加解密密钥获取。
+ *
+ * 设计要点：
+ * - IK = AID 长期密钥（多设备共享 AID 身份），不独立生成
+ * - SPK 设备级 P-256 密钥对，IK 签名背书
+ * - SPK 销毁三重条件：
+ *   - contig_seq >= 该 SPK 引用的最大 seq
+ *   - 自最后一次见到该 spk_id >= 7 天
+ *   - 不在最近 7 代保留窗口内
+ * - 对端 IK 公钥缓存 TTL 1 小时
+ * - SPK 注册：调 callFn("message.v2.put_peer_pk", ...)
+ */
+import { createHash } from 'node:crypto';
+import { generateP256Keypair } from '../crypto/ecdh.js';
+import { ecdsaSignRaw } from '../crypto/ecdsa.js';
+/** 对端 IK 公钥缓存 TTL（毫秒）。 */
+export const PEER_KEY_CACHE_TTL_MS = 60 * 60 * 1000; // 1h
+/** SPK 销毁安全窗口（毫秒）。 */
+export const DESTROY_DELAY_MS = 7 * 24 * 60 * 60 * 1000; // 7 天
+/** SPK 销毁时保留的最近代数。 */
+export const RECENT_GENERATIONS = 7;
+export const HARD_LIMIT_MS = 180 * 24 * 60 * 60 * 1000; // 180 天
+export class V2Session {
+    _store;
+    _deviceId;
+    _aid;
+    _ikPriv;
+    _ikPubDer;
+    _spkId = '';
+    _spkPriv;
+    _spkPubDer;
+    _registered = false;
+    // SPK 上传去重
+    _lastUploadedSPKId = '';
+    _lastUploadedGroupSPKIds = new Map();
+    _peerIKCache = new Map();
+    _verifiedSPKs = new Set();
+    _oldSPKMaxSeq = new Map();
+    _nowFn = () => Date.now();
+    constructor(store, deviceId, aid, ikPriv, ikPubDer) {
+        if (!ikPriv || !ikPubDer) {
+            throw new Error('V2Session requires AID priv/pub keys (IK = AID identity)');
+        }
+        this._store = store;
+        this._deviceId = deviceId;
+        this._aid = aid;
+        this._ikPriv = ikPriv;
+        this._ikPubDer = ikPubDer;
+    }
+    /** 测试用：注入虚拟时钟。 */
+    _setNowFn(fn) {
+        this._nowFn = fn;
+    }
+    get deviceId() {
+        return this._deviceId;
+    }
+    get aid() {
+        return this._aid;
+    }
+    get currentSpkId() {
+        return this._spkId;
+    }
+    get currentIkPubDer() {
+        return this._ikPubDer;
+    }
+    /** 暴露 store 便于测试（与 Python 同等私有约定）。 */
+    get _storeForTest() {
+        return this._store;
+    }
+    /** 加载或生成当前 SPK；IK 由构造函数注入，无需加载。 */
+    ensureKeys() {
+        if (this._spkPriv)
+            return;
+        const cur = this._store.loadCurrentSPK(this._deviceId);
+        if (cur) {
+            this._spkId = cur.spkId;
+            this._spkPriv = cur.priv;
+            this._spkPubDer = cur.pubDer;
+            return;
+        }
+        this._generateNewSPK();
+    }
+    _generateNewSPK() {
+        const [priv, pubDer] = generateP256Keypair();
+        const hashHex = createHash('sha256').update(pubDer).digest('hex');
+        const spkId = `sha256:${hashHex.substring(0, 16)}`;
+        this._store.saveSPK(this._deviceId, spkId, priv, pubDer);
+        this._spkId = spkId;
+        this._spkPriv = priv;
+        this._spkPubDer = pubDer;
+    }
+    /** 注册本设备 SPK 到服务端。IK = AID 长期密钥，无需注册。 */
+    async ensureRegistered(callFn) {
+        if (this._registered)
+            return;
+        this.ensureKeys();
+        await this._registerSPK(callFn);
+        this._registered = true;
+        this._lastUploadedSPKId = this._spkId;
+    }
+    /** SPK 由 AID 私钥（IK）签名背书，并上报到 message.v2.put_peer_pk。 */
+    async _registerSPK(callFn) {
+        const spkTimestamp = Math.floor(this._nowFn() / 1000);
+        const signData = Buffer.concat([
+            Buffer.from(this._spkPubDer),
+            Buffer.from(this._spkId, 'utf-8'),
+            Buffer.from(String(spkTimestamp), 'utf-8'),
+        ]);
+        const signature = ecdsaSignRaw(this._ikPriv, signData);
+        await callFn('message.v2.put_peer_pk', {
+            peer_aid: this._aid,
+            key_source: 'peer_device_prekey',
+            spk_id: this._spkId,
+            spk_pk: Buffer.from(this._spkPubDer).toString('base64'),
+            spk_signature: Buffer.from(signature).toString('base64'),
+            spk_timestamp: spkTimestamp,
+        });
+    }
+    /** 返回加密所需的 sender 结构。 */
+    getSenderIdentity() {
+        this.ensureKeys();
+        return {
+            aid: this._aid,
+            deviceId: this._deviceId,
+            ikPriv: this._ikPriv,
+            ikPubDer: this._ikPubDer,
+        };
+    }
+    /**
+     * 返回解密所需的私钥。
+     * - spkId 空：1DH（仅 IK）
+     * - spkId == 当前 SPK：当前 spkPriv
+     * - 否则：从 store 加载旧 SPK 私钥（可能为 null = 已销毁）
+     */
+    getDecryptKeys(spkId) {
+        this.ensureKeys();
+        if (!spkId)
+            return { ikPriv: this._ikPriv };
+        if (spkId === this._spkId)
+            return { ikPriv: this._ikPriv, spkPriv: this._spkPriv };
+        const oldSPK = this._store.loadSPK(this._deviceId, spkId);
+        if (!oldSPK)
+            return { ikPriv: this._ikPriv };
+        return { ikPriv: this._ikPriv, spkPriv: oldSPK };
+    }
+    /** 判断 spkId 是否命中当前活跃 SPK。 */
+    isCurrentSPK(spkId) {
+        return Boolean(spkId) && spkId === this._spkId;
+    }
+    /** 跟踪每个旧 SPK 引用的最大 seq（用于销毁判定）。 */
+    trackOldSPKMaxSeq(spkId, seq) {
+        if (!spkId || spkId === this._spkId)
+            return;
+        const cur = this._oldSPKMaxSeq.get(spkId);
+        const curSeq = cur ? cur.seq : 0;
+        if (seq > curSeq) {
+            this._oldSPKMaxSeq.set(spkId, { seq, lastSeenAt: this._nowFn() });
+        }
+    }
+    /**
+     * contig_seq 已覆盖、超过 7 天安全窗口、且不在最近 7 代保留窗口内时销毁。
+     *
+     * 销毁条件（全部满足才销毁）：
+     * - contig_seq >= 该 SPK 引用的最大 seq（接收方已消费完所有引用此 SPK 的消息）
+     * - 自最后一次见到该 spk_id 引用 >= 7 天
+     * - 不在最近 7 代 SPK 保留窗口内
+     *
+     * 7 天 + 7 代双兜底：低频群即便 contig_seq 已覆盖也至少留 7 代或 7 天，
+     * 避免发送方陈旧 bootstrap 缓存导致新消息加密失败。
+     */
+    maybeDestroyOldSPKs(contigSeq) {
+        const destroyed = [];
+        const now = this._nowFn();
+        let recentKeep;
+        try {
+            recentKeep = new Set(this._store.listRecentSPKIds(this._deviceId, RECENT_GENERATIONS));
+        }
+        catch {
+            recentKeep = new Set();
+        }
+        for (const [spkId, info] of Array.from(this._oldSPKMaxSeq.entries())) {
+            if (spkId === this._spkId)
+                continue;
+            if (contigSeq < info.seq)
+                continue;
+            if (now - info.lastSeenAt < DESTROY_DELAY_MS)
+                continue;
+            if (recentKeep.has(spkId))
+                continue;
+            try {
+                this._store.deleteSPK(this._deviceId, spkId);
+            }
+            catch {
+                // 忽略 delete 失败，但 _oldSPKMaxSeq 仍清理避免重复尝试
+            }
+            this._oldSPKMaxSeq.delete(spkId);
+            destroyed.push(spkId);
+        }
+        // 180 天硬上限：无论是否被引用，超龄 SPK 强制销毁
+        try {
+            const expired = this._store.listExpiredSPKIds(this._deviceId, HARD_LIMIT_MS);
+            for (const spkId of expired) {
+                if (spkId === this._spkId)
+                    continue;
+                try {
+                    this._store.deleteSPK(this._deviceId, spkId);
+                }
+                catch { /* ignore */ }
+                this._oldSPKMaxSeq.delete(spkId);
+                if (!destroyed.includes(spkId))
+                    destroyed.push(spkId);
+            }
+        }
+        catch { /* ignore */ }
+        return destroyed;
+    }
+    /** 轮换 SPK：生成新 SPK 并上报到服务端。旧 SPK 保留本地用于解密。 */
+    async rotateSPK(callFn) {
+        this._generateNewSPK();
+        await this._registerSPK(callFn);
+        this._lastUploadedSPKId = this._spkId;
+    }
+    cachePeerIK(peerAid, deviceId, ikPubDer) {
+        this._peerIKCache.set(`${peerAid}#${deviceId}`, { pubDer: ikPubDer, cachedAt: this._nowFn() });
+    }
+    getPeerIK(peerAid, deviceId) {
+        const key = `${peerAid}#${deviceId}`;
+        const entry = this._peerIKCache.get(key);
+        if (!entry)
+            return null;
+        if (this._nowFn() - entry.cachedAt >= PEER_KEY_CACHE_TTL_MS) {
+            this._peerIKCache.delete(key);
+            return null;
+        }
+        return entry.pubDer;
+    }
+    isPeerSPKVerified(peerAid, deviceId, spkId) {
+        return this._verifiedSPKs.has(`${peerAid}#${deviceId}#${spkId}`);
+    }
+    markPeerSPKVerified(peerAid, deviceId, spkId) {
+        this._verifiedSPKs.add(`${peerAid}#${deviceId}#${spkId}`);
+    }
+    // ── Group SPK 独立管理 ──────────────────────────────────────────
+    /** 确保指定群有独立 group SPK，返回 { spkId, priv, pubDER }。 */
+    ensureGroupSPK(groupId) {
+        this.ensureKeys();
+        const cur = this._store.loadCurrentGroupSPK(this._deviceId, groupId);
+        if (cur)
+            return cur;
+        // 生成新 group SPK
+        const [priv, pubDer] = generateP256Keypair();
+        const hashHex = createHash('sha256').update(pubDer).digest('hex');
+        const spkId = `sha256:${hashHex.substring(0, 16)}`;
+        this._store.saveGroupSPK(this._deviceId, groupId, spkId, priv, pubDer);
+        return { spkId, priv, pubDer };
+    }
+    /** 注册指定群的 group SPK 到服务端。group 服务负责成员鉴权。 */
+    async ensureGroupRegistered(groupId, callFn) {
+        const { spkId, pubDer } = this.ensureGroupSPK(groupId);
+        await this._publishGroupSPK(groupId, spkId, pubDer, callFn);
+    }
+    /** 轮换指定群的 group SPK，保留旧私钥用于缓存窗口内的历史 wrap 解密。 */
+    async rotateGroupSPK(groupId, callFn) {
+        this.ensureKeys();
+        const [priv, pubDer] = generateP256Keypair();
+        const hashHex = createHash('sha256').update(pubDer).digest('hex');
+        const spkId = `sha256:${hashHex.substring(0, 16)}`;
+        this._store.saveGroupSPK(this._deviceId, groupId, spkId, priv, pubDer);
+        await this._publishGroupSPK(groupId, spkId, pubDer, callFn);
+        return { spkId, priv, pubDer };
+    }
+    /** 群消息解密优先查 group SPK；找不到时 fallback 旧 P2P SPK 兼容历史消息。 */
+    getGroupDecryptKeys(groupId, spkId) {
+        this.ensureKeys();
+        if (!spkId)
+            return { ikPriv: this._ikPriv, spkPriv: null };
+        // 优先查 group SPK
+        const groupSPK = this._store.loadGroupSPK(this._deviceId, groupId, spkId);
+        if (groupSPK)
+            return { ikPriv: this._ikPriv, spkPriv: groupSPK };
+        // fallback 到 P2P SPK（兼容历史消息）
+        if (spkId === this._spkId)
+            return { ikPriv: this._ikPriv, spkPriv: this._spkPriv ?? null };
+        const oldSPK = this._store.loadSPK(this._deviceId, spkId);
+        return { ikPriv: this._ikPriv, spkPriv: oldSPK };
+    }
+    /** 判断 spk_id 是否为本进程最后一次成功上传的 P2P SPK。 */
+    isLastUploadedSPK(spkId) {
+        return Boolean(spkId) && spkId === this._lastUploadedSPKId;
+    }
+    /** 判断 spk_id 是否为本进程在该群最后一次成功上传的 group SPK。 */
+    isLastUploadedGroupSPK(groupId, spkId) {
+        return Boolean(spkId) && this._lastUploadedGroupSPKIds.get(groupId) === spkId;
+    }
+    /** 签名并上传 group SPK 到 group.v2.put_group_pk。 */
+    async _publishGroupSPK(groupId, spkId, pubDer, callFn) {
+        const spkTimestamp = Math.floor(this._nowFn() / 1000);
+        const signData = Buffer.concat([
+            Buffer.from(pubDer),
+            Buffer.from(spkId, 'utf-8'),
+            Buffer.from(String(spkTimestamp), 'utf-8'),
+        ]);
+        const signature = ecdsaSignRaw(this._ikPriv, signData);
+        await callFn('group.v2.put_group_pk', {
+            group_id: groupId,
+            key_source: 'group_device_prekey',
+            spk_id: spkId,
+            spk_pk: Buffer.from(pubDer).toString('base64'),
+            spk_signature: Buffer.from(signature).toString('base64'),
+            spk_timestamp: spkTimestamp,
+        });
+        this._lastUploadedGroupSPKIds.set(groupId, spkId);
+    }
+}
+//# sourceMappingURL=session.js.map

package/dist/v2/session/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../src/v2/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,0BAA0B;AAC1B,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK;AAC1D,sBAAsB;AACtB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,MAAM;AAC/D,sBAAsB;AACtB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC;AACpC,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,QAAQ;AAgBhE,MAAM,OAAO,SAAS;IACH,MAAM,CAAa;IACnB,SAAS,CAAS;IAClB,IAAI,CAAS;IACb,OAAO,CAAa;IACpB,SAAS,CAAa;IAE/B,MAAM,GAAG,EAAE,CAAC;IACZ,QAAQ,CAAc;IACtB,UAAU,CAAc;IACxB,WAAW,GAAG,KAAK,CAAC;IAE5B,WAAW;IACH,kBAAkB,GAAG,EAAE,CAAC;IACxB,wBAAwB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAErD,YAAY,GAAG,IAAI,GAAG,EAAoD,CAAC;IAC3E,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,aAAa,GAAG,IAAI,GAAG,EAA+C,CAAC;IACvE,MAAM,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEhD,YACE,KAAiB,EACjB,QAAgB,EAChB,GAAW,EACX,MAAkB,EAClB,QAAoB;QAEpB,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,kBAAkB;IAClB,SAAS,CAAC,EAAgB;QACxB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,sCAAsC;IACtC,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,mCAAmC;IACnC,UAAU;QACR,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC;YACxB,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;YACzB,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;YAC7B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAEO,eAAe;QACrB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,UAAU,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;IAC3B,CAAC;IAED,yCAAyC;IACzC,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC;IACxC,CAAC;IAED,wDAAwD;IAChD,KAAK,CAAC,YAAY,CAAC,MAAc;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAW,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;SAC3C,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,MAAM,CAAC,wBAAwB,EAAE;YACrC,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,UAAU,EAAE,oBAAoB;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxD,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxD,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,iBAAiB;QACf,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,IAAI;YACd,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,KAAgC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5C,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IACnD,CAAC;IAED,6BAA6B;IAC7B,YAAY,CAAC,KAAgC;QAC3C,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,mCAAmC;IACnC,iBAAiB,CAAC,KAAa,EAAE,GAAW;QAC1C,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;;;;;;;;;OAUG;IACH,mBAAmB,CAAC,SAAiB;QACnC,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1B,IAAI,UAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC,CAAC;QACzF,CAAC;QAAC,MAAM,CAAC;YACP,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,CAAC;QACD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACrE,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;gBAAE,SAAS;YACpC,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnC,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,GAAG,gBAAgB;gBAAE,SAAS;YACvD,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpC,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAC7E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;oBAAE,SAAS;gBACpC,IAAI,CAAC;oBAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC5E,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAAE,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC;IACxC,CAAC;IAED,WAAW,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAoB;QACjE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,QAAgB;QACzC,MAAM,GAAG,GAAG,GAAG,OAAO,IAAI,QAAQ,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,IAAI,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,qBAAqB,EAAE,CAAC;YAC5D,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAED,iBAAiB,CAAC,OAAe,EAAE,QAAgB,EAAE,KAAa;QAChE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,mBAAmB,CAAC,OAAe,EAAE,QAAgB,EAAE,KAAa;QAClE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,+DAA+D;IAE/D,qDAAqD;IACrD,cAAc,CAAC,OAAe;QAC5B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrE,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;QACpB,gBAAgB;QAChB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,UAAU,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACvE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACjC,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,qBAAqB,CAAC,OAAe,EAAE,MAAc;QACzD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,cAAc,CAClB,OAAe,EACf,MAAc;QAEd,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,UAAU,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACvE,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACjC,CAAC;IAED,yDAAyD;IACzD,mBAAmB,CAAC,OAAe,EAAE,KAAa;QAChD,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3D,gBAAgB;QAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1E,IAAI,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QACjE,6BAA6B;QAC7B,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;QAC3F,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IACnD,CAAC;IAED,yCAAyC;IACzC,iBAAiB,CAAC,KAAa;QAC7B,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,KAAK,IAAI,CAAC,kBAAkB,CAAC;IAC7D,CAAC;IAED,8CAA8C;IAC9C,sBAAsB,CAAC,OAAe,EAAE,KAAa;QACnD,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC;IAChF,CAAC;IAED,+CAA+C;IACvC,KAAK,CAAC,gBAAgB,CAC5B,OAAe,EACf,KAAa,EACb,MAAkB,EAClB,MAAc;QAEd,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;SAC3C,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,MAAM,CAAC,uBAAuB,EAAE;YACpC,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,qBAAqB;YACjC,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC9C,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxD,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/v2/state/commitment.d.ts

@@ -0,0 +1,58 @@
+/**
+ * AUN E2EE V2: state_commitment 计算
+ *
+ * 规范引用：§6.2
+ *
+ * state_commitment = SHA256(
+ *   "AUN-V2-SC-v1" ||
+ *   group_id ||
+ *   uint32(epoch, big-endian) ||
+ *   canonical_json({
+ *     "members": [...sorted by aid, devices sorted by device_id...],
+ *     "audit_aids": [...sorted...],
+ *     "join_policy_hash": "64hex" | null,
+ *     "admin_set": {"admin_aids": [...sorted...], "threshold": N},
+ *     "recovery_quorum": {...} | null,
+ *     "history_policy": "none" | "recent_N_days" | "full",
+ *     "wrap_protocol": "3DH" | "1DH"
+ *   })
+ * )
+ *
+ * 排序在内部完成，调用方无需预排序。
+ */
+export declare const STATE_PREFIX: Uint8Array;
+export interface MemberDevice {
+    device_id?: string;
+    fp?: string;
+    [k: string]: unknown;
+}
+export interface Member {
+    aid?: string;
+    devices?: MemberDevice[];
+    [k: string]: unknown;
+}
+export interface AdminSet {
+    admin_aids?: string[];
+    threshold?: number;
+    [k: string]: unknown;
+}
+export interface RecoveryQuorum {
+    trigger?: string;
+    quorum_aids?: string[];
+    threshold?: number;
+    [k: string]: unknown;
+}
+export interface StatePayload {
+    members?: Member[];
+    audit_aids?: string[];
+    join_policy_hash?: string | null;
+    admin_set?: AdminSet;
+    recovery_quorum?: RecoveryQuorum | null;
+    history_policy?: string;
+    wrap_protocol?: string;
+    [k: string]: unknown;
+}
+/**
+ * 计算 state_commitment（hex）。
+ */
+export declare function computeStateCommitment(groupId: string, epoch: number, statePayload: StatePayload): string;

package/dist/v2/state/commitment.js

@@ -0,0 +1,85 @@
+/**
+ * AUN E2EE V2: state_commitment 计算
+ *
+ * 规范引用：§6.2
+ *
+ * state_commitment = SHA256(
+ *   "AUN-V2-SC-v1" ||
+ *   group_id ||
+ *   uint32(epoch, big-endian) ||
+ *   canonical_json({
+ *     "members": [...sorted by aid, devices sorted by device_id...],
+ *     "audit_aids": [...sorted...],
+ *     "join_policy_hash": "64hex" | null,
+ *     "admin_set": {"admin_aids": [...sorted...], "threshold": N},
+ *     "recovery_quorum": {...} | null,
+ *     "history_policy": "none" | "recent_N_days" | "full",
+ *     "wrap_protocol": "3DH" | "1DH"
+ *   })
+ * )
+ *
+ * 排序在内部完成，调用方无需预排序。
+ */
+import { createHash } from 'node:crypto';
+import { canonicalJson } from '../crypto/canonical.js';
+export const STATE_PREFIX = new TextEncoder().encode('AUN-V2-SC-v1');
+/** in-place 规范化排序。 */
+function sortPayload(payload) {
+    if (Array.isArray(payload.members)) {
+        payload.members.sort((a, b) => {
+            const ka = a.aid ?? '';
+            const kb = b.aid ?? '';
+            if (ka === kb)
+                return 0;
+            return ka < kb ? -1 : 1;
+        });
+        for (const m of payload.members) {
+            if (Array.isArray(m.devices)) {
+                m.devices.sort((a, b) => {
+                    const ka = a.device_id ?? '';
+                    const kb = b.device_id ?? '';
+                    if (ka === kb)
+                        return 0;
+                    return ka < kb ? -1 : 1;
+                });
+            }
+        }
+    }
+    if (Array.isArray(payload.audit_aids)) {
+        payload.audit_aids.sort();
+    }
+    if (payload.admin_set && Array.isArray(payload.admin_set.admin_aids)) {
+        payload.admin_set.admin_aids.sort();
+    }
+    if (payload.recovery_quorum && Array.isArray(payload.recovery_quorum.quorum_aids)) {
+        payload.recovery_quorum.quorum_aids.sort();
+    }
+}
+/** 大端 uint32 编码。 */
+function uint32BE(value) {
+    if (value < 0 || value > 0xffffffff || !Number.isInteger(value)) {
+        throw new Error(`epoch out of uint32 range: ${value}`);
+    }
+    const out = new Uint8Array(4);
+    const dv = new DataView(out.buffer);
+    dv.setUint32(0, value, false);
+    return out;
+}
+/**
+ * 计算 state_commitment（hex）。
+ */
+export function computeStateCommitment(groupId, epoch, statePayload) {
+    // 深拷贝避免修改调用方数据
+    const payload = JSON.parse(JSON.stringify(statePayload));
+    sortPayload(payload);
+    const groupBytes = new TextEncoder().encode(groupId);
+    const epochBytes = uint32BE(epoch);
+    const payloadBytes = canonicalJson(payload);
+    const h = createHash('sha256');
+    h.update(STATE_PREFIX);
+    h.update(groupBytes);
+    h.update(epochBytes);
+    h.update(payloadBytes);
+    return h.digest('hex');
+}
+//# sourceMappingURL=commitment.js.map

package/dist/v2/state/commitment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.js","sourceRoot":"","sources":["../../../src/v2/state/commitment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEvD,MAAM,CAAC,MAAM,YAAY,GAAe,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;AAkCjF,sBAAsB;AACtB,SAAS,WAAW,CAAC,OAAqB;IACxC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACvB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,CAAC,CAAC;YACxB,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;oBACtB,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;oBAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;oBAC7B,IAAI,EAAE,KAAK,EAAE;wBAAE,OAAO,CAAC,CAAC;oBACxB,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1B,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACrE,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;QAClF,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,oBAAoB;AACpB,SAAS,QAAQ,CAAC,KAAa;IAC7B,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpC,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,KAAa,EACb,YAA0B;IAE1B,eAAe;IACf,MAAM,OAAO,GAAiB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,WAAW,CAAC,OAAO,CAAC,CAAC;IAErB,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACvB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACvB,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC"}

package/dist/v2/state/index.d.ts

@@ -0,0 +1,2 @@
+export { computeStateCommitment, STATE_PREFIX } from './commitment.js';
+export type { Member, MemberDevice, AdminSet, RecoveryQuorum, StatePayload } from './commitment.js';

package/dist/v2/state/index.js

@@ -0,0 +1,2 @@
+export { computeStateCommitment, STATE_PREFIX } from './commitment.js';
+//# sourceMappingURL=index.js.map

package/dist/v2/state/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/state/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentunion/fastaun",
-  "version": "0.2.20",
+  "version": "0.3.1",
   "description": "AUN Protocol Core SDK for Node.js",
   "type": "module",
   "main": "dist/index.js",
@@ -27,12 +27,13 @@
     "prepack": "python ../scripts/sync_packed_docs.py ts",
     "test": "vitest run",
     "test:unit": "vitest run tests/unit",
-    "test:integration": "vitest run tests/integration/e2ee.test.ts",
-    "test:e2e": "vitest run tests/e2e/group-e2ee.test.ts",
+    "test:integration": "vitest run tests/integration/federation-v2-thought.test.ts tests/integration/group-e2ee.test.ts",
+    "test:e2e": "vitest run tests/e2e/v2-p2p.test.ts tests/e2e/v2-group.test.ts tests/e2e/v2-thought.test.ts",
     "test:federation": "vitest run tests/integration/federation.test.ts tests/integration/federation-storage.test.ts",
     "test:watch": "vitest"
   },
   "dependencies": {
+    "@noble/curves": "^2.2.0",
     "ws": "^8.18.0"
   },
   "devDependencies": {