npm - @agentunion/fastaun - Versions diffs - 0.3.2 → 0.3.4 - Mend

@agentunion/fastaun 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/CHANGELOG.md +43 -0
package/_packed_docs/CHANGELOG.md +43 -0
package/_packed_docs/INDEX.md +81 -0
package/_packed_docs/KITE_DOCS_GUIDE.md +55 -0
package/_packed_docs/agent.md//350/277/234/347/250/213agent.md/347/274/223/345/255/230/344/270/216etag/351/200/217/344/274/240/346/226/271/346/241/210.md +328 -0
package/_packed_docs/cli/AUN-CLI/350/256/276/350/256/241/346/226/207/346/241/243.md +686 -0
package/_packed_docs/design//350/267/250/350/257/255/350/250/200/345/256/271/345/231/250E2E/346/265/213/350/257/225/346/226/271/346/241/210.md +665 -0
package/_packed_docs/protocol//351/231/204/345/275/225N-/345/210/206/345/270/203/345/274/217Trace/345/215/217/350/256/256.md +257 -0
package/_packed_docs/sdk/01-/345/277/253/351/200/237/345/274/200/345/247/213.md +5 -5
package/_packed_docs/sdk/02-WebSocket/345/215/217/350/256/256.md +1 -1
package/_packed_docs/sdk/03-/346/240/270/345/277/203/346/246/202/345/277/265.md +2 -2
package/_packed_docs/sdk/04-/350/277/236/346/216/245/344/270/216/350/256/244/350/257/201.md +454 -396
package/_packed_docs/sdk/06-API/346/211/213/345/206/214.md +1410 -1244
package/_packed_docs/sdk/07-/351/224/231/350/257/257/345/244/204/347/220/206.md +19 -1
package/_packed_docs/sdk/08-/346/234/200/344/275/263/345/256/236/350/267/265.md +20 -5
package/_packed_docs/sdk/AUN_DOCS_GUIDE.md +6 -4
package/_packed_docs/sdk/E2EE_V2/346/266/210/346/201/257/351/200/232/344/277/241/346/227/266/345/272/217/345/233/276.md +171 -0
package/_packed_docs/sdk/INDEX.md +9 -4
package/_packed_docs/sdk/README.md +3 -3
package/dist/auth.d.ts +44 -8
package/dist/auth.js +398 -119
package/dist/auth.js.map +1 -1
package/dist/client.d.ts +123 -19
package/dist/client.js +2650 -673
package/dist/client.js.map +1 -1
package/dist/discovery.d.ts +4 -0
package/dist/discovery.js +28 -13
package/dist/discovery.js.map +1 -1
package/dist/errors.d.ts +4 -0
package/dist/errors.js +7 -0
package/dist/errors.js.map +1 -1
package/dist/events.d.ts +9 -0
package/dist/events.js +42 -12
package/dist/events.js.map +1 -1
package/dist/index.d.ts +2 -2
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/keystore/aid-db.d.ts +4 -0
package/dist/keystore/aid-db.js +94 -0
package/dist/keystore/aid-db.js.map +1 -1
package/dist/keystore/file.d.ts +23 -1
package/dist/keystore/file.js +109 -1
package/dist/keystore/file.js.map +1 -1
package/dist/keystore/index.d.ts +20 -0
package/dist/logger.d.ts +2 -0
package/dist/logger.js +7 -4
package/dist/logger.js.map +1 -1
package/dist/namespaces/auth.d.ts +34 -4
package/dist/namespaces/auth.js +194 -51
package/dist/namespaces/auth.js.map +1 -1
package/dist/net.d.ts +43 -0
package/dist/net.js +192 -0
package/dist/net.js.map +1 -0
package/dist/secret-store/file-store.d.ts +21 -2
package/dist/secret-store/file-store.js +166 -11
package/dist/secret-store/file-store.js.map +1 -1
package/dist/seq-tracker.d.ts +32 -3
package/dist/seq-tracker.js +60 -3
package/dist/seq-tracker.js.map +1 -1
package/dist/tools/cross-sdk-agent.d.ts +2 -0
package/dist/tools/cross-sdk-agent.js +695 -0
package/dist/tools/cross-sdk-agent.js.map +1 -0
package/dist/transport.d.ts +10 -1
package/dist/transport.js +196 -32
package/dist/transport.js.map +1 -1
package/dist/v2/crypto/canonical.d.ts +1 -1
package/dist/v2/crypto/canonical.js +42 -17
package/dist/v2/crypto/canonical.js.map +1 -1
package/dist/v2/e2ee/decrypt.js +57 -3
package/dist/v2/e2ee/decrypt.js.map +1 -1
package/dist/v2/e2ee/encrypt-group.js +16 -7
package/dist/v2/e2ee/encrypt-group.js.map +1 -1
package/dist/v2/e2ee/encrypt-p2p.js +42 -9
package/dist/v2/e2ee/encrypt-p2p.js.map +1 -1
package/dist/v2/e2ee/metadata-auth.d.ts +1 -0
package/dist/v2/e2ee/metadata-auth.js +37 -1
package/dist/v2/e2ee/metadata-auth.js.map +1 -1
package/dist/v2/e2ee/types.d.ts +2 -2
package/dist/v2/session/keystore.d.ts +10 -3
package/dist/v2/session/keystore.js +158 -30
package/dist/v2/session/keystore.js.map +1 -1
package/dist/v2/session/session.d.ts +7 -3
package/dist/v2/session/session.js +64 -12
package/dist/v2/session/session.js.map +1 -1
package/package.json +46 -46

package/dist/net.js ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * DNS-Resilient 网络层。
+ *
+ * 所有 HTTP/WebSocket 请求统一经过此模块，提供 DNS 容灾能力：
+ * - 正常走域名（利用系统 DNS 缓存和 CDN 调度）
+ * - 连接成功后刷新 DNS→IP 映射到 SQLite
+ * - DNS 失败时 fallback 到持久化的最后一次成功 IP
+ * - IP 直连时设置 TLS SNI + Host header
+ */
+import * as http from 'node:http';
+import * as https from 'node:https';
+import * as dns from 'node:dns';
+const _noopLogger = { error: () => { }, warn: () => { }, info: () => { }, debug: () => { } };
+function isDnsError(err) {
+    if (!err || typeof err !== 'object')
+        return false;
+    const code = err.code;
+    if (code === 'ENOTFOUND' || code === 'EAI_AGAIN' || code === 'EAI_FAIL' || code === 'EAI_NONAME') {
+        return true;
+    }
+    const msg = String(err.message ?? '').toLowerCase();
+    return msg.includes('getaddrinfo') && (msg.includes('enotfound') || msg.includes('eai_again'));
+}
+function parseHostPort(url) {
+    const parsed = new URL(url);
+    const hostname = parsed.hostname;
+    let port = parsed.port ? Number(parsed.port) : (parsed.protocol === 'https:' || parsed.protocol === 'wss:' ? 443 : 80);
+    return { hostname, port };
+}
+function replaceHostWithIP(url, ip) {
+    const parsed = new URL(url);
+    parsed.hostname = ip.includes(':') ? `[${ip}]` : ip;
+    return parsed.toString();
+}
+function resolveIP(hostname) {
+    return new Promise((resolve) => {
+        dns.lookup(hostname, (err, address) => {
+            resolve(err ? null : address);
+        });
+    });
+}
+export class DnsResilientNet {
+    _store;
+    _verifySsl;
+    _logger;
+    constructor(opts) {
+        this._store = opts?.store ?? null;
+        this._verifySsl = opts?.verifySsl ?? true;
+        this._logger = opts?.logger ?? _noopLogger;
+    }
+    _saveDnsCache(hostname, ip, port) {
+        if (!this._store || !hostname || !ip)
+            return;
+        try {
+            this._store.saveDnsCache(hostname, ip, port);
+        }
+        catch (exc) {
+            this._logger.debug(`dns cache save failed: ${exc}`);
+        }
+    }
+    _loadDnsCache(hostname) {
+        if (!this._store || !hostname)
+            return null;
+        try {
+            return this._store.loadDnsCache(hostname);
+        }
+        catch (exc) {
+            this._logger.debug(`dns cache load failed: ${exc}`);
+            return null;
+        }
+    }
+    async _refreshDnsCacheAfterSuccess(url) {
+        const { hostname, port } = parseHostPort(url);
+        if (!hostname)
+            return;
+        const ip = await resolveIP(hostname);
+        if (ip)
+            this._saveDnsCache(hostname, ip, port);
+    }
+    async httpGet(url, timeout = 5_000) {
+        const { hostname, port } = parseHostPort(url);
+        try {
+            const data = await this._doHttpGet(url, undefined, timeout);
+            void this._refreshDnsCacheAfterSuccess(url);
+            return data;
+        }
+        catch (exc) {
+            if (!isDnsError(exc))
+                throw exc;
+        }
+        this._logger.debug(`DNS failed for ${hostname}, trying cached IP`);
+        const cached = this._loadDnsCache(hostname);
+        if (!cached) {
+            const err = new Error(`DNS failed and no cached IP for ${hostname}`);
+            err.code = 'ENOTFOUND';
+            throw err;
+        }
+        const ipUrl = replaceHostWithIP(url, cached.ip);
+        return this._doHttpGet(ipUrl, hostname, timeout);
+    }
+    async httpGetJson(url, timeout = 5_000) {
+        const data = await this.httpGet(url, timeout);
+        return JSON.parse(data.toString('utf-8'));
+    }
+    async httpGetText(url, timeout = 5_000) {
+        const data = await this.httpGet(url, timeout);
+        return data.toString('utf-8');
+    }
+    async httpGetOk(url, timeout = 5_000) {
+        const { hostname, port } = parseHostPort(url);
+        try {
+            const ok = await this._doHttpGetOk(url, undefined, timeout);
+            if (ok)
+                void this._refreshDnsCacheAfterSuccess(url);
+            return ok;
+        }
+        catch (exc) {
+            if (!isDnsError(exc))
+                return false;
+        }
+        const cached = this._loadDnsCache(hostname);
+        if (!cached)
+            return false;
+        const ipUrl = replaceHostWithIP(url, cached.ip);
+        try {
+            return await this._doHttpGetOk(ipUrl, hostname, timeout);
+        }
+        catch {
+            return false;
+        }
+    }
+    /** 导出供 WebSocket 连接层使用 */
+    get isDnsError() { return isDnsError; }
+    get parseHostPort() { return parseHostPort; }
+    get replaceHostWithIP() { return replaceHostWithIP; }
+    loadDnsCache(hostname) { return this._loadDnsCache(hostname); }
+    refreshDnsCacheAfterSuccess(url) { return this._refreshDnsCacheAfterSuccess(url); }
+    _doHttpGet(url, sniHostname, timeout) {
+        return new Promise((resolve, reject) => {
+            const parsed = new URL(url);
+            const mod = parsed.protocol === 'https:' ? https : http;
+            const options = { timeout };
+            if (!this._verifySsl) {
+                options.rejectUnauthorized = false;
+            }
+            if (sniHostname) {
+                options.headers = { Host: sniHostname };
+                options.servername = sniHostname;
+            }
+            const req = mod.get(url, options, (res) => {
+                if (res.statusCode && (res.statusCode < 200 || res.statusCode >= 300)) {
+                    reject(new Error(`HTTP ${res.statusCode} from ${url}`));
+                    res.resume();
+                    return;
+                }
+                const chunks = [];
+                res.on('data', (chunk) => chunks.push(chunk));
+                res.on('end', () => resolve(Buffer.concat(chunks)));
+                res.on('error', reject);
+            });
+            req.on('error', reject);
+            req.on('timeout', () => { req.destroy(); reject(new Error(`timeout fetching ${url}`)); });
+        });
+    }
+    _doHttpGetOk(url, sniHostname, timeout) {
+        return new Promise((resolve, reject) => {
+            const parsed = new URL(url);
+            const mod = parsed.protocol === 'https:' ? https : http;
+            const options = { method: 'GET', timeout };
+            if (!this._verifySsl)
+                options.rejectUnauthorized = false;
+            if (sniHostname) {
+                options.headers = { Host: sniHostname };
+                options.servername = sniHostname;
+            }
+            const req = mod.request(url, options, (res) => {
+                res.resume();
+                resolve(res.statusCode === 200);
+            });
+            req.on('error', (err) => {
+                if (isDnsError(err))
+                    reject(err);
+                else
+                    resolve(false);
+            });
+            req.on('timeout', () => { req.destroy(); resolve(false); });
+            req.end();
+        });
+    }
+}
+export { isDnsError, parseHostPort, replaceHostWithIP };
+//# sourceMappingURL=net.js.map

package/dist/net.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"net.js","sourceRoot":"","sources":["../src/net.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AACpC,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAIhC,MAAM,WAAW,GAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAC;AAOvG,SAAS,UAAU,CAAC,GAAY;IAC9B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,IAAI,GAAI,GAAyB,CAAC,IAAI,CAAC;IAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QACjG,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAE,GAAa,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/D,OAAO,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACjC,IAAI,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACvH,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW,EAAE,EAAU;IAChD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACpC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,eAAe;IAClB,MAAM,CAAuB;IAC7B,UAAU,CAAU;IACpB,OAAO,CAAe;IAE9B,YAAY,IAA4E;QACtF,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,IAAI,EAAE,SAAS,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,MAAM,IAAI,WAAW,CAAC;IAC7C,CAAC;IAEO,aAAa,CAAC,QAAgB,EAAE,EAAU,EAAE,IAAY;QAC9D,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE;YAAE,OAAO;QAC7C,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,QAAgB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3C,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,GAAW;QACpD,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,EAAE;YAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,OAAO,GAAG,KAAK;QACxC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5D,KAAK,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,QAAQ,oBAAoB,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;YACpE,GAAW,CAAC,IAAI,GAAG,WAAW,CAAC;YAChC,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAW,EAAE,OAAO,GAAG,KAAK;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAA4B,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAW,EAAE,OAAO,GAAG,KAAK;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,OAAO,GAAG,KAAK;QAC1C,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,EAAE;gBAAE,KAAK,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC;YACpD,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QACrC,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1B,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,UAAU,KAAK,OAAO,UAAU,CAAC,CAAC,CAAC;IACvC,IAAI,aAAa,KAAK,OAAO,aAAa,CAAC,CAAC,CAAC;IAC7C,IAAI,iBAAiB,KAAK,OAAO,iBAAiB,CAAC,CAAC,CAAC;IAErD,YAAY,CAAC,QAAgB,IAAI,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACvE,2BAA2B,CAAC,GAAW,IAAI,OAAO,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAEnF,UAAU,CAAC,GAAW,EAAE,WAA+B,EAAE,OAAe;QAC9E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,MAAM,OAAO,GAAyB,EAAE,OAAO,EAAE,CAAC;YAClD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,OAAO,CAAC,kBAAkB,GAAG,KAAK,CAAC;YACrC,CAAC;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,OAAO,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;gBACxC,OAAO,CAAC,UAAU,GAAG,WAAW,CAAC;YACnC,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,GAAyB,EAAE,EAAE;gBAC9D,IAAI,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,GAAG,CAAC,UAAU,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC;oBACxD,GAAG,CAAC,MAAM,EAAE,CAAC;oBACb,OAAO;gBACT,CAAC;gBACD,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACpD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,GAAW,EAAE,WAA+B,EAAE,OAAe;QAChF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,MAAM,OAAO,GAAyB,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACjE,IAAI,CAAC,IAAI,CAAC,UAAU;gBAAE,OAAO,CAAC,kBAAkB,GAAG,KAAK,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,OAAO,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;gBACxC,OAAO,CAAC,UAAU,GAAG,WAAW,CAAC;YACnC,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC5C,GAAG,CAAC,MAAM,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtB,IAAI,UAAU,CAAC,GAAG,CAAC;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAC5B,OAAO,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/secret-store/file-store.d.ts CHANGED Viewed

@@ -3,13 +3,26 @@
  *
  * 密钥派生：
  *   - 传入 encryptionSeed → 从 seed 字符串派生
- *   - 未传 → 从 {root}/.seed 文件派生（首次自动生成）
+ *   - 未传 → 从空字符串派生；旧 .seed 仅作为严格迁移/失败回退来源
  *
  * 与 Python SDK 的 FileSecretStore 完全对齐。
  */
 import type { SecretStore } from './index.js';
 import type { SecretRecord } from '../types.js';
 import type { ModuleLogger } from '../logger.js';
+export declare class SeedMigrationError extends Error {
+    constructor(message: string);
+}
+export interface SeedChangeResult {
+    migrated: number;
+    skipped: number;
+    errors: number;
+    seedFilesProcessed: number;
+    seedFilesRenamed: number;
+    privateKeysVerified: number;
+    privateKeysMigrated: number;
+    activeSeed?: Buffer;
+}
 export declare class FileSecretStore implements SecretStore {
     private _root;
     private _masterKey;
@@ -20,10 +33,16 @@ export declare class FileSecretStore implements SecretStore {
     }, opts?: {
         logger?: ModuleLogger;
     });
+    static changeSeed(root: string, oldSeed: string, newSeed: string, opts?: {
+        logger?: ModuleLogger;
+    }): SeedChangeResult;
+    changeSeed(oldSeed: string, newSeed: string): SeedChangeResult;
     protect(scope: string, name: string, plaintext: Buffer): SecretRecord;
     reveal(scope: string, name: string, record: SecretRecord): Buffer | null;
     /** 使用 HMAC-SHA256 从主密钥派生子密钥 */
     private _deriveKey;
-    /** 三级恢复：文件 → SQLite → 新建，双写确保一致 */
+    /** 自动迁移：检测旧 .seed 文件并迁移加密材料到 seed_password 派生的新 master_key */
+    private _autoMigrateFromSeedFile;
+    /** [已废弃] 仅保留供参考，不再被调用。 */
     private _loadOrCreateSeed;
 }

package/dist/secret-store/file-store.js CHANGED Viewed

@@ -3,12 +3,12 @@
  *
  * 密钥派生：
  *   - 传入 encryptionSeed → 从 seed 字符串派生
- *   - 未传 → 从 {root}/.seed 文件派生（首次自动生成）
+ *   - 未传 → 从空字符串派生；旧 .seed 仅作为严格迁移/失败回退来源
  *
  * 与 Python SDK 的 FileSecretStore 完全对齐。
  */
 import { createCipheriv, createDecipheriv, createHmac, pbkdf2Sync, randomBytes, } from 'node:crypto';
-import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync, } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync, renameSync, readdirSync, } from 'node:fs';
 import { join } from 'node:path';
 const _noopLogger = { error: () => { }, warn: () => { }, info: () => { }, debug: () => { } };
 function decodeSecretPart(value) {
@@ -17,6 +17,134 @@ function decodeSecretPart(value) {
     }
     return Buffer.from(value, 'base64');
 }
+export class SeedMigrationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'SeedMigrationError';
+    }
+}
+function deriveMasterKey(seedBytes) {
+    return pbkdf2Sync(seedBytes, 'aun_file_secret_store_v1', 100_000, 32, 'sha256');
+}
+function tryDecryptWithKey(masterKey, scope, name, record) {
+    if (record.scheme !== 'file_aes')
+        return null;
+    if (String(record.name ?? name) !== name)
+        return null;
+    try {
+        const key = createHmac('sha256', masterKey).update(`aun:${scope}:${name}\x01`).digest();
+        const decipher = createDecipheriv('aes-256-gcm', key, decodeSecretPart(String(record.nonce)));
+        decipher.setAuthTag(decodeSecretPart(String(record.tag)));
+        return Buffer.concat([decipher.update(decodeSecretPart(String(record.ciphertext))), decipher.final()]);
+    }
+    catch {
+        return null;
+    }
+}
+function encryptWithKey(masterKey, scope, name, plaintext) {
+    const key = createHmac('sha256', masterKey).update(`aun:${scope}:${name}\x01`).digest();
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, nonce);
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return {
+        scheme: 'file_aes',
+        name,
+        persisted: true,
+        nonce: nonce.toString('base64'),
+        ciphertext: encrypted.toString('base64'),
+        tag: tag.toString('base64'),
+    };
+}
+function renameSeedFile(seedPath) {
+    const ts = Math.floor(Date.now() / 1000);
+    let target = `${seedPath}.migrated.${ts}`;
+    for (let index = 1; existsSync(target); index += 1) {
+        target = `${seedPath}.migrated.${ts}.${index}`;
+    }
+    try {
+        renameSync(seedPath, target);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function verifyPrivateKeys(root, oldMasterKey) {
+    const aidsRoot = join(root, 'AIDs');
+    if (!existsSync(aidsRoot))
+        throw new SeedMigrationError('seed migration refused: AIDs directory not found');
+    const migrations = [];
+    for (const entry of readdirSync(aidsRoot, { withFileTypes: true })) {
+        if (!entry.isDirectory() || entry.name.startsWith('_'))
+            continue;
+        const aid = entry.name;
+        const keyPath = join(aidsRoot, aid, 'private', 'key.json');
+        if (!existsSync(keyPath))
+            continue;
+        let data;
+        try {
+            data = JSON.parse(readFileSync(keyPath, 'utf-8'));
+        }
+        catch (exc) {
+            throw new SeedMigrationError(`seed migration refused: invalid key.json for ${aid}: ${exc instanceof Error ? exc.message : String(exc)}`);
+        }
+        const protection = data?.private_key_protection;
+        if (!protection)
+            continue;
+        if (protection.scheme !== 'file_aes')
+            continue;
+        const name = 'identity/private_key';
+        if (String(protection.name ?? name) !== name) {
+            throw new SeedMigrationError(`seed migration refused: unexpected private key record name for ${aid}`);
+        }
+        const plain = tryDecryptWithKey(oldMasterKey, aid, name, protection);
+        if (!plain) {
+            throw new SeedMigrationError(`seed migration refused: private key is not encrypted by old seed: aid=${aid}`);
+        }
+        migrations.push({ aid, path: keyPath, plaintext: plain });
+    }
+    if (migrations.length === 0) {
+        throw new SeedMigrationError('seed migration refused: no encrypted private key verified with old seed');
+    }
+    return migrations;
+}
+function changeSeedBytes(root, oldSeedBytes, newSeedBytes, renameSeedPath, logger = _noopLogger) {
+    const oldMasterKey = deriveMasterKey(oldSeedBytes);
+    const newMasterKey = deriveMasterKey(newSeedBytes);
+    const migrations = verifyPrivateKeys(root, oldMasterKey);
+    const result = {
+        migrated: 0,
+        skipped: 0,
+        errors: 0,
+        seedFilesProcessed: renameSeedPath ? 1 : 0,
+        seedFilesRenamed: 0,
+        privateKeysVerified: migrations.length,
+        privateKeysMigrated: 0,
+        activeSeed: newSeedBytes,
+    };
+    if (oldMasterKey.equals(newMasterKey)) {
+        if (renameSeedPath && renameSeedFile(renameSeedPath))
+            result.seedFilesRenamed = 1;
+        return result;
+    }
+    for (const item of migrations) {
+        const record = encryptWithKey(newMasterKey, item.aid, 'identity/private_key', item.plaintext);
+        const verified = tryDecryptWithKey(newMasterKey, item.aid, 'identity/private_key', record);
+        if (!verified || !verified.equals(item.plaintext)) {
+            throw new SeedMigrationError(`new seed verification failed for private key: aid=${item.aid}`);
+        }
+        const data = JSON.parse(readFileSync(item.path, 'utf-8'));
+        data.private_key_protection = record;
+        writeFileSync(item.path, JSON.stringify(data, null, 2), 'utf-8');
+        result.migrated += 1;
+        result.privateKeysMigrated += 1;
+    }
+    if (renameSeedPath && renameSeedFile(renameSeedPath))
+        result.seedFilesRenamed = 1;
+    logger.info(`seed migration complete: migrated=${result.migrated} skipped=${result.skipped} private_keys=${result.privateKeysMigrated} renamed=${result.seedFilesRenamed}`);
+    return result;
+}
 export class FileSecretStore {
     _root;
     _masterKey;
@@ -25,15 +153,27 @@ export class FileSecretStore {
         this._root = root;
         this._logger = opts?.logger ?? _noopLogger;
         mkdirSync(this._root, { recursive: true });
-        let seedBytes;
-        if (encryptionSeed) {
-            seedBytes = Buffer.from(encryptionSeed, 'utf-8');
-        }
-        else {
-            seedBytes = this._loadOrCreateSeed(sqliteBackup);
-        }
+        // seed_password 必传（空字符串有效），不再 fallback 到 .seed 文件
+        const seedPassword = encryptionSeed ?? '';
+        const newSeedBytes = Buffer.from(seedPassword, 'utf-8');
         // PBKDF2 派生主密钥，与 Python SDK 参数完全一致
-        this._masterKey = pbkdf2Sync(seedBytes, 'aun_file_secret_store_v1', 100_000, 32, 'sha256');
+        this._masterKey = deriveMasterKey(newSeedBytes);
+        // 自动迁移：检测旧 .seed 文件，把旧 key 加密的材料迁移到新 key
+        const activeSeed = this._autoMigrateFromSeedFile(newSeedBytes);
+        if (activeSeed)
+            this._masterKey = deriveMasterKey(activeSeed);
+    }
+    static changeSeed(root, oldSeed, newSeed, opts) {
+        const oldSeedBytes = oldSeed === '.seed' ? readFileSync(join(root, '.seed')) : Buffer.from(oldSeed, 'utf-8');
+        if (oldSeed === '.seed' && oldSeedBytes.length === 0) {
+            throw new SeedMigrationError('seed migration refused: .seed is empty');
+        }
+        return changeSeedBytes(root, oldSeedBytes, Buffer.from(newSeed, 'utf-8'), oldSeed === '.seed' ? join(root, '.seed') : undefined, opts?.logger ?? _noopLogger);
+    }
+    changeSeed(oldSeed, newSeed) {
+        const result = FileSecretStore.changeSeed(this._root, oldSeed, newSeed, { logger: this._logger });
+        this._masterKey = deriveMasterKey(Buffer.from(newSeed, 'utf-8'));
+        return result;
     }
     protect(scope, name, plaintext) {
         const key = this._deriveKey(scope, name);
@@ -81,7 +221,22 @@ export class FileSecretStore {
             .update(`aun:${scope}:${name}\x01`)
             .digest();
     }
-    /** 三级恢复：文件 → SQLite → 新建，双写确保一致 */
+    /** 自动迁移：检测旧 .seed 文件并迁移加密材料到 seed_password 派生的新 master_key */
+    _autoMigrateFromSeedFile(newSeedBytes) {
+        const seedPath = join(this._root, '.seed');
+        if (!existsSync(seedPath))
+            return null;
+        const oldSeedBytes = readFileSync(seedPath);
+        try {
+            const result = changeSeedBytes(this._root, oldSeedBytes, newSeedBytes, seedPath, this._logger);
+            return result.activeSeed ?? newSeedBytes;
+        }
+        catch (exc) {
+            this._logger.warn(`seed migration failed; continuing with legacy .seed: ${exc instanceof Error ? exc.message : String(exc)}`);
+            return oldSeedBytes;
+        }
+    }
+    /** [已废弃] 仅保留供参考，不再被调用。 */
     _loadOrCreateSeed(backup) {
         const seedPath = join(this._root, '.seed');
         let source = '';

package/dist/secret-store/file-store.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"file-store.js","sourceRoot":"","sources":["../../src/secret-store/file-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,SAAS,GACV,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAMjC,MAAM,WAAW,GAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAC;AAEvG,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,OAAO,eAAe;IAClB,KAAK,CAAS;IACd,UAAU,CAAS;IACnB,OAAO,CAAe;IAE9B,YACE,IAAY,EACZ,cAAuB,EACvB,YAA+E,EAC/E,IAAgC;QAEhC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,MAAM,IAAI,WAAW,CAAC;QAC3C,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3C,IAAI,SAAiB,CAAC;QACtB,IAAI,cAAc,EAAE,CAAC;YACnB,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACnD,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,UAAU,GAAG,UAAU,CAC1B,SAAS,EACT,0BAA0B,EAC1B,OAAO,EACP,EAAE,EACF,QAAQ,CACT,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,IAAY,EAAE,SAAiB;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,IAAI;YACJ,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC/B,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,IAAY,EAAE,MAAoB;QACtD,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;QAC9C,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAEpD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEhD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClF,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACxC,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kCAAkC,KAAK,UAAU,IAAI,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC1K,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,+BAA+B;IACvB,UAAU,CAAC,KAAa,EAAE,IAAY;QAC5C,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;aACzC,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC;aAClC,MAAM,EAAE,CAAC;IACd,CAAC;IAED,mCAAmC;IAC3B,iBAAiB,CAAC,MAAyE;QACjG,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,UAAU;QACV,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACpC,MAAM,GAAG,MAAM,CAAC;YAChB,kBAAkB;YAClB,IAAI,MAAM;gBAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YACtC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,MAAM,GAAG,QAAQ,CAAC;gBAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACtD,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAClC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACjC,IAAI,CAAC;wBAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC5D,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAC5D,CAAC;QACD,gBAAgB;QAChB,IAAI,MAAM;YAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
1	+ {"version":3,"file":"file-store.js","sourceRoot":"","sources":["../../src/secret-store/file-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,SAAS,EAET,UAAU,EACV,WAAW,GACZ,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAMjC,MAAM,WAAW,GAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAC;AAEvG,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAmBD,SAAS,eAAe,CAAC,SAAiB;IACxC,OAAO,UAAU,CAAC,SAAS,EAAE,0BAA0B,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAiB,EAAE,KAAa,EAAE,IAAY,EAAE,MAAoB;IAC7F,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;QACxF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9F,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACzG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,SAAiB,EAAE,KAAa,EAAE,IAAY,EAAE,SAAiB;IACvF,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IACxF,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,IAAI;QACJ,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/B,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACzC,IAAI,MAAM,GAAG,GAAG,QAAQ,aAAa,EAAE,EAAE,CAAC;IAC1C,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,GAAG,GAAG,QAAQ,aAAa,EAAE,IAAI,KAAK,EAAE,CAAC;IACjD,CAAC;IACD,IAAI,CAAC;QACH,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,YAAoB;IAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,kBAAkB,CAAC,kDAAkD,CAAC,CAAC;IAE5G,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACjE,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,SAAS;QACnC,IAAI,IAAS,CAAC;QACd,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,kBAAkB,CAAC,gDAAgD,GAAG,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3I,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,EAAE,sBAAsB,CAAC;QAChD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,IAAI,UAAU,CAAC,MAAM,KAAK,UAAU;YAAE,SAAS;QAC/C,MAAM,IAAI,GAAG,sBAAsB,CAAC;QACpC,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,IAAI,kBAAkB,CAAC,kEAAkE,GAAG,EAAE,CAAC,CAAC;QACxG,CAAC;QACD,MAAM,KAAK,GAAG,iBAAiB,CAAC,YAAY,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,kBAAkB,CAAC,yEAAyE,GAAG,EAAE,CAAC,CAAC;QAC/G,CAAC;QACD,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,kBAAkB,CAAC,yEAAyE,CAAC,CAAC;IAC1G,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,YAAoB,EACpB,YAAoB,EACpB,cAAuB,EACvB,SAAuB,WAAW;IAElC,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACzD,MAAM,MAAM,GAAqB;QAC/B,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,CAAC;QACT,kBAAkB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,gBAAgB,EAAE,CAAC;QACnB,mBAAmB,EAAE,UAAU,CAAC,MAAM;QACtC,mBAAmB,EAAE,CAAC;QACtB,UAAU,EAAE,YAAY;KACzB,CAAC;IAEF,IAAI,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;QACtC,IAAI,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC;YAAE,MAAM,CAAC,gBAAgB,GAAG,CAAC,CAAC;QAClF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,sBAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9F,MAAM,QAAQ,GAAG,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC3F,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAChG,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,sBAAsB,GAAG,MAAM,CAAC;QACrC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACjE,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;QACrB,MAAM,CAAC,mBAAmB,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC;QAAE,MAAM,CAAC,gBAAgB,GAAG,CAAC,CAAC;IAClF,MAAM,CAAC,IAAI,CAAC,qCAAqC,MAAM,CAAC,QAAQ,YAAY,MAAM,CAAC,OAAO,iBAAiB,MAAM,CAAC,mBAAmB,YAAY,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC5K,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,OAAO,eAAe;IAClB,KAAK,CAAS;IACd,UAAU,CAAS;IACnB,OAAO,CAAe;IAE9B,YACE,IAAY,EACZ,cAAuB,EACvB,YAA+E,EAC/E,IAAgC;QAEhC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,MAAM,IAAI,WAAW,CAAC;QAC3C,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3C,kDAAkD;QAClD,MAAM,YAAY,GAAG,cAAc,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAExD,mCAAmC;QACnC,IAAI,CAAC,UAAU,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAEhD,yCAAyC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;QAC/D,IAAI,UAAU;YAAE,IAAI,CAAC,UAAU,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,IAAY,EAAE,OAAe,EAAE,OAAe,EAAE,IAAgC;QAChG,MAAM,YAAY,GAAG,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7G,IAAI,OAAO,KAAK,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,kBAAkB,CAAC,wCAAwC,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,eAAe,CACpB,IAAI,EACJ,YAAY,EACZ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,EAC7B,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,EACrD,IAAI,EAAE,MAAM,IAAI,WAAW,CAC5B,CAAC;IACJ,CAAC;IAED,UAAU,CAAC,OAAe,EAAE,OAAe;QACzC,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAClG,IAAI,CAAC,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACjE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,IAAY,EAAE,SAAiB;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,IAAI;YACJ,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC/B,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,IAAY,EAAE,MAAoB;QACtD,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;QAC9C,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAEpD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEhD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClF,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACxC,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kCAAkC,KAAK,UAAU,IAAI,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC1K,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,+BAA+B;IACvB,UAAU,CAAC,KAAa,EAAE,IAAY;QAC5C,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;aACzC,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC;aAClC,MAAM,EAAE,CAAC;IACd,CAAC;IAED,8DAA8D;IACtD,wBAAwB,CAAC,YAAoB;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAEvC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/F,OAAO,MAAM,CAAC,UAAU,IAAI,YAAY,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,wDAAwD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9H,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,0BAA0B;IAClB,iBAAiB,CAAC,MAAyE;QACjG,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,UAAU;QACV,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACpC,MAAM,GAAG,MAAM,CAAC;YAChB,kBAAkB;YAClB,IAAI,MAAM;gBAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YACtC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,MAAM,GAAG,QAAQ,CAAC;gBAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACtD,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAClC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBACjC,IAAI,CAAC;wBAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC5D,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC;gBAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAC5D,CAAC;QACD,gBAAgB;QAChB,IAAI,MAAM;YAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/seq-tracker.d.ts CHANGED Viewed

@@ -4,6 +4,16 @@ export declare class SeqTracker {
     private _get;
     getContiguousSeq(ns: string): number;
     getMaxSeenSeq(ns: string): number;
+    /** Push 专用：只扩展上界 maxSeenSeq，不动 contiguousSeq。
+     *
+     * 语义：服务端告诉 SDK"我有 seq 这条消息"，SDK 仅更新已知上界。
+     * 消息内容是否解密成功、是否进入连续前缀，由 pull/decrypt 路径决定。
+     *
+     * 防御：
+     * - seq <= 0 直接忽略（防御负数/恶意值）
+     * - 不会让 maxSeenSeq 倒退（仅取 max）
+     */
+    updateMaxSeen(ns: string, seq: number): void;
     /** S2: 从持久化（keystore 最近 ack seq）恢复 baseline，
      *  以便首条 push 消息能构造 [baseline+1, seq-1] 的历史 gap。
      *  必须在收到首条消息前调用。 */
@@ -24,10 +34,29 @@ export declare class SeqTracker {
     private _shouldProbe;
     /** S2: 服务端明确告知某区间无消息（tombstone）→ 将 gap 标记为 resolved */
     markGapResolvedByTombstone(ns: string, gapStart: number, gapEnd: number): void;
-    /** 强制跳过不连续区间，将 contiguousSeq 拨到指定位置。
-     *  当服务端返回 server_ack_seq 且本地 contiguousSeq 落后时调用，
-     *  跳过 [contiguousSeq, server_ack_seq) 这段不连续区间。 */
+    /** Pull 专用：强制推进 contiguousSeq（已连续到达的下界）。
+     *
+     * 语义：用于 pull 返回 server_ack_seq 后跳过被 GC/已 ack 的历史区间。
+     * 仅增不减（防御 server_ack 倒退）。
+     *
+     * 防御：
+     * - seq <= 0 直接忽略（防御负数/恶意值）
+     * - 仅推进，不倒退（与 maxSeenSeq 共同维护不变式 contiguousSeq ≤ maxSeenSeq）
+     */
     forceContiguousSeq(ns: string, seq: number): void;
+    /** 脏数据修复：允许 contiguousSeq 倒退到指定值。
+     *
+     * 仅在以下场景使用：
+     * - Push 路径检测到 contiguousSeq > pushSeq（contiguousSeq 被之前的脏数据污染）
+     * - 持久化恢复后发现 contiguousSeq > 服务端真实最大值
+     *
+     * 与 forceContiguousSeq 的区别：forceContiguousSeq 只增不减；本方法允许倒退修复。
+     *
+     * 防御：
+     * - seq < 0 视为 0（不允许负数）
+     * - 倒退后 receivedSeqs / pendingGaps 重置（已知状态作废）
+     */
+    repairContiguousSeq(ns: string, seq: number): void;
     /** 删除指定命名空间的所有跟踪状态（群组解散时使用） */
     removeNamespace(ns: string): void;
     /** 导出各命名空间的 contiguousSeq，用于持久化 */

package/dist/seq-tracker.js CHANGED Viewed

@@ -32,6 +32,23 @@ export class SeqTracker {
     getMaxSeenSeq(ns) {
         return this._get(ns).maxSeenSeq;
     }
+    /** Push 专用：只扩展上界 maxSeenSeq，不动 contiguousSeq。
+     *
+     * 语义：服务端告诉 SDK"我有 seq 这条消息"，SDK 仅更新已知上界。
+     * 消息内容是否解密成功、是否进入连续前缀，由 pull/decrypt 路径决定。
+     *
+     * 防御：
+     * - seq <= 0 直接忽略（防御负数/恶意值）
+     * - 不会让 maxSeenSeq 倒退（仅取 max）
+     */
+    updateMaxSeen(ns, seq) {
+        if (seq <= 0)
+            return;
+        const t = this._get(ns);
+        if (seq > t.maxSeenSeq) {
+            t.maxSeenSeq = seq;
+        }
+    }
     /** S2: 从持久化（keystore 最近 ack seq）恢复 baseline，
      *  以便首条 push 消息能构造 [baseline+1, seq-1] 的历史 gap。
      *  必须在收到首条消息前调用。 */
@@ -226,10 +243,18 @@ export class SeqTracker {
         }
         this._tryAdvance(t);
     }
-    /** 强制跳过不连续区间，将 contiguousSeq 拨到指定位置。
-     *  当服务端返回 server_ack_seq 且本地 contiguousSeq 落后时调用，
-     *  跳过 [contiguousSeq, server_ack_seq) 这段不连续区间。 */
+    /** Pull 专用：强制推进 contiguousSeq（已连续到达的下界）。
+     *
+     * 语义：用于 pull 返回 server_ack_seq 后跳过被 GC/已 ack 的历史区间。
+     * 仅增不减（防御 server_ack 倒退）。
+     *
+     * 防御：
+     * - seq <= 0 直接忽略（防御负数/恶意值）
+     * - 仅推进，不倒退（与 maxSeenSeq 共同维护不变式 contiguousSeq ≤ maxSeenSeq）
+     */
     forceContiguousSeq(ns, seq) {
+        if (seq <= 0)
+            return;
         const t = this._get(ns);
         if (seq > t.contiguousSeq) {
             // 清除被跳过区间内的 pendingGaps
@@ -248,6 +273,38 @@ export class SeqTracker {
             this._tryAdvance(t);
         }
     }
+    /** 脏数据修复：允许 contiguousSeq 倒退到指定值。
+     *
+     * 仅在以下场景使用：
+     * - Push 路径检测到 contiguousSeq > pushSeq（contiguousSeq 被之前的脏数据污染）
+     * - 持久化恢复后发现 contiguousSeq > 服务端真实最大值
+     *
+     * 与 forceContiguousSeq 的区别：forceContiguousSeq 只增不减；本方法允许倒退修复。
+     *
+     * 防御：
+     * - seq < 0 视为 0（不允许负数）
+     * - 倒退后 receivedSeqs / pendingGaps 重置（已知状态作废）
+     */
+    repairContiguousSeq(ns, seq) {
+        if (seq < 0)
+            seq = 0;
+        const t = this._get(ns);
+        if (seq < t.contiguousSeq) {
+            // 倒退修复：重置 receivedSeqs（之前认为已收到的 seq 可能是脏数据）
+            for (const s of t.receivedSeqs) {
+                if (s <= seq)
+                    t.receivedSeqs.delete(s);
+            }
+            // 清除所有覆盖被倒退区间的 pendingGaps
+            for (const [key, probe] of t.pendingGaps) {
+                if (probe.gapStart <= seq) {
+                    t.pendingGaps.delete(key);
+                }
+            }
+            t.contiguousSeq = seq;
+            // maxSeenSeq 不动（push 已经告诉我们上界存在）
+        }
+    }
     /** 删除指定命名空间的所有跟踪状态（群组解散时使用） */
     removeNamespace(ns) {
         this._trackers.delete(ns);