npm - @agirails/sdk - Versions diffs - 2.0.0 → 2.0.1-beta - Mend

@agirails/sdk 2.0.0 → 2.0.1-beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/README.md +108 -116
package/dist/ACTPClient.d.ts +33 -456
package/dist/ACTPClient.d.ts.map +1 -1
package/dist/ACTPClient.js +93 -477
package/dist/ACTPClient.js.map +1 -1
package/dist/abi/EscrowVault.json +38 -106
package/dist/builders/DeliveryProofBuilder.d.ts +1 -60
package/dist/builders/DeliveryProofBuilder.d.ts.map +1 -1
package/dist/builders/DeliveryProofBuilder.js +5 -81
package/dist/builders/DeliveryProofBuilder.js.map +1 -1
package/dist/builders/QuoteBuilder.d.ts +0 -101
package/dist/builders/QuoteBuilder.d.ts.map +1 -1
package/dist/builders/QuoteBuilder.js +3 -120
package/dist/builders/QuoteBuilder.js.map +1 -1
package/dist/builders/index.d.ts +0 -4
package/dist/builders/index.d.ts.map +1 -1
package/dist/builders/index.js +0 -4
package/dist/builders/index.js.map +1 -1
package/dist/config/networks.d.ts +0 -28
package/dist/config/networks.d.ts.map +1 -1
package/dist/config/networks.js +12 -60
package/dist/config/networks.js.map +1 -1
package/dist/errors/index.d.ts +2 -165
package/dist/errors/index.d.ts.map +1 -1
package/dist/errors/index.js +2 -260
package/dist/errors/index.js.map +1 -1
package/dist/index.d.ts +13 -61
package/dist/index.d.ts.map +1 -1
package/dist/index.js +36 -141
package/dist/index.js.map +1 -1
package/dist/protocol/ACTPKernel.d.ts +2 -229
package/dist/protocol/ACTPKernel.d.ts.map +1 -1
package/dist/protocol/ACTPKernel.js +33 -367
package/dist/protocol/ACTPKernel.js.map +1 -1
package/dist/protocol/EASHelper.d.ts +2 -57
package/dist/protocol/EASHelper.d.ts.map +1 -1
package/dist/protocol/EASHelper.js +37 -230
package/dist/protocol/EASHelper.js.map +1 -1
package/dist/protocol/EscrowVault.d.ts +2 -93
package/dist/protocol/EscrowVault.d.ts.map +1 -1
package/dist/protocol/EscrowVault.js +33 -122
package/dist/protocol/EscrowVault.js.map +1 -1
package/dist/protocol/EventMonitor.d.ts +1 -45
package/dist/protocol/EventMonitor.d.ts.map +1 -1
package/dist/protocol/EventMonitor.js +8 -64
package/dist/protocol/EventMonitor.js.map +1 -1
package/dist/protocol/MessageSigner.d.ts +2 -116
package/dist/protocol/MessageSigner.d.ts.map +1 -1
package/dist/protocol/MessageSigner.js +9 -215
package/dist/protocol/MessageSigner.js.map +1 -1
package/dist/protocol/ProofGenerator.d.ts +0 -93
package/dist/protocol/ProofGenerator.d.ts.map +1 -1
package/dist/protocol/ProofGenerator.js +9 -194
package/dist/protocol/ProofGenerator.js.map +1 -1
package/dist/protocol/QuoteBuilder.d.ts +0 -8
package/dist/protocol/QuoteBuilder.d.ts.map +1 -1
package/dist/protocol/QuoteBuilder.js +0 -8
package/dist/protocol/QuoteBuilder.js.map +1 -1
package/dist/types/eip712.d.ts +0 -34
package/dist/types/eip712.d.ts.map +1 -1
package/dist/types/eip712.js +5 -31
package/dist/types/eip712.js.map +1 -1
package/dist/types/escrow.d.ts +10 -17
package/dist/types/escrow.d.ts.map +1 -1
package/dist/types/index.d.ts +0 -5
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +0 -8
package/dist/types/index.js.map +1 -1
package/dist/types/message.d.ts +0 -32
package/dist/types/message.d.ts.map +1 -1
package/dist/types/message.js +0 -4
package/dist/types/message.js.map +1 -1
package/dist/types/state.d.ts +0 -28
package/dist/types/state.d.ts.map +1 -1
package/dist/types/state.js +6 -37
package/dist/types/state.js.map +1 -1
package/dist/types/transaction.d.ts +0 -17
package/dist/types/transaction.d.ts.map +1 -1
package/dist/utils/IPFSClient.d.ts +0 -113
package/dist/utils/IPFSClient.d.ts.map +1 -1
package/dist/utils/IPFSClient.js +7 -128
package/dist/utils/IPFSClient.js.map +1 -1
package/dist/utils/NonceManager.d.ts +1 -234
package/dist/utils/NonceManager.d.ts.map +1 -1
package/dist/utils/NonceManager.js +7 -372
package/dist/utils/NonceManager.js.map +1 -1
package/dist/utils/ReceivedNonceTracker.d.ts +0 -175
package/dist/utils/ReceivedNonceTracker.d.ts.map +1 -1
package/dist/utils/ReceivedNonceTracker.js +5 -261
package/dist/utils/ReceivedNonceTracker.js.map +1 -1
package/dist/utils/canonicalJson.d.ts +0 -22
package/dist/utils/canonicalJson.d.ts.map +1 -1
package/dist/utils/canonicalJson.js +3 -26
package/dist/utils/canonicalJson.js.map +1 -1
package/dist/utils/computeTypeHash.d.ts +0 -14
package/dist/utils/computeTypeHash.d.ts.map +1 -1
package/dist/utils/computeTypeHash.js +2 -19
package/dist/utils/computeTypeHash.js.map +1 -1
package/dist/utils/validation.d.ts +0 -40
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +7 -184
package/dist/utils/validation.js.map +1 -1
package/package.json +37 -54
package/src/ACTPClient.ts +178 -692
package/src/__tests__/ProofGenerator.test.ts +124 -0
package/src/__tests__/QuoteBuilder.test.ts +516 -0
package/src/__tests__/StateMachine.test.ts +82 -0
package/src/__tests__/builders/DeliveryProofBuilder.test.ts +581 -0
package/src/__tests__/integration/ACTPClient.test.ts +263 -0
package/src/__tests__/integration.test.ts +289 -0
package/src/__tests__/protocol/EASHelper.test.ts +472 -0
package/src/__tests__/protocol/EventMonitor.test.ts +382 -0
package/src/__tests__/security/ACTPKernel.security.test.ts +1167 -0
package/src/__tests__/security/EscrowVault.security.test.ts +570 -0
package/src/__tests__/security/MessageSigner.security.test.ts +286 -0
package/src/__tests__/security/NonceReplay.security.test.ts +501 -0
package/src/__tests__/security/validation.security.test.ts +376 -0
package/src/__tests__/utils/IPFSClient.test.ts +262 -0
package/src/__tests__/utils/NonceManager.test.ts +205 -0
package/src/__tests__/utils/canonicalJson.test.ts +153 -0
package/src/abi/EscrowVault.json +38 -106
package/src/builders/DeliveryProofBuilder.ts +2 -3
package/src/config/networks.ts +9 -32
package/src/errors/index.ts +1 -298
package/src/index.ts +71 -207
package/src/protocol/ACTPKernel.ts +23 -175
package/src/protocol/EASHelper.ts +46 -230
package/src/protocol/EscrowVault.ts +50 -68
package/src/protocol/EventMonitor.ts +15 -44
package/src/protocol/MessageSigner.ts +13 -193
package/src/protocol/ProofGenerator.ts +4 -223
package/src/types/escrow.ts +11 -12
package/src/types/index.ts +1 -5
package/src/types/state.ts +3 -12
package/src/types/transaction.ts +1 -4
package/src/utils/IPFSClient.ts +5 -122
package/src/utils/NonceManager.ts +8 -305
package/src/utils/ReceivedNonceTracker.ts +0 -170
package/src/utils/validation.ts +0 -164
package/LICENSE +0 -190
package/bin/actp +0 -10
package/dist/abi/AgentRegistry.json +0 -782
package/dist/abi/IdentityRegistry.json +0 -316
package/dist/adapters/BaseAdapter.d.ts +0 -231
package/dist/adapters/BaseAdapter.d.ts.map +0 -1
package/dist/adapters/BaseAdapter.js +0 -393
package/dist/adapters/BaseAdapter.js.map +0 -1
package/dist/adapters/BeginnerAdapter.d.ts +0 -152
package/dist/adapters/BeginnerAdapter.d.ts.map +0 -1
package/dist/adapters/BeginnerAdapter.js +0 -168
package/dist/adapters/BeginnerAdapter.js.map +0 -1
package/dist/adapters/IntermediateAdapter.d.ts +0 -211
package/dist/adapters/IntermediateAdapter.d.ts.map +0 -1
package/dist/adapters/IntermediateAdapter.js +0 -260
package/dist/adapters/IntermediateAdapter.js.map +0 -1
package/dist/adapters/index.d.ts +0 -15
package/dist/adapters/index.d.ts.map +0 -1
package/dist/adapters/index.js +0 -26
package/dist/adapters/index.js.map +0 -1
package/dist/cli/commands/balance.d.ts +0 -13
package/dist/cli/commands/balance.d.ts.map +0 -1
package/dist/cli/commands/balance.js +0 -89
package/dist/cli/commands/balance.js.map +0 -1
package/dist/cli/commands/batch.d.ts +0 -24
package/dist/cli/commands/batch.d.ts.map +0 -1
package/dist/cli/commands/batch.js +0 -424
package/dist/cli/commands/batch.js.map +0 -1
package/dist/cli/commands/config.d.ts +0 -13
package/dist/cli/commands/config.d.ts.map +0 -1
package/dist/cli/commands/config.js +0 -192
package/dist/cli/commands/config.js.map +0 -1
package/dist/cli/commands/init.d.ts +0 -19
package/dist/cli/commands/init.d.ts.map +0 -1
package/dist/cli/commands/init.js +0 -143
package/dist/cli/commands/init.js.map +0 -1
package/dist/cli/commands/mint.d.ts +0 -13
package/dist/cli/commands/mint.d.ts.map +0 -1
package/dist/cli/commands/mint.js +0 -91
package/dist/cli/commands/mint.js.map +0 -1
package/dist/cli/commands/pay.d.ts +0 -18
package/dist/cli/commands/pay.d.ts.map +0 -1
package/dist/cli/commands/pay.js +0 -87
package/dist/cli/commands/pay.js.map +0 -1
package/dist/cli/commands/simulate.d.ts +0 -32
package/dist/cli/commands/simulate.d.ts.map +0 -1
package/dist/cli/commands/simulate.js +0 -290
package/dist/cli/commands/simulate.js.map +0 -1
package/dist/cli/commands/time.d.ts +0 -29
package/dist/cli/commands/time.d.ts.map +0 -1
package/dist/cli/commands/time.js +0 -252
package/dist/cli/commands/time.js.map +0 -1
package/dist/cli/commands/tx.d.ts +0 -16
package/dist/cli/commands/tx.d.ts.map +0 -1
package/dist/cli/commands/tx.js +0 -379
package/dist/cli/commands/tx.js.map +0 -1
package/dist/cli/commands/watch.d.ts +0 -20
package/dist/cli/commands/watch.d.ts.map +0 -1
package/dist/cli/commands/watch.js +0 -160
package/dist/cli/commands/watch.js.map +0 -1
package/dist/cli/index.d.ts +0 -17
package/dist/cli/index.d.ts.map +0 -1
package/dist/cli/index.js +0 -104
package/dist/cli/index.js.map +0 -1
package/dist/cli/utils/client.d.ts +0 -70
package/dist/cli/utils/client.d.ts.map +0 -1
package/dist/cli/utils/client.js +0 -240
package/dist/cli/utils/client.js.map +0 -1
package/dist/cli/utils/config.d.ts +0 -91
package/dist/cli/utils/config.d.ts.map +0 -1
package/dist/cli/utils/config.js +0 -240
package/dist/cli/utils/config.js.map +0 -1
package/dist/cli/utils/output.d.ts +0 -174
package/dist/cli/utils/output.d.ts.map +0 -1
package/dist/cli/utils/output.js +0 -380
package/dist/cli/utils/output.js.map +0 -1
package/dist/level0/Provider.d.ts +0 -106
package/dist/level0/Provider.d.ts.map +0 -1
package/dist/level0/Provider.js +0 -10
package/dist/level0/Provider.js.map +0 -1
package/dist/level0/ServiceDirectory.d.ts +0 -74
package/dist/level0/ServiceDirectory.d.ts.map +0 -1
package/dist/level0/ServiceDirectory.js +0 -122
package/dist/level0/ServiceDirectory.js.map +0 -1
package/dist/level0/index.d.ts +0 -10
package/dist/level0/index.d.ts.map +0 -1
package/dist/level0/index.js +0 -15
package/dist/level0/index.js.map +0 -1
package/dist/level0/provide.d.ts +0 -51
package/dist/level0/provide.d.ts.map +0 -1
package/dist/level0/provide.js +0 -113
package/dist/level0/provide.js.map +0 -1
package/dist/level0/request.d.ts +0 -53
package/dist/level0/request.d.ts.map +0 -1
package/dist/level0/request.js +0 -462
package/dist/level0/request.js.map +0 -1
package/dist/level1/Agent.d.ts +0 -472
package/dist/level1/Agent.d.ts.map +0 -1
package/dist/level1/Agent.js +0 -1091
package/dist/level1/Agent.js.map +0 -1
package/dist/level1/index.d.ts +0 -10
package/dist/level1/index.d.ts.map +0 -1
package/dist/level1/index.js +0 -30
package/dist/level1/index.js.map +0 -1
package/dist/level1/pricing/PriceCalculator.d.ts +0 -62
package/dist/level1/pricing/PriceCalculator.d.ts.map +0 -1
package/dist/level1/pricing/PriceCalculator.js +0 -237
package/dist/level1/pricing/PriceCalculator.js.map +0 -1
package/dist/level1/pricing/PricingStrategy.d.ts +0 -179
package/dist/level1/pricing/PricingStrategy.d.ts.map +0 -1
package/dist/level1/pricing/PricingStrategy.js +0 -11
package/dist/level1/pricing/PricingStrategy.js.map +0 -1
package/dist/level1/types/Job.d.ts +0 -166
package/dist/level1/types/Job.d.ts.map +0 -1
package/dist/level1/types/Job.js +0 -11
package/dist/level1/types/Job.js.map +0 -1
package/dist/level1/types/Options.d.ts +0 -258
package/dist/level1/types/Options.d.ts.map +0 -1
package/dist/level1/types/Options.js +0 -8
package/dist/level1/types/Options.js.map +0 -1
package/dist/level1/types/index.d.ts +0 -8
package/dist/level1/types/index.d.ts.map +0 -1
package/dist/level1/types/index.js +0 -8
package/dist/level1/types/index.js.map +0 -1
package/dist/protocol/AgentRegistry.d.ts +0 -177
package/dist/protocol/AgentRegistry.d.ts.map +0 -1
package/dist/protocol/AgentRegistry.js +0 -449
package/dist/protocol/AgentRegistry.js.map +0 -1
package/dist/protocol/DIDManager.d.ts +0 -289
package/dist/protocol/DIDManager.d.ts.map +0 -1
package/dist/protocol/DIDManager.js +0 -481
package/dist/protocol/DIDManager.js.map +0 -1
package/dist/protocol/DIDResolver.d.ts +0 -236
package/dist/protocol/DIDResolver.d.ts.map +0 -1
package/dist/protocol/DIDResolver.js +0 -495
package/dist/protocol/DIDResolver.js.map +0 -1
package/dist/runtime/BlockchainRuntime.d.ts +0 -360
package/dist/runtime/BlockchainRuntime.d.ts.map +0 -1
package/dist/runtime/BlockchainRuntime.js +0 -767
package/dist/runtime/BlockchainRuntime.js.map +0 -1
package/dist/runtime/IACTPRuntime.d.ts +0 -271
package/dist/runtime/IACTPRuntime.d.ts.map +0 -1
package/dist/runtime/IACTPRuntime.js +0 -15
package/dist/runtime/IACTPRuntime.js.map +0 -1
package/dist/runtime/MockRuntime.d.ts +0 -445
package/dist/runtime/MockRuntime.d.ts.map +0 -1
package/dist/runtime/MockRuntime.js +0 -1065
package/dist/runtime/MockRuntime.js.map +0 -1
package/dist/runtime/MockStateManager.d.ts +0 -233
package/dist/runtime/MockStateManager.d.ts.map +0 -1
package/dist/runtime/MockStateManager.js +0 -533
package/dist/runtime/MockStateManager.js.map +0 -1
package/dist/runtime/index.d.ts +0 -14
package/dist/runtime/index.d.ts.map +0 -1
package/dist/runtime/index.js +0 -42
package/dist/runtime/index.js.map +0 -1
package/dist/runtime/types/MockState.d.ts +0 -167
package/dist/runtime/types/MockState.d.ts.map +0 -1
package/dist/runtime/types/MockState.js +0 -43
package/dist/runtime/types/MockState.js.map +0 -1
package/dist/types/agent.d.ts +0 -76
package/dist/types/agent.d.ts.map +0 -1
package/dist/types/agent.js +0 -8
package/dist/types/agent.js.map +0 -1
package/dist/types/did.d.ts +0 -192
package/dist/types/did.d.ts.map +0 -1
package/dist/types/did.js +0 -38
package/dist/types/did.js.map +0 -1
package/dist/utils/ErrorRecoveryGuide.d.ts +0 -125
package/dist/utils/ErrorRecoveryGuide.d.ts.map +0 -1
package/dist/utils/ErrorRecoveryGuide.js +0 -579
package/dist/utils/ErrorRecoveryGuide.js.map +0 -1
package/dist/utils/Helpers.d.ts +0 -453
package/dist/utils/Helpers.d.ts.map +0 -1
package/dist/utils/Helpers.js +0 -623
package/dist/utils/Helpers.js.map +0 -1
package/dist/utils/Logger.d.ts +0 -195
package/dist/utils/Logger.d.ts.map +0 -1
package/dist/utils/Logger.js +0 -382
package/dist/utils/Logger.js.map +0 -1
package/dist/utils/RateLimiter.d.ts +0 -253
package/dist/utils/RateLimiter.d.ts.map +0 -1
package/dist/utils/RateLimiter.js +0 -424
package/dist/utils/RateLimiter.js.map +0 -1
package/dist/utils/SDKLifecycle.d.ts +0 -156
package/dist/utils/SDKLifecycle.d.ts.map +0 -1
package/dist/utils/SDKLifecycle.js +0 -347
package/dist/utils/SDKLifecycle.js.map +0 -1
package/dist/utils/SecureNonce.d.ts +0 -57
package/dist/utils/SecureNonce.d.ts.map +0 -1
package/dist/utils/SecureNonce.js +0 -80
package/dist/utils/SecureNonce.js.map +0 -1
package/dist/utils/Semaphore.d.ts +0 -123
package/dist/utils/Semaphore.d.ts.map +0 -1
package/dist/utils/Semaphore.js +0 -247
package/dist/utils/Semaphore.js.map +0 -1
package/dist/utils/UsedAttestationTracker.d.ts +0 -167
package/dist/utils/UsedAttestationTracker.d.ts.map +0 -1
package/dist/utils/UsedAttestationTracker.js +0 -309
package/dist/utils/UsedAttestationTracker.js.map +0 -1
package/dist/utils/fsSafe.d.ts +0 -14
package/dist/utils/fsSafe.d.ts.map +0 -1
package/dist/utils/fsSafe.js +0 -89
package/dist/utils/fsSafe.js.map +0 -1
package/dist/utils/index.d.ts +0 -15
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js +0 -51
package/dist/utils/index.js.map +0 -1
package/dist/utils/security.d.ts +0 -147
package/dist/utils/security.d.ts.map +0 -1
package/dist/utils/security.js +0 -391
package/dist/utils/security.js.map +0 -1
package/src/abi/AgentRegistry.json +0 -782
package/src/abi/IdentityRegistry.json +0 -316
package/src/adapters/BaseAdapter.ts +0 -473
package/src/adapters/BeginnerAdapter.ts +0 -232
package/src/adapters/IntermediateAdapter.ts +0 -316
package/src/adapters/index.ts +0 -25
package/src/cli/commands/balance.ts +0 -110
package/src/cli/commands/batch.ts +0 -487
package/src/cli/commands/config.ts +0 -231
package/src/cli/commands/init.ts +0 -161
package/src/cli/commands/mint.ts +0 -116
package/src/cli/commands/pay.ts +0 -113
package/src/cli/commands/simulate.ts +0 -345
package/src/cli/commands/time.ts +0 -303
package/src/cli/commands/tx.ts +0 -448
package/src/cli/commands/watch.ts +0 -211
package/src/cli/index.ts +0 -116
package/src/cli/utils/client.ts +0 -249
package/src/cli/utils/config.ts +0 -282
package/src/cli/utils/output.ts +0 -465
package/src/level0/Provider.ts +0 -117
package/src/level0/ServiceDirectory.ts +0 -131
package/src/level0/index.ts +0 -10
package/src/level0/provide.ts +0 -131
package/src/level0/request.ts +0 -494
package/src/level1/Agent.ts +0 -1432
package/src/level1/index.ts +0 -10
package/src/level1/pricing/PriceCalculator.ts +0 -255
package/src/level1/pricing/PricingStrategy.ts +0 -198
package/src/level1/types/Job.ts +0 -179
package/src/level1/types/Options.ts +0 -291
package/src/level1/types/index.ts +0 -8
package/src/protocol/AgentRegistry.ts +0 -559
package/src/protocol/DIDManager.ts +0 -629
package/src/protocol/DIDResolver.ts +0 -554
package/src/runtime/BlockchainRuntime.ts +0 -993
package/src/runtime/IACTPRuntime.ts +0 -284
package/src/runtime/MockRuntime.ts +0 -1244
package/src/runtime/MockStateManager.ts +0 -576
package/src/runtime/index.ts +0 -25
package/src/runtime/types/MockState.ts +0 -227
package/src/types/agent.ts +0 -79
package/src/types/did.ts +0 -223
package/src/utils/ErrorRecoveryGuide.ts +0 -675
package/src/utils/Helpers.ts +0 -688
package/src/utils/Logger.ts +0 -484
package/src/utils/RateLimiter.ts +0 -534
package/src/utils/SDKLifecycle.ts +0 -416
package/src/utils/SecureNonce.ts +0 -78
package/src/utils/Semaphore.ts +0 -276
package/src/utils/UsedAttestationTracker.ts +0 -387
package/src/utils/fsSafe.ts +0 -75
package/src/utils/index.ts +0 -80
package/src/utils/security.ts +0 -418

package/src/utils/NonceManager.ts CHANGED Viewed

@@ -2,21 +2,7 @@
  * Nonce Manager Implementation
  * Tracks nonces per DID + message type for AIP-4 delivery proofs
  * Reference: AIP-4 §3.2 (nonce field requirement)
- *
- * SECURITY FIXES:
- * - C-2: Added atomic nonce allocation with locking
- * - H-1: Added persistent nonce storage option
- * - H-5: Added nonce upper bound validation
- */
-import { assertSafeFileForRead, ensureSafeDir, ensureSafeFile } from './fsSafe';
-/**
- * Maximum allowed nonce value.
- * SECURITY FIX (H-5): Prevents nonce overflow attacks.
- * Using Number.MAX_SAFE_INTEGER (2^53 - 1) to ensure safe JavaScript integer operations.
  */
-export const MAX_NONCE_VALUE = Number.MAX_SAFE_INTEGER;
 /**
  * Nonce Manager Interface (from DeliveryProofBuilder)
@@ -54,10 +40,6 @@ export interface NonceManager {
  * In-Memory Nonce Manager
  * Simple implementation using Map for per-message-type nonce tracking
  *
- * SECURITY FIXES:
- * - C-2: Added atomic getAndIncrementNonce() to prevent race conditions
- * - H-5: Added nonce upper bound validation
- *
  * ⚠️ WARNING: Nonces are lost on process restart. For production:
  * - Use persistent storage (Redis, PostgreSQL, etc.)
  * - Implement nonce recovery from blockchain events
@@ -65,9 +47,6 @@ export interface NonceManager {
  */
 export class InMemoryNonceManager implements NonceManager {
   private nonces: Map<string, number> = new Map();
-  // SECURITY FIX (C-2): Mutex for atomic nonce operations
-  // Store both the promise and its resolver for proper lock release
-  private locks: Map<string, { promise: Promise<void>; resolve: () => void }> = new Map();
   /**
    * Create in-memory nonce manager
@@ -76,58 +55,11 @@ export class InMemoryNonceManager implements NonceManager {
   constructor(initialNonces?: Record<string, number>) {
     if (initialNonces) {
       Object.entries(initialNonces).forEach(([messageType, nonce]) => {
-        // SECURITY FIX (H-5): Validate initial nonces
-        if (nonce > MAX_NONCE_VALUE) {
-          throw new Error(
-            `Initial nonce ${nonce} for ${messageType} exceeds maximum allowed value ${MAX_NONCE_VALUE}`
-          );
-        }
         this.nonces.set(messageType, nonce);
       });
     }
   }
-  /**
-   * SECURITY FIX (C-2 + DEADLOCK-FIX): Acquire lock for message type
-   * Ensures atomic nonce operations.
-   *
-   * FIXED: Previous implementation had a deadlock bug where:
-   * - The resolver was stored in a closure but never accessible to releaseLock()
-   * - releaseLock() just deleted the entry without resolving waiting Promises
-   *
-   * New implementation stores both promise AND resolver together.
-   */
-  private async acquireLock(messageType: string): Promise<void> {
-    // Wait for any existing lock to be released
-    while (this.locks.has(messageType)) {
-      const existingLock = this.locks.get(messageType);
-      if (existingLock) {
-        await existingLock.promise;
-      }
-    }
-    // Create new lock with stored resolver
-    let resolver: () => void = () => {};
-    const lockPromise = new Promise<void>((resolve) => {
-      resolver = resolve;
-    });
-    this.locks.set(messageType, { promise: lockPromise, resolve: resolver });
-  }
-  /**
-   * SECURITY FIX (C-2 + DEADLOCK-FIX): Release lock for message type
-   *
-   * FIXED: Now properly resolves the Promise before deleting,
-   * so any waiting acquireLock() calls can proceed.
-   */
-  private releaseLock(messageType: string): void {
-    const lock = this.locks.get(messageType);
-    if (lock) {
-      lock.resolve(); // Resolve the promise first
-      this.locks.delete(messageType); // Then delete the entry
-    }
-  }
   /**
    * Get next nonce for message type
    * @param messageType - Message type identifier
@@ -135,44 +67,7 @@ export class InMemoryNonceManager implements NonceManager {
    */
   getNextNonce(messageType: string): number {
     const current = this.nonces.get(messageType) || 0;
-    const next = current + 1;
-    // SECURITY FIX (H-5): Check upper bound
-    if (next > MAX_NONCE_VALUE) {
-      throw new Error(
-        `Nonce overflow: next nonce ${next} exceeds maximum allowed value ${MAX_NONCE_VALUE}. ` +
-        `Consider resetting nonces or using a larger storage type.`
-      );
-    }
-    return next;
-  }
-  /**
-   * SECURITY FIX (C-2): Atomic get-and-increment nonce
-   * Returns the next nonce and records it atomically to prevent race conditions.
-   *
-   * @param messageType - Message type identifier
-   * @returns Atomically allocated nonce
-   */
-  async getAndIncrementNonce(messageType: string): Promise<number> {
-    await this.acquireLock(messageType);
-    try {
-      const current = this.nonces.get(messageType) || 0;
-      const next = current + 1;
-      // SECURITY FIX (H-5): Check upper bound
-      if (next > MAX_NONCE_VALUE) {
-        throw new Error(
-          `Nonce overflow: next nonce ${next} exceeds maximum allowed value ${MAX_NONCE_VALUE}`
-        );
-      }
-      this.nonces.set(messageType, next);
-      return next;
-    } finally {
-      this.releaseLock(messageType);
-    }
+    return current + 1;
   }
   /**
@@ -183,13 +78,6 @@ export class InMemoryNonceManager implements NonceManager {
   recordNonce(messageType: string, nonce: number): void {
     const current = this.nonces.get(messageType) || 0;
-    // SECURITY FIX (H-5): Check upper bound
-    if (nonce > MAX_NONCE_VALUE) {
-      throw new Error(
-        `Nonce ${nonce} exceeds maximum allowed value ${MAX_NONCE_VALUE}`
-      );
-    }
     // Ensure monotonic increase
     if (nonce <= current) {
       throw new Error(
@@ -388,203 +276,18 @@ export class DIDScopedNonceManager implements NonceManager {
   }
 }
-/**
- * File-based Nonce Manager for Persistent Storage
- *
- * SECURITY FIX (H-1): Persists nonces to disk to survive process restarts.
- * SECURITY FIX (NEW-H-4): File locking to prevent concurrent write corruption.
- * Uses atomic file writes (temp file + rename) for crash safety.
- *
- * @module utils/NonceManager
- */
-export class FileBasedNonceManager implements NonceManager {
-  private inMemory: InMemoryNonceManager;
-  private filePath: string;
-  private fs: typeof import('fs');
-  private path: typeof import('path');
-  private lockfile: typeof import('proper-lockfile');
-  /**
-   * Create file-based nonce manager
-   * @param stateDirectory - Directory to store nonces file
-   */
-  constructor(stateDirectory: string) {
-    this.fs = require('fs');
-    this.path = require('path');
-    // SECURITY FIX (NEW-H-4): File locking to prevent race conditions
-    this.lockfile = require('proper-lockfile');
-    // Ensure .actp directory exists
-    const actpDir = this.path.join(stateDirectory, '.actp');
-    ensureSafeDir(actpDir, 0o755);
-    this.filePath = this.path.join(actpDir, 'nonces.json');
-    // Load existing nonces
-    const initialNonces = this.loadFromFile();
-    this.inMemory = new InMemoryNonceManager(initialNonces);
-  }
-  /**
-   * Load nonces from file
-   */
-  private loadFromFile(): Record<string, number> | undefined {
-    if (!this.fs.existsSync(this.filePath)) {
-      return undefined;
-    }
-    try {
-      // SECURITY: Refuse to read from symlinked nonce files
-      assertSafeFileForRead(this.filePath);
-      const MAX_NONCE_FILE_SIZE = 5 * 1024 * 1024; // 5MB
-      const st = this.fs.statSync(this.filePath);
-      if (st.size > MAX_NONCE_FILE_SIZE) {
-        throw new Error(
-          `nonces.json exceeds ${MAX_NONCE_FILE_SIZE / 1024 / 1024}MB limit: ${this.filePath}`
-        );
-      }
-      const data = JSON.parse(this.fs.readFileSync(this.filePath, 'utf-8'));
-      return data as Record<string, number>;
-    } catch (e: any) {
-      // Fail closed: nonce resets can enable replay.
-      throw new Error(
-        `Failed to parse nonces.json (replay protection would be weakened). ` +
-          `Fix/delete the file: ${this.filePath}. Error: ${e?.message || String(e)}`
-      );
-    }
-  }
-  /**
-   * Save nonces to file atomically with file locking
-   *
-   * SECURITY FIX (NEW-H-4): File locking prevents concurrent write corruption
-   */
-  private async saveToFile(): Promise<void> {
-    const data = this.inMemory.getAllNonces();
-    const tempPath = `${this.filePath}.tmp`;
-    // SECURITY FIX: Ensure file exists before locking (proper-lockfile requirement)
-    ensureSafeFile(this.filePath, '{}', 0o644);
-    // SECURITY FIX (NEW-H-4): Acquire file lock before writing
-    let release: (() => Promise<void>) | null = null;
-    try {
-      release = await this.lockfile.lock(this.filePath, {
-        stale: 10000, // Lock expires after 10 seconds if process crashes
-        retries: {
-          retries: 5,
-          minTimeout: 100,
-          maxTimeout: 500
-        }
-      });
-      // Atomic write: temp file + rename
-      if (this.fs.existsSync(tempPath)) {
-        this.fs.unlinkSync(tempPath);
-      }
-      this.fs.writeFileSync(tempPath, JSON.stringify(data, null, 2), {
-        encoding: 'utf-8',
-        mode: 0o644,
-        flag: 'wx'
-      });
-      this.fs.renameSync(tempPath, this.filePath);
-    } catch (error) {
-      // Clean up temp file on error
-      if (this.fs.existsSync(tempPath)) {
-        try {
-          this.fs.unlinkSync(tempPath);
-        } catch {
-          // Ignore cleanup errors
-        }
-      }
-      throw error;
-    } finally {
-      if (release) {
-        await release();
-      }
-    }
-  }
-  getNextNonce(messageType: string): number {
-    return this.inMemory.getNextNonce(messageType);
-  }
-  /**
-   * Atomic get and increment with persistence
-   */
-  async getAndIncrementNonce(messageType: string): Promise<number> {
-    const nonce = await this.inMemory.getAndIncrementNonce(messageType);
-    // SECURITY FIX (NEW-H-4): saveToFile is now async
-    await this.saveToFile();
-    return nonce;
-  }
-  recordNonce(messageType: string, nonce: number): void {
-    this.inMemory.recordNonce(messageType, nonce);
-    // Fire-and-forget to maintain sync interface
-    this.saveToFile().catch((err) => {
-      console.error('Failed to save nonce manager state:', err);
-    });
-  }
-  getCurrentNonce(messageType: string): number {
-    return this.inMemory.getCurrentNonce(messageType);
-  }
-  resetNonce(messageType: string): void {
-    this.inMemory.resetNonce(messageType);
-    // Fire-and-forget to maintain sync interface
-    this.saveToFile().catch((err) => {
-      console.error('Failed to save nonce manager state:', err);
-    });
-  }
-  getAllNonces(): Record<string, number> {
-    return this.inMemory.getAllNonces();
-  }
-  clearAll(): void {
-    this.inMemory.clearAll();
-    if (this.fs.existsSync(this.filePath)) {
-      this.fs.unlinkSync(this.filePath);
-    }
-  }
-}
 /**
  * Create nonce manager based on environment
- * @param options - Configuration options
+ * @param did - Optional DID for scoped tracking
+ * @param initialNonces - Optional initial nonces
  * @returns NonceManager instance
- *
- * @example
- * ```typescript
- * // In-memory (default)
- * const manager = createNonceManager();
- *
- * // DID-scoped
- * const manager = createNonceManager({ did: 'did:ethr:0x...' });
- *
- * // Persistent (survives restarts)
- * const manager = createNonceManager({ stateDirectory: '/path/to/project' });
- * ```
  */
 export function createNonceManager(
-  options?: {
-    did?: string;
-    initialNonces?: Record<string, number>;
-    stateDirectory?: string;
-  }
+  did?: string,
+  initialNonces?: Record<string, number>
 ): NonceManager {
-  // SECURITY FIX (H-1): Support persistent storage
-  if (options?.stateDirectory) {
-    return new FileBasedNonceManager(options.stateDirectory);
+  if (did) {
+    return new DIDScopedNonceManager(did, initialNonces);
   }
-  if (options?.did) {
-    return new DIDScopedNonceManager(options.did, options?.initialNonces);
-  }
-  return new InMemoryNonceManager(options?.initialNonces);
+  return new InMemoryNonceManager(initialNonces);
 }

package/src/utils/ReceivedNonceTracker.ts CHANGED Viewed

@@ -228,10 +228,6 @@ export class InMemoryReceivedNonceTracker implements IReceivedNonceTracker {
  * - Reject duplicate nonces (replay attack)
  * - Allows non-sequential nonces (nonce gaps are OK)
  *
- * SECURITY FIX (NEW-H-2): Max size enforcement to prevent memory exhaustion
- * SECURITY FIX (HIGH-2): Global total entries limit to prevent DoS via many sender combinations
- * SECURITY FIX (H-2): Rate limiting per sender to prevent flood attacks
- *
  * Trade-off:
  * - Higher memory usage (stores every nonce)
  * - More flexible (allows out-of-order delivery)
@@ -241,94 +237,8 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
   // Map: sender -> messageType -> Set of used nonces
   private usedNonces: Map<string, Map<string, Set<string>>> = new Map();
-  // SECURITY FIX (NEW-H-2): Maximum entries per sender+messageType
-  private readonly maxSizePerType: number;
-  // SECURITY FIX (HIGH-2): Global limit across ALL sender+messageType combinations
-  private readonly maxTotalEntries: number;
-  private totalEntries: number = 0;
-  // SECURITY FIX (H-2): Rate limiting per sender
-  // Map: sender -> { count: number, windowStart: number }
-  private rateLimitState: Map<string, { count: number; windowStart: number }> = new Map();
-  private readonly maxNoncesPerMinute: number;
-  private readonly rateLimitWindowMs: number = 60000; // 1 minute window
-  /**
-   * Create set-based tracker with optional max size
-   * @param maxSizePerType - Maximum nonces per sender+messageType (default: 10,000)
-   * @param maxTotalEntries - Maximum total nonces across all combinations (default: 100,000)
-   * @param maxNoncesPerMinute - Maximum nonces per sender per minute (default: 100)
-   */
-  constructor(
-    maxSizePerType: number = 10000,
-    maxTotalEntries: number = 100000,
-    maxNoncesPerMinute: number = 100
-  ) {
-    if (maxSizePerType <= 0) {
-      throw new Error('maxSizePerType must be positive');
-    }
-    if (maxTotalEntries <= 0) {
-      throw new Error('maxTotalEntries must be positive');
-    }
-    if (maxNoncesPerMinute <= 0) {
-      throw new Error('maxNoncesPerMinute must be positive');
-    }
-    this.maxSizePerType = maxSizePerType;
-    this.maxTotalEntries = maxTotalEntries;
-    this.maxNoncesPerMinute = maxNoncesPerMinute;
-  }
-  /**
-   * SECURITY FIX (H-2): Check rate limit for sender
-   * @param sender - Sender DID
-   * @returns true if rate limit exceeded
-   */
-  private checkRateLimit(sender: string): boolean {
-    const now = Date.now();
-    const state = this.rateLimitState.get(sender);
-    if (!state) {
-      // First nonce from this sender
-      this.rateLimitState.set(sender, { count: 1, windowStart: now });
-      return false; // Not rate limited
-    }
-    // Check if window expired (reset counter)
-    if (now - state.windowStart >= this.rateLimitWindowMs) {
-      state.count = 1;
-      state.windowStart = now;
-      return false; // Not rate limited
-    }
-    // Increment counter
-    state.count++;
-    // Check if rate limit exceeded
-    return state.count > this.maxNoncesPerMinute;
-  }
-  /**
-   * SECURITY FIX (H-2): Periodic cleanup of rate limit state
-   * Removes expired rate limit entries (older than 5 minutes)
-   */
-  private cleanupRateLimitState(): void {
-    const now = Date.now();
-    const expiryThreshold = 5 * 60 * 1000; // 5 minutes
-    for (const [sender, state] of this.rateLimitState.entries()) {
-      if (now - state.windowStart > expiryThreshold) {
-        this.rateLimitState.delete(sender);
-      }
-    }
-  }
   /**
    * Validate and record a received nonce
-   *
-   * SECURITY FIX (NEW-H-2): Automatic cleanup when max size reached
-   * SECURITY FIX (HIGH-2): Global limit check to prevent DoS
-   * SECURITY FIX (H-2): Rate limiting per sender (max 100 nonces/minute)
    */
   validateAndRecord(sender: string, messageType: string, nonce: string): NonceValidationResult {
     // Validate nonce format
@@ -340,34 +250,6 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
       };
     }
-    // SECURITY FIX (H-2): Rate limit check (BEFORE global limit to avoid unnecessary work)
-    if (this.checkRateLimit(sender)) {
-      return {
-        valid: false,
-        reason: `Rate limit exceeded for sender ${sender}: ` +
-                `Maximum ${this.maxNoncesPerMinute} nonces per minute allowed. ` +
-                `This may indicate a flood attack or misconfigured client. ` +
-                `Wait 1 minute before retrying.`,
-        receivedNonce: nonce
-      };
-    }
-    // SECURITY FIX (H-2): Periodic cleanup every 100 validations (amortized cost)
-    if (this.totalEntries % 100 === 0) {
-      this.cleanupRateLimitState();
-    }
-    // SECURITY FIX (HIGH-2): Check global limit BEFORE adding
-    if (this.totalEntries >= this.maxTotalEntries) {
-      return {
-        valid: false,
-        reason: `Global nonce tracker limit reached (${this.maxTotalEntries} entries). ` +
-                `This may indicate a DoS attack or need for cleanup. ` +
-                `Current usage: ${this.totalEntries} entries across ${this.getCombinationCount()} sender+type combinations.`,
-        receivedNonce: nonce
-      };
-    }
     // Get sender's nonce map
     let senderNonces = this.usedNonces.get(sender);
     if (!senderNonces) {
@@ -391,53 +273,11 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
       };
     }
-    // SECURITY FIX (NEW-H-2): Auto-cleanup if max size per type reached
-    if (usedSet.size >= this.maxSizePerType) {
-      // Keep only last 80% of entries (sorted by nonce value)
-      const keepCount = Math.floor(this.maxSizePerType * 0.8);
-      const sortedNonces = Array.from(usedSet).sort((a, b) => {
-        const aVal = BigInt(a);
-        const bVal = BigInt(b);
-        return aVal < bVal ? -1 : aVal > bVal ? 1 : 0;
-      });
-      const removedCount = usedSet.size - keepCount;
-      usedSet = new Set(sortedNonces.slice(-keepCount));
-      senderNonces.set(messageType, usedSet);
-      // SECURITY FIX (HIGH-2): Update global counter
-      this.totalEntries -= removedCount;
-    }
     // Valid nonce - record it
     usedSet.add(nonce);
-    // SECURITY FIX (HIGH-2): Update global counter
-    this.totalEntries++;
     return { valid: true };
   }
-  /**
-   * Get number of sender+messageType combinations (for monitoring)
-   * SECURITY FIX (HIGH-2): Monitoring method
-   */
-  private getCombinationCount(): number {
-    let count = 0;
-    this.usedNonces.forEach(senderMap => {
-      count += senderMap.size;
-    });
-    return count;
-  }
-  /**
-   * Get memory usage statistics
-   * SECURITY FIX (HIGH-2): Monitoring method for DoS detection
-   */
-  getMemoryUsage(): { totalEntries: number; combinations: number; maxTotalEntries: number } {
-    return {
-      totalEntries: this.totalEntries,
-      combinations: this.getCombinationCount(),
-      maxTotalEntries: this.maxTotalEntries
-    };
-  }
   /**
    * Check if a nonce has been used
    */
@@ -487,11 +327,6 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
   reset(sender: string, messageType: string): void {
     const senderNonces = this.usedNonces.get(sender);
     if (senderNonces) {
-      const usedSet = senderNonces.get(messageType);
-      if (usedSet) {
-        // SECURITY FIX (HIGH-2): Update global counter
-        this.totalEntries -= usedSet.size;
-      }
       senderNonces.delete(messageType);
       if (senderNonces.size === 0) {
         this.usedNonces.delete(sender);
@@ -504,8 +339,6 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
    */
   clearAll(): void {
     this.usedNonces.clear();
-    // SECURITY FIX (HIGH-2): Reset global counter
-    this.totalEntries = 0;
   }
   /**
@@ -544,11 +377,8 @@ export class SetBasedReceivedNonceTracker implements IReceivedNonceTracker {
     });
     // Keep only the last N nonces
-    const removedCount = usedSet.size - keepLast;
     const toKeep = new Set(sortedNonces.slice(-keepLast));
     senderNonces.set(messageType, toKeep);
-    // SECURITY FIX (HIGH-2): Update global counter
-    this.totalEntries -= removedCount;
   }
 }