npm - @agirails/sdk - Versions diffs - 2.0.1-beta → 2.0.2 - Mend

@agirails/sdk 2.0.1-beta → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/LICENSE +190 -0
package/README.md +116 -108
package/bin/actp +10 -0
package/dist/ACTPClient.d.ts +456 -33
package/dist/ACTPClient.d.ts.map +1 -1
package/dist/ACTPClient.js +477 -93
package/dist/ACTPClient.js.map +1 -1
package/dist/abi/AgentRegistry.json +782 -0
package/dist/abi/EscrowVault.json +106 -38
package/dist/abi/IdentityRegistry.json +316 -0
package/dist/adapters/BaseAdapter.d.ts +231 -0
package/dist/adapters/BaseAdapter.d.ts.map +1 -0
package/dist/adapters/BaseAdapter.js +393 -0
package/dist/adapters/BaseAdapter.js.map +1 -0
package/dist/adapters/BeginnerAdapter.d.ts +152 -0
package/dist/adapters/BeginnerAdapter.d.ts.map +1 -0
package/dist/adapters/BeginnerAdapter.js +168 -0
package/dist/adapters/BeginnerAdapter.js.map +1 -0
package/dist/adapters/IntermediateAdapter.d.ts +211 -0
package/dist/adapters/IntermediateAdapter.d.ts.map +1 -0
package/dist/adapters/IntermediateAdapter.js +260 -0
package/dist/adapters/IntermediateAdapter.js.map +1 -0
package/dist/adapters/index.d.ts +15 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +26 -0
package/dist/adapters/index.js.map +1 -0
package/dist/builders/DeliveryProofBuilder.d.ts +60 -1
package/dist/builders/DeliveryProofBuilder.d.ts.map +1 -1
package/dist/builders/DeliveryProofBuilder.js +81 -5
package/dist/builders/DeliveryProofBuilder.js.map +1 -1
package/dist/builders/QuoteBuilder.d.ts +101 -0
package/dist/builders/QuoteBuilder.d.ts.map +1 -1
package/dist/builders/QuoteBuilder.js +120 -3
package/dist/builders/QuoteBuilder.js.map +1 -1
package/dist/builders/index.d.ts +4 -0
package/dist/builders/index.d.ts.map +1 -1
package/dist/builders/index.js +4 -0
package/dist/builders/index.js.map +1 -1
package/dist/cli/commands/balance.d.ts +13 -0
package/dist/cli/commands/balance.d.ts.map +1 -0
package/dist/cli/commands/balance.js +89 -0
package/dist/cli/commands/balance.js.map +1 -0
package/dist/cli/commands/batch.d.ts +24 -0
package/dist/cli/commands/batch.d.ts.map +1 -0
package/dist/cli/commands/batch.js +424 -0
package/dist/cli/commands/batch.js.map +1 -0
package/dist/cli/commands/config.d.ts +13 -0
package/dist/cli/commands/config.d.ts.map +1 -0
package/dist/cli/commands/config.js +192 -0
package/dist/cli/commands/config.js.map +1 -0
package/dist/cli/commands/init.d.ts +19 -0
package/dist/cli/commands/init.d.ts.map +1 -0
package/dist/cli/commands/init.js +143 -0
package/dist/cli/commands/init.js.map +1 -0
package/dist/cli/commands/mint.d.ts +13 -0
package/dist/cli/commands/mint.d.ts.map +1 -0
package/dist/cli/commands/mint.js +91 -0
package/dist/cli/commands/mint.js.map +1 -0
package/dist/cli/commands/pay.d.ts +18 -0
package/dist/cli/commands/pay.d.ts.map +1 -0
package/dist/cli/commands/pay.js +87 -0
package/dist/cli/commands/pay.js.map +1 -0
package/dist/cli/commands/simulate.d.ts +32 -0
package/dist/cli/commands/simulate.d.ts.map +1 -0
package/dist/cli/commands/simulate.js +290 -0
package/dist/cli/commands/simulate.js.map +1 -0
package/dist/cli/commands/time.d.ts +29 -0
package/dist/cli/commands/time.d.ts.map +1 -0
package/dist/cli/commands/time.js +252 -0
package/dist/cli/commands/time.js.map +1 -0
package/dist/cli/commands/tx.d.ts +16 -0
package/dist/cli/commands/tx.d.ts.map +1 -0
package/dist/cli/commands/tx.js +379 -0
package/dist/cli/commands/tx.js.map +1 -0
package/dist/cli/commands/watch.d.ts +20 -0
package/dist/cli/commands/watch.d.ts.map +1 -0
package/dist/cli/commands/watch.js +160 -0
package/dist/cli/commands/watch.js.map +1 -0
package/dist/cli/index.d.ts +17 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +104 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/utils/client.d.ts +70 -0
package/dist/cli/utils/client.d.ts.map +1 -0
package/dist/cli/utils/client.js +240 -0
package/dist/cli/utils/client.js.map +1 -0
package/dist/cli/utils/config.d.ts +91 -0
package/dist/cli/utils/config.d.ts.map +1 -0
package/dist/cli/utils/config.js +240 -0
package/dist/cli/utils/config.js.map +1 -0
package/dist/cli/utils/output.d.ts +174 -0
package/dist/cli/utils/output.d.ts.map +1 -0
package/dist/cli/utils/output.js +380 -0
package/dist/cli/utils/output.js.map +1 -0
package/dist/config/networks.d.ts +28 -0
package/dist/config/networks.d.ts.map +1 -1
package/dist/config/networks.js +60 -12
package/dist/config/networks.js.map +1 -1
package/dist/errors/index.d.ts +165 -2
package/dist/errors/index.d.ts.map +1 -1
package/dist/errors/index.js +260 -2
package/dist/errors/index.js.map +1 -1
package/dist/index.d.ts +61 -13
package/dist/index.d.ts.map +1 -1
package/dist/index.js +141 -36
package/dist/index.js.map +1 -1
package/dist/level0/Provider.d.ts +106 -0
package/dist/level0/Provider.d.ts.map +1 -0
package/dist/level0/Provider.js +10 -0
package/dist/level0/Provider.js.map +1 -0
package/dist/level0/ServiceDirectory.d.ts +74 -0
package/dist/level0/ServiceDirectory.d.ts.map +1 -0
package/dist/level0/ServiceDirectory.js +122 -0
package/dist/level0/ServiceDirectory.js.map +1 -0
package/dist/level0/index.d.ts +10 -0
package/dist/level0/index.d.ts.map +1 -0
package/dist/level0/index.js +15 -0
package/dist/level0/index.js.map +1 -0
package/dist/level0/provide.d.ts +51 -0
package/dist/level0/provide.d.ts.map +1 -0
package/dist/level0/provide.js +113 -0
package/dist/level0/provide.js.map +1 -0
package/dist/level0/request.d.ts +53 -0
package/dist/level0/request.d.ts.map +1 -0
package/dist/level0/request.js +462 -0
package/dist/level0/request.js.map +1 -0
package/dist/level1/Agent.d.ts +472 -0
package/dist/level1/Agent.d.ts.map +1 -0
package/dist/level1/Agent.js +1091 -0
package/dist/level1/Agent.js.map +1 -0
package/dist/level1/index.d.ts +10 -0
package/dist/level1/index.d.ts.map +1 -0
package/dist/level1/index.js +30 -0
package/dist/level1/index.js.map +1 -0
package/dist/level1/pricing/PriceCalculator.d.ts +62 -0
package/dist/level1/pricing/PriceCalculator.d.ts.map +1 -0
package/dist/level1/pricing/PriceCalculator.js +237 -0
package/dist/level1/pricing/PriceCalculator.js.map +1 -0
package/dist/level1/pricing/PricingStrategy.d.ts +179 -0
package/dist/level1/pricing/PricingStrategy.d.ts.map +1 -0
package/dist/level1/pricing/PricingStrategy.js +11 -0
package/dist/level1/pricing/PricingStrategy.js.map +1 -0
package/dist/level1/types/Job.d.ts +166 -0
package/dist/level1/types/Job.d.ts.map +1 -0
package/dist/level1/types/Job.js +11 -0
package/dist/level1/types/Job.js.map +1 -0
package/dist/level1/types/Options.d.ts +258 -0
package/dist/level1/types/Options.d.ts.map +1 -0
package/dist/level1/types/Options.js +8 -0
package/dist/level1/types/Options.js.map +1 -0
package/dist/level1/types/index.d.ts +8 -0
package/dist/level1/types/index.d.ts.map +1 -0
package/dist/level1/types/index.js +8 -0
package/dist/level1/types/index.js.map +1 -0
package/dist/protocol/ACTPKernel.d.ts +229 -2
package/dist/protocol/ACTPKernel.d.ts.map +1 -1
package/dist/protocol/ACTPKernel.js +367 -33
package/dist/protocol/ACTPKernel.js.map +1 -1
package/dist/protocol/AgentRegistry.d.ts +177 -0
package/dist/protocol/AgentRegistry.d.ts.map +1 -0
package/dist/protocol/AgentRegistry.js +449 -0
package/dist/protocol/AgentRegistry.js.map +1 -0
package/dist/protocol/DIDManager.d.ts +289 -0
package/dist/protocol/DIDManager.d.ts.map +1 -0
package/dist/protocol/DIDManager.js +481 -0
package/dist/protocol/DIDManager.js.map +1 -0
package/dist/protocol/DIDResolver.d.ts +236 -0
package/dist/protocol/DIDResolver.d.ts.map +1 -0
package/dist/protocol/DIDResolver.js +495 -0
package/dist/protocol/DIDResolver.js.map +1 -0
package/dist/protocol/EASHelper.d.ts +57 -2
package/dist/protocol/EASHelper.d.ts.map +1 -1
package/dist/protocol/EASHelper.js +230 -37
package/dist/protocol/EASHelper.js.map +1 -1
package/dist/protocol/EscrowVault.d.ts +93 -2
package/dist/protocol/EscrowVault.d.ts.map +1 -1
package/dist/protocol/EscrowVault.js +122 -33
package/dist/protocol/EscrowVault.js.map +1 -1
package/dist/protocol/EventMonitor.d.ts +45 -1
package/dist/protocol/EventMonitor.d.ts.map +1 -1
package/dist/protocol/EventMonitor.js +64 -8
package/dist/protocol/EventMonitor.js.map +1 -1
package/dist/protocol/MessageSigner.d.ts +116 -2
package/dist/protocol/MessageSigner.d.ts.map +1 -1
package/dist/protocol/MessageSigner.js +215 -9
package/dist/protocol/MessageSigner.js.map +1 -1
package/dist/protocol/ProofGenerator.d.ts +93 -0
package/dist/protocol/ProofGenerator.d.ts.map +1 -1
package/dist/protocol/ProofGenerator.js +194 -9
package/dist/protocol/ProofGenerator.js.map +1 -1
package/dist/protocol/QuoteBuilder.d.ts +8 -0
package/dist/protocol/QuoteBuilder.d.ts.map +1 -1
package/dist/protocol/QuoteBuilder.js +8 -0
package/dist/protocol/QuoteBuilder.js.map +1 -1
package/dist/runtime/BlockchainRuntime.d.ts +360 -0
package/dist/runtime/BlockchainRuntime.d.ts.map +1 -0
package/dist/runtime/BlockchainRuntime.js +767 -0
package/dist/runtime/BlockchainRuntime.js.map +1 -0
package/dist/runtime/IACTPRuntime.d.ts +271 -0
package/dist/runtime/IACTPRuntime.d.ts.map +1 -0
package/dist/runtime/IACTPRuntime.js +15 -0
package/dist/runtime/IACTPRuntime.js.map +1 -0
package/dist/runtime/MockRuntime.d.ts +445 -0
package/dist/runtime/MockRuntime.d.ts.map +1 -0
package/dist/runtime/MockRuntime.js +1065 -0
package/dist/runtime/MockRuntime.js.map +1 -0
package/dist/runtime/MockStateManager.d.ts +233 -0
package/dist/runtime/MockStateManager.d.ts.map +1 -0
package/dist/runtime/MockStateManager.js +533 -0
package/dist/runtime/MockStateManager.js.map +1 -0
package/dist/runtime/index.d.ts +14 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +42 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/types/MockState.d.ts +167 -0
package/dist/runtime/types/MockState.d.ts.map +1 -0
package/dist/runtime/types/MockState.js +43 -0
package/dist/runtime/types/MockState.js.map +1 -0
package/dist/types/agent.d.ts +76 -0
package/dist/types/agent.d.ts.map +1 -0
package/dist/types/agent.js +8 -0
package/dist/types/agent.js.map +1 -0
package/dist/types/did.d.ts +192 -0
package/dist/types/did.d.ts.map +1 -0
package/dist/types/did.js +38 -0
package/dist/types/did.js.map +1 -0
package/dist/types/eip712.d.ts +34 -0
package/dist/types/eip712.d.ts.map +1 -1
package/dist/types/eip712.js +31 -5
package/dist/types/eip712.js.map +1 -1
package/dist/types/escrow.d.ts +17 -10
package/dist/types/escrow.d.ts.map +1 -1
package/dist/types/index.d.ts +5 -0
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +8 -0
package/dist/types/index.js.map +1 -1
package/dist/types/message.d.ts +32 -0
package/dist/types/message.d.ts.map +1 -1
package/dist/types/message.js +4 -0
package/dist/types/message.js.map +1 -1
package/dist/types/state.d.ts +28 -0
package/dist/types/state.d.ts.map +1 -1
package/dist/types/state.js +37 -6
package/dist/types/state.js.map +1 -1
package/dist/types/transaction.d.ts +17 -0
package/dist/types/transaction.d.ts.map +1 -1
package/dist/utils/ErrorRecoveryGuide.d.ts +125 -0
package/dist/utils/ErrorRecoveryGuide.d.ts.map +1 -0
package/dist/utils/ErrorRecoveryGuide.js +579 -0
package/dist/utils/ErrorRecoveryGuide.js.map +1 -0
package/dist/utils/Helpers.d.ts +453 -0
package/dist/utils/Helpers.d.ts.map +1 -0
package/dist/utils/Helpers.js +623 -0
package/dist/utils/Helpers.js.map +1 -0
package/dist/utils/IPFSClient.d.ts +113 -0
package/dist/utils/IPFSClient.d.ts.map +1 -1
package/dist/utils/IPFSClient.js +128 -7
package/dist/utils/IPFSClient.js.map +1 -1
package/dist/utils/Logger.d.ts +195 -0
package/dist/utils/Logger.d.ts.map +1 -0
package/dist/utils/Logger.js +382 -0
package/dist/utils/Logger.js.map +1 -0
package/dist/utils/NonceManager.d.ts +234 -1
package/dist/utils/NonceManager.d.ts.map +1 -1
package/dist/utils/NonceManager.js +372 -7
package/dist/utils/NonceManager.js.map +1 -1
package/dist/utils/RateLimiter.d.ts +253 -0
package/dist/utils/RateLimiter.d.ts.map +1 -0
package/dist/utils/RateLimiter.js +424 -0
package/dist/utils/RateLimiter.js.map +1 -0
package/dist/utils/ReceivedNonceTracker.d.ts +175 -0
package/dist/utils/ReceivedNonceTracker.d.ts.map +1 -1
package/dist/utils/ReceivedNonceTracker.js +261 -5
package/dist/utils/ReceivedNonceTracker.js.map +1 -1
package/dist/utils/SDKLifecycle.d.ts +156 -0
package/dist/utils/SDKLifecycle.d.ts.map +1 -0
package/dist/utils/SDKLifecycle.js +347 -0
package/dist/utils/SDKLifecycle.js.map +1 -0
package/dist/utils/SecureNonce.d.ts +57 -0
package/dist/utils/SecureNonce.d.ts.map +1 -0
package/dist/utils/SecureNonce.js +80 -0
package/dist/utils/SecureNonce.js.map +1 -0
package/dist/utils/Semaphore.d.ts +123 -0
package/dist/utils/Semaphore.d.ts.map +1 -0
package/dist/utils/Semaphore.js +247 -0
package/dist/utils/Semaphore.js.map +1 -0
package/dist/utils/UsedAttestationTracker.d.ts +167 -0
package/dist/utils/UsedAttestationTracker.d.ts.map +1 -0
package/dist/utils/UsedAttestationTracker.js +309 -0
package/dist/utils/UsedAttestationTracker.js.map +1 -0
package/dist/utils/canonicalJson.d.ts +22 -0
package/dist/utils/canonicalJson.d.ts.map +1 -1
package/dist/utils/canonicalJson.js +26 -3
package/dist/utils/canonicalJson.js.map +1 -1
package/dist/utils/computeTypeHash.d.ts +14 -0
package/dist/utils/computeTypeHash.d.ts.map +1 -1
package/dist/utils/computeTypeHash.js +19 -2
package/dist/utils/computeTypeHash.js.map +1 -1
package/dist/utils/fsSafe.d.ts +14 -0
package/dist/utils/fsSafe.d.ts.map +1 -0
package/dist/utils/fsSafe.js +89 -0
package/dist/utils/fsSafe.js.map +1 -0
package/dist/utils/index.d.ts +15 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +51 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/security.d.ts +147 -0
package/dist/utils/security.d.ts.map +1 -0
package/dist/utils/security.js +391 -0
package/dist/utils/security.js.map +1 -0
package/dist/utils/validation.d.ts +40 -0
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +184 -7
package/dist/utils/validation.js.map +1 -1
package/package.json +54 -37
package/src/ACTPClient.ts +692 -178
package/src/abi/AgentRegistry.json +782 -0
package/src/abi/EscrowVault.json +106 -38
package/src/abi/IdentityRegistry.json +316 -0
package/src/adapters/BaseAdapter.ts +473 -0
package/src/adapters/BeginnerAdapter.ts +232 -0
package/src/adapters/IntermediateAdapter.ts +316 -0
package/src/adapters/index.ts +25 -0
package/src/builders/DeliveryProofBuilder.ts +3 -2
package/src/cli/commands/balance.ts +110 -0
package/src/cli/commands/batch.ts +487 -0
package/src/cli/commands/config.ts +231 -0
package/src/cli/commands/init.ts +161 -0
package/src/cli/commands/mint.ts +116 -0
package/src/cli/commands/pay.ts +113 -0
package/src/cli/commands/simulate.ts +345 -0
package/src/cli/commands/time.ts +303 -0
package/src/cli/commands/tx.ts +448 -0
package/src/cli/commands/watch.ts +211 -0
package/src/cli/index.ts +116 -0
package/src/cli/utils/client.ts +249 -0
package/src/cli/utils/config.ts +282 -0
package/src/cli/utils/output.ts +465 -0
package/src/config/networks.ts +32 -9
package/src/errors/index.ts +298 -1
package/src/index.ts +207 -71
package/src/level0/Provider.ts +117 -0
package/src/level0/ServiceDirectory.ts +131 -0
package/src/level0/index.ts +10 -0
package/src/level0/provide.ts +131 -0
package/src/level0/request.ts +494 -0
package/src/level1/Agent.ts +1432 -0
package/src/level1/index.ts +10 -0
package/src/level1/pricing/PriceCalculator.ts +255 -0
package/src/level1/pricing/PricingStrategy.ts +198 -0
package/src/level1/types/Job.ts +179 -0
package/src/level1/types/Options.ts +291 -0
package/src/level1/types/index.ts +8 -0
package/src/protocol/ACTPKernel.ts +175 -23
package/src/protocol/AgentRegistry.ts +559 -0
package/src/protocol/DIDManager.ts +629 -0
package/src/protocol/DIDResolver.ts +554 -0
package/src/protocol/EASHelper.ts +230 -46
package/src/protocol/EscrowVault.ts +68 -50
package/src/protocol/EventMonitor.ts +44 -15
package/src/protocol/MessageSigner.ts +193 -13
package/src/protocol/ProofGenerator.ts +223 -4
package/src/runtime/BlockchainRuntime.ts +993 -0
package/src/runtime/IACTPRuntime.ts +284 -0
package/src/runtime/MockRuntime.ts +1244 -0
package/src/runtime/MockStateManager.ts +576 -0
package/src/runtime/index.ts +25 -0
package/src/runtime/types/MockState.ts +227 -0
package/src/types/agent.ts +79 -0
package/src/types/did.ts +223 -0
package/src/types/escrow.ts +12 -11
package/src/types/index.ts +5 -1
package/src/types/state.ts +12 -3
package/src/types/transaction.ts +4 -1
package/src/utils/ErrorRecoveryGuide.ts +675 -0
package/src/utils/Helpers.ts +688 -0
package/src/utils/IPFSClient.ts +122 -5
package/src/utils/Logger.ts +484 -0
package/src/utils/NonceManager.ts +305 -8
package/src/utils/RateLimiter.ts +534 -0
package/src/utils/ReceivedNonceTracker.ts +170 -0
package/src/utils/SDKLifecycle.ts +416 -0
package/src/utils/SecureNonce.ts +78 -0
package/src/utils/Semaphore.ts +276 -0
package/src/utils/UsedAttestationTracker.ts +387 -0
package/src/utils/fsSafe.ts +75 -0
package/src/utils/index.ts +80 -0
package/src/utils/security.ts +418 -0
package/src/utils/validation.ts +164 -0
package/src/__tests__/ProofGenerator.test.ts +0 -124
package/src/__tests__/QuoteBuilder.test.ts +0 -516
package/src/__tests__/StateMachine.test.ts +0 -82
package/src/__tests__/builders/DeliveryProofBuilder.test.ts +0 -581
package/src/__tests__/integration/ACTPClient.test.ts +0 -263
package/src/__tests__/integration.test.ts +0 -289
package/src/__tests__/protocol/EASHelper.test.ts +0 -472
package/src/__tests__/protocol/EventMonitor.test.ts +0 -382
package/src/__tests__/security/ACTPKernel.security.test.ts +0 -1167
package/src/__tests__/security/EscrowVault.security.test.ts +0 -570
package/src/__tests__/security/MessageSigner.security.test.ts +0 -286
package/src/__tests__/security/NonceReplay.security.test.ts +0 -501
package/src/__tests__/security/validation.security.test.ts +0 -376
package/src/__tests__/utils/IPFSClient.test.ts +0 -262
package/src/__tests__/utils/NonceManager.test.ts +0 -205
package/src/__tests__/utils/canonicalJson.test.ts +0 -153

package/dist/utils/SecureNonce.js ADDED Viewed

@@ -0,0 +1,80 @@
+"use strict";
+/**
+ * SecureNonce - Cryptographically secure nonce generation
+ *
+ * SECURITY FIX (NEW-H-3): Provides secure random nonce generation
+ * to prevent weak randomness vulnerabilities in EIP-712 message signing.
+ *
+ * Reference: V7 Re-Audit NEW-H-3 (Weak Random Nonce Generation)
+ *
+ * @module utils/SecureNonce
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSecureNonces = exports.isValidNonce = exports.generateSecureNonce = void 0;
+const ethers_1 = require("ethers");
+/**
+ * Generate a cryptographically secure random nonce (bytes32)
+ *
+ * Uses ethers.js randomBytes() which:
+ * - Uses Node.js crypto.randomBytes() (CSPRNG)
+ * - Uses Web Crypto API in browsers (window.crypto.getRandomValues)
+ * - Guaranteed to be cryptographically secure
+ *
+ * @returns 32-byte hex string (0x...)
+ *
+ * @example
+ * ```typescript
+ * import { generateSecureNonce } from '@agirails/sdk';
+ *
+ * const nonce = generateSecureNonce();
+ * console.log(nonce); // 0x1234...abcd (64 hex chars)
+ * ```
+ */
+function generateSecureNonce() {
+    return ethers_1.ethers.hexlify(ethers_1.ethers.randomBytes(32));
+}
+exports.generateSecureNonce = generateSecureNonce;
+/**
+ * Validate nonce format (must be bytes32)
+ *
+ * @param nonce - Nonce to validate
+ * @returns true if valid bytes32 format
+ *
+ * @example
+ * ```typescript
+ * isValidNonce('0x' + '00'.repeat(32)); // true
+ * isValidNonce('0x1234'); // false (too short)
+ * isValidNonce('not-hex'); // false (invalid format)
+ * ```
+ */
+function isValidNonce(nonce) {
+    return /^0x[a-fA-F0-9]{64}$/.test(nonce);
+}
+exports.isValidNonce = isValidNonce;
+/**
+ * Generate an array of secure nonces
+ *
+ * @param count - Number of nonces to generate
+ * @returns Array of bytes32 hex strings
+ *
+ * @example
+ * ```typescript
+ * const nonces = generateSecureNonces(10);
+ * console.log(nonces.length); // 10
+ * ```
+ */
+function generateSecureNonces(count) {
+    if (count <= 0) {
+        throw new Error('Count must be positive');
+    }
+    if (count > 10000) {
+        throw new Error('Count exceeds maximum allowed (10000)');
+    }
+    const nonces = [];
+    for (let i = 0; i < count; i++) {
+        nonces.push(generateSecureNonce());
+    }
+    return nonces;
+}
+exports.generateSecureNonces = generateSecureNonces;
+//# sourceMappingURL=SecureNonce.js.map

package/dist/utils/SecureNonce.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecureNonce.js","sourceRoot":"","sources":["../../src/utils/SecureNonce.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,mCAAgC;AAEhC;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,mBAAmB;IACjC,OAAO,eAAM,CAAC,OAAO,CAAC,eAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,YAAY,CAAC,KAAa;IACxC,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC;AAFD,oCAEC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,KAAK,GAAG,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAbD,oDAaC"}

package/dist/utils/Semaphore.d.ts ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * Semaphore - Concurrency limiter for ACTP SDK
+ *
+ * SECURITY FIX (MEDIUM-4): Prevents unbounded concurrent execution
+ * which could lead to resource exhaustion (memory/CPU DoS).
+ *
+ * @module utils/Semaphore
+ */
+/**
+ * Simple semaphore for limiting concurrent operations
+ *
+ * Uses a FIFO queue to ensure fair scheduling of waiting tasks.
+ */
+export declare class Semaphore {
+    private permits;
+    private readonly maxPermits;
+    private readonly waitQueue;
+    /**
+     * Create a semaphore with specified concurrency limit
+     *
+     * @param maxPermits - Maximum concurrent permits (default: 10)
+     * @throws Error if maxPermits is not positive
+     */
+    constructor(maxPermits?: number);
+    /**
+     * Acquire a permit, waiting if necessary
+     *
+     * @param timeoutMs - Optional timeout in milliseconds (0 = no timeout)
+     * @returns Promise that resolves when permit is acquired
+     * @throws Error if timeout is exceeded
+     */
+    acquire(timeoutMs?: number): Promise<void>;
+    /**
+     * Try to acquire a permit without waiting
+     *
+     * @returns true if permit was acquired, false if none available
+     */
+    tryAcquire(): boolean;
+    /**
+     * Release a permit
+     *
+     * @throws Error if releasing more permits than acquired
+     */
+    release(): void;
+    /**
+     * Execute a function with semaphore protection
+     *
+     * Automatically acquires before execution and releases after,
+     * even if the function throws.
+     *
+     * @param fn - Function to execute
+     * @param timeoutMs - Optional timeout for acquiring permit
+     * @returns Result of the function
+     */
+    run<T>(fn: () => Promise<T> | T, timeoutMs?: number): Promise<T>;
+    /**
+     * Get current available permits
+     */
+    get availablePermits(): number;
+    /**
+     * Get number of waiters in queue
+     */
+    get queueLength(): number;
+    /**
+     * Get maximum permits
+     */
+    get limit(): number;
+    /**
+     * Check if semaphore is fully utilized
+     */
+    get isFull(): boolean;
+    /**
+     * Cancel all waiting tasks
+     *
+     * @param reason - Error message for rejected promises
+     */
+    cancelAll(reason?: string): void;
+}
+/**
+ * Rate limiter using sliding window algorithm
+ *
+ * SECURITY FIX (MEDIUM-4): Complements semaphore for rate-based limiting
+ */
+export declare class RateLimiter {
+    private readonly timestamps;
+    private readonly windowMs;
+    private readonly maxRequests;
+    /**
+     * Create a rate limiter
+     *
+     * @param maxRequests - Maximum requests per window
+     * @param windowMs - Time window in milliseconds
+     */
+    constructor(maxRequests: number, windowMs: number);
+    /**
+     * Check if a request is allowed and record it
+     *
+     * @returns true if request is allowed, false if rate limited
+     */
+    tryAcquire(): boolean;
+    /**
+     * Wait until a request is allowed
+     *
+     * @param timeoutMs - Optional timeout
+     * @returns Promise that resolves when request is allowed
+     */
+    acquire(timeoutMs?: number): Promise<void>;
+    /**
+     * Get time until next slot is available
+     *
+     * @returns Milliseconds until next slot, or 0 if slot available
+     */
+    timeUntilNextSlot(): number;
+    /**
+     * Get current usage stats
+     */
+    get stats(): {
+        current: number;
+        max: number;
+        windowMs: number;
+    };
+}
+//# sourceMappingURL=Semaphore.d.ts.map

package/dist/utils/Semaphore.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Semaphore.d.ts","sourceRoot":"","sources":["../../src/utils/Semaphore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAGlB;IAER;;;;;OAKG;gBACS,UAAU,GAAE,MAAW;IAQnC;;;;;;OAMG;IACG,OAAO,CAAC,SAAS,GAAE,MAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IA+BnD;;;;OAIG;IACH,UAAU,IAAI,OAAO;IAQrB;;;;OAIG;IACH,OAAO,IAAI,IAAI;IAcf;;;;;;;;;OASG;IACG,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,SAAS,GAAE,MAAU,GAAG,OAAO,CAAC,CAAC,CAAC;IASzE;;OAEG;IACH,IAAI,gBAAgB,IAAI,MAAM,CAE7B;IAED;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,CAExB;IAED;;OAEG;IACH,IAAI,KAAK,IAAI,MAAM,CAElB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED;;;;OAIG;IACH,SAAS,CAAC,MAAM,GAAE,MAA8B,GAAG,IAAI;CAMxD;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAgB;IAC3C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IAErC;;;;;OAKG;gBACS,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAWjD;;;;OAIG;IACH,UAAU,IAAI,OAAO;IAmBrB;;;;;OAKG;IACG,OAAO,CAAC,SAAS,GAAE,MAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAcnD;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAgB3B;;OAEG;IACH,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAa9D;CACF"}

package/dist/utils/Semaphore.js ADDED Viewed

@@ -0,0 +1,247 @@
+"use strict";
+/**
+ * Semaphore - Concurrency limiter for ACTP SDK
+ *
+ * SECURITY FIX (MEDIUM-4): Prevents unbounded concurrent execution
+ * which could lead to resource exhaustion (memory/CPU DoS).
+ *
+ * @module utils/Semaphore
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimiter = exports.Semaphore = void 0;
+/**
+ * Simple semaphore for limiting concurrent operations
+ *
+ * Uses a FIFO queue to ensure fair scheduling of waiting tasks.
+ */
+class Semaphore {
+    /**
+     * Create a semaphore with specified concurrency limit
+     *
+     * @param maxPermits - Maximum concurrent permits (default: 10)
+     * @throws Error if maxPermits is not positive
+     */
+    constructor(maxPermits = 10) {
+        this.waitQueue = [];
+        if (maxPermits <= 0 || !Number.isInteger(maxPermits)) {
+            throw new Error(`maxPermits must be a positive integer, got: ${maxPermits}`);
+        }
+        this.maxPermits = maxPermits;
+        this.permits = maxPermits;
+    }
+    /**
+     * Acquire a permit, waiting if necessary
+     *
+     * @param timeoutMs - Optional timeout in milliseconds (0 = no timeout)
+     * @returns Promise that resolves when permit is acquired
+     * @throws Error if timeout is exceeded
+     */
+    async acquire(timeoutMs = 0) {
+        if (this.permits > 0) {
+            this.permits--;
+            return;
+        }
+        // No permits available, queue the request
+        return new Promise((resolve, reject) => {
+            const waiter = { resolve, reject };
+            this.waitQueue.push(waiter);
+            // Set up timeout if specified
+            if (timeoutMs > 0) {
+                const timeoutId = setTimeout(() => {
+                    const index = this.waitQueue.indexOf(waiter);
+                    if (index >= 0) {
+                        this.waitQueue.splice(index, 1);
+                        reject(new Error(`Semaphore acquire timeout after ${timeoutMs}ms`));
+                    }
+                }, timeoutMs);
+                // Clear timeout when resolved
+                const originalResolve = waiter.resolve;
+                waiter.resolve = () => {
+                    clearTimeout(timeoutId);
+                    originalResolve();
+                };
+            }
+        });
+    }
+    /**
+     * Try to acquire a permit without waiting
+     *
+     * @returns true if permit was acquired, false if none available
+     */
+    tryAcquire() {
+        if (this.permits > 0) {
+            this.permits--;
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Release a permit
+     *
+     * @throws Error if releasing more permits than acquired
+     */
+    release() {
+        if (this.permits >= this.maxPermits) {
+            throw new Error('Cannot release: no permits held');
+        }
+        // If there are waiters, give permit to first in queue (FIFO)
+        if (this.waitQueue.length > 0) {
+            const waiter = this.waitQueue.shift();
+            waiter.resolve();
+        }
+        else {
+            this.permits++;
+        }
+    }
+    /**
+     * Execute a function with semaphore protection
+     *
+     * Automatically acquires before execution and releases after,
+     * even if the function throws.
+     *
+     * @param fn - Function to execute
+     * @param timeoutMs - Optional timeout for acquiring permit
+     * @returns Result of the function
+     */
+    async run(fn, timeoutMs = 0) {
+        await this.acquire(timeoutMs);
+        try {
+            return await fn();
+        }
+        finally {
+            this.release();
+        }
+    }
+    /**
+     * Get current available permits
+     */
+    get availablePermits() {
+        return this.permits;
+    }
+    /**
+     * Get number of waiters in queue
+     */
+    get queueLength() {
+        return this.waitQueue.length;
+    }
+    /**
+     * Get maximum permits
+     */
+    get limit() {
+        return this.maxPermits;
+    }
+    /**
+     * Check if semaphore is fully utilized
+     */
+    get isFull() {
+        return this.permits === 0;
+    }
+    /**
+     * Cancel all waiting tasks
+     *
+     * @param reason - Error message for rejected promises
+     */
+    cancelAll(reason = 'Semaphore cancelled') {
+        while (this.waitQueue.length > 0) {
+            const waiter = this.waitQueue.shift();
+            waiter.reject(new Error(reason));
+        }
+    }
+}
+exports.Semaphore = Semaphore;
+/**
+ * Rate limiter using sliding window algorithm
+ *
+ * SECURITY FIX (MEDIUM-4): Complements semaphore for rate-based limiting
+ */
+class RateLimiter {
+    /**
+     * Create a rate limiter
+     *
+     * @param maxRequests - Maximum requests per window
+     * @param windowMs - Time window in milliseconds
+     */
+    constructor(maxRequests, windowMs) {
+        this.timestamps = [];
+        if (maxRequests <= 0) {
+            throw new Error('maxRequests must be positive');
+        }
+        if (windowMs <= 0) {
+            throw new Error('windowMs must be positive');
+        }
+        this.maxRequests = maxRequests;
+        this.windowMs = windowMs;
+    }
+    /**
+     * Check if a request is allowed and record it
+     *
+     * @returns true if request is allowed, false if rate limited
+     */
+    tryAcquire() {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        // Remove timestamps outside the window
+        while (this.timestamps.length > 0 && this.timestamps[0] < windowStart) {
+            this.timestamps.shift();
+        }
+        // Check if we're at the limit
+        if (this.timestamps.length >= this.maxRequests) {
+            return false;
+        }
+        // Record this request
+        this.timestamps.push(now);
+        return true;
+    }
+    /**
+     * Wait until a request is allowed
+     *
+     * @param timeoutMs - Optional timeout
+     * @returns Promise that resolves when request is allowed
+     */
+    async acquire(timeoutMs = 0) {
+        const startTime = Date.now();
+        while (!this.tryAcquire()) {
+            if (timeoutMs > 0 && Date.now() - startTime >= timeoutMs) {
+                throw new Error(`Rate limiter timeout after ${timeoutMs}ms`);
+            }
+            // Wait a short time before retrying
+            const waitTime = Math.min(100, this.timeUntilNextSlot());
+            await new Promise((resolve) => setTimeout(resolve, waitTime));
+        }
+    }
+    /**
+     * Get time until next slot is available
+     *
+     * @returns Milliseconds until next slot, or 0 if slot available
+     */
+    timeUntilNextSlot() {
+        if (this.timestamps.length < this.maxRequests) {
+            return 0;
+        }
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        const oldestTimestamp = this.timestamps[0];
+        if (oldestTimestamp <= windowStart) {
+            return 0;
+        }
+        return oldestTimestamp - windowStart;
+    }
+    /**
+     * Get current usage stats
+     */
+    get stats() {
+        // Clean up old timestamps
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        while (this.timestamps.length > 0 && this.timestamps[0] < windowStart) {
+            this.timestamps.shift();
+        }
+        return {
+            current: this.timestamps.length,
+            max: this.maxRequests,
+            windowMs: this.windowMs,
+        };
+    }
+}
+exports.RateLimiter = RateLimiter;
+//# sourceMappingURL=Semaphore.js.map

package/dist/utils/Semaphore.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Semaphore.js","sourceRoot":"","sources":["../../src/utils/Semaphore.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH;;;;GAIG;AACH,MAAa,SAAS;IAQpB;;;;;OAKG;IACH,YAAY,aAAqB,EAAE;QAXlB,cAAS,GAGrB,EAAE,CAAC;QASN,IAAI,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,+CAA+C,UAAU,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC;IAC5B,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,YAAoB,CAAC;QACjC,IAAI,IAAI,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3C,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE5B,8BAA8B;YAC9B,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBAClB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;oBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAC7C,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;wBACf,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;wBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,SAAS,IAAI,CAAC,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC,EAAE,SAAS,CAAC,CAAC;gBAEd,8BAA8B;gBAC9B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC;gBACvC,MAAM,CAAC,OAAO,GAAG,GAAG,EAAE;oBACpB,YAAY,CAAC,SAAS,CAAC,CAAC;oBACxB,eAAe,EAAE,CAAC;gBACpB,CAAC,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,UAAU;QACR,IAAI,IAAI,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,6DAA6D;QAC7D,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAG,CAAC;YACvC,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,GAAG,CAAI,EAAwB,EAAE,YAAoB,CAAC;QAC1D,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,SAAiB,qBAAqB;QAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAG,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF;AAtJD,8BAsJC;AAED;;;;GAIG;AACH,MAAa,WAAW;IAKtB;;;;;OAKG;IACH,YAAY,WAAmB,EAAE,QAAgB;QAVhC,eAAU,GAAa,EAAE,CAAC;QAWzC,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAExC,uCAAuC;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,WAAW,EAAE,CAAC;YACtE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,YAAoB,CAAC;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC1B,IAAI,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CAAC,8BAA8B,SAAS,IAAI,CAAC,CAAC;YAC/D,CAAC;YAED,oCAAoC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,iBAAiB;QACf,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAE3C,IAAI,eAAe,IAAI,WAAW,EAAE,CAAC;YACnC,OAAO,CAAC,CAAC;QACX,CAAC;QAED,OAAO,eAAe,GAAG,WAAW,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,0BAA0B;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QACxC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,WAAW,EAAE,CAAC;YACtE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;YAC/B,GAAG,EAAE,IAAI,CAAC,WAAW;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;IACJ,CAAC;CACF;AAxGD,kCAwGC"}

package/dist/utils/UsedAttestationTracker.d.ts ADDED Viewed

@@ -0,0 +1,167 @@
+/**
+ * UsedAttestationTracker - Prevents EAS Attestation Replay Attacks (C-1)
+ *
+ * Tracks which attestation UIDs have been used for which transaction IDs.
+ * This prevents a malicious provider from reusing an attestation from
+ * Transaction A to settle Transaction B.
+ *
+ * SECURITY: ACTPKernel V1 contract accepts any attestationUID without validation.
+ * This tracker provides SDK-side protection until contract is upgraded.
+ *
+ * @module utils/UsedAttestationTracker
+ */
+/**
+ * Interface for tracking used attestations
+ */
+export interface IUsedAttestationTracker {
+    /**
+     * Record that an attestation was used for a transaction
+     * @param attestationUID - EAS attestation UID (bytes32)
+     * @param txId - Transaction ID (bytes32)
+     * @returns true if recorded, false if already used for different transaction
+     *
+     * SECURITY FIX (HIGH-1): This method is now async to ensure persistence completes
+     * before returning. Use recordUsageSync() for fire-and-forget behavior.
+     */
+    recordUsage(attestationUID: string, txId: string): Promise<boolean>;
+    /**
+     * Check if attestation has been used
+     * @param attestationUID - EAS attestation UID (bytes32)
+     * @returns Transaction ID if used, null if not used
+     */
+    getUsageForAttestation(attestationUID: string): string | null;
+    /**
+     * Check if attestation is valid for transaction
+     * @param attestationUID - EAS attestation UID
+     * @param txId - Transaction ID
+     * @returns true if attestation is unused or already used for this txId
+     */
+    isValidForTransaction(attestationUID: string, txId: string): boolean;
+    /**
+     * Clear all tracked attestations
+     */
+    clear(): void;
+}
+/**
+ * In-Memory Used Attestation Tracker
+ *
+ * SECURITY FIX (C-1): Prevents attestation replay attacks by tracking
+ * which attestation UIDs have been used for which transactions.
+ *
+ * SECURITY FIX (NEW-H-2): LRU-style cache with max size to prevent DoS
+ *
+ * WARNING: In-memory only. For production:
+ * - Use persistent storage (Redis, PostgreSQL, etc.)
+ * - Implement recovery from blockchain events
+ */
+export declare class InMemoryUsedAttestationTracker implements IUsedAttestationTracker {
+    private usedAttestations;
+    private readonly maxSize;
+    /**
+     * Create in-memory tracker with optional max size
+     * @param maxSize - Maximum entries to store (default: 100,000)
+     */
+    constructor(maxSize?: number);
+    /**
+     * Record that an attestation was used for a transaction
+     * @param attestationUID - EAS attestation UID (bytes32)
+     * @param txId - Transaction ID (bytes32)
+     * @returns true if recorded, false if already used for different transaction
+     *
+     * SECURITY FIX (NEW-H-2): LRU eviction when max size reached
+     * SECURITY FIX (HIGH-1): Now async for interface consistency
+     */
+    recordUsage(attestationUID: string, txId: string): Promise<boolean>;
+    /**
+     * Synchronous version of recordUsage (for backward compatibility)
+     * @param attestationUID - EAS attestation UID (bytes32)
+     * @param txId - Transaction ID (bytes32)
+     * @returns true if recorded, false if already used for different transaction
+     */
+    recordUsageSync(attestationUID: string, txId: string): boolean;
+    /**
+     * Check if attestation has been used
+     * @param attestationUID - EAS attestation UID (bytes32)
+     * @returns Transaction ID if used, null if not used
+     *
+     * SECURITY FIX (MEDIUM-4): Updates access order for true LRU behavior
+     * Accessed items are moved to end of Map (most recently used)
+     */
+    getUsageForAttestation(attestationUID: string): string | null;
+    /**
+     * Check if attestation is valid for transaction
+     * @param attestationUID - EAS attestation UID
+     * @param txId - Transaction ID
+     * @returns true if attestation is unused or already used for this txId
+     *
+     * SECURITY FIX (MEDIUM-4): Updates access order for true LRU behavior
+     */
+    isValidForTransaction(attestationUID: string, txId: string): boolean;
+    /**
+     * Clear all tracked attestations
+     */
+    clear(): void;
+    /**
+     * Get all tracked attestations (for debugging/persistence)
+     */
+    getAllUsages(): Record<string, string>;
+    /**
+     * Get count of tracked attestations
+     */
+    getCount(): number;
+    /**
+     * Cleanup old entries based on timestamp (optional)
+     *
+     * SECURITY FIX (NEW-H-2): Manual cleanup for old entries
+     * Note: This requires external timestamp tracking. For automatic cleanup,
+     * use FileBasedUsedAttestationTracker with periodic cleanup.
+     *
+     * @param maxAgeHours - Remove entries older than this many hours
+     */
+    cleanupOldEntries(maxAgeHours: number): number;
+}
+/**
+ * File-based Used Attestation Tracker for persistence
+ *
+ * SECURITY FIX (C-1): Persistent storage for attestation tracking
+ * SECURITY FIX (NEW-H-4): File locking to prevent concurrent write corruption
+ *
+ * Survives process restarts.
+ */
+export declare class FileBasedUsedAttestationTracker implements IUsedAttestationTracker {
+    private inMemory;
+    private filePath;
+    private fs;
+    private path;
+    private lockfile;
+    constructor(stateDirectory: string);
+    private loadFromFile;
+    /**
+     * Save data to file with file locking
+     *
+     * SECURITY FIX (NEW-H-4): File locking prevents concurrent write corruption
+     * SECURITY FIX (NEW-HIGH-1): Create file before locking if it doesn't exist
+     */
+    private saveToFile;
+    /**
+     * Record attestation usage with guaranteed persistence
+     *
+     * SECURITY FIX (HIGH-1): Now properly awaits persistence to prevent data loss
+     */
+    recordUsage(attestationUID: string, txId: string): Promise<boolean>;
+    /**
+     * Fire-and-forget version for backward compatibility
+     * WARNING: May lose data if process crashes before save completes
+     */
+    recordUsageSync(attestationUID: string, txId: string): boolean;
+    getUsageForAttestation(attestationUID: string): string | null;
+    isValidForTransaction(attestationUID: string, txId: string): boolean;
+    clear(): void;
+}
+/**
+ * Factory to create attestation tracker
+ * @param stateDirectory - Optional directory for persistent storage
+ * @returns IUsedAttestationTracker instance
+ */
+export declare function createUsedAttestationTracker(stateDirectory?: string): IUsedAttestationTracker;
+//# sourceMappingURL=UsedAttestationTracker.d.ts.map

package/dist/utils/UsedAttestationTracker.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UsedAttestationTracker.d.ts","sourceRoot":"","sources":["../../src/utils/UsedAttestationTracker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;;;;;OAQG;IACH,WAAW,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpE;;;;OAIG;IACH,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAE9D;;;;;OAKG;IACH,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAErE;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAE5E,OAAO,CAAC,gBAAgB,CAAkC;IAG1D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;OAGG;gBACS,OAAO,GAAE,MAAe;IAOpC;;;;;;;;OAQG;IACG,WAAW,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzE;;;;;OAKG;IACH,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IA4B9D;;;;;;;OAOG;IACH,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAc7D;;;;;;;OAOG;IACH,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAgBpE;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAItC;;OAEG;IACH,QAAQ,IAAI,MAAM;IAIlB;;;;;;;;OAQG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM;CAS/C;AAED;;;;;;;GAOG;AACH,qBAAa,+BAAgC,YAAW,uBAAuB;IAC7E,OAAO,CAAC,QAAQ,CAAiC;IACjD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,EAAE,CAAsB;IAChC,OAAO,CAAC,IAAI,CAAwB;IACpC,OAAO,CAAC,QAAQ,CAAmC;gBAEvC,cAAc,EAAE,MAAM;IAiBlC,OAAO,CAAC,YAAY;IA6BpB;;;;;OAKG;YACW,UAAU;IAgDxB;;;;OAIG;IACG,WAAW,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASzE;;;OAGG;IACH,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAU9D,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAI7D,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAIpE,KAAK,IAAI,IAAI;CAMd;AAED;;;;GAIG;AACH,wBAAgB,4BAA4B,CAC1C,cAAc,CAAC,EAAE,MAAM,GACtB,uBAAuB,CAKzB"}