@aithos/sdk 0.1.0-alpha.24 → 0.1.0-alpha.26

package/dist/src/data-schema-contacts-v1.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Bundled copy of the `aithos.contacts.v1` schema.
+ *
+ * Mirrors `spec/data/schemas/aithos.contacts.v1.json` of the
+ * Aithos-protocol repo. The SDK uses this to split a record into its
+ * indexable (metadata) and encrypted (payload) parts on insert and to
+ * recombine them on read.
+ *
+ * In a later iteration the SDK will fetch / resolve schemas dynamically
+ * from a registry; for v0.1 we bundle the core schemas.
+ */
+import type { AithosSchemaLite } from "./data.js";
+export declare const contactsV1: AithosSchemaLite;
+//# sourceMappingURL=data-schema-contacts-v1.d.ts.map

package/dist/src/data-schema-contacts-v1.js

@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+export const contactsV1 = {
+    schema: "aithos.contacts.v1",
+    indexable: new Set([
+        "name",
+        "email",
+        "phone_hash",
+        "status",
+        "tags",
+        "source",
+        "created_at",
+        "modified_at",
+        "last_contacted_at",
+    ]),
+    encrypted: new Set([
+        "phone",
+        "notes",
+        "conversation_log",
+        "form_responses",
+        "custom_fields",
+    ]),
+    auto: new Set(["created_at", "modified_at"]),
+    defaults: {
+        status: "lead",
+    },
+};
+//# sourceMappingURL=data-schema-contacts-v1.js.map

package/dist/src/data.d.ts

@@ -0,0 +1,97 @@
+export interface AithosSchemaLite {
+    readonly schema: string;
+    readonly indexable: ReadonlySet<string>;
+    readonly encrypted: ReadonlySet<string>;
+    readonly auto: ReadonlySet<string>;
+    readonly defaults: Readonly<Record<string, unknown>>;
+}
+export interface CreateDataClientArgs {
+    /** Base URL of the deployed PDS (e.g. https://abc.execute-api.eu-west-3.amazonaws.com). */
+    readonly pdsUrl: string;
+    /** Subject DID — typically did:key:… in dev, did:aithos:… in prod. */
+    readonly did: string;
+    /**
+     * Ed25519 sphere seed (32 bytes). For did:key this is the same as
+     * the key embedded in the DID itself. For did:aithos this is the
+     * subject's `#data` (or `#public`) sphere key.
+     */
+    readonly sphereSeed: Uint8Array;
+    /**
+     * The verification method URL within the DID document used to sign
+     * envelopes. For did:key this is `<did>#<multibase>`. For did:aithos
+     * this is `<did>#data` (or `#public`).
+     */
+    readonly verificationMethod: string;
+    /** Optional fetch implementation. Defaults to globalThis.fetch. */
+    readonly fetch?: typeof fetch;
+}
+export interface DataClient {
+    /** Get / create a collection handle. */
+    collection(name: string): DataCollection;
+    /** Initialize a new collection with an explicit schema. */
+    createCollection(args: {
+        name: string;
+        schema: string;
+        forwardSecrecy?: "best_effort" | "strict";
+    }): Promise<void>;
+    /** List collections owned by this subject. */
+    listCollections(): Promise<readonly {
+        name: string;
+        schema: string;
+        record_count: number;
+    }[]>;
+    /** List gamma audit entries. */
+    listGammaEntries(opts?: {
+        limit?: number;
+        opPrefix?: string;
+        verify?: boolean;
+    }): Promise<unknown>;
+    /** Drop in-memory cache (CMK, collection metadata, …). */
+    reset(): void;
+}
+export interface DataCollection {
+    readonly name: string;
+    /**
+     * Insert a record. The object MAY contain both indexable and
+     * encrypted fields per the schema; the SDK splits them.
+     */
+    insert(record: Record<string, unknown>): Promise<string>;
+    /** Fetch one record by id (decrypted client-side). */
+    get(recordId: string): Promise<Record<string, unknown> | null>;
+    /** List records, decrypted. Pagination via opaque cursor. */
+    list(opts?: ListOpts): Promise<{
+        items: Record<string, unknown>[];
+        nextCursor?: string;
+    }>;
+    /**
+     * Replace a record. Same shape as insert; the SDK splits indexable
+     * vs encrypted again per the schema.
+     */
+    update(recordId: string, record: Record<string, unknown>): Promise<void>;
+    /** Soft-delete a record. */
+    delete(recordId: string): Promise<void>;
+}
+export interface ListOpts {
+    readonly filter?: {
+        readonly equals?: {
+            field: string;
+            value: unknown;
+        };
+        readonly contains?: {
+            field: string;
+            value: string;
+        };
+        readonly tagsAny?: readonly string[];
+        readonly tagsAll?: readonly string[];
+        readonly range?: {
+            field: string;
+            gte?: string;
+            lte?: string;
+        };
+    };
+    readonly order?: "newest" | "oldest";
+    readonly limit?: number;
+    readonly cursor?: string;
+}
+export declare function createDataClient(args: CreateDataClientArgs): DataClient;
+//# sourceMappingURL=data.d.ts.map

package/dist/src/data.js

@@ -0,0 +1,616 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * `sdk.data` — high-level API for the Aithos data sub-protocol PDS.
+ *
+ * The Aithos data sub-protocol stores operational records (contacts,
+ * messages, ...) under a subject's identity, encrypted client-side,
+ * accessible to authorized apps via signed mandates. This module is the
+ * ergonomic façade developers consume:
+ *
+ *     const client = createDataClient({ pdsUrl, did, sphereSeed });
+ *     const contacts = client.collection("contacts");
+ *     const id = await contacts.insert({ name: "Jean", phone: "+33..." });
+ *     const list = await contacts.list({ filter: { status: "lead" } });
+ *
+ * Under the hood the module handles: envelope signing per spec §11,
+ * CMK / DEK lifecycle (generate, wrap, unwrap), per-record AEAD
+ * encryption, split between indexable metadata (server-visible) and
+ * encrypted payload (server-blind), JSON-RPC dispatch.
+ *
+ * It does not (yet) handle: mandate-delegate authentication on the
+ * caller side (the SDK only signs as owner in v0.1), schema
+ * publication (only the bundled `aithos.contacts.v1` is recognized),
+ * forward-secrecy CMK rotation primitives. Those land in later
+ * Sub-jalons.
+ *
+ * Spec ref: spec/data/01..10 of the aithos-protocol repo.
+ */
+import { x25519 } from "@noble/curves/ed25519.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { XChaCha20Poly1305 } from "@stablelib/xchacha20poly1305";
+import * as ed from "@noble/ed25519";
+import { contactsV1 } from "./data-schema-contacts-v1.js";
+// noble/ed25519 v2 needs sha512 wired in for sync sign/verify
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+ed.etc.sha512Sync = (...m) => 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+sha512(ed.etc.concatBytes(...m));
+/* -------------------------------------------------------------------------- */
+/*  Schema registry (local)                                                   */
+/* -------------------------------------------------------------------------- */
+const SCHEMAS = new Map([
+    [contactsV1.schema, contactsV1],
+]);
+/* -------------------------------------------------------------------------- */
+/*  Public factory                                                            */
+/* -------------------------------------------------------------------------- */
+export function createDataClient(args) {
+    return new DataClientImpl(args);
+}
+/* -------------------------------------------------------------------------- */
+/*  Implementation                                                            */
+/* -------------------------------------------------------------------------- */
+class DataClientImpl {
+    #pdsUrl;
+    #did;
+    #seed;
+    #vm;
+    #fetch;
+    // Per-collection CMK cache: cleared on reset()
+    #cmkCache = new Map();
+    #colCache = new Map();
+    constructor(args) {
+        this.#pdsUrl = args.pdsUrl.replace(/\/$/, "");
+        this.#did = args.did;
+        this.#seed = args.sphereSeed;
+        this.#vm = args.verificationMethod;
+        this.#fetch = args.fetch ?? globalThis.fetch.bind(globalThis);
+    }
+    collection(name) {
+        return new DataCollectionImpl(this, name);
+    }
+    async createCollection(args) {
+        const cmk = randomBytes32();
+        const recipientDidUrl = `${this.#did}#data-kex`;
+        const collectionUrn = this.#collectionUrn(args.name);
+        const recipientPublic = ed25519SeedToX25519PublicKey(this.#seed);
+        const wrap = this.#wrapCmkForRecipient({
+            cmk,
+            recipientPublicKey: recipientPublic,
+            recipientDidUrl,
+            collectionUrn,
+        });
+        try {
+            await this.#call("/mcp/primitives/write", "aithos.data.create_collection", {
+                subject_did: this.#did,
+                collection_name: args.name,
+                schema: args.schema,
+                ...(args.forwardSecrecy ? { forward_secrecy: args.forwardSecrecy } : {}),
+                cmk_envelope: {
+                    alg: "xchacha20poly1305-ietf",
+                    wraps: [wrap],
+                },
+            });
+            // Cache CMK in memory for subsequent ops on this collection.
+            this.#cmkCache.set(args.name, cmk);
+        }
+        finally {
+            // CMK is retained in cache, only zero the local var if we didn't cache.
+        }
+    }
+    async listCollections() {
+        const r = await this.#call("/mcp/primitives/read", "aithos.data.list_collections", {
+            subject_did: this.#did,
+        });
+        const items = r.items ?? [];
+        return items.map((c) => ({
+            name: c.name,
+            schema: c.schema,
+            record_count: c.record_count,
+        }));
+    }
+    async listGammaEntries(opts = {}) {
+        const params = { subject_did: this.#did };
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.opPrefix)
+            params.op_prefix = opts.opPrefix;
+        if (opts.verify)
+            params.verify = true;
+        return this.#call("/mcp/primitives/read", "aithos.data.list_gamma_entries", params);
+    }
+    reset() {
+        for (const k of this.#cmkCache.values())
+            k.fill(0);
+        this.#cmkCache.clear();
+        this.#colCache.clear();
+    }
+    /* -- Internals used by DataCollection -- */
+    async _ensureCollection(name) {
+        const cached = this.#colCache.get(name);
+        if (cached)
+            return cached;
+        // Fetch metadata from PDS
+        const meta = (await this.#call("/mcp/primitives/read", "aithos.data.get_collection", {
+            subject_did: this.#did,
+            collection_name: name,
+        }));
+        // Look up our wrap and unwrap the CMK
+        const ourRecipient = `${this.#did}#data-kex`;
+        const wrap = meta.cmk_envelope.wraps.find((w) => w.recipient === ourRecipient);
+        if (!wrap) {
+            throw new Error(`sdk.data: no CMK wrap for ${ourRecipient} in collection ${name}. The collection was either created with a different recipient, or this client is not the owner.`);
+        }
+        const cmk = this.#unwrapCmk({
+            wrap,
+            collectionUrn: meta.urn,
+            privateKey: ed25519SeedToX25519PrivateKey(this.#seed),
+        });
+        this.#cmkCache.set(name, cmk);
+        const schema = SCHEMAS.get(meta.schema);
+        if (!schema) {
+            throw new Error(`sdk.data: schema "${meta.schema}" not known to the SDK`);
+        }
+        const state = { name, urn: meta.urn, schema };
+        this.#colCache.set(name, state);
+        return state;
+    }
+    async _insert(state, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const recordId = `record_${makeUlid()}`;
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        const r = (await this.#call("/mcp/primitives/write", "aithos.data.insert_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        }));
+        return r.record_id;
+    }
+    async _get(state, recordId) {
+        let raw;
+        try {
+            raw = await this.#call("/mcp/primitives/read", "aithos.data.get_record", {
+                collection_urn: state.urn,
+                record_id: recordId,
+            });
+        }
+        catch (e) {
+            if (e.code === -32020)
+                return null;
+            throw e;
+        }
+        return this.#decryptRecord(state, raw);
+    }
+    async _list(state, opts = {}) {
+        const params = {
+            collection_urn: state.urn,
+        };
+        if (opts.filter)
+            params.filter = opts.filter;
+        if (opts.order)
+            params.order = opts.order;
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.cursor)
+            params.cursor = opts.cursor;
+        const r = (await this.#call("/mcp/primitives/read", "aithos.data.list_records", params));
+        const items = r.items.map((it) => this.#decryptRecord(state, it));
+        return {
+            items,
+            ...(r.next_cursor ? { nextCursor: r.next_cursor } : {}),
+        };
+    }
+    async _update(state, recordId, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        await this.#call("/mcp/primitives/write", "aithos.data.update_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        });
+    }
+    async _delete(state, recordId) {
+        await this.#call("/mcp/primitives/write", "aithos.data.delete_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+        });
+    }
+    /* -- JSON-RPC dispatch -- */
+    async #call(path, method, params) {
+        const aud = `${this.#pdsUrl}${path}`;
+        const envelope = this.#signEnvelope({ aud, method, params });
+        const body = {
+            jsonrpc: "2.0",
+            id: makeUlid(),
+            method,
+            params: { ...params, _envelope: envelope },
+        };
+        const r = await this.#fetch(aud, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify(body),
+        });
+        const json = (await r.json());
+        if (json.error) {
+            const err = new Error(json.error.message);
+            err.code = json.error.code;
+            err.data = json.error.data;
+            throw err;
+        }
+        return json.result ?? {};
+    }
+    /* -- Envelope signing (inlined subset of @aithos/protocol-core/envelope) -- */
+    #signEnvelope(args) {
+        const now = Math.floor(Date.now() / 1000);
+        const exp = now + 60;
+        const nonce = makeUlid();
+        const paramsHash = "sha256-" + sha256Hex(jcsCanonicalize(args.params));
+        const unsigned = {
+            "aithos-envelope": "0.1.0",
+            iss: this.#did,
+            aud: args.aud,
+            method: args.method,
+            iat: now,
+            exp,
+            nonce,
+            params_hash: paramsHash,
+            proof: {
+                type: "Ed25519Signature2020",
+                verificationMethod: this.#vm,
+                created: new Date(now * 1000).toISOString(),
+                proofValue: "",
+            },
+        };
+        const bytes = new TextEncoder().encode(jcsCanonicalize(unsigned));
+        const sig = ed.sign(bytes, this.#seed);
+        return {
+            ...unsigned,
+            proof: { ...unsigned.proof, proofValue: base64url(sig) },
+        };
+    }
+    /* -- Crypto helpers -- */
+    #collectionUrn(name) {
+        return `urn:aithos:collection:${this.#did}:${name}`;
+    }
+    #wrapCmkForRecipient(args) {
+        const ephSk = x25519.utils.randomSecretKey();
+        const ephPk = x25519.getPublicKey(ephSk);
+        const shared = x25519.getSharedSecret(ephSk, args.recipientPublicKey);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.recipientDidUrl), 32);
+        const wrapNonce = randomBytes24();
+        const aad = aadCmkWrap(args.collectionUrn, args.recipientDidUrl);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const wrapped = aead.seal(wrapNonce, args.cmk, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        return {
+            recipient: args.recipientDidUrl,
+            alg: "x25519-hkdf-sha256-aead",
+            ephemeral_public: base64Std(ephPk),
+            wrap_nonce: base64Std(wrapNonce),
+            wrapped_key: base64Std(wrapped),
+        };
+    }
+    #unwrapCmk(args) {
+        const ephPk = fromBase64(args.wrap.ephemeral_public);
+        const wrapNonce = fromBase64(args.wrap.wrap_nonce);
+        const wrappedKey = fromBase64(args.wrap.wrapped_key);
+        const shared = x25519.getSharedSecret(args.privateKey, ephPk);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.wrap.recipient), 32);
+        const aad = aadCmkWrap(args.collectionUrn, args.wrap.recipient);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const cmk = aead.open(wrapNonce, wrappedKey, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        if (!cmk)
+            throw new Error("sdk.data: CMK unwrap failed (wrong key or AAD mismatch)");
+        return cmk;
+    }
+    #encryptPayload(args) {
+        const dek = randomBytes32();
+        try {
+            const plaintext = new TextEncoder().encode(jcsCanonicalize(args.payload));
+            const nonce = randomBytes24();
+            const aad = aadRecord(this.#did, args.collectionName, args.recordId);
+            const aead = new XChaCha20Poly1305(dek);
+            const ciphertext = aead.seal(nonce, plaintext, aad);
+            const dekWrapNonce = randomBytes24();
+            const dekAad = aadDekWrap(this.#did, args.collectionName, args.recordId);
+            const dekAead = new XChaCha20Poly1305(args.cmk);
+            const wrapped = dekAead.seal(dekWrapNonce, dek, dekAad);
+            const dekWrap = new Uint8Array(dekWrapNonce.length + wrapped.length);
+            dekWrap.set(dekWrapNonce, 0);
+            dekWrap.set(wrapped, dekWrapNonce.length);
+            return {
+                alg: "xchacha20poly1305-ietf",
+                nonce: base64Std(nonce),
+                ciphertext: base64Std(ciphertext),
+                dek_wrapped_for_cmk: base64Std(dekWrap),
+            };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+    #decryptRecord(state, raw) {
+        if (raw.deleted) {
+            // Soft-deleted record — payload was cleared.
+            return { ...raw.metadata, _deleted: true };
+        }
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk) {
+            throw new Error("sdk.data: CMK not loaded — call ensureCollection first");
+        }
+        // Unwrap DEK
+        const wrapBuf = fromBase64(raw.payload.dek_wrapped_for_cmk);
+        const wrapNonce = wrapBuf.slice(0, 24);
+        const wrapped = wrapBuf.slice(24);
+        const dekAad = aadDekWrap(this.#did, state.name, raw.record_id);
+        const dekAead = new XChaCha20Poly1305(cmk);
+        const dek = dekAead.open(wrapNonce, wrapped, dekAad);
+        if (!dek)
+            throw new Error("sdk.data: DEK unwrap failed");
+        try {
+            const nonce = fromBase64(raw.payload.nonce);
+            const ciphertext = fromBase64(raw.payload.ciphertext);
+            const aad = aadRecord(this.#did, state.name, raw.record_id);
+            const aead = new XChaCha20Poly1305(dek);
+            const plaintext = aead.open(nonce, ciphertext, aad);
+            if (!plaintext)
+                throw new Error("sdk.data: payload decrypt failed");
+            const payload = JSON.parse(new TextDecoder().decode(plaintext));
+            return { record_id: raw.record_id, ...raw.metadata, ...payload };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+}
+class DataCollectionImpl {
+    client;
+    name;
+    constructor(client, name) {
+        this.client = client;
+        this.name = name;
+    }
+    async insert(record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._insert(state, record);
+    }
+    async get(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._get(state, recordId);
+    }
+    async list(opts) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._list(state, opts);
+    }
+    async update(recordId, record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._update(state, recordId, record);
+    }
+    async delete(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._delete(state, recordId);
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  Record split (metadata vs payload)                                        */
+/* -------------------------------------------------------------------------- */
+function splitRecord(record, schema) {
+    const metadata = {};
+    const payload = {};
+    for (const [k, v] of Object.entries(record)) {
+        if (schema.auto.has(k))
+            continue; // server-set
+        if (schema.indexable.has(k)) {
+            metadata[k] = v;
+        }
+        else if (schema.encrypted.has(k)) {
+            payload[k] = v;
+        }
+        else {
+            // Unknown field — drop. Server will reject in any case (additionalProperties: false).
+        }
+    }
+    return { metadata, payload };
+}
+/* -------------------------------------------------------------------------- */
+/*  Crypto helpers                                                            */
+/* -------------------------------------------------------------------------- */
+function randomBytes32() {
+    return cryptoRandom(32);
+}
+function randomBytes24() {
+    return cryptoRandom(24);
+}
+/** Cross-platform CSPRNG: Web Crypto in browser, Node WebCrypto in Node 19+. */
+function cryptoRandom(n) {
+    const buf = new Uint8Array(n);
+    // globalThis.crypto exists in browsers and in Node 19+
+    globalThis.crypto?.getRandomValues(buf);
+    return buf;
+}
+function utf8(s) {
+    return new TextEncoder().encode(s);
+}
+function aadCmkWrap(collectionUrn, recipient) {
+    const p = utf8("aithos-data-cmk-v1\0");
+    const c = utf8(collectionUrn);
+    const sep = new Uint8Array([0]);
+    const r = utf8(recipient);
+    const out = new Uint8Array(p.length + c.length + sep.length + r.length);
+    let off = 0;
+    out.set(p, off);
+    off += p.length;
+    out.set(c, off);
+    off += c.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(r, off);
+    return out;
+}
+function aadDekWrap(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-dek-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function aadRecord(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-record-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function concat3WithSeps(prefix, a, b, c) {
+    const aa = utf8(a);
+    const bb = utf8(b);
+    const cc = utf8(c);
+    const sep = new Uint8Array([0]);
+    const total = prefix.length + aa.length + sep.length + bb.length + sep.length + cc.length;
+    const out = new Uint8Array(total);
+    let off = 0;
+    out.set(prefix, off);
+    off += prefix.length;
+    out.set(aa, off);
+    off += aa.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(bb, off);
+    off += bb.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(cc, off);
+    return out;
+}
+/**
+ * Derive a 32-byte X25519 private key from an Ed25519 seed via SHA-512
+ * truncation + clamping. Mirrors libsodium's
+ * crypto_sign_ed25519_sk_to_curve25519 for the secret-key side. Used so
+ * a single Ed25519 sphere seed can both sign envelopes and key-agree
+ * with mandate recipients.
+ */
+function ed25519SeedToX25519PrivateKey(seed) {
+    if (seed.length !== 32)
+        throw new Error("Ed25519 seed must be 32 bytes");
+    const h = sha512(seed);
+    const sk = new Uint8Array(h.slice(0, 32));
+    // Clamp per X25519 spec
+    sk[0] = sk[0] & 248;
+    sk[31] = sk[31] & 127;
+    sk[31] = sk[31] | 64;
+    return sk;
+}
+function ed25519SeedToX25519PublicKey(seed) {
+    const sk = ed25519SeedToX25519PrivateKey(seed);
+    try {
+        return x25519.getPublicKey(sk);
+    }
+    finally {
+        sk.fill(0);
+    }
+}
+function makeUlid() {
+    // Lightweight ULID — millisecond timestamp + 80 bits of randomness.
+    // Crockford base32. For tests this is sufficient; production uses
+    // the canonical ulid package.
+    const tsBuf = new Uint8Array(6);
+    let ts = Date.now();
+    for (let i = 5; i >= 0; i--) {
+        tsBuf[i] = ts & 0xff;
+        ts = Math.floor(ts / 256);
+    }
+    const rndBuf = cryptoRandom(10);
+    const all = new Uint8Array(16);
+    all.set(tsBuf, 0);
+    all.set(rndBuf, 6);
+    const alphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+    let bits = 0;
+    let value = 0;
+    let out = "";
+    for (const b of all) {
+        value = (value << 8) | b;
+        bits += 8;
+        while (bits >= 5) {
+            out += alphabet[(value >> (bits - 5)) & 0x1f];
+            bits -= 5;
+        }
+    }
+    if (bits > 0)
+        out += alphabet[(value << (5 - bits)) & 0x1f];
+    return out.slice(0, 26);
+}
+/** Standard base64 (with `=` padding). Browser + Node compatible. */
+function base64Std(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin);
+}
+/** base64url (URL-safe, no padding). */
+function base64url(bytes) {
+    return base64Std(bytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function fromBase64(s) {
+    // Accept either standard base64 or base64url
+    const std = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = std + "=".repeat((4 - (std.length % 4)) % 4);
+    const bin = atob(padded);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+function sha256Hex(s) {
+    const d = sha256(new TextEncoder().encode(s));
+    let hex = "";
+    for (const b of d)
+        hex += b.toString(16).padStart(2, "0");
+    return hex;
+}
+/* -------------------------------------------------------------------------- */
+/*  JCS-style canonicalization (RFC 8785 subset)                              */
+/* -------------------------------------------------------------------------- */
+function jcsCanonicalize(value) {
+    if (value === null)
+        return "null";
+    if (value === undefined)
+        throw new Error("Cannot canonicalize undefined");
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "number") {
+        if (!Number.isFinite(value))
+            throw new Error("non-finite number");
+        return value.toString();
+    }
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(jcsCanonicalize).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        return ("{" +
+            keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k])).join(",") +
+            "}");
+    }
+    throw new Error(`Cannot canonicalize ${typeof value}`);
+}
+//# sourceMappingURL=data.js.map

package/dist/src/index.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "0.1.0-alpha.23";
+export declare const VERSION = "0.1.0-alpha.26";
 export { AithosSDK } from "./sdk.js";
 export type { AithosSDKConfig } from "./types.js";
 export { AithosSDKError } from "./types.js";
@@ -21,4 +21,6 @@ export { COMPUTE_INVOKE_SCOPE, MandatesNamespace } from "./mandates.js";
 export type { ActorSphere, CreateMandateComputeInput, CreateMandateInput, MintedMandate, OwnedMandate, Scope, } from "./mandates.js";
 export * as onboarding from "./onboarding.js";
 export { createBrowserIdentity, browserIdentityFromStored, type BrowserIdentity, } from "@aithos/protocol-client";
+export type { Section } from "@aithos/protocol-client";
+export { createDataClient, type CreateDataClientArgs, type DataClient, type DataCollection, type ListOpts, type AithosSchemaLite, } from "./data.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.js

@@ -17,7 +17,7 @@
 // Public types specific to the SDK (`AithosSDKConfig`, `AithosSDKError`)
 // are exported from here. Endpoint config (`AithosSdkEndpoints`,
 // `DEFAULT_SDK_ENDPOINTS`) likewise.
-export const VERSION = "0.1.0-alpha.23";
+export const VERSION = "0.1.0-alpha.26";
 export { AithosSDK } from "./sdk.js";
 export { AithosSDKError } from "./types.js";
 // Re-export protocol-client's JSON-RPC error type so consumers can
@@ -58,4 +58,8 @@ export * as onboarding from "./onboarding.js";
 // Convenience direct re-exports of the most-used identity primitives so the
 // quick-start example doesn't need a namespace import.
 export { createBrowserIdentity, browserIdentityFromStored, } from "@aithos/protocol-client";
+// `sdk.data` namespace — Aithos data sub-protocol PDS client. Manages
+// the lifecycle of subject-owned, encrypted, schema-validated records.
+// See spec/data/ in the aithos-protocol repo.
+export { createDataClient, } from "./data.js";
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.24",
+  "version": "0.1.0-alpha.26",
   "description": "Aithos SDK \u2014 high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",