@aithos/sdk 0.1.0-alpha.4 → 0.1.0-alpha.41

package/dist/src/web.js

@@ -0,0 +1,186 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Web namespace — `aithos.web_extract` through the web-extractor proxy.
+//
+// Same JSON-RPC + signed-envelope protocol as the compute namespace, but
+// against a separate Aithos service (`extract.aithos.be`). Pricing is a
+// flat 1 microcredit per successful extraction (refunded on failure).
+//
+// The mandate scope is `web.extract` (exported as {@link WEB_EXTRACT_SCOPE}
+// for owner mint-time use). A delegate that holds only this scope can read
+// pages on the owner's behalf without gaining LLM-spend authority.
+//
+// Signing follows the same owner-vs-delegate logic as the compute namespace
+// (see ComputeNamespace.#resolveSigner). The duplication is bounded — both
+// namespaces' `#signAndPost` helpers can later move into a shared internal
+// once a third primitive arrives.
+import { buildSignedEnvelope, } from "@aithos/protocol-client";
+import { webInvokeUrl, } from "./endpoints.js";
+import { delegateKeyPair, ownerKeyPair, } from "./internal/protocol-client-bridge.js";
+import { AithosSDKError } from "./types.js";
+/** Opt-in scope a mandate must carry to invoke `aithos.web_extract`. */
+export const WEB_EXTRACT_SCOPE = "web.extract";
+/**
+ * `sdk.web` namespace — Aithos's web extraction primitive.
+ *
+ * Designed so a downstream agent can read the static content of any
+ * public page (HTML, purged CSS, computed visual signature) without
+ * involving an LLM — saving ~30× over a Bedrock-based extraction in
+ * both latency and cost.
+ *
+ * @throws {AithosSDKError} — same error taxonomy as `sdk.compute`,
+ *   including `-32071` (insufficient balance with `{required, available}`
+ *   in `data`) and `-32042` (mandate scope mismatch).
+ */
+export class WebNamespace {
+    #deps;
+    constructor(deps) {
+        this.#deps = deps;
+    }
+    /**
+     * Extract a public webpage. Returns the cleaned HTML, purged CSS and
+     * a deterministic visual signature (palette, typography, dominant
+     * radii, spacing, layout mode, component digests).
+     */
+    async extract(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
+        const url = webInvokeUrl(endpoints);
+        const params = {
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
+            url: args.url,
+        };
+        if (args.waitUntil !== undefined)
+            params.waitUntil = args.waitUntil;
+        if (args.timeoutMs !== undefined)
+            params.timeoutMs = args.timeoutMs;
+        if (args.idempotencyKey !== undefined) {
+            params.idempotencyKey = args.idempotencyKey;
+        }
+        return await this.#signAndPost({
+            url,
+            method: "aithos.web_extract",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /**
+     * Fetch a single asset (image / font / css / json …) server-side,
+     * bypassing browser CORS. Returns the bytes as base64 + content-type.
+     *
+     * Use when `fetch(url, {mode: "cors"})` and `<img crossOrigin>`
+     * canvas readback both fail because the asset server doesn't return
+     * Access-Control-Allow-Origin headers — typical for production
+     * sites' logos hosted on the main domain.
+     *
+     * For the common "logo of a webpage" case the lambda already
+     * resolves and embeds the best symbol-only logo in
+     * {@link extract}'s `data.logo` field; you only need fetchAsset
+     * when extract's logo doesn't fit, when picking up secondary
+     * assets (og:image, hero image, document download), or when
+     * fetching an asset on a page you haven't extracted.
+     *
+     * Costs 1 mc per successful fetch, full refund on failure. Server
+     * caps: 15 s timeout, 10 MB body, http/https only.
+     */
+    async fetchAsset(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
+        const url = webInvokeUrl(endpoints);
+        const params = {
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
+            url: args.url,
+        };
+        return await this.#signAndPost({
+            url,
+            method: "aithos.web_fetch_asset",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /* ----------------------------- internals ----------------------------- */
+    #resolveSigner(mandateId) {
+        const { auth } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        const ownerLoaded = owner !== null && !owner.destroyed;
+        if (ownerLoaded) {
+            const publicKp = ownerKeyPair(owner, "public");
+            return {
+                kind: "owner",
+                iss: owner.did,
+                verificationMethod: `${owner.did}#public`,
+                signer: publicKp,
+                mandate: undefined,
+            };
+        }
+        if (mandateId === undefined || mandateId.length === 0) {
+            throw new AithosSDKError("sdk_no_signer", "no owner signed in and no mandateId provided — pass a mandateId for a delegate session, or sign in as an owner first.");
+        }
+        const actor = auth._getDelegateActor(mandateId);
+        if (!actor || actor.destroyed) {
+            throw new AithosSDKError("sdk_no_delegate_for_mandate", `no owner signed in and no imported delegate mandate matches '${mandateId}'. Sign in as an owner, or import a delegate bundle for that mandate via auth.importMandate.`);
+        }
+        const kp = delegateKeyPair(actor);
+        return {
+            kind: "delegate",
+            iss: actor.subjectDid,
+            verificationMethod: actor.granteePubkeyMultibase,
+            signer: kp,
+            mandate: actor.mandate,
+        };
+    }
+    #resolveMandateIdForWire(explicit, choice) {
+        if (explicit && explicit.length > 0)
+            return explicit;
+        if (choice.kind === "delegate")
+            return choice.mandate.id;
+        return `${choice.iss}#self`;
+    }
+    async #signAndPost(opts) {
+        const { url, method, params, choice, fetchImpl, signal } = opts;
+        const envelope = buildSignedEnvelope({
+            iss: choice.iss,
+            aud: url,
+            method,
+            verificationMethod: choice.verificationMethod,
+            params,
+            signer: choice.signer,
+            ...(choice.kind === "delegate" ? { mandate: choice.mandate } : {}),
+        });
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: method,
+                    method,
+                    params: { ...params, _envelope: envelope },
+                }),
+                ...(signal ? { signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        if (!res.ok) {
+            throw new AithosSDKError("http", `HTTP ${res.status} ${res.statusText}`, { status: res.status });
+        }
+        const body = (await res.json());
+        if (body.error) {
+            throw new AithosSDKError(String(body.error.code), body.error.message, body.error.data ? { data: body.error.data } : undefined);
+        }
+        if (!body.result) {
+            throw new AithosSDKError("empty", "empty result from web extractor proxy");
+        }
+        return body.result;
+    }
+}
+//# sourceMappingURL=web.js.map

package/dist/test/auth-j3.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth-j3.test.d.ts.map

package/dist/test/auth-j3.test.js

@@ -0,0 +1,391 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Tests for J3 — KeyStore integration, signInWithRecovery,
+// importMandate, resume(), signOut(), state accessors.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { createBrowserIdentity } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { parseDelegateBundle, readDelegateBundleText, } from "../src/internal/delegate-bundle.js";
+import { parseRecoveryFile, serializeRecoveryFile, } from "../src/internal/recovery-file.js";
+/* -------------------------------------------------------------------------- */
+/*  Test helpers                                                              */
+/* -------------------------------------------------------------------------- */
+function makeAuth(opts = {}) {
+    return new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("network not expected in this test");
+        }),
+        sessionStore: opts.sessionStore ?? noopStore(),
+        keyStore: opts.keyStore ?? memoryKeyStore(),
+    });
+}
+/** Build a recovery-file JSON string from a fresh BrowserIdentity. */
+function recoveryTextFor(handle, displayName) {
+    const id = createBrowserIdentity(handle, displayName);
+    const { text } = serializeRecoveryFile(id);
+    return { text, did: id.did };
+}
+function delegateBundleText(args) {
+    return JSON.stringify({
+        aithos_delegate_version: "0.1.0",
+        mandate: {
+            id: args.mandateId,
+            subject_did: args.subjectDid,
+            grantee: {
+                id: args.granteeId,
+                pubkey: args.granteePubkeyMultibase ?? "z6MkqGenericPubKey",
+            },
+            scopes: args.scopes ?? ["ethos.read.public"],
+        },
+        delegate_seed_hex: "11".repeat(32),
+    });
+}
+/* -------------------------------------------------------------------------- */
+/*  parseRecoveryFile / serializeRecoveryFile                                 */
+/* -------------------------------------------------------------------------- */
+describe("recovery file: parse + serialize", () => {
+    it("round-trips a fresh identity", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const { text } = serializeRecoveryFile(id);
+        const parsed = parseRecoveryFile(text);
+        assert.equal(parsed.did, id.did);
+        assert.equal(parsed.handle, id.handle);
+        assert.equal(parsed.displayName, id.displayName);
+        assert.equal(parsed.seedsHex.root.length, 64);
+    });
+    it("accepts the runOnboarding shape (warning + created_at)", () => {
+        const id = createBrowserIdentity("bob", "Bob");
+        const text = JSON.stringify({
+            aithos_recovery_version: "0.1.0-plaintext",
+            warning: "this is plaintext, store offline",
+            handle: id.handle,
+            display_name: id.displayName,
+            did: id.did,
+            created_at: new Date().toISOString(),
+            seeds_hex: {
+                root: bytesToHex(id.root.seed),
+                public: bytesToHex(id.public.seed),
+                circle: bytesToHex(id.circle.seed),
+                self: bytesToHex(id.self.seed),
+            },
+            public_keys_multibase: {},
+        });
+        const parsed = parseRecoveryFile(text);
+        assert.equal(parsed.did, id.did);
+    });
+    it("rejects unsupported versions", () => {
+        assert.throws(() => parseRecoveryFile(JSON.stringify({ aithos_recovery_version: "9.9.9" })), (e) => e instanceof AithosSDKError && e.code === "auth_invalid_recovery_file");
+    });
+    it("rejects malformed seeds", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const { text } = serializeRecoveryFile(id);
+        const obj = JSON.parse(text);
+        obj.seeds_hex.root = "not hex";
+        assert.throws(() => parseRecoveryFile(JSON.stringify(obj)), AithosSDKError);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  parseDelegateBundle                                                       */
+/* -------------------------------------------------------------------------- */
+describe("delegate bundle: parse", () => {
+    it("parses a well-formed bundle (legacy subject_did field)", () => {
+        const text = delegateBundleText({
+            mandateId: "mandate:01H8XYZ",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:bob1",
+            scopes: ["ethos.read.public", "ethos.write.public"],
+        });
+        const parsed = parseDelegateBundle(text);
+        assert.equal(parsed.mandateId, "mandate:01H8XYZ");
+        assert.equal(parsed.subjectDid, "did:aithos:zCarol");
+        assert.equal(parsed.granteeId, "urn:aithos:agent:bob1");
+        assert.equal(parsed.delegateSeedHex.length, 64);
+    });
+    it("parses a bundle minted by mintDelegateBundle (issuer field)", () => {
+        // Real wire shape emitted by `mintDelegateBundle` in protocol-client:
+        // SignedMandate carries the subject's DID under `issuer`, NOT
+        // `subject_did`. Regression test for the import flow that broke
+        // every freshly-minted mandate before this fix.
+        const text = JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            mandate: {
+                "aithos-mandate": "0.1",
+                id: "mandate:01H8ISSUER",
+                issuer: "did:aithos:zCarol",
+                issued_by_key: "did:aithos:zCarol#root",
+                grantee: {
+                    id: "urn:aithos:agent:bob1",
+                    pubkey: "z6MkqGenericPubKey",
+                },
+                actor_sphere: "self",
+                scopes: ["ethos.read.public", "ethos.write.public"],
+                not_before: "2026-05-10T00:00:00Z",
+                not_after: "2026-05-11T00:00:00Z",
+                issued_at: "2026-05-10T00:00:00Z",
+                nonce: "abc",
+                signature: { alg: "ed25519", key: "...", value: "..." },
+            },
+            delegate_seed_hex: "11".repeat(32),
+        });
+        const parsed = parseDelegateBundle(text);
+        assert.equal(parsed.subjectDid, "did:aithos:zCarol");
+        assert.equal(parsed.mandateId, "mandate:01H8ISSUER");
+        assert.equal(parsed.granteeId, "urn:aithos:agent:bob1");
+    });
+    it("readDelegateBundleText accepts string passthrough", async () => {
+        const text = delegateBundleText({
+            mandateId: "m",
+            subjectDid: "did:aithos:z",
+            granteeId: "urn:x",
+        });
+        assert.equal(await readDelegateBundleText(text), text);
+    });
+    it("rejects missing mandate", () => {
+        assert.throws(() => parseDelegateBundle(JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            delegate_seed_hex: "11".repeat(32),
+        })), AithosSDKError);
+    });
+    it("rejects malformed delegate seed", () => {
+        assert.throws(() => parseDelegateBundle(JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            mandate: {
+                id: "m",
+                subject_did: "did:aithos:z",
+                grantee: { id: "u", pubkey: "z6MkXYZ" },
+            },
+            delegate_seed_hex: "not hex",
+        })), AithosSDKError);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — recovery sign-in                                             */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signInWithRecovery", () => {
+    it("hydrates owner signers + persists to keyStore (no JWT)", async () => {
+        const keyStore = memoryKeyStore();
+        const sessionStore = noopStore();
+        const auth = makeAuth({ sessionStore, keyStore });
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.getOwnerInfo(), null);
+        const { text } = recoveryTextFor("alice", "Alice");
+        const info = await auth.signInWithRecovery({ file: text });
+        assert.equal(info.handle, "alice");
+        assert.equal(auth.canSignAsOwner(), true);
+        assert.equal(auth.getOwnerInfo()?.did, info.did);
+        assert.equal(auth.getCurrentSession(), null, "no JWT for recovery flow");
+        const persisted = await keyStore.loadOwner();
+        assert.equal(persisted?.did, info.did);
+    });
+    it("rejects loading a different owner without signOut first", async () => {
+        const auth = makeAuth();
+        const a = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: a.text });
+        const b = recoveryTextFor("bob", "Bob");
+        await assert.rejects(() => auth.signInWithRecovery({ file: b.text }), (e) => e instanceof AithosSDKError && e.code === "auth_owner_already_loaded");
+    });
+    it("clears any stale JWT to keep stores in sync", async () => {
+        const keyStore = memoryKeyStore();
+        let stored = {
+            session: "stale-jwt",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zStale",
+            handle: "stale",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => stored,
+            set: (s) => {
+                stored = s;
+            },
+            clear: () => {
+                stored = null;
+            },
+        };
+        const auth = makeAuth({ sessionStore, keyStore });
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        assert.equal(stored, null, "stale JWT must be wiped");
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — importMandate                                                */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.importMandate", () => {
+    it("registers a delegate, lists it, removes it", async () => {
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore });
+        const text = delegateBundleText({
+            mandateId: "mandate:A",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:bob1",
+            scopes: ["ethos.read.circle"],
+        });
+        const info = await auth.importMandate({ bundle: text });
+        assert.equal(info.mandateId, "mandate:A");
+        assert.equal(info.subjectDid, "did:aithos:zCarol");
+        assert.deepEqual(info.scopes, ["ethos.read.circle"]);
+        const list = auth.getDelegates();
+        assert.equal(list.length, 1);
+        assert.equal(list[0]?.mandateId, "mandate:A");
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zCarol"), true);
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zNobody"), false);
+        await auth.removeMandate("mandate:A");
+        assert.equal(auth.getDelegates().length, 0);
+        assert.equal((await keyStore.listDelegates()).length, 0);
+    });
+    it("works without an owner loaded (delegate-only session)", async () => {
+        const auth = makeAuth();
+        assert.equal(auth.canSignAsOwner(), false);
+        const text = delegateBundleText({
+            mandateId: "mandate:Solo",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:solo1",
+        });
+        await auth.importMandate({ bundle: text });
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zCarol"), true);
+    });
+    it("re-importing the same mandate replaces the prior actor", async () => {
+        const auth = makeAuth();
+        const text = delegateBundleText({
+            mandateId: "mandate:R",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:r",
+        });
+        await auth.importMandate({ bundle: text });
+        await auth.importMandate({ bundle: text });
+        assert.equal(auth.getDelegates().length, 1);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — resume()                                                     */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.resume", () => {
+    it("rehydrates owner + delegates from keyStore on a fresh instance", async () => {
+        const keyStore = memoryKeyStore();
+        const sessionStore = noopStore();
+        // Seed the stores via a first auth instance.
+        {
+            const auth1 = makeAuth({ keyStore, sessionStore });
+            const { text: rt } = recoveryTextFor("alice", "Alice");
+            await auth1.signInWithRecovery({ file: rt });
+            const dt = delegateBundleText({
+                mandateId: "mandate:M1",
+                subjectDid: "did:aithos:zCarol",
+                granteeId: "urn:x",
+            });
+            await auth1.importMandate({ bundle: dt });
+        }
+        // Fresh instance, same stores → resume() must reload everything.
+        const auth2 = makeAuth({ keyStore, sessionStore });
+        assert.equal(auth2.canSignAsOwner(), false, "before resume, in-memory only");
+        await auth2.resume();
+        assert.equal(auth2.canSignAsOwner(), true);
+        assert.equal(auth2.getOwnerInfo()?.handle, "alice");
+        assert.equal(auth2.getDelegates().length, 1);
+        assert.equal(auth2.canSignAsDelegateFor("did:aithos:zCarol"), true);
+    });
+    it("strict mode: JWT in sessionStore but no owner in keyStore → wipes JWT", async () => {
+        let jwt = {
+            session: "j",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zGhost",
+            handle: "ghost",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => jwt,
+            set: (s) => {
+                jwt = s;
+            },
+            clear: () => {
+                jwt = null;
+            },
+        };
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore, sessionStore });
+        await auth.resume();
+        assert.equal(jwt, null, "out-of-sync JWT must be cleared");
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    it("strict mode: JWT and owner disagree on DID → wipes JWT only", async () => {
+        const keyStore = memoryKeyStore();
+        const { text } = recoveryTextFor("alice", "Alice");
+        // Seed the keystore with alice via one instance.
+        {
+            const auth1 = makeAuth({ keyStore });
+            await auth1.signInWithRecovery({ file: text });
+        }
+        // Now plant a JWT for a DIFFERENT DID in the session store.
+        let jwt = {
+            session: "j",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zSomeoneElse",
+            handle: "someone",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => jwt,
+            set: (s) => {
+                jwt = s;
+            },
+            clear: () => {
+                jwt = null;
+            },
+        };
+        const auth2 = makeAuth({ keyStore, sessionStore });
+        await auth2.resume();
+        assert.equal(jwt, null, "mismatched JWT must be wiped");
+        // Owner is preserved (it's the source of truth in strict mode).
+        assert.equal(auth2.canSignAsOwner(), true);
+        assert.equal(auth2.getOwnerInfo()?.handle, "alice");
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — signOut                                                      */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signOut", () => {
+    it("wipes both stores and in-memory state", async () => {
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore });
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        const dt = delegateBundleText({
+            mandateId: "mandate:X",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:x",
+        });
+        await auth.importMandate({ bundle: dt });
+        await auth.signOut();
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.getOwnerInfo(), null);
+        assert.equal(auth.getDelegates().length, 0);
+        assert.equal(await keyStore.loadOwner(), null);
+        assert.equal((await keyStore.listDelegates()).length, 0);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  Helpers                                                                   */
+/* -------------------------------------------------------------------------- */
+function bytesToHex(b) {
+    let out = "";
+    for (let i = 0; i < b.length; i++)
+        out += b[i].toString(16).padStart(2, "0");
+    return out;
+}
+//# sourceMappingURL=auth-j3.test.js.map

package/dist/test/compute-delegate-path.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=compute-delegate-path.test.d.ts.map