@aithos/sdk 0.1.0-alpha.4 → 0.1.0-alpha.6

package/dist/src/compute.d.ts

@@ -1,4 +1,4 @@
-import { type BrowserIdentity } from "@aithos/protocol-client";
+import type { AithosAuth } from "./auth.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
 export interface ComputeMessage {
     readonly role: "user" | "assistant";
@@ -45,15 +45,16 @@ export interface InvokeBedrockResult {
     readonly auditId: string;
 }
 export interface ComputeNamespaceDeps {
-    readonly identity: BrowserIdentity;
+    readonly auth: AithosAuth;
     readonly appDid: string;
     readonly endpoints: AithosSdkEndpoints;
     readonly fetch: typeof fetch;
 }
 /**
  * `sdk.compute` namespace. Constructed once by the {@link AithosSDK}
- * constructor; all calls share the SDK's identity, app DID, and endpoint
- * configuration.
+ * constructor; reads the active owner from the supplied
+ * {@link AithosAuth} on every call so signing material follows the
+ * latest sign-in/sign-out state.
  */
 export declare class ComputeNamespace {
     #private;
@@ -63,8 +64,9 @@ export declare class ComputeNamespace {
      * {@link InvokeBedrockArgs} and {@link InvokeBedrockResult}.
      *
      * @throws {AithosSDKError} on protocol errors. The `code` field is one of
-     *   `network`, `http`, `empty`, or any code returned by the proxy
-     *   (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`, …).
+     *   `sdk_no_owner`, `network`, `http`, `empty`, or any code returned by
+     *   the proxy (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`,
+     *   …).
      */
     invokeBedrock(args: InvokeBedrockArgs): Promise<InvokeBedrockResult>;
 }

package/dist/src/compute.js

@@ -4,8 +4,8 @@
 //
 // Wraps the JSON-RPC + signed-envelope protocol of `compute.aithos.be`
 // behind an ergonomic method on the SDK. Internally builds a §11 envelope
-// signed with the user's public-sphere key and posts it to
-// `${compute}/v1/invoke`.
+// signed with the user's public-sphere key (read from
+// {@link AithosAuth} at call time) and posts it to `${compute}/v1/invoke`.
 //
 // Server-side guarantees (enforced by the proxy, not by this lib):
 //   - Envelope signature verified against the user's `did.json`.
@@ -16,13 +16,15 @@
 //
 // MVP scope: single-shot invocation. Multi-turn agentic loops (with native
 // tool calling on the proxy) will land in a follow-up.
-import { buildSignedEnvelope, } from "@aithos/protocol-client";
+import { buildSignedEnvelope } from "@aithos/protocol-client";
 import { computeInvokeUrl, } from "./endpoints.js";
+import { ownerKeyPair } from "./internal/protocol-client-bridge.js";
 import { AithosSDKError } from "./types.js";
 /**
  * `sdk.compute` namespace. Constructed once by the {@link AithosSDK}
- * constructor; all calls share the SDK's identity, app DID, and endpoint
- * configuration.
+ * constructor; reads the active owner from the supplied
+ * {@link AithosAuth} on every call so signing material follows the
+ * latest sign-in/sign-out state.
  */
 export class ComputeNamespace {
     #deps;
@@ -34,11 +36,17 @@ export class ComputeNamespace {
      * {@link InvokeBedrockArgs} and {@link InvokeBedrockResult}.
      *
      * @throws {AithosSDKError} on protocol errors. The `code` field is one of
-     *   `network`, `http`, `empty`, or any code returned by the proxy
-     *   (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`, …).
+     *   `sdk_no_owner`, `network`, `http`, `empty`, or any code returned by
+     *   the proxy (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`,
+     *   …).
      */
     async invokeBedrock(args) {
-        const { identity, appDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const { auth, appDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        if (!owner || owner.destroyed) {
+            throw new AithosSDKError("sdk_no_owner", "no owner signed in; sign in via auth.signIn / signUp / signInWithGoogle / signInWithRecovery first");
+        }
+        const publicKp = ownerKeyPair(owner, "public");
         const url = computeInvokeUrl(endpoints);
         const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
         const params = {
@@ -55,12 +63,12 @@ export class ComputeNamespace {
         if (args.temperature !== undefined)
             params.temperature = args.temperature;
         const envelope = buildSignedEnvelope({
-            iss: identity.did,
+            iss: owner.did,
             aud: url,
             method: "aithos.compute_invoke",
-            verificationMethod: `${identity.did}#public`,
+            verificationMethod: `${owner.did}#public`,
             params,
-            signer: identity.public,
+            signer: publicKp,
         });
         let res;
         try {

package/dist/src/ethos.d.ts

@@ -1,2 +1,118 @@
-export { parsePublicZone, type ParsedZone, loadEditSnapshot, publishZoneEdit, publishPublicZoneAsDelegate, publishPrivateZoneAsDelegate, type EditSnapshot, type AddSectionInput, type ModifySectionInput, type PublishEditArgs, type PublishEditResult, addSectionToList, modifySectionInList, deleteSectionFromList, buildSignedFirstEdition, buildSignedNextEdition, type ZoneDoc, type ZoneManifest, type Section, SPHERES, type Sphere, } from "@aithos/protocol-client";
+import { type Section } from "@aithos/protocol-client";
+import type { AithosAuth } from "./auth.js";
+import type { AithosSdkEndpoints } from "./endpoints.js";
+import type { DelegateActor } from "./internal/delegate-state.js";
+import type { OwnerSigners } from "./internal/owner-signers.js";
+export type ZoneName = "public" | "circle" | "self";
+export declare const ZONE_NAMES: readonly ZoneName[];
+export interface AddSectionInput {
+    readonly title: string;
+    readonly body: string;
+    readonly tags?: readonly string[];
+}
+export interface UpdateSectionPatch {
+    readonly title?: string;
+    readonly body?: string;
+    readonly tags?: readonly string[];
+}
+export type StagedChange = {
+    readonly kind: "add";
+    readonly zone: ZoneName;
+    readonly section: Section;
+} | {
+    readonly kind: "update";
+    readonly zone: ZoneName;
+    readonly sectionId: string;
+    readonly patch: UpdateSectionPatch;
+} | {
+    readonly kind: "delete";
+    readonly zone: ZoneName;
+    readonly sectionId: string;
+};
+export interface PublishResult {
+    /** New manifest height after publish. */
+    readonly editionHeight: number;
+    /** SHA-256 hex of the canonical manifest. */
+    readonly manifestHash: string;
+    /** DID of the subject we published for. */
+    readonly subjectDid: string;
+    /** Zones whose contents changed in this edition. */
+    readonly zonesPublished: readonly ZoneName[];
+}
+type ActorOwner = {
+    readonly kind: "owner";
+    readonly subjectDid: string;
+    readonly signers: OwnerSigners;
+};
+type ActorDelegate = {
+    readonly kind: "delegate";
+    readonly subjectDid: string;
+    readonly actor: DelegateActor;
+};
+type ActorAnonymous = {
+    readonly kind: "anonymous";
+    readonly subjectDid: string;
+};
+type Actor = ActorOwner | ActorDelegate | ActorAnonymous;
+export declare class EthosClient {
+    #private;
+    readonly subjectDid: string;
+    readonly mode: Actor["kind"];
+    constructor(actor: Actor);
+    /** Return the per-zone proxy. */
+    zone(name: ZoneName): EthosZone;
+    hasPendingChanges(): boolean;
+    pendingChanges(): readonly StagedChange[];
+    discard(): void;
+    /**
+     * Build and publish a new edition with all staged mutations applied.
+     * Throws if there's nothing staged. After a successful publish, the
+     * mutation buffer is cleared and any cached snapshot is invalidated
+     * so the next read picks up the fresh edition.
+     */
+    publish(): Promise<PublishResult>;
+    _readZone(zone: ZoneName): Promise<readonly Section[]>;
+    _stageAdd(zone: ZoneName, input: AddSectionInput): void;
+    _stageUpdate(zone: ZoneName, sectionId: string, patch: UpdateSectionPatch): void;
+    _stageDelete(zone: ZoneName, sectionId: string): void;
+}
+export declare class EthosZone {
+    #private;
+    constructor(parent: EthosClient, name: ZoneName);
+    get name(): ZoneName;
+    /** Effective sections (persisted + staged mutations applied). */
+    sections(): Promise<readonly Section[]>;
+    addSection(input: AddSectionInput): void;
+    updateSection(sectionId: string, patch: UpdateSectionPatch): void;
+    deleteSection(sectionId: string): void;
+}
+export interface EthosNamespaceDeps {
+    readonly auth: AithosAuth;
+    readonly endpoints: AithosSdkEndpoints;
+    readonly fetch: typeof fetch;
+}
+export declare class EthosNamespace {
+    #private;
+    constructor(deps: EthosNamespaceDeps);
+    /**
+     * EthosClient for the currently signed-in owner. Throws if there is
+     * no owner — callers should check `auth.canSignAsOwner()` first or
+     * surface the error to the user as "please sign in".
+     */
+    me(): EthosClient;
+    /**
+     * EthosClient for an arbitrary subject DID. The mode is resolved at
+     * construction time:
+     *   - if `did` matches the currently signed-in owner → owner mode
+     *   - else if a mandate held by `auth` covers this subject → delegate mode
+     *   - else → anonymous read-only mode
+     *
+     * Async signature so future implementations may do an eager manifest
+     * fetch (e.g. to fail fast on unknown DIDs); today resolution is sync
+     * and the actual fetch happens on the first `sections()` / `publish()`
+     * call.
+     */
+    of(did: string): Promise<EthosClient>;
+}
+export {};
 //# sourceMappingURL=ethos.d.ts.map

package/dist/src/ethos.js

@@ -1,21 +1,422 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2026 Mathieu Colla
-// Ethos namespace — re-exports of `@aithos/protocol-client` ethos primitives.
+// `sdk.ethos` namespace — high-level ethos editing.
 //
-// The SDK exposes these so app developers don't need a direct dependency on
-// `@aithos/protocol-client` for the common operations: parsing zone
-// markdown, composing zone documents, building signed editions of the
-// user's ethos.
+// Lazy + commit pattern:
 //
-// The full protocol-client API surface remains available for advanced cases
-// — `import { … } from "@aithos/protocol-client"` is fully supported.
-export { 
-// Zone parser — public-zone markdown → sections.
-parsePublicZone, 
-// Editor — high-level load / mutate / publish flow.
-loadEditSnapshot, publishZoneEdit, publishPublicZoneAsDelegate, publishPrivateZoneAsDelegate, addSectionToList, modifySectionInList, deleteSectionFromList, 
-// Manifest builders — sign editions of the public, circle, or self zones.
-buildSignedFirstEdition, buildSignedNextEdition, 
-// Sphere taxonomy — "public" | "circle" | "self".
-SPHERES, } from "@aithos/protocol-client";
+//   const me = sdk.ethos.me();
+//   me.zone("public").addSection({ title, body });
+//   me.zone("circle").deleteSection(id);
+//   await me.publish();   // 1 edition
+//
+// Mutations stage in memory. `sections()` / `pendingChanges()` /
+// `publish()` are the points where the snapshot is fetched (memoized
+// per zone) and the staged changes are applied on top.
+//
+// Three actor modes:
+//   - owner       — sdk.ethos.me() returns this; full access to public
+//                   + private zones using OwnerSigners
+//   - delegate    — sdk.ethos.of(did) when a mandate matches this
+//                   subject; capability bounded by mandate scopes
+//   - anonymous   — sdk.ethos.of(did) when no mandate matches; public
+//                   zone read-only, every write rejected
+//
+// The namespace stays thin: it builds an EthosClient with the right
+// actor and forwards all real work into protocol-client's
+// `loadEditSnapshot` / `publishZoneEdit` / `publishPublicZoneAsDelegate`
+// / `publishPrivateZoneAsDelegate`.
+import { addSectionToList, deleteSectionFromList, loadEditSnapshot, modifySectionInList, publishPrivateZoneAsDelegate, publishPublicZoneAsDelegate, publishZoneEdit, } from "@aithos/protocol-client";
+import { delegateKeyPair } from "./internal/protocol-client-bridge.js";
+import { AithosSDKError } from "./types.js";
+export const ZONE_NAMES = ["public", "circle", "self"];
+/* -------------------------------------------------------------------------- */
+/*  EthosClient — per-subject working buffer                                  */
+/* -------------------------------------------------------------------------- */
+export class EthosClient {
+    subjectDid;
+    mode;
+    #actor;
+    #snapshots = new Map();
+    #mutations = [];
+    constructor(actor) {
+        this.#actor = actor;
+        this.subjectDid = actor.subjectDid;
+        this.mode = actor.kind;
+    }
+    /** Return the per-zone proxy. */
+    zone(name) {
+        if (!ZONE_NAMES.includes(name)) {
+            throw new AithosSDKError("ethos_invalid_zone", `unknown zone "${String(name)}"`);
+        }
+        return new EthosZone(this, name);
+    }
+    hasPendingChanges() {
+        return this.#mutations.length > 0;
+    }
+    pendingChanges() {
+        return this.#mutations.slice();
+    }
+    discard() {
+        this.#mutations = [];
+    }
+    /**
+     * Build and publish a new edition with all staged mutations applied.
+     * Throws if there's nothing staged. After a successful publish, the
+     * mutation buffer is cleared and any cached snapshot is invalidated
+     * so the next read picks up the fresh edition.
+     */
+    async publish() {
+        if (this.#actor.kind === "anonymous") {
+            throw new AithosSDKError("ethos_anonymous_cannot_publish", "anonymous reader has no signing capability");
+        }
+        if (this.#mutations.length === 0) {
+            throw new AithosSDKError("ethos_nothing_to_publish", "no staged mutations; call addSection / updateSection / deleteSection first");
+        }
+        // Compute effective sections per zone, but only for zones that
+        // actually have staged mutations. Zones without staged changes
+        // roll forward by reusing protocol-client's existing bytes.
+        const touched = new Set(this.#mutations.map((m) => m.zone));
+        // Owner-side path is the most common: owner can write any zone they
+        // have staged mutations for. Build everything we need then call
+        // publishZoneEdit once.
+        if (this.#actor.kind === "owner") {
+            // Need the snapshot regardless — we read base sections + zoneBytes.
+            const snap = await this.#ensureSnapshotOwner();
+            const newPublic = touched.has("public")
+                ? this.#applyMutations("public", snap.publicSections)
+                : undefined;
+            const newCircle = touched.has("circle")
+                ? this.#applyMutations("circle", snap.circleSections ?? [])
+                : undefined;
+            const newSelf = touched.has("self")
+                ? this.#applyMutations("self", snap.selfSections ?? [])
+                : undefined;
+            const identity = this.#actor.signers._unsafeStoredIdentity();
+            try {
+                const result = await publishZoneEdit({
+                    identity,
+                    snapshot: snap,
+                    // protocol-client's publishZoneEdit always wants newPublic; if we
+                    // didn't touch public we re-publish the existing public sections.
+                    newPublicSections: newPublic ?? snap.publicSections,
+                    ...(newCircle ? { newCircleSections: newCircle } : {}),
+                    ...(newSelf ? { newSelfSections: newSelf } : {}),
+                });
+                this.#afterPublish();
+                return projectPublishResult(result.manifest, this.subjectDid, [
+                    ...touched,
+                ]);
+            }
+            finally {
+                // identity holds raw seeds via reference; not our copy to zeroize
+                // (the underlying seeds live in the OwnerSigners' private fields).
+                // Drop our reference to the temporary StoredIdentity object.
+                void identity;
+            }
+        }
+        // Delegate path. Per-zone scope check + per-zone protocol-client
+        // function. For a multi-zone delegate publish we'd need to call
+        // multiple endpoints; we iterate zones, calling the right primitive.
+        if (this.#actor.kind === "delegate") {
+            const actor = this.#actor.actor;
+            const stored = delegateActorToStored(actor);
+            // Validate scopes upfront.
+            for (const zone of touched) {
+                const required = `ethos.write.${zone}`;
+                const scopes = actor.mandate["scopes"] ?? [];
+                if (!Array.isArray(scopes) || !scopes.includes(required)) {
+                    throw new AithosSDKError("ethos_delegate_scope_missing", `delegate mandate does not grant ${required}`, { data: { mandateId: actor.mandateId, scopes } });
+                }
+            }
+            const snap = await this.#ensureSnapshotDelegate();
+            // Public-zone update — use publishPublicZoneAsDelegate.
+            if (touched.has("public")) {
+                const newPublic = this.#applyMutations("public", snap.publicSections);
+                await publishPublicZoneAsDelegate({
+                    delegate: stored,
+                    snapshot: snap,
+                    newPublicSections: newPublic,
+                });
+            }
+            // Private zones — one publishPrivateZoneAsDelegate call each.
+            for (const zone of ["circle", "self"]) {
+                if (!touched.has(zone))
+                    continue;
+                const base = (zone === "circle"
+                    ? snap.circleSections
+                    : snap.selfSections) ?? [];
+                const newSections = this.#applyMutations(zone, base);
+                await publishPrivateZoneAsDelegate({
+                    delegate: stored,
+                    snapshot: snap,
+                    zone,
+                    newSections,
+                });
+            }
+            this.#afterPublish();
+            // We don't have a single "manifest" to project from since each call
+            // returned its own. Use the last touched call's snapshot as the
+            // base for height — fetch fresh on next read anyway.
+            return {
+                editionHeight: snap.manifest.edition.height + 1,
+                manifestHash: "", // not surfaced by protocol-client today on the delegate path
+                subjectDid: this.subjectDid,
+                zonesPublished: [...touched],
+            };
+        }
+        // Unreachable — anonymous case returned earlier.
+        throw new AithosSDKError("ethos_invalid_actor", "unsupported actor for publish()");
+    }
+    /* ------------------------------------------------------------------------ */
+    /*  Internal — snapshot management                                          */
+    /* ------------------------------------------------------------------------ */
+    async _readZone(zone) {
+        if (this.#actor.kind === "anonymous") {
+            if (zone !== "public") {
+                throw new AithosSDKError("ethos_anonymous_private_zone", `anonymous reader cannot access the "${zone}" zone`);
+            }
+            const snap = await this.#ensureSnapshotAnonymous();
+            const base = snap.publicSections;
+            return this.#applyMutations(zone, base);
+        }
+        if (this.#actor.kind === "owner") {
+            const snap = await this.#ensureSnapshotOwner();
+            const base = baseSectionsFromSnapshot(snap, zone);
+            // Surface decryption errors clearly (if reading a private zone we
+            // can't unwrap, the snapshot has it in zoneDecryptErrors).
+            if (zone !== "public" && snap.zoneDecryptErrors?.[zone]) {
+                throw new AithosSDKError("ethos_zone_unreadable", `cannot read ${zone}: ${snap.zoneDecryptErrors[zone]}`);
+            }
+            return this.#applyMutations(zone, base);
+        }
+        // Delegate
+        const snap = await this.#ensureSnapshotDelegate();
+        const base = baseSectionsFromSnapshot(snap, zone);
+        if (zone !== "public" && snap.zoneDecryptErrors?.[zone]) {
+            throw new AithosSDKError("ethos_zone_unreadable", `cannot read ${zone}: ${snap.zoneDecryptErrors[zone]}`);
+        }
+        return this.#applyMutations(zone, base);
+    }
+    _stageAdd(zone, input) {
+        if (this.#actor.kind === "anonymous") {
+            throw new AithosSDKError("ethos_anonymous_write", "anonymous reader cannot stage mutations");
+        }
+        const section = {
+            id: "sec_" + randomHex(12),
+            title: input.title,
+            body: input.body,
+            gamma_ref: "gamma_none_" + randomHex(24),
+            ...(input.tags && input.tags.length > 0 ? { tags: input.tags } : {}),
+        };
+        this.#mutations.push({ kind: "add", zone, section });
+    }
+    _stageUpdate(zone, sectionId, patch) {
+        if (this.#actor.kind === "anonymous") {
+            throw new AithosSDKError("ethos_anonymous_write", "anonymous reader cannot stage mutations");
+        }
+        this.#mutations.push({ kind: "update", zone, sectionId, patch });
+    }
+    _stageDelete(zone, sectionId) {
+        if (this.#actor.kind === "anonymous") {
+            throw new AithosSDKError("ethos_anonymous_write", "anonymous reader cannot stage mutations");
+        }
+        this.#mutations.push({ kind: "delete", zone, sectionId });
+    }
+    /** Apply staged mutations for a zone on top of base sections. */
+    #applyMutations(zone, base) {
+        let acc = base;
+        for (const m of this.#mutations) {
+            if (m.zone !== zone)
+                continue;
+            switch (m.kind) {
+                case "add":
+                    acc = addSectionToList(acc, {
+                        title: m.section.title,
+                        body: m.section.body,
+                        ...(m.section.tags ? { tags: m.section.tags } : {}),
+                    });
+                    break;
+                case "update":
+                    acc = modifySectionInList(acc, {
+                        sectionId: m.sectionId,
+                        ...(m.patch.title !== undefined ? { title: m.patch.title } : {}),
+                        ...(m.patch.body !== undefined ? { body: m.patch.body } : {}),
+                        ...(m.patch.tags !== undefined ? { tags: m.patch.tags } : {}),
+                    });
+                    break;
+                case "delete":
+                    acc = deleteSectionFromList(acc, m.sectionId);
+                    break;
+            }
+        }
+        return acc;
+    }
+    async #ensureSnapshotOwner() {
+        const cached = this.#snapshots.get("public");
+        if (cached)
+            return cached;
+        if (this.#actor.kind !== "owner") {
+            throw new AithosSDKError("ethos_invalid_actor", "expected owner actor");
+        }
+        const identity = this.#actor.signers._unsafeStoredIdentity();
+        const snap = await loadEditSnapshot(this.subjectDid, identity);
+        this.#cacheSnapshotAllZones(snap);
+        return snap;
+    }
+    async #ensureSnapshotDelegate() {
+        const cached = this.#snapshots.get("public");
+        if (cached)
+            return cached;
+        if (this.#actor.kind !== "delegate") {
+            throw new AithosSDKError("ethos_invalid_actor", "expected delegate actor");
+        }
+        const stored = delegateActorToStored(this.#actor.actor);
+        const snap = await loadEditSnapshot(this.subjectDid, undefined, stored);
+        this.#cacheSnapshotAllZones(snap);
+        return snap;
+    }
+    async #ensureSnapshotAnonymous() {
+        const cached = this.#snapshots.get("public");
+        if (cached)
+            return cached;
+        const snap = await loadEditSnapshot(this.subjectDid);
+        this.#cacheSnapshotAllZones(snap);
+        return snap;
+    }
+    #cacheSnapshotAllZones(snap) {
+        for (const z of ZONE_NAMES)
+            this.#snapshots.set(z, snap);
+    }
+    #afterPublish() {
+        this.#mutations = [];
+        this.#snapshots.clear();
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  EthosZone — per-zone proxy                                                */
+/* -------------------------------------------------------------------------- */
+export class EthosZone {
+    #parent;
+    #name;
+    constructor(parent, name) {
+        this.#parent = parent;
+        this.#name = name;
+    }
+    get name() {
+        return this.#name;
+    }
+    /** Effective sections (persisted + staged mutations applied). */
+    async sections() {
+        return this.#parent._readZone(this.#name);
+    }
+    addSection(input) {
+        this.#parent._stageAdd(this.#name, input);
+    }
+    updateSection(sectionId, patch) {
+        this.#parent._stageUpdate(this.#name, sectionId, patch);
+    }
+    deleteSection(sectionId) {
+        this.#parent._stageDelete(this.#name, sectionId);
+    }
+}
+export class EthosNamespace {
+    #deps;
+    constructor(deps) {
+        this.#deps = deps;
+    }
+    /**
+     * EthosClient for the currently signed-in owner. Throws if there is
+     * no owner — callers should check `auth.canSignAsOwner()` first or
+     * surface the error to the user as "please sign in".
+     */
+    me() {
+        const signers = this.#deps.auth._getOwnerSigners();
+        if (!signers || signers.destroyed) {
+            throw new AithosSDKError("ethos_no_owner", "no owner signed in; sign in with email/password, Google, or a recovery file first");
+        }
+        return new EthosClient({
+            kind: "owner",
+            subjectDid: signers.did,
+            signers,
+        });
+    }
+    /**
+     * EthosClient for an arbitrary subject DID. The mode is resolved at
+     * construction time:
+     *   - if `did` matches the currently signed-in owner → owner mode
+     *   - else if a mandate held by `auth` covers this subject → delegate mode
+     *   - else → anonymous read-only mode
+     *
+     * Async signature so future implementations may do an eager manifest
+     * fetch (e.g. to fail fast on unknown DIDs); today resolution is sync
+     * and the actual fetch happens on the first `sections()` / `publish()`
+     * call.
+     */
+    async of(did) {
+        const owner = this.#deps.auth._getOwnerSigners();
+        if (owner && !owner.destroyed && owner.did === did) {
+            return new EthosClient({
+                kind: "owner",
+                subjectDid: did,
+                signers: owner,
+            });
+        }
+        const delegate = this.#deps.auth._findDelegateForSubject(did);
+        if (delegate && !delegate.destroyed) {
+            return new EthosClient({
+                kind: "delegate",
+                subjectDid: did,
+                actor: delegate,
+            });
+        }
+        return new EthosClient({ kind: "anonymous", subjectDid: did });
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  Helpers                                                                   */
+/* -------------------------------------------------------------------------- */
+function baseSectionsFromSnapshot(snap, zone) {
+    switch (zone) {
+        case "public":
+            return snap.publicSections;
+        case "circle":
+            return snap.circleSections ?? [];
+        case "self":
+            return snap.selfSections ?? [];
+    }
+}
+function delegateActorToStored(a) {
+    const kp = delegateKeyPair(a);
+    let hex = "";
+    for (let i = 0; i < kp.seed.length; i++) {
+        hex += kp.seed[i].toString(16).padStart(2, "0");
+    }
+    return {
+        version: "0.1.0",
+        subjectDid: a.subjectDid,
+        mandate: a.mandate,
+        mandateId: a.mandateId,
+        granteeId: a.granteeId,
+        granteePubkeyMultibase: a.granteePubkeyMultibase,
+        delegateSeedHex: hex,
+        importedAt: new Date().toISOString(),
+    };
+}
+function projectPublishResult(manifest, subjectDid, zones) {
+    return {
+        editionHeight: manifest.edition.height,
+        manifestHash: manifest.bundle_id ?? "",
+        subjectDid,
+        zonesPublished: zones,
+    };
+}
+function randomHex(n) {
+    const bytes = new Uint8Array(Math.ceil(n / 2));
+    crypto.getRandomValues(bytes);
+    let hex = "";
+    for (let i = 0; i < bytes.length; i++) {
+        hex += bytes[i].toString(16).padStart(2, "0");
+    }
+    return hex.slice(0, n);
+}
 //# sourceMappingURL=ethos.js.map