@antseed/node 0.1.0 → 0.1.1

package/src/config/encryption.ts

@@ -1,53 +0,0 @@
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto'
-import { hostname, homedir } from 'node:os'
-
-const ALGORITHM = 'aes-256-gcm'
-const SALT_LENGTH = 32
-const IV_LENGTH = 16
-const TAG_LENGTH = 16
-const KEY_LENGTH = 32
-
-/**
- * Derive an encryption key from a machine-specific seed.
- */
-export function deriveMachineKey(salt: Buffer): Buffer {
-  const seed = [
-    process.env['USER'] ?? process.env['USERNAME'] ?? '',
-    hostname(),
-    homedir(),
-  ].join(':')
-  return scryptSync(seed, salt, KEY_LENGTH)
-}
-
-/**
- * Encrypt a string value. Returns base64-encoded ciphertext with IV and auth tag prepended.
- */
-export function encryptValue(plaintext: string, key: Buffer): string {
-  const iv = randomBytes(IV_LENGTH)
-  const cipher = createCipheriv(ALGORITHM, key, iv)
-  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()])
-  const tag = cipher.getAuthTag()
-  const combined = Buffer.concat([iv, tag, encrypted])
-  return combined.toString('base64')
-}
-
-/**
- * Decrypt a base64-encoded value produced by encryptValue.
- */
-export function decryptValue(encoded: string, key: Buffer): string {
-  const combined = Buffer.from(encoded, 'base64')
-  const iv = combined.subarray(0, IV_LENGTH)
-  const tag = combined.subarray(IV_LENGTH, IV_LENGTH + TAG_LENGTH)
-  const ciphertext = combined.subarray(IV_LENGTH + TAG_LENGTH)
-  const decipher = createDecipheriv(ALGORITHM, key, iv)
-  decipher.setAuthTag(tag)
-  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()])
-  return decrypted.toString('utf-8')
-}
-
-/**
- * Generate a fresh random salt for key derivation.
- */
-export function generateSalt(): Buffer {
-  return randomBytes(SALT_LENGTH)
-}

package/src/config/plugin-config-manager.test.ts

@@ -1,92 +0,0 @@
-import { describe, it, expect, beforeEach } from 'vitest'
-import { mkdtemp, rm } from 'node:fs/promises'
-import { tmpdir } from 'node:os'
-import { join } from 'node:path'
-import { addInstance, removeInstance, getInstance, getInstances, updateInstanceConfig, loadPluginConfig } from './plugin-config-manager.js'
-import type { ConfigField } from '../interfaces/plugin.js'
-
-const schema: ConfigField[] = [
-  { key: 'API_KEY', label: 'API Key', type: 'secret', required: true },
-  { key: 'BASE_URL', label: 'Base URL', type: 'string', required: false },
-]
-
-describe('plugin-config-manager', () => {
-  let tmpDir: string
-  let configPath: string
-
-  beforeEach(async () => {
-    tmpDir = await mkdtemp(join(tmpdir(), 'antseed-test-'))
-    configPath = join(tmpDir, 'config.json')
-  })
-
-  it('should add and retrieve an instance', async () => {
-    await addInstance(configPath, {
-      id: 'test-provider',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: { API_KEY: 'sk-secret-123', BASE_URL: 'https://api.test.com' },
-    }, schema)
-
-    const instance = await getInstance(configPath, 'test-provider')
-    expect(instance).not.toBeNull()
-    expect(instance!.id).toBe('test-provider')
-    expect(instance!.config['API_KEY']).toBe('sk-secret-123')
-    expect(instance!.config['BASE_URL']).toBe('https://api.test.com')
-  })
-
-  it('should encrypt secrets in the file', async () => {
-    await addInstance(configPath, {
-      id: 'test',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: { API_KEY: 'sk-secret', BASE_URL: 'https://api.test.com' },
-    }, schema)
-
-    const raw = await loadPluginConfig(configPath)
-    const stored = raw.instances[0]!.config
-    // Secret should be encrypted (prefixed with enc:)
-    expect(typeof stored['API_KEY']).toBe('string')
-    expect((stored['API_KEY'] as string).startsWith('enc:')).toBe(true)
-    // Non-secret should be plain
-    expect(stored['BASE_URL']).toBe('https://api.test.com')
-  })
-
-  it('should remove an instance', async () => {
-    await addInstance(configPath, {
-      id: 'to-remove',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: {},
-    })
-    await removeInstance(configPath, 'to-remove')
-    const instance = await getInstance(configPath, 'to-remove')
-    expect(instance).toBeNull()
-  })
-
-  it('should list all instances', async () => {
-    await addInstance(configPath, { id: 'a', package: 'pkg-a', type: 'provider', config: {} })
-    await addInstance(configPath, { id: 'b', package: 'pkg-b', type: 'router', config: {} })
-    const all = await getInstances(configPath)
-    expect(all).toHaveLength(2)
-    expect(all.map(i => i.id)).toEqual(['a', 'b'])
-  })
-
-  it('should update instance config', async () => {
-    await addInstance(configPath, {
-      id: 'updatable',
-      package: 'pkg',
-      type: 'provider',
-      config: { API_KEY: 'old-key' },
-    }, schema)
-
-    await updateInstanceConfig(configPath, 'updatable', { API_KEY: 'new-key' }, schema)
-    const updated = await getInstance(configPath, 'updatable')
-    expect(updated!.config['API_KEY']).toBe('new-key')
-  })
-
-  it('should reject duplicate instance IDs', async () => {
-    await addInstance(configPath, { id: 'dup', package: 'pkg', type: 'provider', config: {} })
-    await expect(addInstance(configPath, { id: 'dup', package: 'pkg', type: 'provider', config: {} }))
-      .rejects.toThrow('already exists')
-  })
-})

package/src/config/plugin-config-manager.ts

@@ -1,153 +0,0 @@
-import { readFile, writeFile, mkdir } from 'node:fs/promises'
-import { dirname } from 'node:path'
-import type { PluginInstanceConfig, PluginConfigFile } from '../types/plugin-config.js'
-import type { ConfigField } from '../interfaces/plugin.js'
-import { encryptValue, decryptValue, deriveMachineKey, generateSalt } from './encryption.js'
-
-const ENCRYPTED_PREFIX = 'enc:'
-
-function isEncrypted(value: unknown): value is string {
-  return typeof value === 'string' && value.startsWith(ENCRYPTED_PREFIX)
-}
-
-/**
- * Load plugin config file. Returns empty config if file doesn't exist.
- */
-export async function loadPluginConfig(configPath: string): Promise<PluginConfigFile> {
-  try {
-    const raw = await readFile(configPath, 'utf-8')
-    const parsed = JSON.parse(raw) as Record<string, unknown>
-    return {
-      instances: Array.isArray(parsed['instances']) ? parsed['instances'] as PluginInstanceConfig[] : [],
-      encryption: parsed['encryption'] as PluginConfigFile['encryption'],
-    }
-  } catch (err) {
-    if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
-      return { instances: [] }
-    }
-    throw err
-  }
-}
-
-/**
- * Save plugin config file. Preserves non-plugin fields.
- */
-export async function savePluginConfig(configPath: string, pluginConfig: PluginConfigFile): Promise<void> {
-  let existing: Record<string, unknown> = {}
-  try {
-    const raw = await readFile(configPath, 'utf-8')
-    existing = JSON.parse(raw) as Record<string, unknown>
-  } catch {
-    // File doesn't exist yet
-  }
-
-  const merged = {
-    ...existing,
-    instances: pluginConfig.instances,
-    ...(pluginConfig.encryption ? { encryption: pluginConfig.encryption } : {}),
-  }
-
-  await mkdir(dirname(configPath), { recursive: true })
-  await writeFile(configPath, JSON.stringify(merged, null, 2), 'utf-8')
-}
-
-function getOrCreateEncryption(config: PluginConfigFile): { key: Buffer; encryption: NonNullable<PluginConfigFile['encryption']> } {
-  if (config.encryption?.salt) {
-    const salt = Buffer.from(config.encryption.salt, 'hex')
-    return { key: deriveMachineKey(salt), encryption: config.encryption }
-  }
-  const salt = generateSalt()
-  const encryption = { algorithm: 'aes-256-gcm', kdf: 'scrypt', salt: salt.toString('hex') }
-  return { key: deriveMachineKey(salt), encryption }
-}
-
-function encryptSecrets(instanceConfig: Record<string, unknown>, key: Buffer, schema?: ConfigField[]): Record<string, unknown> {
-  const result = { ...instanceConfig }
-  const secretKeys = new Set(schema?.filter(f => f.type === 'secret').map(f => f.key) ?? [])
-  for (const [k, v] of Object.entries(result)) {
-    if (secretKeys.has(k) && typeof v === 'string' && !isEncrypted(v)) {
-      result[k] = ENCRYPTED_PREFIX + encryptValue(v, key)
-    }
-  }
-  return result
-}
-
-function decryptSecrets(instanceConfig: Record<string, unknown>, key: Buffer): Record<string, unknown> {
-  const result = { ...instanceConfig }
-  for (const [k, v] of Object.entries(result)) {
-    if (isEncrypted(v)) {
-      result[k] = decryptValue(v.slice(ENCRYPTED_PREFIX.length), key)
-    }
-  }
-  return result
-}
-
-/**
- * Add a plugin instance with encrypted secrets.
- */
-export async function addInstance(
-  configPath: string,
-  instance: PluginInstanceConfig,
-  schema?: ConfigField[],
-): Promise<void> {
-  const config = await loadPluginConfig(configPath)
-  if (config.instances.some(i => i.id === instance.id)) {
-    throw new Error(`Instance "${instance.id}" already exists`)
-  }
-  const { key, encryption } = getOrCreateEncryption(config)
-  config.encryption = encryption
-  const encrypted = { ...instance, config: encryptSecrets(instance.config, key, schema) }
-  config.instances.push(encrypted)
-  await savePluginConfig(configPath, config)
-}
-
-/**
- * Remove an instance by ID.
- */
-export async function removeInstance(configPath: string, instanceId: string): Promise<void> {
-  const config = await loadPluginConfig(configPath)
-  config.instances = config.instances.filter(i => i.id !== instanceId)
-  await savePluginConfig(configPath, config)
-}
-
-/**
- * Get a single instance with decrypted secrets.
- */
-export async function getInstance(configPath: string, instanceId: string): Promise<PluginInstanceConfig | null> {
-  const config = await loadPluginConfig(configPath)
-  const instance = config.instances.find(i => i.id === instanceId)
-  if (!instance) return null
-  if (!config.encryption?.salt) return instance
-  const salt = Buffer.from(config.encryption.salt, 'hex')
-  const key = deriveMachineKey(salt)
-  return { ...instance, config: decryptSecrets(instance.config, key) }
-}
-
-/**
- * Get all instances with decrypted secrets.
- */
-export async function getInstances(configPath: string): Promise<PluginInstanceConfig[]> {
-  const config = await loadPluginConfig(configPath)
-  if (!config.encryption?.salt) return config.instances
-  const salt = Buffer.from(config.encryption.salt, 'hex')
-  const key = deriveMachineKey(salt)
-  return config.instances.map(i => ({ ...i, config: decryptSecrets(i.config, key) }))
-}
-
-/**
- * Update config for an existing instance.
- */
-export async function updateInstanceConfig(
-  configPath: string,
-  instanceId: string,
-  newConfig: Record<string, unknown>,
-  schema?: ConfigField[],
-): Promise<void> {
-  const config = await loadPluginConfig(configPath)
-  const idx = config.instances.findIndex(i => i.id === instanceId)
-  if (idx === -1) throw new Error(`Instance "${instanceId}" not found`)
-  const { key, encryption } = getOrCreateEncryption(config)
-  config.encryption = encryption
-  config.instances[idx] = { ...config.instances[idx]!, config: encryptSecrets(newConfig, key, schema) }
-  await savePluginConfig(configPath, config)
-}

package/src/config/plugin-loader.ts

@@ -1,90 +0,0 @@
-import type { Provider } from '../interfaces/seller-provider.js'
-import type { Router } from '../interfaces/buyer-router.js'
-import type { AntseedProviderPlugin, AntseedRouterPlugin, AntseedPlugin } from '../interfaces/plugin.js'
-import { getInstances } from './plugin-config-manager.js'
-
-export interface LoadedProvider {
-  instanceId: string
-  provider: Provider
-  pluginName: string
-}
-
-export interface LoadedRouter {
-  instanceId: string
-  router: Router
-  pluginName: string
-}
-
-/**
- * Load a plugin's default export from its npm package.
- */
-export async function loadPluginModule(packageName: string, pluginsDir: string): Promise<AntseedPlugin> {
-  const { join, resolve } = await import('node:path')
-  const pluginPath = join(pluginsDir, 'node_modules', packageName, 'dist', 'index.js')
-  const resolved = resolve(pluginPath)
-
-  if (!resolved.startsWith(resolve(pluginsDir))) {
-    throw new Error(`Invalid plugin path: ${packageName}`)
-  }
-
-  let mod: { default?: unknown }
-  try {
-    mod = await import(resolved) as { default?: unknown }
-  } catch (err) {
-    const cause = err instanceof Error ? err.message : String(err)
-    throw new Error(`Plugin "${packageName}" failed to load from ${resolved}: ${cause}`)
-  }
-
-  const plugin = mod.default
-  if (!plugin || typeof plugin !== 'object') {
-    throw new Error(`Plugin "${packageName}" does not export a valid plugin object`)
-  }
-
-  const typed = plugin as { type?: string }
-  if (typed.type !== 'provider' && typed.type !== 'router') {
-    throw new Error(`Plugin "${packageName}" has invalid type: ${typed.type}`)
-  }
-
-  return plugin as AntseedPlugin
-}
-
-function instanceConfigToRecord(config: Record<string, unknown>): Record<string, string> {
-  const result: Record<string, string> = {}
-  for (const [key, value] of Object.entries(config)) {
-    if (value !== null && value !== undefined) {
-      result[key] = String(value)
-    }
-  }
-  return result
-}
-
-/**
- * Load all enabled plugin instances from config and instantiate them.
- */
-export async function loadAllPlugins(configPath: string, pluginsDir: string): Promise<{
-  providers: LoadedProvider[]
-  routers: LoadedRouter[]
-}> {
-  const instances = await getInstances(configPath)
-  const providers: LoadedProvider[] = []
-  const routers: LoadedRouter[] = []
-
-  for (const instance of instances) {
-    if (instance.enabled === false) continue
-
-    const plugin = await loadPluginModule(instance.package, pluginsDir)
-    const configRecord = instanceConfigToRecord(instance.config)
-
-    if (instance.type === 'provider' && plugin.type === 'provider') {
-      const providerPlugin = plugin as AntseedProviderPlugin
-      const provider = await providerPlugin.createProvider(configRecord)
-      providers.push({ instanceId: instance.id, provider, pluginName: plugin.name })
-    } else if (instance.type === 'router' && plugin.type === 'router') {
-      const routerPlugin = plugin as AntseedRouterPlugin
-      const router = await routerPlugin.createRouter(configRecord)
-      routers.push({ instanceId: instance.id, router, pluginName: plugin.name })
-    }
-  }
-
-  return { providers, routers }
-}

package/src/discovery/announcer.ts

@@ -1,169 +0,0 @@
-import type { Identity } from "../p2p/identity.js";
-import { signData } from "../p2p/identity.js";
-import type { DHTNode } from "./dht-node.js";
-import { providerTopic, capabilityTopic, topicToInfoHash } from "./dht-node.js";
-import type { PeerOffering } from "../types/capability.js";
-import type { PeerMetadata, ProviderAnnouncement } from "./peer-metadata.js";
-import { METADATA_VERSION } from "./peer-metadata.js";
-import { encodeMetadataForSigning } from "./metadata-codec.js";
-import { debugWarn } from "../utils/debug.js";
-import { bytesToHex } from "../utils/hex.js";
-import type { BaseEscrowClient } from "../payments/evm/escrow-client.js";
-import { identityToEvmAddress } from "../payments/evm/keypair.js";
-
-export interface AnnouncerConfig {
-  identity: Identity;
-  dht: DHTNode;
-  providers: Array<{
-    provider: string;
-    models: string[];
-    maxConcurrency: number;
-  }>;
-  region: string;
-  pricing: Map<
-    string,
-    {
-      defaults: { inputUsdPerMillion: number; outputUsdPerMillion: number };
-      models?: Record<string, { inputUsdPerMillion: number; outputUsdPerMillion: number }>;
-    }
-  >;
-  offerings?: PeerOffering[];
-  stakeAmountUSDC?: number;
-  trustScore?: number;
-  escrowClient?: BaseEscrowClient;
-  reannounceIntervalMs: number;
-  signalingPort: number;
-}
-
-export class PeerAnnouncer {
-  private readonly config: AnnouncerConfig;
-  private intervalHandle: ReturnType<typeof setInterval> | null = null;
-  private readonly loadMap: Map<string, number> = new Map();
-  private _latestMetadata: PeerMetadata | null = null;
-
-  constructor(config: AnnouncerConfig) {
-    this.config = config;
-  }
-
-  async announce(): Promise<void> {
-    const providers: ProviderAnnouncement[] = this.config.providers.map((p) => {
-      const pricing = this.config.pricing.get(p.provider) ?? {
-        defaults: {
-          inputUsdPerMillion: 0,
-          outputUsdPerMillion: 0,
-        },
-      };
-      return {
-        provider: p.provider,
-        models: p.models,
-        defaultPricing: pricing.defaults,
-        ...(pricing.models ? { modelPricing: pricing.models } : {}),
-        maxConcurrency: p.maxConcurrency,
-        currentLoad: this.loadMap.get(p.provider) ?? 0,
-      };
-    });
-
-    const metadata: PeerMetadata = {
-      peerId: this.config.identity.peerId,
-      version: METADATA_VERSION,
-      providers,
-      ...(this.config.offerings && this.config.offerings.length > 0
-        ? { offerings: this.config.offerings }
-        : {}),
-      ...(this.config.stakeAmountUSDC != null
-        ? { stakeAmountUSDC: this.config.stakeAmountUSDC }
-        : {}),
-      ...(this.config.trustScore != null
-        ? { trustScore: this.config.trustScore }
-        : {}),
-      region: this.config.region,
-      timestamp: Date.now(),
-      signature: "",
-    };
-
-    // Populate EVM address and on-chain reputation if escrow client is available
-    if (this.config.escrowClient) {
-      try {
-        const evmAddress = identityToEvmAddress(this.config.identity);
-        metadata.evmAddress = evmAddress;
-        const reputation = await this.config.escrowClient.getReputation(evmAddress);
-        metadata.onChainReputation = reputation.weightedAverage;
-        metadata.onChainSessionCount = reputation.sessionCount;
-        metadata.onChainDisputeCount = reputation.disputeCount;
-      } catch {
-        // Silently continue without reputation data
-      }
-    }
-
-    // Sign metadata
-    const dataToSign = encodeMetadataForSigning(metadata);
-    const signature = await signData(
-      this.config.identity.privateKey,
-      dataToSign
-    );
-    metadata.signature = bytesToHex(signature);
-    this._latestMetadata = metadata;
-
-    // Announce under each provider topic (continue on failure)
-    for (const p of providers) {
-      try {
-        const topic = providerTopic(p.provider);
-        const infoHash = topicToInfoHash(topic);
-        await this.config.dht.announce(infoHash, this.config.signalingPort);
-      } catch {
-        // DHT may not have peers yet — will retry on next cycle
-      }
-    }
-
-    // Also announce under the wildcard topic for generic discovery
-    try {
-      const wildcardInfoHash = topicToInfoHash(providerTopic("*"));
-      await this.config.dht.announce(wildcardInfoHash, this.config.signalingPort);
-    } catch {
-      // DHT may not have peers yet — will retry on next cycle
-    }
-
-    // Announce under each capability topic
-    if (this.config.offerings) {
-      for (const offering of this.config.offerings) {
-        try {
-          const topic = capabilityTopic(offering.capability, offering.name);
-          const infoHash = topicToInfoHash(topic);
-          await this.config.dht.announce(infoHash, this.config.signalingPort);
-        } catch {
-          // DHT may not have peers yet — will retry on next cycle
-        }
-      }
-    }
-  }
-
-  startPeriodicAnnounce(): void {
-    if (this.intervalHandle) {
-      return;
-    }
-    // Announce immediately, then on interval
-    void this.announce().catch((err) => {
-      debugWarn(`[Announcer] Initial announce failed: ${err instanceof Error ? err.message : err}`);
-    });
-    this.intervalHandle = setInterval(() => {
-      void this.announce().catch((err) => {
-        debugWarn(`[Announcer] Periodic announce failed: ${err instanceof Error ? err.message : err}`);
-      });
-    }, this.config.reannounceIntervalMs);
-  }
-
-  stopPeriodicAnnounce(): void {
-    if (this.intervalHandle) {
-      clearInterval(this.intervalHandle);
-      this.intervalHandle = null;
-    }
-  }
-
-  updateLoad(providerName: string, currentLoad: number): void {
-    this.loadMap.set(providerName, currentLoad);
-  }
-
-  getLatestMetadata(): PeerMetadata | null {
-    return this._latestMetadata;
-  }
-}

package/src/discovery/bootstrap.ts

@@ -1,57 +0,0 @@
-export interface BootstrapNode {
-  host: string;
-  port: number;
-  label?: string;
-}
-
-export const OFFICIAL_BOOTSTRAP_NODES: BootstrapNode[] = [
-  { host: "router.bittorrent.com", port: 6881, label: "BitTorrent" },
-  { host: "dht.transmissionbt.com", port: 6881, label: "Transmission" },
-  { host: "router.utorrent.com", port: 6881, label: "uTorrent" },
-  { host: "dht.libtorrent.org", port: 25401, label: "libtorrent" },
-  { host: "router.silotis.us", port: 6881, label: "Silotis" },
-  { host: "dht.aelitis.com", port: 6881, label: "Vuze" },
-];
-
-export function parseBootstrapList(entries: string[]): BootstrapNode[] {
-  return entries.map((entry) => {
-    const lastColon = entry.lastIndexOf(":");
-    if (lastColon === -1) {
-      throw new Error(`Invalid bootstrap entry, missing port: "${entry}"`);
-    }
-
-    const host = entry.slice(0, lastColon);
-    const portStr = entry.slice(lastColon + 1);
-    const port = parseInt(portStr, 10);
-
-    if (!Number.isFinite(port) || port < 1 || port > 65535) {
-      throw new Error(`Invalid port in bootstrap entry: "${entry}"`);
-    }
-
-    return { host, port };
-  });
-}
-
-export function mergeBootstrapNodes(
-  official: BootstrapNode[],
-  userConfigured: BootstrapNode[]
-): BootstrapNode[] {
-  const seen = new Set<string>();
-  const result: BootstrapNode[] = [];
-
-  for (const node of [...official, ...userConfigured]) {
-    const key = `${node.host}:${node.port}`;
-    if (!seen.has(key)) {
-      seen.add(key);
-      result.push(node);
-    }
-  }
-
-  return result;
-}
-
-export function toBootstrapConfig(
-  nodes: BootstrapNode[]
-): Array<{ host: string; port: number }> {
-  return nodes.map((n) => ({ host: n.host, port: n.port }));
-}

package/src/discovery/default-metadata-resolver.ts

@@ -1,18 +0,0 @@
-import type { PeerEndpoint, MetadataResolver } from "./metadata-resolver.js";
-import type { PeerMetadata } from "./peer-metadata.js";
-
-/**
- * Default fail-closed metadata resolver.
- *
- * Always returns `null`, meaning no peer metadata can be resolved.
- * This is intentional: without a real transport-specific resolver wired in,
- * no peers will pass the metadata resolution step and `findSellers()` will
- * return an empty list. Callers must supply a concrete `MetadataResolver`
- * implementation (e.g. one that fetches metadata over HTTP or a P2P channel)
- * to discover real peers.
- */
-export class DefaultMetadataResolver implements MetadataResolver {
-  async resolve(_peer: PeerEndpoint): Promise<PeerMetadata | null> {
-    return null;
-  }
-}