@aroha-sdk/core 1.0.0 → 1.2.0

package/dist/messages/types.js

@@ -0,0 +1,38 @@
+/**
+ * Aroha Protocol — Layer 3 Message Type Definitions
+ *
+ * All message types defined by the Aroha spec (aroha/1.0).
+ * These are the ONLY valid values for the "type" field in a Aroha envelope.
+ *
+ * Applications may not invent new top-level message types — they extend
+ * behavior through the "body" field only.
+ */
+// ─── Error Codes ──────────────────────────────────────────────────────────────
+export var ArohaErrorCode;
+(function (ArohaErrorCode) {
+    // Auth / access errors
+    ArohaErrorCode["Unauthorized"] = "Aroha_UNAUTHORIZED";
+    ArohaErrorCode["Forbidden"] = "Aroha_FORBIDDEN";
+    // Protocol errors
+    ArohaErrorCode["InvalidSignature"] = "Aroha_INVALID_SIGNATURE";
+    ArohaErrorCode["ExpiredMessage"] = "Aroha_EXPIRED_MESSAGE";
+    ArohaErrorCode["ReplayDetected"] = "Aroha_REPLAY_DETECTED";
+    ArohaErrorCode["UnknownCapability"] = "Aroha_UNKNOWN_CAPABILITY";
+    ArohaErrorCode["TrustLevelInsufficient"] = "Aroha_TRUST_LEVEL_INSUFFICIENT";
+    // Saga errors
+    ArohaErrorCode["ReservationFailed"] = "Aroha_RESERVATION_FAILED";
+    ArohaErrorCode["ReservationExpired"] = "Aroha_RESERVATION_EXPIRED";
+    ArohaErrorCode["CommitFailed"] = "Aroha_COMMIT_FAILED";
+    ArohaErrorCode["CancelFailed"] = "Aroha_CANCEL_FAILED";
+    ArohaErrorCode["InvalidToken"] = "Aroha_INVALID_TOKEN";
+    // Availability errors
+    ArohaErrorCode["NoInventory"] = "Aroha_NO_INVENTORY";
+    ArohaErrorCode["CapacityExceeded"] = "Aroha_CAPACITY_EXCEEDED";
+    ArohaErrorCode["ServiceUnavailable"] = "Aroha_SERVICE_UNAVAILABLE";
+    // Generic
+    ArohaErrorCode["InternalError"] = "Aroha_INTERNAL_ERROR";
+    ArohaErrorCode["InvalidParams"] = "Aroha_INVALID_PARAMS";
+    // CSN errors
+    ArohaErrorCode["CSN_NO_STRUCTURAL_MATCH"] = "CSN_NO_STRUCTURAL_MATCH";
+})(ArohaErrorCode || (ArohaErrorCode = {}));
+//# sourceMappingURL=types.js.map

package/dist/messages/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/messages/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqRH,iFAAiF;AAEjF,MAAM,CAAN,IAAY,cA8BX;AA9BD,WAAY,cAAc;IACxB,uBAAuB;IACvB,qDAA4C,CAAA;IAC5C,+CAAyC,CAAA;IAEzC,kBAAkB;IAClB,8DAAiD,CAAA;IACjD,0DAA+C,CAAA;IAC/C,0DAA+C,CAAA;IAC/C,gEAAkD,CAAA;IAClD,2EAAyD,CAAA;IAEzD,cAAc;IACd,gEAAkD,CAAA;IAClD,kEAAmD,CAAA;IACnD,sDAA6C,CAAA;IAC7C,sDAA6C,CAAA;IAC7C,sDAA6C,CAAA;IAE7C,sBAAsB;IACtB,oDAA4C,CAAA;IAC5C,8DAAiD,CAAA;IACjD,kEAAmD,CAAA;IAEnD,UAAU;IACV,wDAA8C,CAAA;IAC9C,wDAA8C,CAAA;IAE9C,aAAa;IACb,qEAAmD,CAAA;AACrD,CAAC,EA9BW,cAAc,KAAd,cAAc,QA8BzB"}

package/dist/transport/client.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Aroha Protocol — Layer 0 Transport Client
+ *
+ * Sends Aroha messages to remote agents over HTTPS.
+ * Handles streaming responses via WebSocket.
+ *
+ * This is protocol infrastructure. It does not know what the messages
+ * mean or what to do with responses — that is the orchestrator's job.
+ */
+import { type ArohaEnvelope } from "../messages/envelope.js";
+export interface ConnectionPoolConfig {
+    /**
+     * Maximum number of concurrent connections per origin (scheme+host+port).
+     * Default: 10
+     */
+    connections?: number;
+    /**
+     * How long an idle connection is kept alive in ms.
+     * Default: 60_000 (60 seconds)
+     */
+    keepAliveTimeoutMs?: number;
+}
+/**
+ * AgentConnectionPool — maintains persistent HTTP connections per origin.
+ *
+ * Uses undici (built into Node.js 22+) to pool connections, eliminating
+ * the TCP+TLS handshake overhead on every ArohaClient.send() call.
+ *
+ * For an orchestrator talking to 20 agents at 100 msg/s, this removes
+ * ~2,000 TLS handshakes per second (~400ms each = 800s of saved latency/s).
+ *
+ * Usage:
+ *   const pool = new AgentConnectionPool();
+ *   const client = new ArohaClient({ pool });
+ */
+export declare class AgentConnectionPool {
+    private readonly connections;
+    private readonly keepAliveTimeoutMs;
+    private readonly pools;
+    constructor(config?: ConnectionPoolConfig);
+    fetch(url: string, init: RequestInit): Promise<Response>;
+    destroy(): Promise<void>;
+    get poolCount(): number;
+}
+export interface SendOptions {
+    timeoutMs?: number;
+}
+export interface ArohaClientOptions {
+    /** Optional connection pool for persistent keep-alive connections. */
+    pool?: AgentConnectionPool;
+}
+export declare class ArohaClient {
+    private readonly pool?;
+    constructor(opts?: ArohaClientOptions);
+    /**
+     * Send an Aroha message and await a synchronous response.
+     * Returns the response ArohaEnvelope, or null when the provider responds
+     * with 202 Accepted (async / streaming — use stream() for WebSocket events).
+     */
+    send(endpoint: string, envelope: ArohaEnvelope, opts?: SendOptions): Promise<ArohaEnvelope | null>;
+    /**
+     * Open a WebSocket stream to receive ArohaStream events for a given saga.
+     *
+     * @param wsEndpoint    WebSocket URL (wss://<host>/aroha/stream)
+     * @param correlationId The saga correlationId to subscribe to
+     * @param streamToken   One-time token from the 202 response (recommended)
+     */
+    stream(wsEndpoint: string, correlationId: string, streamToken?: string): AsyncIterable<ArohaEnvelope>;
+    /**
+     * Fetch the DID Document from an agent's well-known endpoint.
+     */
+    fetchDIDDocument(agentBaseUrl: string): Promise<Record<string, unknown>>;
+}
+export declare class ArohaTransportError extends Error {
+    readonly statusCode: number;
+    readonly body: string;
+    constructor(statusCode: number, body: string);
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/transport/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/transport/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAI7D,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAE5C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA4C;gBAEtD,MAAM,GAAE,oBAAyB;IAKvC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAkBxD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAK9B,IAAI,SAAS,IAAI,MAAM,CAEtB;CACF;AAID,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,sEAAsE;IACtE,IAAI,CAAC,EAAE,mBAAmB,CAAC;CAC5B;AAID,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAsB;gBAEhC,IAAI,GAAE,kBAAuB;IAIzC;;;;OAIG;IACG,IAAI,CACR,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,aAAa,EACvB,IAAI,GAAE,WAAgB,GACrB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAiChC;;;;;;OAMG;IACH,MAAM,CACJ,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,MAAM,GACnB,aAAa,CAAC,aAAa,CAAC;IA8D/B;;OAEG;IACG,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAK/E;AAID,qBAAa,mBAAoB,SAAQ,KAAK;aAE1B,UAAU,EAAE,MAAM;aAClB,IAAI,EAAE,MAAM;gBADZ,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM;CAK/B"}

package/dist/transport/client.js

@@ -0,0 +1,182 @@
+/**
+ * Aroha Protocol — Layer 0 Transport Client
+ *
+ * Sends Aroha messages to remote agents over HTTPS.
+ * Handles streaming responses via WebSocket.
+ *
+ * This is protocol infrastructure. It does not know what the messages
+ * mean or what to do with responses — that is the orchestrator's job.
+ */
+import { WebSocket } from "ws";
+/**
+ * AgentConnectionPool — maintains persistent HTTP connections per origin.
+ *
+ * Uses undici (built into Node.js 22+) to pool connections, eliminating
+ * the TCP+TLS handshake overhead on every ArohaClient.send() call.
+ *
+ * For an orchestrator talking to 20 agents at 100 msg/s, this removes
+ * ~2,000 TLS handshakes per second (~400ms each = 800s of saved latency/s).
+ *
+ * Usage:
+ *   const pool = new AgentConnectionPool();
+ *   const client = new ArohaClient({ pool });
+ */
+export class AgentConnectionPool {
+    connections;
+    keepAliveTimeoutMs;
+    // Map from origin → undici Pool instance (lazy-created)
+    pools = new Map();
+    constructor(config = {}) {
+        this.connections = config.connections ?? 10;
+        this.keepAliveTimeoutMs = config.keepAliveTimeoutMs ?? 60_000;
+    }
+    async fetch(url, init) {
+        const origin = new URL(url).origin;
+        let pool = this.pools.get(origin);
+        if (!pool) {
+            const { Pool } = await import("undici");
+            pool = new Pool(origin, {
+                connections: this.connections,
+                keepAliveTimeout: this.keepAliveTimeoutMs / 1000,
+                keepAliveMaxTimeout: this.keepAliveTimeoutMs / 1000,
+            });
+            this.pools.set(origin, pool);
+        }
+        const { fetch: undiciFetch } = await import("undici");
+        return undiciFetch(url, { ...init, dispatcher: pool });
+    }
+    async destroy() {
+        await Promise.all([...this.pools.values()].map((p) => p.destroy()));
+        this.pools.clear();
+    }
+    get poolCount() {
+        return this.pools.size;
+    }
+}
+// ─── Client ───────────────────────────────────────────────────────────────────
+export class ArohaClient {
+    pool;
+    constructor(opts = {}) {
+        this.pool = opts.pool;
+    }
+    /**
+     * Send an Aroha message and await a synchronous response.
+     * Returns the response ArohaEnvelope, or null when the provider responds
+     * with 202 Accepted (async / streaming — use stream() for WebSocket events).
+     */
+    async send(endpoint, envelope, opts = {}) {
+        const { timeoutMs = 30_000 } = opts;
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), timeoutMs);
+        const fetchFn = this.pool
+            ? (url, init) => this.pool.fetch(url, init)
+            : fetch;
+        let response;
+        try {
+            response = await fetchFn(endpoint, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(envelope),
+                signal: controller.signal,
+            });
+        }
+        finally {
+            clearTimeout(timer);
+        }
+        if (response.status === 202) {
+            return null;
+        }
+        if (!response.ok) {
+            const error = await response.text();
+            throw new ArohaTransportError(response.status, error);
+        }
+        return response.json();
+    }
+    /**
+     * Open a WebSocket stream to receive ArohaStream events for a given saga.
+     *
+     * @param wsEndpoint    WebSocket URL (wss://<host>/aroha/stream)
+     * @param correlationId The saga correlationId to subscribe to
+     * @param streamToken   One-time token from the 202 response (recommended)
+     */
+    stream(wsEndpoint, correlationId, streamToken) {
+        const u = new URL(wsEndpoint);
+        u.searchParams.set("cid", correlationId);
+        if (streamToken)
+            u.searchParams.set("tok", streamToken);
+        const ws = new WebSocket(u.toString());
+        return {
+            [Symbol.asyncIterator]() {
+                const queue = [];
+                let resolve = null;
+                let done = false;
+                let error = null;
+                ws.on("message", (data) => {
+                    const envelope = JSON.parse(data.toString());
+                    if (resolve) {
+                        const r = resolve;
+                        resolve = null;
+                        r({ value: envelope, done: false });
+                    }
+                    else {
+                        queue.push(envelope);
+                    }
+                });
+                ws.on("close", () => {
+                    done = true;
+                    if (resolve) {
+                        const r = resolve;
+                        resolve = null;
+                        r({ value: undefined, done: true });
+                    }
+                });
+                ws.on("error", (err) => {
+                    error = err;
+                    if (resolve) {
+                        const r = resolve;
+                        resolve = null;
+                        r({ value: undefined, done: true });
+                    }
+                });
+                return {
+                    next() {
+                        if (error)
+                            return Promise.reject(error);
+                        if (queue.length > 0) {
+                            return Promise.resolve({ value: queue.shift(), done: false });
+                        }
+                        if (done) {
+                            return Promise.resolve({ value: undefined, done: true });
+                        }
+                        return new Promise((r) => { resolve = r; });
+                    },
+                    return() {
+                        ws.close();
+                        return Promise.resolve({ value: undefined, done: true });
+                    },
+                };
+            },
+        };
+    }
+    /**
+     * Fetch the DID Document from an agent's well-known endpoint.
+     */
+    async fetchDIDDocument(agentBaseUrl) {
+        const response = await fetch(`${agentBaseUrl}/.well-known/aroha-agent.json`);
+        if (!response.ok)
+            throw new Error(`Failed to fetch DID Document from ${agentBaseUrl}`);
+        return response.json();
+    }
+}
+// ─── Errors ───────────────────────────────────────────────────────────────────
+export class ArohaTransportError extends Error {
+    statusCode;
+    body;
+    constructor(statusCode, body) {
+        super(`Aroha transport error ${statusCode}: ${body}`);
+        this.statusCode = statusCode;
+        this.body = body;
+        this.name = "ArohaTransportError";
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/transport/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/transport/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAkB/B;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,mBAAmB;IACb,WAAW,CAAS;IACpB,kBAAkB,CAAS;IAC5C,wDAAwD;IACvC,KAAK,GAAG,IAAI,GAAG,EAAiC,CAAC;IAElE,YAAY,SAA+B,EAAE;QAC3C,IAAI,CAAC,WAAW,GAAS,MAAM,CAAC,WAAW,IAAU,EAAE,CAAC;QACxD,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,IAAiB;QACxC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACnC,IAAI,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAElC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE;gBACtB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,gBAAgB,EAAE,IAAI,CAAC,kBAAkB,GAAG,IAAI;gBAChD,mBAAmB,EAAE,IAAI,CAAC,kBAAkB,GAAG,IAAI;aACpD,CAAC,CAAC;YACH,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,WAAW,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,IAAI,EAAuC,CAAwB,CAAC;IACrH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAaD,iFAAiF;AAEjF,MAAM,OAAO,WAAW;IACL,IAAI,CAAuB;IAE5C,YAAY,OAA2B,EAAE;QACvC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CACR,QAAgB,EAChB,QAAuB,EACvB,OAAoB,EAAE;QAEtB,MAAM,EAAE,SAAS,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI;YACvB,CAAC,CAAC,CAAC,GAAW,EAAE,IAAiB,EAAE,EAAE,CAAC,IAAI,CAAC,IAAK,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC;YACjE,CAAC,CAAC,KAAK,CAAC;QAEV,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;gBAC9B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;IACnD,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CACJ,UAAkB,EAClB,aAAqB,EACrB,WAAoB;QAEpB,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;QACzC,IAAI,WAAW;YAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEvC,OAAO;YACL,CAAC,MAAM,CAAC,aAAa,CAAC;gBACpB,MAAM,KAAK,GAAoB,EAAE,CAAC;gBAClC,IAAI,OAAO,GAA4D,IAAI,CAAC;gBAC5E,IAAI,IAAI,GAAG,KAAK,CAAC;gBACjB,IAAI,KAAK,GAAiB,IAAI,CAAC;gBAE/B,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;oBACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAkB,CAAC;oBAC9D,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,CAAC,GAAG,OAAO,CAAC;wBAClB,OAAO,GAAG,IAAI,CAAC;wBACf,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;oBACtC,CAAC;yBAAM,CAAC;wBACN,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;oBAClB,IAAI,GAAG,IAAI,CAAC;oBACZ,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,CAAC,GAAG,OAAO,CAAC;wBAClB,OAAO,GAAG,IAAI,CAAC;wBACf,CAAC,CAAC,EAAE,KAAK,EAAE,SAAqC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBAClE,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;oBACrB,KAAK,GAAG,GAAG,CAAC;oBACZ,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,CAAC,GAAG,OAAO,CAAC;wBAClB,OAAO,GAAG,IAAI,CAAC;wBACf,CAAC,CAAC,EAAE,KAAK,EAAE,SAAqC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBAClE,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,OAAO;oBACL,IAAI;wBACF,IAAI,KAAK;4BAAE,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;wBACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACrB,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;wBACjE,CAAC;wBACD,IAAI,IAAI,EAAE,CAAC;4BACT,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAqC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;wBACvF,CAAC;wBACD,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC9C,CAAC;oBACD,MAAM;wBACJ,EAAE,CAAC,KAAK,EAAE,CAAC;wBACX,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAqC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvF,CAAC;iBACF,CAAC;YACJ,CAAC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,YAAoB;QACzC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,+BAA+B,CAAC,CAAC;QAC7E,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,YAAY,EAAE,CAAC,CAAC;QACvF,OAAO,QAAQ,CAAC,IAAI,EAAsC,CAAC;IAC7D,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAE1B;IACA;IAFlB,YACkB,UAAkB,EAClB,IAAY;QAE5B,KAAK,CAAC,yBAAyB,UAAU,KAAK,IAAI,EAAE,CAAC,CAAC;QAHtC,eAAU,GAAV,UAAU,CAAQ;QAClB,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF"}

package/dist/transport/http-utils.d.ts

@@ -0,0 +1,3 @@
+import { type IncomingMessage } from "http";
+export declare function readBody(req: IncomingMessage, maxBytes?: number): Promise<string>;
+//# sourceMappingURL=http-utils.d.ts.map

package/dist/transport/http-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-utils.d.ts","sourceRoot":"","sources":["../../src/transport/http-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,MAAM,CAAC;AAE5C,wBAAgB,QAAQ,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,SAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CA2BpF"}

package/dist/transport/http-utils.js

@@ -0,0 +1,27 @@
+export function readBody(req, maxBytes = 1_048_576) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let totalBytes = 0;
+        let settled = false;
+        const done = (fn) => {
+            if (settled)
+                return;
+            settled = true;
+            fn();
+        };
+        req.on("data", (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > maxBytes) {
+                const err = new Error("PAYLOAD_TOO_LARGE");
+                err.code = "PAYLOAD_TOO_LARGE";
+                done(() => reject(err));
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => done(() => resolve(Buffer.concat(chunks).toString("utf8"))));
+        req.on("error", (err) => done(() => reject(err)));
+    });
+}
+//# sourceMappingURL=http-utils.js.map

package/dist/transport/http-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-utils.js","sourceRoot":"","sources":["../../src/transport/http-utils.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,QAAQ,CAAC,GAAoB,EAAE,QAAQ,GAAG,SAAS;IACjE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,IAAI,GAAG,CAAC,EAAc,EAAE,EAAE;YAC9B,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,EAAE,EAAE,CAAC;QACP,CAAC,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;YAC3B,IAAI,UAAU,GAAG,QAAQ,EAAE,CAAC;gBAC1B,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAC1C,GAA6B,CAAC,IAAI,GAAG,mBAAmB,CAAC;gBAC1D,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/transport/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./server.js";
+export * from "./client.js";
+export * from "./http-utils.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/transport/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/transport/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}

package/dist/transport/index.js

@@ -0,0 +1,4 @@
+export * from "./server.js";
+export * from "./client.js";
+export * from "./http-utils.js";
+//# sourceMappingURL=index.js.map

package/dist/transport/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/transport/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}

package/dist/transport/server.d.ts

@@ -0,0 +1,123 @@
+/**
+ * Aroha Protocol — Layer 0 Transport Server (core)
+ *
+ * Responsibilities (protocol only):
+ *   - Serve /.well-known/aroha-agent.json
+ *   - Accept POST /aroha/v1, validate envelope (sig + nonce + expiry + recipient)
+ *   - Run optional middleware chain before dispatch
+ *   - Dispatch valid envelopes to the application handler
+ *   - Handle WebSocket streams
+ *   - Delegate unknown HTTP routes to optional httpRoutes handlers
+ *
+ * What this server deliberately does NOT do:
+ *   - RBAC / credential verification  →  @aroha-sdk/credentials createRbacMiddleware()
+ *   - Credential registry endpoints   →  @aroha-sdk/credentials credentialRegistryRoutes()
+ *   - Settlement                      →  @aroha-sdk/settlement
+ */
+import { type IncomingMessage, type ServerResponse } from "http";
+import { type ArohaEnvelope } from "../messages/envelope.js";
+import { type NonceStore } from "../messages/nonce.js";
+import { type DIDDocument } from "../identity/did.js";
+/**
+ * A ArohaMiddleware runs after envelope validation and before dispatch.
+ * Call reject() to short-circuit with an HTTP error. Return without calling
+ * reject to pass the envelope to the next middleware or the handler.
+ */
+export type ArohaMiddleware = (envelope: ArohaEnvelope, reject: (status: number, errorCode: string, reason: string) => void) => Promise<void>;
+/**
+ * An additional HTTP route registered on ArohaServer.
+ * Use credentialRegistryRoutes() from @aroha-sdk/credentials to mount the
+ * credential registry without coupling aroha-core to auth logic.
+ */
+export interface ArohaHttpRoute {
+    method: string;
+    test: (url: string) => boolean;
+    handle: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+}
+export type MessageHandler = (envelope: ArohaEnvelope, respond: (reply: ArohaEnvelope) => void, stream: (event: ArohaEnvelope) => void) => Promise<void>;
+import type { PublicKeyResolver } from "../identity/did-cache.js";
+export type { PublicKeyResolver };
+export interface ArohaServerOptions {
+    agentDID: string;
+    didDocument: DIDDocument;
+    port: number;
+    onMessage: MessageHandler;
+    resolvePublicKey: PublicKeyResolver;
+    /**
+     * Optional did:aroha-web: document to serve at the well-known path.
+     * When set, the server serves GET /.well-known/aroha/agents/{path}/did.json
+     * in addition to the standard /.well-known/aroha-agent.json endpoint.
+     */
+    webDIDDocument?: import("../identity/web-did.js").WebDIDDocument;
+    /**
+     * Middleware chain — runs in order after envelope validation.
+     * Any middleware may call reject() to abort processing.
+     * Mount RBAC here via createRbacMiddleware() from @aroha-sdk/credentials.
+     */
+    middleware?: ArohaMiddleware[];
+    /**
+     * Additional HTTP route handlers mounted alongside /aroha/v1.
+     * Checked in order after built-in routes. First match wins.
+     * Mount credential registry here via credentialRegistryRoutes() from @aroha-sdk/credentials.
+     */
+    httpRoutes?: ArohaHttpRoute[];
+    /**
+     * Trusted mesh / VPC mode: skip Ed25519 signature verification for senders
+     * whose DID matches this predicate. Use within private networks protected by
+     * mTLS or a VPC where network-level trust replaces cryptographic identity.
+     * Configure via @aroha-sdk/trusted-mesh createTrustedMeshOptions().
+     */
+    bypassSignatureFor?: (senderDID: string) => boolean;
+    /**
+     * Development mode — skips ALL cryptographic validation (signatures, nonce
+     * replay, expiry) so you can spin up agents with zero ceremony on localhost.
+     *
+     * Set devMode: false (or omit) before deploying to production. The flip
+     * requires no other code changes — your capability handlers are identical.
+     *
+     * @aroha-sdk/micro sets this automatically when devMode: true is passed there.
+     */
+    devMode?: boolean;
+    /**
+     * Minimum client protocol version accepted.
+     * Requests with X-Aroha-Client-Version below this are rejected with 400.
+     * Default: "1.0".
+     */
+    minClientVersion?: string;
+    /**
+     * Custom nonce store for distributed deployments.
+     * Defaults to in-process MapNonceStore (breaks in multi-instance deployments).
+     * In production, inject a Redis-backed NonceStore to share nonce state
+     * across all instances and prevent cross-instance replay attacks.
+     */
+    nonceStore?: NonceStore;
+    /**
+     * Clock skew tolerance applied to envelope expiry checks, in milliseconds.
+     * Recommended value for cross-region deployments: 5000.
+     * Default: 0 (strict — rejects messages expired by even 1ms).
+     */
+    clockToleranceMs?: number;
+    /**
+     * Maximum allowed request body size in bytes.
+     * Requests exceeding this limit are rejected with HTTP 413.
+     * Default: 1_048_576 (1 MiB).
+     */
+    maxBodyBytes?: number;
+}
+export declare class ArohaServer {
+    private readonly opts;
+    private readonly nonceRegistry;
+    private readonly wsClients;
+    private readonly streamTokens;
+    private server;
+    private wss;
+    constructor(opts: ArohaServerOptions);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    private versionLessThan;
+    private writeJson;
+    private handleHttp;
+    private handleInbound;
+    private handleWsConnection;
+}
+//# sourceMappingURL=server.d.ts.map

package/dist/transport/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/transport/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAgB,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,MAAM,CAAC;AAI/E,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAMtD;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG,CAC5B,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,KAChE,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;IAC/B,MAAM,EAAE,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtE;AAID,MAAM,MAAM,cAAc,GAAG,CAC3B,QAAQ,EAAE,aAAa,EACvB,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,EACvC,MAAM,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,KACnC,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,YAAY,EAAE,iBAAiB,EAAE,CAAC;AAIlC,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,cAAc,CAAC;IAC1B,gBAAgB,EAAE,iBAAiB,CAAC;IACpC;;;;OAIG;IACH,cAAc,CAAC,EAAE,OAAO,wBAAwB,EAAE,cAAc,CAAC;IACjE;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B;;;;OAIG;IACH,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC;IACpD;;;;;;;;OAQG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAID,qBAAa,WAAW;IAOV,OAAO,CAAC,QAAQ,CAAC,IAAI;IANjC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgC;IAC1D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyD;IACtF,OAAO,CAAC,MAAM,CAAgD;IAC9D,OAAO,CAAC,GAAG,CAAgC;gBAEd,IAAI,EAAE,kBAAkB;IAIrD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IASrB,OAAO,CAAC,eAAe;IAMvB,OAAO,CAAC,SAAS;YAUH,UAAU;YAwCV,aAAa;IAiH3B,OAAO,CAAC,kBAAkB;CAkC3B"}