@askalf/dario 3.29.0 → 3.30.0

package/dist/proxy.js

@@ -11,7 +11,6 @@ import { describeTemplate, detectDrift, checkCCCompat } from './live-fingerprint
 import { AccountPool, computeStickyKey, parseRateLimits } from './pool.js';
 import { Analytics, billingBucketFromClaim } from './analytics.js';
 import { loadAllAccounts, loadAccount, refreshAccountToken } from './accounts.js';
-import { GroupLender, importGroupPublicKey, decodeBorrowEnvelope, parseBorrowToken, } from './sealed-pool.js';
 import { getOpenAIBackend, isOpenAIModel, forwardToOpenAI } from './openai-backend.js';
 const ANTHROPIC_API = 'https://api.anthropic.com';
 const DEFAULT_PORT = 3456;
@@ -334,31 +333,18 @@ export function sanitizeError(err) {
         .replace(/Bearer\s+[^\s,;]+/gi, 'Bearer [REDACTED]');
 }
 /**
- * Two-lane auth: DARIO_API_KEY (x-api-key / Authorization: Bearer) for
- * normal clients, and MUX_COORD_SECRET (X-Mux-Coord-Secret) for the mux
- * gateway forwarding a verified sealed borrow. If neither is configured
- * the request is allowed (loopback-only default). Exported for tests.
+ * API-key auth via DARIO_API_KEY (x-api-key or Authorization: Bearer).
+ * If unset, requests are allowed (loopback-only default). Exported for tests.
  */
-export function authenticateRequest(headers, apiKeyBuf, mcsBuf) {
-    if (!apiKeyBuf && !mcsBuf)
+export function authenticateRequest(headers, apiKeyBuf) {
+    if (!apiKeyBuf)
         return true;
-    if (mcsBuf) {
-        const raw = headers['x-mux-coord-secret'];
-        const provided = typeof raw === 'string' ? raw : Array.isArray(raw) ? raw[0] : undefined;
-        if (provided) {
-            const providedBuf = Buffer.from(provided);
-            if (providedBuf.length === mcsBuf.length && timingSafeEqual(providedBuf, mcsBuf))
-                return true;
-        }
-    }
-    if (apiKeyBuf) {
-        const provided = headers['x-api-key']
-            || headers.authorization?.replace(/^Bearer\s+/i, '');
-        if (provided) {
-            const providedBuf = Buffer.from(provided);
-            if (providedBuf.length === apiKeyBuf.length && timingSafeEqual(providedBuf, apiKeyBuf))
-                return true;
-        }
+    const provided = headers['x-api-key']
+        || headers.authorization?.replace(/^Bearer\s+/i, '');
+    if (provided) {
+        const providedBuf = Buffer.from(provided);
+        if (providedBuf.length === apiKeyBuf.length && timingSafeEqual(providedBuf, apiKeyBuf))
+            return true;
     }
     return false;
 }
@@ -440,30 +426,6 @@ export async function startProxy(opts = {}) {
     const accountsList = await loadAllAccounts();
     const pool = accountsList.length >= 2 ? new AccountPool() : null;
     const analytics = pool ? new Analytics() : null;
-    // Sealed-sender overflow pool — activated when ~/.dario/group.json exists.
-    // Config format: { "groupId": "<name>", "publicKey": { n, e, modulusBytes } }
-    // where publicKey is the GroupAdmin's exported RSA public key. Lender runs
-    // in addition to normal pool mode — borrow requests go through a separate
-    // /v1/pool/borrow endpoint and are verified via the admin-signed token.
-    let groupLender = null;
-    try {
-        const groupConfigPath = join(homedir(), '.dario', 'group.json');
-        const rawGroup = readFileSync(groupConfigPath, 'utf-8');
-        const parsed = JSON.parse(rawGroup);
-        if (parsed?.groupId && parsed.publicKey?.n && parsed.publicKey?.e && parsed.publicKey?.modulusBytes) {
-            const pub = importGroupPublicKey(parsed.publicKey);
-            groupLender = new GroupLender(parsed.groupId, pub);
-            console.log(`  Sealed-sender pool: group "${parsed.groupId}" loaded (${pub.modulusBytes * 8}-bit key)`);
-        }
-    }
-    catch (err) {
-        // Group config is optional — silent fallthrough if missing. Log parse
-        // errors explicitly so a broken config doesn't fail silently.
-        const e = err;
-        if (e.code && e.code !== 'ENOENT') {
-            console.warn(`[dario] group.json present but unusable: ${e.message}`);
-        }
-    }
     let status;
     if (pool) {
         for (const acc of accountsList) {
@@ -647,14 +609,6 @@ export async function startProxy(opts = {}) {
     // Optional proxy authentication — pre-encode key buffer for performance
     const apiKey = process.env.DARIO_API_KEY;
     const apiKeyBuf = apiKey ? Buffer.from(apiKey) : null;
-    // Mux coord-secret — the shared secret mux uses when forwarding sealed
-    // borrow requests to this dario acting as a lender endpoint. A request
-    // carrying a matching X-Mux-Coord-Secret header is authenticated without
-    // needing DARIO_API_KEY. The sealed-sender envelope has already been
-    // verified upstream, so the coord secret is the one-hop auth between
-    // the mux gateway and this instance.
-    const mcs = process.env.MUX_COORD_SECRET;
-    const mcsBuf = mcs ? Buffer.from(mcs) : null;
     // CORS origin defaults to the localhost URL the proxy is served at. Users
     // binding to a non-loopback address (e.g. a Tailscale interface) can
     // override via DARIO_CORS_ORIGIN — otherwise browser-based clients hitting
@@ -670,7 +624,7 @@ export async function startProxy(opts = {}) {
     const CORS_HEADERS = {
         'Access-Control-Allow-Origin': corsOrigin,
         'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-        'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-api-key, anthropic-version, anthropic-beta, x-mux-coord-secret',
+        'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-api-key, anthropic-version, anthropic-beta',
         'Access-Control-Max-Age': '86400',
         ...SECURITY_HEADERS,
     };
@@ -680,7 +634,7 @@ export async function startProxy(opts = {}) {
     const ERR_FORBIDDEN = JSON.stringify({ error: 'Forbidden', message: 'Path not allowed. Supported paths: POST /v1/messages, POST /v1/chat/completions, GET /v1/models' });
     const ERR_METHOD = JSON.stringify({ error: 'Method not allowed' });
     function checkAuth(req) {
-        return authenticateRequest(req.headers, apiKeyBuf, mcsBuf);
+        return authenticateRequest(req.headers, apiKeyBuf);
     }
     const server = createServer(async (req, res) => {
         if (req.method === 'OPTIONS') {
@@ -702,121 +656,6 @@ export async function startProxy(opts = {}) {
             }));
             return;
         }
-        // Sealed-sender borrow endpoint — runs BEFORE the API-key auth check
-        // because the admin-signed group token IS the authentication. Anyone
-        // who presents a valid unused token can borrow capacity from this
-        // instance's pool without also holding the local dario API key.
-        // See src/sealed-pool.ts for the protocol.
-        if (urlPath === '/v1/pool/borrow' && req.method === 'POST') {
-            if (!groupLender) {
-                res.writeHead(503, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'sealed-sender pool not configured on this instance' }));
-                return;
-            }
-            if (!pool) {
-                res.writeHead(503, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'pool mode required for sealed-sender borrows' }));
-                return;
-            }
-            // Read body with the same limits as normal /v1/messages.
-            const bChunks = [];
-            let bBytes = 0;
-            const bTimeout = setTimeout(() => { req.destroy(); }, BODY_READ_TIMEOUT_MS);
-            try {
-                for await (const chunk of req) {
-                    const buf = typeof chunk === 'string' ? Buffer.from(chunk) : chunk;
-                    bBytes += buf.length;
-                    if (bBytes > MAX_BODY_BYTES) {
-                        clearTimeout(bTimeout);
-                        res.writeHead(413, JSON_HEADERS);
-                        res.end(JSON.stringify({ error: 'Request body too large' }));
-                        return;
-                    }
-                    bChunks.push(buf);
-                }
-            }
-            finally {
-                clearTimeout(bTimeout);
-            }
-            const envelope = decodeBorrowEnvelope(Buffer.concat(bChunks).toString('utf-8'));
-            if (!envelope) {
-                res.writeHead(400, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'malformed borrow envelope' }));
-                return;
-            }
-            // Envelope shape guard — envelope.request is `unknown` on the wire.
-            // We stringify it and forward to Anthropic under the lender's identity,
-            // so a borrower could otherwise waste the lender's rate-limit slot with
-            // a body Anthropic will reject. Minimum: must be a plain object with
-            // `model` (string) and `messages` (array). Anthropic validates the rest.
-            const br = envelope.request;
-            if (!br || typeof br !== 'object' || Array.isArray(br) ||
-                typeof br.model !== 'string' ||
-                !Array.isArray(br.messages)) {
-                res.writeHead(400, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'envelope.request must be an Anthropic /v1/messages body' }));
-                return;
-            }
-            if (envelope.groupId !== groupLender.groupId) {
-                res.writeHead(403, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'unknown_group', expected: groupLender.groupId }));
-                return;
-            }
-            const borrowTok = parseBorrowToken(envelope);
-            if (!borrowTok) {
-                res.writeHead(400, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'malformed token' }));
-                return;
-            }
-            const accept = groupLender.acceptBorrow(borrowTok.token, borrowTok.signature);
-            if (!accept.ok) {
-                res.writeHead(403, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'borrow_rejected', reason: accept.reason }));
-                return;
-            }
-            // Token validated. Forward the embedded /v1/messages request to
-            // Anthropic using the lender's normal pool. This path is minimal:
-            // no streaming parser, no reverse tool mapping, no 429 failover.
-            // It's enough to demonstrate sealed-sender end-to-end; the full
-            // feature-parity wire-up with the main /v1/messages path is a
-            // separate change (requires threading a pre-read body through
-            // the existing handler).
-            const lenderAccount = pool.select();
-            if (!lenderAccount) {
-                res.writeHead(503, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'lender pool exhausted' }));
-                return;
-            }
-            try {
-                const upstream = await fetch(`${ANTHROPIC_API}/v1/messages?beta=true`, {
-                    method: 'POST',
-                    headers: {
-                        'Content-Type': 'application/json',
-                        'authorization': `Bearer ${lenderAccount.accessToken}`,
-                        'anthropic-version': '2023-06-01',
-                        'anthropic-beta': 'claude-code-20250219',
-                    },
-                    body: JSON.stringify(envelope.request),
-                });
-                const snapshot = parseRateLimits(upstream.headers);
-                pool.updateRateLimits(lenderAccount.alias, snapshot);
-                const body = Buffer.from(await upstream.arrayBuffer());
-                res.writeHead(upstream.status, {
-                    'content-type': upstream.headers.get('content-type') ?? 'application/json',
-                    'Access-Control-Allow-Origin': corsOrigin,
-                    ...SECURITY_HEADERS,
-                });
-                res.end(body);
-                if (verbose) {
-                    console.log(`[dario] borrow: group=${envelope.groupId} → ${lenderAccount.alias} (${upstream.status}, ${body.length}B)`);
-                }
-            }
-            catch (err) {
-                res.writeHead(502, JSON_HEADERS);
-                res.end(JSON.stringify({ error: 'upstream_error', message: err.message }));
-            }
-            return;
-        }
         if (!checkAuth(req)) {
             res.writeHead(401, JSON_HEADERS);
             res.end(ERR_UNAUTH);
@@ -852,10 +691,6 @@ export async function startProxy(opts = {}) {
                 mode: 'pool',
                 ...pool.status(),
                 stickyBindings: pool.stickyCount(),
-                sealedSender: groupLender ? {
-                    groupId: groupLender.groupId,
-                    seenTokens: groupLender.seenCount(),
-                } : null,
                 accounts,
             }));
             return;
@@ -1807,19 +1642,13 @@ export async function startProxy(opts = {}) {
         if (!isLoopbackHost(host)) {
             console.log('');
             console.log(`  ⚠  Bound to ${host} — reachable from other machines on the network.`);
-            if (!apiKey && !mcs) {
+            if (!apiKey) {
                 console.log('     No auth configured. Any host that can reach this port can proxy');
-                console.log('     requests through your OAuth subscription. Set DARIO_API_KEY (for');
-                console.log('     normal clients) or MUX_COORD_SECRET (for mux lender mode) before');
-                console.log('     exposing dario beyond loopback.');
+                console.log('     requests through your OAuth subscription. Set DARIO_API_KEY');
+                console.log('     before exposing dario beyond loopback.');
             }
             else {
-                const lanes = [];
-                if (apiKey)
-                    lanes.push('x-api-key / Authorization (DARIO_API_KEY)');
-                if (mcs)
-                    lanes.push('X-Mux-Coord-Secret (MUX_COORD_SECRET — mux lender mode)');
-                console.log(`     Auth required — accepted credentials: ${lanes.join(' or ')}.`);
+                console.log('     Auth required — accepted credentials: x-api-key / Authorization (DARIO_API_KEY).');
             }
         }
         console.log('');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askalf/dario",
-  "version": "3.29.0",
+  "version": "3.30.0",
   "description": "A local LLM router. One endpoint, every provider — Claude subscriptions, OpenAI, OpenRouter, Groq, local LiteLLM, any OpenAI-compat endpoint — your tools don't need to change.",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "scripts": {
     "build": "tsc && cp src/cc-template-data.json dist/ && node -e \"require('fs').mkdirSync('dist/shim',{recursive:true})\" && cp src/shim/runtime.cjs dist/shim/",
-    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/sealed-pool.mjs && node test/mux-coord-secret.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/proxy-body-order.mjs && node test/runtime-fingerprint.mjs && node test/pacing.mjs && node test/stream-drain.mjs && node test/subagent.mjs && node test/mcp-protocol.mjs && node test/mcp-tools.mjs && node test/mcp-e2e.mjs && node test/session-rotation.mjs && node test/drift-detection.mjs && node test/cc-authorize-probe-classifier.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs && node test/manual-oauth-flow.mjs && node test/scrub-template.mjs",
+    "test": "node test/issue-29-tool-translation.mjs && node test/hybrid-tools.mjs && node test/tool-schema-contract.mjs && node test/scrub-paths.mjs && node test/provider-prefix.mjs && node test/analytics-recording.mjs && node test/analytics-billing-bucket.mjs && node test/failover-429.mjs && node test/pool-sticky.mjs && node test/live-fingerprint.mjs && node test/shim-runtime.mjs && node test/shim-e2e.mjs && node test/proxy-header-order.mjs && node test/proxy-body-order.mjs && node test/runtime-fingerprint.mjs && node test/pacing.mjs && node test/stream-drain.mjs && node test/subagent.mjs && node test/mcp-protocol.mjs && node test/mcp-tools.mjs && node test/mcp-e2e.mjs && node test/session-rotation.mjs && node test/drift-detection.mjs && node test/cc-authorize-probe-classifier.mjs && node test/compat-range.mjs && node test/doctor-formatter.mjs && node test/atomic-write.mjs && node test/account-refresh-singleflight.mjs && node test/streaming-edge-cases.mjs && node test/client-detection.mjs && node test/manual-oauth-flow.mjs && node test/scrub-template.mjs",
     "audit": "npm audit --production --audit-level=high",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli.js",

package/dist/sealed-pool.d.ts

@@ -1,202 +0,0 @@
-/**
- * Sealed-sender overflow pool — RSA blind signatures for unlinkable capacity
- * sharing inside a trust group.
- *
- * The problem this solves: in a federated pool where several friends lend
- * each other account capacity, a naive design leaks who is borrowing what.
- * If member A sends "I'm borrowing from your pool" to member B's dario
- * instance, B learns exactly which of their friends is running which
- * workload — and over time B can build a pretty detailed surveillance log
- * of everyone else's agent sessions. That's the opposite of what a private
- * friend pool should provide.
- *
- * The solution is Chaum's 1983 blind signature construction. A trusted
- * admin (one member of the group, selected by social consensus) issues
- * signed borrow tokens to each member. The admin never sees the token
- * values — they sign blinded values, and the blinding is unlinkable at
- * the cryptographic level. When a member sends a token to a lender, the
- * lender can verify "this was signed by the group admin" without learning
- * WHICH member holds that token. The lender sees a valid group credential
- * and nothing more.
- *
- * From Anthropic's perspective nothing changes: the request still hits
- * their API under the lender's identity, fully attributable to a real
- * paying Max subscriber. The privacy property is entirely INSIDE the
- * trust group — no member can surveil another member's usage through
- * the pool layer.
- *
- * What this is NOT: this is not anonymity from Anthropic, not onion
- * routing, not credential laundering. It is a privacy layer on top of
- * a legitimate friends-pool arrangement. Members opt in, the admin is
- * known, membership is revocable by rotating the group key. It's the
- * same trust model as a family Netflix account, with unlinkability as
- * a feature for the pool's internal telemetry.
- *
- * Implementation notes:
- *   - RSA-2048 with FDH (full-domain hash) padding via MGF1-SHA256.
- *   - Node's crypto.publicEncrypt / privateDecrypt with RSA_NO_PADDING
- *     for raw RSA operations. All modular arithmetic happens in BigInt.
- *   - Tokens are 32 random bytes each, single-use (lender tracks SHA-256
- *     hashes of seen tokens to prevent double-spend).
- *   - Admin does not need to be online for members to use tokens. Admin
- *     only runs when issuing a new batch (typically once per day/week).
- */
-import { type KeyObject } from 'node:crypto';
-export interface RSAPublicKey {
-    n: bigint;
-    e: bigint;
-    modulusBytes: number;
-    keyObj: KeyObject;
-}
-export interface RSAPrivateKey extends RSAPublicKey {
-    keyObjPriv: KeyObject;
-}
-/**
- * Blind a token: pick r ∈ [2, n), compute blinded = FDH(token) · r^e mod n.
- * The admin sees only the blinded value (uniform over Z_n*) and learns
- * nothing about the token.
- */
-export declare function blindToken(tokenBytes: Buffer, pubKey: RSAPublicKey): {
-    blinded: bigint;
-    r: bigint;
-};
-/** Admin-side: sign a blinded value. No knowledge of the original token. */
-export declare function signBlinded(blinded: bigint, privKey: RSAPrivateKey): bigint;
-/**
- * Member-side: given the admin's signature on the blinded value, remove
- * the blinding factor to obtain a raw RSA-FDH signature over the original
- * token that the admin never saw.
- *
- * Math: signed_blinded = (FDH(t) · r^e)^d = FDH(t)^d · r mod n.
- * Multiplying by r^(-1) mod n yields FDH(t)^d = the raw signature.
- */
-export declare function unblindSignature(blindedSignature: bigint, r: bigint, pubKey: RSAPublicKey): bigint;
-/**
- * Verify a (token, signature) pair against the admin's public key.
- * True iff signature^e ≡ FDH(token) (mod n).
- */
-export declare function verifyTokenSignature(tokenBytes: Buffer, signature: bigint, pubKey: RSAPublicKey): boolean;
-export declare function generateGroupKey(bits?: number): RSAPrivateKey;
-export interface ExportedGroupKey {
-    n: string;
-    e: string;
-    modulusBytes: number;
-}
-export declare function exportGroupPublicKey(key: RSAPublicKey): ExportedGroupKey;
-export declare function importGroupPublicKey(exported: ExportedGroupKey): RSAPublicKey;
-export interface MemberRecord {
-    pubkey: string;
-    expiresAt: number;
-    quotaPerBatch: number;
-}
-/**
- * Admin holds the group private key and a roster of authorized members.
- * Admin does NOT hold any of the tokens, by design — blind signing means
- * the admin never sees what they signed. This is the key privacy property.
- *
- * The admin's responsibilities are purely social: decide who's in the
- * group, set per-member quotas, rotate the group key when someone leaves.
- */
-export declare class GroupAdmin {
-    readonly groupId: string;
-    readonly key: RSAPrivateKey;
-    readonly members: Map<string, MemberRecord>;
-    constructor(groupId: string, key: RSAPrivateKey, members: Map<string, MemberRecord>);
-    static create(groupId: string, bits?: number): GroupAdmin;
-    addMember(pubkey: string, quotaPerBatch?: number, validForDays?: number): void;
-    removeMember(pubkey: string): boolean;
-    /**
-     * Sign a batch of blinded tokens submitted by a member. The admin
-     * authenticates the request out-of-band (member identity auth happens
-     * at the HTTP layer via a member signing key — not modelled here).
-     *
-     * Throws on: unknown member, expired membership, batch-too-large.
-     */
-    signBatch(memberPubkey: string, blinded: bigint[]): bigint[];
-    publicKey(): ExportedGroupKey;
-}
-export interface PreparedBatch {
-    blinded: bigint[];
-    state: Array<{
-        token: Buffer;
-        r: bigint;
-    }>;
-}
-export interface BorrowToken {
-    token: Buffer;
-    signature: bigint;
-}
-/**
- * Member holds an identity pubkey (used by the admin for roster lookup)
- * and a local stash of unused (token, signature) pairs. Tokens are single-
- * use — consume one per borrow. Admin never saw any of these tokens.
- */
-export declare class GroupMember {
-    readonly memberPubkey: string;
-    readonly groupPublicKey: RSAPublicKey;
-    private tokens;
-    constructor(memberPubkey: string, groupPublicKey: RSAPublicKey);
-    /**
-     * Step 1 of a token batch: generate random tokens, blind each, return
-     * the blinded values (to send to admin) plus the per-token state
-     * (kept locally for unblinding after admin responds).
-     */
-    prepareBatch(count: number): PreparedBatch;
-    /**
-     * Step 2 of a token batch: unblind each admin-signed value, verify the
-     * resulting raw signature, and add the (token, signature) pair to the
-     * local stash. Any verification failure throws — we never store a token
-     * whose signature doesn't check out.
-     */
-    finalizeBatch(signedBlinded: bigint[], state: Array<{
-        token: Buffer;
-        r: bigint;
-    }>): void;
-    consumeToken(): BorrowToken | null;
-    tokenCount(): number;
-}
-export type AcceptResult = {
-    ok: true;
-} | {
-    ok: false;
-    reason: 'invalid_signature' | 'double_spend' | 'malformed';
-};
-/**
- * Lender holds the group public key and a set of token hashes that have
- * already been redeemed. Memory-only in v1; a persisted set would be a
- * sqlite table keyed on token hash, or just a file of sha256 hex lines.
- *
- * The lender LEARNS NOTHING about which member borrowed. That's the
- * whole point — blind signatures decouple "who signed this request"
- * (the admin, uniformly) from "who holds the token" (one specific
- * member who is anonymous to the lender).
- */
-export declare class GroupLender {
-    readonly groupId: string;
-    readonly groupPublicKey: RSAPublicKey;
-    private seenTokens;
-    private maxSeenTokens;
-    constructor(groupId: string, groupPublicKey: RSAPublicKey, opts?: {
-        maxSeenTokens?: number;
-    });
-    acceptBorrow(token: Buffer, signature: bigint): AcceptResult;
-    seenCount(): number;
-}
-/**
- * Envelope the member sends to a lender's /v1/pool/borrow endpoint. The
- * `request` field carries an embedded Anthropic /v1/messages body that
- * the lender will proxy to api.anthropic.com under its own identity.
- *
- * Version field lets us rotate crypto or protocol details without
- * breaking older members in the same group.
- */
-export interface BorrowEnvelope {
-    v: 1;
-    groupId: string;
-    token: string;
-    sig: string;
-    request: unknown;
-}
-export declare function encodeBorrowEnvelope(groupId: string, bt: BorrowToken, request: unknown): string;
-export declare function decodeBorrowEnvelope(s: string): BorrowEnvelope | null;
-export declare function parseBorrowToken(env: BorrowEnvelope): BorrowToken | null;