npm - @aster-rpc/aster - Versions diffs - 0.1.2 - Mend

@aster-rpc/aster 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (233) hide show

package/dist/capabilities.d.ts +26 -0
package/dist/capabilities.d.ts.map +1 -0
package/dist/capabilities.js +29 -0
package/dist/capabilities.js.map +1 -0
package/dist/client.d.ts +65 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +108 -0
package/dist/client.js.map +1 -0
package/dist/codec.d.ts +156 -0
package/dist/codec.d.ts.map +1 -0
package/dist/codec.js +477 -0
package/dist/codec.js.map +1 -0
package/dist/config.d.ts +102 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +454 -0
package/dist/config.js.map +1 -0
package/dist/contract/identity.d.ts +115 -0
package/dist/contract/identity.d.ts.map +1 -0
package/dist/contract/identity.js +188 -0
package/dist/contract/identity.js.map +1 -0
package/dist/contract/manifest.d.ts +77 -0
package/dist/contract/manifest.d.ts.map +1 -0
package/dist/contract/manifest.js +127 -0
package/dist/contract/manifest.js.map +1 -0
package/dist/contract/publication.d.ts +71 -0
package/dist/contract/publication.d.ts.map +1 -0
package/dist/contract/publication.js +85 -0
package/dist/contract/publication.js.map +1 -0
package/dist/decorators.d.ts +139 -0
package/dist/decorators.d.ts.map +1 -0
package/dist/decorators.js +175 -0
package/dist/decorators.js.map +1 -0
package/dist/dynamic.d.ts +61 -0
package/dist/dynamic.d.ts.map +1 -0
package/dist/dynamic.js +147 -0
package/dist/dynamic.js.map +1 -0
package/dist/framing.d.ts +74 -0
package/dist/framing.d.ts.map +1 -0
package/dist/framing.js +162 -0
package/dist/framing.js.map +1 -0
package/dist/health.d.ts +127 -0
package/dist/health.d.ts.map +1 -0
package/dist/health.js +236 -0
package/dist/health.js.map +1 -0
package/dist/index.d.ts +67 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +101 -0
package/dist/index.js.map +1 -0
package/dist/interceptors/audit.d.ts +25 -0
package/dist/interceptors/audit.d.ts.map +1 -0
package/dist/interceptors/audit.js +46 -0
package/dist/interceptors/audit.js.map +1 -0
package/dist/interceptors/auth.d.ts +13 -0
package/dist/interceptors/auth.d.ts.map +1 -0
package/dist/interceptors/auth.js +34 -0
package/dist/interceptors/auth.js.map +1 -0
package/dist/interceptors/base.d.ts +74 -0
package/dist/interceptors/base.d.ts.map +1 -0
package/dist/interceptors/base.js +103 -0
package/dist/interceptors/base.js.map +1 -0
package/dist/interceptors/capability.d.ts +16 -0
package/dist/interceptors/capability.d.ts.map +1 -0
package/dist/interceptors/capability.js +63 -0
package/dist/interceptors/capability.js.map +1 -0
package/dist/interceptors/circuit-breaker.d.ts +40 -0
package/dist/interceptors/circuit-breaker.d.ts.map +1 -0
package/dist/interceptors/circuit-breaker.js +91 -0
package/dist/interceptors/circuit-breaker.js.map +1 -0
package/dist/interceptors/compression.d.ts +11 -0
package/dist/interceptors/compression.d.ts.map +1 -0
package/dist/interceptors/compression.js +12 -0
package/dist/interceptors/compression.js.map +1 -0
package/dist/interceptors/deadline.d.ts +12 -0
package/dist/interceptors/deadline.d.ts.map +1 -0
package/dist/interceptors/deadline.js +28 -0
package/dist/interceptors/deadline.js.map +1 -0
package/dist/interceptors/metrics.d.ts +43 -0
package/dist/interceptors/metrics.d.ts.map +1 -0
package/dist/interceptors/metrics.js +132 -0
package/dist/interceptors/metrics.js.map +1 -0
package/dist/interceptors/rate-limit.d.ts +24 -0
package/dist/interceptors/rate-limit.d.ts.map +1 -0
package/dist/interceptors/rate-limit.js +84 -0
package/dist/interceptors/rate-limit.js.map +1 -0
package/dist/interceptors/retry.d.ts +25 -0
package/dist/interceptors/retry.d.ts.map +1 -0
package/dist/interceptors/retry.js +55 -0
package/dist/interceptors/retry.js.map +1 -0
package/dist/limits.d.ts +77 -0
package/dist/limits.d.ts.map +1 -0
package/dist/limits.js +137 -0
package/dist/limits.js.map +1 -0
package/dist/logging.d.ts +40 -0
package/dist/logging.d.ts.map +1 -0
package/dist/logging.js +92 -0
package/dist/logging.js.map +1 -0
package/dist/metadata.d.ts +14 -0
package/dist/metadata.d.ts.map +1 -0
package/dist/metadata.js +68 -0
package/dist/metadata.js.map +1 -0
package/dist/metrics.d.ts +40 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +92 -0
package/dist/metrics.js.map +1 -0
package/dist/peer-store.d.ts +53 -0
package/dist/peer-store.d.ts.map +1 -0
package/dist/peer-store.js +105 -0
package/dist/peer-store.js.map +1 -0
package/dist/protocol.d.ts +44 -0
package/dist/protocol.d.ts.map +1 -0
package/dist/protocol.js +59 -0
package/dist/protocol.js.map +1 -0
package/dist/registration.d.ts +81 -0
package/dist/registration.d.ts.map +1 -0
package/dist/registration.js +161 -0
package/dist/registration.js.map +1 -0
package/dist/registry/acl.d.ts +57 -0
package/dist/registry/acl.d.ts.map +1 -0
package/dist/registry/acl.js +104 -0
package/dist/registry/acl.js.map +1 -0
package/dist/registry/client.d.ts +70 -0
package/dist/registry/client.d.ts.map +1 -0
package/dist/registry/client.js +115 -0
package/dist/registry/client.js.map +1 -0
package/dist/registry/gossip.d.ts +43 -0
package/dist/registry/gossip.d.ts.map +1 -0
package/dist/registry/gossip.js +102 -0
package/dist/registry/gossip.js.map +1 -0
package/dist/registry/keys.d.ts +25 -0
package/dist/registry/keys.d.ts.map +1 -0
package/dist/registry/keys.js +47 -0
package/dist/registry/keys.js.map +1 -0
package/dist/registry/models.d.ts +80 -0
package/dist/registry/models.d.ts.map +1 -0
package/dist/registry/models.js +35 -0
package/dist/registry/models.js.map +1 -0
package/dist/registry/publisher.d.ts +65 -0
package/dist/registry/publisher.d.ts.map +1 -0
package/dist/registry/publisher.js +164 -0
package/dist/registry/publisher.js.map +1 -0
package/dist/runtime.d.ts +267 -0
package/dist/runtime.d.ts.map +1 -0
package/dist/runtime.js +1366 -0
package/dist/runtime.js.map +1 -0
package/dist/server.d.ts +100 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +511 -0
package/dist/server.js.map +1 -0
package/dist/service.d.ts +72 -0
package/dist/service.d.ts.map +1 -0
package/dist/service.js +98 -0
package/dist/service.js.map +1 -0
package/dist/session.d.ts +64 -0
package/dist/session.d.ts.map +1 -0
package/dist/session.js +350 -0
package/dist/session.js.map +1 -0
package/dist/status.d.ts +113 -0
package/dist/status.d.ts.map +1 -0
package/dist/status.js +206 -0
package/dist/status.js.map +1 -0
package/dist/transport/base.d.ts +46 -0
package/dist/transport/base.d.ts.map +1 -0
package/dist/transport/base.js +10 -0
package/dist/transport/base.js.map +1 -0
package/dist/transport/iroh.d.ts +45 -0
package/dist/transport/iroh.d.ts.map +1 -0
package/dist/transport/iroh.js +225 -0
package/dist/transport/iroh.js.map +1 -0
package/dist/transport/local.d.ts +48 -0
package/dist/transport/local.d.ts.map +1 -0
package/dist/transport/local.js +139 -0
package/dist/transport/local.js.map +1 -0
package/dist/trust/admission.d.ts +60 -0
package/dist/trust/admission.d.ts.map +1 -0
package/dist/trust/admission.js +149 -0
package/dist/trust/admission.js.map +1 -0
package/dist/trust/bootstrap.d.ts +109 -0
package/dist/trust/bootstrap.d.ts.map +1 -0
package/dist/trust/bootstrap.js +311 -0
package/dist/trust/bootstrap.js.map +1 -0
package/dist/trust/clock.d.ts +93 -0
package/dist/trust/clock.d.ts.map +1 -0
package/dist/trust/clock.js +154 -0
package/dist/trust/clock.js.map +1 -0
package/dist/trust/consumer.d.ts +139 -0
package/dist/trust/consumer.d.ts.map +1 -0
package/dist/trust/consumer.js +323 -0
package/dist/trust/consumer.js.map +1 -0
package/dist/trust/credentials.d.ts +98 -0
package/dist/trust/credentials.d.ts.map +1 -0
package/dist/trust/credentials.js +250 -0
package/dist/trust/credentials.js.map +1 -0
package/dist/trust/delegated.d.ts +118 -0
package/dist/trust/delegated.d.ts.map +1 -0
package/dist/trust/delegated.js +292 -0
package/dist/trust/delegated.js.map +1 -0
package/dist/trust/gossip.d.ts +146 -0
package/dist/trust/gossip.d.ts.map +1 -0
package/dist/trust/gossip.js +334 -0
package/dist/trust/gossip.js.map +1 -0
package/dist/trust/hooks.d.ts +84 -0
package/dist/trust/hooks.d.ts.map +1 -0
package/dist/trust/hooks.js +125 -0
package/dist/trust/hooks.js.map +1 -0
package/dist/trust/iid.d.ts +65 -0
package/dist/trust/iid.d.ts.map +1 -0
package/dist/trust/iid.js +104 -0
package/dist/trust/iid.js.map +1 -0
package/dist/trust/mesh.d.ts +43 -0
package/dist/trust/mesh.d.ts.map +1 -0
package/dist/trust/mesh.js +105 -0
package/dist/trust/mesh.js.map +1 -0
package/dist/trust/nonce.d.ts +39 -0
package/dist/trust/nonce.d.ts.map +1 -0
package/dist/trust/nonce.js +46 -0
package/dist/trust/nonce.js.map +1 -0
package/dist/trust/producer.d.ts +80 -0
package/dist/trust/producer.d.ts.map +1 -0
package/dist/trust/producer.js +151 -0
package/dist/trust/producer.js.map +1 -0
package/dist/trust/rcan.d.ts +29 -0
package/dist/trust/rcan.d.ts.map +1 -0
package/dist/trust/rcan.js +57 -0
package/dist/trust/rcan.js.map +1 -0
package/dist/types.d.ts +57 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +50 -0
package/dist/types.js.map +1 -0
package/dist/xlang.d.ts +26 -0
package/dist/xlang.d.ts.map +1 -0
package/dist/xlang.js +55 -0
package/dist/xlang.js.map +1 -0
package/package.json +59 -0

package/dist/transport/local.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * LocalTransport — in-process transport for testing.
+ *
+ * Executes RPC calls directly against a ServiceRegistry without
+ * network I/O or serialization. Useful for unit testing service logic.
+ */
+import { StatusCode, RpcError } from '../status.js';
+import { RpcPattern } from '../types.js';
+/**
+ * In-memory receive stream for testing.
+ * Wraps a pre-filled buffer and exposes a read() interface.
+ */
+export class MemRecvStream {
+    data;
+    pos = 0;
+    constructor(data) {
+        this.data = data;
+    }
+    /**
+     * Read up to n bytes. Returns null at EOF.
+     */
+    read(n) {
+        if (this.pos >= this.data.byteLength)
+            return null;
+        const slice = this.data.subarray(this.pos, this.pos + n);
+        this.pos += slice.byteLength;
+        return slice;
+    }
+    async readExact(n) {
+        if (this.pos + n > this.data.byteLength)
+            throw new Error('EOF');
+        const slice = this.data.subarray(this.pos, this.pos + n);
+        this.pos += n;
+        return slice;
+    }
+}
+/**
+ * In-process transport that dispatches directly to registered services.
+ *
+ * @example
+ * ```ts
+ * const registry = new ServiceRegistry();
+ * registry.register(new EchoService());
+ * const transport = new LocalTransport(registry);
+ *
+ * const result = await transport.unary("Echo", "echo", { message: "hi" });
+ * ```
+ */
+export class LocalTransport {
+    registry;
+    constructor(registry) {
+        this.registry = registry;
+    }
+    async unary(service, method, request, _opts) {
+        const [svcInfo, methodInfo] = this.resolve(service, method);
+        this.assertPattern(methodInfo, RpcPattern.UNARY);
+        const handler = methodInfo.handler;
+        return handler.call(svcInfo.instance, request);
+    }
+    async *serverStream(service, method, request, _opts) {
+        const [svcInfo, methodInfo] = this.resolve(service, method);
+        this.assertPattern(methodInfo, RpcPattern.SERVER_STREAM);
+        const handler = methodInfo.handler;
+        const gen = handler.call(svcInfo.instance, request);
+        yield* gen;
+    }
+    async clientStream(service, method, requests, _opts) {
+        const [svcInfo, methodInfo] = this.resolve(service, method);
+        this.assertPattern(methodInfo, RpcPattern.CLIENT_STREAM);
+        const handler = methodInfo.handler;
+        return handler.call(svcInfo.instance, requests);
+    }
+    bidiStream(service, method, _opts) {
+        const [svcInfo, methodInfo] = this.resolve(service, method);
+        this.assertPattern(methodInfo, RpcPattern.BIDI_STREAM);
+        // Create a simple in-process bidi channel
+        const requestQueue = [];
+        let requestResolve = null;
+        let sendClosed = false;
+        const handler = methodInfo.handler;
+        // Request iterable that the handler reads from
+        const requestIterable = {
+            [Symbol.asyncIterator]() {
+                return {
+                    async next() {
+                        while (requestQueue.length === 0 && !sendClosed) {
+                            await new Promise((r) => { requestResolve = r; });
+                        }
+                        if (requestQueue.length > 0) {
+                            return { value: requestQueue.shift(), done: false };
+                        }
+                        return { value: undefined, done: true };
+                    },
+                };
+            },
+        };
+        // Start the handler
+        const responseGen = handler.call(svcInfo.instance, requestIterable);
+        const channel = {
+            async send(msg) {
+                requestQueue.push(msg);
+                requestResolve?.();
+                requestResolve = null;
+            },
+            async *[Symbol.asyncIterator]() {
+                yield* responseGen;
+            },
+            async close() {
+                sendClosed = true;
+                requestResolve?.();
+                requestResolve = null;
+            },
+            async waitForTrailer() {
+                return [StatusCode.OK, ''];
+            },
+        };
+        return channel;
+    }
+    async close() {
+        // Nothing to close for in-process transport
+    }
+    /** The remote endpoint ID (always 'local' for in-process transport). */
+    get remoteId() {
+        return 'local';
+    }
+    resolve(service, method) {
+        const result = this.registry.lookupMethod(service, method);
+        if (!result) {
+            throw new RpcError(StatusCode.NOT_FOUND, `${service}/${method} not found`);
+        }
+        return result;
+    }
+    assertPattern(methodInfo, expected) {
+        if (methodInfo.pattern !== expected) {
+            throw new RpcError(StatusCode.UNIMPLEMENTED, `${methodInfo.name} is ${methodInfo.pattern}, not ${expected}`);
+        }
+    }
+}
+//# sourceMappingURL=local.js.map

package/dist/transport/local.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/transport/local.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC;;;GAGG;AACH,MAAM,OAAO,aAAa;IAChB,IAAI,CAAa;IACjB,GAAG,GAAG,CAAC,CAAC;IAEhB,YAAY,IAAgB;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,CAAS;QACZ,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,GAAG,IAAI,KAAK,CAAC,UAAU,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,CAAS;QACvB,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,cAAc;IACjB,QAAQ,CAAkB;IAElC,YAAY,QAAyB;QACnC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,KAAK,CACT,OAAe,EACf,MAAc,EACd,OAAgB,EAChB,KAAmB;QAEnB,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5D,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAQ,CAAC;QACpC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,CAAC,YAAY,CACjB,OAAe,EACf,MAAc,EACd,OAAgB,EAChB,KAAmB;QAEnB,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5D,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAQ,CAAC;QACpC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACpD,KAAK,CAAC,CAAC,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,OAAe,EACf,MAAc,EACd,QAAgC,EAChC,KAAmB;QAEnB,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5D,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAQ,CAAC;QACpC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,UAAU,CACR,OAAe,EACf,MAAc,EACd,KAAmB;QAEnB,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5D,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAEvD,0CAA0C;QAC1C,MAAM,YAAY,GAAc,EAAE,CAAC;QACnC,IAAI,cAAc,GAAwB,IAAI,CAAC;QAC/C,IAAI,UAAU,GAAG,KAAK,CAAC;QAEvB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAQ,CAAC;QAEpC,+CAA+C;QAC/C,MAAM,eAAe,GAA2B;YAC9C,CAAC,MAAM,CAAC,aAAa,CAAC;gBACpB,OAAO;oBACL,KAAK,CAAC,IAAI;wBACR,OAAO,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;4BAChD,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,GAAG,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;wBAC1D,CAAC;wBACD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC5B,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;wBACtD,CAAC;wBACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;oBAC1C,CAAC;iBACF,CAAC;YACJ,CAAC;SACF,CAAC;QAEF,oBAAoB;QACpB,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAEpE,MAAM,OAAO,GAAgB;YAC3B,KAAK,CAAC,IAAI,CAAC,GAAY;gBACrB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,cAAc,EAAE,EAAE,CAAC;gBACnB,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;YAED,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC;gBAC3B,KAAK,CAAC,CAAC,WAAW,CAAC;YACrB,CAAC;YAED,KAAK,CAAC,KAAK;gBACT,UAAU,GAAG,IAAI,CAAC;gBAClB,cAAc,EAAE,EAAE,CAAC;gBACnB,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;YAED,KAAK,CAAC,cAAc;gBAClB,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YAC7B,CAAC;SACF,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,4CAA4C;IAC9C,CAAC;IAED,wEAAwE;IACxE,IAAI,QAAQ;QACV,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,OAAO,CAAC,OAAe,EAAE,MAAc;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,SAAS,EACpB,GAAG,OAAO,IAAI,MAAM,YAAY,CACjC,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,aAAa,CAAC,UAAsB,EAAE,QAAoB;QAChE,IAAI,UAAU,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,aAAa,EACxB,GAAG,UAAU,CAAC,IAAI,OAAO,UAAU,CAAC,OAAO,SAAS,QAAQ,EAAE,CAC/D,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/trust/admission.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * Admission gates for consumer/producer authorization.
+ *
+ * Spec reference: Aster-trust-spec.md §2.4, §3.2
+ *
+ * Two-phase admission:
+ *   1. checkOffline  — signature, expiry, endpoint ID binding, nonce
+ *   2. checkRuntime  — IID verification (cloud identity)
+ *
+ * admit() orchestrates both. Refusal reasons are logged internally —
+ * never sent to peer (oracle protection).
+ */
+import type { EnrollmentCredential, ConsumerEnrollmentCredential } from './credentials.js';
+import type { NonceStore } from './nonce.js';
+import { type IIDBackend } from './iid.js';
+/** Result of an admission check. */
+export interface AdmissionResult {
+    admitted: boolean;
+    attributes?: Record<string, string>;
+    /** Internal only — never send to peer. */
+    reason?: string;
+}
+/**
+ * Offline admission checks — no network calls.
+ *
+ * 1. Structural validity (nonce length, policy-vs-OTT constraints)
+ * 2. Signature valid against rootPubkey
+ * 3. expiresAt > now
+ * 4. Endpoint ID match (always for EnrollmentCredential; if set for Consumer)
+ * 5. OTT nonce not already consumed
+ */
+export declare function checkOffline(cred: EnrollmentCredential | ConsumerEnrollmentCredential, peerEndpointId: string, nonceStore?: NonceStore): Promise<AdmissionResult>;
+/**
+ * Runtime admission checks (IID verification).
+ * Only runs if aster.iid_provider is present in attributes.
+ */
+export declare function checkRuntime(cred: EnrollmentCredential | ConsumerEnrollmentCredential, iidBackend?: IIDBackend, iidToken?: string): Promise<AdmissionResult>;
+/** Options for the admit() orchestrator. */
+export interface AdmitOptions {
+    nonceStore?: NonceStore;
+    iidBackend?: IIDBackend;
+    iidToken?: string;
+}
+/**
+ * Orchestrate offline + runtime admission checks.
+ * Fails fast: if offline checks fail, runtime checks are skipped.
+ * Refusal reason is logged but never sent to peer.
+ */
+export declare function admit(cred: EnrollmentCredential | ConsumerEnrollmentCredential, peerEndpointId: string, opts?: AdmitOptions): Promise<AdmissionResult>;
+/**
+ * @deprecated Use checkOffline + checkRuntime via admit() instead.
+ * Legacy: checks only pubkey match + expiry (no signature verification).
+ */
+export declare function verifyConsumerCredential(cred: ConsumerEnrollmentCredential, expectedRootPubkey: string): Promise<AdmissionResult>;
+/**
+ * @deprecated Use checkOffline + checkRuntime via admit() instead.
+ * Legacy: checks only pubkey match + expiry (no signature verification).
+ */
+export declare function verifyProducerCredential(cred: EnrollmentCredential, expectedRootPubkey: string): Promise<AdmissionResult>;
+//# sourceMappingURL=admission.d.ts.map

package/dist/trust/admission.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admission.d.ts","sourceRoot":"","sources":["../../src/trust/admission.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAE3F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAa,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtD,oCAAoC;AACpC,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AA8BD;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,oBAAoB,GAAG,4BAA4B,EACzD,cAAc,EAAE,MAAM,EACtB,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,eAAe,CAAC,CAiD1B;AAID;;;GAGG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,oBAAoB,GAAG,4BAA4B,EACzD,UAAU,CAAC,EAAE,UAAU,EACvB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAM1B;AAID,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,wBAAsB,KAAK,CACzB,IAAI,EAAE,oBAAoB,GAAG,4BAA4B,EACzD,cAAc,EAAE,MAAM,EACtB,IAAI,CAAC,EAAE,YAAY,GAClB,OAAO,CAAC,eAAe,CAAC,CAQ1B;AAID;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,4BAA4B,EAClC,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,eAAe,CAAC,CAS1B;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,oBAAoB,EAC1B,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,eAAe,CAAC,CAS1B"}

package/dist/trust/admission.js ADDED Viewed

@@ -0,0 +1,149 @@
+/**
+ * Admission gates for consumer/producer authorization.
+ *
+ * Spec reference: Aster-trust-spec.md §2.4, §3.2
+ *
+ * Two-phase admission:
+ *   1. checkOffline  — signature, expiry, endpoint ID binding, nonce
+ *   2. checkRuntime  — IID verification (cloud identity)
+ *
+ * admit() orchestrates both. Refusal reasons are logged internally —
+ * never sent to peer (oracle protection).
+ */
+import { verifyCredentialSignature, hexToBytes } from './credentials.js';
+import { verifyIID } from './iid.js';
+// ── Structural validation ───────────────────────────────────────────────────
+function validateStructure(cred) {
+    if ('credentialType' in cred) {
+        const consumer = cred;
+        if (consumer.credentialType === 'ott') {
+            if (consumer.nonce == null) {
+                return { ok: false, reason: 'OTT credential must carry a nonce' };
+            }
+            const nonceBytes = hexToBytes(consumer.nonce);
+            if (nonceBytes.length !== 32) {
+                return { ok: false, reason: `OTT nonce must be exactly 32 bytes; got ${nonceBytes.length}` };
+            }
+        }
+        else if (consumer.credentialType === 'policy') {
+            if (consumer.nonce != null) {
+                return { ok: false, reason: 'Policy credential must not carry a nonce' };
+            }
+        }
+        else {
+            return { ok: false, reason: `Unknown credentialType: ${consumer.credentialType}` };
+        }
+    }
+    return { ok: true };
+}
+// ── Offline checks ──────────────────────────────────────────────────────────
+/**
+ * Offline admission checks — no network calls.
+ *
+ * 1. Structural validity (nonce length, policy-vs-OTT constraints)
+ * 2. Signature valid against rootPubkey
+ * 3. expiresAt > now
+ * 4. Endpoint ID match (always for EnrollmentCredential; if set for Consumer)
+ * 5. OTT nonce not already consumed
+ */
+export async function checkOffline(cred, peerEndpointId, nonceStore) {
+    // 1. Structural validation
+    const { ok, reason: structReason } = validateStructure(cred);
+    if (!ok) {
+        console.log(`[DEBUG] admission checkOffline: structure failed: ${structReason}`);
+        return { admitted: false, reason: structReason };
+    }
+    // 2. Signature verification
+    const sigValid = await verifyCredentialSignature(cred);
+    if (!sigValid) {
+        return { admitted: false, reason: 'invalid signature' };
+    }
+    // 3. Expiry check
+    const nowSec = Math.floor(Date.now() / 1000);
+    if (cred.expiresAt <= nowSec) {
+        return { admitted: false, reason: `credential expired (expiresAt=${cred.expiresAt}, now=${nowSec})` };
+    }
+    // 4. Endpoint ID binding (only for OTT credentials; policy credentials are not bound)
+    if (!('credentialType' in cred)) {
+        // EnrollmentCredential — strict binding
+        const producer = cred;
+        if (producer.endpointId !== peerEndpointId) {
+            return { admitted: false, reason: `endpoint ID mismatch: credential=${producer.endpointId}, peer=${peerEndpointId}` };
+        }
+    }
+    // For policy credentials, endpoint_id is informational only — no binding check
+    // 5. OTT nonce consumption
+    if ('credentialType' in cred) {
+        const consumer = cred;
+        if (consumer.credentialType === 'ott') {
+            if (consumer.endpointId != null && consumer.endpointId !== peerEndpointId) {
+                return { admitted: false, reason: `OTT endpoint ID mismatch: credential=${consumer.endpointId}, peer=${peerEndpointId}` };
+            }
+            if (!nonceStore) {
+                return { admitted: false, reason: 'OTT credential presented but no nonceStore configured' };
+            }
+            const nonceHex = consumer.nonce;
+            if (nonceStore.has(nonceHex)) {
+                return { admitted: false, reason: 'OTT nonce already consumed' };
+            }
+            nonceStore.consume(nonceHex);
+        }
+    }
+    return { admitted: true, attributes: { ...cred.attributes } };
+}
+// ── Runtime checks ──────────────────────────────────────────────────────────
+/**
+ * Runtime admission checks (IID verification).
+ * Only runs if aster.iid_provider is present in attributes.
+ */
+export async function checkRuntime(cred, iidBackend, iidToken) {
+    const [ok, reason] = await verifyIID(cred.attributes, iidBackend, iidToken);
+    if (!ok) {
+        return { admitted: false, reason };
+    }
+    return { admitted: true, attributes: { ...cred.attributes } };
+}
+/**
+ * Orchestrate offline + runtime admission checks.
+ * Fails fast: if offline checks fail, runtime checks are skipped.
+ * Refusal reason is logged but never sent to peer.
+ */
+export async function admit(cred, peerEndpointId, opts) {
+    const offline = await checkOffline(cred, peerEndpointId, opts?.nonceStore);
+    if (!offline.admitted)
+        return offline;
+    const runtime = await checkRuntime(cred, opts?.iidBackend, opts?.iidToken);
+    if (!runtime.admitted)
+        return runtime;
+    return { admitted: true, attributes: offline.attributes };
+}
+// ── Legacy compat (kept for existing callers) ───────────────────────────────
+/**
+ * @deprecated Use checkOffline + checkRuntime via admit() instead.
+ * Legacy: checks only pubkey match + expiry (no signature verification).
+ */
+export async function verifyConsumerCredential(cred, expectedRootPubkey) {
+    if (cred.rootPubkey !== expectedRootPubkey) {
+        return { admitted: false, reason: 'root pubkey mismatch' };
+    }
+    const nowSec = Math.floor(Date.now() / 1000);
+    if (cred.expiresAt > 0 && cred.expiresAt <= nowSec) {
+        return { admitted: false, reason: 'credential expired' };
+    }
+    return { admitted: true, attributes: { ...cred.attributes } };
+}
+/**
+ * @deprecated Use checkOffline + checkRuntime via admit() instead.
+ * Legacy: checks only pubkey match + expiry (no signature verification).
+ */
+export async function verifyProducerCredential(cred, expectedRootPubkey) {
+    if (cred.rootPubkey !== expectedRootPubkey) {
+        return { admitted: false, reason: 'root pubkey mismatch' };
+    }
+    const nowSec = Math.floor(Date.now() / 1000);
+    if (cred.expiresAt > 0 && cred.expiresAt <= nowSec) {
+        return { admitted: false, reason: 'credential expired' };
+    }
+    return { admitted: true, attributes: { ...cred.attributes } };
+}
+//# sourceMappingURL=admission.js.map

package/dist/trust/admission.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admission.js","sourceRoot":"","sources":["../../src/trust/admission.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEzE,OAAO,EAAE,SAAS,EAAmB,MAAM,UAAU,CAAC;AAUtD,+EAA+E;AAE/E,SAAS,iBAAiB,CACxB,IAAyD;IAEzD,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAoC,CAAC;QACtD,IAAI,QAAQ,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;YACpE,CAAC;YACD,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2CAA2C,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/F,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YAChD,IAAI,QAAQ,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;QACrF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAyD,EACzD,cAAsB,EACtB,UAAuB;IAEvB,2BAA2B;IAC3B,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,CAAC,GAAG,CAAC,qDAAqD,YAAY,EAAE,CAAC,CAAC;QACjF,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IACnD,CAAC;IAED,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,CAAC;IACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC1D,CAAC;IAED,kBAAkB;IAClB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,IAAI,CAAC,SAAS,SAAS,MAAM,GAAG,EAAE,CAAC;IACxG,CAAC;IAED,sFAAsF;IACtF,IAAI,CAAC,CAAC,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC;QAChC,wCAAwC;QACxC,MAAM,QAAQ,GAAG,IAA4B,CAAC;QAC9C,IAAI,QAAQ,CAAC,UAAU,KAAK,cAAc,EAAE,CAAC;YAC3C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,QAAQ,CAAC,UAAU,UAAU,cAAc,EAAE,EAAE,CAAC;QACxH,CAAC;IACH,CAAC;IACD,+EAA+E;IAE/E,2BAA2B;IAC3B,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAoC,CAAC;QACtD,IAAI,QAAQ,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,UAAU,IAAI,IAAI,IAAI,QAAQ,CAAC,UAAU,KAAK,cAAc,EAAE,CAAC;gBAC1E,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,QAAQ,CAAC,UAAU,UAAU,cAAc,EAAE,EAAE,CAAC;YAC5H,CAAC;YACD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,uDAAuD,EAAE,CAAC;YAC9F,CAAC;YACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAM,CAAC;YACjC,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;YACnE,CAAC;YACD,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAyD,EACzD,UAAuB,EACvB,QAAiB;IAEjB,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC5E,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACrC,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC;AAWD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAyD,EACzD,cAAsB,EACtB,IAAmB;IAEnB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IAC3E,IAAI,CAAC,OAAO,CAAC,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEtC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC3E,IAAI,CAAC,OAAO,CAAC,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEtC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC;AAC5D,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAkC,EAClC,kBAA0B;IAE1B,IAAI,IAAI,CAAC,UAAU,KAAK,kBAAkB,EAAE,CAAC;QAC3C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC7D,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,CAAC;QACnD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC3D,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAA0B,EAC1B,kBAA0B;IAE1B,IAAI,IAAI,CAAC,UAAU,KAAK,kBAAkB,EAAE,CAAC;QAC3C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC7D,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,CAAC;QACnD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC3D,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC"}

package/dist/trust/bootstrap.d.ts ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * Producer mesh bootstrap -- founding node + join.
+ *
+ * Spec reference: Aster-trust-spec.md S2.1, S2.5.  Plan: ASTER_PLAN.md S14.5.
+ *
+ * Two startup modes:
+ *
+ * startFoundingNode()
+ *     The first producer in a new mesh. Generates a random 32-byte salt, derives
+ *     the gossip topic, initializes MeshState, and returns it for the caller.
+ *
+ * joinMesh()
+ *     A subsequent producer. Builds an AdmissionRequest from its credential.
+ *     The caller dials the bootstrap peer and sends the request, then calls
+ *     applyAdmissionResponse() with the result.
+ *
+ * handleAdmissionRpc()
+ *     Server-side handler: parses a request, runs offline admission checks,
+ *     and returns an AdmissionResponse.
+ */
+import { MeshState } from './mesh.js';
+import type { EnrollmentCredential } from './credentials.js';
+export interface BootstrapConfig {
+    /** State directory (default: ~/.aster). */
+    stateDir?: string;
+}
+export interface AdmissionRequest {
+    credentialJson: string;
+    iidToken?: string;
+}
+export interface AdmissionResponse {
+    accepted: boolean;
+    salt: string;
+    acceptedProducers: string[];
+    /** Internal only -- not exposed to peer on the wire. */
+    reason?: string;
+}
+/**
+ * Start the founding node of a new producer mesh.
+ *
+ * Steps (S2.1):
+ * 1. Load credential from JSON file.
+ * 2. Verify credential offline.
+ * 3. Generate or load 32-byte salt.
+ * 4. Derive gossip topic.
+ * 5. Create MeshState with self as only accepted producer.
+ * 6. Persist state.
+ *
+ * @returns The initialized MeshState.
+ */
+export declare function startFoundingNode(enrollmentPath: string, config?: BootstrapConfig): Promise<MeshState>;
+/**
+ * Build an AdmissionRequest from a credential for joining an existing mesh.
+ *
+ * The caller should send this request to the bootstrap peer over
+ * the aster.producer_admission ALPN, then call applyAdmissionResponse()
+ * with the result.
+ */
+export declare function joinMesh(credential: EnrollmentCredential, iidToken?: string): AdmissionRequest;
+/**
+ * Finalize MeshState after receiving a successful AdmissionResponse.
+ *
+ * @param response        The AdmissionResponse from the bootstrap peer.
+ * @param ownEndpointId   This node's endpoint ID.
+ * @param rootPubkey      The root public key (raw bytes) for topic derivation.
+ * @returns Initialized MeshState ready for gossip subscription.
+ * @throws If response.accepted is false.
+ */
+export declare function applyAdmissionResponse(response: AdmissionResponse, ownEndpointId: string, rootPubkey: Uint8Array): Promise<MeshState>;
+/**
+ * Server-side handler for aster.producer_admission ALPN.
+ *
+ * Parses an AdmissionRequest, runs offline admission checks, and returns
+ * an AdmissionResponse. On success, the peer is added to ownState.
+ *
+ * @param requestJson     JSON-serialized credential (the credentialJson field
+ *                        from AdmissionRequest, or a raw credential JSON).
+ * @param ownState        The founding/accepting node's MeshState.
+ * @param ownRootPubkey   Hex-encoded root public key this mesh trusts.
+ * @param config          Optional BootstrapConfig.
+ * @returns AdmissionResponse (accepted or rejected with reason).
+ */
+export declare function handleAdmissionRpc(requestJson: string, ownState: MeshState, ownRootPubkey: string, config?: BootstrapConfig): Promise<AdmissionResponse>;
+/**
+ * Handle one producer admission connection: read request, write response.
+ *
+ * @param conn            An IrohConnection-like object with acceptBi() and remoteId().
+ * @param ownRootPubkey   Hex-encoded root public key.
+ * @param ownState        This node's MeshState; mutated on accept.
+ * @param config          Optional BootstrapConfig.
+ * @returns The AdmissionResponse that was sent.
+ */
+export declare function handleProducerAdmissionConnection(conn: {
+    remoteId(): string;
+    acceptBi(): Promise<[{
+        writeAll(data: Uint8Array): Promise<void>;
+        finish(): Promise<void>;
+    }, {
+        readToEnd(maxBytes: number): Promise<Uint8Array>;
+    }]>;
+}, ownRootPubkey: string, ownState: MeshState, config?: BootstrapConfig): Promise<AdmissionResponse>;
+/**
+ * Build an in-memory MeshState for a standalone producer.
+ *
+ * Useful for demos, tests, and single-node setups. Generates a fresh random
+ * salt and an empty accepted-producer set with no persistence.
+ */
+export declare function makeEphemeralMeshState(rootPubkey?: Uint8Array): Promise<MeshState>;
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/trust/bootstrap.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../src/trust/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAOH,OAAO,EAAE,SAAS,EAAiB,MAAM,WAAW,CAAC;AAErD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAM7D,MAAM,WAAW,eAAe;IAC9B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,wDAAwD;IACxD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAwED;;;;;;;;;;;;GAYG;AACH,wBAAsB,iBAAiB,CACrC,cAAc,EAAE,MAAM,EACtB,MAAM,CAAC,EAAE,eAAe,GACvB,OAAO,CAAC,SAAS,CAAC,CAwBpB;AAID;;;;;;GAMG;AACH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,oBAAoB,EAChC,QAAQ,CAAC,EAAE,MAAM,GAChB,gBAAgB,CAYlB;AAID;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,iBAAiB,EAC3B,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,SAAS,CAAC,CAkBpB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,SAAS,EACnB,aAAa,EAAE,MAAM,EACrB,MAAM,CAAC,EAAE,eAAe,GACvB,OAAO,CAAC,iBAAiB,CAAC,CA8D5B;AAID;;;;;;;;GAQG;AACH,wBAAsB,iCAAiC,CACrD,IAAI,EAAE;IACJ,QAAQ,IAAI,MAAM,CAAC;IACnB,QAAQ,IAAI,OAAO,CAAC,CAAC;QAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,EAAE;QAAE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;KAAE,CAAC,CAAC,CAAC;CACrJ,EACD,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,SAAS,EACnB,MAAM,CAAC,EAAE,eAAe,GACvB,OAAO,CAAC,iBAAiB,CAAC,CA8C5B;AAID;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CASxF"}