@aster-rpc/aster 0.1.2

package/dist/trust/delegated.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegated.js","sourceRoot":"","sources":["../../src/trust/delegated.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAG5F,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AA4CvD,8EAA8E;AAE9E,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,8DAA8D;AAC9D,SAAS,kBAAkB,CAAC,GAA4B;IACtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IAC5C,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAkC,EAClC,IAAkD;IAElD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAEtD,MAAM,OAAO,GAA4B;QACvC,cAAc,EAAE,WAAW,CAAC,aAAa;QACzC,MAAM,EAAE,WAAW,CAAC,KAAK;QACzB,UAAU,EAAE,WAAW,CAAC,SAAS;QACjC,WAAW,EAAE,WAAW,CAAC,UAAU;KACpC,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,MAAM,CACxB,UAAU,EACV,kBAAkB,CAAC,OAAO,CAAC,EAC3B,UAAU,CAAC,WAAW,CAAC,aAAa,CAAC,CACtC,CAAC;QACF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,WAAW,CAAC,SAAS,IAAI,GAAG,IAAI,GAAG,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,gDAAgD,CACjD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAsB,EACtB,WAAkC,EAClC,IAAwD;IAExD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAEtD,+CAA+C;IAC/C,IAAI,KAAK,CAAC,YAAY,KAAK,WAAW,CAAC,KAAK,EAAE,CAAC;QAC7C,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,0DAA0D;IAC1D,MAAM,YAAY,GAA4B;QAC5C,eAAe,EAAE,KAAK,CAAC,cAAc;QACrC,eAAe,EAAE,KAAK,CAAC,cAAc;QACrC,aAAa,EAAE,KAAK,CAAC,YAAY;QACjC,cAAc,EAAE,KAAK,CAAC,aAAa;QACnC,kBAAkB,EAAE,KAAK,CAAC,gBAAgB;QAC1C,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,UAAU,EAAE,KAAK,CAAC,SAAS;QAC3B,cAAc,EAAE,KAAK,CAAC,YAAY;KACnC,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;QAC3E,MAAM,KAAK,GAAG,MAAM,MAAM,CACxB,aAAa,EACb,kBAAkB,CAAC,YAAY,CAAC,EAChC,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAC5B,CAAC;QACF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,QAAQ;YAAE,MAAM,KAAK,CAAC;QAC3C,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,eAAe;IACf,IAAI,CAAC,CAAC,KAAK,CAAC,QAAQ,IAAI,GAAG,IAAI,GAAG,IAAI,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,8BAA8B,CAC/B,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACpD,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,iBAAiB,EAAE,kCAAkC,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QACtD,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,KAAK,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5D,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,iBAAiB,EAAE,oCAAoC,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAI7C;IACC,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,MAAM,MAAM,CACxB,cAAc,EACd,IAAI,CAAC,cAAc,EACnB,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAC9B,CAAC;QACF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,QAAQ;YAAE,MAAM,KAAK,CAAC;QAC3C,MAAM,IAAI,QAAQ,CAChB,UAAU,CAAC,eAAe,EAC1B,qCAAqC,CACtC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,mBAAmB,CACjC,KAAiB,EACjB,YAAoB,EACpB,aAAqB,EACrB,IAAI,GAAG,iBAAiB;IAExB,MAAM,KAAK,GAAG;QACZ,KAAK;QACL,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;QAC5B,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC;KACrB,CAAC;IACF,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACtB,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC;IACrB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AA0BD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,IAAyB,EACzB,IAIC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAE7C,mCAAmC;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,2CAA2C,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,IAAI,OAA4B,CAAC;QACjC,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,4CAA4C,MAAM,EAAE,CAAC,CAAC;YACnE,MAAM,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,8EAA8E;QAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;QAE1C,MAAM,KAAK,GAAoB;YAC7B,cAAc,EAAE,SAAS,CAAC,eAAe,IAAI,EAAE;YAC/C,cAAc,EAAE,SAAS,CAAC,eAAe,IAAI,EAAE;YAC/C,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,EAAE;YAC3C,aAAa,EAAE,SAAS,CAAC,cAAc,IAAI,EAAE;YAC7C,gBAAgB,EAAE,SAAS,CAAC,kBAAkB,IAAI,EAAE;YACpD,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,EAAE;YAC5B,QAAQ,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC;YAClC,SAAS,EAAE,SAAS,CAAC,UAAU,IAAI,CAAC;YACpC,YAAY,EAAE,SAAS,CAAC,cAAc,IAAI,EAAE;YAC5C,SAAS,EAAE,SAAS,CAAC,SAAS,IAAI,EAAE;SACrC,CAAC;QAEF,MAAM,WAAW,GAA0B;YACzC,aAAa,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;YAC3C,KAAK,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;YAC3B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,CAAC;YAClC,UAAU,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC;YACpC,aAAa,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;SAC5C,CAAC;QAEF,0CAA0C;QAC1C,IAAI,CAAC;YACH,MAAM,iBAAiB,CAAC,WAAW,EAAE;gBACnC,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;gBAC/C,GAAG;aACJ,CAAC,CAAC;YACH,MAAM,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,+BAA+B,MAAM,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpE,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;gBAClC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QAED,yBAAyB;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG;YAChB,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC;YACxB,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACvC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;SAC1C,CAAC;QACF,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAE/D,qBAAqB;QACrB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,IAAI,KAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,UAAU,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,qCAAqC;QACrC,MAAM,cAAc,GAAG,mBAAmB,CACxC,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,YAAY,EACxB,IAAI,CAAC,MAAM,CAAC,aAAa,CAC1B,CAAC;QACF,IAAI,CAAC;YACH,MAAM,uBAAuB,CAAC;gBAC5B,iBAAiB,EAAE,KAAK,CAAC,cAAc;gBACvC,cAAc;gBACd,YAAY,EAAE,KAAK,CAAC,SAAS,IAAI,EAAE;aACpC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,qCAAqC,MAAM,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1E,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;gBAClC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QAED,YAAY;QACZ,OAAO,CAAC,IAAI,CACV,iCAAiC,MAAM,YAAY,KAAK,CAAC,cAAc,WAAW,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAC3G,CAAC;QAEF,6BAA6B;QAC7B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,KAAK,CAClB,mBAAmB,CAAC;gBAClB,UAAU,EAAE,MAAM;gBAClB,MAAM,EAAE,KAAK,CAAC,cAAc;gBAC5B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACzD,aAAa,EAAE,iBAAiB;aACjC,CAAC,CACH,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,KAAK,CAAC,cAAc;YAC5B,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC;QACF,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,gCAAgC;QAChC,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC1F,OAAO;QACT,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,kCAAkC,MAAM,GAAG,EAAE,GAAG,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED,uDAAuD;AACvD,KAAK,UAAU,UAAU,CACvB,IAA4E,EAC5E,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC"}

package/dist/trust/gossip.d.ts

@@ -0,0 +1,146 @@
+/**
+ * Producer mesh gossip: signing, verification, message handling, heartbeat.
+ *
+ * Spec reference: Aster-trust-spec.md S2.3, S2.6.  Plan: ASTER_PLAN.md S14.2-14.6.
+ *
+ * NOT to be confused with registry/gossip.ts which handles service discovery gossip.
+ * This module handles the producer mesh gossip protocol -- signing, verification,
+ * message dispatch, and lease heartbeat.
+ *
+ * Canonical signing bytes (normative -- S2.6, ASTER_PLAN.md S14.2):
+ *
+ *     u8(type) || payload || sender.encode('utf-8') || u64_be(epoch_ms)
+ *
+ * Do NOT reorder epoch_ms before sender+payload -- the spec fixes this
+ * byte order and any deviation breaks cross-implementation verification.
+ *
+ * Topic derivation (S2.3):
+ *
+ *     blake3(root_pubkey + "aster-producer-mesh" + salt).digest().slice(0, 32)
+ */
+import type { MeshState } from './mesh.js';
+import type { ClockDriftTracker } from './clock.js';
+export interface ProducerMessage {
+    type: number;
+    payload: Uint8Array;
+    sender: string;
+    epochMs: number;
+    signature: Uint8Array;
+}
+export declare enum ProducerMessageType {
+    INTRODUCE = 1,
+    DEPART = 2,
+    CONTRACT_PUBLISHED = 3,
+    LEASE_UPDATE = 4
+}
+export interface ContractPublishedPayload {
+    serviceName: string;
+    version: number;
+    contractCollectionHash: string;
+}
+export interface LeaseUpdatePayload {
+    serviceName: string;
+    version: number;
+    contractId: string;
+    healthStatus: string;
+    addressingInfo: Record<string, string>;
+}
+export interface HandleMessageOptions {
+    state: MeshState;
+    config: {
+        replayWindowMs: number;
+    };
+    peerPubkeys: Map<string, Uint8Array>;
+    registryCallback?: (eventType: string, payload: ContractPublishedPayload | LeaseUpdatePayload) => void;
+    driftTracker?: ClockDriftTracker;
+    onSelfDeparture?: () => void;
+    logger?: {
+        info(...args: unknown[]): void;
+        warn(...args: unknown[]): void;
+        debug(...args: unknown[]): void;
+        error(...args: unknown[]): void;
+    };
+}
+/**
+ * Derive the 32-byte gossip topic for the producer mesh.
+ *
+ * blake3(root_pubkey + "aster-producer-mesh" + salt).slice(0, 32)
+ *
+ * Falls back to sha256 if blake3 is not available.
+ */
+export declare function deriveGossipTopic(rootPubkey: Uint8Array, salt: Uint8Array): Promise<Uint8Array>;
+/**
+ * Return the canonical bytes that are signed / verified.
+ *
+ * Normative byte order (S2.6):
+ *     u8(type) || payload || sender.encode('utf-8') || u64_be(epoch_ms)
+ */
+export declare function producerMessageSigningBytes(msgType: number, payload: Uint8Array, sender: string, epochMs: number): Uint8Array;
+/**
+ * Create and sign a ProducerMessage.
+ *
+ * @param msgType        ProducerMessageType integer value.
+ * @param payload        Serialized per-type payload bytes.
+ * @param sender         This node's endpoint_id (hex string).
+ * @param epochMs        Wall-clock timestamp in milliseconds.
+ * @param signingKeyRaw  32-byte raw ed25519 private key seed.
+ * @returns A fully signed ProducerMessage.
+ */
+export declare function signProducerMessage(msgType: number, payload: Uint8Array, sender: string, epochMs: number, signingKeyRaw: Uint8Array): Promise<ProducerMessage>;
+/**
+ * Verify a ProducerMessage's signature against the sender's public key.
+ *
+ * @returns true on success, false on any verification failure.
+ */
+export declare function verifyProducerMessage(msg: ProducerMessage, peerPubkeyRaw: Uint8Array): Promise<boolean>;
+/**
+ * Process one inbound ProducerMessage.
+ *
+ * Normative processing order (S2.6, S2.10):
+ * 1. Replay-window check.
+ * 2. Sender membership check.
+ * 3. Signature verification.
+ * 4. Track clock offset / run drift detection.
+ * 5. Dispatch by message type.
+ *
+ * @returns true if the message was accepted and dispatched, false otherwise.
+ */
+export declare function handleProducerMessage(msg: ProducerMessage, opts: HandleMessageOptions): Promise<boolean>;
+/** Encode IntroducePayload. The rcan grant is stored as raw bytes. */
+export declare function encodeIntroducePayload(rcan: Uint8Array): Uint8Array;
+/** Encode DepartPayload as UTF-8 JSON. */
+export declare function encodeDepartPayload(reason?: string): Uint8Array;
+/** Encode ContractPublishedPayload as UTF-8 JSON. */
+export declare function encodeContractPublishedPayload(serviceName: string, version: number, contractCollectionHash: string): Uint8Array;
+/** Encode LeaseUpdatePayload as UTF-8 JSON. */
+export declare function encodeLeaseUpdatePayload(serviceName: string, version: number, contractId: string, healthStatus: string, addressingInfo?: Record<string, string>): Uint8Array;
+export interface StartLeaseHeartbeatOptions {
+    /** A gossip topic handle with a broadcast(data: Uint8Array) method. */
+    gossipTopicHandle: {
+        broadcast(data: Uint8Array): Promise<void>;
+    };
+    sender: string;
+    signingKeyRaw: Uint8Array;
+    serviceName: string;
+    version: number;
+    contractId: string;
+    healthGetter: () => string;
+    heartbeatIntervalMs?: number;
+    addressingInfo?: Record<string, string>;
+    logger?: HandleMessageOptions['logger'];
+}
+/**
+ * Sign and broadcast a single LEASE_UPDATE message.
+ */
+export declare function runLeaseHeartbeat(gossipTopicHandle: {
+    broadcast(data: Uint8Array): Promise<void>;
+}, sender: string, signingKeyRaw: Uint8Array, serviceName: string, version: number, contractId: string, healthGetter: () => string, addressingInfo?: Record<string, string>, logger?: HandleMessageOptions['logger']): Promise<void>;
+/**
+ * Spawn a periodic lease heartbeat that broadcasts LEASE_UPDATE messages.
+ *
+ * @returns An object with a stop() method to cancel the heartbeat.
+ */
+export declare function startLeaseHeartbeat(opts: StartLeaseHeartbeatOptions): {
+    stop: () => void;
+};
+//# sourceMappingURL=gossip.d.ts.map

package/dist/trust/gossip.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gossip.d.ts","sourceRoot":"","sources":["../../src/trust/gossip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AA4BpD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,UAAU,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,UAAU,CAAC;CACvB;AAED,oBAAY,mBAAmB;IAC7B,SAAS,IAAI;IACb,MAAM,IAAI;IACV,kBAAkB,IAAI;IACtB,YAAY,IAAI;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,SAAS,CAAC;IACjB,MAAM,EAAE;QAAE,cAAc,EAAE,MAAM,CAAA;KAAE,CAAC;IACnC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrC,gBAAgB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,wBAAwB,GAAG,kBAAkB,KAAK,IAAI,CAAC;IACvG,YAAY,CAAC,EAAE,iBAAiB,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,IAAI,CAAC;IAC7B,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;KAAE,CAAC;CAC/I;AAOD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAYrG;AAID;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,UAAU,CAKZ;AAaD;;;;;;;;;GASG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,eAAe,CAAC,CAU1B;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,eAAe,EACpB,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,OAAO,CAAC,CAOlB;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,eAAe,EACpB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,OAAO,CAAC,CA4ElB;AA+FD,sEAAsE;AACtE,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAEnE;AAED,0CAA0C;AAC1C,wBAAgB,mBAAmB,CAAC,MAAM,SAAK,GAAG,UAAU,CAE3D;AAED,qDAAqD;AACrD,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,GAC7B,UAAU,CAQZ;AAED,+CAA+C;AAC/C,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,cAAc,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,GAC1C,UAAU,CAUZ;AAID,MAAM,WAAW,0BAA0B;IACzC,uEAAuE;IACvE,iBAAiB,EAAE;QAAE,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,CAAC;IAClE,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,UAAU,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,EAAE,oBAAoB,CAAC,QAAQ,CAAC,CAAC;CACzC;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,iBAAiB,EAAE;IAAE,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,EACjE,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,UAAU,EACzB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,MAAM,EAC1B,cAAc,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,EAC3C,MAAM,CAAC,EAAE,oBAAoB,CAAC,QAAQ,CAAC,GACtC,OAAO,CAAC,IAAI,CAAC,CAuCf;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,0BAA0B,GAAG;IAAE,IAAI,EAAE,MAAM,IAAI,CAAA;CAAE,CAmC1F"}

package/dist/trust/gossip.js

@@ -0,0 +1,334 @@
+/**
+ * Producer mesh gossip: signing, verification, message handling, heartbeat.
+ *
+ * Spec reference: Aster-trust-spec.md S2.3, S2.6.  Plan: ASTER_PLAN.md S14.2-14.6.
+ *
+ * NOT to be confused with registry/gossip.ts which handles service discovery gossip.
+ * This module handles the producer mesh gossip protocol -- signing, verification,
+ * message dispatch, and lease heartbeat.
+ *
+ * Canonical signing bytes (normative -- S2.6, ASTER_PLAN.md S14.2):
+ *
+ *     u8(type) || payload || sender.encode('utf-8') || u64_be(epoch_ms)
+ *
+ * Do NOT reorder epoch_ms before sender+payload -- the spec fixes this
+ * byte order and any deviation breaks cross-implementation verification.
+ *
+ * Topic derivation (S2.3):
+ *
+ *     blake3(root_pubkey + "aster-producer-mesh" + salt).digest().slice(0, 32)
+ */
+import { sign, verify, concatBytes, bytesToHex } from './credentials.js';
+import { validateRcan } from './rcan.js';
+// ── Hash backend (lazy-cached) ──────────────────────────────────────────────
+let _blake3;
+let _nodeCreateHash;
+async function getBlake3() {
+    if (_blake3 !== undefined)
+        return _blake3;
+    try {
+        // @ts-ignore — optional dependency
+        const mod = await import('@noble/hashes/blake3');
+        _blake3 = mod.blake3;
+    }
+    catch {
+        _blake3 = null;
+    }
+    return _blake3;
+}
+async function getCreateHash() {
+    if (_nodeCreateHash)
+        return _nodeCreateHash;
+    const { createHash } = await import('node:crypto');
+    _nodeCreateHash = createHash;
+    return _nodeCreateHash;
+}
+export var ProducerMessageType;
+(function (ProducerMessageType) {
+    ProducerMessageType[ProducerMessageType["INTRODUCE"] = 1] = "INTRODUCE";
+    ProducerMessageType[ProducerMessageType["DEPART"] = 2] = "DEPART";
+    ProducerMessageType[ProducerMessageType["CONTRACT_PUBLISHED"] = 3] = "CONTRACT_PUBLISHED";
+    ProducerMessageType[ProducerMessageType["LEASE_UPDATE"] = 4] = "LEASE_UPDATE";
+})(ProducerMessageType || (ProducerMessageType = {}));
+/** Maximum gossip payload size (matches Python aster.limits.MAX_GOSSIP_PAYLOAD_SIZE). */
+const MAX_GOSSIP_PAYLOAD_SIZE = 64 * 1024;
+// ── Topic derivation ────────────────────────────────────────────────────────
+/**
+ * Derive the 32-byte gossip topic for the producer mesh.
+ *
+ * blake3(root_pubkey + "aster-producer-mesh" + salt).slice(0, 32)
+ *
+ * Falls back to sha256 if blake3 is not available.
+ */
+export async function deriveGossipTopic(rootPubkey, salt) {
+    const label = new TextEncoder().encode('aster-producer-mesh');
+    const data = concatBytes([rootPubkey, label, salt]);
+    const blake3 = await getBlake3();
+    if (blake3) {
+        return blake3(data, { dkLen: 32 });
+    }
+    // Fallback: sha256 via node:crypto (note: Python uses blake3)
+    const createHash = await getCreateHash();
+    const hash = createHash('sha256').update(data).digest();
+    return new Uint8Array(hash.buffer, hash.byteOffset, 32);
+}
+// ── Canonical signing bytes ─────────────────────────────────────────────────
+/**
+ * Return the canonical bytes that are signed / verified.
+ *
+ * Normative byte order (S2.6):
+ *     u8(type) || payload || sender.encode('utf-8') || u64_be(epoch_ms)
+ */
+export function producerMessageSigningBytes(msgType, payload, sender, epochMs) {
+    const typeByte = new Uint8Array([msgType & 0xff]);
+    const senderBytes = new TextEncoder().encode(sender);
+    const epochBytes = writeU64BE(epochMs);
+    return concatBytes([typeByte, payload, senderBytes, epochBytes]);
+}
+/** u64 big-endian encoding. */
+function writeU64BE(value) {
+    const buf = new ArrayBuffer(8);
+    const view = new DataView(buf);
+    view.setUint32(0, Math.floor(value / 0x100000000));
+    view.setUint32(4, value >>> 0);
+    return new Uint8Array(buf);
+}
+// ── Sign / verify ───────────────────────────────────────────────────────────
+/**
+ * Create and sign a ProducerMessage.
+ *
+ * @param msgType        ProducerMessageType integer value.
+ * @param payload        Serialized per-type payload bytes.
+ * @param sender         This node's endpoint_id (hex string).
+ * @param epochMs        Wall-clock timestamp in milliseconds.
+ * @param signingKeyRaw  32-byte raw ed25519 private key seed.
+ * @returns A fully signed ProducerMessage.
+ */
+export async function signProducerMessage(msgType, payload, sender, epochMs, signingKeyRaw) {
+    const toSign = producerMessageSigningBytes(msgType, payload, sender, epochMs);
+    const signature = await sign(signingKeyRaw, toSign);
+    return {
+        type: msgType,
+        payload,
+        sender,
+        epochMs,
+        signature,
+    };
+}
+/**
+ * Verify a ProducerMessage's signature against the sender's public key.
+ *
+ * @returns true on success, false on any verification failure.
+ */
+export async function verifyProducerMessage(msg, peerPubkeyRaw) {
+    try {
+        const toVerify = producerMessageSigningBytes(msg.type, msg.payload, msg.sender, msg.epochMs);
+        return await verify(peerPubkeyRaw, toVerify, msg.signature);
+    }
+    catch {
+        return false;
+    }
+}
+// ── Gossip handler ──────────────────────────────────────────────────────────
+/**
+ * Process one inbound ProducerMessage.
+ *
+ * Normative processing order (S2.6, S2.10):
+ * 1. Replay-window check.
+ * 2. Sender membership check.
+ * 3. Signature verification.
+ * 4. Track clock offset / run drift detection.
+ * 5. Dispatch by message type.
+ *
+ * @returns true if the message was accepted and dispatched, false otherwise.
+ */
+export async function handleProducerMessage(msg, opts) {
+    const { state, config, peerPubkeys, registryCallback, driftTracker, onSelfDeparture, logger } = opts;
+    const nowMs = Date.now();
+    // 1. Replay-window check
+    const delta = Math.abs(nowMs - msg.epochMs);
+    if (delta > config.replayWindowMs) {
+        logger?.debug('gossip: dropping message from %s (outside replay window: delta=%dms)', msg.sender, delta);
+        return false;
+    }
+    // 2. Sender membership check
+    if (!state.isPeerAccepted(msg.sender)) {
+        logger?.warn('gossip: SECURITY ALERT -- message from non-accepted sender %s; ' +
+            'possible salt leak or deauthorized node still subscribed', msg.sender);
+        return false;
+    }
+    // 3. Signature verification
+    const peerPubkey = peerPubkeys.get(msg.sender);
+    if (peerPubkey == null) {
+        logger?.warn('gossip: SECURITY ALERT -- no public key for accepted sender %s; dropping message', msg.sender);
+        return false;
+    }
+    if (!(await verifyProducerMessage(msg, peerPubkey))) {
+        logger?.warn('gossip: SECURITY ALERT -- invalid signature from accepted sender %s', msg.sender);
+        return false;
+    }
+    // 4. Clock offset tracking + drift detection
+    if (driftTracker != null) {
+        const newlyIsolated = driftTracker.update(msg.sender, msg.epochMs);
+        if (newlyIsolated) {
+            logger?.warn('gossip: peer %s clock drift exceeds tolerance; isolating', msg.sender);
+        }
+        else if (!driftTracker.isIsolated(msg.sender)) {
+            // Peer recovered -- already handled by driftTracker.update
+        }
+    }
+    // 5. Message dispatch
+    switch (msg.type) {
+        case ProducerMessageType.INTRODUCE:
+            _handleIntroduce(msg, state, logger);
+            break;
+        case ProducerMessageType.DEPART:
+            _handleDepart(msg, state, driftTracker, onSelfDeparture, logger);
+            break;
+        case ProducerMessageType.CONTRACT_PUBLISHED:
+            _handleContractPublished(msg, state, driftTracker, registryCallback, logger);
+            break;
+        case ProducerMessageType.LEASE_UPDATE:
+            _handleLeaseUpdate(msg, state, driftTracker, registryCallback, logger);
+            break;
+        default:
+            logger?.debug('gossip: unknown message type %d from %s; dropping', msg.type, msg.sender);
+            return false;
+    }
+    return true;
+}
+// ── Type-specific dispatch helpers ──────────────────────────────────────────
+function _handleIntroduce(msg, state, logger) {
+    const [ok, reason] = validateRcan(msg.payload);
+    if (!ok) {
+        logger?.debug('gossip: Introduce from %s has invalid rcan: %s', msg.sender, reason);
+        return;
+    }
+    state.addPeer(msg.sender);
+    logger?.info('gossip: Introduce accepted -- %s joined the mesh', msg.sender);
+}
+function _handleDepart(msg, state, driftTracker, onSelfDeparture, logger) {
+    state.remove(msg.sender);
+    driftTracker?.removePeer(msg.sender);
+    logger?.info('gossip: Depart -- %s left the mesh', msg.sender);
+    void onSelfDeparture; // used by caller for self-departure detection
+}
+function _handleContractPublished(msg, _state, driftTracker, registryCallback, logger) {
+    if (driftTracker?.isIsolated(msg.sender)) {
+        logger?.debug('gossip: ContractPublished from drift-isolated peer %s; skipping', msg.sender);
+        return;
+    }
+    if (registryCallback != null) {
+        try {
+            if (msg.payload.length > MAX_GOSSIP_PAYLOAD_SIZE) {
+                logger?.warn('gossip: payload too large (%d bytes), dropping', msg.payload.length);
+                return;
+            }
+            const d = JSON.parse(new TextDecoder().decode(msg.payload));
+            const payload = {
+                serviceName: d.service_name,
+                version: Number(d.version),
+                contractCollectionHash: d.contract_collection_hash,
+            };
+            registryCallback('contract_published', payload);
+        }
+        catch (exc) {
+            logger?.debug('gossip: malformed ContractPublished payload: %s', exc);
+        }
+    }
+}
+function _handleLeaseUpdate(msg, _state, driftTracker, registryCallback, logger) {
+    if (driftTracker?.isIsolated(msg.sender)) {
+        logger?.debug('gossip: LeaseUpdate from drift-isolated peer %s; skipping', msg.sender);
+        return;
+    }
+    if (registryCallback != null) {
+        try {
+            if (msg.payload.length > MAX_GOSSIP_PAYLOAD_SIZE) {
+                logger?.warn('gossip: LeaseUpdate payload too large (%d bytes)', msg.payload.length);
+                return;
+            }
+            const d = JSON.parse(new TextDecoder().decode(msg.payload));
+            const payload = {
+                serviceName: d.service_name,
+                version: Number(d.version),
+                contractId: d.contract_id,
+                healthStatus: d.health_status,
+                addressingInfo: d.addressing_info ?? {},
+            };
+            registryCallback('lease_update', payload);
+        }
+        catch (exc) {
+            logger?.debug('gossip: malformed LeaseUpdate payload: %s', exc);
+        }
+    }
+}
+// ── Payload serializers (JSON-based for Phase 12) ───────────────────────────
+/** Encode IntroducePayload. The rcan grant is stored as raw bytes. */
+export function encodeIntroducePayload(rcan) {
+    return rcan;
+}
+/** Encode DepartPayload as UTF-8 JSON. */
+export function encodeDepartPayload(reason = '') {
+    return new TextEncoder().encode(JSON.stringify({ reason }));
+}
+/** Encode ContractPublishedPayload as UTF-8 JSON. */
+export function encodeContractPublishedPayload(serviceName, version, contractCollectionHash) {
+    return new TextEncoder().encode(JSON.stringify({
+        service_name: serviceName,
+        version,
+        contract_collection_hash: contractCollectionHash,
+    }));
+}
+/** Encode LeaseUpdatePayload as UTF-8 JSON. */
+export function encodeLeaseUpdatePayload(serviceName, version, contractId, healthStatus, addressingInfo = {}) {
+    return new TextEncoder().encode(JSON.stringify({
+        service_name: serviceName,
+        version,
+        contract_id: contractId,
+        health_status: healthStatus,
+        addressing_info: addressingInfo,
+    }));
+}
+/**
+ * Sign and broadcast a single LEASE_UPDATE message.
+ */
+export async function runLeaseHeartbeat(gossipTopicHandle, sender, signingKeyRaw, serviceName, version, contractId, healthGetter, addressingInfo = {}, logger) {
+    const epochMs = Date.now();
+    const payload = encodeLeaseUpdatePayload(serviceName, version, contractId, healthGetter(), addressingInfo);
+    const msg = await signProducerMessage(ProducerMessageType.LEASE_UPDATE, payload, sender, epochMs, signingKeyRaw);
+    // Serialize the signed envelope as JSON for the gossip wire.
+    const wire = new TextEncoder().encode(JSON.stringify({
+        type: msg.type,
+        payload: bytesToHex(msg.payload),
+        sender: msg.sender,
+        epoch_ms: msg.epochMs,
+        signature: bytesToHex(msg.signature),
+    }));
+    try {
+        await gossipTopicHandle.broadcast(wire);
+        logger?.debug('heartbeat: LeaseUpdate broadcast for %s v%d (epoch=%d)', serviceName, version, epochMs);
+    }
+    catch (exc) {
+        logger?.warn('heartbeat: broadcast failed: %s', exc);
+    }
+}
+/**
+ * Spawn a periodic lease heartbeat that broadcasts LEASE_UPDATE messages.
+ *
+ * @returns An object with a stop() method to cancel the heartbeat.
+ */
+export function startLeaseHeartbeat(opts) {
+    const { gossipTopicHandle, sender, signingKeyRaw, serviceName, version, contractId, healthGetter, heartbeatIntervalMs = 900_000, addressingInfo = {}, logger, } = opts;
+    const timer = setInterval(() => {
+        runLeaseHeartbeat(gossipTopicHandle, sender, signingKeyRaw, serviceName, version, contractId, healthGetter, addressingInfo, logger).catch((err) => {
+            logger?.warn('heartbeat: tick failed: %s', err);
+        });
+    }, heartbeatIntervalMs);
+    return {
+        stop() {
+            clearInterval(timer);
+        },
+    };
+}
+//# sourceMappingURL=gossip.js.map

package/dist/trust/gossip.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gossip.js","sourceRoot":"","sources":["../../src/trust/gossip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAIzC,+EAA+E;AAE/E,IAAI,OAAyF,CAAC;AAC9F,IAAI,eAAoE,CAAC;AAEzE,KAAK,UAAU,SAAS;IACtB,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC;IAC1C,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAQ,CAAC;QACxD,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAC5C,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,eAAe,GAAG,UAAU,CAAC;IAC7B,OAAO,eAAe,CAAC;AACzB,CAAC;AAYD,MAAM,CAAN,IAAY,mBAKX;AALD,WAAY,mBAAmB;IAC7B,uEAAa,CAAA;IACb,iEAAU,CAAA;IACV,yFAAsB,CAAA;IACtB,6EAAgB,CAAA;AAClB,CAAC,EALW,mBAAmB,KAAnB,mBAAmB,QAK9B;AA0BD,yFAAyF;AACzF,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1C,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,UAAsB,EAAE,IAAgB;IAC9E,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;IACjC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,8DAA8D;IAC9D,MAAM,UAAU,GAAG,MAAM,aAAa,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;IACxD,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CACzC,OAAe,EACf,OAAmB,EACnB,MAAc,EACd,OAAe;IAEf,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACvC,OAAO,WAAW,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,+BAA+B;AAC/B,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC;IACnD,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC;IAC/B,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAe,EACf,OAAmB,EACnB,MAAc,EACd,OAAe,EACf,aAAyB;IAEzB,MAAM,MAAM,GAAG,2BAA2B,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACpD,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,MAAM;QACN,OAAO;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAoB,EACpB,aAAyB;IAEzB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,2BAA2B,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7F,OAAO,MAAM,MAAM,CAAC,aAAa,EAAE,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAoB,EACpB,IAA0B;IAE1B,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACrG,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,yBAAyB;IACzB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,KAAK,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QAClC,MAAM,EAAE,KAAK,CACX,sEAAsE,EACtE,GAAG,CAAC,MAAM,EACV,KAAK,CACN,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,MAAM,EAAE,IAAI,CACV,iEAAiE;YACjE,0DAA0D,EAC1D,GAAG,CAAC,MAAM,CACX,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/C,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,IAAI,CACV,kFAAkF,EAClF,GAAG,CAAC,MAAM,CACX,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,qBAAqB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;QACpD,MAAM,EAAE,IAAI,CACV,qEAAqE,EACrE,GAAG,CAAC,MAAM,CACX,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6CAA6C;IAC7C,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,EAAE,IAAI,CACV,0DAA0D,EAC1D,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;aAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAChD,2DAA2D;QAC7D,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,mBAAmB,CAAC,SAAS;YAChC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACrC,MAAM;QACR,KAAK,mBAAmB,CAAC,MAAM;YAC7B,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM;QACR,KAAK,mBAAmB,CAAC,kBAAkB;YACzC,wBAAwB,CAAC,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;YAC7E,MAAM;QACR,KAAK,mBAAmB,CAAC,YAAY;YACnC,kBAAkB,CAAC,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;YACvE,MAAM;QACR;YACE,MAAM,EAAE,KAAK,CAAC,mDAAmD,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YACzF,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAE/E,SAAS,gBAAgB,CACvB,GAAoB,EACpB,KAAgB,EAChB,MAAuC;IAEvC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC/C,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,EAAE,KAAK,CAAC,gDAAgD,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IACD,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,EAAE,IAAI,CAAC,kDAAkD,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,aAAa,CACpB,GAAoB,EACpB,KAAgB,EAChB,YAAgC,EAChC,eAA4B,EAC5B,MAAuC;IAEvC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,EAAE,IAAI,CAAC,oCAAoC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,KAAK,eAAe,CAAC,CAAC,8CAA8C;AACtE,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAoB,EACpB,MAAiB,EACjB,YAAgC,EAChC,gBAA2D,EAC3D,MAAuC;IAEvC,IAAI,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,MAAM,EAAE,KAAK,CAAC,iEAAiE,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;IACD,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBACjD,MAAM,EAAE,IAAI,CAAC,gDAAgD,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACnF,OAAO;YACT,CAAC;YACD,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5D,MAAM,OAAO,GAA6B;gBACxC,WAAW,EAAE,CAAC,CAAC,YAAY;gBAC3B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC1B,sBAAsB,EAAE,CAAC,CAAC,wBAAwB;aACnD,CAAC;YACF,gBAAgB,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,EAAE,KAAK,CAAC,iDAAiD,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CACzB,GAAoB,EACpB,MAAiB,EACjB,YAAgC,EAChC,gBAA2D,EAC3D,MAAuC;IAEvC,IAAI,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,MAAM,EAAE,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACvF,OAAO;IACT,CAAC;IACD,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBACjD,MAAM,EAAE,IAAI,CAAC,kDAAkD,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YACD,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5D,MAAM,OAAO,GAAuB;gBAClC,WAAW,EAAE,CAAC,CAAC,YAAY;gBAC3B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC1B,UAAU,EAAE,CAAC,CAAC,WAAW;gBACzB,YAAY,EAAE,CAAC,CAAC,aAAa;gBAC7B,cAAc,EAAE,CAAC,CAAC,eAAe,IAAI,EAAE;aACxC,CAAC;YACF,gBAAgB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,EAAE,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,sEAAsE;AACtE,MAAM,UAAU,sBAAsB,CAAC,IAAgB;IACrD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,mBAAmB,CAAC,MAAM,GAAG,EAAE;IAC7C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,8BAA8B,CAC5C,WAAmB,EACnB,OAAe,EACf,sBAA8B;IAE9B,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAC7B,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,WAAW;QACzB,OAAO;QACP,wBAAwB,EAAE,sBAAsB;KACjD,CAAC,CACH,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,wBAAwB,CACtC,WAAmB,EACnB,OAAe,EACf,UAAkB,EAClB,YAAoB,EACpB,iBAAyC,EAAE;IAE3C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAC7B,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,WAAW;QACzB,OAAO;QACP,WAAW,EAAE,UAAU;QACvB,aAAa,EAAE,YAAY;QAC3B,eAAe,EAAE,cAAc;KAChC,CAAC,CACH,CAAC;AACJ,CAAC;AAkBD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,iBAAiE,EACjE,MAAc,EACd,aAAyB,EACzB,WAAmB,EACnB,OAAe,EACf,UAAkB,EAClB,YAA0B,EAC1B,iBAAyC,EAAE,EAC3C,MAAuC;IAEvC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,wBAAwB,CACtC,WAAW,EACX,OAAO,EACP,UAAU,EACV,YAAY,EAAE,EACd,cAAc,CACf,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,mBAAmB,CACnC,mBAAmB,CAAC,YAAY,EAChC,OAAO,EACP,MAAM,EACN,OAAO,EACP,aAAa,CACd,CAAC;IAEF,6DAA6D;IAC7D,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACnC,IAAI,CAAC,SAAS,CAAC;QACb,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;QAChC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,QAAQ,EAAE,GAAG,CAAC,OAAO;QACrB,SAAS,EAAE,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC;KACrC,CAAC,CACH,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,EAAE,KAAK,CACX,wDAAwD,EACxD,WAAW,EACX,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,EAAE,IAAI,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAgC;IAClE,MAAM,EACJ,iBAAiB,EACjB,MAAM,EACN,aAAa,EACb,WAAW,EACX,OAAO,EACP,UAAU,EACV,YAAY,EACZ,mBAAmB,GAAG,OAAO,EAC7B,cAAc,GAAG,EAAE,EACnB,MAAM,GACP,GAAG,IAAI,CAAC;IAET,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,iBAAiB,CACf,iBAAiB,EACjB,MAAM,EACN,aAAa,EACb,WAAW,EACX,OAAO,EACP,UAAU,EACV,YAAY,EACZ,cAAc,EACd,MAAM,CACP,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACd,MAAM,EAAE,IAAI,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,mBAAmB,CAAC,CAAC;IAExB,OAAO;QACL,IAAI;YACF,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/trust/hooks.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Gate 0 connection hooks — ALPN-level connection gating.
+ *
+ * Spec reference: Aster-trust-spec.md
+ *
+ * The MeshEndpointHook runs a background loop reading hook events
+ * from the IrohNode and accepting/denying connections based on
+ * admission policy.
+ */
+/** Hook decision: allow or deny a connection. */
+export interface HookDecision {
+    allow: boolean;
+    errorCode?: number;
+    reason?: string;
+}
+/**
+ * Connection gating policy.
+ * Implement this to customize which connections are accepted.
+ */
+export interface ConnectionPolicy {
+    /** Called before a connection is established. */
+    onBeforeConnect(remoteEndpointId: string, alpn: Uint8Array): Promise<HookDecision>;
+}
+/** Default policy: allow all connections. */
+export declare class AllowAllPolicy implements ConnectionPolicy {
+    onBeforeConnect(): Promise<HookDecision>;
+}
+/** Policy that denies all connections. */
+export declare class DenyAllPolicy implements ConnectionPolicy {
+    onBeforeConnect(): Promise<HookDecision>;
+}
+/** Admission ALPN for producer enrollment. */
+export declare const PRODUCER_ADMISSION_ALPN: Uint8Array;
+/** Admission ALPN for consumer enrollment. */
+export declare const CONSUMER_ADMISSION_ALPN: Uint8Array;
+/**
+ * Connection-level admission gate (Gate 0, S3.3).
+ *
+ * Maintains an allowlist of admitted peer endpoint IDs. The decision logic is:
+ *
+ * - Admission ALPNs (aster.producer_admission, aster.consumer_admission)
+ *   -> always allow (credential presentation must be possible).
+ * - Any other ALPN, peer in admitted set -> allow.
+ * - Any other ALPN, peer NOT in admitted and allowUnenrolled=false -> deny.
+ * - allowUnenrolled=true -> allow all (local/dev mode; must be explicit opt-in).
+ */
+export declare class MeshEndpointHook {
+    readonly admitted: Set<string>;
+    readonly allowUnenrolled: boolean;
+    private _peerStore?;
+    constructor(allowUnenrolled?: boolean, peerStore?: {
+        get(endpointId: string): unknown | undefined;
+    });
+    /**
+     * Return true if this connection should be allowed.
+     *
+     * @param remoteEndpointId - NodeId of the connecting peer (from handshake).
+     * @param alpn - ALPN negotiated for this connection (Uint8Array).
+     */
+    shouldAllow(remoteEndpointId: string, alpn: Uint8Array): boolean;
+    /** Add a peer to the admitted set after successful credential check. */
+    addPeer(endpointId: string): void;
+    /** Remove a peer from the admitted set (e.g., on lease expiry). */
+    removePeer(endpointId: string): void;
+    /**
+     * Background loop: poll hookReceiver and apply Gate 0 decisions.
+     *
+     * Wires this hook to Iroh's Phase 1b HookReceiver. Run via a detached
+     * promise after obtaining the receiver from netClient.takeHookReceiver().
+     *
+     * @param hookReceiver - An object with recvBeforeConnect() that returns
+     *   { info: { remoteEndpointId: string; alpn: Uint8Array }, respond(d: HookDecision): Promise<void> } | null
+     */
+    runHookLoop(hookReceiver: {
+        recvBeforeConnect(): Promise<{
+            info: {
+                remoteEndpointId: string;
+                alpn: Uint8Array;
+            };
+            respond(decision: HookDecision): Promise<void>;
+        } | null>;
+    }): Promise<void>;
+}
+//# sourceMappingURL=hooks.d.ts.map

package/dist/trust/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../../src/trust/hooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,iDAAiD;AACjD,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iDAAiD;IACjD,eAAe,CAAC,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACpF;AAED,6CAA6C;AAC7C,qBAAa,cAAe,YAAW,gBAAgB;IAC/C,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC;CAG/C;AAED,0CAA0C;AAC1C,qBAAa,aAAc,YAAW,gBAAgB;IAC9C,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC;CAG/C;AAOD,8CAA8C;AAC9C,eAAO,MAAM,uBAAuB,EAAE,UAAwD,CAAC;AAE/F,8CAA8C;AAC9C,eAAO,MAAM,uBAAuB,EAAE,UAAwD,CAAC;AAS/F;;;;;;;;;;GAUG;AACH,qBAAa,gBAAgB;IAC3B,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAC3C,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,OAAO,CAAC,UAAU,CAAC,CAAmD;gBAE1D,eAAe,UAAQ,EAAE,SAAS,CAAC,EAAE;QAAE,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAA;KAAE;IAOjG;;;;;OAKG;IACH,WAAW,CAAC,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO;IAuBhE,wEAAwE;IACxE,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAIjC,mEAAmE;IACnE,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAMpC;;;;;;;;OAQG;IACG,WAAW,CAAC,YAAY,EAAE;QAC9B,iBAAiB,IAAI,OAAO,CAAC;YAC3B,IAAI,EAAE;gBAAE,gBAAgB,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,UAAU,CAAA;aAAE,CAAC;YACrD,OAAO,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;SAChD,GAAG,IAAI,CAAC,CAAC;KACX,GAAG,OAAO,CAAC,IAAI,CAAC;CAqBlB"}