@bandeira-tech/b3nd-web 0.2.1 → 0.2.2

package/dist/encrypt/mod.js

@@ -1,31 +1,57 @@
 import {
+  IdentityKey,
+  PrivateEncryptionKey,
+  PublicEncryptionKey,
+  SecretEncryptionKey,
   createAuthenticatedMessage,
+  createAuthenticatedMessageWithHex,
   createSignedEncryptedMessage,
+  createSignedSymmetricMessage,
   decrypt,
+  decryptSymmetric,
   decryptWithHex,
+  deriveKeyFromSeed,
   encrypt,
+  encryptSymmetric,
+  exportPrivateKeyPem,
   generateEncryptionKeyPair,
   generateNonce,
   generateRandomData,
   generateSigningKeyPair,
+  pemToCryptoKey,
   sign,
+  signPayload,
   signWithHex,
   verify,
-  verifyAndDecrypt
-} from "../chunk-FUMSJI3N.js";
+  verifyAndDecryptMessage,
+  verifyPayload
+} from "../chunk-K3ZSSVHR.js";
 import "../chunk-MLKGABMK.js";
 export {
+  IdentityKey,
+  PrivateEncryptionKey,
+  PublicEncryptionKey,
+  SecretEncryptionKey,
   createAuthenticatedMessage,
+  createAuthenticatedMessageWithHex,
   createSignedEncryptedMessage,
+  createSignedSymmetricMessage,
   decrypt,
+  decryptSymmetric,
   decryptWithHex,
+  deriveKeyFromSeed,
   encrypt,
+  encryptSymmetric,
+  exportPrivateKeyPem,
   generateEncryptionKeyPair,
   generateNonce,
   generateRandomData,
   generateSigningKeyPair,
+  pemToCryptoKey,
   sign,
+  signPayload,
   signWithHex,
   verify,
-  verifyAndDecrypt
+  verifyAndDecryptMessage,
+  verifyPayload
 };

package/dist/mod-D02790g_.d.ts

@@ -0,0 +1,241 @@
+interface KeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+    publicKeyHex: string;
+    privateKeyHex: string;
+}
+interface EncryptionKeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+    publicKeyHex: string;
+}
+interface EncryptedPayload {
+    data: string;
+    nonce: string;
+    ephemeralPublicKey?: string;
+}
+interface AuthenticatedMessage<T = unknown> {
+    auth: Array<{
+        pubkey: string;
+        signature: string;
+    }>;
+    payload: T;
+}
+interface SignedEncryptedMessage {
+    auth: Array<{
+        pubkey: string;
+        signature: string;
+    }>;
+    payload: EncryptedPayload;
+}
+interface SignedSymmetricMessage {
+    auth: Array<{
+        pubkey: string;
+        signature: string;
+    }>;
+    payload: EncryptedPayload;
+}
+declare class IdentityKey {
+    private readonly privateKey;
+    readonly publicKeyHex: string;
+    private constructor();
+    static generate(): Promise<{
+        key: IdentityKey;
+        privateKeyPem: string;
+        publicKeyHex: string;
+    }>;
+    static fromPem(pem: string, publicKeyHex: string): Promise<IdentityKey>;
+    static fromHex(params: {
+        privateKeyHex: string;
+        publicKeyHex: string;
+    }): Promise<IdentityKey>;
+    sign(payload: unknown): Promise<string>;
+}
+declare class PublicEncryptionKey {
+    readonly publicKeyHex: string;
+    readonly publicKey: CryptoKey | null;
+    constructor(publicKeyHex: string, publicKey: CryptoKey | null);
+    static fromHex(publicKeyHex: string): Promise<PublicEncryptionKey>;
+    static generatePair(): Promise<{
+        publicKey: PublicEncryptionKey;
+        privateKeyHex: string;
+    }>;
+    encrypt(data: unknown): Promise<EncryptedPayload>;
+    toHex(): string;
+}
+declare class SecretEncryptionKey {
+    readonly keyHex: string;
+    private constructor();
+    static fromSecret(params: {
+        secret: string;
+        salt: string;
+        iterations?: number;
+    }): Promise<SecretEncryptionKey>;
+    static fromHex(keyHex: string): SecretEncryptionKey;
+    encrypt(data: unknown): Promise<EncryptedPayload>;
+    decrypt(payload: EncryptedPayload): Promise<unknown>;
+}
+declare class PrivateEncryptionKey {
+    readonly privateKey: CryptoKey;
+    readonly privateKeyHex: string;
+    readonly publicKeyHex: string;
+    constructor(privateKey: CryptoKey, privateKeyHex: string, publicKeyHex: string);
+    static fromHex(params: {
+        privateKeyHex: string;
+        publicKeyHex: string;
+    }): Promise<PrivateEncryptionKey>;
+    static generatePair(): Promise<{
+        privateKey: PrivateEncryptionKey;
+        publicKey: PublicEncryptionKey;
+    }>;
+    toPublic(): PublicEncryptionKey;
+    decrypt(payload: EncryptedPayload): Promise<unknown>;
+    toHex(): string;
+}
+/**
+ * Convert a PEM-encoded private key to a CryptoKey
+ */
+declare function pemToCryptoKey(pem: string, algorithm: "Ed25519" | "X25519"): Promise<CryptoKey>;
+/**
+ * Generate an Ed25519 keypair for signing
+ */
+declare function generateSigningKeyPair(): Promise<KeyPair>;
+/**
+ * Generate an X25519 keypair for encryption (ECDH)
+ */
+declare function generateEncryptionKeyPair(): Promise<EncryptionKeyPair>;
+/**
+ * Sign a payload with an Ed25519 private key
+ */
+declare function sign<T>(privateKey: CryptoKey, payload: T): Promise<string>;
+/**
+ * Sign a payload with an Ed25519 private key from hex
+ */
+declare function signWithHex<T>(privateKeyHex: string, payload: T): Promise<string>;
+/**
+ * Verify a signature using Ed25519 public key
+ */
+declare function verify<T>(publicKeyHex: string, signatureHex: string, payload: T): Promise<boolean>;
+/**
+ * Encrypt data using X25519 ECDH + AES-GCM
+ * Uses ephemeral keypair for forward secrecy
+ */
+declare function encrypt(data: unknown, recipientPublicKeyHex: string): Promise<EncryptedPayload>;
+/**
+ * Decrypt data using X25519 ECDH + AES-GCM
+ */
+declare function decrypt(encryptedPayload: EncryptedPayload, recipientPrivateKey: CryptoKey): Promise<unknown>;
+/**
+ * Decrypt data using private key from hex
+ */
+declare function decryptWithHex(encryptedPayload: EncryptedPayload, recipientPrivateKeyHex: string): Promise<unknown>;
+/**
+ * Create an authenticated message (signed but not encrypted)
+ */
+declare function createAuthenticatedMessage<T>(payload: T, signers: Array<{
+    privateKey: CryptoKey;
+    publicKeyHex: string;
+}>): Promise<AuthenticatedMessage<T>>;
+/**
+ * Create an authenticated message with hex-encoded keys (convenience wrapper)
+ */
+declare function createAuthenticatedMessageWithHex<T>(payload: T, pubkeyHex: string, privateKeyHex: string): Promise<AuthenticatedMessage<T>>;
+/**
+ * Derive an encryption key from seed and salt using PBKDF2
+ * Returns hex-encoded key suitable for encrypt/decrypt functions
+ */
+declare function deriveKeyFromSeed(seed: string, salt: string, iterations?: number): Promise<string>;
+declare function generateNonce(length?: number): Uint8Array;
+declare function generateRandomData(size: number): Uint8Array;
+declare function exportPrivateKeyPem(privateKey: CryptoKey, label: string): Promise<string>;
+declare function signPayload(params: {
+    payload: unknown;
+    identity: IdentityKey;
+}): Promise<Array<{
+    pubkey: string;
+    signature: string;
+}>>;
+declare function verifyPayload(params: {
+    payload: unknown;
+    auth: Array<{
+        pubkey: string;
+        signature: string;
+    }>;
+}): Promise<{
+    verified: boolean;
+    signers: string[];
+}>;
+declare function createSignedEncryptedMessage(params: {
+    data: unknown;
+    identity: IdentityKey;
+    encryptionKey: SecretEncryptionKey | PublicEncryptionKey;
+}): Promise<SignedEncryptedMessage>;
+declare function createSignedEncryptedMessage(data: unknown, signers: Array<{
+    privateKey: CryptoKey;
+    publicKeyHex: string;
+}>, recipientPublicKeyHex: string): Promise<SignedEncryptedMessage>;
+declare function verifyAndDecryptMessage(params: {
+    message: SignedEncryptedMessage;
+    encryptionKey: SecretEncryptionKey | PrivateEncryptionKey;
+}): Promise<{
+    data: unknown;
+    verified: boolean;
+    signers: string[];
+}>;
+/**
+ * Encrypt data using a symmetric key (AES-GCM) provided as hex
+ */
+declare function encryptSymmetric(data: unknown, keyHex: string): Promise<EncryptedPayload>;
+/**
+ * Decrypt data using a symmetric key (AES-GCM) provided as hex
+ */
+declare function decryptSymmetric(payload: EncryptedPayload, keyHex: string): Promise<unknown>;
+/**
+ * Create a signed symmetric message (signs encrypted payload)
+ */
+declare function createSignedSymmetricMessage(data: unknown, signers: Array<{
+    privateKey: CryptoKey;
+    publicKeyHex: string;
+}>, keyHex: string): Promise<SignedSymmetricMessage>;
+
+type mod_AuthenticatedMessage<T = unknown> = AuthenticatedMessage<T>;
+type mod_EncryptedPayload = EncryptedPayload;
+type mod_EncryptionKeyPair = EncryptionKeyPair;
+type mod_IdentityKey = IdentityKey;
+declare const mod_IdentityKey: typeof IdentityKey;
+type mod_KeyPair = KeyPair;
+type mod_PrivateEncryptionKey = PrivateEncryptionKey;
+declare const mod_PrivateEncryptionKey: typeof PrivateEncryptionKey;
+type mod_PublicEncryptionKey = PublicEncryptionKey;
+declare const mod_PublicEncryptionKey: typeof PublicEncryptionKey;
+type mod_SecretEncryptionKey = SecretEncryptionKey;
+declare const mod_SecretEncryptionKey: typeof SecretEncryptionKey;
+type mod_SignedEncryptedMessage = SignedEncryptedMessage;
+type mod_SignedSymmetricMessage = SignedSymmetricMessage;
+declare const mod_createAuthenticatedMessage: typeof createAuthenticatedMessage;
+declare const mod_createAuthenticatedMessageWithHex: typeof createAuthenticatedMessageWithHex;
+declare const mod_createSignedEncryptedMessage: typeof createSignedEncryptedMessage;
+declare const mod_createSignedSymmetricMessage: typeof createSignedSymmetricMessage;
+declare const mod_decrypt: typeof decrypt;
+declare const mod_decryptSymmetric: typeof decryptSymmetric;
+declare const mod_decryptWithHex: typeof decryptWithHex;
+declare const mod_deriveKeyFromSeed: typeof deriveKeyFromSeed;
+declare const mod_encrypt: typeof encrypt;
+declare const mod_encryptSymmetric: typeof encryptSymmetric;
+declare const mod_exportPrivateKeyPem: typeof exportPrivateKeyPem;
+declare const mod_generateEncryptionKeyPair: typeof generateEncryptionKeyPair;
+declare const mod_generateNonce: typeof generateNonce;
+declare const mod_generateRandomData: typeof generateRandomData;
+declare const mod_generateSigningKeyPair: typeof generateSigningKeyPair;
+declare const mod_pemToCryptoKey: typeof pemToCryptoKey;
+declare const mod_sign: typeof sign;
+declare const mod_signPayload: typeof signPayload;
+declare const mod_signWithHex: typeof signWithHex;
+declare const mod_verify: typeof verify;
+declare const mod_verifyAndDecryptMessage: typeof verifyAndDecryptMessage;
+declare const mod_verifyPayload: typeof verifyPayload;
+declare namespace mod {
+  export { type mod_AuthenticatedMessage as AuthenticatedMessage, type mod_EncryptedPayload as EncryptedPayload, type mod_EncryptionKeyPair as EncryptionKeyPair, mod_IdentityKey as IdentityKey, type mod_KeyPair as KeyPair, mod_PrivateEncryptionKey as PrivateEncryptionKey, mod_PublicEncryptionKey as PublicEncryptionKey, mod_SecretEncryptionKey as SecretEncryptionKey, type mod_SignedEncryptedMessage as SignedEncryptedMessage, type mod_SignedSymmetricMessage as SignedSymmetricMessage, mod_createAuthenticatedMessage as createAuthenticatedMessage, mod_createAuthenticatedMessageWithHex as createAuthenticatedMessageWithHex, mod_createSignedEncryptedMessage as createSignedEncryptedMessage, mod_createSignedSymmetricMessage as createSignedSymmetricMessage, mod_decrypt as decrypt, mod_decryptSymmetric as decryptSymmetric, mod_decryptWithHex as decryptWithHex, mod_deriveKeyFromSeed as deriveKeyFromSeed, mod_encrypt as encrypt, mod_encryptSymmetric as encryptSymmetric, mod_exportPrivateKeyPem as exportPrivateKeyPem, mod_generateEncryptionKeyPair as generateEncryptionKeyPair, mod_generateNonce as generateNonce, mod_generateRandomData as generateRandomData, mod_generateSigningKeyPair as generateSigningKeyPair, mod_pemToCryptoKey as pemToCryptoKey, mod_sign as sign, mod_signPayload as signPayload, mod_signWithHex as signWithHex, mod_verify as verify, mod_verifyAndDecryptMessage as verifyAndDecryptMessage, mod_verifyPayload as verifyPayload };
+}
+
+export { type AuthenticatedMessage as A, createSignedSymmetricMessage as B, type EncryptionKeyPair as E, IdentityKey as I, type KeyPair as K, PublicEncryptionKey as P, type SignedEncryptedMessage as S, type EncryptedPayload as a, type SignedSymmetricMessage as b, SecretEncryptionKey as c, PrivateEncryptionKey as d, generateEncryptionKeyPair as e, signWithHex as f, generateSigningKeyPair as g, encrypt as h, decrypt as i, decryptWithHex as j, createAuthenticatedMessage as k, createAuthenticatedMessageWithHex as l, mod as m, deriveKeyFromSeed as n, generateNonce as o, pemToCryptoKey as p, generateRandomData as q, exportPrivateKeyPem as r, sign as s, signPayload as t, verifyPayload as u, verify as v, createSignedEncryptedMessage as w, verifyAndDecryptMessage as x, encryptSymmetric as y, decryptSymmetric as z };

package/dist/src/mod.web.d.ts

@@ -4,4 +4,4 @@ export { WebSocketClient } from '../clients/websocket/mod.js';
 export { LocalStorageClient } from '../clients/local-storage/mod.js';
 export { WalletClient } from '../wallet/mod.js';
 export { AppsClient } from '../apps/mod.js';
-export { m as encrypt } from '../mod-DHjjiF1o.js';
+export { m as encrypt } from '../mod-D02790g_.js';

package/dist/src/mod.web.js

@@ -1,6 +1,12 @@
+import {
+  AppsClient
+} from "../chunk-VAZUCGED.js";
 import {
   mod_exports
-} from "../chunk-FUMSJI3N.js";
+} from "../chunk-K3ZSSVHR.js";
+import {
+  WalletClient
+} from "../chunk-2VOR4VLG.js";
 import {
   HttpClient
 } from "../chunk-LFUC4ETD.js";
@@ -10,12 +16,6 @@ import {
 import {
   WebSocketClient
 } from "../chunk-T43IWAQK.js";
-import {
-  AppsClient
-} from "../chunk-YJKJJ323.js";
-import {
-  WalletClient
-} from "../chunk-Z3LAGZSM.js";
 import "../chunk-MLKGABMK.js";
 export {
   AppsClient,

package/dist/wallet/mod.d.ts

@@ -73,7 +73,7 @@ interface ProxyWriteResponse {
 /**
  * API response wrapper
  */
-interface ApiResponse<T = unknown> {
+interface ApiResponse {
     success: boolean;
     error?: string;
     [key: string]: unknown;
@@ -132,6 +132,36 @@ interface HealthResponse extends ApiResponse {
     server: string;
     timestamp: string;
 }
+/**
+ * Google OAuth session (extended AuthSession with Google profile info)
+ */
+interface GoogleAuthSession extends AuthSession {
+    email: string;
+    name?: string;
+    picture?: string;
+}
+/**
+ * Google signup response
+ */
+interface GoogleSignupResponse extends ApiResponse {
+    username: string;
+    email: string;
+    name?: string;
+    picture?: string;
+    token: string;
+    expiresIn: number;
+}
+/**
+ * Google login response
+ */
+interface GoogleLoginResponse extends ApiResponse {
+    username: string;
+    email: string;
+    name?: string;
+    picture?: string;
+    token: string;
+    expiresIn: number;
+}
 
 /**
  * B3nd Wallet Client
@@ -178,6 +208,8 @@ declare class WalletClient {
     private fetchImpl;
     private currentSession;
     constructor(config: WalletClientConfig);
+    private buildUrl;
+    private buildAppKeyUrl;
     /**
      * Get the current authenticated session
      */
@@ -220,7 +252,7 @@ declare class WalletClient {
      * Change password for current user
      * Requires active authentication session
      */
-    changePassword(oldPassword: string, newPassword: string): Promise<void>;
+    changePassword(appKey: string, oldPassword: string, newPassword: string): Promise<void>;
     /**
      * Request a password reset token
      * Does not require authentication
@@ -234,24 +266,24 @@ declare class WalletClient {
     /**
      * Sign up with app token (scoped to an app)
      */
-    signupWithToken(token: string, credentials: UserCredentials): Promise<AuthSession>;
+    signupWithToken(appKey: string, tokenOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
     /**
      * Login with app token and session (scoped to an app)
      */
-    loginWithTokenSession(token: string, session: string, credentials: UserCredentials): Promise<AuthSession>;
+    loginWithTokenSession(appKey: string, tokenOrSession: string, sessionOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
     /**
      * Request password reset scoped to app token
      */
-    requestPasswordResetWithToken(token: string, username: string): Promise<PasswordResetToken>;
+    requestPasswordResetWithToken(appKey: string, tokenOrUsername: string, maybeUsername?: string): Promise<PasswordResetToken>;
     /**
-     * Reset password scoped to app token
+     * Reset password scoped to an app
      */
-    resetPasswordWithToken(token: string, username: string, resetToken: string, newPassword: string): Promise<AuthSession>;
+    resetPasswordWithToken(appKey: string, _tokenOrUsername: string, usernameOrReset: string, resetToken?: string, newPassword?: string): Promise<AuthSession>;
     /**
      * Get public keys for the current authenticated user.
      * Requires an active authentication session.
      */
-    getPublicKeys(): Promise<UserPublicKeys>;
+    getPublicKeys(appKey: string): Promise<UserPublicKeys>;
     /**
      * Proxy a write request through the wallet server
      * The server signs the write with its identity key
@@ -262,7 +294,7 @@ declare class WalletClient {
      * Convenience method: Get current user's public keys
      * Requires active authentication session
      */
-    getMyPublicKeys(): Promise<UserPublicKeys>;
+    getMyPublicKeys(appKey: string): Promise<UserPublicKeys>;
     /**
      * Get server's public keys
      *
@@ -273,6 +305,25 @@ declare class WalletClient {
         identityPublicKeyHex: string;
         encryptionPublicKeyHex: string;
     }>;
+    /**
+     * Sign up with Google OAuth (scoped to app token)
+     * Returns session data with Google profile info - call setSession() to activate it
+     *
+     * @param token - App token from app server
+     * @param googleIdToken - Google ID token from Google Sign-In
+     * @returns GoogleAuthSession with username, JWT token, and Google profile info
+     */
+    signupWithGoogle(appKey: string, token: string, googleIdToken: string): Promise<GoogleAuthSession>;
+    /**
+     * Login with Google OAuth (scoped to app token and session)
+     * Returns session data with Google profile info - call setSession() to activate it
+     *
+     * @param token - App token from app server
+     * @param session - Session key from app server
+     * @param googleIdToken - Google ID token from Google Sign-In
+     * @returns GoogleAuthSession with username, JWT token, and Google profile info
+     */
+    loginWithGoogle(appKey: string, token: string, session: string, googleIdToken: string): Promise<GoogleAuthSession>;
 }
 
-export { type ApiResponse, type AuthSession, type ChangePasswordResponse, type HealthResponse, type LoginResponse, type PasswordResetToken, type ProxyWriteRequest, type ProxyWriteResponse, type PublicKeysResponse, type RequestPasswordResetResponse, type ResetPasswordResponse, type SignupResponse, type UserCredentials, type UserPublicKeys, WalletClient, type WalletClientConfig };
+export { type ApiResponse, type AuthSession, type ChangePasswordResponse, type GoogleAuthSession, type GoogleLoginResponse, type GoogleSignupResponse, type HealthResponse, type LoginResponse, type PasswordResetToken, type ProxyWriteRequest, type ProxyWriteResponse, type PublicKeysResponse, type RequestPasswordResetResponse, type ResetPasswordResponse, type SignupResponse, type UserCredentials, type UserPublicKeys, WalletClient, type WalletClientConfig };

package/dist/wallet/mod.js

@@ -1,6 +1,6 @@
 import {
   WalletClient
-} from "../chunk-Z3LAGZSM.js";
+} from "../chunk-2VOR4VLG.js";
 import "../chunk-MLKGABMK.js";
 export {
   WalletClient

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bandeira-tech/b3nd-web",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Browser-focused B3nd SDK bundle",
   "type": "module",
   "main": "./dist/src/mod.web.js",