@bandeira-tech/b3nd-web 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/apps/mod.d.ts +26 -17
  2. package/dist/apps/mod.js +1 -1
  3. package/dist/chunk-K3ZSSVHR.js +615 -0
  4. package/dist/{chunk-Z3LAGZSM.js → chunk-S7NJA6B6.js} +140 -26
  5. package/dist/{chunk-YJKJJ323.js → chunk-VAZUCGED.js} +24 -18
  6. package/dist/encrypt/mod.d.ts +1 -1
  7. package/dist/encrypt/mod.js +29 -3
  8. package/dist/mod-D02790g_.d.ts +241 -0
  9. package/dist/src/mod.web.d.ts +1 -1
  10. package/dist/src/mod.web.js +5 -5
  11. package/dist/wallet/mod.d.ts +86 -10
  12. package/dist/wallet/mod.js +1 -1
  13. package/package.json +1 -1
  14. package/dist/chunk-FUMSJI3N.js +0 -327
  15. package/dist/mod-DHjjiF1o.d.ts +0 -111
package/dist/{chunk-Z3LAGZSM.js → chunk-S7NJA6B6.js} RENAMED
@@ -16,6 +16,16 @@ var WalletClient = class {
16
16
  this.fetchImpl = fetch;
17
17
  }
18
18
  }
19
+ buildUrl(path) {
20
+ const normalized = path.startsWith("/") ? path : `/${path}`;
21
+ return `${this.walletServerUrl}${this.apiBasePath}${normalized}`;
22
+ }
23
+ buildAppKeyUrl(path, appKey) {
24
+ if (!appKey || typeof appKey !== "string") {
25
+ throw new Error("appKey is required");
26
+ }
27
+ return `${this.buildUrl(path)}/${appKey}`;
28
+ }
19
29
  /**
20
30
  * Get the current authenticated session
21
31
  */
@@ -82,12 +92,12 @@ var WalletClient = class {
82
92
  * Change password for current user
83
93
  * Requires active authentication session
84
94
  */
85
- async changePassword(oldPassword, newPassword) {
95
+ async changePassword(appKey, oldPassword, newPassword) {
86
96
  if (!this.currentSession) {
87
97
  throw new Error("Not authenticated. Please login first.");
88
98
  }
89
99
  const response = await this.fetchImpl(
90
- `${this.walletServerUrl}${this.apiBasePath}/auth/change-password`,
100
+ this.buildAppKeyUrl("/auth/credentials/change-password", appKey),
91
101
  {
92
102
  method: "POST",
93
103
  headers: {
@@ -110,24 +120,30 @@ var WalletClient = class {
110
120
  * Does not require authentication
111
121
  */
112
122
  async requestPasswordReset(_username) {
113
- throw new Error("Use requestPasswordResetWithToken(token, username)");
123
+ throw new Error("Use requestPasswordResetWithToken(appKey, username)");
114
124
  }
115
125
  /**
116
126
  * Reset password using a reset token
117
127
  * Returns session data - call setSession() to activate it
118
128
  */
119
129
  async resetPassword(_username, _resetToken, _newPassword) {
120
- throw new Error("Use resetPasswordWithToken(token, username, resetToken, newPassword)");
130
+ throw new Error("Use resetPasswordWithToken(appKey, username, resetToken, newPassword)");
121
131
  }
122
132
  /**
123
133
  * Sign up with app token (scoped to an app)
124
134
  */
125
- async signupWithToken(token, credentials) {
126
- if (!token) throw new Error("token is required");
127
- const response = await this.fetchImpl(`${this.walletServerUrl}${this.apiBasePath}/auth/signup`, {
135
+ async signupWithToken(appKey, tokenOrCredentials, maybeCredentials) {
136
+ const credentials = typeof tokenOrCredentials === "string" ? maybeCredentials : tokenOrCredentials;
137
+ if (!credentials) throw new Error("credentials are required");
138
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/signup", appKey), {
128
139
  method: "POST",
129
140
  headers: { "Content-Type": "application/json" },
130
- body: JSON.stringify({ token, username: credentials.username, password: credentials.password })
141
+ body: JSON.stringify({
142
+ token: typeof tokenOrCredentials === "string" ? tokenOrCredentials : void 0,
143
+ type: "password",
144
+ username: credentials.username,
145
+ password: credentials.password
146
+ })
131
147
  });
132
148
  const data = await response.json();
133
149
  if (!response.ok || !data.success) {
@@ -138,13 +154,20 @@ var WalletClient = class {
138
154
  /**
139
155
  * Login with app token and session (scoped to an app)
140
156
  */
141
- async loginWithTokenSession(token, session, credentials) {
142
- if (!token) throw new Error("token is required");
143
- if (!session) throw new Error("session is required");
144
- const response = await this.fetchImpl(`${this.walletServerUrl}${this.apiBasePath}/auth/login`, {
157
+ async loginWithTokenSession(appKey, tokenOrSession, sessionOrCredentials, maybeCredentials) {
158
+ const session = typeof sessionOrCredentials === "string" && maybeCredentials ? sessionOrCredentials : tokenOrSession;
159
+ const credentials = maybeCredentials || sessionOrCredentials;
160
+ if (!session || typeof session !== "string") throw new Error("session is required");
161
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/login", appKey), {
145
162
  method: "POST",
146
163
  headers: { "Content-Type": "application/json" },
147
- body: JSON.stringify({ token, session, username: credentials.username, password: credentials.password })
164
+ body: JSON.stringify({
165
+ token: typeof tokenOrSession === "string" && maybeCredentials ? tokenOrSession : void 0,
166
+ session,
167
+ type: "password",
168
+ username: credentials.username,
169
+ password: credentials.password
170
+ })
148
171
  });
149
172
  const data = await response.json();
150
173
  if (!response.ok || !data.success) {
@@ -155,12 +178,12 @@ var WalletClient = class {
155
178
  /**
156
179
  * Request password reset scoped to app token
157
180
  */
158
- async requestPasswordResetWithToken(token, username) {
159
- if (!token) throw new Error("token is required");
160
- const response = await this.fetchImpl(`${this.walletServerUrl}${this.apiBasePath}/auth/request-password-reset`, {
181
+ async requestPasswordResetWithToken(appKey, tokenOrUsername, maybeUsername) {
182
+ const username = maybeUsername || tokenOrUsername;
183
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/credentials/request-password-reset", appKey), {
161
184
  method: "POST",
162
185
  headers: { "Content-Type": "application/json" },
163
- body: JSON.stringify({ token, username })
186
+ body: JSON.stringify({ username })
164
187
  });
165
188
  const data = await response.json();
166
189
  if (!response.ok || !data.success) {
@@ -169,14 +192,17 @@ var WalletClient = class {
169
192
  return { resetToken: data.resetToken, expiresIn: data.expiresIn };
170
193
  }
171
194
  /**
172
- * Reset password scoped to app token
195
+ * Reset password scoped to an app
173
196
  */
174
- async resetPasswordWithToken(token, username, resetToken, newPassword) {
175
- if (!token) throw new Error("token is required");
176
- const response = await this.fetchImpl(`${this.walletServerUrl}${this.apiBasePath}/auth/reset-password`, {
197
+ async resetPasswordWithToken(appKey, _tokenOrUsername, usernameOrReset, resetToken, newPassword) {
198
+ const username = usernameOrReset;
199
+ if (!resetToken || !newPassword) {
200
+ throw new Error("resetToken and newPassword are required");
201
+ }
202
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/credentials/reset-password", appKey), {
177
203
  method: "POST",
178
204
  headers: { "Content-Type": "application/json" },
179
- body: JSON.stringify({ token, username, resetToken, newPassword })
205
+ body: JSON.stringify({ username, resetToken, newPassword })
180
206
  });
181
207
  const data = await response.json();
182
208
  if (!response.ok || !data.success) {
@@ -188,12 +214,15 @@ var WalletClient = class {
188
214
  * Get public keys for the current authenticated user.
189
215
  * Requires an active authentication session.
190
216
  */
191
- async getPublicKeys() {
217
+ async getPublicKeys(appKey) {
192
218
  if (!this.currentSession) {
193
219
  throw new Error("Not authenticated. Please login first.");
194
220
  }
221
+ if (!appKey || typeof appKey !== "string") {
222
+ throw new Error("appKey is required");
223
+ }
195
224
  const response = await this.fetchImpl(
196
- `${this.walletServerUrl}${this.apiBasePath}/public-keys`,
225
+ this.buildAppKeyUrl("/auth/public-keys", appKey),
197
226
  {
198
227
  headers: {
199
228
  Authorization: `Bearer ${this.currentSession.token}`
@@ -238,12 +267,37 @@ var WalletClient = class {
238
267
  }
239
268
  return data;
240
269
  }
270
+ /**
271
+ * Proxy a read request through the wallet server
272
+ * The server decrypts encrypted data using user's encryption key
273
+ * Requires active authentication session
274
+ */
275
+ async proxyRead(request) {
276
+ if (!this.currentSession) {
277
+ throw new Error("Not authenticated. Please login first.");
278
+ }
279
+ const url = new URL(`${this.walletServerUrl}${this.apiBasePath}/proxy/read`);
280
+ url.searchParams.set("uri", request.uri);
281
+ const response = await this.fetchImpl(url.toString(), {
282
+ method: "GET",
283
+ headers: {
284
+ Authorization: `Bearer ${this.currentSession.token}`
285
+ }
286
+ });
287
+ const data = await response.json();
288
+ if (!response.ok || !data.success) {
289
+ throw new Error(
290
+ data.error || `Proxy read failed: ${response.statusText}`
291
+ );
292
+ }
293
+ return data;
294
+ }
241
295
  /**
242
296
  * Convenience method: Get current user's public keys
243
297
  * Requires active authentication session
244
298
  */
245
- async getMyPublicKeys() {
246
- return this.getPublicKeys();
299
+ async getMyPublicKeys(appKey) {
300
+ return this.getPublicKeys(appKey);
247
301
  }
248
302
  /**
249
303
  * Get server's public keys
@@ -265,6 +319,66 @@ var WalletClient = class {
265
319
  encryptionPublicKeyHex: data.encryptionPublicKeyHex
266
320
  };
267
321
  }
322
+ /**
323
+ * Sign up with Google OAuth (scoped to app token)
324
+ * Returns session data with Google profile info - call setSession() to activate it
325
+ *
326
+ * @param token - App token from app server
327
+ * @param googleIdToken - Google ID token from Google Sign-In
328
+ * @returns GoogleAuthSession with username, JWT token, and Google profile info
329
+ */
330
+ async signupWithGoogle(appKey, token, googleIdToken) {
331
+ if (!token) throw new Error("token is required");
332
+ if (!googleIdToken) throw new Error("googleIdToken is required");
333
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/signup", appKey), {
334
+ method: "POST",
335
+ headers: { "Content-Type": "application/json" },
336
+ body: JSON.stringify({ token, type: "google", googleIdToken })
337
+ });
338
+ const data = await response.json();
339
+ if (!response.ok || !data.success) {
340
+ throw new Error(data.error || `Google signup failed: ${response.statusText}`);
341
+ }
342
+ return {
343
+ username: data.username,
344
+ token: data.token,
345
+ expiresIn: data.expiresIn,
346
+ email: data.email,
347
+ name: data.name,
348
+ picture: data.picture
349
+ };
350
+ }
351
+ /**
352
+ * Login with Google OAuth (scoped to app token and session)
353
+ * Returns session data with Google profile info - call setSession() to activate it
354
+ *
355
+ * @param token - App token from app server
356
+ * @param session - Session key from app server
357
+ * @param googleIdToken - Google ID token from Google Sign-In
358
+ * @returns GoogleAuthSession with username, JWT token, and Google profile info
359
+ */
360
+ async loginWithGoogle(appKey, token, session, googleIdToken) {
361
+ if (!token) throw new Error("token is required");
362
+ if (!session) throw new Error("session is required");
363
+ if (!googleIdToken) throw new Error("googleIdToken is required");
364
+ const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/login", appKey), {
365
+ method: "POST",
366
+ headers: { "Content-Type": "application/json" },
367
+ body: JSON.stringify({ token, session, type: "google", googleIdToken })
368
+ });
369
+ const data = await response.json();
370
+ if (!response.ok || !data.success) {
371
+ throw new Error(data.error || `Google login failed: ${response.statusText}`);
372
+ }
373
+ return {
374
+ username: data.username,
375
+ token: data.token,
376
+ expiresIn: data.expiresIn,
377
+ email: data.email,
378
+ name: data.name,
379
+ picture: data.picture
380
+ };
381
+ }
268
382
  };
269
383
 
270
384
  export {
package/dist/{chunk-YJKJJ323.js → chunk-VAZUCGED.js} RENAMED
@@ -5,7 +5,6 @@ var AppsClient = class {
5
5
  if (!cfg.apiBasePath) throw new Error("apiBasePath is required");
6
6
  this.base = cfg.appServerUrl.replace(/\/$/, "");
7
7
  this.api = (cfg.apiBasePath.startsWith("/") ? cfg.apiBasePath : `/${cfg.apiBasePath}`).replace(/\/$/, "");
8
- if (cfg.authToken) this.authToken = cfg.authToken;
9
8
  if (cfg.fetch) {
10
9
  this.f = cfg.fetch;
11
10
  } else if (typeof window !== "undefined" && typeof window.fetch === "function") {
@@ -14,55 +13,62 @@ var AppsClient = class {
14
13
  this.f = fetch;
15
14
  }
16
15
  }
17
- setAuthToken(token) {
18
- this.authToken = token;
19
- }
20
16
  async health() {
21
17
  const r = await this.f(`${this.base}${this.api}/health`);
22
18
  if (!r.ok) throw new Error(`health failed: ${r.statusText}`);
23
19
  return r.json();
24
20
  }
25
- async registerApp(reg) {
26
- const r = await this.f(`${this.base}${this.api}/apps/register`, {
21
+ async updateOrigins(appKey, message) {
22
+ const r = await this.f(`${this.base}${this.api}/apps/origins/${encodeURIComponent(appKey)}`, {
23
+ method: "POST",
24
+ headers: { "Content-Type": "application/json" },
25
+ body: JSON.stringify(message)
26
+ });
27
+ const j = await r.json();
28
+ if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
29
+ return j;
30
+ }
31
+ async updateGoogleClientId(appKey, message) {
32
+ const r = await this.f(`${this.base}${this.api}/apps/google-client-id/${encodeURIComponent(appKey)}`, {
27
33
  method: "POST",
28
- headers: { "Content-Type": "application/json", ...this.authToken ? { Authorization: `Bearer ${this.authToken}` } : {} },
29
- body: JSON.stringify(reg)
34
+ headers: { "Content-Type": "application/json" },
35
+ body: JSON.stringify(message)
30
36
  });
31
37
  const j = await r.json();
32
38
  if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
33
39
  return j;
34
40
  }
35
- async updateSchema(appKey, actions) {
36
- const r = await this.f(`${this.base}${this.api}/apps/${encodeURIComponent(appKey)}/schema`, {
41
+ async updateSchema(appKey, message) {
42
+ const r = await this.f(`${this.base}${this.api}/apps/schema/${encodeURIComponent(appKey)}`, {
37
43
  method: "POST",
38
- headers: { "Content-Type": "application/json", ...this.authToken ? { Authorization: `Bearer ${this.authToken}` } : {} },
39
- body: JSON.stringify(actions)
44
+ headers: { "Content-Type": "application/json" },
45
+ body: JSON.stringify(message)
40
46
  });
41
47
  const j = await r.json();
42
48
  if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
43
49
  return j;
44
50
  }
45
51
  async getSchema(appKey) {
46
- const r = await this.f(`${this.base}${this.api}/apps/${encodeURIComponent(appKey)}/schema`, { headers: { ...this.authToken ? { Authorization: `Bearer ${this.authToken}` } : {} } });
52
+ const r = await this.f(`${this.base}${this.api}/apps/schema/${encodeURIComponent(appKey)}`);
47
53
  const j = await r.json();
48
54
  if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
49
55
  return j;
50
56
  }
51
- async createSession(appKey, token) {
57
+ async createSession(appKey, message) {
52
58
  const r = await this.f(`${this.base}${this.api}/app/${encodeURIComponent(appKey)}/session`, {
53
59
  method: "POST",
54
60
  headers: { "Content-Type": "application/json" },
55
- body: JSON.stringify({ token })
61
+ body: JSON.stringify(message)
56
62
  });
57
63
  const j = await r.json();
58
64
  if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
59
65
  return j;
60
66
  }
61
- async invokeAction(appKey, action, payload, origin) {
67
+ async invokeAction(appKey, action, signedMessage, origin) {
62
68
  const r = await this.f(`${this.base}${this.api}/app/${encodeURIComponent(appKey)}/${encodeURIComponent(action)}`, {
63
69
  method: "POST",
64
- headers: { "Content-Type": "text/plain", ...origin ? { Origin: origin } : {} },
65
- body: payload
70
+ headers: { "Content-Type": "application/json", ...origin ? { Origin: origin } : {} },
71
+ body: JSON.stringify(signedMessage)
66
72
  });
67
73
  const j = await r.json();
68
74
  if (!r.ok || !j.success) throw new Error(j.error || r.statusText);
package/dist/encrypt/mod.d.ts CHANGED
@@ -1 +1 @@
1
- export { A as AuthenticatedMessage, a as EncryptedPayload, E as EncryptionKeyPair, K as KeyPair, S as SignedEncryptedMessage, h as createAuthenticatedMessage, i as createSignedEncryptedMessage, d as decrypt, f as decryptWithHex, e as encrypt, b as generateEncryptionKeyPair, k as generateNonce, l as generateRandomData, g as generateSigningKeyPair, s as sign, c as signWithHex, v as verify, j as verifyAndDecrypt } from '../mod-DHjjiF1o.js';
1
+ export { A as AuthenticatedMessage, a as EncryptedPayload, E as EncryptionKeyPair, I as IdentityKey, K as KeyPair, d as PrivateEncryptionKey, P as PublicEncryptionKey, c as SecretEncryptionKey, S as SignedEncryptedMessage, b as SignedSymmetricMessage, k as createAuthenticatedMessage, l as createAuthenticatedMessageWithHex, w as createSignedEncryptedMessage, B as createSignedSymmetricMessage, i as decrypt, z as decryptSymmetric, j as decryptWithHex, n as deriveKeyFromSeed, h as encrypt, y as encryptSymmetric, r as exportPrivateKeyPem, e as generateEncryptionKeyPair, o as generateNonce, q as generateRandomData, g as generateSigningKeyPair, p as pemToCryptoKey, s as sign, t as signPayload, f as signWithHex, v as verify, x as verifyAndDecryptMessage, u as verifyPayload } from '../mod-D02790g_.js';
package/dist/encrypt/mod.js CHANGED
@@ -1,31 +1,57 @@
1
1
  import {
2
+ IdentityKey,
3
+ PrivateEncryptionKey,
4
+ PublicEncryptionKey,
5
+ SecretEncryptionKey,
2
6
  createAuthenticatedMessage,
7
+ createAuthenticatedMessageWithHex,
3
8
  createSignedEncryptedMessage,
9
+ createSignedSymmetricMessage,
4
10
  decrypt,
11
+ decryptSymmetric,
5
12
  decryptWithHex,
13
+ deriveKeyFromSeed,
6
14
  encrypt,
15
+ encryptSymmetric,
16
+ exportPrivateKeyPem,
7
17
  generateEncryptionKeyPair,
8
18
  generateNonce,
9
19
  generateRandomData,
10
20
  generateSigningKeyPair,
21
+ pemToCryptoKey,
11
22
  sign,
23
+ signPayload,
12
24
  signWithHex,
13
25
  verify,
14
- verifyAndDecrypt
15
- } from "../chunk-FUMSJI3N.js";
26
+ verifyAndDecryptMessage,
27
+ verifyPayload
28
+ } from "../chunk-K3ZSSVHR.js";
16
29
  import "../chunk-MLKGABMK.js";
17
30
  export {
31
+ IdentityKey,
32
+ PrivateEncryptionKey,
33
+ PublicEncryptionKey,
34
+ SecretEncryptionKey,
18
35
  createAuthenticatedMessage,
36
+ createAuthenticatedMessageWithHex,
19
37
  createSignedEncryptedMessage,
38
+ createSignedSymmetricMessage,
20
39
  decrypt,
40
+ decryptSymmetric,
21
41
  decryptWithHex,
42
+ deriveKeyFromSeed,
22
43
  encrypt,
44
+ encryptSymmetric,
45
+ exportPrivateKeyPem,
23
46
  generateEncryptionKeyPair,
24
47
  generateNonce,
25
48
  generateRandomData,
26
49
  generateSigningKeyPair,
50
+ pemToCryptoKey,
27
51
  sign,
52
+ signPayload,
28
53
  signWithHex,
29
54
  verify,
30
- verifyAndDecrypt
55
+ verifyAndDecryptMessage,
56
+ verifyPayload
31
57
  };
package/dist/mod-D02790g_.d.ts ADDED
@@ -0,0 +1,241 @@
1
+ interface KeyPair {
2
+ publicKey: CryptoKey;
3
+ privateKey: CryptoKey;
4
+ publicKeyHex: string;
5
+ privateKeyHex: string;
6
+ }
7
+ interface EncryptionKeyPair {
8
+ publicKey: CryptoKey;
9
+ privateKey: CryptoKey;
10
+ publicKeyHex: string;
11
+ }
12
+ interface EncryptedPayload {
13
+ data: string;
14
+ nonce: string;
15
+ ephemeralPublicKey?: string;
16
+ }
17
+ interface AuthenticatedMessage<T = unknown> {
18
+ auth: Array<{
19
+ pubkey: string;
20
+ signature: string;
21
+ }>;
22
+ payload: T;
23
+ }
24
+ interface SignedEncryptedMessage {
25
+ auth: Array<{
26
+ pubkey: string;
27
+ signature: string;
28
+ }>;
29
+ payload: EncryptedPayload;
30
+ }
31
+ interface SignedSymmetricMessage {
32
+ auth: Array<{
33
+ pubkey: string;
34
+ signature: string;
35
+ }>;
36
+ payload: EncryptedPayload;
37
+ }
38
+ declare class IdentityKey {
39
+ private readonly privateKey;
40
+ readonly publicKeyHex: string;
41
+ private constructor();
42
+ static generate(): Promise<{
43
+ key: IdentityKey;
44
+ privateKeyPem: string;
45
+ publicKeyHex: string;
46
+ }>;
47
+ static fromPem(pem: string, publicKeyHex: string): Promise<IdentityKey>;
48
+ static fromHex(params: {
49
+ privateKeyHex: string;
50
+ publicKeyHex: string;
51
+ }): Promise<IdentityKey>;
52
+ sign(payload: unknown): Promise<string>;
53
+ }
54
+ declare class PublicEncryptionKey {
55
+ readonly publicKeyHex: string;
56
+ readonly publicKey: CryptoKey | null;
57
+ constructor(publicKeyHex: string, publicKey: CryptoKey | null);
58
+ static fromHex(publicKeyHex: string): Promise<PublicEncryptionKey>;
59
+ static generatePair(): Promise<{
60
+ publicKey: PublicEncryptionKey;
61
+ privateKeyHex: string;
62
+ }>;
63
+ encrypt(data: unknown): Promise<EncryptedPayload>;
64
+ toHex(): string;
65
+ }
66
+ declare class SecretEncryptionKey {
67
+ readonly keyHex: string;
68
+ private constructor();
69
+ static fromSecret(params: {
70
+ secret: string;
71
+ salt: string;
72
+ iterations?: number;
73
+ }): Promise<SecretEncryptionKey>;
74
+ static fromHex(keyHex: string): SecretEncryptionKey;
75
+ encrypt(data: unknown): Promise<EncryptedPayload>;
76
+ decrypt(payload: EncryptedPayload): Promise<unknown>;
77
+ }
78
+ declare class PrivateEncryptionKey {
79
+ readonly privateKey: CryptoKey;
80
+ readonly privateKeyHex: string;
81
+ readonly publicKeyHex: string;
82
+ constructor(privateKey: CryptoKey, privateKeyHex: string, publicKeyHex: string);
83
+ static fromHex(params: {
84
+ privateKeyHex: string;
85
+ publicKeyHex: string;
86
+ }): Promise<PrivateEncryptionKey>;
87
+ static generatePair(): Promise<{
88
+ privateKey: PrivateEncryptionKey;
89
+ publicKey: PublicEncryptionKey;
90
+ }>;
91
+ toPublic(): PublicEncryptionKey;
92
+ decrypt(payload: EncryptedPayload): Promise<unknown>;
93
+ toHex(): string;
94
+ }
95
+ /**
96
+ * Convert a PEM-encoded private key to a CryptoKey
97
+ */
98
+ declare function pemToCryptoKey(pem: string, algorithm: "Ed25519" | "X25519"): Promise<CryptoKey>;
99
+ /**
100
+ * Generate an Ed25519 keypair for signing
101
+ */
102
+ declare function generateSigningKeyPair(): Promise<KeyPair>;
103
+ /**
104
+ * Generate an X25519 keypair for encryption (ECDH)
105
+ */
106
+ declare function generateEncryptionKeyPair(): Promise<EncryptionKeyPair>;
107
+ /**
108
+ * Sign a payload with an Ed25519 private key
109
+ */
110
+ declare function sign<T>(privateKey: CryptoKey, payload: T): Promise<string>;
111
+ /**
112
+ * Sign a payload with an Ed25519 private key from hex
113
+ */
114
+ declare function signWithHex<T>(privateKeyHex: string, payload: T): Promise<string>;
115
+ /**
116
+ * Verify a signature using Ed25519 public key
117
+ */
118
+ declare function verify<T>(publicKeyHex: string, signatureHex: string, payload: T): Promise<boolean>;
119
+ /**
120
+ * Encrypt data using X25519 ECDH + AES-GCM
121
+ * Uses ephemeral keypair for forward secrecy
122
+ */
123
+ declare function encrypt(data: unknown, recipientPublicKeyHex: string): Promise<EncryptedPayload>;
124
+ /**
125
+ * Decrypt data using X25519 ECDH + AES-GCM
126
+ */
127
+ declare function decrypt(encryptedPayload: EncryptedPayload, recipientPrivateKey: CryptoKey): Promise<unknown>;
128
+ /**
129
+ * Decrypt data using private key from hex
130
+ */
131
+ declare function decryptWithHex(encryptedPayload: EncryptedPayload, recipientPrivateKeyHex: string): Promise<unknown>;
132
+ /**
133
+ * Create an authenticated message (signed but not encrypted)
134
+ */
135
+ declare function createAuthenticatedMessage<T>(payload: T, signers: Array<{
136
+ privateKey: CryptoKey;
137
+ publicKeyHex: string;
138
+ }>): Promise<AuthenticatedMessage<T>>;
139
+ /**
140
+ * Create an authenticated message with hex-encoded keys (convenience wrapper)
141
+ */
142
+ declare function createAuthenticatedMessageWithHex<T>(payload: T, pubkeyHex: string, privateKeyHex: string): Promise<AuthenticatedMessage<T>>;
143
+ /**
144
+ * Derive an encryption key from seed and salt using PBKDF2
145
+ * Returns hex-encoded key suitable for encrypt/decrypt functions
146
+ */
147
+ declare function deriveKeyFromSeed(seed: string, salt: string, iterations?: number): Promise<string>;
148
+ declare function generateNonce(length?: number): Uint8Array;
149
+ declare function generateRandomData(size: number): Uint8Array;
150
+ declare function exportPrivateKeyPem(privateKey: CryptoKey, label: string): Promise<string>;
151
+ declare function signPayload(params: {
152
+ payload: unknown;
153
+ identity: IdentityKey;
154
+ }): Promise<Array<{
155
+ pubkey: string;
156
+ signature: string;
157
+ }>>;
158
+ declare function verifyPayload(params: {
159
+ payload: unknown;
160
+ auth: Array<{
161
+ pubkey: string;
162
+ signature: string;
163
+ }>;
164
+ }): Promise<{
165
+ verified: boolean;
166
+ signers: string[];
167
+ }>;
168
+ declare function createSignedEncryptedMessage(params: {
169
+ data: unknown;
170
+ identity: IdentityKey;
171
+ encryptionKey: SecretEncryptionKey | PublicEncryptionKey;
172
+ }): Promise<SignedEncryptedMessage>;
173
+ declare function createSignedEncryptedMessage(data: unknown, signers: Array<{
174
+ privateKey: CryptoKey;
175
+ publicKeyHex: string;
176
+ }>, recipientPublicKeyHex: string): Promise<SignedEncryptedMessage>;
177
+ declare function verifyAndDecryptMessage(params: {
178
+ message: SignedEncryptedMessage;
179
+ encryptionKey: SecretEncryptionKey | PrivateEncryptionKey;
180
+ }): Promise<{
181
+ data: unknown;
182
+ verified: boolean;
183
+ signers: string[];
184
+ }>;
185
+ /**
186
+ * Encrypt data using a symmetric key (AES-GCM) provided as hex
187
+ */
188
+ declare function encryptSymmetric(data: unknown, keyHex: string): Promise<EncryptedPayload>;
189
+ /**
190
+ * Decrypt data using a symmetric key (AES-GCM) provided as hex
191
+ */
192
+ declare function decryptSymmetric(payload: EncryptedPayload, keyHex: string): Promise<unknown>;
193
+ /**
194
+ * Create a signed symmetric message (signs encrypted payload)
195
+ */
196
+ declare function createSignedSymmetricMessage(data: unknown, signers: Array<{
197
+ privateKey: CryptoKey;
198
+ publicKeyHex: string;
199
+ }>, keyHex: string): Promise<SignedSymmetricMessage>;
200
+
201
+ type mod_AuthenticatedMessage<T = unknown> = AuthenticatedMessage<T>;
202
+ type mod_EncryptedPayload = EncryptedPayload;
203
+ type mod_EncryptionKeyPair = EncryptionKeyPair;
204
+ type mod_IdentityKey = IdentityKey;
205
+ declare const mod_IdentityKey: typeof IdentityKey;
206
+ type mod_KeyPair = KeyPair;
207
+ type mod_PrivateEncryptionKey = PrivateEncryptionKey;
208
+ declare const mod_PrivateEncryptionKey: typeof PrivateEncryptionKey;
209
+ type mod_PublicEncryptionKey = PublicEncryptionKey;
210
+ declare const mod_PublicEncryptionKey: typeof PublicEncryptionKey;
211
+ type mod_SecretEncryptionKey = SecretEncryptionKey;
212
+ declare const mod_SecretEncryptionKey: typeof SecretEncryptionKey;
213
+ type mod_SignedEncryptedMessage = SignedEncryptedMessage;
214
+ type mod_SignedSymmetricMessage = SignedSymmetricMessage;
215
+ declare const mod_createAuthenticatedMessage: typeof createAuthenticatedMessage;
216
+ declare const mod_createAuthenticatedMessageWithHex: typeof createAuthenticatedMessageWithHex;
217
+ declare const mod_createSignedEncryptedMessage: typeof createSignedEncryptedMessage;
218
+ declare const mod_createSignedSymmetricMessage: typeof createSignedSymmetricMessage;
219
+ declare const mod_decrypt: typeof decrypt;
220
+ declare const mod_decryptSymmetric: typeof decryptSymmetric;
221
+ declare const mod_decryptWithHex: typeof decryptWithHex;
222
+ declare const mod_deriveKeyFromSeed: typeof deriveKeyFromSeed;
223
+ declare const mod_encrypt: typeof encrypt;
224
+ declare const mod_encryptSymmetric: typeof encryptSymmetric;
225
+ declare const mod_exportPrivateKeyPem: typeof exportPrivateKeyPem;
226
+ declare const mod_generateEncryptionKeyPair: typeof generateEncryptionKeyPair;
227
+ declare const mod_generateNonce: typeof generateNonce;
228
+ declare const mod_generateRandomData: typeof generateRandomData;
229
+ declare const mod_generateSigningKeyPair: typeof generateSigningKeyPair;
230
+ declare const mod_pemToCryptoKey: typeof pemToCryptoKey;
231
+ declare const mod_sign: typeof sign;
232
+ declare const mod_signPayload: typeof signPayload;
233
+ declare const mod_signWithHex: typeof signWithHex;
234
+ declare const mod_verify: typeof verify;
235
+ declare const mod_verifyAndDecryptMessage: typeof verifyAndDecryptMessage;
236
+ declare const mod_verifyPayload: typeof verifyPayload;
237
+ declare namespace mod {
238
+ export { type mod_AuthenticatedMessage as AuthenticatedMessage, type mod_EncryptedPayload as EncryptedPayload, type mod_EncryptionKeyPair as EncryptionKeyPair, mod_IdentityKey as IdentityKey, type mod_KeyPair as KeyPair, mod_PrivateEncryptionKey as PrivateEncryptionKey, mod_PublicEncryptionKey as PublicEncryptionKey, mod_SecretEncryptionKey as SecretEncryptionKey, type mod_SignedEncryptedMessage as SignedEncryptedMessage, type mod_SignedSymmetricMessage as SignedSymmetricMessage, mod_createAuthenticatedMessage as createAuthenticatedMessage, mod_createAuthenticatedMessageWithHex as createAuthenticatedMessageWithHex, mod_createSignedEncryptedMessage as createSignedEncryptedMessage, mod_createSignedSymmetricMessage as createSignedSymmetricMessage, mod_decrypt as decrypt, mod_decryptSymmetric as decryptSymmetric, mod_decryptWithHex as decryptWithHex, mod_deriveKeyFromSeed as deriveKeyFromSeed, mod_encrypt as encrypt, mod_encryptSymmetric as encryptSymmetric, mod_exportPrivateKeyPem as exportPrivateKeyPem, mod_generateEncryptionKeyPair as generateEncryptionKeyPair, mod_generateNonce as generateNonce, mod_generateRandomData as generateRandomData, mod_generateSigningKeyPair as generateSigningKeyPair, mod_pemToCryptoKey as pemToCryptoKey, mod_sign as sign, mod_signPayload as signPayload, mod_signWithHex as signWithHex, mod_verify as verify, mod_verifyAndDecryptMessage as verifyAndDecryptMessage, mod_verifyPayload as verifyPayload };
239
+ }
240
+
241
+ export { type AuthenticatedMessage as A, createSignedSymmetricMessage as B, type EncryptionKeyPair as E, IdentityKey as I, type KeyPair as K, PublicEncryptionKey as P, type SignedEncryptedMessage as S, type EncryptedPayload as a, type SignedSymmetricMessage as b, SecretEncryptionKey as c, PrivateEncryptionKey as d, generateEncryptionKeyPair as e, signWithHex as f, generateSigningKeyPair as g, encrypt as h, decrypt as i, decryptWithHex as j, createAuthenticatedMessage as k, createAuthenticatedMessageWithHex as l, mod as m, deriveKeyFromSeed as n, generateNonce as o, pemToCryptoKey as p, generateRandomData as q, exportPrivateKeyPem as r, sign as s, signPayload as t, verifyPayload as u, verify as v, createSignedEncryptedMessage as w, verifyAndDecryptMessage as x, encryptSymmetric as y, decryptSymmetric as z };
package/dist/src/mod.web.d.ts CHANGED
@@ -4,4 +4,4 @@ export { WebSocketClient } from '../clients/websocket/mod.js';
4
4
  export { LocalStorageClient } from '../clients/local-storage/mod.js';
5
5
  export { WalletClient } from '../wallet/mod.js';
6
6
  export { AppsClient } from '../apps/mod.js';
7
- export { m as encrypt } from '../mod-DHjjiF1o.js';
7
+ export { m as encrypt } from '../mod-D02790g_.js';