@bandeira-tech/b3nd-web 0.2.3 → 0.2.4

package/dist/{chunk-K3ZSSVHR.js → chunk-JN75UL5C.js}

@@ -585,6 +585,8 @@ async function createSignedSymmetricMessage(data, signers, keyHex) {
 }
 
 export {
+  encodeHex,
+  decodeHex,
   IdentityKey,
   PublicEncryptionKey,
   SecretEncryptionKey,

package/dist/core-CgxQpSVM.d.ts

@@ -0,0 +1,275 @@
+import { Hono } from 'hono';
+import { N as NodeProtocolInterface } from './types-oQCx3U-_.js';
+
+/**
+ * Wallet Server Dependency Injection Interfaces
+ *
+ * These interfaces abstract runtime-specific operations, enabling the wallet
+ * server to run in Deno, Node.js, or browsers through dependency injection.
+ */
+/**
+ * File storage abstraction - replaces Deno.readTextFile/writeTextFile
+ */
+interface FileStorage {
+    readTextFile(path: string): Promise<string>;
+    writeTextFile(path: string, content: string): Promise<void>;
+    exists(path: string): Promise<boolean>;
+}
+/**
+ * Environment abstraction - replaces Deno.env.get()
+ */
+interface Environment {
+    get(key: string): string | undefined;
+}
+/**
+ * Logger abstraction - replaces console.log/warn/error
+ */
+interface Logger {
+    log(...args: unknown[]): void;
+    warn(...args: unknown[]): void;
+    error(...args: unknown[]): void;
+}
+/**
+ * HTTP fetch abstraction - allows custom fetch implementations
+ */
+type HttpFetch = (url: string, init?: RequestInit) => Promise<Response>;
+/**
+ * Default console logger implementation
+ */
+declare const defaultLogger: Logger;
+/**
+ * In-memory file storage implementation (for testing/browser)
+ */
+declare class MemoryFileStorage implements FileStorage {
+    private storage;
+    readTextFile(path: string): Promise<string>;
+    writeTextFile(path: string, content: string): Promise<void>;
+    exists(path: string): Promise<boolean>;
+}
+/**
+ * Environment from config object (for testing/browser)
+ */
+declare class ConfigEnvironment implements Environment {
+    private config;
+    constructor(config?: Record<string, string>);
+    get(key: string): string | undefined;
+}
+
+/**
+ * Wallet Server Types
+ *
+ * Type definitions for the universal wallet server SDK.
+ */
+
+/**
+ * Server key pair configuration
+ */
+interface ServerKeyPair {
+    privateKeyPem: string;
+    publicKeyHex: string;
+}
+/**
+ * Server keys configuration (identity + encryption)
+ */
+interface ServerKeys {
+    identityKey: ServerKeyPair;
+    encryptionKey: ServerKeyPair;
+}
+/**
+ * App backend configuration for bootstrap
+ */
+interface AppBackendConfig {
+    url: string;
+    apiBasePath?: string;
+}
+/**
+ * Dependency injection configuration
+ */
+interface WalletServerDeps {
+    /** File storage for bootstrap state persistence */
+    storage?: FileStorage;
+    /** Logger for output */
+    logger?: Logger;
+    /** Custom fetch implementation */
+    fetch?: HttpFetch;
+    /** Pre-configured credential client (alternative to credentialNodeUrl) */
+    credentialClient?: NodeProtocolInterface;
+    /** Pre-configured proxy client (alternative to proxyNodeUrl) */
+    proxyClient?: NodeProtocolInterface;
+}
+/**
+ * Wallet server configuration
+ */
+interface WalletServerConfig {
+    /** Server identity and encryption keys */
+    serverKeys: ServerKeys;
+    /** JWT secret for token signing (must be 32+ characters) */
+    jwtSecret: string;
+    /** JWT expiration in seconds (default: 86400 = 24 hours) */
+    jwtExpirationSeconds?: number;
+    /** URL of the credential backend node */
+    credentialNodeUrl?: string;
+    /** URL of the proxy backend node */
+    proxyNodeUrl?: string;
+    /** CORS allowed origins (default: ["*"]) */
+    allowedOrigins?: string[];
+    /** App backend for bootstrap (optional) */
+    appBackend?: AppBackendConfig;
+    /** Password reset token TTL in seconds (default: 3600 = 1 hour) */
+    passwordResetTokenTtlSeconds?: number;
+    /** Google OAuth client ID (optional, enables Google auth) */
+    googleClientId?: string;
+    /** Path for bootstrap state file (optional) */
+    bootstrapStatePath?: string;
+    /** Dependency injection */
+    deps?: WalletServerDeps;
+}
+/**
+ * Resolved configuration with defaults applied
+ */
+interface ResolvedWalletServerConfig {
+    serverKeys: ServerKeys;
+    jwtSecret: string;
+    jwtExpirationSeconds: number;
+    allowedOrigins: string[];
+    passwordResetTokenTtlSeconds: number;
+    googleClientId: string | null;
+    bootstrapStatePath: string | null;
+    appBackend: AppBackendConfig | null;
+}
+/**
+ * User keys structure
+ */
+interface UserKeys {
+    accountKey: ServerKeyPair;
+    encryptionKey: ServerKeyPair;
+}
+/**
+ * Proxy write request
+ */
+interface ProxyWriteRequest {
+    uri: string;
+    data: unknown;
+    encrypt?: boolean;
+}
+/**
+ * Proxy write response
+ */
+interface ProxyWriteResponse {
+    success: boolean;
+    resolvedUri?: string;
+    error?: string;
+    record?: {
+        data: unknown;
+        ts: number;
+    };
+}
+/**
+ * Proxy read response
+ */
+interface ProxyReadResponse {
+    success: boolean;
+    error?: string;
+    record?: {
+        data: unknown;
+        ts: number;
+    };
+    decrypted?: unknown;
+}
+/**
+ * Auth session response
+ */
+interface AuthSessionResponse {
+    success: boolean;
+    username: string;
+    token: string;
+    expiresIn: number;
+    error?: string;
+    email?: string;
+    name?: string;
+    picture?: string;
+}
+/**
+ * Public keys response
+ */
+interface PublicKeysResponse {
+    success: boolean;
+    accountPublicKeyHex?: string;
+    encryptionPublicKeyHex?: string;
+    error?: string;
+}
+/**
+ * Health response
+ */
+interface HealthResponse {
+    success: boolean;
+    status: string;
+    server: string;
+    timestamp: string;
+}
+/**
+ * Server keys response
+ */
+interface ServerKeysResponse {
+    success: boolean;
+    identityPublicKeyHex: string;
+    encryptionPublicKeyHex: string;
+}
+
+/**
+ * Wallet Server Core
+ *
+ * Universal wallet server that works in Deno, Node.js, and browsers.
+ * Uses dependency injection for all runtime-specific operations.
+ */
+
+interface BootstrapState {
+    appKey: string;
+    createdAt: string;
+    appServerUrl: string;
+    apiBasePath: string;
+}
+/**
+ * Wallet Server Core
+ *
+ * Creates a portable Hono application that can be served by any runtime.
+ */
+declare class WalletServerCore {
+    private config;
+    private serverKeys;
+    private credentialClient;
+    private proxyClient;
+    private app;
+    private logger;
+    private storage;
+    private fetchImpl;
+    constructor(userConfig: WalletServerConfig);
+    private validateConfig;
+    private applyDefaults;
+    /**
+     * Get the Hono app instance
+     */
+    getApp(): Hono;
+    /**
+     * Get the fetch handler for use with various runtimes
+     */
+    getFetchHandler(): (request: Request) => Response | Promise<Response>;
+    /**
+     * Get server public keys
+     */
+    getServerKeys(): {
+        identityPublicKeyHex: string;
+        encryptionPublicKeyHex: string;
+    };
+    /**
+     * Bootstrap wallet app registration (optional)
+     */
+    bootstrap(): Promise<BootstrapState | null>;
+    private normalizeApiBasePath;
+    private readBootstrapState;
+    private writeBootstrapState;
+    private sessionExists;
+    private createApp;
+}
+
+export { type AppBackendConfig as A, ConfigEnvironment as C, type Environment as E, type FileStorage as F, type HttpFetch as H, type Logger as L, MemoryFileStorage as M, type ProxyWriteRequest as P, type ResolvedWalletServerConfig as R, type ServerKeys as S, type UserKeys as U, WalletServerCore as W, type ProxyWriteResponse as a, type ProxyReadResponse as b, type WalletServerConfig as c, type WalletServerDeps as d, type ServerKeyPair as e, type AuthSessionResponse as f, type PublicKeysResponse as g, type HealthResponse as h, type ServerKeysResponse as i, defaultLogger as j };

package/dist/encrypt/mod.d.ts

@@ -1 +1 @@
-export { A as AuthenticatedMessage, a as EncryptedPayload, E as EncryptionKeyPair, I as IdentityKey, K as KeyPair, d as PrivateEncryptionKey, P as PublicEncryptionKey, c as SecretEncryptionKey, S as SignedEncryptedMessage, b as SignedSymmetricMessage, k as createAuthenticatedMessage, l as createAuthenticatedMessageWithHex, w as createSignedEncryptedMessage, B as createSignedSymmetricMessage, i as decrypt, z as decryptSymmetric, j as decryptWithHex, n as deriveKeyFromSeed, h as encrypt, y as encryptSymmetric, r as exportPrivateKeyPem, e as generateEncryptionKeyPair, o as generateNonce, q as generateRandomData, g as generateSigningKeyPair, p as pemToCryptoKey, s as sign, t as signPayload, f as signWithHex, v as verify, x as verifyAndDecryptMessage, u as verifyPayload } from '../mod-D02790g_.js';
+export { A as AuthenticatedMessage, E as EncryptedPayload, a as EncryptionKeyPair, I as IdentityKey, K as KeyPair, d as PrivateEncryptionKey, P as PublicEncryptionKey, c as SecretEncryptionKey, S as SignedEncryptedMessage, b as SignedSymmetricMessage, k as createAuthenticatedMessage, l as createAuthenticatedMessageWithHex, w as createSignedEncryptedMessage, B as createSignedSymmetricMessage, i as decrypt, z as decryptSymmetric, j as decryptWithHex, n as deriveKeyFromSeed, h as encrypt, y as encryptSymmetric, r as exportPrivateKeyPem, e as generateEncryptionKeyPair, o as generateNonce, q as generateRandomData, g as generateSigningKeyPair, p as pemToCryptoKey, s as sign, t as signPayload, f as signWithHex, v as verify, x as verifyAndDecryptMessage, u as verifyPayload } from '../mod-CII9wqu2.js';

package/dist/encrypt/mod.js

@@ -25,7 +25,7 @@ import {
   verify,
   verifyAndDecryptMessage,
   verifyPayload
-} from "../chunk-K3ZSSVHR.js";
+} from "../chunk-JN75UL5C.js";
 import "../chunk-MLKGABMK.js";
 export {
   IdentityKey,

package/dist/{mod-D02790g_.d.ts → mod-CII9wqu2.d.ts}

@@ -238,4 +238,4 @@ declare namespace mod {
   export { type mod_AuthenticatedMessage as AuthenticatedMessage, type mod_EncryptedPayload as EncryptedPayload, type mod_EncryptionKeyPair as EncryptionKeyPair, mod_IdentityKey as IdentityKey, type mod_KeyPair as KeyPair, mod_PrivateEncryptionKey as PrivateEncryptionKey, mod_PublicEncryptionKey as PublicEncryptionKey, mod_SecretEncryptionKey as SecretEncryptionKey, type mod_SignedEncryptedMessage as SignedEncryptedMessage, type mod_SignedSymmetricMessage as SignedSymmetricMessage, mod_createAuthenticatedMessage as createAuthenticatedMessage, mod_createAuthenticatedMessageWithHex as createAuthenticatedMessageWithHex, mod_createSignedEncryptedMessage as createSignedEncryptedMessage, mod_createSignedSymmetricMessage as createSignedSymmetricMessage, mod_decrypt as decrypt, mod_decryptSymmetric as decryptSymmetric, mod_decryptWithHex as decryptWithHex, mod_deriveKeyFromSeed as deriveKeyFromSeed, mod_encrypt as encrypt, mod_encryptSymmetric as encryptSymmetric, mod_exportPrivateKeyPem as exportPrivateKeyPem, mod_generateEncryptionKeyPair as generateEncryptionKeyPair, mod_generateNonce as generateNonce, mod_generateRandomData as generateRandomData, mod_generateSigningKeyPair as generateSigningKeyPair, mod_pemToCryptoKey as pemToCryptoKey, mod_sign as sign, mod_signPayload as signPayload, mod_signWithHex as signWithHex, mod_verify as verify, mod_verifyAndDecryptMessage as verifyAndDecryptMessage, mod_verifyPayload as verifyPayload };
 }
 
-export { type AuthenticatedMessage as A, createSignedSymmetricMessage as B, type EncryptionKeyPair as E, IdentityKey as I, type KeyPair as K, PublicEncryptionKey as P, type SignedEncryptedMessage as S, type EncryptedPayload as a, type SignedSymmetricMessage as b, SecretEncryptionKey as c, PrivateEncryptionKey as d, generateEncryptionKeyPair as e, signWithHex as f, generateSigningKeyPair as g, encrypt as h, decrypt as i, decryptWithHex as j, createAuthenticatedMessage as k, createAuthenticatedMessageWithHex as l, mod as m, deriveKeyFromSeed as n, generateNonce as o, pemToCryptoKey as p, generateRandomData as q, exportPrivateKeyPem as r, sign as s, signPayload as t, verifyPayload as u, verify as v, createSignedEncryptedMessage as w, verifyAndDecryptMessage as x, encryptSymmetric as y, decryptSymmetric as z };
+export { type AuthenticatedMessage as A, createSignedSymmetricMessage as B, type EncryptedPayload as E, IdentityKey as I, type KeyPair as K, PublicEncryptionKey as P, type SignedEncryptedMessage as S, type EncryptionKeyPair as a, type SignedSymmetricMessage as b, SecretEncryptionKey as c, PrivateEncryptionKey as d, generateEncryptionKeyPair as e, signWithHex as f, generateSigningKeyPair as g, encrypt as h, decrypt as i, decryptWithHex as j, createAuthenticatedMessage as k, createAuthenticatedMessageWithHex as l, mod as m, deriveKeyFromSeed as n, generateNonce as o, pemToCryptoKey as p, generateRandomData as q, exportPrivateKeyPem as r, sign as s, signPayload as t, verifyPayload as u, verify as v, createSignedEncryptedMessage as w, verifyAndDecryptMessage as x, encryptSymmetric as y, decryptSymmetric as z };

package/dist/src/mod.web.d.ts

@@ -4,4 +4,4 @@ export { WebSocketClient } from '../clients/websocket/mod.js';
 export { LocalStorageClient } from '../clients/local-storage/mod.js';
 export { WalletClient } from '../wallet/mod.js';
 export { AppsClient } from '../apps/mod.js';
-export { m as encrypt } from '../mod-D02790g_.js';
+export { m as encrypt } from '../mod-CII9wqu2.js';

package/dist/src/mod.web.js

@@ -1,6 +1,9 @@
+import {
+  AppsClient
+} from "../chunk-VAZUCGED.js";
 import {
   mod_exports
-} from "../chunk-K3ZSSVHR.js";
+} from "../chunk-JN75UL5C.js";
 import {
   WalletClient
 } from "../chunk-S7NJA6B6.js";
@@ -13,9 +16,6 @@ import {
 import {
   WebSocketClient
 } from "../chunk-T43IWAQK.js";
-import {
-  AppsClient
-} from "../chunk-VAZUCGED.js";
 import "../chunk-MLKGABMK.js";
 export {
   AppsClient,

package/dist/wallet-server/adapters/browser.d.ts

@@ -0,0 +1,76 @@
+import { F as FileStorage, S as ServerKeys, W as WalletServerCore } from '../../core-CgxQpSVM.js';
+export { C as BrowserEnvironment, M as BrowserMemoryStorage } from '../../core-CgxQpSVM.js';
+import 'hono';
+import '../../types-oQCx3U-_.js';
+
+/**
+ * Browser Adapter for Wallet Server
+ *
+ * Provides browser-compatible implementations for running a wallet server
+ * in simulation/demo mode using in-memory or localStorage storage.
+ */
+
+/**
+ * Browser localStorage-backed file storage
+ */
+declare class BrowserLocalStorageFileStorage implements FileStorage {
+    private keyPrefix;
+    constructor(keyPrefix?: string);
+    readTextFile(path: string): Promise<string>;
+    writeTextFile(path: string, content: string): Promise<void>;
+    exists(path: string): Promise<boolean>;
+}
+
+/**
+ * Options for creating a browser wallet server
+ */
+interface BrowserWalletServerOptions {
+    /** Server keys (required) */
+    serverKeys: ServerKeys;
+    /** JWT secret (required, must be 32+ chars) */
+    jwtSecret: string;
+    /** Use localStorage for persistence (default: false = in-memory) */
+    useLocalStorage?: boolean;
+    /** Key prefix for localStorage (default: "b3nd-wallet-") */
+    localStoragePrefix?: string;
+    /** JWT expiration in seconds (default: 86400) */
+    jwtExpirationSeconds?: number;
+    /** Allowed origins (default: ["*"]) */
+    allowedOrigins?: string[];
+    /** Google OAuth client ID (optional) */
+    googleClientId?: string;
+}
+/**
+ * Create a browser-compatible wallet server for simulation/testing
+ *
+ * This creates a fully functional wallet server that runs in the browser
+ * using LocalStorageClient as the backend. Useful for:
+ * - Demo applications
+ * - Testing without a real backend
+ * - Offline-first applications
+ *
+ * @example
+ * ```typescript
+ * import { createBrowserWalletServer, generateBrowserServerKeys } from "@b3nd/sdk/wallet-server/adapters/browser";
+ *
+ * const serverKeys = await generateBrowserServerKeys();
+ * const server = createBrowserWalletServer({
+ *   serverKeys,
+ *   jwtSecret: "your-32-character-minimum-secret!!",
+ *   useLocalStorage: true,
+ * });
+ *
+ * // Use with fetch API
+ * const response = await server.getFetchHandler()(new Request("/api/v1/health"));
+ * ```
+ */
+declare function createBrowserWalletServer(options: BrowserWalletServerOptions): WalletServerCore;
+/**
+ * Generate server keys in the browser
+ *
+ * Creates Ed25519 (identity) and X25519 (encryption) key pairs
+ * using the Web Crypto API.
+ */
+declare function generateBrowserServerKeys(): Promise<ServerKeys>;
+
+export { BrowserLocalStorageFileStorage, type BrowserWalletServerOptions, createBrowserWalletServer, generateBrowserServerKeys };

package/dist/wallet-server/adapters/browser.js

@@ -0,0 +1,105 @@
+import {
+  ConfigEnvironment,
+  MemoryFileStorage,
+  WalletServerCore
+} from "../../chunk-F3W5GZU6.js";
+import "../../chunk-JN75UL5C.js";
+import "../../chunk-LFUC4ETD.js";
+import {
+  LocalStorageClient
+} from "../../chunk-7U5JDFQW.js";
+import "../../chunk-MLKGABMK.js";
+
+// wallet-server/adapters/browser.ts
+var BrowserLocalStorageFileStorage = class {
+  constructor(keyPrefix = "b3nd-wallet-files:") {
+    this.keyPrefix = keyPrefix;
+  }
+  async readTextFile(path) {
+    const content = localStorage.getItem(this.keyPrefix + path);
+    if (content === null) {
+      throw new Error(`File not found: ${path}`);
+    }
+    return content;
+  }
+  async writeTextFile(path, content) {
+    localStorage.setItem(this.keyPrefix + path, content);
+  }
+  async exists(path) {
+    return localStorage.getItem(this.keyPrefix + path) !== null;
+  }
+};
+function createBrowserWalletServer(options) {
+  const prefix = options.localStoragePrefix ?? "b3nd-wallet-";
+  const storage = options.useLocalStorage ? new BrowserLocalStorageFileStorage(prefix + "files:") : new MemoryFileStorage();
+  const client = new LocalStorageClient({
+    keyPrefix: prefix + "data:"
+  });
+  const config = {
+    serverKeys: options.serverKeys,
+    jwtSecret: options.jwtSecret,
+    jwtExpirationSeconds: options.jwtExpirationSeconds ?? 86400,
+    allowedOrigins: options.allowedOrigins ?? ["*"],
+    googleClientId: options.googleClientId,
+    deps: {
+      storage,
+      logger: console,
+      credentialClient: client,
+      proxyClient: client
+    }
+  };
+  return new WalletServerCore(config);
+}
+async function generateBrowserServerKeys() {
+  const identityKeyPair = await crypto.subtle.generateKey(
+    "Ed25519",
+    true,
+    ["sign", "verify"]
+  );
+  const encryptionKeyPair = await crypto.subtle.generateKey(
+    { name: "X25519", namedCurve: "X25519" },
+    true,
+    ["deriveBits"]
+  );
+  const identityPrivateKeyBuffer = await crypto.subtle.exportKey(
+    "pkcs8",
+    identityKeyPair.privateKey
+  );
+  const identityPublicKeyBuffer = await crypto.subtle.exportKey(
+    "raw",
+    identityKeyPair.publicKey
+  );
+  const encryptionPrivateKeyBuffer = await crypto.subtle.exportKey(
+    "pkcs8",
+    encryptionKeyPair.privateKey
+  );
+  const encryptionPublicKeyBuffer = await crypto.subtle.exportKey(
+    "raw",
+    encryptionKeyPair.publicKey
+  );
+  const bytesToBase64 = (bytes) => btoa(String.fromCharCode(...bytes));
+  const bytesToHex = (bytes) => Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  const toPem = (buffer) => {
+    const base64 = bytesToBase64(new Uint8Array(buffer));
+    return `-----BEGIN PRIVATE KEY-----
+${base64.match(/.{1,64}/g)?.join("\n")}
+-----END PRIVATE KEY-----`;
+  };
+  return {
+    identityKey: {
+      privateKeyPem: toPem(identityPrivateKeyBuffer),
+      publicKeyHex: bytesToHex(new Uint8Array(identityPublicKeyBuffer))
+    },
+    encryptionKey: {
+      privateKeyPem: toPem(encryptionPrivateKeyBuffer),
+      publicKeyHex: bytesToHex(new Uint8Array(encryptionPublicKeyBuffer))
+    }
+  };
+}
+export {
+  ConfigEnvironment as BrowserEnvironment,
+  BrowserLocalStorageFileStorage,
+  MemoryFileStorage as BrowserMemoryStorage,
+  createBrowserWalletServer,
+  generateBrowserServerKeys
+};