@bcts/gstp 1.0.0-alpha.14

package/dist/index.cjs

@@ -0,0 +1,1308 @@
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __exportAll = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
+let _bcts_components = require("@bcts/components");
+let _bcts_envelope = require("@bcts/envelope");
+let _bcts_known_values = require("@bcts/known-values");
+let _bcts_xid = require("@bcts/xid");
+
+//#region src/error.ts
+/**
+* GSTP Error Types
+*
+* Error types returned when operating on GSTP messages.
+* Ported from gstp-rust/src/error.rs
+*/
+/**
+* Error codes for GSTP operations.
+*/
+let GstpErrorCode = /* @__PURE__ */ function(GstpErrorCode$1) {
+	/** Sender must have an encryption key. */
+	GstpErrorCode$1["SENDER_MISSING_ENCRYPTION_KEY"] = "SENDER_MISSING_ENCRYPTION_KEY";
+	/** Recipient must have an encryption key. */
+	GstpErrorCode$1["RECIPIENT_MISSING_ENCRYPTION_KEY"] = "RECIPIENT_MISSING_ENCRYPTION_KEY";
+	/** Sender must have a verification key. */
+	GstpErrorCode$1["SENDER_MISSING_VERIFICATION_KEY"] = "SENDER_MISSING_VERIFICATION_KEY";
+	/** Continuation has expired. */
+	GstpErrorCode$1["CONTINUATION_EXPIRED"] = "CONTINUATION_EXPIRED";
+	/** Continuation ID is invalid. */
+	GstpErrorCode$1["CONTINUATION_ID_INVALID"] = "CONTINUATION_ID_INVALID";
+	/** Peer continuation must be encrypted. */
+	GstpErrorCode$1["PEER_CONTINUATION_NOT_ENCRYPTED"] = "PEER_CONTINUATION_NOT_ENCRYPTED";
+	/** Requests must contain a peer continuation. */
+	GstpErrorCode$1["MISSING_PEER_CONTINUATION"] = "MISSING_PEER_CONTINUATION";
+	/** Error from envelope operations. */
+	GstpErrorCode$1["ENVELOPE"] = "ENVELOPE";
+	/** Error from XID operations. */
+	GstpErrorCode$1["XID"] = "XID";
+	return GstpErrorCode$1;
+}({});
+/**
+* Error class for GSTP operations.
+*
+* Provides specific error types that can occur during GSTP message
+* creation, sealing, and parsing operations.
+*/
+var GstpError = class GstpError extends Error {
+	code;
+	constructor(code, message, cause) {
+		super(message);
+		this.name = "GstpError";
+		this.code = code;
+		if (cause !== void 0) this.cause = cause;
+		if ("captureStackTrace" in Error) Error.captureStackTrace(this, GstpError);
+	}
+	/**
+	* Returned when the sender is missing an encryption key.
+	*/
+	static senderMissingEncryptionKey() {
+		return new GstpError(GstpErrorCode.SENDER_MISSING_ENCRYPTION_KEY, "sender must have an encryption key");
+	}
+	/**
+	* Returned when the recipient is missing an encryption key.
+	*/
+	static recipientMissingEncryptionKey() {
+		return new GstpError(GstpErrorCode.RECIPIENT_MISSING_ENCRYPTION_KEY, "recipient must have an encryption key");
+	}
+	/**
+	* Returned when the sender is missing a verification key.
+	*/
+	static senderMissingVerificationKey() {
+		return new GstpError(GstpErrorCode.SENDER_MISSING_VERIFICATION_KEY, "sender must have a verification key");
+	}
+	/**
+	* Returned when the continuation has expired.
+	*/
+	static continuationExpired() {
+		return new GstpError(GstpErrorCode.CONTINUATION_EXPIRED, "continuation expired");
+	}
+	/**
+	* Returned when the continuation ID is invalid.
+	*/
+	static continuationIdInvalid() {
+		return new GstpError(GstpErrorCode.CONTINUATION_ID_INVALID, "continuation ID invalid");
+	}
+	/**
+	* Returned when the peer continuation is not encrypted.
+	*/
+	static peerContinuationNotEncrypted() {
+		return new GstpError(GstpErrorCode.PEER_CONTINUATION_NOT_ENCRYPTED, "peer continuation must be encrypted");
+	}
+	/**
+	* Returned when a request is missing the peer continuation.
+	*/
+	static missingPeerContinuation() {
+		return new GstpError(GstpErrorCode.MISSING_PEER_CONTINUATION, "requests must contain a peer continuation");
+	}
+	/**
+	* Envelope error wrapper.
+	*/
+	static envelope(cause) {
+		return new GstpError(GstpErrorCode.ENVELOPE, "envelope error", cause);
+	}
+	/**
+	* XID error wrapper.
+	*/
+	static xid(cause) {
+		return new GstpError(GstpErrorCode.XID, "XID error", cause);
+	}
+};
+
+//#endregion
+//#region src/continuation.ts
+/**
+* Continuation - Encrypted State Continuations (ESC)
+*
+* Continuations embed encrypted state data directly into messages,
+* eliminating the need for local state storage and enhancing security
+* for devices with limited storage or requiring distributed state management.
+*
+* Ported from gstp-rust/src/continuation.rs
+*/
+/**
+* Represents an encrypted state continuation.
+*
+* Continuations provide a way to maintain state across message exchanges
+* without requiring local storage. The state is encrypted and embedded
+* directly in the message envelope.
+*
+* @example
+* ```typescript
+* import { Continuation } from '@bcts/gstp';
+*
+* // Create a continuation with state
+* const continuation = new Continuation("session state data")
+*   .withValidId(requestId)
+*   .withValidUntil(new Date(Date.now() + 60000)); // Valid for 60 seconds
+*
+* // Convert to envelope (optionally encrypted)
+* const envelope = continuation.toEnvelope(recipientPublicKey);
+* ```
+*/
+var Continuation = class Continuation {
+	_state;
+	_validId;
+	_validUntil;
+	/**
+	* Creates a new Continuation with the given state.
+	*
+	* The state can be any value that implements EnvelopeEncodable.
+	*
+	* @param state - The state to embed in the continuation
+	* @param validId - Optional ID for validation
+	* @param validUntil - Optional expiration date
+	*/
+	constructor(state, validId, validUntil) {
+		this._state = _bcts_envelope.Envelope.new(state);
+		this._validId = validId;
+		this._validUntil = validUntil;
+	}
+	/**
+	* Creates a new continuation with a specific valid ID.
+	*
+	* @param validId - The ID to use for validation
+	* @returns A new Continuation instance with the valid ID set
+	*/
+	withValidId(validId) {
+		return new Continuation(this._state, validId, this._validUntil);
+	}
+	/**
+	* Creates a new continuation with an optional valid ID.
+	*
+	* @param validId - The ID to use for validation, or undefined
+	* @returns A new Continuation instance with the valid ID set
+	*/
+	withOptionalValidId(validId) {
+		return new Continuation(this._state, validId, this._validUntil);
+	}
+	/**
+	* Creates a new continuation with a specific valid until date.
+	*
+	* @param validUntil - The date until which the continuation is valid
+	* @returns A new Continuation instance with the valid until date set
+	*/
+	withValidUntil(validUntil) {
+		return new Continuation(this._state, this._validId, validUntil);
+	}
+	/**
+	* Creates a new continuation with an optional valid until date.
+	*
+	* @param validUntil - The date until which the continuation is valid, or undefined
+	* @returns A new Continuation instance with the valid until date set
+	*/
+	withOptionalValidUntil(validUntil) {
+		return new Continuation(this._state, this._validId, validUntil);
+	}
+	/**
+	* Creates a new continuation with a validity duration from now.
+	*
+	* @param durationMs - The duration in milliseconds for which the continuation is valid
+	* @returns A new Continuation instance with the valid until date set
+	*/
+	withValidDuration(durationMs) {
+		const validUntil = new Date(Date.now() + durationMs);
+		return new Continuation(this._state, this._validId, validUntil);
+	}
+	/**
+	* Returns the state envelope of the continuation.
+	*/
+	state() {
+		return this._state;
+	}
+	/**
+	* Returns the valid ID of the continuation, if set.
+	*/
+	id() {
+		return this._validId;
+	}
+	/**
+	* Returns the valid until date of the continuation, if set.
+	*/
+	validUntil() {
+		return this._validUntil;
+	}
+	/**
+	* Checks if the continuation is valid at the given time.
+	*
+	* If no valid_until is set, always returns true.
+	* If no time is provided, always returns true.
+	*
+	* @param now - The time to check against, or undefined to skip time validation
+	* @returns true if the continuation is valid at the given time
+	*/
+	isValidDate(now) {
+		if (this._validUntil === void 0) return true;
+		if (now === void 0) return true;
+		return now.getTime() <= this._validUntil.getTime();
+	}
+	/**
+	* Checks if the continuation has the expected ID.
+	*
+	* If no valid_id is set, always returns true.
+	* If no ID is provided for checking, always returns true.
+	*
+	* @param id - The ID to check against, or undefined to skip ID validation
+	* @returns true if the continuation has the expected ID
+	*/
+	isValidId(id) {
+		if (this._validId === void 0) return true;
+		if (id === void 0) return true;
+		return this._validId.equals(id);
+	}
+	/**
+	* Checks if the continuation is valid (both date and ID).
+	*
+	* @param now - The time to check against, or undefined to skip time validation
+	* @param id - The ID to check against, or undefined to skip ID validation
+	* @returns true if the continuation is valid
+	*/
+	isValid(now, id) {
+		return this.isValidDate(now) && this.isValidId(id);
+	}
+	/**
+	* Converts the continuation to an envelope.
+	*
+	* If a recipient is provided, the envelope is encrypted to that recipient.
+	*
+	* @param recipient - Optional recipient to encrypt the envelope to
+	* @returns The continuation as an envelope
+	*/
+	toEnvelope(recipient) {
+		let envelope = this._state;
+		if (this._validId !== void 0) envelope = envelope.addAssertion(_bcts_known_values.ID, this._validId);
+		if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, this._validUntil.toISOString());
+		if (recipient !== void 0) envelope = envelope.encryptToRecipients([recipient]);
+		return envelope;
+	}
+	/**
+	* Parses a continuation from an envelope.
+	*
+	* @param encryptedEnvelope - The envelope to parse
+	* @param expectedId - Optional ID to validate against
+	* @param now - Optional time to validate against
+	* @param recipient - Optional private keys to decrypt with
+	* @returns The parsed continuation
+	* @throws GstpError if validation fails or parsing fails
+	*/
+	static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipient) {
+		let envelope = encryptedEnvelope;
+		if (recipient !== void 0) try {
+			envelope = encryptedEnvelope.decryptToRecipient(recipient);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		const state = envelope.subject();
+		let validId;
+		try {
+			const idObj = envelope.objectForPredicate(_bcts_known_values.ID);
+			if (idObj !== void 0) {
+				const leafCbor = idObj.asLeaf();
+				if (leafCbor !== void 0) validId = _bcts_components.ARID.fromTaggedCborData(leafCbor.toData());
+			}
+		} catch {}
+		let validUntil;
+		try {
+			const validUntilObj = envelope.objectForPredicate(_bcts_known_values.VALID_UNTIL);
+			if (validUntilObj !== void 0) {
+				const dateStr = validUntilObj.asText();
+				if (dateStr !== void 0) validUntil = new Date(dateStr);
+			}
+		} catch {}
+		const continuation = new Continuation(state, validId, validUntil);
+		if (!continuation.isValidDate(now)) throw GstpError.continuationExpired();
+		if (!continuation.isValidId(expectedId)) throw GstpError.continuationIdInvalid();
+		return continuation;
+	}
+	/**
+	* Checks equality with another continuation.
+	*
+	* Two continuations are equal if they have the same state, ID, and valid_until.
+	*
+	* @param other - The continuation to compare with
+	* @returns true if the continuations are equal
+	*/
+	equals(other) {
+		if (!this._state.digest().equals(other._state.digest())) return false;
+		if (this._validId === void 0 && other._validId === void 0) {} else if (this._validId !== void 0 && other._validId !== void 0) {
+			if (!this._validId.equals(other._validId)) return false;
+		} else return false;
+		if (this._validUntil === void 0 && other._validUntil === void 0) {} else if (this._validUntil !== void 0 && other._validUntil !== void 0) {
+			if (this._validUntil.getTime() !== other._validUntil.getTime()) return false;
+		} else return false;
+		return true;
+	}
+	/**
+	* Returns a string representation of the continuation.
+	*/
+	toString() {
+		const parts = [`Continuation(state: ${this._state.formatFlat()}`];
+		if (this._validId !== void 0) parts.push(`id: ${this._validId.shortDescription()}`);
+		if (this._validUntil !== void 0) parts.push(`validUntil: ${this._validUntil.toISOString()}`);
+		return `${parts.join(", ")})`;
+	}
+};
+
+//#endregion
+//#region src/sealed-request.ts
+/**
+* A sealed request that combines a Request with sender information and
+* state continuations for secure communication.
+*
+* @example
+* ```typescript
+* import { SealedRequest, ARID } from '@bcts/gstp';
+* import { XIDDocument } from '@bcts/xid';
+*
+* // Create sender XID document
+* const sender = XIDDocument.new();
+* const requestId = ARID.new();
+*
+* // Create a sealed request
+* const request = SealedRequest.new("getBalance", requestId, sender)
+*   .withParameter("account", "alice")
+*   .withState("session-state-data")
+*   .withNote("Balance check");
+*
+* // Convert to sealed envelope
+* const envelope = request.toEnvelope(
+*   new Date(Date.now() + 60000), // Valid for 60 seconds
+*   senderPrivateKey,
+*   recipientXIDDocument
+* );
+* ```
+*/
+var SealedRequest = class SealedRequest {
+	_request;
+	_sender;
+	_state;
+	_peerContinuation;
+	constructor(request, sender, state, peerContinuation) {
+		this._request = request;
+		this._sender = sender;
+		this._state = state;
+		this._peerContinuation = peerContinuation;
+	}
+	/**
+	* Creates a new sealed request with the given function, ID, and sender.
+	*
+	* @param func - The function to call (string name or Function object)
+	* @param id - The request ID
+	* @param sender - The sender's XID document
+	*/
+	static new(func, id, sender) {
+		return new SealedRequest(_bcts_envelope.Request.new(func, id), sender);
+	}
+	/**
+	* Creates a new sealed request with an expression body.
+	*
+	* @param body - The expression body
+	* @param id - The request ID
+	* @param sender - The sender's XID document
+	*/
+	static newWithBody(body, id, sender) {
+		return new SealedRequest(_bcts_envelope.Request.newWithBody(body, id), sender);
+	}
+	/**
+	* Adds a parameter to the request.
+	*/
+	withParameter(parameter, value) {
+		this._request = this._request.withParameter(parameter, value);
+		return this;
+	}
+	/**
+	* Adds an optional parameter to the request.
+	*/
+	withOptionalParameter(parameter, value) {
+		if (value !== void 0) this._request = this._request.withParameter(parameter, value);
+		return this;
+	}
+	/**
+	* Returns the function of the request.
+	*/
+	function() {
+		return this._request.function();
+	}
+	/**
+	* Returns the expression envelope of the request.
+	*/
+	expressionEnvelope() {
+		return this._request.expressionEnvelope();
+	}
+	/**
+	* Returns the object for a parameter.
+	*/
+	objectForParameter(param) {
+		return this._request.body().getParameter(param);
+	}
+	/**
+	* Returns all objects for a parameter.
+	*/
+	objectsForParameter(param) {
+		const obj = this._request.body().getParameter(param);
+		return obj !== void 0 ? [obj] : [];
+	}
+	/**
+	* Extracts an object for a parameter as a specific type.
+	*/
+	extractObjectForParameter(param) {
+		const envelope = this.objectForParameter(param);
+		if (envelope === void 0) throw GstpError.envelope(/* @__PURE__ */ new Error(`Parameter not found: ${param}`));
+		return envelope.extractSubject((cbor) => {
+			if (cbor.isInteger()) return cbor.toInteger();
+			if (cbor.isText()) return cbor.toText();
+			if (cbor.isBool()) return cbor.toBool();
+			if (cbor.isNumber()) return cbor.toNumber();
+			if (cbor.isByteString()) return cbor.toByteString();
+			return cbor;
+		});
+	}
+	/**
+	* Extracts an optional object for a parameter.
+	*/
+	extractOptionalObjectForParameter(param) {
+		const envelope = this.objectForParameter(param);
+		if (envelope === void 0) return;
+		return envelope.extractSubject((cbor) => {
+			if (cbor.isInteger()) return cbor.toInteger();
+			if (cbor.isText()) return cbor.toText();
+			if (cbor.isBool()) return cbor.toBool();
+			if (cbor.isNumber()) return cbor.toNumber();
+			if (cbor.isByteString()) return cbor.toByteString();
+			return cbor;
+		});
+	}
+	/**
+	* Extracts all objects for a parameter as a specific type.
+	*/
+	extractObjectsForParameter(param) {
+		return this.objectsForParameter(param).map((env) => env.extractSubject((cbor) => cbor));
+	}
+	/**
+	* Adds a note to the request.
+	*/
+	withNote(note) {
+		this._request = this._request.withNote(note);
+		return this;
+	}
+	/**
+	* Adds a date to the request.
+	*/
+	withDate(date) {
+		this._request = this._request.withDate(date);
+		return this;
+	}
+	/**
+	* Returns the body of the request.
+	*/
+	body() {
+		return this._request.body();
+	}
+	/**
+	* Returns the ID of the request.
+	*/
+	id() {
+		return this._request.id();
+	}
+	/**
+	* Returns the note of the request.
+	*/
+	note() {
+		return this._request.note();
+	}
+	/**
+	* Returns the date of the request.
+	*/
+	date() {
+		return this._request.date();
+	}
+	/**
+	* Adds state to the request that the receiver must return in the response.
+	*/
+	withState(state) {
+		this._state = _bcts_envelope.Envelope.new(state);
+		return this;
+	}
+	/**
+	* Adds optional state to the request.
+	*/
+	withOptionalState(state) {
+		this._state = state !== void 0 ? _bcts_envelope.Envelope.new(state) : void 0;
+		return this;
+	}
+	/**
+	* Adds a continuation previously received from the recipient.
+	*/
+	withPeerContinuation(peerContinuation) {
+		this._peerContinuation = peerContinuation;
+		return this;
+	}
+	/**
+	* Adds an optional continuation previously received from the recipient.
+	*/
+	withOptionalPeerContinuation(peerContinuation) {
+		this._peerContinuation = peerContinuation;
+		return this;
+	}
+	/**
+	* Returns the underlying request.
+	*/
+	request() {
+		return this._request;
+	}
+	/**
+	* Returns the sender of the request.
+	*/
+	sender() {
+		return this._sender;
+	}
+	/**
+	* Returns the state to be sent to the recipient.
+	*/
+	state() {
+		return this._state;
+	}
+	/**
+	* Returns the continuation received from the recipient.
+	*/
+	peerContinuation() {
+		return this._peerContinuation;
+	}
+	/**
+	* Converts the sealed request to a Request.
+	*/
+	toRequest() {
+		return this._request;
+	}
+	/**
+	* Converts the sealed request to an Expression.
+	*/
+	toExpression() {
+		return this._request.body();
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or one recipient.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipient - Optional recipient XID document for encryption
+	* @returns The sealed request as an envelope
+	*/
+	toEnvelope(validUntil, signer, recipient) {
+		const recipients = recipient !== void 0 ? [recipient] : [];
+		return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or more recipients.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipients - Array of recipient XID documents for encryption
+	* @returns The sealed request as an envelope
+	*/
+	toEnvelopeForRecipients(validUntil, signer, recipients) {
+		const continuation = new Continuation(this._state ?? _bcts_envelope.Envelope.new(null), this.id(), validUntil);
+		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+		const senderContinuation = continuation.toEnvelope(senderEncryptionKey);
+		let result = this._request.toEnvelope();
+		result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+		result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+		if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+		if (signer !== void 0) result = result.sign(signer);
+		if (recipients !== void 0 && recipients.length > 0) {
+			const recipientKeys = recipients.map((recipient) => {
+				const key = recipient.encryptionKey();
+				if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+				return key;
+			});
+			result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+		}
+		return result;
+	}
+	/**
+	* Parses a sealed request from an encrypted envelope.
+	*
+	* @param encryptedEnvelope - The encrypted envelope to parse
+	* @param expectedId - Optional expected request ID for validation
+	* @param now - Optional current time for continuation validation
+	* @param recipient - The recipient's private keys for decryption
+	* @returns The parsed sealed request
+	*/
+	static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipient) {
+		let signedEnvelope;
+		try {
+			signedEnvelope = encryptedEnvelope.decryptToRecipient(recipient);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let sender;
+		try {
+			const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+			if (senderEnvelope === void 0) throw new Error("Missing sender");
+			sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+		} catch (e) {
+			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+		}
+		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+		let requestEnvelope;
+		try {
+			requestEnvelope = signedEnvelope.verify(senderVerificationKey);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		const peerContinuation = requestEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+		if (peerContinuation !== void 0) {
+			if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+		} else throw GstpError.missingPeerContinuation();
+		const encryptedContinuation = requestEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+		let state;
+		if (encryptedContinuation !== void 0) state = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipient).state();
+		let request;
+		try {
+			request = _bcts_envelope.Request.fromEnvelope(requestEnvelope);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		return new SealedRequest(request, sender, state, peerContinuation);
+	}
+	/**
+	* Returns a string representation of the sealed request.
+	*/
+	toString() {
+		const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+		const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+		return `SealedRequest(${this._request.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+	}
+	/**
+	* Checks equality with another sealed request.
+	*/
+	equals(other) {
+		if (!this._request.equals(other._request)) return false;
+		if (!this._sender.xid().equals(other._sender.xid())) return false;
+		if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+			if (!this._state.digest().equals(other._state.digest())) return false;
+		} else return false;
+		if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+			if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+		} else return false;
+		return true;
+	}
+};
+
+//#endregion
+//#region src/sealed-response.ts
+/**
+* A sealed response that combines a Response with sender information and
+* state continuations for secure communication.
+*
+* @example
+* ```typescript
+* import { SealedResponse, ARID } from '@bcts/gstp';
+* import { XIDDocument } from '@bcts/xid';
+*
+* // Create sender XID document
+* const sender = XIDDocument.new();
+* const requestId = ARID.new();
+*
+* // Create a successful sealed response
+* const response = SealedResponse.newSuccess(requestId, sender)
+*   .withResult("Operation completed")
+*   .withState("next-page-state");
+*
+* // Convert to sealed envelope
+* const envelope = response.toEnvelope(
+*   new Date(Date.now() + 60000), // Valid for 60 seconds
+*   senderPrivateKey,
+*   recipientXIDDocument
+* );
+* ```
+*/
+var SealedResponse = class SealedResponse {
+	_response;
+	_sender;
+	_state;
+	_peerContinuation;
+	constructor(response, sender, state, peerContinuation) {
+		this._response = response;
+		this._sender = sender;
+		this._state = state;
+		this._peerContinuation = peerContinuation;
+	}
+	/**
+	* Creates a new successful sealed response.
+	*
+	* @param id - The request ID this response is for
+	* @param sender - The sender's XID document
+	*/
+	static newSuccess(id, sender) {
+		return new SealedResponse(_bcts_envelope.Response.newSuccess(id), sender);
+	}
+	/**
+	* Creates a new failure sealed response.
+	*
+	* @param id - The request ID this response is for
+	* @param sender - The sender's XID document
+	*/
+	static newFailure(id, sender) {
+		return new SealedResponse(_bcts_envelope.Response.newFailure(id), sender);
+	}
+	/**
+	* Creates a new early failure sealed response.
+	*
+	* An early failure takes place before the message has been decrypted,
+	* and therefore the ID and sender public key are not known.
+	*
+	* @param sender - The sender's XID document
+	*/
+	static newEarlyFailure(sender) {
+		return new SealedResponse(_bcts_envelope.Response.newEarlyFailure(), sender);
+	}
+	/**
+	* Adds state to the response that the peer may return at some future time.
+	*
+	* @throws Error if called on a failed response
+	*/
+	withState(state) {
+		if (!this._response.isOk()) throw new Error("Cannot set state on a failed response");
+		this._state = _bcts_envelope.Envelope.new(state);
+		return this;
+	}
+	/**
+	* Adds optional state to the response.
+	*/
+	withOptionalState(state) {
+		if (state !== void 0) return this.withState(state);
+		this._state = void 0;
+		return this;
+	}
+	/**
+	* Adds a continuation previously received from the recipient.
+	*/
+	withPeerContinuation(peerContinuation) {
+		this._peerContinuation = peerContinuation;
+		return this;
+	}
+	/**
+	* Returns the sender of the response.
+	*/
+	sender() {
+		return this._sender;
+	}
+	/**
+	* Returns the state to be sent to the peer.
+	*/
+	state() {
+		return this._state;
+	}
+	/**
+	* Returns the continuation received from the peer.
+	*/
+	peerContinuation() {
+		return this._peerContinuation;
+	}
+	/**
+	* Sets the result value for a successful response.
+	*/
+	withResult(result) {
+		this._response = this._response.withResult(result);
+		return this;
+	}
+	/**
+	* Sets an optional result value for a successful response.
+	* If the result is undefined, the value of the response will be the null envelope.
+	*/
+	withOptionalResult(result) {
+		this._response = this._response.withOptionalResult(result);
+		return this;
+	}
+	/**
+	* Sets the error value for a failure response.
+	*/
+	withError(error) {
+		this._response = this._response.withError(error);
+		return this;
+	}
+	/**
+	* Sets an optional error value for a failure response.
+	* If the error is undefined, the value of the response will be the unknown value.
+	*/
+	withOptionalError(error) {
+		this._response = this._response.withOptionalError(error);
+		return this;
+	}
+	/**
+	* Returns true if this is a successful response.
+	*/
+	isOk() {
+		return this._response.isOk();
+	}
+	/**
+	* Returns true if this is a failure response.
+	*/
+	isErr() {
+		return this._response.isErr();
+	}
+	/**
+	* Returns the ID of the request this response is for, if known.
+	*/
+	id() {
+		return this._response.id();
+	}
+	/**
+	* Returns the ID of the request this response is for.
+	* @throws Error if the ID is not known
+	*/
+	expectId() {
+		return this._response.expectId();
+	}
+	/**
+	* Returns the result envelope if this is a successful response.
+	* @throws Error if this is a failure response
+	*/
+	result() {
+		return this._response.result();
+	}
+	/**
+	* Extracts the result as a specific type.
+	*/
+	extractResult(decoder) {
+		return this._response.extractResult(decoder);
+	}
+	/**
+	* Returns the error envelope if this is a failure response.
+	* @throws Error if this is a successful response
+	*/
+	error() {
+		return this._response.error();
+	}
+	/**
+	* Extracts the error as a specific type.
+	*/
+	extractError(decoder) {
+		return this._response.extractError(decoder);
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or one recipient.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipient - Optional recipient XID document for encryption
+	* @returns The sealed response as an envelope
+	*/
+	toEnvelope(validUntil, signer, recipient) {
+		const recipients = recipient !== void 0 ? [recipient] : [];
+		return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or more recipients.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipients - Array of recipient XID documents for encryption
+	* @returns The sealed response as an envelope
+	*/
+	toEnvelopeForRecipients(validUntil, signer, recipients) {
+		let senderContinuation;
+		if (this._state !== void 0) {
+			const continuation = new Continuation(this._state, void 0, validUntil);
+			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+			senderContinuation = continuation.toEnvelope(senderEncryptionKey);
+		}
+		let result = this._response.toEnvelope();
+		result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+		if (senderContinuation !== void 0) result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+		if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+		if (signer !== void 0) result = result.sign(signer);
+		if (recipients !== void 0 && recipients.length > 0) {
+			const recipientKeys = recipients.map((recipient) => {
+				const key = recipient.encryptionKey();
+				if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+				return key;
+			});
+			result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+		}
+		return result;
+	}
+	/**
+	* Parses a sealed response from an encrypted envelope.
+	*
+	* @param encryptedEnvelope - The encrypted envelope to parse
+	* @param expectedId - Optional expected request ID for validation
+	* @param now - Optional current time for continuation validation
+	* @param recipientPrivateKey - The recipient's private keys for decryption
+	* @returns The parsed sealed response
+	*/
+	static tryFromEncryptedEnvelope(encryptedEnvelope, expectedId, now, recipientPrivateKey) {
+		let signedEnvelope;
+		try {
+			signedEnvelope = encryptedEnvelope.decryptToRecipient(recipientPrivateKey);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let sender;
+		try {
+			const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+			if (senderEnvelope === void 0) throw new Error("Missing sender");
+			sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+		} catch (e) {
+			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+		}
+		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+		let responseEnvelope;
+		try {
+			responseEnvelope = signedEnvelope.verify(senderVerificationKey);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		const peerContinuation = responseEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+		if (peerContinuation !== void 0) {
+			if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+		}
+		const encryptedContinuation = responseEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+		let state;
+		if (encryptedContinuation !== void 0) {
+			const stateEnv = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipientPrivateKey).state();
+			if (stateEnv.isNull()) state = void 0;
+			else state = stateEnv;
+		}
+		let response;
+		try {
+			response = _bcts_envelope.Response.fromEnvelope(responseEnvelope);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		return new SealedResponse(response, sender, state, peerContinuation);
+	}
+	/**
+	* Returns a string representation of the sealed response.
+	*/
+	toString() {
+		const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+		const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+		return `SealedResponse(${this._response.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+	}
+	/**
+	* Checks equality with another sealed response.
+	*/
+	equals(other) {
+		if (!this._response.equals(other._response)) return false;
+		if (!this._sender.xid().equals(other._sender.xid())) return false;
+		if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+			if (!this._state.digest().equals(other._state.digest())) return false;
+		} else return false;
+		if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+			if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+		} else return false;
+		return true;
+	}
+};
+
+//#endregion
+//#region src/sealed-event.ts
+/**
+* A sealed event that combines an Event with sender information and
+* state continuations for secure communication.
+*
+* @typeParam T - The type of content this event carries
+*
+* @example
+* ```typescript
+* import { SealedEvent, ARID } from '@bcts/gstp';
+* import { XIDDocument } from '@bcts/xid';
+*
+* // Create sender XID document
+* const sender = XIDDocument.new();
+* const eventId = ARID.new();
+*
+* // Create a sealed event
+* const event = SealedEvent.new("System notification", eventId, sender)
+*   .withNote("Status update")
+*   .withDate(new Date());
+*
+* // Convert to sealed envelope
+* const envelope = event.toEnvelope(
+*   new Date(Date.now() + 60000), // Valid for 60 seconds
+*   senderPrivateKey,
+*   recipientXIDDocument
+* );
+* ```
+*/
+var SealedEvent = class SealedEvent {
+	_event;
+	_sender;
+	_state;
+	_peerContinuation;
+	constructor(event, sender, state, peerContinuation) {
+		this._event = event;
+		this._sender = sender;
+		this._state = state;
+		this._peerContinuation = peerContinuation;
+	}
+	/**
+	* Creates a new sealed event with the given content, ID, and sender.
+	*
+	* @param content - The content of the event
+	* @param id - The event ID
+	* @param sender - The sender's XID document
+	*/
+	static new(content, id, sender) {
+		return new SealedEvent(_bcts_envelope.Event.new(content, id), sender);
+	}
+	/**
+	* Adds a note to the event.
+	*/
+	withNote(note) {
+		this._event = this._event.withNote(note);
+		return this;
+	}
+	/**
+	* Adds a date to the event.
+	*/
+	withDate(date) {
+		this._event = this._event.withDate(date);
+		return this;
+	}
+	/**
+	* Returns the content of the event.
+	*/
+	content() {
+		return this._event.content();
+	}
+	/**
+	* Returns the ID of the event.
+	*/
+	id() {
+		return this._event.id();
+	}
+	/**
+	* Returns the note of the event.
+	*/
+	note() {
+		return this._event.note();
+	}
+	/**
+	* Returns the date of the event.
+	*/
+	date() {
+		return this._event.date();
+	}
+	/**
+	* Adds state to the event that the receiver must return in the response.
+	*/
+	withState(state) {
+		this._state = _bcts_envelope.Envelope.new(state);
+		return this;
+	}
+	/**
+	* Adds optional state to the event.
+	*/
+	withOptionalState(state) {
+		if (state !== void 0) return this.withState(state);
+		this._state = void 0;
+		return this;
+	}
+	/**
+	* Adds a continuation previously received from the recipient.
+	*/
+	withPeerContinuation(peerContinuation) {
+		this._peerContinuation = peerContinuation;
+		return this;
+	}
+	/**
+	* Adds an optional continuation previously received from the recipient.
+	*/
+	withOptionalPeerContinuation(peerContinuation) {
+		this._peerContinuation = peerContinuation;
+		return this;
+	}
+	/**
+	* Returns the underlying event.
+	*/
+	event() {
+		return this._event;
+	}
+	/**
+	* Returns the sender of the event.
+	*/
+	sender() {
+		return this._sender;
+	}
+	/**
+	* Returns the state to be sent to the recipient.
+	*/
+	state() {
+		return this._state;
+	}
+	/**
+	* Returns the continuation received from the recipient.
+	*/
+	peerContinuation() {
+		return this._peerContinuation;
+	}
+	/**
+	* Converts the sealed event to an Event.
+	*/
+	toEvent() {
+		return this._event;
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or one recipient.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipient - Optional recipient XID document for encryption
+	* @returns The sealed event as an envelope
+	*/
+	toEnvelope(validUntil, signer, recipient) {
+		const recipients = recipient !== void 0 ? [recipient] : [];
+		return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+	}
+	/**
+	* Creates an envelope that can be decrypted by zero or more recipients.
+	*
+	* @param validUntil - Optional expiration date for the continuation
+	* @param signer - Optional signer for the envelope
+	* @param recipients - Array of recipient XID documents for encryption
+	* @returns The sealed event as an envelope
+	*/
+	toEnvelopeForRecipients(validUntil, signer, recipients) {
+		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+		let senderContinuation;
+		if (this._state !== void 0) senderContinuation = new Continuation(this._state, void 0, validUntil).toEnvelope(senderEncryptionKey);
+		else if (validUntil !== void 0) senderContinuation = new Continuation(_bcts_envelope.Envelope.new(null), void 0, validUntil).toEnvelope(senderEncryptionKey);
+		let result = this._event.toEnvelope();
+		result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+		if (senderContinuation !== void 0) result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+		if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+		if (signer !== void 0) result = result.sign(signer);
+		if (recipients !== void 0 && recipients.length > 0) {
+			const recipientKeys = recipients.map((recipient) => {
+				const key = recipient.encryptionKey();
+				if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+				return key;
+			});
+			result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+		}
+		return result;
+	}
+	/**
+	* Parses a sealed event from an encrypted envelope.
+	*
+	* @param encryptedEnvelope - The encrypted envelope to parse
+	* @param expectedId - Optional expected event ID for validation
+	* @param now - Optional current time for continuation validation
+	* @param recipientPrivateKey - The recipient's private keys for decryption
+	* @param contentExtractor - Function to extract content from envelope
+	* @returns The parsed sealed event
+	*/
+	static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipientPrivateKey, contentExtractor) {
+		let signedEnvelope;
+		try {
+			signedEnvelope = encryptedEnvelope.decryptToRecipient(recipientPrivateKey);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let sender;
+		try {
+			const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+			if (senderEnvelope === void 0) throw new Error("Missing sender");
+			sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+		} catch (e) {
+			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+		}
+		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+		let eventEnvelope;
+		try {
+			eventEnvelope = signedEnvelope.verify(senderVerificationKey);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		const peerContinuation = eventEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+		if (peerContinuation !== void 0) {
+			if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+		}
+		const encryptedContinuation = eventEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+		let state;
+		if (encryptedContinuation !== void 0) state = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipientPrivateKey).state();
+		let event;
+		try {
+			if (contentExtractor !== void 0) event = _bcts_envelope.Event.fromEnvelope(eventEnvelope, contentExtractor);
+			else event = _bcts_envelope.Event.stringFromEnvelope(eventEnvelope);
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		return new SealedEvent(event, sender, state, peerContinuation);
+	}
+	/**
+	* Returns a string representation of the sealed event.
+	*/
+	toString() {
+		const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+		const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+		return `SealedEvent(${this._event.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+	}
+	/**
+	* Checks equality with another sealed event.
+	*/
+	equals(other) {
+		if (!this._event.equals(other._event)) return false;
+		if (!this._sender.xid().equals(other._sender.xid())) return false;
+		if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+			if (!this._state.digest().equals(other._state.digest())) return false;
+		} else return false;
+		if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+			if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+		} else return false;
+		return true;
+	}
+};
+
+//#endregion
+//#region src/prelude.ts
+var prelude_exports = /* @__PURE__ */ __exportAll({
+	Continuation: () => Continuation,
+	GstpError: () => GstpError,
+	GstpErrorCode: () => GstpErrorCode,
+	SealedEvent: () => SealedEvent,
+	SealedRequest: () => SealedRequest,
+	SealedResponse: () => SealedResponse
+});
+
+//#endregion
+//#region src/index.ts
+const VERSION = "0.13.0";
+
+//#endregion
+exports.Continuation = Continuation;
+exports.GstpError = GstpError;
+exports.GstpErrorCode = GstpErrorCode;
+exports.SealedEvent = SealedEvent;
+exports.SealedRequest = SealedRequest;
+exports.SealedResponse = SealedResponse;
+exports.VERSION = VERSION;
+Object.defineProperty(exports, 'prelude', {
+  enumerable: true,
+  get: function () {
+    return prelude_exports;
+  }
+});
+//# sourceMappingURL=index.cjs.map