@bcts/gstp 1.0.0-alpha.14

package/dist/index.iife.js

@@ -0,0 +1,1308 @@
+var bctsGstp = (function(exports, _bcts_components, _bcts_envelope, _bcts_known_values, _bcts_xid) {
+
+//#region rolldown:runtime
+	var __defProp = Object.defineProperty;
+	var __exportAll = (all, symbols) => {
+		let target = {};
+		for (var name in all) {
+			__defProp(target, name, {
+				get: all[name],
+				enumerable: true
+			});
+		}
+		if (symbols) {
+			__defProp(target, Symbol.toStringTag, { value: "Module" });
+		}
+		return target;
+	};
+
+//#endregion
+
+//#region src/error.ts
+/**
+	* GSTP Error Types
+	*
+	* Error types returned when operating on GSTP messages.
+	* Ported from gstp-rust/src/error.rs
+	*/
+	/**
+	* Error codes for GSTP operations.
+	*/
+	let GstpErrorCode = /* @__PURE__ */ function(GstpErrorCode$1) {
+		/** Sender must have an encryption key. */
+		GstpErrorCode$1["SENDER_MISSING_ENCRYPTION_KEY"] = "SENDER_MISSING_ENCRYPTION_KEY";
+		/** Recipient must have an encryption key. */
+		GstpErrorCode$1["RECIPIENT_MISSING_ENCRYPTION_KEY"] = "RECIPIENT_MISSING_ENCRYPTION_KEY";
+		/** Sender must have a verification key. */
+		GstpErrorCode$1["SENDER_MISSING_VERIFICATION_KEY"] = "SENDER_MISSING_VERIFICATION_KEY";
+		/** Continuation has expired. */
+		GstpErrorCode$1["CONTINUATION_EXPIRED"] = "CONTINUATION_EXPIRED";
+		/** Continuation ID is invalid. */
+		GstpErrorCode$1["CONTINUATION_ID_INVALID"] = "CONTINUATION_ID_INVALID";
+		/** Peer continuation must be encrypted. */
+		GstpErrorCode$1["PEER_CONTINUATION_NOT_ENCRYPTED"] = "PEER_CONTINUATION_NOT_ENCRYPTED";
+		/** Requests must contain a peer continuation. */
+		GstpErrorCode$1["MISSING_PEER_CONTINUATION"] = "MISSING_PEER_CONTINUATION";
+		/** Error from envelope operations. */
+		GstpErrorCode$1["ENVELOPE"] = "ENVELOPE";
+		/** Error from XID operations. */
+		GstpErrorCode$1["XID"] = "XID";
+		return GstpErrorCode$1;
+	}({});
+	/**
+	* Error class for GSTP operations.
+	*
+	* Provides specific error types that can occur during GSTP message
+	* creation, sealing, and parsing operations.
+	*/
+	var GstpError = class GstpError extends Error {
+		code;
+		constructor(code, message, cause) {
+			super(message);
+			this.name = "GstpError";
+			this.code = code;
+			if (cause !== void 0) this.cause = cause;
+			if ("captureStackTrace" in Error) Error.captureStackTrace(this, GstpError);
+		}
+		/**
+		* Returned when the sender is missing an encryption key.
+		*/
+		static senderMissingEncryptionKey() {
+			return new GstpError(GstpErrorCode.SENDER_MISSING_ENCRYPTION_KEY, "sender must have an encryption key");
+		}
+		/**
+		* Returned when the recipient is missing an encryption key.
+		*/
+		static recipientMissingEncryptionKey() {
+			return new GstpError(GstpErrorCode.RECIPIENT_MISSING_ENCRYPTION_KEY, "recipient must have an encryption key");
+		}
+		/**
+		* Returned when the sender is missing a verification key.
+		*/
+		static senderMissingVerificationKey() {
+			return new GstpError(GstpErrorCode.SENDER_MISSING_VERIFICATION_KEY, "sender must have a verification key");
+		}
+		/**
+		* Returned when the continuation has expired.
+		*/
+		static continuationExpired() {
+			return new GstpError(GstpErrorCode.CONTINUATION_EXPIRED, "continuation expired");
+		}
+		/**
+		* Returned when the continuation ID is invalid.
+		*/
+		static continuationIdInvalid() {
+			return new GstpError(GstpErrorCode.CONTINUATION_ID_INVALID, "continuation ID invalid");
+		}
+		/**
+		* Returned when the peer continuation is not encrypted.
+		*/
+		static peerContinuationNotEncrypted() {
+			return new GstpError(GstpErrorCode.PEER_CONTINUATION_NOT_ENCRYPTED, "peer continuation must be encrypted");
+		}
+		/**
+		* Returned when a request is missing the peer continuation.
+		*/
+		static missingPeerContinuation() {
+			return new GstpError(GstpErrorCode.MISSING_PEER_CONTINUATION, "requests must contain a peer continuation");
+		}
+		/**
+		* Envelope error wrapper.
+		*/
+		static envelope(cause) {
+			return new GstpError(GstpErrorCode.ENVELOPE, "envelope error", cause);
+		}
+		/**
+		* XID error wrapper.
+		*/
+		static xid(cause) {
+			return new GstpError(GstpErrorCode.XID, "XID error", cause);
+		}
+	};
+
+//#endregion
+//#region src/continuation.ts
+/**
+	* Continuation - Encrypted State Continuations (ESC)
+	*
+	* Continuations embed encrypted state data directly into messages,
+	* eliminating the need for local state storage and enhancing security
+	* for devices with limited storage or requiring distributed state management.
+	*
+	* Ported from gstp-rust/src/continuation.rs
+	*/
+	/**
+	* Represents an encrypted state continuation.
+	*
+	* Continuations provide a way to maintain state across message exchanges
+	* without requiring local storage. The state is encrypted and embedded
+	* directly in the message envelope.
+	*
+	* @example
+	* ```typescript
+	* import { Continuation } from '@bcts/gstp';
+	*
+	* // Create a continuation with state
+	* const continuation = new Continuation("session state data")
+	*   .withValidId(requestId)
+	*   .withValidUntil(new Date(Date.now() + 60000)); // Valid for 60 seconds
+	*
+	* // Convert to envelope (optionally encrypted)
+	* const envelope = continuation.toEnvelope(recipientPublicKey);
+	* ```
+	*/
+	var Continuation = class Continuation {
+		_state;
+		_validId;
+		_validUntil;
+		/**
+		* Creates a new Continuation with the given state.
+		*
+		* The state can be any value that implements EnvelopeEncodable.
+		*
+		* @param state - The state to embed in the continuation
+		* @param validId - Optional ID for validation
+		* @param validUntil - Optional expiration date
+		*/
+		constructor(state, validId, validUntil) {
+			this._state = _bcts_envelope.Envelope.new(state);
+			this._validId = validId;
+			this._validUntil = validUntil;
+		}
+		/**
+		* Creates a new continuation with a specific valid ID.
+		*
+		* @param validId - The ID to use for validation
+		* @returns A new Continuation instance with the valid ID set
+		*/
+		withValidId(validId) {
+			return new Continuation(this._state, validId, this._validUntil);
+		}
+		/**
+		* Creates a new continuation with an optional valid ID.
+		*
+		* @param validId - The ID to use for validation, or undefined
+		* @returns A new Continuation instance with the valid ID set
+		*/
+		withOptionalValidId(validId) {
+			return new Continuation(this._state, validId, this._validUntil);
+		}
+		/**
+		* Creates a new continuation with a specific valid until date.
+		*
+		* @param validUntil - The date until which the continuation is valid
+		* @returns A new Continuation instance with the valid until date set
+		*/
+		withValidUntil(validUntil) {
+			return new Continuation(this._state, this._validId, validUntil);
+		}
+		/**
+		* Creates a new continuation with an optional valid until date.
+		*
+		* @param validUntil - The date until which the continuation is valid, or undefined
+		* @returns A new Continuation instance with the valid until date set
+		*/
+		withOptionalValidUntil(validUntil) {
+			return new Continuation(this._state, this._validId, validUntil);
+		}
+		/**
+		* Creates a new continuation with a validity duration from now.
+		*
+		* @param durationMs - The duration in milliseconds for which the continuation is valid
+		* @returns A new Continuation instance with the valid until date set
+		*/
+		withValidDuration(durationMs) {
+			const validUntil = new Date(Date.now() + durationMs);
+			return new Continuation(this._state, this._validId, validUntil);
+		}
+		/**
+		* Returns the state envelope of the continuation.
+		*/
+		state() {
+			return this._state;
+		}
+		/**
+		* Returns the valid ID of the continuation, if set.
+		*/
+		id() {
+			return this._validId;
+		}
+		/**
+		* Returns the valid until date of the continuation, if set.
+		*/
+		validUntil() {
+			return this._validUntil;
+		}
+		/**
+		* Checks if the continuation is valid at the given time.
+		*
+		* If no valid_until is set, always returns true.
+		* If no time is provided, always returns true.
+		*
+		* @param now - The time to check against, or undefined to skip time validation
+		* @returns true if the continuation is valid at the given time
+		*/
+		isValidDate(now) {
+			if (this._validUntil === void 0) return true;
+			if (now === void 0) return true;
+			return now.getTime() <= this._validUntil.getTime();
+		}
+		/**
+		* Checks if the continuation has the expected ID.
+		*
+		* If no valid_id is set, always returns true.
+		* If no ID is provided for checking, always returns true.
+		*
+		* @param id - The ID to check against, or undefined to skip ID validation
+		* @returns true if the continuation has the expected ID
+		*/
+		isValidId(id) {
+			if (this._validId === void 0) return true;
+			if (id === void 0) return true;
+			return this._validId.equals(id);
+		}
+		/**
+		* Checks if the continuation is valid (both date and ID).
+		*
+		* @param now - The time to check against, or undefined to skip time validation
+		* @param id - The ID to check against, or undefined to skip ID validation
+		* @returns true if the continuation is valid
+		*/
+		isValid(now, id) {
+			return this.isValidDate(now) && this.isValidId(id);
+		}
+		/**
+		* Converts the continuation to an envelope.
+		*
+		* If a recipient is provided, the envelope is encrypted to that recipient.
+		*
+		* @param recipient - Optional recipient to encrypt the envelope to
+		* @returns The continuation as an envelope
+		*/
+		toEnvelope(recipient) {
+			let envelope = this._state;
+			if (this._validId !== void 0) envelope = envelope.addAssertion(_bcts_known_values.ID, this._validId);
+			if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, this._validUntil.toISOString());
+			if (recipient !== void 0) envelope = envelope.encryptToRecipients([recipient]);
+			return envelope;
+		}
+		/**
+		* Parses a continuation from an envelope.
+		*
+		* @param encryptedEnvelope - The envelope to parse
+		* @param expectedId - Optional ID to validate against
+		* @param now - Optional time to validate against
+		* @param recipient - Optional private keys to decrypt with
+		* @returns The parsed continuation
+		* @throws GstpError if validation fails or parsing fails
+		*/
+		static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipient) {
+			let envelope = encryptedEnvelope;
+			if (recipient !== void 0) try {
+				envelope = encryptedEnvelope.decryptToRecipient(recipient);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			const state = envelope.subject();
+			let validId;
+			try {
+				const idObj = envelope.objectForPredicate(_bcts_known_values.ID);
+				if (idObj !== void 0) {
+					const leafCbor = idObj.asLeaf();
+					if (leafCbor !== void 0) validId = _bcts_components.ARID.fromTaggedCborData(leafCbor.toData());
+				}
+			} catch {}
+			let validUntil;
+			try {
+				const validUntilObj = envelope.objectForPredicate(_bcts_known_values.VALID_UNTIL);
+				if (validUntilObj !== void 0) {
+					const dateStr = validUntilObj.asText();
+					if (dateStr !== void 0) validUntil = new Date(dateStr);
+				}
+			} catch {}
+			const continuation = new Continuation(state, validId, validUntil);
+			if (!continuation.isValidDate(now)) throw GstpError.continuationExpired();
+			if (!continuation.isValidId(expectedId)) throw GstpError.continuationIdInvalid();
+			return continuation;
+		}
+		/**
+		* Checks equality with another continuation.
+		*
+		* Two continuations are equal if they have the same state, ID, and valid_until.
+		*
+		* @param other - The continuation to compare with
+		* @returns true if the continuations are equal
+		*/
+		equals(other) {
+			if (!this._state.digest().equals(other._state.digest())) return false;
+			if (this._validId === void 0 && other._validId === void 0) {} else if (this._validId !== void 0 && other._validId !== void 0) {
+				if (!this._validId.equals(other._validId)) return false;
+			} else return false;
+			if (this._validUntil === void 0 && other._validUntil === void 0) {} else if (this._validUntil !== void 0 && other._validUntil !== void 0) {
+				if (this._validUntil.getTime() !== other._validUntil.getTime()) return false;
+			} else return false;
+			return true;
+		}
+		/**
+		* Returns a string representation of the continuation.
+		*/
+		toString() {
+			const parts = [`Continuation(state: ${this._state.formatFlat()}`];
+			if (this._validId !== void 0) parts.push(`id: ${this._validId.shortDescription()}`);
+			if (this._validUntil !== void 0) parts.push(`validUntil: ${this._validUntil.toISOString()}`);
+			return `${parts.join(", ")})`;
+		}
+	};
+
+//#endregion
+//#region src/sealed-request.ts
+/**
+	* A sealed request that combines a Request with sender information and
+	* state continuations for secure communication.
+	*
+	* @example
+	* ```typescript
+	* import { SealedRequest, ARID } from '@bcts/gstp';
+	* import { XIDDocument } from '@bcts/xid';
+	*
+	* // Create sender XID document
+	* const sender = XIDDocument.new();
+	* const requestId = ARID.new();
+	*
+	* // Create a sealed request
+	* const request = SealedRequest.new("getBalance", requestId, sender)
+	*   .withParameter("account", "alice")
+	*   .withState("session-state-data")
+	*   .withNote("Balance check");
+	*
+	* // Convert to sealed envelope
+	* const envelope = request.toEnvelope(
+	*   new Date(Date.now() + 60000), // Valid for 60 seconds
+	*   senderPrivateKey,
+	*   recipientXIDDocument
+	* );
+	* ```
+	*/
+	var SealedRequest = class SealedRequest {
+		_request;
+		_sender;
+		_state;
+		_peerContinuation;
+		constructor(request, sender, state, peerContinuation) {
+			this._request = request;
+			this._sender = sender;
+			this._state = state;
+			this._peerContinuation = peerContinuation;
+		}
+		/**
+		* Creates a new sealed request with the given function, ID, and sender.
+		*
+		* @param func - The function to call (string name or Function object)
+		* @param id - The request ID
+		* @param sender - The sender's XID document
+		*/
+		static new(func, id, sender) {
+			return new SealedRequest(_bcts_envelope.Request.new(func, id), sender);
+		}
+		/**
+		* Creates a new sealed request with an expression body.
+		*
+		* @param body - The expression body
+		* @param id - The request ID
+		* @param sender - The sender's XID document
+		*/
+		static newWithBody(body, id, sender) {
+			return new SealedRequest(_bcts_envelope.Request.newWithBody(body, id), sender);
+		}
+		/**
+		* Adds a parameter to the request.
+		*/
+		withParameter(parameter, value) {
+			this._request = this._request.withParameter(parameter, value);
+			return this;
+		}
+		/**
+		* Adds an optional parameter to the request.
+		*/
+		withOptionalParameter(parameter, value) {
+			if (value !== void 0) this._request = this._request.withParameter(parameter, value);
+			return this;
+		}
+		/**
+		* Returns the function of the request.
+		*/
+		function() {
+			return this._request.function();
+		}
+		/**
+		* Returns the expression envelope of the request.
+		*/
+		expressionEnvelope() {
+			return this._request.expressionEnvelope();
+		}
+		/**
+		* Returns the object for a parameter.
+		*/
+		objectForParameter(param) {
+			return this._request.body().getParameter(param);
+		}
+		/**
+		* Returns all objects for a parameter.
+		*/
+		objectsForParameter(param) {
+			const obj = this._request.body().getParameter(param);
+			return obj !== void 0 ? [obj] : [];
+		}
+		/**
+		* Extracts an object for a parameter as a specific type.
+		*/
+		extractObjectForParameter(param) {
+			const envelope = this.objectForParameter(param);
+			if (envelope === void 0) throw GstpError.envelope(/* @__PURE__ */ new Error(`Parameter not found: ${param}`));
+			return envelope.extractSubject((cbor) => {
+				if (cbor.isInteger()) return cbor.toInteger();
+				if (cbor.isText()) return cbor.toText();
+				if (cbor.isBool()) return cbor.toBool();
+				if (cbor.isNumber()) return cbor.toNumber();
+				if (cbor.isByteString()) return cbor.toByteString();
+				return cbor;
+			});
+		}
+		/**
+		* Extracts an optional object for a parameter.
+		*/
+		extractOptionalObjectForParameter(param) {
+			const envelope = this.objectForParameter(param);
+			if (envelope === void 0) return;
+			return envelope.extractSubject((cbor) => {
+				if (cbor.isInteger()) return cbor.toInteger();
+				if (cbor.isText()) return cbor.toText();
+				if (cbor.isBool()) return cbor.toBool();
+				if (cbor.isNumber()) return cbor.toNumber();
+				if (cbor.isByteString()) return cbor.toByteString();
+				return cbor;
+			});
+		}
+		/**
+		* Extracts all objects for a parameter as a specific type.
+		*/
+		extractObjectsForParameter(param) {
+			return this.objectsForParameter(param).map((env) => env.extractSubject((cbor) => cbor));
+		}
+		/**
+		* Adds a note to the request.
+		*/
+		withNote(note) {
+			this._request = this._request.withNote(note);
+			return this;
+		}
+		/**
+		* Adds a date to the request.
+		*/
+		withDate(date) {
+			this._request = this._request.withDate(date);
+			return this;
+		}
+		/**
+		* Returns the body of the request.
+		*/
+		body() {
+			return this._request.body();
+		}
+		/**
+		* Returns the ID of the request.
+		*/
+		id() {
+			return this._request.id();
+		}
+		/**
+		* Returns the note of the request.
+		*/
+		note() {
+			return this._request.note();
+		}
+		/**
+		* Returns the date of the request.
+		*/
+		date() {
+			return this._request.date();
+		}
+		/**
+		* Adds state to the request that the receiver must return in the response.
+		*/
+		withState(state) {
+			this._state = _bcts_envelope.Envelope.new(state);
+			return this;
+		}
+		/**
+		* Adds optional state to the request.
+		*/
+		withOptionalState(state) {
+			this._state = state !== void 0 ? _bcts_envelope.Envelope.new(state) : void 0;
+			return this;
+		}
+		/**
+		* Adds a continuation previously received from the recipient.
+		*/
+		withPeerContinuation(peerContinuation) {
+			this._peerContinuation = peerContinuation;
+			return this;
+		}
+		/**
+		* Adds an optional continuation previously received from the recipient.
+		*/
+		withOptionalPeerContinuation(peerContinuation) {
+			this._peerContinuation = peerContinuation;
+			return this;
+		}
+		/**
+		* Returns the underlying request.
+		*/
+		request() {
+			return this._request;
+		}
+		/**
+		* Returns the sender of the request.
+		*/
+		sender() {
+			return this._sender;
+		}
+		/**
+		* Returns the state to be sent to the recipient.
+		*/
+		state() {
+			return this._state;
+		}
+		/**
+		* Returns the continuation received from the recipient.
+		*/
+		peerContinuation() {
+			return this._peerContinuation;
+		}
+		/**
+		* Converts the sealed request to a Request.
+		*/
+		toRequest() {
+			return this._request;
+		}
+		/**
+		* Converts the sealed request to an Expression.
+		*/
+		toExpression() {
+			return this._request.body();
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or one recipient.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipient - Optional recipient XID document for encryption
+		* @returns The sealed request as an envelope
+		*/
+		toEnvelope(validUntil, signer, recipient) {
+			const recipients = recipient !== void 0 ? [recipient] : [];
+			return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or more recipients.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipients - Array of recipient XID documents for encryption
+		* @returns The sealed request as an envelope
+		*/
+		toEnvelopeForRecipients(validUntil, signer, recipients) {
+			const continuation = new Continuation(this._state ?? _bcts_envelope.Envelope.new(null), this.id(), validUntil);
+			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+			const senderContinuation = continuation.toEnvelope(senderEncryptionKey);
+			let result = this._request.toEnvelope();
+			result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+			result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+			if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+			if (signer !== void 0) result = result.sign(signer);
+			if (recipients !== void 0 && recipients.length > 0) {
+				const recipientKeys = recipients.map((recipient) => {
+					const key = recipient.encryptionKey();
+					if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+					return key;
+				});
+				result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+			}
+			return result;
+		}
+		/**
+		* Parses a sealed request from an encrypted envelope.
+		*
+		* @param encryptedEnvelope - The encrypted envelope to parse
+		* @param expectedId - Optional expected request ID for validation
+		* @param now - Optional current time for continuation validation
+		* @param recipient - The recipient's private keys for decryption
+		* @returns The parsed sealed request
+		*/
+		static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipient) {
+			let signedEnvelope;
+			try {
+				signedEnvelope = encryptedEnvelope.decryptToRecipient(recipient);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			let sender;
+			try {
+				const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+				if (senderEnvelope === void 0) throw new Error("Missing sender");
+				sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+			} catch (e) {
+				throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+			}
+			const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+			if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+			let requestEnvelope;
+			try {
+				requestEnvelope = signedEnvelope.verify(senderVerificationKey);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			const peerContinuation = requestEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+			if (peerContinuation !== void 0) {
+				if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+			} else throw GstpError.missingPeerContinuation();
+			const encryptedContinuation = requestEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+			let state;
+			if (encryptedContinuation !== void 0) state = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipient).state();
+			let request;
+			try {
+				request = _bcts_envelope.Request.fromEnvelope(requestEnvelope);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			return new SealedRequest(request, sender, state, peerContinuation);
+		}
+		/**
+		* Returns a string representation of the sealed request.
+		*/
+		toString() {
+			const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+			const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+			return `SealedRequest(${this._request.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+		}
+		/**
+		* Checks equality with another sealed request.
+		*/
+		equals(other) {
+			if (!this._request.equals(other._request)) return false;
+			if (!this._sender.xid().equals(other._sender.xid())) return false;
+			if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+				if (!this._state.digest().equals(other._state.digest())) return false;
+			} else return false;
+			if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+				if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+			} else return false;
+			return true;
+		}
+	};
+
+//#endregion
+//#region src/sealed-response.ts
+/**
+	* A sealed response that combines a Response with sender information and
+	* state continuations for secure communication.
+	*
+	* @example
+	* ```typescript
+	* import { SealedResponse, ARID } from '@bcts/gstp';
+	* import { XIDDocument } from '@bcts/xid';
+	*
+	* // Create sender XID document
+	* const sender = XIDDocument.new();
+	* const requestId = ARID.new();
+	*
+	* // Create a successful sealed response
+	* const response = SealedResponse.newSuccess(requestId, sender)
+	*   .withResult("Operation completed")
+	*   .withState("next-page-state");
+	*
+	* // Convert to sealed envelope
+	* const envelope = response.toEnvelope(
+	*   new Date(Date.now() + 60000), // Valid for 60 seconds
+	*   senderPrivateKey,
+	*   recipientXIDDocument
+	* );
+	* ```
+	*/
+	var SealedResponse = class SealedResponse {
+		_response;
+		_sender;
+		_state;
+		_peerContinuation;
+		constructor(response, sender, state, peerContinuation) {
+			this._response = response;
+			this._sender = sender;
+			this._state = state;
+			this._peerContinuation = peerContinuation;
+		}
+		/**
+		* Creates a new successful sealed response.
+		*
+		* @param id - The request ID this response is for
+		* @param sender - The sender's XID document
+		*/
+		static newSuccess(id, sender) {
+			return new SealedResponse(_bcts_envelope.Response.newSuccess(id), sender);
+		}
+		/**
+		* Creates a new failure sealed response.
+		*
+		* @param id - The request ID this response is for
+		* @param sender - The sender's XID document
+		*/
+		static newFailure(id, sender) {
+			return new SealedResponse(_bcts_envelope.Response.newFailure(id), sender);
+		}
+		/**
+		* Creates a new early failure sealed response.
+		*
+		* An early failure takes place before the message has been decrypted,
+		* and therefore the ID and sender public key are not known.
+		*
+		* @param sender - The sender's XID document
+		*/
+		static newEarlyFailure(sender) {
+			return new SealedResponse(_bcts_envelope.Response.newEarlyFailure(), sender);
+		}
+		/**
+		* Adds state to the response that the peer may return at some future time.
+		*
+		* @throws Error if called on a failed response
+		*/
+		withState(state) {
+			if (!this._response.isOk()) throw new Error("Cannot set state on a failed response");
+			this._state = _bcts_envelope.Envelope.new(state);
+			return this;
+		}
+		/**
+		* Adds optional state to the response.
+		*/
+		withOptionalState(state) {
+			if (state !== void 0) return this.withState(state);
+			this._state = void 0;
+			return this;
+		}
+		/**
+		* Adds a continuation previously received from the recipient.
+		*/
+		withPeerContinuation(peerContinuation) {
+			this._peerContinuation = peerContinuation;
+			return this;
+		}
+		/**
+		* Returns the sender of the response.
+		*/
+		sender() {
+			return this._sender;
+		}
+		/**
+		* Returns the state to be sent to the peer.
+		*/
+		state() {
+			return this._state;
+		}
+		/**
+		* Returns the continuation received from the peer.
+		*/
+		peerContinuation() {
+			return this._peerContinuation;
+		}
+		/**
+		* Sets the result value for a successful response.
+		*/
+		withResult(result) {
+			this._response = this._response.withResult(result);
+			return this;
+		}
+		/**
+		* Sets an optional result value for a successful response.
+		* If the result is undefined, the value of the response will be the null envelope.
+		*/
+		withOptionalResult(result) {
+			this._response = this._response.withOptionalResult(result);
+			return this;
+		}
+		/**
+		* Sets the error value for a failure response.
+		*/
+		withError(error) {
+			this._response = this._response.withError(error);
+			return this;
+		}
+		/**
+		* Sets an optional error value for a failure response.
+		* If the error is undefined, the value of the response will be the unknown value.
+		*/
+		withOptionalError(error) {
+			this._response = this._response.withOptionalError(error);
+			return this;
+		}
+		/**
+		* Returns true if this is a successful response.
+		*/
+		isOk() {
+			return this._response.isOk();
+		}
+		/**
+		* Returns true if this is a failure response.
+		*/
+		isErr() {
+			return this._response.isErr();
+		}
+		/**
+		* Returns the ID of the request this response is for, if known.
+		*/
+		id() {
+			return this._response.id();
+		}
+		/**
+		* Returns the ID of the request this response is for.
+		* @throws Error if the ID is not known
+		*/
+		expectId() {
+			return this._response.expectId();
+		}
+		/**
+		* Returns the result envelope if this is a successful response.
+		* @throws Error if this is a failure response
+		*/
+		result() {
+			return this._response.result();
+		}
+		/**
+		* Extracts the result as a specific type.
+		*/
+		extractResult(decoder) {
+			return this._response.extractResult(decoder);
+		}
+		/**
+		* Returns the error envelope if this is a failure response.
+		* @throws Error if this is a successful response
+		*/
+		error() {
+			return this._response.error();
+		}
+		/**
+		* Extracts the error as a specific type.
+		*/
+		extractError(decoder) {
+			return this._response.extractError(decoder);
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or one recipient.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipient - Optional recipient XID document for encryption
+		* @returns The sealed response as an envelope
+		*/
+		toEnvelope(validUntil, signer, recipient) {
+			const recipients = recipient !== void 0 ? [recipient] : [];
+			return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or more recipients.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipients - Array of recipient XID documents for encryption
+		* @returns The sealed response as an envelope
+		*/
+		toEnvelopeForRecipients(validUntil, signer, recipients) {
+			let senderContinuation;
+			if (this._state !== void 0) {
+				const continuation = new Continuation(this._state, void 0, validUntil);
+				const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+				if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+				senderContinuation = continuation.toEnvelope(senderEncryptionKey);
+			}
+			let result = this._response.toEnvelope();
+			result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+			if (senderContinuation !== void 0) result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+			if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+			if (signer !== void 0) result = result.sign(signer);
+			if (recipients !== void 0 && recipients.length > 0) {
+				const recipientKeys = recipients.map((recipient) => {
+					const key = recipient.encryptionKey();
+					if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+					return key;
+				});
+				result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+			}
+			return result;
+		}
+		/**
+		* Parses a sealed response from an encrypted envelope.
+		*
+		* @param encryptedEnvelope - The encrypted envelope to parse
+		* @param expectedId - Optional expected request ID for validation
+		* @param now - Optional current time for continuation validation
+		* @param recipientPrivateKey - The recipient's private keys for decryption
+		* @returns The parsed sealed response
+		*/
+		static tryFromEncryptedEnvelope(encryptedEnvelope, expectedId, now, recipientPrivateKey) {
+			let signedEnvelope;
+			try {
+				signedEnvelope = encryptedEnvelope.decryptToRecipient(recipientPrivateKey);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			let sender;
+			try {
+				const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+				if (senderEnvelope === void 0) throw new Error("Missing sender");
+				sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+			} catch (e) {
+				throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+			}
+			const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+			if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+			let responseEnvelope;
+			try {
+				responseEnvelope = signedEnvelope.verify(senderVerificationKey);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			const peerContinuation = responseEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+			if (peerContinuation !== void 0) {
+				if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+			}
+			const encryptedContinuation = responseEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+			let state;
+			if (encryptedContinuation !== void 0) {
+				const stateEnv = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipientPrivateKey).state();
+				if (stateEnv.isNull()) state = void 0;
+				else state = stateEnv;
+			}
+			let response;
+			try {
+				response = _bcts_envelope.Response.fromEnvelope(responseEnvelope);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			return new SealedResponse(response, sender, state, peerContinuation);
+		}
+		/**
+		* Returns a string representation of the sealed response.
+		*/
+		toString() {
+			const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+			const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+			return `SealedResponse(${this._response.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+		}
+		/**
+		* Checks equality with another sealed response.
+		*/
+		equals(other) {
+			if (!this._response.equals(other._response)) return false;
+			if (!this._sender.xid().equals(other._sender.xid())) return false;
+			if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+				if (!this._state.digest().equals(other._state.digest())) return false;
+			} else return false;
+			if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+				if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+			} else return false;
+			return true;
+		}
+	};
+
+//#endregion
+//#region src/sealed-event.ts
+/**
+	* A sealed event that combines an Event with sender information and
+	* state continuations for secure communication.
+	*
+	* @typeParam T - The type of content this event carries
+	*
+	* @example
+	* ```typescript
+	* import { SealedEvent, ARID } from '@bcts/gstp';
+	* import { XIDDocument } from '@bcts/xid';
+	*
+	* // Create sender XID document
+	* const sender = XIDDocument.new();
+	* const eventId = ARID.new();
+	*
+	* // Create a sealed event
+	* const event = SealedEvent.new("System notification", eventId, sender)
+	*   .withNote("Status update")
+	*   .withDate(new Date());
+	*
+	* // Convert to sealed envelope
+	* const envelope = event.toEnvelope(
+	*   new Date(Date.now() + 60000), // Valid for 60 seconds
+	*   senderPrivateKey,
+	*   recipientXIDDocument
+	* );
+	* ```
+	*/
+	var SealedEvent = class SealedEvent {
+		_event;
+		_sender;
+		_state;
+		_peerContinuation;
+		constructor(event, sender, state, peerContinuation) {
+			this._event = event;
+			this._sender = sender;
+			this._state = state;
+			this._peerContinuation = peerContinuation;
+		}
+		/**
+		* Creates a new sealed event with the given content, ID, and sender.
+		*
+		* @param content - The content of the event
+		* @param id - The event ID
+		* @param sender - The sender's XID document
+		*/
+		static new(content, id, sender) {
+			return new SealedEvent(_bcts_envelope.Event.new(content, id), sender);
+		}
+		/**
+		* Adds a note to the event.
+		*/
+		withNote(note) {
+			this._event = this._event.withNote(note);
+			return this;
+		}
+		/**
+		* Adds a date to the event.
+		*/
+		withDate(date) {
+			this._event = this._event.withDate(date);
+			return this;
+		}
+		/**
+		* Returns the content of the event.
+		*/
+		content() {
+			return this._event.content();
+		}
+		/**
+		* Returns the ID of the event.
+		*/
+		id() {
+			return this._event.id();
+		}
+		/**
+		* Returns the note of the event.
+		*/
+		note() {
+			return this._event.note();
+		}
+		/**
+		* Returns the date of the event.
+		*/
+		date() {
+			return this._event.date();
+		}
+		/**
+		* Adds state to the event that the receiver must return in the response.
+		*/
+		withState(state) {
+			this._state = _bcts_envelope.Envelope.new(state);
+			return this;
+		}
+		/**
+		* Adds optional state to the event.
+		*/
+		withOptionalState(state) {
+			if (state !== void 0) return this.withState(state);
+			this._state = void 0;
+			return this;
+		}
+		/**
+		* Adds a continuation previously received from the recipient.
+		*/
+		withPeerContinuation(peerContinuation) {
+			this._peerContinuation = peerContinuation;
+			return this;
+		}
+		/**
+		* Adds an optional continuation previously received from the recipient.
+		*/
+		withOptionalPeerContinuation(peerContinuation) {
+			this._peerContinuation = peerContinuation;
+			return this;
+		}
+		/**
+		* Returns the underlying event.
+		*/
+		event() {
+			return this._event;
+		}
+		/**
+		* Returns the sender of the event.
+		*/
+		sender() {
+			return this._sender;
+		}
+		/**
+		* Returns the state to be sent to the recipient.
+		*/
+		state() {
+			return this._state;
+		}
+		/**
+		* Returns the continuation received from the recipient.
+		*/
+		peerContinuation() {
+			return this._peerContinuation;
+		}
+		/**
+		* Converts the sealed event to an Event.
+		*/
+		toEvent() {
+			return this._event;
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or one recipient.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipient - Optional recipient XID document for encryption
+		* @returns The sealed event as an envelope
+		*/
+		toEnvelope(validUntil, signer, recipient) {
+			const recipients = recipient !== void 0 ? [recipient] : [];
+			return this.toEnvelopeForRecipients(validUntil, signer, recipients);
+		}
+		/**
+		* Creates an envelope that can be decrypted by zero or more recipients.
+		*
+		* @param validUntil - Optional expiration date for the continuation
+		* @param signer - Optional signer for the envelope
+		* @param recipients - Array of recipient XID documents for encryption
+		* @returns The sealed event as an envelope
+		*/
+		toEnvelopeForRecipients(validUntil, signer, recipients) {
+			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
+			let senderContinuation;
+			if (this._state !== void 0) senderContinuation = new Continuation(this._state, void 0, validUntil).toEnvelope(senderEncryptionKey);
+			else if (validUntil !== void 0) senderContinuation = new Continuation(_bcts_envelope.Envelope.new(null), void 0, validUntil).toEnvelope(senderEncryptionKey);
+			let result = this._event.toEnvelope();
+			result = result.addAssertion(_bcts_known_values.SENDER, this._sender.toEnvelope());
+			if (senderContinuation !== void 0) result = result.addAssertion(_bcts_known_values.SENDER_CONTINUATION, senderContinuation);
+			if (this._peerContinuation !== void 0) result = result.addAssertion(_bcts_known_values.RECIPIENT_CONTINUATION, this._peerContinuation);
+			if (signer !== void 0) result = result.sign(signer);
+			if (recipients !== void 0 && recipients.length > 0) {
+				const recipientKeys = recipients.map((recipient) => {
+					const key = recipient.encryptionKey();
+					if (key === void 0) throw GstpError.recipientMissingEncryptionKey();
+					return key;
+				});
+				result = result.wrap().encryptSubjectToRecipients(recipientKeys);
+			}
+			return result;
+		}
+		/**
+		* Parses a sealed event from an encrypted envelope.
+		*
+		* @param encryptedEnvelope - The encrypted envelope to parse
+		* @param expectedId - Optional expected event ID for validation
+		* @param now - Optional current time for continuation validation
+		* @param recipientPrivateKey - The recipient's private keys for decryption
+		* @param contentExtractor - Function to extract content from envelope
+		* @returns The parsed sealed event
+		*/
+		static tryFromEnvelope(encryptedEnvelope, expectedId, now, recipientPrivateKey, contentExtractor) {
+			let signedEnvelope;
+			try {
+				signedEnvelope = encryptedEnvelope.decryptToRecipient(recipientPrivateKey);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			let sender;
+			try {
+				const senderEnvelope = signedEnvelope.tryUnwrap().objectForPredicate(_bcts_known_values.SENDER);
+				if (senderEnvelope === void 0) throw new Error("Missing sender");
+				sender = _bcts_xid.XIDDocument.fromEnvelope(senderEnvelope);
+			} catch (e) {
+				throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
+			}
+			const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+			if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
+			let eventEnvelope;
+			try {
+				eventEnvelope = signedEnvelope.verify(senderVerificationKey);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			const peerContinuation = eventEnvelope.optionalObjectForPredicate(_bcts_known_values.SENDER_CONTINUATION);
+			if (peerContinuation !== void 0) {
+				if (!peerContinuation.subject().isEncrypted()) throw GstpError.peerContinuationNotEncrypted();
+			}
+			const encryptedContinuation = eventEnvelope.optionalObjectForPredicate(_bcts_known_values.RECIPIENT_CONTINUATION);
+			let state;
+			if (encryptedContinuation !== void 0) state = Continuation.tryFromEnvelope(encryptedContinuation, expectedId, now, recipientPrivateKey).state();
+			let event;
+			try {
+				if (contentExtractor !== void 0) event = _bcts_envelope.Event.fromEnvelope(eventEnvelope, contentExtractor);
+				else event = _bcts_envelope.Event.stringFromEnvelope(eventEnvelope);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+			}
+			return new SealedEvent(event, sender, state, peerContinuation);
+		}
+		/**
+		* Returns a string representation of the sealed event.
+		*/
+		toString() {
+			const stateStr = this._state !== void 0 ? this._state.formatFlat() : "None";
+			const peerStr = this._peerContinuation !== void 0 ? "Some" : "None";
+			return `SealedEvent(${this._event.summary()}, state: ${stateStr}, peer_continuation: ${peerStr})`;
+		}
+		/**
+		* Checks equality with another sealed event.
+		*/
+		equals(other) {
+			if (!this._event.equals(other._event)) return false;
+			if (!this._sender.xid().equals(other._sender.xid())) return false;
+			if (this._state === void 0 && other._state === void 0) {} else if (this._state !== void 0 && other._state !== void 0) {
+				if (!this._state.digest().equals(other._state.digest())) return false;
+			} else return false;
+			if (this._peerContinuation === void 0 && other._peerContinuation === void 0) {} else if (this._peerContinuation !== void 0 && other._peerContinuation !== void 0) {
+				if (!this._peerContinuation.digest().equals(other._peerContinuation.digest())) return false;
+			} else return false;
+			return true;
+		}
+	};
+
+//#endregion
+//#region src/prelude.ts
+	var prelude_exports = /* @__PURE__ */ __exportAll({
+		Continuation: () => Continuation,
+		GstpError: () => GstpError,
+		GstpErrorCode: () => GstpErrorCode,
+		SealedEvent: () => SealedEvent,
+		SealedRequest: () => SealedRequest,
+		SealedResponse: () => SealedResponse
+	});
+
+//#endregion
+//#region src/index.ts
+	const VERSION = "0.13.0";
+
+//#endregion
+exports.Continuation = Continuation;
+exports.GstpError = GstpError;
+exports.GstpErrorCode = GstpErrorCode;
+exports.SealedEvent = SealedEvent;
+exports.SealedRequest = SealedRequest;
+exports.SealedResponse = SealedResponse;
+exports.VERSION = VERSION;
+Object.defineProperty(exports, 'prelude', {
+  enumerable: true,
+  get: function () {
+    return prelude_exports;
+  }
+});
+return exports;
+})({}, bctsComponents, bctsEnvelope, bctsKnownValues, bctsXid);
+//# sourceMappingURL=index.iife.js.map