@bcts/gstp 1.0.0-alpha.22 → 1.0.0-beta.0

package/dist/chunk-CfYAbeIz.mjs

@@ -0,0 +1,13 @@
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) __defProp(target, name, {
+		get: all[name],
+		enumerable: true
+	});
+	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
+	return target;
+};
+//#endregion
+export { __exportAll as t };

package/dist/index.cjs

@@ -1,26 +1,21 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 //#region \0rolldown/runtime.js
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
-	for (var name in all) {
-		__defProp(target, name, {
-			get: all[name],
-			enumerable: true
-		});
-	}
-	if (!no_symbols) {
-		__defProp(target, Symbol.toStringTag, { value: "Module" });
-	}
+	for (var name in all) __defProp(target, name, {
+		get: all[name],
+		enumerable: true
+	});
+	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
-
 //#endregion
 let _bcts_components = require("@bcts/components");
 let _bcts_envelope = require("@bcts/envelope");
+let _bcts_dcbor = require("@bcts/dcbor");
 let _bcts_known_values = require("@bcts/known-values");
 let _bcts_xid = require("@bcts/xid");
-
 //#region src/error.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -75,58 +70,57 @@ var GstpError = class GstpError extends Error {
 	* Returned when the sender is missing an encryption key.
 	*/
 	static senderMissingEncryptionKey() {
-		return new GstpError(GstpErrorCode.SENDER_MISSING_ENCRYPTION_KEY, "sender must have an encryption key");
+		return new GstpError("SENDER_MISSING_ENCRYPTION_KEY", "sender must have an encryption key");
 	}
 	/**
 	* Returned when the recipient is missing an encryption key.
 	*/
 	static recipientMissingEncryptionKey() {
-		return new GstpError(GstpErrorCode.RECIPIENT_MISSING_ENCRYPTION_KEY, "recipient must have an encryption key");
+		return new GstpError("RECIPIENT_MISSING_ENCRYPTION_KEY", "recipient must have an encryption key");
 	}
 	/**
 	* Returned when the sender is missing a verification key.
 	*/
 	static senderMissingVerificationKey() {
-		return new GstpError(GstpErrorCode.SENDER_MISSING_VERIFICATION_KEY, "sender must have a verification key");
+		return new GstpError("SENDER_MISSING_VERIFICATION_KEY", "sender must have a verification key");
 	}
 	/**
 	* Returned when the continuation has expired.
 	*/
 	static continuationExpired() {
-		return new GstpError(GstpErrorCode.CONTINUATION_EXPIRED, "continuation expired");
+		return new GstpError("CONTINUATION_EXPIRED", "continuation expired");
 	}
 	/**
 	* Returned when the continuation ID is invalid.
 	*/
 	static continuationIdInvalid() {
-		return new GstpError(GstpErrorCode.CONTINUATION_ID_INVALID, "continuation ID invalid");
+		return new GstpError("CONTINUATION_ID_INVALID", "continuation ID invalid");
 	}
 	/**
 	* Returned when the peer continuation is not encrypted.
 	*/
 	static peerContinuationNotEncrypted() {
-		return new GstpError(GstpErrorCode.PEER_CONTINUATION_NOT_ENCRYPTED, "peer continuation must be encrypted");
+		return new GstpError("PEER_CONTINUATION_NOT_ENCRYPTED", "peer continuation must be encrypted");
 	}
 	/**
 	* Returned when a request is missing the peer continuation.
 	*/
 	static missingPeerContinuation() {
-		return new GstpError(GstpErrorCode.MISSING_PEER_CONTINUATION, "requests must contain a peer continuation");
+		return new GstpError("MISSING_PEER_CONTINUATION", "requests must contain a peer continuation");
 	}
 	/**
 	* Envelope error wrapper.
 	*/
 	static envelope(cause) {
-		return new GstpError(GstpErrorCode.ENVELOPE, "envelope error", cause);
+		return new GstpError("ENVELOPE", "envelope error", cause);
 	}
 	/**
 	* XID error wrapper.
 	*/
 	static xid(cause) {
-		return new GstpError(GstpErrorCode.XID, "XID error", cause);
+		return new GstpError("XID", "XID error", cause);
 	}
 };
-
 //#endregion
 //#region src/continuation.ts
 /**
@@ -140,7 +134,22 @@ var GstpError = class GstpError extends Error {
 * eliminating the need for local state storage and enhancing security
 * for devices with limited storage or requiring distributed state management.
 *
-* Ported from gstp-rust/src/continuation.rs
+* Ported from gstp-rust/src/continuation.rs.
+*
+* Wire shape — mirrors Rust:
+* ```
+* {
+*     <state envelope>
+* } [
+*     'id': ARID(...)
+*     'validUntil': Date(...)        ← CBOR tag 1, not ISO 8601 text
+* ]
+* ```
+*
+* The `state` envelope is **wrapped** before assertions are attached,
+* matching Rust `self.state.wrap().add_optional_assertion(...)`. The
+* earlier port attached the assertions directly to the un-wrapped state,
+* producing a different digest tree.
 */
 /**
 * Represents an encrypted state continuation.
@@ -247,8 +256,10 @@ var Continuation = class Continuation {
 	/**
 	* Checks if the continuation is valid at the given time.
 	*
-	* If no valid_until is set, always returns true.
-	* If no time is provided, always returns true.
+	* Mirrors Rust `is_valid_date(now)`: at the exact `valid_until`
+	* instant, the continuation is **expired** (returns `false`). The
+	* earlier port used `<=` here, which differed from Rust by one
+	* millisecond at the boundary.
 	*
 	* @param now - The time to check against, or undefined to skip time validation
 	* @returns true if the continuation is valid at the given time
@@ -256,7 +267,7 @@ var Continuation = class Continuation {
 	isValidDate(now) {
 		if (this._validUntil === void 0) return true;
 		if (now === void 0) return true;
-		return now.getTime() <= this._validUntil.getTime();
+		return now.getTime() < this._validUntil.getTime();
 	}
 	/**
 	* Checks if the continuation has the expected ID.
@@ -285,21 +296,39 @@ var Continuation = class Continuation {
 	/**
 	* Converts the continuation to an envelope.
 	*
-	* If a recipient is provided, the envelope is encrypted to that recipient.
+	* Mirrors Rust `Continuation::to_envelope`:
+	*
+	* ```rust
+	* self.state.wrap()
+	*     .add_optional_assertion(ID, self.valid_id)
+	*     .add_optional_assertion(VALID_UNTIL, self.valid_until)
+	* ```
+	*
+	* The state is wrapped first; the optional assertions then live on
+	* the wrap node. `valid_until` is encoded as a CBOR-tagged Date
+	* (tag 1) — never as a plain ISO 8601 string.
 	*
 	* @param recipient - Optional recipient to encrypt the envelope to
 	* @returns The continuation as an envelope
 	*/
 	toEnvelope(recipient) {
-		let envelope = this._state;
+		let envelope = this._state.wrap();
 		if (this._validId !== void 0) envelope = envelope.addAssertion(_bcts_known_values.ID, this._validId);
-		if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, this._validUntil.toISOString());
+		if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, _bcts_dcbor.CborDate.fromDatetime(this._validUntil));
 		if (recipient !== void 0) envelope = envelope.encryptToRecipients([recipient]);
 		return envelope;
 	}
 	/**
 	* Parses a continuation from an envelope.
 	*
+	* Mirrors Rust `Continuation::try_from_envelope`:
+	*
+	* ```rust
+	* state: envelope.try_unwrap()?,                                     // unwrap
+	* valid_id: envelope.extract_optional_object_for_predicate(ID)?,
+	* valid_until: envelope.extract_optional_object_for_predicate(VALID_UNTIL)?,
+	* ```
+	*
 	* @param encryptedEnvelope - The envelope to parse
 	* @param expectedId - Optional ID to validate against
 	* @param now - Optional time to validate against
@@ -314,23 +343,32 @@ var Continuation = class Continuation {
 		} catch (e) {
 			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 		}
-		const state = envelope.subject();
-		let validId;
+		let state;
 		try {
-			const idObj = envelope.objectForPredicate(_bcts_known_values.ID);
-			if (idObj !== void 0) {
-				const leafCbor = idObj.asLeaf();
-				if (leafCbor !== void 0) validId = _bcts_components.ARID.fromTaggedCborData(leafCbor.toData());
+			state = envelope.tryUnwrap();
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let validId;
+		const idObj = envelope.optionalObjectForPredicate(_bcts_known_values.ID);
+		if (idObj !== void 0) {
+			const leafCbor = idObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validId = _bcts_components.ARID.fromTaggedCbor(leafCbor);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		let validUntil;
-		try {
-			const validUntilObj = envelope.objectForPredicate(_bcts_known_values.VALID_UNTIL);
-			if (validUntilObj !== void 0) {
-				const dateStr = validUntilObj.asText();
-				if (dateStr !== void 0) validUntil = new Date(dateStr);
+		const validUntilObj = envelope.optionalObjectForPredicate(_bcts_known_values.VALID_UNTIL);
+		if (validUntilObj !== void 0) {
+			const leafCbor = validUntilObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validUntil = _bcts_dcbor.CborDate.fromTaggedCbor(leafCbor).datetime();
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		const continuation = new Continuation(state, validId, validUntil);
 		if (!continuation.isValidDate(now)) throw GstpError.continuationExpired();
 		if (!continuation.isValidId(expectedId)) throw GstpError.continuationIdInvalid();
@@ -364,10 +402,50 @@ var Continuation = class Continuation {
 		return `${parts.join(", ")})`;
 	}
 };
-
 //#endregion
 //#region src/sealed-request.ts
 /**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* SealedRequest - Sealed request messages for GSTP
+*
+* A SealedRequest wraps a Request with sender information and state
+* continuations for secure, authenticated request messages.
+*
+* Ported from gstp-rust/src/sealed_request.rs
+*/
+/**
+* Decode a CBOR value into a typed JS value.
+*
+* Mirrors the type-driven `T: TryFrom<CBOR>` dispatch Rust's
+* `extract_object_for_parameter` relies on. TS lacks compile-time
+* trait dispatch, so we hand-roll the most common cases:
+*  - tag 1 (`Date`) → JS `Date`,
+*  - tag 40012 (`ARID`) → `ARID`,
+*  - integer / text / bool / number / byte-string primitives,
+*  - everything else → the raw `Cbor` value.
+*
+* Callers needing other typed extraction should use
+* `objectForParameter()` directly and decode the envelope themselves.
+*/
+function extractCborAsT(cbor) {
+	const tagged = cbor.asTagged();
+	if (tagged !== void 0) {
+		const [tag] = tagged;
+		const tagNumber = Number(tag.value);
+		if (tagNumber === 1) return _bcts_dcbor.CborDate.fromTaggedCbor(cbor).datetime();
+		if (tagNumber === 40012) return _bcts_components.ARID.fromTaggedCbor(cbor);
+	}
+	if (cbor.isInteger()) return cbor.toInteger();
+	if (cbor.isText()) return cbor.toText();
+	if (cbor.isBool()) return cbor.toBool();
+	if (cbor.isNumber()) return cbor.toNumber();
+	if (cbor.isByteString()) return cbor.toByteString();
+	return cbor;
+}
+/**
 * A sealed request that combines a Request with sender information and
 * state continuations for secure communication.
 *
@@ -459,25 +537,32 @@ var SealedRequest = class SealedRequest {
 	}
 	/**
 	* Returns all objects for a parameter.
+	*
+	* Mirrors Rust `SealedRequest::objects_for_parameter` which delegates
+	* to `Expression::objects_for_parameter`. GSTP requests can carry
+	* multiple parameters with the same ID — e.g. a DKG invite has
+	* one `participant` per group member — and a decoder must see
+	* every one of them.
 	*/
 	objectsForParameter(param) {
-		const obj = this._request.body().getParameter(param);
-		return obj !== void 0 ? [obj] : [];
+		return this._request.body().objectsForParameter(param);
 	}
 	/**
 	* Extracts an object for a parameter as a specific type.
+	*
+	* Mirrors Rust `SealedRequest::extract_object_for_parameter` — Rust
+	* uses a `T: TryFrom<CBOR>` constraint and dispatches to whatever
+	* `From<CBOR> for T` impl is in scope (e.g. tag-1 CBOR decodes to
+	* `chrono::DateTime`, tag-40012 to `ARID`, etc.). TS lacks that
+	* trait dispatch, so we recognise the most common tagged types
+	* (`Date` via tag 1, `ARID` via tag 40012) plus the primitive
+	* fall-through. Callers needing other typed extraction should use
+	* `objectForParameter()` directly and decode the envelope themselves.
 	*/
 	extractObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) throw GstpError.envelope(/* @__PURE__ */ new Error(`Parameter not found: ${param}`));
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts an optional object for a parameter.
@@ -485,14 +570,7 @@ var SealedRequest = class SealedRequest {
 	extractOptionalObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) return;
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts all objects for a parameter as a specific type.
@@ -624,7 +702,7 @@ var SealedRequest = class SealedRequest {
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
 		const continuation = new Continuation(this._state ?? _bcts_envelope.Envelope.new(null), this.id(), validUntil);
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		const senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		let result = this._request.toEnvelope();
@@ -666,7 +744,7 @@ var SealedRequest = class SealedRequest {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let requestEnvelope;
 		try {
@@ -712,7 +790,6 @@ var SealedRequest = class SealedRequest {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/sealed-response.ts
 /**
@@ -929,7 +1006,7 @@ var SealedResponse = class SealedResponse {
 		let senderContinuation;
 		if (this._state !== void 0) {
 			const continuation = new Continuation(this._state, void 0, validUntil);
-			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			const senderEncryptionKey = this._sender.encryptionKey();
 			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 			senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		}
@@ -972,7 +1049,7 @@ var SealedResponse = class SealedResponse {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let responseEnvelope;
 		try {
@@ -1022,7 +1099,6 @@ var SealedResponse = class SealedResponse {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/sealed-event.ts
 /**
@@ -1192,7 +1268,7 @@ var SealedEvent = class SealedEvent {
 	* @returns The sealed event as an envelope
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		let senderContinuation;
 		if (this._state !== void 0) senderContinuation = new Continuation(this._state, void 0, validUntil).toEnvelope(senderEncryptionKey);
@@ -1237,7 +1313,7 @@ var SealedEvent = class SealedEvent {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let eventEnvelope;
 		try {
@@ -1284,7 +1360,6 @@ var SealedEvent = class SealedEvent {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/prelude.ts
 var prelude_exports = /* @__PURE__ */ __exportAll({
@@ -1295,11 +1370,9 @@ var prelude_exports = /* @__PURE__ */ __exportAll({
 	SealedRequest: () => SealedRequest,
 	SealedResponse: () => SealedResponse
 });
-
 //#endregion
 //#region src/index.ts
 const VERSION = "0.13.0";
-
 //#endregion
 exports.Continuation = Continuation;
 exports.GstpError = GstpError;
@@ -1308,10 +1381,11 @@ exports.SealedEvent = SealedEvent;
 exports.SealedRequest = SealedRequest;
 exports.SealedResponse = SealedResponse;
 exports.VERSION = VERSION;
-Object.defineProperty(exports, 'prelude', {
-  enumerable: true,
-  get: function () {
-    return prelude_exports;
-  }
+Object.defineProperty(exports, "prelude", {
+	enumerable: true,
+	get: function() {
+		return prelude_exports;
+	}
 });
+
 //# sourceMappingURL=index.cjs.map