@bcts/gstp 1.0.0-alpha.22 → 1.0.0-beta.0

package/dist/index.mjs

@@ -1,9 +1,9 @@
-import { t as __exportAll } from "./chunk-DQk6qfdC.mjs";
+import { t as __exportAll } from "./chunk-CfYAbeIz.mjs";
 import { ARID } from "@bcts/components";
 import { Envelope, Event, Request, Response } from "@bcts/envelope";
+import { CborDate } from "@bcts/dcbor";
 import { ID, RECIPIENT_CONTINUATION, SENDER, SENDER_CONTINUATION, VALID_UNTIL } from "@bcts/known-values";
 import { XIDDocument } from "@bcts/xid";
-
 //#region src/error.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -58,58 +58,57 @@ var GstpError = class GstpError extends Error {
 	* Returned when the sender is missing an encryption key.
 	*/
 	static senderMissingEncryptionKey() {
-		return new GstpError(GstpErrorCode.SENDER_MISSING_ENCRYPTION_KEY, "sender must have an encryption key");
+		return new GstpError("SENDER_MISSING_ENCRYPTION_KEY", "sender must have an encryption key");
 	}
 	/**
 	* Returned when the recipient is missing an encryption key.
 	*/
 	static recipientMissingEncryptionKey() {
-		return new GstpError(GstpErrorCode.RECIPIENT_MISSING_ENCRYPTION_KEY, "recipient must have an encryption key");
+		return new GstpError("RECIPIENT_MISSING_ENCRYPTION_KEY", "recipient must have an encryption key");
 	}
 	/**
 	* Returned when the sender is missing a verification key.
 	*/
 	static senderMissingVerificationKey() {
-		return new GstpError(GstpErrorCode.SENDER_MISSING_VERIFICATION_KEY, "sender must have a verification key");
+		return new GstpError("SENDER_MISSING_VERIFICATION_KEY", "sender must have a verification key");
 	}
 	/**
 	* Returned when the continuation has expired.
 	*/
 	static continuationExpired() {
-		return new GstpError(GstpErrorCode.CONTINUATION_EXPIRED, "continuation expired");
+		return new GstpError("CONTINUATION_EXPIRED", "continuation expired");
 	}
 	/**
 	* Returned when the continuation ID is invalid.
 	*/
 	static continuationIdInvalid() {
-		return new GstpError(GstpErrorCode.CONTINUATION_ID_INVALID, "continuation ID invalid");
+		return new GstpError("CONTINUATION_ID_INVALID", "continuation ID invalid");
 	}
 	/**
 	* Returned when the peer continuation is not encrypted.
 	*/
 	static peerContinuationNotEncrypted() {
-		return new GstpError(GstpErrorCode.PEER_CONTINUATION_NOT_ENCRYPTED, "peer continuation must be encrypted");
+		return new GstpError("PEER_CONTINUATION_NOT_ENCRYPTED", "peer continuation must be encrypted");
 	}
 	/**
 	* Returned when a request is missing the peer continuation.
 	*/
 	static missingPeerContinuation() {
-		return new GstpError(GstpErrorCode.MISSING_PEER_CONTINUATION, "requests must contain a peer continuation");
+		return new GstpError("MISSING_PEER_CONTINUATION", "requests must contain a peer continuation");
 	}
 	/**
 	* Envelope error wrapper.
 	*/
 	static envelope(cause) {
-		return new GstpError(GstpErrorCode.ENVELOPE, "envelope error", cause);
+		return new GstpError("ENVELOPE", "envelope error", cause);
 	}
 	/**
 	* XID error wrapper.
 	*/
 	static xid(cause) {
-		return new GstpError(GstpErrorCode.XID, "XID error", cause);
+		return new GstpError("XID", "XID error", cause);
 	}
 };
-
 //#endregion
 //#region src/continuation.ts
 /**
@@ -123,7 +122,22 @@ var GstpError = class GstpError extends Error {
 * eliminating the need for local state storage and enhancing security
 * for devices with limited storage or requiring distributed state management.
 *
-* Ported from gstp-rust/src/continuation.rs
+* Ported from gstp-rust/src/continuation.rs.
+*
+* Wire shape — mirrors Rust:
+* ```
+* {
+*     <state envelope>
+* } [
+*     'id': ARID(...)
+*     'validUntil': Date(...)        ← CBOR tag 1, not ISO 8601 text
+* ]
+* ```
+*
+* The `state` envelope is **wrapped** before assertions are attached,
+* matching Rust `self.state.wrap().add_optional_assertion(...)`. The
+* earlier port attached the assertions directly to the un-wrapped state,
+* producing a different digest tree.
 */
 /**
 * Represents an encrypted state continuation.
@@ -230,8 +244,10 @@ var Continuation = class Continuation {
 	/**
 	* Checks if the continuation is valid at the given time.
 	*
-	* If no valid_until is set, always returns true.
-	* If no time is provided, always returns true.
+	* Mirrors Rust `is_valid_date(now)`: at the exact `valid_until`
+	* instant, the continuation is **expired** (returns `false`). The
+	* earlier port used `<=` here, which differed from Rust by one
+	* millisecond at the boundary.
 	*
 	* @param now - The time to check against, or undefined to skip time validation
 	* @returns true if the continuation is valid at the given time
@@ -239,7 +255,7 @@ var Continuation = class Continuation {
 	isValidDate(now) {
 		if (this._validUntil === void 0) return true;
 		if (now === void 0) return true;
-		return now.getTime() <= this._validUntil.getTime();
+		return now.getTime() < this._validUntil.getTime();
 	}
 	/**
 	* Checks if the continuation has the expected ID.
@@ -268,21 +284,39 @@ var Continuation = class Continuation {
 	/**
 	* Converts the continuation to an envelope.
 	*
-	* If a recipient is provided, the envelope is encrypted to that recipient.
+	* Mirrors Rust `Continuation::to_envelope`:
+	*
+	* ```rust
+	* self.state.wrap()
+	*     .add_optional_assertion(ID, self.valid_id)
+	*     .add_optional_assertion(VALID_UNTIL, self.valid_until)
+	* ```
+	*
+	* The state is wrapped first; the optional assertions then live on
+	* the wrap node. `valid_until` is encoded as a CBOR-tagged Date
+	* (tag 1) — never as a plain ISO 8601 string.
 	*
 	* @param recipient - Optional recipient to encrypt the envelope to
 	* @returns The continuation as an envelope
 	*/
 	toEnvelope(recipient) {
-		let envelope = this._state;
+		let envelope = this._state.wrap();
 		if (this._validId !== void 0) envelope = envelope.addAssertion(ID, this._validId);
-		if (this._validUntil !== void 0) envelope = envelope.addAssertion(VALID_UNTIL, this._validUntil.toISOString());
+		if (this._validUntil !== void 0) envelope = envelope.addAssertion(VALID_UNTIL, CborDate.fromDatetime(this._validUntil));
 		if (recipient !== void 0) envelope = envelope.encryptToRecipients([recipient]);
 		return envelope;
 	}
 	/**
 	* Parses a continuation from an envelope.
 	*
+	* Mirrors Rust `Continuation::try_from_envelope`:
+	*
+	* ```rust
+	* state: envelope.try_unwrap()?,                                     // unwrap
+	* valid_id: envelope.extract_optional_object_for_predicate(ID)?,
+	* valid_until: envelope.extract_optional_object_for_predicate(VALID_UNTIL)?,
+	* ```
+	*
 	* @param encryptedEnvelope - The envelope to parse
 	* @param expectedId - Optional ID to validate against
 	* @param now - Optional time to validate against
@@ -297,23 +331,32 @@ var Continuation = class Continuation {
 		} catch (e) {
 			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 		}
-		const state = envelope.subject();
-		let validId;
+		let state;
 		try {
-			const idObj = envelope.objectForPredicate(ID);
-			if (idObj !== void 0) {
-				const leafCbor = idObj.asLeaf();
-				if (leafCbor !== void 0) validId = ARID.fromTaggedCborData(leafCbor.toData());
+			state = envelope.tryUnwrap();
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let validId;
+		const idObj = envelope.optionalObjectForPredicate(ID);
+		if (idObj !== void 0) {
+			const leafCbor = idObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validId = ARID.fromTaggedCbor(leafCbor);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		let validUntil;
-		try {
-			const validUntilObj = envelope.objectForPredicate(VALID_UNTIL);
-			if (validUntilObj !== void 0) {
-				const dateStr = validUntilObj.asText();
-				if (dateStr !== void 0) validUntil = new Date(dateStr);
+		const validUntilObj = envelope.optionalObjectForPredicate(VALID_UNTIL);
+		if (validUntilObj !== void 0) {
+			const leafCbor = validUntilObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validUntil = CborDate.fromTaggedCbor(leafCbor).datetime();
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		const continuation = new Continuation(state, validId, validUntil);
 		if (!continuation.isValidDate(now)) throw GstpError.continuationExpired();
 		if (!continuation.isValidId(expectedId)) throw GstpError.continuationIdInvalid();
@@ -347,10 +390,50 @@ var Continuation = class Continuation {
 		return `${parts.join(", ")})`;
 	}
 };
-
 //#endregion
 //#region src/sealed-request.ts
 /**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* SealedRequest - Sealed request messages for GSTP
+*
+* A SealedRequest wraps a Request with sender information and state
+* continuations for secure, authenticated request messages.
+*
+* Ported from gstp-rust/src/sealed_request.rs
+*/
+/**
+* Decode a CBOR value into a typed JS value.
+*
+* Mirrors the type-driven `T: TryFrom<CBOR>` dispatch Rust's
+* `extract_object_for_parameter` relies on. TS lacks compile-time
+* trait dispatch, so we hand-roll the most common cases:
+*  - tag 1 (`Date`) → JS `Date`,
+*  - tag 40012 (`ARID`) → `ARID`,
+*  - integer / text / bool / number / byte-string primitives,
+*  - everything else → the raw `Cbor` value.
+*
+* Callers needing other typed extraction should use
+* `objectForParameter()` directly and decode the envelope themselves.
+*/
+function extractCborAsT(cbor) {
+	const tagged = cbor.asTagged();
+	if (tagged !== void 0) {
+		const [tag] = tagged;
+		const tagNumber = Number(tag.value);
+		if (tagNumber === 1) return CborDate.fromTaggedCbor(cbor).datetime();
+		if (tagNumber === 40012) return ARID.fromTaggedCbor(cbor);
+	}
+	if (cbor.isInteger()) return cbor.toInteger();
+	if (cbor.isText()) return cbor.toText();
+	if (cbor.isBool()) return cbor.toBool();
+	if (cbor.isNumber()) return cbor.toNumber();
+	if (cbor.isByteString()) return cbor.toByteString();
+	return cbor;
+}
+/**
 * A sealed request that combines a Request with sender information and
 * state continuations for secure communication.
 *
@@ -442,25 +525,32 @@ var SealedRequest = class SealedRequest {
 	}
 	/**
 	* Returns all objects for a parameter.
+	*
+	* Mirrors Rust `SealedRequest::objects_for_parameter` which delegates
+	* to `Expression::objects_for_parameter`. GSTP requests can carry
+	* multiple parameters with the same ID — e.g. a DKG invite has
+	* one `participant` per group member — and a decoder must see
+	* every one of them.
 	*/
 	objectsForParameter(param) {
-		const obj = this._request.body().getParameter(param);
-		return obj !== void 0 ? [obj] : [];
+		return this._request.body().objectsForParameter(param);
 	}
 	/**
 	* Extracts an object for a parameter as a specific type.
+	*
+	* Mirrors Rust `SealedRequest::extract_object_for_parameter` — Rust
+	* uses a `T: TryFrom<CBOR>` constraint and dispatches to whatever
+	* `From<CBOR> for T` impl is in scope (e.g. tag-1 CBOR decodes to
+	* `chrono::DateTime`, tag-40012 to `ARID`, etc.). TS lacks that
+	* trait dispatch, so we recognise the most common tagged types
+	* (`Date` via tag 1, `ARID` via tag 40012) plus the primitive
+	* fall-through. Callers needing other typed extraction should use
+	* `objectForParameter()` directly and decode the envelope themselves.
 	*/
 	extractObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) throw GstpError.envelope(/* @__PURE__ */ new Error(`Parameter not found: ${param}`));
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts an optional object for a parameter.
@@ -468,14 +558,7 @@ var SealedRequest = class SealedRequest {
 	extractOptionalObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) return;
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts all objects for a parameter as a specific type.
@@ -607,7 +690,7 @@ var SealedRequest = class SealedRequest {
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
 		const continuation = new Continuation(this._state ?? Envelope.new(null), this.id(), validUntil);
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		const senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		let result = this._request.toEnvelope();
@@ -649,7 +732,7 @@ var SealedRequest = class SealedRequest {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let requestEnvelope;
 		try {
@@ -695,7 +778,6 @@ var SealedRequest = class SealedRequest {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/sealed-response.ts
 /**
@@ -912,7 +994,7 @@ var SealedResponse = class SealedResponse {
 		let senderContinuation;
 		if (this._state !== void 0) {
 			const continuation = new Continuation(this._state, void 0, validUntil);
-			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			const senderEncryptionKey = this._sender.encryptionKey();
 			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 			senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		}
@@ -955,7 +1037,7 @@ var SealedResponse = class SealedResponse {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let responseEnvelope;
 		try {
@@ -1005,7 +1087,6 @@ var SealedResponse = class SealedResponse {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/sealed-event.ts
 /**
@@ -1175,7 +1256,7 @@ var SealedEvent = class SealedEvent {
 	* @returns The sealed event as an envelope
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		let senderContinuation;
 		if (this._state !== void 0) senderContinuation = new Continuation(this._state, void 0, validUntil).toEnvelope(senderEncryptionKey);
@@ -1220,7 +1301,7 @@ var SealedEvent = class SealedEvent {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let eventEnvelope;
 		try {
@@ -1267,7 +1348,6 @@ var SealedEvent = class SealedEvent {
 		return true;
 	}
 };
-
 //#endregion
 //#region src/prelude.ts
 var prelude_exports = /* @__PURE__ */ __exportAll({
@@ -1278,11 +1358,10 @@ var prelude_exports = /* @__PURE__ */ __exportAll({
 	SealedRequest: () => SealedRequest,
 	SealedResponse: () => SealedResponse
 });
-
 //#endregion
 //#region src/index.ts
 const VERSION = "0.13.0";
-
 //#endregion
 export { Continuation, GstpError, GstpErrorCode, SealedEvent, SealedRequest, SealedResponse, VERSION, prelude_exports as prelude };
+
 //# sourceMappingURL=index.mjs.map