@bcts/gstp 1.0.0-alpha.23 → 1.0.0-beta.0

package/dist/index.cjs

@@ -13,6 +13,7 @@ var __exportAll = (all, no_symbols) => {
 //#endregion
 let _bcts_components = require("@bcts/components");
 let _bcts_envelope = require("@bcts/envelope");
+let _bcts_dcbor = require("@bcts/dcbor");
 let _bcts_known_values = require("@bcts/known-values");
 let _bcts_xid = require("@bcts/xid");
 //#region src/error.ts
@@ -133,7 +134,22 @@ var GstpError = class GstpError extends Error {
 * eliminating the need for local state storage and enhancing security
 * for devices with limited storage or requiring distributed state management.
 *
-* Ported from gstp-rust/src/continuation.rs
+* Ported from gstp-rust/src/continuation.rs.
+*
+* Wire shape — mirrors Rust:
+* ```
+* {
+*     <state envelope>
+* } [
+*     'id': ARID(...)
+*     'validUntil': Date(...)        ← CBOR tag 1, not ISO 8601 text
+* ]
+* ```
+*
+* The `state` envelope is **wrapped** before assertions are attached,
+* matching Rust `self.state.wrap().add_optional_assertion(...)`. The
+* earlier port attached the assertions directly to the un-wrapped state,
+* producing a different digest tree.
 */
 /**
 * Represents an encrypted state continuation.
@@ -240,8 +256,10 @@ var Continuation = class Continuation {
 	/**
 	* Checks if the continuation is valid at the given time.
 	*
-	* If no valid_until is set, always returns true.
-	* If no time is provided, always returns true.
+	* Mirrors Rust `is_valid_date(now)`: at the exact `valid_until`
+	* instant, the continuation is **expired** (returns `false`). The
+	* earlier port used `<=` here, which differed from Rust by one
+	* millisecond at the boundary.
 	*
 	* @param now - The time to check against, or undefined to skip time validation
 	* @returns true if the continuation is valid at the given time
@@ -249,7 +267,7 @@ var Continuation = class Continuation {
 	isValidDate(now) {
 		if (this._validUntil === void 0) return true;
 		if (now === void 0) return true;
-		return now.getTime() <= this._validUntil.getTime();
+		return now.getTime() < this._validUntil.getTime();
 	}
 	/**
 	* Checks if the continuation has the expected ID.
@@ -278,21 +296,39 @@ var Continuation = class Continuation {
 	/**
 	* Converts the continuation to an envelope.
 	*
-	* If a recipient is provided, the envelope is encrypted to that recipient.
+	* Mirrors Rust `Continuation::to_envelope`:
+	*
+	* ```rust
+	* self.state.wrap()
+	*     .add_optional_assertion(ID, self.valid_id)
+	*     .add_optional_assertion(VALID_UNTIL, self.valid_until)
+	* ```
+	*
+	* The state is wrapped first; the optional assertions then live on
+	* the wrap node. `valid_until` is encoded as a CBOR-tagged Date
+	* (tag 1) — never as a plain ISO 8601 string.
 	*
 	* @param recipient - Optional recipient to encrypt the envelope to
 	* @returns The continuation as an envelope
 	*/
 	toEnvelope(recipient) {
-		let envelope = this._state;
+		let envelope = this._state.wrap();
 		if (this._validId !== void 0) envelope = envelope.addAssertion(_bcts_known_values.ID, this._validId);
-		if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, this._validUntil.toISOString());
+		if (this._validUntil !== void 0) envelope = envelope.addAssertion(_bcts_known_values.VALID_UNTIL, _bcts_dcbor.CborDate.fromDatetime(this._validUntil));
 		if (recipient !== void 0) envelope = envelope.encryptToRecipients([recipient]);
 		return envelope;
 	}
 	/**
 	* Parses a continuation from an envelope.
 	*
+	* Mirrors Rust `Continuation::try_from_envelope`:
+	*
+	* ```rust
+	* state: envelope.try_unwrap()?,                                     // unwrap
+	* valid_id: envelope.extract_optional_object_for_predicate(ID)?,
+	* valid_until: envelope.extract_optional_object_for_predicate(VALID_UNTIL)?,
+	* ```
+	*
 	* @param encryptedEnvelope - The envelope to parse
 	* @param expectedId - Optional ID to validate against
 	* @param now - Optional time to validate against
@@ -307,23 +343,32 @@ var Continuation = class Continuation {
 		} catch (e) {
 			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 		}
-		const state = envelope.subject();
-		let validId;
+		let state;
 		try {
-			const idObj = envelope.objectForPredicate(_bcts_known_values.ID);
-			if (idObj !== void 0) {
-				const leafCbor = idObj.asLeaf();
-				if (leafCbor !== void 0) validId = _bcts_components.ARID.fromTaggedCborData(leafCbor.toData());
+			state = envelope.tryUnwrap();
+		} catch (e) {
+			throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+		}
+		let validId;
+		const idObj = envelope.optionalObjectForPredicate(_bcts_known_values.ID);
+		if (idObj !== void 0) {
+			const leafCbor = idObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validId = _bcts_components.ARID.fromTaggedCbor(leafCbor);
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		let validUntil;
-		try {
-			const validUntilObj = envelope.objectForPredicate(_bcts_known_values.VALID_UNTIL);
-			if (validUntilObj !== void 0) {
-				const dateStr = validUntilObj.asText();
-				if (dateStr !== void 0) validUntil = new Date(dateStr);
+		const validUntilObj = envelope.optionalObjectForPredicate(_bcts_known_values.VALID_UNTIL);
+		if (validUntilObj !== void 0) {
+			const leafCbor = validUntilObj.asLeaf();
+			if (leafCbor !== void 0) try {
+				validUntil = _bcts_dcbor.CborDate.fromTaggedCbor(leafCbor).datetime();
+			} catch (e) {
+				throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
 			}
-		} catch {}
+		}
 		const continuation = new Continuation(state, validId, validUntil);
 		if (!continuation.isValidDate(now)) throw GstpError.continuationExpired();
 		if (!continuation.isValidId(expectedId)) throw GstpError.continuationIdInvalid();
@@ -360,6 +405,47 @@ var Continuation = class Continuation {
 //#endregion
 //#region src/sealed-request.ts
 /**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* SealedRequest - Sealed request messages for GSTP
+*
+* A SealedRequest wraps a Request with sender information and state
+* continuations for secure, authenticated request messages.
+*
+* Ported from gstp-rust/src/sealed_request.rs
+*/
+/**
+* Decode a CBOR value into a typed JS value.
+*
+* Mirrors the type-driven `T: TryFrom<CBOR>` dispatch Rust's
+* `extract_object_for_parameter` relies on. TS lacks compile-time
+* trait dispatch, so we hand-roll the most common cases:
+*  - tag 1 (`Date`) → JS `Date`,
+*  - tag 40012 (`ARID`) → `ARID`,
+*  - integer / text / bool / number / byte-string primitives,
+*  - everything else → the raw `Cbor` value.
+*
+* Callers needing other typed extraction should use
+* `objectForParameter()` directly and decode the envelope themselves.
+*/
+function extractCborAsT(cbor) {
+	const tagged = cbor.asTagged();
+	if (tagged !== void 0) {
+		const [tag] = tagged;
+		const tagNumber = Number(tag.value);
+		if (tagNumber === 1) return _bcts_dcbor.CborDate.fromTaggedCbor(cbor).datetime();
+		if (tagNumber === 40012) return _bcts_components.ARID.fromTaggedCbor(cbor);
+	}
+	if (cbor.isInteger()) return cbor.toInteger();
+	if (cbor.isText()) return cbor.toText();
+	if (cbor.isBool()) return cbor.toBool();
+	if (cbor.isNumber()) return cbor.toNumber();
+	if (cbor.isByteString()) return cbor.toByteString();
+	return cbor;
+}
+/**
 * A sealed request that combines a Request with sender information and
 * state continuations for secure communication.
 *
@@ -451,25 +537,32 @@ var SealedRequest = class SealedRequest {
 	}
 	/**
 	* Returns all objects for a parameter.
+	*
+	* Mirrors Rust `SealedRequest::objects_for_parameter` which delegates
+	* to `Expression::objects_for_parameter`. GSTP requests can carry
+	* multiple parameters with the same ID — e.g. a DKG invite has
+	* one `participant` per group member — and a decoder must see
+	* every one of them.
 	*/
 	objectsForParameter(param) {
-		const obj = this._request.body().getParameter(param);
-		return obj !== void 0 ? [obj] : [];
+		return this._request.body().objectsForParameter(param);
 	}
 	/**
 	* Extracts an object for a parameter as a specific type.
+	*
+	* Mirrors Rust `SealedRequest::extract_object_for_parameter` — Rust
+	* uses a `T: TryFrom<CBOR>` constraint and dispatches to whatever
+	* `From<CBOR> for T` impl is in scope (e.g. tag-1 CBOR decodes to
+	* `chrono::DateTime`, tag-40012 to `ARID`, etc.). TS lacks that
+	* trait dispatch, so we recognise the most common tagged types
+	* (`Date` via tag 1, `ARID` via tag 40012) plus the primitive
+	* fall-through. Callers needing other typed extraction should use
+	* `objectForParameter()` directly and decode the envelope themselves.
 	*/
 	extractObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) throw GstpError.envelope(/* @__PURE__ */ new Error(`Parameter not found: ${param}`));
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts an optional object for a parameter.
@@ -477,14 +570,7 @@ var SealedRequest = class SealedRequest {
 	extractOptionalObjectForParameter(param) {
 		const envelope = this.objectForParameter(param);
 		if (envelope === void 0) return;
-		return envelope.extractSubject((cbor) => {
-			if (cbor.isInteger()) return cbor.toInteger();
-			if (cbor.isText()) return cbor.toText();
-			if (cbor.isBool()) return cbor.toBool();
-			if (cbor.isNumber()) return cbor.toNumber();
-			if (cbor.isByteString()) return cbor.toByteString();
-			return cbor;
-		});
+		return envelope.extractSubject((cbor) => extractCborAsT(cbor));
 	}
 	/**
 	* Extracts all objects for a parameter as a specific type.
@@ -616,7 +702,7 @@ var SealedRequest = class SealedRequest {
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
 		const continuation = new Continuation(this._state ?? _bcts_envelope.Envelope.new(null), this.id(), validUntil);
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		const senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		let result = this._request.toEnvelope();
@@ -658,7 +744,7 @@ var SealedRequest = class SealedRequest {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let requestEnvelope;
 		try {
@@ -920,7 +1006,7 @@ var SealedResponse = class SealedResponse {
 		let senderContinuation;
 		if (this._state !== void 0) {
 			const continuation = new Continuation(this._state, void 0, validUntil);
-			const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+			const senderEncryptionKey = this._sender.encryptionKey();
 			if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 			senderContinuation = continuation.toEnvelope(senderEncryptionKey);
 		}
@@ -963,7 +1049,7 @@ var SealedResponse = class SealedResponse {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let responseEnvelope;
 		try {
@@ -1182,7 +1268,7 @@ var SealedEvent = class SealedEvent {
 	* @returns The sealed event as an envelope
 	*/
 	toEnvelopeForRecipients(validUntil, signer, recipients) {
-		const senderEncryptionKey = this._sender.inceptionKey()?.publicKeys()?.encapsulationPublicKey();
+		const senderEncryptionKey = this._sender.encryptionKey();
 		if (senderEncryptionKey === void 0) throw GstpError.senderMissingEncryptionKey();
 		let senderContinuation;
 		if (this._state !== void 0) senderContinuation = new Continuation(this._state, void 0, validUntil).toEnvelope(senderEncryptionKey);
@@ -1227,7 +1313,7 @@ var SealedEvent = class SealedEvent {
 		} catch (e) {
 			throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
 		}
-		const senderVerificationKey = sender.inceptionKey()?.publicKeys()?.signingPublicKey();
+		const senderVerificationKey = sender.verificationKey();
 		if (senderVerificationKey === void 0) throw GstpError.senderMissingVerificationKey();
 		let eventEnvelope;
 		try {