@botcord/botcord 0.3.6 → 0.3.8-beta.20260415044559

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/src/client.ts CHANGED
@@ -30,6 +30,36 @@ import type {
30
30
  const MAX_RETRIES = 2;
31
31
  const RETRY_BASE_MS = 1000;
32
32
 
33
+ /**
34
+ * Typed error thrown by BotCordClient for non-ok HTTP responses.
35
+ * Carries the HTTP status and an optional error code parsed from the response body.
36
+ */
37
+ export class HubApiError extends Error {
38
+ readonly status: number;
39
+ readonly code: string | undefined;
40
+
41
+ constructor(status: number, body: string, path: string) {
42
+ super(`BotCord ${path} failed: ${status} ${body}`);
43
+ this.name = "HubApiError";
44
+ this.status = status;
45
+ this.code = HubApiError.parseCode(body);
46
+ }
47
+
48
+ private static parseCode(body: string): string | undefined {
49
+ try {
50
+ const parsed = JSON.parse(body);
51
+ // Hub returns { "detail": "BLOCKED" } or { "code": "NOT_IN_CONTACTS" }
52
+ if (typeof parsed.code === "string") return parsed.code;
53
+ if (typeof parsed.detail === "string" && /^[A-Z_]+$/.test(parsed.detail)) return parsed.detail;
54
+ } catch {
55
+ // Not JSON — try to extract an all-caps code from the raw body
56
+ const match = body.match(/\b([A-Z][A-Z_]{2,})\b/);
57
+ if (match) return match[1];
58
+ }
59
+ return undefined;
60
+ }
61
+ }
62
+
33
63
  export class BotCordClient {
34
64
  private hubUrl: string;
35
65
  private agentId: string;
@@ -178,13 +208,57 @@ export class BotCordClient {
178
208
  }
179
209
 
180
210
  const body = await resp.text().catch(() => "");
181
- const err = new Error(`BotCord ${path} failed: ${resp.status} ${body}`);
182
- (err as any).status = resp.status;
183
- throw err;
211
+ throw new HubApiError(resp.status, body, path);
184
212
  }
185
213
  throw new Error(`BotCord ${path} failed: exhausted retries`);
186
214
  }
187
215
 
216
+ // ── Raw API access ──────────────────────────────────────────
217
+
218
+ /**
219
+ * Execute an arbitrary authenticated request against the Hub API.
220
+ * Returns the parsed JSON response body.
221
+ */
222
+ async request(
223
+ method: string,
224
+ path: string,
225
+ options?: { body?: unknown; query?: Record<string, string | string[]> },
226
+ ): Promise<unknown> {
227
+ let fullPath = path;
228
+ if (options?.query) {
229
+ const params = new URLSearchParams();
230
+ for (const [key, val] of Object.entries(options.query)) {
231
+ if (Array.isArray(val)) {
232
+ for (const v of val) params.append(key, v);
233
+ } else {
234
+ params.append(key, val);
235
+ }
236
+ }
237
+ const sep = path.includes("?") ? "&" : "?";
238
+ fullPath = `${path}${sep}${params}`;
239
+ }
240
+ const init: RequestInit = { method };
241
+ if (options?.body !== undefined) {
242
+ init.body = JSON.stringify(options.body);
243
+ }
244
+ const resp = await this.hubFetch(fullPath, init);
245
+ const text = await resp.text();
246
+ // Guard against unexpectedly large responses (1MB cap for raw API use)
247
+ const MAX_RESPONSE_SIZE = 1024 * 1024;
248
+ if (text.length > MAX_RESPONSE_SIZE) {
249
+ throw new HubApiError(
250
+ resp.status,
251
+ `Response too large (${(text.length / 1024).toFixed(0)}KB > 1MB limit)`,
252
+ fullPath,
253
+ );
254
+ }
255
+ try {
256
+ return JSON.parse(text);
257
+ } catch {
258
+ return text;
259
+ }
260
+ }
261
+
188
262
  // ── File upload ──────────────────────────────────────────────
189
263
 
190
264
  async uploadFile(
@@ -955,6 +1029,29 @@ export class BotCordClient {
955
1029
  });
956
1030
  }
957
1031
 
1032
+ // ── Memory ───────────────────────────────────────────────────
1033
+
1034
+ /**
1035
+ * Fetch the default seed working memory from the Hub API.
1036
+ * Used by readOrSeedWorkingMemory() for first-time onboarding.
1037
+ */
1038
+ async getDefaultMemory(): Promise<{
1039
+ version: number;
1040
+ goal?: string;
1041
+ sections: Record<string, string>;
1042
+ } | null> {
1043
+ try {
1044
+ const resp = await this.hubFetch("/hub/memory/default");
1045
+ return (await resp.json()) as {
1046
+ version: number;
1047
+ goal?: string;
1048
+ sections: Record<string, string>;
1049
+ };
1050
+ } catch {
1051
+ return null;
1052
+ }
1053
+ }
1054
+
958
1055
  // ── Accessors ─────────────────────────────────────────────────
959
1056
 
960
1057
  getAgentId(): string {
@@ -19,10 +19,11 @@ export function createBindCommand() {
19
19
  return { text: "[FAIL] Usage: /botcord_bind <bind_code_or_bind_ticket>" };
20
20
  }
21
21
 
22
- const result = await executeBind(bindCredential);
22
+ const result = await executeBind(bindCredential) as Record<string, unknown>;
23
23
 
24
- if ("error" in result) {
25
- return { text: `[FAIL] ${result.error}` };
24
+ if (!result.ok) {
25
+ const err = (result.error as { message?: string })?.message || "Unknown error";
26
+ return { text: `[FAIL] ${err}` };
26
27
  }
27
28
 
28
29
  const agentId = result.agent_id || "unknown";
@@ -17,7 +17,8 @@ import { getConfig as getAppConfig } from "../runtime.js";
17
17
  import { getWsStatus } from "../ws-client.js";
18
18
  import { existsSync, statSync } from "node:fs";
19
19
  import { PLUGIN_VERSION, checkVersionInfo } from "../version-check.js";
20
- import { isOnboarded, markOnboarded } from "../credentials.js";
20
+ // isOnboarded/markOnboarded removed onboarding state is now managed via
21
+ // working memory (onboarding section presence). See docs/onboarding-refactor-plan.md.
21
22
 
22
23
  export function createHealthcheckCommand() {
23
24
  return {
@@ -245,16 +246,6 @@ export function createHealthcheckCommand() {
245
246
  lines.push("", "All checks passed. BotCord is ready!");
246
247
  }
247
248
 
248
- // Mark onboarding complete when no critical failures (warnings are acceptable —
249
- // missing notifySession, available updates, etc. are non-blocking for onboarding)
250
- if (fail === 0 && acct.credentialsFile) {
251
- if (!isOnboarded(acct.credentialsFile)) {
252
- if (markOnboarded(acct.credentialsFile)) {
253
- lines.push("", "Onboarding complete — welcome to BotCord!");
254
- }
255
- }
256
- }
257
-
258
249
  return { text: lines.join("\n") };
259
250
  },
260
251
  };
@@ -0,0 +1,129 @@
1
+ /**
2
+ * CLI: `openclaw botcord-uninstall`
3
+ *
4
+ * Safe uninstall that uses OpenClaw's plugin API instead of editing JSON directly.
5
+ * Prevents the common failure mode where AI agents corrupt openclaw.json.
6
+ */
7
+
8
+ export function createUninstallCli() {
9
+ return {
10
+ setup: (ctx: any) => {
11
+ ctx.program
12
+ .command("botcord-uninstall")
13
+ .description("Safely uninstall the BotCord plugin")
14
+ .option("--purge", "Also delete credentials from ~/.botcord/", false)
15
+ .option("--keep-channel", "Keep channel config in openclaw.json", false)
16
+ .option("--profile <name>", "OpenClaw profile to target")
17
+ .option("--dev", "Target the dev profile")
18
+ .action(async (options: { purge?: boolean; keepChannel?: boolean; profile?: string; dev?: boolean }) => {
19
+ const { existsSync, rmSync, readdirSync } = await import("node:fs");
20
+ const { join } = await import("node:path");
21
+ const { spawnSync } = await import("node:child_process");
22
+ const { homedir } = await import("node:os");
23
+
24
+ const home = homedir();
25
+ const credDir = join(home, ".botcord", "credentials");
26
+
27
+ // Build profile args to forward to openclaw CLI (as array, never shell-interpolated)
28
+ const profileArgs: string[] = [];
29
+ if (options.dev) profileArgs.push("--dev");
30
+ else if (options.profile) {
31
+ // Validate profile name to prevent injection via spawn args
32
+ if (!/^[a-zA-Z0-9._-]+$/.test(options.profile)) {
33
+ ctx.logger.error("Invalid profile name — only alphanumeric, dots, hyphens, and underscores are allowed");
34
+ return;
35
+ }
36
+ profileArgs.push("--profile", options.profile);
37
+ }
38
+
39
+ // Helper: run openclaw CLI safely via spawnSync (no shell interpolation)
40
+ const oc = (cmdArgs: string[]) =>
41
+ spawnSync("openclaw", [...profileArgs, ...cmdArgs], { stdio: "pipe", encoding: "utf8" });
42
+
43
+ // Resolve extension dir from openclaw CLI if possible, else default
44
+ let extensionDir = join(home, ".openclaw", "extensions", "botcord");
45
+ try {
46
+ const result = oc(["config", "path"]);
47
+ const configFile = (result.stdout || "").trim();
48
+ if (configFile) {
49
+ const configDir = join(configFile, "..");
50
+ extensionDir = join(configDir, "extensions", "botcord");
51
+ }
52
+ } catch {
53
+ // fall back to default path
54
+ }
55
+
56
+ // Step 1: Disable plugin via OpenClaw CLI (safe — no JSON editing)
57
+ ctx.logger.info("Disabling BotCord plugin ...");
58
+ try {
59
+ const result = oc(["plugins", "disable", "botcord"]);
60
+ if (result.status === 0) {
61
+ ctx.logger.info(" Plugin disabled");
62
+ } else {
63
+ ctx.logger.warn(" Plugin was not enabled (or already disabled)");
64
+ }
65
+ } catch {
66
+ ctx.logger.warn(" Plugin was not enabled (or already disabled)");
67
+ }
68
+
69
+ // Step 2: Remove channel config via OpenClaw CLI if available
70
+ if (!options.keepChannel) {
71
+ ctx.logger.info("Removing channel configuration ...");
72
+ try {
73
+ const result = oc(["config", "unset", "channels.botcord"]);
74
+ if (result.status === 0) {
75
+ ctx.logger.info(" Channel config removed");
76
+ } else {
77
+ ctx.logger.warn(" Could not remove channel config via CLI — may need manual cleanup");
78
+ ctx.logger.warn(" If needed, remove 'channels.botcord' from openclaw.json");
79
+ }
80
+ } catch {
81
+ ctx.logger.warn(" Could not remove channel config via CLI — may need manual cleanup");
82
+ ctx.logger.warn(" If needed, remove 'channels.botcord' from openclaw.json");
83
+ }
84
+ } else {
85
+ ctx.logger.info("Keeping channel configuration (--keep-channel)");
86
+ }
87
+
88
+ // Step 3: Remove plugin files
89
+ if (existsSync(extensionDir)) {
90
+ ctx.logger.info(`Removing plugin files from ${extensionDir} ...`);
91
+ rmSync(extensionDir, { recursive: true, force: true });
92
+ ctx.logger.info(" Plugin files removed");
93
+ } else {
94
+ ctx.logger.info(" No plugin files found (already removed)");
95
+ }
96
+
97
+ // Step 4: Optionally purge credentials
98
+ if (options.purge) {
99
+ if (existsSync(credDir)) {
100
+ const files = readdirSync(credDir).filter((f: string) => f.endsWith(".json"));
101
+ if (files.length > 0) {
102
+ ctx.logger.info(`Deleting ${files.length} credential file(s) from ${credDir} ...`);
103
+ for (const f of files) {
104
+ rmSync(join(credDir, f), { force: true });
105
+ ctx.logger.info(` Deleted ${f}`);
106
+ }
107
+ }
108
+ } else {
109
+ ctx.logger.info(" No credentials directory found");
110
+ }
111
+ } else {
112
+ // Show what's preserved
113
+ if (existsSync(credDir)) {
114
+ const files = readdirSync(credDir).filter((f: string) => f.endsWith(".json"));
115
+ if (files.length > 0) {
116
+ ctx.logger.info(`Credentials preserved in ${credDir} (${files.length} file(s))`);
117
+ ctx.logger.info(" Use --purge to also delete credentials");
118
+ }
119
+ }
120
+ }
121
+
122
+ ctx.logger.info("");
123
+ ctx.logger.info("BotCord plugin uninstalled.");
124
+ ctx.logger.info("Restart OpenClaw to apply: openclaw gateway restart");
125
+ });
126
+ },
127
+ commands: ["botcord-uninstall"],
128
+ };
129
+ }
package/src/constants.ts CHANGED
@@ -9,7 +9,7 @@
9
9
 
10
10
  export type ReleaseChannel = "stable" | "beta";
11
11
 
12
- export const RELEASE_CHANNEL: ReleaseChannel = "stable";
12
+ export const RELEASE_CHANNEL: ReleaseChannel = "beta";
13
13
 
14
14
  const HUB_URLS: Record<ReleaseChannel, string> = {
15
15
  stable: "https://api.botcord.chat",
@@ -1,108 +1,26 @@
1
- import { chmodSync, mkdirSync, readFileSync, writeFileSync, existsSync } from "node:fs";
2
- import os from "node:os";
3
- import path from "node:path";
4
- import { derivePublicKey } from "./crypto.js";
5
- import { normalizeAndValidateHubUrl } from "./hub-url.js";
1
+ import { existsSync, readFileSync } from "node:fs";
2
+ import {
3
+ type StoredBotCordCredentials,
4
+ updateCredentialsToken,
5
+ loadStoredCredentials,
6
+ writeCredentialsFile,
7
+ resolveCredentialsFilePath,
8
+ defaultCredentialsFile,
9
+ } from "@botcord/protocol-core";
6
10
  import type { BotCordAccountConfig } from "./types.js";
7
11
  import type { BotCordClient as BotCordClientType } from "./client.js";
8
12
 
9
- export interface StoredBotCordCredentials {
10
- version: 1;
11
- hubUrl: string;
12
- agentId: string;
13
- keyId: string;
14
- privateKey: string;
15
- publicKey: string;
16
- displayName?: string;
17
- savedAt: string;
18
- token?: string;
19
- tokenExpiresAt?: number;
20
- onboardedAt?: string;
21
- }
22
-
23
- function normalizeCredentialValue(raw: any, keys: string[]): string | undefined {
24
- for (const key of keys) {
25
- const value = raw?.[key];
26
- if (typeof value === "string" && value.trim()) return value;
27
- }
28
- return undefined;
29
- }
30
-
31
- export function resolveCredentialsFilePath(credentialsFile: string): string {
32
- if (credentialsFile === "~") return os.homedir();
33
- if (credentialsFile.startsWith("~/")) {
34
- return path.join(os.homedir(), credentialsFile.slice(2));
35
- }
36
- return path.isAbsolute(credentialsFile)
37
- ? credentialsFile
38
- : path.resolve(credentialsFile);
39
- }
40
-
41
- export function defaultCredentialsFile(agentId: string): string {
42
- return path.join(os.homedir(), ".botcord", "credentials", `${agentId}.json`);
43
- }
44
-
45
- function readCredentialSource(credentialsFile: string): Record<string, unknown> {
46
- const resolved = resolveCredentialsFilePath(credentialsFile);
47
- try {
48
- return JSON.parse(readFileSync(resolved, "utf8")) as Record<string, unknown>;
49
- } catch (err: any) {
50
- throw new Error(`Unable to read BotCord credentials file "${resolved}": ${err.message}`);
51
- }
52
- }
53
-
54
- export function loadStoredCredentials(credentialsFile: string): StoredBotCordCredentials {
55
- const resolved = resolveCredentialsFilePath(credentialsFile);
56
- const raw = readCredentialSource(resolved);
57
- const hubUrl = normalizeCredentialValue(raw, ["hubUrl", "hub_url", "hub"]);
58
- const agentId = normalizeCredentialValue(raw, ["agentId", "agent_id"]);
59
- const keyId = normalizeCredentialValue(raw, ["keyId", "key_id"]);
60
- const privateKey = normalizeCredentialValue(raw, ["privateKey", "private_key"]);
61
- const publicKey = normalizeCredentialValue(raw, ["publicKey", "public_key"]);
62
- const displayName = normalizeCredentialValue(raw, ["displayName", "display_name"]);
63
- const savedAt = normalizeCredentialValue(raw, ["savedAt", "saved_at"]);
64
- const token = normalizeCredentialValue(raw, ["token"]);
65
- const tokenExpiresAt = typeof raw.tokenExpiresAt === "number"
66
- ? raw.tokenExpiresAt
67
- : typeof raw.token_expires_at === "number"
68
- ? raw.token_expires_at
69
- : undefined;
13
+ // Re-export core functions so existing plugin imports don't break
14
+ export {
15
+ type StoredBotCordCredentials,
16
+ updateCredentialsToken,
17
+ loadStoredCredentials,
18
+ writeCredentialsFile,
19
+ resolveCredentialsFilePath,
20
+ defaultCredentialsFile,
21
+ } from "@botcord/protocol-core";
70
22
 
71
- if (!hubUrl) throw new Error(`BotCord credentials file "${resolved}" is missing hubUrl`);
72
- if (!agentId) throw new Error(`BotCord credentials file "${resolved}" is missing agentId`);
73
- if (!keyId) throw new Error(`BotCord credentials file "${resolved}" is missing keyId`);
74
- if (!privateKey) throw new Error(`BotCord credentials file "${resolved}" is missing privateKey`);
75
-
76
- const derivedPublicKey = derivePublicKey(privateKey);
77
- if (publicKey && publicKey !== derivedPublicKey) {
78
- throw new Error(
79
- `BotCord credentials file "${resolved}" has a publicKey that does not match privateKey`,
80
- );
81
- }
82
-
83
- let normalizedHubUrl: string;
84
- try {
85
- normalizedHubUrl = normalizeAndValidateHubUrl(hubUrl);
86
- } catch (err: any) {
87
- throw new Error(`BotCord credentials file "${resolved}" has an invalid hubUrl: ${err.message}`);
88
- }
89
-
90
- const onboardedAt = normalizeCredentialValue(raw, ["onboardedAt", "onboarded_at"]);
91
-
92
- return {
93
- version: 1,
94
- hubUrl: normalizedHubUrl,
95
- agentId,
96
- keyId,
97
- privateKey,
98
- publicKey: publicKey || derivedPublicKey,
99
- displayName,
100
- savedAt: savedAt || new Date().toISOString(),
101
- token,
102
- tokenExpiresAt,
103
- onboardedAt,
104
- };
105
- }
23
+ // Plugin-specific helpers below
106
24
 
107
25
  export function readCredentialFileData(credentialsFile?: string): Partial<BotCordAccountConfig> {
108
26
  if (!credentialsFile) return {};
@@ -123,55 +41,15 @@ export function readCredentialFileData(credentialsFile?: string): Partial<BotCor
123
41
  }
124
42
  }
125
43
 
126
- export function writeCredentialsFile(
127
- credentialsFile: string,
128
- credentials: StoredBotCordCredentials,
129
- ): string {
130
- const resolved = resolveCredentialsFilePath(credentialsFile);
131
- const normalizedCredentials = {
132
- ...credentials,
133
- hubUrl: normalizeAndValidateHubUrl(credentials.hubUrl),
134
- };
135
- mkdirSync(path.dirname(resolved), { recursive: true, mode: 0o700 });
136
- writeFileSync(resolved, JSON.stringify(normalizedCredentials, null, 2) + "\n", {
137
- encoding: "utf8",
138
- mode: 0o600,
139
- });
140
- chmodSync(resolved, 0o600);
141
- return resolved;
142
- }
143
-
144
44
  /**
145
- * Atomically update only the token fields in an existing credentials file.
146
- * Reads current file, merges new token/expiresAt, writes back.
147
- * Returns false if the file does not exist or the write fails.
45
+ * Check whether the agent completed onboarding under the legacy system
46
+ * (credentials file contains onboardedAt). Used as a migration bridge
47
+ * in readOrSeedWorkingMemory() to avoid re-triggering onboarding for
48
+ * agents that already went through the old flow.
49
+ *
50
+ * Read-only — this function never writes to the credentials file.
148
51
  */
149
- export function updateCredentialsToken(
150
- credentialsFile: string,
151
- token: string,
152
- tokenExpiresAt: number,
153
- ): boolean {
154
- const resolved = resolveCredentialsFilePath(credentialsFile);
155
- try {
156
- if (!existsSync(resolved)) return false;
157
- const raw = JSON.parse(readFileSync(resolved, "utf8")) as Record<string, unknown>;
158
- raw.token = token;
159
- raw.tokenExpiresAt = tokenExpiresAt;
160
- writeFileSync(resolved, JSON.stringify(raw, null, 2) + "\n", {
161
- encoding: "utf8",
162
- mode: 0o600,
163
- });
164
- chmodSync(resolved, 0o600);
165
- return true;
166
- } catch {
167
- return false;
168
- }
169
- }
170
-
171
- /**
172
- * Check whether the agent has completed onboarding.
173
- */
174
- export function isOnboarded(credentialsFile: string): boolean {
52
+ export function isLegacyOnboarded(credentialsFile: string): boolean {
175
53
  const resolved = resolveCredentialsFilePath(credentialsFile);
176
54
  try {
177
55
  if (!existsSync(resolved)) return false;
@@ -182,26 +60,6 @@ export function isOnboarded(credentialsFile: string): boolean {
182
60
  }
183
61
  }
184
62
 
185
- /**
186
- * Mark the agent as onboarded by writing onboardedAt timestamp.
187
- */
188
- export function markOnboarded(credentialsFile: string): boolean {
189
- const resolved = resolveCredentialsFilePath(credentialsFile);
190
- try {
191
- if (!existsSync(resolved)) return false;
192
- const raw = JSON.parse(readFileSync(resolved, "utf8")) as Record<string, unknown>;
193
- raw.onboardedAt = new Date().toISOString();
194
- writeFileSync(resolved, JSON.stringify(raw, null, 2) + "\n", {
195
- encoding: "utf8",
196
- mode: 0o600,
197
- });
198
- chmodSync(resolved, 0o600);
199
- return true;
200
- } catch {
201
- return false;
202
- }
203
- }
204
-
205
63
  /**
206
64
  * Attach token persistence to a BotCordClient.
207
65
  * If the account was loaded from a credentialsFile, refreshed tokens
package/src/crypto.ts CHANGED
@@ -1,155 +1 @@
1
- /**
2
- * Ed25519 signing for BotCord protocol.
3
- * Zero npm dependencies — uses Node.js built-in crypto module.
4
- * Ported from botcord-skill/skill/botcord-crypto.mjs.
5
- */
6
- import {
7
- createHash,
8
- createPublicKey,
9
- createPrivateKey,
10
- generateKeyPairSync,
11
- sign,
12
- randomUUID,
13
- } from "node:crypto";
14
- import type { BotCordMessageEnvelope, BotCordSignature, MessageType } from "./types.js";
15
-
16
- // ── JCS (RFC 8785) canonicalization ─────────────────────────────
17
- export function jcsCanonicalize(value: unknown): string | undefined {
18
- if (value === null || typeof value === "boolean") return JSON.stringify(value);
19
- if (typeof value === "number") {
20
- if (Object.is(value, -0)) return "0";
21
- return JSON.stringify(value);
22
- }
23
- if (typeof value === "string") return JSON.stringify(value);
24
- if (Array.isArray(value))
25
- return "[" + value.map((v) => jcsCanonicalize(v)).join(",") + "]";
26
- if (typeof value === "object") {
27
- const keys = Object.keys(value as Record<string, unknown>).sort();
28
- const parts: string[] = [];
29
- for (const k of keys) {
30
- const v = (value as Record<string, unknown>)[k];
31
- if (v === undefined) continue;
32
- parts.push(JSON.stringify(k) + ":" + jcsCanonicalize(v));
33
- }
34
- return "{" + parts.join(",") + "}";
35
- }
36
- return undefined;
37
- }
38
-
39
- // ── Build Node.js KeyObject from raw 32-byte seed ───────────────
40
- function privateKeyFromSeed(seed: Buffer): ReturnType<typeof createPrivateKey> {
41
- const prefix = Buffer.from("302e020100300506032b657004220420", "hex");
42
- return createPrivateKey({
43
- key: Buffer.concat([prefix, seed]),
44
- format: "der",
45
- type: "pkcs8",
46
- });
47
- }
48
-
49
- // ── Payload hash ────────────────────────────────────────────────
50
- export function computePayloadHash(payload: Record<string, unknown>): string {
51
- const canonical = jcsCanonicalize(payload)!;
52
- const digest = createHash("sha256").update(canonical).digest("hex");
53
- return `sha256:${digest}`;
54
- }
55
-
56
- // ── Sign challenge ──────────────────────────────────────────────
57
- export function signChallenge(privateKeyB64: string, challengeB64: string): string {
58
- const pk = privateKeyFromSeed(Buffer.from(privateKeyB64, "base64"));
59
- const sig = sign(null, Buffer.from(challengeB64, "base64"), pk);
60
- return sig.toString("base64");
61
- }
62
-
63
- export function derivePublicKey(privateKeyB64: string): string {
64
- const privateKey = privateKeyFromSeed(Buffer.from(privateKeyB64, "base64"));
65
- const publicKey = createPublicKey(privateKey);
66
- const pubDer = publicKey.export({ type: "spki", format: "der" });
67
- return Buffer.from(pubDer.subarray(-32)).toString("base64");
68
- }
69
-
70
- // ── Build and sign a full message envelope ──────────────────────
71
- export function buildSignedEnvelope(params: {
72
- from: string;
73
- to: string;
74
- type: MessageType;
75
- payload: Record<string, unknown>;
76
- privateKey: string; // base64 Ed25519 seed
77
- keyId: string;
78
- replyTo?: string | null;
79
- ttlSec?: number;
80
- topic?: string | null;
81
- goal?: string | null;
82
- }): BotCordMessageEnvelope {
83
- const {
84
- from,
85
- to,
86
- type,
87
- payload,
88
- privateKey,
89
- keyId,
90
- replyTo = null,
91
- ttlSec = 3600,
92
- topic = null,
93
- goal = null,
94
- } = params;
95
-
96
- const msgId = randomUUID();
97
- const ts = Math.floor(Date.now() / 1000);
98
- const payloadHash = computePayloadHash(payload);
99
-
100
- // Build signing input (newline-joined fields)
101
- const parts = [
102
- "a2a/0.1",
103
- msgId,
104
- String(ts),
105
- from,
106
- to,
107
- String(type),
108
- replyTo || "",
109
- String(ttlSec),
110
- payloadHash,
111
- ];
112
-
113
- const pk = privateKeyFromSeed(Buffer.from(privateKey, "base64"));
114
- const sigValue = sign(null, Buffer.from(parts.join("\n")), pk);
115
-
116
- const sig: BotCordSignature = {
117
- alg: "ed25519",
118
- key_id: keyId,
119
- value: sigValue.toString("base64"),
120
- };
121
-
122
- return {
123
- v: "a2a/0.1",
124
- msg_id: msgId,
125
- ts,
126
- from,
127
- to,
128
- type,
129
- reply_to: replyTo,
130
- ttl_sec: ttlSec,
131
- topic,
132
- goal,
133
- payload,
134
- payload_hash: payloadHash,
135
- sig,
136
- };
137
- }
138
-
139
- // ── Keygen ──────────────────────────────────────────────────────
140
- export function generateKeypair(): {
141
- privateKey: string;
142
- publicKey: string;
143
- pubkeyFormatted: string;
144
- } {
145
- const { publicKey, privateKey } = generateKeyPairSync("ed25519");
146
- const privDer = privateKey.export({ type: "pkcs8", format: "der" });
147
- const privB64 = Buffer.from(privDer.subarray(-32)).toString("base64");
148
- const pubDer = publicKey.export({ type: "spki", format: "der" });
149
- const pubB64 = Buffer.from(pubDer.subarray(-32)).toString("base64");
150
- return {
151
- privateKey: privB64,
152
- publicKey: pubB64,
153
- pubkeyFormatted: `ed25519:${pubB64}`,
154
- };
155
- }
1
+ export * from "@botcord/protocol-core";