@byoky/core 0.1.0 → 0.2.0

package/dist/index.cjs

@@ -236,12 +236,7 @@ var PROVIDERS = {
     id: "anthropic",
     name: "Anthropic",
     authMethods: ["api_key", "oauth"],
-    baseUrl: "https://api.anthropic.com",
-    oauthConfig: {
-      authorizationUrl: "https://console.anthropic.com/oauth/authorize",
-      tokenUrl: "https://console.anthropic.com/oauth/token",
-      scopes: []
-    }
+    baseUrl: "https://api.anthropic.com"
   },
   openai: {
     id: "openai",

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts"],"sourcesContent":["export * from './types.js';\nexport * from './crypto.js';\nexport * from './errors.js';\nexport * from './protocol.js';\nexport * from './providers.js';\n","export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n  id: ProviderId;\n  name: string;\n  authMethods: AuthMethod[];\n  baseUrl: string;\n  oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n  authMethod: 'api_key';\n  encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n  authMethod: 'oauth';\n  encryptedAccessToken: string;\n  encryptedRefreshToken?: string;\n  expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n  maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n  id: string;\n  sessionKey: string;\n  appOrigin: string;\n  appName?: string;\n  providers: SessionProvider[];\n  createdAt: number;\n  expiresAt: number;\n}\n\nexport interface SessionProvider {\n  providerId: ProviderId;\n  credentialId: string;\n  available: boolean;\n  authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n  providers?: ProviderRequirement[];\n  capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n  id: ProviderId;\n  required: boolean;\n}\n\nexport interface ConnectResponse {\n  sessionKey: string;\n  proxyUrl: string;\n  providers: Record<\n    string,\n    {\n      available: boolean;\n      authMethod: AuthMethod;\n    }\n  >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n  requestId: string;\n  sessionKey: string;\n  providerId: string;\n  url: string;\n  method: string;\n  headers: Record<string, string>;\n  body?: string;\n}\n\nexport interface ProxyResponseMeta {\n  requestId: string;\n  status: number;\n  statusText: string;\n  headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n  requestId: string;\n  chunk: string;\n}\n\nexport interface ProxyResponseError {\n  requestId: string;\n  status: number;\n  error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n  | 'BYOKY_CONNECT_REQUEST'\n  | 'BYOKY_CONNECT_RESPONSE'\n  | 'BYOKY_DISCONNECT'\n  | 'BYOKY_PROXY_REQUEST'\n  | 'BYOKY_PROXY_RESPONSE_META'\n  | 'BYOKY_PROXY_RESPONSE_CHUNK'\n  | 'BYOKY_PROXY_RESPONSE_DONE'\n  | 'BYOKY_PROXY_RESPONSE_ERROR'\n  | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n  type: MessageType;\n  id: string;\n  requestId?: string;\n  payload: unknown;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n  WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n  USER_REJECTED = 'USER_REJECTED',\n  PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n  SESSION_EXPIRED = 'SESSION_EXPIRED',\n  RATE_LIMITED = 'RATE_LIMITED',\n  QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n  INVALID_KEY = 'INVALID_KEY',\n  TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n  PROXY_ERROR = 'PROXY_ERROR',\n  UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n  id: string;\n  sessionId: string;\n  appOrigin: string;\n  providerId: ProviderId;\n  url: string;\n  method: string;\n  status: number;\n  timestamp: number;\n  error?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n  id: string;\n  appOrigin: string;\n  appName?: string;\n  providers: ProviderRequirement[];\n  timestamp: number;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n  password: string,\n  salt: Uint8Array,\n): Promise<CryptoKey> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveKey'],\n  );\n\n  return crypto.subtle.deriveKey(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    { name: 'AES-GCM', length: KEY_LENGTH },\n    false,\n    ['encrypt', 'decrypt'],\n  );\n}\n\nexport async function encrypt(\n  plaintext: string,\n  password: string,\n): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n  const key = await deriveKey(password, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    new TextEncoder().encode(plaintext),\n  );\n\n  const combined = new Uint8Array(\n    salt.length + iv.length + new Uint8Array(ciphertext).length,\n  );\n  combined.set(salt, 0);\n  combined.set(iv, salt.length);\n  combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n  encrypted: string,\n  password: string,\n): Promise<string> {\n  const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n  const salt = combined.slice(0, SALT_LENGTH);\n  const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n  const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n  const key = await deriveKey(password, salt);\n\n  const plaintext = await crypto.subtle.decrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    ciphertext,\n  );\n\n  return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n  password: string,\n  salt: Uint8Array,\n): Promise<Uint8Array> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveBits'],\n  );\n\n  const bits = await crypto.subtle.deriveBits(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    KEY_LENGTH,\n  );\n\n  return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const hash = await deriveRawHash(password, salt);\n\n  const combined = new Uint8Array(salt.length + hash.length);\n  combined.set(salt, 0);\n  combined.set(hash, salt.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n  password: string,\n  storedHash: string,\n): Promise<boolean> {\n  const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n  const salt = combined.slice(0, SALT_LENGTH);\n  const originalHash = combined.slice(SALT_LENGTH);\n\n  const newHash = await deriveRawHash(password, salt);\n\n  if (originalHash.length !== newHash.length) return false;\n  return originalHash.every((byte, i) => byte === newHash[i]);\n}\n\nexport function maskKey(key: string): string {\n  if (key.length <= 8) return '****';\n  return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n  constructor(\n    public readonly code: ByokyErrorCode,\n    message: string,\n    public readonly details?: Record<string, unknown>,\n  ) {\n    super(message);\n    this.name = 'ByokyError';\n  }\n\n  static walletNotInstalled() {\n    return new ByokyError(\n      ByokyErrorCode.WALLET_NOT_INSTALLED,\n      'byoky wallet extension is not installed',\n    );\n  }\n\n  static userRejected() {\n    return new ByokyError(\n      ByokyErrorCode.USER_REJECTED,\n      'User rejected the connection request',\n    );\n  }\n\n  static providerUnavailable(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.PROVIDER_UNAVAILABLE,\n      `Provider \"${providerId}\" is not available`,\n      { providerId },\n    );\n  }\n\n  static sessionExpired() {\n    return new ByokyError(\n      ByokyErrorCode.SESSION_EXPIRED,\n      'Session has expired — please reconnect',\n    );\n  }\n\n  static rateLimited(retryAfter?: number) {\n    return new ByokyError(\n      ByokyErrorCode.RATE_LIMITED,\n      `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n      { retryAfter },\n    );\n  }\n\n  static quotaExceeded(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.QUOTA_EXCEEDED,\n      `Quota exceeded for ${providerId} — check your billing`,\n      { providerId },\n    );\n  }\n\n  static invalidKey(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.INVALID_KEY,\n      `Invalid API key for ${providerId}`,\n      { providerId },\n    );\n  }\n\n  static tokenExpired(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.TOKEN_EXPIRED,\n      `OAuth token expired for ${providerId} — re-authentication required`,\n      { providerId },\n    );\n  }\n}\n","import type {\n  ByokyMessage,\n  ConnectRequest,\n  ConnectResponse,\n  MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n  type: MessageType,\n  payload: unknown,\n  requestId?: string,\n): ByokyMessage {\n  return {\n    type,\n    id: crypto.randomUUID(),\n    requestId,\n    payload,\n  };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n  return (\n    typeof data === 'object' &&\n    data !== null &&\n    'type' in data &&\n    typeof (data as ByokyMessage).type === 'string' &&\n    (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n  );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n  response: ConnectResponse,\n  requestId: string,\n): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n  code: string,\n  message: string,\n  requestId?: string,\n): ByokyMessage {\n  return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n  anthropic: {\n    id: 'anthropic',\n    name: 'Anthropic',\n    authMethods: ['api_key', 'oauth'],\n    baseUrl: 'https://api.anthropic.com',\n    oauthConfig: {\n      authorizationUrl: 'https://console.anthropic.com/oauth/authorize',\n      tokenUrl: 'https://console.anthropic.com/oauth/token',\n      scopes: [],\n    },\n  },\n  openai: {\n    id: 'openai',\n    name: 'OpenAI',\n    authMethods: ['api_key'],\n    baseUrl: 'https://api.openai.com',\n  },\n  gemini: {\n    id: 'gemini',\n    name: 'Google Gemini',\n    authMethods: ['api_key'],\n    baseUrl: 'https://generativelanguage.googleapis.com',\n  },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n  return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n  return Object.keys(PROVIDERS);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACoJO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,aAAU;AAVA,SAAAA;AAAA,GAAA;;;ACpJZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,SAAO,aAAa,MAAM,CAAC,MAAM,MAAM,SAAS,QAAQ,CAAC,CAAC;AAC5D;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;ACtHO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AACF;;;ACjEO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,IACT,aAAa;AAAA,MACX,kBAAkB;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ,CAAC;AAAA,IACX;AAAA,EACF;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;","names":["ByokyErrorCode"]}
+{"version":3,"sources":["../src/index.ts","../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts"],"sourcesContent":["export * from './types.js';\nexport * from './crypto.js';\nexport * from './errors.js';\nexport * from './protocol.js';\nexport * from './providers.js';\n","export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n  id: ProviderId;\n  name: string;\n  authMethods: AuthMethod[];\n  baseUrl: string;\n  oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n  clientId: string;\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n  authMethod: 'api_key';\n  encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n  authMethod: 'oauth';\n  encryptedAccessToken: string;\n  encryptedRefreshToken?: string;\n  expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n  maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n  id: string;\n  sessionKey: string;\n  appOrigin: string;\n  appName?: string;\n  providers: SessionProvider[];\n  createdAt: number;\n  expiresAt: number;\n}\n\nexport interface SessionProvider {\n  providerId: ProviderId;\n  credentialId: string;\n  available: boolean;\n  authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n  providers?: ProviderRequirement[];\n  capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n  id: ProviderId;\n  required: boolean;\n}\n\nexport interface ConnectResponse {\n  sessionKey: string;\n  proxyUrl: string;\n  providers: Record<\n    string,\n    {\n      available: boolean;\n      authMethod: AuthMethod;\n    }\n  >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n  requestId: string;\n  sessionKey: string;\n  providerId: string;\n  url: string;\n  method: string;\n  headers: Record<string, string>;\n  body?: string;\n}\n\nexport interface ProxyResponseMeta {\n  requestId: string;\n  status: number;\n  statusText: string;\n  headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n  requestId: string;\n  chunk: string;\n}\n\nexport interface ProxyResponseError {\n  requestId: string;\n  status: number;\n  error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n  | 'BYOKY_CONNECT_REQUEST'\n  | 'BYOKY_CONNECT_RESPONSE'\n  | 'BYOKY_DISCONNECT'\n  | 'BYOKY_PROXY_REQUEST'\n  | 'BYOKY_PROXY_RESPONSE_META'\n  | 'BYOKY_PROXY_RESPONSE_CHUNK'\n  | 'BYOKY_PROXY_RESPONSE_DONE'\n  | 'BYOKY_PROXY_RESPONSE_ERROR'\n  | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n  type: MessageType;\n  id: string;\n  requestId?: string;\n  payload: unknown;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n  WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n  USER_REJECTED = 'USER_REJECTED',\n  PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n  SESSION_EXPIRED = 'SESSION_EXPIRED',\n  RATE_LIMITED = 'RATE_LIMITED',\n  QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n  INVALID_KEY = 'INVALID_KEY',\n  TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n  PROXY_ERROR = 'PROXY_ERROR',\n  UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n  id: string;\n  sessionId: string;\n  appOrigin: string;\n  providerId: ProviderId;\n  url: string;\n  method: string;\n  status: number;\n  timestamp: number;\n  error?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n  id: string;\n  appOrigin: string;\n  appName?: string;\n  providers: ProviderRequirement[];\n  timestamp: number;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n  password: string,\n  salt: Uint8Array,\n): Promise<CryptoKey> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveKey'],\n  );\n\n  return crypto.subtle.deriveKey(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    { name: 'AES-GCM', length: KEY_LENGTH },\n    false,\n    ['encrypt', 'decrypt'],\n  );\n}\n\nexport async function encrypt(\n  plaintext: string,\n  password: string,\n): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n  const key = await deriveKey(password, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    new TextEncoder().encode(plaintext),\n  );\n\n  const combined = new Uint8Array(\n    salt.length + iv.length + new Uint8Array(ciphertext).length,\n  );\n  combined.set(salt, 0);\n  combined.set(iv, salt.length);\n  combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n  encrypted: string,\n  password: string,\n): Promise<string> {\n  const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n  const salt = combined.slice(0, SALT_LENGTH);\n  const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n  const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n  const key = await deriveKey(password, salt);\n\n  const plaintext = await crypto.subtle.decrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    ciphertext,\n  );\n\n  return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n  password: string,\n  salt: Uint8Array,\n): Promise<Uint8Array> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveBits'],\n  );\n\n  const bits = await crypto.subtle.deriveBits(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    KEY_LENGTH,\n  );\n\n  return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const hash = await deriveRawHash(password, salt);\n\n  const combined = new Uint8Array(salt.length + hash.length);\n  combined.set(salt, 0);\n  combined.set(hash, salt.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n  password: string,\n  storedHash: string,\n): Promise<boolean> {\n  const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n  const salt = combined.slice(0, SALT_LENGTH);\n  const originalHash = combined.slice(SALT_LENGTH);\n\n  const newHash = await deriveRawHash(password, salt);\n\n  if (originalHash.length !== newHash.length) return false;\n  return originalHash.every((byte, i) => byte === newHash[i]);\n}\n\nexport function maskKey(key: string): string {\n  if (key.length <= 8) return '****';\n  return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n  constructor(\n    public readonly code: ByokyErrorCode,\n    message: string,\n    public readonly details?: Record<string, unknown>,\n  ) {\n    super(message);\n    this.name = 'ByokyError';\n  }\n\n  static walletNotInstalled() {\n    return new ByokyError(\n      ByokyErrorCode.WALLET_NOT_INSTALLED,\n      'byoky wallet extension is not installed',\n    );\n  }\n\n  static userRejected() {\n    return new ByokyError(\n      ByokyErrorCode.USER_REJECTED,\n      'User rejected the connection request',\n    );\n  }\n\n  static providerUnavailable(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.PROVIDER_UNAVAILABLE,\n      `Provider \"${providerId}\" is not available`,\n      { providerId },\n    );\n  }\n\n  static sessionExpired() {\n    return new ByokyError(\n      ByokyErrorCode.SESSION_EXPIRED,\n      'Session has expired — please reconnect',\n    );\n  }\n\n  static rateLimited(retryAfter?: number) {\n    return new ByokyError(\n      ByokyErrorCode.RATE_LIMITED,\n      `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n      { retryAfter },\n    );\n  }\n\n  static quotaExceeded(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.QUOTA_EXCEEDED,\n      `Quota exceeded for ${providerId} — check your billing`,\n      { providerId },\n    );\n  }\n\n  static invalidKey(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.INVALID_KEY,\n      `Invalid API key for ${providerId}`,\n      { providerId },\n    );\n  }\n\n  static tokenExpired(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.TOKEN_EXPIRED,\n      `OAuth token expired for ${providerId} — re-authentication required`,\n      { providerId },\n    );\n  }\n}\n","import type {\n  ByokyMessage,\n  ConnectRequest,\n  ConnectResponse,\n  MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n  type: MessageType,\n  payload: unknown,\n  requestId?: string,\n): ByokyMessage {\n  return {\n    type,\n    id: crypto.randomUUID(),\n    requestId,\n    payload,\n  };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n  return (\n    typeof data === 'object' &&\n    data !== null &&\n    'type' in data &&\n    typeof (data as ByokyMessage).type === 'string' &&\n    (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n  );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n  response: ConnectResponse,\n  requestId: string,\n): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n  code: string,\n  message: string,\n  requestId?: string,\n): ByokyMessage {\n  return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n  anthropic: {\n    id: 'anthropic',\n    name: 'Anthropic',\n    authMethods: ['api_key', 'oauth'],\n    baseUrl: 'https://api.anthropic.com',\n  },\n  openai: {\n    id: 'openai',\n    name: 'OpenAI',\n    authMethods: ['api_key'],\n    baseUrl: 'https://api.openai.com',\n  },\n  gemini: {\n    id: 'gemini',\n    name: 'Google Gemini',\n    authMethods: ['api_key'],\n    baseUrl: 'https://generativelanguage.googleapis.com',\n  },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n  return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n  return Object.keys(PROVIDERS);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACqJO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,aAAU;AAVA,SAAAA;AAAA,GAAA;;;ACrJZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,SAAO,aAAa,MAAM,CAAC,MAAM,MAAM,SAAS,QAAQ,CAAC,CAAC;AAC5D;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;ACtHO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AACF;;;ACjEO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;","names":["ByokyErrorCode"]}

package/dist/index.d.cts

@@ -8,6 +8,7 @@ interface ProviderConfig {
     oauthConfig?: OAuthConfig;
 }
 interface OAuthConfig {
+    clientId: string;
     authorizationUrl: string;
     tokenUrl: string;
     scopes: string[];

package/dist/index.d.ts

@@ -8,6 +8,7 @@ interface ProviderConfig {
     oauthConfig?: OAuthConfig;
 }
 interface OAuthConfig {
+    clientId: string;
     authorizationUrl: string;
     tokenUrl: string;
     scopes: string[];

package/dist/index.js

@@ -193,12 +193,7 @@ var PROVIDERS = {
     id: "anthropic",
     name: "Anthropic",
     authMethods: ["api_key", "oauth"],
-    baseUrl: "https://api.anthropic.com",
-    oauthConfig: {
-      authorizationUrl: "https://console.anthropic.com/oauth/authorize",
-      tokenUrl: "https://console.anthropic.com/oauth/token",
-      scopes: []
-    }
+    baseUrl: "https://api.anthropic.com"
   },
   openai: {
     id: "openai",

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts"],"sourcesContent":["export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n  id: ProviderId;\n  name: string;\n  authMethods: AuthMethod[];\n  baseUrl: string;\n  oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n  authMethod: 'api_key';\n  encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n  authMethod: 'oauth';\n  encryptedAccessToken: string;\n  encryptedRefreshToken?: string;\n  expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n  maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n  id: string;\n  sessionKey: string;\n  appOrigin: string;\n  appName?: string;\n  providers: SessionProvider[];\n  createdAt: number;\n  expiresAt: number;\n}\n\nexport interface SessionProvider {\n  providerId: ProviderId;\n  credentialId: string;\n  available: boolean;\n  authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n  providers?: ProviderRequirement[];\n  capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n  id: ProviderId;\n  required: boolean;\n}\n\nexport interface ConnectResponse {\n  sessionKey: string;\n  proxyUrl: string;\n  providers: Record<\n    string,\n    {\n      available: boolean;\n      authMethod: AuthMethod;\n    }\n  >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n  requestId: string;\n  sessionKey: string;\n  providerId: string;\n  url: string;\n  method: string;\n  headers: Record<string, string>;\n  body?: string;\n}\n\nexport interface ProxyResponseMeta {\n  requestId: string;\n  status: number;\n  statusText: string;\n  headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n  requestId: string;\n  chunk: string;\n}\n\nexport interface ProxyResponseError {\n  requestId: string;\n  status: number;\n  error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n  | 'BYOKY_CONNECT_REQUEST'\n  | 'BYOKY_CONNECT_RESPONSE'\n  | 'BYOKY_DISCONNECT'\n  | 'BYOKY_PROXY_REQUEST'\n  | 'BYOKY_PROXY_RESPONSE_META'\n  | 'BYOKY_PROXY_RESPONSE_CHUNK'\n  | 'BYOKY_PROXY_RESPONSE_DONE'\n  | 'BYOKY_PROXY_RESPONSE_ERROR'\n  | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n  type: MessageType;\n  id: string;\n  requestId?: string;\n  payload: unknown;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n  WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n  USER_REJECTED = 'USER_REJECTED',\n  PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n  SESSION_EXPIRED = 'SESSION_EXPIRED',\n  RATE_LIMITED = 'RATE_LIMITED',\n  QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n  INVALID_KEY = 'INVALID_KEY',\n  TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n  PROXY_ERROR = 'PROXY_ERROR',\n  UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n  id: string;\n  sessionId: string;\n  appOrigin: string;\n  providerId: ProviderId;\n  url: string;\n  method: string;\n  status: number;\n  timestamp: number;\n  error?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n  id: string;\n  appOrigin: string;\n  appName?: string;\n  providers: ProviderRequirement[];\n  timestamp: number;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n  password: string,\n  salt: Uint8Array,\n): Promise<CryptoKey> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveKey'],\n  );\n\n  return crypto.subtle.deriveKey(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    { name: 'AES-GCM', length: KEY_LENGTH },\n    false,\n    ['encrypt', 'decrypt'],\n  );\n}\n\nexport async function encrypt(\n  plaintext: string,\n  password: string,\n): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n  const key = await deriveKey(password, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    new TextEncoder().encode(plaintext),\n  );\n\n  const combined = new Uint8Array(\n    salt.length + iv.length + new Uint8Array(ciphertext).length,\n  );\n  combined.set(salt, 0);\n  combined.set(iv, salt.length);\n  combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n  encrypted: string,\n  password: string,\n): Promise<string> {\n  const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n  const salt = combined.slice(0, SALT_LENGTH);\n  const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n  const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n  const key = await deriveKey(password, salt);\n\n  const plaintext = await crypto.subtle.decrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    ciphertext,\n  );\n\n  return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n  password: string,\n  salt: Uint8Array,\n): Promise<Uint8Array> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveBits'],\n  );\n\n  const bits = await crypto.subtle.deriveBits(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    KEY_LENGTH,\n  );\n\n  return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const hash = await deriveRawHash(password, salt);\n\n  const combined = new Uint8Array(salt.length + hash.length);\n  combined.set(salt, 0);\n  combined.set(hash, salt.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n  password: string,\n  storedHash: string,\n): Promise<boolean> {\n  const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n  const salt = combined.slice(0, SALT_LENGTH);\n  const originalHash = combined.slice(SALT_LENGTH);\n\n  const newHash = await deriveRawHash(password, salt);\n\n  if (originalHash.length !== newHash.length) return false;\n  return originalHash.every((byte, i) => byte === newHash[i]);\n}\n\nexport function maskKey(key: string): string {\n  if (key.length <= 8) return '****';\n  return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n  constructor(\n    public readonly code: ByokyErrorCode,\n    message: string,\n    public readonly details?: Record<string, unknown>,\n  ) {\n    super(message);\n    this.name = 'ByokyError';\n  }\n\n  static walletNotInstalled() {\n    return new ByokyError(\n      ByokyErrorCode.WALLET_NOT_INSTALLED,\n      'byoky wallet extension is not installed',\n    );\n  }\n\n  static userRejected() {\n    return new ByokyError(\n      ByokyErrorCode.USER_REJECTED,\n      'User rejected the connection request',\n    );\n  }\n\n  static providerUnavailable(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.PROVIDER_UNAVAILABLE,\n      `Provider \"${providerId}\" is not available`,\n      { providerId },\n    );\n  }\n\n  static sessionExpired() {\n    return new ByokyError(\n      ByokyErrorCode.SESSION_EXPIRED,\n      'Session has expired — please reconnect',\n    );\n  }\n\n  static rateLimited(retryAfter?: number) {\n    return new ByokyError(\n      ByokyErrorCode.RATE_LIMITED,\n      `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n      { retryAfter },\n    );\n  }\n\n  static quotaExceeded(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.QUOTA_EXCEEDED,\n      `Quota exceeded for ${providerId} — check your billing`,\n      { providerId },\n    );\n  }\n\n  static invalidKey(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.INVALID_KEY,\n      `Invalid API key for ${providerId}`,\n      { providerId },\n    );\n  }\n\n  static tokenExpired(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.TOKEN_EXPIRED,\n      `OAuth token expired for ${providerId} — re-authentication required`,\n      { providerId },\n    );\n  }\n}\n","import type {\n  ByokyMessage,\n  ConnectRequest,\n  ConnectResponse,\n  MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n  type: MessageType,\n  payload: unknown,\n  requestId?: string,\n): ByokyMessage {\n  return {\n    type,\n    id: crypto.randomUUID(),\n    requestId,\n    payload,\n  };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n  return (\n    typeof data === 'object' &&\n    data !== null &&\n    'type' in data &&\n    typeof (data as ByokyMessage).type === 'string' &&\n    (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n  );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n  response: ConnectResponse,\n  requestId: string,\n): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n  code: string,\n  message: string,\n  requestId?: string,\n): ByokyMessage {\n  return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n  anthropic: {\n    id: 'anthropic',\n    name: 'Anthropic',\n    authMethods: ['api_key', 'oauth'],\n    baseUrl: 'https://api.anthropic.com',\n    oauthConfig: {\n      authorizationUrl: 'https://console.anthropic.com/oauth/authorize',\n      tokenUrl: 'https://console.anthropic.com/oauth/token',\n      scopes: [],\n    },\n  },\n  openai: {\n    id: 'openai',\n    name: 'OpenAI',\n    authMethods: ['api_key'],\n    baseUrl: 'https://api.openai.com',\n  },\n  gemini: {\n    id: 'gemini',\n    name: 'Google Gemini',\n    authMethods: ['api_key'],\n    baseUrl: 'https://generativelanguage.googleapis.com',\n  },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n  return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n  return Object.keys(PROVIDERS);\n}\n"],"mappings":";AAoJO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,aAAU;AAVA,SAAAA;AAAA,GAAA;;;ACpJZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,SAAO,aAAa,MAAM,CAAC,MAAM,MAAM,SAAS,QAAQ,CAAC,CAAC;AAC5D;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;ACtHO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AACF;;;ACjEO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,IACT,aAAa;AAAA,MACX,kBAAkB;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ,CAAC;AAAA,IACX;AAAA,EACF;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;","names":["ByokyErrorCode"]}
+{"version":3,"sources":["../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts"],"sourcesContent":["export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n  id: ProviderId;\n  name: string;\n  authMethods: AuthMethod[];\n  baseUrl: string;\n  oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n  clientId: string;\n  authorizationUrl: string;\n  tokenUrl: string;\n  scopes: string[];\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n  authMethod: 'api_key';\n  encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n  authMethod: 'oauth';\n  encryptedAccessToken: string;\n  encryptedRefreshToken?: string;\n  expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n  id: string;\n  providerId: ProviderId;\n  label: string;\n  authMethod: AuthMethod;\n  createdAt: number;\n  lastUsedAt?: number;\n  maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n  id: string;\n  sessionKey: string;\n  appOrigin: string;\n  appName?: string;\n  providers: SessionProvider[];\n  createdAt: number;\n  expiresAt: number;\n}\n\nexport interface SessionProvider {\n  providerId: ProviderId;\n  credentialId: string;\n  available: boolean;\n  authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n  providers?: ProviderRequirement[];\n  capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n  id: ProviderId;\n  required: boolean;\n}\n\nexport interface ConnectResponse {\n  sessionKey: string;\n  proxyUrl: string;\n  providers: Record<\n    string,\n    {\n      available: boolean;\n      authMethod: AuthMethod;\n    }\n  >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n  requestId: string;\n  sessionKey: string;\n  providerId: string;\n  url: string;\n  method: string;\n  headers: Record<string, string>;\n  body?: string;\n}\n\nexport interface ProxyResponseMeta {\n  requestId: string;\n  status: number;\n  statusText: string;\n  headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n  requestId: string;\n  chunk: string;\n}\n\nexport interface ProxyResponseError {\n  requestId: string;\n  status: number;\n  error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n  | 'BYOKY_CONNECT_REQUEST'\n  | 'BYOKY_CONNECT_RESPONSE'\n  | 'BYOKY_DISCONNECT'\n  | 'BYOKY_PROXY_REQUEST'\n  | 'BYOKY_PROXY_RESPONSE_META'\n  | 'BYOKY_PROXY_RESPONSE_CHUNK'\n  | 'BYOKY_PROXY_RESPONSE_DONE'\n  | 'BYOKY_PROXY_RESPONSE_ERROR'\n  | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n  type: MessageType;\n  id: string;\n  requestId?: string;\n  payload: unknown;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n  WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n  USER_REJECTED = 'USER_REJECTED',\n  PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n  SESSION_EXPIRED = 'SESSION_EXPIRED',\n  RATE_LIMITED = 'RATE_LIMITED',\n  QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n  INVALID_KEY = 'INVALID_KEY',\n  TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n  PROXY_ERROR = 'PROXY_ERROR',\n  UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n  id: string;\n  sessionId: string;\n  appOrigin: string;\n  providerId: ProviderId;\n  url: string;\n  method: string;\n  status: number;\n  timestamp: number;\n  error?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n  id: string;\n  appOrigin: string;\n  appName?: string;\n  providers: ProviderRequirement[];\n  timestamp: number;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n  password: string,\n  salt: Uint8Array,\n): Promise<CryptoKey> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveKey'],\n  );\n\n  return crypto.subtle.deriveKey(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    { name: 'AES-GCM', length: KEY_LENGTH },\n    false,\n    ['encrypt', 'decrypt'],\n  );\n}\n\nexport async function encrypt(\n  plaintext: string,\n  password: string,\n): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n  const key = await deriveKey(password, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    new TextEncoder().encode(plaintext),\n  );\n\n  const combined = new Uint8Array(\n    salt.length + iv.length + new Uint8Array(ciphertext).length,\n  );\n  combined.set(salt, 0);\n  combined.set(iv, salt.length);\n  combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n  encrypted: string,\n  password: string,\n): Promise<string> {\n  const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n  const salt = combined.slice(0, SALT_LENGTH);\n  const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n  const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n  const key = await deriveKey(password, salt);\n\n  const plaintext = await crypto.subtle.decrypt(\n    { name: 'AES-GCM', iv },\n    key,\n    ciphertext,\n  );\n\n  return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n  password: string,\n  salt: Uint8Array,\n): Promise<Uint8Array> {\n  const keyMaterial = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(password),\n    'PBKDF2',\n    false,\n    ['deriveBits'],\n  );\n\n  const bits = await crypto.subtle.deriveBits(\n    { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n    keyMaterial,\n    KEY_LENGTH,\n  );\n\n  return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const hash = await deriveRawHash(password, salt);\n\n  const combined = new Uint8Array(salt.length + hash.length);\n  combined.set(salt, 0);\n  combined.set(hash, salt.length);\n\n  return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n  password: string,\n  storedHash: string,\n): Promise<boolean> {\n  const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n  const salt = combined.slice(0, SALT_LENGTH);\n  const originalHash = combined.slice(SALT_LENGTH);\n\n  const newHash = await deriveRawHash(password, salt);\n\n  if (originalHash.length !== newHash.length) return false;\n  return originalHash.every((byte, i) => byte === newHash[i]);\n}\n\nexport function maskKey(key: string): string {\n  if (key.length <= 8) return '****';\n  return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n  constructor(\n    public readonly code: ByokyErrorCode,\n    message: string,\n    public readonly details?: Record<string, unknown>,\n  ) {\n    super(message);\n    this.name = 'ByokyError';\n  }\n\n  static walletNotInstalled() {\n    return new ByokyError(\n      ByokyErrorCode.WALLET_NOT_INSTALLED,\n      'byoky wallet extension is not installed',\n    );\n  }\n\n  static userRejected() {\n    return new ByokyError(\n      ByokyErrorCode.USER_REJECTED,\n      'User rejected the connection request',\n    );\n  }\n\n  static providerUnavailable(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.PROVIDER_UNAVAILABLE,\n      `Provider \"${providerId}\" is not available`,\n      { providerId },\n    );\n  }\n\n  static sessionExpired() {\n    return new ByokyError(\n      ByokyErrorCode.SESSION_EXPIRED,\n      'Session has expired — please reconnect',\n    );\n  }\n\n  static rateLimited(retryAfter?: number) {\n    return new ByokyError(\n      ByokyErrorCode.RATE_LIMITED,\n      `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n      { retryAfter },\n    );\n  }\n\n  static quotaExceeded(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.QUOTA_EXCEEDED,\n      `Quota exceeded for ${providerId} — check your billing`,\n      { providerId },\n    );\n  }\n\n  static invalidKey(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.INVALID_KEY,\n      `Invalid API key for ${providerId}`,\n      { providerId },\n    );\n  }\n\n  static tokenExpired(providerId: string) {\n    return new ByokyError(\n      ByokyErrorCode.TOKEN_EXPIRED,\n      `OAuth token expired for ${providerId} — re-authentication required`,\n      { providerId },\n    );\n  }\n}\n","import type {\n  ByokyMessage,\n  ConnectRequest,\n  ConnectResponse,\n  MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n  type: MessageType,\n  payload: unknown,\n  requestId?: string,\n): ByokyMessage {\n  return {\n    type,\n    id: crypto.randomUUID(),\n    requestId,\n    payload,\n  };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n  return (\n    typeof data === 'object' &&\n    data !== null &&\n    'type' in data &&\n    typeof (data as ByokyMessage).type === 'string' &&\n    (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n  );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n  response: ConnectResponse,\n  requestId: string,\n): ByokyMessage {\n  return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n  code: string,\n  message: string,\n  requestId?: string,\n): ByokyMessage {\n  return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n  anthropic: {\n    id: 'anthropic',\n    name: 'Anthropic',\n    authMethods: ['api_key', 'oauth'],\n    baseUrl: 'https://api.anthropic.com',\n  },\n  openai: {\n    id: 'openai',\n    name: 'OpenAI',\n    authMethods: ['api_key'],\n    baseUrl: 'https://api.openai.com',\n  },\n  gemini: {\n    id: 'gemini',\n    name: 'Google Gemini',\n    authMethods: ['api_key'],\n    baseUrl: 'https://generativelanguage.googleapis.com',\n  },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n  return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n  return Object.keys(PROVIDERS);\n}\n"],"mappings":";AAqJO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,aAAU;AAVA,SAAAA;AAAA,GAAA;;;ACrJZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,SAAO,aAAa,MAAM,CAAC,MAAM,MAAM,SAAS,QAAQ,CAAC,CAAC;AAC5D;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;ACtHO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AACF;;;ACjEO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;","names":["ByokyErrorCode"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@byoky/core",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "type": "module",
   "main": "./dist/index.cjs",
   "module": "./dist/index.js",