@cello-protocol/daemon 0.0.3 → 0.0.4

package/dist/session-tree.js

@@ -0,0 +1,123 @@
+/**
+ * CELLO Daemon — SessionTree (CELLO-M7-DAEMON-004, Option A)
+ *
+ * The DAEMON-OWNED per-session Merkle tree. This is the authoritative running
+ * transcript of every leaf (sent or received) for a session. Before this story,
+ * the daemon "did not maintain the session Merkle tree — the client supplied it"
+ * (daemon.ts:568). Option A re-homes ownership here: the daemon is the component
+ * that sends and receives every message, so the transcript belongs where the
+ * messages flow.
+ *
+ * Specification (SPARC Phase S):
+ *   - A leaf is the 32-byte leaf hash of a message or control entry, in order.
+ *     For a message leaf the leaf hash is content_hash = SHA-256(0x00 || content)
+ *     (msgLeafHash, RFC 6962 §2.1 leaf hashing). For a control leaf (SEAL) the
+ *     leaf hash is SHA-256(0x02 || canonical_bytes) (ctrlLeafHash). Both sides of
+ *     a session compute the SAME leaf hash for the SAME message, so appending the
+ *     SAME leaves in the SAME order yields the SAME root (AC-002).
+ *   - The root is recomputed over all leaves after every append (RFC 6962 §2.1,
+ *     left-balanced binary Merkle tree). Empty tree root = SHA-256("").
+ *   - The tree is serializable to/from an ordered list of leaf-hash hex strings so
+ *     it can be persisted to SQLCipher and reloaded across a daemon restart (AC-007).
+ *
+ * Pseudocode (SPARC Phase P):
+ *   appendLeafHash(kind, hashHex):
+ *     1. push {kind, hashHex} onto leaves
+ *     2. return { leafIndex: leaves.length - 1, newRootHex: rootHex() }
+ *   rootHex():
+ *     1. build = buildMerkleTree(leaves.map(l => {kind:"hash", data: bytes(l.hashHex)}))
+ *     2. return hex(merkleRoot(build))   // empty → hex(SHA-256(""))
+ *   fromLeaves(leaves): reconstruct from persisted ordered list.
+ *
+ * Crypto refs: RFC 6962 §2.1 (Merkle hash trees), FIPS 180-4 (SHA-256).
+ */
+import { buildMerkleTree, merkleRoot } from "@cello-protocol/crypto";
+/**
+ * A daemon-owned per-session Merkle tree. Leaves are stored as pre-computed
+ * 32-byte leaf hashes (hex), so reconstruction is exact regardless of the
+ * original payload — the daemon never needs the plaintext to recompute the root.
+ */
+export class SessionTree {
+    #leaves;
+    // O(1) content-hash -> first leaf index, so the inbound dedup check (DOD-MSG-5) is not a linear
+    // scan per message (review finding #5). Stores the FIRST occurrence to match findIndex semantics.
+    // Rebuilt from #leaves in the constructor, so it survives the fromLeaves() restart path for free.
+    #indexByHash;
+    constructor(leaves) {
+        this.#leaves = leaves;
+        this.#indexByHash = new Map();
+        for (let i = 0; i < leaves.length; i++) {
+            if (!this.#indexByHash.has(leaves[i].hashHex))
+                this.#indexByHash.set(leaves[i].hashHex, i);
+        }
+    }
+    /** O(1) index of the first leaf with this content-hash, or -1 if absent (DOD-MSG-5 dedup). */
+    indexOfHash(hashHex) {
+        return this.#indexByHash.get(hashHex) ?? -1;
+    }
+    /** Construct an empty tree. */
+    static empty() {
+        return new SessionTree([]);
+    }
+    /** Reconstruct a tree from a persisted, ordered list of leaves (AC-007). */
+    static fromLeaves(leaves) {
+        return new SessionTree(leaves.map((l) => ({ kind: l.kind, hashHex: l.hashHex })));
+    }
+    /** Number of leaves currently in the tree. */
+    size() {
+        return this.#leaves.length;
+    }
+    /** Ordered copy of the leaves (for persistence / inspection). */
+    leaves() {
+        return this.#leaves.map((l) => ({ kind: l.kind, hashHex: l.hashHex }));
+    }
+    /**
+     * Append a leaf (by its pre-computed 32-byte leaf-hash hex) and advance the root.
+     * @returns the new leaf's index and the recomputed root hex.
+     */
+    appendLeafHash(kind, hashHex) {
+        if (!/^[0-9a-f]{64}$/.test(hashHex)) {
+            throw new Error(`SessionTree.appendLeafHash: hashHex must be 64 lowercase hex chars (32 bytes), got length ${hashHex.length}`);
+        }
+        this.#leaves.push({ kind, hashHex });
+        const leafIndex = this.#leaves.length - 1;
+        if (!this.#indexByHash.has(hashHex))
+            this.#indexByHash.set(hashHex, leafIndex);
+        return { leafIndex, newRootHex: this.rootHex() };
+    }
+    /**
+     * Recompute and return the current Merkle root as hex.
+     * Empty tree → hex(SHA-256("")) per RFC 6962 §2.1.
+     */
+    rootHex() {
+        const inputs = this.#leaves.map((l) => ({
+            kind: "hash",
+            data: hexToBytes(l.hashHex),
+        }));
+        const tree = buildMerkleTree(inputs);
+        return bytesToHex(merkleRoot(tree));
+    }
+    /**
+     * SESSION-002: the Merkle root this tree WOULD have if one more leaf (hashHex) were
+     * appended — WITHOUT mutating the tree. Used to compute the reported_root for a unilateral
+     * seal: the post-SEAL-ctrl-leaf root the directory rebuilds from the relay's content-hash
+     * chain and verifies, without advancing the durable tree / message_count.
+     */
+    rootWithAppendedHex(hashHex) {
+        if (!/^[0-9a-f]{64}$/.test(hashHex)) {
+            throw new Error(`SessionTree.rootWithAppendedHex: hashHex must be 64 lowercase hex chars (32 bytes), got length ${hashHex.length}`);
+        }
+        const inputs = [...this.#leaves, { kind: "ctrl", hashHex }].map((l) => ({
+            kind: "hash",
+            data: hexToBytes(l.hashHex),
+        }));
+        return bytesToHex(merkleRoot(buildMerkleTree(inputs)));
+    }
+}
+function hexToBytes(hex) {
+    return new Uint8Array(Buffer.from(hex, "hex"));
+}
+function bytesToHex(bytes) {
+    return Buffer.from(bytes).toString("hex");
+}
+//# sourceMappingURL=session-tree.js.map

package/dist/session-tree.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-tree.js","sourceRoot":"","sources":["../src/session-tree.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,eAAe,EAAE,UAAU,EAAkB,MAAM,wBAAwB,CAAC;AAWrF;;;;GAIG;AACH,MAAM,OAAO,WAAW;IACb,OAAO,CAAoB;IACpC,gGAAgG;IAChG,kGAAkG;IAClG,kGAAkG;IACzF,YAAY,CAAsB;IAE3C,YAAoB,MAAyB;QAC3C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,8FAA8F;IAC9F,WAAW,CAAC,OAAe;QACzB,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,+BAA+B;IAC/B,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,4EAA4E;IAC5E,MAAM,CAAC,UAAU,CAAC,MAAkC;QAClD,OAAO,IAAI,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,8CAA8C;IAC9C,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,iEAAiE;IACjE,MAAM;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACzE,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,IAAyB,EAAE,OAAe;QACvD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,6FAA6F,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACjI,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC/E,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;IACnD,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,MAAM,MAAM,GAAgB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,EAAE,MAAe;YACrB,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;SAC5B,CAAC,CAAC,CAAC;QACJ,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACrC,OAAO,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,mBAAmB,CAAC,OAAe;QACjC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,kGAAkG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtI,CAAC;QACD,MAAM,MAAM,GAAgB,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5F,IAAI,EAAE,MAAe;YACrB,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;SAC5B,CAAC,CAAC,CAAC;QACJ,OAAO,UAAU,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;CACF;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC"}

package/dist/signaling-connect.d.ts

@@ -0,0 +1,83 @@
+/**
+ * M7 Keystone (Part 2) — production `signalingConnect` for the daemon.
+ *
+ * This is the daemon's directory-facing dialer. It establishes ONE authenticated
+ * signaling stream to a directory node and returns it as a transport
+ * `ConnectResult`. The transport `SignalingManager` owns everything after connect:
+ * heartbeat, reconnect (it calls connect() again on a fresh attempt), the outbound
+ * queue, and optional manifest polling.
+ *
+ * It is a faithful port of the proven M6 client handshake in
+ * `core/client/src/signaling-manager.ts` (`#doOpen`, ~lines 527-643). That path
+ * connected the M6 client to the real directory, ran the full DKG ceremony, and
+ * sealed sessions — so the 7-step handshake here is the known-good one, not new
+ * protocol.
+ *
+ * Architecture note (2026-06-11 daemon-transport doc): this is the *directory-facing
+ * node* — one per daemon, signaling only. A FRESH libp2p node (and therefore a fresh
+ * transport key / Peer ID) is created on every connect, which is exactly the
+ * reconnect-rotation behavior the architecture calls for. Per-session data exchange
+ * uses separate ephemeral session nodes, not this node.
+ *
+ * Step-5/6 directory identity verification (the consortium-manifest "directory proves
+ * itself back" hardening) is OPTIONAL here: it runs only when a `challengeVerifier`
+ * is supplied. M6 ran with it off (challengeVerifier = null) and connected fine; the
+ * hardening layers on later without changing this path.
+ *
+ * Crypto reference: agent→directory auth signs SHA-256(domain ‖ nonce ‖ pubkey) with
+ * the agent's K_local Ed25519 key (RFC 8032). K_local never leaves the KeyProvider.
+ */
+import { type CelloNode, type ConnectResult, type IDirectoryChallengeVerifier } from "@cello-protocol/transport";
+import type { KeyProvider } from "@cello-protocol/crypto";
+import type { Logger } from "./types.js";
+/** A directory node the daemon can dial, resolved from bootstrap config or a manifest. */
+export interface DirectoryEndpoint {
+    peerId: string;
+    /** A dialable multiaddr (e.g. /dns4/host/tcp/443/wss/p2p/<peerId>). Optional if already connected. */
+    multiaddr?: string;
+}
+/** The agent identity that authenticates this signaling stream (steps 3-4). */
+export interface SignalingAuthIdentity {
+    keyProvider: KeyProvider;
+    pubkeyHex: string;
+}
+export interface SignalingConnectDeps {
+    /**
+     * Resolve the directory node to dial. Returns null when no endpoint is known yet.
+     * May be async — production re-resolves the bootstrap (GET /bootstrap) per connect
+     * so a directory address change is picked up on the next reconnect.
+     */
+    getDirectoryEndpoint: () => DirectoryEndpoint | null | Promise<DirectoryEndpoint | null>;
+    /** Resolve the agent identity to authenticate as. Returns null when no agent exists yet. */
+    getAuthIdentity: () => SignalingAuthIdentity | null;
+    logger: Logger;
+    /**
+     * Optional directory identity verifier (consortium-manifest step-6 hardening).
+     * When absent, directory verification is skipped — the M6 backward-compat path.
+     */
+    challengeVerifier?: IDirectoryChallengeVerifier;
+    /** Verified consortium manifest version, surfaced in ConnectResult. Defaults to 0 (no manifest). */
+    getManifestVersion?: () => number;
+    /**
+     * Test seam: inject a node factory. Production uses `createNode` to mint a fresh
+     * directory-facing node per connect.
+     */
+    createDirectoryNode?: (keyProvider: KeyProvider) => Promise<CelloNode>;
+    /**
+     * M7 Action 2: publish the live directory-facing node to the daemon so subsystems
+     * that must reach the directory on the SAME node — registration's FROST DKG
+     * (NetworkDirectoryNode), ceremonies, seal — can use it. Called with the node on a
+     * successful connect, and with `null` when the stream closes. The daemon keeps the
+     * latest reference and gates use on the signaling status being `connected`.
+     */
+    publishNode?: (node: CelloNode | null) => void;
+}
+/**
+ * Build a production `signalingConnect` for `DaemonConfig.signalingConnect`.
+ *
+ * The returned function performs one full connect attempt. It throws on any failure
+ * (no endpoint, no identity, dial failure, auth rejection, challenge failure); the
+ * transport SignalingManager catches the throw and schedules a reconnect.
+ */
+export declare function createSignalingConnect(deps: SignalingConnectDeps): () => Promise<ConnectResult>;
+//# sourceMappingURL=signaling-connect.d.ts.map

package/dist/signaling-connect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signaling-connect.d.ts","sourceRoot":"","sources":["../src/signaling-connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAMH,OAAO,EAGL,KAAK,SAAS,EACd,KAAK,aAAa,EAElB,KAAK,2BAA2B,EACjC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAqCzC,0FAA0F;AAC1F,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,sGAAsG;IACtG,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,+EAA+E;AAC/E,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,oBAAoB,EAAE,MAAM,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IACzF,4FAA4F;IAC5F,eAAe,EAAE,MAAM,qBAAqB,GAAG,IAAI,CAAC;IACpD,MAAM,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,iBAAiB,CAAC,EAAE,2BAA2B,CAAC;IAChD,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,MAAM,MAAM,CAAC;IAClC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,SAAS,CAAC,CAAC;IACvE;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI,KAAK,IAAI,CAAC;CAChD;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,oBAAoB,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CA2I/F"}

package/dist/signaling-connect.js

@@ -0,0 +1,266 @@
+/**
+ * M7 Keystone (Part 2) — production `signalingConnect` for the daemon.
+ *
+ * This is the daemon's directory-facing dialer. It establishes ONE authenticated
+ * signaling stream to a directory node and returns it as a transport
+ * `ConnectResult`. The transport `SignalingManager` owns everything after connect:
+ * heartbeat, reconnect (it calls connect() again on a fresh attempt), the outbound
+ * queue, and optional manifest polling.
+ *
+ * It is a faithful port of the proven M6 client handshake in
+ * `core/client/src/signaling-manager.ts` (`#doOpen`, ~lines 527-643). That path
+ * connected the M6 client to the real directory, ran the full DKG ceremony, and
+ * sealed sessions — so the 7-step handshake here is the known-good one, not new
+ * protocol.
+ *
+ * Architecture note (2026-06-11 daemon-transport doc): this is the *directory-facing
+ * node* — one per daemon, signaling only. A FRESH libp2p node (and therefore a fresh
+ * transport key / Peer ID) is created on every connect, which is exactly the
+ * reconnect-rotation behavior the architecture calls for. Per-session data exchange
+ * uses separate ephemeral session nodes, not this node.
+ *
+ * Step-5/6 directory identity verification (the consortium-manifest "directory proves
+ * itself back" hardening) is OPTIONAL here: it runs only when a `challengeVerifier`
+ * is supplied. M6 ran with it off (challengeVerifier = null) and connected fine; the
+ * hardening layers on later without changing this path.
+ *
+ * Crypto reference: agent→directory auth signs SHA-256(domain ‖ nonce ‖ pubkey) with
+ * the agent's K_local Ed25519 key (RFC 8032). K_local never leaves the KeyProvider.
+ */
+import { createHash } from "node:crypto";
+import { Encoder, decode } from "cbor-x";
+import * as lp from "it-length-prefixed";
+import { createNode, buildStep5Tbs, } from "@cello-protocol/transport";
+const SIGNALING_PROTOCOL_ID = "/cello/signaling/1.0.0";
+const AUTH_DOMAIN_DIR = "CELLO-DIR-AUTH-v1";
+const AUTH_TIMEOUT_MS = 5_000;
+// tagUint8Array:false — match the M6 client encoder so the directory decodes bytes
+// fields (pubkey, signature, nonce) as raw byte strings, not CBOR-tagged values.
+const CBOR_ENC = new Encoder({ tagUint8Array: false });
+function toU8(v) {
+    if (v instanceof Uint8Array)
+        return v;
+    if (Buffer.isBuffer(v))
+        return new Uint8Array(v);
+    if (typeof v.slice === "function") {
+        return v.slice();
+    }
+    throw new Error(`expected bytes, got ${typeof v}`);
+}
+function errMsg(err) {
+    return err instanceof Error ? err.message : String(err);
+}
+async function nextWithTimeout(iter, timeoutMs) {
+    return Promise.race([
+        iter.next(),
+        new Promise((_, reject) => setTimeout(() => reject(new Error("auth_timeout")), timeoutMs)),
+    ]);
+}
+async function safeStop(node) {
+    try {
+        await node.stop();
+    }
+    catch {
+        /* best-effort teardown */
+    }
+}
+/**
+ * Build a production `signalingConnect` for `DaemonConfig.signalingConnect`.
+ *
+ * The returned function performs one full connect attempt. It throws on any failure
+ * (no endpoint, no identity, dial failure, auth rejection, challenge failure); the
+ * transport SignalingManager catches the throw and schedules a reconnect.
+ */
+export function createSignalingConnect(deps) {
+    return async function connect() {
+        const endpoint = await deps.getDirectoryEndpoint();
+        if (!endpoint) {
+            throw new Error("directory_endpoint_unknown");
+        }
+        const identity = deps.getAuthIdentity();
+        if (!identity) {
+            throw new Error("no_agent_identity");
+        }
+        // Fresh directory-facing node per connect → fresh transport key / Peer ID.
+        const node = deps.createDirectoryNode
+            ? await deps.createDirectoryNode(identity.keyProvider)
+            : await createNode({ keyProvider: identity.keyProvider, listenAddresses: ["/ip4/0.0.0.0/tcp/0"] });
+        let sigStream;
+        try {
+            // L1: start() is inside the try so a start failure is caught and the
+            // partially-started node is torn down (safeStop) rather than leaked.
+            await node.start();
+            if (endpoint.multiaddr) {
+                // Best-effort dial; newStream below surfaces the real failure if unreachable.
+                try {
+                    await node.dial(endpoint.multiaddr);
+                }
+                catch (dialErr) {
+                    // L2: non-fatal (dial-by-peerId may still work / already connected), but
+                    // keep the real reason — newStream's error is generic.
+                    deps.logger.debug("directory.dial.failed", {
+                        multiaddr: endpoint.multiaddr,
+                        error: errMsg(dialErr),
+                    });
+                }
+            }
+            sigStream = await node.newStream(endpoint.peerId, SIGNALING_PROTOCOL_ID);
+        }
+        catch (err) {
+            await safeStop(node);
+            throw new Error(`directory_dial_failed: ${errMsg(err)}`);
+        }
+        const iter = lp.decode(sigStream)[Symbol.asyncIterator]();
+        try {
+            // ── Steps 1-2: receive the directory's auth challenge (32-byte nonce) ──
+            const challenge = await nextWithTimeout(iter, AUTH_TIMEOUT_MS);
+            if (challenge.done || challenge.value === undefined)
+                throw new Error("directory_auth_no_challenge");
+            const challengeFrame = decode(toU8(challenge.value));
+            if (challengeFrame["type"] !== "signaling_auth_challenge") {
+                throw new Error(`directory_auth_unexpected_frame: ${String(challengeFrame["type"])}`);
+            }
+            const nonce = toU8(challengeFrame["nonce"]);
+            if (nonce.length !== 32)
+                throw new Error("directory_auth_bad_nonce");
+            // ── Steps 3-4: sign SHA-256(domain ‖ nonce ‖ pubkey), send auth response ──
+            const myPubkey = Buffer.from(identity.pubkeyHex, "hex");
+            const domain = Buffer.from(AUTH_DOMAIN_DIR, "utf8");
+            const authMsg = new Uint8Array(Buffer.concat([domain, nonce, myPubkey]));
+            const msgHash = new Uint8Array(createHash("sha256").update(authMsg).digest());
+            const sig = await identity.keyProvider.sign(msgHash);
+            const authResponse = CBOR_ENC.encode({
+                type: "signaling_auth_response",
+                pubkey: myPubkey,
+                signature: sig,
+            });
+            sigStream.send(lp.encode.single(authResponse));
+            // ── Step 5: receive signaling_auth_ok ──
+            const ack = await nextWithTimeout(iter, AUTH_TIMEOUT_MS);
+            if (ack.done || ack.value === undefined)
+                throw new Error("directory_auth_no_ack");
+            const ackFrame = decode(toU8(ack.value));
+            if (ackFrame["type"] !== "signaling_auth_ok") {
+                throw new Error(`directory_auth_rejected: ${String(ackFrame["type"])}`);
+            }
+            // ── Step 6 (optional hardening): verify the directory's identity proof ──
+            // Runs only when a challengeVerifier is configured. M6 ran without one.
+            let directoryNodeId = typeof ackFrame["nodeId"] === "string" ? ackFrame["nodeId"] : endpoint.peerId;
+            const verifier = deps.challengeVerifier;
+            if (verifier) {
+                const nodeId = ackFrame["nodeId"];
+                const signature = ackFrame["signature"];
+                const timestamp = ackFrame["timestamp"];
+                if (!nodeId || !signature || !timestamp) {
+                    deps.logger.error("directory.auth.challenge.failed", { reason: "no_identity_proof" });
+                    throw new Error("directory_challenge_no_identity_proof");
+                }
+                const tbsBytes = buildStep5Tbs({
+                    nodeId,
+                    agentPubkeyHex: identity.pubkeyHex,
+                    nonceHex: Buffer.from(nonce).toString("hex"),
+                    isoTimestamp: timestamp,
+                });
+                const result = verifier.verifyChallenge(nodeId, tbsBytes, signature);
+                if (!result.valid) {
+                    deps.logger.error("directory.auth.challenge.failed", { directoryNodeId: nodeId, reason: result.reason });
+                    throw new Error(`directory_challenge_failed: ${result.reason}`);
+                }
+                directoryNodeId = nodeId;
+                deps.logger.info("directory.auth.challenge.verified", { directoryNodeId });
+            }
+            // ── Step 7: announce our peer info so the directory can broker sessions ──
+            const peerInfo = CBOR_ENC.encode({
+                type: "peer_info_announce",
+                peer_id: node.getPeerId(),
+                multiaddrs: node.listenAddresses(),
+            });
+            sigStream.send(lp.encode.single(peerInfo));
+            deps.logger.info("directory.signaling.connected", {
+                directoryNodeId,
+                agentPubkey: identity.pubkeyHex,
+                verified: !!verifier,
+            });
+            // Publish the live, directory-connected node so registration/FROST/seal can
+            // open further streams to the directory on the same node.
+            deps.publishNode?.(node);
+            const stream = wrapSignalingStream(sigStream, iter, node, deps.logger, deps.publishNode);
+            return {
+                stream,
+                directoryNodeId,
+                manifestVersion: deps.getManifestVersion?.() ?? 0,
+            };
+        }
+        catch (err) {
+            // Symmetry with publishNode(node): if anything threw after we published (or in a
+            // reconnect attempt), clear the daemon's reference so it never points at a node
+            // we're about to stop. No-op when nothing was published this attempt.
+            deps.publishNode?.(null);
+            try {
+                sigStream.abort(new Error("directory_auth_error"));
+            }
+            catch {
+                /* stream may already be torn down */
+            }
+            await safeStop(node);
+            throw err instanceof Error ? err : new Error(errMsg(err));
+        }
+    };
+}
+/**
+ * Adapt the post-handshake libp2p stream to the transport `SignalingStream`
+ * interface the SignalingManager drives. Frames are CBOR objects; the wire is
+ * length-prefixed CBOR, matching the directory and the M6 client exactly.
+ *
+ * The read loop continues from the SAME iterator the handshake used, so no inbound
+ * frame is dropped between auth_ok and the manager registering its handler.
+ */
+function wrapSignalingStream(sigStream, iter, node, logger, publishNode) {
+    let closed = false;
+    return {
+        async send(frame) {
+            const encoded = CBOR_ENC.encode(frame);
+            sigStream.send(lp.encode.single(encoded));
+        },
+        onMessage(handler) {
+            void (async () => {
+                try {
+                    for (;;) {
+                        const { value, done } = await iter.next();
+                        if (done || value === undefined)
+                            break;
+                        let frame;
+                        try {
+                            frame = decode(toU8(value));
+                        }
+                        catch {
+                            // Skip undecodable frames rather than killing the whole stream.
+                            continue;
+                        }
+                        handler(frame);
+                    }
+                    logger.warn("directory.signaling.stream.ended", {});
+                }
+                catch (err) {
+                    logger.warn("directory.signaling.reader.error", { error: errMsg(err) });
+                }
+            })();
+        },
+        close() {
+            if (closed)
+                return;
+            closed = true;
+            // Clear the daemon's reference before tearing the node down — registration/
+            // FROST/seal must not use a node that is being stopped.
+            publishNode?.(null);
+            try {
+                sigStream.abort(new Error("signaling_closed"));
+            }
+            catch {
+                /* already closed */
+            }
+            void safeStop(node);
+        },
+    };
+}
+//# sourceMappingURL=signaling-connect.js.map

package/dist/signaling-connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signaling-connect.js","sourceRoot":"","sources":["../src/signaling-connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAEzC,OAAO,EACL,UAAU,EACV,aAAa,GAKd,MAAM,2BAA2B,CAAC;AAInC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAC5C,MAAM,eAAe,GAAG,KAAK,CAAC;AAC9B,mFAAmF;AACnF,iFAAiF;AACjF,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;AAEvD,SAAS,IAAI,CAAC,CAAU;IACtB,IAAI,CAAC,YAAY,UAAU;QAAE,OAAO,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,UAAU,CAAC,CAAW,CAAC,CAAC;IAC3D,IAAI,OAAQ,CAAyB,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;QAC3D,OAAQ,CAA6B,CAAC,KAAK,EAAE,CAAC;IAChD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,MAAM,CAAC,GAAY;IAC1B,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED,KAAK,UAAU,eAAe,CAAI,IAAsB,EAAE,SAAiB;IACzE,OAAO,OAAO,CAAC,IAAI,CAAC;QAClB,IAAI,CAAC,IAAI,EAAE;QACX,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;KAClG,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAe;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;AACH,CAAC;AA+CD;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAA0B;IAC/D,OAAO,KAAK,UAAU,OAAO;QAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,2EAA2E;QAC3E,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB;YACnC,CAAC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC;YACtD,CAAC,CAAC,MAAM,UAAU,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE,eAAe,EAAE,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC;QAErG,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACH,qEAAqE;YACrE,qEAAqE;YACrE,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACvB,8EAA8E;gBAC9E,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACtC,CAAC;gBAAC,OAAO,OAAgB,EAAE,CAAC;oBAC1B,yEAAyE;oBACzE,uDAAuD;oBACvD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;wBACzC,SAAS,EAAE,QAAQ,CAAC,SAAS;wBAC7B,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC;qBACvB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,IAAI,GAAI,EAAE,CAAC,MAAM,CAAC,SAAS,CAA4B,CAAC,MAAM,CAAC,aAAa,CAAC,EAA+B,CAAC;QAEnH,IAAI,CAAC;YACH,0EAA0E;YAC1E,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;YAC/D,IAAI,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACpG,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAA4B,CAAC;YAChF,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,0BAA0B,EAAE,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACxF,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAErE,6EAA6E;YAC7E,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;YACzE,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9E,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC;gBACnC,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,QAAQ;gBAChB,SAAS,EAAE,GAAG;aACf,CAAe,CAAC;YACjB,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;YAE/C,0CAA0C;YAC1C,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;YACzD,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAA4B,CAAC;YACpE,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,mBAAmB,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,2EAA2E;YAC3E,wEAAwE;YACxE,IAAI,eAAe,GAAG,OAAO,QAAQ,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,QAAQ,CAAC,QAAQ,CAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAChH,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACxC,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAuB,CAAC;gBACxD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAuB,CAAC;gBAC9D,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAuB,CAAC;gBAC9D,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;oBACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBACtF,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBACD,MAAM,QAAQ,GAAG,aAAa,CAAC;oBAC7B,MAAM;oBACN,cAAc,EAAE,QAAQ,CAAC,SAAS;oBAClC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAC5C,YAAY,EAAE,SAAS;iBACxB,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;gBACrE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;oBACzG,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBAClE,CAAC;gBACD,eAAe,GAAG,MAAM,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC;YAC7E,CAAC;YAED,4EAA4E;YAC5E,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/B,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;gBACzB,UAAU,EAAE,IAAI,CAAC,eAAe,EAAE;aACnC,CAAe,CAAC;YACjB,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAE3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBAChD,eAAe;gBACf,WAAW,EAAE,QAAQ,CAAC,SAAS;gBAC/B,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YAEH,4EAA4E;YAC5E,0DAA0D;YAC1D,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;YAEzB,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACzF,OAAO;gBACL,MAAM;gBACN,eAAe;gBACf,eAAe,EAAE,IAAI,CAAC,kBAAkB,EAAE,EAAE,IAAI,CAAC;aAClD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,iFAAiF;YACjF,gFAAgF;YAChF,sEAAsE;YACtE,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;YACzB,IAAI,CAAC;gBACH,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;YACD,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrB,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAC1B,SAAiB,EACjB,IAA+B,EAC/B,IAAe,EACf,MAAc,EACd,WAA8C;IAE9C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,KAAc;YACvB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAe,CAAC;YACrD,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,SAAS,CAAC,OAAiC;YACzC,KAAK,CAAC,KAAK,IAAI,EAAE;gBACf,IAAI,CAAC;oBACH,SAAS,CAAC;wBACR,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;wBAC1C,IAAI,IAAI,IAAI,KAAK,KAAK,SAAS;4BAAE,MAAM;wBACvC,IAAI,KAAc,CAAC;wBACnB,IAAI,CAAC;4BACH,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;wBAC9B,CAAC;wBAAC,MAAM,CAAC;4BACP,gEAAgE;4BAChE,SAAS;wBACX,CAAC;wBACD,OAAO,CAAC,KAAK,CAAC,CAAC;oBACjB,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;gBACtD,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,KAAK;YACH,IAAI,MAAM;gBAAE,OAAO;YACnB,MAAM,GAAG,IAAI,CAAC;YACd,4EAA4E;YAC5E,wDAAwD;YACxD,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,CAAC;gBACH,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;YACjD,CAAC;YAAC,MAAM,CAAC;gBACP,oBAAoB;YACtB,CAAC;YACD,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/transcript-cipher.d.ts

@@ -0,0 +1,31 @@
+/**
+ * DOD-LOG-1 (PERSIST-LOG-001) — at-rest encryption for the durable transcript store.
+ *
+ * The daemon uses plain node:sqlite (no whole-DB encryption — SQLCipher is a native dep that
+ * compiles from source and is intentionally not dragged into the daemon). So the readable
+ * transcript plaintext is envelope-encrypted at the column level before it touches disk: each
+ * message blob is AES-256-GCM sealed with a dedicated per-DB transcript key.
+ *
+ * Key separation by design: the agent's Ed25519 identity key SIGNS (the KeyProvider interface is
+ * sign-only and never exposes the seed — good hygiene); a SEPARATE 32-byte symmetric key encrypts
+ * the transcript at rest. The key lives in a 0600 file beside the daemon DB and is generated once.
+ *
+ * Blob layout: iv(12) || ciphertext || authTag(16). GCM authenticates, so a tampered or truncated
+ * blob fails to decrypt (returns null) rather than yielding garbage plaintext.
+ */
+export declare class TranscriptCipher {
+    #private;
+    private constructor();
+    /**
+     * Load the transcript key from `keyPath`, or generate + persist a fresh one (0600) on first use.
+     * Atomic-ish create: write then the file is the durable key for this DB for all time.
+     */
+    static loadOrCreate(keyPath: string): TranscriptCipher;
+    /** For tests: an in-memory cipher with a supplied (or random) key. */
+    static fromKey(key?: Buffer): TranscriptCipher;
+    /** Encrypt plaintext → iv || ciphertext || tag. */
+    encrypt(plaintext: Uint8Array): Uint8Array;
+    /** Decrypt an iv||ciphertext||tag blob. Returns null on any tamper / wrong key / malformed input. */
+    decrypt(blob: Uint8Array): Uint8Array | null;
+}
+//# sourceMappingURL=transcript-cipher.d.ts.map

package/dist/transcript-cipher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-cipher.d.ts","sourceRoot":"","sources":["../src/transcript-cipher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH,qBAAa,gBAAgB;;IAG3B,OAAO;IAIP;;;OAGG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IActD,sEAAsE;IACtE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,gBAAgB;IAI9C,mDAAmD;IACnD,OAAO,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU;IAQ1C,qGAAqG;IACrG,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI;CAc7C"}

package/dist/transcript-cipher.js

@@ -0,0 +1,74 @@
+/**
+ * DOD-LOG-1 (PERSIST-LOG-001) — at-rest encryption for the durable transcript store.
+ *
+ * The daemon uses plain node:sqlite (no whole-DB encryption — SQLCipher is a native dep that
+ * compiles from source and is intentionally not dragged into the daemon). So the readable
+ * transcript plaintext is envelope-encrypted at the column level before it touches disk: each
+ * message blob is AES-256-GCM sealed with a dedicated per-DB transcript key.
+ *
+ * Key separation by design: the agent's Ed25519 identity key SIGNS (the KeyProvider interface is
+ * sign-only and never exposes the seed — good hygiene); a SEPARATE 32-byte symmetric key encrypts
+ * the transcript at rest. The key lives in a 0600 file beside the daemon DB and is generated once.
+ *
+ * Blob layout: iv(12) || ciphertext || authTag(16). GCM authenticates, so a tampered or truncated
+ * blob fails to decrypt (returns null) rather than yielding garbage plaintext.
+ */
+import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { dirname } from "node:path";
+const KEY_LEN = 32; // AES-256
+const IV_LEN = 12; // GCM standard nonce
+const TAG_LEN = 16;
+export class TranscriptCipher {
+    #key;
+    constructor(key) {
+        this.#key = key;
+    }
+    /**
+     * Load the transcript key from `keyPath`, or generate + persist a fresh one (0600) on first use.
+     * Atomic-ish create: write then the file is the durable key for this DB for all time.
+     */
+    static loadOrCreate(keyPath) {
+        if (existsSync(keyPath)) {
+            const key = readFileSync(keyPath);
+            if (key.length !== KEY_LEN) {
+                throw new Error(`transcript key at ${keyPath} is ${key.length} bytes, expected ${KEY_LEN}`);
+            }
+            return new TranscriptCipher(key);
+        }
+        const key = randomBytes(KEY_LEN);
+        mkdirSync(dirname(keyPath), { recursive: true });
+        writeFileSync(keyPath, key, { mode: 0o600 });
+        return new TranscriptCipher(key);
+    }
+    /** For tests: an in-memory cipher with a supplied (or random) key. */
+    static fromKey(key) {
+        return new TranscriptCipher(key ?? randomBytes(KEY_LEN));
+    }
+    /** Encrypt plaintext → iv || ciphertext || tag. */
+    encrypt(plaintext) {
+        const iv = randomBytes(IV_LEN);
+        const cipher = createCipheriv("aes-256-gcm", this.#key, iv);
+        const ct = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return Buffer.concat([iv, ct, tag]);
+    }
+    /** Decrypt an iv||ciphertext||tag blob. Returns null on any tamper / wrong key / malformed input. */
+    decrypt(blob) {
+        if (blob.length < IV_LEN + TAG_LEN)
+            return null;
+        const buf = Buffer.from(blob);
+        const iv = buf.subarray(0, IV_LEN);
+        const tag = buf.subarray(buf.length - TAG_LEN);
+        const ct = buf.subarray(IV_LEN, buf.length - TAG_LEN);
+        try {
+            const decipher = createDecipheriv("aes-256-gcm", this.#key, iv);
+            decipher.setAuthTag(tag);
+            return Uint8Array.from(Buffer.concat([decipher.update(ct), decipher.final()]));
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=transcript-cipher.js.map

package/dist/transcript-cipher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-cipher.js","sourceRoot":"","sources":["../src/transcript-cipher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,UAAU;AAC9B,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,qBAAqB;AACxC,MAAM,OAAO,GAAG,EAAE,CAAC;AAEnB,MAAM,OAAO,gBAAgB;IAClB,IAAI,CAAS;IAEtB,YAAoB,GAAW;QAC7B,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,YAAY,CAAC,OAAe;QACjC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,OAAO,GAAG,CAAC,MAAM,oBAAoB,OAAO,EAAE,CAAC,CAAC;YAC9F,CAAC;YACD,OAAO,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACjC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,sEAAsE;IACtE,MAAM,CAAC,OAAO,CAAC,GAAY;QACzB,OAAO,IAAI,gBAAgB,CAAC,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,mDAAmD;IACnD,OAAO,CAAC,SAAqB;QAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,qGAAqG;IACrG,OAAO,CAAC,IAAgB;QACtB,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO;YAAE,OAAO,IAAI,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QACjF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/transport-composition.d.ts

@@ -0,0 +1,31 @@
+/**
+ * CELLO Daemon — transport-composition.ts (CELLO-M7-TRANSPORT-001)
+ *
+ * Composition-root selection of the transport adapters by CELLO_ENV. Per CLAUDE.md
+ * the daemon composition root instantiates all adapters and fails fast at startup
+ * (not at first session) when a production environment is missing required config.
+ *
+ *   'local' | 'test'                   → in-process stubs (no network).
+ *   'dev' | 'staging' | 'production'   → real adapters; require their backing
+ *                                         dependencies (a TransportDialer for the
+ *                                         selector). Missing config → throw at
+ *                                         startup naming what is missing (AC-010).
+ */
+import { type ITransportSelector, type TransportDialer } from "./transport-selector.js";
+import type { Logger } from "./types.js";
+export type CelloEnv = "local" | "test" | "dev" | "staging" | "production";
+/** Resolve CELLO_ENV. Unknown/undefined defaults to 'local' (in-process stubs). */
+export declare function resolveCelloEnv(raw: string | undefined): CelloEnv;
+/** True for environments that require real (network-backed) transport adapters. */
+export declare function isProductionVariant(env: CelloEnv): boolean;
+/**
+ * Build the transport selector for the given environment. Stub for local/test;
+ * real TransportSelector for production variants (requires a TransportDialer).
+ */
+export declare function createTransportSelector(opts: {
+    env: CelloEnv;
+    logger: Logger;
+    transportDialer?: TransportDialer;
+    directDialTimeoutMs?: number;
+}): ITransportSelector;
+//# sourceMappingURL=transport-composition.d.ts.map

package/dist/transport-composition.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-composition.d.ts","sourceRoot":"","sources":["../src/transport-composition.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAGL,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,YAAY,CAAC;AAE3E,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,CAWjE;AAED,mFAAmF;AACnF,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAE1D;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,GAAG,EAAE,QAAQ,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B,GAAG,kBAAkB,CAcrB"}