@did-btcr2/method 0.28.0 → 0.32.0

package/dist/esm/core/aggregation/transport/http/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/protocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEvC;;;;GAIG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,OAAO,EAAO,aAAa;IAC3B,QAAQ,EAAM,cAAc;IAC5B,WAAW,EAAG,wBAAwB;IACtC,UAAU,EAAI,6BAA6B;CACnC,CAAC;AAEX,4EAA4E;AAC5E,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,MAAM,EAAM,QAAQ;IACpB,OAAO,EAAK,SAAS;IACrB,SAAS,EAAG,WAAW;CACf,CAAC;AAEX,sEAAsE;AACtE,MAAM,CAAC,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAEzC,oEAAoE;AACpE,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC"}

package/dist/esm/core/aggregation/transport/http/rate-limiter.js

@@ -0,0 +1,45 @@
+export class InMemoryRateLimitStore {
+    #buckets = new Map();
+    get(key) {
+        return this.#buckets.get(key);
+    }
+    set(key, state) {
+        this.#buckets.set(key, state);
+    }
+}
+/**
+ * Token-bucket rate limiter keyed by an opaque string (typically a verified
+ * sender DID). Tokens refill linearly at `rps` up to `burst`. Each `consume`
+ * call atomically debits one token or returns `false` to reject.
+ *
+ * The limiter is synchronous and deterministic given `nowMs` — tests can
+ * drive it with a fixed clock to exercise exact boundaries.
+ */
+export class RateLimiter {
+    #rps;
+    #burst;
+    #store;
+    constructor(config = {}) {
+        this.#rps = config.rps ?? 10;
+        this.#burst = config.burst ?? 30;
+        this.#store = config.store ?? new InMemoryRateLimitStore();
+    }
+    /** Consume one token for `key`. Returns `true` if accepted, `false` if throttled. */
+    consume(key, nowMs) {
+        const existing = this.#store.get(key);
+        const state = existing ?? { tokens: this.#burst, lastRefillMs: nowMs };
+        if (existing) {
+            const elapsedSec = Math.max(0, (nowMs - existing.lastRefillMs) / 1000);
+            state.tokens = Math.min(this.#burst, existing.tokens + elapsedSec * this.#rps);
+            state.lastRefillMs = nowMs;
+        }
+        if (state.tokens < 1) {
+            this.#store.set(key, state);
+            return false;
+        }
+        state.tokens -= 1;
+        this.#store.set(key, state);
+        return true;
+    }
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/esm/core/aggregation/transport/http/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/rate-limiter.ts"],"names":[],"mappings":"AAeA,MAAM,OAAO,sBAAsB;IACxB,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEnD,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAkB;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;CACF;AAWD;;;;;;;GAOG;AACH,MAAM,OAAO,WAAW;IACb,IAAI,CAAS;IACb,MAAM,CAAS;IACf,MAAM,CAAiB;IAEhC,YAAY,SAA4B,EAAE;QACxC,IAAI,CAAC,IAAI,GAAK,MAAM,CAAC,GAAG,IAAM,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,sBAAsB,EAAE,CAAC;IAC7D,CAAC;IAED,qFAAqF;IACrF,OAAO,CAAC,GAAW,EAAE,KAAa;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAgB,QAAQ,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;QAEpF,IAAG,QAAQ,EAAE,CAAC;YACZ,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;YACvE,KAAK,CAAC,MAAM,GAAS,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,GAAG,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;YACrF,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC;QAC7B,CAAC;QAED,IAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;QAClB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/esm/core/aggregation/transport/http/request-auth.js

@@ -0,0 +1,100 @@
+import { canonicalHashBytes } from '@did-btcr2/common';
+import { bytesToHex, hexToBytes, randomBytes } from '@noble/hashes/utils';
+import { HttpTransportError } from './errors.js';
+import { DEFAULT_CLOCK_SKEW_SEC, DEFAULT_NONCE_LEN_BYTES, HTTP_ENVELOPE_VERSION } from './protocol.js';
+/**
+ * `Authorization`-header scheme used to authenticate SSE subscription
+ * requests. The header value takes the form
+ * `BTCR2-Sig v=<n>,did=<did>,ts=<unix>,nonce=<hex>,sig=<hex>`.
+ *
+ * Used only for GET endpoints (SSE inbox subscribe). POST endpoints carry a
+ * full {@link SignedEnvelope} in the request body instead.
+ */
+export const REQUEST_AUTH_SCHEME = 'BTCR2-Sig';
+/**
+ * Build an `Authorization` header value proving the caller controls the
+ * private key for `did`. Covers a specific request path so the signature
+ * can't be replayed against a different endpoint.
+ */
+export function buildRequestAuth(did, keys, path, opts = {}) {
+    const ts = opts.timestamp ?? Math.floor(Date.now() / 1000);
+    const nonce = opts.nonce ?? bytesToHex(randomBytes(DEFAULT_NONCE_LEN_BYTES));
+    const digest = canonicalHashBytes({
+        v: HTTP_ENVELOPE_VERSION,
+        did,
+        ts,
+        nonce,
+        path,
+    });
+    const sig = keys.secretKey.sign(digest, { scheme: 'schnorr' });
+    return `${REQUEST_AUTH_SCHEME} v=${HTTP_ENVELOPE_VERSION},did=${did},ts=${ts},nonce=${nonce},sig=${bytesToHex(sig)}`;
+}
+/**
+ * Parse a `BTCR2-Sig` auth header value into its structured fields. Does NOT
+ * verify the signature — call {@link verifyRequestAuth} for that.
+ */
+export function parseRequestAuth(headerValue) {
+    const prefix = `${REQUEST_AUTH_SCHEME} `;
+    if (!headerValue.startsWith(prefix)) {
+        throw new HttpTransportError(`Unexpected auth scheme (want ${REQUEST_AUTH_SCHEME})`, 'REQUEST_AUTH_SCHEME');
+    }
+    const params = {};
+    for (const piece of headerValue.slice(prefix.length).split(',')) {
+        const eq = piece.indexOf('=');
+        if (eq === -1)
+            continue;
+        const key = piece.slice(0, eq).trim();
+        const val = piece.slice(eq + 1).trim();
+        if (key.length > 0)
+            params[key] = val;
+    }
+    const v = Number(params.v);
+    const ts = Number(params.ts);
+    if (!Number.isInteger(v) || !Number.isInteger(ts) || !params.did || !params.nonce || !params.sig) {
+        throw new HttpTransportError('Malformed auth header (missing or invalid field)', 'REQUEST_AUTH_MALFORMED', { received: Object.keys(params) });
+    }
+    return { v, did: params.did, ts, nonce: params.nonce, sig: params.sig };
+}
+/**
+ * Parse + verify an auth header. Throws {@link HttpTransportError} on any
+ * failure; returns the parsed fields on success.
+ *
+ * `expectedPath` must match the path the signature commits to. `senderPk`
+ * must correspond to the DID the signer claims.
+ */
+export function verifyRequestAuth(headerValue, expectedPath, senderPk, opts = {}) {
+    const parsed = parseRequestAuth(headerValue);
+    if (parsed.v !== HTTP_ENVELOPE_VERSION) {
+        throw new HttpTransportError(`Unsupported auth version: ${parsed.v}`, 'REQUEST_AUTH_VERSION_MISMATCH', { version: parsed.v, expected: HTTP_ENVELOPE_VERSION });
+    }
+    const skewSec = opts.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+    const nowMs = opts.now ? opts.now() : Date.now();
+    const nowSec = Math.floor(nowMs / 1000);
+    const diff = Math.abs(nowSec - parsed.ts);
+    if (diff > skewSec) {
+        throw new HttpTransportError(`Auth timestamp out of skew: ${diff}s > ${skewSec}s`, 'REQUEST_AUTH_TIMESTAMP_SKEW', { diff, skewSec });
+    }
+    let sigBytes;
+    try {
+        sigBytes = hexToBytes(parsed.sig);
+    }
+    catch {
+        throw new HttpTransportError('Auth signature is not valid hex', 'REQUEST_AUTH_SIG_HEX');
+    }
+    if (sigBytes.length !== 64) {
+        throw new HttpTransportError(`Invalid auth signature length: ${sigBytes.length}`, 'REQUEST_AUTH_SIG_LENGTH', { length: sigBytes.length });
+    }
+    const digest = canonicalHashBytes({
+        v: parsed.v,
+        did: parsed.did,
+        ts: parsed.ts,
+        nonce: parsed.nonce,
+        path: expectedPath,
+    });
+    const ok = senderPk.verify(sigBytes, digest, { scheme: 'schnorr' });
+    if (!ok) {
+        throw new HttpTransportError('Auth signature verification failed', 'REQUEST_AUTH_SIG_INVALID');
+    }
+    return parsed;
+}
+//# sourceMappingURL=request-auth.js.map

package/dist/esm/core/aggregation/transport/http/request-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-auth.js","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/request-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAEvG;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAoB/C;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAY,EACZ,IAAoB,EACpB,IAAY,EACZ,OAAgC,EAAE;IAElC,MAAM,EAAE,GAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,kBAAkB,CAAC;QAChC,CAAC,EAAG,qBAAqB;QACzB,GAAG;QACH,EAAE;QACF,KAAK;QACL,IAAI;KACL,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAE/D,OAAO,GAAG,mBAAmB,MAAM,qBAAqB,QAAQ,GAAG,OAAO,EAAE,UAAU,KAAK,QAAQ,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;AACvH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB;IAClD,MAAM,MAAM,GAAG,GAAG,mBAAmB,GAAG,CAAC;IACzC,IAAG,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,kBAAkB,CAC1B,gCAAgC,mBAAmB,GAAG,EACtD,qBAAqB,CACtB,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAI,MAAM,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/D,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAG,EAAE,KAAK,CAAC,CAAC;YAAE,SAAS;QACvB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,IAAG,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,GAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7B,IAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChG,MAAM,IAAI,kBAAkB,CAC1B,kDAAkD,EAClD,wBAAwB,EACxB,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAClC,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;AAC1E,CAAC;AAOD;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAoB,EACpB,YAAoB,EACpB,QAA0C,EAC1C,OAAyC,EAAE;IAE3C,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAE7C,IAAG,MAAM,CAAC,CAAC,KAAK,qBAAqB,EAAE,CAAC;QACtC,MAAM,IAAI,kBAAkB,CAC1B,6BAA6B,MAAM,CAAC,CAAC,EAAE,EACvC,+BAA+B,EAC/B,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,qBAAqB,EAAE,CACvD,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,IAAI,sBAAsB,CAAC;IAC5D,MAAM,KAAK,GAAK,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IACnD,MAAM,MAAM,GAAI,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IACzC,MAAM,IAAI,GAAM,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7C,IAAG,IAAI,GAAG,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,kBAAkB,CAC1B,+BAA+B,IAAI,OAAO,OAAO,GAAG,EACpD,6BAA6B,EAC7B,EAAE,IAAI,EAAE,OAAO,EAAE,CAClB,CAAC;IACJ,CAAC;IAED,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,kBAAkB,CAAC,iCAAiC,EAAE,sBAAsB,CAAC,CAAC;IAC1F,CAAC;IACD,IAAG,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,kBAAkB,CAC1B,kCAAkC,QAAQ,CAAC,MAAM,EAAE,EACnD,yBAAyB,EACzB,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAC5B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,kBAAkB,CAAC;QAChC,CAAC,EAAO,MAAM,CAAC,CAAC;QAChB,GAAG,EAAK,MAAM,CAAC,GAAG;QAClB,EAAE,EAAM,MAAM,CAAC,EAAE;QACjB,KAAK,EAAG,MAAM,CAAC,KAAK;QACpB,IAAI,EAAI,YAAY;KACrB,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IACpE,IAAG,CAAC,EAAE,EAAE,CAAC;QACP,MAAM,IAAI,kBAAkB,CAAC,oCAAoC,EAAE,0BAA0B,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/esm/core/aggregation/transport/http/server.js

@@ -0,0 +1,481 @@
+import { CompressedSecp256k1PublicKey } from '@did-btcr2/keypair';
+import { Identifier } from '../../../identifier.js';
+import { CONSOLE_LOGGER } from '../../logger.js';
+import { reviveFromWire, signEnvelope, verifyEnvelope } from './envelope.js';
+import { HttpTransportError } from './errors.js';
+import { InboxBuffer } from './inbox-buffer.js';
+import { NonceCache } from './nonce-cache.js';
+import { DEFAULT_CLOCK_SKEW_SEC, HTTP_ENVELOPE_VERSION, HTTP_ROUTE, SSE_EVENT, } from './protocol.js';
+import { RateLimiter } from './rate-limiter.js';
+import { verifyRequestAuth } from './request-auth.js';
+const INBOX_PATH_PREFIX = '/v1/actors/';
+const INBOX_PATH_SUFFIX = '/inbox';
+const DEFAULT_ADVERT_TTL_MS = 5 * 60 * 1000;
+const DEFAULT_HEARTBEAT_MS = 20_000;
+/**
+ * Server-side HTTP transport. Sans-I/O — the caller mounts
+ * {@link handleRequest} and {@link handleSse} under their HTTP framework of
+ * choice; the transport owns only in-memory state (actors, inboxes, advert
+ * cache, replay / rate-limit policies).
+ *
+ * Implements the generic {@link Transport} interface so the aggregation
+ * runners can drive it exactly the same way they drive {@link NostrTransport}
+ * or {@link HttpClientTransport}.
+ */
+export class HttpServerTransport {
+    name = 'http';
+    #logger;
+    #cors;
+    #clockSkewSec;
+    #inboxBufferSize;
+    #advertTtlMs;
+    #heartbeatMs;
+    #rateLimiter;
+    #nonceCache;
+    #now;
+    #actors = new Map();
+    #peers = new Map();
+    #inboxes = new Map();
+    #broadcastSubscribers = new Set();
+    #currentAdvert;
+    #advertSeq = 0;
+    constructor(config = {}) {
+        this.#logger = config.logger ?? CONSOLE_LOGGER;
+        this.#cors = config.cors ?? { mode: 'permissive' };
+        this.#clockSkewSec = config.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+        this.#inboxBufferSize = config.inboxBufferSize ?? 100;
+        this.#advertTtlMs = config.advertTtlMs ?? DEFAULT_ADVERT_TTL_MS;
+        this.#heartbeatMs = config.heartbeatIntervalMs ?? DEFAULT_HEARTBEAT_MS;
+        this.#rateLimiter = config.rateLimiter ?? new RateLimiter();
+        this.#nonceCache = config.nonceCache ?? new NonceCache();
+        this.#now = config.now ?? (() => Date.now());
+    }
+    // ----------------------------------------------------------------
+    // Transport interface
+    // ----------------------------------------------------------------
+    start() {
+        // No-op: server-side transport has no persistent outbound connections.
+        // SSE subscribers connect on demand via handleSse().
+    }
+    /**
+     * Detach the transport: close every open SSE subscription, clear the advert
+     * cache, and drop all actor / peer / inbox state. Intended for shutdown and
+     * for test teardown.
+     */
+    stop() {
+        for (const sub of this.#broadcastSubscribers)
+            this.#closeBroadcastSubscriber(sub);
+        this.#broadcastSubscribers.clear();
+        for (const inbox of this.#inboxes.values()) {
+            for (const sub of inbox.subscribers)
+                this.#closeInboxSubscriber(sub);
+            inbox.subscribers.clear();
+        }
+        this.#inboxes.clear();
+        this.#currentAdvert = undefined;
+    }
+    registerActor(did, keys) {
+        this.#actors.set(did, { keys, handlers: new Map() });
+    }
+    unregisterActor(did) {
+        this.#actors.delete(did);
+        this.#peers.delete(did);
+    }
+    getActorPk(did) {
+        return this.#actors.get(did)?.keys.publicKey.compressed;
+    }
+    registerPeer(did, communicationPk) {
+        try {
+            new CompressedSecp256k1PublicKey(communicationPk);
+        }
+        catch {
+            throw new HttpTransportError(`Invalid peer public key for ${did}`, 'INVALID_PEER_KEY', { did, keyLength: communicationPk.length });
+        }
+        this.#peers.set(did, communicationPk);
+    }
+    getPeerPk(did) {
+        return this.#peers.get(did);
+    }
+    registerMessageHandler(actorDid, messageType, handler) {
+        const actor = this.#actors.get(actorDid);
+        if (!actor) {
+            throw new HttpTransportError(`Cannot register handler: actor ${actorDid} not registered`, 'UNKNOWN_ACTOR', { did: actorDid });
+        }
+        actor.handlers.set(messageType, handler);
+    }
+    unregisterMessageHandler(actorDid, messageType) {
+        this.#actors.get(actorDid)?.handlers.delete(messageType);
+    }
+    async sendMessage(message, sender, recipient) {
+        if (!recipient) {
+            throw new HttpTransportError('HttpServerTransport.sendMessage requires a recipient. Use publishRepeating for broadcasts.', 'MISSING_RECIPIENT', { messageType: message.type });
+        }
+        const actor = this.#actors.get(sender);
+        if (!actor) {
+            throw new HttpTransportError(`Unknown sender: ${sender}`, 'UNKNOWN_SENDER', { did: sender });
+        }
+        const envelope = signEnvelope(message, { did: sender, keys: actor.keys }, { to: recipient });
+        const dataJson = JSON.stringify(envelope);
+        const inbox = this.#getOrCreateInbox(recipient);
+        const stored = inbox.buffer.append(SSE_EVENT.MESSAGE, dataJson);
+        for (const sub of inbox.subscribers) {
+            this.#safeWrite(sub.stream, stored.event, stored.data, stored.id);
+        }
+    }
+    publishRepeating(message, sender, _intervalMs, _recipient) {
+        const actor = this.#actors.get(sender);
+        if (!actor) {
+            throw new HttpTransportError(`Unknown sender: ${sender}`, 'UNKNOWN_SENDER', { did: sender });
+        }
+        const envelope = signEnvelope(message, { did: sender, keys: actor.keys });
+        const dataJson = JSON.stringify(envelope);
+        const id = String(++this.#advertSeq);
+        const expiresAtMs = this.#now() + this.#advertTtlMs;
+        this.#currentAdvert = { dataJson, id, expiresAtMs };
+        for (const sub of this.#broadcastSubscribers) {
+            this.#safeWrite(sub.stream, SSE_EVENT.ADVERT, dataJson, id);
+        }
+        return () => {
+            if (this.#currentAdvert?.id === id)
+                this.#currentAdvert = undefined;
+        };
+    }
+    // ----------------------------------------------------------------
+    // Sans-I/O HTTP surface
+    // ----------------------------------------------------------------
+    /**
+     * Handle a POST / GET request (non-SSE). The caller dispatches SSE paths to
+     * {@link handleSse} instead. Returns a fully formed response; the caller's
+     * adapter turns it into an HTTP write.
+     */
+    async handleRequest(req) {
+        const method = req.method.toUpperCase();
+        if (method === 'OPTIONS')
+            return this.#respond(204, '', req);
+        const path = extractPath(req.url);
+        if (method === 'GET' && path === HTTP_ROUTE.WELL_KNOWN) {
+            return this.#respondJson(200, this.#wellKnownMetadata(), req);
+        }
+        if (method === 'POST' && path === HTTP_ROUTE.MESSAGES) {
+            return await this.#handleMessagesPost(req);
+        }
+        if (method === 'POST' && path === HTTP_ROUTE.ADVERTS) {
+            return await this.#handleAdvertsPost(req);
+        }
+        return this.#respondJson(404, { error: 'not_found' }, req);
+    }
+    /**
+     * Open an SSE stream for a GET request. The caller is responsible for
+     * flushing writes and propagating the `onClose` callback when the HTTP
+     * connection ends.
+     */
+    handleSse(req, stream) {
+        if (req.method.toUpperCase() !== 'GET') {
+            stream.close();
+            return;
+        }
+        const path = extractPath(req.url);
+        if (path === HTTP_ROUTE.ADVERTS) {
+            this.#openBroadcastSubscription(stream);
+            return;
+        }
+        const inboxMatch = matchInboxPath(path);
+        if (inboxMatch) {
+            this.#openInboxSubscription(req, stream, inboxMatch.did, path);
+            return;
+        }
+        stream.close();
+    }
+    // ----------------------------------------------------------------
+    // Request handlers
+    // ----------------------------------------------------------------
+    async #handleMessagesPost(req) {
+        const envelope = parseJsonBody(req.body);
+        if (!envelope)
+            return this.#respondJson(400, { error: 'invalid_json' }, req);
+        const senderPk = this.#resolveSenderPk(envelope.from);
+        if (!senderPk) {
+            return this.#respondJson(401, { error: 'unknown_sender' }, req);
+        }
+        try {
+            verifyEnvelope(envelope, senderPk, { clockSkewSec: this.#clockSkewSec });
+        }
+        catch (err) {
+            this.#logger.debug('POST /v1/messages: envelope verification failed:', err);
+            return this.#respondJson(401, { error: 'invalid_envelope' }, req);
+        }
+        if (!this.#nonceCache.store(envelope.from, envelope.nonce, envelope.timestamp)) {
+            return this.#respondJson(409, { error: 'replay' }, req);
+        }
+        if (!this.#rateLimiter.consume(envelope.from, this.#now())) {
+            return this.#respondJson(429, { error: 'rate_limited' }, req);
+        }
+        if (!envelope.to) {
+            return this.#respondJson(400, { error: 'missing_recipient' }, req);
+        }
+        const actor = this.#actors.get(envelope.to);
+        if (!actor) {
+            return this.#respondJson(404, { error: 'unknown_recipient' }, req);
+        }
+        const revived = reviveFromWire(envelope.message);
+        const flat = flattenMessage(revived);
+        const messageType = typeof flat.type === 'string' ? flat.type : undefined;
+        if (!messageType)
+            return this.#respondJson(400, { error: 'missing_message_type' }, req);
+        const handler = actor.handlers.get(messageType);
+        if (handler) {
+            try {
+                await handler(flat);
+            }
+            catch (err) {
+                this.#logger.debug(`Handler threw for ${messageType}:`, err);
+            }
+        }
+        return this.#respondJson(202, { ok: true }, req);
+    }
+    async #handleAdvertsPost(req) {
+        const envelope = parseJsonBody(req.body);
+        if (!envelope)
+            return this.#respondJson(400, { error: 'invalid_json' }, req);
+        const senderPk = this.#resolveSenderPk(envelope.from);
+        if (!senderPk)
+            return this.#respondJson(401, { error: 'unknown_sender' }, req);
+        try {
+            verifyEnvelope(envelope, senderPk, { clockSkewSec: this.#clockSkewSec });
+        }
+        catch {
+            return this.#respondJson(401, { error: 'invalid_envelope' }, req);
+        }
+        if (!this.#nonceCache.store(envelope.from, envelope.nonce, envelope.timestamp)) {
+            return this.#respondJson(409, { error: 'replay' }, req);
+        }
+        if (!this.#rateLimiter.consume(envelope.from, this.#now())) {
+            return this.#respondJson(429, { error: 'rate_limited' }, req);
+        }
+        // Only registered actors can publish adverts on this server.
+        if (!this.#actors.has(envelope.from)) {
+            return this.#respondJson(403, { error: 'not_an_actor' }, req);
+        }
+        const id = String(++this.#advertSeq);
+        this.#currentAdvert = {
+            dataJson: JSON.stringify(envelope),
+            id,
+            expiresAtMs: this.#now() + this.#advertTtlMs,
+        };
+        for (const sub of this.#broadcastSubscribers) {
+            this.#safeWrite(sub.stream, SSE_EVENT.ADVERT, this.#currentAdvert.dataJson, id);
+        }
+        return this.#respondJson(202, { ok: true }, req);
+    }
+    #openBroadcastSubscription(stream) {
+        const sub = { stream };
+        this.#broadcastSubscribers.add(sub);
+        stream.onClose(() => {
+            this.#closeBroadcastSubscriber(sub);
+            this.#broadcastSubscribers.delete(sub);
+        });
+        // Replay current advert if still within TTL.
+        if (this.#currentAdvert && this.#currentAdvert.expiresAtMs > this.#now()) {
+            this.#safeWrite(stream, SSE_EVENT.ADVERT, this.#currentAdvert.dataJson, this.#currentAdvert.id);
+        }
+        if (this.#heartbeatMs > 0) {
+            sub.heartbeatTimer = setInterval(() => {
+                try {
+                    stream.writeComment('hb');
+                }
+                catch { /* caller-owned failure */ }
+            }, this.#heartbeatMs);
+        }
+    }
+    #openInboxSubscription(req, stream, did, path) {
+        const auth = req.headers.authorization;
+        if (!auth) {
+            this.#logger.debug(`Inbox subscribe: missing authorization header for ${did}`);
+            stream.close();
+            return;
+        }
+        const senderPk = this.#resolveSenderPk(did);
+        if (!senderPk) {
+            stream.close();
+            return;
+        }
+        let parsedTs = 0;
+        let parsedNonce = '';
+        try {
+            const parsed = verifyRequestAuth(auth, path, senderPk, {
+                clockSkewSec: this.#clockSkewSec,
+                now: () => this.#now(),
+            });
+            if (parsed.did !== did) {
+                stream.close();
+                return;
+            }
+            parsedTs = parsed.ts;
+            parsedNonce = parsed.nonce;
+        }
+        catch (err) {
+            this.#logger.debug(`Inbox subscribe: auth verification failed for ${did}:`, err);
+            stream.close();
+            return;
+        }
+        if (!this.#nonceCache.store(did, parsedNonce, parsedTs)) {
+            stream.close();
+            return;
+        }
+        if (!this.#rateLimiter.consume(did, this.#now())) {
+            stream.close();
+            return;
+        }
+        const inbox = this.#getOrCreateInbox(did);
+        const sub = { stream };
+        inbox.subscribers.add(sub);
+        stream.onClose(() => {
+            this.#closeInboxSubscriber(sub);
+            inbox.subscribers.delete(sub);
+        });
+        // Replay buffered events since the client's Last-Event-ID, if any.
+        const lastEventId = req.headers['last-event-id'];
+        for (const stored of inbox.buffer.since(lastEventId)) {
+            this.#safeWrite(stream, stored.event, stored.data, stored.id);
+        }
+        if (this.#heartbeatMs > 0) {
+            sub.heartbeatTimer = setInterval(() => {
+                try {
+                    stream.writeComment('hb');
+                }
+                catch { /* caller-owned failure */ }
+            }, this.#heartbeatMs);
+        }
+    }
+    // ----------------------------------------------------------------
+    // Internal helpers
+    // ----------------------------------------------------------------
+    #getOrCreateInbox(did) {
+        let inbox = this.#inboxes.get(did);
+        if (!inbox) {
+            inbox = { buffer: new InboxBuffer(this.#inboxBufferSize), subscribers: new Set() };
+            this.#inboxes.set(did, inbox);
+        }
+        return inbox;
+    }
+    #resolveSenderPk(did) {
+        const peerBytes = this.#peers.get(did);
+        if (peerBytes) {
+            try {
+                return new CompressedSecp256k1PublicKey(peerBytes);
+            }
+            catch { /* fall through */ }
+        }
+        try {
+            const components = Identifier.decode(did);
+            if (components.idType === 'KEY') {
+                return new CompressedSecp256k1PublicKey(components.genesisBytes);
+            }
+        }
+        catch { /* not decodable */ }
+        return undefined;
+    }
+    #safeWrite(stream, event, data, id) {
+        try {
+            stream.writeEvent(event, data, id);
+        }
+        catch (err) {
+            this.#logger.debug('SSE writeEvent failed:', err);
+        }
+    }
+    #closeBroadcastSubscriber(sub) {
+        if (sub.heartbeatTimer)
+            clearInterval(sub.heartbeatTimer);
+        try {
+            sub.stream.close();
+        }
+        catch { /* already closed */ }
+    }
+    #closeInboxSubscriber(sub) {
+        if (sub.heartbeatTimer)
+            clearInterval(sub.heartbeatTimer);
+        try {
+            sub.stream.close();
+        }
+        catch { /* already closed */ }
+    }
+    #respondJson(status, body, req) {
+        return {
+            status,
+            headers: { 'content-type': 'application/json', ...this.#corsHeaders(req) },
+            body: JSON.stringify(body),
+        };
+    }
+    #respond(status, body, req) {
+        return { status, headers: this.#corsHeaders(req), body };
+    }
+    #corsHeaders(req) {
+        const origin = req.headers.origin;
+        if (!origin)
+            return {};
+        const common = {
+            'access-control-allow-methods': 'GET, POST, OPTIONS',
+            'access-control-allow-headers': 'authorization, content-type, last-event-id',
+            'access-control-max-age': '86400',
+        };
+        switch (this.#cors.mode) {
+            case 'permissive':
+                return { 'access-control-allow-origin': '*', ...common };
+            case 'allowlist':
+                if (this.#cors.origins.includes(origin)) {
+                    return { 'access-control-allow-origin': origin, vary: 'origin', ...common };
+                }
+                return {};
+            case 'same-origin':
+                return {};
+        }
+    }
+    #wellKnownMetadata() {
+        return {
+            envelopeVersion: HTTP_ENVELOPE_VERSION,
+            heartbeatIntervalMs: this.#heartbeatMs,
+            inboxBufferSize: this.#inboxBufferSize,
+            advertTtlMs: this.#advertTtlMs,
+        };
+    }
+}
+// ----------------------------------------------------------------
+// Module-local pure helpers
+// ----------------------------------------------------------------
+function extractPath(reqUrl) {
+    if (reqUrl.startsWith('http://') || reqUrl.startsWith('https://')) {
+        return new URL(reqUrl).pathname;
+    }
+    const q = reqUrl.indexOf('?');
+    return q === -1 ? reqUrl : reqUrl.slice(0, q);
+}
+function matchInboxPath(path) {
+    if (!path.startsWith(INBOX_PATH_PREFIX) || !path.endsWith(INBOX_PATH_SUFFIX))
+        return undefined;
+    const encodedDid = path.slice(INBOX_PATH_PREFIX.length, path.length - INBOX_PATH_SUFFIX.length);
+    if (!encodedDid)
+        return undefined;
+    try {
+        return { did: decodeURIComponent(encodedDid) };
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseJsonBody(body) {
+    if (body === undefined || body === '')
+        return undefined;
+    try {
+        return JSON.parse(body);
+    }
+    catch {
+        return undefined;
+    }
+}
+function flattenMessage(msg) {
+    if (msg.body && typeof msg.body === 'object') {
+        return { ...msg, ...msg.body };
+    }
+    return msg;
+}
+//# sourceMappingURL=server.js.map