@did-btcr2/method 0.28.0 → 0.32.0

package/dist/types/core/aggregation/transport/factory.d.ts

@@ -1,12 +1,27 @@
-import type { Transport, TransportType } from './transport.js';
-export interface TransportConfig {
-    type: TransportType;
+import type { Logger } from '../logger.js';
+import type { HttpClientTransportConfig } from './http/client.js';
+import type { HttpServerTransportConfig } from './http/server.js';
+import type { Transport } from './transport.js';
+/** Discriminated-union config for {@link TransportFactory.establish}. */
+export type TransportConfig = NostrTransportConfigOption | DidCommTransportConfigOption | HttpClientTransportConfigOption | HttpServerTransportConfigOption;
+export interface NostrTransportConfigOption {
+    type: 'nostr';
     relays?: string[];
+    logger?: Logger;
+    broadcastLookbackMs?: number;
 }
-/**
- * Factory for creating Transport instances.
- * @class TransportFactory
- */
+export interface DidCommTransportConfigOption {
+    type: 'didcomm';
+}
+export interface HttpClientTransportConfigOption extends HttpClientTransportConfig {
+    type: 'http';
+    role: 'client';
+}
+export interface HttpServerTransportConfigOption extends HttpServerTransportConfig {
+    type: 'http';
+    role: 'server';
+}
+/** Factory for creating Transport instances. */
 export declare class TransportFactory {
     static establish(config: TransportConfig): Transport;
 }

package/dist/types/core/aggregation/transport/factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../../../src/core/aggregation/transport/factory.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,aAAa,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;GAGG;AACH,qBAAa,gBAAgB;IAC3B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,SAAS;CAarD"}
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../../../src/core/aggregation/transport/factory.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAElE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAGlE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,yEAAyE;AACzE,MAAM,MAAM,eAAe,GACvB,0BAA0B,GAC1B,4BAA4B,GAC5B,+BAA+B,GAC/B,+BAA+B,CAAC;AAEpC,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,+BAAgC,SAAQ,yBAAyB;IAChF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,QAAQ,CAAC;CAChB;AAED,MAAM,WAAW,+BAAgC,SAAQ,yBAAyB;IAChF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,QAAQ,CAAC;CAChB;AAED,gDAAgD;AAChD,qBAAa,gBAAgB;IAC3B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,SAAS;CAwBrD"}

package/dist/types/core/aggregation/transport/http/client.d.ts

@@ -0,0 +1,48 @@
+import type { SchnorrKeyPair } from '@did-btcr2/keypair';
+import type { Logger } from '../../logger.js';
+import type { BaseMessage } from '../../messages/base.js';
+import type { MessageHandler, Transport } from '../transport.js';
+export interface HttpClientTransportConfig {
+    /** Base URL of the aggregation service (e.g. `https://aggregator.example.com/`). */
+    baseUrl: string | URL;
+    /** Custom `fetch` implementation (tests, Workers, React Native). Defaults to `globalThis.fetch`. */
+    fetchImpl?: typeof fetch;
+    /** Diagnostic logger. Defaults to {@link CONSOLE_LOGGER}. */
+    logger?: Logger;
+    /** Reconnect backoff (ms) given attempt count (0-based). */
+    reconnectBackoff?: (attempt: number) => number;
+    /** Envelope / request-auth clock-skew tolerance in seconds. */
+    clockSkewSec?: number;
+}
+/** Default exponential backoff: 1s, 2s, 4s, ..., capped at 30s, 20% jitter. */
+export declare function defaultReconnectBackoff(attempt: number): number;
+/**
+ * HTTP transport client. Implements the transport-agnostic {@link Transport}
+ * interface; the wire is fetch-based SSE for incoming events and fetch-based
+ * POST for outgoing messages. All runtime I/O goes through `fetchImpl` so
+ * tests can substitute a mock without touching the network.
+ */
+export declare class HttpClientTransport implements Transport {
+    #private;
+    readonly name = "http";
+    constructor(config: HttpClientTransportConfig);
+    start(): void;
+    /**
+     * Tear down all SSE subscriptions and stop reconnect loops. Not part of the
+     * {@link Transport} interface, but needed in tests and whenever a client
+     * wants to cleanly disconnect without unregistering every actor.
+     *
+     * Idempotent. Actors remain registered (re-call {@link start} to resume).
+     */
+    stop(): void;
+    registerActor(did: string, keys: SchnorrKeyPair): void;
+    unregisterActor(did: string): void;
+    getActorPk(did: string): Uint8Array | undefined;
+    registerPeer(did: string, communicationPk: Uint8Array): void;
+    getPeerPk(did: string): Uint8Array | undefined;
+    registerMessageHandler(actorDid: string, messageType: string, handler: MessageHandler): void;
+    unregisterMessageHandler(actorDid: string, messageType: string): void;
+    sendMessage(message: BaseMessage, sender: string, recipient?: string): Promise<void>;
+    publishRepeating(message: BaseMessage, sender: string, intervalMs: number, recipient?: string): () => void;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/types/core/aggregation/transport/http/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAYjE,MAAM,WAAW,yBAAyB;IACxC,oFAAoF;IACpF,OAAO,EAAE,MAAM,GAAG,GAAG,CAAC;IACtB,oGAAoG;IACpG,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,gBAAgB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,CAAC;IAC/C,+DAA+D;IAC/D,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+EAA+E;AAC/E,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAI/D;AAQD;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,SAAS;;IACnD,QAAQ,CAAC,IAAI,UAAU;gBAcX,MAAM,EAAE,yBAAyB;IAkB7C,KAAK,IAAI,IAAI;IAYb;;;;;;OAMG;IACH,IAAI,IAAI,IAAI;IAUZ,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,IAAI;IAStD,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAQlC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAI/C,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,UAAU,GAAG,IAAI;IAa5D,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAI9C,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,IAAI;IAY5F,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI/D,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiC1F,gBAAgB,CACd,OAAO,EAAI,WAAW,EACtB,MAAM,EAAK,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,IAAI;CAuKd"}

package/dist/types/core/aggregation/transport/http/envelope.d.ts

@@ -0,0 +1,64 @@
+import type { CompressedSecp256k1PublicKey, SchnorrKeyPair } from '@did-btcr2/keypair';
+import type { BaseMessage } from '../../messages/base.js';
+import { type SignedEnvelope } from './protocol.js';
+/** Any shape acceptable as an envelope payload. `BaseMessage` instances are
+ *  `toJSON`-normalized before signing so class vs. POJO callers produce the
+ *  same canonical form. */
+export type EnvelopeMessage = BaseMessage | Record<string, unknown>;
+export interface SignEnvelopeOptions {
+    /** Recipient DID. Omit for broadcasts. */
+    to?: string;
+    /** Override the random nonce (tests). */
+    nonce?: string;
+    /** Override the unix-seconds timestamp (tests). */
+    timestamp?: number;
+}
+export interface VerifyEnvelopeOptions {
+    /** Reject if `envelope.from` doesn't match. */
+    expectedFrom?: string;
+    /** Reject if `envelope.to` doesn't match. Pass `undefined` to require a broadcast. */
+    expectedTo?: string;
+    /** Clock-skew tolerance (seconds). Defaults to {@link DEFAULT_CLOCK_SKEW_SEC}. */
+    clockSkewSec?: number;
+    /** Clock override (tests). Defaults to `Date.now`. */
+    now?: () => number;
+}
+/**
+ * Build a {@link SignedEnvelope} around `message`.
+ *
+ * Pure function — no I/O beyond `randomBytes` for nonce generation (which
+ * uses the platform's cryptographic RNG: `crypto.getRandomValues` in browsers,
+ * `node:crypto` in Node). Deterministic when both `nonce` and `timestamp` are
+ * supplied via {@link SignEnvelopeOptions}.
+ */
+export declare function signEnvelope(message: EnvelopeMessage, sender: {
+    did: string;
+    keys: SchnorrKeyPair;
+}, opts?: SignEnvelopeOptions): SignedEnvelope;
+/**
+ * Verify a {@link SignedEnvelope} against the sender's compressed secp256k1
+ * communication public key. Throws {@link HttpTransportError} on any failure;
+ * returns normally on success.
+ *
+ * Does NOT check nonce uniqueness — replay protection is the caller's
+ * responsibility (the server-side transport maintains an LRU cache).
+ */
+export declare function verifyEnvelope(envelope: SignedEnvelope, senderPk: CompressedSecp256k1PublicKey, opts?: VerifyEnvelopeOptions): void;
+/**
+ * Recursively replace `Uint8Array` values with `{ __bytes: hex }` sentinel
+ * objects so they survive JSON canonicalization / HTTP body serialization.
+ * Pairs with {@link reviveFromWire}.
+ *
+ * Without this, `JSON.stringify` serializes a `Uint8Array` as an index-keyed
+ * object (`{"0":1,"1":2,...}`), which `canonicalize` then re-parses into a
+ * plain object — the receiver cannot reconstruct the original bytes even
+ * though the signature still verifies.
+ */
+export declare function normalizeForWire(value: unknown): unknown;
+/**
+ * Recursively convert `{ __bytes: hex }` sentinels back into `Uint8Array`
+ * values. Call on `envelope.message` *after* successful verification and
+ * before handing the payload to a runner's handler.
+ */
+export declare function reviveFromWire(value: unknown): unknown;
+//# sourceMappingURL=envelope.d.ts.map

package/dist/types/core/aggregation/transport/http/envelope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/envelope.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,4BAA4B,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAGvF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAE1D,OAAO,EAIL,KAAK,cAAc,EACpB,MAAM,eAAe,CAAC;AAEvB;;2BAE2B;AAC3B,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpE,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,qBAAqB;IACpC,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sFAAsF;IACtF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kFAAkF;IAClF,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sDAAsD;IACtD,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,eAAe,EACxB,MAAM,EAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,cAAc,CAAA;CAAE,EAC9C,IAAI,GAAK,mBAAwB,GAChC,cAAc,CAkBhB;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,cAAc,EACxB,QAAQ,EAAE,4BAA4B,EACtC,IAAI,GAAM,qBAA0B,GACnC,IAAI,CAgEN;AAUD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAexD;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAetD"}

package/dist/types/core/aggregation/transport/http/errors.d.ts

@@ -0,0 +1,9 @@
+import { TransportAdapterError } from '../error.js';
+/**
+ * Errors raised by the HTTP transport adapter. Extends {@link TransportAdapterError}
+ * so callers can catch HTTP-specific failures narrowly or transport failures broadly.
+ */
+export declare class HttpTransportError extends TransportAdapterError {
+    constructor(message: string, type?: string, data?: Record<string, any>);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/types/core/aggregation/transport/http/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,qBAAqB;gBAC/C,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAA6B,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CAG7F"}

package/dist/types/core/aggregation/transport/http/inbox-buffer.d.ts

@@ -0,0 +1,32 @@
+export interface StoredEvent {
+    /** Monotonic ID assigned at append time. Stable across the buffer's lifetime. */
+    id: string;
+    /** SSE event name. */
+    event: string;
+    /** SSE data payload (typically a JSON-stringified {@link SignedEnvelope}). */
+    data: string;
+}
+/**
+ * Fixed-capacity FIFO ring buffer of SSE events for a single actor's inbox.
+ *
+ * When a subscriber (re)connects with a `Last-Event-ID` header, the server
+ * uses {@link since} to replay everything that arrived while the subscriber
+ * was disconnected. Events older than the replay window (evicted from the
+ * ring) are unrecoverable — callers should choose `capacity` based on
+ * expected message rate × acceptable reconnect window.
+ */
+export declare class InboxBuffer {
+    #private;
+    constructor(capacity?: number);
+    /** Append an event. Returns the stored record (including its assigned id). */
+    append(event: string, data: string): StoredEvent;
+    /**
+     * Return stored events with id strictly greater than `lastEventId`. If
+     * `lastEventId` is unset or unparseable, returns everything currently
+     * retained.
+     */
+    since(lastEventId?: string): StoredEvent[];
+    /** Currently retained event count. */
+    size(): number;
+}
+//# sourceMappingURL=inbox-buffer.d.ts.map

package/dist/types/core/aggregation/transport/http/inbox-buffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inbox-buffer.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/inbox-buffer.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,iFAAiF;IACjF,EAAE,EAAE,MAAM,CAAC;IACX,sBAAsB;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,8EAA8E;IAC9E,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;GAQG;AACH,qBAAa,WAAW;;gBAKV,QAAQ,SAAM;IAK1B,8EAA8E;IAC9E,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW;IAOhD;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,WAAW,EAAE;IAO1C,sCAAsC;IACtC,IAAI,IAAI,MAAM;CAGf"}

package/dist/types/core/aggregation/transport/http/index.d.ts

@@ -0,0 +1,12 @@
+export * from './errors.js';
+export * from './protocol.js';
+export * from './envelope.js';
+export * from './sse-stream.js';
+export * from './sse-writer.js';
+export * from './request-auth.js';
+export * from './nonce-cache.js';
+export * from './rate-limiter.js';
+export * from './inbox-buffer.js';
+export * from './client.js';
+export * from './server.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/core/aggregation/transport/http/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}

package/dist/types/core/aggregation/transport/http/nonce-cache.d.ts

@@ -0,0 +1,26 @@
+export interface NonceCacheConfig {
+    /** Max distinct entries to retain before FIFO eviction. Default 10,000. */
+    maxEntries?: number;
+}
+/**
+ * Bounded anti-replay cache for `(did, nonce)` pairs.
+ *
+ * Replay windowing is the caller's responsibility — this cache only detects
+ * duplicates. Callers are expected to reject envelopes/headers whose timestamp
+ * is outside the clock-skew window *before* consulting the cache, so entries
+ * here are always within the protocol's acceptable window.
+ *
+ * Eviction is strict-FIFO (Map insertion order) once `maxEntries` is reached.
+ */
+export declare class NonceCache {
+    #private;
+    constructor(config?: NonceCacheConfig);
+    /**
+     * Record a nonce. Returns `true` if it was novel (caller should accept the
+     * request) or `false` if it was a replay (caller should reject).
+     */
+    store(did: string, nonce: string, timestampSec: number): boolean;
+    /** Current cache size. Exposed for observability and tests. */
+    size(): number;
+}
+//# sourceMappingURL=nonce-cache.d.ts.map

package/dist/types/core/aggregation/transport/http/nonce-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nonce-cache.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/nonce-cache.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,2EAA2E;IAC3E,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,qBAAa,UAAU;;gBAIT,MAAM,GAAE,gBAAqB;IAIzC;;;OAGG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAWhE,+DAA+D;IAC/D,IAAI,IAAI,MAAM;CAGf"}

package/dist/types/core/aggregation/transport/http/protocol.d.ts

@@ -0,0 +1,53 @@
+/**
+ * On-the-wire version of the HTTP transport envelope. Separate from
+ * {@link AGGREGATION_WIRE_VERSION} (which versions the aggregation protocol
+ * payloads) so transport-layer changes don't force a protocol bump.
+ */
+export declare const HTTP_ENVELOPE_VERSION = 1;
+/**
+ * HTTP routes served by {@link HttpServerTransport}. The `{did}` placeholder
+ * in {@link HTTP_ROUTE.ACTOR_INBOX} is substituted with a URL-safe DID at
+ * request time.
+ */
+export declare const HTTP_ROUTE: {
+    readonly ADVERTS: "/v1/adverts";
+    readonly MESSAGES: "/v1/messages";
+    readonly ACTOR_INBOX: "/v1/actors/{did}/inbox";
+    readonly WELL_KNOWN: "/v1/.well-known/aggregation";
+};
+/** Server-Sent Events event names used by the broadcast + inbox streams. */
+export declare const SSE_EVENT: {
+    readonly ADVERT: "advert";
+    readonly MESSAGE: "message";
+    readonly HEARTBEAT: "heartbeat";
+};
+/** Default clock-skew tolerance for envelope timestamps (seconds). */
+export declare const DEFAULT_CLOCK_SKEW_SEC = 60;
+/** Default length of the per-envelope anti-replay nonce (bytes). */
+export declare const DEFAULT_NONCE_LEN_BYTES = 16;
+/**
+ * Tamper-evident wrapper around an aggregation {@link BaseMessage}. Every
+ * authenticated HTTP request and inbox SSE event carries one of these.
+ *
+ * The signature is BIP340 Schnorr over the SHA-256 of the JCS-canonicalized
+ * envelope **excluding** the `sig` field. Receivers reconstruct the same
+ * canonical form, verify the signature against the sender's registered
+ * communication public key, and reject outside-skew timestamps.
+ */
+export interface SignedEnvelope {
+    /** Envelope format version; must equal {@link HTTP_ENVELOPE_VERSION}. */
+    v: number;
+    /** Sender DID. */
+    from: string;
+    /** Recipient DID. Omitted for broadcasts (e.g. COHORT_ADVERT). */
+    to?: string;
+    /** Unix seconds at which the envelope was produced. */
+    timestamp: number;
+    /** Hex-encoded random nonce, {@link DEFAULT_NONCE_LEN_BYTES} bytes. */
+    nonce: string;
+    /** Aggregation message payload (plain-JSON form, `toJSON`-normalized). */
+    message: Record<string, unknown>;
+    /** Hex-encoded 64-byte BIP340 Schnorr signature. */
+    sig: string;
+}
+//# sourceMappingURL=protocol.d.ts.map

package/dist/types/core/aggregation/transport/http/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/protocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,IAAI,CAAC;AAEvC;;;;GAIG;AACH,eAAO,MAAM,UAAU;;;;;CAKb,CAAC;AAEX,4EAA4E;AAC5E,eAAO,MAAM,SAAS;;;;CAIZ,CAAC;AAEX,sEAAsE;AACtE,eAAO,MAAM,sBAAsB,KAAK,CAAC;AAEzC,oEAAoE;AACpE,eAAO,MAAM,uBAAuB,KAAK,CAAC;AAE1C;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,yEAAyE;IACzE,CAAC,EAAE,MAAM,CAAC;IACV,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,uEAAuE;IACvE,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,oDAAoD;IACpD,GAAG,EAAE,MAAM,CAAC;CACb"}

package/dist/types/core/aggregation/transport/http/rate-limiter.d.ts

@@ -0,0 +1,41 @@
+export interface BucketState {
+    tokens: number;
+    lastRefillMs: number;
+}
+/**
+ * Pluggable storage backend for rate-limit state. The default
+ * {@link InMemoryRateLimitStore} is a plain Map; swap in Redis-backed or
+ * SQLite-backed implementations for multi-instance deployments.
+ */
+export interface RateLimitStore {
+    get(key: string): BucketState | undefined;
+    set(key: string, state: BucketState): void;
+}
+export declare class InMemoryRateLimitStore implements RateLimitStore {
+    #private;
+    get(key: string): BucketState | undefined;
+    set(key: string, state: BucketState): void;
+}
+export interface RateLimiterConfig {
+    /** Steady-state request rate per key (requests per second). Default 10. */
+    rps?: number;
+    /** Peak burst allowance (bucket capacity). Default 30. */
+    burst?: number;
+    /** Optional pluggable store. Defaults to an in-memory Map. */
+    store?: RateLimitStore;
+}
+/**
+ * Token-bucket rate limiter keyed by an opaque string (typically a verified
+ * sender DID). Tokens refill linearly at `rps` up to `burst`. Each `consume`
+ * call atomically debits one token or returns `false` to reject.
+ *
+ * The limiter is synchronous and deterministic given `nowMs` — tests can
+ * drive it with a fixed clock to exercise exact boundaries.
+ */
+export declare class RateLimiter {
+    #private;
+    constructor(config?: RateLimiterConfig);
+    /** Consume one token for `key`. Returns `true` if accepted, `false` if throttled. */
+    consume(key: string, nowMs: number): boolean;
+}
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/types/core/aggregation/transport/http/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/rate-limiter.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS,CAAC;IAC1C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;CAC5C;AAED,qBAAa,sBAAuB,YAAW,cAAc;;IAG3D,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAIzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI;CAG3C;AAED,MAAM,WAAW,iBAAiB;IAChC,2EAA2E;IAC3E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,KAAK,CAAC,EAAE,cAAc,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,qBAAa,WAAW;;gBAKV,MAAM,GAAE,iBAAsB;IAM1C,qFAAqF;IACrF,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;CAkB7C"}

package/dist/types/core/aggregation/transport/http/request-auth.d.ts

@@ -0,0 +1,50 @@
+import type { CompressedSecp256k1PublicKey, SchnorrKeyPair } from '@did-btcr2/keypair';
+/**
+ * `Authorization`-header scheme used to authenticate SSE subscription
+ * requests. The header value takes the form
+ * `BTCR2-Sig v=<n>,did=<did>,ts=<unix>,nonce=<hex>,sig=<hex>`.
+ *
+ * Used only for GET endpoints (SSE inbox subscribe). POST endpoints carry a
+ * full {@link SignedEnvelope} in the request body instead.
+ */
+export declare const REQUEST_AUTH_SCHEME = "BTCR2-Sig";
+export interface ParsedRequestAuth {
+    /** Transport envelope format version. */
+    v: number;
+    /** Subscriber DID. */
+    did: string;
+    /** Unix-seconds timestamp. */
+    ts: number;
+    /** Hex-encoded anti-replay nonce. */
+    nonce: string;
+    /** Hex-encoded 64-byte BIP340 signature. */
+    sig: string;
+}
+export interface BuildRequestAuthOptions {
+    nonce?: string;
+    timestamp?: number;
+}
+/**
+ * Build an `Authorization` header value proving the caller controls the
+ * private key for `did`. Covers a specific request path so the signature
+ * can't be replayed against a different endpoint.
+ */
+export declare function buildRequestAuth(did: string, keys: SchnorrKeyPair, path: string, opts?: BuildRequestAuthOptions): string;
+/**
+ * Parse a `BTCR2-Sig` auth header value into its structured fields. Does NOT
+ * verify the signature — call {@link verifyRequestAuth} for that.
+ */
+export declare function parseRequestAuth(headerValue: string): ParsedRequestAuth;
+export interface VerifyRequestAuthOptions {
+    clockSkewSec?: number;
+    now?: () => number;
+}
+/**
+ * Parse + verify an auth header. Throws {@link HttpTransportError} on any
+ * failure; returns the parsed fields on success.
+ *
+ * `expectedPath` must match the path the signature commits to. `senderPk`
+ * must correspond to the DID the signer claims.
+ */
+export declare function verifyRequestAuth(headerValue: string, expectedPath: string, senderPk: CompressedSecp256k1PublicKey, opts?: VerifyRequestAuthOptions): ParsedRequestAuth;
+//# sourceMappingURL=request-auth.d.ts.map

package/dist/types/core/aggregation/transport/http/request-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-auth.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/request-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,4BAA4B,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAMvF;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAE/C,MAAM,WAAW,iBAAiB;IAChC,yCAAyC;IACzC,CAAC,EAAE,MAAM,CAAC;IACV,sBAAsB;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,8BAA8B;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,qCAAqC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAG,MAAM,EACZ,IAAI,EAAE,cAAc,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,uBAA4B,GACjC,MAAM,CAcR;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,iBAAiB,CA4BvE;AAED,MAAM,WAAW,wBAAwB;IACvC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAG,MAAM,EACpB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAM,4BAA4B,EAC1C,IAAI,GAAU,wBAA6B,GAC1C,iBAAiB,CAmDnB"}

package/dist/types/core/aggregation/transport/http/server.d.ts

@@ -0,0 +1,110 @@
+import type { SchnorrKeyPair } from '@did-btcr2/keypair';
+import type { Logger } from '../../logger.js';
+import type { BaseMessage } from '../../messages/base.js';
+import type { MessageHandler, Transport } from '../transport.js';
+import { NonceCache } from './nonce-cache.js';
+import { RateLimiter } from './rate-limiter.js';
+/** Framework-agnostic incoming-request shape. */
+export interface HttpRequestLike {
+    method: string;
+    /** Either a full URL or path+query; path extraction works with both. */
+    url: string;
+    /** Header names MUST be lowercased. */
+    headers: Record<string, string>;
+    /** Request body (already read). Undefined for GETs. */
+    body?: string;
+    /** Optional remote-address hint for per-IP policies (advert rate limits etc). */
+    remoteAddr?: string;
+}
+/** Framework-agnostic outgoing-response shape. */
+export interface HttpResponseLike {
+    status: number;
+    headers: Record<string, string>;
+    body: string;
+}
+/**
+ * Framework-agnostic SSE stream handle. Callers (Express/Hono/Fastify/Workers)
+ * adapt this to their response-writing primitives. All methods are synchronous
+ * from the transport's perspective; the adapter is free to buffer/batch.
+ */
+export interface SseStream {
+    /** Write a named event with data and optional id. */
+    writeEvent(event: string, data: string, id?: string): void;
+    /** Write a comment frame (keepalive; ignored by parsers). */
+    writeComment(comment: string): void;
+    /** Close the stream from the server side. */
+    close(): void;
+    /** Register a callback fired when the client disconnects (or we close). */
+    onClose(cb: () => void): void;
+}
+export type CorsPolicy = {
+    mode: 'permissive';
+} | {
+    mode: 'allowlist';
+    origins: string[];
+} | {
+    mode: 'same-origin';
+};
+export interface HttpServerTransportConfig {
+    logger?: Logger;
+    /** CORS policy. Defaults to `{ mode: 'permissive' }`. */
+    cors?: CorsPolicy;
+    /** Envelope / request-auth clock-skew tolerance, seconds. */
+    clockSkewSec?: number;
+    /** Per-recipient inbox buffer size. Default 100. */
+    inboxBufferSize?: number;
+    /** Advert cache TTL, milliseconds. Default 5 minutes. */
+    advertTtlMs?: number;
+    /** Custom rate limiter (pre-configured). If absent, uses defaults. */
+    rateLimiter?: RateLimiter;
+    /** Custom nonce cache (pre-configured). If absent, uses defaults. */
+    nonceCache?: NonceCache;
+    /** SSE heartbeat interval, milliseconds. Default 20000. Set 0 to disable. */
+    heartbeatIntervalMs?: number;
+    /** Clock injection point for tests. Returns unix milliseconds. */
+    now?: () => number;
+}
+/**
+ * Server-side HTTP transport. Sans-I/O — the caller mounts
+ * {@link handleRequest} and {@link handleSse} under their HTTP framework of
+ * choice; the transport owns only in-memory state (actors, inboxes, advert
+ * cache, replay / rate-limit policies).
+ *
+ * Implements the generic {@link Transport} interface so the aggregation
+ * runners can drive it exactly the same way they drive {@link NostrTransport}
+ * or {@link HttpClientTransport}.
+ */
+export declare class HttpServerTransport implements Transport {
+    #private;
+    readonly name = "http";
+    constructor(config?: HttpServerTransportConfig);
+    start(): void;
+    /**
+     * Detach the transport: close every open SSE subscription, clear the advert
+     * cache, and drop all actor / peer / inbox state. Intended for shutdown and
+     * for test teardown.
+     */
+    stop(): void;
+    registerActor(did: string, keys: SchnorrKeyPair): void;
+    unregisterActor(did: string): void;
+    getActorPk(did: string): Uint8Array | undefined;
+    registerPeer(did: string, communicationPk: Uint8Array): void;
+    getPeerPk(did: string): Uint8Array | undefined;
+    registerMessageHandler(actorDid: string, messageType: string, handler: MessageHandler): void;
+    unregisterMessageHandler(actorDid: string, messageType: string): void;
+    sendMessage(message: BaseMessage, sender: string, recipient?: string): Promise<void>;
+    publishRepeating(message: BaseMessage, sender: string, _intervalMs: number, _recipient?: string): () => void;
+    /**
+     * Handle a POST / GET request (non-SSE). The caller dispatches SSE paths to
+     * {@link handleSse} instead. Returns a fully formed response; the caller's
+     * adapter turns it into an HTTP write.
+     */
+    handleRequest(req: HttpRequestLike): Promise<HttpResponseLike>;
+    /**
+     * Open an SSE stream for a GET request. The caller is responsible for
+     * flushing writes and propagating the `onClose` callback when the HTTP
+     * connection ends.
+     */
+    handleSse(req: HttpRequestLike, stream: SseStream): void;
+}
+//# sourceMappingURL=server.d.ts.map

package/dist/types/core/aggregation/transport/http/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAIjE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAQ9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGhD,iDAAiD;AACjD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iFAAiF;IACjF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,kDAAkD;AAClD,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,qDAAqD;IACrD,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3D,6DAA6D;IAC7D,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,6CAA6C;IAC7C,KAAK,IAAI,IAAI,CAAC;IACd,2EAA2E;IAC3E,OAAO,CAAC,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,GACxC;IAAE,IAAI,EAAE,aAAa,CAAA;CAAE,CAAC;AAE5B,MAAM,WAAW,yBAAyB;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oDAAoD;IACpD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sEAAsE;IACtE,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,qEAAqE;IACrE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,6EAA6E;IAC7E,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kEAAkE;IAClE,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAkCD;;;;;;;;;GASG;AACH,qBAAa,mBAAoB,YAAW,SAAS;;IACnD,QAAQ,CAAC,IAAI,UAAU;gBAqBX,MAAM,GAAE,yBAA8B;IAgBlD,KAAK,IAAI,IAAI;IAKb;;;;OAIG;IACH,IAAI,IAAI,IAAI;IAWZ,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,IAAI;IAItD,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKlC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAI/C,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,UAAU,GAAG,IAAI;IAa5D,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAI9C,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,IAAI;IAY5F,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI/D,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0B1F,gBAAgB,CACd,OAAO,EAAK,WAAW,EACvB,MAAM,EAAM,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,MAAM,GAClB,MAAM,IAAI;IAwBb;;;;OAIG;IACG,aAAa,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkBpE;;;;OAIG;IACH,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,GAAG,IAAI;CA4QzD"}

package/dist/types/core/aggregation/transport/http/sse-stream.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Parsed Server-Sent Events record.
+ *
+ * Events without a `data` field are never yielded (per the SSE spec — only a
+ * blank line that follows at least one `data:` line dispatches an event).
+ */
+export interface SseEvent {
+    /** Optional event name (from `event:` field). Defaults to "message" if omitted. */
+    event?: string;
+    /** Accumulated data payload (multiple `data:` lines joined with `\n`). */
+    data: string;
+    /** Last-Event-ID value for reconnect resumption. */
+    id?: string;
+    /** Retry delay hint in milliseconds. */
+    retry?: number;
+}
+/**
+ * Parse an SSE stream into an async iterable of {@link SseEvent} records.
+ *
+ * The parser follows the HTML Living Standard ({@link https://html.spec.whatwg.org/multipage/server-sent-events.html})
+ * closely enough for our needs: LF and CRLF line terminators, multi-line
+ * `data` fields, `event` / `id` / `retry` fields, and `:`-prefixed comments.
+ * CR-only line terminators are not supported (every mainstream SSE
+ * implementation emits LF or CRLF).
+ *
+ * Pure, runtime-agnostic — works anywhere `ReadableStream<Uint8Array>` and
+ * `TextDecoder` exist (browsers and Node 22+).
+ *
+ * The caller owns stream lifecycle: cancellation should be effected via an
+ * `AbortController` on the producing `fetch`, which propagates as a read
+ * error and cleanly unwinds this generator's `finally`.
+ */
+export declare function parseSseStream(readable: ReadableStream<Uint8Array>): AsyncGenerator<SseEvent, void, void>;
+//# sourceMappingURL=sse-stream.d.ts.map

package/dist/types/core/aggregation/transport/http/sse-stream.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse-stream.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/sse-stream.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,QAAQ;IACvB,mFAAmF;IACnF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAuB,cAAc,CACnC,QAAQ,EAAE,cAAc,CAAC,UAAU,CAAC,GACnC,cAAc,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAqFtC"}

package/dist/types/core/aggregation/transport/http/sse-writer.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Format an SSE event frame. Pairs with {@link parseSseStream}.
+ *
+ * Multi-line `data` is split across multiple `data:` lines per the SSE spec —
+ * each embedded `\n` becomes its own line, and the parser rejoins them.
+ *
+ * The returned string includes a trailing blank line (the dispatch marker).
+ */
+export declare function formatSseEvent(event: string, data: string, id?: string): string;
+/** SSE comment frame (server keepalive). Lines starting with `:` are ignored by compliant parsers. */
+export declare function formatSseComment(comment: string): string;
+//# sourceMappingURL=sse-writer.d.ts.map

package/dist/types/core/aggregation/transport/http/sse-writer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse-writer.d.ts","sourceRoot":"","sources":["../../../../../../src/core/aggregation/transport/http/sse-writer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAQ/E;AAED,sGAAsG;AACtG,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGxD"}

package/dist/types/core/aggregation/transport/index.d.ts

@@ -3,4 +3,5 @@ export * from './error.js';
 export * from './factory.js';
 export * from './nostr.js';
 export * from './didcomm.js';
+export * from './http/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/types/core/aggregation/transport/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/core/aggregation/transport/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/core/aggregation/transport/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC"}