@dxos/edge-client 0.6.13 → 0.6.14-main.69511f5

package/dist/lib/node/index.cjs

@@ -30,129 +30,86 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var node_exports = {};
 __export(node_exports, {
   EdgeClient: () => EdgeClient,
-  Protocol: () => Protocol,
-  getTypename: () => getTypename,
-  protocol: () => protocol,
-  toUint8Array: () => toUint8Array
+  EdgeConnectionClosedError: () => EdgeConnectionClosedError,
+  EdgeHttpClient: () => EdgeHttpClient,
+  EdgeIdentityChangedError: () => EdgeIdentityChangedError,
+  Protocol: () => import_chunk_ANV2HBEH.Protocol,
+  createChainEdgeIdentity: () => createChainEdgeIdentity,
+  createDeviceEdgeIdentity: () => createDeviceEdgeIdentity,
+  createEphemeralEdgeIdentity: () => createEphemeralEdgeIdentity,
+  createStubEdgeIdentity: () => createStubEdgeIdentity,
+  createTestHaloEdgeIdentity: () => createTestHaloEdgeIdentity,
+  getTypename: () => import_chunk_ANV2HBEH.getTypename,
+  handleAuthChallenge: () => handleAuthChallenge,
+  protocol: () => import_chunk_ANV2HBEH.protocol,
+  toUint8Array: () => import_chunk_ANV2HBEH.toUint8Array
 });
 module.exports = __toCommonJS(node_exports);
+var import_chunk_ANV2HBEH = require("./chunk-ANV2HBEH.cjs");
 __reExport(node_exports, require("@dxos/protocols/buf/dxos/edge/messenger_pb"), module.exports);
 var import_isomorphic_ws = __toESM(require("isomorphic-ws"));
 var import_async = require("@dxos/async");
 var import_context = require("@dxos/context");
-var import_invariant = require("@dxos/invariant");
 var import_log = require("@dxos/log");
 var import_buf = require("@dxos/protocols/buf");
 var import_messenger_pb = require("@dxos/protocols/buf/dxos/edge/messenger_pb");
-var import_wkt = require("@bufbuild/protobuf/wkt");
-var import_messenger_pb2 = require("@dxos/protocols/buf/dxos/edge/messenger_pb");
-var import_invariant2 = require("@dxos/invariant");
-var import_buf2 = require("@dxos/protocols/buf");
-var import_messenger_pb3 = require("@dxos/protocols/buf/dxos/edge/messenger_pb");
-var import_util = require("@dxos/util");
+var import_invariant = require("@dxos/invariant");
+var import_proto = require("@dxos/protocols/proto");
 var import_async2 = require("@dxos/async");
 var import_context2 = require("@dxos/context");
 var import_debug = require("@dxos/debug");
 var import_log2 = require("@dxos/log");
-var __dxlog_file = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/protocol.ts";
-var getTypename = (typeName) => `type.googleapis.com/${typeName}`;
-var Protocol = class {
-  constructor(types) {
-    this._typeRegistry = import_buf2.buf.createRegistry(...types);
-  }
-  get typeRegistry() {
-    return this._typeRegistry;
-  }
-  toJson(message) {
-    try {
-      return import_buf2.buf.toJson(import_messenger_pb3.MessageSchema, message, {
-        registry: this.typeRegistry
-      });
-    } catch (err) {
-      return {
-        type: this.getPayloadType(message)
-      };
-    }
-  }
-  /**
-  * Return the payload with the given type.
-  */
-  getPayload(message, type) {
-    (0, import_invariant2.invariant)(message.payload, void 0, {
-      F: __dxlog_file,
-      L: 40,
-      S: this,
-      A: [
-        "message.payload",
-        ""
-      ]
-    });
-    const payloadTypename = this.getPayloadType(message);
-    if (type && type.typeName !== payloadTypename) {
-      throw new Error(`Unexpected payload type: ${payloadTypename}; expected ${type.typeName}`);
-    }
-    (0, import_invariant2.invariant)(import_buf2.bufWkt.anyIs(message.payload, type), `Unexpected payload type: ${payloadTypename}}`, {
-      F: __dxlog_file,
-      L: 46,
-      S: this,
-      A: [
-        "bufWkt.anyIs(message.payload, type)",
-        "`Unexpected payload type: ${payloadTypename}}`"
-      ]
-    });
-    const payload = import_buf2.bufWkt.anyUnpack(message.payload, this.typeRegistry);
-    (0, import_invariant2.invariant)(payload, `Empty payload: ${payloadTypename}}`, {
-      F: __dxlog_file,
-      L: 48,
-      S: this,
-      A: [
-        "payload",
-        "`Empty payload: ${payloadTypename}}`"
-      ]
-    });
-    return payload;
-  }
-  /**
-  * Get the payload type.
-  */
-  getPayloadType(message) {
-    if (!message.payload) {
-      return void 0;
-    }
-    const [, type] = message.payload.typeUrl.split("/");
-    return type;
-  }
-  /**
-  * Create a packed message.
-  */
-  createMessage(type, { source, target, payload, serviceId }) {
-    return import_buf2.buf.create(import_messenger_pb3.MessageSchema, {
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      source,
-      target,
-      serviceId,
-      payload: payload ? import_buf2.bufWkt.anyPack(type, import_buf2.buf.create(type, payload)) : void 0
-    });
-  }
+var import_credentials = require("@dxos/credentials");
+var import_keyring = require("@dxos/keyring");
+var import_keys = require("@dxos/keys");
+var import_async3 = require("@dxos/async");
+var import_context3 = require("@dxos/context");
+var import_log3 = require("@dxos/log");
+var import_protocols = require("@dxos/protocols");
+var __dxlog_file = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
+var handleAuthChallenge = async (failedResponse, identity) => {
+  (0, import_invariant.invariant)(failedResponse.status === 401, void 0, {
+    F: __dxlog_file,
+    L: 21,
+    S: void 0,
+    A: [
+      "failedResponse.status === 401",
+      ""
+    ]
+  });
+  const headerValue = failedResponse.headers.get("Www-Authenticate");
+  (0, import_invariant.invariant)(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
+    F: __dxlog_file,
+    L: 24,
+    S: void 0,
+    A: [
+      "headerValue?.startsWith('VerifiablePresentation challenge=')",
+      ""
+    ]
+  });
+  const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
+  (0, import_invariant.invariant)(challenge, void 0, {
+    F: __dxlog_file,
+    L: 27,
+    S: void 0,
+    A: [
+      "challenge",
+      ""
+    ]
+  });
+  const presentation = await identity.presentCredentials({
+    challenge: Buffer.from(challenge, "base64")
+  });
+  return import_proto.schema.getCodecForType("dxos.halo.credentials.Presentation").encode(presentation);
 };
-var toUint8Array = async (data) => {
-  if (data instanceof Buffer) {
-    return (0, import_util.bufferToArray)(data);
-  }
-  if (data instanceof Blob) {
-    return new Uint8Array(await data.arrayBuffer());
+var EdgeConnectionClosedError = class extends Error {
+  constructor() {
+    super("Edge connection closed.");
   }
-  throw new Error(`Unexpected datatype: ${data}`);
 };
-var protocol = new Protocol([
-  import_messenger_pb2.SwarmRequestSchema,
-  import_messenger_pb2.SwarmResponseSchema,
-  import_messenger_pb2.TextMessageSchema,
-  import_wkt.AnySchema
-]);
-var WebsocketClosedError = class extends Error {
+var EdgeIdentityChangedError = class extends Error {
   constructor() {
-    super("WebSocket connection closed");
+    super("Edge identity changed.");
   }
 };
 function _ts_decorate(decorators, target, key, desc) {
@@ -242,16 +199,22 @@ _ts_decorate([
 _ts_decorate([
   import_async2.synchronized
 ], PersistentLifecycle.prototype, "scheduleRestart", null);
+var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
+  const isSecure = baseUrl.startsWith("https") || baseUrl.startsWith("wss");
+  const url = new URL(baseUrl);
+  url.protocol = protocol2 + (isSecure ? "s" : "");
+  return url.toString();
+};
 var __dxlog_file3 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 var DEFAULT_TIMEOUT = 1e4;
 var SIGNAL_KEEPALIVE_INTERVAL = 5e3;
 var EdgeClient = class extends import_context.Resource {
-  constructor(_identityKey, _peerKey, _config) {
+  constructor(_identity, _config) {
     super();
-    this._identityKey = _identityKey;
-    this._peerKey = _peerKey;
+    this._identity = _identity;
     this._config = _config;
     this.reconnect = new import_async.Event();
+    this.connected = new import_async.Event();
     this._persistentLifecycle = new PersistentLifecycle({
       start: async () => this._openWebSocket(),
       stop: async () => this._closeWebSocket(),
@@ -262,26 +225,40 @@ var EdgeClient = class extends import_context.Resource {
     this._ws = void 0;
     this._keepaliveCtx = void 0;
     this._heartBeatContext = void 0;
-    this._protocol = this._config.protocol ?? protocol;
+    this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
+    this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
   }
   // TODO(burdon): Attach logging.
   get info() {
     return {
       open: this.isOpen,
-      identity: this._identityKey,
-      device: this._peerKey
+      identity: this._identity.identityKey,
+      device: this._identity.peerKey
     };
   }
+  get isConnected() {
+    return Boolean(this._ws) && this._ready.state === import_async.TriggerState.RESOLVED;
+  }
   get identityKey() {
-    return this._identityKey;
+    return this._identity.identityKey;
   }
   get peerKey() {
-    return this._peerKey;
+    return this._identity.peerKey;
   }
-  setIdentity({ peerKey, identityKey }) {
-    this._peerKey = peerKey;
-    this._identityKey = identityKey;
-    this._persistentLifecycle.scheduleRestart();
+  setIdentity(identity) {
+    if (identity.identityKey !== this._identity.identityKey || identity.peerKey !== this._identity.peerKey) {
+      (0, import_log.log)("Edge identity changed", {
+        identity,
+        oldIdentity: this._identity
+      }, {
+        F: __dxlog_file3,
+        L: 99,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      this._identity = identity;
+      this._persistentLifecycle.scheduleRestart();
+    }
   }
   addListener(listener) {
     this._listeners.add(listener);
@@ -295,7 +272,7 @@ var EdgeClient = class extends import_context.Resource {
       info: this.info
     }, {
       F: __dxlog_file3,
-      L: 101,
+      L: 114,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -304,7 +281,7 @@ var EdgeClient = class extends import_context.Resource {
         err
       }, {
         F: __dxlog_file3,
-        L: 103,
+        L: 116,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -315,31 +292,48 @@ var EdgeClient = class extends import_context.Resource {
   */
   async _close() {
     (0, import_log.log)("closing...", {
-      peerKey: this._peerKey
+      peerKey: this._identity.peerKey
     }, {
       F: __dxlog_file3,
-      L: 111,
+      L: 124,
       S: this,
       C: (f, a) => f(...a)
     });
     await this._persistentLifecycle.close();
   }
   async _openWebSocket() {
-    const url = new URL(`/ws/${this._identityKey}/${this._peerKey}`, this._config.socketEndpoint);
-    this._ws = new import_isomorphic_ws.default(url);
+    if (this._ctx.disposed) {
+      return;
+    }
+    const path = `/ws/${this._identity.identityKey}/${this._identity.peerKey}`;
+    const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
+    const url = new URL(path, this._baseWsUrl);
+    (0, import_log.log)("Opening websocket", {
+      url: url.toString(),
+      protocolHeader
+    }, {
+      F: __dxlog_file3,
+      L: 136,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    this._ws = new import_isomorphic_ws.default(url, protocolHeader ? [
+      protocolHeader
+    ] : []);
     this._ws.onopen = () => {
       (0, import_log.log)("opened", this.info, {
         F: __dxlog_file3,
-        L: 120,
+        L: 140,
         S: this,
         C: (f, a) => f(...a)
       });
       this._ready.wake();
+      this.connected.emit();
     };
     this._ws.onclose = () => {
       (0, import_log.log)("closed", this.info, {
         F: __dxlog_file3,
-        L: 124,
+        L: 145,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -351,7 +345,7 @@ var EdgeClient = class extends import_context.Resource {
         info: event.message
       }, {
         F: __dxlog_file3,
-        L: 128,
+        L: 149,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -362,14 +356,14 @@ var EdgeClient = class extends import_context.Resource {
         this._onHeartbeat();
         return;
       }
-      const data = await toUint8Array(event.data);
+      const data = await (0, import_chunk_ANV2HBEH.toUint8Array)(event.data);
       const message = import_buf.buf.fromBinary(import_messenger_pb.MessageSchema, data);
       (0, import_log.log)("received", {
-        peerKey: this._peerKey,
-        payload: protocol.getPayloadType(message)
+        peerKey: this._identity.peerKey,
+        payload: import_chunk_ANV2HBEH.protocol.getPayloadType(message)
       }, {
         F: __dxlog_file3,
-        L: 141,
+        L: 162,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -380,10 +374,10 @@ var EdgeClient = class extends import_context.Resource {
           } catch (err) {
             import_log.log.error("processing", {
               err,
-              payload: protocol.getPayloadType(message)
+              payload: import_chunk_ANV2HBEH.protocol.getPayloadType(message)
             }, {
               F: __dxlog_file3,
-              L: 147,
+              L: 168,
               S: this,
               C: (f, a) => f(...a)
             });
@@ -394,9 +388,18 @@ var EdgeClient = class extends import_context.Resource {
     await this._ready.wait({
       timeout: this._config.timeout ?? DEFAULT_TIMEOUT
     });
+    (0, import_log.log)("Websocket is ready", {
+      identity: this._identity.identityKey,
+      peer: this._identity.peerKey
+    }, {
+      F: __dxlog_file3,
+      L: 176,
+      S: this,
+      C: (f, a) => f(...a)
+    });
     this._keepaliveCtx = new import_context.Context(void 0, {
       F: __dxlog_file3,
-      L: 154
+      L: 179
     });
     (0, import_async.scheduleTaskInterval)(this._keepaliveCtx, async () => {
       this._ws?.send("__ping__");
@@ -409,7 +412,7 @@ var EdgeClient = class extends import_context.Resource {
       return;
     }
     try {
-      this._ready.throw(new WebsocketClosedError());
+      this._ready.throw(this.isOpen ? new EdgeIdentityChangedError() : new EdgeConnectionClosedError());
       this._ready.reset();
       void this._keepaliveCtx?.dispose();
       this._keepaliveCtx = void 0;
@@ -431,7 +434,7 @@ var EdgeClient = class extends import_context.Resource {
         err
       }, {
         F: __dxlog_file3,
-        L: 190,
+        L: 215,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -443,34 +446,28 @@ var EdgeClient = class extends import_context.Resource {
   */
   async send(message) {
     if (this._ready.state !== import_async.TriggerState.RESOLVED) {
+      (0, import_log.log)("waiting for websocket to become ready", void 0, {
+        F: __dxlog_file3,
+        L: 225,
+        S: this,
+        C: (f, a) => f(...a)
+      });
       await this._ready.wait({
         timeout: this._config.timeout ?? DEFAULT_TIMEOUT
       });
     }
-    (0, import_invariant.invariant)(this._ws, void 0, {
-      F: __dxlog_file3,
-      L: 202,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
-    (0, import_invariant.invariant)(!message.source || message.source.peerKey === this._peerKey, void 0, {
-      F: __dxlog_file3,
-      L: 203,
-      S: this,
-      A: [
-        "!message.source || message.source.peerKey === this._peerKey",
-        ""
-      ]
-    });
+    if (!this._ws) {
+      throw new EdgeConnectionClosedError();
+    }
+    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
+      throw new EdgeIdentityChangedError();
+    }
     (0, import_log.log)("sending...", {
-      peerKey: this._peerKey,
-      payload: protocol.getPayloadType(message)
+      peerKey: this._identity.peerKey,
+      payload: import_chunk_ANV2HBEH.protocol.getPayloadType(message)
     }, {
       F: __dxlog_file3,
-      L: 204,
+      L: 238,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -483,18 +480,331 @@ var EdgeClient = class extends import_context.Resource {
     void this._heartBeatContext?.dispose();
     this._heartBeatContext = new import_context.Context(void 0, {
       F: __dxlog_file3,
-      L: 213
+      L: 247
     });
     (0, import_async.scheduleTask)(this._heartBeatContext, () => {
       this._persistentLifecycle.scheduleRestart();
     }, 2 * SIGNAL_KEEPALIVE_INTERVAL);
   }
+  async _createAuthHeader(path) {
+    const httpUrl = new URL(path, this._baseHttpUrl);
+    httpUrl.protocol = getEdgeUrlWithProtocol(this._baseWsUrl.toString(), "http");
+    const response = await fetch(httpUrl, {
+      method: "GET"
+    });
+    if (response.status === 401) {
+      return encodePresentationWsAuthHeader(await handleAuthChallenge(response, this._identity));
+    } else {
+      import_log.log.warn("no auth challenge from edge", {
+        status: response.status,
+        statusText: response.statusText
+      }, {
+        F: __dxlog_file3,
+        L: 264,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      return void 0;
+    }
+  }
+};
+var encodePresentationWsAuthHeader = (encodedPresentation) => {
+  const encodedToken = Buffer.from(encodedPresentation).toString("base64").replace(/=*$/, "").replaceAll("/", "|");
+  return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
+};
+var createDeviceEdgeIdentity = async (signer, key) => {
+  return {
+    identityKey: key.toHex(),
+    peerKey: key.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return (0, import_credentials.signPresentation)({
+        presentation: {
+          credentials: [
+            // Verifier requires at least one credential in the presentation to establish the subject.
+            await (0, import_credentials.createCredential)({
+              assertion: {
+                "@type": "dxos.halo.credentials.Auth"
+              },
+              issuer: key,
+              subject: key,
+              signer
+            })
+          ]
+        },
+        signer,
+        signerKey: key,
+        nonce: challenge
+      });
+    }
+  };
+};
+var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
+  const credentialsToSign = credentials.length > 0 ? credentials : [
+    await (0, import_credentials.createCredential)({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer,
+      chain,
+      signingKey: peerKey
+    })
+  ];
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: peerKey.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return (0, import_credentials.signPresentation)({
+        presentation: {
+          credentials: credentialsToSign
+        },
+        signer,
+        nonce: challenge,
+        signerKey: peerKey,
+        chain
+      });
+    }
+  };
+};
+var createEphemeralEdgeIdentity = async () => {
+  const keyring = new import_keyring.Keyring();
+  const key = await keyring.createKey();
+  return createDeviceEdgeIdentity(keyring, key);
+};
+var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
+  const deviceAdmission = await (0, import_credentials.createCredential)({
+    assertion: {
+      "@type": "dxos.halo.credentials.AuthorizedDevice",
+      deviceKey,
+      identityKey
+    },
+    issuer: identityKey,
+    subject: deviceKey,
+    signer
+  });
+  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
+    credential: deviceAdmission
+  }, [
+    await (0, import_credentials.createCredential)({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer
+    })
+  ]);
+};
+var createStubEdgeIdentity = () => {
+  const identityKey = import_keys.PublicKey.random();
+  const deviceKey = import_keys.PublicKey.random();
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: deviceKey.toHex(),
+    presentCredentials: async () => {
+      throw new Error("Stub identity does not support authentication.");
+    }
+  };
+};
+var __dxlog_file4 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+var DEFAULT_RETRY_TIMEOUT = 1500;
+var DEFAULT_RETRY_JITTER = 500;
+var DEFAULT_MAX_RETRIES_COUNT = 3;
+var EdgeHttpClient = class {
+  constructor(baseUrl) {
+    this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    (0, import_log3.log)("created", {
+      url: this._baseUrl
+    }, {
+      F: __dxlog_file4,
+      L: 42,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+  }
+  setIdentity(identity) {
+    this._edgeIdentity = identity;
+  }
+  createAgent(body, args) {
+    return this._call("/agents/create", {
+      ...args,
+      method: "POST",
+      body
+    });
+  }
+  getAgentStatus(request, args) {
+    return this._call(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, {
+      ...args,
+      method: "GET"
+    });
+  }
+  getCredentialsForNotarization(spaceId, args) {
+    return this._call(`/spaces/${spaceId}/notarization`, {
+      ...args,
+      method: "GET"
+    });
+  }
+  async notarizeCredentials(spaceId, body, args) {
+    await this._call(`/spaces/${spaceId}/notarization`, {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async joinSpaceByInvitation(spaceId, body, args) {
+    return this._call(`/spaces/${spaceId}/join`, {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async recoverIdentity(body, args) {
+    return this._call("/identity/recover", {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async _call(path, args) {
+    const requestContext = args.context ?? new import_context3.Context(void 0, {
+      F: __dxlog_file4,
+      L: 88
+    });
+    const shouldRetry = createRetryHandler(args);
+    const url = `${this._baseUrl}${path.startsWith("/") ? path.slice(1) : path}`;
+    import_log3.log.info("call", {
+      method: args.method,
+      path,
+      request: args.body
+    }, {
+      F: __dxlog_file4,
+      L: 92,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    let handledAuth = false;
+    let authHeader = this._authHeader;
+    while (true) {
+      let processingError;
+      let retryAfterHeaderValue = Number.NaN;
+      try {
+        const request = createRequest(args, authHeader);
+        const response = await fetch(url, request);
+        retryAfterHeaderValue = Number(response.headers.get("Retry-After"));
+        if (response.ok) {
+          const body = await response.json();
+          if (body.success) {
+            return body.data;
+          }
+          import_log3.log.info("unsuccessful edge response", {
+            path,
+            body
+          }, {
+            F: __dxlog_file4,
+            L: 111,
+            S: this,
+            C: (f, a) => f(...a)
+          });
+          if (body.errorData?.type === "auth_challenge" && typeof body.errorData?.challenge === "string") {
+            processingError = new import_protocols.EdgeAuthChallengeError(body.errorData.challenge, body.errorData);
+          } else {
+            processingError = import_protocols.EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
+          }
+        } else if (response.status === 401 && !handledAuth) {
+          authHeader = await this._handleUnauthorized(response);
+          handledAuth = true;
+          continue;
+        } else {
+          processingError = import_protocols.EdgeCallFailedError.fromHttpFailure(response);
+        }
+      } catch (error) {
+        processingError = import_protocols.EdgeCallFailedError.fromProcessingFailureCause(error);
+      }
+      if (processingError.isRetryable && await shouldRetry(requestContext, retryAfterHeaderValue)) {
+        import_log3.log.info("retrying edge request", {
+          path,
+          processingError
+        }, {
+          F: __dxlog_file4,
+          L: 130,
+          S: this,
+          C: (f, a) => f(...a)
+        });
+      } else {
+        throw processingError;
+      }
+    }
+  }
+  async _handleUnauthorized(response) {
+    if (!this._edgeIdentity) {
+      import_log3.log.warn("edge unauthorized response received before identity was set", void 0, {
+        F: __dxlog_file4,
+        L: 139,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      throw import_protocols.EdgeCallFailedError.fromHttpFailure(response);
+    }
+    const challenge = await handleAuthChallenge(response, this._edgeIdentity);
+    this._authHeader = encodeAuthHeader(challenge);
+    (0, import_log3.log)("auth header updated", void 0, {
+      F: __dxlog_file4,
+      L: 144,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    return this._authHeader;
+  }
+};
+var createRetryHandler = (args) => {
+  if (!args.retry || args.retry.count < 1) {
+    return async () => false;
+  }
+  let retries = 0;
+  const maxRetries = args.retry.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = args.retry.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = args.retry.jitter ?? DEFAULT_RETRY_JITTER;
+  return async (ctx, retryAfter) => {
+    if (++retries > maxRetries || ctx.disposed) {
+      return false;
+    }
+    if (retryAfter) {
+      await (0, import_async3.sleep)(retryAfter);
+    } else {
+      const timeout = baseTimeout + Math.random() * jitter;
+      await (0, import_async3.sleep)(timeout);
+    }
+    return true;
+  };
+};
+var createRequest = (args, authHeader) => {
+  return {
+    method: args.method,
+    body: args.body && JSON.stringify(args.body),
+    headers: authHeader ? {
+      Authorization: authHeader
+    } : void 0
+  };
+};
+var encodeAuthHeader = (challenge) => {
+  const encodedChallenge = Buffer.from(challenge).toString("base64");
+  return `VerifiablePresentation pb;base64,${encodedChallenge}`;
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   EdgeClient,
+  EdgeConnectionClosedError,
+  EdgeHttpClient,
+  EdgeIdentityChangedError,
   Protocol,
+  createChainEdgeIdentity,
+  createDeviceEdgeIdentity,
+  createEphemeralEdgeIdentity,
+  createStubEdgeIdentity,
+  createTestHaloEdgeIdentity,
   getTypename,
+  handleAuthChallenge,
   protocol,
   toUint8Array,
   ...require("@dxos/protocols/buf/dxos/edge/messenger_pb")