@dxos/edge-client 0.6.13 → 0.6.14-main.7bd9c89

package/dist/lib/browser/index.mjs

@@ -1,3 +1,10 @@
+import {
+  Protocol,
+  getTypename,
+  protocol,
+  toUint8Array
+} from "./chunk-ZWJXA37R.mjs";
+
 // packages/core/mesh/edge-client/src/index.ts
 export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
 
@@ -5,123 +12,59 @@ export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
 import WebSocket from "isomorphic-ws";
 import { Trigger, Event, scheduleTaskInterval, scheduleTask, TriggerState } from "@dxos/async";
 import { Context, LifecycleState as LifecycleState2, Resource as Resource2 } from "@dxos/context";
-import { invariant as invariant2 } from "@dxos/invariant";
 import { log as log2 } from "@dxos/log";
-import { buf as buf2 } from "@dxos/protocols/buf";
-import { MessageSchema as MessageSchema2 } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
-
-// packages/core/mesh/edge-client/src/defs.ts
-import { AnySchema } from "@bufbuild/protobuf/wkt";
-import { SwarmRequestSchema, SwarmResponseSchema, TextMessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+import { buf } from "@dxos/protocols/buf";
+import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
 
-// packages/core/mesh/edge-client/src/protocol.ts
+// packages/core/mesh/edge-client/src/edge-identity.ts
 import { invariant } from "@dxos/invariant";
-import { buf, bufWkt } from "@dxos/protocols/buf";
-import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
-import { bufferToArray } from "@dxos/util";
-var __dxlog_file = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/protocol.ts";
-var getTypename = (typeName) => `type.googleapis.com/${typeName}`;
-var Protocol = class {
-  constructor(types) {
-    this._typeRegistry = buf.createRegistry(...types);
-  }
-  get typeRegistry() {
-    return this._typeRegistry;
-  }
-  toJson(message) {
-    try {
-      return buf.toJson(MessageSchema, message, {
-        registry: this.typeRegistry
-      });
-    } catch (err) {
-      return {
-        type: this.getPayloadType(message)
-      };
-    }
-  }
-  /**
-  * Return the payload with the given type.
-  */
-  getPayload(message, type) {
-    invariant(message.payload, void 0, {
-      F: __dxlog_file,
-      L: 40,
-      S: this,
-      A: [
-        "message.payload",
-        ""
-      ]
-    });
-    const payloadTypename = this.getPayloadType(message);
-    if (type && type.typeName !== payloadTypename) {
-      throw new Error(`Unexpected payload type: ${payloadTypename}; expected ${type.typeName}`);
-    }
-    invariant(bufWkt.anyIs(message.payload, type), `Unexpected payload type: ${payloadTypename}}`, {
-      F: __dxlog_file,
-      L: 46,
-      S: this,
-      A: [
-        "bufWkt.anyIs(message.payload, type)",
-        "`Unexpected payload type: ${payloadTypename}}`"
-      ]
-    });
-    const payload = bufWkt.anyUnpack(message.payload, this.typeRegistry);
-    invariant(payload, `Empty payload: ${payloadTypename}}`, {
-      F: __dxlog_file,
-      L: 48,
-      S: this,
-      A: [
-        "payload",
-        "`Empty payload: ${payloadTypename}}`"
-      ]
-    });
-    return payload;
-  }
-  /**
-  * Get the payload type.
-  */
-  getPayloadType(message) {
-    if (!message.payload) {
-      return void 0;
-    }
-    const [, type] = message.payload.typeUrl.split("/");
-    return type;
-  }
-  /**
-  * Create a packed message.
-  */
-  createMessage(type, { source, target, payload, serviceId }) {
-    return buf.create(MessageSchema, {
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      source,
-      target,
-      serviceId,
-      payload: payload ? bufWkt.anyPack(type, buf.create(type, payload)) : void 0
-    });
-  }
-};
-var toUint8Array = async (data) => {
-  if (data instanceof Buffer) {
-    return bufferToArray(data);
-  }
-  if (data instanceof Blob) {
-    return new Uint8Array(await data.arrayBuffer());
-  }
-  throw new Error(`Unexpected datatype: ${data}`);
+import { schema } from "@dxos/protocols/proto";
+var __dxlog_file = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
+var handleAuthChallenge = async (failedResponse, identity) => {
+  invariant(failedResponse.status === 401, void 0, {
+    F: __dxlog_file,
+    L: 21,
+    S: void 0,
+    A: [
+      "failedResponse.status === 401",
+      ""
+    ]
+  });
+  const headerValue = failedResponse.headers.get("Www-Authenticate");
+  invariant(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
+    F: __dxlog_file,
+    L: 24,
+    S: void 0,
+    A: [
+      "headerValue?.startsWith('VerifiablePresentation challenge=')",
+      ""
+    ]
+  });
+  const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
+  invariant(challenge, void 0, {
+    F: __dxlog_file,
+    L: 27,
+    S: void 0,
+    A: [
+      "challenge",
+      ""
+    ]
+  });
+  const presentation = await identity.presentCredentials({
+    challenge: Buffer.from(challenge, "base64")
+  });
+  return schema.getCodecForType("dxos.halo.credentials.Presentation").encode(presentation);
 };
 
-// packages/core/mesh/edge-client/src/defs.ts
-var protocol = new Protocol([
-  SwarmRequestSchema,
-  SwarmResponseSchema,
-  TextMessageSchema,
-  AnySchema
-]);
-
 // packages/core/mesh/edge-client/src/errors.ts
-var WebsocketClosedError = class extends Error {
+var EdgeConnectionClosedError = class extends Error {
   constructor() {
-    super("WebSocket connection closed");
+    super("Edge connection closed.");
+  }
+};
+var EdgeIdentityChangedError = class extends Error {
+  constructor() {
+    super("Edge identity changed.");
   }
 };
 
@@ -218,17 +161,25 @@ _ts_decorate([
   synchronized
 ], PersistentLifecycle.prototype, "scheduleRestart", null);
 
+// packages/core/mesh/edge-client/src/utils.ts
+var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
+  const isSecure = baseUrl.startsWith("https") || baseUrl.startsWith("wss");
+  const url = new URL(baseUrl);
+  url.protocol = protocol2 + (isSecure ? "s" : "");
+  return url.toString();
+};
+
 // packages/core/mesh/edge-client/src/edge-client.ts
 var __dxlog_file3 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 var DEFAULT_TIMEOUT = 1e4;
 var SIGNAL_KEEPALIVE_INTERVAL = 5e3;
 var EdgeClient = class extends Resource2 {
-  constructor(_identityKey, _peerKey, _config) {
+  constructor(_identity, _config) {
     super();
-    this._identityKey = _identityKey;
-    this._peerKey = _peerKey;
+    this._identity = _identity;
     this._config = _config;
     this.reconnect = new Event();
+    this.connected = new Event();
     this._persistentLifecycle = new PersistentLifecycle({
       start: async () => this._openWebSocket(),
       stop: async () => this._closeWebSocket(),
@@ -239,26 +190,40 @@ var EdgeClient = class extends Resource2 {
     this._ws = void 0;
     this._keepaliveCtx = void 0;
     this._heartBeatContext = void 0;
-    this._protocol = this._config.protocol ?? protocol;
+    this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
+    this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
   }
   // TODO(burdon): Attach logging.
   get info() {
     return {
       open: this.isOpen,
-      identity: this._identityKey,
-      device: this._peerKey
+      identity: this._identity.identityKey,
+      device: this._identity.peerKey
     };
   }
+  get isConnected() {
+    return Boolean(this._ws) && this._ready.state === TriggerState.RESOLVED;
+  }
   get identityKey() {
-    return this._identityKey;
+    return this._identity.identityKey;
   }
   get peerKey() {
-    return this._peerKey;
+    return this._identity.peerKey;
   }
-  setIdentity({ peerKey, identityKey }) {
-    this._peerKey = peerKey;
-    this._identityKey = identityKey;
-    this._persistentLifecycle.scheduleRestart();
+  setIdentity(identity) {
+    if (identity.identityKey !== this._identity.identityKey || identity.peerKey !== this._identity.peerKey) {
+      log2("Edge identity changed", {
+        identity,
+        oldIdentity: this._identity
+      }, {
+        F: __dxlog_file3,
+        L: 99,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      this._identity = identity;
+      this._persistentLifecycle.scheduleRestart();
+    }
   }
   addListener(listener) {
     this._listeners.add(listener);
@@ -272,7 +237,7 @@ var EdgeClient = class extends Resource2 {
       info: this.info
     }, {
       F: __dxlog_file3,
-      L: 101,
+      L: 114,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -281,7 +246,7 @@ var EdgeClient = class extends Resource2 {
         err
       }, {
         F: __dxlog_file3,
-        L: 103,
+        L: 116,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -292,31 +257,48 @@ var EdgeClient = class extends Resource2 {
   */
   async _close() {
     log2("closing...", {
-      peerKey: this._peerKey
+      peerKey: this._identity.peerKey
     }, {
       F: __dxlog_file3,
-      L: 111,
+      L: 124,
       S: this,
       C: (f, a) => f(...a)
     });
     await this._persistentLifecycle.close();
   }
   async _openWebSocket() {
-    const url = new URL(`/ws/${this._identityKey}/${this._peerKey}`, this._config.socketEndpoint);
-    this._ws = new WebSocket(url);
+    if (this._ctx.disposed) {
+      return;
+    }
+    const path = `/ws/${this._identity.identityKey}/${this._identity.peerKey}`;
+    const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
+    const url = new URL(path, this._baseWsUrl);
+    log2("Opening websocket", {
+      url: url.toString(),
+      protocolHeader
+    }, {
+      F: __dxlog_file3,
+      L: 136,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    this._ws = new WebSocket(url, protocolHeader ? [
+      protocolHeader
+    ] : []);
     this._ws.onopen = () => {
       log2("opened", this.info, {
         F: __dxlog_file3,
-        L: 120,
+        L: 140,
         S: this,
         C: (f, a) => f(...a)
       });
       this._ready.wake();
+      this.connected.emit();
     };
     this._ws.onclose = () => {
       log2("closed", this.info, {
         F: __dxlog_file3,
-        L: 124,
+        L: 145,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -328,7 +310,7 @@ var EdgeClient = class extends Resource2 {
         info: event.message
       }, {
         F: __dxlog_file3,
-        L: 128,
+        L: 149,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -340,13 +322,13 @@ var EdgeClient = class extends Resource2 {
         return;
       }
       const data = await toUint8Array(event.data);
-      const message = buf2.fromBinary(MessageSchema2, data);
+      const message = buf.fromBinary(MessageSchema, data);
       log2("received", {
-        peerKey: this._peerKey,
+        peerKey: this._identity.peerKey,
         payload: protocol.getPayloadType(message)
       }, {
         F: __dxlog_file3,
-        L: 141,
+        L: 162,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -360,7 +342,7 @@ var EdgeClient = class extends Resource2 {
               payload: protocol.getPayloadType(message)
             }, {
               F: __dxlog_file3,
-              L: 147,
+              L: 168,
               S: this,
               C: (f, a) => f(...a)
             });
@@ -371,9 +353,18 @@ var EdgeClient = class extends Resource2 {
     await this._ready.wait({
       timeout: this._config.timeout ?? DEFAULT_TIMEOUT
     });
+    log2("Websocket is ready", {
+      identity: this._identity.identityKey,
+      peer: this._identity.peerKey
+    }, {
+      F: __dxlog_file3,
+      L: 176,
+      S: this,
+      C: (f, a) => f(...a)
+    });
     this._keepaliveCtx = new Context(void 0, {
       F: __dxlog_file3,
-      L: 154
+      L: 179
     });
     scheduleTaskInterval(this._keepaliveCtx, async () => {
       this._ws?.send("__ping__");
@@ -386,7 +377,7 @@ var EdgeClient = class extends Resource2 {
       return;
     }
     try {
-      this._ready.throw(new WebsocketClosedError());
+      this._ready.throw(this.isOpen ? new EdgeIdentityChangedError() : new EdgeConnectionClosedError());
       this._ready.reset();
       void this._keepaliveCtx?.dispose();
       this._keepaliveCtx = void 0;
@@ -408,7 +399,7 @@ var EdgeClient = class extends Resource2 {
         err
       }, {
         F: __dxlog_file3,
-        L: 190,
+        L: 215,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -420,38 +411,32 @@ var EdgeClient = class extends Resource2 {
   */
   async send(message) {
     if (this._ready.state !== TriggerState.RESOLVED) {
+      log2("waiting for websocket to become ready", void 0, {
+        F: __dxlog_file3,
+        L: 225,
+        S: this,
+        C: (f, a) => f(...a)
+      });
       await this._ready.wait({
         timeout: this._config.timeout ?? DEFAULT_TIMEOUT
       });
     }
-    invariant2(this._ws, void 0, {
-      F: __dxlog_file3,
-      L: 202,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
-    invariant2(!message.source || message.source.peerKey === this._peerKey, void 0, {
-      F: __dxlog_file3,
-      L: 203,
-      S: this,
-      A: [
-        "!message.source || message.source.peerKey === this._peerKey",
-        ""
-      ]
-    });
+    if (!this._ws) {
+      throw new EdgeConnectionClosedError();
+    }
+    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
+      throw new EdgeIdentityChangedError();
+    }
     log2("sending...", {
-      peerKey: this._peerKey,
+      peerKey: this._identity.peerKey,
       payload: protocol.getPayloadType(message)
     }, {
       F: __dxlog_file3,
-      L: 204,
+      L: 238,
       S: this,
       C: (f, a) => f(...a)
     });
-    this._ws.send(buf2.toBinary(MessageSchema2, message));
+    this._ws.send(buf.toBinary(MessageSchema, message));
   }
   _onHeartbeat() {
     if (this._lifecycleState !== LifecycleState2.OPEN) {
@@ -460,17 +445,341 @@ var EdgeClient = class extends Resource2 {
     void this._heartBeatContext?.dispose();
     this._heartBeatContext = new Context(void 0, {
       F: __dxlog_file3,
-      L: 213
+      L: 247
     });
     scheduleTask(this._heartBeatContext, () => {
       this._persistentLifecycle.scheduleRestart();
     }, 2 * SIGNAL_KEEPALIVE_INTERVAL);
   }
+  async _createAuthHeader(path) {
+    const httpUrl = new URL(path, this._baseHttpUrl);
+    httpUrl.protocol = getEdgeUrlWithProtocol(this._baseWsUrl.toString(), "http");
+    const response = await fetch(httpUrl, {
+      method: "GET"
+    });
+    if (response.status === 401) {
+      return encodePresentationWsAuthHeader(await handleAuthChallenge(response, this._identity));
+    } else {
+      log2.warn("no auth challenge from edge", {
+        status: response.status,
+        statusText: response.statusText
+      }, {
+        F: __dxlog_file3,
+        L: 264,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      return void 0;
+    }
+  }
+};
+var encodePresentationWsAuthHeader = (encodedPresentation) => {
+  const encodedToken = Buffer.from(encodedPresentation).toString("base64").replace(/=*$/, "").replaceAll("/", "|");
+  return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
+};
+
+// packages/core/mesh/edge-client/src/auth.ts
+import { createCredential, signPresentation } from "@dxos/credentials";
+import { Keyring } from "@dxos/keyring";
+import { PublicKey } from "@dxos/keys";
+var createDeviceEdgeIdentity = async (signer, key) => {
+  return {
+    identityKey: key.toHex(),
+    peerKey: key.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return signPresentation({
+        presentation: {
+          credentials: [
+            // Verifier requires at least one credential in the presentation to establish the subject.
+            await createCredential({
+              assertion: {
+                "@type": "dxos.halo.credentials.Auth"
+              },
+              issuer: key,
+              subject: key,
+              signer
+            })
+          ]
+        },
+        signer,
+        signerKey: key,
+        nonce: challenge
+      });
+    }
+  };
+};
+var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
+  const credentialsToSign = credentials.length > 0 ? credentials : [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer,
+      chain,
+      signingKey: peerKey
+    })
+  ];
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: peerKey.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return signPresentation({
+        presentation: {
+          credentials: credentialsToSign
+        },
+        signer,
+        nonce: challenge,
+        signerKey: peerKey,
+        chain
+      });
+    }
+  };
+};
+var createEphemeralEdgeIdentity = async () => {
+  const keyring = new Keyring();
+  const key = await keyring.createKey();
+  return createDeviceEdgeIdentity(keyring, key);
+};
+var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
+  const deviceAdmission = await createCredential({
+    assertion: {
+      "@type": "dxos.halo.credentials.AuthorizedDevice",
+      deviceKey,
+      identityKey
+    },
+    issuer: identityKey,
+    subject: deviceKey,
+    signer
+  });
+  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
+    credential: deviceAdmission
+  }, [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer
+    })
+  ]);
+};
+var createStubEdgeIdentity = () => {
+  const identityKey = PublicKey.random();
+  const deviceKey = PublicKey.random();
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: deviceKey.toHex(),
+    presentCredentials: async () => {
+      throw new Error("Stub identity does not support authentication.");
+    }
+  };
+};
+
+// packages/core/mesh/edge-client/src/edge-http-client.ts
+import { sleep as sleep2 } from "@dxos/async";
+import { Context as Context2 } from "@dxos/context";
+import { log as log3 } from "@dxos/log";
+import { EdgeCallFailedError, EdgeAuthChallengeError } from "@dxos/protocols";
+var __dxlog_file4 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+var DEFAULT_RETRY_TIMEOUT = 1500;
+var DEFAULT_RETRY_JITTER = 500;
+var DEFAULT_MAX_RETRIES_COUNT = 3;
+var EdgeHttpClient = class {
+  constructor(baseUrl) {
+    this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    log3("created", {
+      url: this._baseUrl
+    }, {
+      F: __dxlog_file4,
+      L: 42,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+  }
+  setIdentity(identity) {
+    this._edgeIdentity = identity;
+  }
+  createAgent(body, args) {
+    return this._call("/agents/create", {
+      ...args,
+      method: "POST",
+      body
+    });
+  }
+  getAgentStatus(request, args) {
+    return this._call(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, {
+      ...args,
+      method: "GET"
+    });
+  }
+  getCredentialsForNotarization(spaceId, args) {
+    return this._call(`/spaces/${spaceId}/notarization`, {
+      ...args,
+      method: "GET"
+    });
+  }
+  async notarizeCredentials(spaceId, body, args) {
+    await this._call(`/spaces/${spaceId}/notarization`, {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async joinSpaceByInvitation(spaceId, body, args) {
+    return this._call(`/spaces/${spaceId}/join`, {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async recoverIdentity(body, args) {
+    return this._call("/identity/recover", {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async _call(path, args) {
+    const requestContext = args.context ?? new Context2(void 0, {
+      F: __dxlog_file4,
+      L: 88
+    });
+    const shouldRetry = createRetryHandler(args);
+    const url = `${this._baseUrl}${path.startsWith("/") ? path.slice(1) : path}`;
+    log3.info("call", {
+      method: args.method,
+      path,
+      request: args.body
+    }, {
+      F: __dxlog_file4,
+      L: 92,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    let handledAuth = false;
+    let authHeader = this._authHeader;
+    while (true) {
+      let processingError;
+      let retryAfterHeaderValue = Number.NaN;
+      try {
+        const request = createRequest(args, authHeader);
+        const response = await fetch(url, request);
+        retryAfterHeaderValue = Number(response.headers.get("Retry-After"));
+        if (response.ok) {
+          const body = await response.json();
+          if (body.success) {
+            return body.data;
+          }
+          log3.info("unsuccessful edge response", {
+            path,
+            body
+          }, {
+            F: __dxlog_file4,
+            L: 111,
+            S: this,
+            C: (f, a) => f(...a)
+          });
+          if (body.errorData?.type === "auth_challenge" && typeof body.errorData?.challenge === "string") {
+            processingError = new EdgeAuthChallengeError(body.errorData.challenge, body.errorData);
+          } else {
+            processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
+          }
+        } else if (response.status === 401 && !handledAuth) {
+          authHeader = await this._handleUnauthorized(response);
+          handledAuth = true;
+          continue;
+        } else {
+          processingError = EdgeCallFailedError.fromHttpFailure(response);
+        }
+      } catch (error) {
+        processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
+      }
+      if (processingError.isRetryable && await shouldRetry(requestContext, retryAfterHeaderValue)) {
+        log3.info("retrying edge request", {
+          path,
+          processingError
+        }, {
+          F: __dxlog_file4,
+          L: 130,
+          S: this,
+          C: (f, a) => f(...a)
+        });
+      } else {
+        throw processingError;
+      }
+    }
+  }
+  async _handleUnauthorized(response) {
+    if (!this._edgeIdentity) {
+      log3.warn("edge unauthorized response received before identity was set", void 0, {
+        F: __dxlog_file4,
+        L: 139,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      throw EdgeCallFailedError.fromHttpFailure(response);
+    }
+    const challenge = await handleAuthChallenge(response, this._edgeIdentity);
+    this._authHeader = encodeAuthHeader(challenge);
+    log3("auth header updated", void 0, {
+      F: __dxlog_file4,
+      L: 144,
+      S: this,
+      C: (f, a) => f(...a)
+    });
+    return this._authHeader;
+  }
+};
+var createRetryHandler = (args) => {
+  if (!args.retry || args.retry.count < 1) {
+    return async () => false;
+  }
+  let retries = 0;
+  const maxRetries = args.retry.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = args.retry.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = args.retry.jitter ?? DEFAULT_RETRY_JITTER;
+  return async (ctx, retryAfter) => {
+    if (++retries > maxRetries || ctx.disposed) {
+      return false;
+    }
+    if (retryAfter) {
+      await sleep2(retryAfter);
+    } else {
+      const timeout = baseTimeout + Math.random() * jitter;
+      await sleep2(timeout);
+    }
+    return true;
+  };
+};
+var createRequest = (args, authHeader) => {
+  return {
+    method: args.method,
+    body: args.body && JSON.stringify(args.body),
+    headers: authHeader ? {
+      Authorization: authHeader
+    } : void 0
+  };
+};
+var encodeAuthHeader = (challenge) => {
+  const encodedChallenge = Buffer.from(challenge).toString("base64");
+  return `VerifiablePresentation pb;base64,${encodedChallenge}`;
 };
 export {
   EdgeClient,
+  EdgeConnectionClosedError,
+  EdgeHttpClient,
+  EdgeIdentityChangedError,
   Protocol,
+  createChainEdgeIdentity,
+  createDeviceEdgeIdentity,
+  createEphemeralEdgeIdentity,
+  createStubEdgeIdentity,
+  createTestHaloEdgeIdentity,
   getTypename,
+  handleAuthChallenge,
   protocol,
   toUint8Array
 };