@dxos/edge-client 0.8.3 → 0.8.4-main.1c7ec43d41

package/dist/lib/neutral/index.mjs

@@ -0,0 +1,1189 @@
+import {
+  CLOUDFLARE_MESSAGE_MAX_BYTES,
+  CLOUDFLARE_RPC_MAX_BYTES,
+  Protocol,
+  WebSocketMuxer,
+  getTypename,
+  protocol,
+  toUint8Array
+} from "./chunk-ZIQ5T3A7.mjs";
+
+// src/index.ts
+export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+
+// src/auth.ts
+import { createCredential, signPresentation } from "@dxos/credentials";
+import { invariant } from "@dxos/invariant";
+import { Keyring } from "@dxos/keyring";
+import { PublicKey } from "@dxos/keys";
+var __dxlog_file = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/auth.ts";
+var createDeviceEdgeIdentity = async (signer, key) => {
+  return {
+    identityKey: key.toHex(),
+    peerKey: key.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return signPresentation({
+        presentation: {
+          credentials: [
+            // Verifier requires at least one credential in the presentation to establish the subject.
+            await createCredential({
+              assertion: {
+                "@type": "dxos.halo.credentials.Auth"
+              },
+              issuer: key,
+              subject: key,
+              signer
+            })
+          ]
+        },
+        signer,
+        signerKey: key,
+        nonce: challenge
+      });
+    }
+  };
+};
+var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
+  const credentialsToSign = credentials.length > 0 ? credentials : [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer,
+      chain,
+      signingKey: peerKey
+    })
+  ];
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: peerKey.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      invariant(chain, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 56, S: void 0, A: ["chain", ""] });
+      return signPresentation({
+        presentation: {
+          credentials: credentialsToSign
+        },
+        signer,
+        nonce: challenge,
+        signerKey: peerKey,
+        chain
+      });
+    }
+  };
+};
+var createEphemeralEdgeIdentity = async () => {
+  const keyring = new Keyring();
+  const key = await keyring.createKey();
+  return createDeviceEdgeIdentity(keyring, key);
+};
+var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
+  const deviceAdmission = await createCredential({
+    assertion: {
+      "@type": "dxos.halo.credentials.AuthorizedDevice",
+      deviceKey,
+      identityKey
+    },
+    issuer: identityKey,
+    subject: deviceKey,
+    signer
+  });
+  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
+    credential: deviceAdmission
+  }, [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer
+    })
+  ]);
+};
+var createStubEdgeIdentity = () => {
+  const identityKey = PublicKey.random();
+  const deviceKey = PublicKey.random();
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: deviceKey.toHex(),
+    presentCredentials: async () => {
+      throw new Error("Stub identity does not support authentication.");
+    }
+  };
+};
+
+// src/edge-client.ts
+import { Event, PersistentLifecycle, Trigger, TriggerState, scheduleMicroTask, scheduleTaskInterval as scheduleTaskInterval2 } from "@dxos/async";
+import { TRACE_SPAN_ATTRIBUTE } from "@dxos/context";
+import { Resource as Resource2 } from "@dxos/context";
+import { log as log2, logInfo as logInfo2 } from "@dxos/log";
+import { EdgeStatus } from "@dxos/protocols/proto/dxos/client/services";
+
+// src/edge-identity.ts
+import { invariant as invariant2 } from "@dxos/invariant";
+import { schema } from "@dxos/protocols/proto";
+var __dxlog_file2 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
+var handleAuthChallenge = async (failedResponse, identity) => {
+  invariant2(failedResponse.status === 401, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 7, S: void 0, A: ["failedResponse.status === 401", ""] });
+  const headerValue = failedResponse.headers.get("Www-Authenticate");
+  invariant2(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 9, S: void 0, A: ["headerValue?.startsWith('VerifiablePresentation challenge=')", ""] });
+  const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
+  invariant2(challenge, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 11, S: void 0, A: ["challenge", ""] });
+  const presentation = await identity.presentCredentials({
+    challenge: Buffer.from(challenge, "base64")
+  });
+  return schema.getCodecForType("dxos.halo.credentials.Presentation").encode(presentation);
+};
+
+// src/edge-ws-connection.ts
+import WebSocket from "isomorphic-ws";
+import { scheduleTask, scheduleTaskInterval } from "@dxos/async";
+import { Context, Resource } from "@dxos/context";
+import { invariant as invariant3 } from "@dxos/invariant";
+import { log, logInfo } from "@dxos/log";
+import { EdgeWebsocketProtocol } from "@dxos/protocols";
+import { buf } from "@dxos/protocols/buf";
+import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var SIGNAL_KEEPALIVE_INTERVAL = 4e3;
+var SIGNAL_KEEPALIVE_TIMEOUT = 12e3;
+var EdgeWsConnection = class extends Resource {
+  _identity;
+  _connectionInfo;
+  _callbacks;
+  _inactivityTimeoutCtx;
+  _ws;
+  _wsMuxer;
+  _lastReceivedMessageTimestamp = Date.now();
+  _openTimestamp;
+  // Latency tracking.
+  _pingTimestamp;
+  _rtt = 0;
+  // Rate tracking with sliding window.
+  _uploadRate = 0;
+  _downloadRate = 0;
+  _rateWindow = 1e4;
+  _rateUpdateInterval = 1e3;
+  _bytesSamples = [];
+  _messagesSent = 0;
+  _messagesReceived = 0;
+  constructor(_identity, _connectionInfo, _callbacks) {
+    super(), this._identity = _identity, this._connectionInfo = _connectionInfo, this._callbacks = _callbacks;
+  }
+  get info() {
+    return {
+      open: this.isOpen,
+      identity: this._identity.identityKey,
+      device: this._identity.peerKey
+    };
+  }
+  get rtt() {
+    return this._rtt;
+  }
+  get uptime() {
+    return this._openTimestamp ? (Date.now() - this._openTimestamp) / 1e3 : 0;
+  }
+  get uploadRate() {
+    return this._uploadRate;
+  }
+  get downloadRate() {
+    return this._downloadRate;
+  }
+  get messagesSent() {
+    return this._messagesSent;
+  }
+  get messagesReceived() {
+    return this._messagesReceived;
+  }
+  send(message) {
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 72, S: this, A: ["this._ws", ""] });
+    invariant3(this._wsMuxer, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 73, S: this, A: ["this._wsMuxer", ""] });
+    log("sending...", {
+      peerKey: this._identity.peerKey,
+      payload: protocol.getPayloadType(message)
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 74, S: this });
+    this._messagesSent++;
+    if (this._ws?.protocol.includes(EdgeWebsocketProtocol.V0)) {
+      const binary = buf.toBinary(MessageSchema, message);
+      if (binary.length > CLOUDFLARE_MESSAGE_MAX_BYTES) {
+        log.error("Message dropped because it was too large (>1MB).", {
+          byteLength: binary.byteLength,
+          serviceId: message.serviceId,
+          payload: protocol.getPayloadType(message)
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 82, S: this });
+        return;
+      }
+      this._recordBytes(binary.byteLength, 0);
+      this._ws.send(binary);
+    } else {
+      const binary = buf.toBinary(MessageSchema, message);
+      this._recordBytes(binary.byteLength, 0);
+      this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 95, S: this }));
+    }
+  }
+  async _open() {
+    const baseProtocols = [
+      ...Object.values(EdgeWebsocketProtocol)
+    ];
+    this._ws = new WebSocket(this._connectionInfo.url.toString(), this._connectionInfo.protocolHeader ? [
+      ...baseProtocols,
+      this._connectionInfo.protocolHeader
+    ] : [
+      ...baseProtocols
+    ], this._connectionInfo.headers ? {
+      headers: this._connectionInfo.headers
+    } : void 0);
+    const muxer = new WebSocketMuxer(this._ws);
+    this._wsMuxer = muxer;
+    this._ws.onopen = () => {
+      if (this.isOpen) {
+        log("connected", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 114, S: this });
+        this._openTimestamp = Date.now();
+        this._callbacks.onConnected();
+        this._scheduleHeartbeats();
+        this._scheduleRateCalculation();
+      } else {
+        log.verbose("connected after becoming inactive", {
+          currentIdentity: this._identity
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 120, S: this });
+      }
+    };
+    this._ws.onclose = (event) => {
+      if (this.isOpen) {
+        log.warn("server disconnected", {
+          code: event.code,
+          reason: event.reason
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 127, S: this });
+        this._callbacks.onRestartRequired();
+        muxer.destroy();
+      }
+    };
+    this._ws.onerror = (event) => {
+      if (this.isOpen) {
+        log.warn("edge connection socket error", {
+          error: event.error,
+          info: event.message
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 137, S: this });
+        this._callbacks.onRestartRequired();
+      } else {
+        log.verbose("error ignored on closed connection", {
+          error: event.error
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 143, S: this });
+      }
+    };
+    this._ws.onmessage = async (event) => {
+      if (!this.isOpen) {
+        log.verbose("message ignored on closed connection", {
+          event: event.type
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 152, S: this });
+        return;
+      }
+      this._lastReceivedMessageTimestamp = Date.now();
+      if (event.data === "__pong__") {
+        if (this._pingTimestamp) {
+          this._rtt = Date.now() - this._pingTimestamp;
+          this._pingTimestamp = void 0;
+        }
+        this._rescheduleHeartbeatTimeout();
+        return;
+      }
+      const bytes = await toUint8Array(event.data);
+      this._recordBytes(0, bytes.byteLength);
+      if (!this.isOpen) {
+        return;
+      }
+      this._messagesReceived++;
+      const message = this._ws?.protocol?.includes(EdgeWebsocketProtocol.V0) ? buf.fromBinary(MessageSchema, bytes) : muxer.receiveData(bytes);
+      if (message) {
+        log("received", {
+          from: message.source,
+          payload: protocol.getPayloadType(message)
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 175, S: this });
+        this._callbacks.onMessage(message);
+      }
+    };
+  }
+  async _close() {
+    void this._inactivityTimeoutCtx?.dispose().catch(() => {
+    });
+    try {
+      this._ws?.close();
+      this._ws = void 0;
+      this._wsMuxer?.destroy();
+      this._wsMuxer = void 0;
+    } catch (err) {
+      if (err instanceof Error && err.message.includes("WebSocket is closed before the connection is established.")) {
+        return;
+      }
+      log.warn("error closing websocket", {
+        err
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 194, S: this });
+    }
+  }
+  _scheduleHeartbeats() {
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 200, S: this, A: ["this._ws", ""] });
+    scheduleTaskInterval(this._ctx, async () => {
+      this._pingTimestamp = Date.now();
+      this._ws?.send("__ping__");
+    }, SIGNAL_KEEPALIVE_INTERVAL);
+    this._pingTimestamp = Date.now();
+    this._ws.send("__ping__");
+    this._rescheduleHeartbeatTimeout();
+  }
+  _rescheduleHeartbeatTimeout() {
+    if (!this.isOpen) {
+      return;
+    }
+    void this._inactivityTimeoutCtx?.dispose();
+    this._inactivityTimeoutCtx = new Context(void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 216 });
+    scheduleTask(this._inactivityTimeoutCtx, () => {
+      if (this.isOpen) {
+        if (Date.now() - this._lastReceivedMessageTimestamp > SIGNAL_KEEPALIVE_TIMEOUT) {
+          log.warn("restart due to inactivity timeout", {
+            lastReceivedMessageTimestamp: this._lastReceivedMessageTimestamp
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 220, S: this });
+          this._callbacks.onRestartRequired();
+        } else {
+          this._rescheduleHeartbeatTimeout();
+        }
+      }
+    }, SIGNAL_KEEPALIVE_TIMEOUT);
+  }
+  _recordBytes(sent, received) {
+    const now = Date.now();
+    const currentSecond = Math.floor(now / 1e3) * 1e3;
+    const existingSample = this._bytesSamples.find((s) => Math.floor(s.timestamp / 1e3) * 1e3 === currentSecond);
+    if (existingSample) {
+      existingSample.sent += sent;
+      existingSample.received += received;
+    } else {
+      this._bytesSamples.push({
+        timestamp: now,
+        sent,
+        received
+      });
+    }
+  }
+  _scheduleRateCalculation() {
+    scheduleTaskInterval(this._ctx, async () => {
+      this._calculateRates();
+    }, this._rateUpdateInterval);
+    this._calculateRates();
+  }
+  _calculateRates() {
+    const now = Date.now();
+    const cutoff = now - this._rateWindow;
+    this._bytesSamples = this._bytesSamples.filter((s) => s.timestamp > cutoff);
+    if (this._bytesSamples.length === 0) {
+      this._uploadRate = 0;
+      this._downloadRate = 0;
+      return;
+    }
+    let totalSent = 0;
+    let totalReceived = 0;
+    const oldestTimestamp = Math.min(...this._bytesSamples.map((s) => s.timestamp));
+    const timeSpan = (now - oldestTimestamp) / 1e3;
+    for (const sample of this._bytesSamples) {
+      totalSent += sample.sent;
+      totalReceived += sample.received;
+    }
+    this._uploadRate = timeSpan > 0 ? Math.round(totalSent / timeSpan) : 0;
+    this._downloadRate = timeSpan > 0 ? Math.round(totalReceived / timeSpan) : 0;
+  }
+};
+_ts_decorate([
+  logInfo
+], EdgeWsConnection.prototype, "info", null);
+
+// src/errors.ts
+var EdgeConnectionClosedError = class extends Error {
+  constructor() {
+    super("Edge connection closed.");
+  }
+};
+var EdgeIdentityChangedError = class extends Error {
+  constructor() {
+    super("Edge identity changed.");
+  }
+};
+
+// src/utils.ts
+var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
+  const isSecure = baseUrl.startsWith("https") || baseUrl.startsWith("wss");
+  const url = new URL(baseUrl);
+  url.protocol = protocol2 + (isSecure ? "s" : "");
+  return url.toString();
+};
+
+// src/edge-client.ts
+var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
+function _ts_decorate2(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var DEFAULT_TIMEOUT = 1e4;
+var STATUS_REFRESH_INTERVAL = 1e3;
+var EdgeClient = class extends Resource2 {
+  _identity;
+  _config;
+  statusChanged = new Event();
+  _persistentLifecycle = new PersistentLifecycle({
+    start: async () => this._connect(),
+    stop: async (state) => this._disconnect(state)
+  });
+  _messageListeners = /* @__PURE__ */ new Set();
+  _reconnectListeners = /* @__PURE__ */ new Set();
+  _baseWsUrl;
+  _baseHttpUrl;
+  _currentConnection = void 0;
+  _ready = new Trigger();
+  constructor(_identity, _config) {
+    super(), this._identity = _identity, this._config = _config;
+    this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
+    this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
+  }
+  get info() {
+    return {
+      open: this.isOpen,
+      status: this.status,
+      identity: this._identity.identityKey,
+      device: this._identity.peerKey
+    };
+  }
+  get status() {
+    return {
+      state: Boolean(this._currentConnection) && this._ready.state === TriggerState.RESOLVED ? EdgeStatus.ConnectionState.CONNECTED : EdgeStatus.ConnectionState.NOT_CONNECTED,
+      uptime: this._currentConnection?.uptime ?? 0,
+      rtt: this._currentConnection?.rtt ?? 0,
+      rateBytesUp: this._currentConnection?.uploadRate ?? 0,
+      rateBytesDown: this._currentConnection?.downloadRate ?? 0,
+      messagesSent: this._currentConnection?.messagesSent ?? 0,
+      messagesReceived: this._currentConnection?.messagesReceived ?? 0
+    };
+  }
+  get identityKey() {
+    return this._identity.identityKey;
+  }
+  get peerKey() {
+    return this._identity.peerKey;
+  }
+  setIdentity(identity) {
+    if (identity.identityKey !== this._identity.identityKey || identity.peerKey !== this._identity.peerKey) {
+      log2("Edge identity changed", {
+        identity,
+        oldIdentity: this._identity
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 74, S: this });
+      this._identity = identity;
+      this._closeCurrentConnection(new EdgeIdentityChangedError());
+      void this._persistentLifecycle.scheduleRestart();
+    }
+  }
+  /**
+  * Send message.
+  * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
+  */
+  async send(ctx, message) {
+    if (this._ready.state !== TriggerState.RESOLVED) {
+      log2("waiting for websocket", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 88, S: this });
+      await this._ready.wait({
+        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
+      });
+    }
+    if (!this._currentConnection) {
+      throw new EdgeConnectionClosedError();
+    }
+    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
+      throw new EdgeIdentityChangedError();
+    }
+    const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE);
+    if (traceCtx) {
+      message.traceContext = {
+        $typeName: "dxos.edge.messenger.TraceContext",
+        traceparent: traceCtx.traceparent,
+        tracestate: traceCtx.tracestate
+      };
+    }
+    this._currentConnection.send(message);
+  }
+  onMessage(listener) {
+    this._messageListeners.add(listener);
+    return () => this._messageListeners.delete(listener);
+  }
+  onReconnected(listener) {
+    this._reconnectListeners.add(listener);
+    if (this._ready.state === TriggerState.RESOLVED) {
+      scheduleMicroTask(this._ctx, () => {
+        if (this._reconnectListeners.has(listener)) {
+          try {
+            listener();
+          } catch (error) {
+            log2.catch(error, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 123, S: this });
+          }
+        }
+      });
+    }
+    return () => this._reconnectListeners.delete(listener);
+  }
+  /**
+  * Open connection to messaging service.
+  */
+  async _open() {
+    log2("opening...", {
+      info: this.info
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 133, S: this });
+    this._persistentLifecycle.open().catch((err) => {
+      log2.warn("Error while opening connection", {
+        err
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 137, S: this });
+    });
+    scheduleTaskInterval2(this._ctx, async () => {
+      if (!this._currentConnection) {
+        return;
+      }
+      this.statusChanged.emit(this.status);
+    }, STATUS_REFRESH_INTERVAL);
+  }
+  /**
+  * Close connection and free resources.
+  */
+  async _close() {
+    log2("closing...", {
+      peerKey: this._identity.peerKey
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 152, S: this });
+    this._closeCurrentConnection();
+    await this._persistentLifecycle.close();
+  }
+  async _connect() {
+    if (this._ctx.disposed) {
+      return void 0;
+    }
+    const identity = this._identity;
+    const path = `/ws/${identity.identityKey}/${identity.peerKey}`;
+    const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
+    if (this._identity !== identity) {
+      log2("identity changed during auth header request", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 166, S: this });
+      return void 0;
+    }
+    const restartRequired = new Trigger();
+    const url = new URL(path, this._baseWsUrl);
+    log2("Opening websocket", {
+      url: url.toString(),
+      protocolHeader
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 171, S: this });
+    const connection = new EdgeWsConnection(identity, {
+      url,
+      protocolHeader,
+      headers: this._config.clientTag ? {
+        "X-DXOS-Client-Tag": this._config.clientTag
+      } : void 0
+    }, {
+      onConnected: () => {
+        if (this._isActive(connection)) {
+          this._ready.wake();
+          this._notifyReconnected();
+        } else {
+          log2.verbose("connected callback ignored, because connection is not active", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 187, S: this });
+        }
+      },
+      onRestartRequired: () => {
+        if (this._isActive(connection)) {
+          this._closeCurrentConnection();
+          void this._persistentLifecycle.scheduleRestart();
+        } else {
+          log2.verbose("restart requested by inactive connection", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 195, S: this });
+        }
+        restartRequired.wake();
+      },
+      onMessage: (message) => {
+        if (this._isActive(connection)) {
+          this._notifyMessageReceived(message);
+        } else {
+          log2.verbose("ignored a message on inactive connection", {
+            from: message.source,
+            type: message.payload?.typeUrl
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 203, S: this });
+        }
+      }
+    });
+    this._currentConnection = connection;
+    await connection.open();
+    await Promise.race([
+      this._ready.wait({
+        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
+      }),
+      restartRequired
+    ]);
+    return connection;
+  }
+  async _disconnect(state) {
+    await state.close();
+    this.statusChanged.emit(this.status);
+  }
+  _closeCurrentConnection(error = new EdgeConnectionClosedError()) {
+    this._currentConnection = void 0;
+    this._ready.throw(error);
+    this._ready.reset();
+    this.statusChanged.emit(this.status);
+  }
+  _notifyReconnected() {
+    this.statusChanged.emit(this.status);
+    for (const listener of this._reconnectListeners) {
+      try {
+        listener();
+      } catch (err) {
+        log2.error("ws reconnect listener failed", {
+          err
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 238, S: this });
+      }
+    }
+  }
+  _notifyMessageReceived(message) {
+    for (const listener of this._messageListeners) {
+      try {
+        listener(message);
+      } catch (err) {
+        log2.error("ws incoming message processing failed", {
+          err,
+          payload: protocol.getPayloadType(message)
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 249, S: this });
+      }
+    }
+  }
+  async _createAuthHeader(path) {
+    const httpUrl = new URL(path, this._baseHttpUrl);
+    httpUrl.protocol = getEdgeUrlWithProtocol(this._baseWsUrl.toString(), "http");
+    const response = await fetch(httpUrl, {
+      method: "GET"
+    });
+    if (response.status === 401) {
+      return encodePresentationWsAuthHeader(await handleAuthChallenge(response, this._identity));
+    } else {
+      log2.warn("no auth challenge from edge", {
+        status: response.status,
+        statusText: response.statusText
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 265, S: this });
+      return void 0;
+    }
+  }
+  _isActive = (connection) => connection === this._currentConnection;
+};
+_ts_decorate2([
+  logInfo2
+], EdgeClient.prototype, "info", null);
+var encodePresentationWsAuthHeader = (encodedPresentation) => {
+  const encodedToken = Buffer.from(encodedPresentation).toString("base64").replace(/=*$/, "").replaceAll("/", "|");
+  return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
+};
+
+// src/edge-http-client.ts
+import * as FetchHttpClient from "@effect/platform/FetchHttpClient";
+import * as HttpClient from "@effect/platform/HttpClient";
+import * as Effect2 from "effect/Effect";
+import * as Function from "effect/Function";
+import { sleep } from "@dxos/async";
+import { TRACE_SPAN_ATTRIBUTE as TRACE_SPAN_ATTRIBUTE2 } from "@dxos/context";
+import { runAndForwardErrors } from "@dxos/effect";
+import { invariant as invariant4 } from "@dxos/invariant";
+import { log as log4 } from "@dxos/log";
+import { EDGE_CLIENT_TAG_HEADER, EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
+import { createUrl } from "@dxos/util";
+
+// src/http-client.ts
+import * as Context2 from "effect/Context";
+import * as Duration from "effect/Duration";
+import * as Effect from "effect/Effect";
+import * as Layer from "effect/Layer";
+import * as Schedule from "effect/Schedule";
+import { log as log3 } from "@dxos/log";
+var __dxlog_file5 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/http-client.ts";
+var HttpConfig = class _HttpConfig extends Context2.Tag("HttpConfig")() {
+  static default = Layer.succeed(_HttpConfig, {
+    timeout: Duration.millis(1e3),
+    retryTimes: 3,
+    retryBaseDelay: Duration.millis(1e3)
+  });
+};
+var withRetry = (effect, { timeout: timeout2 = Duration.millis(1e3), retryBaseDelay = Duration.millis(1e3), retryTimes = 3 } = {}) => {
+  return effect.pipe(Effect.flatMap((res) => (
+    // Treat 500 errors as retryable?
+    res.status === 500 ? Effect.fail(new Error(res.status.toString())) : res.json
+  )), Effect.timeout(timeout2), Effect.retry({
+    schedule: Schedule.exponential(retryBaseDelay).pipe(Schedule.jittered),
+    times: retryTimes
+  }));
+};
+var withRetryConfig = (effect) => Effect.gen(function* () {
+  const config = yield* HttpConfig;
+  return yield* withRetry(effect, config);
+});
+var withLogging = (effect) => effect.pipe(Effect.tap((res) => {
+  log3.info("response", {
+    status: res.status
+  }, { "~LogMeta": "~LogMeta", F: __dxlog_file5, L: 31, S: void 0 });
+}));
+var encodeAuthHeader = (challenge) => {
+  const encodedChallenge = Buffer.from(challenge).toString("base64");
+  return `VerifiablePresentation pb;base64,${encodedChallenge}`;
+};
+
+// src/edge-http-client.ts
+var __dxlog_file6 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+var DEFAULT_RETRY_TIMEOUT = 1500;
+var DEFAULT_RETRY_JITTER = 500;
+var DEFAULT_MAX_RETRIES_COUNT = 3;
+var WARNING_BODY_SIZE = 10 * 1024 * 1024;
+var EdgeHttpClient = class {
+  _baseUrl;
+  _clientTag;
+  _edgeIdentity;
+  /**
+  * Auth header is cached until receiving the next 401 from EDGE, at which point it gets refreshed.
+  */
+  _authHeader;
+  constructor(baseUrl, options) {
+    this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    this._clientTag = options?.clientTag;
+    log4("created", {
+      url: this._baseUrl
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 32, S: this });
+  }
+  get baseUrl() {
+    return this._baseUrl;
+  }
+  setIdentity(identity) {
+    if (this._edgeIdentity?.identityKey !== identity.identityKey || this._edgeIdentity?.peerKey !== identity.peerKey) {
+      this._edgeIdentity = identity;
+      this._authHeader = void 0;
+    }
+  }
+  //
+  // Status
+  //
+  async getStatus(ctx, args) {
+    return this._call(ctx, new URL("/status", this.baseUrl), {
+      ...args,
+      method: "GET",
+      auth: true
+    });
+  }
+  //
+  // Agents
+  //
+  createAgent(ctx, body, args) {
+    return this._call(ctx, new URL("/agents/create", this.baseUrl), {
+      ...args,
+      method: "POST",
+      body
+    });
+  }
+  getAgentStatus(ctx, request, args) {
+    return this._call(ctx, new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  //
+  // Credentials
+  //
+  getCredentialsForNotarization(ctx, spaceId, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async notarizeCredentials(ctx, spaceId, body, args) {
+    await this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Identity
+  //
+  async recoverIdentity(ctx, body, args) {
+    return this._call(ctx, new URL("/identity/recover", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Invitations
+  //
+  async joinSpaceByInvitation(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // OAuth and credentials
+  //
+  async initiateOAuthFlow(ctx, body, args) {
+    return this._call(ctx, new URL("/oauth/initiate", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Spaces
+  //
+  async createSpace(ctx, body, args) {
+    return this._call(ctx, new URL("/spaces/create", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Queues
+  //
+  async queryQueue(ctx, subspaceTag, spaceId, query, args) {
+    const queueId = query.queueIds?.[0];
+    invariant4(queueId, "queueId required", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 132, S: this, A: ["queueId", "'queueId required'"] });
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
+      after: query.after,
+      before: query.before,
+      limit: query.limit,
+      reverse: query.reverse,
+      objectIds: query.objectIds?.join(",")
+    }), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async insertIntoQueue(ctx, subspaceTag, spaceId, queueId, objects, args) {
+    return this._call(ctx, new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+      ...args,
+      body: {
+        objects
+      },
+      method: "POST"
+    });
+  }
+  async deleteFromQueue(ctx, subspaceTag, spaceId, queueId, objectIds, args) {
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+      ids: objectIds.join(",")
+    }), {
+      ...args,
+      method: "DELETE"
+    });
+  }
+  //
+  // Functions
+  //
+  async uploadFunction(ctx, pathParts, body, args) {
+    const formData = new FormData();
+    formData.append("name", body.name ?? "");
+    formData.append("version", body.version);
+    formData.append("ownerPublicKey", body.ownerPublicKey);
+    formData.append("entryPoint", body.entryPoint);
+    body.runtime && formData.append("runtime", body.runtime);
+    for (const [filename, content] of Object.entries(body.assets)) {
+      formData.append("assets", new Blob([
+        content
+      ], {
+        type: getFileMimeType(filename)
+      }), filename);
+    }
+    const path = [
+      "functions",
+      ...pathParts.functionId ? [
+        pathParts.functionId
+      ] : []
+    ].join("/");
+    return this._call(ctx, new URL(path, this.baseUrl), {
+      ...args,
+      body: formData,
+      method: "PUT",
+      json: false
+    });
+  }
+  async listFunctions(ctx, args) {
+    return this._call(ctx, new URL("/functions", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async invokeFunction(ctx, params, input, args) {
+    const url = new URL(`/functions/${params.functionId}`, this.baseUrl);
+    if (params.version) {
+      url.searchParams.set("version", params.version);
+    }
+    if (params.spaceId) {
+      url.searchParams.set("spaceId", params.spaceId.toString());
+    }
+    if (params.cpuTimeLimit) {
+      url.searchParams.set("cpuTimeLimit", params.cpuTimeLimit.toString());
+    }
+    if (params.subrequestsLimit) {
+      url.searchParams.set("subrequestsLimit", params.subrequestsLimit.toString());
+    }
+    return this._call(ctx, url, {
+      ...args,
+      body: input,
+      method: "POST"
+    });
+  }
+  //
+  // Workflows
+  //
+  async executeWorkflow(ctx, spaceId, graphId, input, args) {
+    return this._call(ctx, new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
+      ...args,
+      body: input,
+      method: "POST"
+    });
+  }
+  //
+  // Triggers
+  //
+  async getCronTriggers(ctx, spaceId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons`, this.baseUrl), {
+      method: "GET"
+    });
+  }
+  async forceRunCronTrigger(ctx, spaceId, triggerId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons/${triggerId}/run`, this.baseUrl), {
+      method: "POST"
+    });
+  }
+  //
+  // Query
+  //
+  /**
+  * Execute a QueryAST query against a space.
+  */
+  async execQuery(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/exec-query`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Registry
+  //
+  /**
+  * Fetches the hydrated plugin directory from the Edge registry service.
+  * Unauthenticated; safe to call without an identity.
+  */
+  async getRegistryPlugins(ctx, args) {
+    return this._call(ctx, new URL("/registry/plugins", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  /**
+  * Fetches the available release versions for a given plugin repo. `repo` is the
+  * GitHub `owner/name` form; this method takes care of URL-encoding before issuing
+  * the request. Unauthenticated; same surface area as {@link getRegistryPlugins}.
+  *
+  * Versions are returned newest first, suitable for direct rendering in a picker.
+  */
+  async getRegistryPluginVersions(ctx, repo, args) {
+    return this._call(ctx, new URL(`/registry/plugins/${encodeURIComponent(repo)}/versions`, this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  //
+  // Import/Export space.
+  //
+  async importBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/import`, this.baseUrl), {
+      ...args,
+      body,
+      method: "PUT"
+    });
+  }
+  async exportBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/export`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Internal
+  //
+  async _fetch(url, _args) {
+    return Function.pipe(HttpClient.get(url), withLogging, withRetryConfig, Effect2.provide(FetchHttpClient.layer), Effect2.provide(HttpConfig.default), Effect2.withSpan("EdgeHttpClient"), runAndForwardErrors);
+  }
+  // TODO(burdon): Refactor with effect (see edge-http-client.test.ts).
+  async _call(ctx, url, args) {
+    const shouldRetry = createRetryHandler(args);
+    log4("fetch", {
+      url,
+      request: args.body
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 302, S: this });
+    const traceHeaders = getTraceHeaders(ctx);
+    let handledAuth = false;
+    const tryCount = 1;
+    while (true) {
+      let processingError = void 0;
+      try {
+        if (!this._authHeader && args.auth) {
+          const response2 = await fetch(new URL(`/auth`, this.baseUrl));
+          if (response2.status === 401) {
+            this._authHeader = await this._handleUnauthorized(response2);
+          }
+        }
+        const request = createRequest(args, this._authHeader, traceHeaders, this._clientTag);
+        log4("call edge", {
+          url,
+          tryCount,
+          authHeader: !!this._authHeader
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 319, S: this });
+        const response = await fetch(url, request);
+        if (response.ok) {
+          const body2 = await response.clone().json();
+          invariant4(body2, "Expected body to be present", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 327, S: this, A: ["body", "'Expected body to be present'"] });
+          if (!("success" in body2)) {
+            return body2;
+          }
+          if (body2.success) {
+            return body2.data;
+          }
+        } else if (response.status === 401 && !handledAuth) {
+          this._authHeader = await this._handleUnauthorized(response);
+          handledAuth = true;
+          continue;
+        }
+        const body = response.headers.get("Content-Type") === "application/json" ? await response.clone().json() : void 0;
+        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 340, S: this, A: ["!body?.success", "'Expected body to not be a failure response or undefined.'"] });
+        if (body?.data?.type === "auth_challenge" && typeof body?.data?.challenge === "string") {
+          processingError = new EdgeAuthChallengeError(body.data.challenge, body.data);
+        } else if (body?.success === false) {
+          processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
+        } else {
+          invariant4(!response.ok, "Expected response to not be ok.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 346, S: this, A: ["!response.ok", "'Expected response to not be ok.'"] });
+          processingError = await EdgeCallFailedError.fromHttpFailure(response);
+        }
+      } catch (error) {
+        processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
+      }
+      if (processingError?.isRetryable && await shouldRetry(ctx, processingError.retryAfterMs)) {
+        log4.verbose("retrying edge request", {
+          url,
+          processingError
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 353, S: this });
+      } else {
+        throw processingError;
+      }
+    }
+  }
+  async _handleUnauthorized(response) {
+    if (!this._edgeIdentity) {
+      log4.warn("unauthorized response received before identity was set", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 364, S: this });
+      throw await EdgeCallFailedError.fromHttpFailure(response);
+    }
+    const challenge = await handleAuthChallenge(response, this._edgeIdentity);
+    return encodeAuthHeader(challenge);
+  }
+};
+var createRequest = ({ method, body, json = true }, authHeader, traceHeaders, clientTag) => {
+  let requestBody;
+  const headers = {};
+  if (json) {
+    requestBody = body && JSON.stringify(body);
+    headers["Content-Type"] = "application/json";
+  } else {
+    requestBody = body;
+  }
+  if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
+    log4.warn("Request with large body", {
+      bodySize: requestBody.length
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 381, S: void 0 });
+  }
+  if (authHeader) {
+    headers["Authorization"] = authHeader;
+  }
+  if (traceHeaders) {
+    Object.assign(headers, traceHeaders);
+  }
+  if (clientTag) {
+    headers[EDGE_CLIENT_TAG_HEADER] = clientTag;
+  }
+  return {
+    method,
+    body: requestBody,
+    headers
+  };
+};
+var getTraceHeaders = (ctx) => {
+  const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE2);
+  if (!traceCtx) {
+    return void 0;
+  }
+  const headers = {
+    traceparent: traceCtx.traceparent
+  };
+  if (traceCtx.tracestate) {
+    headers.tracestate = traceCtx.tracestate;
+  }
+  return headers;
+};
+var createRetryHandler = ({ retry: retry2 }) => {
+  if (!retry2 || retry2.count < 1) {
+    return async () => false;
+  }
+  let retries = 0;
+  const maxRetries = retry2.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = retry2.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = retry2.jitter ?? DEFAULT_RETRY_JITTER;
+  return async (ctx, retryAfter) => {
+    if (++retries > maxRetries || ctx.disposed) {
+      return false;
+    }
+    if (retryAfter) {
+      await sleep(retryAfter);
+    } else {
+      const timeout2 = baseTimeout + Math.random() * jitter;
+      await sleep(timeout2);
+    }
+    return true;
+  };
+};
+var getFileMimeType = (filename) => [
+  ".js",
+  ".mjs"
+].some((codeExtension) => filename.endsWith(codeExtension)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
+export {
+  CLOUDFLARE_MESSAGE_MAX_BYTES,
+  CLOUDFLARE_RPC_MAX_BYTES,
+  EdgeClient,
+  EdgeConnectionClosedError,
+  EdgeHttpClient,
+  EdgeIdentityChangedError,
+  HttpConfig,
+  Protocol,
+  WebSocketMuxer,
+  createChainEdgeIdentity,
+  createDeviceEdgeIdentity,
+  createEphemeralEdgeIdentity,
+  createStubEdgeIdentity,
+  createTestHaloEdgeIdentity,
+  encodeAuthHeader,
+  getTypename,
+  handleAuthChallenge,
+  protocol,
+  toUint8Array,
+  withLogging,
+  withRetry,
+  withRetryConfig
+};
+//# sourceMappingURL=index.mjs.map