@dxos/edge-client 0.8.3 → 0.8.4-main.1da679c

package/dist/lib/browser/index.mjs

@@ -6,24 +6,135 @@ import {
   getTypename,
   protocol,
   toUint8Array
-} from "./chunk-VHS3XEIX.mjs";
+} from "./chunk-IKP53CBQ.mjs";
 
-// packages/core/mesh/edge-client/src/index.ts
+// src/index.ts
 export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
 
-// packages/core/mesh/edge-client/src/edge-client.ts
-import { Trigger, scheduleMicroTask, TriggerState, PersistentLifecycle, Event } from "@dxos/async";
+// src/auth.ts
+import { createCredential, signPresentation } from "@dxos/credentials";
+import { invariant } from "@dxos/invariant";
+import { Keyring } from "@dxos/keyring";
+import { PublicKey } from "@dxos/keys";
+var __dxlog_file = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/auth.ts";
+var createDeviceEdgeIdentity = async (signer, key) => {
+  return {
+    identityKey: key.toHex(),
+    peerKey: key.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return signPresentation({
+        presentation: {
+          credentials: [
+            // Verifier requires at least one credential in the presentation to establish the subject.
+            await createCredential({
+              assertion: {
+                "@type": "dxos.halo.credentials.Auth"
+              },
+              issuer: key,
+              subject: key,
+              signer
+            })
+          ]
+        },
+        signer,
+        signerKey: key,
+        nonce: challenge
+      });
+    }
+  };
+};
+var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
+  const credentialsToSign = credentials.length > 0 ? credentials : [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer,
+      chain,
+      signingKey: peerKey
+    })
+  ];
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: peerKey.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      invariant(chain, void 0, {
+        F: __dxlog_file,
+        L: 75,
+        S: void 0,
+        A: [
+          "chain",
+          ""
+        ]
+      });
+      return signPresentation({
+        presentation: {
+          credentials: credentialsToSign
+        },
+        signer,
+        nonce: challenge,
+        signerKey: peerKey,
+        chain
+      });
+    }
+  };
+};
+var createEphemeralEdgeIdentity = async () => {
+  const keyring = new Keyring();
+  const key = await keyring.createKey();
+  return createDeviceEdgeIdentity(keyring, key);
+};
+var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
+  const deviceAdmission = await createCredential({
+    assertion: {
+      "@type": "dxos.halo.credentials.AuthorizedDevice",
+      deviceKey,
+      identityKey
+    },
+    issuer: identityKey,
+    subject: deviceKey,
+    signer
+  });
+  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
+    credential: deviceAdmission
+  }, [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer
+    })
+  ]);
+};
+var createStubEdgeIdentity = () => {
+  const identityKey = PublicKey.random();
+  const deviceKey = PublicKey.random();
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: deviceKey.toHex(),
+    presentCredentials: async () => {
+      throw new Error("Stub identity does not support authentication.");
+    }
+  };
+};
+
+// src/edge-client.ts
+import { Event, PersistentLifecycle, Trigger, TriggerState, scheduleMicroTask } from "@dxos/async";
 import { Resource as Resource2 } from "@dxos/context";
 import { log as log2, logInfo as logInfo2 } from "@dxos/log";
 import { EdgeStatus } from "@dxos/protocols/proto/dxos/client/services";
 
-// packages/core/mesh/edge-client/src/edge-identity.ts
-import { invariant } from "@dxos/invariant";
+// src/edge-identity.ts
+import { invariant as invariant2 } from "@dxos/invariant";
 import { schema } from "@dxos/protocols/proto";
-var __dxlog_file = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
+var __dxlog_file2 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
 var handleAuthChallenge = async (failedResponse, identity) => {
-  invariant(failedResponse.status === 401, void 0, {
-    F: __dxlog_file,
+  invariant2(failedResponse.status === 401, void 0, {
+    F: __dxlog_file2,
     L: 21,
     S: void 0,
     A: [
@@ -32,8 +143,8 @@ var handleAuthChallenge = async (failedResponse, identity) => {
     ]
   });
   const headerValue = failedResponse.headers.get("Www-Authenticate");
-  invariant(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
-    F: __dxlog_file,
+  invariant2(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
+    F: __dxlog_file2,
     L: 24,
     S: void 0,
     A: [
@@ -42,8 +153,8 @@ var handleAuthChallenge = async (failedResponse, identity) => {
     ]
   });
   const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
-  invariant(challenge, void 0, {
-    F: __dxlog_file,
+  invariant2(challenge, void 0, {
+    F: __dxlog_file2,
     L: 27,
     S: void 0,
     A: [
@@ -57,28 +168,38 @@ var handleAuthChallenge = async (failedResponse, identity) => {
   return schema.getCodecForType("dxos.halo.credentials.Presentation").encode(presentation);
 };
 
-// packages/core/mesh/edge-client/src/edge-ws-connection.ts
+// src/edge-ws-connection.ts
 import WebSocket from "isomorphic-ws";
 import { scheduleTask, scheduleTaskInterval } from "@dxos/async";
 import { Context, Resource } from "@dxos/context";
-import { invariant as invariant2 } from "@dxos/invariant";
+import { invariant as invariant3 } from "@dxos/invariant";
 import { log, logInfo } from "@dxos/log";
 import { EdgeWebsocketProtocol } from "@dxos/protocols";
 import { buf } from "@dxos/protocols/buf";
 import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+function _define_property(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+  return obj;
+}
 function _ts_decorate(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file2 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
+var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
 var SIGNAL_KEEPALIVE_INTERVAL = 4e3;
 var SIGNAL_KEEPALIVE_TIMEOUT = 12e3;
 var EdgeWsConnection = class extends Resource {
-  constructor(_identity, _connectionInfo, _callbacks) {
-    super(), this._identity = _identity, this._connectionInfo = _connectionInfo, this._callbacks = _callbacks;
-  }
   get info() {
     return {
       open: this.isOpen,
@@ -87,18 +208,18 @@ var EdgeWsConnection = class extends Resource {
     };
   }
   send(message) {
-    invariant2(this._ws, void 0, {
-      F: __dxlog_file2,
-      L: 52,
+    invariant3(this._ws, void 0, {
+      F: __dxlog_file3,
+      L: 53,
       S: this,
       A: [
         "this._ws",
         ""
       ]
     });
-    invariant2(this._wsMuxer, void 0, {
-      F: __dxlog_file2,
-      L: 53,
+    invariant3(this._wsMuxer, void 0, {
+      F: __dxlog_file3,
+      L: 54,
       S: this,
       A: [
         "this._wsMuxer",
@@ -109,8 +230,8 @@ var EdgeWsConnection = class extends Resource {
       peerKey: this._identity.peerKey,
       payload: protocol.getPayloadType(message)
     }, {
-      F: __dxlog_file2,
-      L: 54,
+      F: __dxlog_file3,
+      L: 55,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -122,8 +243,8 @@ var EdgeWsConnection = class extends Resource {
           serviceId: message.serviceId,
           payload: protocol.getPayloadType(message)
         }, {
-          F: __dxlog_file2,
-          L: 58,
+          F: __dxlog_file3,
+          L: 59,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -132,8 +253,8 @@ var EdgeWsConnection = class extends Resource {
       this._ws.send(binary);
     } else {
       this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, {
-        F: __dxlog_file2,
-        L: 67,
+        F: __dxlog_file3,
+        L: 68,
         S: this,
         C: (f, a) => f(...a)
       }));
@@ -154,8 +275,8 @@ var EdgeWsConnection = class extends Resource {
     this._ws.onopen = () => {
       if (this.isOpen) {
         log("connected", void 0, {
-          F: __dxlog_file2,
-          L: 84,
+          F: __dxlog_file3,
+          L: 85,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -165,8 +286,8 @@ var EdgeWsConnection = class extends Resource {
         log.verbose("connected after becoming inactive", {
           currentIdentity: this._identity
         }, {
-          F: __dxlog_file2,
-          L: 88,
+          F: __dxlog_file3,
+          L: 89,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -178,8 +299,8 @@ var EdgeWsConnection = class extends Resource {
           code: event.code,
           reason: event.reason
         }, {
-          F: __dxlog_file2,
-          L: 93,
+          F: __dxlog_file3,
+          L: 94,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -193,8 +314,8 @@ var EdgeWsConnection = class extends Resource {
           error: event.error,
           info: event.message
         }, {
-          F: __dxlog_file2,
-          L: 100,
+          F: __dxlog_file3,
+          L: 101,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -203,8 +324,8 @@ var EdgeWsConnection = class extends Resource {
         log.verbose("error ignored on closed connection", {
           error: event.error
         }, {
-          F: __dxlog_file2,
-          L: 103,
+          F: __dxlog_file3,
+          L: 104,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -215,13 +336,14 @@ var EdgeWsConnection = class extends Resource {
         log.verbose("message ignored on closed connection", {
           event: event.type
         }, {
-          F: __dxlog_file2,
-          L: 111,
+          F: __dxlog_file3,
+          L: 112,
           S: this,
           C: (f, a) => f(...a)
         });
         return;
       }
+      this._lastReceivedMessageTimestamp = Date.now();
       if (event.data === "__pong__") {
         this._rescheduleHeartbeatTimeout();
         return;
@@ -236,8 +358,8 @@ var EdgeWsConnection = class extends Resource {
           from: message.source,
           payload: protocol.getPayloadType(message)
         }, {
-          F: __dxlog_file2,
-          L: 128,
+          F: __dxlog_file3,
+          L: 130,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -260,17 +382,17 @@ var EdgeWsConnection = class extends Resource {
       log.warn("Error closing websocket", {
         err
       }, {
-        F: __dxlog_file2,
-        L: 146,
+        F: __dxlog_file3,
+        L: 148,
         S: this,
         C: (f, a) => f(...a)
       });
     }
   }
   _scheduleHeartbeats() {
-    invariant2(this._ws, void 0, {
-      F: __dxlog_file2,
-      L: 151,
+    invariant3(this._ws, void 0, {
+      F: __dxlog_file3,
+      L: 153,
       S: this,
       A: [
         "this._ws",
@@ -289,27 +411,36 @@ var EdgeWsConnection = class extends Resource {
     }
     void this._inactivityTimeoutCtx?.dispose();
     this._inactivityTimeoutCtx = new Context(void 0, {
-      F: __dxlog_file2,
-      L: 170
+      F: __dxlog_file3,
+      L: 172
     });
     scheduleTask(this._inactivityTimeoutCtx, () => {
       if (this.isOpen) {
-        log.warn("restart due to inactivity timeout", void 0, {
-          F: __dxlog_file2,
-          L: 175,
-          S: this,
-          C: (f, a) => f(...a)
-        });
-        this._callbacks.onRestartRequired();
+        if (Date.now() - this._lastReceivedMessageTimestamp > SIGNAL_KEEPALIVE_TIMEOUT) {
+          log.warn("restart due to inactivity timeout", {
+            lastReceivedMessageTimestamp: this._lastReceivedMessageTimestamp
+          }, {
+            F: __dxlog_file3,
+            L: 178,
+            S: this,
+            C: (f, a) => f(...a)
+          });
+          this._callbacks.onRestartRequired();
+        } else {
+          this._rescheduleHeartbeatTimeout();
+        }
       }
     }, SIGNAL_KEEPALIVE_TIMEOUT);
   }
+  constructor(_identity, _connectionInfo, _callbacks) {
+    super(), _define_property(this, "_identity", void 0), _define_property(this, "_connectionInfo", void 0), _define_property(this, "_callbacks", void 0), _define_property(this, "_inactivityTimeoutCtx", void 0), _define_property(this, "_ws", void 0), _define_property(this, "_wsMuxer", void 0), _define_property(this, "_lastReceivedMessageTimestamp", void 0), this._identity = _identity, this._connectionInfo = _connectionInfo, this._callbacks = _callbacks, this._lastReceivedMessageTimestamp = Date.now();
+  }
 };
 _ts_decorate([
   logInfo
 ], EdgeWsConnection.prototype, "info", null);
 
-// packages/core/mesh/edge-client/src/errors.ts
+// src/errors.ts
 var EdgeConnectionClosedError = class extends Error {
   constructor() {
     super("Edge connection closed.");
@@ -321,7 +452,7 @@ var EdgeIdentityChangedError = class extends Error {
   }
 };
 
-// packages/core/mesh/edge-client/src/utils.ts
+// src/utils.ts
 var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
   const isSecure = baseUrl.startsWith("https") || baseUrl.startsWith("wss");
   const url = new URL(baseUrl);
@@ -329,24 +460,29 @@ var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
   return url.toString();
 };
 
-// packages/core/mesh/edge-client/src/edge-client.ts
+// src/edge-client.ts
+function _define_property2(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+  return obj;
+}
 function _ts_decorate2(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file3 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
+var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 var DEFAULT_TIMEOUT = 1e4;
 var EdgeClient = class extends Resource2 {
-  constructor(_identity, _config) {
-    super(), this._identity = _identity, this._config = _config, this.statusChanged = new Event(), this._persistentLifecycle = new PersistentLifecycle({
-      start: async () => this._connect(),
-      stop: async (state) => this._disconnect(state)
-    }), this._messageListeners = /* @__PURE__ */ new Set(), this._reconnectListeners = /* @__PURE__ */ new Set(), this._currentConnection = void 0, this._ready = new Trigger(), this._isActive = (connection) => connection === this._currentConnection;
-    this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
-    this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
-  }
   get info() {
     return {
       open: this.isOpen,
@@ -370,7 +506,7 @@ var EdgeClient = class extends Resource2 {
         identity,
         oldIdentity: this._identity
       }, {
-        F: __dxlog_file3,
+        F: __dxlog_file4,
         L: 99,
         S: this,
         C: (f, a) => f(...a)
@@ -380,6 +516,30 @@ var EdgeClient = class extends Resource2 {
       void this._persistentLifecycle.scheduleRestart();
     }
   }
+  /**
+  * Send message.
+  * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
+  */
+  async send(message) {
+    if (this._ready.state !== TriggerState.RESOLVED) {
+      log2("waiting for websocket", void 0, {
+        F: __dxlog_file4,
+        L: 112,
+        S: this,
+        C: (f, a) => f(...a)
+      });
+      await this._ready.wait({
+        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
+      });
+    }
+    if (!this._currentConnection) {
+      throw new EdgeConnectionClosedError();
+    }
+    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
+      throw new EdgeIdentityChangedError();
+    }
+    this._currentConnection.send(message);
+  }
   onMessage(listener) {
     this._messageListeners.add(listener);
     return () => this._messageListeners.delete(listener);
@@ -393,8 +553,8 @@ var EdgeClient = class extends Resource2 {
             listener();
           } catch (error) {
             log2.catch(error, void 0, {
-              F: __dxlog_file3,
-              L: 121,
+              F: __dxlog_file4,
+              L: 145,
               S: this,
               C: (f, a) => f(...a)
             });
@@ -411,8 +571,8 @@ var EdgeClient = class extends Resource2 {
     log2("opening...", {
       info: this.info
     }, {
-      F: __dxlog_file3,
-      L: 133,
+      F: __dxlog_file4,
+      L: 158,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -420,8 +580,8 @@ var EdgeClient = class extends Resource2 {
       log2.warn("Error while opening connection", {
         err
       }, {
-        F: __dxlog_file3,
-        L: 135,
+        F: __dxlog_file4,
+        L: 160,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -434,8 +594,8 @@ var EdgeClient = class extends Resource2 {
     log2("closing...", {
       peerKey: this._identity.peerKey
     }, {
-      F: __dxlog_file3,
-      L: 143,
+      F: __dxlog_file4,
+      L: 168,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -451,8 +611,8 @@ var EdgeClient = class extends Resource2 {
     const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
     if (this._identity !== identity) {
       log2("identity changed during auth header request", void 0, {
-        F: __dxlog_file3,
-        L: 157,
+        F: __dxlog_file4,
+        L: 182,
         S: this,
         C: (f, a) => f(...a)
       });
@@ -464,8 +624,8 @@ var EdgeClient = class extends Resource2 {
       url: url.toString(),
       protocolHeader
     }, {
-      F: __dxlog_file3,
-      L: 163,
+      F: __dxlog_file4,
+      L: 188,
       S: this,
       C: (f, a) => f(...a)
     });
@@ -479,8 +639,8 @@ var EdgeClient = class extends Resource2 {
           this._notifyReconnected();
         } else {
           log2.verbose("connected callback ignored, because connection is not active", void 0, {
-            F: __dxlog_file3,
-            L: 173,
+            F: __dxlog_file4,
+            L: 198,
             S: this,
             C: (f, a) => f(...a)
           });
@@ -492,8 +652,8 @@ var EdgeClient = class extends Resource2 {
           void this._persistentLifecycle.scheduleRestart();
         } else {
           log2.verbose("restart requested by inactive connection", void 0, {
-            F: __dxlog_file3,
-            L: 181,
+            F: __dxlog_file4,
+            L: 206,
             S: this,
             C: (f, a) => f(...a)
           });
@@ -508,8 +668,8 @@ var EdgeClient = class extends Resource2 {
             from: message.source,
             type: message.payload?.typeUrl
           }, {
-            F: __dxlog_file3,
-            L: 189,
+            F: __dxlog_file4,
+            L: 214,
             S: this,
             C: (f, a) => f(...a)
           });
@@ -545,8 +705,8 @@ var EdgeClient = class extends Resource2 {
         log2.error("ws reconnect listener failed", {
           err
         }, {
-          F: __dxlog_file3,
-          L: 225,
+          F: __dxlog_file4,
+          L: 249,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -562,38 +722,14 @@ var EdgeClient = class extends Resource2 {
           err,
           payload: protocol.getPayloadType(message)
         }, {
-          F: __dxlog_file3,
-          L: 235,
+          F: __dxlog_file4,
+          L: 259,
           S: this,
           C: (f, a) => f(...a)
         });
       }
     }
   }
-  /**
-  * Send message.
-  * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
-  */
-  async send(message) {
-    if (this._ready.state !== TriggerState.RESOLVED) {
-      log2("waiting for websocket to become ready", void 0, {
-        F: __dxlog_file3,
-        L: 246,
-        S: this,
-        C: (f, a) => f(...a)
-      });
-      await this._ready.wait({
-        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
-      });
-    }
-    if (!this._currentConnection) {
-      throw new EdgeConnectionClosedError();
-    }
-    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
-      throw new EdgeIdentityChangedError();
-    }
-    this._currentConnection.send(message);
-  }
   async _createAuthHeader(path) {
     const httpUrl = new URL(path, this._baseHttpUrl);
     httpUrl.protocol = getEdgeUrlWithProtocol(this._baseWsUrl.toString(), "http");
@@ -607,7 +743,7 @@ var EdgeClient = class extends Resource2 {
         status: response.status,
         statusText: response.statusText
       }, {
-        F: __dxlog_file3,
+        F: __dxlog_file4,
         L: 271,
         S: this,
         C: (f, a) => f(...a)
@@ -615,6 +751,14 @@ var EdgeClient = class extends Resource2 {
       return void 0;
     }
   }
+  constructor(_identity, _config) {
+    super(), _define_property2(this, "_identity", void 0), _define_property2(this, "_config", void 0), _define_property2(this, "statusChanged", void 0), _define_property2(this, "_persistentLifecycle", void 0), _define_property2(this, "_messageListeners", void 0), _define_property2(this, "_reconnectListeners", void 0), _define_property2(this, "_baseWsUrl", void 0), _define_property2(this, "_baseHttpUrl", void 0), _define_property2(this, "_currentConnection", void 0), _define_property2(this, "_ready", void 0), _define_property2(this, "_isActive", void 0), this._identity = _identity, this._config = _config, this.statusChanged = new Event(), this._persistentLifecycle = new PersistentLifecycle({
+      start: async () => this._connect(),
+      stop: async (state) => this._disconnect(state)
+    }), this._messageListeners = /* @__PURE__ */ new Set(), this._reconnectListeners = /* @__PURE__ */ new Set(), this._currentConnection = void 0, this._ready = new Trigger(), this._isActive = (connection) => connection === this._currentConnection;
+    this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
+    this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
+  }
 };
 _ts_decorate2([
   logInfo2
@@ -624,138 +768,86 @@ var encodePresentationWsAuthHeader = (encodedPresentation) => {
   return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
 };
 
-// packages/core/mesh/edge-client/src/auth.ts
-import { createCredential, signPresentation } from "@dxos/credentials";
-import { invariant as invariant3 } from "@dxos/invariant";
-import { Keyring } from "@dxos/keyring";
-import { PublicKey } from "@dxos/keys";
-var __dxlog_file4 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/auth.ts";
-var createDeviceEdgeIdentity = async (signer, key) => {
-  return {
-    identityKey: key.toHex(),
-    peerKey: key.toHex(),
-    presentCredentials: async ({ challenge }) => {
-      return signPresentation({
-        presentation: {
-          credentials: [
-            // Verifier requires at least one credential in the presentation to establish the subject.
-            await createCredential({
-              assertion: {
-                "@type": "dxos.halo.credentials.Auth"
-              },
-              issuer: key,
-              subject: key,
-              signer
-            })
-          ]
-        },
-        signer,
-        signerKey: key,
-        nonce: challenge
-      });
-    }
-  };
-};
-var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
-  const credentialsToSign = credentials.length > 0 ? credentials : [
-    await createCredential({
-      assertion: {
-        "@type": "dxos.halo.credentials.Auth"
-      },
-      issuer: identityKey,
-      subject: identityKey,
-      signer,
-      chain,
-      signingKey: peerKey
-    })
-  ];
-  return {
-    identityKey: identityKey.toHex(),
-    peerKey: peerKey.toHex(),
-    presentCredentials: async ({ challenge }) => {
-      invariant3(chain, void 0, {
-        F: __dxlog_file4,
-        L: 75,
-        S: void 0,
-        A: [
-          "chain",
-          ""
-        ]
-      });
-      return signPresentation({
-        presentation: {
-          credentials: credentialsToSign
-        },
-        signer,
-        nonce: challenge,
-        signerKey: peerKey,
-        chain
-      });
-    }
-  };
+// src/edge-http-client.ts
+import { FetchHttpClient, HttpClient } from "@effect/platform";
+import { Effect as Effect2, pipe } from "effect";
+import { sleep } from "@dxos/async";
+import { Context as Context3 } from "@dxos/context";
+import { log as log4 } from "@dxos/log";
+import { EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
+import { createUrl } from "@dxos/util";
+
+// src/http-client.ts
+import { Context as Context2, Duration, Effect, Layer, Schedule } from "effect";
+import { log as log3 } from "@dxos/log";
+function _define_property3(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+  return obj;
+}
+var __dxlog_file5 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/http-client.ts";
+var _Context_Tag;
+var HttpConfig = class extends (_Context_Tag = Context2.Tag("HttpConfig")()) {
 };
-var createEphemeralEdgeIdentity = async () => {
-  const keyring = new Keyring();
-  const key = await keyring.createKey();
-  return createDeviceEdgeIdentity(keyring, key);
+_define_property3(HttpConfig, "default", Layer.succeed(HttpConfig, {
+  timeout: Duration.millis(1e3),
+  retryTimes: 3,
+  retryBaseDelay: Duration.millis(1e3)
+}));
+var withRetry = (effect, { timeout = Duration.millis(1e3), retryBaseDelay = Duration.millis(1e3), retryTimes = 3 } = {}) => {
+  return effect.pipe(Effect.flatMap((res) => (
+    // Treat 500 errors as retryable?
+    res.status === 500 ? Effect.fail(new Error(res.status.toString())) : res.json
+  )), Effect.timeout(timeout), Effect.retry({
+    schedule: Schedule.exponential(retryBaseDelay).pipe(Schedule.jittered),
+    times: retryTimes
+  }));
 };
-var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
-  const deviceAdmission = await createCredential({
-    assertion: {
-      "@type": "dxos.halo.credentials.AuthorizedDevice",
-      deviceKey,
-      identityKey
-    },
-    issuer: identityKey,
-    subject: deviceKey,
-    signer
-  });
-  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
-    credential: deviceAdmission
-  }, [
-    await createCredential({
-      assertion: {
-        "@type": "dxos.halo.credentials.Auth"
-      },
-      issuer: identityKey,
-      subject: identityKey,
-      signer
-    })
-  ]);
-};
-var createStubEdgeIdentity = () => {
-  const identityKey = PublicKey.random();
-  const deviceKey = PublicKey.random();
-  return {
-    identityKey: identityKey.toHex(),
-    peerKey: deviceKey.toHex(),
-    presentCredentials: async () => {
-      throw new Error("Stub identity does not support authentication.");
-    }
-  };
+var withRetryConfig = (effect) => Effect.gen(function* () {
+  const config = yield* HttpConfig;
+  return yield* withRetry(effect, config);
+});
+var withLogging = (effect) => effect.pipe(Effect.tap((res) => log3.info("response", {
+  status: res.status
+}, {
+  F: __dxlog_file5,
+  L: 58,
+  S: void 0,
+  C: (f, a) => f(...a)
+})));
+var encodeAuthHeader = (challenge) => {
+  const encodedChallenge = Buffer.from(challenge).toString("base64");
+  return `VerifiablePresentation pb;base64,${encodedChallenge}`;
 };
 
-// packages/core/mesh/edge-client/src/edge-http-client.ts
-import { sleep } from "@dxos/async";
-import { Context as Context2 } from "@dxos/context";
-import { log as log3 } from "@dxos/log";
-import { EdgeCallFailedError, EdgeAuthChallengeError } from "@dxos/protocols";
-var __dxlog_file5 = "/home/runner/work/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+// src/edge-http-client.ts
+function _define_property4(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+  return obj;
+}
+var __dxlog_file6 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
 var DEFAULT_RETRY_TIMEOUT = 1500;
 var DEFAULT_RETRY_JITTER = 500;
 var DEFAULT_MAX_RETRIES_COUNT = 3;
+var WARNING_BODY_SIZE = 10 * 1024 * 1024;
 var EdgeHttpClient = class {
-  constructor(baseUrl) {
-    this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
-    log3("created", {
-      url: this._baseUrl
-    }, {
-      F: __dxlog_file5,
-      L: 53,
-      S: this,
-      C: (f, a) => f(...a)
-    });
-  }
   get baseUrl() {
     return this._baseUrl;
   }
@@ -765,190 +857,283 @@ var EdgeHttpClient = class {
       this._authHeader = void 0;
     }
   }
+  //
+  // Status
+  //
+  async getStatus(args) {
+    return this._call(new URL("/status", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  //
+  // Agents
+  //
   createAgent(body, args) {
-    return this._call("/agents/create", {
+    return this._call(new URL("/agents/create", this.baseUrl), {
       ...args,
       method: "POST",
       body
     });
   }
   getAgentStatus(request, args) {
-    return this._call(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, {
+    return this._call(new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
       ...args,
       method: "GET"
     });
   }
+  //
+  // Credentials
+  //
   getCredentialsForNotarization(spaceId, args) {
-    return this._call(`/spaces/${spaceId}/notarization`, {
+    return this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
       ...args,
       method: "GET"
     });
   }
   async notarizeCredentials(spaceId, body, args) {
-    await this._call(`/spaces/${spaceId}/notarization`, {
+    await this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Identity
+  //
+  async recoverIdentity(body, args) {
+    return this._call(new URL("/identity/recover", this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
+  //
+  // Invitations
+  //
   async joinSpaceByInvitation(spaceId, body, args) {
-    return this._call(`/spaces/${spaceId}/join`, {
+    return this._call(new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
-  async recoverIdentity(body, args) {
-    return this._call("/identity/recover", {
+  //
+  // OAuth and credentials
+  //
+  async initiateOAuthFlow(body, args) {
+    return this._call(new URL("/oauth/initiate", this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
-  async executeWorkflow(spaceId, graphId, input, args) {
-    return this._call(`/workflows/${spaceId}/${graphId}`, {
+  //
+  // Spaces
+  //
+  async createSpace(body, args) {
+    return this._call(new URL("/spaces/create", this.baseUrl), {
       ...args,
-      body: input,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Queues
+  //
+  async queryQueue(subspaceTag, spaceId, query, args) {
+    const { queueId } = query;
+    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
+      after: query.after,
+      before: query.before,
+      limit: query.limit,
+      reverse: query.reverse,
+      objectIds: query.objectIds?.join(",")
+    }), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async insertIntoQueue(subspaceTag, spaceId, queueId, objects, args) {
+    return this._call(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+      ...args,
+      body: {
+        objects
+      },
       method: "POST"
     });
   }
+  async deleteFromQueue(subspaceTag, spaceId, queueId, objectIds, args) {
+    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+      ids: objectIds.join(",")
+    }), {
+      ...args,
+      method: "DELETE"
+    });
+  }
+  //
+  // Functions
+  //
   async uploadFunction(pathParts, body, args) {
+    const formData = new FormData();
+    formData.append("name", body.name ?? "");
+    formData.append("version", body.version);
+    formData.append("ownerPublicKey", body.ownerPublicKey);
+    formData.append("entryPoint", body.entryPoint);
+    for (const [filename, content] of Object.entries(body.assets)) {
+      formData.append("assets", new Blob([
+        content
+      ], {
+        type: getFileMimeType(filename)
+      }), filename);
+    }
     const path = [
       "functions",
       ...pathParts.functionId ? [
         pathParts.functionId
       ] : []
     ].join("/");
-    return this._call(path, {
+    return this._call(new URL(path, this.baseUrl), {
       ...args,
-      body,
-      method: "PUT"
+      body: formData,
+      method: "PUT",
+      json: false
     });
   }
-  async initiateOAuthFlow(body, args) {
-    return this._call("/oauth/initiate", {
+  async listFunctions(args) {
+    return this._call(new URL("/functions", this.baseUrl), {
       ...args,
-      body,
-      method: "POST"
+      method: "GET"
     });
   }
-  async queryQueue(subspaceTag, spaceId, query, args) {
-    const { queueId } = query;
-    const queryParams = new URLSearchParams();
-    if (query.after != null) {
-      queryParams.set("after", query.after);
-    }
-    if (query.before != null) {
-      queryParams.set("before", query.before);
+  async invokeFunction(params, input, args) {
+    const url = new URL(`/functions/${params.functionId}`, this.baseUrl);
+    if (params.version) {
+      url.searchParams.set("version", params.version);
     }
-    if (query.limit != null) {
-      queryParams.set("limit", query.limit.toString());
+    if (params.spaceId) {
+      url.searchParams.set("spaceId", params.spaceId.toString());
     }
-    if (query.reverse != null) {
-      queryParams.set("reverse", query.reverse.toString());
+    if (params.cpuTimeLimit) {
+      url.searchParams.set("cpuTimeLimit", params.cpuTimeLimit.toString());
     }
-    if (query.objectIds != null) {
-      queryParams.set("objectIds", query.objectIds.join(","));
+    if (params.subrequestsLimit) {
+      url.searchParams.set("subrequestsLimit", params.subrequestsLimit.toString());
     }
-    return this._call(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query?${queryParams.toString()}`, {
+    return this._call(url, {
       ...args,
-      method: "GET"
+      body: input,
+      method: "POST",
+      rawResponse: true
     });
   }
-  async insertIntoQueue(subspaceTag, spaceId, queueId, objects, args) {
-    return this._call(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, {
+  //
+  // Workflows
+  //
+  async executeWorkflow(spaceId, graphId, input, args) {
+    return this._call(new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
       ...args,
-      body: {
-        objects
-      },
+      body: input,
       method: "POST"
     });
   }
-  async deleteFromQueue(subspaceTag, spaceId, queueId, objectIds, args) {
-    return this._call(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, {
+  //
+  // Triggers
+  //
+  async getCronTriggers(spaceId) {
+    return this._call(new URL(`/test/functions/${spaceId}/triggers/crons`, this.baseUrl), {
+      method: "GET"
+    });
+  }
+  //
+  // Import/Export space.
+  //
+  async importBundle(spaceId, body, args) {
+    return this._call(new URL(`/spaces/${spaceId}/import`, this.baseUrl), {
       ...args,
-      query: {
-        ids: objectIds.join(",")
-      },
-      method: "DELETE"
+      body,
+      method: "PUT"
     });
   }
-  async createSpace(body, args) {
-    return this._call("/spaces/create", {
+  async exportBundle(spaceId, body, args) {
+    return this._call(new URL(`/spaces/${spaceId}/export`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
-  async _call(path, args) {
-    const requestContext = args.context ?? new Context2(void 0, {
-      F: __dxlog_file5,
-      L: 192
-    });
+  //
+  // Internal
+  //
+  async _fetch(url, args) {
+    return pipe(HttpClient.get(url), withLogging, withRetryConfig, Effect2.provide(FetchHttpClient.layer), Effect2.provide(HttpConfig.default), Effect2.withSpan("EdgeHttpClient"), Effect2.runPromise);
+  }
+  // TODO(burdon): Refactor with effect (see edge-http-client.test.ts).
+  async _call(url, args) {
     const shouldRetry = createRetryHandler(args);
-    let url = `${this._baseUrl}${path.startsWith("/") ? path.slice(1) : path}`;
-    if (args.query) {
-      const queryParams = new URLSearchParams();
-      for (const [key, value] of Object.entries(args.query)) {
-        queryParams.set(key, value.toString());
-      }
-      url += `?${queryParams.toString()}`;
-    }
-    log3("call", {
-      method: args.method,
-      path,
+    const requestContext = args.context ?? new Context3(void 0, {
+      F: __dxlog_file6,
+      L: 389
+    });
+    log4("fetch", {
+      url,
       request: args.body
     }, {
-      F: __dxlog_file5,
-      L: 204,
+      F: __dxlog_file6,
+      L: 390,
       S: this,
       C: (f, a) => f(...a)
     });
     let handledAuth = false;
-    let authHeader = this._authHeader;
     while (true) {
-      let processingError;
+      let processingError = void 0;
       let retryAfterHeaderValue = Number.NaN;
       try {
-        const request = createRequest(args, authHeader);
+        const request = createRequest(args, this._authHeader);
         const response = await fetch(url, request);
         retryAfterHeaderValue = Number(response.headers.get("Retry-After"));
         if (response.ok) {
           const body = await response.json();
+          if (args.rawResponse) {
+            return body;
+          }
+          if (!("success" in body)) {
+            return body;
+          }
           if (body.success) {
             return body.data;
           }
-          log3("unsuccessful edge response", {
-            path,
+          log4.warn("unsuccessful edge response", {
+            url,
             body
           }, {
-            F: __dxlog_file5,
-            L: 223,
+            F: __dxlog_file6,
+            L: 415,
             S: this,
             C: (f, a) => f(...a)
           });
           if (body.errorData?.type === "auth_challenge" && typeof body.errorData?.challenge === "string") {
             processingError = new EdgeAuthChallengeError(body.errorData.challenge, body.errorData);
-          } else {
+          } else if (body.errorData) {
             processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
           }
         } else if (response.status === 401 && !handledAuth) {
-          authHeader = await this._handleUnauthorized(response);
+          this._authHeader = await this._handleUnauthorized(response);
           handledAuth = true;
           continue;
         } else {
-          processingError = EdgeCallFailedError.fromHttpFailure(response);
+          processingError = await EdgeCallFailedError.fromHttpFailure(response);
         }
       } catch (error) {
         processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
       }
-      if (processingError.isRetryable && await shouldRetry(requestContext, retryAfterHeaderValue)) {
-        log3("retrying edge request", {
-          path,
+      if (processingError?.isRetryable && await shouldRetry(requestContext, retryAfterHeaderValue)) {
+        log4("retrying edge request", {
+          url,
           processingError
         }, {
-          F: __dxlog_file5,
-          L: 242,
+          F: __dxlog_file6,
+          L: 433,
           S: this,
           C: (f, a) => f(...a)
         });
@@ -959,33 +1144,68 @@ var EdgeHttpClient = class {
   }
   async _handleUnauthorized(response) {
     if (!this._edgeIdentity) {
-      log3.warn("edge unauthorized response received before identity was set", void 0, {
-        F: __dxlog_file5,
-        L: 251,
+      log4.warn("unauthorized response received before identity was set", void 0, {
+        F: __dxlog_file6,
+        L: 442,
         S: this,
         C: (f, a) => f(...a)
       });
-      throw EdgeCallFailedError.fromHttpFailure(response);
+      throw await EdgeCallFailedError.fromHttpFailure(response);
     }
     const challenge = await handleAuthChallenge(response, this._edgeIdentity);
-    this._authHeader = encodeAuthHeader(challenge);
-    log3("auth header updated", void 0, {
-      F: __dxlog_file5,
-      L: 256,
+    return encodeAuthHeader(challenge);
+  }
+  constructor(baseUrl) {
+    _define_property4(this, "_baseUrl", void 0);
+    _define_property4(this, "_edgeIdentity", void 0);
+    _define_property4(this, "_authHeader", void 0);
+    this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    log4("created", {
+      url: this._baseUrl
+    }, {
+      F: __dxlog_file6,
+      L: 97,
       S: this,
       C: (f, a) => f(...a)
     });
-    return this._authHeader;
   }
 };
-var createRetryHandler = (args) => {
-  if (!args.retry || args.retry.count < 1) {
+var createRequest = ({ method, body, json = true }, authHeader) => {
+  let requestBody;
+  const headers = {};
+  if (json) {
+    requestBody = body && JSON.stringify(body);
+    headers["Content-Type"] = "application/json";
+  } else {
+    requestBody = body;
+  }
+  if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
+    log4.warn("Request with large body", {
+      bodySize: requestBody.length
+    }, {
+      F: __dxlog_file6,
+      L: 466,
+      S: void 0,
+      C: (f, a) => f(...a)
+    });
+  }
+  if (authHeader) {
+    headers["Authorization"] = authHeader;
+  }
+  return {
+    method,
+    body: requestBody,
+    headers
+  };
+};
+var createRetryHandler = ({ retry }) => {
+  if (!retry || retry.count < 1) {
     return async () => false;
   }
   let retries = 0;
-  const maxRetries = args.retry.count ?? DEFAULT_MAX_RETRIES_COUNT;
-  const baseTimeout = args.retry.timeout ?? DEFAULT_RETRY_TIMEOUT;
-  const jitter = args.retry.jitter ?? DEFAULT_RETRY_JITTER;
+  const maxRetries = retry.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = retry.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = retry.jitter ?? DEFAULT_RETRY_JITTER;
   return async (ctx, retryAfter) => {
     if (++retries > maxRetries || ctx.disposed) {
       return false;
@@ -999,19 +1219,10 @@ var createRetryHandler = (args) => {
     return true;
   };
 };
-var createRequest = (args, authHeader) => {
-  return {
-    method: args.method,
-    body: args.body && JSON.stringify(args.body),
-    headers: authHeader ? {
-      Authorization: authHeader
-    } : void 0
-  };
-};
-var encodeAuthHeader = (challenge) => {
-  const encodedChallenge = Buffer.from(challenge).toString("base64");
-  return `VerifiablePresentation pb;base64,${encodedChallenge}`;
-};
+var getFileMimeType = (filename) => [
+  ".js",
+  ".mjs"
+].some((codeExtension) => filename.endsWith(codeExtension)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
 export {
   CLOUDFLARE_MESSAGE_MAX_BYTES,
   CLOUDFLARE_RPC_MAX_BYTES,
@@ -1019,6 +1230,7 @@ export {
   EdgeConnectionClosedError,
   EdgeHttpClient,
   EdgeIdentityChangedError,
+  HttpConfig,
   Protocol,
   WebSocketMuxer,
   createChainEdgeIdentity,
@@ -1026,9 +1238,13 @@ export {
   createEphemeralEdgeIdentity,
   createStubEdgeIdentity,
   createTestHaloEdgeIdentity,
+  encodeAuthHeader,
   getTypename,
   handleAuthChallenge,
   protocol,
-  toUint8Array
+  toUint8Array,
+  withLogging,
+  withRetry,
+  withRetryConfig
 };
 //# sourceMappingURL=index.mjs.map