@dxos/edge-client 0.8.4-main.b97322e → 0.8.4-main.bc2380dfbc

package/dist/lib/{browser → neutral}/index.mjs

@@ -6,51 +6,131 @@ import {
   getTypename,
   protocol,
   toUint8Array
-} from "./chunk-LMP5TVOP.mjs";
+} from "./chunk-ZIQ5T3A7.mjs";
 
 // src/index.ts
 export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
 
+// src/auth.ts
+import { createCredential, signPresentation } from "@dxos/credentials";
+import { invariant } from "@dxos/invariant";
+import { Keyring } from "@dxos/keyring";
+import { PublicKey } from "@dxos/keys";
+var __dxlog_file = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/auth.ts";
+var createDeviceEdgeIdentity = async (signer, key) => {
+  return {
+    identityKey: key.toHex(),
+    peerKey: key.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      return signPresentation({
+        presentation: {
+          credentials: [
+            // Verifier requires at least one credential in the presentation to establish the subject.
+            await createCredential({
+              assertion: {
+                "@type": "dxos.halo.credentials.Auth"
+              },
+              issuer: key,
+              subject: key,
+              signer
+            })
+          ]
+        },
+        signer,
+        signerKey: key,
+        nonce: challenge
+      });
+    }
+  };
+};
+var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
+  const credentialsToSign = credentials.length > 0 ? credentials : [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer,
+      chain,
+      signingKey: peerKey
+    })
+  ];
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: peerKey.toHex(),
+    presentCredentials: async ({ challenge }) => {
+      invariant(chain, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 56, S: void 0, A: ["chain", ""] });
+      return signPresentation({
+        presentation: {
+          credentials: credentialsToSign
+        },
+        signer,
+        nonce: challenge,
+        signerKey: peerKey,
+        chain
+      });
+    }
+  };
+};
+var createEphemeralEdgeIdentity = async () => {
+  const keyring = new Keyring();
+  const key = await keyring.createKey();
+  return createDeviceEdgeIdentity(keyring, key);
+};
+var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
+  const deviceAdmission = await createCredential({
+    assertion: {
+      "@type": "dxos.halo.credentials.AuthorizedDevice",
+      deviceKey,
+      identityKey
+    },
+    issuer: identityKey,
+    subject: deviceKey,
+    signer
+  });
+  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
+    credential: deviceAdmission
+  }, [
+    await createCredential({
+      assertion: {
+        "@type": "dxos.halo.credentials.Auth"
+      },
+      issuer: identityKey,
+      subject: identityKey,
+      signer
+    })
+  ]);
+};
+var createStubEdgeIdentity = () => {
+  const identityKey = PublicKey.random();
+  const deviceKey = PublicKey.random();
+  return {
+    identityKey: identityKey.toHex(),
+    peerKey: deviceKey.toHex(),
+    presentCredentials: async () => {
+      throw new Error("Stub identity does not support authentication.");
+    }
+  };
+};
+
 // src/edge-client.ts
-import { Trigger, scheduleMicroTask, TriggerState, PersistentLifecycle, Event } from "@dxos/async";
+import { Event, PersistentLifecycle, Trigger, TriggerState, scheduleMicroTask, scheduleTaskInterval as scheduleTaskInterval2 } from "@dxos/async";
+import { TRACE_SPAN_ATTRIBUTE } from "@dxos/context";
 import { Resource as Resource2 } from "@dxos/context";
 import { log as log2, logInfo as logInfo2 } from "@dxos/log";
 import { EdgeStatus } from "@dxos/protocols/proto/dxos/client/services";
 
 // src/edge-identity.ts
-import { invariant } from "@dxos/invariant";
+import { invariant as invariant2 } from "@dxos/invariant";
 import { schema } from "@dxos/protocols/proto";
-var __dxlog_file = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
+var __dxlog_file2 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
 var handleAuthChallenge = async (failedResponse, identity) => {
-  invariant(failedResponse.status === 401, void 0, {
-    F: __dxlog_file,
-    L: 21,
-    S: void 0,
-    A: [
-      "failedResponse.status === 401",
-      ""
-    ]
-  });
+  invariant2(failedResponse.status === 401, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 7, S: void 0, A: ["failedResponse.status === 401", ""] });
   const headerValue = failedResponse.headers.get("Www-Authenticate");
-  invariant(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
-    F: __dxlog_file,
-    L: 24,
-    S: void 0,
-    A: [
-      "headerValue?.startsWith('VerifiablePresentation challenge=')",
-      ""
-    ]
-  });
+  invariant2(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 9, S: void 0, A: ["headerValue?.startsWith('VerifiablePresentation challenge=')", ""] });
   const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
-  invariant(challenge, void 0, {
-    F: __dxlog_file,
-    L: 27,
-    S: void 0,
-    A: [
-      "challenge",
-      ""
-    ]
-  });
+  invariant2(challenge, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 11, S: void 0, A: ["challenge", ""] });
   const presentation = await identity.presentCredentials({
     challenge: Buffer.from(challenge, "base64")
   });
@@ -61,23 +141,42 @@ var handleAuthChallenge = async (failedResponse, identity) => {
 import WebSocket from "isomorphic-ws";
 import { scheduleTask, scheduleTaskInterval } from "@dxos/async";
 import { Context, Resource } from "@dxos/context";
-import { invariant as invariant2 } from "@dxos/invariant";
+import { invariant as invariant3 } from "@dxos/invariant";
 import { log, logInfo } from "@dxos/log";
 import { EdgeWebsocketProtocol } from "@dxos/protocols";
 import { buf } from "@dxos/protocols/buf";
 import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
 function _ts_decorate(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file2 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
 var SIGNAL_KEEPALIVE_INTERVAL = 4e3;
 var SIGNAL_KEEPALIVE_TIMEOUT = 12e3;
 var EdgeWsConnection = class extends Resource {
+  _identity;
+  _connectionInfo;
+  _callbacks;
+  _inactivityTimeoutCtx;
+  _ws;
+  _wsMuxer;
+  _lastReceivedMessageTimestamp = Date.now();
+  _openTimestamp;
+  // Latency tracking.
+  _pingTimestamp;
+  _rtt = 0;
+  // Rate tracking with sliding window.
+  _uploadRate = 0;
+  _downloadRate = 0;
+  _rateWindow = 1e4;
+  _rateUpdateInterval = 1e3;
+  _bytesSamples = [];
+  _messagesSent = 0;
+  _messagesReceived = 0;
   constructor(_identity, _connectionInfo, _callbacks) {
-    super(), this._identity = _identity, this._connectionInfo = _connectionInfo, this._callbacks = _callbacks, this._lastReceivedMessageTimestamp = Date.now();
+    super(), this._identity = _identity, this._connectionInfo = _connectionInfo, this._callbacks = _callbacks;
   }
   get info() {
     return {
@@ -86,34 +185,32 @@ var EdgeWsConnection = class extends Resource {
       device: this._identity.peerKey
     };
   }
+  get rtt() {
+    return this._rtt;
+  }
+  get uptime() {
+    return this._openTimestamp ? (Date.now() - this._openTimestamp) / 1e3 : 0;
+  }
+  get uploadRate() {
+    return this._uploadRate;
+  }
+  get downloadRate() {
+    return this._downloadRate;
+  }
+  get messagesSent() {
+    return this._messagesSent;
+  }
+  get messagesReceived() {
+    return this._messagesReceived;
+  }
   send(message) {
-    invariant2(this._ws, void 0, {
-      F: __dxlog_file2,
-      L: 53,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
-    invariant2(this._wsMuxer, void 0, {
-      F: __dxlog_file2,
-      L: 54,
-      S: this,
-      A: [
-        "this._wsMuxer",
-        ""
-      ]
-    });
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 72, S: this, A: ["this._ws", ""] });
+    invariant3(this._wsMuxer, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 73, S: this, A: ["this._wsMuxer", ""] });
     log("sending...", {
       peerKey: this._identity.peerKey,
       payload: protocol.getPayloadType(message)
-    }, {
-      F: __dxlog_file2,
-      L: 55,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 74, S: this });
+    this._messagesSent++;
     if (this._ws?.protocol.includes(EdgeWebsocketProtocol.V0)) {
       const binary = buf.toBinary(MessageSchema, message);
       if (binary.length > CLOUDFLARE_MESSAGE_MAX_BYTES) {
@@ -121,22 +218,15 @@ var EdgeWsConnection = class extends Resource {
           byteLength: binary.byteLength,
           serviceId: message.serviceId,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file2,
-          L: 59,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 82, S: this });
         return;
       }
+      this._recordBytes(binary.byteLength, 0);
       this._ws.send(binary);
     } else {
-      this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, {
-        F: __dxlog_file2,
-        L: 68,
-        S: this,
-        C: (f, a) => f(...a)
-      }));
+      const binary = buf.toBinary(MessageSchema, message);
+      this._recordBytes(binary.byteLength, 0);
+      this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 95, S: this }));
     }
   }
   async _open() {
@@ -148,41 +238,30 @@ var EdgeWsConnection = class extends Resource {
       this._connectionInfo.protocolHeader
     ] : [
       ...baseProtocols
-    ]);
+    ], this._connectionInfo.headers ? {
+      headers: this._connectionInfo.headers
+    } : void 0);
     const muxer = new WebSocketMuxer(this._ws);
     this._wsMuxer = muxer;
     this._ws.onopen = () => {
       if (this.isOpen) {
-        log("connected", void 0, {
-          F: __dxlog_file2,
-          L: 85,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        log("connected", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 114, S: this });
+        this._openTimestamp = Date.now();
         this._callbacks.onConnected();
         this._scheduleHeartbeats();
+        this._scheduleRateCalculation();
       } else {
         log.verbose("connected after becoming inactive", {
           currentIdentity: this._identity
-        }, {
-          F: __dxlog_file2,
-          L: 89,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 120, S: this });
       }
     };
     this._ws.onclose = (event) => {
       if (this.isOpen) {
-        log.warn("disconnected while being open", {
+        log.warn("server disconnected", {
           code: event.code,
           reason: event.reason
-        }, {
-          F: __dxlog_file2,
-          L: 94,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 127, S: this });
         this._callbacks.onRestartRequired();
         muxer.destroy();
       }
@@ -192,56 +271,42 @@ var EdgeWsConnection = class extends Resource {
         log.warn("edge connection socket error", {
           error: event.error,
           info: event.message
-        }, {
-          F: __dxlog_file2,
-          L: 101,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 137, S: this });
         this._callbacks.onRestartRequired();
       } else {
         log.verbose("error ignored on closed connection", {
           error: event.error
-        }, {
-          F: __dxlog_file2,
-          L: 104,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 143, S: this });
       }
     };
     this._ws.onmessage = async (event) => {
       if (!this.isOpen) {
         log.verbose("message ignored on closed connection", {
           event: event.type
-        }, {
-          F: __dxlog_file2,
-          L: 112,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 152, S: this });
         return;
       }
       this._lastReceivedMessageTimestamp = Date.now();
       if (event.data === "__pong__") {
+        if (this._pingTimestamp) {
+          this._rtt = Date.now() - this._pingTimestamp;
+          this._pingTimestamp = void 0;
+        }
         this._rescheduleHeartbeatTimeout();
         return;
       }
       const bytes = await toUint8Array(event.data);
+      this._recordBytes(0, bytes.byteLength);
       if (!this.isOpen) {
         return;
       }
+      this._messagesReceived++;
       const message = this._ws?.protocol?.includes(EdgeWebsocketProtocol.V0) ? buf.fromBinary(MessageSchema, bytes) : muxer.receiveData(bytes);
       if (message) {
         log("received", {
           from: message.source,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file2,
-          L: 130,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 175, S: this });
         this._callbacks.onMessage(message);
       }
     };
@@ -258,29 +323,18 @@ var EdgeWsConnection = class extends Resource {
       if (err instanceof Error && err.message.includes("WebSocket is closed before the connection is established.")) {
         return;
       }
-      log.warn("Error closing websocket", {
+      log.warn("error closing websocket", {
         err
-      }, {
-        F: __dxlog_file2,
-        L: 148,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 194, S: this });
     }
   }
   _scheduleHeartbeats() {
-    invariant2(this._ws, void 0, {
-      F: __dxlog_file2,
-      L: 153,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 200, S: this, A: ["this._ws", ""] });
     scheduleTaskInterval(this._ctx, async () => {
+      this._pingTimestamp = Date.now();
       this._ws?.send("__ping__");
     }, SIGNAL_KEEPALIVE_INTERVAL);
+    this._pingTimestamp = Date.now();
     this._ws.send("__ping__");
     this._rescheduleHeartbeatTimeout();
   }
@@ -289,21 +343,13 @@ var EdgeWsConnection = class extends Resource {
       return;
     }
     void this._inactivityTimeoutCtx?.dispose();
-    this._inactivityTimeoutCtx = new Context(void 0, {
-      F: __dxlog_file2,
-      L: 172
-    });
+    this._inactivityTimeoutCtx = new Context(void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 216 });
     scheduleTask(this._inactivityTimeoutCtx, () => {
       if (this.isOpen) {
         if (Date.now() - this._lastReceivedMessageTimestamp > SIGNAL_KEEPALIVE_TIMEOUT) {
           log.warn("restart due to inactivity timeout", {
             lastReceivedMessageTimestamp: this._lastReceivedMessageTimestamp
-          }, {
-            F: __dxlog_file2,
-            L: 178,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 220, S: this });
           this._callbacks.onRestartRequired();
         } else {
           this._rescheduleHeartbeatTimeout();
@@ -311,6 +357,47 @@ var EdgeWsConnection = class extends Resource {
       }
     }, SIGNAL_KEEPALIVE_TIMEOUT);
   }
+  _recordBytes(sent, received) {
+    const now = Date.now();
+    const currentSecond = Math.floor(now / 1e3) * 1e3;
+    const existingSample = this._bytesSamples.find((s) => Math.floor(s.timestamp / 1e3) * 1e3 === currentSecond);
+    if (existingSample) {
+      existingSample.sent += sent;
+      existingSample.received += received;
+    } else {
+      this._bytesSamples.push({
+        timestamp: now,
+        sent,
+        received
+      });
+    }
+  }
+  _scheduleRateCalculation() {
+    scheduleTaskInterval(this._ctx, async () => {
+      this._calculateRates();
+    }, this._rateUpdateInterval);
+    this._calculateRates();
+  }
+  _calculateRates() {
+    const now = Date.now();
+    const cutoff = now - this._rateWindow;
+    this._bytesSamples = this._bytesSamples.filter((s) => s.timestamp > cutoff);
+    if (this._bytesSamples.length === 0) {
+      this._uploadRate = 0;
+      this._downloadRate = 0;
+      return;
+    }
+    let totalSent = 0;
+    let totalReceived = 0;
+    const oldestTimestamp = Math.min(...this._bytesSamples.map((s) => s.timestamp));
+    const timeSpan = (now - oldestTimestamp) / 1e3;
+    for (const sample of this._bytesSamples) {
+      totalSent += sample.sent;
+      totalReceived += sample.received;
+    }
+    this._uploadRate = timeSpan > 0 ? Math.round(totalSent / timeSpan) : 0;
+    this._downloadRate = timeSpan > 0 ? Math.round(totalReceived / timeSpan) : 0;
+  }
 };
 _ts_decorate([
   logInfo
@@ -337,20 +424,31 @@ var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
 };
 
 // src/edge-client.ts
+var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 function _ts_decorate2(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 var DEFAULT_TIMEOUT = 1e4;
+var STATUS_REFRESH_INTERVAL = 1e3;
 var EdgeClient = class extends Resource2 {
+  _identity;
+  _config;
+  statusChanged = new Event();
+  _persistentLifecycle = new PersistentLifecycle({
+    start: async () => this._connect(),
+    stop: async (state) => this._disconnect(state)
+  });
+  _messageListeners = /* @__PURE__ */ new Set();
+  _reconnectListeners = /* @__PURE__ */ new Set();
+  _baseWsUrl;
+  _baseHttpUrl;
+  _currentConnection = void 0;
+  _ready = new Trigger();
   constructor(_identity, _config) {
-    super(), this._identity = _identity, this._config = _config, this.statusChanged = new Event(), this._persistentLifecycle = new PersistentLifecycle({
-      start: async () => this._connect(),
-      stop: async (state) => this._disconnect(state)
-    }), this._messageListeners = /* @__PURE__ */ new Set(), this._reconnectListeners = /* @__PURE__ */ new Set(), this._currentConnection = void 0, this._ready = new Trigger(), this._isActive = (connection) => connection === this._currentConnection;
+    super(), this._identity = _identity, this._config = _config;
     this._baseWsUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "ws");
     this._baseHttpUrl = getEdgeUrlWithProtocol(_config.socketEndpoint, "http");
   }
@@ -363,7 +461,15 @@ var EdgeClient = class extends Resource2 {
     };
   }
   get status() {
-    return Boolean(this._currentConnection) && this._ready.state === TriggerState.RESOLVED ? EdgeStatus.CONNECTED : EdgeStatus.NOT_CONNECTED;
+    return {
+      state: Boolean(this._currentConnection) && this._ready.state === TriggerState.RESOLVED ? EdgeStatus.ConnectionState.CONNECTED : EdgeStatus.ConnectionState.NOT_CONNECTED,
+      uptime: this._currentConnection?.uptime ?? 0,
+      rtt: this._currentConnection?.rtt ?? 0,
+      rateBytesUp: this._currentConnection?.uploadRate ?? 0,
+      rateBytesDown: this._currentConnection?.downloadRate ?? 0,
+      messagesSent: this._currentConnection?.messagesSent ?? 0,
+      messagesReceived: this._currentConnection?.messagesReceived ?? 0
+    };
   }
   get identityKey() {
     return this._identity.identityKey;
@@ -376,17 +482,39 @@ var EdgeClient = class extends Resource2 {
       log2("Edge identity changed", {
         identity,
         oldIdentity: this._identity
-      }, {
-        F: __dxlog_file3,
-        L: 99,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 74, S: this });
       this._identity = identity;
       this._closeCurrentConnection(new EdgeIdentityChangedError());
       void this._persistentLifecycle.scheduleRestart();
     }
   }
+  /**
+  * Send message.
+  * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
+  */
+  async send(ctx, message) {
+    if (this._ready.state !== TriggerState.RESOLVED) {
+      log2("waiting for websocket", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 88, S: this });
+      await this._ready.wait({
+        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
+      });
+    }
+    if (!this._currentConnection) {
+      throw new EdgeConnectionClosedError();
+    }
+    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
+      throw new EdgeIdentityChangedError();
+    }
+    const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE);
+    if (traceCtx) {
+      message.traceContext = {
+        $typeName: "dxos.edge.messenger.TraceContext",
+        traceparent: traceCtx.traceparent,
+        tracestate: traceCtx.tracestate
+      };
+    }
+    this._currentConnection.send(message);
+  }
   onMessage(listener) {
     this._messageListeners.add(listener);
     return () => this._messageListeners.delete(listener);
@@ -399,12 +527,7 @@ var EdgeClient = class extends Resource2 {
           try {
             listener();
           } catch (error) {
-            log2.catch(error, void 0, {
-              F: __dxlog_file3,
-              L: 121,
-              S: this,
-              C: (f, a) => f(...a)
-            });
+            log2.catch(error, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 123, S: this });
           }
         }
       });
@@ -417,22 +540,18 @@ var EdgeClient = class extends Resource2 {
   async _open() {
     log2("opening...", {
       info: this.info
-    }, {
-      F: __dxlog_file3,
-      L: 133,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 133, S: this });
     this._persistentLifecycle.open().catch((err) => {
       log2.warn("Error while opening connection", {
         err
-      }, {
-        F: __dxlog_file3,
-        L: 135,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 137, S: this });
     });
+    scheduleTaskInterval2(this._ctx, async () => {
+      if (!this._currentConnection) {
+        return;
+      }
+      this.statusChanged.emit(this.status);
+    }, STATUS_REFRESH_INTERVAL);
   }
   /**
   * Close connection and free resources.
@@ -440,12 +559,7 @@ var EdgeClient = class extends Resource2 {
   async _close() {
     log2("closing...", {
       peerKey: this._identity.peerKey
-    }, {
-      F: __dxlog_file3,
-      L: 143,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 152, S: this });
     this._closeCurrentConnection();
     await this._persistentLifecycle.close();
   }
@@ -457,12 +571,7 @@ var EdgeClient = class extends Resource2 {
     const path = `/ws/${identity.identityKey}/${identity.peerKey}`;
     const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
     if (this._identity !== identity) {
-      log2("identity changed during auth header request", void 0, {
-        F: __dxlog_file3,
-        L: 157,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      log2("identity changed during auth header request", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 166, S: this });
       return void 0;
     }
     const restartRequired = new Trigger();
@@ -470,27 +579,20 @@ var EdgeClient = class extends Resource2 {
     log2("Opening websocket", {
       url: url.toString(),
       protocolHeader
-    }, {
-      F: __dxlog_file3,
-      L: 163,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 171, S: this });
     const connection = new EdgeWsConnection(identity, {
       url,
-      protocolHeader
+      protocolHeader,
+      headers: this._config.clientTag ? {
+        "X-DXOS-Client-Tag": this._config.clientTag
+      } : void 0
     }, {
       onConnected: () => {
         if (this._isActive(connection)) {
           this._ready.wake();
           this._notifyReconnected();
         } else {
-          log2.verbose("connected callback ignored, because connection is not active", void 0, {
-            F: __dxlog_file3,
-            L: 173,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          log2.verbose("connected callback ignored, because connection is not active", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 187, S: this });
         }
       },
       onRestartRequired: () => {
@@ -498,12 +600,7 @@ var EdgeClient = class extends Resource2 {
           this._closeCurrentConnection();
           void this._persistentLifecycle.scheduleRestart();
         } else {
-          log2.verbose("restart requested by inactive connection", void 0, {
-            F: __dxlog_file3,
-            L: 181,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          log2.verbose("restart requested by inactive connection", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 195, S: this });
         }
         restartRequired.wake();
       },
@@ -514,12 +611,7 @@ var EdgeClient = class extends Resource2 {
           log2.verbose("ignored a message on inactive connection", {
             from: message.source,
             type: message.payload?.typeUrl
-          }, {
-            F: __dxlog_file3,
-            L: 189,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 203, S: this });
         }
       }
     });
@@ -551,12 +643,7 @@ var EdgeClient = class extends Resource2 {
       } catch (err) {
         log2.error("ws reconnect listener failed", {
           err
-        }, {
-          F: __dxlog_file3,
-          L: 225,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 238, S: this });
       }
     }
   }
@@ -568,39 +655,10 @@ var EdgeClient = class extends Resource2 {
         log2.error("ws incoming message processing failed", {
           err,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file3,
-          L: 235,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 249, S: this });
       }
     }
   }
-  /**
-  * Send message.
-  * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
-  */
-  async send(message) {
-    if (this._ready.state !== TriggerState.RESOLVED) {
-      log2("waiting for websocket to become ready", void 0, {
-        F: __dxlog_file3,
-        L: 246,
-        S: this,
-        C: (f, a) => f(...a)
-      });
-      await this._ready.wait({
-        timeout: this._config.timeout ?? DEFAULT_TIMEOUT
-      });
-    }
-    if (!this._currentConnection) {
-      throw new EdgeConnectionClosedError();
-    }
-    if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
-      throw new EdgeIdentityChangedError();
-    }
-    this._currentConnection.send(message);
-  }
   async _createAuthHeader(path) {
     const httpUrl = new URL(path, this._baseHttpUrl);
     httpUrl.protocol = getEdgeUrlWithProtocol(this._baseWsUrl.toString(), "http");
@@ -613,15 +671,11 @@ var EdgeClient = class extends Resource2 {
       log2.warn("no auth challenge from edge", {
         status: response.status,
         statusText: response.statusText
-      }, {
-        F: __dxlog_file3,
-        L: 271,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 265, S: this });
       return void 0;
     }
   }
+  _isActive = (connection) => connection === this._currentConnection;
 };
 _ts_decorate2([
   logInfo2
@@ -631,144 +685,39 @@ var encodePresentationWsAuthHeader = (encodedPresentation) => {
   return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
 };
 
-// src/auth.ts
-import { createCredential, signPresentation } from "@dxos/credentials";
-import { invariant as invariant3 } from "@dxos/invariant";
-import { Keyring } from "@dxos/keyring";
-import { PublicKey } from "@dxos/keys";
-var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/auth.ts";
-var createDeviceEdgeIdentity = async (signer, key) => {
-  return {
-    identityKey: key.toHex(),
-    peerKey: key.toHex(),
-    presentCredentials: async ({ challenge }) => {
-      return signPresentation({
-        presentation: {
-          credentials: [
-            // Verifier requires at least one credential in the presentation to establish the subject.
-            await createCredential({
-              assertion: {
-                "@type": "dxos.halo.credentials.Auth"
-              },
-              issuer: key,
-              subject: key,
-              signer
-            })
-          ]
-        },
-        signer,
-        signerKey: key,
-        nonce: challenge
-      });
-    }
-  };
-};
-var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, credentials) => {
-  const credentialsToSign = credentials.length > 0 ? credentials : [
-    await createCredential({
-      assertion: {
-        "@type": "dxos.halo.credentials.Auth"
-      },
-      issuer: identityKey,
-      subject: identityKey,
-      signer,
-      chain,
-      signingKey: peerKey
-    })
-  ];
-  return {
-    identityKey: identityKey.toHex(),
-    peerKey: peerKey.toHex(),
-    presentCredentials: async ({ challenge }) => {
-      invariant3(chain, void 0, {
-        F: __dxlog_file4,
-        L: 75,
-        S: void 0,
-        A: [
-          "chain",
-          ""
-        ]
-      });
-      return signPresentation({
-        presentation: {
-          credentials: credentialsToSign
-        },
-        signer,
-        nonce: challenge,
-        signerKey: peerKey,
-        chain
-      });
-    }
-  };
-};
-var createEphemeralEdgeIdentity = async () => {
-  const keyring = new Keyring();
-  const key = await keyring.createKey();
-  return createDeviceEdgeIdentity(keyring, key);
-};
-var createTestHaloEdgeIdentity = async (signer, identityKey, deviceKey) => {
-  const deviceAdmission = await createCredential({
-    assertion: {
-      "@type": "dxos.halo.credentials.AuthorizedDevice",
-      deviceKey,
-      identityKey
-    },
-    issuer: identityKey,
-    subject: deviceKey,
-    signer
-  });
-  return createChainEdgeIdentity(signer, identityKey, deviceKey, {
-    credential: deviceAdmission
-  }, [
-    await createCredential({
-      assertion: {
-        "@type": "dxos.halo.credentials.Auth"
-      },
-      issuer: identityKey,
-      subject: identityKey,
-      signer
-    })
-  ]);
-};
-var createStubEdgeIdentity = () => {
-  const identityKey = PublicKey.random();
-  const deviceKey = PublicKey.random();
-  return {
-    identityKey: identityKey.toHex(),
-    peerKey: deviceKey.toHex(),
-    presentCredentials: async () => {
-      throw new Error("Stub identity does not support authentication.");
-    }
-  };
-};
-
 // src/edge-http-client.ts
-import { FetchHttpClient, HttpClient } from "@effect/platform";
-import { Effect as Effect2, pipe } from "effect";
+import * as FetchHttpClient from "@effect/platform/FetchHttpClient";
+import * as HttpClient from "@effect/platform/HttpClient";
+import * as Effect2 from "effect/Effect";
+import * as Function from "effect/Function";
 import { sleep } from "@dxos/async";
-import { Context as Context3 } from "@dxos/context";
+import { TRACE_SPAN_ATTRIBUTE as TRACE_SPAN_ATTRIBUTE2 } from "@dxos/context";
+import { runAndForwardErrors } from "@dxos/effect";
+import { invariant as invariant4 } from "@dxos/invariant";
 import { log as log4 } from "@dxos/log";
-import { EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
+import { EDGE_CLIENT_TAG_HEADER, EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
 import { createUrl } from "@dxos/util";
 
 // src/http-client.ts
-import { Context as Context2, Duration, Effect, Layer, Schedule } from "effect";
+import * as Context2 from "effect/Context";
+import * as Duration from "effect/Duration";
+import * as Effect from "effect/Effect";
+import * as Layer from "effect/Layer";
+import * as Schedule from "effect/Schedule";
 import { log as log3 } from "@dxos/log";
 var __dxlog_file5 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/http-client.ts";
 var HttpConfig = class _HttpConfig extends Context2.Tag("HttpConfig")() {
-  static {
-    this.default = Layer.succeed(_HttpConfig, {
-      timeout: Duration.millis(1e3),
-      retryTimes: 3,
-      retryBaseDelay: Duration.millis(1e3)
-    });
-  }
+  static default = Layer.succeed(_HttpConfig, {
+    timeout: Duration.millis(1e3),
+    retryTimes: 3,
+    retryBaseDelay: Duration.millis(1e3)
+  });
 };
-var withRetry = (effect, { timeout = Duration.millis(1e3), retryBaseDelay = Duration.millis(1e3), retryTimes = 3 } = {}) => {
+var withRetry = (effect, { timeout: timeout2 = Duration.millis(1e3), retryBaseDelay = Duration.millis(1e3), retryTimes = 3 } = {}) => {
   return effect.pipe(Effect.flatMap((res) => (
     // Treat 500 errors as retryable?
     res.status === 500 ? Effect.fail(new Error(res.status.toString())) : res.json
-  )), Effect.timeout(timeout), Effect.retry({
+  )), Effect.timeout(timeout2), Effect.retry({
     schedule: Schedule.exponential(retryBaseDelay).pipe(Schedule.jittered),
     times: retryTimes
   }));
@@ -777,14 +726,11 @@ var withRetryConfig = (effect) => Effect.gen(function* () {
   const config = yield* HttpConfig;
   return yield* withRetry(effect, config);
 });
-var withLogging = (effect) => effect.pipe(Effect.tap((res) => log3.info("response", {
-  status: res.status
-}, {
-  F: __dxlog_file5,
-  L: 58,
-  S: void 0,
-  C: (f, a) => f(...a)
-})));
+var withLogging = (effect) => effect.pipe(Effect.tap((res) => {
+  log3.info("response", {
+    status: res.status
+  }, { "~LogMeta": "~LogMeta", F: __dxlog_file5, L: 31, S: void 0 });
+}));
 var encodeAuthHeader = (challenge) => {
   const encodedChallenge = Buffer.from(challenge).toString("base64");
   return `VerifiablePresentation pb;base64,${encodedChallenge}`;
@@ -795,17 +741,21 @@ var __dxlog_file6 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-http
 var DEFAULT_RETRY_TIMEOUT = 1500;
 var DEFAULT_RETRY_JITTER = 500;
 var DEFAULT_MAX_RETRIES_COUNT = 3;
+var WARNING_BODY_SIZE = 10 * 1024 * 1024;
 var EdgeHttpClient = class {
-  constructor(baseUrl) {
+  _baseUrl;
+  _clientTag;
+  _edgeIdentity;
+  /**
+  * Auth header is cached until receiving the next 401 from EDGE, at which point it gets refreshed.
+  */
+  _authHeader;
+  constructor(baseUrl, options) {
     this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    this._clientTag = options?.clientTag;
     log4("created", {
       url: this._baseUrl
-    }, {
-      F: __dxlog_file6,
-      L: 84,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 32, S: this });
   }
   get baseUrl() {
     return this._baseUrl;
@@ -819,24 +769,25 @@ var EdgeHttpClient = class {
   //
   // Status
   //
-  async getStatus(args) {
-    return this._call(new URL("/status", this.baseUrl), {
+  async getStatus(ctx, args) {
+    return this._call(ctx, new URL("/status", this.baseUrl), {
       ...args,
-      method: "GET"
+      method: "GET",
+      auth: true
     });
   }
   //
   // Agents
   //
-  createAgent(body, args) {
-    return this._call(new URL("/agents/create", this.baseUrl), {
+  createAgent(ctx, body, args) {
+    return this._call(ctx, new URL("/agents/create", this.baseUrl), {
       ...args,
       method: "POST",
       body
     });
   }
-  getAgentStatus(request, args) {
-    return this._call(new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
+  getAgentStatus(ctx, request, args) {
+    return this._call(ctx, new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
       ...args,
       method: "GET"
     });
@@ -844,14 +795,14 @@ var EdgeHttpClient = class {
   //
   // Credentials
   //
-  getCredentialsForNotarization(spaceId, args) {
-    return this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+  getCredentialsForNotarization(ctx, spaceId, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
       ...args,
       method: "GET"
     });
   }
-  async notarizeCredentials(spaceId, body, args) {
-    await this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+  async notarizeCredentials(ctx, spaceId, body, args) {
+    await this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -860,8 +811,8 @@ var EdgeHttpClient = class {
   //
   // Identity
   //
-  async recoverIdentity(body, args) {
-    return this._call(new URL("/identity/recover", this.baseUrl), {
+  async recoverIdentity(ctx, body, args) {
+    return this._call(ctx, new URL("/identity/recover", this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -870,8 +821,8 @@ var EdgeHttpClient = class {
   //
   // Invitations
   //
-  async joinSpaceByInvitation(spaceId, body, args) {
-    return this._call(new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
+  async joinSpaceByInvitation(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -880,14 +831,8 @@ var EdgeHttpClient = class {
   //
   // OAuth and credentials
   //
-  async listFunctions(args) {
-    return this._call(new URL("/functions", this.baseUrl), {
-      ...args,
-      method: "GET"
-    });
-  }
-  async initiateOAuthFlow(body, args) {
-    return this._call(new URL("/oauth/initiate", this.baseUrl), {
+  async initiateOAuthFlow(ctx, body, args) {
+    return this._call(ctx, new URL("/oauth/initiate", this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -896,8 +841,8 @@ var EdgeHttpClient = class {
   //
   // Spaces
   //
-  async createSpace(body, args) {
-    return this._call(new URL("/spaces/create", this.baseUrl), {
+  async createSpace(ctx, body, args) {
+    return this._call(ctx, new URL("/spaces/create", this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -906,9 +851,10 @@ var EdgeHttpClient = class {
   //
   // Queues
   //
-  async queryQueue(subspaceTag, spaceId, query, args) {
-    const { queueId } = query;
-    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
+  async queryQueue(ctx, subspaceTag, spaceId, query, args) {
+    const queueId = query.queueIds?.[0];
+    invariant4(queueId, "queueId required", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 132, S: this, A: ["queueId", "'queueId required'"] });
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
       after: query.after,
       before: query.before,
       limit: query.limit,
@@ -919,8 +865,8 @@ var EdgeHttpClient = class {
       method: "GET"
     });
   }
-  async insertIntoQueue(subspaceTag, spaceId, queueId, objects, args) {
-    return this._call(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+  async insertIntoQueue(ctx, subspaceTag, spaceId, queueId, objects, args) {
+    return this._call(ctx, new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
       ...args,
       body: {
         objects
@@ -928,8 +874,8 @@ var EdgeHttpClient = class {
       method: "POST"
     });
   }
-  async deleteFromQueue(subspaceTag, spaceId, queueId, objectIds, args) {
-    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+  async deleteFromQueue(ctx, subspaceTag, spaceId, queueId, objectIds, args) {
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
       ids: objectIds.join(",")
     }), {
       ...args,
@@ -939,98 +885,202 @@ var EdgeHttpClient = class {
   //
   // Functions
   //
-  async uploadFunction(pathParts, body, args) {
+  async uploadFunction(ctx, pathParts, body, args) {
+    const formData = new FormData();
+    formData.append("name", body.name ?? "");
+    formData.append("version", body.version);
+    formData.append("ownerPublicKey", body.ownerPublicKey);
+    formData.append("entryPoint", body.entryPoint);
+    body.runtime && formData.append("runtime", body.runtime);
+    for (const [filename, content] of Object.entries(body.assets)) {
+      formData.append("assets", new Blob([
+        content
+      ], {
+        type: getFileMimeType(filename)
+      }), filename);
+    }
     const path = [
       "functions",
       ...pathParts.functionId ? [
         pathParts.functionId
       ] : []
     ].join("/");
-    return this._call(new URL(path, this.baseUrl), {
+    return this._call(ctx, new URL(path, this.baseUrl), {
       ...args,
-      body,
-      method: "PUT"
+      body: formData,
+      method: "PUT",
+      json: false
+    });
+  }
+  async listFunctions(ctx, args) {
+    return this._call(ctx, new URL("/functions", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async invokeFunction(ctx, params, input, args) {
+    const url = new URL(`/functions/${params.functionId}`, this.baseUrl);
+    if (params.version) {
+      url.searchParams.set("version", params.version);
+    }
+    if (params.spaceId) {
+      url.searchParams.set("spaceId", params.spaceId.toString());
+    }
+    if (params.cpuTimeLimit) {
+      url.searchParams.set("cpuTimeLimit", params.cpuTimeLimit.toString());
+    }
+    if (params.subrequestsLimit) {
+      url.searchParams.set("subrequestsLimit", params.subrequestsLimit.toString());
+    }
+    return this._call(ctx, url, {
+      ...args,
+      body: input,
+      method: "POST"
     });
   }
   //
   // Workflows
   //
-  async executeWorkflow(spaceId, graphId, input, args) {
-    return this._call(new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
+  async executeWorkflow(ctx, spaceId, graphId, input, args) {
+    return this._call(ctx, new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
       ...args,
       body: input,
       method: "POST"
     });
   }
   //
+  // Triggers
+  //
+  async getCronTriggers(ctx, spaceId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons`, this.baseUrl), {
+      method: "GET"
+    });
+  }
+  async forceRunCronTrigger(ctx, spaceId, triggerId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons/${triggerId}/run`, this.baseUrl), {
+      method: "POST"
+    });
+  }
+  //
+  // Query
+  //
+  /**
+  * Execute a QueryAST query against a space.
+  */
+  async execQuery(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/exec-query`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Registry
+  //
+  /**
+  * Fetches the hydrated plugin directory from the Edge registry service.
+  * Unauthenticated; safe to call without an identity.
+  */
+  async getRegistryPlugins(ctx, args) {
+    return this._call(ctx, new URL("/registry/plugins", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  /**
+  * Fetches the available release versions for a given plugin repo. `repo` is the
+  * GitHub `owner/name` form; this method takes care of URL-encoding before issuing
+  * the request. Unauthenticated; same surface area as {@link getRegistryPlugins}.
+  *
+  * Versions are returned newest first, suitable for direct rendering in a picker.
+  */
+  async getRegistryPluginVersions(ctx, repo, args) {
+    return this._call(ctx, new URL(`/registry/plugins/${encodeURIComponent(repo)}/versions`, this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  //
+  // Import/Export space.
+  //
+  async importBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/import`, this.baseUrl), {
+      ...args,
+      body,
+      method: "PUT"
+    });
+  }
+  async exportBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/export`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
   // Internal
   //
-  async _fetch(url, args) {
-    return pipe(HttpClient.get(url), withLogging, withRetryConfig, Effect2.provide(FetchHttpClient.layer), Effect2.provide(HttpConfig.default), Effect2.withSpan("EdgeHttpClient"), Effect2.runPromise);
+  async _fetch(url, _args) {
+    return Function.pipe(HttpClient.get(url), withLogging, withRetryConfig, Effect2.provide(FetchHttpClient.layer), Effect2.provide(HttpConfig.default), Effect2.withSpan("EdgeHttpClient"), runAndForwardErrors);
   }
   // TODO(burdon): Refactor with effect (see edge-http-client.test.ts).
-  async _call(url, args) {
+  async _call(ctx, url, args) {
     const shouldRetry = createRetryHandler(args);
-    const requestContext = args.context ?? new Context3(void 0, {
-      F: __dxlog_file6,
-      L: 293
-    });
     log4("fetch", {
       url,
       request: args.body
-    }, {
-      F: __dxlog_file6,
-      L: 294,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 302, S: this });
+    const traceHeaders = getTraceHeaders(ctx);
     let handledAuth = false;
+    const tryCount = 1;
     while (true) {
-      let processingError;
-      let retryAfterHeaderValue = Number.NaN;
+      let processingError = void 0;
       try {
-        const request = createRequest(args, this._authHeader);
+        if (!this._authHeader && args.auth) {
+          const response2 = await fetch(new URL(`/auth`, this.baseUrl));
+          if (response2.status === 401) {
+            this._authHeader = await this._handleUnauthorized(response2);
+          }
+        }
+        const request = createRequest(args, this._authHeader, traceHeaders, this._clientTag);
+        log4("call edge", {
+          url,
+          tryCount,
+          authHeader: !!this._authHeader
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 319, S: this });
         const response = await fetch(url, request);
-        retryAfterHeaderValue = Number(response.headers.get("Retry-After"));
         if (response.ok) {
-          const body = await response.json();
-          if (body.success) {
-            return body.data;
+          const body2 = await response.clone().json();
+          invariant4(body2, "Expected body to be present", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 327, S: this, A: ["body", "'Expected body to be present'"] });
+          if (!("success" in body2)) {
+            return body2;
           }
-          log4.warn("unsuccessful edge response", {
-            url,
-            body
-          }, {
-            F: __dxlog_file6,
-            L: 310,
-            S: this,
-            C: (f, a) => f(...a)
-          });
-          if (body.errorData?.type === "auth_challenge" && typeof body.errorData?.challenge === "string") {
-            processingError = new EdgeAuthChallengeError(body.errorData.challenge, body.errorData);
-          } else {
-            processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
+          if (body2.success) {
+            return body2.data;
           }
         } else if (response.status === 401 && !handledAuth) {
           this._authHeader = await this._handleUnauthorized(response);
           handledAuth = true;
           continue;
+        }
+        const body = response.headers.get("Content-Type") === "application/json" ? await response.clone().json() : void 0;
+        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 340, S: this, A: ["!body?.success", "'Expected body to not be a failure response or undefined.'"] });
+        if (body?.data?.type === "auth_challenge" && typeof body?.data?.challenge === "string") {
+          processingError = new EdgeAuthChallengeError(body.data.challenge, body.data);
+        } else if (body?.success === false) {
+          processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
         } else {
-          processingError = EdgeCallFailedError.fromHttpFailure(response);
+          invariant4(!response.ok, "Expected response to not be ok.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 346, S: this, A: ["!response.ok", "'Expected response to not be ok.'"] });
+          processingError = await EdgeCallFailedError.fromHttpFailure(response);
         }
       } catch (error) {
         processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
       }
-      if (processingError.isRetryable && await shouldRetry(requestContext, retryAfterHeaderValue)) {
-        log4("retrying edge request", {
+      if (processingError?.isRetryable && await shouldRetry(ctx, processingError.retryAfterMs)) {
+        log4.verbose("retrying edge request", {
           url,
           processingError
-        }, {
-          F: __dxlog_file6,
-          L: 328,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 353, S: this });
       } else {
         throw processingError;
       }
@@ -1038,35 +1088,63 @@ var EdgeHttpClient = class {
   }
   async _handleUnauthorized(response) {
     if (!this._edgeIdentity) {
-      log4.warn("unauthorized response received before identity was set", void 0, {
-        F: __dxlog_file6,
-        L: 337,
-        S: this,
-        C: (f, a) => f(...a)
-      });
-      throw EdgeCallFailedError.fromHttpFailure(response);
+      log4.warn("unauthorized response received before identity was set", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 364, S: this });
+      throw await EdgeCallFailedError.fromHttpFailure(response);
     }
     const challenge = await handleAuthChallenge(response, this._edgeIdentity);
     return encodeAuthHeader(challenge);
   }
 };
-var createRequest = ({ method, body }, authHeader) => {
+var createRequest = ({ method, body, json = true }, authHeader, traceHeaders, clientTag) => {
+  let requestBody;
+  const headers = {};
+  if (json) {
+    requestBody = body && JSON.stringify(body);
+    headers["Content-Type"] = "application/json";
+  } else {
+    requestBody = body;
+  }
+  if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
+    log4.warn("Request with large body", {
+      bodySize: requestBody.length
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 381, S: void 0 });
+  }
+  if (authHeader) {
+    headers["Authorization"] = authHeader;
+  }
+  if (traceHeaders) {
+    Object.assign(headers, traceHeaders);
+  }
+  if (clientTag) {
+    headers[EDGE_CLIENT_TAG_HEADER] = clientTag;
+  }
   return {
     method,
-    body: body && JSON.stringify(body),
-    headers: authHeader ? {
-      Authorization: authHeader
-    } : void 0
+    body: requestBody,
+    headers
   };
 };
-var createRetryHandler = ({ retry }) => {
-  if (!retry || retry.count < 1) {
+var getTraceHeaders = (ctx) => {
+  const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE2);
+  if (!traceCtx) {
+    return void 0;
+  }
+  const headers = {
+    traceparent: traceCtx.traceparent
+  };
+  if (traceCtx.tracestate) {
+    headers.tracestate = traceCtx.tracestate;
+  }
+  return headers;
+};
+var createRetryHandler = ({ retry: retry2 }) => {
+  if (!retry2 || retry2.count < 1) {
     return async () => false;
   }
   let retries = 0;
-  const maxRetries = retry.count ?? DEFAULT_MAX_RETRIES_COUNT;
-  const baseTimeout = retry.timeout ?? DEFAULT_RETRY_TIMEOUT;
-  const jitter = retry.jitter ?? DEFAULT_RETRY_JITTER;
+  const maxRetries = retry2.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = retry2.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = retry2.jitter ?? DEFAULT_RETRY_JITTER;
   return async (ctx, retryAfter) => {
     if (++retries > maxRetries || ctx.disposed) {
       return false;
@@ -1074,12 +1152,16 @@ var createRetryHandler = ({ retry }) => {
     if (retryAfter) {
       await sleep(retryAfter);
     } else {
-      const timeout = baseTimeout + Math.random() * jitter;
-      await sleep(timeout);
+      const timeout2 = baseTimeout + Math.random() * jitter;
+      await sleep(timeout2);
     }
     return true;
   };
 };
+var getFileMimeType = (filename) => [
+  ".js",
+  ".mjs"
+].some((codeExtension) => filename.endsWith(codeExtension)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
 export {
   CLOUDFLARE_MESSAGE_MAX_BYTES,
   CLOUDFLARE_RPC_MAX_BYTES,
@@ -1087,6 +1169,7 @@ export {
   EdgeConnectionClosedError,
   EdgeHttpClient,
   EdgeIdentityChangedError,
+  HttpConfig,
   Protocol,
   WebSocketMuxer,
   createChainEdgeIdentity,
@@ -1094,9 +1177,13 @@ export {
   createEphemeralEdgeIdentity,
   createStubEdgeIdentity,
   createTestHaloEdgeIdentity,
+  encodeAuthHeader,
   getTypename,
   handleAuthChallenge,
   protocol,
-  toUint8Array
+  toUint8Array,
+  withLogging,
+  withRetry,
+  withRetryConfig
 };
 //# sourceMappingURL=index.mjs.map