@dxos/keyring 0.8.4-main.fd6878d → 0.8.4-staging.60fe92afc8

package/LICENSE

@@ -1,8 +1,105 @@
-MIT License 
-Copyright (c) 2022 DXOS
+# Functional Source License, Version 1.1, ALv2 Future License
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+## Abbreviation
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+FSL-1.1-Apache-2.0
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+## Notice
+
+Copyright 2026 DXOS
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the Apache License, Version 2.0 that is effective on the second anniversary of
+the date we make the Software available. On or after that date, you may use the
+Software under the Apache License, Version 2.0, in which case the following
+will apply:
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

package/README.md

@@ -18,4 +18,4 @@ pnpm i @dxos/keyring
 
 Your ideas, issues, and code are most welcome. Please take a look at our [community code of conduct](https://github.com/dxos/dxos/blob/main/CODE_OF_CONDUCT.md), the [issue guide](https://github.com/dxos/dxos/blob/main/CONTRIBUTING.md#submitting-issues), and the [PR contribution guide](https://github.com/dxos/dxos/blob/main/CONTRIBUTING.md#submitting-prs).
 
-License: [MIT](./LICENSE) Copyright 2022 © DXOS
+License: [FSL-1.1-Apache-2.0](./LICENSE) Copyright 2022 © DXOS

package/dist/lib/neutral/index.mjs

@@ -0,0 +1,288 @@
+import "@dxos/node-std/globals";
+
+// src/keyring.ts
+import { Event, synchronized } from "@dxos/async";
+import { subtleCrypto } from "@dxos/crypto";
+import { todo } from "@dxos/debug";
+import { invariant } from "@dxos/invariant";
+import { PublicKey } from "@dxos/keys";
+import { schema } from "@dxos/protocols/proto";
+import { StorageType, createStorage } from "@dxos/random-access-storage";
+import { ComplexMap, arrayToBuffer } from "@dxos/util";
+var __dxlog_file = "/__w/dxos/dxos/packages/core/halo/keyring/src/keyring.ts";
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var KeyRecord = schema.getCodecForType("dxos.halo.keyring.KeyRecord");
+var Keyring = class {
+  _storage;
+  _keyCache = new ComplexMap(PublicKey.hash);
+  keysUpdate = new Event();
+  constructor(_storage = createStorage({
+    type: StorageType.RAM
+  }).createDirectory("keyring")) {
+    this._storage = _storage;
+    invariant(subtleCrypto, "SubtleCrypto not available in this environment.", { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 29, S: this, A: ["subtleCrypto", "'SubtleCrypto not available in this environment.'"] });
+  }
+  async sign(key, message) {
+    const keyPair = await this._getKey(key);
+    return new Uint8Array(await subtleCrypto.sign({
+      name: "ECDSA",
+      hash: "SHA-256"
+    }, keyPair.privateKey, message));
+  }
+  async createKey() {
+    const keyPair = await subtleCrypto.generateKey({
+      name: "ECDSA",
+      namedCurve: "P-256"
+    }, true, [
+      "sign",
+      "verify"
+    ]);
+    await this._setKey(keyPair);
+    return keyPairToPublicKey(keyPair);
+  }
+  async _getKey(key) {
+    if (!this._keyCache.has(key)) {
+      const file = this._storage.getOrCreateFile(key.toHex());
+      const { size } = await file.stat();
+      if (size === 0) {
+        throw new Error(`Key not found: ${key.toHex()}`);
+      }
+      const recordBytes = await file.read(0, size);
+      await file.close();
+      const record = KeyRecord.decode(recordBytes);
+      const publicKey = PublicKey.from(record.publicKey);
+      invariant(key.equals(publicKey), "Corrupted keyring: Key mismatch", { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 60, S: this, A: ["key.equals(publicKey)", "'Corrupted keyring: Key mismatch'"] });
+      invariant(record.privateKey, "Corrupted keyring: Missing private key", { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 61, S: this, A: ["record.privateKey", "'Corrupted keyring: Missing private key'"] });
+      const keyPair = {
+        publicKey: await subtleCrypto.importKey("raw", record.publicKey, {
+          name: "ECDSA",
+          namedCurve: "P-256"
+        }, true, [
+          "verify"
+        ]),
+        privateKey: await subtleCrypto.importKey("pkcs8", record.privateKey, {
+          name: "ECDSA",
+          namedCurve: "P-256"
+        }, true, [
+          "sign"
+        ])
+      };
+      this._keyCache.set(publicKey, keyPair);
+    }
+    return this._keyCache.get(key);
+  }
+  async _setKey(keyPair) {
+    const publicKey = await keyPairToPublicKey(keyPair);
+    this._keyCache.set(publicKey, keyPair);
+    const record = {
+      publicKey: publicKey.asUint8Array(),
+      privateKey: new Uint8Array(await subtleCrypto.exportKey("pkcs8", keyPair.privateKey))
+    };
+    const file = this._storage.getOrCreateFile(publicKey.toHex());
+    await file.write(0, arrayToBuffer(KeyRecord.encode(record)));
+    await file.close();
+    await file.flush?.();
+    this.keysUpdate.emit();
+  }
+  // TODO(burdon): ???
+  deleteKey(key) {
+    return todo("We need a method to delete a file.");
+  }
+  async list() {
+    const keys = [];
+    for (const path of await this._storage.list()) {
+      const fileName = path.split("/").pop();
+      invariant(fileName, "Invalid file name", { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 101, S: this, A: ["fileName", "'Invalid file name'"] });
+      keys.push({
+        publicKey: PublicKey.fromHex(fileName).asUint8Array()
+      });
+    }
+    return keys;
+  }
+  async importKeyPair(keyPair) {
+    await this._setKey(keyPair);
+    return keyPairToPublicKey(keyPair);
+  }
+};
+_ts_decorate([
+  synchronized
+], Keyring.prototype, "_getKey", null);
+_ts_decorate([
+  synchronized
+], Keyring.prototype, "_setKey", null);
+var keyPairToPublicKey = async (keyPair) => {
+  return PublicKey.from(new Uint8Array(await subtleCrypto.exportKey("raw", keyPair.publicKey)));
+};
+
+// src/sqlite-keyring.ts
+import * as SqlClient from "@effect/sql/SqlClient";
+import * as Effect from "effect/Effect";
+import { Event as Event2, synchronized as synchronized2 } from "@dxos/async";
+import { subtleCrypto as subtleCrypto2 } from "@dxos/crypto";
+import { RuntimeProvider } from "@dxos/effect";
+import { invariant as invariant2 } from "@dxos/invariant";
+import { PublicKey as PublicKey2 } from "@dxos/keys";
+import { schema as schema2 } from "@dxos/protocols/proto";
+import { ComplexMap as ComplexMap2, arrayToBuffer as arrayToBuffer2 } from "@dxos/util";
+var __dxlog_file2 = "/__w/dxos/dxos/packages/core/halo/keyring/src/sqlite-keyring.ts";
+function _ts_decorate2(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var KeyRecordCodec = schema2.getCodecForType("dxos.halo.keyring.KeyRecord");
+var SqliteKeyring = class {
+  #runtime;
+  #keyCache = new ComplexMap2(PublicKey2.hash);
+  keysUpdate = new Event2();
+  constructor({ runtime }) {
+    invariant2(subtleCrypto2, "SubtleCrypto not available in this environment.", { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 28, S: this, A: ["subtleCrypto", "'SubtleCrypto not available in this environment.'"] });
+    this.#runtime = runtime;
+  }
+  migrate = Effect.fn("SqliteKeyring.migrate")(() => Effect.gen(function* () {
+    const sql = yield* SqlClient.SqlClient;
+    yield* sql`CREATE TABLE IF NOT EXISTS keyring (
+          public_key TEXT PRIMARY KEY,
+          record BLOB NOT NULL
+        )`;
+  }).pipe(Effect.withSpan("SqliteKeyring.migrate")))();
+  async sign(key, message) {
+    const keyPair = await this._getKey(key);
+    return new Uint8Array(await subtleCrypto2.sign({
+      name: "ECDSA",
+      hash: "SHA-256"
+    }, keyPair.privateKey, message));
+  }
+  async createKey() {
+    const keyPair = await subtleCrypto2.generateKey({
+      name: "ECDSA",
+      namedCurve: "P-256"
+    }, true, [
+      "sign",
+      "verify"
+    ]);
+    await this._setKey(keyPair);
+    return keyPairToPublicKey2(keyPair);
+  }
+  async importKeyPair(keyPair) {
+    await this._setKey(keyPair);
+    return keyPairToPublicKey2(keyPair);
+  }
+  async list() {
+    const rows = await RuntimeProvider.runPromise(this.#runtime)(Effect.gen(function* () {
+      const sql = yield* SqlClient.SqlClient;
+      return yield* sql`SELECT record FROM keyring`;
+    }));
+    return rows.map((row) => {
+      const record = KeyRecordCodec.decode(row.record);
+      return {
+        publicKey: record.publicKey
+      };
+    });
+  }
+  async _getKey(key) {
+    if (this.#keyCache.has(key)) {
+      return this.#keyCache.get(key);
+    }
+    const keyHex = key.toHex();
+    const rows = await RuntimeProvider.runPromise(this.#runtime)(Effect.gen(function* () {
+      const sql = yield* SqlClient.SqlClient;
+      return yield* sql`SELECT record FROM keyring WHERE public_key = ${keyHex}`;
+    }));
+    if (rows.length === 0) {
+      throw new Error(`Key not found: ${keyHex}`);
+    }
+    const record = KeyRecordCodec.decode(rows[0].record);
+    const publicKey = PublicKey2.from(record.publicKey);
+    invariant2(key.equals(publicKey), "Corrupted keyring: key mismatch", { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 87, S: this, A: ["key.equals(publicKey)", "'Corrupted keyring: key mismatch'"] });
+    invariant2(record.privateKey, "Corrupted keyring: missing private key", { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 88, S: this, A: ["record.privateKey", "'Corrupted keyring: missing private key'"] });
+    const keyPair = {
+      publicKey: await subtleCrypto2.importKey("raw", record.publicKey, {
+        name: "ECDSA",
+        namedCurve: "P-256"
+      }, true, [
+        "verify"
+      ]),
+      privateKey: await subtleCrypto2.importKey("pkcs8", record.privateKey, {
+        name: "ECDSA",
+        namedCurve: "P-256"
+      }, true, [
+        "sign"
+      ])
+    };
+    this.#keyCache.set(publicKey, keyPair);
+    return keyPair;
+  }
+  async _setKey(keyPair) {
+    const publicKey = await keyPairToPublicKey2(keyPair);
+    this.#keyCache.set(publicKey, keyPair);
+    const record = {
+      publicKey: publicKey.asUint8Array(),
+      privateKey: new Uint8Array(await subtleCrypto2.exportKey("pkcs8", keyPair.privateKey))
+    };
+    const keyHex = publicKey.toHex();
+    const encodedRecord = arrayToBuffer2(KeyRecordCodec.encode(record));
+    await RuntimeProvider.runPromise(this.#runtime)(Effect.gen(function* () {
+      const sql = yield* SqlClient.SqlClient;
+      yield* sql`INSERT OR REPLACE INTO keyring (public_key, record) VALUES (${keyHex}, ${encodedRecord})`;
+    }));
+    this.keysUpdate.emit();
+  }
+};
+_ts_decorate2([
+  synchronized2
+], SqliteKeyring.prototype, "_getKey", null);
+_ts_decorate2([
+  synchronized2
+], SqliteKeyring.prototype, "_setKey", null);
+var keyPairToPublicKey2 = async (keyPair) => PublicKey2.from(new Uint8Array(await subtleCrypto2.exportKey("raw", keyPair.publicKey)));
+
+// src/testing.ts
+import { subtleCrypto as subtleCrypto3 } from "@dxos/crypto";
+var generateJWKKeyPair = async () => {
+  const keyPair = await subtleCrypto3.generateKey({
+    name: "ECDSA",
+    namedCurve: "P-256"
+  }, true, [
+    "sign",
+    "verify"
+  ]);
+  const privateKeyExported = await subtleCrypto3.exportKey("jwk", keyPair.privateKey);
+  const publicKeyExported = await subtleCrypto3.exportKey("jwk", keyPair.publicKey);
+  const publicKeyBuffer = new Uint8Array(await subtleCrypto3.exportKey("raw", keyPair.publicKey));
+  const publicKeyHex = Array.from(publicKeyBuffer).map((byte) => byte.toString(16).padStart(2, "0")).join("");
+  return {
+    privateKey: privateKeyExported,
+    publicKey: publicKeyExported,
+    publicKeyHex
+  };
+};
+var parseJWKKeyPair = async (privateKey, publicKey) => {
+  return {
+    privateKey: await subtleCrypto3.importKey("jwk", privateKey, {
+      name: "ECDSA",
+      namedCurve: "P-256"
+    }, true, [
+      "sign"
+    ]),
+    publicKey: await subtleCrypto3.importKey("jwk", publicKey, {
+      name: "ECDSA",
+      namedCurve: "P-256"
+    }, true, [
+      "verify"
+    ])
+  };
+};
+export {
+  Keyring,
+  SqliteKeyring,
+  generateJWKKeyPair,
+  parseJWKKeyPair
+};
+//# sourceMappingURL=index.mjs.map

package/dist/lib/neutral/index.mjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/keyring.ts", "../../../src/sqlite-keyring.ts", "../../../src/testing.ts"],
+  "sourcesContent": ["//\n// Copyright 2022 DXOS.org\n//\n\nimport { Event, synchronized } from '@dxos/async';\nimport { type ProtoCodec } from '@dxos/codec-protobuf';\nimport { type Signer, subtleCrypto } from '@dxos/crypto';\nimport { todo } from '@dxos/debug';\nimport { invariant } from '@dxos/invariant';\nimport { PublicKey } from '@dxos/keys';\nimport { schema } from '@dxos/protocols/proto';\nimport { type KeyRecord } from '@dxos/protocols/proto/dxos/halo/keyring';\nimport { type Directory, StorageType, createStorage } from '@dxos/random-access-storage';\nimport { ComplexMap, arrayToBuffer } from '@dxos/util';\n\nconst KeyRecord: ProtoCodec<KeyRecord> = schema.getCodecForType('dxos.halo.keyring.KeyRecord');\n\n/**\n * Shared public API for keyring implementations.\n */\nexport interface KeyringApi extends Signer {\n  readonly keysUpdate: Event;\n  createKey(): Promise<PublicKey>;\n  importKeyPair(keyPair: CryptoKeyPair): Promise<PublicKey>;\n  list(): Promise<KeyRecord[]>;\n}\n\n/**\n * Manages keys.\n */\nexport class Keyring implements KeyringApi {\n  private readonly _keyCache = new ComplexMap<PublicKey, CryptoKeyPair>(PublicKey.hash);\n  readonly keysUpdate = new Event();\n\n  constructor(\n    private readonly _storage: Directory = createStorage({\n      type: StorageType.RAM,\n    }).createDirectory('keyring'),\n  ) {\n    invariant(subtleCrypto, 'SubtleCrypto not available in this environment.');\n  }\n\n  async sign(key: PublicKey, message: Uint8Array): Promise<Uint8Array> {\n    const keyPair = await this._getKey(key);\n\n    return new Uint8Array(\n      await subtleCrypto.sign(\n        {\n          name: 'ECDSA',\n          hash: 'SHA-256',\n        },\n        keyPair.privateKey,\n        message as Uint8Array<ArrayBuffer>,\n      ),\n    );\n  }\n\n  async createKey(): Promise<PublicKey> {\n    const keyPair = await subtleCrypto.generateKey(\n      {\n        name: 'ECDSA',\n        namedCurve: 'P-256',\n      },\n      true,\n      ['sign', 'verify'],\n    );\n\n    await this._setKey(keyPair);\n\n    return keyPairToPublicKey(keyPair);\n  }\n\n  @synchronized\n  private async _getKey(key: PublicKey): Promise<CryptoKeyPair> {\n    if (!this._keyCache.has(key)) {\n      const file = this._storage.getOrCreateFile(key.toHex());\n      const { size } = await file.stat();\n      if (size === 0) {\n        throw new Error(`Key not found: ${key.toHex()}`);\n      }\n\n      const recordBytes = await file.read(0, size);\n      await file.close();\n\n      const record = KeyRecord.decode(recordBytes);\n      const publicKey = PublicKey.from(record.publicKey);\n      invariant(key.equals(publicKey), 'Corrupted keyring: Key mismatch');\n      invariant(record.privateKey, 'Corrupted keyring: Missing private key');\n      const keyPair: CryptoKeyPair = {\n        publicKey: await subtleCrypto.importKey(\n          'raw',\n          record.publicKey as Uint8Array<ArrayBuffer>,\n          {\n            name: 'ECDSA',\n            namedCurve: 'P-256',\n          },\n          true,\n          ['verify'],\n        ),\n        privateKey: await subtleCrypto.importKey(\n          'pkcs8',\n          record.privateKey as Uint8Array<ArrayBuffer>,\n          {\n            name: 'ECDSA',\n            namedCurve: 'P-256',\n          },\n          true,\n          ['sign'],\n        ),\n      };\n\n      this._keyCache.set(publicKey, keyPair);\n    }\n\n    return this._keyCache.get(key)!; // TODO(burdon): Fail if null?\n  }\n\n  @synchronized\n  private async _setKey(keyPair: CryptoKeyPair): Promise<void> {\n    const publicKey = await keyPairToPublicKey(keyPair);\n    this._keyCache.set(publicKey, keyPair);\n\n    const record: KeyRecord = {\n      publicKey: publicKey.asUint8Array(),\n      privateKey: new Uint8Array(await subtleCrypto.exportKey('pkcs8', keyPair.privateKey)),\n    };\n\n    const file = this._storage.getOrCreateFile(publicKey.toHex());\n    await file.write(0, arrayToBuffer(KeyRecord.encode(record)));\n    await file.close();\n    await file.flush?.();\n    this.keysUpdate.emit();\n  }\n\n  // TODO(burdon): ???\n  deleteKey(key: PublicKey): Promise<void> {\n    return todo('We need a method to delete a file.');\n  }\n\n  async list(): Promise<KeyRecord[]> {\n    const keys: KeyRecord[] = [];\n    for (const path of await this._storage.list()) {\n      const fileName = path.split('/').pop(); // get last portion of the path\n      invariant(fileName, 'Invalid file name');\n      keys.push({ publicKey: PublicKey.fromHex(fileName).asUint8Array() });\n    }\n    return keys;\n  }\n\n  async importKeyPair(keyPair: CryptoKeyPair): Promise<PublicKey> {\n    await this._setKey(keyPair);\n    return keyPairToPublicKey(keyPair);\n  }\n}\n\nconst keyPairToPublicKey = async (keyPair: CryptoKeyPair): Promise<PublicKey> => {\n  return PublicKey.from(new Uint8Array(await subtleCrypto.exportKey('raw', keyPair.publicKey)));\n};\n", "//\n// Copyright 2025 DXOS.org\n//\n\nimport * as SqlClient from '@effect/sql/SqlClient';\nimport type * as SqlError from '@effect/sql/SqlError';\nimport * as Effect from 'effect/Effect';\n\nimport { Event, synchronized } from '@dxos/async';\nimport { subtleCrypto } from '@dxos/crypto';\nimport { RuntimeProvider } from '@dxos/effect';\nimport { invariant } from '@dxos/invariant';\nimport { PublicKey } from '@dxos/keys';\nimport { schema } from '@dxos/protocols/proto';\nimport { type KeyRecord } from '@dxos/protocols/proto/dxos/halo/keyring';\nimport { SqlTransaction } from '@dxos/sql-sqlite';\nimport { ComplexMap, arrayToBuffer } from '@dxos/util';\n\nimport { type KeyringApi } from './keyring';\n\nconst KeyRecordCodec = schema.getCodecForType('dxos.halo.keyring.KeyRecord');\n\n// SqlTransaction.SqlTransaction is the Tag class exported from the SqlTransaction namespace.\ntype SqlTransactionTag = SqlTransaction.SqlTransaction;\n\nexport type SqliteKeyringOptions = {\n  runtime: RuntimeProvider.RuntimeProvider<SqlClient.SqlClient | SqlTransactionTag>;\n};\n\n/**\n * SQLite-backed Keyring.\n * Stores ECDSA key pairs in the `keyring` table.\n */\nexport class SqliteKeyring implements KeyringApi {\n  readonly #runtime: RuntimeProvider.RuntimeProvider<SqlClient.SqlClient | SqlTransactionTag>;\n  readonly #keyCache = new ComplexMap<PublicKey, CryptoKeyPair>(PublicKey.hash);\n  readonly keysUpdate = new Event();\n\n  constructor({ runtime }: SqliteKeyringOptions) {\n    invariant(subtleCrypto, 'SubtleCrypto not available in this environment.');\n    this.#runtime = runtime;\n  }\n\n  readonly migrate: Effect.Effect<void, SqlError.SqlError, SqlClient.SqlClient | SqlTransactionTag> = Effect.fn(\n    'SqliteKeyring.migrate',\n  )(() =>\n    Effect.gen(function* () {\n      const sql = yield* SqlClient.SqlClient;\n      yield* sql`CREATE TABLE IF NOT EXISTS keyring (\n          public_key TEXT PRIMARY KEY,\n          record BLOB NOT NULL\n        )`;\n    }).pipe(Effect.withSpan('SqliteKeyring.migrate')),\n  )();\n\n  async sign(key: PublicKey, message: Uint8Array): Promise<Uint8Array> {\n    const keyPair = await this._getKey(key);\n    return new Uint8Array(\n      await subtleCrypto.sign(\n        { name: 'ECDSA', hash: 'SHA-256' },\n        keyPair.privateKey,\n        message as Uint8Array<ArrayBuffer>,\n      ),\n    );\n  }\n\n  async createKey(): Promise<PublicKey> {\n    const keyPair = await subtleCrypto.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, ['sign', 'verify']);\n    await this._setKey(keyPair);\n    return keyPairToPublicKey(keyPair);\n  }\n\n  async importKeyPair(keyPair: CryptoKeyPair): Promise<PublicKey> {\n    await this._setKey(keyPair);\n    return keyPairToPublicKey(keyPair);\n  }\n\n  async list(): Promise<KeyRecord[]> {\n    const rows = await RuntimeProvider.runPromise(this.#runtime)(\n      Effect.gen(function* () {\n        const sql = yield* SqlClient.SqlClient;\n        return yield* sql<{ record: Uint8Array }>`SELECT record FROM keyring`;\n      }),\n    );\n    return rows.map((row) => {\n      const record = KeyRecordCodec.decode(row.record);\n      // Never expose private key material to callers.\n      return { publicKey: record.publicKey };\n    });\n  }\n\n  @synchronized\n  private async _getKey(key: PublicKey): Promise<CryptoKeyPair> {\n    if (this.#keyCache.has(key)) {\n      return this.#keyCache.get(key)!;\n    }\n\n    const keyHex = key.toHex();\n    const rows = await RuntimeProvider.runPromise(this.#runtime)(\n      Effect.gen(function* () {\n        const sql = yield* SqlClient.SqlClient;\n        return yield* sql<{ record: Uint8Array }>`SELECT record FROM keyring WHERE public_key = ${keyHex}`;\n      }),\n    );\n\n    if (rows.length === 0) {\n      throw new Error(`Key not found: ${keyHex}`);\n    }\n\n    const record = KeyRecordCodec.decode(rows[0].record);\n    const publicKey = PublicKey.from(record.publicKey);\n    invariant(key.equals(publicKey), 'Corrupted keyring: key mismatch');\n    invariant(record.privateKey, 'Corrupted keyring: missing private key');\n\n    const keyPair: CryptoKeyPair = {\n      publicKey: await subtleCrypto.importKey(\n        'raw',\n        record.publicKey as Uint8Array<ArrayBuffer>,\n        { name: 'ECDSA', namedCurve: 'P-256' },\n        true,\n        ['verify'],\n      ),\n      privateKey: await subtleCrypto.importKey(\n        'pkcs8',\n        record.privateKey as Uint8Array<ArrayBuffer>,\n        { name: 'ECDSA', namedCurve: 'P-256' },\n        true,\n        ['sign'],\n      ),\n    };\n\n    this.#keyCache.set(publicKey, keyPair);\n    return keyPair;\n  }\n\n  @synchronized\n  private async _setKey(keyPair: CryptoKeyPair): Promise<void> {\n    const publicKey = await keyPairToPublicKey(keyPair);\n    this.#keyCache.set(publicKey, keyPair);\n\n    const record: KeyRecord = {\n      publicKey: publicKey.asUint8Array(),\n      privateKey: new Uint8Array(await subtleCrypto.exportKey('pkcs8', keyPair.privateKey)),\n    };\n\n    const keyHex = publicKey.toHex();\n    const encodedRecord = arrayToBuffer(KeyRecordCodec.encode(record));\n    await RuntimeProvider.runPromise(this.#runtime)(\n      Effect.gen(function* () {\n        const sql = yield* SqlClient.SqlClient;\n        yield* sql`INSERT OR REPLACE INTO keyring (public_key, record) VALUES (${keyHex}, ${encodedRecord})`;\n      }),\n    );\n    this.keysUpdate.emit();\n  }\n}\n\nconst keyPairToPublicKey = async (keyPair: CryptoKeyPair): Promise<PublicKey> =>\n  PublicKey.from(new Uint8Array(await subtleCrypto.exportKey('raw', keyPair.publicKey)));\n", "//\n// Copyright 2023 DXOS.org\n//\n\nimport { subtleCrypto } from '@dxos/crypto';\n\nexport type TestKeyPair = {\n  privateKey: JsonWebKey;\n  publicKey: JsonWebKey;\n  publicKeyHex: string;\n};\n\n/**\n * Generate a key pair which for testing purposes.\n * @returns {Promise<TestKeyPair>}\n */\nexport const generateJWKKeyPair = async (): Promise<TestKeyPair> => {\n  const keyPair = await subtleCrypto.generateKey(\n    {\n      name: 'ECDSA',\n      namedCurve: 'P-256',\n    },\n    true,\n    ['sign', 'verify'],\n  );\n\n  const privateKeyExported = await subtleCrypto.exportKey('jwk', keyPair.privateKey);\n  const publicKeyExported = await subtleCrypto.exportKey('jwk', keyPair.publicKey);\n\n  // Convert the public key to hex format\n  const publicKeyBuffer = new Uint8Array(await subtleCrypto.exportKey('raw', keyPair.publicKey));\n  const publicKeyHex = Array.from(publicKeyBuffer)\n    .map((byte) => byte.toString(16).padStart(2, '0'))\n    .join('');\n\n  return {\n    privateKey: privateKeyExported,\n    publicKey: publicKeyExported,\n    publicKeyHex,\n  };\n};\n\n/**\n * Parse a key pair from JWK format.\n */\nexport const parseJWKKeyPair = async (privateKey: JsonWebKey, publicKey: JsonWebKey): Promise<CryptoKeyPair> => {\n  return {\n    privateKey: await subtleCrypto.importKey('jwk', privateKey, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['sign']),\n    publicKey: await subtleCrypto.importKey('jwk', publicKey, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['verify']),\n  };\n};\n"],
+  "mappings": ";;;AAMA,SAAsBA,OAAAA,oBAAoB;AAC1C,SAASC,oBAAY;AACrB,SAASC,YAAS;AAClB,SAASC,iBAAiB;AAC1B,SAASC,iBAAc;AAEvB,SAAyBC,cAAaC;AACtC,SAASC,aAAYC,qBAAqB;AAE1C,SAAMC,YAAmCL,qBAAuB;;;;;;;AAfhE;AA2BA,IAAA,YAAA,OAAA,gBAAA,6BAAA;;EAImBM;EACRC,YAAAA,IAAa,WAAY,UAAA,IAAA;EAElC,aACmBC,IAAAA,MAAsBN;cAC/BD,WAAYQ,cAAG;IACpBC,MAAAA,YAAgB;qBAFFF,SAAAA,GAAAA;AAIjBV,SAAAA,WAAUF;AACZ,cAAA,cAAA,mDAAA,EAAA,YAAA,YAAA,GAAA,cAAA,GAAA,IAAA,GAAA,MAAA,GAAA,CAAA,gBAAA,mDAAA,EAAA,CAAA;EAEA;QACE,KAAMe,KAAAA,SAAU;AAEhB,UAAA,UAAWC,MACT,KAAA,QAAMhB,GAAAA;WAEFiB,IAAM,WAAA,MAAA,aAAA,KAAA;MACNC,MAAM;MAERH,MAAAA;IAIN,GAAA,QAAA,YAAA,OAAA,CAAA;EAEA;QACE,YAAMA;UAEFE,UAAM,MAAA,aAAA,YAAA;MACNE,MAAAA;MAEF,YACA;aAAC;MAAQ;MAAS;IAGpB,CAAA;AAEA,UAAA,KAAOC,QAAAA,OAAmBL;AAC5B,WAAA,mBAAA,OAAA;EAEA;QAEE,QAAUL,KAAAA;QACR,CAAA,KAAMW,UAAO,IAAKT,GAAAA,GAAQ;AAC1B,YAAM,OAAM,KAAK,SAAMS,gBAAS,IAAA,MAAA,CAAA;AAChC,YAAIC,EAAAA,KAAS,IAAG,MAAA,KAAA,KAAA;UACd,SAAM,GAAIC;AACZ,cAAA,IAAA,MAAA,kBAAA,IAAA,MAAA,CAAA,EAAA;MAEA;AACA,YAAMF,cAAU,MAAA,KAAA,KAAA,GAAA,IAAA;AAEhB,YAAMG,KAAAA,MAASf;AACf,YAAMgB,SAAAA,UAAYtB,OAAc,WAAQsB;AACxCvB,YAAAA,YAAcwB,UAAOD,KAAY,OAAA,SAAA;AACjCvB,gBAAUsB,IAAAA,OAAOG,SAAY,GAAA,mCAAA,EAAA,YAAA,YAAA,GAAA,cAAA,GAAA,IAAA,GAAA,MAAA,GAAA,CAAA,yBAAA,mCAAA,EAAA,CAAA;AAC7B,gBAAMZ,OAAyB,YAAA,0CAAA,EAAA,YAAA,YAAA,GAAA,cAAA,GAAA,IAAA,GAAA,MAAA,GAAA,CAAA,qBAAA,0CAAA,EAAA,CAAA;YAC7BU,UAAW;mBAID,MAAA,aAAA,UAAA,OAAA,OAAA,WAAA;UACNN,MAAAA;UAEF,YACA;iBAAC;UAAS;QAEZQ,CAAAA;oBAIU,MAAA,aAAA,UAAA,SAAA,OAAA,YAAA;UACNR,MAAAA;UAEF,YACA;iBAAC;UAAO;QAEZ,CAAA;MAEA;AACF,WAAA,UAAA,IAAA,WAAA,OAAA;IAEA;AACF,WAAA,KAAA,UAAA,IAAA,GAAA;EAEA;QAEE,QAAMM,SAAY;AAClB,UAAKf,YAAa,MAACe,mBAAWV,OAAAA;AAE9B,SAAA,UAA0B,IAAA,WAAA,OAAA;UACxBU,SAAWA;MACXE,WAAAA,UAAgBX,aAAiBhB;MACnC,YAAA,IAAA,WAAA,MAAA,aAAA,UAAA,SAAA,QAAA,UAAA,CAAA;IAEA;AACA,UAAMqB,OAAKO,KAAM,SAAGpB,gBAAcC,UAAiBe,MAAAA,CAAAA;AACnD,UAAMH,KAAKQ,MAAK,GAAA,cAAA,UAAA,OAAA,MAAA,CAAA,CAAA;AAChB,UAAMR,KAAKS,MAAK;AAChB,UAAKnB,KAAAA,QAAWoB;AAClB,SAAA,WAAA,KAAA;EAEA;;YAEE,KAAO9B;AACT,WAAA,KAAA,oCAAA;EAEA;QACE,OAAM+B;AACN,UAAK,OAAMC,CAAAA;eACHC,QAAAA,MAAgBC,KAAK,SAAS,KAAI,GAAA;AACxCjC,YAAAA,WAAUgC,KAAU,MAAA,GAAA,EAAA,IAAA;AACpBF,gBAAU,UAAA,qBAAA,EAAA,YAAA,YAAA,GAAA,cAAA,GAAA,KAAA,GAAA,MAAA,GAAA,CAAA,YAAA,qBAAA,EAAA,CAAA;WAAEP,KAAAA;QAAsD,WAAA,UAAA,QAAA,QAAA,EAAA,aAAA;MACpE,CAAA;IACA;AACF,WAAA;EAEA;QACE,cAAWW,SAAQrB;AACnB,UAAA,KAAOK,QAAAA,OAAmBL;AAC5B,WAAA,mBAAA,OAAA;EACF;;;;;;;AAEA,GAAA,QAAMK,WAAAA,WAAqB,IAAOL;IAChC,qBAAsB,OAAIC,YAAW;AACvC,SAAA,UAAA,KAAA,IAAA,WAAA,MAAA,aAAA,UAAA,OAAA,QAAA,SAAA,CAAA,CAAA;;;;ACvJA,YAAYqB,eAAY;AAExB,YAASC,YAAOC;AAChB,SAASC,SAAAA,QAAAA,gBAAAA,qBAAoB;AAC7B,SAASC,gBAAAA,qBAAe;AACxB,SAASC,uBAAiB;AAC1B,SAASC,aAAAA,kBAAiB;AAC1B,SAASC,aAAAA,kBAAc;AAGvB,SAASC,UAAAA,eAAYC;AAIrB,SAAMC,cAAAA,aAAAA,iBAAAA,sBAAwBC;;;;;;;AApB9B;AA6BA,IAAA,iBAAAJ,QAAA,gBAAA,6BAAA;AAKW,IAAmF,gBAAnF,MAAmF;EACnF;EACAK,YAAAA,IAAaJ,YAAYF,WAAA,IAAA;EAElC,aAAY,IAAEO,OAA+B;cAC3CR,EAAUF,QAAAA,GAAAA;AACV,IAAAE,WAAKF,eAAWU,mDAAAA,EAAAA,YAAAA,YAAAA,GAAAA,eAAAA,GAAAA,IAAAA,GAAAA,MAAAA,GAAAA,CAAAA,gBAAAA,mDAAAA,EAAAA,CAAAA;AAClB,SAAA,WAAA;EAESC;YAICC,UAAM,uBAAiBC,EAAAA,MAAS,WAAA,aAAA;AACtC,UAAA,MAAW,OAAA;;;;;EAOf,CAAA,EAAMC,KAAqBC,gBAA0C,uBAAA,CAAA,CAAA,EAAA;QACnE,KAAMC,KAAAA,SAAU;AAChB,UAAA,UAAWC,MACT,KAAA,QAAMjB,GAAAA;WACFkB,IAAM,WAAA,MAAAlB,cAAA,KAAA;MAASmB,MAAM;MACvBH,MAAAA;IAIN,GAAA,QAAA,YAAA,OAAA,CAAA;EAEA;QACE,YAAMA;UAA2CE,UAAM,MAAAlB,cAAA,YAAA;MAASoB,MAAAA;MAAuB,YAAM;aAAC;MAAQ;MAAS;IAC/G,CAAA;AACA,UAAA,KAAOC,QAAAA,OAAmBL;AAC5B,WAAAK,oBAAA,OAAA;EAEA;QACE,cAAWC,SAAQN;AACnB,UAAA,KAAOK,QAAAA,OAAmBL;AAC5B,WAAAK,oBAAA,OAAA;EAEA;QACE,OAAME;UAEF,OAAMX,MAAM,gBAAiBC,WAAS,KAAA,QAAA,EAAA,WAAA,aAAA;AACtC,YAAA,MAAO,OAAmC;AAC5C,aAAA,OAAA;IAEF,CAAA,CAAA;WACE,KAAMW,IAAAA,CAAAA,QAASjB;AACf,YAAA,SAAA,eAAA,OAAA,IAAA,MAAA;aACSkB;QAA4B,WAAA,OAAA;MACvC;IACF,CAAA;EAEA;QAEE,QAAS,KAAA;QACP,KAAA,UAAY,IAAA,GAAUC,GAAG;AAC3B,aAAA,KAAA,UAAA,IAAA,GAAA;IAEA;AACA,UAAMH,SAAO,IAAMtB,MAAAA;UAEf,OAAMW,MAAM,gBAAiBC,WAAS,KAAA,QAAA,EAAA,WAAA,aAAA;AACtC,YAAA,MAAO,OAAmC;AAC5C,aAAA,OAAA,oDAAA,MAAA;IAGF,CAAA,CAAA;QACE,KAAA,WAAgB,GAAC;AACnB,YAAA,IAAA,MAAA,kBAAA,MAAA,EAAA;IAEA;AACA,UAAMY,SAAAA,eAAsBE,OAAKH,KAAOC,CAAAA,EAAAA,MAAS;AACjDvB,UAAAA,YAAc0B,WAAOH,KAAY,OAAA,SAAA;AACjCvB,IAAAA,WAAUsB,IAAAA,OAAOK,SAAY,GAAA,mCAAA,EAAA,YAAA,YAAA,GAAAC,eAAA,GAAA,IAAA,GAAA,MAAA,GAAA,CAAA,yBAAA,mCAAA,EAAA,CAAA;AAE7B,IAAA5B,WAAMc,OAAyB,YAAA,0CAAA,EAAA,YAAA,YAAA,GAAAc,eAAA,GAAA,IAAA,GAAA,MAAA,GAAA,CAAA,qBAAA,0CAAA,EAAA,CAAA;UAC7BL,UAAW;iBAGD,MAAAzB,cAAA,UAAA,OAAA,OAAA,WAAA;QAASoB,MAAAA;QACjB,YACA;eAAC;QAAS;MAEZS,CAAAA;kBAGU,MAAA7B,cAAA,UAAA,SAAA,OAAA,YAAA;QAASoB,MAAAA;QACjB,YACA;eAAC;QAAO;MAEZ,CAAA;IAEA;AACA,SAAA,UAAOJ,IAAAA,WAAAA,OAAAA;AACT,WAAA;EAEA;QAEE,QAAMS,SAAY;AAClB,UAAK,YAAa,MAACA,oBAAWT,OAAAA;AAE9B,SAAA,UAA0B,IAAA,WAAA,OAAA;UACxBS,SAAWA;MACXI,WAAAA,UAAgBZ,aAAiBjB;MACnC,YAAA,IAAA,WAAA,MAAAA,cAAA,UAAA,SAAA,QAAA,UAAA,CAAA;IAEA;AACA,UAAM+B,SAAAA,UAAgBzB,MAAAA;AACtB,UAAML,gBAAgB+B,eAAW,eAC/BnC,OAAU,MAAC,CAAA;UACT,gBAAY,WAAiBgB,KAAAA,QAAS,EAAA,WAAA,aAAA;AACtC,YAAA,MAAW,OAAA;AACb,aAAA,kEAAA,MAAA,KAAA,aAAA;IAEF,CAAA,CAAA;AACF,SAAA,WAAA,KAAA;EACF;;;;;;;AAEA,GAAA,cAAMQ,WAAqB,WAAOL,IAAAA;;;;ACzJlC,SAASiB,gBAAAA,qBAAoB;AAYtB,IAAMC,qBAAqB,YAAA;AAChC,QAAMC,UAAU,MAAMF,cAAaG,YACjC;IACEC,MAAM;IACNC,YAAY;EACd,GACA,MACA;IAAC;IAAQ;GAAS;AAGpB,QAAMC,qBAAqB,MAAMN,cAAaO,UAAU,OAAOL,QAAQM,UAAU;AACjF,QAAMC,oBAAoB,MAAMT,cAAaO,UAAU,OAAOL,QAAQQ,SAAS;AAG/E,QAAMC,kBAAkB,IAAIC,WAAW,MAAMZ,cAAaO,UAAU,OAAOL,QAAQQ,SAAS,CAAA;AAC5F,QAAMG,eAAeC,MAAMC,KAAKJ,eAAAA,EAC7BK,IAAI,CAACC,SAASA,KAAKC,SAAS,EAAA,EAAIC,SAAS,GAAG,GAAA,CAAA,EAC5CC,KAAK,EAAA;AAER,SAAO;IACLZ,YAAYF;IACZI,WAAWD;IACXI;EACF;AACF;AAKO,IAAMQ,kBAAkB,OAAOb,YAAwBE,cAAAA;AAC5D,SAAO;IACLF,YAAY,MAAMR,cAAasB,UAAU,OAAOd,YAAY;MAAEJ,MAAM;MAASC,YAAY;IAAQ,GAAG,MAAM;MAAC;KAAO;IAClHK,WAAW,MAAMV,cAAasB,UAAU,OAAOZ,WAAW;MAAEN,MAAM;MAASC,YAAY;IAAQ,GAAG,MAAM;MAAC;KAAS;EACpH;AACF;",
+  "names": ["subtleCrypto", "todo", "invariant", "PublicKey", "schema", "StorageType", "createStorage", "ComplexMap", "arrayToBuffer", "KeyRecord", "_keyCache", "keysUpdate", "_storage", "RAM", "createDirectory", "keyPair", "Uint8Array", "name", "hash", "namedCurve", "keyPairToPublicKey", "file", "size", "Error", "record", "publicKey", "equals", "privateKey", "write", "close", "flush", "emit", "keys", "path", "fileName", "split", "_setKey", "Effect", "Event", "synchronized", "subtleCrypto", "RuntimeProvider", "invariant", "PublicKey", "schema", "ComplexMap", "arrayToBuffer", "KeyRecordCodec", "getCodecForType", "keysUpdate", "runtime", "migrate", "sql", "SqlClient", "sign", "message", "keyPair", "Uint8Array", "name", "hash", "namedCurve", "keyPairToPublicKey", "_setKey", "rows", "record", "publicKey", "get", "from", "equals", "privateKey", "__dxlog_file", "encodedRecord", "runPromise", "subtleCrypto", "generateJWKKeyPair", "keyPair", "generateKey", "name", "namedCurve", "privateKeyExported", "exportKey", "privateKey", "publicKeyExported", "publicKey", "publicKeyBuffer", "Uint8Array", "publicKeyHex", "Array", "from", "map", "byte", "toString", "padStart", "join", "parseJWKKeyPair", "importKey"]
+}

package/dist/lib/neutral/meta.json

@@ -0,0 +1 @@
+{"inputs":{"src/keyring.ts":{"bytes":16585,"imports":[{"path":"@dxos/async","kind":"import-statement","external":true},{"path":"@dxos/crypto","kind":"import-statement","external":true},{"path":"@dxos/debug","kind":"import-statement","external":true},{"path":"@dxos/invariant","kind":"import-statement","external":true},{"path":"@dxos/keys","kind":"import-statement","external":true},{"path":"@dxos/protocols/proto","kind":"import-statement","external":true},{"path":"@dxos/random-access-storage","kind":"import-statement","external":true},{"path":"@dxos/util","kind":"import-statement","external":true}],"format":"esm"},"src/sqlite-keyring.ts":{"bytes":18280,"imports":[{"path":"@effect/sql/SqlClient","kind":"import-statement","external":true},{"path":"effect/Effect","kind":"import-statement","external":true},{"path":"@dxos/async","kind":"import-statement","external":true},{"path":"@dxos/crypto","kind":"import-statement","external":true},{"path":"@dxos/effect","kind":"import-statement","external":true},{"path":"@dxos/invariant","kind":"import-statement","external":true},{"path":"@dxos/keys","kind":"import-statement","external":true},{"path":"@dxos/protocols/proto","kind":"import-statement","external":true},{"path":"@dxos/util","kind":"import-statement","external":true}],"format":"esm"},"src/testing.ts":{"bytes":5077,"imports":[{"path":"@dxos/crypto","kind":"import-statement","external":true}],"format":"esm"},"src/index.ts":{"bytes":564,"imports":[{"path":"src/keyring.ts","kind":"import-statement","original":"./keyring"},{"path":"src/sqlite-keyring.ts","kind":"import-statement","original":"./sqlite-keyring"},{"path":"src/testing.ts","kind":"import-statement","original":"./testing"}],"format":"esm"}},"outputs":{"dist/lib/neutral/index.mjs.map":{"imports":[],"exports":[],"inputs":{},"bytes":19191},"dist/lib/neutral/index.mjs":{"imports":[{"path":"@dxos/async","kind":"import-statement","external":true},{"path":"@dxos/crypto","kind":"import-statement","external":true},{"path":"@dxos/debug","kind":"import-statement","external":true},{"path":"@dxos/invariant","kind":"import-statement","external":true},{"path":"@dxos/keys","kind":"import-statement","external":true},{"path":"@dxos/protocols/proto","kind":"import-statement","external":true},{"path":"@dxos/random-access-storage","kind":"import-statement","external":true},{"path":"@dxos/util","kind":"import-statement","external":true},{"path":"@effect/sql/SqlClient","kind":"import-statement","external":true},{"path":"effect/Effect","kind":"import-statement","external":true},{"path":"@dxos/async","kind":"import-statement","external":true},{"path":"@dxos/crypto","kind":"import-statement","external":true},{"path":"@dxos/effect","kind":"import-statement","external":true},{"path":"@dxos/invariant","kind":"import-statement","external":true},{"path":"@dxos/keys","kind":"import-statement","external":true},{"path":"@dxos/protocols/proto","kind":"import-statement","external":true},{"path":"@dxos/util","kind":"import-statement","external":true},{"path":"@dxos/crypto","kind":"import-statement","external":true}],"exports":["Keyring","SqliteKeyring","generateJWKKeyPair","parseJWKKeyPair"],"entryPoint":"src/index.ts","inputs":{"src/keyring.ts":{"bytesInOutput":4745},"src/index.ts":{"bytesInOutput":0},"src/sqlite-keyring.ts":{"bytesInOutput":5279},"src/testing.ts":{"bytesInOutput":1103}},"bytes":11339}}}

package/dist/types/src/index.d.ts

@@ -1,3 +1,4 @@
 export * from './keyring';
+export * from './sqlite-keyring';
 export * from './testing';
 //# sourceMappingURL=index.d.ts.map

package/dist/types/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAIA,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAIA,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AACjC,cAAc,WAAW,CAAC"}

package/dist/types/src/keyring.d.ts

@@ -5,10 +5,19 @@ import { PublicKey } from '@dxos/keys';
 import { type KeyRecord } from '@dxos/protocols/proto/dxos/halo/keyring';
 import { type Directory } from '@dxos/random-access-storage';
 declare const KeyRecord: ProtoCodec<KeyRecord>;
+/**
+ * Shared public API for keyring implementations.
+ */
+export interface KeyringApi extends Signer {
+    readonly keysUpdate: Event;
+    createKey(): Promise<PublicKey>;
+    importKeyPair(keyPair: CryptoKeyPair): Promise<PublicKey>;
+    list(): Promise<KeyRecord[]>;
+}
 /**
  * Manages keys.
  */
-export declare class Keyring implements Signer {
+export declare class Keyring implements KeyringApi {
     private readonly _storage;
     private readonly _keyCache;
     readonly keysUpdate: Event<void>;

package/dist/types/src/keyring.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"keyring.d.ts","sourceRoot":"","sources":["../../../src/keyring.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,EAAgB,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,cAAc,CAAC;AAGzD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,KAAK,SAAS,EAA8B,MAAM,6BAA6B,CAAC;AAGzF,QAAA,MAAM,SAAS,EAAE,UAAU,CAAC,SAAS,CAAyD,CAAC;AAE/F;;GAEG;AACH,qBAAa,OAAQ,YAAW,MAAM;IAKlC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA4D;IACtF,QAAQ,CAAC,UAAU,cAAe;gBAGf,QAAQ,GAAE,SAEE;IAKzB,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAe9D,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC;YAgBvB,OAAO;YA6CP,OAAO;IAiBrB,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlC,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAU5B,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC;CAIhE"}
+{"version":3,"file":"keyring.d.ts","sourceRoot":"","sources":["../../../src/keyring.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,EAAgB,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,cAAc,CAAC;AAGzD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,KAAK,SAAS,EAA8B,MAAM,6BAA6B,CAAC;AAGzF,QAAA,MAAM,SAAS,EAAE,UAAU,CAAC,SAAS,CAAyD,CAAC;AAE/F;;GAEG;AACH,MAAM,WAAW,UAAW,SAAQ,MAAM;IACxC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC;IAC3B,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;CAC9B;AAED;;GAEG;AACH,qBAAa,OAAQ,YAAW,UAAU;IAKtC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA4D;IACtF,QAAQ,CAAC,UAAU,cAAe;IAElC,YACmB,QAAQ,GAAE,SAEE,EAG9B;IAEK,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAanE;IAEK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,CAapC;YAGa,OAAO;YA6CP,OAAO;IAiBrB,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAEvC;IAEK,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAQjC;IAEK,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAG9D;CACF"}

package/dist/types/src/sqlite-keyring.d.ts

@@ -0,0 +1,31 @@
+import * as SqlClient from '@effect/sql/SqlClient';
+import type * as SqlError from '@effect/sql/SqlError';
+import * as Effect from 'effect/Effect';
+import { Event } from '@dxos/async';
+import { RuntimeProvider } from '@dxos/effect';
+import { PublicKey } from '@dxos/keys';
+import { type KeyRecord } from '@dxos/protocols/proto/dxos/halo/keyring';
+import { SqlTransaction } from '@dxos/sql-sqlite';
+import { type KeyringApi } from './keyring';
+type SqlTransactionTag = SqlTransaction.SqlTransaction;
+export type SqliteKeyringOptions = {
+    runtime: RuntimeProvider.RuntimeProvider<SqlClient.SqlClient | SqlTransactionTag>;
+};
+/**
+ * SQLite-backed Keyring.
+ * Stores ECDSA key pairs in the `keyring` table.
+ */
+export declare class SqliteKeyring implements KeyringApi {
+    #private;
+    readonly keysUpdate: Event<void>;
+    constructor({ runtime }: SqliteKeyringOptions);
+    readonly migrate: Effect.Effect<void, SqlError.SqlError, SqlClient.SqlClient | SqlTransactionTag>;
+    sign(key: PublicKey, message: Uint8Array): Promise<Uint8Array>;
+    createKey(): Promise<PublicKey>;
+    importKeyPair(keyPair: CryptoKeyPair): Promise<PublicKey>;
+    list(): Promise<KeyRecord[]>;
+    private _getKey;
+    private _setKey;
+}
+export {};
+//# sourceMappingURL=sqlite-keyring.d.ts.map

package/dist/types/src/sqlite-keyring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite-keyring.d.ts","sourceRoot":"","sources":["../../../src/sqlite-keyring.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,SAAS,MAAM,uBAAuB,CAAC;AACnD,OAAO,KAAK,KAAK,QAAQ,MAAM,sBAAsB,CAAC;AACtD,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AAExC,OAAO,EAAE,KAAK,EAAgB,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGlD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAK5C,KAAK,iBAAiB,GAAG,cAAc,CAAC,cAAc,CAAC;AAEvD,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,EAAE,eAAe,CAAC,eAAe,CAAC,SAAS,CAAC,SAAS,GAAG,iBAAiB,CAAC,CAAC;CACnF,CAAC;AAEF;;;GAGG;AACH,qBAAa,aAAc,YAAW,UAAU;;IAG9C,QAAQ,CAAC,UAAU,cAAe;IAElC,YAAY,EAAE,OAAO,EAAE,EAAE,oBAAoB,EAG5C;IAED,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,GAAG,iBAAiB,CAAC,CAU7F;IAEE,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CASnE;IAEK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,CAIpC;IAEK,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAG9D;IAEK,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAYjC;YAGa,OAAO;YA4CP,OAAO;CAmBtB"}

package/dist/types/src/sqlite-keyring.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sqlite-keyring.test.d.ts.map

package/dist/types/src/sqlite-keyring.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite-keyring.test.d.ts","sourceRoot":"","sources":["../../../src/sqlite-keyring.test.ts"],"names":[],"mappings":""}

package/dist/types/src/testing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../../../src/testing.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAa,OAAO,CAAC,WAAW,CAwB9D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,GAAU,YAAY,UAAU,EAAE,WAAW,UAAU,KAAG,OAAO,CAAC,aAAa,CAK1G,CAAC"}
+{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../../../src/testing.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAa,OAAO,CAAC,WAAW,CAwB9D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,eAAsB,UAAU,aAAa,UAAU,KAAG,OAAO,CAAC,aAAa,CAK1G,CAAC"}