@enbox/agent 0.2.2 → 0.3.0

package/src/local-dwn.ts

@@ -1,24 +1,49 @@
 /**
- * Local DWN discovery — probes well-known localhost ports for a running
- * `@enbox/dwn-server` instance so the agent can route traffic to it.
+ * Local DWN discovery — discovers a running `@enbox/dwn-server` instance
+ * so the agent can route traffic to it.
  *
+ * Discovery channels (tried in order):
+ * 1. **In-memory cache** — serves a recent positive or negative result.
+ * 2. **Discovery file** (`~/.enbox/dwn.json`) — written by `electrobun-dwn`
+ *    on startup. Fast filesystem read, no network. Available for CLI and
+ *    native apps; skipped in browsers.
+ * 3. **Port probing** (fallback) — sequential HTTP `GET /info` on well-known
+ *    localhost ports. Works everywhere but is slower.
+ *
+ * @see https://github.com/enboxorg/enbox/issues/585
  * @module
  */
 
-import type { Web5Rpc } from '@enbox/dwn-clients';
+import type { EnboxRpc } from '@enbox/dwn-clients';
+
+import type { DwnDiscoveryFile } from './dwn-discovery-file.js';
 
-/** Well-known ports the local DWN desktop app may bind to. */
-export const localDwnPortCandidates = [3000, 55555, 55556, 55557, 55558, 55559] as const;
+/**
+ * Well-known ports the local DWN desktop app may bind to.
+ *
+ * Per the DWN Transport Spec, clients probe ports `55500` through `55509`
+ * (inclusive). Port `3000` is included as a development convenience.
+ *
+ * @see https://identity.foundation/dwn-transport/#port-probing
+ */
+export const localDwnPortCandidates = [3000, 55500, 55501, 55502, 55503, 55504, 55505, 55506, 55507, 55508, 55509] as const;
 
-/** Hosts probed when discovering a local DWN server. */
-export const localDwnHostCandidates = ['127.0.0.1', 'localhost'] as const;
+/**
+ * Hosts probed when discovering a local DWN server.
+ *
+ * Per the DWN Transport Spec, clients MUST use `127.0.0.1` rather than
+ * `localhost` to avoid DNS resolution ambiguity.
+ *
+ * @see https://identity.foundation/dwn-transport/#port-probing
+ */
+export const localDwnHostCandidates = ['127.0.0.1'] as const;
 
 /**
  * Controls how the agent discovers and routes to a local DWN server.
  *
+ * - `'off'`    — (default) skip local discovery entirely.
  * - `'prefer'` — probe localhost first; fall back to DID-document endpoints.
  * - `'only'`   — require a local server; throw if none is found.
- * - `'off'`    — skip local discovery entirely.
  */
 export type LocalDwnStrategy = 'prefer' | 'only' | 'off';
 
@@ -26,31 +51,51 @@ export type LocalDwnStrategy = 'prefer' | 'only' | 'off';
 export const localDwnServerName = '@enbox/dwn-server';
 
 /** Strips a trailing slash from a URL so endpoint comparisons are consistent. */
-function normalizeBaseUrl(url: string): string {
+export function normalizeBaseUrl(url: string): string {
   return url.endsWith('/') ? url.slice(0, -1) : url;
 }
 
 /**
- * Probes well-known localhost ports for a running `@enbox/dwn-server` instance.
+ * Discovers a running local DWN server.
  *
  * Results are cached for {@link _cacheTtlMs} milliseconds (default 10 s) to
- * avoid repeated HTTP round-trips on hot paths such as sync.
+ * avoid repeated I/O on hot paths such as sync.
+ *
+ * @example Discovery with file-based channel
+ * ```ts
+ * import { DwnDiscoveryFile } from './dwn-discovery-file.js';
+ *
+ * const discoveryFile = new DwnDiscoveryFile();
+ * const discovery = new LocalDwnDiscovery(rpcClient, 10_000, discoveryFile);
+ * const endpoint = await discovery.getEndpoint();
+ * ```
  *
- * TODO: Replace sequential port probing with an `enbox://` protocol-handler
- *       handshake (https://github.com/enboxorg/enbox/issues/287).
+ * @example Browser: inject cached endpoint from `dwn://register` redirect
+ * ```ts
+ * const discovery = new LocalDwnDiscovery(rpcClient);
+ * discovery.setCachedEndpoint('http://127.0.0.1:55557');
+ * ```
  */
 export class LocalDwnDiscovery {
   private _cachedEndpoint?: string;
   private _cacheExpiry = 0;
 
   constructor(
-    private _rpcClient: Web5Rpc,
-    private _cacheTtlMs = 10_000
+    private _rpcClient: EnboxRpc,
+    private _cacheTtlMs = 10_000,
+    private _discoveryFile?: DwnDiscoveryFile,
   ) {}
 
   /**
-   * Returns the base URL of a local DWN server, or `undefined` if none is
-   * reachable on the well-known port candidates.
+   * Returns the base URL of a local DWN server, or `undefined` if none
+   * is discoverable.
+   *
+   * The discovery order is:
+   * 1. In-memory cache (if not expired).
+   * 2. `~/.enbox/dwn.json` discovery file (if a {@link DwnDiscoveryFile}
+   *    was provided). The endpoint from the file is validated via
+   *    `GET /info` to ensure the server is still running.
+   * 3. Sequential port probing on well-known localhost ports (fallback).
    */
   public async getEndpoint(): Promise<string | undefined> {
     const now = Date.now();
@@ -58,24 +103,105 @@ export class LocalDwnDiscovery {
       return this._cachedEndpoint;
     }
 
+    // Channel 1: file-based discovery.
+    const fileEndpoint = await this._tryDiscoveryFile();
+    if (fileEndpoint !== undefined) {
+      this._setCacheEntry(fileEndpoint, now);
+      return fileEndpoint;
+    }
+
+    // Channel 2: sequential port probing (fallback).
+    const probeEndpoint = await this._probePortCandidates();
+    // Cache both positive and negative results.
+    this._setCacheEntry(probeEndpoint, now);
+    return probeEndpoint;
+  }
+
+  /**
+   * Inject a cached endpoint (e.g. from a `dwn://register` browser redirect
+   * or from `localStorage`). The endpoint is validated via `GET /info` before
+   * caching.
+   *
+   * @returns `true` if the endpoint was validated and cached, `false` otherwise.
+   */
+  public async setCachedEndpoint(endpoint: string): Promise<boolean> {
+    const normalized = normalizeBaseUrl(endpoint);
+    const valid = await this._validateEndpoint(normalized);
+    if (valid) {
+      this._setCacheEntry(normalized, Date.now());
+    }
+    return valid;
+  }
+
+  /**
+   * Clear the in-memory cache, forcing the next {@link getEndpoint} call
+   * to perform a fresh discovery.
+   */
+  public clearCache(): void {
+    this._cachedEndpoint = undefined;
+    this._cacheExpiry = 0;
+  }
+
+  // ─── Private discovery channels ────────────────────────────────
+
+  /**
+   * Try the `~/.enbox/dwn.json` discovery file. Returns the endpoint if
+   * the file exists, is valid, and the endpoint passes `GET /info`
+   * validation. Returns `undefined` otherwise.
+   */
+  private async _tryDiscoveryFile(): Promise<string | undefined> {
+    if (!this._discoveryFile) {
+      return undefined;
+    }
+
+    try {
+      const record = await this._discoveryFile.read();
+      if (!record) {
+        return undefined;
+      }
+
+      // Validate that the server is actually alive and is ours.
+      const valid = await this._validateEndpoint(record.endpoint);
+      return valid ? record.endpoint : undefined;
+    } catch {
+      return undefined;
+    }
+  }
+
+  /**
+   * Sequential HTTP probe on well-known localhost port candidates.
+   * Returns the first endpoint whose `GET /info` response identifies
+   * as `@enbox/dwn-server`, or `undefined` if none is found.
+   */
+  private async _probePortCandidates(): Promise<string | undefined> {
     for (const port of localDwnPortCandidates) {
       for (const host of localDwnHostCandidates) {
         const endpoint = `http://${host}:${port}`;
-        try {
-          const serverInfo = await this._rpcClient.getServerInfo(endpoint);
-          if (serverInfo.server === localDwnServerName) {
-            this._cachedEndpoint = normalizeBaseUrl(endpoint);
-            this._cacheExpiry = now + this._cacheTtlMs;
-            return this._cachedEndpoint;
-          }
-        } catch {
-          // keep probing candidate endpoints
+        const valid = await this._validateEndpoint(endpoint);
+        if (valid) {
+          return normalizeBaseUrl(endpoint);
         }
       }
     }
+    return undefined;
+  }
 
-    this._cachedEndpoint = undefined;
+  /**
+   * Call `GET /info` on the endpoint and check that
+   * `serverInfo.server === '@enbox/dwn-server'`.
+   */
+  private async _validateEndpoint(endpoint: string): Promise<boolean> {
+    try {
+      const serverInfo = await this._rpcClient.getServerInfo(endpoint);
+      return serverInfo.server === localDwnServerName;
+    } catch {
+      return false;
+    }
+  }
+
+  /** Update the in-memory cache entry. */
+  private _setCacheEntry(endpoint: string | undefined, now: number): void {
+    this._cachedEndpoint = endpoint;
     this._cacheExpiry = now + this._cacheTtlMs;
-    return undefined;
   }
 }

package/src/local-key-manager.ts

@@ -48,7 +48,7 @@ import { Encryption, HdKey } from '@enbox/dwn-sdk-js';
 
 import type { AgentDataStore } from './store-data.js';
 import type { AgentKeyManager } from './types/key-manager.js';
-import type { Web5PlatformAgent } from './types/agent.js';
+import type { EnboxPlatformAgent } from './types/agent.js';
 
 import { InMemoryKeyStore } from './store-key.js';
 
@@ -121,7 +121,7 @@ type SupportedKeyGeneratorAlgorithm =
  * the application exits.
  */
 export type LocalKmsParams = {
-  agent?: Web5PlatformAgent;
+  agent?: EnboxPlatformAgent;
 
   /**
    * An optional property to specify a custom {@link AgentDataStore} instance for key management. If
@@ -164,12 +164,12 @@ export interface LocalKmsUnwrapKeyParams extends KmsUriUnwrapKeyParams {
 
 export class LocalKeyManager implements AgentKeyManager {
   /**
-   * Holds the instance of a `Web5PlatformAgent` that represents the current execution context for
-   * the `LocalKeyManager`. This agent is used to interact with other Web5 agent components. It's
+   * Holds the instance of a `EnboxPlatformAgent` that represents the current execution context for
+   * the `LocalKeyManager`. This agent is used to interact with other Enbox agent components. It's
    * vital to ensure this instance is set to correctly contextualize operations within the broader
-   * Web5 Agent framework.
+   * Enbox Agent framework.
    */
-  private _agent?: Web5PlatformAgent;
+  private _agent?: EnboxPlatformAgent;
 
   /**
    * A private map that stores instances of cryptographic algorithm implementations. Each key in
@@ -196,12 +196,12 @@ export class LocalKeyManager implements AgentKeyManager {
   }
 
   /**
-   * Retrieves the `Web5PlatformAgent` execution context.
+   * Retrieves the `EnboxPlatformAgent` execution context.
    *
-   * @returns The `Web5PlatformAgent` instance that represents the current execution context.
+   * @returns The `EnboxPlatformAgent` instance that represents the current execution context.
    * @throws Will throw an error if the `agent` instance property is undefined.
    */
-  get agent(): Web5PlatformAgent {
+  get agent(): EnboxPlatformAgent {
     if (this._agent === undefined) {
       throw new Error('LocalKeyManager: Unable to determine agent execution context.');
     }
@@ -209,7 +209,7 @@ export class LocalKeyManager implements AgentKeyManager {
     return this._agent;
   }
 
-  set agent(agent: Web5PlatformAgent) {
+  set agent(agent: EnboxPlatformAgent) {
     this._agent = agent;
   }
 

package/src/oidc.ts

@@ -1,6 +1,6 @@
 import type { ConnectPermissionRequest } from './connect.js';
+import type { EnboxAgent } from './types/agent.js';
 import type { RequireOnly } from '@enbox/common';
-import type { Web5Agent } from './types/agent.js';
 import type { DidDocument, PortableDid } from '@enbox/dids';
 import type { DwnDataEncodedRecordsWriteMessage, DwnPermissionScope, DwnProtocolDefinition } from './types/dwn.js';
 import type {
@@ -34,7 +34,7 @@ import { isRecordPermissionScope } from './dwn-api.js';
  * @see {@link https://www.rfc-editor.org/rfc/rfc9126.html | OAuth 2.0 Pushed Authorization Requests}
  */
 export type PushedAuthRequest = {
-  /** The JWT which contains the {@link Web5ConnectAuthRequest} */
+  /** The JWT which contains the {@link EnboxConnectAuthRequest} */
   request: string;
 };
 
@@ -134,7 +134,7 @@ export type SIOPv2AuthRequest = {
  * An auth request that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2
  * The contents of this are inserted into a JWT inside of the {@link PushedAuthRequest}.
  */
-export type Web5ConnectAuthRequest = {
+export type EnboxConnectAuthRequest = {
   /** The user friendly name of the client/app to be displayed when prompting end-user with permission requests. */
   displayName: string;
 
@@ -168,16 +168,16 @@ export type SIOPv2AuthResponse = {
 };
 
 /** An auth response that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2 */
-export type Web5ConnectAuthResponse = {
+export type EnboxConnectAuthResponse = {
   delegateGrants: DwnDataEncodedRecordsWriteMessage[];
   delegatePortableDid: PortableDid;
 } & SIOPv2AuthResponse;
 
 /** Represents the different OIDC endpoint types.
  * 1. `pushedAuthorizationRequest`: client sends {@link PushedAuthRequest} receives {@link PushedAuthResponse}
- * 2. `authorize`: provider gets the {@link Web5ConnectAuthRequest} JWT that was stored by the PAR
- * 3. `callback`: provider sends {@link Web5ConnectAuthResponse} to this endpoint
- * 4. `token`: client gets {@link Web5ConnectAuthResponse} from this endpoint
+ * 2. `authorize`: provider gets the {@link EnboxConnectAuthRequest} JWT that was stored by the PAR
+ * 3. `callback`: provider sends {@link EnboxConnectAuthResponse} to this endpoint
+ * 4. `token`: client gets {@link EnboxConnectAuthResponse} from this endpoint
  */
 type OidcEndpoint =
   | 'pushedAuthorizationRequest'
@@ -210,17 +210,17 @@ function buildOidcUrl({
     /** 1. client sends {@link PushedAuthRequest} & client receives {@link PushedAuthResponse} */
     case 'pushedAuthorizationRequest':
       return concatenateUrl(baseURL, 'par');
-    /** 2. provider gets {@link Web5ConnectAuthRequest} */
+    /** 2. provider gets {@link EnboxConnectAuthRequest} */
     case 'authorize':
       if (!authParam)
       {throw new Error(
         `authParam must be providied when building a token URL`
       );}
       return concatenateUrl(baseURL, `authorize/${authParam}.jwt`);
-    /** 3. provider sends {@link Web5ConnectAuthResponse} */
+    /** 3. provider sends {@link EnboxConnectAuthResponse} */
     case 'callback':
       return concatenateUrl(baseURL, `callback`);
-    /**  4. client gets {@link Web5ConnectAuthResponse */
+    /**  4. client gets {@link EnboxConnectAuthResponse */
     case 'token':
       if (!tokenParam)
       {throw new Error(
@@ -248,20 +248,20 @@ async function generateCodeChallenge(): Promise<{ codeChallengeBytes: Uint8Array
   return { codeChallengeBytes, codeChallengeBase64Url };
 }
 
-/** Client creates the {@link Web5ConnectAuthRequest} */
+/** Client creates the {@link EnboxConnectAuthRequest} */
 async function createAuthRequest(
   options: RequireOnly<
-    Web5ConnectAuthRequest,
+    EnboxConnectAuthRequest,
     'client_id' | 'scope' | 'redirect_uri' | 'permissionRequests' | 'displayName'
   >
-): Promise<Web5ConnectAuthRequest> {
+): Promise<EnboxConnectAuthRequest> {
   // Generate a random state value to associate the authorization request with the response.
   const stateBytes = CryptoUtils.randomBytes(16);
 
   // Generate a random nonce value to associate the ID Token with the authorization request.
   const nonceBytes = CryptoUtils.randomBytes(16);
 
-  const requestObject: Web5ConnectAuthRequest = {
+  const requestObject: EnboxConnectAuthRequest = {
     ...options,
     nonce           : Convert.uint8Array(nonceBytes).toBase64Url(),
     response_type   : 'id_token',
@@ -313,13 +313,13 @@ async function encryptAuthRequest({
 /** Create a response object compatible with Web5 Connect and OIDC SIOPv2 */
 async function createResponseObject(
   options: RequireOnly<
-    Web5ConnectAuthResponse,
+    EnboxConnectAuthResponse,
     'iss' | 'sub' | 'aud' | 'delegateGrants' | 'delegatePortableDid'
   >
-): Promise<Web5ConnectAuthResponse> {
+): Promise<EnboxConnectAuthResponse> {
   const currentTimeInSeconds = Math.floor(Date.now() / 1000);
 
-  const responseObject: Web5ConnectAuthResponse = {
+  const responseObject: EnboxConnectAuthResponse = {
     ...options,
     iat : currentTimeInSeconds,
     exp : currentTimeInSeconds + 600, // Expires in 10 minutes.
@@ -406,10 +406,10 @@ async function verifyJwt({ jwt }: { jwt: string }): Promise<Record<string, unkno
 }
 
 /**
- * Fetches the {@Web5ConnectAuthRequest} from the authorize endpoint and decrypts it
+ * Fetches the {@EnboxConnectAuthRequest} from the authorize endpoint and decrypts it
  * using the encryption key passed via QR code.
  */
-const getAuthRequest = async (request_uri: string, encryption_key: string): Promise<Web5ConnectAuthRequest> => {
+const getAuthRequest = async (request_uri: string, encryption_key: string): Promise<EnboxConnectAuthRequest> => {
   const authRequest = await fetch(request_uri, { signal: AbortSignal.timeout(30_000) });
   const jwe = await authRequest.text();
   const jwt = await decryptAuthRequest({
@@ -418,7 +418,7 @@ const getAuthRequest = async (request_uri: string, encryption_key: string): Prom
   });
   const web5ConnectAuthRequest = (await verifyJwt({
     jwt,
-  })) as Web5ConnectAuthRequest;
+  })) as EnboxConnectAuthRequest;
 
   return web5ConnectAuthRequest;
 };
@@ -461,7 +461,7 @@ async function decryptAuthRequest({
 
 /**
  * The client uses to decrypt the jwe obtained from the auth server which contains
- * the {@link Web5ConnectAuthResponse} that was sent by the provider to the auth server.
+ * the {@link EnboxConnectAuthResponse} that was sent by the provider to the auth server.
  *
  * @async
  * @param {BearerDid} clientDid - The did that was initially used by the client for ECDH at connect init.
@@ -517,7 +517,7 @@ async function decryptAuthResponse(
   return jwt;
 }
 
-/** Derives a shared ECDH private key in order to encrypt the {@link Web5ConnectAuthResponse} */
+/** Derives a shared ECDH private key in order to encrypt the {@link EnboxConnectAuthResponse} */
 async function deriveSharedKey(
   privateKeyDid: BearerDid,
   publicKeyDid: DidDocument
@@ -616,12 +616,12 @@ function shouldUseDelegatePermission(scope: DwnPermissionScope): boolean {
 
 /**
  * Creates the permission grants that assign to the selectedDid the level of
- * permissions that the web app requested in the {@link Web5ConnectAuthRequest}
+ * permissions that the web app requested in the {@link EnboxConnectAuthRequest}
  */
 async function createPermissionGrants(
   selectedDid: string,
   delegateBearerDid: BearerDid,
-  agent: Web5Agent,
+  agent: EnboxAgent,
   scopes: DwnPermissionScope[],
 ): Promise<DwnDataEncodedRecordsWriteMessage[]> {
   const permissionsApi = new AgentPermissionsApi({ agent });
@@ -683,7 +683,7 @@ async function createPermissionGrants(
  */
 async function prepareProtocol(
   selectedDid: string,
-  agent: Web5Agent,
+  agent: EnboxAgent,
   protocolDefinition: DwnProtocolDefinition
 ): Promise<void> {
 
@@ -744,17 +744,17 @@ async function prepareProtocol(
 /**
  * Creates a delegate did which the web app will use as its future indentity.
  * Assigns to that DID the level of permissions that the web app requested in
- * the {@link Web5ConnectAuthRequest}. Encrypts via ECDH key that the web app
+ * the {@link EnboxConnectAuthRequest}. Encrypts via ECDH key that the web app
  * will have access to because the web app has the public key which it provided
- * in the {@link Web5ConnectAuthRequest}. Then sends the ciphertext of this
- * {@link Web5ConnectAuthResponse} to the callback endpoint. Which the
+ * in the {@link EnboxConnectAuthRequest}. Then sends the ciphertext of this
+ * {@link EnboxConnectAuthResponse} to the callback endpoint. Which the
  * web app will need to retrieve from the token endpoint and decrypt with the pin to access.
  */
 async function submitAuthResponse(
   selectedDid: string,
-  authRequest: Web5ConnectAuthRequest,
+  authRequest: EnboxConnectAuthRequest,
   randomPin: string,
-  agent: Web5Agent
+  agent: EnboxAgent
 ): Promise<void> {
   const delegateBearerDid = await DidJwk.create();
   const delegatePortableDid = await delegateBearerDid.export();
@@ -852,3 +852,13 @@ export const Oidc = {
   generateCodeChallenge,
   submitAuthResponse,
 };
+
+// ---------------------------------------------------------------------------
+// Deprecated aliases — migration aid
+// ---------------------------------------------------------------------------
+
+/** @deprecated Use {@link EnboxConnectAuthRequest} instead. */
+export type Web5ConnectAuthRequest = EnboxConnectAuthRequest;
+
+/** @deprecated Use {@link EnboxConnectAuthResponse} instead. */
+export type Web5ConnectAuthResponse = EnboxConnectAuthResponse;

package/src/permissions-api.ts

@@ -1,4 +1,4 @@
-import type { Web5Agent } from './types/agent.js';
+import type { EnboxAgent } from './types/agent.js';
 import type { CreateGrantParams, CreateRequestParams, CreateRevocationParams, FetchPermissionRequestParams, FetchPermissionsParams, GetPermissionParams, IsGrantRevokedParams, PermissionGrantEntry, PermissionRequestEntry, PermissionRevocationEntry, PermissionsApi } from './types/permissions.js';
 import type { DwnDataEncodedRecordsWriteMessage, DwnMessageParams, DwnMessagesPermissionScope, DwnPermissionScope, DwnProtocolPermissionScope, DwnRecordsPermissionScope, ProcessDwnRequest } from './types/dwn.js';
 import type { PermissionGrant, PermissionGrantData, PermissionRequestData, PermissionRevocationData } from '@enbox/dwn-sdk-js';
@@ -13,20 +13,20 @@ export class AgentPermissionsApi implements PermissionsApi {
   /** cache for fetching a permission {@link PermissionGrant}, keyed by a specific MessageType and protocol */
   private _cachedPermissions: TtlCache<string, PermissionGrantEntry> = new TtlCache({ ttl: 60 * 1000 });
 
-  private _agent?: Web5Agent;
+  private _agent?: EnboxAgent;
 
-  get agent(): Web5Agent {
+  get agent(): EnboxAgent {
     if (!this._agent) {
       throw new Error('AgentPermissionsApi: Agent is not set');
     }
     return this._agent;
   }
 
-  set agent(agent:Web5Agent) {
+  set agent(agent:EnboxAgent) {
     this._agent = agent;
   }
 
-  constructor({ agent }: { agent?: Web5Agent } = {}) {
+  constructor({ agent }: { agent?: EnboxAgent } = {}) {
     this._agent = agent;
   }
 

package/src/store-data.ts

@@ -4,7 +4,7 @@ import ms from 'ms';
 import { Convert, Stream, TtlCache } from '@enbox/common';
 
 import type { DwnMessageParams } from './types/dwn.js';
-import type { Web5PlatformAgent } from './types/agent.js';
+import type { EnboxPlatformAgent } from './types/agent.js';
 import type { ProtocolDefinition, RecordsReadReplyEntry } from '@enbox/dwn-sdk-js';
 
 import { Protocols } from '@enbox/dwn-sdk-js';
@@ -13,7 +13,7 @@ import { DwnInterface } from './types/dwn.js';
 import { getDataStoreTenant, TENANT_SEPARATOR } from './utils-internal.js';
 
 export type DataStoreTenantParams = {
-  agent: Web5PlatformAgent;
+  agent: EnboxPlatformAgent;
   tenant?: string;
 };
 
@@ -269,7 +269,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
   }
 
   protected async getAllRecords(_params: {
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
     tenantDid: string;
   }): Promise<TStoreObject[]> {
     throw new Error('Not implemented: Classes extending DwnDataStore must implement getAllRecords()');
@@ -278,7 +278,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
   private async getRecord({ recordId, tenantDid, agent, useCache }: {
     recordId: string;
     tenantDid: string;
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
     useCache: boolean;
   }): Promise<TStoreObject | undefined> {
     // If caching is enabled, check the cache for the record ID.
@@ -322,7 +322,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
    * If the tenant DID lacks an X25519 keyAgreement key, the error propagates
    * — plaintext fallback is not allowed.
    */
-  private async installProtocol(tenant: string, agent: Web5PlatformAgent): Promise<void> {
+  private async installProtocol(tenant: string, agent: EnboxPlatformAgent): Promise<void> {
     let definition = this._recordProtocolDefinition;
     let encryptionActive = false;
 
@@ -353,7 +353,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
   private async lookupRecordId({ id, tenantDid, agent }: {
     id: string;
     tenantDid: string;
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
   }): Promise<string | undefined> {
     // Check the index for a matching ID and extend the index TTL.
     let recordId = this._index.get(`${tenantDid}${TENANT_SEPARATOR}${id}`, { updateAgeOnGet: true });
@@ -373,7 +373,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
   private async getExistingRecordEntry({ id, tenantDid, agent }: {
     id: string;
     tenantDid: string;
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
   }): Promise<RecordsReadReplyEntry | undefined> {
     // Look up the DWN record ID of the object in the store with the given `id`.
     const recordId = await this.lookupRecordId({ id, tenantDid, agent });

package/src/store-did.ts

@@ -3,7 +3,7 @@ import type { PortableDid } from '@enbox/dids';
 import { Convert } from '@enbox/common';
 import { isPortableDid } from '@enbox/dids';
 
-import type { Web5PlatformAgent } from './types/agent.js';
+import type { EnboxPlatformAgent } from './types/agent.js';
 import type { AgentDataStore, DataStoreDeleteParams, DataStoreGetParams, DataStoreListParams, DataStoreSetParams } from './store-data.js';
 
 import { DwnInterface } from './types/dwn.js';
@@ -43,7 +43,7 @@ export class DwnDidStore extends DwnDataStore<PortableDid> implements AgentDataS
   }
 
   protected async getAllRecords({ agent, tenantDid }: {
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
     tenantDid: string;
   }): Promise<PortableDid[]> {
     // Clear the index since it will be rebuilt from the query results.

package/src/store-identity.ts

@@ -1,7 +1,7 @@
 import { Convert } from '@enbox/common';
 
+import type { EnboxPlatformAgent } from './types/agent.js';
 import type { IdentityMetadata } from './types/identity.js';
-import type { Web5PlatformAgent } from './types/agent.js';
 import type { AgentDataStore, DataStoreDeleteParams, DataStoreGetParams, DataStoreListParams, DataStoreSetParams } from './store-data.js';
 
 import { DwnInterface } from './types/dwn.js';
@@ -47,7 +47,7 @@ export class DwnIdentityStore extends DwnDataStore<IdentityMetadata> implements
   }
 
   protected async getAllRecords({ agent, tenantDid }: {
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
     tenantDid: string;
   }): Promise<IdentityMetadata[]> {
     // Clear the index since it will be rebuilt from the query results.

package/src/store-key.ts

@@ -5,7 +5,7 @@ import { isPrivateJwk, KEY_URI_PREFIX_JWK } from '@enbox/crypto';
 
 import type { RecordsReadReply } from '@enbox/dwn-sdk-js';
 
-import type { Web5PlatformAgent } from './types/agent.js';
+import type { EnboxPlatformAgent } from './types/agent.js';
 
 import { DwnInterface } from './types/dwn.js';
 import { JwkProtocolDefinition } from './store-data-protocols.js';
@@ -45,7 +45,7 @@ export class DwnKeyStore extends DwnDataStore<Jwk> implements AgentDataStore<Jwk
   }
 
   protected async getAllRecords({ agent, tenantDid }: {
-    agent: Web5PlatformAgent;
+    agent: EnboxPlatformAgent;
     tenantDid: string;
   }): Promise<Jwk[]> {
     // Clear the index since it will be rebuilt from the query results.