npm - @enbox/agent - Versions diffs - 0.3.1 → 0.5.0 - Mend

@enbox/agent 0.3.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/browser.mjs +12 -30
package/dist/browser.mjs.map +4 -4
package/dist/esm/dwn-api.js +149 -22
package/dist/esm/dwn-api.js.map +1 -1
package/dist/esm/dwn-discovery-file.js +1 -1
package/dist/esm/dwn-discovery-payload.js +20 -21
package/dist/esm/dwn-discovery-payload.js.map +1 -1
package/dist/esm/dwn-key-delivery.js.map +1 -1
package/dist/esm/{oidc.js → enbox-connect-protocol.js} +219 -251
package/dist/esm/enbox-connect-protocol.js.map +1 -0
package/dist/esm/enbox-user-agent.js +19 -12
package/dist/esm/enbox-user-agent.js.map +1 -1
package/dist/esm/hd-identity-vault.js +11 -0
package/dist/esm/hd-identity-vault.js.map +1 -1
package/dist/esm/index.js +4 -4
package/dist/esm/index.js.map +1 -1
package/dist/esm/local-dwn.js +21 -51
package/dist/esm/local-dwn.js.map +1 -1
package/dist/esm/permissions-api.js.map +1 -1
package/dist/esm/store-data.js.map +1 -1
package/dist/esm/sync-engine-level.js +1 -1
package/dist/esm/sync-engine-level.js.map +1 -1
package/dist/esm/sync-messages.js +1 -1
package/dist/esm/sync-messages.js.map +1 -1
package/dist/esm/test-harness.js +2 -3
package/dist/esm/test-harness.js.map +1 -1
package/dist/esm/types/dwn.js.map +1 -1
package/dist/types/dwn-api.d.ts +46 -6
package/dist/types/dwn-api.d.ts.map +1 -1
package/dist/types/dwn-discovery-file.d.ts +1 -1
package/dist/types/dwn-discovery-payload.d.ts +18 -19
package/dist/types/dwn-discovery-payload.d.ts.map +1 -1
package/dist/types/enbox-connect-protocol.d.ts +206 -0
package/dist/types/enbox-connect-protocol.d.ts.map +1 -0
package/dist/types/enbox-user-agent.d.ts +13 -8
package/dist/types/enbox-user-agent.d.ts.map +1 -1
package/dist/types/hd-identity-vault.d.ts +7 -0
package/dist/types/hd-identity-vault.d.ts.map +1 -1
package/dist/types/index.d.ts +1 -4
package/dist/types/index.d.ts.map +1 -1
package/dist/types/local-dwn.d.ts +16 -32
package/dist/types/local-dwn.d.ts.map +1 -1
package/dist/types/test-harness.d.ts.map +1 -1
package/dist/types/types/agent.d.ts +2 -7
package/dist/types/types/agent.d.ts.map +1 -1
package/dist/types/types/dwn.d.ts +0 -10
package/dist/types/types/dwn.d.ts.map +1 -1
package/dist/types/types/sync.d.ts +6 -0
package/dist/types/types/sync.d.ts.map +1 -1
package/package.json +14 -16
package/src/dwn-api.ts +175 -29
package/src/dwn-discovery-file.ts +1 -1
package/src/dwn-discovery-payload.ts +23 -24
package/src/dwn-key-delivery.ts +1 -1
package/src/enbox-connect-protocol.ts +753 -0
package/src/enbox-user-agent.ts +31 -18
package/src/hd-identity-vault.ts +21 -0
package/src/index.ts +4 -4
package/src/local-dwn.ts +22 -53
package/src/permissions-api.ts +3 -3
package/src/store-data.ts +1 -1
package/src/sync-engine-level.ts +1 -1
package/src/sync-messages.ts +1 -1
package/src/test-harness.ts +2 -3
package/src/types/agent.ts +3 -14
package/src/types/dwn.ts +1 -13
package/src/types/sync.ts +7 -0
package/dist/esm/connect.js +0 -180
package/dist/esm/connect.js.map +0 -1
package/dist/esm/oidc.js.map +0 -1
package/dist/esm/sync-api.js +0 -64
package/dist/esm/sync-api.js.map +0 -1
package/dist/types/connect.d.ts +0 -88
package/dist/types/connect.d.ts.map +0 -1
package/dist/types/oidc.d.ts +0 -250
package/dist/types/oidc.d.ts.map +0 -1
package/dist/types/sync-api.d.ts +0 -40
package/dist/types/sync-api.d.ts.map +0 -1
package/src/connect.ts +0 -285
package/src/oidc.ts +0 -864
package/src/sync-api.ts +0 -75

package/src/connect.ts DELETED Viewed

@@ -1,285 +0,0 @@
-import type { PushedAuthResponse } from './oidc.js';
-import type { DwnPermissionScope, DwnProtocolDefinition, EnboxConnectAuthResponse } from './index.js';
-import { CryptoUtils } from '@enbox/crypto';
-import { DidJwk } from '@enbox/dids';
-import { Oidc } from './oidc.js';
-import { pollWithTtl } from './utils.js';
-import { Convert, logger } from '@enbox/common';
-import { DwnInterfaceName, DwnMethodName } from '@enbox/dwn-sdk-js';
-/**
- * Initiates the wallet connect process. Used when a client wants to obtain
- * a did from a provider.
- */
-async function initClient({
-  displayName,
-  connectServerUrl,
-  walletUri,
-  permissionRequests,
-  onWalletUriReady,
-  validatePin,
-}: WalletConnectOptions): Promise<{
-  delegateGrants: EnboxConnectAuthResponse['delegateGrants'];
-  delegatePortableDid: EnboxConnectAuthResponse['delegatePortableDid'];
-  connectedDid: string;
-} | undefined> {
-  // ephemeral client did for ECDH, signing, verification
-  const clientDid = await DidJwk.create();
-  // TODO: properly implement PKCE. this implementation is lacking server side validations and more.
-  // https://github.com/enboxorg/enbox/issues/829
-  // Derive the code challenge based on the code verifier
-  // const { codeChallengeBytes, codeChallengeBase64Url } =
-  //   await Oidc.generateCodeChallenge();
-  const encryptionKey = CryptoUtils.randomBytes(32);
-  // build callback URL to pass into the auth request
-  const callbackEndpoint = Oidc.buildOidcUrl({
-    baseURL  : connectServerUrl,
-    endpoint : 'callback',
-  });
-  // build the PAR request
-  const request = await Oidc.createAuthRequest({
-    client_id          : clientDid.uri,
-    scope              : 'openid did:jwk',
-    redirect_uri       : callbackEndpoint,
-    // custom properties:
-    // code_challenge        : codeChallengeBase64Url,
-    // code_challenge_method : 'S256',
-    permissionRequests : permissionRequests,
-    displayName,
-  });
-  // Sign the Request Object using the Client DID's signing key.
-  const requestJwt = await Oidc.signJwt({
-    did  : clientDid,
-    data : request,
-  });
-  if (!requestJwt) {
-    throw new Error('Unable to sign requestObject');
-  }
-  // Encrypt the Request Object JWT using the code challenge.
-  const requestObjectJwe = await Oidc.encryptAuthRequest({
-    jwt: requestJwt,
-    encryptionKey,
-  });
-  const pushedAuthorizationRequestEndpoint = Oidc.buildOidcUrl({
-    baseURL  : connectServerUrl,
-    endpoint : 'pushedAuthorizationRequest',
-  });
-  const parResponse = await fetch(pushedAuthorizationRequestEndpoint, {
-    body    : JSON.stringify({ request: requestObjectJwe }),
-    method  : 'POST',
-    headers : {
-      'Content-Type': 'application/json',
-    },
-    signal: AbortSignal.timeout(30_000),
-  });
-  if (!parResponse.ok) {
-    throw new Error(`${parResponse.status}: ${parResponse.statusText}`);
-  }
-  const parData: PushedAuthResponse = await parResponse.json();
-  // a deeplink to a compatible wallet. if the wallet scans this link it should receive
-  // a route to its Connect provider flow and the params of where to fetch the auth request.
-  logger.log(`Wallet URI: ${walletUri}`);
-  const generatedWalletUri = new URL(walletUri);
-  generatedWalletUri.searchParams.set('request_uri', parData.request_uri);
-  generatedWalletUri.searchParams.set(
-    'encryption_key',
-    Convert.uint8Array(encryptionKey).toBase64Url()
-  );
-  // call user's callback so they can send the URI to the wallet as they see fit
-  onWalletUriReady(generatedWalletUri.toString());
-  const tokenUrl = Oidc.buildOidcUrl({
-    baseURL    : connectServerUrl,
-    endpoint   : 'token',
-    tokenParam : request.state,
-  });
-  // subscribe to receiving a response from the wallet with default TTL. receive ciphertext of {@link EnboxConnectAuthResponse}
-  const authResponse = await pollWithTtl(() => fetch(tokenUrl, { signal: AbortSignal.timeout(30_000) }));
-  if (authResponse) {
-    const jwe = await authResponse?.text();
-    // get the pin from the user and use it as AAD to decrypt
-    const pin = await validatePin();
-    const jwt = await Oidc.decryptAuthResponse(clientDid, jwe, pin);
-    const verifiedAuthResponse = (await Oidc.verifyJwt({
-      jwt,
-    })) as EnboxConnectAuthResponse;
-    return {
-      delegateGrants      : verifiedAuthResponse.delegateGrants,
-      delegatePortableDid : verifiedAuthResponse.delegatePortableDid,
-      connectedDid        : verifiedAuthResponse.iss,
-    };
-  }
-}
-/**
- * Initiates the wallet connect process. Used when a client wants to obtain
- * a did from a provider.
- */
-export type WalletConnectOptions = {
-  /** The user friendly name of the client/app to be displayed when prompting end-user with permission requests. */
-  displayName: string;
-  /** The URL of the intermediary server which relays messages between the client and provider. */
-  connectServerUrl: string;
-  /**
-   * The URI of the Provider (wallet).The `onWalletUriReady` will take this wallet
-   * uri and add a payload to it which will be used to obtain and decrypt from the `request_uri`.
-   * @example `web5://` or `http://localhost:3000/`.
-   */
-  walletUri: string;
-  /**
-   * The protocols of permissions requested, along with the definition and
-   * permission scopes for each protocol. The key is the protocol URL and
-   * the value is an object with the protocol definition and the permission scopes.
-   */
-  permissionRequests: ConnectPermissionRequest[];
-  /**
-   * The Connect API provides a URI to the wallet based on the `walletUri` plus a query params payload valid for 5 minutes.
-   * The link can either be used as a deep link on the same device or a QR code for cross device or both.
-   * The query params are `{ request_uri: string; encryption_key: string; }`
-   * The wallet will use the `request_uri to contact the intermediary server's `authorize` endpoint
-   * and pull down the {@link EnboxConnectAuthRequest} and use the `encryption_key` to decrypt it.
-   *
-   * @param uri - The URI returned by the Connect API to be passed to a provider.
-   */
-  onWalletUriReady: (uri: string) => void;
-  /**
-   * Function that must be provided to submit the pin entered by the user on the client.
-   * The pin is used to decrypt the {@link EnboxConnectAuthResponse} that was retrieved from the
-   * token endpoint by the client inside of Connect.
-   *
-   * @returns A promise that resolves to the PIN as a string.
-   */
-  validatePin: () => Promise<string>;
-};
-/**
- * The protocols of permissions requested, along with the definition and permission scopes for each protocol.
- */
-export type ConnectPermissionRequest = {
-  /**
-   * The definition of the protocol the permissions are being requested for.
-   * In the event that the protocol is not already installed, the wallet will install this given protocol definition.
-   */
-  protocolDefinition: DwnProtocolDefinition;
-  /** The scope of the permissions being requested for the given protocol */
-  permissionScopes: DwnPermissionScope[];
-};
-/**
- * Shorthand for the types of permissions that can be requested.
- */
-export type Permission = 'write' | 'read' | 'delete' | 'query' | 'subscribe' | 'configure';
-/**
- * The options for creating a permission request for a given protocol.
- */
-export type ProtocolPermissionOptions = {
-  /** The protocol definition for the protocol being requested */
-  definition: DwnProtocolDefinition;
-  /** The permissions being requested for the protocol */
-  permissions: Permission[];
-};
-/**
- * Creates a set of Dwn Permission Scopes to request for a given protocol.
- *
- * If no permissions are provided, the default is to request all relevant record permissions (write, read, delete, query, subscribe).
- * 'configure' is not included by default, as this gives the application a lot of control over the protocol.
- */
-function createPermissionRequestForProtocol({ definition, permissions }: ProtocolPermissionOptions): ConnectPermissionRequest {
-  const requests: DwnPermissionScope[] = [];
-  // Add the ability to query for the specific protocol
-  requests.push({
-    protocol  : definition.protocol,
-    interface : DwnInterfaceName.Protocols,
-    method    : DwnMethodName.Query,
-  });
-  // A Messages.Read grant is a unified scope that covers MessagesRead, MessagesSync, and MessagesSubscribe.
-  // This single grant enables sync and real-time subscriptions for the protocol.
-  requests.push({
-    protocol  : definition.protocol,
-    interface : DwnInterfaceName.Messages,
-    method    : DwnMethodName.Read,
-  });
-  // We also request any additional permissions the user has requested for this protocol
-  for (const permission of permissions) {
-    switch (permission) {
-      case 'write':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Records,
-          method    : DwnMethodName.Write,
-        });
-        break;
-      case 'read':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Records,
-          method    : DwnMethodName.Read,
-        });
-        break;
-      case 'delete':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Records,
-          method    : DwnMethodName.Delete,
-        });
-        break;
-      case 'query':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Records,
-          method    : DwnMethodName.Query,
-        });
-        break;
-      case 'subscribe':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Records,
-          method    : DwnMethodName.Subscribe,
-        });
-        break;
-      case 'configure':
-        requests.push({
-          protocol  : definition.protocol,
-          interface : DwnInterfaceName.Protocols,
-          method    : DwnMethodName.Configure,
-        });
-        break;
-    }
-  }
-  return {
-    protocolDefinition : definition,
-    permissionScopes   : requests,
-  };
-}
-export const WalletConnect = { initClient, createPermissionRequestForProtocol };