@enbox/agent 0.7.0 → 0.7.2

package/src/index.ts

@@ -13,6 +13,7 @@ export { evaluateClosure, evaluateClosureBatch } from './sync-closure-resolver.j
 export type * from './types/vc.js';
 
 export * from './agent-did-resolver-cache.js';
+export * from './agent-session.js';
 export * from './anonymous-dwn-api.js';
 export * from './bearer-identity.js';
 export * from './crypto-api.js';
@@ -42,4 +43,4 @@ export * from './test-harness.js';
 export * from './utils.js';
 export * from './enbox-connect-protocol.js';
 export * from './enbox-user-agent.js';
-export { KeyDeliveryProtocolDefinition } from './store-data-protocols.js';
+export { IdentityProtocolDefinition, JwkProtocolDefinition, KeyDeliveryProtocolDefinition } from './store-data-protocols.js';

package/src/local-key-manager.ts

@@ -770,9 +770,13 @@ export class LocalKeyManager implements AgentKeyManager {
     // agent DID's X25519 key, so looking up that key via the DwnKeyStore would
     // cause infinite recursion (decrypt → getPrivateKey → DwnKeyStore.get → decrypt…).
     try {
-      const agentKeyManager = this.agent?.agentDid?.keyManager;
-      if (agentKeyManager && typeof (agentKeyManager as any).exportKey === 'function') {
-        const agentKey = await (agentKeyManager as any).exportKey({ keyUri });
+      // The base `KeyManager` interface doesn't declare `exportKey` — only
+      // some implementations support raw-key export. Narrowly-typed probe
+      // (no `any`) so the call below uses the structurally correct type.
+      type ExportableKeyManager = { exportKey: (params: { keyUri: string }) => Promise<unknown> };
+      const agentKeyManager = this.agent?.agentDid?.keyManager as Partial<ExportableKeyManager> | undefined;
+      if (agentKeyManager && typeof agentKeyManager.exportKey === 'function') {
+        const agentKey = await agentKeyManager.exportKey({ keyUri });
         if (agentKey && isPrivateJwk(agentKey)) {
           return agentKey;
         }

package/src/protocol-utils.ts

@@ -10,12 +10,17 @@ export function getRuleSetAtPath(
   protocolDefinition: ProtocolDefinition,
   protocolPath: string,
 ): ProtocolRuleSet | undefined {
-  const segments = protocolPath.split('/');
-  let ruleSet: ProtocolRuleSet | undefined =
-    protocolDefinition.structure as unknown as ProtocolRuleSet;
-  for (const segment of segments) {
-    ruleSet = ruleSet[segment] as ProtocolRuleSet | undefined;
+  const [first, ...rest] = protocolPath.split('/');
+  // Top-level lookup uses the structure's declared `{ [key: string]:
+  // ProtocolRuleSet }` index signature directly — no top-level cast.
+  let ruleSet: ProtocolRuleSet | undefined = protocolDefinition.structure[first];
+  for (const segment of rest) {
     if (!ruleSet) { return undefined; }
+    // Nested rule sets index into a `ProtocolRuleSet`'s child map.
+    // `ProtocolRuleSet` has typed `$encryption`/`$actions`/etc. fields
+    // alongside the child index signature, so the index access here
+    // returns a union; narrow it back to `ProtocolRuleSet | undefined`.
+    ruleSet = ruleSet[segment] as ProtocolRuleSet | undefined;
   }
   return ruleSet;
 }
@@ -91,8 +96,6 @@ export function hasRelationalReadAccess(
   ofPath: string,
   protocolDefinition: ProtocolDefinition,
 ): boolean {
-  const structure = protocolDefinition.structure as unknown as ProtocolRuleSet;
-
   function walkRuleSet(rs: ProtocolRuleSet): boolean {
     // Check $actions on this node
     if (rs.$actions) {
@@ -120,7 +123,15 @@ export function hasRelationalReadAccess(
     return false;
   }
 
-  return walkRuleSet(structure);
+  // Walk every top-level type. The structure is typed as
+  // `{ [key: string]: ProtocolRuleSet }`, so each child is directly a
+  // ProtocolRuleSet — no top-level cast needed.
+  for (const key in protocolDefinition.structure) {
+    if (walkRuleSet(protocolDefinition.structure[key])) {
+      return true;
+    }
+  }
+  return false;
 }
 
 /**

package/src/store-data.ts

@@ -337,7 +337,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
     }
 
     // If the record was found, convert back to store object format.
-    const storeObject = await Stream.consumeToJson({ readableStream: readReply.entry.data }) as TStoreObject;
+    const storeObject = await Stream.consumeToJson<TStoreObject>({ readableStream: readReply.entry.data });
 
     // If caching is enabled, add the store object to the cache.
     if (useCache) {

package/src/store-key.ts

@@ -81,7 +81,7 @@ export class DwnKeyStore extends DwnDataStore<Jwk> implements AgentDataStore<Jwk
           throw new Error(`${this.name}: Failed to read encrypted key record: ${record.recordId}`);
         }
 
-        storedKey = await Stream.consumeToJson({ readableStream: readResult.entry.data }) as Jwk;
+        storedKey = await Stream.consumeToJson<Jwk>({ readableStream: readResult.entry.data });
       } else {
         // Unencrypted record (legacy or non-encrypted store) — read inline.
         if (!record.encodedData) {

package/src/sync-engine-level.ts

@@ -6,12 +6,13 @@ import type { GenericMessage, MessageEvent, MessagesSubscribeReply, MessagesSync
 import ms from 'ms';
 
 import { Level } from 'level';
+import { sleep } from '@enbox/common';
 import { Encoder, hashToHex, initDefaultHashes, Message } from '@enbox/dwn-sdk-js';
 
 import type { ClosureEvaluationContext } from './sync-closure-types.js';
+import type { EnboxPlatformAgent } from './types/agent.js';
 import type { PermissionsApi } from './types/permissions.js';
 import type { DeadLetterCategory, DeadLetterEntry, PushResult, ReplicationLinkState, StartSyncParams, SyncConnectivityState, SyncEngine, SyncEvent, SyncEventListener, SyncHealthSummary, SyncIdentityOptions, SyncMode, SyncScope } from './types/sync.js';
-import type { EnboxAgent, EnboxPlatformAgent } from './types/agent.js';
 
 import { evaluateClosure } from './sync-closure-resolver.js';
 import { MAX_PENDING_TOKENS } from './types/sync.js';
@@ -313,7 +314,7 @@ export class SyncEngineLevel implements SyncEngine {
 
   constructor({ agent, dataPath, db }: SyncEngineLevelParams) {
     this._agent = agent;
-    this._permissionsApi = new AgentPermissionsApi({ agent: agent as EnboxAgent });
+    this._permissionsApi = new AgentPermissionsApi({ agent });
     this._db = (db) ? db : new Level<string, string>(dataPath ?? 'DATA/AGENT/SYNC_STORE');
   }
 
@@ -346,7 +347,7 @@ export class SyncEngineLevel implements SyncEngine {
 
   set agent(agent: EnboxPlatformAgent) {
     this._agent = agent;
-    this._permissionsApi = new AgentPermissionsApi({ agent: agent as EnboxAgent });
+    this._permissionsApi = new AgentPermissionsApi({ agent });
     // Cached sync targets were resolved through the previous agent's
     // DID resolver / endpoint lookup — invalidate so the next sync
     // tick re-resolves through the new agent.
@@ -597,18 +598,30 @@ export class SyncEngineLevel implements SyncEngine {
   /**
    * stopSync awaits the completion of the current sync operation before stopping the sync interval
    * and tearing down any live subscriptions.
+   *
+   * @param timeout - Maximum milliseconds to wait for an in-progress
+   *   sync cycle to finish. Non-finite values (`NaN`, `Infinity`) are
+   *   coerced to the default to avoid a tight poll loop or never-exit
+   *   condition.
    */
   public async stopSync(timeout: number = 2000): Promise<void> {
+    // Coerce non-finite timeouts (NaN, Infinity) to the default. NaN
+    // comparisons are always false, so `elapsedTimeout >= NaN` would
+    // never trip the timeout exit; `Math.min(NaN, 100)` is NaN and
+    // `setTimeout(_, NaN)` clamps to 0, spinning the poll loop. Both
+    // are footguns for callers passing a computed timeout that
+    // accidentally evaluates to NaN.
+    const safeTimeout = Number.isFinite(timeout) ? timeout : 2000;
     this._engineGeneration++;
     let elapsedTimeout = 0;
 
     while (this._syncLock) {
-      if (elapsedTimeout >= timeout) {
-        throw new Error(`SyncEngineLevel: Existing sync operation did not complete within ${timeout} milliseconds.`);
+      if (elapsedTimeout >= safeTimeout) {
+        throw new Error(`SyncEngineLevel: Existing sync operation did not complete within ${safeTimeout} milliseconds.`);
       }
 
       elapsedTimeout += 100;
-      await new Promise((resolve): void => { setTimeout(resolve, timeout < 100 ? timeout : 100); });
+      await sleep(Math.min(safeTimeout, 100));
     }
 
     if (this._syncIntervalId) {

package/src/types/dwn.ts

@@ -202,24 +202,33 @@ export type DwnResponse<T extends DwnInterface> = {
   reply: DwnMessageReply[T];
 };
 
+/**
+ * Per-DWN-interface message factory. Only the static `create` and `parse`
+ * methods are part of the contract — the underlying classes have private
+ * or protected constructors (factory pattern), so the interface
+ * intentionally does not declare `new ()`. Omitting `new ()` lets the
+ * mapped-type table below assign class values directly without casts:
+ * a class with a private constructor still satisfies a structural type
+ * that doesn't require constructability, as long as the static side
+ * (`create` / `parse`) lines up.
+ */
 export interface DwnMessageConstructor<T extends DwnInterface> {
-  new (): DwnMessageInstance[T];
   create(params: DwnMessageParams[T]): Promise<DwnMessageInstance[T]>;
   parse(rawMessage: DwnMessage[T]): Promise<DwnMessageInstance[T]>;
 }
 
 export const dwnMessageConstructors: { [T in DwnInterface]: DwnMessageConstructor<T> } = {
-  [DwnInterface.MessagesRead]       : MessagesRead as any,
-  [DwnInterface.MessagesSubscribe]  : MessagesSubscribe as any,
-  [DwnInterface.MessagesSync]       : MessagesSync as any,
-  [DwnInterface.ProtocolsConfigure] : ProtocolsConfigure as any,
-  [DwnInterface.ProtocolsQuery]     : ProtocolsQuery as any,
-  [DwnInterface.RecordsDelete]      : RecordsDelete as any,
-  [DwnInterface.RecordsQuery]       : RecordsQuery as any,
-  [DwnInterface.RecordsRead]        : RecordsRead as any,
-  [DwnInterface.RecordsSubscribe]   : RecordsSubscribe as any,
-  [DwnInterface.RecordsWrite]       : RecordsWrite as any,
-} as const;
+  [DwnInterface.MessagesRead]       : MessagesRead,
+  [DwnInterface.MessagesSubscribe]  : MessagesSubscribe,
+  [DwnInterface.MessagesSync]       : MessagesSync,
+  [DwnInterface.ProtocolsConfigure] : ProtocolsConfigure,
+  [DwnInterface.ProtocolsQuery]     : ProtocolsQuery,
+  [DwnInterface.RecordsDelete]      : RecordsDelete,
+  [DwnInterface.RecordsQuery]       : RecordsQuery,
+  [DwnInterface.RecordsRead]        : RecordsRead,
+  [DwnInterface.RecordsSubscribe]   : RecordsSubscribe,
+  [DwnInterface.RecordsWrite]       : RecordsWrite,
+};
 
 export interface DwnMessageInstance {
   [DwnInterface.MessagesRead] : MessagesRead;

package/src/utils.ts

@@ -155,21 +155,6 @@ export function pollWithTtl(
   });
 }
 
-/** Concatenates a base URL and a path ensuring that there is exactly one slash between them */
-export function concatenateUrl(baseUrl: string, path: string): string {
-  // Remove trailing slash from baseUrl if it exists
-  if (baseUrl.endsWith('/')) {
-    baseUrl = baseUrl.slice(0, -1);
-  }
-
-  // Remove leading slash from path if it exists
-  if (path.startsWith('/')) {
-    path = path.slice(1);
-  }
-
-  return `${baseUrl}/${path}`;
-}
-
 /**
  * Map over an array with bounded concurrency, preserving input order in the
  * output array. Uses a sliding-window pool of workers so the next item is
@@ -229,12 +214,12 @@ export async function mapConcurrentSettled<T, R>(
   concurrency: number,
   fn: (item: T, index: number) => Promise<R>,
 ): Promise<PromiseSettledResult<R>[]> {
-  return mapConcurrent(items, concurrency, async (item, index) => {
+  return mapConcurrent<T, PromiseSettledResult<R>>(items, concurrency, async (item, index) => {
     try {
       const value = await fn(item, index);
-      return { status: 'fulfilled', value } as PromiseFulfilledResult<R>;
+      return { status: 'fulfilled', value };
     } catch (reason) {
-      return { status: 'rejected', reason } as PromiseRejectedResult;
+      return { status: 'rejected', reason };
     }
   });
 }