@fairfox/polly 0.20.1 → 0.22.0

package/dist/src/peer.js

@@ -0,0 +1,928 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toCommonJS = (from) => {
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __moduleCache;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined")
+    return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/shared/lib/crdt-specialised.ts
+import { Counter, updateText } from "@automerge/automerge-repo";
+import { effect, signal } from "@preact/signals";
+
+// src/shared/lib/migrate-primitive.ts
+class MigrationError extends Error {
+  code;
+  key;
+  primitive;
+  constructor(message, code, key, primitive) {
+    super(message);
+    this.name = "MigrationError";
+    this.code = code;
+    this.key = key;
+    this.primitive = primitive;
+  }
+}
+
+class MigrationRegistry {
+  marks = new Set;
+  entryKey(key, primitive) {
+    return `${primitive}:${key}`;
+  }
+  mark(key, primitive) {
+    this.marks.add(this.entryKey(key, primitive));
+  }
+  isMarked(key, primitive) {
+    return this.marks.has(this.entryKey(key, primitive));
+  }
+  clear() {
+    this.marks.clear();
+  }
+  get size() {
+    return this.marks.size;
+  }
+}
+var migrationRegistry = new MigrationRegistry;
+async function migratePrimitive(source, destination, transform) {
+  if (source === destination) {
+    throw new MigrationError(`Cannot migrate a primitive to itself: "${source.key}" under ${source.primitive}.`, "same-primitive-instance", source.key, source.primitive);
+  }
+  if (migrationRegistry.isMarked(source.key, source.primitive)) {
+    throw new MigrationError(`Cannot migrate: source "${source.key}" under $${source.primitive} has already been migrated. Migrations are one-way and one-time.`, "already-migrated", source.key, source.primitive);
+  }
+  await source.loaded;
+  await destination.loaded;
+  const transformed = transform(source.value);
+  destination.value = transformed;
+  migrationRegistry.mark(source.key, source.primitive);
+}
+
+// src/shared/lib/primitive-registry.ts
+class PrimitiveCollisionError extends Error {
+  key;
+  firstPrimitive;
+  firstCallSite;
+  secondPrimitive;
+  secondCallSite;
+  constructor(key, firstPrimitive, firstCallSite, secondPrimitive, secondCallSite) {
+    const firstLocation = firstCallSite ? ` (at ${firstCallSite})` : "";
+    const secondLocation = secondCallSite ? ` (at ${secondCallSite})` : "";
+    super(`Polly primitive key collision: "${key}" is already registered as ` + `$${firstPrimitive}${firstLocation} and cannot also be registered ` + `as $${secondPrimitive}${secondLocation}. Pick a different key or ` + `use the same primitive in both places.`);
+    this.name = "PrimitiveCollisionError";
+    this.key = key;
+    this.firstPrimitive = firstPrimitive;
+    this.firstCallSite = firstCallSite;
+    this.secondPrimitive = secondPrimitive;
+    this.secondCallSite = secondCallSite;
+  }
+}
+
+class PrimitiveRegistry {
+  entries = new Map;
+  register(key, primitive, callSite) {
+    const existing = this.entries.get(key);
+    if (existing && existing.primitive !== primitive) {
+      throw new PrimitiveCollisionError(key, existing.primitive, existing.callSite, primitive, callSite);
+    }
+    if (!existing) {
+      this.entries.set(key, { primitive, callSite });
+    }
+  }
+  has(key) {
+    return this.entries.has(key);
+  }
+  kindOf(key) {
+    return this.entries.get(key)?.primitive;
+  }
+  clear() {
+    this.entries.clear();
+  }
+  get size() {
+    return this.entries.size;
+  }
+}
+var primitiveRegistry = new PrimitiveRegistry;
+
+// src/shared/lib/schema-version.ts
+var SCHEMA_VERSION_FIELD = "__schemaVersion";
+
+class SchemaVersionError extends Error {
+  code;
+  docVersion;
+  targetVersion;
+  opVersion;
+  missingVersion;
+  constructor(message, code, details = {}) {
+    super(message);
+    this.name = "SchemaVersionError";
+    this.code = code;
+    if (details.docVersion !== undefined)
+      this.docVersion = details.docVersion;
+    if (details.targetVersion !== undefined)
+      this.targetVersion = details.targetVersion;
+    if (details.opVersion !== undefined)
+      this.opVersion = details.opVersion;
+    if (details.missingVersion !== undefined)
+      this.missingVersion = details.missingVersion;
+  }
+}
+function getDocVersion(doc) {
+  if (typeof doc !== "object" || doc === null)
+    return 0;
+  const record = doc;
+  const value = record[SCHEMA_VERSION_FIELD];
+  return typeof value === "number" && Number.isInteger(value) && value >= 0 ? value : 0;
+}
+function setDocVersion(doc, version) {
+  doc[SCHEMA_VERSION_FIELD] = version;
+}
+function runMigrations(doc, targetVersion, migrations) {
+  const current = getDocVersion(doc);
+  if (current > targetVersion) {
+    throw new SchemaVersionError(`Document is at schema version ${current} but the application targets ${targetVersion}. Upgrade the application to continue.`, "doc-ahead-of-app", { docVersion: current, targetVersion });
+  }
+  for (let v = current + 1;v <= targetVersion; v++) {
+    const migration = migrations[v];
+    if (!migration) {
+      throw new SchemaVersionError(`Missing migration for schema version ${v}. Migrations must be contiguous from ${current + 1} through ${targetVersion}.`, "missing-migration", { docVersion: current, targetVersion, missingVersion: v });
+    }
+    migration(doc);
+    setDocVersion(doc, v);
+  }
+}
+function checkOpVersion(opVersion, docVersion) {
+  if (opVersion < docVersion) {
+    return { compatible: false, reason: "op-older-than-doc", opVersion, docVersion };
+  }
+  if (opVersion > docVersion) {
+    return { compatible: false, reason: "op-newer-than-doc", opVersion, docVersion };
+  }
+  return { compatible: true };
+}
+function assertOpVersion(opVersion, docVersion) {
+  const result = checkOpVersion(opVersion, docVersion);
+  if (result.compatible)
+    return;
+  const message = result.reason === "op-older-than-doc" ? `Incoming op was produced at schema version ${opVersion} but the document is at version ${docVersion}. The producing peer is behind.` : `Incoming op was produced at schema version ${opVersion} but the document is at version ${docVersion}. The current peer is behind and should upgrade.`;
+  throw new SchemaVersionError(message, result.reason, { opVersion, docVersion });
+}
+
+// src/shared/lib/crdt-specialised.ts
+function createSpecialisedPrimitive(config) {
+  if (migrationRegistry.isMarked(config.key, config.primitive)) {
+    throw new MigrationError(`Cannot construct $${config.primitive}("${config.key}"): this key has been marked as migrated. Migrations are one-way; use the destination primitive instead.`, "already-migrated", config.key, config.primitive);
+  }
+  primitiveRegistry.register(config.key, config.primitive, config.callSite);
+  const inner = signal(config.initialValue);
+  let updating = false;
+  let currentHandle;
+  const loaded = (async () => {
+    const handle = await config.getHandle();
+    await handle.whenReady();
+    currentHandle = handle;
+    if (config.schemaVersion !== undefined) {
+      const targetVersion = config.schemaVersion;
+      const migrations = config.migrations ?? {};
+      handle.change((doc) => {
+        runMigrations(doc, targetVersion, migrations);
+        setDocVersion(doc, targetVersion);
+      });
+    }
+    updating = true;
+    try {
+      inner.value = config.extractValue(handle.doc());
+    } finally {
+      updating = false;
+    }
+    handle.on("change", (payload) => {
+      if (updating)
+        return;
+      updating = true;
+      try {
+        inner.value = config.extractValue(payload.doc);
+      } finally {
+        updating = false;
+      }
+    });
+    effect(() => {
+      const value = inner.value;
+      if (updating)
+        return;
+      if (!currentHandle)
+        return;
+      updating = true;
+      try {
+        currentHandle.change((doc) => {
+          config.applyWrite(doc, value);
+        });
+      } finally {
+        updating = false;
+      }
+    });
+  })();
+  return {
+    key: config.key,
+    primitive: config.primitive,
+    get value() {
+      return inner.value;
+    },
+    set value(next) {
+      inner.value = next;
+    },
+    loaded,
+    get handle() {
+      return currentHandle;
+    }
+  };
+}
+function $crdtText(key, initialValue, options) {
+  return createSpecialisedPrimitive({
+    key,
+    primitive: options.primitive ?? "peerState",
+    initialValue,
+    getHandle: options.getHandle,
+    extractValue: (doc) => doc.text ?? "",
+    applyWrite: (doc, value) => {
+      if (doc.text === undefined) {
+        doc.text = value;
+      } else {
+        updateText(doc, ["text"], value);
+      }
+    },
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access,
+    callSite: options.callSite
+  });
+}
+function $crdtCounter(key, initialValue, options) {
+  return createSpecialisedPrimitive({
+    key,
+    primitive: options.primitive ?? "peerState",
+    initialValue,
+    getHandle: options.getHandle,
+    extractValue: (doc) => {
+      const c = doc.count;
+      if (c === undefined)
+        return 0;
+      return c.value;
+    },
+    applyWrite: (doc, value) => {
+      const existing = doc.count;
+      if (existing === undefined) {
+        doc.count = new Counter(value);
+      } else {
+        const delta = value - existing.value;
+        if (delta !== 0) {
+          existing.increment(delta);
+        }
+      }
+    },
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access,
+    callSite: options.callSite
+  });
+}
+function $crdtList(key, initialValue, options) {
+  return createSpecialisedPrimitive({
+    key,
+    primitive: options.primitive ?? "peerState",
+    initialValue,
+    getHandle: options.getHandle,
+    extractValue: (doc) => doc.items ? [...doc.items] : [],
+    applyWrite: (doc, value) => {
+      doc.items = [...value];
+    },
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access,
+    callSite: options.callSite
+  });
+}
+// src/shared/lib/crdt-state.ts
+import { effect as effect2, signal as signal2 } from "@preact/signals";
+function $crdtState(options) {
+  if (migrationRegistry.isMarked(options.key, options.primitive)) {
+    throw new MigrationError(`Cannot construct $${options.primitive}("${options.key}"): this key has been marked as migrated. Migrations are one-way; use the destination primitive instead.`, "already-migrated", options.key, options.primitive);
+  }
+  primitiveRegistry.register(options.key, options.primitive, options.callSite);
+  const inner = signal2(options.initialValue);
+  let updating = false;
+  let currentHandle;
+  const loaded = (async () => {
+    const handle = await options.getHandle();
+    await handle.whenReady();
+    currentHandle = handle;
+    if (options.schemaVersion !== undefined) {
+      const targetVersion = options.schemaVersion;
+      const migrations = options.migrations ?? {};
+      handle.change((doc) => {
+        runMigrations(doc, targetVersion, migrations);
+        setDocVersion(doc, targetVersion);
+      });
+    }
+    updating = true;
+    try {
+      inner.value = cloneDoc(handle.doc());
+    } finally {
+      updating = false;
+    }
+    handle.on("change", (payload) => {
+      if (updating)
+        return;
+      updating = true;
+      try {
+        inner.value = cloneDoc(payload.doc);
+      } finally {
+        updating = false;
+      }
+    });
+    effect2(() => {
+      const value = inner.value;
+      if (updating)
+        return;
+      if (!currentHandle)
+        return;
+      updating = true;
+      try {
+        currentHandle.change((doc) => {
+          applyTopLevel(doc, value);
+        });
+      } finally {
+        updating = false;
+      }
+    });
+  })();
+  return {
+    key: options.key,
+    primitive: options.primitive,
+    get value() {
+      return inner.value;
+    },
+    set value(next) {
+      inner.value = next;
+    },
+    loaded,
+    get handle() {
+      return currentHandle;
+    }
+  };
+}
+function cloneDoc(doc) {
+  return JSON.parse(JSON.stringify(doc));
+}
+function applyTopLevel(doc, value) {
+  for (const key of Object.keys(value)) {
+    if (key === SCHEMA_VERSION_FIELD)
+      continue;
+    doc[key] = value[key];
+  }
+}
+// src/shared/lib/peer-relay-adapter.ts
+import { Repo } from "@automerge/automerge-repo";
+import { WebSocketClientAdapter } from "@automerge/automerge-repo-network-websocket";
+import { signal as signal3 } from "@preact/signals";
+
+// src/shared/lib/mesh-network-adapter.ts
+import {
+  NetworkAdapter
+} from "@automerge/automerge-repo";
+
+// src/shared/lib/encryption.ts
+import nacl from "tweetnacl";
+var KEY_BYTES = 32;
+var NONCE_BYTES = 24;
+var TAG_BYTES = 16;
+
+class EncryptionError extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "EncryptionError";
+    this.code = code;
+  }
+}
+function generateDocumentKey() {
+  return nacl.randomBytes(KEY_BYTES);
+}
+function encrypt(payload, key) {
+  if (key.length !== KEY_BYTES) {
+    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
+  }
+  const nonce = nacl.randomBytes(NONCE_BYTES);
+  const ciphertext = nacl.secretbox(payload, nonce, key);
+  const out = new Uint8Array(NONCE_BYTES + ciphertext.length);
+  out.set(nonce, 0);
+  out.set(ciphertext, NONCE_BYTES);
+  return out;
+}
+function decrypt(sealed, key) {
+  if (key.length !== KEY_BYTES) {
+    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
+  }
+  if (sealed.length < NONCE_BYTES + TAG_BYTES) {
+    return;
+  }
+  const nonce = sealed.subarray(0, NONCE_BYTES);
+  const ciphertext = sealed.subarray(NONCE_BYTES);
+  const opened = nacl.secretbox.open(ciphertext, nonce, key);
+  return opened ?? undefined;
+}
+function decryptOrThrow(sealed, key) {
+  const opened = decrypt(sealed, key);
+  if (!opened) {
+    throw new EncryptionError(`Failed to decrypt sealed blob: wrong key, malformed input, or tampered ciphertext.`, "decrypt-failed");
+  }
+  return opened;
+}
+function sealEnvelope(payload, documentId, key) {
+  return {
+    documentId,
+    sealed: encrypt(payload, key)
+  };
+}
+function openEnvelope(envelope, key) {
+  return decryptOrThrow(envelope.sealed, key);
+}
+function encodeEncryptedEnvelope(envelope) {
+  const idBytes = new TextEncoder().encode(envelope.documentId);
+  const out = new Uint8Array(4 + idBytes.length + envelope.sealed.length);
+  const view = new DataView(out.buffer);
+  view.setUint32(0, idBytes.length, false);
+  out.set(idBytes, 4);
+  out.set(envelope.sealed, 4 + idBytes.length);
+  return out;
+}
+function decodeEncryptedEnvelope(bytes) {
+  if (bytes.length < 4) {
+    throw new EncryptionError(`Encrypted envelope too short: ${bytes.length} bytes.`, "envelope-malformed");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const idLen = view.getUint32(0, false);
+  if (bytes.length < 4 + idLen) {
+    throw new EncryptionError(`Encrypted envelope truncated: declared id length ${idLen}, total ${bytes.length}.`, "envelope-malformed");
+  }
+  const documentId = new TextDecoder().decode(bytes.subarray(4, 4 + idLen));
+  const sealed = bytes.slice(4 + idLen);
+  return { documentId, sealed };
+}
+
+// src/shared/lib/signing.ts
+import nacl2 from "tweetnacl";
+var PUBLIC_KEY_BYTES = 32;
+var SECRET_KEY_BYTES = 64;
+var SIGNATURE_BYTES = 64;
+
+class SigningError extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "SigningError";
+    this.code = code;
+  }
+}
+function generateSigningKeyPair() {
+  const pair = nacl2.sign.keyPair();
+  return {
+    publicKey: pair.publicKey,
+    secretKey: pair.secretKey
+  };
+}
+function signingKeyPairFromSecret(secretKey) {
+  if (secretKey.length !== SECRET_KEY_BYTES) {
+    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
+  }
+  const pair = nacl2.sign.keyPair.fromSecretKey(secretKey);
+  return {
+    publicKey: pair.publicKey,
+    secretKey: pair.secretKey
+  };
+}
+function sign(payload, secretKey) {
+  if (secretKey.length !== SECRET_KEY_BYTES) {
+    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
+  }
+  return nacl2.sign.detached(payload, secretKey);
+}
+function verify(payload, signature, publicKey) {
+  if (publicKey.length !== PUBLIC_KEY_BYTES) {
+    throw new SigningError(`Ed25519 public key must be ${PUBLIC_KEY_BYTES} bytes, got ${publicKey.length}.`, "invalid-public-key");
+  }
+  if (signature.length !== SIGNATURE_BYTES) {
+    throw new SigningError(`Ed25519 signature must be ${SIGNATURE_BYTES} bytes, got ${signature.length}.`, "invalid-signature-length");
+  }
+  return nacl2.sign.detached.verify(payload, signature, publicKey);
+}
+function signEnvelope(payload, senderId, secretKey) {
+  const signature = sign(payload, secretKey);
+  return { senderId, payload, signature };
+}
+function openEnvelope2(envelope, publicKey) {
+  const ok = verify(envelope.payload, envelope.signature, publicKey);
+  if (!ok) {
+    throw new SigningError(`Signature verification failed for envelope from ${envelope.senderId}.`, "envelope-malformed");
+  }
+  return envelope.payload;
+}
+function encodeSignedEnvelope(envelope) {
+  const senderBytes = new TextEncoder().encode(envelope.senderId);
+  const total = 4 + senderBytes.length + SIGNATURE_BYTES + envelope.payload.length;
+  const out = new Uint8Array(total);
+  const view = new DataView(out.buffer);
+  view.setUint32(0, senderBytes.length, false);
+  out.set(senderBytes, 4);
+  out.set(envelope.signature, 4 + senderBytes.length);
+  out.set(envelope.payload, 4 + senderBytes.length + SIGNATURE_BYTES);
+  return out;
+}
+function decodeSignedEnvelope(bytes) {
+  if (bytes.length < 4 + SIGNATURE_BYTES) {
+    throw new SigningError(`Envelope too short: ${bytes.length} bytes, need at least ${4 + SIGNATURE_BYTES}.`, "envelope-malformed");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const senderLen = view.getUint32(0, false);
+  if (bytes.length < 4 + senderLen + SIGNATURE_BYTES) {
+    throw new SigningError(`Envelope truncated: declared sender length ${senderLen}, total ${bytes.length}.`, "envelope-malformed");
+  }
+  const senderId = new TextDecoder().decode(bytes.subarray(4, 4 + senderLen));
+  const signature = bytes.slice(4 + senderLen, 4 + senderLen + SIGNATURE_BYTES);
+  const payload = bytes.slice(4 + senderLen + SIGNATURE_BYTES);
+  return { senderId, payload, signature };
+}
+
+// src/shared/lib/mesh-network-adapter.ts
+var DEFAULT_MESH_KEY_ID = "polly-mesh-default";
+
+class MeshNetworkAdapter extends NetworkAdapter {
+  base;
+  keyring;
+  encryptionEnabled;
+  constructor(options) {
+    super();
+    this.base = options.base;
+    this.keyring = options.keyring;
+    this.encryptionEnabled = options.encryptionEnabled ?? true;
+    this.base.on("close", () => this.emit("close"));
+    this.base.on("peer-candidate", (payload) => this.emit("peer-candidate", payload));
+    this.base.on("peer-disconnected", (payload) => this.emit("peer-disconnected", payload));
+    this.base.on("message", (rawMessage) => {
+      const unwrapped = this.tryUnwrap(rawMessage);
+      if (unwrapped) {
+        this.emit("message", unwrapped);
+      }
+    });
+  }
+  isReady() {
+    return this.base.isReady();
+  }
+  whenReady() {
+    return this.base.whenReady();
+  }
+  connect(peerId, peerMetadata) {
+    this.peerId = peerId;
+    if (peerMetadata !== undefined) {
+      this.peerMetadata = peerMetadata;
+    }
+    this.base.connect(peerId, peerMetadata);
+  }
+  disconnect() {
+    this.base.disconnect();
+  }
+  send(message) {
+    const wrapped = this.wrap(message);
+    this.base.send(wrapped);
+  }
+  wrap(message) {
+    const serialised = serialiseMessage(message);
+    let payloadToSign;
+    if (this.encryptionEnabled) {
+      const docKey = this.keyring.documentKeys.get(DEFAULT_MESH_KEY_ID);
+      if (!docKey) {
+        throw new Error(`MeshNetworkAdapter: missing document encryption key under id "${DEFAULT_MESH_KEY_ID}". Provision the key in the keyring before sending.`);
+      }
+      const encrypted = sealEnvelope(serialised, DEFAULT_MESH_KEY_ID, docKey);
+      payloadToSign = encodeEncryptedEnvelope(encrypted);
+    } else {
+      payloadToSign = serialised;
+    }
+    const signed = signEnvelope(payloadToSign, message.senderId, this.keyring.identity.secretKey);
+    const signedBytes = encodeSignedEnvelope(signed);
+    return {
+      type: message.type,
+      senderId: message.senderId,
+      targetId: message.targetId,
+      data: signedBytes
+    };
+  }
+  tryUnwrap(message) {
+    if (!message.data)
+      return;
+    let signed;
+    try {
+      signed = decodeSignedEnvelope(message.data);
+    } catch {
+      return;
+    }
+    if (this.keyring.revokedPeers.has(signed.senderId)) {
+      return;
+    }
+    const senderKey = this.keyring.knownPeers.get(signed.senderId);
+    if (!senderKey) {
+      return;
+    }
+    let verifiedPayload;
+    try {
+      verifiedPayload = openEnvelope2(signed, senderKey);
+    } catch {
+      return;
+    }
+    if (!this.encryptionEnabled) {
+      return deserialiseMessage(verifiedPayload);
+    }
+    let encrypted;
+    try {
+      encrypted = decodeEncryptedEnvelope(verifiedPayload);
+    } catch {
+      return;
+    }
+    const docKey = this.keyring.documentKeys.get(encrypted.documentId);
+    if (!docKey) {
+      return;
+    }
+    let plaintext;
+    try {
+      plaintext = openEnvelope(encrypted, docKey);
+    } catch {
+      return;
+    }
+    return deserialiseMessage(plaintext);
+  }
+}
+function serialiseMessage(message) {
+  const headerObj = {
+    type: message.type,
+    senderId: message.senderId,
+    targetId: message.targetId
+  };
+  if ("documentId" in message && message.documentId !== undefined) {
+    headerObj["documentId"] = message.documentId;
+  }
+  if ("count" in message && message.count !== undefined) {
+    headerObj["count"] = message.count;
+  }
+  if ("sessionId" in message && message.sessionId !== undefined) {
+    headerObj["sessionId"] = message.sessionId;
+  }
+  const headerBytes = new TextEncoder().encode(JSON.stringify(headerObj));
+  const dataBytes = "data" in message && message.data instanceof Uint8Array ? message.data : new Uint8Array(0);
+  const out = new Uint8Array(4 + headerBytes.length + dataBytes.length);
+  const view = new DataView(out.buffer);
+  view.setUint32(0, headerBytes.length, false);
+  out.set(headerBytes, 4);
+  out.set(dataBytes, 4 + headerBytes.length);
+  return out;
+}
+function deserialiseMessage(bytes) {
+  if (bytes.length < 4) {
+    throw new Error("MeshNetworkAdapter: message too short to deserialise.");
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const headerLen = view.getUint32(0, false);
+  if (bytes.length < 4 + headerLen) {
+    throw new Error("MeshNetworkAdapter: message header truncated.");
+  }
+  const header = JSON.parse(new TextDecoder().decode(bytes.subarray(4, 4 + headerLen)));
+  const data = bytes.slice(4 + headerLen);
+  return { ...header, data };
+}
+
+// src/shared/lib/peer-relay-adapter.ts
+function createPeerStateClient(options) {
+  if (options.sign && !options.keyring) {
+    throw new Error("Polly createPeerStateClient: { sign: true } requires a keyring. Pass { keyring: { identity, knownPeers, documentKeys: new Map(), revokedPeers: new Set() } } to enable signing.");
+  }
+  const adapter = new WebSocketClientAdapter(options.url, options.retryInterval);
+  const connectionState = signal3("connecting");
+  adapter.on("peer-candidate", () => {
+    connectionState.value = "connected";
+  });
+  adapter.on("peer-disconnected", () => {
+    connectionState.value = "disconnected";
+  });
+  adapter.on("close", () => {
+    connectionState.value = "disconnected";
+  });
+  const networkAdapter = options.sign && options.keyring ? new MeshNetworkAdapter({
+    base: adapter,
+    keyring: options.keyring,
+    encryptionEnabled: false
+  }) : adapter;
+  const repo = new Repo({
+    network: [networkAdapter],
+    ...options.storage !== undefined && { storage: options.storage }
+  });
+  return {
+    repo,
+    connectionState,
+    adapter,
+    signEnabled: options.sign === true,
+    close: async () => {
+      await repo.shutdown();
+    }
+  };
+}
+// src/shared/lib/peer-repo-server.ts
+import { Repo as Repo2 } from "@automerge/automerge-repo";
+import { WebSocketServerAdapter } from "@automerge/automerge-repo-network-websocket";
+import { NodeFSStorageAdapter } from "@automerge/automerge-repo-storage-nodefs";
+import * as ws from "ws";
+async function createPeerRepoServer(options) {
+  const wss = await (options.webSocketServer ? Promise.resolve(options.webSocketServer) : new Promise((resolve, reject) => {
+    const created = new ws.WebSocketServer({
+      port: options.port,
+      ...options.host !== undefined && { host: options.host }
+    }, () => resolve(created));
+    created.once("error", reject);
+  }));
+  const adapter = new WebSocketServerAdapter(wss);
+  const storage = new NodeFSStorageAdapter(options.storagePath);
+  const repo = new Repo2({
+    network: [adapter],
+    storage
+  });
+  await repo.storageId();
+  return {
+    repo,
+    webSocketServer: wss,
+    adapter,
+    storage,
+    close: async () => {
+      for (const client of wss.clients) {
+        try {
+          client.terminate();
+        } catch {}
+      }
+      repo.shutdown();
+      try {
+        wss.close();
+      } catch {}
+    }
+  };
+}
+// src/shared/lib/peer-state.ts
+var keyMapsByRepo = new WeakMap;
+var signingEnabledRepos = new WeakSet;
+var defaultRepo;
+function configurePeerState(repo, options) {
+  defaultRepo = repo;
+  keyMapsByRepo.set(repo, new Map);
+  if (options?.signEnabled) {
+    signingEnabledRepos.add(repo);
+  }
+}
+function resetPeerState() {
+  defaultRepo = undefined;
+}
+function resolveRepo(option) {
+  const repo = option ?? defaultRepo;
+  if (!repo) {
+    throw new Error("Polly $peerState: no Repo configured. Call configurePeerState(repo) at startup or pass { repo } in the primitive options.");
+  }
+  return repo;
+}
+function getKeyMap(repo) {
+  let map = keyMapsByRepo.get(repo);
+  if (!map) {
+    map = new Map;
+    keyMapsByRepo.set(repo, map);
+  }
+  return map;
+}
+function validateSignOption(options, repo) {
+  if (!options.sign)
+    return;
+  if (!signingEnabledRepos.has(repo)) {
+    throw new Error("Polly $peerState: { sign: true } was passed to the primitive but the configured Repo does not have signing enabled. " + "Pass { sign: true, keyring: ... } to createPeerStateClient to enable signing at the transport level, " + "then call configurePeerState(client.repo, { signEnabled: true }).");
+  }
+}
+function buildHandleFactory(repo, key, initialDoc) {
+  return async () => {
+    const map = getKeyMap(repo);
+    const existingId = map.get(key);
+    if (existingId !== undefined) {
+      return repo.find(existingId);
+    }
+    const handle = repo.create(initialDoc);
+    map.set(key, handle.documentId);
+    return handle;
+  };
+}
+function $peerState(key, initialValue, options = {}) {
+  const repo = resolveRepo(options.repo);
+  validateSignOption(options, repo);
+  return $crdtState({
+    key,
+    primitive: "peerState",
+    initialValue,
+    getHandle: buildHandleFactory(repo, key, initialValue),
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access
+  });
+}
+function $peerText(key, initialValue, options = {}) {
+  const repo = resolveRepo(options.repo);
+  validateSignOption(options, repo);
+  return $crdtText(key, initialValue, {
+    primitive: "peerState",
+    getHandle: buildHandleFactory(repo, key, { text: initialValue }),
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access
+  });
+}
+function $peerCounter(key, initialValue, options = {}) {
+  const repo = resolveRepo(options.repo);
+  validateSignOption(options, repo);
+  return $crdtCounter(key, initialValue, {
+    primitive: "peerState",
+    getHandle: buildHandleFactory(repo, key, {}),
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access
+  });
+}
+function $peerList(key, initialValue, options = {}) {
+  const repo = resolveRepo(options.repo);
+  validateSignOption(options, repo);
+  return $crdtList(key, initialValue, {
+    primitive: "peerState",
+    getHandle: buildHandleFactory(repo, key, { items: initialValue }),
+    schemaVersion: options.schemaVersion,
+    migrations: options.migrations,
+    access: options.access
+  });
+}
+export {
+  resetPeerState,
+  migratePrimitive,
+  getDocVersion,
+  createPeerStateClient,
+  createPeerRepoServer,
+  configurePeerState,
+  checkOpVersion,
+  assertOpVersion,
+  SchemaVersionError,
+  SCHEMA_VERSION_FIELD,
+  PrimitiveCollisionError,
+  MigrationError,
+  $peerText,
+  $peerState,
+  $peerList,
+  $peerCounter,
+  $crdtText,
+  $crdtState,
+  $crdtList,
+  $crdtCounter
+};
+
+//# debugId=81EED7520484C6A364756E2164756E21