@hashgraphonline/standards-sdk 0.1.143 → 0.1.144

package/dist/es/standards-sdk.es133.js

@@ -1,89 +1,183 @@
-import { Logger } from "./standards-sdk.es106.js";
-class ContentResolverRegistryImpl {
-  constructor() {
-    this.resolver = null;
-    this.onUnavailableCallbacks = [];
-    this.logger = Logger.getInstance({ module: "ContentResolverRegistry" });
+import { Buffer } from "buffer";
+import { ledgerChallengeResponseSchema, ledgerVerifyResponseSchema } from "./standards-sdk.es157.js";
+import { canonicalizeLedgerNetwork } from "./standards-sdk.es139.js";
+import { createPrivateKeySigner } from "./standards-sdk.es138.js";
+import { RegistryBrokerClient } from "./standards-sdk.es136.js";
+async function loadViemAccount(privateKey) {
+  try {
+    const viem = await import("viem/accounts");
+    return viem.privateKeyToAccount(privateKey);
+  } catch (error) {
+    const err = new Error(
+      'EVM ledger authentication requires the optional dependency "viem". Install it to use evmPrivateKey flows.'
+    );
+    err.cause = error;
+    throw err;
   }
-  static getInstance() {
-    if (!ContentResolverRegistryImpl._instance) {
-      ContentResolverRegistryImpl._instance = new ContentResolverRegistryImpl();
+}
+async function resolveLedgerAuthSignature(message, options) {
+  if (typeof options.sign === "function") {
+    const result = await options.sign(message);
+    if (!result || typeof result.signature !== "string" || result.signature.length === 0) {
+      throw new Error("Custom ledger signer failed to produce a signature.");
     }
-    return ContentResolverRegistryImpl._instance;
+    return result;
   }
-  /**
-   * Register a content resolver (typically called by ContentStoreManager)
-   */
-  register(resolver) {
-    if (this.resolver) {
-      this.logger.warn("Resolver already registered, replacing existing");
-    }
-    this.resolver = resolver;
-    this.logger.info("Content resolver registered");
+  if (!options.signer || typeof options.signer.sign !== "function") {
+    throw new Error(
+      "Ledger authentication requires a Hedera Signer or custom sign function."
+    );
   }
-  /**
-   * Get the registered content resolver
-   */
-  getResolver() {
-    return this.resolver;
+  const payload = Buffer.from(message, "utf8");
+  const signatures = await options.signer.sign([payload]);
+  const signatureEntry = signatures?.[0];
+  if (!signatureEntry) {
+    throw new Error("Signer did not return any signatures.");
   }
-  /**
-   * Check if a resolver is available
-   */
-  isAvailable() {
-    return this.resolver !== null;
+  let derivedPublicKey;
+  if (signatureEntry.publicKey) {
+    derivedPublicKey = signatureEntry.publicKey.toString();
+  } else if (typeof options.signer.getAccountKey === "function") {
+    const accountKey = await options.signer.getAccountKey();
+    if (accountKey && typeof accountKey.toString === "function") {
+      derivedPublicKey = accountKey.toString();
+    }
   }
-  /**
-   * Unregister the current resolver
-   */
-  unregister() {
-    if (this.resolver) {
-      this.resolver = null;
-      this.logger.info("Content resolver unregistered");
-      this.onUnavailableCallbacks.forEach((callback) => {
-        try {
-          callback();
-        } catch (error) {
-          this.logger.error("Error in unavailable callback:", error);
-        }
-      });
+  return {
+    signature: Buffer.from(signatureEntry.signature).toString("base64"),
+    signatureKind: "raw",
+    publicKey: derivedPublicKey
+  };
+}
+RegistryBrokerClient.prototype.createLedgerChallenge = async function(payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
+  const raw = await this.requestJson("/auth/ledger/challenge", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: {
+      accountId: payload.accountId,
+      network
     }
+  });
+  return this.parseWithSchema(
+    raw,
+    ledgerChallengeResponseSchema,
+    "ledger challenge response"
+  );
+};
+RegistryBrokerClient.prototype.verifyLedgerChallenge = async function(payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
+  const body = {
+    challengeId: payload.challengeId,
+    accountId: payload.accountId,
+    network,
+    signature: payload.signature
+  };
+  if (payload.signatureKind) {
+    body.signatureKind = payload.signatureKind;
   }
-  /**
-   * Register callback for when resolver becomes unavailable
-   */
-  onUnavailable(callback) {
-    this.onUnavailableCallbacks.push(callback);
+  if (payload.publicKey) {
+    body.publicKey = payload.publicKey;
   }
-  /**
-   * Remove unavailable callback
-   */
-  offUnavailable(callback) {
-    const index = this.onUnavailableCallbacks.indexOf(callback);
-    if (index !== -1) {
-      this.onUnavailableCallbacks.splice(index, 1);
-    }
+  if (typeof payload.expiresInMinutes === "number") {
+    body.expiresInMinutes = payload.expiresInMinutes;
   }
-  /**
-   * Execute operation with resolver or fallback
-   */
-  async withResolver(operation, fallback) {
-    if (this.resolver) {
-      try {
-        return await operation(this.resolver);
-      } catch (error) {
-        this.logger.warn("Resolver operation failed, using fallback:", error);
-        return await fallback();
-      }
-    } else {
-      this.logger.warn("No resolver available, using fallback");
-      return await fallback();
+  const raw = await this.requestJson("/auth/ledger/verify", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body
+  });
+  const result = this.parseWithSchema(
+    raw,
+    ledgerVerifyResponseSchema,
+    "ledger verification response"
+  );
+  this.setLedgerApiKey(result.key);
+  return result;
+};
+RegistryBrokerClient.prototype.authenticateWithLedger = async function(options) {
+  const challenge = await this.createLedgerChallenge({
+    accountId: options.accountId,
+    network: options.network
+  });
+  const signed = await resolveLedgerAuthSignature(challenge.message, options);
+  const verification = await this.verifyLedgerChallenge({
+    challengeId: challenge.challengeId,
+    accountId: options.accountId,
+    network: options.network,
+    signature: signed.signature,
+    signatureKind: signed.signatureKind,
+    publicKey: signed.publicKey,
+    expiresInMinutes: options.expiresInMinutes
+  });
+  return verification;
+};
+RegistryBrokerClient.prototype.authenticateWithLedgerCredentials = async function(options) {
+  const {
+    accountId,
+    network,
+    signer,
+    sign,
+    hederaPrivateKey,
+    evmPrivateKey,
+    expiresInMinutes,
+    setAccountHeader = true,
+    label,
+    logger
+  } = options;
+  const resolvedNetwork = canonicalizeLedgerNetwork(network);
+  const labelSuffix = label ? ` for ${label}` : "";
+  const networkPayload = resolvedNetwork.canonical;
+  const authOptions = {
+    accountId,
+    network: networkPayload,
+    expiresInMinutes
+  };
+  if (sign) {
+    authOptions.sign = sign;
+  } else if (signer) {
+    authOptions.signer = signer;
+  } else if (hederaPrivateKey) {
+    if (resolvedNetwork.kind !== "hedera" || !resolvedNetwork.hederaNetwork) {
+      throw new Error(
+        "hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks."
+      );
+    }
+    authOptions.signer = createPrivateKeySigner({
+      accountId,
+      privateKey: hederaPrivateKey,
+      network: resolvedNetwork.hederaNetwork
+    });
+  } else if (evmPrivateKey) {
+    if (resolvedNetwork.kind !== "evm") {
+      throw new Error(
+        "evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>)."
+      );
     }
+    const formattedKey = evmPrivateKey.startsWith("0x") ? evmPrivateKey : `0x${evmPrivateKey}`;
+    const account = await loadViemAccount(formattedKey);
+    authOptions.sign = async (message) => ({
+      signature: await account.signMessage({ message }),
+      signatureKind: "evm",
+      publicKey: account.publicKey
+    });
+  } else {
+    throw new Error(
+      "Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger."
+    );
   }
-}
-const ContentResolverRegistry = ContentResolverRegistryImpl.getInstance();
-export {
-  ContentResolverRegistry,
-  ContentResolverRegistryImpl
+  logger?.info?.(
+    `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`
+  );
+  const verification = await this.authenticateWithLedger(authOptions);
+  if (setAccountHeader) {
+    this.setDefaultHeader("x-account-id", verification.accountId);
+  }
+  logger?.info?.(
+    `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}…${verification.apiKey.lastFour}`
+  );
+  return verification;
 };
 //# sourceMappingURL=standards-sdk.es133.js.map

package/dist/es/standards-sdk.es133.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es133.js","sources":["../../src/content-store/ContentResolverRegistry.ts"],"sourcesContent":["/**\n * Content Resolver Registry\n *\n * Dependency injection registry for content resolvers.\n * Allows tools to access content resolution without circular dependencies.\n */\n\nimport type { ContentResolverInterface } from './types';\nimport { Logger } from '../utils/logger';\n\nexport class ContentResolverRegistryImpl {\n  private static _instance: ContentResolverRegistryImpl;\n  private resolver: ContentResolverInterface | null = null;\n  private onUnavailableCallbacks: (() => void)[] = [];\n  private logger = Logger.getInstance({ module: 'ContentResolverRegistry' });\n\n  static getInstance(): ContentResolverRegistryImpl {\n    if (!ContentResolverRegistryImpl._instance) {\n      ContentResolverRegistryImpl._instance = new ContentResolverRegistryImpl();\n    }\n    return ContentResolverRegistryImpl._instance;\n  }\n\n  /**\n   * Register a content resolver (typically called by ContentStoreManager)\n   */\n  register(resolver: ContentResolverInterface): void {\n    if (this.resolver) {\n      this.logger.warn('Resolver already registered, replacing existing');\n    }\n    this.resolver = resolver;\n    this.logger.info('Content resolver registered');\n  }\n\n  /**\n   * Get the registered content resolver\n   */\n  getResolver(): ContentResolverInterface | null {\n    return this.resolver;\n  }\n\n  /**\n   * Check if a resolver is available\n   */\n  isAvailable(): boolean {\n    return this.resolver !== null;\n  }\n\n  /**\n   * Unregister the current resolver\n   */\n  unregister(): void {\n    if (this.resolver) {\n      this.resolver = null;\n      this.logger.info('Content resolver unregistered');\n      this.onUnavailableCallbacks.forEach(callback => {\n        try {\n          callback();\n        } catch (error) {\n          this.logger.error('Error in unavailable callback:', error);\n        }\n      });\n    }\n  }\n\n  /**\n   * Register callback for when resolver becomes unavailable\n   */\n  onUnavailable(callback: () => void): void {\n    this.onUnavailableCallbacks.push(callback);\n  }\n\n  /**\n   * Remove unavailable callback\n   */\n  offUnavailable(callback: () => void): void {\n    const index = this.onUnavailableCallbacks.indexOf(callback);\n    if (index !== -1) {\n      this.onUnavailableCallbacks.splice(index, 1);\n    }\n  }\n\n  /**\n   * Execute operation with resolver or fallback\n   */\n  async withResolver<T>(\n    operation: (resolver: ContentResolverInterface) => Promise<T>,\n    fallback: () => Promise<T>,\n  ): Promise<T> {\n    if (this.resolver) {\n      try {\n        return await operation(this.resolver);\n      } catch (error) {\n        this.logger.warn('Resolver operation failed, using fallback:', error);\n        return await fallback();\n      }\n    } else {\n      this.logger.warn('No resolver available, using fallback');\n      return await fallback();\n    }\n  }\n}\n\nexport const ContentResolverRegistry =\n  ContentResolverRegistryImpl.getInstance();\n"],"names":[],"mappings":";AAUO,MAAM,4BAA4B;AAAA,EAAlC,cAAA;AAEL,SAAQ,WAA4C;AACpD,SAAQ,yBAAyC,CAAA;AACjD,SAAQ,SAAS,OAAO,YAAY,EAAE,QAAQ,2BAA2B;AAAA,EAAA;AAAA,EAEzE,OAAO,cAA2C;AAChD,QAAI,CAAC,4BAA4B,WAAW;AAC1C,kCAA4B,YAAY,IAAI,4BAAA;AAAA,IAC9C;AACA,WAAO,4BAA4B;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,UAA0C;AACjD,QAAI,KAAK,UAAU;AACjB,WAAK,OAAO,KAAK,iDAAiD;AAAA,IACpE;AACA,SAAK,WAAW;AAChB,SAAK,OAAO,KAAK,6BAA6B;AAAA,EAChD;AAAA;AAAA;AAAA;AAAA,EAKA,cAA+C;AAC7C,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,QAAI,KAAK,UAAU;AACjB,WAAK,WAAW;AAChB,WAAK,OAAO,KAAK,+BAA+B;AAChD,WAAK,uBAAuB,QAAQ,CAAA,aAAY;AAC9C,YAAI;AACF,mBAAA;AAAA,QACF,SAAS,OAAO;AACd,eAAK,OAAO,MAAM,kCAAkC,KAAK;AAAA,QAC3D;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,UAA4B;AACxC,SAAK,uBAAuB,KAAK,QAAQ;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,UAA4B;AACzC,UAAM,QAAQ,KAAK,uBAAuB,QAAQ,QAAQ;AAC1D,QAAI,UAAU,IAAI;AAChB,WAAK,uBAAuB,OAAO,OAAO,CAAC;AAAA,IAC7C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aACJ,WACA,UACY;AACZ,QAAI,KAAK,UAAU;AACjB,UAAI;AACF,eAAO,MAAM,UAAU,KAAK,QAAQ;AAAA,MACtC,SAAS,OAAO;AACd,aAAK,OAAO,KAAK,8CAA8C,KAAK;AACpE,eAAO,MAAM,SAAA;AAAA,MACf;AAAA,IACF,OAAO;AACL,WAAK,OAAO,KAAK,uCAAuC;AACxD,aAAO,MAAM,SAAA;AAAA,IACf;AAAA,EACF;AACF;AAEO,MAAM,0BACX,4BAA4B,YAAA;"}
+{"version":3,"file":"standards-sdk.es133.js","sources":["../../src/services/registry-broker/client/ledger-auth.ts"],"sourcesContent":["import { Buffer } from 'buffer';\nimport type { SignerSignature } from '@hashgraph/sdk';\nimport type {\n  JsonObject,\n  JsonValue,\n  LedgerAuthenticationOptions,\n  LedgerAuthenticationSignerResult,\n  LedgerChallengeRequest,\n  LedgerChallengeResponse,\n  LedgerCredentialAuthOptions,\n  LedgerVerifyRequest,\n  LedgerVerifyResponse,\n} from '../types';\nimport {\n  ledgerChallengeResponseSchema,\n  ledgerVerifyResponseSchema,\n} from '../schemas';\nimport { canonicalizeLedgerNetwork } from '../ledger-network';\nimport { createPrivateKeySigner } from '../private-key-signer';\nimport { RegistryBrokerClient } from './base-client';\n\ndeclare module './base-client' {\n  interface RegistryBrokerClient {\n    createLedgerChallenge(\n      payload: LedgerChallengeRequest,\n    ): Promise<LedgerChallengeResponse>;\n    verifyLedgerChallenge(\n      payload: LedgerVerifyRequest,\n    ): Promise<LedgerVerifyResponse>;\n    authenticateWithLedger(\n      options: LedgerAuthenticationOptions,\n    ): Promise<LedgerVerifyResponse>;\n    authenticateWithLedgerCredentials(\n      options: LedgerCredentialAuthOptions,\n    ): Promise<LedgerVerifyResponse>;\n  }\n}\n\nasync function loadViemAccount(privateKey: `0x${string}`): Promise<{\n  publicKey: string;\n  signMessage: (input: { message: string }) => Promise<string>;\n}> {\n  try {\n    const viem = await import('viem/accounts');\n    return viem.privateKeyToAccount(privateKey);\n  } catch (error) {\n    const err = new Error(\n      'EVM ledger authentication requires the optional dependency \"viem\". Install it to use evmPrivateKey flows.',\n    );\n    (err as { cause?: unknown }).cause = error;\n    throw err;\n  }\n}\n\nasync function resolveLedgerAuthSignature(\n  message: string,\n  options: LedgerAuthenticationOptions,\n): Promise<LedgerAuthenticationSignerResult> {\n  if (typeof options.sign === 'function') {\n    const result = await options.sign(message);\n    if (\n      !result ||\n      typeof result.signature !== 'string' ||\n      result.signature.length === 0\n    ) {\n      throw new Error('Custom ledger signer failed to produce a signature.');\n    }\n    return result;\n  }\n\n  if (!options.signer || typeof options.signer.sign !== 'function') {\n    throw new Error(\n      'Ledger authentication requires a Hedera Signer or custom sign function.',\n    );\n  }\n\n  const payload = Buffer.from(message, 'utf8');\n  const signatures: SignerSignature[] = await options.signer.sign([payload]);\n  const signatureEntry = signatures?.[0];\n  if (!signatureEntry) {\n    throw new Error('Signer did not return any signatures.');\n  }\n\n  let derivedPublicKey: string | undefined;\n  if (signatureEntry.publicKey) {\n    derivedPublicKey = signatureEntry.publicKey.toString();\n  } else if (typeof options.signer.getAccountKey === 'function') {\n    const accountKey = await options.signer.getAccountKey();\n    if (accountKey && typeof accountKey.toString === 'function') {\n      derivedPublicKey = accountKey.toString();\n    }\n  }\n\n  return {\n    signature: Buffer.from(signatureEntry.signature).toString('base64'),\n    signatureKind: 'raw',\n    publicKey: derivedPublicKey,\n  };\n}\n\nRegistryBrokerClient.prototype.createLedgerChallenge = async function (\n  this: RegistryBrokerClient,\n  payload: LedgerChallengeRequest,\n): Promise<LedgerChallengeResponse> {\n  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);\n  const network =\n    resolvedNetwork.kind === 'hedera'\n      ? (resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical)\n      : resolvedNetwork.canonical;\n  const raw = await this.requestJson<JsonValue>('/auth/ledger/challenge', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body: {\n      accountId: payload.accountId,\n      network,\n    },\n  });\n\n  return this.parseWithSchema(\n    raw,\n    ledgerChallengeResponseSchema,\n    'ledger challenge response',\n  );\n};\n\nRegistryBrokerClient.prototype.verifyLedgerChallenge = async function (\n  this: RegistryBrokerClient,\n  payload: LedgerVerifyRequest,\n): Promise<LedgerVerifyResponse> {\n  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);\n  const network =\n    resolvedNetwork.kind === 'hedera'\n      ? (resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical)\n      : resolvedNetwork.canonical;\n  const body: JsonObject = {\n    challengeId: payload.challengeId,\n    accountId: payload.accountId,\n    network,\n    signature: payload.signature,\n  };\n\n  if (payload.signatureKind) {\n    body.signatureKind = payload.signatureKind;\n  }\n  if (payload.publicKey) {\n    body.publicKey = payload.publicKey;\n  }\n  if (typeof payload.expiresInMinutes === 'number') {\n    body.expiresInMinutes = payload.expiresInMinutes;\n  }\n\n  const raw = await this.requestJson<JsonValue>('/auth/ledger/verify', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body,\n  });\n\n  const result = this.parseWithSchema(\n    raw,\n    ledgerVerifyResponseSchema,\n    'ledger verification response',\n  );\n\n  this.setLedgerApiKey(result.key);\n  return result;\n};\n\nRegistryBrokerClient.prototype.authenticateWithLedger = async function (\n  this: RegistryBrokerClient,\n  options: LedgerAuthenticationOptions,\n): Promise<LedgerVerifyResponse> {\n  const challenge = await this.createLedgerChallenge({\n    accountId: options.accountId,\n    network: options.network,\n  });\n  const signed = await resolveLedgerAuthSignature(challenge.message, options);\n  const verification = await this.verifyLedgerChallenge({\n    challengeId: challenge.challengeId,\n    accountId: options.accountId,\n    network: options.network,\n    signature: signed.signature,\n    signatureKind: signed.signatureKind,\n    publicKey: signed.publicKey,\n    expiresInMinutes: options.expiresInMinutes,\n  });\n  return verification;\n};\n\nRegistryBrokerClient.prototype.authenticateWithLedgerCredentials =\n  async function (\n    this: RegistryBrokerClient,\n    options: LedgerCredentialAuthOptions,\n  ): Promise<LedgerVerifyResponse> {\n    const {\n      accountId,\n      network,\n      signer,\n      sign,\n      hederaPrivateKey,\n      evmPrivateKey,\n      expiresInMinutes,\n      setAccountHeader = true,\n      label,\n      logger,\n    } = options;\n\n    const resolvedNetwork = canonicalizeLedgerNetwork(network);\n    const labelSuffix = label ? ` for ${label}` : '';\n\n    const networkPayload = resolvedNetwork.canonical;\n\n    const authOptions: LedgerAuthenticationOptions = {\n      accountId,\n      network: networkPayload,\n      expiresInMinutes,\n    };\n\n    if (sign) {\n      authOptions.sign = sign;\n    } else if (signer) {\n      authOptions.signer = signer;\n    } else if (hederaPrivateKey) {\n      if (resolvedNetwork.kind !== 'hedera' || !resolvedNetwork.hederaNetwork) {\n        throw new Error(\n          'hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks.',\n        );\n      }\n      authOptions.signer = createPrivateKeySigner({\n        accountId,\n        privateKey: hederaPrivateKey,\n        network: resolvedNetwork.hederaNetwork,\n      });\n    } else if (evmPrivateKey) {\n      if (resolvedNetwork.kind !== 'evm') {\n        throw new Error(\n          'evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>).',\n        );\n      }\n      const formattedKey = evmPrivateKey.startsWith('0x')\n        ? (evmPrivateKey as `0x${string}`)\n        : (`0x${evmPrivateKey}` as `0x${string}`);\n      const account = await loadViemAccount(formattedKey);\n      authOptions.sign = async message => ({\n        signature: await account.signMessage({ message }),\n        signatureKind: 'evm',\n        publicKey: account.publicKey,\n      });\n    } else {\n      throw new Error(\n        'Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger.',\n      );\n    }\n\n    logger?.info?.(\n      `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`,\n    );\n    const verification = await this.authenticateWithLedger(authOptions);\n    if (setAccountHeader) {\n      this.setDefaultHeader('x-account-id', verification.accountId);\n    }\n    logger?.info?.(\n      `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}…${verification.apiKey.lastFour}`,\n    );\n    return verification;\n  };\n"],"names":[],"mappings":";;;;;AAsCA,eAAe,gBAAgB,YAG5B;AACD,MAAI;AACF,UAAM,OAAO,MAAM,OAAO,eAAe;AACzC,WAAO,KAAK,oBAAoB,UAAU;AAAA,EAC5C,SAAS,OAAO;AACd,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,IAAA;AAED,QAA4B,QAAQ;AACrC,UAAM;AAAA,EACR;AACF;AAEA,eAAe,2BACb,SACA,SAC2C;AAC3C,MAAI,OAAO,QAAQ,SAAS,YAAY;AACtC,UAAM,SAAS,MAAM,QAAQ,KAAK,OAAO;AACzC,QACE,CAAC,UACD,OAAO,OAAO,cAAc,YAC5B,OAAO,UAAU,WAAW,GAC5B;AACA,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AACA,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,UAAU,OAAO,QAAQ,OAAO,SAAS,YAAY;AAChE,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,QAAM,UAAU,OAAO,KAAK,SAAS,MAAM;AAC3C,QAAM,aAAgC,MAAM,QAAQ,OAAO,KAAK,CAAC,OAAO,CAAC;AACzE,QAAM,iBAAiB,aAAa,CAAC;AACrC,MAAI,CAAC,gBAAgB;AACnB,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAEA,MAAI;AACJ,MAAI,eAAe,WAAW;AAC5B,uBAAmB,eAAe,UAAU,SAAA;AAAA,EAC9C,WAAW,OAAO,QAAQ,OAAO,kBAAkB,YAAY;AAC7D,UAAM,aAAa,MAAM,QAAQ,OAAO,cAAA;AACxC,QAAI,cAAc,OAAO,WAAW,aAAa,YAAY;AAC3D,yBAAmB,WAAW,SAAA;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,OAAO,KAAK,eAAe,SAAS,EAAE,SAAS,QAAQ;AAAA,IAClE,eAAe;AAAA,IACf,WAAW;AAAA,EAAA;AAEf;AAEA,qBAAqB,UAAU,wBAAwB,eAErD,SACkC;AAClC,QAAM,kBAAkB,0BAA0B,QAAQ,OAAO;AACjE,QAAM,UACJ,gBAAgB,SAAS,WACpB,gBAAgB,iBAAiB,gBAAgB,YAClD,gBAAgB;AACtB,QAAM,MAAM,MAAM,KAAK,YAAuB,0BAA0B;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B,MAAM;AAAA,MACJ,WAAW,QAAQ;AAAA,MACnB;AAAA,IAAA;AAAA,EACF,CACD;AAED,SAAO,KAAK;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,qBAAqB,UAAU,wBAAwB,eAErD,SAC+B;AAC/B,QAAM,kBAAkB,0BAA0B,QAAQ,OAAO;AACjE,QAAM,UACJ,gBAAgB,SAAS,WACpB,gBAAgB,iBAAiB,gBAAgB,YAClD,gBAAgB;AACtB,QAAM,OAAmB;AAAA,IACvB,aAAa,QAAQ;AAAA,IACrB,WAAW,QAAQ;AAAA,IACnB;AAAA,IACA,WAAW,QAAQ;AAAA,EAAA;AAGrB,MAAI,QAAQ,eAAe;AACzB,SAAK,gBAAgB,QAAQ;AAAA,EAC/B;AACA,MAAI,QAAQ,WAAW;AACrB,SAAK,YAAY,QAAQ;AAAA,EAC3B;AACA,MAAI,OAAO,QAAQ,qBAAqB,UAAU;AAChD,SAAK,mBAAmB,QAAQ;AAAA,EAClC;AAEA,QAAM,MAAM,MAAM,KAAK,YAAuB,uBAAuB;AAAA,IACnE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B;AAAA,EAAA,CACD;AAED,QAAM,SAAS,KAAK;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,OAAK,gBAAgB,OAAO,GAAG;AAC/B,SAAO;AACT;AAEA,qBAAqB,UAAU,yBAAyB,eAEtD,SAC+B;AAC/B,QAAM,YAAY,MAAM,KAAK,sBAAsB;AAAA,IACjD,WAAW,QAAQ;AAAA,IACnB,SAAS,QAAQ;AAAA,EAAA,CAClB;AACD,QAAM,SAAS,MAAM,2BAA2B,UAAU,SAAS,OAAO;AAC1E,QAAM,eAAe,MAAM,KAAK,sBAAsB;AAAA,IACpD,aAAa,UAAU;AAAA,IACvB,WAAW,QAAQ;AAAA,IACnB,SAAS,QAAQ;AAAA,IACjB,WAAW,OAAO;AAAA,IAClB,eAAe,OAAO;AAAA,IACtB,WAAW,OAAO;AAAA,IAClB,kBAAkB,QAAQ;AAAA,EAAA,CAC3B;AACD,SAAO;AACT;AAEA,qBAAqB,UAAU,oCAC7B,eAEE,SAC+B;AAC/B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,mBAAmB;AAAA,IACnB;AAAA,IACA;AAAA,EAAA,IACE;AAEJ,QAAM,kBAAkB,0BAA0B,OAAO;AACzD,QAAM,cAAc,QAAQ,QAAQ,KAAK,KAAK;AAE9C,QAAM,iBAAiB,gBAAgB;AAEvC,QAAM,cAA2C;AAAA,IAC/C;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EAAA;AAGF,MAAI,MAAM;AACR,gBAAY,OAAO;AAAA,EACrB,WAAW,QAAQ;AACjB,gBAAY,SAAS;AAAA,EACvB,WAAW,kBAAkB;AAC3B,QAAI,gBAAgB,SAAS,YAAY,CAAC,gBAAgB,eAAe;AACvE,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AACA,gBAAY,SAAS,uBAAuB;AAAA,MAC1C;AAAA,MACA,YAAY;AAAA,MACZ,SAAS,gBAAgB;AAAA,IAAA,CAC1B;AAAA,EACH,WAAW,eAAe;AACxB,QAAI,gBAAgB,SAAS,OAAO;AAClC,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AACA,UAAM,eAAe,cAAc,WAAW,IAAI,IAC7C,gBACA,KAAK,aAAa;AACvB,UAAM,UAAU,MAAM,gBAAgB,YAAY;AAClD,gBAAY,OAAO,OAAM,aAAY;AAAA,MACnC,WAAW,MAAM,QAAQ,YAAY,EAAE,SAAS;AAAA,MAChD,eAAe;AAAA,MACf,WAAW,QAAQ;AAAA,IAAA;AAAA,EAEvB,OAAO;AACL,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,UAAQ;AAAA,IACN,iCAAiC,SAAS,KAAK,gBAAgB,SAAS,IAAI,WAAW;AAAA,EAAA;AAEzF,QAAM,eAAe,MAAM,KAAK,uBAAuB,WAAW;AAClE,MAAI,kBAAkB;AACpB,SAAK,iBAAiB,gBAAgB,aAAa,SAAS;AAAA,EAC9D;AACA,UAAQ;AAAA,IACN,iCAAiC,WAAW,wBAAwB,aAAa,OAAO,MAAM,IAAI,aAAa,OAAO,QAAQ;AAAA,EAAA;AAEhI,SAAO;AACT;"}

package/dist/es/standards-sdk.es134.js

@@ -1,68 +1,125 @@
-import { Logger } from "./standards-sdk.es106.js";
-const REFERENCE_THRESHOLD = 50 * 1024;
-class ContentStoreServiceImpl {
-  constructor() {
-    this.contentStore = null;
-    this.logger = Logger.getInstance({ module: "ContentStoreService" });
-  }
-  static getInstance() {
-    if (!ContentStoreServiceImpl._instance) {
-      ContentStoreServiceImpl._instance = new ContentStoreServiceImpl();
-    }
-    return ContentStoreServiceImpl._instance;
-  }
-  /**
-   * Set the content store instance
-   */
-  async setInstance(store) {
-    if (this.contentStore) {
-      this.logger.warn("Content store already set, replacing");
-    }
-    this.contentStore = store;
-    this.logger.info("Content store instance set");
-  }
-  /**
-   * Get the content store instance
-   */
-  getInstance() {
-    return this.contentStore;
-  }
-  /**
-   * Clear the content store instance
-   */
-  dispose() {
-    this.contentStore = null;
-    this.logger.info("Content store disposed");
-  }
-  /**
-   * Check if content store is available
-   */
-  isAvailable() {
-    return this.contentStore !== null;
+import { Buffer } from "buffer";
+import { chatHistorySnapshotResponseSchema } from "./standards-sdk.es157.js";
+import { RegistryBrokerClient } from "./standards-sdk.es136.js";
+const conversationContexts = /* @__PURE__ */ new WeakMap();
+function getConversationContextMap(client) {
+  const existing = conversationContexts.get(client);
+  if (existing) {
+    return existing;
   }
+  const created = /* @__PURE__ */ new Map();
+  conversationContexts.set(client, created);
+  return created;
 }
-function extractReferenceId(input) {
-  const trimmed = input.trim();
-  const exactMatch = trimmed.match(/^content-ref:([a-f0-9]+)$/);
-  if (exactMatch) {
-    return exactMatch[1];
+function identitiesMatch(a, b) {
+  if (!a && !b) {
+    return true;
   }
-  const embeddedMatch = trimmed.match(/content-ref:([a-f0-9]+)/);
-  if (embeddedMatch) {
-    return embeddedMatch[1];
+  if (!a || !b) {
+    return false;
   }
-  return null;
-}
-function shouldUseReference(content) {
-  const size = typeof content === "string" ? Buffer.byteLength(content, "utf8") : content.length;
-  return size > REFERENCE_THRESHOLD;
+  if (a.uaid && b.uaid && a.uaid.toLowerCase() === b.uaid.toLowerCase()) {
+    return true;
+  }
+  if (a.ledgerAccountId && b.ledgerAccountId && a.ledgerAccountId.toLowerCase() === b.ledgerAccountId.toLowerCase()) {
+    return true;
+  }
+  if (a.userId && b.userId && a.userId === b.userId) {
+    return true;
+  }
+  if (a.email && b.email && a.email.toLowerCase() === b.email.toLowerCase()) {
+    return true;
+  }
+  return false;
 }
-const ContentStoreService = ContentStoreServiceImpl.getInstance();
-export {
-  ContentStoreService,
-  ContentStoreServiceImpl,
-  REFERENCE_THRESHOLD,
-  extractReferenceId,
-  shouldUseReference
+RegistryBrokerClient.prototype.fetchHistorySnapshot = async function(sessionId, options) {
+  if (!sessionId || sessionId.trim().length === 0) {
+    throw new Error("sessionId is required to fetch chat history");
+  }
+  const raw = await this.requestJson(
+    `/chat/session/${encodeURIComponent(sessionId)}/history`,
+    {
+      method: "GET"
+    }
+  );
+  const snapshot = this.parseWithSchema(
+    raw,
+    chatHistorySnapshotResponseSchema,
+    "chat history snapshot response"
+  );
+  return this.attachDecryptedHistory(sessionId, snapshot, options);
+};
+RegistryBrokerClient.prototype.attachDecryptedHistory = function(sessionId, snapshot, options) {
+  const shouldDecrypt = options?.decrypt !== void 0 ? options.decrypt : this.encryptionOptions?.autoDecryptHistory === true;
+  if (!shouldDecrypt) {
+    return snapshot;
+  }
+  const context = this.resolveDecryptionContext(sessionId, options);
+  if (!context) {
+    throw new Error(
+      "Unable to decrypt chat history: encryption context unavailable"
+    );
+  }
+  const decryptedHistory = snapshot.history.map((entry) => ({
+    entry,
+    plaintext: this.decryptHistoryEntryFromContext(sessionId, entry, context)
+  }));
+  return { ...snapshot, decryptedHistory };
+};
+RegistryBrokerClient.prototype.registerConversationContextForEncryption = function(context) {
+  const normalized = {
+    sessionId: context.sessionId,
+    sharedSecret: Buffer.from(context.sharedSecret),
+    identity: context.identity ? { ...context.identity } : void 0
+  };
+  const map = getConversationContextMap(this);
+  const entries = map.get(context.sessionId) ?? [];
+  const existingIndex = entries.findIndex(
+    (existing) => identitiesMatch(existing.identity, normalized.identity)
+  );
+  if (existingIndex >= 0) {
+    entries[existingIndex] = normalized;
+  } else {
+    entries.push(normalized);
+  }
+  map.set(context.sessionId, entries);
+};
+RegistryBrokerClient.prototype.resolveDecryptionContext = function(sessionId, options) {
+  if (options?.sharedSecret) {
+    return {
+      sessionId,
+      sharedSecret: this.normalizeSharedSecret(options.sharedSecret),
+      identity: options.identity
+    };
+  }
+  const map = getConversationContextMap(this);
+  const contexts = map.get(sessionId);
+  if (!contexts || contexts.length === 0) {
+    return null;
+  }
+  if (options?.identity) {
+    const match = contexts.find(
+      (context) => identitiesMatch(context.identity, options.identity)
+    );
+    if (match) {
+      return match;
+    }
+  }
+  return contexts[0];
+};
+RegistryBrokerClient.prototype.decryptHistoryEntryFromContext = function(sessionId, entry, context) {
+  const envelope = entry.cipherEnvelope;
+  if (!envelope) {
+    return entry.content;
+  }
+  const secret = Buffer.from(context.sharedSecret);
+  try {
+    return this.encryption.decryptCipherEnvelope({
+      envelope,
+      sharedSecret: secret
+    });
+  } catch (_error) {
+    return null;
+  }
 };
 //# sourceMappingURL=standards-sdk.es134.js.map

package/dist/es/standards-sdk.es134.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es134.js","sources":["../../src/content-store/ContentStoreService.ts"],"sourcesContent":["/**\n * Content Store Service\n *\n * Provides utility functions for content storage and reference handling.\n */\n\nimport type { ContentStoreInterface } from './types';\nimport { Logger } from '../utils/logger';\n\n/**\n * Maximum content size before using references (50KB)\n */\nexport const REFERENCE_THRESHOLD = 50 * 1024;\n\n/**\n * Content store service for managing large content\n */\nexport class ContentStoreServiceImpl {\n  private static _instance: ContentStoreServiceImpl;\n  private contentStore: ContentStoreInterface | null = null;\n  private logger = Logger.getInstance({ module: 'ContentStoreService' });\n\n  static getInstance(): ContentStoreServiceImpl {\n    if (!ContentStoreServiceImpl._instance) {\n      ContentStoreServiceImpl._instance = new ContentStoreServiceImpl();\n    }\n    return ContentStoreServiceImpl._instance;\n  }\n\n  /**\n   * Set the content store instance\n   */\n  async setInstance(store: ContentStoreInterface): Promise<void> {\n    if (this.contentStore) {\n      this.logger.warn('Content store already set, replacing');\n    }\n    this.contentStore = store;\n    this.logger.info('Content store instance set');\n  }\n\n  /**\n   * Get the content store instance\n   */\n  getInstance(): ContentStoreInterface | null {\n    return this.contentStore;\n  }\n\n  /**\n   * Clear the content store instance\n   */\n  dispose(): void {\n    this.contentStore = null;\n    this.logger.info('Content store disposed');\n  }\n\n  /**\n   * Check if content store is available\n   */\n  isAvailable(): boolean {\n    return this.contentStore !== null;\n  }\n}\n\n/**\n * Extract reference ID from input string\n */\nexport function extractReferenceId(input: string): string | null {\n  const trimmed = input.trim();\n\n  const exactMatch = trimmed.match(/^content-ref:([a-f0-9]+)$/);\n  if (exactMatch) {\n    return exactMatch[1];\n  }\n\n  const embeddedMatch = trimmed.match(/content-ref:([a-f0-9]+)/);\n  if (embeddedMatch) {\n    return embeddedMatch[1];\n  }\n\n  return null;\n}\n\n/**\n * Check if content should use reference based on size\n */\nexport function shouldUseReference(content: string | Buffer): boolean {\n  const size =\n    typeof content === 'string'\n      ? Buffer.byteLength(content, 'utf8')\n      : content.length;\n\n  return size > REFERENCE_THRESHOLD;\n}\n\nexport const ContentStoreService = ContentStoreServiceImpl.getInstance();\n"],"names":[],"mappings":";AAYO,MAAM,sBAAsB,KAAK;AAKjC,MAAM,wBAAwB;AAAA,EAA9B,cAAA;AAEL,SAAQ,eAA6C;AACrD,SAAQ,SAAS,OAAO,YAAY,EAAE,QAAQ,uBAAuB;AAAA,EAAA;AAAA,EAErE,OAAO,cAAuC;AAC5C,QAAI,CAAC,wBAAwB,WAAW;AACtC,8BAAwB,YAAY,IAAI,wBAAA;AAAA,IAC1C;AACA,WAAO,wBAAwB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,OAA6C;AAC7D,QAAI,KAAK,cAAc;AACrB,WAAK,OAAO,KAAK,sCAAsC;AAAA,IACzD;AACA,SAAK,eAAe;AACpB,SAAK,OAAO,KAAK,4BAA4B;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,cAA4C;AAC1C,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,UAAgB;AACd,SAAK,eAAe;AACpB,SAAK,OAAO,KAAK,wBAAwB;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,iBAAiB;AAAA,EAC/B;AACF;AAKO,SAAS,mBAAmB,OAA8B;AAC/D,QAAM,UAAU,MAAM,KAAA;AAEtB,QAAM,aAAa,QAAQ,MAAM,2BAA2B;AAC5D,MAAI,YAAY;AACd,WAAO,WAAW,CAAC;AAAA,EACrB;AAEA,QAAM,gBAAgB,QAAQ,MAAM,yBAAyB;AAC7D,MAAI,eAAe;AACjB,WAAO,cAAc,CAAC;AAAA,EACxB;AAEA,SAAO;AACT;AAKO,SAAS,mBAAmB,SAAmC;AACpE,QAAM,OACJ,OAAO,YAAY,WACf,OAAO,WAAW,SAAS,MAAM,IACjC,QAAQ;AAEd,SAAO,OAAO;AAChB;AAEO,MAAM,sBAAsB,wBAAwB,YAAA;"}
+{"version":3,"file":"standards-sdk.es134.js","sources":["../../src/services/registry-broker/client/chat-history.ts"],"sourcesContent":["import { Buffer } from 'buffer';\nimport type {\n  ChatHistoryEntry,\n  ChatHistoryFetchOptions,\n  ChatHistorySnapshotResponse,\n  ChatHistorySnapshotWithDecryptedEntries,\n  JsonValue,\n  RecipientIdentity,\n} from '../types';\nimport { chatHistorySnapshotResponseSchema } from '../schemas';\nimport { RegistryBrokerClient } from './base-client';\n\ninterface ConversationContextInput {\n  sessionId: string;\n  sharedSecret: Uint8Array | Buffer;\n  identity?: RecipientIdentity;\n}\n\ninterface ConversationContextState {\n  sessionId: string;\n  sharedSecret: Buffer;\n  identity?: RecipientIdentity;\n}\n\nconst conversationContexts = new WeakMap<\n  RegistryBrokerClient,\n  Map<string, ConversationContextState[]>\n>();\n\nfunction getConversationContextMap(\n  client: RegistryBrokerClient,\n): Map<string, ConversationContextState[]> {\n  const existing = conversationContexts.get(client);\n  if (existing) {\n    return existing;\n  }\n  const created = new Map<string, ConversationContextState[]>();\n  conversationContexts.set(client, created);\n  return created;\n}\n\nfunction identitiesMatch(\n  a?: RecipientIdentity,\n  b?: RecipientIdentity,\n): boolean {\n  if (!a && !b) {\n    return true;\n  }\n  if (!a || !b) {\n    return false;\n  }\n  if (a.uaid && b.uaid && a.uaid.toLowerCase() === b.uaid.toLowerCase()) {\n    return true;\n  }\n  if (\n    a.ledgerAccountId &&\n    b.ledgerAccountId &&\n    a.ledgerAccountId.toLowerCase() === b.ledgerAccountId.toLowerCase()\n  ) {\n    return true;\n  }\n  if (a.userId && b.userId && a.userId === b.userId) {\n    return true;\n  }\n  if (a.email && b.email && a.email.toLowerCase() === b.email.toLowerCase()) {\n    return true;\n  }\n  return false;\n}\n\ndeclare module './base-client' {\n  interface RegistryBrokerClient {\n    fetchHistorySnapshot(\n      sessionId: string,\n      options?: ChatHistoryFetchOptions,\n    ): Promise<ChatHistorySnapshotWithDecryptedEntries>;\n    attachDecryptedHistory(\n      sessionId: string,\n      snapshot: ChatHistorySnapshotResponse,\n      options?: ChatHistoryFetchOptions,\n    ): ChatHistorySnapshotWithDecryptedEntries;\n    registerConversationContextForEncryption(\n      context: ConversationContextInput,\n    ): void;\n    resolveDecryptionContext(\n      sessionId: string,\n      options?: ChatHistoryFetchOptions,\n    ): ConversationContextState | null;\n    decryptHistoryEntryFromContext(\n      sessionId: string,\n      entry: ChatHistoryEntry,\n      context: ConversationContextState,\n    ): string | null;\n  }\n}\n\nRegistryBrokerClient.prototype.fetchHistorySnapshot = async function (\n  this: RegistryBrokerClient,\n  sessionId: string,\n  options?: ChatHistoryFetchOptions,\n): Promise<ChatHistorySnapshotWithDecryptedEntries> {\n  if (!sessionId || sessionId.trim().length === 0) {\n    throw new Error('sessionId is required to fetch chat history');\n  }\n  const raw = await this.requestJson<JsonValue>(\n    `/chat/session/${encodeURIComponent(sessionId)}/history`,\n    {\n      method: 'GET',\n    },\n  );\n  const snapshot = this.parseWithSchema(\n    raw,\n    chatHistorySnapshotResponseSchema,\n    'chat history snapshot response',\n  );\n  return this.attachDecryptedHistory(sessionId, snapshot, options);\n};\n\nRegistryBrokerClient.prototype.attachDecryptedHistory = function (\n  this: RegistryBrokerClient,\n  sessionId: string,\n  snapshot: ChatHistorySnapshotResponse,\n  options?: ChatHistoryFetchOptions,\n): ChatHistorySnapshotWithDecryptedEntries {\n  const shouldDecrypt =\n    options?.decrypt !== undefined\n      ? options.decrypt\n      : this.encryptionOptions?.autoDecryptHistory === true;\n  if (!shouldDecrypt) {\n    return snapshot;\n  }\n  const context = this.resolveDecryptionContext(sessionId, options);\n  if (!context) {\n    throw new Error(\n      'Unable to decrypt chat history: encryption context unavailable',\n    );\n  }\n  const decryptedHistory = snapshot.history.map(entry => ({\n    entry,\n    plaintext: this.decryptHistoryEntryFromContext(sessionId, entry, context),\n  }));\n  return { ...snapshot, decryptedHistory };\n};\n\nRegistryBrokerClient.prototype.registerConversationContextForEncryption =\n  function (\n    this: RegistryBrokerClient,\n    context: ConversationContextInput,\n  ): void {\n    const normalized: ConversationContextState = {\n      sessionId: context.sessionId,\n      sharedSecret: Buffer.from(context.sharedSecret),\n      identity: context.identity ? { ...context.identity } : undefined,\n    };\n    const map = getConversationContextMap(this);\n    const entries = map.get(context.sessionId) ?? [];\n    const existingIndex = entries.findIndex(existing =>\n      identitiesMatch(existing.identity, normalized.identity),\n    );\n    if (existingIndex >= 0) {\n      entries[existingIndex] = normalized;\n    } else {\n      entries.push(normalized);\n    }\n    map.set(context.sessionId, entries);\n  };\n\nRegistryBrokerClient.prototype.resolveDecryptionContext = function (\n  this: RegistryBrokerClient,\n  sessionId: string,\n  options?: ChatHistoryFetchOptions,\n): ConversationContextState | null {\n  if (options?.sharedSecret) {\n    return {\n      sessionId,\n      sharedSecret: this.normalizeSharedSecret(options.sharedSecret),\n      identity: options.identity,\n    };\n  }\n  const map = getConversationContextMap(this);\n  const contexts = map.get(sessionId);\n  if (!contexts || contexts.length === 0) {\n    return null;\n  }\n  if (options?.identity) {\n    const match = contexts.find(context =>\n      identitiesMatch(context.identity, options.identity),\n    );\n    if (match) {\n      return match;\n    }\n  }\n  return contexts[0];\n};\n\nRegistryBrokerClient.prototype.decryptHistoryEntryFromContext = function (\n  this: RegistryBrokerClient,\n  sessionId: string,\n  entry: ChatHistoryEntry,\n  context: ConversationContextState,\n): string | null {\n  const envelope = entry.cipherEnvelope;\n  if (!envelope) {\n    return entry.content;\n  }\n  const secret = Buffer.from(context.sharedSecret);\n  try {\n    return this.encryption.decryptCipherEnvelope({\n      envelope,\n      sharedSecret: secret,\n    });\n  } catch (_error) {\n    return null;\n  }\n};\n"],"names":[],"mappings":";;;AAwBA,MAAM,2CAA2B,QAAA;AAKjC,SAAS,0BACP,QACyC;AACzC,QAAM,WAAW,qBAAqB,IAAI,MAAM;AAChD,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AACA,QAAM,8BAAc,IAAA;AACpB,uBAAqB,IAAI,QAAQ,OAAO;AACxC,SAAO;AACT;AAEA,SAAS,gBACP,GACA,GACS;AACT,MAAI,CAAC,KAAK,CAAC,GAAG;AACZ,WAAO;AAAA,EACT;AACA,MAAI,CAAC,KAAK,CAAC,GAAG;AACZ,WAAO;AAAA,EACT;AACA,MAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,kBAAkB,EAAE,KAAK,YAAA,GAAe;AACrE,WAAO;AAAA,EACT;AACA,MACE,EAAE,mBACF,EAAE,mBACF,EAAE,gBAAgB,kBAAkB,EAAE,gBAAgB,YAAA,GACtD;AACA,WAAO;AAAA,EACT;AACA,MAAI,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ;AACjD,WAAO;AAAA,EACT;AACA,MAAI,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,YAAA,GAAe;AACzE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AA4BA,qBAAqB,UAAU,uBAAuB,eAEpD,WACA,SACkD;AAClD,MAAI,CAAC,aAAa,UAAU,KAAA,EAAO,WAAW,GAAG;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,MAAM,MAAM,KAAK;AAAA,IACrB,iBAAiB,mBAAmB,SAAS,CAAC;AAAA,IAC9C;AAAA,MACE,QAAQ;AAAA,IAAA;AAAA,EACV;AAEF,QAAM,WAAW,KAAK;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEF,SAAO,KAAK,uBAAuB,WAAW,UAAU,OAAO;AACjE;AAEA,qBAAqB,UAAU,yBAAyB,SAEtD,WACA,UACA,SACyC;AACzC,QAAM,gBACJ,SAAS,YAAY,SACjB,QAAQ,UACR,KAAK,mBAAmB,uBAAuB;AACrD,MAAI,CAAC,eAAe;AAClB,WAAO;AAAA,EACT;AACA,QAAM,UAAU,KAAK,yBAAyB,WAAW,OAAO;AAChE,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,mBAAmB,SAAS,QAAQ,IAAI,CAAA,WAAU;AAAA,IACtD;AAAA,IACA,WAAW,KAAK,+BAA+B,WAAW,OAAO,OAAO;AAAA,EAAA,EACxE;AACF,SAAO,EAAE,GAAG,UAAU,iBAAA;AACxB;AAEA,qBAAqB,UAAU,2CAC7B,SAEE,SACM;AACN,QAAM,aAAuC;AAAA,IAC3C,WAAW,QAAQ;AAAA,IACnB,cAAc,OAAO,KAAK,QAAQ,YAAY;AAAA,IAC9C,UAAU,QAAQ,WAAW,EAAE,GAAG,QAAQ,aAAa;AAAA,EAAA;AAEzD,QAAM,MAAM,0BAA0B,IAAI;AAC1C,QAAM,UAAU,IAAI,IAAI,QAAQ,SAAS,KAAK,CAAA;AAC9C,QAAM,gBAAgB,QAAQ;AAAA,IAAU,CAAA,aACtC,gBAAgB,SAAS,UAAU,WAAW,QAAQ;AAAA,EAAA;AAExD,MAAI,iBAAiB,GAAG;AACtB,YAAQ,aAAa,IAAI;AAAA,EAC3B,OAAO;AACL,YAAQ,KAAK,UAAU;AAAA,EACzB;AACA,MAAI,IAAI,QAAQ,WAAW,OAAO;AACpC;AAEF,qBAAqB,UAAU,2BAA2B,SAExD,WACA,SACiC;AACjC,MAAI,SAAS,cAAc;AACzB,WAAO;AAAA,MACL;AAAA,MACA,cAAc,KAAK,sBAAsB,QAAQ,YAAY;AAAA,MAC7D,UAAU,QAAQ;AAAA,IAAA;AAAA,EAEtB;AACA,QAAM,MAAM,0BAA0B,IAAI;AAC1C,QAAM,WAAW,IAAI,IAAI,SAAS;AAClC,MAAI,CAAC,YAAY,SAAS,WAAW,GAAG;AACtC,WAAO;AAAA,EACT;AACA,MAAI,SAAS,UAAU;AACrB,UAAM,QAAQ,SAAS;AAAA,MAAK,CAAA,YAC1B,gBAAgB,QAAQ,UAAU,QAAQ,QAAQ;AAAA,IAAA;AAEpD,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO,SAAS,CAAC;AACnB;AAEA,qBAAqB,UAAU,iCAAiC,SAE9D,WACA,OACA,SACe;AACf,QAAM,WAAW,MAAM;AACvB,MAAI,CAAC,UAAU;AACb,WAAO,MAAM;AAAA,EACf;AACA,QAAM,SAAS,OAAO,KAAK,QAAQ,YAAY;AAC/C,MAAI;AACF,WAAO,KAAK,WAAW,sBAAsB;AAAA,MAC3C;AAAA,MACA,cAAc;AAAA,IAAA,CACf;AAAA,EACH,SAAS,QAAQ;AACf,WAAO;AAAA,EACT;AACF;"}