@hashgraphonline/standards-sdk 0.1.157 → 0.1.159

package/dist/es/standards-sdk.es160.js

@@ -1,334 +1,175 @@
-import { createSessionResponseSchema, chatHistoryCompactionResponseSchema, sessionEncryptionStatusResponseSchema, encryptionHandshakeResponseSchema, sendMessageResponseSchema } from "./standards-sdk.es127.js";
-import { serialiseAuthConfig, toJsonObject } from "./standards-sdk.es154.js";
-import { EncryptionUnavailableError } from "./standards-sdk.es161.js";
-function createChatApi(client, encryptedManager) {
-  return {
-    start: (options) => client.startChat(options),
-    createSession: (payload) => client.createSession(payload),
-    sendMessage: (payload) => client.sendMessage(payload),
-    endSession: (sessionId) => client.endSession(sessionId),
-    getHistory: (sessionId, options) => client.fetchHistorySnapshot(sessionId, options),
-    compactHistory: (payload) => client.compactHistory(payload),
-    getEncryptionStatus: (sessionId) => client.fetchEncryptionStatus(sessionId),
-    submitEncryptionHandshake: (sessionId, payload) => client.postEncryptionHandshake(sessionId, payload),
-    startConversation: (options) => client.startConversation(options),
-    acceptConversation: (options) => client.acceptConversation(options),
-    createEncryptedSession: (options) => encryptedManager.startSession(options),
-    acceptEncryptedSession: (options) => encryptedManager.acceptSession(options)
-  };
+import * as path from "path";
+import { Buffer } from "buffer";
+import { randomBytes } from "crypto";
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { registerEncryptionKeyResponseSchema } from "./standards-sdk.es133.js";
+import { optionalImport } from "./standards-sdk.es159.js";
+const getFs = async () => {
+  const fsModule = await optionalImport("node:fs");
+  if (fsModule && typeof fsModule.existsSync === "function" && typeof fsModule.readFileSync === "function" && typeof fsModule.writeFileSync === "function" && typeof fsModule.appendFileSync === "function") {
+    return fsModule;
+  }
+  return null;
+};
+async function registerEncryptionKey(client, payload) {
+  const raw = await client.requestJson("/encryption/keys", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: payload
+  });
+  return client.parseWithSchema(
+    raw,
+    registerEncryptionKeyResponseSchema,
+    "register encryption key response"
+  );
 }
-async function createSession(client, payload, allowHistoryAutoTopUp = true) {
-  const body = {};
-  if ("uaid" in payload && payload.uaid) {
-    body.uaid = payload.uaid;
-  }
-  if ("agentUrl" in payload && payload.agentUrl) {
-    body.agentUrl = payload.agentUrl;
-  }
-  if (payload.auth) {
-    body.auth = serialiseAuthConfig(payload.auth);
-  }
-  if (payload.historyTtlSeconds !== void 0) {
-    body.historyTtlSeconds = payload.historyTtlSeconds;
+function normalizeAutoRegisterIdentity(config) {
+  const identity = {};
+  if (config.uaid) {
+    identity.uaid = config.uaid;
+  }
+  if (config.ledgerAccountId) {
+    identity.ledgerAccountId = config.ledgerAccountId;
+    if (config.ledgerNetwork) {
+      identity.ledgerNetwork = config.ledgerNetwork;
+    }
   }
-  if (payload.encryptionRequested !== void 0) {
-    body.encryptionRequested = payload.encryptionRequested;
+  if (config.email) {
+    identity.email = config.email;
   }
-  if (payload.senderUaid) {
-    body.senderUaid = payload.senderUaid;
-  }
-  try {
-    const raw = await client.requestJson("/chat/session", {
-      method: "POST",
-      body,
-      headers: { "content-type": "application/json" }
-    });
-    return client.parseWithSchema(
-      raw,
-      createSessionResponseSchema,
-      "chat session response"
-    );
-  } catch (error) {
-    const maybeError = error instanceof Error ? error : null;
-    if (allowHistoryAutoTopUp && client.shouldAutoTopUpHistory(payload, maybeError)) {
-      await client.executeHistoryAutoTopUp("chat.session");
-      return createSession(client, payload, false);
-    }
-    throw error;
+  if (identity.uaid || identity.ledgerAccountId || identity.email) {
+    return identity;
   }
+  return null;
+}
+function derivePublicKeyFromPrivateKey(client, privateKey) {
+  const normalized = client.hexToBuffer(privateKey);
+  const publicKey = secp256k1.getPublicKey(normalized, true);
+  return Buffer.from(publicKey).toString("hex");
 }
-async function startChat(client, encryptedManager, options) {
-  if ("uaid" in options && options.uaid) {
-    return startConversation(client, encryptedManager, {
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      historyTtlSeconds: options.historyTtlSeconds,
-      auth: options.auth,
-      encryption: options.encryption,
-      onSessionCreated: options.onSessionCreated
+async function resolveAutoRegisterKeyMaterial(client, config) {
+  if (config.publicKey?.trim()) {
+    return { publicKey: config.publicKey.trim() };
+  }
+  let privateKey = config.privateKey?.trim();
+  const envVar = config.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {
+    privateKey = process.env[envVar]?.trim();
+  }
+  if (!privateKey && config.generateIfMissing) {
+    const pair = await client.generateEncryptionKeyPair({
+      keyType: config.keyType ?? "secp256k1",
+      envVar,
+      envPath: config.envPath,
+      overwrite: config.overwriteEnv
     });
+    return { publicKey: pair.publicKey, privateKey: pair.privateKey };
   }
-  if ("agentUrl" in options && options.agentUrl) {
-    const session = await createSession(client, {
-      agentUrl: options.agentUrl,
-      auth: options.auth,
-      historyTtlSeconds: options.historyTtlSeconds,
-      senderUaid: options.senderUaid
-    });
-    options.onSessionCreated?.(session.sessionId);
-    return createPlaintextConversationHandle(
-      client,
-      session.sessionId,
-      session.encryption ?? null,
-      options.auth,
-      { agentUrl: options.agentUrl, uaid: options.uaid }
-    );
+  if (privateKey) {
+    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);
+    return { publicKey, privateKey };
   }
-  throw new Error("startChat requires either uaid or agentUrl");
+  return null;
 }
-async function startConversation(client, encryptedManager, options) {
-  const preference = options.encryption?.preference ?? "preferred";
-  const requestEncryption = preference !== "disabled";
-  if (!requestEncryption) {
-    const session = await createSession(client, {
-      uaid: options.uaid,
-      auth: options.auth,
-      historyTtlSeconds: options.historyTtlSeconds,
-      senderUaid: options.senderUaid,
-      encryptionRequested: false
-    });
-    options.onSessionCreated?.(session.sessionId);
-    return createPlaintextConversationHandle(
-      client,
-      session.sessionId,
-      session.encryption ?? null,
-      options.auth,
-      { uaid: options.uaid }
+async function autoRegisterEncryptionKey(client, config) {
+  const identity = normalizeAutoRegisterIdentity(config);
+  if (!identity) {
+    throw new Error(
+      "Auto-registration requires uaid, ledgerAccountId, or email"
     );
   }
-  try {
-    const handle = await encryptedManager.startSession({
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      historyTtlSeconds: options.historyTtlSeconds,
-      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
-      pollIntervalMs: options.encryption?.pollIntervalMs,
-      onSessionCreated: (sessionId) => {
-        options.onSessionCreated?.(sessionId);
-      },
-      auth: options.auth
-    });
-    return handle;
-  } catch (error) {
-    if (error instanceof EncryptionUnavailableError) {
-      if (preference === "required") {
-        throw error;
-      }
-      return createPlaintextConversationHandle(
-        client,
-        error.sessionId,
-        error.summary ?? null,
-        options.auth,
-        { uaid: options.uaid }
-      );
-    }
-    throw error;
+  const material = await resolveAutoRegisterKeyMaterial(client, config);
+  if (!material) {
+    throw new Error(
+      "Unable to resolve encryption public key for auto-registration"
+    );
   }
+  await registerEncryptionKey(client, {
+    keyType: config.keyType ?? "secp256k1",
+    publicKey: material.publicKey,
+    ...identity
+  });
+  return material;
 }
-async function acceptConversation(client, encryptedManager, options) {
-  const preference = options.encryption?.preference ?? "preferred";
-  if (preference === "disabled") {
-    return createPlaintextConversationHandle(client, options.sessionId, null);
-  }
-  try {
-    const handle = await encryptedManager.acceptSession({
-      sessionId: options.sessionId,
-      responderUaid: options.responderUaid,
-      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,
-      pollIntervalMs: options.encryption?.pollIntervalMs
-    });
-    return handle;
-  } catch (error) {
-    if (error instanceof EncryptionUnavailableError && preference !== "required") {
-      return createPlaintextConversationHandle(
-        client,
-        options.sessionId,
-        null,
-        void 0,
-        { uaid: options.responderUaid }
-      );
-    }
-    throw error;
-  }
+async function ensureAgentEncryptionKey(client, options) {
+  return autoRegisterEncryptionKey(client, {
+    ...options,
+    uaid: options.uaid
+  });
 }
-function createPlaintextConversationHandle(client, sessionId, summary, defaultAuth, context) {
-  const uaid = context?.uaid?.trim();
-  const agentUrl = context?.agentUrl?.trim();
-  const fetchHistory = async (options) => {
-    const snapshot = await client.fetchHistorySnapshot(sessionId, options);
-    if (snapshot.decryptedHistory) {
-      return snapshot.decryptedHistory;
-    }
-    return snapshot.history.map((entry) => ({
-      entry,
-      plaintext: entry.content
-    }));
-  };
+function createEncryptionApi(client) {
   return {
-    sessionId,
-    mode: "plaintext",
-    summary: summary ?? null,
-    send: async (options) => {
-      const plaintext = options.plaintext;
-      if (!plaintext || plaintext.trim().length === 0) {
-        throw new Error("plaintext is required for chat messages");
-      }
-      const message = options.message ?? plaintext;
-      return sendMessage(client, {
-        sessionId,
-        message,
-        streaming: options.streaming,
-        auth: options.auth ?? defaultAuth,
-        uaid,
-        agentUrl
-      });
-    },
-    decryptHistoryEntry: (entry) => entry.content,
-    fetchHistory
+    registerKey: (payload) => registerEncryptionKey(client, payload),
+    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),
+    deriveSharedSecret: (options) => client.deriveSharedSecret(options),
+    encryptCipherEnvelope: (options) => client.buildCipherEnvelope(options),
+    decryptCipherEnvelope: (options) => client.openCipherEnvelope(options),
+    ensureAgentKey: (options) => ensureAgentEncryptionKey(client, options)
   };
 }
-async function compactHistory(client, payload) {
-  if (!payload.sessionId || payload.sessionId.trim().length === 0) {
-    throw new Error("sessionId is required to compact chat history");
+async function bootstrapEncryptionOptions(client, options) {
+  if (!options?.autoRegister || options.autoRegister.enabled === false) {
+    return null;
   }
-  const body = {};
-  if (typeof payload.preserveEntries === "number" && Number.isFinite(payload.preserveEntries) && payload.preserveEntries >= 0) {
-    body.preserveEntries = Math.floor(payload.preserveEntries);
-  }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(payload.sessionId)}/compact`,
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    chatHistoryCompactionResponseSchema,
-    "chat history compaction response"
-  );
-}
-async function fetchEncryptionStatus(client, sessionId) {
-  if (!sessionId || sessionId.trim().length === 0) {
-    throw new Error("sessionId is required for encryption status");
-  }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(sessionId)}/encryption`,
-    {
-      method: "GET"
-    }
-  );
-  return client.parseWithSchema(
-    raw,
-    sessionEncryptionStatusResponseSchema,
-    "session encryption status response"
-  );
-}
-async function postEncryptionHandshake(client, sessionId, payload) {
-  if (!sessionId || sessionId.trim().length === 0) {
-    throw new Error("sessionId is required for encryption handshake");
-  }
-  const raw = await client.requestJson(
-    `/chat/session/${encodeURIComponent(sessionId)}/encryption-handshake`,
-    {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: {
-        role: payload.role,
-        keyType: payload.keyType,
-        ephemeralPublicKey: payload.ephemeralPublicKey,
-        longTermPublicKey: payload.longTermPublicKey,
-        signature: payload.signature,
-        uaid: payload.uaid,
-        userId: payload.userId,
-        ledgerAccountId: payload.ledgerAccountId,
-        metadata: payload.metadata
-      }
-    }
-  );
-  const response = client.parseWithSchema(
-    raw,
-    encryptionHandshakeResponseSchema,
-    "encryption handshake response"
-  );
-  return response.handshake;
+  return autoRegisterEncryptionKey(client, options.autoRegister);
 }
-async function sendMessage(client, payload) {
-  const body = {
-    message: payload.message
-  };
-  if (payload.streaming !== void 0) {
-    body.streaming = payload.streaming;
-  }
-  if (payload.auth) {
-    body.auth = serialiseAuthConfig(payload.auth);
-  }
-  if ("uaid" in payload) {
-    body.uaid = payload.uaid;
-  }
-  if ("sessionId" in payload && payload.sessionId) {
-    body.sessionId = payload.sessionId;
-  }
-  if ("agentUrl" in payload && payload.agentUrl) {
-    body.agentUrl = payload.agentUrl;
-  }
-  let cipherEnvelope = payload.cipherEnvelope ?? null;
-  if (payload.encryption) {
-    const sessionIdForEncryption = payload.encryption.sessionId ?? (typeof body.sessionId === "string" ? body.sessionId : void 0);
-    if (!sessionIdForEncryption) {
+async function generateEncryptionKeyPair(client, options = {}) {
+  client.assertNodeRuntime("generateEncryptionKeyPair");
+  const keyType = options.keyType ?? "secp256k1";
+  if (keyType !== "secp256k1") {
+    throw new Error("Only secp256k1 key generation is supported currently");
+  }
+  const privateKeyBytes = randomBytes(32);
+  const privateKey = Buffer.from(privateKeyBytes).toString("hex");
+  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);
+  const publicKey = Buffer.from(publicKeyBytes).toString("hex");
+  const envVar = options.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  const resolvedPath = options.envPath ? path.resolve(options.envPath) : void 0;
+  if (resolvedPath) {
+    const fsModule = await getFs();
+    if (!fsModule) {
       throw new Error(
-        "sessionId is required when using encrypted chat payloads"
+        "File system module is not available; cannot write encryption key env file"
       );
     }
-    if (!payload.encryption.recipients?.length) {
-      throw new Error("recipients are required for encrypted chat payloads");
+    const envLine = `${envVar}=${privateKey}`;
+    if (fsModule.existsSync(resolvedPath)) {
+      const content = fsModule.readFileSync(resolvedPath, "utf-8");
+      const lineRegex = new RegExp(`^${envVar}=.*$`, "m");
+      if (lineRegex.test(content)) {
+        if (!options.overwrite) {
+          throw new Error(
+            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`
+          );
+        }
+        const updated = content.replace(lineRegex, envLine);
+        fsModule.writeFileSync(resolvedPath, updated);
+      } else {
+        const needsNewline = !content.endsWith("\n");
+        fsModule.appendFileSync(
+          resolvedPath,
+          `${needsNewline ? "\n" : ""}${envLine}
+`
+        );
+      }
+    } else {
+      fsModule.writeFileSync(resolvedPath, `${envLine}
+`);
     }
-    cipherEnvelope = client.encryption.encryptCipherEnvelope({
-      ...payload.encryption,
-      sessionId: sessionIdForEncryption
-    });
-  }
-  if (cipherEnvelope) {
-    body.cipherEnvelope = toJsonObject(cipherEnvelope);
   }
-  const raw = await client.requestJson("/chat/message", {
-    method: "POST",
-    body,
-    headers: { "content-type": "application/json" }
-  });
-  return client.parseWithSchema(
-    raw,
-    sendMessageResponseSchema,
-    "chat message response"
-  );
-}
-async function endSession(client, sessionId) {
-  await client.request(`/chat/session/${encodeURIComponent(sessionId)}`, {
-    method: "DELETE"
-  });
+  return {
+    privateKey,
+    publicKey,
+    envPath: resolvedPath,
+    envVar
+  };
 }
 export {
-  acceptConversation,
-  compactHistory,
-  createChatApi,
-  createPlaintextConversationHandle,
-  createSession,
-  endSession,
-  fetchEncryptionStatus,
-  postEncryptionHandshake,
-  sendMessage,
-  startChat,
-  startConversation
+  autoRegisterEncryptionKey,
+  bootstrapEncryptionOptions,
+  createEncryptionApi,
+  ensureAgentEncryptionKey,
+  generateEncryptionKeyPair,
+  registerEncryptionKey
 };
 //# sourceMappingURL=standards-sdk.es160.js.map

package/dist/es/standards-sdk.es160.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es160.js","sources":["../../src/services/registry-broker/client/chat.ts"],"sourcesContent":["import type {\n  AcceptConversationOptions,\n  AcceptEncryptedChatSessionOptions,\n  AgentAuthConfig,\n  ChatConversationHandle,\n  DecryptedHistoryEntry,\n  ChatHistoryCompactionResponse,\n  ChatHistoryFetchOptions,\n  ChatHistorySnapshotWithDecryptedEntries,\n  CompactHistoryRequestPayload,\n  CreateSessionRequestPayload,\n  CreateSessionResponse,\n  EncryptionHandshakeRecord,\n  EncryptionHandshakeSubmissionPayload,\n  EncryptedChatSessionHandle,\n  JsonObject,\n  JsonValue,\n  SendMessageRequestPayload,\n  SendMessageResponse,\n  SessionEncryptionStatusResponse,\n  SessionEncryptionSummary,\n  StartChatOptions,\n  StartConversationOptions,\n  StartEncryptedChatSessionOptions,\n} from '../types';\nimport {\n  chatHistoryCompactionResponseSchema,\n  createSessionResponseSchema,\n  encryptionHandshakeResponseSchema,\n  sendMessageResponseSchema,\n  sessionEncryptionStatusResponseSchema,\n} from '../schemas';\nimport type { RegistryBrokerClient } from './base-client';\nimport { serialiseAuthConfig, toJsonObject } from './utils';\nimport {\n  EncryptedChatManager,\n  EncryptionUnavailableError,\n} from './encrypted-chat-manager';\n\nexport interface RegistryBrokerChatApi {\n  start: (options: StartChatOptions) => Promise<ChatConversationHandle>;\n  createSession: (\n    payload: CreateSessionRequestPayload,\n  ) => Promise<CreateSessionResponse>;\n  sendMessage: (\n    payload: SendMessageRequestPayload,\n  ) => Promise<SendMessageResponse>;\n  endSession: (sessionId: string) => Promise<void>;\n  getHistory: (\n    sessionId: string,\n    options?: ChatHistoryFetchOptions,\n  ) => Promise<ChatHistorySnapshotWithDecryptedEntries>;\n  compactHistory: (\n    payload: CompactHistoryRequestPayload,\n  ) => Promise<ChatHistoryCompactionResponse>;\n  getEncryptionStatus: (\n    sessionId: string,\n  ) => Promise<SessionEncryptionStatusResponse>;\n  submitEncryptionHandshake: (\n    sessionId: string,\n    payload: EncryptionHandshakeSubmissionPayload,\n  ) => Promise<EncryptionHandshakeRecord>;\n  createEncryptedSession: (\n    options: StartEncryptedChatSessionOptions,\n  ) => Promise<EncryptedChatSessionHandle>;\n  acceptEncryptedSession: (\n    options: AcceptEncryptedChatSessionOptions,\n  ) => Promise<EncryptedChatSessionHandle>;\n  startConversation: (\n    options: StartConversationOptions,\n  ) => Promise<ChatConversationHandle>;\n  acceptConversation: (\n    options: AcceptConversationOptions,\n  ) => Promise<ChatConversationHandle>;\n}\n\nexport function createChatApi(\n  client: RegistryBrokerClient,\n  encryptedManager: EncryptedChatManager,\n): RegistryBrokerChatApi {\n  return {\n    start: (options: StartChatOptions) => client.startChat(options),\n    createSession: (payload: CreateSessionRequestPayload) =>\n      client.createSession(payload),\n    sendMessage: (payload: SendMessageRequestPayload) =>\n      client.sendMessage(payload),\n    endSession: (sessionId: string) => client.endSession(sessionId),\n    getHistory: (sessionId: string, options?: ChatHistoryFetchOptions) =>\n      client.fetchHistorySnapshot(sessionId, options),\n    compactHistory: (payload: CompactHistoryRequestPayload) =>\n      client.compactHistory(payload),\n    getEncryptionStatus: (sessionId: string) =>\n      client.fetchEncryptionStatus(sessionId),\n    submitEncryptionHandshake: (\n      sessionId: string,\n      payload: EncryptionHandshakeSubmissionPayload,\n    ) => client.postEncryptionHandshake(sessionId, payload),\n    startConversation: (options: StartConversationOptions) =>\n      client.startConversation(options),\n    acceptConversation: (options: AcceptConversationOptions) =>\n      client.acceptConversation(options),\n    createEncryptedSession: (options: StartEncryptedChatSessionOptions) =>\n      encryptedManager.startSession(options),\n    acceptEncryptedSession: (options: AcceptEncryptedChatSessionOptions) =>\n      encryptedManager.acceptSession(options),\n  };\n}\n\nexport async function createSession(\n  client: RegistryBrokerClient,\n  payload: CreateSessionRequestPayload,\n  allowHistoryAutoTopUp = true,\n): Promise<CreateSessionResponse> {\n  const body: JsonObject = {};\n  if ('uaid' in payload && payload.uaid) {\n    body.uaid = payload.uaid;\n  }\n  if ('agentUrl' in payload && payload.agentUrl) {\n    body.agentUrl = payload.agentUrl;\n  }\n  if (payload.auth) {\n    body.auth = serialiseAuthConfig(payload.auth);\n  }\n  if (payload.historyTtlSeconds !== undefined) {\n    body.historyTtlSeconds = payload.historyTtlSeconds;\n  }\n  if (payload.encryptionRequested !== undefined) {\n    body.encryptionRequested = payload.encryptionRequested;\n  }\n  if (payload.senderUaid) {\n    body.senderUaid = payload.senderUaid;\n  }\n  try {\n    const raw = await client.requestJson<JsonValue>('/chat/session', {\n      method: 'POST',\n      body,\n      headers: { 'content-type': 'application/json' },\n    });\n    return client.parseWithSchema(\n      raw,\n      createSessionResponseSchema,\n      'chat session response',\n    );\n  } catch (error) {\n    const maybeError = error instanceof Error ? error : null;\n    if (\n      allowHistoryAutoTopUp &&\n      client.shouldAutoTopUpHistory(payload, maybeError)\n    ) {\n      await client.executeHistoryAutoTopUp('chat.session');\n      return createSession(client, payload, false);\n    }\n    throw error;\n  }\n}\n\nexport async function startChat(\n  client: RegistryBrokerClient,\n  encryptedManager: EncryptedChatManager,\n  options: StartChatOptions,\n): Promise<ChatConversationHandle> {\n  if ('uaid' in options && options.uaid) {\n    return startConversation(client, encryptedManager, {\n      uaid: options.uaid,\n      senderUaid: options.senderUaid,\n      historyTtlSeconds: options.historyTtlSeconds,\n      auth: options.auth,\n      encryption: options.encryption,\n      onSessionCreated: options.onSessionCreated,\n    });\n  }\n  if ('agentUrl' in options && options.agentUrl) {\n    const session = await createSession(client, {\n      agentUrl: options.agentUrl,\n      auth: options.auth,\n      historyTtlSeconds: options.historyTtlSeconds,\n      senderUaid: options.senderUaid,\n    });\n    options.onSessionCreated?.(session.sessionId);\n    return createPlaintextConversationHandle(\n      client,\n      session.sessionId,\n      session.encryption ?? null,\n      options.auth,\n      { agentUrl: options.agentUrl, uaid: options.uaid },\n    );\n  }\n  throw new Error('startChat requires either uaid or agentUrl');\n}\n\nexport async function startConversation(\n  client: RegistryBrokerClient,\n  encryptedManager: EncryptedChatManager,\n  options: StartConversationOptions,\n): Promise<ChatConversationHandle> {\n  const preference = options.encryption?.preference ?? 'preferred';\n  const requestEncryption = preference !== 'disabled';\n  if (!requestEncryption) {\n    const session = await createSession(client, {\n      uaid: options.uaid,\n      auth: options.auth,\n      historyTtlSeconds: options.historyTtlSeconds,\n      senderUaid: options.senderUaid,\n      encryptionRequested: false,\n    });\n    options.onSessionCreated?.(session.sessionId);\n    return createPlaintextConversationHandle(\n      client,\n      session.sessionId,\n      session.encryption ?? null,\n      options.auth,\n      { uaid: options.uaid },\n    );\n  }\n  try {\n    const handle = await encryptedManager.startSession({\n      uaid: options.uaid,\n      senderUaid: options.senderUaid,\n      historyTtlSeconds: options.historyTtlSeconds,\n      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,\n      pollIntervalMs: options.encryption?.pollIntervalMs,\n      onSessionCreated: sessionId => {\n        options.onSessionCreated?.(sessionId);\n      },\n      auth: options.auth,\n    });\n    return handle;\n  } catch (error) {\n    if (error instanceof EncryptionUnavailableError) {\n      if (preference === 'required') {\n        throw error;\n      }\n      return createPlaintextConversationHandle(\n        client,\n        error.sessionId,\n        error.summary ?? null,\n        options.auth,\n        { uaid: options.uaid },\n      );\n    }\n    throw error;\n  }\n}\n\nexport async function acceptConversation(\n  client: RegistryBrokerClient,\n  encryptedManager: EncryptedChatManager,\n  options: AcceptConversationOptions,\n): Promise<ChatConversationHandle> {\n  const preference = options.encryption?.preference ?? 'preferred';\n  if (preference === 'disabled') {\n    return createPlaintextConversationHandle(client, options.sessionId, null);\n  }\n  try {\n    const handle = await encryptedManager.acceptSession({\n      sessionId: options.sessionId,\n      responderUaid: options.responderUaid,\n      handshakeTimeoutMs: options.encryption?.handshakeTimeoutMs,\n      pollIntervalMs: options.encryption?.pollIntervalMs,\n    });\n    return handle;\n  } catch (error) {\n    if (\n      error instanceof EncryptionUnavailableError &&\n      preference !== 'required'\n    ) {\n      return createPlaintextConversationHandle(\n        client,\n        options.sessionId,\n        null,\n        undefined,\n        { uaid: options.responderUaid },\n      );\n    }\n    throw error;\n  }\n}\n\nexport function createPlaintextConversationHandle(\n  client: RegistryBrokerClient,\n  sessionId: string,\n  summary: SessionEncryptionSummary | null,\n  defaultAuth?: AgentAuthConfig,\n  context?: { uaid?: string; agentUrl?: string },\n): ChatConversationHandle {\n  const uaid = context?.uaid?.trim();\n  const agentUrl = context?.agentUrl?.trim();\n  const fetchHistory = async (\n    options?: ChatHistoryFetchOptions,\n  ): Promise<DecryptedHistoryEntry[]> => {\n    const snapshot = await client.fetchHistorySnapshot(sessionId, options);\n    if (snapshot.decryptedHistory) {\n      return snapshot.decryptedHistory;\n    }\n    return snapshot.history.map(entry => ({\n      entry,\n      plaintext: entry.content,\n    }));\n  };\n  return {\n    sessionId,\n    mode: 'plaintext',\n    summary: summary ?? null,\n    send: async options => {\n      const plaintext = options.plaintext;\n      if (!plaintext || plaintext.trim().length === 0) {\n        throw new Error('plaintext is required for chat messages');\n      }\n      const message = options.message ?? plaintext;\n      return sendMessage(client, {\n        sessionId,\n        message,\n        streaming: options.streaming,\n        auth: options.auth ?? defaultAuth,\n        uaid,\n        agentUrl,\n      });\n    },\n    decryptHistoryEntry: entry => entry.content,\n    fetchHistory,\n  };\n}\n\nexport async function compactHistory(\n  client: RegistryBrokerClient,\n  payload: CompactHistoryRequestPayload,\n): Promise<ChatHistoryCompactionResponse> {\n  if (!payload.sessionId || payload.sessionId.trim().length === 0) {\n    throw new Error('sessionId is required to compact chat history');\n  }\n  const body: JsonObject = {};\n  if (\n    typeof payload.preserveEntries === 'number' &&\n    Number.isFinite(payload.preserveEntries) &&\n    payload.preserveEntries >= 0\n  ) {\n    body.preserveEntries = Math.floor(payload.preserveEntries);\n  }\n  const raw = await client.requestJson<JsonValue>(\n    `/chat/session/${encodeURIComponent(payload.sessionId)}/compact`,\n    {\n      method: 'POST',\n      headers: { 'content-type': 'application/json' },\n      body,\n    },\n  );\n  return client.parseWithSchema(\n    raw,\n    chatHistoryCompactionResponseSchema,\n    'chat history compaction response',\n  );\n}\n\nexport async function fetchEncryptionStatus(\n  client: RegistryBrokerClient,\n  sessionId: string,\n): Promise<SessionEncryptionStatusResponse> {\n  if (!sessionId || sessionId.trim().length === 0) {\n    throw new Error('sessionId is required for encryption status');\n  }\n  const raw = await client.requestJson<JsonValue>(\n    `/chat/session/${encodeURIComponent(sessionId)}/encryption`,\n    {\n      method: 'GET',\n    },\n  );\n  return client.parseWithSchema(\n    raw,\n    sessionEncryptionStatusResponseSchema,\n    'session encryption status response',\n  );\n}\n\nexport async function postEncryptionHandshake(\n  client: RegistryBrokerClient,\n  sessionId: string,\n  payload: EncryptionHandshakeSubmissionPayload,\n): Promise<EncryptionHandshakeRecord> {\n  if (!sessionId || sessionId.trim().length === 0) {\n    throw new Error('sessionId is required for encryption handshake');\n  }\n  const raw = await client.requestJson<JsonValue>(\n    `/chat/session/${encodeURIComponent(sessionId)}/encryption-handshake`,\n    {\n      method: 'POST',\n      headers: { 'content-type': 'application/json' },\n      body: {\n        role: payload.role,\n        keyType: payload.keyType,\n        ephemeralPublicKey: payload.ephemeralPublicKey,\n        longTermPublicKey: payload.longTermPublicKey,\n        signature: payload.signature,\n        uaid: payload.uaid,\n        userId: payload.userId,\n        ledgerAccountId: payload.ledgerAccountId,\n        metadata: payload.metadata,\n      },\n    },\n  );\n  const response = client.parseWithSchema(\n    raw,\n    encryptionHandshakeResponseSchema,\n    'encryption handshake response',\n  );\n  return response.handshake;\n}\n\nexport async function sendMessage(\n  client: RegistryBrokerClient,\n  payload: SendMessageRequestPayload,\n): Promise<SendMessageResponse> {\n  const body: JsonObject = {\n    message: payload.message,\n  };\n  if (payload.streaming !== undefined) {\n    body.streaming = payload.streaming;\n  }\n  if (payload.auth) {\n    body.auth = serialiseAuthConfig(payload.auth);\n  }\n  if ('uaid' in payload) {\n    body.uaid = payload.uaid;\n  }\n  if ('sessionId' in payload && payload.sessionId) {\n    body.sessionId = payload.sessionId;\n  }\n  if ('agentUrl' in payload && payload.agentUrl) {\n    body.agentUrl = payload.agentUrl;\n  }\n  let cipherEnvelope = payload.cipherEnvelope ?? null;\n  if (payload.encryption) {\n    const sessionIdForEncryption =\n      payload.encryption.sessionId ??\n      (typeof body.sessionId === 'string' ? body.sessionId : undefined);\n    if (!sessionIdForEncryption) {\n      throw new Error(\n        'sessionId is required when using encrypted chat payloads',\n      );\n    }\n    if (!payload.encryption.recipients?.length) {\n      throw new Error('recipients are required for encrypted chat payloads');\n    }\n    cipherEnvelope = client.encryption.encryptCipherEnvelope({\n      ...payload.encryption,\n      sessionId: sessionIdForEncryption,\n    });\n  }\n  if (cipherEnvelope) {\n    body.cipherEnvelope = toJsonObject(cipherEnvelope);\n  }\n  const raw = await client.requestJson<JsonValue>('/chat/message', {\n    method: 'POST',\n    body,\n    headers: { 'content-type': 'application/json' },\n  });\n  return client.parseWithSchema(\n    raw,\n    sendMessageResponseSchema,\n    'chat message response',\n  );\n}\n\nexport async function endSession(\n  client: RegistryBrokerClient,\n  sessionId: string,\n): Promise<void> {\n  await client.request(`/chat/session/${encodeURIComponent(sessionId)}`, {\n    method: 'DELETE',\n  });\n}\n"],"names":[],"mappings":";;;AA4EO,SAAS,cACd,QACA,kBACuB;AACvB,SAAO;AAAA,IACL,OAAO,CAAC,YAA8B,OAAO,UAAU,OAAO;AAAA,IAC9D,eAAe,CAAC,YACd,OAAO,cAAc,OAAO;AAAA,IAC9B,aAAa,CAAC,YACZ,OAAO,YAAY,OAAO;AAAA,IAC5B,YAAY,CAAC,cAAsB,OAAO,WAAW,SAAS;AAAA,IAC9D,YAAY,CAAC,WAAmB,YAC9B,OAAO,qBAAqB,WAAW,OAAO;AAAA,IAChD,gBAAgB,CAAC,YACf,OAAO,eAAe,OAAO;AAAA,IAC/B,qBAAqB,CAAC,cACpB,OAAO,sBAAsB,SAAS;AAAA,IACxC,2BAA2B,CACzB,WACA,YACG,OAAO,wBAAwB,WAAW,OAAO;AAAA,IACtD,mBAAmB,CAAC,YAClB,OAAO,kBAAkB,OAAO;AAAA,IAClC,oBAAoB,CAAC,YACnB,OAAO,mBAAmB,OAAO;AAAA,IACnC,wBAAwB,CAAC,YACvB,iBAAiB,aAAa,OAAO;AAAA,IACvC,wBAAwB,CAAC,YACvB,iBAAiB,cAAc,OAAO;AAAA,EAAA;AAE5C;AAEA,eAAsB,cACpB,QACA,SACA,wBAAwB,MACQ;AAChC,QAAM,OAAmB,CAAA;AACzB,MAAI,UAAU,WAAW,QAAQ,MAAM;AACrC,SAAK,OAAO,QAAQ;AAAA,EACtB;AACA,MAAI,cAAc,WAAW,QAAQ,UAAU;AAC7C,SAAK,WAAW,QAAQ;AAAA,EAC1B;AACA,MAAI,QAAQ,MAAM;AAChB,SAAK,OAAO,oBAAoB,QAAQ,IAAI;AAAA,EAC9C;AACA,MAAI,QAAQ,sBAAsB,QAAW;AAC3C,SAAK,oBAAoB,QAAQ;AAAA,EACnC;AACA,MAAI,QAAQ,wBAAwB,QAAW;AAC7C,SAAK,sBAAsB,QAAQ;AAAA,EACrC;AACA,MAAI,QAAQ,YAAY;AACtB,SAAK,aAAa,QAAQ;AAAA,EAC5B;AACA,MAAI;AACF,UAAM,MAAM,MAAM,OAAO,YAAuB,iBAAiB;AAAA,MAC/D,QAAQ;AAAA,MACR;AAAA,MACA,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAAmB,CAC/C;AACD,WAAO,OAAO;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,SAAS,OAAO;AACd,UAAM,aAAa,iBAAiB,QAAQ,QAAQ;AACpD,QACE,yBACA,OAAO,uBAAuB,SAAS,UAAU,GACjD;AACA,YAAM,OAAO,wBAAwB,cAAc;AACnD,aAAO,cAAc,QAAQ,SAAS,KAAK;AAAA,IAC7C;AACA,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,UACpB,QACA,kBACA,SACiC;AACjC,MAAI,UAAU,WAAW,QAAQ,MAAM;AACrC,WAAO,kBAAkB,QAAQ,kBAAkB;AAAA,MACjD,MAAM,QAAQ;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,mBAAmB,QAAQ;AAAA,MAC3B,MAAM,QAAQ;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,kBAAkB,QAAQ;AAAA,IAAA,CAC3B;AAAA,EACH;AACA,MAAI,cAAc,WAAW,QAAQ,UAAU;AAC7C,UAAM,UAAU,MAAM,cAAc,QAAQ;AAAA,MAC1C,UAAU,QAAQ;AAAA,MAClB,MAAM,QAAQ;AAAA,MACd,mBAAmB,QAAQ;AAAA,MAC3B,YAAY,QAAQ;AAAA,IAAA,CACrB;AACD,YAAQ,mBAAmB,QAAQ,SAAS;AAC5C,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ,cAAc;AAAA,MACtB,QAAQ;AAAA,MACR,EAAE,UAAU,QAAQ,UAAU,MAAM,QAAQ,KAAA;AAAA,IAAK;AAAA,EAErD;AACA,QAAM,IAAI,MAAM,4CAA4C;AAC9D;AAEA,eAAsB,kBACpB,QACA,kBACA,SACiC;AACjC,QAAM,aAAa,QAAQ,YAAY,cAAc;AACrD,QAAM,oBAAoB,eAAe;AACzC,MAAI,CAAC,mBAAmB;AACtB,UAAM,UAAU,MAAM,cAAc,QAAQ;AAAA,MAC1C,MAAM,QAAQ;AAAA,MACd,MAAM,QAAQ;AAAA,MACd,mBAAmB,QAAQ;AAAA,MAC3B,YAAY,QAAQ;AAAA,MACpB,qBAAqB;AAAA,IAAA,CACtB;AACD,YAAQ,mBAAmB,QAAQ,SAAS;AAC5C,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ,cAAc;AAAA,MACtB,QAAQ;AAAA,MACR,EAAE,MAAM,QAAQ,KAAA;AAAA,IAAK;AAAA,EAEzB;AACA,MAAI;AACF,UAAM,SAAS,MAAM,iBAAiB,aAAa;AAAA,MACjD,MAAM,QAAQ;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,mBAAmB,QAAQ;AAAA,MAC3B,oBAAoB,QAAQ,YAAY;AAAA,MACxC,gBAAgB,QAAQ,YAAY;AAAA,MACpC,kBAAkB,CAAA,cAAa;AAC7B,gBAAQ,mBAAmB,SAAS;AAAA,MACtC;AAAA,MACA,MAAM,QAAQ;AAAA,IAAA,CACf;AACD,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QAAI,iBAAiB,4BAA4B;AAC/C,UAAI,eAAe,YAAY;AAC7B,cAAM;AAAA,MACR;AACA,aAAO;AAAA,QACL;AAAA,QACA,MAAM;AAAA,QACN,MAAM,WAAW;AAAA,QACjB,QAAQ;AAAA,QACR,EAAE,MAAM,QAAQ,KAAA;AAAA,MAAK;AAAA,IAEzB;AACA,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,mBACpB,QACA,kBACA,SACiC;AACjC,QAAM,aAAa,QAAQ,YAAY,cAAc;AACrD,MAAI,eAAe,YAAY;AAC7B,WAAO,kCAAkC,QAAQ,QAAQ,WAAW,IAAI;AAAA,EAC1E;AACA,MAAI;AACF,UAAM,SAAS,MAAM,iBAAiB,cAAc;AAAA,MAClD,WAAW,QAAQ;AAAA,MACnB,eAAe,QAAQ;AAAA,MACvB,oBAAoB,QAAQ,YAAY;AAAA,MACxC,gBAAgB,QAAQ,YAAY;AAAA,IAAA,CACrC;AACD,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QACE,iBAAiB,8BACjB,eAAe,YACf;AACA,aAAO;AAAA,QACL;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA,EAAE,MAAM,QAAQ,cAAA;AAAA,MAAc;AAAA,IAElC;AACA,UAAM;AAAA,EACR;AACF;AAEO,SAAS,kCACd,QACA,WACA,SACA,aACA,SACwB;AACxB,QAAM,OAAO,SAAS,MAAM,KAAA;AAC5B,QAAM,WAAW,SAAS,UAAU,KAAA;AACpC,QAAM,eAAe,OACnB,YACqC;AACrC,UAAM,WAAW,MAAM,OAAO,qBAAqB,WAAW,OAAO;AACrE,QAAI,SAAS,kBAAkB;AAC7B,aAAO,SAAS;AAAA,IAClB;AACA,WAAO,SAAS,QAAQ,IAAI,CAAA,WAAU;AAAA,MACpC;AAAA,MACA,WAAW,MAAM;AAAA,IAAA,EACjB;AAAA,EACJ;AACA,SAAO;AAAA,IACL;AAAA,IACA,MAAM;AAAA,IACN,SAAS,WAAW;AAAA,IACpB,MAAM,OAAM,YAAW;AACrB,YAAM,YAAY,QAAQ;AAC1B,UAAI,CAAC,aAAa,UAAU,KAAA,EAAO,WAAW,GAAG;AAC/C,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AACA,YAAM,UAAU,QAAQ,WAAW;AACnC,aAAO,YAAY,QAAQ;AAAA,QACzB;AAAA,QACA;AAAA,QACA,WAAW,QAAQ;AAAA,QACnB,MAAM,QAAQ,QAAQ;AAAA,QACtB;AAAA,QACA;AAAA,MAAA,CACD;AAAA,IACH;AAAA,IACA,qBAAqB,WAAS,MAAM;AAAA,IACpC;AAAA,EAAA;AAEJ;AAEA,eAAsB,eACpB,QACA,SACwC;AACxC,MAAI,CAAC,QAAQ,aAAa,QAAQ,UAAU,KAAA,EAAO,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,OAAmB,CAAA;AACzB,MACE,OAAO,QAAQ,oBAAoB,YACnC,OAAO,SAAS,QAAQ,eAAe,KACvC,QAAQ,mBAAmB,GAC3B;AACA,SAAK,kBAAkB,KAAK,MAAM,QAAQ,eAAe;AAAA,EAC3D;AACA,QAAM,MAAM,MAAM,OAAO;AAAA,IACvB,iBAAiB,mBAAmB,QAAQ,SAAS,CAAC;AAAA,IACtD;AAAA,MACE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,MAC3B;AAAA,IAAA;AAAA,EACF;AAEF,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,eAAsB,sBACpB,QACA,WAC0C;AAC1C,MAAI,CAAC,aAAa,UAAU,KAAA,EAAO,WAAW,GAAG;AAC/C,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,QAAM,MAAM,MAAM,OAAO;AAAA,IACvB,iBAAiB,mBAAmB,SAAS,CAAC;AAAA,IAC9C;AAAA,MACE,QAAQ;AAAA,IAAA;AAAA,EACV;AAEF,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,eAAsB,wBACpB,QACA,WACA,SACoC;AACpC,MAAI,CAAC,aAAa,UAAU,KAAA,EAAO,WAAW,GAAG;AAC/C,UAAM,IAAI,MAAM,gDAAgD;AAAA,EAClE;AACA,QAAM,MAAM,MAAM,OAAO;AAAA,IACvB,iBAAiB,mBAAmB,SAAS,CAAC;AAAA,IAC9C;AAAA,MACE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,MAC3B,MAAM;AAAA,QACJ,MAAM,QAAQ;AAAA,QACd,SAAS,QAAQ;AAAA,QACjB,oBAAoB,QAAQ;AAAA,QAC5B,mBAAmB,QAAQ;AAAA,QAC3B,WAAW,QAAQ;AAAA,QACnB,MAAM,QAAQ;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,iBAAiB,QAAQ;AAAA,QACzB,UAAU,QAAQ;AAAA,MAAA;AAAA,IACpB;AAAA,EACF;AAEF,QAAM,WAAW,OAAO;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEF,SAAO,SAAS;AAClB;AAEA,eAAsB,YACpB,QACA,SAC8B;AAC9B,QAAM,OAAmB;AAAA,IACvB,SAAS,QAAQ;AAAA,EAAA;AAEnB,MAAI,QAAQ,cAAc,QAAW;AACnC,SAAK,YAAY,QAAQ;AAAA,EAC3B;AACA,MAAI,QAAQ,MAAM;AAChB,SAAK,OAAO,oBAAoB,QAAQ,IAAI;AAAA,EAC9C;AACA,MAAI,UAAU,SAAS;AACrB,SAAK,OAAO,QAAQ;AAAA,EACtB;AACA,MAAI,eAAe,WAAW,QAAQ,WAAW;AAC/C,SAAK,YAAY,QAAQ;AAAA,EAC3B;AACA,MAAI,cAAc,WAAW,QAAQ,UAAU;AAC7C,SAAK,WAAW,QAAQ;AAAA,EAC1B;AACA,MAAI,iBAAiB,QAAQ,kBAAkB;AAC/C,MAAI,QAAQ,YAAY;AACtB,UAAM,yBACJ,QAAQ,WAAW,cAClB,OAAO,KAAK,cAAc,WAAW,KAAK,YAAY;AACzD,QAAI,CAAC,wBAAwB;AAC3B,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AACA,QAAI,CAAC,QAAQ,WAAW,YAAY,QAAQ;AAC1C,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AACA,qBAAiB,OAAO,WAAW,sBAAsB;AAAA,MACvD,GAAG,QAAQ;AAAA,MACX,WAAW;AAAA,IAAA,CACZ;AAAA,EACH;AACA,MAAI,gBAAgB;AAClB,SAAK,iBAAiB,aAAa,cAAc;AAAA,EACnD;AACA,QAAM,MAAM,MAAM,OAAO,YAAuB,iBAAiB;AAAA,IAC/D,QAAQ;AAAA,IACR;AAAA,IACA,SAAS,EAAE,gBAAgB,mBAAA;AAAA,EAAmB,CAC/C;AACD,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,eAAsB,WACpB,QACA,WACe;AACf,QAAM,OAAO,QAAQ,iBAAiB,mBAAmB,SAAS,CAAC,IAAI;AAAA,IACrE,QAAQ;AAAA,EAAA,CACT;AACH;"}
+{"version":3,"file":"standards-sdk.es160.js","sources":["../../src/services/registry-broker/client/encryption.ts"],"sourcesContent":["import * as path from 'path';\nimport { Buffer } from 'buffer';\nimport { randomBytes } from 'crypto';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport type {\n  AutoRegisterEncryptionKeyOptions,\n  CipherEnvelope,\n  ClientEncryptionOptions,\n  DecryptCipherEnvelopeOptions,\n  DeriveSharedSecretOptions,\n  EncryptCipherEnvelopeOptions,\n  EphemeralKeyPair,\n  EnsureAgentKeyOptions,\n  RegisterEncryptionKeyPayload,\n  RegisterEncryptionKeyResponse,\n  SharedSecretInput,\n} from '../types';\nimport { registerEncryptionKeyResponseSchema } from '../schemas';\nimport { optionalImport } from '../../../utils/dynamic-import';\nimport type {\n  RegistryBrokerClient,\n  GenerateEncryptionKeyPairOptions,\n} from './base-client';\n\ntype FsModule = {\n  existsSync: (path: string) => boolean;\n  readFileSync: (path: string, encoding: BufferEncoding) => string;\n  writeFileSync: (path: string, data: string) => void;\n  appendFileSync: (path: string, data: string) => void;\n};\n\nconst getFs = async (): Promise<FsModule | null> => {\n  const fsModule = await optionalImport<Partial<FsModule>>('node:fs');\n\n  if (\n    fsModule &&\n    typeof fsModule.existsSync === 'function' &&\n    typeof fsModule.readFileSync === 'function' &&\n    typeof fsModule.writeFileSync === 'function' &&\n    typeof fsModule.appendFileSync === 'function'\n  ) {\n    return fsModule as FsModule;\n  }\n\n  return null;\n};\n\nexport interface RegistryBrokerEncryptionApi {\n  registerKey: (\n    payload: RegisterEncryptionKeyPayload,\n  ) => Promise<RegisterEncryptionKeyResponse>;\n  generateEphemeralKeyPair: () => EphemeralKeyPair;\n  deriveSharedSecret: (options: DeriveSharedSecretOptions) => Buffer;\n  encryptCipherEnvelope: (\n    options: EncryptCipherEnvelopeOptions,\n  ) => CipherEnvelope;\n  decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) => string;\n  ensureAgentKey: (\n    options: EnsureAgentKeyOptions,\n  ) => Promise<{ publicKey: string; privateKey?: string }>;\n}\n\nexport async function registerEncryptionKey(\n  client: RegistryBrokerClient,\n  payload: RegisterEncryptionKeyPayload,\n): Promise<RegisterEncryptionKeyResponse> {\n  const raw = await client.requestJson('/encryption/keys', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body: payload,\n  });\n  return client.parseWithSchema(\n    raw,\n    registerEncryptionKeyResponseSchema,\n    'register encryption key response',\n  );\n}\n\nfunction normalizeAutoRegisterIdentity(\n  config: AutoRegisterEncryptionKeyOptions,\n): Pick<\n  RegisterEncryptionKeyPayload,\n  'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n> | null {\n  const identity: Pick<\n    RegisterEncryptionKeyPayload,\n    'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n  > = {};\n  if (config.uaid) {\n    identity.uaid = config.uaid;\n  }\n  if (config.ledgerAccountId) {\n    identity.ledgerAccountId = config.ledgerAccountId;\n    if (config.ledgerNetwork) {\n      identity.ledgerNetwork = config.ledgerNetwork;\n    }\n  }\n  if (config.email) {\n    identity.email = config.email;\n  }\n  if (identity.uaid || identity.ledgerAccountId || identity.email) {\n    return identity;\n  }\n  return null;\n}\n\nfunction derivePublicKeyFromPrivateKey(\n  client: RegistryBrokerClient,\n  privateKey: string,\n): string {\n  const normalized = client.hexToBuffer(privateKey);\n  const publicKey = secp256k1.getPublicKey(normalized, true);\n  return Buffer.from(publicKey).toString('hex');\n}\n\nasync function resolveAutoRegisterKeyMaterial(\n  client: RegistryBrokerClient,\n  config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n  if (config.publicKey?.trim()) {\n    return { publicKey: config.publicKey.trim() };\n  }\n  let privateKey = config.privateKey?.trim();\n  const envVar = config.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {\n    privateKey = process.env[envVar]?.trim();\n  }\n  if (!privateKey && config.generateIfMissing) {\n    const pair = await client.generateEncryptionKeyPair({\n      keyType: config.keyType ?? 'secp256k1',\n      envVar,\n      envPath: config.envPath,\n      overwrite: config.overwriteEnv,\n    });\n    return { publicKey: pair.publicKey, privateKey: pair.privateKey };\n  }\n  if (privateKey) {\n    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);\n    return { publicKey, privateKey };\n  }\n  return null;\n}\n\nexport async function autoRegisterEncryptionKey(\n  client: RegistryBrokerClient,\n  config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n  const identity = normalizeAutoRegisterIdentity(config);\n  if (!identity) {\n    throw new Error(\n      'Auto-registration requires uaid, ledgerAccountId, or email',\n    );\n  }\n  const material = await resolveAutoRegisterKeyMaterial(client, config);\n  if (!material) {\n    throw new Error(\n      'Unable to resolve encryption public key for auto-registration',\n    );\n  }\n  await registerEncryptionKey(client, {\n    keyType: config.keyType ?? 'secp256k1',\n    publicKey: material.publicKey,\n    ...identity,\n  });\n  return material;\n}\n\nexport async function ensureAgentEncryptionKey(\n  client: RegistryBrokerClient,\n  options: EnsureAgentKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n  return autoRegisterEncryptionKey(client, {\n    ...options,\n    uaid: options.uaid,\n    enabled: true,\n  });\n}\n\nexport function createEncryptionApi(\n  client: RegistryBrokerClient,\n): RegistryBrokerEncryptionApi {\n  return {\n    registerKey: (payload: RegisterEncryptionKeyPayload) =>\n      registerEncryptionKey(client, payload),\n    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),\n    deriveSharedSecret: (options: DeriveSharedSecretOptions) =>\n      client.deriveSharedSecret(options),\n    encryptCipherEnvelope: (options: EncryptCipherEnvelopeOptions) =>\n      client.buildCipherEnvelope(options),\n    decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) =>\n      client.openCipherEnvelope(options),\n    ensureAgentKey: (options: EnsureAgentKeyOptions) =>\n      ensureAgentEncryptionKey(client, options),\n  };\n}\n\nexport async function bootstrapEncryptionOptions(\n  client: RegistryBrokerClient,\n  options?: ClientEncryptionOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n  if (!options?.autoRegister || options.autoRegister.enabled === false) {\n    return null;\n  }\n  return autoRegisterEncryptionKey(client, options.autoRegister);\n}\n\nexport async function generateEncryptionKeyPair(\n  client: RegistryBrokerClient,\n  options: GenerateEncryptionKeyPairOptions = {},\n): Promise<{\n  privateKey: string;\n  publicKey: string;\n  envPath?: string;\n  envVar: string;\n}> {\n  client.assertNodeRuntime('generateEncryptionKeyPair');\n\n  const keyType = options.keyType ?? 'secp256k1';\n  if (keyType !== 'secp256k1') {\n    throw new Error('Only secp256k1 key generation is supported currently');\n  }\n\n  const privateKeyBytes = randomBytes(32);\n  const privateKey = Buffer.from(privateKeyBytes).toString('hex');\n  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);\n  const publicKey = Buffer.from(publicKeyBytes).toString('hex');\n\n  const envVar = options.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n  const resolvedPath = options.envPath\n    ? path.resolve(options.envPath)\n    : undefined;\n\n  if (resolvedPath) {\n    const fsModule = await getFs();\n\n    if (!fsModule) {\n      throw new Error(\n        'File system module is not available; cannot write encryption key env file',\n      );\n    }\n\n    const envLine = `${envVar}=${privateKey}`;\n    if (fsModule.existsSync(resolvedPath)) {\n      const content = fsModule.readFileSync(resolvedPath, 'utf-8');\n      const lineRegex = new RegExp(`^${envVar}=.*$`, 'm');\n      if (lineRegex.test(content)) {\n        if (!options.overwrite) {\n          throw new Error(\n            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`,\n          );\n        }\n        const updated = content.replace(lineRegex, envLine);\n        fsModule.writeFileSync(resolvedPath, updated);\n      } else {\n        const needsNewline = !content.endsWith('\\n');\n        fsModule.appendFileSync(\n          resolvedPath,\n          `${needsNewline ? '\\n' : ''}${envLine}\\n`,\n        );\n      }\n    } else {\n      fsModule.writeFileSync(resolvedPath, `${envLine}\\n`);\n    }\n  }\n\n  return {\n    privateKey,\n    publicKey,\n    envPath: resolvedPath,\n    envVar,\n  };\n}\n"],"names":[],"mappings":";;;;;;AA+BA,MAAM,QAAQ,YAAsC;AAClD,QAAM,WAAW,MAAM,eAAkC,SAAS;AAElE,MACE,YACA,OAAO,SAAS,eAAe,cAC/B,OAAO,SAAS,iBAAiB,cACjC,OAAO,SAAS,kBAAkB,cAClC,OAAO,SAAS,mBAAmB,YACnC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAiBA,eAAsB,sBACpB,QACA,SACwC;AACxC,QAAM,MAAM,MAAM,OAAO,YAAY,oBAAoB;AAAA,IACvD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B,MAAM;AAAA,EAAA,CACP;AACD,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,SAAS,8BACP,QAIO;AACP,QAAM,WAGF,CAAA;AACJ,MAAI,OAAO,MAAM;AACf,aAAS,OAAO,OAAO;AAAA,EACzB;AACA,MAAI,OAAO,iBAAiB;AAC1B,aAAS,kBAAkB,OAAO;AAClC,QAAI,OAAO,eAAe;AACxB,eAAS,gBAAgB,OAAO;AAAA,IAClC;AAAA,EACF;AACA,MAAI,OAAO,OAAO;AAChB,aAAS,QAAQ,OAAO;AAAA,EAC1B;AACA,MAAI,SAAS,QAAQ,SAAS,mBAAmB,SAAS,OAAO;AAC/D,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,8BACP,QACA,YACQ;AACR,QAAM,aAAa,OAAO,YAAY,UAAU;AAChD,QAAM,YAAY,UAAU,aAAa,YAAY,IAAI;AACzD,SAAO,OAAO,KAAK,SAAS,EAAE,SAAS,KAAK;AAC9C;AAEA,eAAe,+BACb,QACA,QAC4D;AAC5D,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,EAAE,WAAW,OAAO,UAAU,OAAK;AAAA,EAC5C;AACA,MAAI,aAAa,OAAO,YAAY,KAAA;AACpC,QAAM,SAAS,OAAO,UAAU;AAChC,MAAI,CAAC,cAAc,UAAU,SAAS,MAAM,MAAM,GAAG,QAAQ;AAC3D,iBAAa,QAAQ,IAAI,MAAM,GAAG,KAAA;AAAA,EACpC;AACA,MAAI,CAAC,cAAc,OAAO,mBAAmB;AAC3C,UAAM,OAAO,MAAM,OAAO,0BAA0B;AAAA,MAClD,SAAS,OAAO,WAAW;AAAA,MAC3B;AAAA,MACA,SAAS,OAAO;AAAA,MAChB,WAAW,OAAO;AAAA,IAAA,CACnB;AACD,WAAO,EAAE,WAAW,KAAK,WAAW,YAAY,KAAK,WAAA;AAAA,EACvD;AACA,MAAI,YAAY;AACd,UAAM,YAAY,8BAA8B,QAAQ,UAAU;AAClE,WAAO,EAAE,WAAW,WAAA;AAAA,EACtB;AACA,SAAO;AACT;AAEA,eAAsB,0BACpB,QACA,QACqD;AACrD,QAAM,WAAW,8BAA8B,MAAM;AACrD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,WAAW,MAAM,+BAA+B,QAAQ,MAAM;AACpE,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,sBAAsB,QAAQ;AAAA,IAClC,SAAS,OAAO,WAAW;AAAA,IAC3B,WAAW,SAAS;AAAA,IACpB,GAAG;AAAA,EAAA,CACJ;AACD,SAAO;AACT;AAEA,eAAsB,yBACpB,QACA,SACqD;AACrD,SAAO,0BAA0B,QAAQ;AAAA,IACvC,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAEhB,CAAC;AACH;AAEO,SAAS,oBACd,QAC6B;AAC7B,SAAO;AAAA,IACL,aAAa,CAAC,YACZ,sBAAsB,QAAQ,OAAO;AAAA,IACvC,0BAA0B,MAAM,OAAO,uBAAA;AAAA,IACvC,oBAAoB,CAAC,YACnB,OAAO,mBAAmB,OAAO;AAAA,IACnC,uBAAuB,CAAC,YACtB,OAAO,oBAAoB,OAAO;AAAA,IACpC,uBAAuB,CAAC,YACtB,OAAO,mBAAmB,OAAO;AAAA,IACnC,gBAAgB,CAAC,YACf,yBAAyB,QAAQ,OAAO;AAAA,EAAA;AAE9C;AAEA,eAAsB,2BACpB,QACA,SAC4D;AAC5D,MAAI,CAAC,SAAS,gBAAgB,QAAQ,aAAa,YAAY,OAAO;AACpE,WAAO;AAAA,EACT;AACA,SAAO,0BAA0B,QAAQ,QAAQ,YAAY;AAC/D;AAEA,eAAsB,0BACpB,QACA,UAA4C,IAM3C;AACD,SAAO,kBAAkB,2BAA2B;AAEpD,QAAM,UAAU,QAAQ,WAAW;AACnC,MAAI,YAAY,aAAa;AAC3B,UAAM,IAAI,MAAM,sDAAsD;AAAA,EACxE;AAEA,QAAM,kBAAkB,YAAY,EAAE;AACtC,QAAM,aAAa,OAAO,KAAK,eAAe,EAAE,SAAS,KAAK;AAC9D,QAAM,iBAAiB,UAAU,aAAa,iBAAiB,IAAI;AACnE,QAAM,YAAY,OAAO,KAAK,cAAc,EAAE,SAAS,KAAK;AAE5D,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,eAAe,QAAQ,UACzB,KAAK,QAAQ,QAAQ,OAAO,IAC5B;AAEJ,MAAI,cAAc;AAChB,UAAM,WAAW,MAAM,MAAA;AAEvB,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,UAAU,GAAG,MAAM,IAAI,UAAU;AACvC,QAAI,SAAS,WAAW,YAAY,GAAG;AACrC,YAAM,UAAU,SAAS,aAAa,cAAc,OAAO;AAC3D,YAAM,YAAY,IAAI,OAAO,IAAI,MAAM,QAAQ,GAAG;AAClD,UAAI,UAAU,KAAK,OAAO,GAAG;AAC3B,YAAI,CAAC,QAAQ,WAAW;AACtB,gBAAM,IAAI;AAAA,YACR,GAAG,MAAM,sBAAsB,YAAY;AAAA,UAAA;AAAA,QAE/C;AACA,cAAM,UAAU,QAAQ,QAAQ,WAAW,OAAO;AAClD,iBAAS,cAAc,cAAc,OAAO;AAAA,MAC9C,OAAO;AACL,cAAM,eAAe,CAAC,QAAQ,SAAS,IAAI;AAC3C,iBAAS;AAAA,UACP;AAAA,UACA,GAAG,eAAe,OAAO,EAAE,GAAG,OAAO;AAAA;AAAA,QAAA;AAAA,MAEzC;AAAA,IACF,OAAO;AACL,eAAS,cAAc,cAAc,GAAG,OAAO;AAAA,CAAI;AAAA,IACrD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EAAA;AAEJ;"}