@hashgraphonline/standards-sdk 0.1.180 → 0.1.181
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/services/registry-broker/client/base-client.d.ts +3 -0
- package/dist/browser/services/registry-broker/client/base-client.d.ts.map +1 -1
- package/dist/browser/services/registry-broker/client/guard.d.ts.map +1 -1
- package/dist/browser/services/registry-broker/types.d.ts +3 -0
- package/dist/browser/services/registry-broker/types.d.ts.map +1 -1
- package/dist/browser-root/services/registry-broker/client/base-client.d.ts +3 -0
- package/dist/browser-root/services/registry-broker/client/base-client.d.ts.map +1 -1
- package/dist/browser-root/services/registry-broker/client/guard.d.ts.map +1 -1
- package/dist/browser-root/services/registry-broker/types.d.ts +3 -0
- package/dist/browser-root/services/registry-broker/types.d.ts.map +1 -1
- package/dist/browser-root/standards-sdk.root-browser.js +340 -104
- package/dist/browser-root/standards-sdk.root-browser.js.map +1 -1
- package/dist/cjs/services/registry-broker/client/base-client.d.ts +3 -0
- package/dist/cjs/services/registry-broker/client/base-client.d.ts.map +1 -1
- package/dist/cjs/services/registry-broker/client/guard.d.ts.map +1 -1
- package/dist/cjs/services/registry-broker/types.d.ts +3 -0
- package/dist/cjs/services/registry-broker/types.d.ts.map +1 -1
- package/dist/cjs/standards-sdk.cjs +1 -1
- package/dist/cjs/standards-sdk.cjs.map +1 -1
- package/dist/es/services/registry-broker/client/base-client.d.ts +3 -0
- package/dist/es/services/registry-broker/client/base-client.d.ts.map +1 -1
- package/dist/es/services/registry-broker/client/guard.d.ts.map +1 -1
- package/dist/es/services/registry-broker/types.d.ts +3 -0
- package/dist/es/services/registry-broker/types.d.ts.map +1 -1
- package/dist/es/standards-sdk.es.js +10 -7
- package/dist/es/standards-sdk.es.js.map +1 -1
- package/dist/es/standards-sdk.es104.js +1 -1
- package/dist/es/standards-sdk.es106.js +1 -1
- package/dist/es/standards-sdk.es108.js +1 -1
- package/dist/es/standards-sdk.es11.js +1 -1
- package/dist/es/standards-sdk.es110.js +1 -1
- package/dist/es/standards-sdk.es116.js +1 -1
- package/dist/es/standards-sdk.es12.js +1 -1
- package/dist/es/standards-sdk.es121.js +1 -1
- package/dist/es/standards-sdk.es127.js +2 -2
- package/dist/es/standards-sdk.es142.js +1 -1
- package/dist/es/standards-sdk.es145.js +43 -14
- package/dist/es/standards-sdk.es145.js.map +1 -1
- package/dist/es/standards-sdk.es147.js +3 -3
- package/dist/es/standards-sdk.es148.js +4 -81
- package/dist/es/standards-sdk.es148.js.map +1 -1
- package/dist/es/standards-sdk.es149.js +71 -77
- package/dist/es/standards-sdk.es149.js.map +1 -1
- package/dist/es/standards-sdk.es150.js +80 -53
- package/dist/es/standards-sdk.es150.js.map +1 -1
- package/dist/es/standards-sdk.es151.js +53 -152
- package/dist/es/standards-sdk.es151.js.map +1 -1
- package/dist/es/standards-sdk.es152.js +159 -7
- package/dist/es/standards-sdk.es152.js.map +1 -1
- package/dist/es/standards-sdk.es153.js +7 -86
- package/dist/es/standards-sdk.es153.js.map +1 -1
- package/dist/es/standards-sdk.es154.js +64 -43
- package/dist/es/standards-sdk.es154.js.map +1 -1
- package/dist/es/standards-sdk.es155.js +65 -30
- package/dist/es/standards-sdk.es155.js.map +1 -1
- package/dist/es/standards-sdk.es156.js +30 -34
- package/dist/es/standards-sdk.es156.js.map +1 -1
- package/dist/es/standards-sdk.es157.js +34 -48
- package/dist/es/standards-sdk.es157.js.map +1 -1
- package/dist/es/standards-sdk.es158.js +48 -138
- package/dist/es/standards-sdk.es158.js.map +1 -1
- package/dist/es/standards-sdk.es159.js +133 -37
- package/dist/es/standards-sdk.es159.js.map +1 -1
- package/dist/es/standards-sdk.es16.js +2 -2
- package/dist/es/standards-sdk.es160.js +42 -2352
- package/dist/es/standards-sdk.es160.js.map +1 -1
- package/dist/es/standards-sdk.es162.js +2352 -672
- package/dist/es/standards-sdk.es162.js.map +1 -1
- package/dist/es/standards-sdk.es163.js +15 -54
- package/dist/es/standards-sdk.es163.js.map +1 -1
- package/dist/es/standards-sdk.es165.js +63 -71
- package/dist/es/standards-sdk.es165.js.map +1 -1
- package/dist/es/standards-sdk.es166.js +48 -192
- package/dist/es/standards-sdk.es166.js.map +1 -1
- package/dist/es/standards-sdk.es167.js +79 -15
- package/dist/es/standards-sdk.es167.js.map +1 -1
- package/dist/es/standards-sdk.es168.js +181 -54
- package/dist/es/standards-sdk.es168.js.map +1 -1
- package/dist/es/standards-sdk.es175.js +653 -120
- package/dist/es/standards-sdk.es175.js.map +1 -1
- package/dist/es/standards-sdk.es176.js +111 -303
- package/dist/es/standards-sdk.es176.js.map +1 -1
- package/dist/es/standards-sdk.es177.js +297 -225
- package/dist/es/standards-sdk.es177.js.map +1 -1
- package/dist/es/standards-sdk.es178.js +239 -176
- package/dist/es/standards-sdk.es178.js.map +1 -1
- package/dist/es/standards-sdk.es179.js +178 -101
- package/dist/es/standards-sdk.es179.js.map +1 -1
- package/dist/es/standards-sdk.es18.js +4 -4
- package/dist/es/standards-sdk.es180.js +75 -108
- package/dist/es/standards-sdk.es180.js.map +1 -1
- package/dist/es/standards-sdk.es181.js +116 -148
- package/dist/es/standards-sdk.es181.js.map +1 -1
- package/dist/es/standards-sdk.es182.js +143 -439
- package/dist/es/standards-sdk.es182.js.map +1 -1
- package/dist/es/standards-sdk.es183.js +661 -162
- package/dist/es/standards-sdk.es183.js.map +1 -1
- package/dist/es/standards-sdk.es184.js +156 -206
- package/dist/es/standards-sdk.es184.js.map +1 -1
- package/dist/es/standards-sdk.es185.js +219 -223
- package/dist/es/standards-sdk.es185.js.map +1 -1
- package/dist/es/standards-sdk.es186.js +242 -0
- package/dist/es/standards-sdk.es186.js.map +1 -0
- package/dist/es/standards-sdk.es19.js +2 -2
- package/dist/es/standards-sdk.es22.js +1 -1
- package/dist/es/standards-sdk.es27.js +4 -4
- package/dist/es/standards-sdk.es35.js +2 -2
- package/dist/es/standards-sdk.es36.js +2 -2
- package/dist/es/standards-sdk.es4.js +1 -1
- package/dist/es/standards-sdk.es53.js +1 -1
- package/dist/es/standards-sdk.es56.js +1 -1
- package/dist/es/standards-sdk.es59.js +1 -1
- package/dist/es/standards-sdk.es62.js +1 -1
- package/dist/es/standards-sdk.es63.js +2 -2
- package/dist/es/standards-sdk.es64.js +1 -1
- package/dist/es/standards-sdk.es65.js +1 -1
- package/dist/es/standards-sdk.es67.js +3 -3
- package/dist/es/standards-sdk.es7.js +1 -1
- package/dist/es/standards-sdk.es71.js +1 -1
- package/dist/es/standards-sdk.es72.js +2 -2
- package/dist/es/standards-sdk.es75.js +2 -2
- package/dist/es/standards-sdk.es76.js +1 -1
- package/dist/es/standards-sdk.es78.js +1 -1
- package/dist/es/standards-sdk.es83.js +1 -1
- package/dist/es/standards-sdk.es84.js +2 -2
- package/dist/es/standards-sdk.es85.js +1 -1
- package/dist/es/standards-sdk.es88.js +1 -1
- package/dist/es/standards-sdk.es90.js +1 -1
- package/dist/es/standards-sdk.es94.js +3 -3
- package/dist/es/standards-sdk.es98.js +1 -1
- package/dist/es/standards-sdk.es99.js +1 -1
- package/package.json +1 -1
|
@@ -1,199 +1,262 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
const fsModule = await optionalImport("node:fs") ?? await optionalImport("fs");
|
|
7
|
-
if (fsModule && typeof fsModule.existsSync === "function" && typeof fsModule.readFileSync === "function" && typeof fsModule.writeFileSync === "function" && typeof fsModule.appendFileSync === "function") {
|
|
8
|
-
return fsModule;
|
|
1
|
+
class EncryptionUnavailableError extends Error {
|
|
2
|
+
constructor(sessionId, summary) {
|
|
3
|
+
super("Encryption is not enabled for this session");
|
|
4
|
+
this.sessionId = sessionId;
|
|
5
|
+
this.summary = summary;
|
|
9
6
|
}
|
|
10
|
-
return null;
|
|
11
|
-
};
|
|
12
|
-
const getNodePath = async () => {
|
|
13
|
-
const pathModule = await optionalImport("node:path") ?? await optionalImport("path");
|
|
14
|
-
if (pathModule && typeof pathModule.resolve === "function") {
|
|
15
|
-
return pathModule;
|
|
16
|
-
}
|
|
17
|
-
return null;
|
|
18
|
-
};
|
|
19
|
-
const getNodeCrypto = async () => {
|
|
20
|
-
const cryptoModule = await optionalImport("node:crypto") ?? await optionalImport("crypto");
|
|
21
|
-
if (cryptoModule && typeof cryptoModule.randomBytes === "function") {
|
|
22
|
-
return cryptoModule;
|
|
23
|
-
}
|
|
24
|
-
return null;
|
|
25
|
-
};
|
|
26
|
-
async function registerEncryptionKey(client, payload) {
|
|
27
|
-
const raw = await client.requestJson("/encryption/keys", {
|
|
28
|
-
method: "POST",
|
|
29
|
-
headers: { "content-type": "application/json" },
|
|
30
|
-
body: payload
|
|
31
|
-
});
|
|
32
|
-
return client.parseWithSchema(
|
|
33
|
-
raw,
|
|
34
|
-
registerEncryptionKeyResponseSchema,
|
|
35
|
-
"register encryption key response"
|
|
36
|
-
);
|
|
37
|
-
}
|
|
38
|
-
function normalizeAutoRegisterIdentity(config) {
|
|
39
|
-
const identity = {};
|
|
40
|
-
if (config.uaid) {
|
|
41
|
-
identity.uaid = config.uaid;
|
|
42
|
-
}
|
|
43
|
-
if (config.ledgerAccountId) {
|
|
44
|
-
identity.ledgerAccountId = config.ledgerAccountId;
|
|
45
|
-
if (config.ledgerNetwork) {
|
|
46
|
-
identity.ledgerNetwork = config.ledgerNetwork;
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
if (config.email) {
|
|
50
|
-
identity.email = config.email;
|
|
51
|
-
}
|
|
52
|
-
if (identity.uaid || identity.ledgerAccountId || identity.email) {
|
|
53
|
-
return identity;
|
|
54
|
-
}
|
|
55
|
-
return null;
|
|
56
7
|
}
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
return Buffer.from(publicKey).toString("hex");
|
|
61
|
-
}
|
|
62
|
-
async function resolveAutoRegisterKeyMaterial(client, config) {
|
|
63
|
-
if (config.publicKey?.trim()) {
|
|
64
|
-
return { publicKey: config.publicKey.trim() };
|
|
8
|
+
class EncryptedChatManager {
|
|
9
|
+
constructor(client) {
|
|
10
|
+
this.client = client;
|
|
65
11
|
}
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {
|
|
69
|
-
privateKey = process.env[envVar]?.trim();
|
|
12
|
+
registerConversationContext(context) {
|
|
13
|
+
this.client.registerConversationContextForEncryption(context);
|
|
70
14
|
}
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
15
|
+
async startSession(options) {
|
|
16
|
+
await this.client.encryptionReady();
|
|
17
|
+
const session = await this.client.chat.createSession({
|
|
18
|
+
uaid: options.uaid,
|
|
19
|
+
senderUaid: options.senderUaid,
|
|
20
|
+
encryptionRequested: true,
|
|
21
|
+
historyTtlSeconds: options.historyTtlSeconds,
|
|
22
|
+
auth: options.auth
|
|
77
23
|
});
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
24
|
+
options.onSessionCreated?.(session.sessionId);
|
|
25
|
+
const summary = session.encryption;
|
|
26
|
+
if (!summary?.enabled) {
|
|
27
|
+
throw new EncryptionUnavailableError(
|
|
28
|
+
session.sessionId,
|
|
29
|
+
session.encryption ?? null
|
|
30
|
+
);
|
|
31
|
+
}
|
|
32
|
+
const handle = await this.establishRequesterContext({
|
|
33
|
+
sessionId: session.sessionId,
|
|
34
|
+
summary,
|
|
35
|
+
senderUaid: options.senderUaid,
|
|
36
|
+
handshakeTimeoutMs: options.handshakeTimeoutMs,
|
|
37
|
+
pollIntervalMs: options.pollIntervalMs
|
|
38
|
+
});
|
|
39
|
+
return handle;
|
|
83
40
|
}
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
"Auto-registration requires uaid, ledgerAccountId, or email"
|
|
41
|
+
async acceptSession(options) {
|
|
42
|
+
await this.client.encryptionReady();
|
|
43
|
+
const summary = await this.waitForEncryptionSummary(
|
|
44
|
+
options.sessionId,
|
|
45
|
+
options.handshakeTimeoutMs,
|
|
46
|
+
options.pollIntervalMs
|
|
91
47
|
);
|
|
48
|
+
const handle = await this.establishResponderContext({
|
|
49
|
+
sessionId: options.sessionId,
|
|
50
|
+
summary,
|
|
51
|
+
responderUaid: options.responderUaid,
|
|
52
|
+
handshakeTimeoutMs: options.handshakeTimeoutMs,
|
|
53
|
+
pollIntervalMs: options.pollIntervalMs
|
|
54
|
+
});
|
|
55
|
+
return handle;
|
|
92
56
|
}
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
57
|
+
async establishRequesterContext(params) {
|
|
58
|
+
const keyPair = this.client.encryption.generateEphemeralKeyPair();
|
|
59
|
+
await this.client.chat.submitEncryptionHandshake(params.sessionId, {
|
|
60
|
+
role: "requester",
|
|
61
|
+
keyType: "secp256k1",
|
|
62
|
+
ephemeralPublicKey: keyPair.publicKey,
|
|
63
|
+
uaid: params.senderUaid ?? params.summary.requester?.uaid ?? void 0
|
|
64
|
+
});
|
|
65
|
+
const { summary, record } = await this.waitForHandshakeCompletion(
|
|
66
|
+
params.sessionId,
|
|
67
|
+
params.handshakeTimeoutMs,
|
|
68
|
+
params.pollIntervalMs
|
|
97
69
|
);
|
|
70
|
+
const responderKey = record.responder?.ephemeralPublicKey;
|
|
71
|
+
if (!responderKey) {
|
|
72
|
+
throw new Error("Responder handshake was not completed in time");
|
|
73
|
+
}
|
|
74
|
+
const sharedSecret = this.client.encryption.deriveSharedSecret({
|
|
75
|
+
privateKey: keyPair.privateKey,
|
|
76
|
+
peerPublicKey: responderKey
|
|
77
|
+
}).subarray();
|
|
78
|
+
const recipients = this.buildRecipients(summary);
|
|
79
|
+
return this.createHandle({
|
|
80
|
+
sessionId: params.sessionId,
|
|
81
|
+
sharedSecret,
|
|
82
|
+
summary,
|
|
83
|
+
recipients,
|
|
84
|
+
identity: summary.requester ?? void 0
|
|
85
|
+
});
|
|
98
86
|
}
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
87
|
+
async establishResponderContext(params) {
|
|
88
|
+
const keyPair = this.client.encryption.generateEphemeralKeyPair();
|
|
89
|
+
await this.client.chat.submitEncryptionHandshake(params.sessionId, {
|
|
90
|
+
role: "responder",
|
|
91
|
+
keyType: "secp256k1",
|
|
92
|
+
ephemeralPublicKey: keyPair.publicKey,
|
|
93
|
+
uaid: params.responderUaid ?? params.summary.responder?.uaid ?? void 0
|
|
94
|
+
});
|
|
95
|
+
const { summary, record } = await this.waitForHandshakeCompletion(
|
|
96
|
+
params.sessionId,
|
|
97
|
+
params.handshakeTimeoutMs,
|
|
98
|
+
params.pollIntervalMs
|
|
99
|
+
);
|
|
100
|
+
const requesterKey = record.requester?.ephemeralPublicKey;
|
|
101
|
+
if (!requesterKey) {
|
|
102
|
+
throw new Error("Requester handshake was not detected in time");
|
|
103
|
+
}
|
|
104
|
+
const sharedSecret = this.client.encryption.deriveSharedSecret({
|
|
105
|
+
privateKey: keyPair.privateKey,
|
|
106
|
+
peerPublicKey: requesterKey
|
|
107
|
+
}).subarray();
|
|
108
|
+
const recipients = this.buildRecipients(summary);
|
|
109
|
+
return this.createHandle({
|
|
110
|
+
sessionId: params.sessionId,
|
|
111
|
+
sharedSecret,
|
|
112
|
+
summary,
|
|
113
|
+
recipients,
|
|
114
|
+
identity: summary.responder ?? void 0
|
|
115
|
+
});
|
|
125
116
|
}
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
117
|
+
async waitForHandshakeCompletion(sessionId, timeoutMs = 3e4, pollIntervalMs = 1e3) {
|
|
118
|
+
const deadline = Date.now() + timeoutMs;
|
|
119
|
+
while (true) {
|
|
120
|
+
const status = await this.client.chat.getEncryptionStatus(sessionId);
|
|
121
|
+
const summary = status.encryption;
|
|
122
|
+
const record = summary?.handshake;
|
|
123
|
+
if (summary && record && record.status === "complete") {
|
|
124
|
+
return { summary, record };
|
|
125
|
+
}
|
|
126
|
+
if (Date.now() >= deadline) {
|
|
127
|
+
throw new Error("Timed out waiting for encrypted handshake completion");
|
|
128
|
+
}
|
|
129
|
+
await this.delay(pollIntervalMs);
|
|
130
|
+
}
|
|
133
131
|
}
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
132
|
+
async waitForEncryptionSummary(sessionId, _timeoutMs = 3e4, _pollIntervalMs = 1e3) {
|
|
133
|
+
const status = await this.client.chat.getEncryptionStatus(sessionId);
|
|
134
|
+
if (!status.encryption?.enabled) {
|
|
135
|
+
throw new EncryptionUnavailableError(
|
|
136
|
+
sessionId,
|
|
137
|
+
status.encryption ?? null
|
|
138
|
+
);
|
|
139
|
+
}
|
|
140
|
+
return status.encryption;
|
|
139
141
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
142
|
+
buildRecipients(summary) {
|
|
143
|
+
const candidates = [summary.requester, summary.responder].filter(Boolean);
|
|
144
|
+
const normalized = candidates.map((candidate) => {
|
|
145
|
+
if (!candidate) {
|
|
146
|
+
return null;
|
|
147
|
+
}
|
|
148
|
+
const recipient = {};
|
|
149
|
+
if (candidate.uaid) {
|
|
150
|
+
recipient.uaid = candidate.uaid;
|
|
151
|
+
}
|
|
152
|
+
if (candidate.ledgerAccountId) {
|
|
153
|
+
recipient.ledgerAccountId = candidate.ledgerAccountId;
|
|
154
|
+
}
|
|
155
|
+
if (candidate.userId) {
|
|
156
|
+
recipient.userId = candidate.userId;
|
|
157
|
+
}
|
|
158
|
+
if (candidate.email) {
|
|
159
|
+
recipient.email = candidate.email;
|
|
160
|
+
}
|
|
161
|
+
return recipient;
|
|
162
|
+
}).filter(
|
|
163
|
+
(entry) => Boolean(
|
|
164
|
+
entry?.uaid || entry?.ledgerAccountId || entry?.userId || entry?.email
|
|
165
|
+
)
|
|
150
166
|
);
|
|
167
|
+
if (normalized.length > 0) {
|
|
168
|
+
return normalized;
|
|
169
|
+
}
|
|
170
|
+
if (summary.responder?.uaid) {
|
|
171
|
+
return [{ uaid: summary.responder.uaid }];
|
|
172
|
+
}
|
|
173
|
+
return [];
|
|
151
174
|
}
|
|
152
|
-
|
|
153
|
-
const
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
175
|
+
createHandle(context) {
|
|
176
|
+
const sharedSecret = context.sharedSecret;
|
|
177
|
+
const uaid = context.summary.requester?.uaid ?? context.summary.responder?.uaid ?? context.identity?.uaid;
|
|
178
|
+
const decryptHistoryEntry = (entry) => this.decryptEntry(entry, context.identity, sharedSecret);
|
|
179
|
+
const fetchHistory = async (options) => {
|
|
180
|
+
const snapshot = await this.client.fetchHistorySnapshot(
|
|
181
|
+
context.sessionId,
|
|
182
|
+
options
|
|
157
183
|
);
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
if (fsModule.existsSync(resolvedPath)) {
|
|
161
|
-
const content = fsModule.readFileSync(resolvedPath, "utf-8");
|
|
162
|
-
const lineRegex = new RegExp(`^${envVar}=.*$`, "m");
|
|
163
|
-
if (lineRegex.test(content)) {
|
|
164
|
-
if (!options.overwrite) {
|
|
165
|
-
throw new Error(
|
|
166
|
-
`${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`
|
|
167
|
-
);
|
|
168
|
-
}
|
|
169
|
-
const updated = content.replace(lineRegex, envLine);
|
|
170
|
-
fsModule.writeFileSync(resolvedPath, updated);
|
|
171
|
-
} else {
|
|
172
|
-
const needsNewline = !content.endsWith("\n");
|
|
173
|
-
fsModule.appendFileSync(
|
|
174
|
-
resolvedPath,
|
|
175
|
-
`${needsNewline ? "\n" : ""}${envLine}
|
|
176
|
-
`
|
|
177
|
-
);
|
|
184
|
+
if (snapshot.decryptedHistory) {
|
|
185
|
+
return snapshot.decryptedHistory;
|
|
178
186
|
}
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
187
|
+
return snapshot.history.map((entry) => ({
|
|
188
|
+
entry,
|
|
189
|
+
plaintext: decryptHistoryEntry(entry)
|
|
190
|
+
}));
|
|
191
|
+
};
|
|
192
|
+
const handle = {
|
|
193
|
+
sessionId: context.sessionId,
|
|
194
|
+
mode: "encrypted",
|
|
195
|
+
summary: context.summary,
|
|
196
|
+
send: async (options) => {
|
|
197
|
+
const recipients = options.recipients ?? context.recipients;
|
|
198
|
+
return this.client.chat.sendMessage({
|
|
199
|
+
sessionId: context.sessionId,
|
|
200
|
+
message: options.message ?? "[ciphertext omitted]",
|
|
201
|
+
streaming: options.streaming,
|
|
202
|
+
auth: options.auth,
|
|
203
|
+
uaid,
|
|
204
|
+
encryption: {
|
|
205
|
+
plaintext: options.plaintext,
|
|
206
|
+
sharedSecret: Buffer.from(sharedSecret),
|
|
207
|
+
recipients
|
|
208
|
+
}
|
|
209
|
+
});
|
|
210
|
+
},
|
|
211
|
+
decryptHistoryEntry,
|
|
212
|
+
fetchHistory
|
|
213
|
+
};
|
|
214
|
+
this.registerConversationContext({
|
|
215
|
+
sessionId: context.sessionId,
|
|
216
|
+
sharedSecret,
|
|
217
|
+
identity: context.identity
|
|
218
|
+
});
|
|
219
|
+
return handle;
|
|
220
|
+
}
|
|
221
|
+
decryptEntry(entry, identity, fallbackSecret) {
|
|
222
|
+
const envelope = entry.cipherEnvelope;
|
|
223
|
+
if (!envelope) {
|
|
224
|
+
return null;
|
|
225
|
+
}
|
|
226
|
+
const secret = Buffer.from(fallbackSecret);
|
|
227
|
+
try {
|
|
228
|
+
return this.client.encryption.decryptCipherEnvelope({
|
|
229
|
+
envelope,
|
|
230
|
+
sharedSecret: secret
|
|
231
|
+
});
|
|
232
|
+
} catch (_error) {
|
|
233
|
+
return null;
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
recipientMatches(candidate, target) {
|
|
237
|
+
if (target.uaid && candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()) {
|
|
238
|
+
return true;
|
|
239
|
+
}
|
|
240
|
+
if (target.ledgerAccountId && candidate.ledgerAccountId?.toLowerCase() === target.ledgerAccountId.toLowerCase()) {
|
|
241
|
+
return true;
|
|
242
|
+
}
|
|
243
|
+
if (target.userId && candidate.userId === target.userId) {
|
|
244
|
+
return true;
|
|
245
|
+
}
|
|
246
|
+
if (target.email && candidate.email?.toLowerCase() === target.email.toLowerCase()) {
|
|
247
|
+
return true;
|
|
248
|
+
}
|
|
249
|
+
return false;
|
|
250
|
+
}
|
|
251
|
+
async delay(ms) {
|
|
252
|
+
if (ms <= 0) {
|
|
253
|
+
return;
|
|
182
254
|
}
|
|
255
|
+
await new Promise((resolve) => setTimeout(resolve, ms));
|
|
183
256
|
}
|
|
184
|
-
return {
|
|
185
|
-
privateKey,
|
|
186
|
-
publicKey,
|
|
187
|
-
envPath: resolvedPath,
|
|
188
|
-
envVar
|
|
189
|
-
};
|
|
190
257
|
}
|
|
191
258
|
export {
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
createEncryptionApi,
|
|
195
|
-
ensureAgentEncryptionKey,
|
|
196
|
-
generateEncryptionKeyPair,
|
|
197
|
-
registerEncryptionKey
|
|
259
|
+
EncryptedChatManager,
|
|
260
|
+
EncryptionUnavailableError
|
|
198
261
|
};
|
|
199
262
|
//# sourceMappingURL=standards-sdk.es178.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"standards-sdk.es178.js","sources":["../../src/services/registry-broker/client/encryption.ts"],"sourcesContent":["import { Buffer } from 'buffer';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport type {\n AutoRegisterEncryptionKeyOptions,\n CipherEnvelope,\n ClientEncryptionOptions,\n DecryptCipherEnvelopeOptions,\n DeriveSharedSecretOptions,\n EncryptCipherEnvelopeOptions,\n EphemeralKeyPair,\n EnsureAgentKeyOptions,\n RegisterEncryptionKeyPayload,\n RegisterEncryptionKeyResponse,\n SharedSecretInput,\n} from '../types';\nimport { registerEncryptionKeyResponseSchema } from '../schemas';\nimport { optionalImport } from '../../../utils/dynamic-import';\nimport type {\n RegistryBrokerClient,\n GenerateEncryptionKeyPairOptions,\n} from './base-client';\n\ntype FsModule = {\n existsSync: (path: string) => boolean;\n readFileSync: (path: string, encoding: BufferEncoding) => string;\n writeFileSync: (path: string, data: string) => void;\n appendFileSync: (path: string, data: string) => void;\n};\n\ntype NodePathModule = {\n resolve: (...segments: string[]) => string;\n};\n\ntype NodeCryptoModule = {\n randomBytes: (size: number) => Buffer;\n};\n\nconst getFs = async (): Promise<FsModule | null> => {\n const fsModule =\n (await optionalImport<Partial<FsModule>>('node:fs')) ??\n (await optionalImport<Partial<FsModule>>('fs'));\n\n if (\n fsModule &&\n typeof fsModule.existsSync === 'function' &&\n typeof fsModule.readFileSync === 'function' &&\n typeof fsModule.writeFileSync === 'function' &&\n typeof fsModule.appendFileSync === 'function'\n ) {\n return fsModule as FsModule;\n }\n\n return null;\n};\n\nconst getNodePath = async (): Promise<NodePathModule | null> => {\n const pathModule =\n (await optionalImport<Partial<NodePathModule>>('node:path')) ??\n (await optionalImport<Partial<NodePathModule>>('path'));\n if (pathModule && typeof pathModule.resolve === 'function') {\n return pathModule as NodePathModule;\n }\n return null;\n};\n\nconst getNodeCrypto = async (): Promise<NodeCryptoModule | null> => {\n const cryptoModule =\n (await optionalImport<Partial<NodeCryptoModule>>('node:crypto')) ??\n (await optionalImport<Partial<NodeCryptoModule>>('crypto'));\n if (cryptoModule && typeof cryptoModule.randomBytes === 'function') {\n return cryptoModule as NodeCryptoModule;\n }\n return null;\n};\n\nexport interface RegistryBrokerEncryptionApi {\n registerKey: (\n payload: RegisterEncryptionKeyPayload,\n ) => Promise<RegisterEncryptionKeyResponse>;\n generateEphemeralKeyPair: () => EphemeralKeyPair;\n deriveSharedSecret: (options: DeriveSharedSecretOptions) => Buffer;\n encryptCipherEnvelope: (\n options: EncryptCipherEnvelopeOptions,\n ) => CipherEnvelope;\n decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) => string;\n ensureAgentKey: (\n options: EnsureAgentKeyOptions,\n ) => Promise<{ publicKey: string; privateKey?: string }>;\n}\n\nexport async function registerEncryptionKey(\n client: RegistryBrokerClient,\n payload: RegisterEncryptionKeyPayload,\n): Promise<RegisterEncryptionKeyResponse> {\n const raw = await client.requestJson('/encryption/keys', {\n method: 'POST',\n headers: { 'content-type': 'application/json' },\n body: payload,\n });\n return client.parseWithSchema(\n raw,\n registerEncryptionKeyResponseSchema,\n 'register encryption key response',\n );\n}\n\nfunction normalizeAutoRegisterIdentity(\n config: AutoRegisterEncryptionKeyOptions,\n): Pick<\n RegisterEncryptionKeyPayload,\n 'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n> | null {\n const identity: Pick<\n RegisterEncryptionKeyPayload,\n 'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n > = {};\n if (config.uaid) {\n identity.uaid = config.uaid;\n }\n if (config.ledgerAccountId) {\n identity.ledgerAccountId = config.ledgerAccountId;\n if (config.ledgerNetwork) {\n identity.ledgerNetwork = config.ledgerNetwork;\n }\n }\n if (config.email) {\n identity.email = config.email;\n }\n if (identity.uaid || identity.ledgerAccountId || identity.email) {\n return identity;\n }\n return null;\n}\n\nfunction derivePublicKeyFromPrivateKey(\n client: RegistryBrokerClient,\n privateKey: string,\n): string {\n const normalized = client.hexToBuffer(privateKey);\n const publicKey = secp256k1.getPublicKey(normalized, true);\n return Buffer.from(publicKey).toString('hex');\n}\n\nasync function resolveAutoRegisterKeyMaterial(\n client: RegistryBrokerClient,\n config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n if (config.publicKey?.trim()) {\n return { publicKey: config.publicKey.trim() };\n }\n let privateKey = config.privateKey?.trim();\n const envVar = config.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {\n privateKey = process.env[envVar]?.trim();\n }\n if (!privateKey && config.generateIfMissing) {\n const pair = await client.generateEncryptionKeyPair({\n keyType: config.keyType ?? 'secp256k1',\n envVar,\n envPath: config.envPath,\n overwrite: config.overwriteEnv,\n });\n return { publicKey: pair.publicKey, privateKey: pair.privateKey };\n }\n if (privateKey) {\n const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);\n return { publicKey, privateKey };\n }\n return null;\n}\n\nexport async function autoRegisterEncryptionKey(\n client: RegistryBrokerClient,\n config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n const identity = normalizeAutoRegisterIdentity(config);\n if (!identity) {\n throw new Error(\n 'Auto-registration requires uaid, ledgerAccountId, or email',\n );\n }\n const material = await resolveAutoRegisterKeyMaterial(client, config);\n if (!material) {\n throw new Error(\n 'Unable to resolve encryption public key for auto-registration',\n );\n }\n await registerEncryptionKey(client, {\n keyType: config.keyType ?? 'secp256k1',\n publicKey: material.publicKey,\n ...identity,\n });\n return material;\n}\n\nexport async function ensureAgentEncryptionKey(\n client: RegistryBrokerClient,\n options: EnsureAgentKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n return autoRegisterEncryptionKey(client, {\n ...options,\n uaid: options.uaid,\n enabled: true,\n });\n}\n\nexport function createEncryptionApi(\n client: RegistryBrokerClient,\n): RegistryBrokerEncryptionApi {\n return {\n registerKey: (payload: RegisterEncryptionKeyPayload) =>\n registerEncryptionKey(client, payload),\n generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),\n deriveSharedSecret: (options: DeriveSharedSecretOptions) =>\n client.deriveSharedSecret(options),\n encryptCipherEnvelope: (options: EncryptCipherEnvelopeOptions) =>\n client.buildCipherEnvelope(options),\n decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) =>\n client.openCipherEnvelope(options),\n ensureAgentKey: (options: EnsureAgentKeyOptions) =>\n ensureAgentEncryptionKey(client, options),\n };\n}\n\nexport async function bootstrapEncryptionOptions(\n client: RegistryBrokerClient,\n options?: ClientEncryptionOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n if (!options?.autoRegister || options.autoRegister.enabled === false) {\n return null;\n }\n return autoRegisterEncryptionKey(client, options.autoRegister);\n}\n\nexport async function generateEncryptionKeyPair(\n client: RegistryBrokerClient,\n options: GenerateEncryptionKeyPairOptions = {},\n): Promise<{\n privateKey: string;\n publicKey: string;\n envPath?: string;\n envVar: string;\n}> {\n client.assertNodeRuntime('generateEncryptionKeyPair');\n\n const keyType = options.keyType ?? 'secp256k1';\n if (keyType !== 'secp256k1') {\n throw new Error('Only secp256k1 key generation is supported currently');\n }\n\n const cryptoModule = await getNodeCrypto();\n if (!cryptoModule) {\n throw new Error(\n 'Node.js crypto module is not available; cannot generate encryption key pair',\n );\n }\n const privateKeyBytes = cryptoModule.randomBytes(32);\n const privateKey = Buffer.from(privateKeyBytes).toString('hex');\n const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);\n const publicKey = Buffer.from(publicKeyBytes).toString('hex');\n\n const envVar = options.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n const pathModule = options.envPath ? await getNodePath() : null;\n const resolvedPath =\n options.envPath && pathModule\n ? pathModule.resolve(options.envPath)\n : undefined;\n\n if (options.envPath && !resolvedPath) {\n throw new Error(\n 'Node.js path module is not available; cannot resolve encryption key env path',\n );\n }\n\n if (resolvedPath) {\n const fsModule = await getFs();\n\n if (!fsModule) {\n throw new Error(\n 'File system module is not available; cannot write encryption key env file',\n );\n }\n\n const envLine = `${envVar}=${privateKey}`;\n if (fsModule.existsSync(resolvedPath)) {\n const content = fsModule.readFileSync(resolvedPath, 'utf-8');\n const lineRegex = new RegExp(`^${envVar}=.*$`, 'm');\n if (lineRegex.test(content)) {\n if (!options.overwrite) {\n throw new Error(\n `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`,\n );\n }\n const updated = content.replace(lineRegex, envLine);\n fsModule.writeFileSync(resolvedPath, updated);\n } else {\n const needsNewline = !content.endsWith('\\n');\n fsModule.appendFileSync(\n resolvedPath,\n `${needsNewline ? '\\n' : ''}${envLine}\\n`,\n );\n }\n } else {\n fsModule.writeFileSync(resolvedPath, `${envLine}\\n`);\n }\n }\n\n return {\n privateKey,\n publicKey,\n envPath: resolvedPath,\n envVar,\n };\n}\n"],"names":[],"mappings":";;;;AAqCA,MAAM,QAAQ,YAAsC;AAClD,QAAM,WACH,MAAM,eAAkC,SAAS,KACjD,MAAM,eAAkC,IAAI;AAE/C,MACE,YACA,OAAO,SAAS,eAAe,cAC/B,OAAO,SAAS,iBAAiB,cACjC,OAAO,SAAS,kBAAkB,cAClC,OAAO,SAAS,mBAAmB,YACnC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,MAAM,cAAc,YAA4C;AAC9D,QAAM,aACH,MAAM,eAAwC,WAAW,KACzD,MAAM,eAAwC,MAAM;AACvD,MAAI,cAAc,OAAO,WAAW,YAAY,YAAY;AAC1D,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,MAAM,gBAAgB,YAA8C;AAClE,QAAM,eACH,MAAM,eAA0C,aAAa,KAC7D,MAAM,eAA0C,QAAQ;AAC3D,MAAI,gBAAgB,OAAO,aAAa,gBAAgB,YAAY;AAClE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAiBA,eAAsB,sBACpB,QACA,SACwC;AACxC,QAAM,MAAM,MAAM,OAAO,YAAY,oBAAoB;AAAA,IACvD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B,MAAM;AAAA,EAAA,CACP;AACD,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,SAAS,8BACP,QAIO;AACP,QAAM,WAGF,CAAA;AACJ,MAAI,OAAO,MAAM;AACf,aAAS,OAAO,OAAO;AAAA,EACzB;AACA,MAAI,OAAO,iBAAiB;AAC1B,aAAS,kBAAkB,OAAO;AAClC,QAAI,OAAO,eAAe;AACxB,eAAS,gBAAgB,OAAO;AAAA,IAClC;AAAA,EACF;AACA,MAAI,OAAO,OAAO;AAChB,aAAS,QAAQ,OAAO;AAAA,EAC1B;AACA,MAAI,SAAS,QAAQ,SAAS,mBAAmB,SAAS,OAAO;AAC/D,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,8BACP,QACA,YACQ;AACR,QAAM,aAAa,OAAO,YAAY,UAAU;AAChD,QAAM,YAAY,UAAU,aAAa,YAAY,IAAI;AACzD,SAAO,OAAO,KAAK,SAAS,EAAE,SAAS,KAAK;AAC9C;AAEA,eAAe,+BACb,QACA,QAC4D;AAC5D,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,EAAE,WAAW,OAAO,UAAU,OAAK;AAAA,EAC5C;AACA,MAAI,aAAa,OAAO,YAAY,KAAA;AACpC,QAAM,SAAS,OAAO,UAAU;AAChC,MAAI,CAAC,cAAc,UAAU,SAAS,MAAM,MAAM,GAAG,QAAQ;AAC3D,iBAAa,QAAQ,IAAI,MAAM,GAAG,KAAA;AAAA,EACpC;AACA,MAAI,CAAC,cAAc,OAAO,mBAAmB;AAC3C,UAAM,OAAO,MAAM,OAAO,0BAA0B;AAAA,MAClD,SAAS,OAAO,WAAW;AAAA,MAC3B;AAAA,MACA,SAAS,OAAO;AAAA,MAChB,WAAW,OAAO;AAAA,IAAA,CACnB;AACD,WAAO,EAAE,WAAW,KAAK,WAAW,YAAY,KAAK,WAAA;AAAA,EACvD;AACA,MAAI,YAAY;AACd,UAAM,YAAY,8BAA8B,QAAQ,UAAU;AAClE,WAAO,EAAE,WAAW,WAAA;AAAA,EACtB;AACA,SAAO;AACT;AAEA,eAAsB,0BACpB,QACA,QACqD;AACrD,QAAM,WAAW,8BAA8B,MAAM;AACrD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,WAAW,MAAM,+BAA+B,QAAQ,MAAM;AACpE,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,sBAAsB,QAAQ;AAAA,IAClC,SAAS,OAAO,WAAW;AAAA,IAC3B,WAAW,SAAS;AAAA,IACpB,GAAG;AAAA,EAAA,CACJ;AACD,SAAO;AACT;AAEA,eAAsB,yBACpB,QACA,SACqD;AACrD,SAAO,0BAA0B,QAAQ;AAAA,IACvC,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAEhB,CAAC;AACH;AAEO,SAAS,oBACd,QAC6B;AAC7B,SAAO;AAAA,IACL,aAAa,CAAC,YACZ,sBAAsB,QAAQ,OAAO;AAAA,IACvC,0BAA0B,MAAM,OAAO,uBAAA;AAAA,IACvC,oBAAoB,CAAC,YACnB,OAAO,mBAAmB,OAAO;AAAA,IACnC,uBAAuB,CAAC,YACtB,OAAO,oBAAoB,OAAO;AAAA,IACpC,uBAAuB,CAAC,YACtB,OAAO,mBAAmB,OAAO;AAAA,IACnC,gBAAgB,CAAC,YACf,yBAAyB,QAAQ,OAAO;AAAA,EAAA;AAE9C;AAEA,eAAsB,2BACpB,QACA,SAC4D;AAC5D,MAAI,CAAC,SAAS,gBAAgB,QAAQ,aAAa,YAAY,OAAO;AACpE,WAAO;AAAA,EACT;AACA,SAAO,0BAA0B,QAAQ,QAAQ,YAAY;AAC/D;AAEA,eAAsB,0BACpB,QACA,UAA4C,IAM3C;AACD,SAAO,kBAAkB,2BAA2B;AAEpD,QAAM,UAAU,QAAQ,WAAW;AACnC,MAAI,YAAY,aAAa;AAC3B,UAAM,IAAI,MAAM,sDAAsD;AAAA,EACxE;AAEA,QAAM,eAAe,MAAM,cAAA;AAC3B,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,kBAAkB,aAAa,YAAY,EAAE;AACnD,QAAM,aAAa,OAAO,KAAK,eAAe,EAAE,SAAS,KAAK;AAC9D,QAAM,iBAAiB,UAAU,aAAa,iBAAiB,IAAI;AACnE,QAAM,YAAY,OAAO,KAAK,cAAc,EAAE,SAAS,KAAK;AAE5D,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,aAAa,QAAQ,UAAU,MAAM,gBAAgB;AAC3D,QAAM,eACJ,QAAQ,WAAW,aACf,WAAW,QAAQ,QAAQ,OAAO,IAClC;AAEN,MAAI,QAAQ,WAAW,CAAC,cAAc;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,MAAI,cAAc;AAChB,UAAM,WAAW,MAAM,MAAA;AAEvB,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,UAAU,GAAG,MAAM,IAAI,UAAU;AACvC,QAAI,SAAS,WAAW,YAAY,GAAG;AACrC,YAAM,UAAU,SAAS,aAAa,cAAc,OAAO;AAC3D,YAAM,YAAY,IAAI,OAAO,IAAI,MAAM,QAAQ,GAAG;AAClD,UAAI,UAAU,KAAK,OAAO,GAAG;AAC3B,YAAI,CAAC,QAAQ,WAAW;AACtB,gBAAM,IAAI;AAAA,YACR,GAAG,MAAM,sBAAsB,YAAY;AAAA,UAAA;AAAA,QAE/C;AACA,cAAM,UAAU,QAAQ,QAAQ,WAAW,OAAO;AAClD,iBAAS,cAAc,cAAc,OAAO;AAAA,MAC9C,OAAO;AACL,cAAM,eAAe,CAAC,QAAQ,SAAS,IAAI;AAC3C,iBAAS;AAAA,UACP;AAAA,UACA,GAAG,eAAe,OAAO,EAAE,GAAG,OAAO;AAAA;AAAA,QAAA;AAAA,MAEzC;AAAA,IACF,OAAO;AACL,eAAS,cAAc,cAAc,GAAG,OAAO;AAAA,CAAI;AAAA,IACrD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EAAA;AAEJ;"}
|
|
1
|
+
{"version":3,"file":"standards-sdk.es178.js","sources":["../../src/services/registry-broker/client/encrypted-chat-manager.ts"],"sourcesContent":["import type {\n AcceptEncryptedChatSessionOptions,\n ChatHistoryEntry,\n ChatHistoryFetchOptions,\n CipherEnvelopeRecipient,\n DecryptedHistoryEntry,\n EncryptedChatSessionHandle,\n EncryptionHandshakeRecord,\n RecipientIdentity,\n SessionEncryptionSummary,\n SharedSecretInput,\n StartEncryptedChatSessionOptions,\n} from '../types';\nimport type { RegistryBrokerClient } from './base-client';\n\ninterface EncryptedSessionContext {\n sessionId: string;\n sharedSecret: Uint8Array;\n summary: SessionEncryptionSummary;\n recipients: RecipientIdentity[];\n identity?: RecipientIdentity;\n}\n\ninterface ConversationContextInput {\n sessionId: string;\n sharedSecret: Uint8Array | Buffer;\n identity?: RecipientIdentity;\n}\n\nexport class EncryptionUnavailableError extends Error {\n constructor(\n readonly sessionId: string,\n readonly summary?: SessionEncryptionSummary | null,\n ) {\n super('Encryption is not enabled for this session');\n }\n}\n\nexport class EncryptedChatManager {\n constructor(private readonly client: RegistryBrokerClient) {}\n\n registerConversationContext(context: ConversationContextInput): void {\n this.client.registerConversationContextForEncryption(context);\n }\n\n async startSession(\n options: StartEncryptedChatSessionOptions,\n ): Promise<EncryptedChatSessionHandle> {\n await this.client.encryptionReady();\n const session = await this.client.chat.createSession({\n uaid: options.uaid,\n senderUaid: options.senderUaid,\n encryptionRequested: true,\n historyTtlSeconds: options.historyTtlSeconds,\n auth: options.auth,\n });\n options.onSessionCreated?.(session.sessionId);\n const summary = session.encryption;\n if (!summary?.enabled) {\n throw new EncryptionUnavailableError(\n session.sessionId,\n session.encryption ?? null,\n );\n }\n const handle = await this.establishRequesterContext({\n sessionId: session.sessionId,\n summary,\n senderUaid: options.senderUaid,\n handshakeTimeoutMs: options.handshakeTimeoutMs,\n pollIntervalMs: options.pollIntervalMs,\n });\n return handle;\n }\n\n async acceptSession(\n options: AcceptEncryptedChatSessionOptions,\n ): Promise<EncryptedChatSessionHandle> {\n await this.client.encryptionReady();\n const summary = await this.waitForEncryptionSummary(\n options.sessionId,\n options.handshakeTimeoutMs,\n options.pollIntervalMs,\n );\n const handle = await this.establishResponderContext({\n sessionId: options.sessionId,\n summary,\n responderUaid: options.responderUaid,\n handshakeTimeoutMs: options.handshakeTimeoutMs,\n pollIntervalMs: options.pollIntervalMs,\n });\n return handle;\n }\n\n private async establishRequesterContext(params: {\n sessionId: string;\n summary: SessionEncryptionSummary;\n senderUaid?: string;\n handshakeTimeoutMs?: number;\n pollIntervalMs?: number;\n }): Promise<EncryptedChatSessionHandle> {\n const keyPair = this.client.encryption.generateEphemeralKeyPair();\n await this.client.chat.submitEncryptionHandshake(params.sessionId, {\n role: 'requester',\n keyType: 'secp256k1',\n ephemeralPublicKey: keyPair.publicKey,\n uaid: params.senderUaid ?? params.summary.requester?.uaid ?? undefined,\n });\n const { summary, record } = await this.waitForHandshakeCompletion(\n params.sessionId,\n params.handshakeTimeoutMs,\n params.pollIntervalMs,\n );\n const responderKey = record.responder?.ephemeralPublicKey;\n if (!responderKey) {\n throw new Error('Responder handshake was not completed in time');\n }\n const sharedSecret = this.client.encryption\n .deriveSharedSecret({\n privateKey: keyPair.privateKey,\n peerPublicKey: responderKey,\n })\n .subarray();\n const recipients = this.buildRecipients(summary);\n return this.createHandle({\n sessionId: params.sessionId,\n sharedSecret,\n summary,\n recipients,\n identity: summary.requester ?? undefined,\n });\n }\n\n private async establishResponderContext(params: {\n sessionId: string;\n summary: SessionEncryptionSummary;\n responderUaid?: string;\n handshakeTimeoutMs?: number;\n pollIntervalMs?: number;\n }): Promise<EncryptedChatSessionHandle> {\n const keyPair = this.client.encryption.generateEphemeralKeyPair();\n await this.client.chat.submitEncryptionHandshake(params.sessionId, {\n role: 'responder',\n keyType: 'secp256k1',\n ephemeralPublicKey: keyPair.publicKey,\n uaid: params.responderUaid ?? params.summary.responder?.uaid ?? undefined,\n });\n const { summary, record } = await this.waitForHandshakeCompletion(\n params.sessionId,\n params.handshakeTimeoutMs,\n params.pollIntervalMs,\n );\n const requesterKey = record.requester?.ephemeralPublicKey;\n if (!requesterKey) {\n throw new Error('Requester handshake was not detected in time');\n }\n const sharedSecret = this.client.encryption\n .deriveSharedSecret({\n privateKey: keyPair.privateKey,\n peerPublicKey: requesterKey,\n })\n .subarray();\n const recipients = this.buildRecipients(summary);\n return this.createHandle({\n sessionId: params.sessionId,\n sharedSecret,\n summary,\n recipients,\n identity: summary.responder ?? undefined,\n });\n }\n\n private async waitForHandshakeCompletion(\n sessionId: string,\n timeoutMs = 30_000,\n pollIntervalMs = 1_000,\n ): Promise<{\n summary: SessionEncryptionSummary;\n record: EncryptionHandshakeRecord;\n }> {\n const deadline = Date.now() + timeoutMs;\n while (true) {\n const status = await this.client.chat.getEncryptionStatus(sessionId);\n const summary = status.encryption;\n const record = summary?.handshake;\n if (summary && record && record.status === 'complete') {\n return { summary, record };\n }\n if (Date.now() >= deadline) {\n throw new Error('Timed out waiting for encrypted handshake completion');\n }\n await this.delay(pollIntervalMs);\n }\n }\n\n private async waitForEncryptionSummary(\n sessionId: string,\n _timeoutMs = 30_000,\n _pollIntervalMs = 1_000,\n ): Promise<SessionEncryptionSummary> {\n const status = await this.client.chat.getEncryptionStatus(sessionId);\n if (!status.encryption?.enabled) {\n throw new EncryptionUnavailableError(\n sessionId,\n status.encryption ?? null,\n );\n }\n return status.encryption;\n }\n\n private buildRecipients(\n summary: SessionEncryptionSummary,\n ): RecipientIdentity[] {\n const candidates = [summary.requester, summary.responder].filter(Boolean);\n const normalized = candidates\n .map(candidate => {\n if (!candidate) {\n return null;\n }\n const recipient: RecipientIdentity = {};\n if (candidate.uaid) {\n recipient.uaid = candidate.uaid;\n }\n if (candidate.ledgerAccountId) {\n recipient.ledgerAccountId = candidate.ledgerAccountId;\n }\n if (candidate.userId) {\n recipient.userId = candidate.userId;\n }\n if (candidate.email) {\n recipient.email = candidate.email;\n }\n return recipient;\n })\n .filter((entry): entry is RecipientIdentity =>\n Boolean(\n entry?.uaid ||\n entry?.ledgerAccountId ||\n entry?.userId ||\n entry?.email,\n ),\n );\n if (normalized.length > 0) {\n return normalized;\n }\n if (summary.responder?.uaid) {\n return [{ uaid: summary.responder.uaid }];\n }\n return [];\n }\n\n private createHandle(\n context: EncryptedSessionContext,\n ): EncryptedChatSessionHandle {\n const sharedSecret = context.sharedSecret;\n const uaid =\n context.summary.requester?.uaid ??\n context.summary.responder?.uaid ??\n context.identity?.uaid;\n const decryptHistoryEntry = (entry: ChatHistoryEntry): string | null =>\n this.decryptEntry(entry, context.identity, sharedSecret);\n const fetchHistory = async (\n options?: ChatHistoryFetchOptions,\n ): Promise<DecryptedHistoryEntry[]> => {\n const snapshot = await this.client.fetchHistorySnapshot(\n context.sessionId,\n options,\n );\n if (snapshot.decryptedHistory) {\n return snapshot.decryptedHistory;\n }\n return snapshot.history.map(entry => ({\n entry,\n plaintext: decryptHistoryEntry(entry),\n }));\n };\n const handle: EncryptedChatSessionHandle = {\n sessionId: context.sessionId,\n mode: 'encrypted',\n summary: context.summary,\n send: async options => {\n const recipients = options.recipients ?? context.recipients;\n return this.client.chat.sendMessage({\n sessionId: context.sessionId,\n message: options.message ?? '[ciphertext omitted]',\n streaming: options.streaming,\n auth: options.auth,\n uaid,\n encryption: {\n plaintext: options.plaintext,\n sharedSecret: Buffer.from(sharedSecret),\n recipients,\n },\n });\n },\n decryptHistoryEntry,\n fetchHistory,\n };\n this.registerConversationContext({\n sessionId: context.sessionId,\n sharedSecret,\n identity: context.identity,\n });\n return handle;\n }\n\n private decryptEntry(\n entry: ChatHistoryEntry,\n identity: RecipientIdentity | undefined,\n fallbackSecret: Uint8Array,\n ): string | null {\n const envelope = entry.cipherEnvelope;\n if (!envelope) {\n return null;\n }\n const secret: SharedSecretInput = Buffer.from(fallbackSecret);\n try {\n return this.client.encryption.decryptCipherEnvelope({\n envelope,\n sharedSecret: secret,\n });\n } catch (_error) {\n return null;\n }\n }\n\n private recipientMatches(\n candidate: CipherEnvelopeRecipient,\n target: RecipientIdentity,\n ): boolean {\n if (\n target.uaid &&\n candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()\n ) {\n return true;\n }\n if (\n target.ledgerAccountId &&\n candidate.ledgerAccountId?.toLowerCase() ===\n target.ledgerAccountId.toLowerCase()\n ) {\n return true;\n }\n if (target.userId && candidate.userId === target.userId) {\n return true;\n }\n if (\n target.email &&\n candidate.email?.toLowerCase() === target.email.toLowerCase()\n ) {\n return true;\n }\n return false;\n }\n\n private async delay(ms: number): Promise<void> {\n if (ms <= 0) {\n return;\n }\n await new Promise(resolve => setTimeout(resolve, ms));\n }\n}\n"],"names":[],"mappings":"AA6BO,MAAM,mCAAmC,MAAM;AAAA,EACpD,YACW,WACA,SACT;AACA,UAAM,4CAA4C;AAHzC,SAAA,YAAA;AACA,SAAA,UAAA;AAAA,EAGX;AACF;AAEO,MAAM,qBAAqB;AAAA,EAChC,YAA6B,QAA8B;AAA9B,SAAA,SAAA;AAAA,EAA+B;AAAA,EAE5D,4BAA4B,SAAyC;AACnE,SAAK,OAAO,yCAAyC,OAAO;AAAA,EAC9D;AAAA,EAEA,MAAM,aACJ,SACqC;AACrC,UAAM,KAAK,OAAO,gBAAA;AAClB,UAAM,UAAU,MAAM,KAAK,OAAO,KAAK,cAAc;AAAA,MACnD,MAAM,QAAQ;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,qBAAqB;AAAA,MACrB,mBAAmB,QAAQ;AAAA,MAC3B,MAAM,QAAQ;AAAA,IAAA,CACf;AACD,YAAQ,mBAAmB,QAAQ,SAAS;AAC5C,UAAM,UAAU,QAAQ;AACxB,QAAI,CAAC,SAAS,SAAS;AACrB,YAAM,IAAI;AAAA,QACR,QAAQ;AAAA,QACR,QAAQ,cAAc;AAAA,MAAA;AAAA,IAE1B;AACA,UAAM,SAAS,MAAM,KAAK,0BAA0B;AAAA,MAClD,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,oBAAoB,QAAQ;AAAA,MAC5B,gBAAgB,QAAQ;AAAA,IAAA,CACzB;AACD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cACJ,SACqC;AACrC,UAAM,KAAK,OAAO,gBAAA;AAClB,UAAM,UAAU,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IAAA;AAEV,UAAM,SAAS,MAAM,KAAK,0BAA0B;AAAA,MAClD,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,eAAe,QAAQ;AAAA,MACvB,oBAAoB,QAAQ;AAAA,MAC5B,gBAAgB,QAAQ;AAAA,IAAA,CACzB;AACD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0BAA0B,QAMA;AACtC,UAAM,UAAU,KAAK,OAAO,WAAW,yBAAA;AACvC,UAAM,KAAK,OAAO,KAAK,0BAA0B,OAAO,WAAW;AAAA,MACjE,MAAM;AAAA,MACN,SAAS;AAAA,MACT,oBAAoB,QAAQ;AAAA,MAC5B,MAAM,OAAO,cAAc,OAAO,QAAQ,WAAW,QAAQ;AAAA,IAAA,CAC9D;AACD,UAAM,EAAE,SAAS,WAAW,MAAM,KAAK;AAAA,MACrC,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IAAA;AAET,UAAM,eAAe,OAAO,WAAW;AACvC,QAAI,CAAC,cAAc;AACjB,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AACA,UAAM,eAAe,KAAK,OAAO,WAC9B,mBAAmB;AAAA,MAClB,YAAY,QAAQ;AAAA,MACpB,eAAe;AAAA,IAAA,CAChB,EACA,SAAA;AACH,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,WAAO,KAAK,aAAa;AAAA,MACvB,WAAW,OAAO;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ,aAAa;AAAA,IAAA,CAChC;AAAA,EACH;AAAA,EAEA,MAAc,0BAA0B,QAMA;AACtC,UAAM,UAAU,KAAK,OAAO,WAAW,yBAAA;AACvC,UAAM,KAAK,OAAO,KAAK,0BAA0B,OAAO,WAAW;AAAA,MACjE,MAAM;AAAA,MACN,SAAS;AAAA,MACT,oBAAoB,QAAQ;AAAA,MAC5B,MAAM,OAAO,iBAAiB,OAAO,QAAQ,WAAW,QAAQ;AAAA,IAAA,CACjE;AACD,UAAM,EAAE,SAAS,WAAW,MAAM,KAAK;AAAA,MACrC,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IAAA;AAET,UAAM,eAAe,OAAO,WAAW;AACvC,QAAI,CAAC,cAAc;AACjB,YAAM,IAAI,MAAM,8CAA8C;AAAA,IAChE;AACA,UAAM,eAAe,KAAK,OAAO,WAC9B,mBAAmB;AAAA,MAClB,YAAY,QAAQ;AAAA,MACpB,eAAe;AAAA,IAAA,CAChB,EACA,SAAA;AACH,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,WAAO,KAAK,aAAa;AAAA,MACvB,WAAW,OAAO;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ,aAAa;AAAA,IAAA,CAChC;AAAA,EACH;AAAA,EAEA,MAAc,2BACZ,WACA,YAAY,KACZ,iBAAiB,KAIhB;AACD,UAAM,WAAW,KAAK,IAAA,IAAQ;AAC9B,WAAO,MAAM;AACX,YAAM,SAAS,MAAM,KAAK,OAAO,KAAK,oBAAoB,SAAS;AACnE,YAAM,UAAU,OAAO;AACvB,YAAM,SAAS,SAAS;AACxB,UAAI,WAAW,UAAU,OAAO,WAAW,YAAY;AACrD,eAAO,EAAE,SAAS,OAAA;AAAA,MACpB;AACA,UAAI,KAAK,IAAA,KAAS,UAAU;AAC1B,cAAM,IAAI,MAAM,sDAAsD;AAAA,MACxE;AACA,YAAM,KAAK,MAAM,cAAc;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAc,yBACZ,WACA,aAAa,KACb,kBAAkB,KACiB;AACnC,UAAM,SAAS,MAAM,KAAK,OAAO,KAAK,oBAAoB,SAAS;AACnE,QAAI,CAAC,OAAO,YAAY,SAAS;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,QACA,OAAO,cAAc;AAAA,MAAA;AAAA,IAEzB;AACA,WAAO,OAAO;AAAA,EAChB;AAAA,EAEQ,gBACN,SACqB;AACrB,UAAM,aAAa,CAAC,QAAQ,WAAW,QAAQ,SAAS,EAAE,OAAO,OAAO;AACxE,UAAM,aAAa,WAChB,IAAI,CAAA,cAAa;AAChB,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AACA,YAAM,YAA+B,CAAA;AACrC,UAAI,UAAU,MAAM;AAClB,kBAAU,OAAO,UAAU;AAAA,MAC7B;AACA,UAAI,UAAU,iBAAiB;AAC7B,kBAAU,kBAAkB,UAAU;AAAA,MACxC;AACA,UAAI,UAAU,QAAQ;AACpB,kBAAU,SAAS,UAAU;AAAA,MAC/B;AACA,UAAI,UAAU,OAAO;AACnB,kBAAU,QAAQ,UAAU;AAAA,MAC9B;AACA,aAAO;AAAA,IACT,CAAC,EACA;AAAA,MAAO,CAAC,UACP;AAAA,QACE,OAAO,QACL,OAAO,mBACP,OAAO,UACP,OAAO;AAAA,MAAA;AAAA,IACX;AAEJ,QAAI,WAAW,SAAS,GAAG;AACzB,aAAO;AAAA,IACT;AACA,QAAI,QAAQ,WAAW,MAAM;AAC3B,aAAO,CAAC,EAAE,MAAM,QAAQ,UAAU,MAAM;AAAA,IAC1C;AACA,WAAO,CAAA;AAAA,EACT;AAAA,EAEQ,aACN,SAC4B;AAC5B,UAAM,eAAe,QAAQ;AAC7B,UAAM,OACJ,QAAQ,QAAQ,WAAW,QAC3B,QAAQ,QAAQ,WAAW,QAC3B,QAAQ,UAAU;AACpB,UAAM,sBAAsB,CAAC,UAC3B,KAAK,aAAa,OAAO,QAAQ,UAAU,YAAY;AACzD,UAAM,eAAe,OACnB,YACqC;AACrC,YAAM,WAAW,MAAM,KAAK,OAAO;AAAA,QACjC,QAAQ;AAAA,QACR;AAAA,MAAA;AAEF,UAAI,SAAS,kBAAkB;AAC7B,eAAO,SAAS;AAAA,MAClB;AACA,aAAO,SAAS,QAAQ,IAAI,CAAA,WAAU;AAAA,QACpC;AAAA,QACA,WAAW,oBAAoB,KAAK;AAAA,MAAA,EACpC;AAAA,IACJ;AACA,UAAM,SAAqC;AAAA,MACzC,WAAW,QAAQ;AAAA,MACnB,MAAM;AAAA,MACN,SAAS,QAAQ;AAAA,MACjB,MAAM,OAAM,YAAW;AACrB,cAAM,aAAa,QAAQ,cAAc,QAAQ;AACjD,eAAO,KAAK,OAAO,KAAK,YAAY;AAAA,UAClC,WAAW,QAAQ;AAAA,UACnB,SAAS,QAAQ,WAAW;AAAA,UAC5B,WAAW,QAAQ;AAAA,UACnB,MAAM,QAAQ;AAAA,UACd;AAAA,UACA,YAAY;AAAA,YACV,WAAW,QAAQ;AAAA,YACnB,cAAc,OAAO,KAAK,YAAY;AAAA,YACtC;AAAA,UAAA;AAAA,QACF,CACD;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAEF,SAAK,4BAA4B;AAAA,MAC/B,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,UAAU,QAAQ;AAAA,IAAA,CACnB;AACD,WAAO;AAAA,EACT;AAAA,EAEQ,aACN,OACA,UACA,gBACe;AACf,UAAM,WAAW,MAAM;AACvB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,IACT;AACA,UAAM,SAA4B,OAAO,KAAK,cAAc;AAC5D,QAAI;AACF,aAAO,KAAK,OAAO,WAAW,sBAAsB;AAAA,QAClD;AAAA,QACA,cAAc;AAAA,MAAA,CACf;AAAA,IACH,SAAS,QAAQ;AACf,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,iBACN,WACA,QACS;AACT,QACE,OAAO,QACP,UAAU,MAAM,kBAAkB,OAAO,KAAK,eAC9C;AACA,aAAO;AAAA,IACT;AACA,QACE,OAAO,mBACP,UAAU,iBAAiB,kBACzB,OAAO,gBAAgB,eACzB;AACA,aAAO;AAAA,IACT;AACA,QAAI,OAAO,UAAU,UAAU,WAAW,OAAO,QAAQ;AACvD,aAAO;AAAA,IACT;AACA,QACE,OAAO,SACP,UAAU,OAAO,kBAAkB,OAAO,MAAM,eAChD;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAM,IAA2B;AAC7C,QAAI,MAAM,GAAG;AACX;AAAA,IACF;AACA,UAAM,IAAI,QAAQ,CAAA,YAAW,WAAW,SAAS,EAAE,CAAC;AAAA,EACtD;AACF;"}
|