@ibgib/core-gib 0.1.62 → 0.1.63

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/dist/keystone/keystone-service-v1.d.mts +2 -1
  2. package/dist/keystone/keystone-service-v1.d.mts.map +1 -1
  3. package/dist/keystone/keystone-service-v1.mjs +3 -1
  4. package/dist/keystone/keystone-service-v1.mjs.map +1 -1
  5. package/dist/keystone/keystone-service-v1.respec.mjs +63 -45
  6. package/dist/keystone/keystone-service-v1.respec.mjs.map +1 -1
  7. package/dist/keystone/keystone-types.d.mts +5 -0
  8. package/dist/keystone/keystone-types.d.mts.map +1 -1
  9. package/dist/keystone/policy/keystone-profile-builder.d.mts +1 -1
  10. package/dist/keystone/policy/keystone-profile-builder.d.mts.map +1 -1
  11. package/dist/keystone/policy/keystone-profile-builder.mjs +8 -0
  12. package/dist/keystone/policy/keystone-profile-builder.mjs.map +1 -1
  13. package/dist/keystone/policy/profiles/profile-domain.json +84 -0
  14. package/dist/keystone/policy/profiles/profile-sync.json +84 -0
  15. package/dist/keystone/strategy/hash-reveal-v1/hash-reveal-v1.d.mts +8 -0
  16. package/dist/keystone/strategy/hash-reveal-v1/hash-reveal-v1.d.mts.map +1 -1
  17. package/dist/keystone/strategy/hash-reveal-v1/hash-reveal-v1.mjs +15 -1
  18. package/dist/keystone/strategy/hash-reveal-v1/hash-reveal-v1.mjs.map +1 -1
  19. package/dist/sync/sync-conflict-adv-multitimelines.withid.respec.mjs +16 -4
  20. package/dist/sync/sync-conflict-adv-multitimelines.withid.respec.mjs.map +1 -1
  21. package/dist/sync/sync-conflict-basic-divergence.withid.respec.mjs +4 -1
  22. package/dist/sync/sync-conflict-basic-divergence.withid.respec.mjs.map +1 -1
  23. package/dist/sync/sync-conflict-basic-multitimelines.withid.respec.mjs +4 -1
  24. package/dist/sync/sync-conflict-basic-multitimelines.withid.respec.mjs.map +1 -1
  25. package/dist/sync/sync-conflict-text-merge.withid.respec.mjs +10 -4
  26. package/dist/sync/sync-conflict-text-merge.withid.respec.mjs.map +1 -1
  27. package/dist/sync/sync-innerspace-constants.withid.respec.mjs +12 -3
  28. package/dist/sync/sync-innerspace-constants.withid.respec.mjs.map +1 -1
  29. package/dist/sync/sync-innerspace-deep-updates.withid.respec.mjs +4 -1
  30. package/dist/sync/sync-innerspace-deep-updates.withid.respec.mjs.map +1 -1
  31. package/dist/sync/sync-innerspace-dest-ahead.withid.respec.mjs +4 -1
  32. package/dist/sync/sync-innerspace-dest-ahead.withid.respec.mjs.map +1 -1
  33. package/dist/sync/sync-innerspace-multiple-timelines.withid.respec.mjs +4 -1
  34. package/dist/sync/sync-innerspace-multiple-timelines.withid.respec.mjs.map +1 -1
  35. package/dist/sync/sync-innerspace-partial-update.withid.respec.mjs +4 -1
  36. package/dist/sync/sync-innerspace-partial-update.withid.respec.mjs.map +1 -1
  37. package/dist/sync/sync-innerspace.withid.respec.mjs +4 -1
  38. package/dist/sync/sync-innerspace.withid.respec.mjs.map +1 -1
  39. package/dist/sync/sync-peer/sync-peer-types.d.mts +4 -0
  40. package/dist/sync/sync-peer/sync-peer-types.d.mts.map +1 -1
  41. package/dist/sync/sync-peer/sync-peer-v1.d.mts.map +1 -1
  42. package/dist/sync/sync-peer/sync-peer-v1.mjs +4 -1
  43. package/dist/sync/sync-peer/sync-peer-v1.mjs.map +1 -1
  44. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.d.mts.map +1 -1
  45. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mjs +90 -22
  46. package/dist/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mjs.map +1 -1
  47. package/dist/sync/sync-saga-coordinator.d.mts +7 -10
  48. package/dist/sync/sync-saga-coordinator.d.mts.map +1 -1
  49. package/dist/sync/sync-saga-coordinator.mjs +14 -5
  50. package/dist/sync/sync-saga-coordinator.mjs.map +1 -1
  51. package/dist/sync/sync-types.d.mts +5 -0
  52. package/dist/sync/sync-types.d.mts.map +1 -1
  53. package/dist/sync/sync-types.mjs.map +1 -1
  54. package/dist/sync/sync-withid.connect.respec.mjs +4 -1
  55. package/dist/sync/sync-withid.connect.respec.mjs.map +1 -1
  56. package/dist/sync/sync-withid.establish.respec.mjs +4 -1
  57. package/dist/sync/sync-withid.establish.respec.mjs.map +1 -1
  58. package/dist/sync/sync-withid.pingpong.respec.mjs +4 -1
  59. package/dist/sync/sync-withid.pingpong.respec.mjs.map +1 -1
  60. package/package.json +1 -1
  61. package/src/keystone/keystone-service-v1.mts +5 -1
  62. package/src/keystone/keystone-service-v1.respec.mts +67 -46
  63. package/src/keystone/keystone-types.mts +5 -0
  64. package/src/keystone/policy/keystone-profile-builder.mts +9 -1
  65. package/src/keystone/policy/profiles/profile-domain.json +84 -0
  66. package/src/keystone/policy/profiles/profile-sync.json +84 -0
  67. package/src/keystone/strategy/hash-reveal-v1/hash-reveal-v1.mts +20 -1
  68. package/src/sync/sync-conflict-adv-multitimelines.withid.respec.mts +16 -4
  69. package/src/sync/sync-conflict-basic-divergence.withid.respec.mts +4 -1
  70. package/src/sync/sync-conflict-basic-multitimelines.withid.respec.mts +4 -1
  71. package/src/sync/sync-conflict-text-merge.withid.respec.mts +10 -4
  72. package/src/sync/sync-innerspace-constants.withid.respec.mts +12 -3
  73. package/src/sync/sync-innerspace-deep-updates.withid.respec.mts +4 -1
  74. package/src/sync/sync-innerspace-dest-ahead.withid.respec.mts +4 -1
  75. package/src/sync/sync-innerspace-multiple-timelines.withid.respec.mts +4 -1
  76. package/src/sync/sync-innerspace-partial-update.withid.respec.mts +4 -1
  77. package/src/sync/sync-innerspace.withid.respec.mts +4 -1
  78. package/src/sync/sync-peer/sync-peer-types.mts +4 -0
  79. package/src/sync/sync-peer/sync-peer-v1.mts +5 -1
  80. package/src/sync/sync-peer/sync-peer-websocket/sync-peer-websocket-receiver/sync-websocket-peer-helpers.mts +96 -22
  81. package/src/sync/sync-saga-coordinator.mts +17 -12
  82. package/src/sync/sync-types.mts +6 -0
  83. package/src/sync/sync-withid.connect.respec.mts +5 -2
  84. package/src/sync/sync-withid.establish.respec.mts +4 -1
  85. package/src/sync/sync-withid.pingpong.respec.mts +4 -1
  86. package/src/sync/unused-identity-backup.mts.md +0 -311
@@ -1,5 +1,6 @@
1
1
  import { IbGibAddr } from "@ibgib/ts-gib/dist/types.mjs";
2
2
  import { IbGib_V1, IbGibData_V1, IbGibRel8ns_V1 } from "@ibgib/ts-gib/dist/V1/types.mjs";
3
+ import { KeystoneIbGib_V1 } from "../keystone/keystone-types.mjs";
3
4
 
4
5
  import { SubjectWitness } from "../common/pubsub/subject/subject-types.mjs";
5
6
  import { SyncSagaContextIbGib_V1 } from "./sync-saga-context/sync-saga-context-types.mjs";
@@ -221,3 +222,8 @@ export interface SessionGenesisFrameDetails {
221
222
  * to get this working.
222
223
  */
223
224
  export type StageInProtocol = "beforeSend" | "beforeReceive";
225
+
226
+ export interface SyncSenderIdentityInfo {
227
+ senderIdentity: KeystoneIbGib_V1;
228
+ senderDomainAddr: string;
229
+ }
@@ -10,7 +10,7 @@
10
10
  */
11
11
 
12
12
  import {
13
- respecfully, ifWe, iReckon,
13
+ respecfully, ifWe, ifWeMight, iReckon,
14
14
  } from '@ibgib/helper-gib/dist/respec-gib/respec-gib.mjs';
15
15
  const maam = `[${import.meta.url}]`, sir = maam;
16
16
  import { clone, delay, extractErrorMsg } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
@@ -184,7 +184,10 @@ await respecfully(sir, `Test Phase 2: peer.connect()`, async () => {
184
184
 
185
185
  const syncSaga = await senderCoordinator.sync({
186
186
  domainIbGibs: [xStone],
187
- senderIdentity,
187
+ senderIdentityInfo: {
188
+ senderIdentity,
189
+ senderDomainAddr: getIbGibAddr({ ibGib: senderIdentity }),
190
+ },
188
191
  fnSenderSecret: async () => SENDER_SECRET,
189
192
  peer,
190
193
  localSpace: sourceSpace,
@@ -244,7 +244,10 @@ await respecfully(sir, `Test Phase 1: establishSessionIdentity`, async () => {
244
244
 
245
245
  const syncSaga = await senderCoordinator.sync({
246
246
  domainIbGibs: [xStone],
247
- senderIdentity,
247
+ senderIdentityInfo: {
248
+ senderIdentity,
249
+ senderDomainAddr: getIbGibAddr({ ibGib: senderIdentity }),
250
+ },
248
251
  fnSenderSecret: async () => { return SENDER_SECRET },
249
252
  peer: await newTestPeer(),
250
253
  localSpace: sourceSpace,
@@ -141,7 +141,10 @@ await respecfully(sir, `Test Phase 3A: Ping Pong Sync with Identity`, async () =
141
141
 
142
142
  const syncSaga = await senderCoordinator.sync({
143
143
  domainIbGibs: [xStone],
144
- senderIdentity,
144
+ senderIdentityInfo: {
145
+ senderIdentity,
146
+ senderDomainAddr: getIbGibAddr({ ibGib: senderIdentity }),
147
+ },
145
148
  fnSenderSecret: async () => SENDER_SECRET,
146
149
  peer,
147
150
  localSpace: sourceSpace,
@@ -1,311 +0,0 @@
1
- I am removing ALL identity/session/identities/keystone-related code from sync
2
- and starting over, now that I have a clearer idea of the requirements.
3
-
4
- This is code that I thought would be reusable with minimal adjustments later.
5
-
6
- TODO: I have mangled some of the hits for these terms by adding a space after
7
- the first letter. After i am done, need to go back through and search for "k
8
- eystone", "i dentity" "s ession" for these mangled terms.
9
-
10
- ```typescript
11
- import { KeystoneIbGib_V1, } from "../keystone/keystone-types.mjs";
12
- import { KeystoneService_V1 } from '../../keystone/keystone-service-v1.mjs';
13
- import { validateKeystoneGraph, validateKeystoneTransition } from '../../keystone/keystone-helpers.mjs';
14
-
15
- /**
16
- * creates a session identity keystone based off of the given args.
17
- *
18
- * Then, if the {@link primaryIdentity} keystone is provided, this also
19
- * **signs** this keystone pointing to the address of the sess
20
- */
21
- public async createSessionIdentity({
22
- sagaId,
23
- primaryIdentity,
24
- nonSessionSecret,
25
- metaspace,
26
- localSpace,
27
- }: {
28
- /**
29
- * unique to any one particular saga.
30
- */
31
- sagaId: string,
32
- /**
33
- * optional main identity, e.g., Alice's keystone
34
- */
35
- primaryIdentity: KeystoneIbGib_V1 | undefined,
36
- /**
37
- * driving secret behind the sync operation. usually, this will be the
38
- * secret corresponding to a primary identity keystone. But this can
39
- * also just be a one-time secret just to have more security in the
40
- * transmission intrinsically.
41
- */
42
- nonSessionSecret: string,
43
- metaspace: MetaspaceService,
44
- localSpace: IbGibSpaceAny,
45
- }): Promise<{
46
- sessionIdentity: KeystoneIbGib_V1,
47
- sessionSecret: string,
48
- /**
49
- * if truthy, this evolved from the incoming {@link primaryIdentity} and
50
- * has already persisted/registered in the incoming {@link localSpace}.
51
- */
52
- newPrimaryIdentity: KeystoneIbGib_V1 | undefined
53
- }> {
54
- const lc = `${this.lc}[${this.createSessionIdentity.name}]`;
55
- try {
56
- if (logalot) { console.log(`${lc} starting... (I: 428392a4ee636b7bd8f7d5d89a87e826)`); }
57
-
58
- if (!nonSessionSecret) { throw new Error(`(UNEXPECTED) nonSessionSecret falsy? This is expected to be truthy by this point. (E: 8ce053fe59825a6678713128953b9d26)`); }
59
-
60
- debugger; // step through create session id
61
- const sessionSecret = await this.deriveSessionSecret({
62
- sagaId, nonSessionSecret
63
- });
64
-
65
- // Generate keystone with two initial pools in two steps.
66
- // 1. Create primary pool with genesis method to correspond to the
67
- // sender/sender's secret/identity.
68
- // 2. Create a separate pool and add separately because a
69
- // different pw + config is used for the transition pool.
70
-
71
- if (!this.sessionKeystonePoolConfig) { throw new Error(`this.sessionKeystonePoolConfig falsy. createSessionIdentity requires the coordinator to have this config set. (E: d65bb868d5e3e72c585d64d594e2b826)`); }
72
- const sessionIdentity_genesis = await this.keystoneSvc.genesis({
73
- masterSecret: sessionSecret,
74
- configs: [this.sessionKeystonePoolConfig],
75
- metaspace,
76
- space: localSpace,
77
- });
78
-
79
- // #region sanity validation of genesis keystone
80
- /**
81
- * not necessary but since it's a new design, I'm putting in this
82
- * immediate validation just to put it through its paces. (worth the
83
- * slight perf hit).
84
- */
85
- const validationErrors = await validateGenesisKeystone({
86
- keystoneIbGib: sessionIdentity_genesis
87
- });
88
- if (validationErrors && validationErrors.length > 0) { throw new Error(`(UNEXPECTED) the sessionIdentity_genesis that we just created already has validation errors just after creation? errors: ${validationErrors} (E: e9ca08cf0f8858bb1ace8b9fa89f8726)`); }
89
- // #endregion sanity validation of genesis keystone
90
-
91
- let newPrimaryIdentity: KeystoneIbGib_V1 | undefined = undefined;
92
- if (primaryIdentity) {
93
- newPrimaryIdentity = await this.keystoneSvc.sign({
94
- latestKeystone: primaryIdentity,
95
- poolId: this.sessionKeystonePoolConfig.id,
96
- claim: {
97
- verb: KEYSTONE_VERB_SIGN,
98
- target: getIbGibAddr({ ibGib: sessionIdentity_genesis }),
99
- },
100
- masterSecret: nonSessionSecret,
101
- metaspace,
102
- space: localSpace,
103
- // frameDetails: undefined, // anything to put here?
104
- // requiredChallengeIds: undefined, // not relevant I think
105
- });
106
- }
107
-
108
- // --- IMMEDIATE PERSISTENCE (Audit Trail Rule) ---
109
- // The initial session keystone is trusted locally and must be stored
110
- // in the durable space immediately so the FSM and validation steps
111
- // can use it to sign outgoing contexts.
112
- const identityIbGibs: IbGib_V1[] = [
113
- sessionIdentity_genesis
114
- ];
115
- if (newPrimaryIdentity) {
116
- identityIbGibs.push(newPrimaryIdentity);
117
- }
118
-
119
- // identity ibgibs are single framed without dna, so we only have to
120
- // worry about each individual frame (i.e. no dependency graph)
121
- await metaspace.put({
122
- ibGibs: identityIbGibs,
123
- space: localSpace,
124
- });
125
- for (const identityIbGib of identityIbGibs) {
126
- await registerNewIbGib({
127
- ibGib: identityIbGib,
128
- space: localSpace,
129
- fnBroadcast: undefined,
130
- });
131
- }
132
- // ------------------------------------------------
133
-
134
- return {
135
- sessionIdentity: sessionIdentity_genesis,
136
- sessionSecret,
137
- newPrimaryIdentity,
138
- }
139
- } catch (error) {
140
- console.error(`${lc} ${extractErrorMsg(error)}`);
141
- throw error;
142
- } finally {
143
- if (logalot) { console.log(`${lc} complete.`); }
144
- }
145
- }
146
-
147
- /**
148
- * helper that KDFs the given identitySecret, using {@link sagaId} to do so.
149
- *
150
- * @returns deterministically derived session secret
151
- */
152
- private async deriveSessionSecret({
153
- sagaId,
154
- nonSessionSecret,
155
- }: {
156
- sagaId: string,
157
- /**
158
- * driving secret behind the sync operation. usually, this will be the
159
- * secret corresponding to a primary identity keystone. But this can
160
- * also just be a one-time secret just to have more security in the
161
- * transmission intrinsically.
162
- */
163
- nonSessionSecret: string,
164
- }): Promise<string> {
165
- const lc = `${this.lc}[${this.deriveSessionSecret.name}]`;
166
- try {
167
- if (logalot) { console.log(`${lc} starting... (I: 0de03f8dcd3e32f1fca244e8f2a8a826)`); }
168
-
169
- // Derive session-specific secret using KDF
170
- const sessionSecret = await deriveKey({
171
- masterSecret: nonSessionSecret,
172
- kdfOpts: {
173
- strategy: KdfStrategy.recursive_salt_wrap,
174
- salt: sagaId,
175
- rounds: 10000,
176
- algorithm: 'SHA-256'
177
- }
178
- });
179
-
180
- return sessionSecret;
181
- } catch (error) {
182
- console.error(`${lc} ${extractErrorMsg(error)}`);
183
- throw error;
184
- } finally {
185
- if (logalot) { console.log(`${lc} complete.`); }
186
- }
187
- }
188
-
189
-
190
-
191
- /**
192
- * move to sync-peer-helpers.mts as a pure function?
193
- */
194
- export async function authenticateContext({
195
- context,
196
- space,
197
- keystoneSvc,
198
- }: {
199
- context: SyncSagaContextIbGib_V1,
200
- space: IbGibSpaceAny,
201
- keystoneSvc?: KeystoneService_V1,
202
- }): Promise<string[]> {
203
- const lc = `[${authenticateContext.name}]`;
204
- try {
205
- if (logalot) { console.log(`${lc} starting... (I: 2677a482dfa873dcd1aa04a3031ff826)`); }
206
-
207
- const errors: string[] = [];
208
- if (!keystoneSvc) {
209
- if (logalot) { console.warn(`${lc} No keystoneSvc provided. Skipping context authentication. (W: d34b8ad93d84a1ba8d8f7facd288826)`); }
210
- return errors;
211
- }
212
-
213
- // Bill Architecture: We only sign at the context level.
214
- // If the context refers to a session keystone, we must have a signedSessionKeystone
215
- // as well to verify the most recent turn.
216
- const { sessionKeystone: prevKeystoneAddrs } = context.rel8ns || {};
217
- const { signedSessionKeystone: currKeystone } = context;
218
-
219
- if (prevKeystoneAddrs && prevKeystoneAddrs.length > 0) {
220
- if (!currKeystone) {
221
- errors.push(`context.rel8ns.sessionKeystone present but context.signedSessionKeystone falsy. (E: b6e5a8ad93d84260a8d8e7facd288826)`);
222
- return errors;
223
- }
224
-
225
- // Retrieve the previous keystone frame from space
226
- const prevKeystoneAddr = prevKeystoneAddrs[0];
227
- const getPrevRes = await getFromSpace({ addr: prevKeystoneAddr, space });
228
- if (!getPrevRes.success || !getPrevRes.ibGibs || getPrevRes.ibGibs.length === 0) {
229
- errors.push(`couldn't find previous session keystone (${prevKeystoneAddr}) in space (${space.ib}). (E: 7c34b8ad94d84a9ba8cbe7facd288826)`);
230
- return errors;
231
- }
232
- const prevKeystone = getPrevRes.ibGibs[0] as KeystoneIbGib_V1;
233
-
234
- // 1. Validate the transition (API replay of evolution + intrinsic validation)
235
- const transitionErrors = await keystoneSvc.validate({
236
- currentIbGib: currKeystone,
237
- prevIbGib: prevKeystone,
238
- });
239
- if (transitionErrors.length > 0) {
240
- errors.push(`Invalid session keystone transition: ${transitionErrors.join(', ')} (E: d34b8ad95d84b90a8d8ef7facd288826)`);
241
- }
242
-
243
- // 2. Verify that the signature in current keystone actually targets this context
244
- const contextAddr = getIbGibAddr({ ibGib: context });
245
- const proofTargetsThisContext = currKeystone.data?.proofs.some(p => p.claim.target === contextAddr);
246
- if (!proofTargetsThisContext) {
247
- errors.push(`Session keystone signature does not target the current context ibgib (${contextAddr}). (E: f3e5a8ad96d84c1ba8d8f7facd288826)`);
248
- }
249
- }
250
-
251
- return errors;
252
- } catch (error) {
253
- console.error(`${lc} ${extractErrorMsg(error)}`);
254
- throw error;
255
- } finally {
256
- if (logalot) { console.log(`${lc} complete.`); }
257
- }
258
- }
259
-
260
-
261
-
262
- // #region this sync peer innerspace sendContextRequest
263
-
264
- // Bill architecture: Keystone identity transportation.
265
- // On each turn, the sender must include the current signed session
266
- // keystone. If it's the first turn (Init), we include the entire
267
- // keystone graph to ensure the receiver has the primary-to-session
268
- // authorized link.
269
- const identityIbGibs: IbGib_V1[] = [];
270
- const { signedSessionKeystone } = context;
271
- if (signedSessionKeystone) {
272
- if (msg.data.stage === SyncStage.init) {
273
- // transmit full keystone graph on the first connect handshake
274
- const keystoneGraph = await getDependencyGraph({
275
- ibGib: signedSessionKeystone,
276
- space: localSpace,
277
- });
278
- identityIbGibs.push(...Object.values(keystoneGraph));
279
- } else {
280
- // transmit only the latest evolution for subsequent turns
281
- identityIbGibs.push(signedSessionKeystone);
282
- }
283
- }
284
-
285
- // #endregion this sync peer innerspace sendContextRequest
286
-
287
-
288
- // #region SyncSagaContextRel8ns_V1
289
-
290
- /**
291
- * The Ephemeral Session Keystone Identity used for this saga. Required for
292
- * validating the saga frame and this context.
293
- *
294
- * WARNING!!!: THIS DOES NOT POINT TO THE CURRENT SESSION KEYSTONE IN
295
- * {@link SyncSagaContextIbGib_V1.signedSessionKeystone}. This points to the
296
- * PREVIOUS FRAME (immediate past) of that frame. That session keystone
297
- * signs with THIS context's frame as its target, so it is logically
298
- * impossible because the hash would be different.
299
- *
300
- * ## notes
301
- *
302
- * ATOW (02/18/2026), this is a single address that will have a primary pool
303
- * for the sender and a delegated pool for the receiver.
304
- *
305
- * @see {@link SyncSagaContextIbGib_V1.signedSessionKeystone}
306
- */
307
- sessionKeystone?: IbGibAddr[];
308
-
309
- // #endregion SyncSagaContextRel8ns_V1
310
-
311
- ```