@kehto/services 0.7.0 → 0.8.0

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { ServiceHandler, Signer } from '@kehto/runtime';
-import { NostrEvent, NappletMessage, NostrFilter, EventTemplate } from '@napplet/core';
+import { NostrFilter, NostrEvent, EventTemplate } from '@napplet/core';
 import { MediaMetadata, MediaAction } from '@napplet/nub/media/types';
 export { MediaAction } from '@napplet/nub/media/types';
 import { NotifySendMessage } from '@napplet/nub/notify/types';
@@ -181,53 +181,19 @@ declare function createNotificationService(options?: NotificationServiceOptions)
  *   - signer.nip04.encrypt/decrypt -> DELETED
  *   - signer.nip44.encrypt/decrypt -> DELETED (shell encrypts internally
  *                                      inside relay.publishEncrypted)
- *   - identity.decrypt -> ADDED in v1.8 as a shell-mediated decrypt request
- *                         with class gate + typed error union.
  *
- * See REQUIREMENTS.md DEPS-03 (Phase 15 changelog).
+ * Identity is strictly read-only per NAP-IDENTITY: napplets learn *about* the
+ * user but cannot act *as* the user — no signing, encryption, or decryption.
+ * (An `identity.decrypt` capability was briefly added in v1.8 and removed as a
+ * spec violation; decryption belongs to the runtime, inline over the wire.)
  *
- * Handles 10 identity.* request types from @napplet/nub/identity. getPublicKey
+ * Handles 9 identity.* request types from @napplet/nub/identity. getPublicKey
  * and getRelays return real values sourced from hooks.auth.getSigner(); the
  * remaining 7 (getProfile/getFollows/getList/getZaps/getMutes/getBlocked/
- * getBadges) are stub-level; decrypt delegates to a host-supplied bridge.
- * Host apps plug real backends via runtime.registerService('identity', realHandler).
+ * getBadges) are stub-level. Host apps plug real backends via
+ * runtime.registerService('identity', realHandler).
  */
 
-type IdentityDecryptErrorCode = 'class-forbidden' | 'signer-denied' | 'signer-unavailable' | 'decrypt-failed' | 'malformed-wrap' | 'impersonation' | 'unsupported-encryption' | 'policy-denied';
-interface Rumor {
-    id: string;
-    pubkey: string;
-    created_at: number;
-    kind: number;
-    tags: string[][];
-    content: string;
-}
-interface IdentityDecryptMessage extends NappletMessage {
-    type: 'identity.decrypt';
-    id: string;
-    event: NostrEvent;
-}
-interface IdentityDecryptResultMessage extends NappletMessage {
-    type: 'identity.decrypt.result';
-    id: string;
-    rumor: Rumor;
-    sender: string;
-}
-interface IdentityDecryptErrorMessage extends NappletMessage {
-    type: 'identity.decrypt.error';
-    id: string;
-    error: IdentityDecryptErrorCode;
-}
-interface GiftWrapDecryptResult {
-    seal: NostrEvent;
-    rumor: Rumor;
-}
-interface HostDecryptBridge {
-    nip04Decrypt(senderPubkey: string, ciphertext: string): Promise<string>;
-    nip44Decrypt(senderPubkey: string, ciphertext: string): Promise<string>;
-    unwrapGiftWrap(wrap: NostrEvent): Promise<GiftWrapDecryptResult>;
-}
-type VerifyEvent = (event: NostrEvent) => boolean | Promise<boolean>;
 /**
  * Options for creating the identity service.
  *
@@ -246,27 +212,14 @@ interface IdentityServiceOptions {
      * availability can change dynamically.
      */
     getSigner: () => Signer | null;
-    /**
-     * Return the host decrypt bridge. Called only after outer event signature
-     * verification and encryption-mode detection succeed. Null means decrypt is
-     * unavailable while the rest of the identity service remains usable.
-     */
-    getDecryptor?: () => HostDecryptBridge | null;
-    /**
-     * Verify a received event before any decrypt attempt. Host shells should
-     * wire this to their canonical Nostr event verifier; tests and old hosts
-     * default to true for backward compatibility with the 9 read-only actions.
-     */
-    verifyEvent?: VerifyEvent;
 }
 /**
  * Create an identity service that handles NIP-5D identity.* envelope messages.
  *
- * Supports all 10 identity.* request types from @napplet/nub/identity. The two
- * read-only nostr-info queries (getPublicKey, getRelays) resolve through the
+ * Supports the 9 read-only identity.* request types from @napplet/nub/identity.
+ * The two nostr-info queries (getPublicKey, getRelays) resolve through the
  * caller-supplied signer; the remaining 7 return default/empty payloads with
  * spec-correct envelope shapes so napplets always receive a result envelope.
- * identity.decrypt delegates to the host decrypt bridge.
  *
  * @param options - Identity service configuration (getSigner)
  * @returns A ServiceHandler ready for runtime.registerService('identity', handler)
@@ -2028,4 +1981,4 @@ interface HttpUploaderOptions {
  */
 declare function createHttpUploader(options: HttpUploaderOptions): Uploader;
 
-export { type AudioServiceOptions, type AudioSource, type CacheServiceOptions, type ConfigSchemaValidation, type ConfigService, type ConfigServiceOptions, type CoordinatedRelayOptions, type GiftWrapDecryptResult, type HostCacheBridge, type HostDecryptBridge, type HostKeyEvent, type HostKeysBridge, type HostMediaBridge, type HttpUploaderOptions, type HttpUploaderRails, type IdentityDecryptErrorCode, type IdentityDecryptErrorMessage, type IdentityDecryptMessage, type IdentityDecryptResultMessage, type IdentityServiceOptions, type KeysServiceOptions, type MediaMetadataLike, type MediaPlaybackOwner, type MediaServiceOptions, type MediaSessionCreateOptions, type MediaSessionTarget, type MediaSourceRef, type NostrTag, type Notification, type NotificationServiceOptions, type NotifyServiceOptions, type OutboxPublishOptions, type OutboxPublishResult, type OutboxQueryOptions, type OutboxRelayPlan, type OutboxRelayPool, type OutboxResult, type OutboxRouter, type OutboxRouterSubscription, type OutboxServiceOptions, type OutboxStrategy, type OutboxSubscribeOptions, type OutboxSubscriptionSink, type OutboxTarget, type RailServerConfig, type RelayListEntry, type RelayPoolOutboxRouterOptions, type RelayPoolServiceOptions, type ResourceService, type ResourceServiceOptions, type Rumor, type SignEvent, type ThemeService, type ThemeServiceOptions, type UploadDimensions, type UploadRail, type UploadRequest, type UploadResult, type UploadServiceOptions, type UploadState, type UploadStatus, type Uploader, type UploaderContext, type VerifyEvent, createAudioService, createBrowserMediaBridge, createCacheService, createConfigService, createCoordinatedRelay, createHttpUploader, createIdentityService, createKeysService, createMediaService, createNotificationService, createNotifyService, createOutboxService, createRelayPoolOutboxRouter, createRelayPoolService, createResourceService, createThemeService, createUploadService };
+export { type AudioServiceOptions, type AudioSource, type CacheServiceOptions, type ConfigSchemaValidation, type ConfigService, type ConfigServiceOptions, type CoordinatedRelayOptions, type HostCacheBridge, type HostKeyEvent, type HostKeysBridge, type HostMediaBridge, type HttpUploaderOptions, type HttpUploaderRails, type IdentityServiceOptions, type KeysServiceOptions, type MediaMetadataLike, type MediaPlaybackOwner, type MediaServiceOptions, type MediaSessionCreateOptions, type MediaSessionTarget, type MediaSourceRef, type NostrTag, type Notification, type NotificationServiceOptions, type NotifyServiceOptions, type OutboxPublishOptions, type OutboxPublishResult, type OutboxQueryOptions, type OutboxRelayPlan, type OutboxRelayPool, type OutboxResult, type OutboxRouter, type OutboxRouterSubscription, type OutboxServiceOptions, type OutboxStrategy, type OutboxSubscribeOptions, type OutboxSubscriptionSink, type OutboxTarget, type RailServerConfig, type RelayListEntry, type RelayPoolOutboxRouterOptions, type RelayPoolServiceOptions, type ResourceService, type ResourceServiceOptions, type SignEvent, type ThemeService, type ThemeServiceOptions, type UploadDimensions, type UploadRail, type UploadRequest, type UploadResult, type UploadServiceOptions, type UploadState, type UploadStatus, type Uploader, type UploaderContext, createAudioService, createBrowserMediaBridge, createCacheService, createConfigService, createCoordinatedRelay, createHttpUploader, createIdentityService, createKeysService, createMediaService, createNotificationService, createNotifyService, createOutboxService, createRelayPoolOutboxRouter, createRelayPoolService, createResourceService, createThemeService, createUploadService };

package/dist/index.js

@@ -231,156 +231,6 @@ function createNotificationService(options) {
 
 // src/identity-service.ts
 var IDENTITY_SERVICE_VERSION = "1.0.0";
-var DECRYPT_ERROR_CODES = [
-  "class-forbidden",
-  "signer-denied",
-  "signer-unavailable",
-  "decrypt-failed",
-  "malformed-wrap",
-  "impersonation",
-  "unsupported-encryption",
-  "policy-denied"
-];
-var DECRYPT_ERROR_CODE_SET = new Set(DECRYPT_ERROR_CODES);
-function isDecryptErrorCode(value) {
-  return typeof value === "string" && DECRYPT_ERROR_CODE_SET.has(value);
-}
-function normalizeDecryptError(error) {
-  if (isDecryptErrorCode(error)) return error;
-  if (typeof error === "object" && error !== null) {
-    const candidate = error;
-    if (isDecryptErrorCode(candidate.code)) return candidate.code;
-    if (isDecryptErrorCode(candidate.error)) return candidate.error;
-    if (isDecryptErrorCode(candidate.message)) return candidate.message;
-  }
-  return "decrypt-failed";
-}
-function sendDecryptError(id, error, send) {
-  const result = {
-    type: "identity.decrypt.error",
-    id,
-    error
-  };
-  send(result);
-}
-function isStringArrayArray(value) {
-  return Array.isArray(value) && value.every(
-    (tag) => Array.isArray(tag) && tag.every((part) => typeof part === "string")
-  );
-}
-function isNostrEvent(value) {
-  const event = value;
-  return typeof event === "object" && event !== null && typeof event.id === "string" && typeof event.pubkey === "string" && typeof event.created_at === "number" && typeof event.kind === "number" && isStringArrayArray(event.tags) && typeof event.content === "string" && typeof event.sig === "string";
-}
-function isRumor(value) {
-  const rumor = value;
-  return typeof rumor === "object" && rumor !== null && typeof rumor.id === "string" && typeof rumor.pubkey === "string" && typeof rumor.created_at === "number" && typeof rumor.kind === "number" && isStringArrayArray(rumor.tags) && typeof rumor.content === "string";
-}
-function isGiftWrapDecryptResult(value) {
-  const result = value;
-  return typeof result === "object" && result !== null && isNostrEvent(result.seal) && isRumor(result.rumor);
-}
-function firstDecodedByte(content) {
-  const trimmed = content.trim();
-  if (trimmed.length === 0) return null;
-  const normalized = trimmed.replace(/-/g, "+").replace(/_/g, "/");
-  const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
-  try {
-    const decoded = atob(padded);
-    return decoded.length > 0 ? decoded.charCodeAt(0) : null;
-  } catch {
-    return null;
-  }
-}
-function detectEncryptionMode(event) {
-  if (event.kind === 4) return "nip04";
-  if (event.kind === 1059) return "nip17";
-  if (event.kind === 14 || firstDecodedByte(event.content) === 2) {
-    return "nip44-direct";
-  }
-  return null;
-}
-function rumorFromSignedEvent(event, content) {
-  return {
-    id: event.id,
-    pubkey: event.pubkey,
-    kind: event.kind,
-    tags: event.tags,
-    created_at: event.created_at,
-    content
-  };
-}
-async function handleDecrypt(id, message, send, options) {
-  const event = message.event;
-  if (!isNostrEvent(event)) {
-    sendDecryptError(id, "malformed-wrap", send);
-    return;
-  }
-  const verifyEvent = options.verifyEvent ?? (() => true);
-  let verified;
-  try {
-    verified = await Promise.resolve(verifyEvent(event));
-  } catch {
-    sendDecryptError(id, "malformed-wrap", send);
-    return;
-  }
-  if (!verified) {
-    sendDecryptError(id, "malformed-wrap", send);
-    return;
-  }
-  const mode = detectEncryptionMode(event);
-  if (!mode) {
-    sendDecryptError(id, "unsupported-encryption", send);
-    return;
-  }
-  const decryptor = options.getDecryptor?.() ?? null;
-  if (!decryptor) {
-    sendDecryptError(id, "signer-unavailable", send);
-    return;
-  }
-  try {
-    if (mode === "nip04") {
-      const plaintext = await decryptor.nip04Decrypt(event.pubkey, event.content);
-      const result2 = {
-        type: "identity.decrypt.result",
-        id,
-        rumor: rumorFromSignedEvent(event, plaintext),
-        sender: event.pubkey
-      };
-      send(result2);
-      return;
-    }
-    if (mode === "nip44-direct") {
-      const plaintext = await decryptor.nip44Decrypt(event.pubkey, event.content);
-      const result2 = {
-        type: "identity.decrypt.result",
-        id,
-        rumor: rumorFromSignedEvent(event, plaintext),
-        sender: event.pubkey
-      };
-      send(result2);
-      return;
-    }
-    const unwrapped = await decryptor.unwrapGiftWrap(event);
-    if (!isGiftWrapDecryptResult(unwrapped)) {
-      sendDecryptError(id, "malformed-wrap", send);
-      return;
-    }
-    if (unwrapped.seal.pubkey !== unwrapped.rumor.pubkey) {
-      sendDecryptError(id, "impersonation", send);
-      return;
-    }
-    const result = {
-      type: "identity.decrypt.result",
-      id,
-      rumor: unwrapped.rumor,
-      sender: unwrapped.seal.pubkey
-    };
-    send(result);
-  } catch (error) {
-    sendDecryptError(id, normalizeDecryptError(error), send);
-  }
-}
 function createIdentityService(options) {
   return {
     descriptor: {
@@ -496,10 +346,6 @@ function createIdentityService(options) {
           send(result);
           return;
         }
-        case "identity.decrypt": {
-          void handleDecrypt(id, message, send, options);
-          return;
-        }
         default:
           sendError(message.type, `Unknown identity method: ${message.type}`);
       }