@keyhive/keyhive 0.1.0-alpha.4 → 0.1.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/pkg/keyhive_wasm.d.ts +79 -40
- package/pkg/keyhive_wasm.js +1 -1
- package/pkg/keyhive_wasm_bg.js +214 -87
- package/pkg/keyhive_wasm_bg.wasm +0 -0
- package/pkg/keyhive_wasm_bg.wasm.d.ts +122 -108
- package/pkg-node/keyhive_wasm.d.ts +79 -40
- package/pkg-node/keyhive_wasm.js +217 -90
- package/pkg-node/keyhive_wasm_bg.wasm +0 -0
- package/pkg-node/keyhive_wasm_bg.wasm.d.ts +122 -108
- package/pkg-slim/keyhive_wasm.d.ts +201 -148
- package/pkg-slim/keyhive_wasm.js +214 -87
- package/pkg-slim/keyhive_wasm_bg.wasm +0 -0
- package/pkg-slim/keyhive_wasm_bg.wasm.base64.js +1 -1
- package/pkg-slim/keyhive_wasm_bg.wasm.d.ts +122 -108
package/package.json
CHANGED
package/pkg/keyhive_wasm.d.ts
CHANGED
|
@@ -5,18 +5,56 @@ export class Access {
|
|
|
5
5
|
private constructor();
|
|
6
6
|
free(): void;
|
|
7
7
|
[Symbol.dispose](): void;
|
|
8
|
+
/**
|
|
9
|
+
* The ability to revoke any members of a group, not just those that they have causal senority over.
|
|
10
|
+
*/
|
|
11
|
+
static admin(): Access;
|
|
12
|
+
/**
|
|
13
|
+
* True if this level is at least as permissive as `other`.
|
|
14
|
+
*/
|
|
15
|
+
atLeast(other: Access): boolean;
|
|
16
|
+
/**
|
|
17
|
+
* Standard comparator result: -1 if less permissive than `other`,
|
|
18
|
+
* 0 if equal, 1 if more permissive.
|
|
19
|
+
*/
|
|
20
|
+
compareTo(other: Access): number;
|
|
21
|
+
/**
|
|
22
|
+
* The ability to edit (append ops to) the content of a document.
|
|
23
|
+
*/
|
|
24
|
+
static edit(): Access;
|
|
25
|
+
equals(other: Access): boolean;
|
|
26
|
+
/**
|
|
27
|
+
* Parse an access level, throwing on invalid input.
|
|
28
|
+
* Accepts "relay", "read", "edit", or "admin" (case-insensitive).
|
|
29
|
+
*/
|
|
30
|
+
static fromString(s: string): Access;
|
|
31
|
+
/**
|
|
32
|
+
* The ability to read (decrypt) the content of a document.
|
|
33
|
+
*/
|
|
34
|
+
static read(): Access;
|
|
35
|
+
/**
|
|
36
|
+
* The ability to retrieve bytes over the network.
|
|
37
|
+
*/
|
|
38
|
+
static relay(): Access;
|
|
8
39
|
toString(): string;
|
|
40
|
+
/**
|
|
41
|
+
* Parse an access level, returning undefined on invalid input.
|
|
42
|
+
* Prefer `fromString`, which throws a descriptive error instead.
|
|
43
|
+
*/
|
|
9
44
|
static tryFromString(s: string): Access | undefined;
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
45
|
+
/**
|
|
46
|
+
* True for Edit access or higher.
|
|
47
|
+
*/
|
|
48
|
+
readonly isEditor: boolean;
|
|
49
|
+
/**
|
|
50
|
+
* True for Read access or higher.
|
|
51
|
+
*/
|
|
52
|
+
readonly isReader: boolean;
|
|
53
|
+
/**
|
|
54
|
+
* Numeric level for ordering: Relay = 0, Read = 1, Edit = 2, Admin = 3.
|
|
55
|
+
* Higher levels imply all lower levels.
|
|
56
|
+
*/
|
|
57
|
+
readonly level: number;
|
|
20
58
|
}
|
|
21
59
|
|
|
22
60
|
export class Agent {
|
|
@@ -127,16 +165,14 @@ export class ContactCard {
|
|
|
127
165
|
|
|
128
166
|
/**
|
|
129
167
|
* Plaintext plus the application secret key that decrypted it.
|
|
130
|
-
*
|
|
131
|
-
* The key lets the consumer recover the blob's external predecessor-secret
|
|
132
|
-
* chain and chain further encryptions onto it, without re-entering CGKA.
|
|
133
168
|
*/
|
|
134
|
-
export class
|
|
169
|
+
export class DecryptedKeyed {
|
|
135
170
|
private constructor();
|
|
136
171
|
free(): void;
|
|
137
172
|
[Symbol.dispose](): void;
|
|
138
173
|
/**
|
|
139
174
|
* The 32-byte application secret key used to decrypt this content.
|
|
175
|
+
* Treat as secret: do not log or persist unencrypted.
|
|
140
176
|
*/
|
|
141
177
|
readonly applicationSecret: Uint8Array;
|
|
142
178
|
readonly plaintext: Uint8Array;
|
|
@@ -192,8 +228,7 @@ export class Encrypted {
|
|
|
192
228
|
[Symbol.dispose](): void;
|
|
193
229
|
/**
|
|
194
230
|
* Decrypt this content with an explicit 32-byte application secret key,
|
|
195
|
-
* bypassing CGKA.
|
|
196
|
-
* predecessor-secret chain once it has recovered a blob's key.
|
|
231
|
+
* bypassing CGKA.
|
|
197
232
|
*/
|
|
198
233
|
decryptWithKey(key: Uint8Array): Uint8Array;
|
|
199
234
|
static fromBytes(bytes: Uint8Array): Encrypted;
|
|
@@ -212,11 +247,20 @@ export class EncryptedContentWithUpdate {
|
|
|
212
247
|
[Symbol.dispose](): void;
|
|
213
248
|
encrypted_content(): Encrypted;
|
|
214
249
|
update_op(): SignedCgkaOperation | undefined;
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
/**
|
|
253
|
+
* Encrypted content plus the application secret key it was encrypted under.
|
|
254
|
+
*/
|
|
255
|
+
export class EncryptedKeyed {
|
|
256
|
+
private constructor();
|
|
257
|
+
free(): void;
|
|
258
|
+
[Symbol.dispose](): void;
|
|
259
|
+
encrypted_content(): Encrypted;
|
|
260
|
+
update_op(): SignedCgkaOperation | undefined;
|
|
215
261
|
/**
|
|
216
262
|
* The 32-byte application secret key used to encrypt this content.
|
|
217
|
-
*
|
|
218
|
-
* Lets the consumer build the external predecessor-secret chain and chain
|
|
219
|
-
* further encryptions onto this blob.
|
|
263
|
+
* Treat as secret: do not log or persist unencrypted.
|
|
220
264
|
*/
|
|
221
265
|
readonly applicationSecret: Uint8Array;
|
|
222
266
|
}
|
|
@@ -313,12 +357,18 @@ export class Keyhive {
|
|
|
313
357
|
free(): void;
|
|
314
358
|
[Symbol.dispose](): void;
|
|
315
359
|
accessForDoc(id: Identifier, doc_id: DocumentId): Promise<Access | undefined>;
|
|
316
|
-
addMember(to_add: Agent, membered: Membered, access: Access, other_relevant_docs: Document[]): Promise<
|
|
360
|
+
addMember(to_add: Agent, membered: Membered, access: Access, other_relevant_docs: Document[]): Promise<SignedDelegation>;
|
|
317
361
|
/**
|
|
318
362
|
* Returns all agent events with deduplicated storage and two-tier indirection
|
|
319
363
|
* for membership, prekey, and CGKA ops.
|
|
320
364
|
*/
|
|
321
365
|
allAgentEvents(): Promise<AllAgentEvents>;
|
|
366
|
+
/**
|
|
367
|
+
* The most permissive of `id`'s direct access and the document's
|
|
368
|
+
* public access. Returns undefined if neither grants access (or the
|
|
369
|
+
* document is unknown).
|
|
370
|
+
*/
|
|
371
|
+
bestAccessForDoc(id: Identifier, doc_id: DocumentId): Promise<Access | undefined>;
|
|
322
372
|
contactCard(): Promise<ContactCard>;
|
|
323
373
|
docMemberCapabilities(doc_id: DocumentId): Promise<Membership[]>;
|
|
324
374
|
/**
|
|
@@ -334,14 +384,10 @@ export class Keyhive {
|
|
|
334
384
|
/**
|
|
335
385
|
* Force a PCS key rotation and return the new leaf secret, serialized as a
|
|
336
386
|
* one-entry `BTreeMap<ShareKey, ShareSecretKey>` (the exact format
|
|
337
|
-
* `importPrekeySecrets` accepts).
|
|
338
|
-
*
|
|
387
|
+
* `importPrekeySecrets` accepts).
|
|
388
|
+
* The returned bytes are secret key material: do not log or persist unencrypted.
|
|
339
389
|
*/
|
|
340
390
|
forcePcsUpdate(doc: Document): Promise<Uint8Array>;
|
|
341
|
-
/**
|
|
342
|
-
* Generate a document. Whether it provides forward secrecy is determined by
|
|
343
|
-
* this peer's forward-secrecy policy (chosen at `Keyhive.init`).
|
|
344
|
-
*/
|
|
345
391
|
generateDocument(coparents: Peer[], initial_content_ref_head: ChangeId, more_initial_content_refs: ChangeId[]): Promise<Document>;
|
|
346
392
|
generateGroup(js_coparents: Peer[]): Promise<Group>;
|
|
347
393
|
getAgent(id: Identifier): Promise<Agent | undefined>;
|
|
@@ -352,9 +398,6 @@ export class Keyhive {
|
|
|
352
398
|
importPrekeySecrets(bytes: Uint8Array): Promise<void>;
|
|
353
399
|
ingestArchive(archive: Archive): Promise<void>;
|
|
354
400
|
ingestEventsBytes(events_bytes_array: Array<any>): Promise<Array<any>>;
|
|
355
|
-
/**
|
|
356
|
-
* Initialize a peer.
|
|
357
|
-
*/
|
|
358
401
|
static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function): Promise<Keyhive>;
|
|
359
402
|
intoArchive(): Promise<Archive>;
|
|
360
403
|
membershipOpsForAgent(agent: Agent): Promise<Map<any, any>>;
|
|
@@ -369,13 +412,15 @@ export class Keyhive {
|
|
|
369
412
|
tryDecrypt(doc: Document, encrypted: Encrypted): Promise<Uint8Array>;
|
|
370
413
|
/**
|
|
371
414
|
* Decrypt content and also return the 32-byte application secret key used.
|
|
372
|
-
*
|
|
373
|
-
* The consumer follows the external predecessor-secret chain from this key
|
|
374
|
-
* with `Encrypted.decryptWithKey`, avoiding further CGKA dives.
|
|
375
415
|
*/
|
|
376
|
-
|
|
416
|
+
tryDecryptKeyed(doc: Document, encrypted: Encrypted): Promise<DecryptedKeyed>;
|
|
377
417
|
tryEncrypt(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
378
418
|
tryEncryptArchive(doc: Document, content_ref: ChangeId, pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
|
|
419
|
+
/**
|
|
420
|
+
* Encrypt content and also return the application secret key it was
|
|
421
|
+
* encrypted under.
|
|
422
|
+
*/
|
|
423
|
+
tryEncryptKeyed(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedKeyed>;
|
|
379
424
|
tryPcsKeyHash(doc: Document): Promise<Uint8Array | undefined>;
|
|
380
425
|
trySign(data: Uint8Array): Promise<Signed>;
|
|
381
426
|
readonly id: IndividualId;
|
|
@@ -542,12 +587,6 @@ export function setPanicHook(): void;
|
|
|
542
587
|
export function symmetricDecrypt(key: Uint8Array, blob: Uint8Array): Uint8Array;
|
|
543
588
|
|
|
544
589
|
/**
|
|
545
|
-
*
|
|
546
|
-
*
|
|
547
|
-
* `associated_data` flavors the synthetic nonce (e.g. the document or content
|
|
548
|
-
* id) so identical plaintext under the same key in different contexts produces
|
|
549
|
-
* distinct ciphertext. Returns `nonce(24) || ciphertext` (the ciphertext
|
|
550
|
-
* includes the Poly1305 tag). The nonce is carried in the output, so
|
|
551
|
-
* [`symmetric_decrypt`] does not need the associated data.
|
|
590
|
+
* Encrypt `plaintext` under a 32-byte `key`, returning `nonce(24) || ciphertext`.
|
|
552
591
|
*/
|
|
553
592
|
export function symmetricEncrypt(key: Uint8Array, plaintext: Uint8Array, associated_data: Uint8Array): Uint8Array;
|
package/pkg/keyhive_wasm.js
CHANGED
|
@@ -5,5 +5,5 @@ import { __wbg_set_wasm } from "./keyhive_wasm_bg.js";
|
|
|
5
5
|
__wbg_set_wasm(wasm);
|
|
6
6
|
wasm.__wbindgen_start();
|
|
7
7
|
export {
|
|
8
|
-
Access,
|
|
8
|
+
Access, Agent, AllAgentEvents, Archive, CannotParseEd25519SigningKey, CannotParseIdentifier, Capability, CgkaOperation, ChangeId, CiphertextStore, ContactCard, DecryptedKeyed, Delegation, DocContentRefs, Document, DocumentId, Encrypted, EncryptedContentWithUpdate, EncryptedKeyed, Event, GenerateWebCryptoError, Group, GroupId, History, Identifier, Individual, IndividualId, Invocation, Keyhive, Membered, Membership, Peer, Revocation, ShareKey, Signed, SignedCgkaOperation, SignedDelegation, SignedInvocation, SignedRevocation, Signer, Stats, Summary, setPanicHook, symmetricDecrypt, symmetricEncrypt
|
|
9
9
|
} from "./keyhive_wasm_bg.js";
|