@kya-os/mcp-i 0.1.0-alpha.2.8 → 0.1.0-alpha.3.0

package/dist/{crypto.js → cjs/crypto.js}

@@ -113,6 +113,7 @@ async function generateNonce(length = 32) {
     const crypto = await loadCrypto();
     return crypto.randomBytes(length).toString('hex');
 }
+let cachedCrypto = null;
 function generateNonceSync(length = 32) {
     if (typeof globalThis.crypto !== 'undefined' && globalThis.crypto.getRandomValues) {
         const bytes = new Uint8Array(length);
@@ -120,10 +121,24 @@ function generateNonceSync(length = 32) {
         return Buffer.from(bytes).toString('hex');
     }
     else {
-        const crypto = require('crypto');
-        return crypto.randomBytes(length).toString('hex');
+        if (!cachedCrypto) {
+            const hex = '0123456789abcdef';
+            let output = '';
+            for (let i = 0; i < length * 2; i++) {
+                output += hex[Math.floor(Math.random() * 16)];
+            }
+            console.warn('Using Math.random for nonce generation - not cryptographically secure!');
+            return output;
+        }
+        return cachedCrypto.randomBytes(length).toString('hex');
     }
 }
+if (typeof process !== 'undefined' && process.versions && process.versions.node) {
+    loadCrypto().then(crypto => {
+        cachedCrypto = crypto;
+    }).catch(() => {
+    });
+}
 function constantTimeEqual(a, b) {
     if (a.length !== b.length) {
         return false;

package/dist/{index.d.ts → cjs/index.d.ts}

@@ -1,6 +1,7 @@
 import { MCPIdentityOptions, Challenge, ChallengeResponse, MCPICapabilities, SignedResponse, MCPMiddleware, DirectoryPreference } from './types';
 import { KeyRotationResult, KeyHealth } from './rotation';
 export * from './types';
+export * from './vercel-adapter';
 export { RegistryFactory, REGISTRY_TIERS, resolveRegistries } from './registry';
 export { LoggerFactory, ConsoleLogger, SilentLogger } from './logger';
 export { StorageFactory, MemoryStorage, FileStorage } from './storage';

package/dist/{index.js → cjs/index.js}

@@ -44,7 +44,9 @@ const storage_1 = require("./storage");
 const transport_1 = require("./transport");
 const logger_1 = require("./logger");
 const rotation_1 = require("./rotation");
+const vercel_adapter_1 = require("./vercel-adapter");
 __exportStar(require("./types"), exports);
+__exportStar(require("./vercel-adapter"), exports);
 var registry_1 = require("./registry");
 Object.defineProperty(exports, "RegistryFactory", { enumerable: true, get: function () { return registry_1.RegistryFactory; } });
 Object.defineProperty(exports, "REGISTRY_TIERS", { enumerable: true, get: function () { return registry_1.REGISTRY_TIERS; } });
@@ -110,13 +112,24 @@ class MCPIdentity {
         if (globalIdentity) {
             return globalIdentity;
         }
+        const isVercel = process.env.VERCEL || process.env.VERCEL_ENV;
+        const isServerless = isVercel || process.env.AWS_LAMBDA_FUNCTION_NAME || process.env.FUNCTIONS_WORKER_RUNTIME;
+        let identity = null;
+        if (isServerless || options?.storage === 'memory') {
+            identity = (0, vercel_adapter_1.loadIdentityFromEnv)();
+            if (identity) {
+                logger.info('✅ Loaded existing identity from environment variables');
+            }
+        }
         const storage = storage_1.StorageFactory.create({
             storage: options?.storage,
             customPath: options?.persistencePath,
             memoryKey: options?.memoryKey,
             encryptionPassword: options?.encryptionPassword
         });
-        let identity = await storage.load();
+        if (!identity) {
+            identity = await storage.load();
+        }
         if (identity) {
             logger.info('Loaded existing identity:', identity.did);
             globalIdentity = new MCPIdentity(identity, options);
@@ -136,7 +149,7 @@ class MCPIdentity {
             repository: options?.repository,
             publicKey: keyPair.publicKey,
             directories: options?.directories,
-            isDraft: options?.mode === 'development'
+            isDraft: options?.mode !== 'production'
         };
         logger.debug('Registration data:', {
             name: registrationData.name,
@@ -190,17 +203,22 @@ class MCPIdentity {
             directories: options?.directories || 'verified'
         };
         await storage.save(identity);
-        logger.info('✅ Success! Your agent has been registered.');
-        logger.info(`DID: ${response.did}`);
-        logger.info(`Profile: ${response.agent.url}`);
-        if (response.agent.claimUrl) {
-            logger.info(`Claim your agent: ${response.agent.claimUrl}`);
-        }
-        if (options?.directories && options.directories !== 'none') {
-            const dirMessage = options.directories === 'verified'
-                ? 'Your agent will be submitted to all verified directories'
-                : `Your agent will be submitted to: ${options.directories.join(', ')}`;
-            logger.info(dirMessage);
+        if (isServerless) {
+            (0, vercel_adapter_1.showVercelDeveloperInstructions)(identity, response.agent.claimUrl);
+        }
+        else {
+            logger.info('✅ Success! Your agent has been registered.');
+            logger.info(`DID: ${response.did}`);
+            logger.info(`Profile: ${response.agent.url}`);
+            if (response.agent.claimUrl) {
+                logger.info(`Claim your agent: ${response.agent.claimUrl}`);
+            }
+            if (options?.directories && options.directories !== 'none') {
+                const dirMessage = options.directories === 'verified'
+                    ? 'Your agent will be submitted to all verified directories'
+                    : `Your agent will be submitted to: ${options.directories.join(', ')}`;
+                logger.info(dirMessage);
+            }
         }
         globalIdentity = new MCPIdentity(identity, options);
         return globalIdentity;

package/dist/cjs/nextjs.d.ts

@@ -0,0 +1,10 @@
+import { MCPIdentity } from './index';
+import { MCPIdentityOptions } from './types';
+export interface NextJSMCPOptions extends Omit<MCPIdentityOptions, 'transport' | 'storage'> {
+    storage?: 'memory';
+    transport?: 'fetch';
+    showSetupInstructions?: boolean;
+}
+export declare function enableMCPIdentityForNextJS(options?: NextJSMCPOptions): Promise<MCPIdentity>;
+export { enableMCPIdentity, MCPIdentity } from './index';
+export * from './types';

package/dist/cjs/nextjs.js

@@ -0,0 +1,82 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCPIdentity = exports.enableMCPIdentity = void 0;
+exports.enableMCPIdentityForNextJS = enableMCPIdentityForNextJS;
+const index_1 = require("./index");
+async function enableMCPIdentityForNextJS(options = {}) {
+    const isProduction = process.env.NODE_ENV === 'production';
+    const isVercel = process.env.VERCEL || process.env.VERCEL_ENV;
+    try {
+        console.log(`\n🚀 Initializing MCP-I for Next.js...`);
+        const identity = await (0, index_1.enableMCPIdentity)({
+            ...options,
+            transport: 'fetch',
+            storage: 'memory',
+            logLevel: options.logLevel || (isProduction ? 'error' : 'info'),
+            mode: isProduction ? 'production' : 'development',
+        });
+        if (!isProduction && options.showSetupInstructions !== false) {
+            console.log('\n✅ MCP-I Ready for Next.js!');
+            console.log(`\n📋 Quick Info:`);
+            console.log(`   Environment: ${isVercel ? 'Vercel' : 'Local'}`);
+            console.log(`   DID: ${identity.did}`);
+            if (isVercel && !process.env.MCP_IDENTITY_DID) {
+                console.log('\n⚠️  Remember to set environment variables in Vercel Dashboard!');
+                console.log('   See console output above for the exact variables to add.');
+            }
+        }
+        return identity;
+    }
+    catch (error) {
+        console.error('\n❌ MCP-I Initialization Failed\n');
+        if (error?.message?.includes('429')) {
+            console.error('📛 Rate Limit Hit');
+            console.error('   You\'ve made too many registration attempts.');
+            console.error('   Wait a few minutes and try again.');
+            console.error('\n💡 Tip: In development, you can use environment variables to persist identity:');
+            console.error('   1. Copy the MCP_IDENTITY_* variables from a successful run');
+            console.error('   2. Add them to your .env.local file');
+        }
+        else if (error?.message?.includes('500') || error?.message?.includes('fetch failed')) {
+            console.error('📛 Server Connection Error');
+            console.error('   Cannot connect to knowthat.ai registry.');
+            console.error('\n💡 Possible causes:');
+            console.error('   - Registry is temporarily down');
+            console.error('   - Network connectivity issues');
+            console.error('   - Firewall blocking outbound connections');
+            console.error('\n💡 Workaround for development:');
+            console.error('   Add to your route: mode: "development" to allow offline mode');
+        }
+        else if (error?.message?.includes('MODULE_NOT_FOUND')) {
+            console.error('📛 Missing Dependencies');
+            console.error('   Make sure all dependencies are installed:');
+            console.error('   npm install @kya-os/mcp-i');
+        }
+        else {
+            console.error('📛 Unexpected Error:', error?.message || error);
+        }
+        if (!isProduction) {
+            console.error('\n🔍 Full Error Details:');
+            console.error(error);
+        }
+        throw error;
+    }
+}
+var index_2 = require("./index");
+Object.defineProperty(exports, "enableMCPIdentity", { enumerable: true, get: function () { return index_2.enableMCPIdentity; } });
+Object.defineProperty(exports, "MCPIdentity", { enumerable: true, get: function () { return index_2.MCPIdentity; } });
+__exportStar(require("./types"), exports);

package/dist/cjs/vercel-adapter.d.ts

@@ -0,0 +1,8 @@
+import { MCPIdentityOptions, PersistedIdentity } from './types';
+export interface VercelMCPIdentityOptions extends MCPIdentityOptions {
+    envPrefix?: string;
+    showClaimInstructions?: boolean;
+}
+export declare function loadIdentityFromEnv(prefix?: string): PersistedIdentity | null;
+export declare function generateEnvInstructions(identity: PersistedIdentity, prefix?: string): string;
+export declare function showVercelDeveloperInstructions(identity: PersistedIdentity, claimUrl?: string): void;

package/dist/cjs/vercel-adapter.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadIdentityFromEnv = loadIdentityFromEnv;
+exports.generateEnvInstructions = generateEnvInstructions;
+exports.showVercelDeveloperInstructions = showVercelDeveloperInstructions;
+const logger_1 = require("./logger");
+function loadIdentityFromEnv(prefix = 'MCP_IDENTITY_') {
+    const logger = (0, logger_1.getLogger)();
+    try {
+        const did = process.env[`${prefix}DID`];
+        const publicKey = process.env[`${prefix}PUBLIC_KEY`];
+        const privateKey = process.env[`${prefix}PRIVATE_KEY`];
+        const agentId = process.env[`${prefix}AGENT_ID`];
+        const agentSlug = process.env[`${prefix}AGENT_SLUG`];
+        if (did && publicKey && privateKey) {
+            logger.info('📦 Loaded identity from environment variables');
+            return {
+                did,
+                publicKey,
+                privateKey,
+                agentId: agentId || 'unknown',
+                agentSlug: agentSlug || 'unknown',
+                registeredAt: new Date().toISOString(),
+                directories: 'verified'
+            };
+        }
+    }
+    catch (error) {
+        logger.debug('No identity found in environment variables');
+    }
+    return null;
+}
+function generateEnvInstructions(identity, prefix = 'MCP_IDENTITY_') {
+    return `
+# Add these to your Vercel environment variables:
+${prefix}DID="${identity.did}"
+${prefix}PUBLIC_KEY="${identity.publicKey}"
+${prefix}PRIVATE_KEY="${identity.privateKey}"
+${prefix}AGENT_ID="${identity.agentId}"
+${prefix}AGENT_SLUG="${identity.agentSlug}"
+`;
+}
+function showVercelDeveloperInstructions(identity, claimUrl) {
+    const logger = (0, logger_1.getLogger)();
+    console.log('\n');
+    console.log('='.repeat(60));
+    console.log('🎉 MCP-I IDENTITY CREATED SUCCESSFULLY! 🎉');
+    console.log('='.repeat(60));
+    console.log('\n📋 Your Agent Details:\n');
+    console.log(`   DID: ${identity.did}`);
+    console.log(`   Agent ID: ${identity.agentId}`);
+    console.log(`   Profile: https://knowthat.ai/agents/${identity.agentSlug}`);
+    if (claimUrl) {
+        console.log('\n🎯 IMPORTANT: Claim your agent to manage it:');
+        console.log(`   ${claimUrl}`);
+        console.log('\n   This link lets you:');
+        console.log('   - Edit your agent details');
+        console.log('   - Add logos and descriptions');
+        console.log('   - Manage directory listings');
+        console.log('   - View analytics');
+    }
+    console.log('\n⚡ For Vercel Deployment:');
+    console.log('\n1. Add these environment variables in Vercel Dashboard:');
+    console.log(generateEnvInstructions(identity));
+    console.log('2. Your identity will persist across deployments!');
+    console.log('\n' + '='.repeat(60) + '\n');
+}

package/dist/esm/auto.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Auto-initialization for MCP Identity
+ *
+ * Just import this file to automatically enable MCP-I for any MCP server:
+ *
+ * ```typescript
+ * import "@kya-os/mcp-i/auto";
+ * ```
+ *
+ * That's it! Your MCP server now has identity.
+ */
+export {};
+//# sourceMappingURL=auto.d.ts.map

package/dist/esm/auto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto.d.ts","sourceRoot":"","sources":["../../src/auto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/esm/auto.js

@@ -0,0 +1,30 @@
+/**
+ * Auto-initialization for MCP Identity
+ *
+ * Just import this file to automatically enable MCP-I for any MCP server:
+ *
+ * ```typescript
+ * import "@kya-os/mcp-i/auto";
+ * ```
+ *
+ * That's it! Your MCP server now has identity.
+ */
+import { enableMCPIdentity } from './index.js';
+import { getLogger } from './logger.js';
+// Auto-initialize on import
+(async () => {
+    try {
+        await enableMCPIdentity();
+    }
+    catch (error) {
+        const logger = getLogger();
+        logger.error('[MCP-I] Failed to auto-initialize:', error);
+        // More detailed error logging for debugging
+        if (error.stack) {
+            logger.debug('[MCP-I] Error stack:', error.stack);
+        }
+        // Don't throw the error - allow the server to continue running
+        // even if MCP-I initialization fails
+    }
+})();
+//# sourceMappingURL=auto.js.map

package/dist/esm/auto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto.js","sourceRoot":"","sources":["../../src/auto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,4BAA4B;AAC5B,CAAC,KAAK,IAAI,EAAE;IACV,IAAI,CAAC;QACH,MAAM,iBAAiB,EAAE,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAE1D,4CAA4C;QAC5C,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QAED,+DAA+D;QAC/D,qCAAqC;IACvC,CAAC;AACH,CAAC,CAAC,EAAE,CAAC"}

package/dist/esm/crypto.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Optimized cryptographic utilities for MCP-I with lazy loading
+ * Implements Ed25519 signing and verification with caching
+ */
+/**
+ * Precomputed key pair with cached base64 strings
+ */
+export interface PrecomputedKeyPair {
+    publicKey: string;
+    privateKey: string;
+    publicKeyBytes?: Uint8Array;
+    privateKeyBytes?: Uint8Array;
+}
+/**
+ * Generate a new Ed25519 key pair with precomputed values
+ */
+export declare function generateKeyPair(): Promise<PrecomputedKeyPair>;
+/**
+ * Sign a message with Ed25519 (with caching)
+ */
+export declare function sign(message: string | Buffer, privateKeyBase64: string): Promise<string>;
+/**
+ * Verify an Ed25519 signature
+ */
+export declare function verify(message: string | Buffer, signatureBase64: string, publicKeyBase64: string): Promise<boolean>;
+/**
+ * Generate a cryptographically secure nonce
+ */
+export declare function generateNonce(length?: number): Promise<string>;
+export declare function generateNonceSync(length?: number): string;
+/**
+ * Constant-time string comparison to prevent timing attacks
+ */
+export declare function constantTimeEqual(a: string, b: string): boolean;
+/**
+ * Convert Ed25519 public key to did:key format
+ */
+export declare function publicKeyToDid(publicKeyBase64: string): string;
+/**
+ * Encrypt data using AES-256-GCM (for key storage)
+ */
+export declare function encrypt(data: string, password: string): Promise<string>;
+/**
+ * Decrypt data using AES-256-GCM
+ */
+export declare function decrypt(encryptedData: string, password: string): Promise<string>;
+/**
+ * Clear signature cache (useful for testing or memory management)
+ */
+export declare function clearCache(): void;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/esm/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA2BH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,eAAe,CAAC,EAAE,UAAU,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAgBnE;AAED;;GAEG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,MAAM,GAAG,MAAM,EACxB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC,CAgCjB;AAED;;GAEG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,MAAM,GAAG,MAAM,EACxB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAGxE;AAQD,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAqB7D;AAWD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAW/D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAQ9D;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA2C7E;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA6DtF;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAEjC"}

package/dist/esm/crypto.js

@@ -0,0 +1,230 @@
+/**
+ * Optimized cryptographic utilities for MCP-I with lazy loading
+ * Implements Ed25519 signing and verification with caching
+ */
+// Lazy-loaded modules
+let ed25519 = null;
+let cryptoModule = null;
+// Cache for computed values
+const signatureCache = new Map();
+const MAX_CACHE_SIZE = 100;
+/**
+ * Lazy load crypto dependencies
+ */
+async function loadEd25519() {
+    if (!ed25519) {
+        ed25519 = await import('@noble/ed25519');
+    }
+    return ed25519;
+}
+async function loadCrypto() {
+    if (!cryptoModule) {
+        cryptoModule = await import('crypto');
+    }
+    return cryptoModule;
+}
+/**
+ * Generate a new Ed25519 key pair with precomputed values
+ */
+export async function generateKeyPair() {
+    const ed = await loadEd25519();
+    const privateKeyBytes = ed.utils.randomPrivateKey();
+    const publicKeyBytes = await ed.getPublicKeyAsync(privateKeyBytes);
+    // Precompute base64 strings
+    const publicKey = Buffer.from(publicKeyBytes).toString('base64');
+    const privateKey = Buffer.from(privateKeyBytes).toString('base64');
+    return {
+        publicKey,
+        privateKey,
+        publicKeyBytes,
+        privateKeyBytes
+    };
+}
+/**
+ * Sign a message with Ed25519 (with caching)
+ */
+export async function sign(message, privateKeyBase64) {
+    // Create cache key
+    const messageStr = typeof message === 'string' ? message : message.toString('base64');
+    const cacheKey = `${privateKeyBase64}:${messageStr}`;
+    // Check cache
+    const cached = signatureCache.get(cacheKey);
+    if (cached) {
+        return cached;
+    }
+    // Perform signing
+    const ed = await loadEd25519();
+    const messageBuffer = typeof message === 'string'
+        ? Buffer.from(message, 'utf-8')
+        : message;
+    const privateKey = Buffer.from(privateKeyBase64, 'base64');
+    const signature = await ed.signAsync(messageBuffer, privateKey);
+    const signatureBase64 = Buffer.from(signature).toString('base64');
+    // Cache result (with size limit)
+    if (signatureCache.size >= MAX_CACHE_SIZE) {
+        // Remove oldest entry
+        const firstKey = signatureCache.keys().next().value;
+        if (firstKey) {
+            signatureCache.delete(firstKey);
+        }
+    }
+    signatureCache.set(cacheKey, signatureBase64);
+    return signatureBase64;
+}
+/**
+ * Verify an Ed25519 signature
+ */
+export async function verify(message, signatureBase64, publicKeyBase64) {
+    try {
+        const ed = await loadEd25519();
+        const messageBuffer = typeof message === 'string'
+            ? Buffer.from(message, 'utf-8')
+            : message;
+        const signature = Buffer.from(signatureBase64, 'base64');
+        const publicKey = Buffer.from(publicKeyBase64, 'base64');
+        return await ed.verifyAsync(signature, messageBuffer, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Generate a cryptographically secure nonce
+ */
+export async function generateNonce(length = 32) {
+    const crypto = await loadCrypto();
+    return crypto.randomBytes(length).toString('hex');
+}
+/**
+ * Generate nonce synchronously (for performance-critical paths)
+ * Uses cached crypto module if available
+ */
+let cachedCrypto = null;
+export function generateNonceSync(length = 32) {
+    if (typeof globalThis.crypto !== 'undefined' && globalThis.crypto.getRandomValues) {
+        // Use Web Crypto API if available
+        const bytes = new Uint8Array(length);
+        globalThis.crypto.getRandomValues(bytes);
+        return Buffer.from(bytes).toString('hex');
+    }
+    else {
+        // Try to use cached crypto module
+        if (!cachedCrypto) {
+            // In Node.js environment, we should have already loaded crypto module
+            // This is a fallback for edge cases
+            const hex = '0123456789abcdef';
+            let output = '';
+            for (let i = 0; i < length * 2; i++) {
+                output += hex[Math.floor(Math.random() * 16)];
+            }
+            console.warn('Using Math.random for nonce generation - not cryptographically secure!');
+            return output;
+        }
+        return cachedCrypto.randomBytes(length).toString('hex');
+    }
+}
+// Initialize crypto module cache on load (for Node.js environments)
+if (typeof process !== 'undefined' && process.versions && process.versions.node) {
+    loadCrypto().then(crypto => {
+        cachedCrypto = crypto;
+    }).catch(() => {
+        // Ignore errors - will fallback to other methods
+    });
+}
+/**
+ * Constant-time string comparison to prevent timing attacks
+ */
+export function constantTimeEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+        result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+}
+/**
+ * Convert Ed25519 public key to did:key format
+ */
+export function publicKeyToDid(publicKeyBase64) {
+    const publicKey = Buffer.from(publicKeyBase64, 'base64');
+    // Multicodec ed25519-pub header (0xed 0x01)
+    const multicodec = Buffer.from([0xed, 0x01]);
+    const multikey = Buffer.concat([multicodec, publicKey]);
+    // Base58 encode (simplified - in production use a proper base58 library)
+    return `did:key:z${multikey.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '')}`;
+}
+/**
+ * Encrypt data using AES-256-GCM (for key storage)
+ */
+export async function encrypt(data, password) {
+    const encoder = new TextEncoder();
+    const salt = new Uint8Array(16);
+    globalThis.crypto.getRandomValues(salt);
+    // Derive key from password
+    const keyMaterial = await globalThis.crypto.subtle.importKey('raw', encoder.encode(password), 'PBKDF2', false, ['deriveKey']);
+    const key = await globalThis.crypto.subtle.deriveKey({
+        name: 'PBKDF2',
+        salt,
+        iterations: 100000,
+        hash: 'SHA-256'
+    }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
+    const iv = new Uint8Array(12);
+    globalThis.crypto.getRandomValues(iv);
+    const encrypted = await globalThis.crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoder.encode(data));
+    // Combine salt + iv + encrypted data
+    const combined = new Uint8Array(salt.length + iv.length + encrypted.byteLength);
+    combined.set(salt);
+    combined.set(iv, salt.length);
+    combined.set(new Uint8Array(encrypted), salt.length + iv.length);
+    return 'enc:' + Buffer.from(combined).toString('base64');
+}
+/**
+ * Decrypt data using AES-256-GCM
+ */
+export async function decrypt(encryptedData, password) {
+    // Handle enc: prefix
+    let dataToDecrypt = encryptedData;
+    if (encryptedData.startsWith('enc:')) {
+        dataToDecrypt = encryptedData.slice(4);
+    }
+    // If data doesn't look like base64 encrypted data, return as-is
+    if (!dataToDecrypt || dataToDecrypt.length < 44) {
+        return encryptedData;
+    }
+    const encoder = new TextEncoder();
+    const decoder = new TextDecoder();
+    try {
+        const combined = Buffer.from(dataToDecrypt, 'base64');
+        // Check minimum size for encrypted data (salt + iv + auth tag + at least 1 byte)
+        if (combined.length < 29) {
+            return encryptedData;
+        }
+        // Extract salt, iv, and encrypted data
+        const salt = combined.slice(0, 16);
+        const iv = combined.slice(16, 28);
+        const encrypted = combined.slice(28);
+        // Derive key from password
+        const keyMaterial = await globalThis.crypto.subtle.importKey('raw', encoder.encode(password), 'PBKDF2', false, ['deriveKey']);
+        const key = await globalThis.crypto.subtle.deriveKey({
+            name: 'PBKDF2',
+            salt: new Uint8Array(salt),
+            iterations: 100000,
+            hash: 'SHA-256'
+        }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['decrypt']);
+        const decrypted = await globalThis.crypto.subtle.decrypt({ name: 'AES-GCM', iv: new Uint8Array(iv) }, key, new Uint8Array(encrypted));
+        return decoder.decode(decrypted);
+    }
+    catch (error) {
+        // If decryption fails, throw error
+        throw new Error('Failed to decrypt data: invalid password or corrupted data');
+    }
+}
+/**
+ * Clear signature cache (useful for testing or memory management)
+ */
+export function clearCache() {
+    signatureCache.clear();
+}
+//# sourceMappingURL=crypto.js.map

package/dist/esm/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,sBAAsB;AACtB,IAAI,OAAO,GAA2C,IAAI,CAAC;AAC3D,IAAI,YAAY,GAAmC,IAAI,CAAC;AAExD,4BAA4B;AAC5B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;AACjD,MAAM,cAAc,GAAG,GAAG,CAAC;AAE3B;;GAEG;AACH,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAYD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,EAAE,GAAG,MAAM,WAAW,EAAE,CAAC;IAE/B,MAAM,eAAe,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACpD,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;IAEnE,4BAA4B;IAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEnE,OAAO;QACL,SAAS;QACT,UAAU;QACV,cAAc;QACd,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,OAAwB,EACxB,gBAAwB;IAExB,mBAAmB;IACnB,MAAM,UAAU,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAG,GAAG,gBAAgB,IAAI,UAAU,EAAE,CAAC;IAErD,cAAc;IACd,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kBAAkB;IAClB,MAAM,EAAE,GAAG,MAAM,WAAW,EAAE,CAAC;IAC/B,MAAM,aAAa,GAAG,OAAO,OAAO,KAAK,QAAQ;QAC/C,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;QAC/B,CAAC,CAAC,OAAO,CAAC;IAEZ,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAChE,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAElE,iCAAiC;IACjC,IAAI,cAAc,CAAC,IAAI,IAAI,cAAc,EAAE,CAAC;QAC1C,sBAAsB;QACtB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;QACpD,IAAI,QAAQ,EAAE,CAAC;YACb,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IACD,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAE9C,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,OAAwB,EACxB,eAAuB,EACvB,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,WAAW,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,OAAO,KAAK,QAAQ;YAC/C,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;YAC/B,CAAC,CAAC,OAAO,CAAC;QAEZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAEzD,OAAO,MAAM,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,SAAiB,EAAE;IACrD,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,IAAI,YAAY,GAAQ,IAAI,CAAC;AAE7B,MAAM,UAAU,iBAAiB,CAAC,SAAiB,EAAE;IACnD,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,IAAI,UAAU,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAClF,kCAAkC;QAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACrC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,kCAAkC;QAClC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,sEAAsE;YACtE,oCAAoC;YACpC,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC/B,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;YACvF,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,YAAY,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAChF,UAAU,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACzB,YAAY,GAAG,MAAM,CAAC;IACxB,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACZ,iDAAiD;IACnD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,eAAuB;IACpD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IACzD,4CAA4C;IAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IAExD,yEAAyE;IACzE,OAAO,YAAY,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;AAC7G,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,QAAgB;IAC1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAChC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAExC,2BAA2B;IAC3B,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1D,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EACxB,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD;QACE,IAAI,EAAE,QAAQ;QACd,IAAI;QACJ,UAAU,EAAE,MAAM;QAClB,IAAI,EAAE,SAAS;KAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAEtC,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CACtD,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CACrB,CAAC;IAEF,qCAAqC;IACrC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IAChF,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnB,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IAEjE,OAAO,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,aAAqB,EAAE,QAAgB;IACnE,qBAAqB;IACrB,IAAI,aAAa,GAAG,aAAa,CAAC;IAClC,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,aAAa,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAChD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAEtD,iFAAiF;QACjF,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACzB,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,uCAAuC;QACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAErC,2BAA2B;QAC3B,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1D,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EACxB,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC;YAC1B,UAAU,EAAE,MAAM;YAClB,IAAI,EAAE,SAAS;SAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CACtD,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,EAC3C,GAAG,EACH,IAAI,UAAU,CAAC,SAAS,CAAC,CAC1B,CAAC;QAEF,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,mCAAmC;QACnC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,cAAc,CAAC,KAAK,EAAE,CAAC;AACzB,CAAC"}