@labacacia/nps-sdk 1.0.0-alpha.1 → 1.0.0-alpha.3

package/dist/ndp/index.js

@@ -1,7 +1,224 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-export * from "./frames.js";
-export * from "./registry.js";
-export * from "./ndp-registry.js";
-export * from "./validator.js";
+import * as ed25519 from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+
+// src/ndp/frames.ts
+var AnnounceFrame = class _AnnounceFrame {
+  constructor(nid, addresses, capabilities, ttl, timestamp, signature, nodeType) {
+    this.nid = nid;
+    this.addresses = addresses;
+    this.capabilities = capabilities;
+    this.ttl = ttl;
+    this.timestamp = timestamp;
+    this.signature = signature;
+    this.nodeType = nodeType;
+  }
+  nid;
+  addresses;
+  capabilities;
+  ttl;
+  timestamp;
+  signature;
+  nodeType;
+  frameType = 48 /* ANNOUNCE */;
+  preferredTier = 1 /* MSGPACK */;
+  unsignedDict() {
+    return {
+      nid: this.nid,
+      addresses: this.addresses,
+      capabilities: this.capabilities,
+      ttl: this.ttl,
+      timestamp: this.timestamp,
+      node_type: this.nodeType ?? null
+    };
+  }
+  toDict() {
+    return { ...this.unsignedDict(), signature: this.signature };
+  }
+  static fromDict(data) {
+    return new _AnnounceFrame(
+      data["nid"],
+      data["addresses"],
+      data["capabilities"],
+      data["ttl"],
+      data["timestamp"],
+      data["signature"],
+      data["node_type"] ?? void 0
+    );
+  }
+};
+var ResolveFrame = class _ResolveFrame {
+  constructor(target, requesterNid, resolved) {
+    this.target = target;
+    this.requesterNid = requesterNid;
+    this.resolved = resolved;
+  }
+  target;
+  requesterNid;
+  resolved;
+  frameType = 49 /* RESOLVE */;
+  preferredTier = 1 /* MSGPACK */;
+  toDict() {
+    return {
+      target: this.target,
+      requester_nid: this.requesterNid ?? null,
+      resolved: this.resolved ?? null
+    };
+  }
+  static fromDict(data) {
+    return new _ResolveFrame(
+      data["target"],
+      data["requester_nid"] ?? void 0,
+      data["resolved"] ?? void 0
+    );
+  }
+};
+var GraphFrame = class _GraphFrame {
+  constructor(seq, initialSync, nodes, patch) {
+    this.seq = seq;
+    this.initialSync = initialSync;
+    this.nodes = nodes;
+    this.patch = patch;
+  }
+  seq;
+  initialSync;
+  nodes;
+  patch;
+  frameType = 50 /* GRAPH */;
+  preferredTier = 1 /* MSGPACK */;
+  toDict() {
+    return {
+      seq: this.seq,
+      initial_sync: this.initialSync,
+      nodes: this.nodes ?? null,
+      patch: this.patch ?? null
+    };
+  }
+  static fromDict(data) {
+    return new _GraphFrame(
+      data["seq"],
+      data["initial_sync"],
+      data["nodes"] ?? void 0,
+      data["patch"] ?? void 0
+    );
+  }
+};
+
+// src/ndp/registry.ts
+function registerNdpFrames(registry) {
+  registry.register(48 /* ANNOUNCE */, AnnounceFrame);
+  registry.register(49 /* RESOLVE */, ResolveFrame);
+  registry.register(50 /* GRAPH */, GraphFrame);
+}
+
+// src/ndp/ndp-registry.ts
+var InMemoryNdpRegistry = class _InMemoryNdpRegistry {
+  _store = /* @__PURE__ */ new Map();
+  // Replaceable for testing
+  clock = () => Date.now();
+  announce(frame) {
+    const expiresAt = this.clock() + frame.ttl * 1e3;
+    if (frame.ttl === 0) {
+      this._store.delete(frame.nid);
+      return;
+    }
+    this._store.set(frame.nid, { frame, expiresAt });
+  }
+  getByNid(nid) {
+    const entry = this._store.get(nid);
+    if (entry === void 0) return void 0;
+    if (this.clock() > entry.expiresAt) {
+      this._store.delete(nid);
+      return void 0;
+    }
+    return entry.frame;
+  }
+  resolve(target) {
+    for (const [nid, entry] of this._store) {
+      if (this.clock() > entry.expiresAt) {
+        this._store.delete(nid);
+        continue;
+      }
+      if (!_InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;
+      const addr = entry.frame.addresses[0];
+      if (addr === void 0) continue;
+      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };
+    }
+    return void 0;
+  }
+  getAll() {
+    const now = this.clock();
+    const result = [];
+    for (const [nid, entry] of this._store) {
+      if (now > entry.expiresAt) {
+        this._store.delete(nid);
+        continue;
+      }
+      result.push(entry.frame);
+    }
+    return result;
+  }
+  static nwpTargetMatchesNid(nid, target) {
+    const nidParts = nid.split(":");
+    if (nidParts.length < 5 || nidParts[0] !== "urn" || nidParts[1] !== "nps" || nidParts[2] !== "node") {
+      return false;
+    }
+    if (!target.startsWith("nwp://")) return false;
+    const nidAuthority = nidParts[3];
+    const nidPath = nidParts[4];
+    const rest = target.slice("nwp://".length);
+    const slashIdx = rest.indexOf("/");
+    if (slashIdx === -1) return false;
+    const urlAuthority = rest.slice(0, slashIdx);
+    const urlPath = rest.slice(slashIdx + 1);
+    if (urlAuthority !== nidAuthority) return false;
+    if (urlPath === nidPath) return true;
+    if (urlPath.startsWith(nidPath + "/")) return true;
+    return false;
+  }
+};
+ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
+var NdpAnnounceResult = {
+  ok: () => ({ isValid: true }),
+  fail: (errorCode, message) => ({ isValid: false, errorCode, message })
+};
+var NdpAnnounceValidator = class {
+  _keys = /* @__PURE__ */ new Map();
+  // nid → "ed25519:<hex>"
+  registerPublicKey(nid, encodedPubKey) {
+    this._keys.set(nid, encodedPubKey);
+  }
+  removePublicKey(nid) {
+    this._keys.delete(nid);
+  }
+  get knownPublicKeys() {
+    return this._keys;
+  }
+  validate(frame) {
+    const encoded = this._keys.get(frame.nid);
+    if (encoded === void 0) {
+      return NdpAnnounceResult.fail("NDP-ANNOUNCE-NID-MISMATCH", `No public key registered for NID: ${frame.nid}`);
+    }
+    try {
+      const prefix = "ed25519:";
+      const pubHex = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;
+      const pubKey = Buffer.from(pubHex, "hex");
+      const sig = frame.signature;
+      if (!sig.startsWith(prefix)) {
+        return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Signature must start with 'ed25519:'");
+      }
+      const sigBytes = Buffer.from(sig.slice(prefix.length), "base64");
+      const unsigned = frame.unsignedDict();
+      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());
+      const message = new TextEncoder().encode(canonical);
+      const valid = ed25519.verify(sigBytes, message, pubKey);
+      if (!valid) return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
+      return NdpAnnounceResult.ok();
+    } catch {
+      return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
+    }
+  }
+};
+
+export { AnnounceFrame, GraphFrame, InMemoryNdpRegistry, NdpAnnounceResult, NdpAnnounceValidator, ResolveFrame, registerNdpFrames };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/ndp/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ndp/index.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC"}
+{"version":3,"sources":["../../src/ndp/frames.ts","../../src/ndp/registry.ts","../../src/ndp/ndp-registry.ts","../../src/ndp/validator.ts"],"names":[],"mappings":";;;;AA0BO,IAAM,aAAA,GAAN,MAAM,cAAA,CAAkC;AAAA,EAI7C,YACkB,GAAA,EACA,SAAA,EACA,cACA,GAAA,EACA,SAAA,EACA,WACA,QAAA,EAChB;AAPgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAPe,GAAA;AAAA,EACA,SAAA;AAAA,EACA,YAAA;AAAA,EACA,GAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EAVT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAYT,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,SAAA,EAAc,KAAK,QAAA,IAAY;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA8C;AAC5D,IAAA,OAAO,IAAI,cAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,cAAc,CAAA;AAAA,MACnB,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,WAAW,CAAA;AAAA,MACf,IAAA,CAAK,WAAW,CAAA,IAA0B;AAAA,KAC7C;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAN,MAAM,aAAA,CAAiC;AAAA,EAI5C,WAAA,CACkB,MAAA,EACA,YAAA,EACA,QAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAHe,MAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,QAAe,IAAA,CAAK,MAAA;AAAA,MACpB,aAAA,EAAe,KAAK,YAAA,IAAgB,IAAA;AAAA,MACpC,QAAA,EAAe,KAAK,QAAA,IAAgB;AAAA,KACtC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA6C;AAC3D,IAAA,OAAO,IAAI,aAAA;AAAA,MACT,KAAK,QAAQ,CAAA;AAAA,MACZ,IAAA,CAAK,eAAe,CAAA,IAAuB,MAAA;AAAA,MAC3C,IAAA,CAAK,UAAU,CAAA,IAAsC;AAAA,KACxD;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,WAAA,EACA,KAAA,EACA,KAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,KAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,cAAc,IAAA,CAAK,WAAA;AAAA,MACnB,KAAA,EAAc,KAAK,KAAA,IAAS,IAAA;AAAA,MAC5B,KAAA,EAAc,KAAK,KAAA,IAAS;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,cAAc,CAAA;AAAA,MAClB,IAAA,CAAK,OAAO,CAAA,IAA+B,MAAA;AAAA,MAC3C,IAAA,CAAK,OAAO,CAAA,IAA0C;AAAA,KACzD;AAAA,EACF;AACF;;;ACpHO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,4BAA6B,aAAa,CAAA;AACnD,EAAA,QAAA,CAAS,2BAA6B,YAAY,CAAA;AAClD,EAAA,QAAA,CAAS,yBAA6B,UAAU,CAAA;AAClD;;;ACDO,IAAM,mBAAA,GAAN,MAAM,oBAAA,CAAoB;AAAA,EACd,MAAA,uBAAa,GAAA,EAA2B;AAAA;AAAA,EAGzD,KAAA,GAAsB,MAAM,IAAA,CAAK,GAAA,EAAI;AAAA,EAErC,SAAS,KAAA,EAA4B;AACnC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,EAAM,GAAI,MAAM,GAAA,GAAM,GAAA;AAC7C,IAAA,IAAI,KAAA,CAAM,QAAQ,CAAA,EAAG;AACnB,MAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAA,CAAK,OAAO,GAAA,CAAI,KAAA,CAAM,KAAK,EAAE,KAAA,EAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,SAAS,GAAA,EAAwC;AAC/C,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,KAAA,KAAU,QAAW,OAAO,MAAA;AAChC,IAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAClC,MAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AACtB,MAAA,OAAO,MAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA,CAAM,KAAA;AAAA,EACf;AAAA,EAEA,QAAQ,MAAA,EAA8C;AACpD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AACzE,MAAA,IAAI,CAAC,oBAAA,CAAoB,mBAAA,CAAoB,GAAA,EAAK,MAAM,CAAA,EAAG;AAC3D,MAAA,MAAM,IAAA,GAAO,KAAA,CAAM,KAAA,CAAM,SAAA,CAAU,CAAC,CAAA;AACpC,MAAA,IAAI,SAAS,MAAA,EAAW;AACxB,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,KAAK,IAAA,EAAM,GAAA,EAAK,KAAA,CAAM,KAAA,CAAM,GAAA,EAAI;AAAA,IAClE;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAA,GAA0B;AACxB,IAAA,MAAM,GAAA,GAAS,KAAK,KAAA,EAAM;AAC1B,IAAA,MAAM,SAA0B,EAAC;AACjC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,GAAA,GAAM,MAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AAChE,MAAA,MAAA,CAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,OAAO,mBAAA,CAAoB,GAAA,EAAa,MAAA,EAAyB;AAG/D,IAAA,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC9B,IAAA,IAAI,QAAA,CAAS,MAAA,GAAS,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,MAAM,MAAA,EAAQ;AACnG,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,CAAC,MAAA,CAAO,UAAA,CAAW,QAAQ,GAAG,OAAO,KAAA;AAEzC,IAAA,MAAM,YAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,OAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,IAAA,GAAe,MAAA,CAAO,KAAA,CAAM,QAAA,CAAS,MAAM,CAAA;AACjD,IAAA,MAAM,QAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AACrC,IAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAE5B,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAe,IAAA,CAAK,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAE5C,IAAA,IAAI,YAAA,KAAiB,cAAc,OAAO,KAAA;AAG1C,IAAA,IAAI,OAAA,KAAY,SAAS,OAAO,IAAA;AAChC,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAA,GAAU,GAAG,GAAG,OAAO,IAAA;AAC9C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC1EQ,OAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAM,MAAA,CAAe,YAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAQhE,IAAM,iBAAA,GAAoB;AAAA,EAC/B,EAAA,EAAI,OAA0B,EAAE,OAAA,EAAS,IAAA,EAAK,CAAA;AAAA,EAC9C,IAAA,EAAM,CAAC,SAAA,EAAmB,OAAA,MAAwC,EAAE,OAAA,EAAS,KAAA,EAAO,WAAW,OAAA,EAAQ;AACzG;AAEO,IAAM,uBAAN,MAA2B;AAAA,EACf,KAAA,uBAAY,GAAA,EAAoB;AAAA;AAAA,EAEjD,iBAAA,CAAkB,KAAa,aAAA,EAA6B;AAC1D,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,aAAa,CAAA;AAAA,EACnC;AAAA,EAEA,gBAAgB,GAAA,EAAmB;AACjC,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEA,IAAI,eAAA,GAA+C;AACjD,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA,EAEA,SAAS,KAAA,EAAyC;AAChD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,MAAM,GAAG,CAAA;AACxC,IAAA,IAAI,YAAY,MAAA,EAAW;AACzB,MAAA,OAAO,kBAAkB,IAAA,CAAK,2BAAA,EAA6B,CAAA,kCAAA,EAAqC,KAAA,CAAM,GAAG,CAAA,CAAE,CAAA;AAAA,IAC7G;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAU,UAAA;AAChB,MAAA,MAAM,MAAA,GAAU,QAAQ,UAAA,CAAW,MAAM,IAAI,OAAA,CAAQ,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,GAAI,OAAA;AAC5E,MAAA,MAAM,MAAA,GAAU,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,KAAK,CAAA;AAEzC,MAAA,MAAM,MAAM,KAAA,CAAM,SAAA;AAClB,MAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC3B,QAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,sCAAsC,CAAA;AAAA,MAClG;AACA,MAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,GAAA,CAAI,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AAE/D,MAAA,MAAM,QAAA,GAAY,MAAM,YAAA,EAAa;AACrC,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,QAAA,EAAU,OAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,IAAA,EAAM,CAAA;AACvE,MAAA,MAAM,OAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AAEpD,MAAA,MAAM,KAAA,GAAgB,OAAA,CAAA,MAAA,CAAO,QAAA,EAAU,OAAA,EAAS,MAAM,CAAA;AACtD,MAAA,IAAI,CAAC,KAAA,EAAO,OAAO,iBAAA,CAAkB,IAAA,CAAK,4BAA4B,wCAAwC,CAAA;AAC9G,MAAA,OAAO,kBAAkB,EAAA,EAAG;AAAA,IAC9B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,wCAAwC,CAAA;AAAA,IACpG;AAAA,EACF;AACF","file":"index.js","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface NdpAddress {\n  host:     string;\n  port:     number;\n  protocol: string;\n}\n\nexport interface NdpGraphNode {\n  nid:          string;\n  addresses:    readonly NdpAddress[];\n  capabilities: readonly string[];\n  nodeType?:    string;\n}\n\nexport interface NdpResolveResult {\n  host:              string;\n  port:              number;\n  ttl:               number;\n  certFingerprint?:  string;\n}\n\nexport class AnnounceFrame implements NpsFrame {\n  readonly frameType     = FrameType.ANNOUNCE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:          string,\n    public readonly addresses:    readonly NdpAddress[],\n    public readonly capabilities: readonly string[],\n    public readonly ttl:          number,\n    public readonly timestamp:    string,\n    public readonly signature:    string,\n    public readonly nodeType?:    string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:          this.nid,\n      addresses:    this.addresses,\n      capabilities: this.capabilities,\n      ttl:          this.ttl,\n      timestamp:    this.timestamp,\n      node_type:    this.nodeType ?? null,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): AnnounceFrame {\n    return new AnnounceFrame(\n      data[\"nid\"]          as string,\n      data[\"addresses\"]    as NdpAddress[],\n      data[\"capabilities\"] as string[],\n      data[\"ttl\"]          as number,\n      data[\"timestamp\"]    as string,\n      data[\"signature\"]    as string,\n      (data[\"node_type\"]    as string | null) ?? undefined,\n    );\n  }\n}\n\nexport class ResolveFrame implements NpsFrame {\n  readonly frameType     = FrameType.RESOLVE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly target:        string,\n    public readonly requesterNid?: string,\n    public readonly resolved?:     NdpResolveResult,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      target:        this.target,\n      requester_nid: this.requesterNid ?? null,\n      resolved:      this.resolved     ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): ResolveFrame {\n    return new ResolveFrame(\n      data[\"target\"]         as string,\n      (data[\"requester_nid\"] as string | null) ?? undefined,\n      (data[\"resolved\"]      as NdpResolveResult | null) ?? undefined,\n    );\n  }\n}\n\nexport class GraphFrame implements NpsFrame {\n  readonly frameType     = FrameType.GRAPH;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly seq:         number,\n    public readonly initialSync: boolean,\n    public readonly nodes?:      readonly NdpGraphNode[],\n    public readonly patch?:      readonly Record<string, unknown>[],\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      seq:          this.seq,\n      initial_sync: this.initialSync,\n      nodes:        this.nodes ?? null,\n      patch:        this.patch ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): GraphFrame {\n    return new GraphFrame(\n      data[\"seq\"]          as number,\n      data[\"initial_sync\"] as boolean,\n      (data[\"nodes\"] as NdpGraphNode[] | null) ?? undefined,\n      (data[\"patch\"] as Record<string, unknown>[] | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { AnnounceFrame, GraphFrame, ResolveFrame } from \"./frames.js\";\n\nexport function registerNdpFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.ANNOUNCE, AnnounceFrame);\n  registry.register(FrameType.RESOLVE,  ResolveFrame);\n  registry.register(FrameType.GRAPH,    GraphFrame);\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AnnounceFrame, NdpResolveResult } from \"./frames.js\";\n\ninterface RegistryEntry {\n  frame:     AnnounceFrame;\n  expiresAt: number;\n}\n\nexport class InMemoryNdpRegistry {\n  private readonly _store = new Map<string, RegistryEntry>();\n\n  // Replaceable for testing\n  clock: () => number = () => Date.now();\n\n  announce(frame: AnnounceFrame): void {\n    const expiresAt = this.clock() + frame.ttl * 1000;\n    if (frame.ttl === 0) {\n      this._store.delete(frame.nid);\n      return;\n    }\n    this._store.set(frame.nid, { frame, expiresAt });\n  }\n\n  getByNid(nid: string): AnnounceFrame | undefined {\n    const entry = this._store.get(nid);\n    if (entry === undefined) return undefined;\n    if (this.clock() > entry.expiresAt) {\n      this._store.delete(nid);\n      return undefined;\n    }\n    return entry.frame;\n  }\n\n  resolve(target: string): NdpResolveResult | undefined {\n    for (const [nid, entry] of this._store) {\n      if (this.clock() > entry.expiresAt) { this._store.delete(nid); continue; }\n      if (!InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;\n      const addr = entry.frame.addresses[0];\n      if (addr === undefined) continue;\n      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };\n    }\n    return undefined;\n  }\n\n  getAll(): AnnounceFrame[] {\n    const now    = this.clock();\n    const result: AnnounceFrame[] = [];\n    for (const [nid, entry] of this._store) {\n      if (now > entry.expiresAt) { this._store.delete(nid); continue; }\n      result.push(entry.frame);\n    }\n    return result;\n  }\n\n  static nwpTargetMatchesNid(nid: string, target: string): boolean {\n    // NID: urn:nps:node:{authority}:{path-segment}\n    // target: nwp://{authority}/{path}\n    const nidParts = nid.split(\":\");\n    if (nidParts.length < 5 || nidParts[0] !== \"urn\" || nidParts[1] !== \"nps\" || nidParts[2] !== \"node\") {\n      return false;\n    }\n    if (!target.startsWith(\"nwp://\")) return false;\n\n    const nidAuthority = nidParts[3]!;\n    const nidPath      = nidParts[4]!;\n    const rest         = target.slice(\"nwp://\".length);\n    const slashIdx     = rest.indexOf(\"/\");\n    if (slashIdx === -1) return false;\n\n    const urlAuthority = rest.slice(0, slashIdx);\n    const urlPath      = rest.slice(slashIdx + 1); // without leading slash\n\n    if (urlAuthority !== nidAuthority) return false;\n\n    // nidPath must be a prefix of urlPath at a segment boundary\n    if (urlPath === nidPath) return true;\n    if (urlPath.startsWith(nidPath + \"/\")) return true;\n    return false;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport type { AnnounceFrame } from \"./frames.js\";\n\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nexport interface NdpAnnounceResult {\n  isValid:    boolean;\n  errorCode?: string;\n  message?:   string;\n}\n\nexport const NdpAnnounceResult = {\n  ok: (): NdpAnnounceResult => ({ isValid: true }),\n  fail: (errorCode: string, message: string): NdpAnnounceResult => ({ isValid: false, errorCode, message }),\n};\n\nexport class NdpAnnounceValidator {\n  private readonly _keys = new Map<string, string>(); // nid → \"ed25519:<hex>\"\n\n  registerPublicKey(nid: string, encodedPubKey: string): void {\n    this._keys.set(nid, encodedPubKey);\n  }\n\n  removePublicKey(nid: string): void {\n    this._keys.delete(nid);\n  }\n\n  get knownPublicKeys(): ReadonlyMap<string, string> {\n    return this._keys;\n  }\n\n  validate(frame: AnnounceFrame): NdpAnnounceResult {\n    const encoded = this._keys.get(frame.nid);\n    if (encoded === undefined) {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-NID-MISMATCH\", `No public key registered for NID: ${frame.nid}`);\n    }\n\n    try {\n      const prefix  = \"ed25519:\";\n      const pubHex  = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;\n      const pubKey  = Buffer.from(pubHex, \"hex\");\n\n      const sig = frame.signature;\n      if (!sig.startsWith(prefix)) {\n        return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Signature must start with 'ed25519:'\");\n      }\n      const sigBytes = Buffer.from(sig.slice(prefix.length), \"base64\");\n\n      const unsigned  = frame.unsignedDict();\n      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());\n      const message   = new TextEncoder().encode(canonical);\n\n      const valid = ed25519.verify(sigBytes, message, pubKey);\n      if (!valid) return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n      return NdpAnnounceResult.ok();\n    } catch {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n    }\n  }\n}\n"]}

package/dist/nip/index.js

@@ -1,6 +1,188 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-export * from "./frames.js";
-export * from "./identity.js";
-export { registerNipFrames } from "./registry.js";
+import * as ed25519 from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+import { pbkdf2Sync, createDecipheriv, randomBytes, createCipheriv } from 'crypto';
+import { readFileSync, writeFileSync } from 'fs';
+
+// src/nip/frames.ts
+var IdentFrame = class _IdentFrame {
+  constructor(nid, pubKey, metadata, signature) {
+    this.nid = nid;
+    this.pubKey = pubKey;
+    this.metadata = metadata;
+    this.signature = signature;
+  }
+  nid;
+  pubKey;
+  metadata;
+  signature;
+  frameType = 32 /* IDENT */;
+  preferredTier = 1 /* MSGPACK */;
+  unsignedDict() {
+    return {
+      nid: this.nid,
+      pub_key: this.pubKey,
+      metadata: this.metadata
+    };
+  }
+  toDict() {
+    return { ...this.unsignedDict(), signature: this.signature };
+  }
+  static fromDict(data) {
+    return new _IdentFrame(
+      data["nid"],
+      data["pub_key"],
+      data["metadata"],
+      data["signature"]
+    );
+  }
+};
+var TrustFrame = class _TrustFrame {
+  constructor(issuerNid, subjectNid, scopes, expiresAt, signature) {
+    this.issuerNid = issuerNid;
+    this.subjectNid = subjectNid;
+    this.scopes = scopes;
+    this.expiresAt = expiresAt;
+    this.signature = signature;
+  }
+  issuerNid;
+  subjectNid;
+  scopes;
+  expiresAt;
+  signature;
+  frameType = 33 /* TRUST */;
+  preferredTier = 1 /* MSGPACK */;
+  toDict() {
+    return {
+      issuer_nid: this.issuerNid,
+      subject_nid: this.subjectNid,
+      scopes: this.scopes,
+      expires_at: this.expiresAt,
+      signature: this.signature
+    };
+  }
+  static fromDict(data) {
+    return new _TrustFrame(
+      data["issuer_nid"],
+      data["subject_nid"],
+      data["scopes"],
+      data["expires_at"],
+      data["signature"]
+    );
+  }
+};
+var RevokeFrame = class _RevokeFrame {
+  constructor(nid, reason, revokedAt) {
+    this.nid = nid;
+    this.reason = reason;
+    this.revokedAt = revokedAt;
+  }
+  nid;
+  reason;
+  revokedAt;
+  frameType = 34 /* REVOKE */;
+  preferredTier = 1 /* MSGPACK */;
+  toDict() {
+    return {
+      nid: this.nid,
+      reason: this.reason ?? null,
+      revoked_at: this.revokedAt ?? null
+    };
+  }
+  static fromDict(data) {
+    return new _RevokeFrame(
+      data["nid"],
+      data["reason"] ?? void 0,
+      data["revoked_at"] ?? void 0
+    );
+  }
+};
+ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
+var KEY_FILE_VERSION = 1;
+var PBKDF2_ITERS = 6e5;
+var SALT_BYTES = 16;
+var IV_BYTES = 12;
+var KEY_BYTES = 32;
+var NipIdentity = class _NipIdentity {
+  constructor(_privKey, pubKey) {
+    this._privKey = _privKey;
+    this.pubKey = pubKey;
+  }
+  _privKey;
+  pubKey;
+  // ── Factory ───────────────────────────────────────────────────────────────
+  static generate() {
+    const priv = ed25519.utils.randomPrivateKey();
+    const pub = ed25519.getPublicKey(priv);
+    return new _NipIdentity(priv, pub);
+  }
+  static fromPrivateKey(privKey) {
+    const pub = ed25519.getPublicKey(privKey);
+    return new _NipIdentity(privKey, pub);
+  }
+  /** Load from an AES-256-GCM encrypted key file. */
+  static load(path, passphrase) {
+    const envelope = JSON.parse(readFileSync(path, "utf8"));
+    const salt = Buffer.from(envelope.salt, "hex");
+    const iv = Buffer.from(envelope.iv, "hex");
+    const ct = Buffer.from(envelope.ciphertext, "hex");
+    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
+    const decipher = createDecipheriv("aes-256-gcm", dk, iv);
+    const authTag = ct.slice(ct.length - 16);
+    const body = ct.slice(0, ct.length - 16);
+    decipher.setAuthTag(authTag);
+    const priv = Buffer.concat([decipher.update(body), decipher.final()]);
+    return _NipIdentity.fromPrivateKey(new Uint8Array(priv));
+  }
+  /** Save to an AES-256-GCM encrypted key file. */
+  save(path, passphrase) {
+    const salt = randomBytes(SALT_BYTES);
+    const iv = randomBytes(IV_BYTES);
+    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
+    const cipher = createCipheriv("aes-256-gcm", dk, iv);
+    const body = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const envelope = {
+      version: KEY_FILE_VERSION,
+      salt: salt.toString("hex"),
+      iv: iv.toString("hex"),
+      ciphertext: Buffer.concat([body, tag]).toString("hex"),
+      pubKey: Buffer.from(this.pubKey).toString("hex")
+    };
+    writeFileSync(path, JSON.stringify(envelope, null, 2), "utf8");
+  }
+  // ── Signing ───────────────────────────────────────────────────────────────
+  /** Sign a dict payload. Returns `ed25519:<base64url>`. */
+  sign(payload) {
+    const canonical = JSON.stringify(payload, Object.keys(payload).sort());
+    const bytes = new TextEncoder().encode(canonical);
+    const sig = ed25519.sign(bytes, this._privKey);
+    return `ed25519:${Buffer.from(sig).toString("base64")}`;
+  }
+  /** Verify a signature string against a dict payload. */
+  verify(payload, signature) {
+    if (!signature.startsWith("ed25519:")) return false;
+    try {
+      const canonical = JSON.stringify(payload, Object.keys(payload).sort());
+      const bytes = new TextEncoder().encode(canonical);
+      const sigBytes = Buffer.from(signature.slice("ed25519:".length), "base64");
+      return ed25519.verify(sigBytes, bytes, this.pubKey);
+    } catch {
+      return false;
+    }
+  }
+  /** Public key as `ed25519:<hex>` string. */
+  get pubKeyString() {
+    return `ed25519:${Buffer.from(this.pubKey).toString("hex")}`;
+  }
+};
+
+// src/nip/registry.ts
+function registerNipFrames(registry) {
+  registry.register(32 /* IDENT */, IdentFrame);
+  registry.register(33 /* TRUST */, TrustFrame);
+  registry.register(34 /* REVOKE */, RevokeFrame);
+}
+
+export { IdentFrame, NipIdentity, RevokeFrame, TrustFrame, registerNipFrames };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/nip/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nip/index.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"sources":["../../src/nip/frames.ts","../../src/nip/identity.ts","../../src/nip/registry.ts"],"names":[],"mappings":";;;;;;AAcO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,QAAA,EACA,SAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAU,IAAA,CAAK,GAAA;AAAA,MACf,SAAU,IAAA,CAAK,MAAA;AAAA,MACf,UAAU,IAAA,CAAK;AAAA,KACjB;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,SAAS,CAAA;AAAA,MACd,KAAK,UAAU,CAAA;AAAA,MACf,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,SAAA,EACA,UAAA,EACA,MAAA,EACA,WACA,SAAA,EAChB;AALgB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EALe,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EART,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAUT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,aAAa,IAAA,CAAK,UAAA;AAAA,MAClB,QAAa,IAAA,CAAK,MAAA;AAAA,MAClB,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,WAAa,IAAA,CAAK;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,aAAa,CAAA;AAAA,MAClB,KAAK,QAAQ,CAAA;AAAA,MACb,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,WAAA,GAAN,MAAM,YAAA,CAAgC;AAAA,EAI3C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,SAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAHe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAY,IAAA,CAAK,GAAA;AAAA,MACjB,MAAA,EAAY,KAAK,MAAA,IAAc,IAAA;AAAA,MAC/B,UAAA,EAAY,KAAK,SAAA,IAAc;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA4C;AAC1D,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACT,IAAA,CAAK,QAAQ,CAAA,IAA2B,MAAA;AAAA,MACxC,IAAA,CAAK,YAAY,CAAA,IAAuB;AAAA,KAC3C;AAAA,EACF;AACF;AC3FQ,OAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAM,MAAA,CAAe,YAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAEvE,IAAM,gBAAA,GAAmB,CAAA;AACzB,IAAM,YAAA,GAAmB,GAAA;AACzB,IAAM,UAAA,GAAmB,EAAA;AACzB,IAAM,QAAA,GAAmB,EAAA;AACzB,IAAM,SAAA,GAAmB,EAAA;AAUlB,IAAM,WAAA,GAAN,MAAM,YAAA,CAAY;AAAA,EACf,WAAA,CACW,UACA,MAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAChB;AAAA,EAFgB,QAAA;AAAA,EACA,MAAA;AAAA;AAAA,EAKnB,OAAO,QAAA,GAAwB;AAC7B,IAAA,MAAM,IAAA,GAAe,cAAM,gBAAA,EAAiB;AAC5C,IAAA,MAAM,GAAA,GAAe,qBAAa,IAAI,CAAA;AACtC,IAAA,OAAO,IAAI,YAAA,CAAY,IAAA,EAAM,GAAG,CAAA;AAAA,EAClC;AAAA,EAEA,OAAO,eAAe,OAAA,EAAkC;AACtD,IAAA,MAAM,GAAA,GAAc,qBAAa,OAAO,CAAA;AACxC,IAAA,OAAO,IAAI,YAAA,CAAY,OAAA,EAAS,GAAG,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,OAAO,IAAA,CAAK,IAAA,EAAc,UAAA,EAAiC;AACzD,IAAA,MAAM,WAAW,IAAA,CAAK,KAAA,CAAM,YAAA,CAAa,IAAA,EAAM,MAAM,CAAC,CAAA;AACtD,IAAA,MAAM,IAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,MAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,IAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,YAAY,KAAK,CAAA;AAExD,IAAA,MAAM,KAAK,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AACzE,IAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AAEvD,IAAA,MAAM,OAAA,GAAU,EAAA,CAAG,KAAA,CAAM,EAAA,CAAG,SAAS,EAAE,CAAA;AACvC,IAAA,MAAM,OAAU,EAAA,CAAG,KAAA,CAAM,CAAA,EAAG,EAAA,CAAG,SAAS,EAAE,CAAA;AAC1C,IAAC,QAAA,CAAqF,WAAW,OAAO,CAAA;AACxG,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,IAAI,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AACpE,IAAA,OAAO,YAAA,CAAY,cAAA,CAAe,IAAI,UAAA,CAAW,IAAI,CAAC,CAAA;AAAA,EACxD;AAAA;AAAA,EAGA,IAAA,CAAK,MAAc,UAAA,EAA0B;AAC3C,IAAA,MAAM,IAAA,GAAS,YAAY,UAAU,CAAA;AACrC,IAAA,MAAM,EAAA,GAAS,YAAY,QAAQ,CAAA;AACnC,IAAA,MAAM,KAAS,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AAC7E,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AACnD,IAAA,MAAM,IAAA,GAAS,MAAA,CAAO,MAAA,CAAO,CAAC,OAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAC,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AACxF,IAAA,MAAM,GAAA,GAAU,OAAwE,UAAA,EAAW;AAEnG,IAAA,MAAM,QAAA,GAA4B;AAAA,MAChC,OAAA,EAAY,gBAAA;AAAA,MACZ,IAAA,EAAY,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA;AAAA,MAC/B,EAAA,EAAY,EAAA,CAAG,QAAA,CAAS,KAAK,CAAA;AAAA,MAC7B,UAAA,EAAY,OAAO,MAAA,CAAO,CAAC,MAAM,GAAG,CAAC,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAAA,MACrD,QAAY,MAAA,CAAO,IAAA,CAAK,KAAK,MAAM,CAAA,CAAE,SAAS,KAAK;AAAA,KACrD;AACA,IAAA,aAAA,CAAc,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,IAAA,EAAM,CAAC,GAAG,MAAM,CAAA;AAAA,EAC/D;AAAA;AAAA;AAAA,EAKA,KAAK,OAAA,EAA0C;AAC7C,IAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,IAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,IAAA,MAAM,GAAA,GAAoB,OAAA,CAAA,IAAA,CAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AACnD,IAAA,OAAO,WAAW,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA,CAAA;AAAA,EACvD;AAAA;AAAA,EAGA,MAAA,CAAO,SAAkC,SAAA,EAA4B;AACnE,IAAA,IAAI,CAAC,SAAA,CAAU,UAAA,CAAW,UAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,MAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,MAAA,MAAM,QAAA,GAAY,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,UAAA,CAAW,MAAM,GAAG,QAAQ,CAAA;AAC1E,MAAA,OAAe,OAAA,CAAA,MAAA,CAAO,QAAA,EAAU,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAA,GAAuB;AACzB,IAAA,OAAO,CAAA,QAAA,EAAW,OAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,CAAE,QAAA,CAAS,KAAK,CAAC,CAAA,CAAA;AAAA,EAC5D;AACF;;;ACzGO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,0BAA2B,WAAW,CAAA;AACjD","file":"index.js","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface IdentMetadata {\n  issuer:       string;\n  issuedAt:     string;\n  expiresAt?:   string;\n  capabilities?: readonly string[];\n  scopes?:       readonly string[];\n}\n\nexport class IdentFrame implements NpsFrame {\n  readonly frameType     = FrameType.IDENT;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly pubKey:    string,\n    public readonly metadata:  IdentMetadata,\n    public readonly signature: string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:      this.nid,\n      pub_key:  this.pubKey,\n      metadata: this.metadata,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): IdentFrame {\n    return new IdentFrame(\n      data[\"nid\"]       as string,\n      data[\"pub_key\"]   as string,\n      data[\"metadata\"]  as IdentMetadata,\n      data[\"signature\"] as string,\n    );\n  }\n}\n\nexport class TrustFrame implements NpsFrame {\n  readonly frameType     = FrameType.TRUST;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly issuerNid:  string,\n    public readonly subjectNid: string,\n    public readonly scopes:     readonly string[],\n    public readonly expiresAt:  string,\n    public readonly signature:  string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      issuer_nid:  this.issuerNid,\n      subject_nid: this.subjectNid,\n      scopes:      this.scopes,\n      expires_at:  this.expiresAt,\n      signature:   this.signature,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): TrustFrame {\n    return new TrustFrame(\n      data[\"issuer_nid\"]  as string,\n      data[\"subject_nid\"] as string,\n      data[\"scopes\"]      as string[],\n      data[\"expires_at\"]  as string,\n      data[\"signature\"]   as string,\n    );\n  }\n}\n\nexport class RevokeFrame implements NpsFrame {\n  readonly frameType     = FrameType.REVOKE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly reason?:   string,\n    public readonly revokedAt?: string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      nid:        this.nid,\n      reason:     this.reason     ?? null,\n      revoked_at: this.revokedAt  ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): RevokeFrame {\n    return new RevokeFrame(\n      data[\"nid\"]        as string,\n      (data[\"reason\"]     as string | null) ?? undefined,\n      (data[\"revoked_at\"] as string | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * NipIdentity — Ed25519 key management and signing for NPS NID identity.\n * Uses @noble/ed25519 for signing; node:crypto for key storage encryption.\n */\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from \"node:crypto\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\n\n// noble/ed25519 requires sha512 to be set explicitly in Node environments\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nconst KEY_FILE_VERSION = 1;\nconst PBKDF2_ITERS     = 600_000;\nconst SALT_BYTES       = 16;\nconst IV_BYTES         = 12;\nconst KEY_BYTES        = 32;\n\ninterface KeyFileEnvelope {\n  version:    number;\n  salt:       string; // hex\n  iv:         string; // hex\n  ciphertext: string; // hex\n  pubKey:     string; // hex\n}\n\nexport class NipIdentity {\n  private constructor(\n    private readonly _privKey: Uint8Array,\n    public  readonly pubKey:   Uint8Array,\n  ) {}\n\n  // ── Factory ───────────────────────────────────────────────────────────────\n\n  static generate(): NipIdentity {\n    const priv = ed25519.utils.randomPrivateKey();\n    const pub  = ed25519.getPublicKey(priv);\n    return new NipIdentity(priv, pub);\n  }\n\n  static fromPrivateKey(privKey: Uint8Array): NipIdentity {\n    const pub = ed25519.getPublicKey(privKey);\n    return new NipIdentity(privKey, pub);\n  }\n\n  /** Load from an AES-256-GCM encrypted key file. */\n  static load(path: string, passphrase: string): NipIdentity {\n    const envelope = JSON.parse(readFileSync(path, \"utf8\")) as KeyFileEnvelope;\n    const salt      = Buffer.from(envelope.salt,       \"hex\");\n    const iv        = Buffer.from(envelope.iv,         \"hex\");\n    const ct        = Buffer.from(envelope.ciphertext, \"hex\");\n\n    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const decipher = createDecipheriv(\"aes-256-gcm\", dk, iv);\n    // Last 16 bytes of ciphertext are the GCM auth tag\n    const authTag = ct.slice(ct.length - 16);\n    const body    = ct.slice(0, ct.length - 16);\n    (decipher as ReturnType<typeof createDecipheriv> & { setAuthTag(tag: Buffer): void }).setAuthTag(authTag);\n    const priv = Buffer.concat([decipher.update(body), decipher.final()]);\n    return NipIdentity.fromPrivateKey(new Uint8Array(priv));\n  }\n\n  /** Save to an AES-256-GCM encrypted key file. */\n  save(path: string, passphrase: string): void {\n    const salt   = randomBytes(SALT_BYTES);\n    const iv     = randomBytes(IV_BYTES);\n    const dk     = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const cipher = createCipheriv(\"aes-256-gcm\", dk, iv);\n    const body   = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);\n    const tag    = (cipher as ReturnType<typeof createCipheriv> & { getAuthTag(): Buffer }).getAuthTag();\n\n    const envelope: KeyFileEnvelope = {\n      version:    KEY_FILE_VERSION,\n      salt:       salt.toString(\"hex\"),\n      iv:         iv.toString(\"hex\"),\n      ciphertext: Buffer.concat([body, tag]).toString(\"hex\"),\n      pubKey:     Buffer.from(this.pubKey).toString(\"hex\"),\n    };\n    writeFileSync(path, JSON.stringify(envelope, null, 2), \"utf8\");\n  }\n\n  // ── Signing ───────────────────────────────────────────────────────────────\n\n  /** Sign a dict payload. Returns `ed25519:<base64url>`. */\n  sign(payload: Record<string, unknown>): string {\n    const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n    const bytes     = new TextEncoder().encode(canonical);\n    const sig       = ed25519.sign(bytes, this._privKey);\n    return `ed25519:${Buffer.from(sig).toString(\"base64\")}`;\n  }\n\n  /** Verify a signature string against a dict payload. */\n  verify(payload: Record<string, unknown>, signature: string): boolean {\n    if (!signature.startsWith(\"ed25519:\")) return false;\n    try {\n      const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n      const bytes     = new TextEncoder().encode(canonical);\n      const sigBytes  = Buffer.from(signature.slice(\"ed25519:\".length), \"base64\");\n      return ed25519.verify(sigBytes, bytes, this.pubKey);\n    } catch {\n      return false;\n    }\n  }\n\n  /** Public key as `ed25519:<hex>` string. */\n  get pubKeyString(): string {\n    return `ed25519:${Buffer.from(this.pubKey).toString(\"hex\")}`;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { IdentFrame, TrustFrame, RevokeFrame } from \"./frames.js\";\n\nexport function registerNipFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.IDENT,  IdentFrame);\n  registry.register(FrameType.TRUST,  TrustFrame);\n  registry.register(FrameType.REVOKE, RevokeFrame);\n}\n"]}

package/dist/nop/index.cjs

@@ -75,12 +75,20 @@ function computeDelayMs(policy, attempt) {
 var NpsError = class extends Error {
   constructor(message) {
     super(message);
-    this.name = new.target.name;
+    this.name = "NpsError";
   }
 };
 var NpsFrameError = class extends NpsError {
+  constructor(message) {
+    super(message);
+    this.name = "NpsFrameError";
+  }
 };
 var NpsCodecError = class extends NpsError {
+  constructor(message) {
+    super(message);
+    this.name = "NpsCodecError";
+  }
 };
 
 // src/core/frames.ts
@@ -641,6 +649,58 @@ var ErrorFrame = class _ErrorFrame {
     );
   }
 };
+var HelloFrame = class _HelloFrame {
+  constructor(npsVersion, supportedEncodings, supportedProtocols, minVersion, agentId, maxFramePayload = _HelloFrame.DEFAULT_MAX_FRAME_PAYLOAD, extSupport = false, maxConcurrentStreams = _HelloFrame.DEFAULT_MAX_CONCURRENT_STREAMS, e2eEncAlgorithms) {
+    this.npsVersion = npsVersion;
+    this.supportedEncodings = supportedEncodings;
+    this.supportedProtocols = supportedProtocols;
+    this.minVersion = minVersion;
+    this.agentId = agentId;
+    this.maxFramePayload = maxFramePayload;
+    this.extSupport = extSupport;
+    this.maxConcurrentStreams = maxConcurrentStreams;
+    this.e2eEncAlgorithms = e2eEncAlgorithms;
+  }
+  npsVersion;
+  supportedEncodings;
+  supportedProtocols;
+  minVersion;
+  agentId;
+  maxFramePayload;
+  extSupport;
+  maxConcurrentStreams;
+  e2eEncAlgorithms;
+  frameType = 6 /* HELLO */;
+  preferredTier = 0 /* JSON */;
+  static DEFAULT_MAX_FRAME_PAYLOAD = 65535;
+  static DEFAULT_MAX_CONCURRENT_STREAMS = 32;
+  toDict() {
+    return {
+      nps_version: this.npsVersion,
+      supported_encodings: [...this.supportedEncodings],
+      supported_protocols: [...this.supportedProtocols],
+      min_version: this.minVersion ?? null,
+      agent_id: this.agentId ?? null,
+      max_frame_payload: this.maxFramePayload,
+      ext_support: this.extSupport,
+      max_concurrent_streams: this.maxConcurrentStreams,
+      e2e_enc_algorithms: this.e2eEncAlgorithms ? [...this.e2eEncAlgorithms] : null
+    };
+  }
+  static fromDict(data) {
+    return new _HelloFrame(
+      data["nps_version"],
+      data["supported_encodings"] ?? [],
+      data["supported_protocols"] ?? [],
+      data["min_version"] ?? void 0,
+      data["agent_id"] ?? void 0,
+      data["max_frame_payload"] ?? _HelloFrame.DEFAULT_MAX_FRAME_PAYLOAD,
+      data["ext_support"] ?? false,
+      data["max_concurrent_streams"] ?? _HelloFrame.DEFAULT_MAX_CONCURRENT_STREAMS,
+      data["e2e_enc_algorithms"] ?? void 0
+    );
+  }
+};
 
 // src/ncp/registry.ts
 function registerNcpFrames(registry) {
@@ -648,6 +708,7 @@ function registerNcpFrames(registry) {
   registry.register(2 /* DIFF */, DiffFrame);
   registry.register(3 /* STREAM */, StreamFrame);
   registry.register(4 /* CAPS */, CapsFrame);
+  registry.register(6 /* HELLO */, HelloFrame);
   registry.register(254 /* ERROR */, ErrorFrame);
 }