@labacacia/nps-sdk 1.0.0-alpha.3 → 1.0.0-alpha.4

package/dist/ndp/index.cjs

@@ -1,252 +0,0 @@
-'use strict';
-
-var ed25519 = require('@noble/ed25519');
-var sha512 = require('@noble/hashes/sha512');
-
-function _interopNamespace(e) {
-  if (e && e.__esModule) return e;
-  var n = Object.create(null);
-  if (e) {
-    Object.keys(e).forEach(function (k) {
-      if (k !== 'default') {
-        var d = Object.getOwnPropertyDescriptor(e, k);
-        Object.defineProperty(n, k, d.get ? d : {
-          enumerable: true,
-          get: function () { return e[k]; }
-        });
-      }
-    });
-  }
-  n.default = e;
-  return Object.freeze(n);
-}
-
-var ed25519__namespace = /*#__PURE__*/_interopNamespace(ed25519);
-
-// src/ndp/frames.ts
-var AnnounceFrame = class _AnnounceFrame {
-  constructor(nid, addresses, capabilities, ttl, timestamp, signature, nodeType) {
-    this.nid = nid;
-    this.addresses = addresses;
-    this.capabilities = capabilities;
-    this.ttl = ttl;
-    this.timestamp = timestamp;
-    this.signature = signature;
-    this.nodeType = nodeType;
-  }
-  nid;
-  addresses;
-  capabilities;
-  ttl;
-  timestamp;
-  signature;
-  nodeType;
-  frameType = 48 /* ANNOUNCE */;
-  preferredTier = 1 /* MSGPACK */;
-  unsignedDict() {
-    return {
-      nid: this.nid,
-      addresses: this.addresses,
-      capabilities: this.capabilities,
-      ttl: this.ttl,
-      timestamp: this.timestamp,
-      node_type: this.nodeType ?? null
-    };
-  }
-  toDict() {
-    return { ...this.unsignedDict(), signature: this.signature };
-  }
-  static fromDict(data) {
-    return new _AnnounceFrame(
-      data["nid"],
-      data["addresses"],
-      data["capabilities"],
-      data["ttl"],
-      data["timestamp"],
-      data["signature"],
-      data["node_type"] ?? void 0
-    );
-  }
-};
-var ResolveFrame = class _ResolveFrame {
-  constructor(target, requesterNid, resolved) {
-    this.target = target;
-    this.requesterNid = requesterNid;
-    this.resolved = resolved;
-  }
-  target;
-  requesterNid;
-  resolved;
-  frameType = 49 /* RESOLVE */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      target: this.target,
-      requester_nid: this.requesterNid ?? null,
-      resolved: this.resolved ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _ResolveFrame(
-      data["target"],
-      data["requester_nid"] ?? void 0,
-      data["resolved"] ?? void 0
-    );
-  }
-};
-var GraphFrame = class _GraphFrame {
-  constructor(seq, initialSync, nodes, patch) {
-    this.seq = seq;
-    this.initialSync = initialSync;
-    this.nodes = nodes;
-    this.patch = patch;
-  }
-  seq;
-  initialSync;
-  nodes;
-  patch;
-  frameType = 50 /* GRAPH */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      seq: this.seq,
-      initial_sync: this.initialSync,
-      nodes: this.nodes ?? null,
-      patch: this.patch ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _GraphFrame(
-      data["seq"],
-      data["initial_sync"],
-      data["nodes"] ?? void 0,
-      data["patch"] ?? void 0
-    );
-  }
-};
-
-// src/ndp/registry.ts
-function registerNdpFrames(registry) {
-  registry.register(48 /* ANNOUNCE */, AnnounceFrame);
-  registry.register(49 /* RESOLVE */, ResolveFrame);
-  registry.register(50 /* GRAPH */, GraphFrame);
-}
-
-// src/ndp/ndp-registry.ts
-var InMemoryNdpRegistry = class _InMemoryNdpRegistry {
-  _store = /* @__PURE__ */ new Map();
-  // Replaceable for testing
-  clock = () => Date.now();
-  announce(frame) {
-    const expiresAt = this.clock() + frame.ttl * 1e3;
-    if (frame.ttl === 0) {
-      this._store.delete(frame.nid);
-      return;
-    }
-    this._store.set(frame.nid, { frame, expiresAt });
-  }
-  getByNid(nid) {
-    const entry = this._store.get(nid);
-    if (entry === void 0) return void 0;
-    if (this.clock() > entry.expiresAt) {
-      this._store.delete(nid);
-      return void 0;
-    }
-    return entry.frame;
-  }
-  resolve(target) {
-    for (const [nid, entry] of this._store) {
-      if (this.clock() > entry.expiresAt) {
-        this._store.delete(nid);
-        continue;
-      }
-      if (!_InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;
-      const addr = entry.frame.addresses[0];
-      if (addr === void 0) continue;
-      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };
-    }
-    return void 0;
-  }
-  getAll() {
-    const now = this.clock();
-    const result = [];
-    for (const [nid, entry] of this._store) {
-      if (now > entry.expiresAt) {
-        this._store.delete(nid);
-        continue;
-      }
-      result.push(entry.frame);
-    }
-    return result;
-  }
-  static nwpTargetMatchesNid(nid, target) {
-    const nidParts = nid.split(":");
-    if (nidParts.length < 5 || nidParts[0] !== "urn" || nidParts[1] !== "nps" || nidParts[2] !== "node") {
-      return false;
-    }
-    if (!target.startsWith("nwp://")) return false;
-    const nidAuthority = nidParts[3];
-    const nidPath = nidParts[4];
-    const rest = target.slice("nwp://".length);
-    const slashIdx = rest.indexOf("/");
-    if (slashIdx === -1) return false;
-    const urlAuthority = rest.slice(0, slashIdx);
-    const urlPath = rest.slice(slashIdx + 1);
-    if (urlAuthority !== nidAuthority) return false;
-    if (urlPath === nidPath) return true;
-    if (urlPath.startsWith(nidPath + "/")) return true;
-    return false;
-  }
-};
-ed25519__namespace.etc.sha512Sync = (...m) => sha512.sha512(ed25519__namespace.etc.concatBytes(...m));
-var NdpAnnounceResult = {
-  ok: () => ({ isValid: true }),
-  fail: (errorCode, message) => ({ isValid: false, errorCode, message })
-};
-var NdpAnnounceValidator = class {
-  _keys = /* @__PURE__ */ new Map();
-  // nid → "ed25519:<hex>"
-  registerPublicKey(nid, encodedPubKey) {
-    this._keys.set(nid, encodedPubKey);
-  }
-  removePublicKey(nid) {
-    this._keys.delete(nid);
-  }
-  get knownPublicKeys() {
-    return this._keys;
-  }
-  validate(frame) {
-    const encoded = this._keys.get(frame.nid);
-    if (encoded === void 0) {
-      return NdpAnnounceResult.fail("NDP-ANNOUNCE-NID-MISMATCH", `No public key registered for NID: ${frame.nid}`);
-    }
-    try {
-      const prefix = "ed25519:";
-      const pubHex = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;
-      const pubKey = Buffer.from(pubHex, "hex");
-      const sig = frame.signature;
-      if (!sig.startsWith(prefix)) {
-        return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Signature must start with 'ed25519:'");
-      }
-      const sigBytes = Buffer.from(sig.slice(prefix.length), "base64");
-      const unsigned = frame.unsignedDict();
-      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());
-      const message = new TextEncoder().encode(canonical);
-      const valid = ed25519__namespace.verify(sigBytes, message, pubKey);
-      if (!valid) return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
-      return NdpAnnounceResult.ok();
-    } catch {
-      return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
-    }
-  }
-};
-
-exports.AnnounceFrame = AnnounceFrame;
-exports.GraphFrame = GraphFrame;
-exports.InMemoryNdpRegistry = InMemoryNdpRegistry;
-exports.NdpAnnounceResult = NdpAnnounceResult;
-exports.NdpAnnounceValidator = NdpAnnounceValidator;
-exports.ResolveFrame = ResolveFrame;
-exports.registerNdpFrames = registerNdpFrames;
-//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map

package/dist/ndp/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/ndp/frames.ts","../../src/ndp/registry.ts","../../src/ndp/ndp-registry.ts","../../src/ndp/validator.ts"],"names":["ed25519","sha512"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA0BO,IAAM,aAAA,GAAN,MAAM,cAAA,CAAkC;AAAA,EAI7C,YACkB,GAAA,EACA,SAAA,EACA,cACA,GAAA,EACA,SAAA,EACA,WACA,QAAA,EAChB;AAPgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAPe,GAAA;AAAA,EACA,SAAA;AAAA,EACA,YAAA;AAAA,EACA,GAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EAVT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAYT,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,SAAA,EAAc,KAAK,QAAA,IAAY;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA8C;AAC5D,IAAA,OAAO,IAAI,cAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,cAAc,CAAA;AAAA,MACnB,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,WAAW,CAAA;AAAA,MACf,IAAA,CAAK,WAAW,CAAA,IAA0B;AAAA,KAC7C;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAN,MAAM,aAAA,CAAiC;AAAA,EAI5C,WAAA,CACkB,MAAA,EACA,YAAA,EACA,QAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAHe,MAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,QAAe,IAAA,CAAK,MAAA;AAAA,MACpB,aAAA,EAAe,KAAK,YAAA,IAAgB,IAAA;AAAA,MACpC,QAAA,EAAe,KAAK,QAAA,IAAgB;AAAA,KACtC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA6C;AAC3D,IAAA,OAAO,IAAI,aAAA;AAAA,MACT,KAAK,QAAQ,CAAA;AAAA,MACZ,IAAA,CAAK,eAAe,CAAA,IAAuB,MAAA;AAAA,MAC3C,IAAA,CAAK,UAAU,CAAA,IAAsC;AAAA,KACxD;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,WAAA,EACA,KAAA,EACA,KAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,KAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,cAAc,IAAA,CAAK,WAAA;AAAA,MACnB,KAAA,EAAc,KAAK,KAAA,IAAS,IAAA;AAAA,MAC5B,KAAA,EAAc,KAAK,KAAA,IAAS;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,cAAc,CAAA;AAAA,MAClB,IAAA,CAAK,OAAO,CAAA,IAA+B,MAAA;AAAA,MAC3C,IAAA,CAAK,OAAO,CAAA,IAA0C;AAAA,KACzD;AAAA,EACF;AACF;;;ACpHO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,4BAA6B,aAAa,CAAA;AACnD,EAAA,QAAA,CAAS,2BAA6B,YAAY,CAAA;AAClD,EAAA,QAAA,CAAS,yBAA6B,UAAU,CAAA;AAClD;;;ACDO,IAAM,mBAAA,GAAN,MAAM,oBAAA,CAAoB;AAAA,EACd,MAAA,uBAAa,GAAA,EAA2B;AAAA;AAAA,EAGzD,KAAA,GAAsB,MAAM,IAAA,CAAK,GAAA,EAAI;AAAA,EAErC,SAAS,KAAA,EAA4B;AACnC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,EAAM,GAAI,MAAM,GAAA,GAAM,GAAA;AAC7C,IAAA,IAAI,KAAA,CAAM,QAAQ,CAAA,EAAG;AACnB,MAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAA,CAAK,OAAO,GAAA,CAAI,KAAA,CAAM,KAAK,EAAE,KAAA,EAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,SAAS,GAAA,EAAwC;AAC/C,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,KAAA,KAAU,QAAW,OAAO,MAAA;AAChC,IAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAClC,MAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AACtB,MAAA,OAAO,MAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA,CAAM,KAAA;AAAA,EACf;AAAA,EAEA,QAAQ,MAAA,EAA8C;AACpD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AACzE,MAAA,IAAI,CAAC,oBAAA,CAAoB,mBAAA,CAAoB,GAAA,EAAK,MAAM,CAAA,EAAG;AAC3D,MAAA,MAAM,IAAA,GAAO,KAAA,CAAM,KAAA,CAAM,SAAA,CAAU,CAAC,CAAA;AACpC,MAAA,IAAI,SAAS,MAAA,EAAW;AACxB,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,KAAK,IAAA,EAAM,GAAA,EAAK,KAAA,CAAM,KAAA,CAAM,GAAA,EAAI;AAAA,IAClE;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAA,GAA0B;AACxB,IAAA,MAAM,GAAA,GAAS,KAAK,KAAA,EAAM;AAC1B,IAAA,MAAM,SAA0B,EAAC;AACjC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,GAAA,GAAM,MAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AAChE,MAAA,MAAA,CAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,OAAO,mBAAA,CAAoB,GAAA,EAAa,MAAA,EAAyB;AAG/D,IAAA,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC9B,IAAA,IAAI,QAAA,CAAS,MAAA,GAAS,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,MAAM,MAAA,EAAQ;AACnG,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,CAAC,MAAA,CAAO,UAAA,CAAW,QAAQ,GAAG,OAAO,KAAA;AAEzC,IAAA,MAAM,YAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,OAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,IAAA,GAAe,MAAA,CAAO,KAAA,CAAM,QAAA,CAAS,MAAM,CAAA;AACjD,IAAA,MAAM,QAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AACrC,IAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAE5B,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAe,IAAA,CAAK,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAE5C,IAAA,IAAI,YAAA,KAAiB,cAAc,OAAO,KAAA;AAG1C,IAAA,IAAI,OAAA,KAAY,SAAS,OAAO,IAAA;AAChC,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAA,GAAU,GAAG,GAAG,OAAO,IAAA;AAC9C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC1EQA,kBAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAMC,aAAA,CAAeD,uBAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAQhE,IAAM,iBAAA,GAAoB;AAAA,EAC/B,EAAA,EAAI,OAA0B,EAAE,OAAA,EAAS,IAAA,EAAK,CAAA;AAAA,EAC9C,IAAA,EAAM,CAAC,SAAA,EAAmB,OAAA,MAAwC,EAAE,OAAA,EAAS,KAAA,EAAO,WAAW,OAAA,EAAQ;AACzG;AAEO,IAAM,uBAAN,MAA2B;AAAA,EACf,KAAA,uBAAY,GAAA,EAAoB;AAAA;AAAA,EAEjD,iBAAA,CAAkB,KAAa,aAAA,EAA6B;AAC1D,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,aAAa,CAAA;AAAA,EACnC;AAAA,EAEA,gBAAgB,GAAA,EAAmB;AACjC,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEA,IAAI,eAAA,GAA+C;AACjD,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA,EAEA,SAAS,KAAA,EAAyC;AAChD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,MAAM,GAAG,CAAA;AACxC,IAAA,IAAI,YAAY,MAAA,EAAW;AACzB,MAAA,OAAO,kBAAkB,IAAA,CAAK,2BAAA,EAA6B,CAAA,kCAAA,EAAqC,KAAA,CAAM,GAAG,CAAA,CAAE,CAAA;AAAA,IAC7G;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAU,UAAA;AAChB,MAAA,MAAM,MAAA,GAAU,QAAQ,UAAA,CAAW,MAAM,IAAI,OAAA,CAAQ,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,GAAI,OAAA;AAC5E,MAAA,MAAM,MAAA,GAAU,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,KAAK,CAAA;AAEzC,MAAA,MAAM,MAAM,KAAA,CAAM,SAAA;AAClB,MAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC3B,QAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,sCAAsC,CAAA;AAAA,MAClG;AACA,MAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,GAAA,CAAI,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AAE/D,MAAA,MAAM,QAAA,GAAY,MAAM,YAAA,EAAa;AACrC,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,QAAA,EAAU,OAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,IAAA,EAAM,CAAA;AACvE,MAAA,MAAM,OAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AAEpD,MAAA,MAAM,KAAA,GAAgBA,kBAAA,CAAA,MAAA,CAAO,QAAA,EAAU,OAAA,EAAS,MAAM,CAAA;AACtD,MAAA,IAAI,CAAC,KAAA,EAAO,OAAO,iBAAA,CAAkB,IAAA,CAAK,4BAA4B,wCAAwC,CAAA;AAC9G,MAAA,OAAO,kBAAkB,EAAA,EAAG;AAAA,IAC9B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,wCAAwC,CAAA;AAAA,IACpG;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface NdpAddress {\n  host:     string;\n  port:     number;\n  protocol: string;\n}\n\nexport interface NdpGraphNode {\n  nid:          string;\n  addresses:    readonly NdpAddress[];\n  capabilities: readonly string[];\n  nodeType?:    string;\n}\n\nexport interface NdpResolveResult {\n  host:              string;\n  port:              number;\n  ttl:               number;\n  certFingerprint?:  string;\n}\n\nexport class AnnounceFrame implements NpsFrame {\n  readonly frameType     = FrameType.ANNOUNCE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:          string,\n    public readonly addresses:    readonly NdpAddress[],\n    public readonly capabilities: readonly string[],\n    public readonly ttl:          number,\n    public readonly timestamp:    string,\n    public readonly signature:    string,\n    public readonly nodeType?:    string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:          this.nid,\n      addresses:    this.addresses,\n      capabilities: this.capabilities,\n      ttl:          this.ttl,\n      timestamp:    this.timestamp,\n      node_type:    this.nodeType ?? null,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): AnnounceFrame {\n    return new AnnounceFrame(\n      data[\"nid\"]          as string,\n      data[\"addresses\"]    as NdpAddress[],\n      data[\"capabilities\"] as string[],\n      data[\"ttl\"]          as number,\n      data[\"timestamp\"]    as string,\n      data[\"signature\"]    as string,\n      (data[\"node_type\"]    as string | null) ?? undefined,\n    );\n  }\n}\n\nexport class ResolveFrame implements NpsFrame {\n  readonly frameType     = FrameType.RESOLVE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly target:        string,\n    public readonly requesterNid?: string,\n    public readonly resolved?:     NdpResolveResult,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      target:        this.target,\n      requester_nid: this.requesterNid ?? null,\n      resolved:      this.resolved     ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): ResolveFrame {\n    return new ResolveFrame(\n      data[\"target\"]         as string,\n      (data[\"requester_nid\"] as string | null) ?? undefined,\n      (data[\"resolved\"]      as NdpResolveResult | null) ?? undefined,\n    );\n  }\n}\n\nexport class GraphFrame implements NpsFrame {\n  readonly frameType     = FrameType.GRAPH;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly seq:         number,\n    public readonly initialSync: boolean,\n    public readonly nodes?:      readonly NdpGraphNode[],\n    public readonly patch?:      readonly Record<string, unknown>[],\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      seq:          this.seq,\n      initial_sync: this.initialSync,\n      nodes:        this.nodes ?? null,\n      patch:        this.patch ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): GraphFrame {\n    return new GraphFrame(\n      data[\"seq\"]          as number,\n      data[\"initial_sync\"] as boolean,\n      (data[\"nodes\"] as NdpGraphNode[] | null) ?? undefined,\n      (data[\"patch\"] as Record<string, unknown>[] | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { AnnounceFrame, GraphFrame, ResolveFrame } from \"./frames.js\";\n\nexport function registerNdpFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.ANNOUNCE, AnnounceFrame);\n  registry.register(FrameType.RESOLVE,  ResolveFrame);\n  registry.register(FrameType.GRAPH,    GraphFrame);\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AnnounceFrame, NdpResolveResult } from \"./frames.js\";\n\ninterface RegistryEntry {\n  frame:     AnnounceFrame;\n  expiresAt: number;\n}\n\nexport class InMemoryNdpRegistry {\n  private readonly _store = new Map<string, RegistryEntry>();\n\n  // Replaceable for testing\n  clock: () => number = () => Date.now();\n\n  announce(frame: AnnounceFrame): void {\n    const expiresAt = this.clock() + frame.ttl * 1000;\n    if (frame.ttl === 0) {\n      this._store.delete(frame.nid);\n      return;\n    }\n    this._store.set(frame.nid, { frame, expiresAt });\n  }\n\n  getByNid(nid: string): AnnounceFrame | undefined {\n    const entry = this._store.get(nid);\n    if (entry === undefined) return undefined;\n    if (this.clock() > entry.expiresAt) {\n      this._store.delete(nid);\n      return undefined;\n    }\n    return entry.frame;\n  }\n\n  resolve(target: string): NdpResolveResult | undefined {\n    for (const [nid, entry] of this._store) {\n      if (this.clock() > entry.expiresAt) { this._store.delete(nid); continue; }\n      if (!InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;\n      const addr = entry.frame.addresses[0];\n      if (addr === undefined) continue;\n      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };\n    }\n    return undefined;\n  }\n\n  getAll(): AnnounceFrame[] {\n    const now    = this.clock();\n    const result: AnnounceFrame[] = [];\n    for (const [nid, entry] of this._store) {\n      if (now > entry.expiresAt) { this._store.delete(nid); continue; }\n      result.push(entry.frame);\n    }\n    return result;\n  }\n\n  static nwpTargetMatchesNid(nid: string, target: string): boolean {\n    // NID: urn:nps:node:{authority}:{path-segment}\n    // target: nwp://{authority}/{path}\n    const nidParts = nid.split(\":\");\n    if (nidParts.length < 5 || nidParts[0] !== \"urn\" || nidParts[1] !== \"nps\" || nidParts[2] !== \"node\") {\n      return false;\n    }\n    if (!target.startsWith(\"nwp://\")) return false;\n\n    const nidAuthority = nidParts[3]!;\n    const nidPath      = nidParts[4]!;\n    const rest         = target.slice(\"nwp://\".length);\n    const slashIdx     = rest.indexOf(\"/\");\n    if (slashIdx === -1) return false;\n\n    const urlAuthority = rest.slice(0, slashIdx);\n    const urlPath      = rest.slice(slashIdx + 1); // without leading slash\n\n    if (urlAuthority !== nidAuthority) return false;\n\n    // nidPath must be a prefix of urlPath at a segment boundary\n    if (urlPath === nidPath) return true;\n    if (urlPath.startsWith(nidPath + \"/\")) return true;\n    return false;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport type { AnnounceFrame } from \"./frames.js\";\n\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nexport interface NdpAnnounceResult {\n  isValid:    boolean;\n  errorCode?: string;\n  message?:   string;\n}\n\nexport const NdpAnnounceResult = {\n  ok: (): NdpAnnounceResult => ({ isValid: true }),\n  fail: (errorCode: string, message: string): NdpAnnounceResult => ({ isValid: false, errorCode, message }),\n};\n\nexport class NdpAnnounceValidator {\n  private readonly _keys = new Map<string, string>(); // nid → \"ed25519:<hex>\"\n\n  registerPublicKey(nid: string, encodedPubKey: string): void {\n    this._keys.set(nid, encodedPubKey);\n  }\n\n  removePublicKey(nid: string): void {\n    this._keys.delete(nid);\n  }\n\n  get knownPublicKeys(): ReadonlyMap<string, string> {\n    return this._keys;\n  }\n\n  validate(frame: AnnounceFrame): NdpAnnounceResult {\n    const encoded = this._keys.get(frame.nid);\n    if (encoded === undefined) {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-NID-MISMATCH\", `No public key registered for NID: ${frame.nid}`);\n    }\n\n    try {\n      const prefix  = \"ed25519:\";\n      const pubHex  = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;\n      const pubKey  = Buffer.from(pubHex, \"hex\");\n\n      const sig = frame.signature;\n      if (!sig.startsWith(prefix)) {\n        return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Signature must start with 'ed25519:'\");\n      }\n      const sigBytes = Buffer.from(sig.slice(prefix.length), \"base64\");\n\n      const unsigned  = frame.unsignedDict();\n      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());\n      const message   = new TextEncoder().encode(canonical);\n\n      const valid = ed25519.verify(sigBytes, message, pubKey);\n      if (!valid) return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n      return NdpAnnounceResult.ok();\n    } catch {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n    }\n  }\n}\n"]}

package/dist/nip/index.cjs

@@ -1,214 +0,0 @@
-'use strict';
-
-var ed25519 = require('@noble/ed25519');
-var sha512 = require('@noble/hashes/sha512');
-var crypto = require('crypto');
-var fs = require('fs');
-
-function _interopNamespace(e) {
-  if (e && e.__esModule) return e;
-  var n = Object.create(null);
-  if (e) {
-    Object.keys(e).forEach(function (k) {
-      if (k !== 'default') {
-        var d = Object.getOwnPropertyDescriptor(e, k);
-        Object.defineProperty(n, k, d.get ? d : {
-          enumerable: true,
-          get: function () { return e[k]; }
-        });
-      }
-    });
-  }
-  n.default = e;
-  return Object.freeze(n);
-}
-
-var ed25519__namespace = /*#__PURE__*/_interopNamespace(ed25519);
-
-// src/nip/frames.ts
-var IdentFrame = class _IdentFrame {
-  constructor(nid, pubKey, metadata, signature) {
-    this.nid = nid;
-    this.pubKey = pubKey;
-    this.metadata = metadata;
-    this.signature = signature;
-  }
-  nid;
-  pubKey;
-  metadata;
-  signature;
-  frameType = 32 /* IDENT */;
-  preferredTier = 1 /* MSGPACK */;
-  unsignedDict() {
-    return {
-      nid: this.nid,
-      pub_key: this.pubKey,
-      metadata: this.metadata
-    };
-  }
-  toDict() {
-    return { ...this.unsignedDict(), signature: this.signature };
-  }
-  static fromDict(data) {
-    return new _IdentFrame(
-      data["nid"],
-      data["pub_key"],
-      data["metadata"],
-      data["signature"]
-    );
-  }
-};
-var TrustFrame = class _TrustFrame {
-  constructor(issuerNid, subjectNid, scopes, expiresAt, signature) {
-    this.issuerNid = issuerNid;
-    this.subjectNid = subjectNid;
-    this.scopes = scopes;
-    this.expiresAt = expiresAt;
-    this.signature = signature;
-  }
-  issuerNid;
-  subjectNid;
-  scopes;
-  expiresAt;
-  signature;
-  frameType = 33 /* TRUST */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      issuer_nid: this.issuerNid,
-      subject_nid: this.subjectNid,
-      scopes: this.scopes,
-      expires_at: this.expiresAt,
-      signature: this.signature
-    };
-  }
-  static fromDict(data) {
-    return new _TrustFrame(
-      data["issuer_nid"],
-      data["subject_nid"],
-      data["scopes"],
-      data["expires_at"],
-      data["signature"]
-    );
-  }
-};
-var RevokeFrame = class _RevokeFrame {
-  constructor(nid, reason, revokedAt) {
-    this.nid = nid;
-    this.reason = reason;
-    this.revokedAt = revokedAt;
-  }
-  nid;
-  reason;
-  revokedAt;
-  frameType = 34 /* REVOKE */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      nid: this.nid,
-      reason: this.reason ?? null,
-      revoked_at: this.revokedAt ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _RevokeFrame(
-      data["nid"],
-      data["reason"] ?? void 0,
-      data["revoked_at"] ?? void 0
-    );
-  }
-};
-ed25519__namespace.etc.sha512Sync = (...m) => sha512.sha512(ed25519__namespace.etc.concatBytes(...m));
-var KEY_FILE_VERSION = 1;
-var PBKDF2_ITERS = 6e5;
-var SALT_BYTES = 16;
-var IV_BYTES = 12;
-var KEY_BYTES = 32;
-var NipIdentity = class _NipIdentity {
-  constructor(_privKey, pubKey) {
-    this._privKey = _privKey;
-    this.pubKey = pubKey;
-  }
-  _privKey;
-  pubKey;
-  // ── Factory ───────────────────────────────────────────────────────────────
-  static generate() {
-    const priv = ed25519__namespace.utils.randomPrivateKey();
-    const pub = ed25519__namespace.getPublicKey(priv);
-    return new _NipIdentity(priv, pub);
-  }
-  static fromPrivateKey(privKey) {
-    const pub = ed25519__namespace.getPublicKey(privKey);
-    return new _NipIdentity(privKey, pub);
-  }
-  /** Load from an AES-256-GCM encrypted key file. */
-  static load(path, passphrase) {
-    const envelope = JSON.parse(fs.readFileSync(path, "utf8"));
-    const salt = Buffer.from(envelope.salt, "hex");
-    const iv = Buffer.from(envelope.iv, "hex");
-    const ct = Buffer.from(envelope.ciphertext, "hex");
-    const dk = crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
-    const decipher = crypto.createDecipheriv("aes-256-gcm", dk, iv);
-    const authTag = ct.slice(ct.length - 16);
-    const body = ct.slice(0, ct.length - 16);
-    decipher.setAuthTag(authTag);
-    const priv = Buffer.concat([decipher.update(body), decipher.final()]);
-    return _NipIdentity.fromPrivateKey(new Uint8Array(priv));
-  }
-  /** Save to an AES-256-GCM encrypted key file. */
-  save(path, passphrase) {
-    const salt = crypto.randomBytes(SALT_BYTES);
-    const iv = crypto.randomBytes(IV_BYTES);
-    const dk = crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
-    const cipher = crypto.createCipheriv("aes-256-gcm", dk, iv);
-    const body = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    const envelope = {
-      version: KEY_FILE_VERSION,
-      salt: salt.toString("hex"),
-      iv: iv.toString("hex"),
-      ciphertext: Buffer.concat([body, tag]).toString("hex"),
-      pubKey: Buffer.from(this.pubKey).toString("hex")
-    };
-    fs.writeFileSync(path, JSON.stringify(envelope, null, 2), "utf8");
-  }
-  // ── Signing ───────────────────────────────────────────────────────────────
-  /** Sign a dict payload. Returns `ed25519:<base64url>`. */
-  sign(payload) {
-    const canonical = JSON.stringify(payload, Object.keys(payload).sort());
-    const bytes = new TextEncoder().encode(canonical);
-    const sig = ed25519__namespace.sign(bytes, this._privKey);
-    return `ed25519:${Buffer.from(sig).toString("base64")}`;
-  }
-  /** Verify a signature string against a dict payload. */
-  verify(payload, signature) {
-    if (!signature.startsWith("ed25519:")) return false;
-    try {
-      const canonical = JSON.stringify(payload, Object.keys(payload).sort());
-      const bytes = new TextEncoder().encode(canonical);
-      const sigBytes = Buffer.from(signature.slice("ed25519:".length), "base64");
-      return ed25519__namespace.verify(sigBytes, bytes, this.pubKey);
-    } catch {
-      return false;
-    }
-  }
-  /** Public key as `ed25519:<hex>` string. */
-  get pubKeyString() {
-    return `ed25519:${Buffer.from(this.pubKey).toString("hex")}`;
-  }
-};
-
-// src/nip/registry.ts
-function registerNipFrames(registry) {
-  registry.register(32 /* IDENT */, IdentFrame);
-  registry.register(33 /* TRUST */, TrustFrame);
-  registry.register(34 /* REVOKE */, RevokeFrame);
-}
-
-exports.IdentFrame = IdentFrame;
-exports.NipIdentity = NipIdentity;
-exports.RevokeFrame = RevokeFrame;
-exports.TrustFrame = TrustFrame;
-exports.registerNipFrames = registerNipFrames;
-//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map

package/dist/nip/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/nip/frames.ts","../../src/nip/identity.ts","../../src/nip/registry.ts"],"names":["ed25519","sha512","readFileSync","pbkdf2Sync","createDecipheriv","randomBytes","createCipheriv","writeFileSync"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,QAAA,EACA,SAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAU,IAAA,CAAK,GAAA;AAAA,MACf,SAAU,IAAA,CAAK,MAAA;AAAA,MACf,UAAU,IAAA,CAAK;AAAA,KACjB;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,SAAS,CAAA;AAAA,MACd,KAAK,UAAU,CAAA;AAAA,MACf,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,SAAA,EACA,UAAA,EACA,MAAA,EACA,WACA,SAAA,EAChB;AALgB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EALe,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EART,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAUT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,aAAa,IAAA,CAAK,UAAA;AAAA,MAClB,QAAa,IAAA,CAAK,MAAA;AAAA,MAClB,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,WAAa,IAAA,CAAK;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,aAAa,CAAA;AAAA,MAClB,KAAK,QAAQ,CAAA;AAAA,MACb,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,WAAA,GAAN,MAAM,YAAA,CAAgC;AAAA,EAI3C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,SAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAHe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAY,IAAA,CAAK,GAAA;AAAA,MACjB,MAAA,EAAY,KAAK,MAAA,IAAc,IAAA;AAAA,MAC/B,UAAA,EAAY,KAAK,SAAA,IAAc;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA4C;AAC1D,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACT,IAAA,CAAK,QAAQ,CAAA,IAA2B,MAAA;AAAA,MACxC,IAAA,CAAK,YAAY,CAAA,IAAuB;AAAA,KAC3C;AAAA,EACF;AACF;AC3FQA,kBAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAMC,aAAA,CAAeD,uBAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAEvE,IAAM,gBAAA,GAAmB,CAAA;AACzB,IAAM,YAAA,GAAmB,GAAA;AACzB,IAAM,UAAA,GAAmB,EAAA;AACzB,IAAM,QAAA,GAAmB,EAAA;AACzB,IAAM,SAAA,GAAmB,EAAA;AAUlB,IAAM,WAAA,GAAN,MAAM,YAAA,CAAY;AAAA,EACf,WAAA,CACW,UACA,MAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAChB;AAAA,EAFgB,QAAA;AAAA,EACA,MAAA;AAAA;AAAA,EAKnB,OAAO,QAAA,GAAwB;AAC7B,IAAA,MAAM,IAAA,GAAeA,yBAAM,gBAAA,EAAiB;AAC5C,IAAA,MAAM,GAAA,GAAeA,gCAAa,IAAI,CAAA;AACtC,IAAA,OAAO,IAAI,YAAA,CAAY,IAAA,EAAM,GAAG,CAAA;AAAA,EAClC;AAAA,EAEA,OAAO,eAAe,OAAA,EAAkC;AACtD,IAAA,MAAM,GAAA,GAAcA,gCAAa,OAAO,CAAA;AACxC,IAAA,OAAO,IAAI,YAAA,CAAY,OAAA,EAAS,GAAG,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,OAAO,IAAA,CAAK,IAAA,EAAc,UAAA,EAAiC;AACzD,IAAA,MAAM,WAAW,IAAA,CAAK,KAAA,CAAME,eAAA,CAAa,IAAA,EAAM,MAAM,CAAC,CAAA;AACtD,IAAA,MAAM,IAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,MAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,IAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,YAAY,KAAK,CAAA;AAExD,IAAA,MAAM,KAAKC,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AACzE,IAAA,MAAM,QAAA,GAAWC,uBAAA,CAAiB,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AAEvD,IAAA,MAAM,OAAA,GAAU,EAAA,CAAG,KAAA,CAAM,EAAA,CAAG,SAAS,EAAE,CAAA;AACvC,IAAA,MAAM,OAAU,EAAA,CAAG,KAAA,CAAM,CAAA,EAAG,EAAA,CAAG,SAAS,EAAE,CAAA;AAC1C,IAAC,QAAA,CAAqF,WAAW,OAAO,CAAA;AACxG,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,IAAI,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AACpE,IAAA,OAAO,YAAA,CAAY,cAAA,CAAe,IAAI,UAAA,CAAW,IAAI,CAAC,CAAA;AAAA,EACxD;AAAA;AAAA,EAGA,IAAA,CAAK,MAAc,UAAA,EAA0B;AAC3C,IAAA,MAAM,IAAA,GAASC,mBAAY,UAAU,CAAA;AACrC,IAAA,MAAM,EAAA,GAASA,mBAAY,QAAQ,CAAA;AACnC,IAAA,MAAM,KAASF,iBAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AAC7E,IAAA,MAAM,MAAA,GAASG,qBAAA,CAAe,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AACnD,IAAA,MAAM,IAAA,GAAS,MAAA,CAAO,MAAA,CAAO,CAAC,OAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAC,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AACxF,IAAA,MAAM,GAAA,GAAU,OAAwE,UAAA,EAAW;AAEnG,IAAA,MAAM,QAAA,GAA4B;AAAA,MAChC,OAAA,EAAY,gBAAA;AAAA,MACZ,IAAA,EAAY,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA;AAAA,MAC/B,EAAA,EAAY,EAAA,CAAG,QAAA,CAAS,KAAK,CAAA;AAAA,MAC7B,UAAA,EAAY,OAAO,MAAA,CAAO,CAAC,MAAM,GAAG,CAAC,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAAA,MACrD,QAAY,MAAA,CAAO,IAAA,CAAK,KAAK,MAAM,CAAA,CAAE,SAAS,KAAK;AAAA,KACrD;AACA,IAAAC,gBAAA,CAAc,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,IAAA,EAAM,CAAC,GAAG,MAAM,CAAA;AAAA,EAC/D;AAAA;AAAA;AAAA,EAKA,KAAK,OAAA,EAA0C;AAC7C,IAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,IAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,IAAA,MAAM,GAAA,GAAoBP,kBAAA,CAAA,IAAA,CAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AACnD,IAAA,OAAO,WAAW,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA,CAAA;AAAA,EACvD;AAAA;AAAA,EAGA,MAAA,CAAO,SAAkC,SAAA,EAA4B;AACnE,IAAA,IAAI,CAAC,SAAA,CAAU,UAAA,CAAW,UAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,MAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,MAAA,MAAM,QAAA,GAAY,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,UAAA,CAAW,MAAM,GAAG,QAAQ,CAAA;AAC1E,MAAA,OAAeA,kBAAA,CAAA,MAAA,CAAO,QAAA,EAAU,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAA,GAAuB;AACzB,IAAA,OAAO,CAAA,QAAA,EAAW,OAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,CAAE,QAAA,CAAS,KAAK,CAAC,CAAA,CAAA;AAAA,EAC5D;AACF;;;ACzGO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,0BAA2B,WAAW,CAAA;AACjD","file":"index.cjs","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface IdentMetadata {\n  issuer:       string;\n  issuedAt:     string;\n  expiresAt?:   string;\n  capabilities?: readonly string[];\n  scopes?:       readonly string[];\n}\n\nexport class IdentFrame implements NpsFrame {\n  readonly frameType     = FrameType.IDENT;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly pubKey:    string,\n    public readonly metadata:  IdentMetadata,\n    public readonly signature: string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:      this.nid,\n      pub_key:  this.pubKey,\n      metadata: this.metadata,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): IdentFrame {\n    return new IdentFrame(\n      data[\"nid\"]       as string,\n      data[\"pub_key\"]   as string,\n      data[\"metadata\"]  as IdentMetadata,\n      data[\"signature\"] as string,\n    );\n  }\n}\n\nexport class TrustFrame implements NpsFrame {\n  readonly frameType     = FrameType.TRUST;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly issuerNid:  string,\n    public readonly subjectNid: string,\n    public readonly scopes:     readonly string[],\n    public readonly expiresAt:  string,\n    public readonly signature:  string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      issuer_nid:  this.issuerNid,\n      subject_nid: this.subjectNid,\n      scopes:      this.scopes,\n      expires_at:  this.expiresAt,\n      signature:   this.signature,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): TrustFrame {\n    return new TrustFrame(\n      data[\"issuer_nid\"]  as string,\n      data[\"subject_nid\"] as string,\n      data[\"scopes\"]      as string[],\n      data[\"expires_at\"]  as string,\n      data[\"signature\"]   as string,\n    );\n  }\n}\n\nexport class RevokeFrame implements NpsFrame {\n  readonly frameType     = FrameType.REVOKE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly reason?:   string,\n    public readonly revokedAt?: string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      nid:        this.nid,\n      reason:     this.reason     ?? null,\n      revoked_at: this.revokedAt  ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): RevokeFrame {\n    return new RevokeFrame(\n      data[\"nid\"]        as string,\n      (data[\"reason\"]     as string | null) ?? undefined,\n      (data[\"revoked_at\"] as string | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * NipIdentity — Ed25519 key management and signing for NPS NID identity.\n * Uses @noble/ed25519 for signing; node:crypto for key storage encryption.\n */\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from \"node:crypto\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\n\n// noble/ed25519 requires sha512 to be set explicitly in Node environments\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nconst KEY_FILE_VERSION = 1;\nconst PBKDF2_ITERS     = 600_000;\nconst SALT_BYTES       = 16;\nconst IV_BYTES         = 12;\nconst KEY_BYTES        = 32;\n\ninterface KeyFileEnvelope {\n  version:    number;\n  salt:       string; // hex\n  iv:         string; // hex\n  ciphertext: string; // hex\n  pubKey:     string; // hex\n}\n\nexport class NipIdentity {\n  private constructor(\n    private readonly _privKey: Uint8Array,\n    public  readonly pubKey:   Uint8Array,\n  ) {}\n\n  // ── Factory ───────────────────────────────────────────────────────────────\n\n  static generate(): NipIdentity {\n    const priv = ed25519.utils.randomPrivateKey();\n    const pub  = ed25519.getPublicKey(priv);\n    return new NipIdentity(priv, pub);\n  }\n\n  static fromPrivateKey(privKey: Uint8Array): NipIdentity {\n    const pub = ed25519.getPublicKey(privKey);\n    return new NipIdentity(privKey, pub);\n  }\n\n  /** Load from an AES-256-GCM encrypted key file. */\n  static load(path: string, passphrase: string): NipIdentity {\n    const envelope = JSON.parse(readFileSync(path, \"utf8\")) as KeyFileEnvelope;\n    const salt      = Buffer.from(envelope.salt,       \"hex\");\n    const iv        = Buffer.from(envelope.iv,         \"hex\");\n    const ct        = Buffer.from(envelope.ciphertext, \"hex\");\n\n    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const decipher = createDecipheriv(\"aes-256-gcm\", dk, iv);\n    // Last 16 bytes of ciphertext are the GCM auth tag\n    const authTag = ct.slice(ct.length - 16);\n    const body    = ct.slice(0, ct.length - 16);\n    (decipher as ReturnType<typeof createDecipheriv> & { setAuthTag(tag: Buffer): void }).setAuthTag(authTag);\n    const priv = Buffer.concat([decipher.update(body), decipher.final()]);\n    return NipIdentity.fromPrivateKey(new Uint8Array(priv));\n  }\n\n  /** Save to an AES-256-GCM encrypted key file. */\n  save(path: string, passphrase: string): void {\n    const salt   = randomBytes(SALT_BYTES);\n    const iv     = randomBytes(IV_BYTES);\n    const dk     = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const cipher = createCipheriv(\"aes-256-gcm\", dk, iv);\n    const body   = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);\n    const tag    = (cipher as ReturnType<typeof createCipheriv> & { getAuthTag(): Buffer }).getAuthTag();\n\n    const envelope: KeyFileEnvelope = {\n      version:    KEY_FILE_VERSION,\n      salt:       salt.toString(\"hex\"),\n      iv:         iv.toString(\"hex\"),\n      ciphertext: Buffer.concat([body, tag]).toString(\"hex\"),\n      pubKey:     Buffer.from(this.pubKey).toString(\"hex\"),\n    };\n    writeFileSync(path, JSON.stringify(envelope, null, 2), \"utf8\");\n  }\n\n  // ── Signing ───────────────────────────────────────────────────────────────\n\n  /** Sign a dict payload. Returns `ed25519:<base64url>`. */\n  sign(payload: Record<string, unknown>): string {\n    const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n    const bytes     = new TextEncoder().encode(canonical);\n    const sig       = ed25519.sign(bytes, this._privKey);\n    return `ed25519:${Buffer.from(sig).toString(\"base64\")}`;\n  }\n\n  /** Verify a signature string against a dict payload. */\n  verify(payload: Record<string, unknown>, signature: string): boolean {\n    if (!signature.startsWith(\"ed25519:\")) return false;\n    try {\n      const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n      const bytes     = new TextEncoder().encode(canonical);\n      const sigBytes  = Buffer.from(signature.slice(\"ed25519:\".length), \"base64\");\n      return ed25519.verify(sigBytes, bytes, this.pubKey);\n    } catch {\n      return false;\n    }\n  }\n\n  /** Public key as `ed25519:<hex>` string. */\n  get pubKeyString(): string {\n    return `ed25519:${Buffer.from(this.pubKey).toString(\"hex\")}`;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { IdentFrame, TrustFrame, RevokeFrame } from \"./frames.js\";\n\nexport function registerNipFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.IDENT,  IdentFrame);\n  registry.register(FrameType.TRUST,  TrustFrame);\n  registry.register(FrameType.REVOKE, RevokeFrame);\n}\n"]}