@labacacia/nps-sdk 1.0.0-alpha.3 → 1.0.0-alpha.5

package/dist/ndp/index.js

@@ -1,224 +1,8 @@
-import * as ed25519 from '@noble/ed25519';
-import { sha512 } from '@noble/hashes/sha512';
-
-// src/ndp/frames.ts
-var AnnounceFrame = class _AnnounceFrame {
-  constructor(nid, addresses, capabilities, ttl, timestamp, signature, nodeType) {
-    this.nid = nid;
-    this.addresses = addresses;
-    this.capabilities = capabilities;
-    this.ttl = ttl;
-    this.timestamp = timestamp;
-    this.signature = signature;
-    this.nodeType = nodeType;
-  }
-  nid;
-  addresses;
-  capabilities;
-  ttl;
-  timestamp;
-  signature;
-  nodeType;
-  frameType = 48 /* ANNOUNCE */;
-  preferredTier = 1 /* MSGPACK */;
-  unsignedDict() {
-    return {
-      nid: this.nid,
-      addresses: this.addresses,
-      capabilities: this.capabilities,
-      ttl: this.ttl,
-      timestamp: this.timestamp,
-      node_type: this.nodeType ?? null
-    };
-  }
-  toDict() {
-    return { ...this.unsignedDict(), signature: this.signature };
-  }
-  static fromDict(data) {
-    return new _AnnounceFrame(
-      data["nid"],
-      data["addresses"],
-      data["capabilities"],
-      data["ttl"],
-      data["timestamp"],
-      data["signature"],
-      data["node_type"] ?? void 0
-    );
-  }
-};
-var ResolveFrame = class _ResolveFrame {
-  constructor(target, requesterNid, resolved) {
-    this.target = target;
-    this.requesterNid = requesterNid;
-    this.resolved = resolved;
-  }
-  target;
-  requesterNid;
-  resolved;
-  frameType = 49 /* RESOLVE */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      target: this.target,
-      requester_nid: this.requesterNid ?? null,
-      resolved: this.resolved ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _ResolveFrame(
-      data["target"],
-      data["requester_nid"] ?? void 0,
-      data["resolved"] ?? void 0
-    );
-  }
-};
-var GraphFrame = class _GraphFrame {
-  constructor(seq, initialSync, nodes, patch) {
-    this.seq = seq;
-    this.initialSync = initialSync;
-    this.nodes = nodes;
-    this.patch = patch;
-  }
-  seq;
-  initialSync;
-  nodes;
-  patch;
-  frameType = 50 /* GRAPH */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      seq: this.seq,
-      initial_sync: this.initialSync,
-      nodes: this.nodes ?? null,
-      patch: this.patch ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _GraphFrame(
-      data["seq"],
-      data["initial_sync"],
-      data["nodes"] ?? void 0,
-      data["patch"] ?? void 0
-    );
-  }
-};
-
-// src/ndp/registry.ts
-function registerNdpFrames(registry) {
-  registry.register(48 /* ANNOUNCE */, AnnounceFrame);
-  registry.register(49 /* RESOLVE */, ResolveFrame);
-  registry.register(50 /* GRAPH */, GraphFrame);
-}
-
-// src/ndp/ndp-registry.ts
-var InMemoryNdpRegistry = class _InMemoryNdpRegistry {
-  _store = /* @__PURE__ */ new Map();
-  // Replaceable for testing
-  clock = () => Date.now();
-  announce(frame) {
-    const expiresAt = this.clock() + frame.ttl * 1e3;
-    if (frame.ttl === 0) {
-      this._store.delete(frame.nid);
-      return;
-    }
-    this._store.set(frame.nid, { frame, expiresAt });
-  }
-  getByNid(nid) {
-    const entry = this._store.get(nid);
-    if (entry === void 0) return void 0;
-    if (this.clock() > entry.expiresAt) {
-      this._store.delete(nid);
-      return void 0;
-    }
-    return entry.frame;
-  }
-  resolve(target) {
-    for (const [nid, entry] of this._store) {
-      if (this.clock() > entry.expiresAt) {
-        this._store.delete(nid);
-        continue;
-      }
-      if (!_InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;
-      const addr = entry.frame.addresses[0];
-      if (addr === void 0) continue;
-      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };
-    }
-    return void 0;
-  }
-  getAll() {
-    const now = this.clock();
-    const result = [];
-    for (const [nid, entry] of this._store) {
-      if (now > entry.expiresAt) {
-        this._store.delete(nid);
-        continue;
-      }
-      result.push(entry.frame);
-    }
-    return result;
-  }
-  static nwpTargetMatchesNid(nid, target) {
-    const nidParts = nid.split(":");
-    if (nidParts.length < 5 || nidParts[0] !== "urn" || nidParts[1] !== "nps" || nidParts[2] !== "node") {
-      return false;
-    }
-    if (!target.startsWith("nwp://")) return false;
-    const nidAuthority = nidParts[3];
-    const nidPath = nidParts[4];
-    const rest = target.slice("nwp://".length);
-    const slashIdx = rest.indexOf("/");
-    if (slashIdx === -1) return false;
-    const urlAuthority = rest.slice(0, slashIdx);
-    const urlPath = rest.slice(slashIdx + 1);
-    if (urlAuthority !== nidAuthority) return false;
-    if (urlPath === nidPath) return true;
-    if (urlPath.startsWith(nidPath + "/")) return true;
-    return false;
-  }
-};
-ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
-var NdpAnnounceResult = {
-  ok: () => ({ isValid: true }),
-  fail: (errorCode, message) => ({ isValid: false, errorCode, message })
-};
-var NdpAnnounceValidator = class {
-  _keys = /* @__PURE__ */ new Map();
-  // nid → "ed25519:<hex>"
-  registerPublicKey(nid, encodedPubKey) {
-    this._keys.set(nid, encodedPubKey);
-  }
-  removePublicKey(nid) {
-    this._keys.delete(nid);
-  }
-  get knownPublicKeys() {
-    return this._keys;
-  }
-  validate(frame) {
-    const encoded = this._keys.get(frame.nid);
-    if (encoded === void 0) {
-      return NdpAnnounceResult.fail("NDP-ANNOUNCE-NID-MISMATCH", `No public key registered for NID: ${frame.nid}`);
-    }
-    try {
-      const prefix = "ed25519:";
-      const pubHex = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;
-      const pubKey = Buffer.from(pubHex, "hex");
-      const sig = frame.signature;
-      if (!sig.startsWith(prefix)) {
-        return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Signature must start with 'ed25519:'");
-      }
-      const sigBytes = Buffer.from(sig.slice(prefix.length), "base64");
-      const unsigned = frame.unsignedDict();
-      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());
-      const message = new TextEncoder().encode(canonical);
-      const valid = ed25519.verify(sigBytes, message, pubKey);
-      if (!valid) return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
-      return NdpAnnounceResult.ok();
-    } catch {
-      return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
-    }
-  }
-};
-
-export { AnnounceFrame, GraphFrame, InMemoryNdpRegistry, NdpAnnounceResult, NdpAnnounceValidator, ResolveFrame, registerNdpFrames };
-//# sourceMappingURL=index.js.map
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+export * from "./frames.js";
+export * from "./registry.js";
+export * from "./ndp-registry.js";
+export * from "./validator.js";
+export * from "./dns-txt.js";
 //# sourceMappingURL=index.js.map

package/dist/ndp/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/ndp/frames.ts","../../src/ndp/registry.ts","../../src/ndp/ndp-registry.ts","../../src/ndp/validator.ts"],"names":[],"mappings":";;;;AA0BO,IAAM,aAAA,GAAN,MAAM,cAAA,CAAkC;AAAA,EAI7C,YACkB,GAAA,EACA,SAAA,EACA,cACA,GAAA,EACA,SAAA,EACA,WACA,QAAA,EAChB;AAPgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAPe,GAAA;AAAA,EACA,SAAA;AAAA,EACA,YAAA;AAAA,EACA,GAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EAVT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAYT,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,WAAc,IAAA,CAAK,SAAA;AAAA,MACnB,SAAA,EAAc,KAAK,QAAA,IAAY;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA8C;AAC5D,IAAA,OAAO,IAAI,cAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,cAAc,CAAA;AAAA,MACnB,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,WAAW,CAAA;AAAA,MAChB,KAAK,WAAW,CAAA;AAAA,MACf,IAAA,CAAK,WAAW,CAAA,IAA0B;AAAA,KAC7C;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAN,MAAM,aAAA,CAAiC;AAAA,EAI5C,WAAA,CACkB,MAAA,EACA,YAAA,EACA,QAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EACf;AAAA,EAHe,MAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,QAAe,IAAA,CAAK,MAAA;AAAA,MACpB,aAAA,EAAe,KAAK,YAAA,IAAgB,IAAA;AAAA,MACpC,QAAA,EAAe,KAAK,QAAA,IAAgB;AAAA,KACtC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA6C;AAC3D,IAAA,OAAO,IAAI,aAAA;AAAA,MACT,KAAK,QAAQ,CAAA;AAAA,MACZ,IAAA,CAAK,eAAe,CAAA,IAAuB,MAAA;AAAA,MAC3C,IAAA,CAAK,UAAU,CAAA,IAAsC;AAAA,KACxD;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,WAAA,EACA,KAAA,EACA,KAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,KAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAc,IAAA,CAAK,GAAA;AAAA,MACnB,cAAc,IAAA,CAAK,WAAA;AAAA,MACnB,KAAA,EAAc,KAAK,KAAA,IAAS,IAAA;AAAA,MAC5B,KAAA,EAAc,KAAK,KAAA,IAAS;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,cAAc,CAAA;AAAA,MAClB,IAAA,CAAK,OAAO,CAAA,IAA+B,MAAA;AAAA,MAC3C,IAAA,CAAK,OAAO,CAAA,IAA0C;AAAA,KACzD;AAAA,EACF;AACF;;;ACpHO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,4BAA6B,aAAa,CAAA;AACnD,EAAA,QAAA,CAAS,2BAA6B,YAAY,CAAA;AAClD,EAAA,QAAA,CAAS,yBAA6B,UAAU,CAAA;AAClD;;;ACDO,IAAM,mBAAA,GAAN,MAAM,oBAAA,CAAoB;AAAA,EACd,MAAA,uBAAa,GAAA,EAA2B;AAAA;AAAA,EAGzD,KAAA,GAAsB,MAAM,IAAA,CAAK,GAAA,EAAI;AAAA,EAErC,SAAS,KAAA,EAA4B;AACnC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,EAAM,GAAI,MAAM,GAAA,GAAM,GAAA;AAC7C,IAAA,IAAI,KAAA,CAAM,QAAQ,CAAA,EAAG;AACnB,MAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAA,CAAK,OAAO,GAAA,CAAI,KAAA,CAAM,KAAK,EAAE,KAAA,EAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,SAAS,GAAA,EAAwC;AAC/C,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,KAAA,KAAU,QAAW,OAAO,MAAA;AAChC,IAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAClC,MAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AACtB,MAAA,OAAO,MAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA,CAAM,KAAA;AAAA,EACf;AAAA,EAEA,QAAQ,MAAA,EAA8C;AACpD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,EAAM,GAAI,KAAA,CAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AACzE,MAAA,IAAI,CAAC,oBAAA,CAAoB,mBAAA,CAAoB,GAAA,EAAK,MAAM,CAAA,EAAG;AAC3D,MAAA,MAAM,IAAA,GAAO,KAAA,CAAM,KAAA,CAAM,SAAA,CAAU,CAAC,CAAA;AACpC,MAAA,IAAI,SAAS,MAAA,EAAW;AACxB,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,KAAK,IAAA,EAAM,GAAA,EAAK,KAAA,CAAM,KAAA,CAAM,GAAA,EAAI;AAAA,IAClE;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAA,GAA0B;AACxB,IAAA,MAAM,GAAA,GAAS,KAAK,KAAA,EAAM;AAC1B,IAAA,MAAM,SAA0B,EAAC;AACjC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,MAAA,EAAQ;AACtC,MAAA,IAAI,GAAA,GAAM,MAAM,SAAA,EAAW;AAAE,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,GAAG,CAAA;AAAG,QAAA;AAAA,MAAU;AAChE,MAAA,MAAA,CAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,OAAO,mBAAA,CAAoB,GAAA,EAAa,MAAA,EAAyB;AAG/D,IAAA,MAAM,QAAA,GAAW,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC9B,IAAA,IAAI,QAAA,CAAS,MAAA,GAAS,CAAA,IAAK,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,CAAA,KAAM,KAAA,IAAS,QAAA,CAAS,CAAC,MAAM,MAAA,EAAQ;AACnG,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,CAAC,MAAA,CAAO,UAAA,CAAW,QAAQ,GAAG,OAAO,KAAA;AAEzC,IAAA,MAAM,YAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,OAAA,GAAe,SAAS,CAAC,CAAA;AAC/B,IAAA,MAAM,IAAA,GAAe,MAAA,CAAO,KAAA,CAAM,QAAA,CAAS,MAAM,CAAA;AACjD,IAAA,MAAM,QAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AACrC,IAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAE5B,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAe,IAAA,CAAK,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAE5C,IAAA,IAAI,YAAA,KAAiB,cAAc,OAAO,KAAA;AAG1C,IAAA,IAAI,OAAA,KAAY,SAAS,OAAO,IAAA;AAChC,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAA,GAAU,GAAG,GAAG,OAAO,IAAA;AAC9C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC1EQ,OAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAM,MAAA,CAAe,YAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAQhE,IAAM,iBAAA,GAAoB;AAAA,EAC/B,EAAA,EAAI,OAA0B,EAAE,OAAA,EAAS,IAAA,EAAK,CAAA;AAAA,EAC9C,IAAA,EAAM,CAAC,SAAA,EAAmB,OAAA,MAAwC,EAAE,OAAA,EAAS,KAAA,EAAO,WAAW,OAAA,EAAQ;AACzG;AAEO,IAAM,uBAAN,MAA2B;AAAA,EACf,KAAA,uBAAY,GAAA,EAAoB;AAAA;AAAA,EAEjD,iBAAA,CAAkB,KAAa,aAAA,EAA6B;AAC1D,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,aAAa,CAAA;AAAA,EACnC;AAAA,EAEA,gBAAgB,GAAA,EAAmB;AACjC,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEA,IAAI,eAAA,GAA+C;AACjD,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA,EAEA,SAAS,KAAA,EAAyC;AAChD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,MAAM,GAAG,CAAA;AACxC,IAAA,IAAI,YAAY,MAAA,EAAW;AACzB,MAAA,OAAO,kBAAkB,IAAA,CAAK,2BAAA,EAA6B,CAAA,kCAAA,EAAqC,KAAA,CAAM,GAAG,CAAA,CAAE,CAAA;AAAA,IAC7G;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAU,UAAA;AAChB,MAAA,MAAM,MAAA,GAAU,QAAQ,UAAA,CAAW,MAAM,IAAI,OAAA,CAAQ,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,GAAI,OAAA;AAC5E,MAAA,MAAM,MAAA,GAAU,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,KAAK,CAAA;AAEzC,MAAA,MAAM,MAAM,KAAA,CAAM,SAAA;AAClB,MAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC3B,QAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,sCAAsC,CAAA;AAAA,MAClG;AACA,MAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,GAAA,CAAI,MAAM,MAAA,CAAO,MAAM,GAAG,QAAQ,CAAA;AAE/D,MAAA,MAAM,QAAA,GAAY,MAAM,YAAA,EAAa;AACrC,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,QAAA,EAAU,OAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,IAAA,EAAM,CAAA;AACvE,MAAA,MAAM,OAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AAEpD,MAAA,MAAM,KAAA,GAAgB,OAAA,CAAA,MAAA,CAAO,QAAA,EAAU,OAAA,EAAS,MAAM,CAAA;AACtD,MAAA,IAAI,CAAC,KAAA,EAAO,OAAO,iBAAA,CAAkB,IAAA,CAAK,4BAA4B,wCAAwC,CAAA;AAC9G,MAAA,OAAO,kBAAkB,EAAA,EAAG;AAAA,IAC9B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,0BAAA,EAA4B,wCAAwC,CAAA;AAAA,IACpG;AAAA,EACF;AACF","file":"index.js","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface NdpAddress {\n  host:     string;\n  port:     number;\n  protocol: string;\n}\n\nexport interface NdpGraphNode {\n  nid:          string;\n  addresses:    readonly NdpAddress[];\n  capabilities: readonly string[];\n  nodeType?:    string;\n}\n\nexport interface NdpResolveResult {\n  host:              string;\n  port:              number;\n  ttl:               number;\n  certFingerprint?:  string;\n}\n\nexport class AnnounceFrame implements NpsFrame {\n  readonly frameType     = FrameType.ANNOUNCE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:          string,\n    public readonly addresses:    readonly NdpAddress[],\n    public readonly capabilities: readonly string[],\n    public readonly ttl:          number,\n    public readonly timestamp:    string,\n    public readonly signature:    string,\n    public readonly nodeType?:    string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:          this.nid,\n      addresses:    this.addresses,\n      capabilities: this.capabilities,\n      ttl:          this.ttl,\n      timestamp:    this.timestamp,\n      node_type:    this.nodeType ?? null,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): AnnounceFrame {\n    return new AnnounceFrame(\n      data[\"nid\"]          as string,\n      data[\"addresses\"]    as NdpAddress[],\n      data[\"capabilities\"] as string[],\n      data[\"ttl\"]          as number,\n      data[\"timestamp\"]    as string,\n      data[\"signature\"]    as string,\n      (data[\"node_type\"]    as string | null) ?? undefined,\n    );\n  }\n}\n\nexport class ResolveFrame implements NpsFrame {\n  readonly frameType     = FrameType.RESOLVE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly target:        string,\n    public readonly requesterNid?: string,\n    public readonly resolved?:     NdpResolveResult,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      target:        this.target,\n      requester_nid: this.requesterNid ?? null,\n      resolved:      this.resolved     ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): ResolveFrame {\n    return new ResolveFrame(\n      data[\"target\"]         as string,\n      (data[\"requester_nid\"] as string | null) ?? undefined,\n      (data[\"resolved\"]      as NdpResolveResult | null) ?? undefined,\n    );\n  }\n}\n\nexport class GraphFrame implements NpsFrame {\n  readonly frameType     = FrameType.GRAPH;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly seq:         number,\n    public readonly initialSync: boolean,\n    public readonly nodes?:      readonly NdpGraphNode[],\n    public readonly patch?:      readonly Record<string, unknown>[],\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      seq:          this.seq,\n      initial_sync: this.initialSync,\n      nodes:        this.nodes ?? null,\n      patch:        this.patch ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): GraphFrame {\n    return new GraphFrame(\n      data[\"seq\"]          as number,\n      data[\"initial_sync\"] as boolean,\n      (data[\"nodes\"] as NdpGraphNode[] | null) ?? undefined,\n      (data[\"patch\"] as Record<string, unknown>[] | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { AnnounceFrame, GraphFrame, ResolveFrame } from \"./frames.js\";\n\nexport function registerNdpFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.ANNOUNCE, AnnounceFrame);\n  registry.register(FrameType.RESOLVE,  ResolveFrame);\n  registry.register(FrameType.GRAPH,    GraphFrame);\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AnnounceFrame, NdpResolveResult } from \"./frames.js\";\n\ninterface RegistryEntry {\n  frame:     AnnounceFrame;\n  expiresAt: number;\n}\n\nexport class InMemoryNdpRegistry {\n  private readonly _store = new Map<string, RegistryEntry>();\n\n  // Replaceable for testing\n  clock: () => number = () => Date.now();\n\n  announce(frame: AnnounceFrame): void {\n    const expiresAt = this.clock() + frame.ttl * 1000;\n    if (frame.ttl === 0) {\n      this._store.delete(frame.nid);\n      return;\n    }\n    this._store.set(frame.nid, { frame, expiresAt });\n  }\n\n  getByNid(nid: string): AnnounceFrame | undefined {\n    const entry = this._store.get(nid);\n    if (entry === undefined) return undefined;\n    if (this.clock() > entry.expiresAt) {\n      this._store.delete(nid);\n      return undefined;\n    }\n    return entry.frame;\n  }\n\n  resolve(target: string): NdpResolveResult | undefined {\n    for (const [nid, entry] of this._store) {\n      if (this.clock() > entry.expiresAt) { this._store.delete(nid); continue; }\n      if (!InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target)) continue;\n      const addr = entry.frame.addresses[0];\n      if (addr === undefined) continue;\n      return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };\n    }\n    return undefined;\n  }\n\n  getAll(): AnnounceFrame[] {\n    const now    = this.clock();\n    const result: AnnounceFrame[] = [];\n    for (const [nid, entry] of this._store) {\n      if (now > entry.expiresAt) { this._store.delete(nid); continue; }\n      result.push(entry.frame);\n    }\n    return result;\n  }\n\n  static nwpTargetMatchesNid(nid: string, target: string): boolean {\n    // NID: urn:nps:node:{authority}:{path-segment}\n    // target: nwp://{authority}/{path}\n    const nidParts = nid.split(\":\");\n    if (nidParts.length < 5 || nidParts[0] !== \"urn\" || nidParts[1] !== \"nps\" || nidParts[2] !== \"node\") {\n      return false;\n    }\n    if (!target.startsWith(\"nwp://\")) return false;\n\n    const nidAuthority = nidParts[3]!;\n    const nidPath      = nidParts[4]!;\n    const rest         = target.slice(\"nwp://\".length);\n    const slashIdx     = rest.indexOf(\"/\");\n    if (slashIdx === -1) return false;\n\n    const urlAuthority = rest.slice(0, slashIdx);\n    const urlPath      = rest.slice(slashIdx + 1); // without leading slash\n\n    if (urlAuthority !== nidAuthority) return false;\n\n    // nidPath must be a prefix of urlPath at a segment boundary\n    if (urlPath === nidPath) return true;\n    if (urlPath.startsWith(nidPath + \"/\")) return true;\n    return false;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport type { AnnounceFrame } from \"./frames.js\";\n\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nexport interface NdpAnnounceResult {\n  isValid:    boolean;\n  errorCode?: string;\n  message?:   string;\n}\n\nexport const NdpAnnounceResult = {\n  ok: (): NdpAnnounceResult => ({ isValid: true }),\n  fail: (errorCode: string, message: string): NdpAnnounceResult => ({ isValid: false, errorCode, message }),\n};\n\nexport class NdpAnnounceValidator {\n  private readonly _keys = new Map<string, string>(); // nid → \"ed25519:<hex>\"\n\n  registerPublicKey(nid: string, encodedPubKey: string): void {\n    this._keys.set(nid, encodedPubKey);\n  }\n\n  removePublicKey(nid: string): void {\n    this._keys.delete(nid);\n  }\n\n  get knownPublicKeys(): ReadonlyMap<string, string> {\n    return this._keys;\n  }\n\n  validate(frame: AnnounceFrame): NdpAnnounceResult {\n    const encoded = this._keys.get(frame.nid);\n    if (encoded === undefined) {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-NID-MISMATCH\", `No public key registered for NID: ${frame.nid}`);\n    }\n\n    try {\n      const prefix  = \"ed25519:\";\n      const pubHex  = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;\n      const pubKey  = Buffer.from(pubHex, \"hex\");\n\n      const sig = frame.signature;\n      if (!sig.startsWith(prefix)) {\n        return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Signature must start with 'ed25519:'\");\n      }\n      const sigBytes = Buffer.from(sig.slice(prefix.length), \"base64\");\n\n      const unsigned  = frame.unsignedDict();\n      const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());\n      const message   = new TextEncoder().encode(canonical);\n\n      const valid = ed25519.verify(sigBytes, message, pubKey);\n      if (!valid) return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n      return NdpAnnounceResult.ok();\n    } catch {\n      return NdpAnnounceResult.fail(\"NDP-ANNOUNCE-SIG-INVALID\", \"Ed25519 signature verification failed.\");\n    }\n  }\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ndp/index.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC"}

package/dist/ndp/ndp-registry.d.ts

@@ -1,4 +1,5 @@
 import type { AnnounceFrame, NdpResolveResult } from "./frames.js";
+import { type DnsTxtLookup } from "./dns-txt.js";
 export declare class InMemoryNdpRegistry {
     private readonly _store;
     clock: () => number;
@@ -6,6 +7,7 @@ export declare class InMemoryNdpRegistry {
     getByNid(nid: string): AnnounceFrame | undefined;
     resolve(target: string): NdpResolveResult | undefined;
     getAll(): AnnounceFrame[];
+    resolveWithDns(target: string, resolver?: DnsTxtLookup): Promise<NdpResolveResult | undefined>;
     static nwpTargetMatchesNid(nid: string, target: string): boolean;
 }
 //# sourceMappingURL=ndp-registry.d.ts.map

package/dist/ndp/ndp-registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ndp-registry.d.ts","sourceRoot":"","sources":["../../src/ndp/ndp-registry.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAOnE,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoC;IAG3D,KAAK,EAAE,MAAM,MAAM,CAAoB;IAEvC,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IASpC,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAUhD,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAWrD,MAAM,IAAI,aAAa,EAAE;IAUzB,MAAM,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;CAyBjE"}
+{"version":3,"file":"ndp-registry.d.ts","sourceRoot":"","sources":["../../src/ndp/ndp-registry.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAIL,KAAK,YAAY,EAClB,MAAM,cAAc,CAAC;AAOtB,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoC;IAG3D,KAAK,EAAE,MAAM,MAAM,CAAoB;IAEvC,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IASpC,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAUhD,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAWrD,MAAM,IAAI,aAAa,EAAE;IAUnB,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,QAAQ,GAAE,YAAuC,GAChD,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC;IAyBxC,MAAM,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;CAyBjE"}

package/dist/ndp/ndp-registry.js

@@ -0,0 +1,104 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+import { extractHostFromTarget, parseNpsTxtRecord, SystemDnsTxtLookup, } from "./dns-txt.js";
+export class InMemoryNdpRegistry {
+    _store = new Map();
+    // Replaceable for testing
+    clock = () => Date.now();
+    announce(frame) {
+        const expiresAt = this.clock() + frame.ttl * 1000;
+        if (frame.ttl === 0) {
+            this._store.delete(frame.nid);
+            return;
+        }
+        this._store.set(frame.nid, { frame, expiresAt });
+    }
+    getByNid(nid) {
+        const entry = this._store.get(nid);
+        if (entry === undefined)
+            return undefined;
+        if (this.clock() > entry.expiresAt) {
+            this._store.delete(nid);
+            return undefined;
+        }
+        return entry.frame;
+    }
+    resolve(target) {
+        for (const [nid, entry] of this._store) {
+            if (this.clock() > entry.expiresAt) {
+                this._store.delete(nid);
+                continue;
+            }
+            if (!InMemoryNdpRegistry.nwpTargetMatchesNid(nid, target))
+                continue;
+            const addr = entry.frame.addresses[0];
+            if (addr === undefined)
+                continue;
+            return { host: addr.host, port: addr.port, ttl: entry.frame.ttl };
+        }
+        return undefined;
+    }
+    getAll() {
+        const now = this.clock();
+        const result = [];
+        for (const [nid, entry] of this._store) {
+            if (now > entry.expiresAt) {
+                this._store.delete(nid);
+                continue;
+            }
+            result.push(entry.frame);
+        }
+        return result;
+    }
+    async resolveWithDns(target, resolver = new SystemDnsTxtLookup()) {
+        // 1. Try in-memory registry first
+        const cached = this.resolve(target);
+        if (cached !== undefined)
+            return cached;
+        // 2. Extract hostname and fall back to DNS TXT lookup
+        const host = extractHostFromTarget(target);
+        if (host === undefined)
+            return undefined;
+        const txtHost = `_nps-node.${host}`;
+        let records;
+        try {
+            records = await resolver.resolveTxt(txtHost);
+        }
+        catch {
+            return undefined;
+        }
+        for (const record of records) {
+            const result = parseNpsTxtRecord(record, host);
+            if (result !== undefined)
+                return result;
+        }
+        return undefined;
+    }
+    static nwpTargetMatchesNid(nid, target) {
+        // NID: urn:nps:node:{authority}:{path-segment}
+        // target: nwp://{authority}/{path}
+        const nidParts = nid.split(":");
+        if (nidParts.length < 5 || nidParts[0] !== "urn" || nidParts[1] !== "nps" || nidParts[2] !== "node") {
+            return false;
+        }
+        if (!target.startsWith("nwp://"))
+            return false;
+        const nidAuthority = nidParts[3];
+        const nidPath = nidParts[4];
+        const rest = target.slice("nwp://".length);
+        const slashIdx = rest.indexOf("/");
+        if (slashIdx === -1)
+            return false;
+        const urlAuthority = rest.slice(0, slashIdx);
+        const urlPath = rest.slice(slashIdx + 1); // without leading slash
+        if (urlAuthority !== nidAuthority)
+            return false;
+        // nidPath must be a prefix of urlPath at a segment boundary
+        if (urlPath === nidPath)
+            return true;
+        if (urlPath.startsWith(nidPath + "/"))
+            return true;
+        return false;
+    }
+}
+//# sourceMappingURL=ndp-registry.js.map

package/dist/ndp/ndp-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ndp-registry.js","sourceRoot":"","sources":["../../src/ndp/ndp-registry.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAGtC,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,GAEnB,MAAM,cAAc,CAAC;AAOtB,MAAM,OAAO,mBAAmB;IACb,MAAM,GAAG,IAAI,GAAG,EAAyB,CAAC;IAE3D,0BAA0B;IAC1B,KAAK,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvC,QAAQ,CAAC,KAAoB;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC;QAClD,IAAI,KAAK,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,QAAQ,CAAC,GAAW;QAClB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,OAAO,CAAC,MAAc;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC1E,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC;gBAAE,SAAS;YACpE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,IAAI,KAAK,SAAS;gBAAE,SAAS;YACjC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACpE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM;QACJ,MAAM,GAAG,GAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAoB,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvC,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,MAAc,EACd,WAAyB,IAAI,kBAAkB,EAAE;QAEjD,kCAAkC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC;QAExC,sDAAsD;QACtD,MAAM,IAAI,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAEzC,MAAM,OAAO,GAAG,aAAa,IAAI,EAAE,CAAC;QACpC,IAAI,OAAmB,CAAC;QACxB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC/C,IAAI,MAAM,KAAK,SAAS;gBAAE,OAAO,MAAM,CAAC;QAC1C,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,CAAC,mBAAmB,CAAC,GAAW,EAAE,MAAc;QACpD,+CAA+C;QAC/C,mCAAmC;QACnC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;YACpG,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAE/C,MAAM,YAAY,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;QAClC,MAAM,OAAO,GAAQ,QAAQ,CAAC,CAAC,CAAE,CAAC;QAClC,MAAM,IAAI,GAAW,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAElC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,wBAAwB;QAEvE,IAAI,YAAY,KAAK,YAAY;YAAE,OAAO,KAAK,CAAC;QAEhD,4DAA4D;QAC5D,IAAI,OAAO,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QACrC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/ndp/registry.js

@@ -0,0 +1,10 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+import { FrameType } from "../core/frames.js";
+import { AnnounceFrame, GraphFrame, ResolveFrame } from "./frames.js";
+export function registerNdpFrames(registry) {
+    registry.register(FrameType.ANNOUNCE, AnnounceFrame);
+    registry.register(FrameType.RESOLVE, ResolveFrame);
+    registry.register(FrameType.GRAPH, GraphFrame);
+}
+//# sourceMappingURL=registry.js.map

package/dist/ndp/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/ndp/registry.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAGtC,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEtE,MAAM,UAAU,iBAAiB,CAAC,QAAuB;IACvD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACrD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAG,YAAY,CAAC,CAAC;IACpD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,EAAK,UAAU,CAAC,CAAC;AACpD,CAAC"}

package/dist/ndp/validator.js

@@ -0,0 +1,48 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+import * as ed25519 from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
+export const NdpAnnounceResult = {
+    ok: () => ({ isValid: true }),
+    fail: (errorCode, message) => ({ isValid: false, errorCode, message }),
+};
+export class NdpAnnounceValidator {
+    _keys = new Map(); // nid → "ed25519:<hex>"
+    registerPublicKey(nid, encodedPubKey) {
+        this._keys.set(nid, encodedPubKey);
+    }
+    removePublicKey(nid) {
+        this._keys.delete(nid);
+    }
+    get knownPublicKeys() {
+        return this._keys;
+    }
+    validate(frame) {
+        const encoded = this._keys.get(frame.nid);
+        if (encoded === undefined) {
+            return NdpAnnounceResult.fail("NDP-ANNOUNCE-NID-MISMATCH", `No public key registered for NID: ${frame.nid}`);
+        }
+        try {
+            const prefix = "ed25519:";
+            const pubHex = encoded.startsWith(prefix) ? encoded.slice(prefix.length) : encoded;
+            const pubKey = Buffer.from(pubHex, "hex");
+            const sig = frame.signature;
+            if (!sig.startsWith(prefix)) {
+                return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Signature must start with 'ed25519:'");
+            }
+            const sigBytes = Buffer.from(sig.slice(prefix.length), "base64");
+            const unsigned = frame.unsignedDict();
+            const canonical = JSON.stringify(unsigned, Object.keys(unsigned).sort());
+            const message = new TextEncoder().encode(canonical);
+            const valid = ed25519.verify(sigBytes, message, pubKey);
+            if (!valid)
+                return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
+            return NdpAnnounceResult.ok();
+        }
+        catch {
+            return NdpAnnounceResult.fail("NDP-ANNOUNCE-SIG-INVALID", "Ed25519 signature verification failed.");
+        }
+    }
+}
+//# sourceMappingURL=validator.js.map

package/dist/ndp/validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/ndp/validator.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAG9C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAQzE,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,EAAE,EAAE,GAAsB,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAChD,IAAI,EAAE,CAAC,SAAiB,EAAE,OAAe,EAAqB,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;CAC1G,CAAC;AAEF,MAAM,OAAO,oBAAoB;IACd,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,wBAAwB;IAE5E,iBAAiB,CAAC,GAAW,EAAE,aAAqB;QAClD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACrC,CAAC;IAED,eAAe,CAAC,GAAW;QACzB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,QAAQ,CAAC,KAAoB;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,iBAAiB,CAAC,IAAI,CAAC,2BAA2B,EAAE,qCAAqC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/G,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAI,UAAU,CAAC;YAC3B,MAAM,MAAM,GAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACpF,MAAM,MAAM,GAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAE3C,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC;YAC5B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5B,OAAO,iBAAiB,CAAC,IAAI,CAAC,0BAA0B,EAAE,sCAAsC,CAAC,CAAC;YACpG,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAEjE,MAAM,QAAQ,GAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACzE,MAAM,OAAO,GAAK,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAEtD,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YACxD,IAAI,CAAC,KAAK;gBAAE,OAAO,iBAAiB,CAAC,IAAI,CAAC,0BAA0B,EAAE,wCAAwC,CAAC,CAAC;YAChH,OAAO,iBAAiB,CAAC,EAAE,EAAE,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,iBAAiB,CAAC,IAAI,CAAC,0BAA0B,EAAE,wCAAwC,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;CACF"}

package/dist/nip/acme/client.d.ts

@@ -0,0 +1,31 @@
+export interface AcmeClientOptions {
+    /** ACME directory URL. */
+    directoryUrl: string;
+    /** Account/agent Ed25519 private key (32-byte raw). */
+    privateKey: Uint8Array;
+    /** Account/agent Ed25519 public key (32-byte raw). */
+    publicKey: Uint8Array;
+    /** Web Crypto Ed25519 keypair for CSR signing (must match privateKey). */
+    webCryptoKeys: CryptoKeyPair;
+}
+export declare class AcmeClient {
+    readonly options: AcmeClientOptions;
+    private directory;
+    private accountUrl;
+    private lastNonce;
+    constructor(options: AcmeClientOptions);
+    /** Drive the full agent-01 flow for `nid`. Returns issued PEM cert chain. */
+    issueAgentCert(nid: string): Promise<string>;
+    private ensureDirectory;
+    private refreshNonce;
+    private newAccount;
+    private newOrder;
+    private fetchAuthz;
+    private respondAgent01;
+    private finalizeOrder;
+    private downloadPem;
+    private post;
+    private captureNonce;
+    private buildCsr;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/nip/acme/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/nip/acme/client.ts"],"names":[],"mappings":"AAwBA,MAAM,WAAW,iBAAiB;IAChC,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,UAAU,EAAI,UAAU,CAAC;IACzB,sDAAsD;IACtD,SAAS,EAAK,UAAU,CAAC;IACzB,0EAA0E;IAC1E,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED,qBAAa,UAAU;aAKO,OAAO,EAAE,iBAAiB;IAJtD,OAAO,CAAC,SAAS,CAA2B;IAC5C,OAAO,CAAC,UAAU,CAA0B;IAC5C,OAAO,CAAC,SAAS,CAA2B;gBAEhB,OAAO,EAAE,iBAAiB;IAEtD,6EAA6E;IACvE,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAYpC,eAAe;YAQf,YAAY;YASZ,UAAU;YAcV,QAAQ;YAcR,UAAU;YAYV,cAAc;YAiBd,aAAa;YAYb,WAAW;YAaX,IAAI;IAQlB,OAAO,CAAC,YAAY;YAKN,QAAQ;CAWvB"}

package/dist/nip/acme/client.js

@@ -0,0 +1,136 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * ACME client implementing the `agent-01` challenge type per NPS-RFC-0002 §4.4.
+ *
+ * Flow: newNonce → newAccount → newOrder → fetch authz → sign challenge token →
+ * finalize with CSR → fetch leaf cert.
+ */
+import * as ed25519 from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import * as x509 from "@peculiar/x509";
+import * as Jws from "./jws.js";
+import * as wire from "./wire.js";
+ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
+x509.cryptoProvider.set(globalThis.crypto);
+export class AcmeClient {
+    options;
+    directory = null;
+    accountUrl = null;
+    lastNonce = null;
+    constructor(options) {
+        this.options = options;
+    }
+    /** Drive the full agent-01 flow for `nid`. Returns issued PEM cert chain. */
+    async issueAgentCert(nid) {
+        await this.ensureDirectory();
+        if (this.accountUrl === null)
+            await this.newAccount();
+        const order = await this.newOrder(nid);
+        const authz = await this.fetchAuthz(order.authorizations[0]);
+        await this.respondAgent01(authz);
+        const finalized = await this.finalizeOrder(order, nid);
+        return this.downloadPem(finalized.certificate);
+    }
+    // ── Stages ───────────────────────────────────────────────────────────────
+    async ensureDirectory() {
+        if (this.directory !== null)
+            return;
+        const resp = await fetch(this.options.directoryUrl);
+        ensureSuccess(resp);
+        this.directory = await resp.json();
+        await this.refreshNonce();
+    }
+    async refreshNonce() {
+        const resp = await fetch(this.directory.newNonce, { method: "HEAD" });
+        ensureSuccess(resp);
+        this.lastNonce = resp.headers.get("Replay-Nonce");
+        if (this.lastNonce === null) {
+            throw new Error("server omitted Replay-Nonce");
+        }
+    }
+    async newAccount() {
+        const jwk = Jws.jwkFromPublicKey(this.options.publicKey);
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url: this.directory.newAccount, jwk }, { termsOfServiceAgreed: true }, this.options.privateKey);
+        const resp = await this.post(this.directory.newAccount, env);
+        ensureSuccess(resp);
+        this.accountUrl = resp.headers.get("Location");
+        if (this.accountUrl === null)
+            throw new Error("server omitted account Location");
+        this.captureNonce(resp);
+    }
+    async newOrder(nid) {
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url: this.directory.newOrder, kid: this.accountUrl }, {
+            identifiers: [{ type: wire.IDENTIFIER_TYPE_NID, value: nid }],
+        }, this.options.privateKey);
+        const resp = await this.post(this.directory.newOrder, env);
+        ensureSuccess(resp);
+        this.captureNonce(resp);
+        return await resp.json();
+    }
+    async fetchAuthz(url) {
+        // POST-as-GET (RFC 8555 §6.3).
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url, kid: this.accountUrl }, null, this.options.privateKey);
+        const resp = await this.post(url, env);
+        ensureSuccess(resp);
+        this.captureNonce(resp);
+        return await resp.json();
+    }
+    async respondAgent01(authz) {
+        const challenge = authz.challenges.find((c) => c.type === wire.CHALLENGE_AGENT_01);
+        if (!challenge)
+            throw new Error("authz has no agent-01 challenge");
+        // Sign the challenge token with the account/NID private key.
+        const tokenBytes = new TextEncoder().encode(challenge.token);
+        const sig = ed25519.sign(tokenBytes, this.options.privateKey);
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url: challenge.url, kid: this.accountUrl }, { agent_signature: Jws.b64uEncode(sig) }, this.options.privateKey);
+        const resp = await this.post(challenge.url, env);
+        ensureSuccess(resp);
+        this.captureNonce(resp);
+    }
+    async finalizeOrder(order, nid) {
+        const csrDer = await this.buildCsr(nid);
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url: order.finalize, kid: this.accountUrl }, { csr: Jws.b64uEncode(csrDer) }, this.options.privateKey);
+        const resp = await this.post(order.finalize, env);
+        ensureSuccess(resp);
+        this.captureNonce(resp);
+        return await resp.json();
+    }
+    async downloadPem(certUrl) {
+        const env = Jws.sign({ alg: Jws.ALG_EDDSA, nonce: this.lastNonce, url: certUrl, kid: this.accountUrl }, null, this.options.privateKey);
+        const resp = await this.post(certUrl, env);
+        ensureSuccess(resp);
+        this.captureNonce(resp);
+        return await resp.text();
+    }
+    // ── helpers ──────────────────────────────────────────────────────────────
+    async post(url, env) {
+        return await fetch(url, {
+            method: "POST",
+            headers: { "Content-Type": wire.CONTENT_TYPE_JOSE_JSON },
+            body: JSON.stringify(env),
+        });
+    }
+    captureNonce(resp) {
+        const nonce = resp.headers.get("Replay-Nonce");
+        if (nonce !== null)
+            this.lastNonce = nonce;
+    }
+    async buildCsr(nid) {
+        const csr = await x509.Pkcs10CertificateRequestGenerator.create({
+            name: `CN=${nid.replace(/([",+;<>\\])/g, "\\$1")}`,
+            keys: this.options.webCryptoKeys,
+            signingAlgorithm: { name: "Ed25519" },
+            extensions: [
+                new x509.SubjectAlternativeNameExtension([{ type: "url", value: nid }], false),
+            ],
+        });
+        return new Uint8Array(csr.rawData);
+    }
+}
+function ensureSuccess(resp) {
+    if (!resp.ok) {
+        throw new Error(`ACME ${resp.url} HTTP ${resp.status}`);
+    }
+}
+//# sourceMappingURL=client.js.map