npm - @labacacia/nps-sdk - Versions diffs - 1.0.0-alpha.5 → 1.0.0-alpha.7 - Mend

@labacacia/nps-sdk 1.0.0-alpha.5 → 1.0.0-alpha.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

package/CHANGELOG.cn.md +29 -5
package/CHANGELOG.md +29 -5
package/LICENSE +0 -0
package/NOTICE +0 -0
package/README.cn.md +8 -13
package/README.md +8 -13
package/dist/nip/index.d.ts +1 -0
package/dist/nip/index.d.ts.map +1 -1
package/dist/nip/index.js +2 -0
package/dist/nip/index.js.map +1 -1
package/dist/nip/reputation-client.d.ts +116 -0
package/dist/nip/reputation-client.d.ts.map +1 -0
package/dist/nip/reputation-client.js +261 -0
package/dist/nip/reputation-client.js.map +1 -0
package/dist/nip/x509/oids.d.ts +9 -10
package/dist/nip/x509/oids.d.ts.map +1 -1
package/dist/nip/x509/oids.js +3 -4
package/dist/nip/x509/oids.js.map +1 -1
package/dist/nwp/anchor-client.d.ts +109 -0
package/dist/nwp/anchor-client.d.ts.map +1 -0
package/dist/nwp/anchor-client.js +279 -0
package/dist/nwp/anchor-client.js.map +1 -0
package/dist/nwp/index.d.ts +1 -1
package/dist/nwp/index.d.ts.map +1 -1
package/dist/nwp/index.js +1 -1
package/dist/nwp/index.js.map +1 -1
package/doc/nps-sdk.core.cn.md +0 -0
package/doc/nps-sdk.core.md +0 -0
package/doc/nps-sdk.ncp.cn.md +0 -0
package/doc/nps-sdk.ncp.md +0 -0
package/doc/nps-sdk.ndp.cn.md +0 -0
package/doc/nps-sdk.ndp.md +0 -0
package/doc/nps-sdk.nop.cn.md +0 -0
package/doc/nps-sdk.nop.md +0 -0
package/doc/overview.cn.md +0 -0
package/doc/overview.md +0 -0
package/package.json +12 -1
package/CONTRIBUTING.cn.md +0 -35
package/CONTRIBUTING.md +0 -35
package/dist/nwp/error-codes.d.ts +0 -42
package/dist/nwp/error-codes.d.ts.map +0 -1
package/dist/nwp/error-codes.js +0 -53
package/dist/nwp/error-codes.js.map +0 -1
package/nip-ca-server/Dockerfile +0 -27
package/nip-ca-server/README.md +0 -45
package/nip-ca-server/db/001_init.sql +0 -25
package/nip-ca-server/docker-compose.yml +0 -29
package/nip-ca-server/package.json +0 -23
package/nip-ca-server/src/ca.ts +0 -155
package/nip-ca-server/src/db.ts +0 -104
package/nip-ca-server/src/index.ts +0 -157
package/nip-ca-server/tsconfig.json +0 -13
package/src/core/anchor-cache.ts +0 -129
package/src/core/cache.ts +0 -93
package/src/core/canonical-json.ts +0 -50
package/src/core/codec.ts +0 -158
package/src/core/codecs/index.ts +0 -5
package/src/core/codecs/ncp-codec.ts +0 -170
package/src/core/codecs/tier1-json-codec.ts +0 -33
package/src/core/codecs/tier2-msgpack-codec.ts +0 -30
package/src/core/crypto-provider.ts +0 -47
package/src/core/exceptions.ts +0 -57
package/src/core/frame-header.ts +0 -282
package/src/core/frame-registry.ts +0 -91
package/src/core/frames.ts +0 -184
package/src/core/index.ts +0 -42
package/src/core/registry.ts +0 -28
package/src/core/status-codes.ts +0 -47
package/src/index.ts +0 -10
package/src/ncp/frames/anchor-frame.ts +0 -87
package/src/ncp/frames/caps-frame.ts +0 -59
package/src/ncp/frames/diff-frame.ts +0 -69
package/src/ncp/frames/error-frame.ts +0 -26
package/src/ncp/frames/hello-frame.ts +0 -50
package/src/ncp/frames/stream-frame.ts +0 -35
package/src/ncp/frames.ts +0 -251
package/src/ncp/handshake.ts +0 -95
package/src/ncp/index.ts +0 -13
package/src/ncp/ncp-error-codes.ts +0 -36
package/src/ncp/ncp-patch-format.ts +0 -16
package/src/ncp/preamble.ts +0 -79
package/src/ncp/registry.ts +0 -15
package/src/ncp/stream-manager.ts +0 -212
package/src/ndp/dns-txt.ts +0 -86
package/src/ndp/frames.ts +0 -124
package/src/ndp/index.ts +0 -8
package/src/ndp/ndp-registry.ts +0 -116
package/src/ndp/registry.ts +0 -12
package/src/ndp/validator.ts +0 -64
package/src/nip/acme/client.ts +0 -185
package/src/nip/acme/index.ts +0 -8
package/src/nip/acme/jws.ts +0 -109
package/src/nip/acme/messages.ts +0 -85
package/src/nip/acme/server.ts +0 -480
package/src/nip/acme/wire.ts +0 -24
package/src/nip/assurance-level.ts +0 -40
package/src/nip/cert-format.ts +0 -9
package/src/nip/error-codes.ts +0 -38
package/src/nip/frames.ts +0 -138
package/src/nip/identity.ts +0 -113
package/src/nip/index.ts +0 -14
package/src/nip/registry.ts +0 -12
package/src/nip/verifier.ts +0 -122
package/src/nip/x509/builder.ts +0 -91
package/src/nip/x509/index.ts +0 -6
package/src/nip/x509/oids.ts +0 -28
package/src/nip/x509/verifier.ts +0 -214
package/src/nop/client.ts +0 -103
package/src/nop/frames.ts +0 -181
package/src/nop/index.ts +0 -7
package/src/nop/models.ts +0 -79
package/src/nop/nop-types.ts +0 -208
package/src/nop/registry.ts +0 -13
package/src/nwp/client.ts +0 -114
package/src/nwp/error-codes.ts +0 -62
package/src/nwp/frames.ts +0 -116
package/src/nwp/index.ts +0 -7
package/src/nwp/registry.ts +0 -11
package/src/setup.ts +0 -32
package/tests/_rfc0002-keys.ts +0 -57
package/tests/core/anchor-cache.test.ts +0 -242
package/tests/core/codec.test.ts +0 -205
package/tests/core/frame-registry.test.ts +0 -46
package/tests/core.test.ts +0 -327
package/tests/ncp/diff-binary-bitset.test.ts +0 -107
package/tests/ncp/e2e-enc-reject.test.ts +0 -93
package/tests/ncp/err-error-frame.test.ts +0 -152
package/tests/ncp/frames.test.ts +0 -359
package/tests/ncp/framing.test.ts +0 -233
package/tests/ncp/hello-frame.test.ts +0 -122
package/tests/ncp/inline-anchor.test.ts +0 -88
package/tests/ncp/preamble.test.ts +0 -93
package/tests/ncp/security.test.ts +0 -184
package/tests/ncp/stream-window.test.ts +0 -167
package/tests/ncp/stream.test.ts +0 -242
package/tests/ncp/version-negotiation.test.ts +0 -123
package/tests/ndp.test.ts +0 -377
package/tests/nip-acme-agent01.test.ts +0 -192
package/tests/nip-x509.test.ts +0 -280
package/tests/nip.test.ts +0 -184
package/tests/nop.test.ts +0 -344
package/tests/nwp.test.ts +0 -237
package/tsconfig.json +0 -20
package/tsup.config.ts +0 -20
package/vitest.config.ts +0 -10

package/dist/nwp/error-codes.js DELETED Viewed

@@ -1,53 +0,0 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-/** NWP error code wire constants — mirror of `spec/error-codes.md` NWP section. */
-// ── Auth ─────────────────────────────────────────────────────────────────────
-export const AUTH_NID_SCOPE_VIOLATION = "NWP-AUTH-NID-SCOPE-VIOLATION";
-export const AUTH_NID_EXPIRED = "NWP-AUTH-NID-EXPIRED";
-export const AUTH_NID_REVOKED = "NWP-AUTH-NID-REVOKED";
-export const AUTH_NID_UNTRUSTED_ISSUER = "NWP-AUTH-NID-UNTRUSTED-ISSUER";
-export const AUTH_NID_CAPABILITY_MISSING = "NWP-AUTH-NID-CAPABILITY-MISSING";
-export const AUTH_ASSURANCE_TOO_LOW = "NWP-AUTH-ASSURANCE-TOO-LOW";
-export const AUTH_REPUTATION_BLOCKED = "NWP-AUTH-REPUTATION-BLOCKED";
-// ── Query ─────────────────────────────────────────────────────────────────────
-export const QUERY_FILTER_INVALID = "NWP-QUERY-FILTER-INVALID";
-export const QUERY_FIELD_UNKNOWN = "NWP-QUERY-FIELD-UNKNOWN";
-export const QUERY_CURSOR_INVALID = "NWP-QUERY-CURSOR-INVALID";
-export const QUERY_REGEX_UNSAFE = "NWP-QUERY-REGEX-UNSAFE";
-export const QUERY_VECTOR_UNSUPPORTED = "NWP-QUERY-VECTOR-UNSUPPORTED";
-export const QUERY_AGGREGATE_UNSUPPORTED = "NWP-QUERY-AGGREGATE-UNSUPPORTED";
-export const QUERY_AGGREGATE_INVALID = "NWP-QUERY-AGGREGATE-INVALID";
-export const QUERY_STREAM_UNSUPPORTED = "NWP-QUERY-STREAM-UNSUPPORTED";
-// ── Action ────────────────────────────────────────────────────────────────────
-export const ACTION_NOT_FOUND = "NWP-ACTION-NOT-FOUND";
-export const ACTION_PARAMS_INVALID = "NWP-ACTION-PARAMS-INVALID";
-export const ACTION_IDEMPOTENCY_CONFLICT = "NWP-ACTION-IDEMPOTENCY-CONFLICT";
-// ── Task ──────────────────────────────────────────────────────────────────────
-export const TASK_NOT_FOUND = "NWP-TASK-NOT-FOUND";
-export const TASK_ALREADY_CANCELLED = "NWP-TASK-ALREADY-CANCELLED";
-export const TASK_ALREADY_COMPLETED = "NWP-TASK-ALREADY-COMPLETED";
-export const TASK_ALREADY_FAILED = "NWP-TASK-ALREADY-FAILED";
-// ── Subscribe ─────────────────────────────────────────────────────────────────
-export const SUBSCRIBE_STREAM_NOT_FOUND = "NWP-SUBSCRIBE-STREAM-NOT-FOUND";
-export const SUBSCRIBE_LIMIT_EXCEEDED = "NWP-SUBSCRIBE-LIMIT-EXCEEDED";
-export const SUBSCRIBE_FILTER_UNSUPPORTED = "NWP-SUBSCRIBE-FILTER-UNSUPPORTED";
-export const SUBSCRIBE_INTERRUPTED = "NWP-SUBSCRIBE-INTERRUPTED";
-export const SUBSCRIBE_SEQ_TOO_OLD = "NWP-SUBSCRIBE-SEQ-TOO-OLD";
-// ── Infrastructure ────────────────────────────────────────────────────────────
-export const BUDGET_EXCEEDED = "NWP-BUDGET-EXCEEDED";
-export const DEPTH_EXCEEDED = "NWP-DEPTH-EXCEEDED";
-export const GRAPH_CYCLE = "NWP-GRAPH-CYCLE";
-export const NODE_UNAVAILABLE = "NWP-NODE-UNAVAILABLE";
-export const RATE_LIMIT_EXCEEDED = "NWP-RATE-LIMIT-EXCEEDED";
-// ── Manifest ──────────────────────────────────────────────────────────────────
-export const MANIFEST_VERSION_UNSUPPORTED = "NWP-MANIFEST-VERSION-UNSUPPORTED";
-export const MANIFEST_NODE_TYPE_REMOVED = "NWP-MANIFEST-NODE-TYPE-REMOVED";
-export const MANIFEST_NODE_TYPE_UNKNOWN = "NWP-MANIFEST-NODE-TYPE-UNKNOWN";
-// ── Topology (alpha.4+) ───────────────────────────────────────────────────────
-export const TOPOLOGY_UNAUTHORIZED = "NWP-TOPOLOGY-UNAUTHORIZED";
-export const TOPOLOGY_UNSUPPORTED_SCOPE = "NWP-TOPOLOGY-UNSUPPORTED-SCOPE";
-export const TOPOLOGY_DEPTH_UNSUPPORTED = "NWP-TOPOLOGY-DEPTH-UNSUPPORTED";
-export const TOPOLOGY_FILTER_UNSUPPORTED = "NWP-TOPOLOGY-FILTER-UNSUPPORTED";
-// ── Reserved type (alpha.5+) ─────────────────────────────────────────────────
-export const RESERVED_TYPE_UNSUPPORTED = "NWP-RESERVED-TYPE-UNSUPPORTED";
-//# sourceMappingURL=error-codes.js.map

package/dist/nwp/error-codes.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../../src/nwp/error-codes.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,mFAAmF;AAEnF,gFAAgF;AAChF,MAAM,CAAC,MAAM,wBAAwB,GAAM,8BAA8B,CAAC;AAC1E,MAAM,CAAC,MAAM,gBAAgB,GAAc,sBAAsB,CAAC;AAClE,MAAM,CAAC,MAAM,gBAAgB,GAAc,sBAAsB,CAAC;AAClE,MAAM,CAAC,MAAM,yBAAyB,GAAK,+BAA+B,CAAC;AAC3E,MAAM,CAAC,MAAM,2BAA2B,GAAG,iCAAiC,CAAC;AAC7E,MAAM,CAAC,MAAM,sBAAsB,GAAQ,4BAA4B,CAAC;AACxE,MAAM,CAAC,MAAM,uBAAuB,GAAO,6BAA6B,CAAC;AAEzE,iFAAiF;AACjF,MAAM,CAAC,MAAM,oBAAoB,GAAU,0BAA0B,CAAC;AACtE,MAAM,CAAC,MAAM,mBAAmB,GAAW,yBAAyB,CAAC;AACrE,MAAM,CAAC,MAAM,oBAAoB,GAAU,0BAA0B,CAAC;AACtE,MAAM,CAAC,MAAM,kBAAkB,GAAY,wBAAwB,CAAC;AACpE,MAAM,CAAC,MAAM,wBAAwB,GAAM,8BAA8B,CAAC;AAC1E,MAAM,CAAC,MAAM,2BAA2B,GAAG,iCAAiC,CAAC;AAC7E,MAAM,CAAC,MAAM,uBAAuB,GAAO,6BAA6B,CAAC;AACzE,MAAM,CAAC,MAAM,wBAAwB,GAAM,8BAA8B,CAAC;AAE1E,iFAAiF;AACjF,MAAM,CAAC,MAAM,gBAAgB,GAAc,sBAAsB,CAAC;AAClE,MAAM,CAAC,MAAM,qBAAqB,GAAS,2BAA2B,CAAC;AACvE,MAAM,CAAC,MAAM,2BAA2B,GAAG,iCAAiC,CAAC;AAE7E,iFAAiF;AACjF,MAAM,CAAC,MAAM,cAAc,GAAW,oBAAoB,CAAC;AAC3D,MAAM,CAAC,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AACnE,MAAM,CAAC,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AACnE,MAAM,CAAC,MAAM,mBAAmB,GAAM,yBAAyB,CAAC;AAEhE,iFAAiF;AACjF,MAAM,CAAC,MAAM,0BAA0B,GAAK,gCAAgC,CAAC;AAC7E,MAAM,CAAC,MAAM,wBAAwB,GAAO,8BAA8B,CAAC;AAC3E,MAAM,CAAC,MAAM,4BAA4B,GAAG,kCAAkC,CAAC;AAC/E,MAAM,CAAC,MAAM,qBAAqB,GAAU,2BAA2B,CAAC;AACxE,MAAM,CAAC,MAAM,qBAAqB,GAAU,2BAA2B,CAAC;AAExE,iFAAiF;AACjF,MAAM,CAAC,MAAM,eAAe,GAAQ,qBAAqB,CAAC;AAC1D,MAAM,CAAC,MAAM,cAAc,GAAS,oBAAoB,CAAC;AACzD,MAAM,CAAC,MAAM,WAAW,GAAY,iBAAiB,CAAC;AACtD,MAAM,CAAC,MAAM,gBAAgB,GAAO,sBAAsB,CAAC;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAI,yBAAyB,CAAC;AAE9D,iFAAiF;AACjF,MAAM,CAAC,MAAM,4BAA4B,GAAG,kCAAkC,CAAC;AAC/E,MAAM,CAAC,MAAM,0BAA0B,GAAK,gCAAgC,CAAC;AAC7E,MAAM,CAAC,MAAM,0BAA0B,GAAK,gCAAgC,CAAC;AAE7E,iFAAiF;AACjF,MAAM,CAAC,MAAM,qBAAqB,GAAS,2BAA2B,CAAC;AACvE,MAAM,CAAC,MAAM,0BAA0B,GAAI,gCAAgC,CAAC;AAC5E,MAAM,CAAC,MAAM,0BAA0B,GAAI,gCAAgC,CAAC;AAC5E,MAAM,CAAC,MAAM,2BAA2B,GAAG,iCAAiC,CAAC;AAE7E,gFAAgF;AAChF,MAAM,CAAC,MAAM,yBAAyB,GAAG,+BAA+B,CAAC"}

package/nip-ca-server/Dockerfile DELETED Viewed

@@ -1,27 +0,0 @@
-FROM node:22-alpine AS build
-WORKDIR /app
-COPY package*.json ./
-RUN npm ci
-COPY tsconfig.json .
-COPY src ./src
-COPY db ./db
-RUN npm run build
-FROM node:22-alpine AS runtime
-WORKDIR /app
-RUN addgroup -g 1001 nipca \
- && adduser -u 1001 -G nipca -D nipca \
- && mkdir -p /data && chown nipca:nipca /data
-COPY --from=build /app/dist ./dist
-COPY --from=build /app/node_modules ./node_modules
-COPY db ./db
-USER nipca
-EXPOSE 17440
-HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
-  CMD wget -qO- http://localhost:17440/health || exit 1
-CMD ["node", "dist/index.js"]

package/nip-ca-server/README.md DELETED Viewed

@@ -1,45 +0,0 @@
-# NIP CA Server — TypeScript
-Fastify + better-sqlite3 implementation of the NIP Certificate Authority (NPS-3 §8).
-## Quick Start
-```bash
-docker compose up -d
-```
-## Environment Variables
-| Variable | Required | Default | Description |
-|----------|----------|---------|-------------|
-| `NIP_CA_NID` | Yes | — | CA NID |
-| `NIP_CA_PASSPHRASE` | Yes | — | Key file passphrase |
-| `NIP_CA_BASE_URL` | Yes | — | Public base URL |
-| `NIP_CA_DISPLAY_NAME` | No | `NPS CA` | |
-| `NIP_CA_KEY_FILE` | No | `/data/ca.key.enc` | |
-| `NIP_CA_DB_PATH` | No | `/data/ca.db` | |
-| `NIP_CA_AGENT_VALIDITY_DAYS` | No | `30` | |
-| `NIP_CA_NODE_VALIDITY_DAYS` | No | `90` | |
-| `NIP_CA_RENEWAL_WINDOW_DAYS` | No | `7` | |
-| `PORT` | No | `17440` | |
-## API
-Same endpoints as all other NIP CA Server implementations — see [NPS-3 §8](../../spec/NPS-3-NIP.md).
-## Local Development
-```bash
-npm install
-NIP_CA_NID=urn:nps:org:ca.local \
-  NIP_CA_PASSPHRASE=dev-pass \
-  NIP_CA_BASE_URL=http://localhost:17440 \
-  npm run dev
-```
-## Stack
-- **Runtime**: Node.js 22
-- **Framework**: Fastify
-- **Crypto**: Node.js built-in `crypto` (Ed25519 + AES-256-GCM + PBKDF2)
-- **Storage**: better-sqlite3

package/nip-ca-server/db/001_init.sql DELETED Viewed

@@ -1,25 +0,0 @@
--- NIP CA Server — SQLite schema
--- NPS-3 §8 | Copyright 2026 INNO LOTUS PTY LTD | Apache-2.0
-CREATE TABLE IF NOT EXISTS nip_certificates (
-    id             INTEGER PRIMARY KEY AUTOINCREMENT,
-    nid            TEXT    NOT NULL,
-    entity_type    TEXT    NOT NULL CHECK (entity_type IN ('agent','node','operator')),
-    serial         TEXT    NOT NULL UNIQUE,
-    pub_key        TEXT    NOT NULL,
-    capabilities   TEXT    NOT NULL DEFAULT '[]',
-    scope_json     TEXT    NOT NULL DEFAULT '{}',
-    issued_by      TEXT    NOT NULL,
-    issued_at      TEXT    NOT NULL,
-    expires_at     TEXT    NOT NULL,
-    revoked_at     TEXT,
-    revoke_reason  TEXT,
-    metadata_json  TEXT,
-    created_at     TEXT    NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ','now'))
-);
-CREATE INDEX IF NOT EXISTS idx_nip_certs_nid    ON nip_certificates (nid, issued_at DESC);
-CREATE INDEX IF NOT EXISTS idx_nip_certs_serial ON nip_certificates (serial);
-CREATE INDEX IF NOT EXISTS idx_nip_certs_revoked ON nip_certificates (revoked_at)
-    WHERE revoked_at IS NOT NULL;
-CREATE INDEX IF NOT EXISTS idx_nip_certs_expires ON nip_certificates (expires_at);

package/nip-ca-server/docker-compose.yml DELETED Viewed

@@ -1,29 +0,0 @@
-version: "3.9"
-services:
-  nip-ca:
-    build: .
-    restart: unless-stopped
-    ports:
-      - "${NIP_PORT:-17440}:17440"
-    volumes:
-      - ca_data:/data
-    environment:
-      NIP_CA_NID:          ${NIP_CA_NID:?NIP_CA_NID is required}
-      NIP_CA_PASSPHRASE:   ${NIP_CA_PASSPHRASE:?NIP_CA_PASSPHRASE is required}
-      NIP_CA_BASE_URL:     ${NIP_CA_BASE_URL:?NIP_CA_BASE_URL is required}
-      NIP_CA_DISPLAY_NAME: ${NIP_CA_DISPLAY_NAME:-NPS CA}
-      NIP_CA_KEY_FILE:     /data/ca.key.enc
-      NIP_CA_DB_PATH:      /data/ca.db
-      NIP_CA_AGENT_VALIDITY_DAYS: ${NIP_CA_AGENT_VALIDITY_DAYS:-30}
-      NIP_CA_NODE_VALIDITY_DAYS:  ${NIP_CA_NODE_VALIDITY_DAYS:-90}
-      NIP_CA_RENEWAL_WINDOW_DAYS: ${NIP_CA_RENEWAL_WINDOW_DAYS:-7}
-    healthcheck:
-      test: ["CMD", "wget", "-qO-", "http://localhost:17440/health"]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-volumes:
-  ca_data:

package/nip-ca-server/package.json DELETED Viewed

@@ -1,23 +0,0 @@
-{
-  "name": "@labacacia/nip-ca-server",
-  "version": "0.1.0",
-  "description": "NIP CA Server — TypeScript/Node.js",
-  "license": "Apache-2.0",
-  "type": "module",
-  "main": "dist/index.js",
-  "scripts": {
-    "build": "tsc",
-    "start": "node dist/index.js",
-    "dev": "tsx src/index.ts"
-  },
-  "dependencies": {
-    "better-sqlite3": "^11.7.0",
-    "fastify": "^5.2.1"
-  },
-  "devDependencies": {
-    "@types/better-sqlite3": "^7.6.12",
-    "@types/node": "^22.10.5",
-    "tsx": "^4.19.2",
-    "typescript": "^5.7.3"
-  }
-}

package/nip-ca-server/src/ca.ts DELETED Viewed

@@ -1,155 +0,0 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-import * as crypto from "node:crypto";
-import * as fs from "node:fs";
-import * as path from "node:path";
-const PBKDF2_ITERS = 600_000;
-const SALT_LEN = 16;
-const NONCE_LEN = 12;
-const KEY_LEN = 32;
-export interface KeyEnvelope {
-  version: number;
-  algorithm: string;
-  pub_key: string;
-  salt: string;
-  nonce: string;
-  ciphertext: string;
-}
-function deriveKey(passphrase: string, salt: Buffer): Buffer {
-  return crypto.pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_LEN, "sha256");
-}
-export function pubKeyString(pubKey: crypto.KeyObject): string {
-  const raw = pubKey.export({ type: "pkcs8", format: "der" });
-  // Ed25519 PKCS8 DER = 44 bytes; raw public key is last 32 bytes
-  const rawPub = raw.subarray(raw.length - 32);
-  return "ed25519:" + rawPub.toString("hex");
-}
-function rawPrivateBytes(privKey: crypto.KeyObject): Buffer {
-  // Ed25519 private key in JWK → d field is base64url-encoded 32-byte seed
-  const jwk = privKey.export({ format: "jwk" }) as { d: string };
-  return Buffer.from(jwk.d, "base64url");
-}
-export function generateKey(): crypto.KeyObject {
-  const { privateKey } = crypto.generateKeyPairSync("ed25519");
-  return privateKey;
-}
-export function saveKey(privKey: crypto.KeyObject, filePath: string, passphrase: string): void {
-  const salt = crypto.randomBytes(SALT_LEN);
-  const nonce = crypto.randomBytes(NONCE_LEN);
-  const dk = deriveKey(passphrase, salt);
-  const seed = rawPrivateBytes(privKey);
-  const cipher = crypto.createCipheriv("aes-256-gcm", dk, nonce);
-  const encrypted = Buffer.concat([cipher.update(seed), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  const ciphertext = Buffer.concat([encrypted, tag]);
-  const { privateKey: tmpPriv, publicKey: tmpPub } = crypto.generateKeyPairSync("ed25519", {
-    privateKeyEncoding: { type: "pkcs8", format: "der" },
-    publicKeyEncoding: { type: "spki", format: "der" },
-  });
-  // Re-derive public key from the same private key
-  const pubStr = pubKeyString(crypto.createPublicKey(privKey));
-  const envelope: KeyEnvelope = {
-    version: 1,
-    algorithm: "ed25519",
-    pub_key: pubStr,
-    salt: salt.toString("hex"),
-    nonce: nonce.toString("hex"),
-    ciphertext: ciphertext.toString("hex"),
-  };
-  fs.mkdirSync(path.dirname(filePath), { recursive: true });
-  fs.writeFileSync(filePath, JSON.stringify(envelope), { mode: 0o600 });
-}
-export function loadKey(filePath: string, passphrase: string): crypto.KeyObject {
-  const env: KeyEnvelope = JSON.parse(fs.readFileSync(filePath, "utf8"));
-  const salt = Buffer.from(env.salt, "hex");
-  const nonce = Buffer.from(env.nonce, "hex");
-  const ctBuf = Buffer.from(env.ciphertext, "hex");
-  const tag = ctBuf.subarray(ctBuf.length - 16);
-  const ciphertext = ctBuf.subarray(0, ctBuf.length - 16);
-  const dk = deriveKey(passphrase, salt);
-  const decipher = crypto.createDecipheriv("aes-256-gcm", dk, nonce);
-  decipher.setAuthTag(tag);
-  let seed: Buffer;
-  try {
-    seed = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-  } catch {
-    throw new Error("Key decryption failed — wrong passphrase?");
-  }
-  return crypto.createPrivateKey({ key: seed, format: "der", type: "pkcs8" } as any) ||
-    (() => {
-      // Construct PKCS8 DER for Ed25519 seed manually
-      // PKCS8 for Ed25519 = 0x302e020100300506032b657004220420 + 32-byte seed
-      const pkcs8Header = Buffer.from("302e020100300506032b657004220420", "hex");
-      const der = Buffer.concat([pkcs8Header, seed]);
-      return crypto.createPrivateKey({ key: der, format: "der", type: "pkcs8" });
-    })();
-}
-function canonicalJson(obj: Record<string, unknown>): Buffer {
-  const sorted = Object.keys(obj).sort().reduce((acc, k) => {
-    (acc as any)[k] = (obj as any)[k];
-    return acc;
-  }, {} as Record<string, unknown>);
-  return Buffer.from(JSON.stringify(sorted), "utf8");
-}
-export function signDict(privKey: crypto.KeyObject, obj: Record<string, unknown>): string {
-  const sig = crypto.sign(null, canonicalJson(obj), privKey);
-  return "ed25519:" + sig.toString("base64");
-}
-export interface IssuedCert {
-  nid: string;
-  pub_key: string;
-  capabilities: string[];
-  scope: Record<string, unknown>;
-  issued_by: string;
-  issued_at: string;
-  expires_at: string;
-  serial: string;
-  signature: string;
-  metadata?: Record<string, unknown>;
-}
-export function issueCert(
-  privKey: crypto.KeyObject,
-  caNid: string,
-  subjectNid: string,
-  subjectPubKey: string,
-  capabilities: string[],
-  scope: Record<string, unknown>,
-  validityDays: number,
-  serial: string,
-  metadata?: Record<string, unknown> | null,
-): IssuedCert {
-  const now = new Date();
-  const expires = new Date(now.getTime() + validityDays * 86400_000);
-  const fmt = (d: Date) => d.toISOString().replace(/\.\d{3}Z$/, "Z");
-  const unsigned: Record<string, unknown> = {
-    capabilities,
-    expires_at: fmt(expires),
-    issued_at: fmt(now),
-    issued_by: caNid,
-    nid: subjectNid,
-    pub_key: subjectPubKey,
-    scope,
-    serial,
-  };
-  const signature = signDict(privKey, unsigned);
-  const cert: IssuedCert = { ...unsigned as any, signature };
-  if (metadata) cert.metadata = metadata;
-  return cert;
-}
-export function generateNid(domain: string, entityType: string): string {
-  const uid = crypto.randomBytes(8).toString("hex");
-  return `urn:nps:${entityType}:${domain}:${uid}`;
-}

package/nip-ca-server/src/db.ts DELETED Viewed

@@ -1,104 +0,0 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-import Database from "better-sqlite3";
-import * as fs from "node:fs";
-import * as path from "node:path";
-const SCHEMA_PATH = path.join(__dirname, "..", "db", "001_init.sql");
-export interface CertRecord {
-  id: number;
-  nid: string;
-  entity_type: string;
-  serial: string;
-  pub_key: string;
-  capabilities: string[];
-  scope: Record<string, unknown>;
-  issued_by: string;
-  issued_at: string;
-  expires_at: string;
-  revoked_at: string | null;
-  revoke_reason: string | null;
-  metadata: Record<string, unknown> | null;
-}
-export class CaDb {
-  private db: Database.Database;
-  constructor(dbPath: string) {
-    fs.mkdirSync(path.dirname(dbPath), { recursive: true });
-    this.db = new Database(dbPath);
-    this.db.pragma("journal_mode = WAL");
-    this.db.pragma("foreign_keys = ON");
-    this.db.exec(fs.readFileSync(SCHEMA_PATH, "utf8"));
-  }
-  nextSerial(): string {
-    const row = this.db
-      .prepare(
-        "SELECT COALESCE(MAX(CAST(REPLACE(serial,'0x','') AS INTEGER)),0)+1 AS n FROM nip_certificates",
-      )
-      .get() as { n: number };
-    return `0x${row.n.toString(16).toUpperCase().padStart(6, "0")}`;
-  }
-  insert(rec: {
-    nid: string; entity_type: string; serial: string; pub_key: string;
-    capabilities: string[]; scope: Record<string, unknown>; issued_by: string;
-    issued_at: string; expires_at: string; metadata?: Record<string, unknown> | null;
-  }): number {
-    const result = this.db.prepare(
-      `INSERT INTO nip_certificates
-       (nid, entity_type, serial, pub_key, capabilities, scope_json,
-        issued_by, issued_at, expires_at, metadata_json)
-       VALUES (?,?,?,?,?,?,?,?,?,?)`,
-    ).run(
-      rec.nid, rec.entity_type, rec.serial, rec.pub_key,
-      JSON.stringify(rec.capabilities), JSON.stringify(rec.scope),
-      rec.issued_by, rec.issued_at, rec.expires_at,
-      rec.metadata ? JSON.stringify(rec.metadata) : null,
-    );
-    return Number(result.lastInsertRowid);
-  }
-  getActive(nid: string): CertRecord | null {
-    const row = this.db.prepare(
-      `SELECT * FROM nip_certificates
-       WHERE nid=? AND revoked_at IS NULL
-       ORDER BY issued_at DESC LIMIT 1`,
-    ).get(nid);
-    return row ? this._toRecord(row as any) : null;
-  }
-  revoke(nid: string, reason: string): boolean {
-    const now = new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
-    const r = this.db.prepare(
-      "UPDATE nip_certificates SET revoked_at=?, revoke_reason=? WHERE nid=? AND revoked_at IS NULL",
-    ).run(now, reason, nid);
-    return r.changes > 0;
-  }
-  crl(): Array<{ serial: string; nid: string; revoked_at: string; revoke_reason: string | null }> {
-    return this.db.prepare(
-      "SELECT serial, nid, revoked_at, revoke_reason FROM nip_certificates WHERE revoked_at IS NOT NULL ORDER BY revoked_at DESC",
-    ).all() as any;
-  }
-  private _toRecord(row: any): CertRecord {
-    return {
-      id: row.id,
-      nid: row.nid,
-      entity_type: row.entity_type,
-      serial: row.serial,
-      pub_key: row.pub_key,
-      capabilities: JSON.parse(row.capabilities),
-      scope: JSON.parse(row.scope_json),
-      issued_by: row.issued_by,
-      issued_at: row.issued_at,
-      expires_at: row.expires_at,
-      revoked_at: row.revoked_at ?? null,
-      revoke_reason: row.revoke_reason ?? null,
-      metadata: row.metadata_json ? JSON.parse(row.metadata_json) : null,
-    };
-  }
-}

package/nip-ca-server/src/index.ts DELETED Viewed

@@ -1,157 +0,0 @@
-// Copyright 2026 INNO LOTUS PTY LTD
-// SPDX-License-Identifier: Apache-2.0
-import * as crypto from "node:crypto";
-import * as fs from "node:fs";
-import Fastify from "fastify";
-import { CaDb } from "./db.js";
-import * as ca from "./ca.js";
-// ── Config ────────────────────────────────────────────────────────────────────
-const CA_NID        = process.env["NIP_CA_NID"]!;
-const CA_PASSPHRASE = process.env["NIP_CA_PASSPHRASE"]!;
-const CA_BASE_URL   = (process.env["NIP_CA_BASE_URL"] ?? "").replace(/\/$/, "");
-const KEY_FILE      = process.env["NIP_CA_KEY_FILE"]     ?? "/data/ca.key.enc";
-const DB_PATH       = process.env["NIP_CA_DB_PATH"]      ?? "/data/ca.db";
-const DISPLAY_NAME  = process.env["NIP_CA_DISPLAY_NAME"] ?? "NPS CA";
-const AGENT_DAYS    = parseInt(process.env["NIP_CA_AGENT_VALIDITY_DAYS"] ?? "30");
-const NODE_DAYS     = parseInt(process.env["NIP_CA_NODE_VALIDITY_DAYS"]  ?? "90");
-const RENEWAL_DAYS  = parseInt(process.env["NIP_CA_RENEWAL_WINDOW_DAYS"] ?? "7");
-const PORT          = parseInt(process.env["PORT"] ?? "17440");
-for (const k of ["NIP_CA_NID", "NIP_CA_PASSPHRASE", "NIP_CA_BASE_URL"]) {
-  if (!process.env[k]) throw new Error(`${k} is required`);
-}
-const CA_DOMAIN = CA_NID.split(":").slice(-2)[0] ?? "ca.local";
-// ── Bootstrap ─────────────────────────────────────────────────────────────────
-let caPriv: crypto.KeyObject;
-let caPubStr: string;
-if (!fs.existsSync(KEY_FILE)) {
-  caPriv = ca.generateKey();
-  ca.saveKey(caPriv, KEY_FILE, CA_PASSPHRASE);
-} else {
-  caPriv = ca.loadKey(KEY_FILE, CA_PASSPHRASE);
-}
-caPubStr = ca.pubKeyString(crypto.createPublicKey(caPriv));
-const db = new CaDb(DB_PATH);
-// ── Server ─────────────────────────────────────────────────────────────────────
-const app = Fastify({ logger: true });
-// ── Helpers ────────────────────────────────────────────────────────────────────
-function register(
-  body: { nid?: string; pub_key: string; capabilities?: string[]; scope?: object; metadata?: object },
-  entityType: string,
-  validityDays: number,
-  reply: any,
-): void {
-  const nid = body.nid ?? ca.generateNid(CA_DOMAIN, entityType);
-  if (db.getActive(nid)) {
-    reply.code(409).send({ error_code: "NIP-CA-NID-ALREADY-EXISTS",
-      message: `${nid} already has an active certificate` });
-    return;
-  }
-  const serial = db.nextSerial();
-  const cert = ca.issueCert(caPriv, CA_NID, nid, body.pub_key,
-    body.capabilities ?? [], body.scope as any ?? {}, validityDays, serial,
-    (body as any).metadata ?? null);
-  db.insert({ nid, entity_type: entityType, serial, pub_key: body.pub_key,
-    capabilities: body.capabilities ?? [], scope: body.scope as any ?? {},
-    issued_by: CA_NID, issued_at: cert.issued_at, expires_at: cert.expires_at,
-    metadata: (body as any).metadata ?? null });
-  reply.code(201).send({ nid, serial, issued_at: cert.issued_at,
-    expires_at: cert.expires_at, ident_frame: cert });
-}
-// ── Routes ─────────────────────────────────────────────────────────────────────
-app.post("/v1/agents/register", async (req, reply) => {
-  register(req.body as any, "agent", AGENT_DAYS, reply);
-});
-app.post("/v1/nodes/register", async (req, reply) => {
-  register(req.body as any, "node", NODE_DAYS, reply);
-});
-app.post<{ Params: { "*": string } }>("/v1/agents/*", async (req, reply) => {
-  const parts = (req.params["*"] as string).split("/");
-  const action = parts.pop();
-  const nid = parts.join("/");
-  if (action === "renew") {
-    const rec = db.getActive(nid);
-    if (!rec) return reply.code(404).send({ error_code: "NIP-CA-NID-NOT-FOUND", message: `${nid} not found` });
-    const expMs = new Date(rec.expires_at).getTime();
-    const daysLeft = Math.floor((expMs - Date.now()) / 86400_000);
-    if (daysLeft > RENEWAL_DAYS)
-      return reply.code(400).send({ error_code: "NIP-CA-RENEWAL-TOO-EARLY",
-        message: `Renewal window opens in ${daysLeft - RENEWAL_DAYS} days` });
-    const serial = db.nextSerial();
-    const days = rec.entity_type === "agent" ? AGENT_DAYS : NODE_DAYS;
-    const cert = ca.issueCert(caPriv, CA_NID, nid, rec.pub_key,
-      rec.capabilities, rec.scope, days, serial, rec.metadata);
-    db.insert({ nid, entity_type: rec.entity_type, serial, pub_key: rec.pub_key,
-      capabilities: rec.capabilities, scope: rec.scope,
-      issued_by: CA_NID, issued_at: cert.issued_at, expires_at: cert.expires_at,
-      metadata: rec.metadata });
-    return reply.send({ nid, serial, issued_at: cert.issued_at,
-      expires_at: cert.expires_at, ident_frame: cert });
-  }
-  if (action === "revoke") {
-    const body = req.body as any;
-    if (!db.revoke(nid, body?.reason ?? "cessation_of_operation"))
-      return reply.code(404).send({ error_code: "NIP-CA-NID-NOT-FOUND",
-        message: `${nid} not found or already revoked` });
-    return reply.send({ nid, revoked_at: new Date().toISOString().replace(/\.\d{3}Z$/, "Z"),
-      reason: body?.reason ?? "cessation_of_operation" });
-  }
-  reply.code(404).send({ message: "Not found" });
-});
-app.get<{ Params: { "*": string } }>("/v1/agents/*", async (req, reply) => {
-  const parts = (req.params["*"] as string).split("/");
-  const action = parts.pop();
-  const nid = parts.join("/");
-  if (action === "verify") {
-    const rec = db.getActive(nid);
-    if (!rec) return reply.code(404).send({ error_code: "NIP-CA-NID-NOT-FOUND", message: `${nid} not found` });
-    const valid = new Date(rec.expires_at).getTime() > Date.now();
-    return reply.send({ valid, nid, entity_type: rec.entity_type, pub_key: rec.pub_key,
-      capabilities: rec.capabilities, issued_by: rec.issued_by,
-      issued_at: rec.issued_at, expires_at: rec.expires_at, serial: rec.serial,
-      error_code: valid ? null : "NIP-CERT-EXPIRED" });
-  }
-  reply.code(404).send({ message: "Not found" });
-});
-app.get("/v1/ca/cert", async (_req, reply) =>
-  reply.send({ nid: CA_NID, display_name: DISPLAY_NAME, pub_key: caPubStr, algorithm: "ed25519" }));
-app.get("/v1/crl", async (_req, reply) =>
-  reply.send({ revoked: db.crl() }));
-app.get("/.well-known/nps-ca", async (_req, reply) =>
-  reply.send({
-    nps_ca: "0.1", issuer: CA_NID, display_name: DISPLAY_NAME, public_key: caPubStr,
-    algorithms: ["ed25519"],
-    endpoints: {
-      register: `${CA_BASE_URL}/v1/agents/register`,
-      verify:   `${CA_BASE_URL}/v1/agents/{nid}/verify`,
-      ocsp:     `${CA_BASE_URL}/v1/agents/{nid}/verify`,
-      crl:      `${CA_BASE_URL}/v1/crl`,
-    },
-    capabilities: ["agent", "node"],
-    max_cert_validity_days: Math.max(AGENT_DAYS, NODE_DAYS),
-  }));
-app.get("/health", async (_req, reply) => reply.send({ status: "ok" }));
-app.listen({ port: PORT, host: "0.0.0.0" }, (err) => {
-  if (err) { console.error(err); process.exit(1); }
-  console.log(`NIP CA Server listening on :${PORT}`);
-});

package/nip-ca-server/tsconfig.json DELETED Viewed

@@ -1,13 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "outDir": "dist",
-    "rootDir": "src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true
-  },
-  "include": ["src"]
-}