@makaio/framework 1.0.0-dev-1779051654000 → 1.0.0-dev-1781023871421

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (419) hide show
  1. package/LICENSE +1 -1
  2. package/dist/.makaio-build.json +5 -0
  3. package/dist/account-identity-DT5NOtFi.mjs +1 -0
  4. package/dist/adapter-C1eI-fGV.mjs +1 -0
  5. package/dist/adapters/acp-client/index.d.mts +6013 -14
  6. package/dist/adapters/acp-client/index.mjs +3 -1
  7. package/dist/adapters/config/index.d.mts +1 -1
  8. package/dist/adapters/config/index.mjs +1 -1
  9. package/dist/adapters/index.d.mts +47 -20
  10. package/dist/adapters/index.mjs +13 -6
  11. package/dist/adapters/node.d.mts +4 -4
  12. package/dist/adapters/node.mjs +4 -4
  13. package/dist/adapters/stream-session/index.d.mts +30 -0
  14. package/dist/adapters/stream-session/index.mjs +1 -1
  15. package/dist/artifact-B3npq1cy.mjs +1 -0
  16. package/dist/bus/index.d.mts +866 -203
  17. package/dist/bus/index.mjs +1 -1
  18. package/dist/bus-Caz3Jpbc.mjs +1 -0
  19. package/dist/bus-Hb-LGzgb.mjs +2 -0
  20. package/dist/chunk-DTipWd-i.mjs +1 -0
  21. package/dist/client-bx74gm4R.mjs +1 -0
  22. package/dist/clients/index.d.mts +113 -35
  23. package/dist/clients/index.mjs +2 -2
  24. package/dist/{clients-namespace-UHj5wt-l.d.mts → clients-namespace-GmSJpBUV.d.mts} +8 -8
  25. package/dist/{config-namespace-ChZOpi1W.d.mts → config-namespace-CPY9YsR8.d.mts} +4 -4
  26. package/dist/contracts/adapter/index.d.mts +3 -3
  27. package/dist/contracts/adapter/index.mjs +1 -1
  28. package/dist/contracts/adapter/schemas/session-lineage.d.mts +1 -1
  29. package/dist/contracts/artifact/index.d.mts +2 -0
  30. package/dist/contracts/artifact/index.mjs +1 -0
  31. package/dist/contracts/client/index.d.mts +2 -2
  32. package/dist/contracts/client/index.mjs +1 -1
  33. package/dist/contracts/common/index.d.mts +1 -1
  34. package/dist/contracts/config/index.d.mts +8 -8
  35. package/dist/contracts/config/index.mjs +1 -1
  36. package/dist/contracts/extension/index.d.mts +4 -3
  37. package/dist/contracts/extension/index.mjs +1 -1
  38. package/dist/contracts/facet/index.d.mts +2 -0
  39. package/dist/contracts/facet/index.mjs +1 -0
  40. package/dist/contracts/harness/index.d.mts +1 -1
  41. package/dist/contracts/harness/index.mjs +1 -1
  42. package/dist/contracts/host/index.d.mts +1 -1
  43. package/dist/contracts/host/index.mjs +1 -1
  44. package/dist/contracts/index.d.mts +12370 -1990
  45. package/dist/contracts/index.mjs +1 -1
  46. package/dist/contracts/materialization/index.d.mts +4 -0
  47. package/dist/contracts/materialization/index.mjs +1 -0
  48. package/dist/contracts/model-registry/index.d.mts +1 -1
  49. package/dist/contracts/model-registry/index.mjs +1 -1
  50. package/dist/contracts/native-session-supervisor/index.d.mts +1 -1
  51. package/dist/contracts/native-session-supervisor/index.mjs +1 -1
  52. package/dist/contracts/platform/index.d.mts +1 -1
  53. package/dist/contracts/platform/index.mjs +1 -1
  54. package/dist/contracts/provider/index.d.mts +2 -2
  55. package/dist/contracts/provider/index.mjs +1 -1
  56. package/dist/contracts/session/index.d.mts +3 -3
  57. package/dist/contracts/session/index.mjs +1 -1
  58. package/dist/contracts/shared/index.d.mts +2 -2
  59. package/dist/contracts/shared/index.mjs +1 -1
  60. package/dist/contracts/skill/index.d.mts +1 -1
  61. package/dist/contracts/skill/index.mjs +1 -1
  62. package/dist/contracts/telemetry/index.d.mts +2 -0
  63. package/dist/contracts/telemetry/index.mjs +1 -0
  64. package/dist/contracts/timeout/index.d.mts +1 -1
  65. package/dist/contracts/timeout/index.mjs +1 -1
  66. package/dist/contracts/toast/index.d.mts +2 -2
  67. package/dist/contracts/toast/index.mjs +1 -1
  68. package/dist/contracts/variant/index.d.mts +1 -1
  69. package/dist/contracts/variant/index.mjs +1 -1
  70. package/dist/core/index.d.mts +296 -34
  71. package/dist/core/index.mjs +1 -1
  72. package/dist/{credential-ref-DLCsoKVZ.mjs → credential-ref-YWQQENEo.mjs} +1 -1
  73. package/dist/cursor-storage-CtVJ3JzB.mjs +1 -0
  74. package/dist/{definition-DB7bbFSa.d.mts → definition-BLCdXGzh.d.mts} +17 -3
  75. package/dist/definition-CrgHIpTK.d.mts +60 -0
  76. package/dist/{definition-DkYy1PZz.mjs → definition-DZMXOnjX.mjs} +1 -1
  77. package/dist/{definition-DtUNiGom.d.mts → definition-pkJ6szUl.d.mts} +1 -1
  78. package/dist/drizzle-Eq8W1EbD.mjs +1 -0
  79. package/dist/event-Ca2yUf5i.mjs +1 -0
  80. package/dist/execution-target-CRPTfZlc.mjs +1 -0
  81. package/dist/extension-C-4BHMRI.mjs +1 -0
  82. package/dist/extension-CpIUgBKI.mjs +1 -0
  83. package/dist/facet-BuwhrThl.mjs +1 -0
  84. package/dist/filesystem-service-B8rhBRgB.mjs +1 -0
  85. package/dist/filesystem-service-p_iJVHd4.d.mts +66 -0
  86. package/dist/git/index.d.mts +210 -0
  87. package/dist/git/index.mjs +18 -0
  88. package/dist/globby-rtWVaFHv.mjs +41 -0
  89. package/dist/{handlers-DR_4_rAT.mjs → handlers-CkTsQLra.mjs} +3 -3
  90. package/dist/{harness-B6lGP9rm.mjs → harness-BRCMcvQN.mjs} +1 -1
  91. package/dist/{host-CvEht5RT.mjs → host-Br9VuOyr.mjs} +1 -1
  92. package/dist/{index-WKjrpcA_.d.mts → index-472sOmsW.d.mts} +6 -6
  93. package/dist/index-8SZkg7s6.d.mts +353 -0
  94. package/dist/index-B3PK4FIn.d.mts +5116 -0
  95. package/dist/{index-D2jejYlV.d.mts → index-B80L4YqA.d.mts} +3 -3
  96. package/dist/index-BFg9BUpx.d.mts +355 -0
  97. package/dist/index-BGfWS6GE.d.mts +483 -0
  98. package/dist/{index-DQRsGXb5.d.mts → index-BVgfS-AJ.d.mts} +2 -2
  99. package/dist/{index-CnmPtjnA.d.mts → index-B_zQC98V.d.mts} +16 -16
  100. package/dist/{index-DaEp4UWW.d.mts → index-Bh_Ne7LF.d.mts} +54 -42
  101. package/dist/{index-yvN8UcEH.d.mts → index-Bvb2mMH6.d.mts} +109 -109
  102. package/dist/{index-tKvu34DJ2.d.mts → index-CCGVh9BF2.d.mts} +242 -28
  103. package/dist/{index-C-myW_aK.d.mts → index-CGmcS0Ma.d.mts} +2 -2
  104. package/dist/{index-DEw90pa2.d.mts → index-CLpjm52M.d.mts} +3 -3
  105. package/dist/{index-DQWMu5fS.d.mts → index-Caig6TeF.d.mts} +85 -99
  106. package/dist/{index-DwCA1HWa.d.mts → index-CelJCBjk.d.mts} +15 -15
  107. package/dist/{index-ESSDWIB7.d.mts → index-ChunCFu4.d.mts} +1 -1
  108. package/dist/{index-e5C62_M3.d.mts → index-Cm0dUkWL.d.mts} +819 -85
  109. package/dist/{index-N5K1NOYs.d.mts → index-CokQYGVP.d.mts} +4 -4
  110. package/dist/{index-Bigx81Kr.d.mts → index-Cs0kZXIz2.d.mts} +1 -1
  111. package/dist/{index-6lyShOoU.d.mts → index-D5d5HeWI2.d.mts} +34 -0
  112. package/dist/{index-sBob9D25.d.mts → index-D90OmGmV.d.mts} +3 -3
  113. package/dist/{index-D1T-PPqF.d.mts → index-D9MwJ2Q8.d.mts} +3 -3
  114. package/dist/{index-BePI0ckL.d.mts → index-DANINzMu.d.mts} +1 -1
  115. package/dist/{index-BnSQE7z7.d.mts → index-DBw-89vC2.d.mts} +129 -1332
  116. package/dist/{index-C_kS2aqV2.d.mts → index-DGBu6bHi2.d.mts} +14 -14
  117. package/dist/index-DKC62dY5.d.mts +146 -0
  118. package/dist/{index-7sXlairn2.d.mts → index-DKia0MX1.d.mts} +1 -1
  119. package/dist/{index-E8d_RwaF.d.mts → index-DMKnON5s.d.mts} +1 -1
  120. package/dist/{index-Cq8B7cwK.d.mts → index-DUaw0Dw8.d.mts} +1524 -369
  121. package/dist/{index-Dd5s4MSm.d.mts → index-De3kPhlN.d.mts} +2 -2
  122. package/dist/{index-DGTFJB_8.d.mts → index-L4GjJDKb.d.mts} +116 -23
  123. package/dist/{index-iID2R9G1.d.mts → index-U-A8eyGT.d.mts} +7 -7
  124. package/dist/{index-D7T8XCku.d.mts → index-eemAKwsB.d.mts} +23 -2
  125. package/dist/{index-BXP9GK5q.d.mts → index-mNec7V-9.d.mts} +27 -27
  126. package/dist/{index-CnZOKNjU.d.mts → index-soFznFCy2.d.mts} +2 -2
  127. package/dist/{index-Ch3ph52M2.d.mts → index-vtXJuwrz.d.mts} +2 -2
  128. package/dist/{index-BnNqbx2I.d.mts → index-x_lVDp_J.d.mts} +2 -2
  129. package/dist/json-value-CmhSGMLv.mjs +1 -0
  130. package/dist/kernel/cli/index.d.mts +4 -2
  131. package/dist/kernel/cli/index.mjs +1 -1
  132. package/dist/kernel/cli/schemas.d.mts +1 -0
  133. package/dist/kernel/cli/schemas.mjs +1 -1
  134. package/dist/kernel/extension/index.d.mts +1 -1
  135. package/dist/kernel/extension/index.mjs +1 -1
  136. package/dist/kernel/index.d.mts +5 -5
  137. package/dist/kernel/index.mjs +1 -1
  138. package/dist/kernel/namespace/index.d.mts +1 -1
  139. package/dist/kernel/namespace/index.mjs +1 -1
  140. package/dist/kernel/observability/index.d.mts +1 -1
  141. package/dist/kernel/observability/index.mjs +1 -1
  142. package/dist/kernel/providers/index.d.mts +1 -1
  143. package/dist/kernel/providers/index.mjs +1 -1
  144. package/dist/kernel/window/index.d.mts +1 -1
  145. package/dist/kernel/window/index.mjs +1 -1
  146. package/dist/materialization-CuUBu4XI.mjs +1 -0
  147. package/dist/{namespace-BpIE-jQW.d.mts → namespace-5QQqbF-B.d.mts} +1018 -111
  148. package/dist/{namespace-DwCyOaZn2.d.mts → namespace-BM7Djng9.d.mts} +3 -3
  149. package/dist/namespace-BwzZJqTV.mjs +1 -0
  150. package/dist/{namespace-DZcuLwEA.d.mts → namespace-CTm3nEvh.d.mts} +1 -1
  151. package/dist/{namespace-BK2erxpV.d.mts → namespace-CaaNnKcR.d.mts} +3 -3
  152. package/dist/{namespace-GLGGcWPH.d.mts → namespace-CaoZ3S78.d.mts} +1 -1
  153. package/dist/{namespace-DXnMk3U8.d.mts → namespace-CxhsoFUP.d.mts} +27 -31
  154. package/dist/{namespace-B1E57soL.d.mts → namespace-DD8Oiqo7.d.mts} +23 -23
  155. package/dist/{namespace-BCRNwPnw.d.mts → namespace-DLovh2Ws.d.mts} +21 -21
  156. package/dist/{namespace-Ysg1N6rR.d.mts → namespace-DgqkaOVu.d.mts} +26 -25
  157. package/dist/{namespace-B5ZCshBw.d.mts → namespace-Dr8K0MCp.d.mts} +82 -81
  158. package/dist/{namespace-DGMO2E8f.mjs → namespace-DuXK5AYN.mjs} +1 -1
  159. package/dist/{namespace-ZbthBQVt.d.mts → namespace-EQniz-Aw.d.mts} +14 -14
  160. package/dist/{namespace-C54Oj025.d.mts → namespace-IV1QK__V.d.mts} +1 -1
  161. package/dist/{namespace-BKrV_2gZ.d.mts → namespace-TyiTsLFv.d.mts} +46 -45
  162. package/dist/{namespace-OwAf1Brw.mjs → namespace-xcmbQlxh.mjs} +1 -1
  163. package/dist/{native-session-supervisor-zPt624Tp.mjs → native-session-supervisor-B1TnaPUF.mjs} +1 -1
  164. package/dist/node/bus-server/index.d.mts +1 -1
  165. package/dist/node/bus-server/index.mjs +1 -1
  166. package/dist/node/bus-server/server-lifecycle.d.mts +1 -1
  167. package/dist/node/bus-server/server-lifecycle.mjs +1 -1
  168. package/dist/node/machine-identity/index.mjs +2 -2
  169. package/dist/node/transports/index.d.mts +200 -7
  170. package/dist/node/transports/index.mjs +2 -2
  171. package/dist/{orchestrator-shared-D2txLAUs.mjs → orchestrator-shared-CIDiFJMD.mjs} +1 -1
  172. package/dist/{orchestrator-shared-DrjtTXYh.d.mts → orchestrator-shared-Dfa7FMyw.d.mts} +5 -5
  173. package/dist/package-DKVlsMP3.mjs +1 -0
  174. package/dist/{profile-Cq4A7kQa.mjs → profile-6ynCD5k3.mjs} +1 -1
  175. package/dist/{provider-context-BB4eD8ON.mjs → provider-context-CK6B4X_8.mjs} +1 -1
  176. package/dist/providers/index.mjs +1 -1
  177. package/dist/{providers-namespace-CDwxY_DV.d.mts → providers-namespace-DSEpli4A.d.mts} +1 -1
  178. package/dist/{schema-B295yplx.d.mts → schema-M5YTvSAG.d.mts} +114 -2
  179. package/dist/{schema-C4iznV0q.mjs → schema-e0wU_lcV.mjs} +1 -1
  180. package/dist/{schema-introspection-DCYC47_d.mjs → schema-introspection-Dn1jWQs1.mjs} +1 -1
  181. package/dist/{schemas-C5xtVqdb.d.mts → schemas-Bd0OjRQf.d.mts} +1 -1
  182. package/dist/{schemas-Ra8pz5M-.d.mts → schemas-C46QfKzv.d.mts} +24 -28
  183. package/dist/{schemas-sshQEF3l.d.mts → schemas-CDBSjg7o.d.mts} +1 -1
  184. package/dist/schemas-CR1Rripy.mjs +1 -0
  185. package/dist/schemas-CVvwIfG4.mjs +1 -0
  186. package/dist/schemas-CaLhkkLn.mjs +1 -0
  187. package/dist/{schemas-DYqKRNju.d.mts → schemas-ClOOT1W6.d.mts} +4 -4
  188. package/dist/{schemas-BfMZAwff.d.mts → schemas-DATniTHb.d.mts} +8 -8
  189. package/dist/{schemas-BWvuaL0w.d.mts → schemas-DVF1A4DF.d.mts} +4 -4
  190. package/dist/{schemas-Di0XnnMX.d.mts → schemas-DaRSfYLf.d.mts} +1 -1
  191. package/dist/{schemas-C31qbb0s.d.mts → schemas-DiYVzG6e.d.mts} +51 -48
  192. package/dist/{schemas-KMA1efQg.d.mts → schemas-j7ivZ2HI.d.mts} +3 -3
  193. package/dist/schemas-wg_6PAdV.d.mts +153 -0
  194. package/dist/scoped-bus-04pwo1uM.mjs +1 -0
  195. package/dist/service-base/index.d.mts +1 -1
  196. package/dist/services/adapter-runtime/index.d.mts +3 -3
  197. package/dist/services/adapter-runtime/index.mjs +1 -1
  198. package/dist/services/adapter-runtime/namespace.d.mts +1 -1
  199. package/dist/services/adapter-runtime/schemas.d.mts +1 -1
  200. package/dist/services/adapter-subsystem/index.d.mts +2 -2
  201. package/dist/services/adapter-subsystem/index.mjs +1 -1
  202. package/dist/services/adapter-subsystem/namespace.d.mts +1 -1
  203. package/dist/services/adapter-subsystem/namespace.mjs +1 -1
  204. package/dist/services/agent-runtime/index.d.mts +2 -2
  205. package/dist/services/agent-runtime/namespace.d.mts +1 -1
  206. package/dist/services/agent-runtime/schemas.d.mts +1 -1
  207. package/dist/services/capability/index.d.mts +1 -1
  208. package/dist/services/capability/index.mjs +1 -1
  209. package/dist/services/cli-detection/namespace.d.mts +1 -1
  210. package/dist/services/codebase/index.d.mts +2 -2
  211. package/dist/services/codebase/namespace.d.mts +1 -1
  212. package/dist/services/codebase/schemas.d.mts +1 -1
  213. package/dist/services/compression/index.d.mts +2 -2
  214. package/dist/services/compression/namespace.d.mts +1 -1
  215. package/dist/services/compression/schemas.d.mts +1 -1
  216. package/dist/services/context-rules/index.d.mts +4 -4
  217. package/dist/services/context-rules/index.mjs +1 -1
  218. package/dist/services/credential-change/index.d.mts +1 -1
  219. package/dist/services/definition/namespace.d.mts +1 -1
  220. package/dist/services/definition/schemas.d.mts +1 -1
  221. package/dist/services/dialog/namespace.d.mts +1 -1
  222. package/dist/services/dialog/schemas.d.mts +1 -1
  223. package/dist/services/execution-target/index.d.mts +4 -4
  224. package/dist/services/execution-target/index.mjs +1 -1
  225. package/dist/services/execution-target/namespace.d.mts +1 -1
  226. package/dist/services/execution-target/schemas.d.mts +1 -1
  227. package/dist/services/execution-target/schemas.mjs +1 -1
  228. package/dist/services/filesystem/index.d.mts +3 -0
  229. package/dist/services/filesystem/index.mjs +1 -0
  230. package/dist/services/filesystem/namespace.d.mts +7 -7
  231. package/dist/services/filesystem/schemas.d.mts +4 -4
  232. package/dist/services/git/namespace.d.mts +1163 -0
  233. package/dist/services/git/namespace.mjs +1 -0
  234. package/dist/services/git/schemas.d.mts +932 -0
  235. package/dist/services/git/schemas.mjs +1 -0
  236. package/dist/services/harness/index.d.mts +35 -35
  237. package/dist/services/harness/index.mjs +1 -1
  238. package/dist/services/harness/storage/schema.d.mts +5 -5
  239. package/dist/services/index.d.mts +1411 -928
  240. package/dist/services/index.mjs +1 -1
  241. package/dist/services/local-notification/index.d.mts +1 -1
  242. package/dist/services/local-notification/namespace.d.mts +1 -1
  243. package/dist/services/local-notification/schemas.d.mts +1 -1
  244. package/dist/services/log-import/browser.d.mts +2 -2
  245. package/dist/services/log-import/index.d.mts +23 -24
  246. package/dist/services/log-import/index.mjs +2 -2
  247. package/dist/services/log-import/log-import.d.mts +1 -1
  248. package/dist/services/log-import/log-import.mjs +1 -1
  249. package/dist/services/log-import/namespace.d.mts +1 -1
  250. package/dist/services/log-import/namespace.mjs +1 -1
  251. package/dist/services/log-import/schemas.d.mts +1 -1
  252. package/dist/services/log-import/schemas.mjs +1 -1
  253. package/dist/services/model-registry/index.d.mts +1 -1
  254. package/dist/services/model-registry/index.mjs +1 -1
  255. package/dist/services/preferences/index.d.mts +2 -2
  256. package/dist/services/preferences/schemas.d.mts +1 -1
  257. package/dist/services/preferences/storage-namespace.d.mts +2 -2
  258. package/dist/services/provider-context/index.d.mts +1 -1
  259. package/dist/services/provider-context/index.mjs +1 -1
  260. package/dist/services/provider-runtime/index.d.mts +1 -1
  261. package/dist/services/provider-runtime/index.mjs +1 -1
  262. package/dist/services/session/handlers/index.d.mts +1 -1
  263. package/dist/services/session/handlers/index.mjs +1 -1
  264. package/dist/services/session/index.d.mts +10 -10
  265. package/dist/services/session/index.mjs +1 -1
  266. package/dist/services/session/messages/namespace.d.mts +1 -1
  267. package/dist/services/session/messages/namespace.mjs +1 -1
  268. package/dist/services/session/orchestrator-testing/index.d.mts +1 -1
  269. package/dist/services/session/orchestrator-testing/index.mjs +1 -1
  270. package/dist/services/session/session-events/namespace.d.mts +1 -1
  271. package/dist/services/session/session-events/namespace.mjs +1 -1
  272. package/dist/services/session/storage/namespace.d.mts +1 -1
  273. package/dist/services/session/storage/schema.d.mts +1 -1
  274. package/dist/services/session/storage/schema.mjs +1 -1
  275. package/dist/services/session/testing/index.d.mts +2 -2
  276. package/dist/services/session/testing/index.mjs +16 -3
  277. package/dist/services/session/testing/orchestrator-shared.d.mts +1 -1
  278. package/dist/services/session/testing/orchestrator-shared.mjs +1 -1
  279. package/dist/services/session/turns/namespace.d.mts +1 -1
  280. package/dist/services/session/turns/namespace.mjs +1 -1
  281. package/dist/services/session-editor/index.d.mts +3 -3
  282. package/dist/services/session-editor/index.mjs +1 -1
  283. package/dist/services/settings/index.d.mts +4 -4
  284. package/dist/services/settings/index.mjs +1 -1
  285. package/dist/services/settings/namespace.d.mts +19 -18
  286. package/dist/services/settings/namespace.mjs +1 -1
  287. package/dist/services/settings/storage/clients-namespace.d.mts +1 -1
  288. package/dist/services/settings/storage/clients-namespace.mjs +1 -1
  289. package/dist/services/settings/storage/extension-configs/namespace.d.mts +4 -4
  290. package/dist/services/settings/storage/index.d.mts +3 -3
  291. package/dist/services/settings/storage/index.mjs +1 -1
  292. package/dist/services/settings/storage/providers-namespace.d.mts +1 -1
  293. package/dist/services/settings/storage/providers-namespace.mjs +1 -1
  294. package/dist/services/subagent/index.d.mts +2 -0
  295. package/dist/services/subagent/index.mjs +1 -0
  296. package/dist/services/subagent-template/index.d.mts +3 -0
  297. package/dist/services/subagent-template/index.mjs +1 -0
  298. package/dist/services/subagent-template/namespace.d.mts +2 -0
  299. package/dist/services/subagent-template/namespace.mjs +1 -0
  300. package/dist/services/subagent-template/schemas.d.mts +2 -0
  301. package/dist/services/subagent-template/schemas.mjs +1 -0
  302. package/dist/services/tool-approval/index.d.mts +1 -1
  303. package/dist/services/tool-approval/index.mjs +1 -1
  304. package/dist/services/tools/index.d.mts +1 -1
  305. package/dist/services/tools/index.mjs +1 -1
  306. package/dist/services/tray-menu/index.d.mts +3 -3
  307. package/dist/services/tray-menu/index.mjs +1 -1
  308. package/dist/services/tray-menu/namespace.d.mts +1 -1
  309. package/dist/services/tray-menu/schemas.d.mts +1 -1
  310. package/dist/services/turn/index.d.mts +1 -1
  311. package/dist/services/turn/namespace.d.mts +1 -1
  312. package/dist/services/turn/schemas.d.mts +12 -12
  313. package/dist/session-BoldSdNZ2.mjs +134 -0
  314. package/dist/session-DuVOYctZ.mjs +1 -0
  315. package/dist/{session-lineage-B0cpHfuc.d.mts → session-lineage-CRsc9g1x.d.mts} +1 -1
  316. package/dist/shared-DpOEfD8F.mjs +1 -0
  317. package/dist/{skill-20_SBXaI.mjs → skill-CQO4mDqK.mjs} +1 -1
  318. package/dist/storage/drizzle/client.d.mts +2 -2
  319. package/dist/storage/drizzle/client.mjs +1 -1
  320. package/dist/storage/drizzle/index.d.mts +49 -10
  321. package/dist/storage/drizzle/index.mjs +1 -1
  322. package/dist/storage/handlers/drizzle/index.d.mts +1 -1
  323. package/dist/storage/handlers/drizzle/index.mjs +1 -1
  324. package/dist/storage/handlers/index.d.mts +2 -2
  325. package/dist/storage/handlers/index.mjs +1 -1
  326. package/dist/storage/index.d.mts +4 -4
  327. package/dist/{storage-namespace-DoH-Wkjp.d.mts → storage-namespace-BXkoh5Sy.d.mts} +11 -11
  328. package/dist/storage-namespace-DWsYLAXa.mjs +1 -0
  329. package/dist/{storage-namespace-definition-CJgqyXH1.d.mts → storage-namespace-definition-Bkx5rSto.d.mts} +1 -1
  330. package/dist/style.css +540 -540
  331. package/dist/telemetry-CvdLBWuk.mjs +1 -0
  332. package/dist/testing/drizzle-harness.mjs +1 -1
  333. package/dist/testing/index.mjs +1 -1
  334. package/dist/tool-approval-service-BvZWhYZp.mjs +1 -0
  335. package/dist/tools/index.d.mts +20 -10
  336. package/dist/tools/index.mjs +1 -1
  337. package/dist/tools/testing/index.d.mts +1 -1
  338. package/dist/tools-D-luYcDw.mjs +1431 -0
  339. package/dist/{types-C11LvekX.d.mts → types-BCMUtBj1.d.mts} +117 -20
  340. package/dist/{types-vNpkAe4Y.d.mts → types-C2Ob9zz_.d.mts} +1 -1
  341. package/dist/{types-t295YC6T.d.mts → types-CCdqjeuH.d.mts} +2 -2
  342. package/dist/{types-Cvrj2ogm.d.mts → types-DZHvOc_Q.d.mts} +4 -4
  343. package/dist/{types--nrtGZ1V.d.mts → types-Dy3YTcTF.d.mts} +255 -97
  344. package/dist/{types-DYF5LxZY.d.mts → types-MfJZ67e9.d.mts} +91 -9
  345. package/dist/{types-6WxLfoM3.d.mts → types-dyP-bXXE.d.mts} +1 -1
  346. package/dist/ui-components/index.mjs +2 -2
  347. package/dist/ui-hooks/index.d.mts +111 -1
  348. package/dist/ui-hooks/index.mjs +1 -1
  349. package/dist/ui-kernel/index.d.mts +4 -4
  350. package/dist/ui-kernel/pages/namespace.d.mts +4 -4
  351. package/dist/ui-kernel/pages/schemas.d.mts +1 -1
  352. package/dist/ui-views/index.mjs +2 -2
  353. package/dist/utils/index.d.mts +36 -1
  354. package/dist/utils/index.mjs +2 -2
  355. package/dist/utils/project-manifest.d.mts +130 -0
  356. package/dist/utils/project-manifest.mjs +1 -0
  357. package/dist/utils/scope-paths.d.mts +33 -0
  358. package/dist/utils/scope-paths.mjs +1 -0
  359. package/dist/utils/workspace-packages.d.mts +59 -0
  360. package/dist/utils/workspace-packages.mjs +1 -0
  361. package/dist/utils/workspace-root.d.mts +6 -9
  362. package/dist/utils/workspace-root.mjs +1 -1
  363. package/dist/{version-D8S4O22A.mjs → version-BeT3ASEe.mjs} +1 -1
  364. package/package.json +55 -2
  365. package/dist/account-identity-Bg_vKkcs.mjs +0 -1
  366. package/dist/adapter-CpF2aK_-.mjs +0 -1
  367. package/dist/bus-B1seC4M_.mjs +0 -2
  368. package/dist/chunk-Dc06z0qk.mjs +0 -1
  369. package/dist/client-DMWXCWhM.mjs +0 -1
  370. package/dist/cursor-storage-BoNI7OAR.mjs +0 -1
  371. package/dist/drizzle-Bn2GtW8c.mjs +0 -1
  372. package/dist/execution-target-D6MgthYs.mjs +0 -1
  373. package/dist/extension-53GerdGg.mjs +0 -1
  374. package/dist/extension-fJmv8Yri.mjs +0 -1
  375. package/dist/namespace-C_h7scWx2.mjs +0 -1
  376. package/dist/schemas-Bn8aqDIE.mjs +0 -1
  377. package/dist/services/worker/index.d.mts +0 -3
  378. package/dist/services/worker/index.mjs +0 -1
  379. package/dist/services/worker/namespace.d.mts +0 -2
  380. package/dist/services/worker/namespace.mjs +0 -1
  381. package/dist/services/worker/schemas.d.mts +0 -2
  382. package/dist/services/worker/schemas.mjs +0 -1
  383. package/dist/session-BCSf-Fgj.mjs +0 -1
  384. package/dist/session-BNo_cIiz.mjs +0 -123
  385. package/dist/shared-BhuSHZXH.mjs +0 -1
  386. package/dist/storage-namespace-BIDs9LPb.mjs +0 -1
  387. package/dist/tool-approval-service-CZCPfvVy.mjs +0 -1
  388. package/dist/tools-Cid9D99F.mjs +0 -1
  389. /package/dist/{base-orchestrator-BOAPgqF7.d.mts → base-orchestrator-wyumsn3b.d.mts} +0 -0
  390. /package/dist/{capability-service-DV32ecwR.mjs → capability-service-CJbmhfv9.mjs} +0 -0
  391. /package/dist/{cleanEnvForAdapter-hTPNvPU5.mjs → cleanEnvForAdapter-KkYzQa1f.mjs} +0 -0
  392. /package/dist/{config-namespace-wJ2CakDB.mjs → config-namespace-ncYg2ct_.mjs} +0 -0
  393. /package/dist/{extension-namespace-CTd9kOtt.mjs → extension-namespace-cMh_mMiL.mjs} +0 -0
  394. /package/dist/{identity-DBST3-XO.mjs → identity-Cz2IeEtm.mjs} +0 -0
  395. /package/dist/{index-SzSiyG61.d.mts → index-CHQ1SqT0.d.mts} +0 -0
  396. /package/dist/{model-registry-xINyxQUT.mjs → model-registry-CfXytvzx.mjs} +0 -0
  397. /package/dist/{model-registry-Dzpssh9j.mjs → model-registry-Scn_MC2d.mjs} +0 -0
  398. /package/dist/{namespace-DBw9BYr8.mjs → namespace-BoD94mrN.mjs} +0 -0
  399. /package/dist/{namespace-DUVgMfTR.mjs → namespace-CFLAmQfh.mjs} +0 -0
  400. /package/dist/{namespace-aALq9tnE.mjs → namespace-DkRgbZYn.mjs} +0 -0
  401. /package/dist/{namespace-yxIxUsjo.mjs → namespace-LViZ-EQk.mjs} +0 -0
  402. /package/dist/{namespace-Zb8HAbyF.mjs → namespace-Yna5-Pws.mjs} +0 -0
  403. /package/dist/{platform-BMFUpmTA.mjs → platform-DZ7z-wXD.mjs} +0 -0
  404. /package/dist/{providers-DhiW_fx4.mjs → providers-u8i15co9.mjs} +0 -0
  405. /package/dist/{schema-D3ZG13h9.mjs → schema-CoyE6mPt.mjs} +0 -0
  406. /package/dist/{schemas-CEBe89yE.mjs → schemas-DE-GNmSD.mjs} +0 -0
  407. /package/dist/{schemas-COnLJnt_.mjs → schemas-hSrzflwZ.mjs} +0 -0
  408. /package/dist/{schemas-CrnlCRep.mjs → schemas-jFe1AuI-.mjs} +0 -0
  409. /package/dist/{server-lifecycle-Dx5WgfoS.mjs → server-lifecycle-FXTPW39-.mjs} +0 -0
  410. /package/dist/{server-lifecycle-BC6FRn86.d.mts → server-lifecycle-YoSGFGnU.d.mts} +0 -0
  411. /package/dist/{shared-schemas-Byah36lG.mjs → shared-schemas-CPShiLNp.mjs} +0 -0
  412. /package/dist/{storage-namespace-definition-BjK9nZAN.mjs → storage-namespace-definition-CqSdsuCC.mjs} +0 -0
  413. /package/dist/{timeout-D33CUZ0M.mjs → timeout-XsYIOKrc.mjs} +0 -0
  414. /package/dist/{tray-menu-service-BAYtLdAg.mjs → tray-menu-service-DuXq5k22.mjs} +0 -0
  415. /package/dist/{ui-config-zawaoEfB.mjs → ui-config-9bDRwFZr.mjs} +0 -0
  416. /package/dist/{variant-BZWfmS0q.mjs → variant-CT6XBP6T.mjs} +0 -0
  417. /package/dist/{visibility-CZu8ooOA.mjs → visibility-Cb62p9bv.mjs} +0 -0
  418. /package/dist/{window-registry-C_IJmY8_.d.mts → window-registry-CBcrGTv4.d.mts} +0 -0
  419. /package/dist/{window-registry-B_-hBEcV.mjs → window-registry-DW-dKRjQ.mjs} +0 -0
package/dist/node/transports/index.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- import { PayloadFilter, TransportReceiveContext } from "@makaio/framework/core";
1
+ import { PayloadFilter, TransportPeerContext, TransportReceiveContext } from "@makaio/framework/core";
2
2
  import { BusBroadcastMessage, BusEventMessage, BusMessage, BusReceiveHandler, BusRequestMessage, BusTransport, BusTransportError } from "@makaio/framework/bus";
3
3
 
4
4
  //#region transports/ws/src/auth/interface.d.ts
@@ -46,6 +46,16 @@ interface TransportAuth {
46
46
  * @returns Trusted local receive context, or undefined
47
47
  */
48
48
  getReceiveContext?(socket?: WebSocketLike): TransportReceiveContext | undefined;
49
+ /**
50
+ * Return whether a previously authenticated socket may still send bus frames.
51
+ *
52
+ * Auth strategies with expiring or revocable credentials should re-check the
53
+ * backing authorization state here because a successful WebSocket handshake
54
+ * can outlive the credential used for that handshake.
55
+ * @param socket - Server-side socket whose live authorization should be checked.
56
+ * @returns `true` when the socket remains authorized, `false` when it must be closed.
57
+ */
58
+ isSocketAuthenticated?(socket: WebSocketLike): boolean;
49
59
  /**
50
60
  * Clean up authentication resources for a specific socket.
51
61
  *
@@ -80,6 +90,11 @@ interface HmacAuthOptions {
80
90
  *
81
91
  * IMPORTANT: This should be a strong, randomly-generated secret.
82
92
  * Both client and server must use the same secret.
93
+ *
94
+ * On the server side this field is used for global-secret clients. When
95
+ * `resolveSecret` is also provided, identity-bound clients use their
96
+ * resolved identity secret and clients without an `identityId` continue to
97
+ * use this global secret.
83
98
  */
84
99
  secret: string;
85
100
  /**
@@ -94,6 +109,39 @@ interface HmacAuthOptions {
94
109
  * @defaultValue 5000
95
110
  */
96
111
  challengeTimeout?: number;
112
+ /**
113
+ * Client-side identity claim sent alongside the HMAC signature.
114
+ *
115
+ * When set the client includes this value as `identityId` in the
116
+ * `auth-response` frame. The server stores it in
117
+ * `serverAuthenticatedPeers` and exposes it via `getReceiveContext()`.
118
+ *
119
+ * Leave undefined for global-secret mode (backward-compatible default).
120
+ */
121
+ identityId?: string;
122
+ /**
123
+ * Server-side per-identity secret resolver for identity-bound mode.
124
+ *
125
+ * When provided and the client supplies `identityId`, the server calls
126
+ * `resolveSecret(identityId)` and uses the returned secret to verify the
127
+ * HMAC signature. Clients that omit `identityId` continue to authenticate
128
+ * against the global `secret`.
129
+ *
130
+ * Return `null` to reject the connection (unknown identity).
131
+ * @param claimedId - The `identityId` value from the `auth-response` frame.
132
+ * @returns The HMAC secret for this identity, or `null` to reject.
133
+ */
134
+ resolveSecret?: (claimedId: string) => string | null;
135
+ /**
136
+ * Server-side peer context resolver for identity-bound mode.
137
+ *
138
+ * When provided, the authenticated identity is exposed to bus handlers as
139
+ * this peer context instead of the backward-compatible `workflow-execution`
140
+ * default. Return `null` when no peer context should be exposed.
141
+ * @param claimedId - The authenticated `identityId`.
142
+ * @returns Trusted peer context for the authenticated identity, or `null`.
143
+ */
144
+ resolvePeer?: (claimedId: string) => TransportPeerContext | null;
97
145
  }
98
146
  /**
99
147
  * HMAC challenge/response authentication implementation.
@@ -115,21 +163,38 @@ declare class HmacAuth implements TransportAuth {
115
163
  private readonly secret;
116
164
  private readonly algorithm;
117
165
  private readonly challengeTimeout;
166
+ private readonly identityId;
167
+ private readonly resolveSecret;
168
+ private readonly resolvePeer;
118
169
  private pendingChallenge?;
119
170
  private pendingResult?;
120
171
  private queuedChallengeNonce;
121
172
  private queuedResult;
122
173
  private clientAuthComplete;
123
174
  private serverPendingResponses;
175
+ private serverAuthenticatedSockets;
176
+ /**
177
+ * Maps each successfully authenticated socket to the identity ID it claimed.
178
+ * Populated in identity-bound mode; empty in global-secret mode.
179
+ * Cleaned up in `cleanupSocket()` when the socket disconnects.
180
+ */
181
+ private serverAuthenticatedPeers;
124
182
  constructor(options: HmacAuthOptions);
125
183
  /**
126
184
  * Server-side authentication flow.
127
185
  *
186
+ * Global-secret mode (default):
128
187
  * 1. Generate random nonce
129
188
  * 2. Send auth-challenge to client
130
189
  * 3. Wait for auth-response with signature (via handleAuthMessage)
131
190
  * 4. Verify signature matches HMAC(secret, nonce)
132
191
  * 5. Send auth-result
192
+ *
193
+ * Identity-bound mode (`resolveSecret` provided):
194
+ * Same flow, but the `auth-response` also carries `identityId`. The server
195
+ * resolves the per-identity secret via `resolveSecret(identityId)` and
196
+ * verifies HMAC against that secret. On success the socket is registered in
197
+ * `serverAuthenticatedPeers` so `getReceiveContext()` can expose the peer.
133
198
  * @param socket - The client WebSocket connection to authenticate
134
199
  * @param send - Function to send auth messages to the client
135
200
  * @throws Error if authentication fails
@@ -170,10 +235,10 @@ declare class HmacAuth implements TransportAuth {
170
235
  *
171
236
  * Message will be delivered via handleAuthMessage().
172
237
  * @param socket - The client socket to track
173
- * @returns The signature from the response
238
+ * @returns The signature and optional identity ID from the response
174
239
  * @throws Error if timeout
175
240
  */
176
- private waitForAuthResponse;
241
+ private waitForAuthResponseWithIdentity;
177
242
  /**
178
243
  * Wait for auth-result message from server.
179
244
  *
@@ -183,11 +248,56 @@ declare class HmacAuth implements TransportAuth {
183
248
  */
184
249
  private waitForAuthResult;
185
250
  /**
186
- * Compute HMAC signature for a nonce using Web Crypto API.
251
+ * Compute HMAC signature for a nonce using the instance secret.
187
252
  * @param nonce - The nonce to sign
188
253
  * @returns Promise resolving to hex-encoded HMAC signature
189
254
  */
190
255
  private computeHmac;
256
+ /**
257
+ * Compute HMAC signature for a nonce using an explicit secret.
258
+ * @param nonce - The nonce to sign
259
+ * @param secret - Secret to use for key derivation
260
+ * @returns Promise resolving to hex-encoded HMAC signature
261
+ */
262
+ private computeHmacWithSecret;
263
+ /**
264
+ * Return trusted receive context for a socket that has authenticated
265
+ * in identity-bound mode.
266
+ *
267
+ * For global-secret clients this returns `undefined` — there is no
268
+ * per-identity peer to expose.
269
+ *
270
+ * The `transportName` is intentionally left as `''` here; the transport
271
+ * registry merges in the registered name when it synthesises the effective
272
+ * receive context (§1.3 of the bus-origin design).
273
+ * @param socket - The socket whose peer identity to retrieve.
274
+ * @returns Trusted receive context with peer identity, or `undefined`.
275
+ */
276
+ getReceiveContext(socket?: WebSocketLike): TransportReceiveContext | undefined;
277
+ /**
278
+ * Check whether a server-side socket remains authorized for bus traffic.
279
+ *
280
+ * Identity-bound HMAC sockets are revalidated against `resolveSecret()` on
281
+ * every inbound frame so process-local registry revocation, such as dashboard
282
+ * session expiry, takes effect without waiting for the WebSocket to close.
283
+ * Global-secret sockets have no identity to revoke and remain authorized by
284
+ * their completed handshake.
285
+ * @param socket - The socket whose live authorization should be checked.
286
+ * @returns `true` when the socket is still authorized.
287
+ */
288
+ isSocketAuthenticated(socket: WebSocketLike): boolean;
289
+ /**
290
+ * Compare two hex-encoded HMAC signatures in constant time.
291
+ *
292
+ * A variable-time `===` comparison leaks information about how many prefix
293
+ * characters match, enabling timing-based secret recovery. This method decodes
294
+ * both signatures to byte arrays and uses a constant-time XOR accumulator so
295
+ * every comparison takes the same wall-clock time regardless of the match point.
296
+ * @param a - First hex signature
297
+ * @param b - Second hex signature
298
+ * @returns True when both signatures are identical
299
+ */
300
+ private constantTimeEqual;
191
301
  /**
192
302
  * Send auth result messages without masking the original auth error.
193
303
  *
@@ -213,6 +323,48 @@ declare class HmacAuth implements TransportAuth {
213
323
  cleanup(): void;
214
324
  }
215
325
  //#endregion
326
+ //#region transports/ws/src/auth/identity-secret-registry.d.ts
327
+ /** Options for registering an HMAC identity secret. */
328
+ interface HmacIdentitySecretRegistrationOptions {
329
+ /**
330
+ * Trusted peer kind exposed after this identity authenticates.
331
+ *
332
+ * Defaults to `workflow-execution` because the original identity-bound HMAC
333
+ * clients are workflow runners.
334
+ */
335
+ readonly peerKind?: string;
336
+ }
337
+ /**
338
+ * Register an HMAC secret for a transport identity.
339
+ *
340
+ * The returned cleanup removes the entry only when it still points at the
341
+ * exact registration object, so replacing identity metadata cannot be
342
+ * accidentally undone by an older cleanup handle.
343
+ * @param identityId - Transport identity that may authenticate with the secret.
344
+ * @param secret - HMAC secret expected for the identity.
345
+ * @param options - Optional trusted peer metadata for this identity.
346
+ * @returns Cleanup function that unregisters this exact secret.
347
+ */
348
+ declare function registerHmacIdentitySecret(identityId: string, secret: string, options?: HmacIdentitySecretRegistrationOptions): () => void;
349
+ /**
350
+ * Resolve an HMAC secret for an identity claim.
351
+ * @param identityId - Claimed transport identity.
352
+ * @returns Registered secret, or null when the identity is unknown.
353
+ */
354
+ declare function resolveHmacIdentitySecret(identityId: string): string | null;
355
+ /**
356
+ * Resolve trusted peer context for an identity claim.
357
+ * @param identityId - Claimed transport identity.
358
+ * @returns Registered peer context, or null when the identity is unknown.
359
+ */
360
+ declare function resolveHmacIdentityPeer(identityId: string): TransportPeerContext | null;
361
+ /**
362
+ * Clear all registered identity secrets.
363
+ *
364
+ * Intended for tests that exercise the process-global registry.
365
+ */
366
+ declare function clearHmacIdentitySecretsForTesting(): void;
367
+ //#endregion
216
368
  //#region transports/ws/src/auth/e2e-auth.d.ts
217
369
  /**
218
370
  * E2E authentication configuration.
@@ -282,6 +434,16 @@ declare class E2EAuth implements TransportAuth {
282
434
  * @returns Peer ID if authenticated, null otherwise
283
435
  */
284
436
  getPeerId(socket?: WebSocketLike): string | null;
437
+ /**
438
+ * Return trusted receive context for a socket that has completed E2E authentication.
439
+ *
440
+ * The `transportName` is intentionally left as `''` here; the transport
441
+ * registry merges in the registered name when it synthesises the effective
442
+ * receive context.
443
+ * @param socket - Optional socket (server-side only)
444
+ * @returns Trusted receive context with peer identity, or `undefined`.
445
+ */
446
+ getReceiveContext(socket?: WebSocketLike): TransportReceiveContext | undefined;
285
447
  /**
286
448
  * Clean up authentication resources for a specific socket.
287
449
  * @param socket - The socket to clean up
@@ -396,6 +558,14 @@ declare class E2ERelayAuth implements TransportAuth {
396
558
  * @returns Peer identity ID or null
397
559
  */
398
560
  getPeerId(): string | null;
561
+ /**
562
+ * Return trusted receive context after a successful relay handshake.
563
+ *
564
+ * Relay auth is always client-mode (no socket parameter). The `transportName`
565
+ * is intentionally left as `''`; the transport registry fills it in.
566
+ * @returns Trusted receive context with peer identity, or `undefined`.
567
+ */
568
+ getReceiveContext(): TransportReceiveContext | undefined;
399
569
  private waitForPeerExchange;
400
570
  private ensureLocalExchangeMessage;
401
571
  private sendLocalExchange;
@@ -893,6 +1063,8 @@ declare class WebSocketClientTransport implements BusTransport {
893
1063
  private readonly correlations;
894
1064
  private readonly handlers;
895
1065
  private readonly localSubscriptions;
1066
+ private readonly pendingSubscriptionAcks;
1067
+ private subscriptionAckSeq;
896
1068
  private messageListener;
897
1069
  private closeListener;
898
1070
  /** AbortController for the active reconnect loop; `null` when not connected. */
@@ -943,10 +1115,10 @@ declare class WebSocketClientTransport implements BusTransport {
943
1115
  }> : boolean>;
944
1116
  /**
945
1117
  * Register a handler for all inbound messages.
946
- * @param handler - Invoked for each decoded inbound message
1118
+ * @param handler - Invoked for each decoded inbound message with optional receive context
947
1119
  * @returns Unsubscribe function
948
1120
  */
949
- onReceive(handler: (message: BusMessage) => Promise<void>): () => void;
1121
+ onReceive(handler: BusReceiveHandler): () => void;
950
1122
  /**
951
1123
  * Subscribe to a subject on the server with an optional payload filter.
952
1124
  *
@@ -999,6 +1171,27 @@ declare class WebSocketClientTransport implements BusTransport {
999
1171
  * @returns Subscription dependency context bound to this transport instance
1000
1172
  */
1001
1173
  private subscriptionDeps;
1174
+ /**
1175
+ * Track one dynamic subscription update until the remote peer acknowledges it.
1176
+ * @returns Ack identifier, pending promise, and cleanup reject callback.
1177
+ */
1178
+ private beginSubscriptionAck;
1179
+ /**
1180
+ * Resolve a pending dynamic subscription acknowledgement.
1181
+ * @param ackId - Ack identifier received from the peer.
1182
+ */
1183
+ private resolveSubscriptionAck;
1184
+ /**
1185
+ * Reject one pending dynamic subscription acknowledgement.
1186
+ * @param ackId - Ack identifier to reject.
1187
+ * @param error - Rejection reason.
1188
+ */
1189
+ private rejectSubscriptionAck;
1190
+ /**
1191
+ * Reject all pending subscription acknowledgements for a closing socket session.
1192
+ * @param error - Rejection reason.
1193
+ */
1194
+ private rejectPendingSubscriptionAcks;
1002
1195
  /**
1003
1196
  * Build the `ConnectionDeps` context for connection lifecycle helpers.
1004
1197
  * @returns Connection dependency context bound to this transport instance
@@ -1749,4 +1942,4 @@ declare module '@makaio/framework/bus' {
1749
1942
  }
1750
1943
  }
1751
1944
  //#endregion
1752
- export { type ClientTransportCodec, DispatchingAuth, E2EAuth, E2ERelayAuth, type E2ERelayAuthOptions, HmacAuth, type RelayControlBusMessage, type RelayControlEnvelopeMessage, type RelayControlHelpers, type RelayControlRegistry, ServerTransport, type TransportAuth, WebSocketClientTransport, type WebSocketClientTransportOptions, type WebSocketClientTransportReconnectOptions, type WebSocketCloseEvent, type WebSocketLike, type WebSocketServerLike, createE2EClientTransport, createE2ERelayClientTransport, createE2ERelayCodec, createRelayControlHelpers, createRelayControlRegistry, createWebSocketCloseEvent, createWebSocketTransport, index_d_exports as crypto, extractSocketErrorMessage };
1945
+ export { type ClientTransportCodec, DispatchingAuth, E2EAuth, E2ERelayAuth, type E2ERelayAuthOptions, HmacAuth, type HmacIdentitySecretRegistrationOptions, type RelayControlBusMessage, type RelayControlEnvelopeMessage, type RelayControlHelpers, type RelayControlRegistry, ServerTransport, type TransportAuth, WebSocketClientTransport, type WebSocketClientTransportOptions, type WebSocketClientTransportReconnectOptions, type WebSocketCloseEvent, type WebSocketLike, type WebSocketServerLike, clearHmacIdentitySecretsForTesting, createE2EClientTransport, createE2ERelayClientTransport, createE2ERelayCodec, createRelayControlHelpers, createRelayControlRegistry, createWebSocketCloseEvent, createWebSocketTransport, index_d_exports as crypto, extractSocketErrorMessage, registerHmacIdentitySecret, resolveHmacIdentityPeer, resolveHmacIdentitySecret };
package/dist/node/transports/index.mjs CHANGED
@@ -1,2 +1,2 @@
1
- import{n as e}from"../../chunk-Dc06z0qk.mjs";import{CorrelationTracker as t,DEFAULT_REQUEST_TIMEOUT_MS as n,NoHandlerError as r,TimeoutError as i,buildSubscribeMessage as a,buildUnsubscribeMessage as o,deserializeTransportError as s,getSubjectFromBusMessage as c,handleCorrelationResponse as l,isNoHandlerErrorForSubject as u,shouldReceiveMessage as d,trackMessageCorrelation as f}from"@makaio/framework/bus";import{isRecord as p}from"@makaio/framework/utils";const m={baseMs:1e3,maxMs:1e4};function ee(e,t,n){let r=Math.max(t,100),i=Math.max(n,r);return Math.min(r*2**e,i)}function te(e,t){return new Promise(n=>{if(t.aborted){n();return}let r=()=>{clearTimeout(i),t.removeEventListener(`abort`,r),n()},i=setTimeout(()=>{t.removeEventListener(`abort`,r),n()},e);t.addEventListener(`abort`,r)})}const ne={encode:async e=>JSON.stringify(e),decode:async e=>e};function re(e){return e===!1?!1:{baseMs:e?.baseMs??m.baseMs,maxMs:e?.maxMs??m.maxMs}}function h(e,t=`unknown error`){return`message`in e?String(e.message):t}async function g(e,t,n){let r=await t.encode(e);n.send(r)}function ie(e){return e.readyState===1?Promise.resolve():e.readyState>=2?Promise.reject(Error(`WebSocket closed before opening`)):new Promise((t,n)=>{let r=()=>{e.removeEventListener(`open`,i),e.removeEventListener(`error`,a),e.removeEventListener(`close`,o)},i=()=>{r(),t()},a=e=>{r(),n(Error(`WebSocket connection failed — ${h(e)}`))},o=()=>{r(),n(Error(`WebSocket closed before opening`))};e.addEventListener(`open`,i),e.addEventListener(`error`,a),e.addEventListener(`close`,o)})}async function ae(e,t){let{name:n,debug:r,auth:i,codec:a,messageTransform:o,correlations:s,handlers:c}=t;try{let u=JSON.parse(e.toString());if(typeof u!=`object`||!u||typeof u.type!=`string`){r&&console.error(`[WebSocketClientTransport:${n}] Invalid message structure:`,u);return}let d=u;if(i?.handleAuthMessage(d)||d.type===`heartbeat`)return;let f=await a.decode(d);if(o&&(f=await o(f)),f.type===`heartbeat`)return;if(f.type===`subscribe-sync-complete`){t.onSyncComplete();return}if(l(f,s))return;await Promise.all(Array.from(c).map(async e=>{try{await e(f)}catch(e){r&&console.error(`[WebSocketClientTransport:${n}] Handler error:`,e)}}))}catch(e){r&&console.error(`[WebSocketClientTransport:${n}] Failed to parse message:`,e)}}function oe(e,t){let n=e=>{ae(e.data,{name:t.name,debug:t.debug,auth:t.auth,codec:t.codec,messageTransform:t.messageTransform,correlations:t.correlations,handlers:t.handlers,onSyncComplete:()=>{t.resolveReady()}})};t.setMessageListener(n),e.addEventListener(`message`,n)}function _(e,t){let n=t.getMessageListener();n!==null&&(e.removeEventListener(`message`,n),t.setMessageListener(null));let r=t.getCloseListener();r!==null&&(e.removeEventListener(`close`,r),t.setCloseListener(null))}async function v(e){e.resolveReady(),e.resetReadyPromise();let t=e.getSocket();t!==null&&_(t,e);let n=await e.wsFactory(e.url);e.setSocket(n),e.setAuthComplete(!1);try{oe(n,e),await ie(n),e.auth&&await e.auth.authenticateClient(e=>{if(n.readyState!==1)throw Error(`WebSocketClientTransport: cannot send auth message — socket not open`);n.send(JSON.stringify(e))}),e.setAuthComplete(!0),e.debug&&console.info(`[WebSocketClientTransport:${e.name}] Connected to ${e.url}`),e.localSubscriptions.size>0&&(await g(a(e.localSubscriptions),e.codec,n),e.debug&&console.info(`[WebSocketClientTransport:${e.name}] Replayed ${e.localSubscriptions.size} subscription(s)`)),e.notifyConnected()}catch(t){let r=e.getSocket()===n;throw r&&e.auth?.cleanup(),_(n,e),r&&e.setSocket(null),e.setAuthComplete(!1),r&&(n.readyState===0||n.readyState===1)&&n.close(),t}}function y(e,t){return new Promise(n=>{if(e.readyState===3||t.aborted){n();return}let r=()=>{t.removeEventListener(`abort`,i),n()},i=()=>{e.removeEventListener(`close`,r),n()};e.addEventListener(`close`,r),t.addEventListener(`abort`,i)})}async function se(e,t,n,r,i){i(!0);try{for(;!e.aborted;){let i=n.getSocket(),a=i!==null;if(i!==null&&i.readyState!==3&&await y(i,e),e.aborted)break;a&&(n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connection lost, starting reconnect loop (maxMs=${t.maxMs})`),n.notifyDisconnected());let o=0;for(;!e.aborted;){let i=ee(o,t.baseMs,t.maxMs);n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Reconnecting in ${i}ms (attempt ${o+1})`);let a=new AbortController;if(r(a),await te(i,AbortSignal.any([e,a.signal])),r(null),e.aborted)break;try{await v(n),o=0;let t=n.getSocket();if(t!==null){let r=()=>{n.auth?.cleanup(),n.setAuthComplete(!1),n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connection closed`)};n.setCloseListener(r),t.addEventListener(`close`,r),await y(t,e)}break}catch(e){if(n.debug){let t=e instanceof Error?e.message:String(e);console.warn(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connect attempt ${o+1} failed: ${t}`)}o++}}}}finally{i(!1)}}function ce(e,t,n){let r=()=>{t.auth?.cleanup(),_(e,t),t.setAuthComplete(!1),t.setSocket(null),n(),t.resolveReady(),t.notifyDisconnected()};t.setCloseListener(r),e.addEventListener(`close`,r)}async function le(e,t,n,r){let i=r.localSubscriptions.get(e)?.filter,o=t??i;r.localSubscriptions.set(e,{filter:o,priorities:n}),r.socket!==null&&r.socket.readyState===1&&await g(a(new Map([[e,{filter:o,priorities:n}]])),r.codec,r.socket),r.debug&&console.info(`[WebSocketClientTransport:${r.name}] Subscribed to ${e}${o?` with filter`:``}`)}async function ue(e,t){let n=t.localSubscriptions.get(e);t.localSubscriptions.delete(e),t.socket!==null&&t.socket.readyState===1&&await g(o({[e]:n?.priorities??[]}),t.codec,t.socket),t.debug&&console.info(`[WebSocketClientTransport:${t.name}] Unsubscribed from ${e}`)}var b=class{name;url;auth;codec;messageTransform;autoReconnectConfig;wsFactory;debug;onConnectedCallback;onDisconnectedCallback;socket=null;authComplete=!1;correlations=new t;handlers=new Set;localSubscriptions=new Map;messageListener=null;closeListener=null;reconnectAbort=null;backoffWakeAbort=null;reconnectLoopRunning=!1;readyResolve=null;ready;onNewReadySession=void 0;onConnected=void 0;onDisconnected=void 0;constructor(e){this.url=e.url,this.name=e.name??`ws-client`,this.auth=e.auth,this.codec=e.codec??ne,this.messageTransform=e.messageTransform,this.debug=e.debug??!1,this.autoReconnectConfig=re(e.autoReconnect),this.wsFactory=e.createWebSocket??this.defaultWsFactory,this.onConnectedCallback=e.onConnected,this.onDisconnectedCallback=e.onDisconnected,this.ready=new Promise(e=>{this.readyResolve=e})}async connect(){if(this.reconnectAbort!==null)throw Error(`WebSocketClientTransport: already connected`);let e=new AbortController;this.reconnectAbort=e;try{await v(this.connectionDeps())}catch(e){throw this.reconnectAbort=null,e}this.autoReconnectConfig===!1?this.socket!==null&&this.wireNoReconnectClose(this.socket):this.startReconnectLoop(e.signal)}async disconnect(){let e=this.reconnectAbort;if(this.reconnectAbort=null,e?.abort(),this.readyResolve?.(),this.readyResolve=null,this.socket!==null){_(this.socket,this.connectionDeps());let e=this.socket;this.socket=null,this.authComplete=!1,(e.readyState===0||e.readyState===1)&&e.close()}this.correlations.cleanup(),this.auth?.cleanup(),this.handlers.clear(),this.debug&&console.info(`[WebSocketClientTransport:${this.name}] Disconnected`)}async send(e,t){if(this.socket===null||this.socket.readyState!==1)throw Error(`WebSocketClientTransport: not connected`);let r=await this.codec.encode(e);return this.socket.send(r),f(e,this.correlations,t??n)}onReceive(e){return this.handlers.add(e),()=>{this.handlers.delete(e)}}async subscribe(e,t,n=[]){await le(e,t,n,this.subscriptionDeps())}async unsubscribe(e){await ue(e,this.subscriptionDeps())}getSubscriptions(){return new Set(this.localSubscriptions.keys())}cancelRequest(e,t){this.correlations.cancel(e,t)}isReady(){return this.socket!==null&&this.socket.readyState===1&&this.authComplete}async reconnect(){if(!this.isReady()){if(this.backoffWakeAbort!==null){this.backoffWakeAbort.abort(),this.backoffWakeAbort=null;return}if(this.autoReconnectConfig!==!1){if(this.reconnectLoopRunning)return;this.reconnectAbort!==null&&this.startReconnectLoop(this.reconnectAbort.signal);return}try{await v(this.connectionDeps()),this.socket!==null&&(this.reconnectAbort=new AbortController,this.wireNoReconnectClose(this.socket))}catch{}}}startReconnectLoop(e){return se(e,this.autoReconnectConfig,this.connectionDeps(),e=>{this.backoffWakeAbort=e},e=>{this.reconnectLoopRunning=e})}subscriptionDeps(){return{name:this.name,debug:this.debug,codec:this.codec,socket:this.socket,localSubscriptions:this.localSubscriptions}}connectionDeps(){return{name:this.name,debug:this.debug,auth:this.auth,codec:this.codec,messageTransform:this.messageTransform,correlations:this.correlations,handlers:this.handlers,localSubscriptions:this.localSubscriptions,wsFactory:this.wsFactory,url:this.url,getSocket:()=>this.socket,setSocket:e=>{this.socket=e},setAuthComplete:e=>{this.authComplete=e},getMessageListener:()=>this.messageListener,setMessageListener:e=>{this.messageListener=e},getCloseListener:()=>this.closeListener,setCloseListener:e=>{this.closeListener=e},resolveReady:()=>{this.readyResolve?.(),this.readyResolve=null},resetReadyPromise:()=>{this.ready=new Promise(e=>{this.readyResolve=e}),this.onNewReadySession?.(this.ready)},notifyConnected:()=>{this.onConnectedCallback?.(),this.onConnected?.()},notifyDisconnected:()=>{this.onDisconnectedCallback?.(),this.onDisconnected?.()}}}defaultWsFactory=async e=>new(await(import(`ws`))).WebSocket(e);wireNoReconnectClose(e){ce(e,this.connectionDeps(),()=>{this.reconnectAbort=null})}};function x(e){e.timer!==void 0&&clearTimeout(e.timer)}var de=class{pendingBroadcasts=new Map;timeout;debug;constructor(e={}){this.timeout=e.timeout??5e3,this.debug=e.debug??!1}startClientBroadcast(e,t,n,r,i){let a=t.correlationId,o=i??this.timeout,s={kind:`client`,sender:e,results:[],pendingClients:new Set(n),nodeResultsReceived:!1,timer:o===0?void 0:setTimeout(()=>{this.debug&&console.warn(`[BroadcastAggregator] Broadcast ${a} timed out`),this.finalizeBroadcast(a)},o)};this.pendingBroadcasts.set(a,s);let c=JSON.stringify(t);for(let e of n)r(e,c);this.debug&&console.info(`[BroadcastAggregator] Broadcast ${a} forwarded to ${n.length} clients`)}startServerBroadcast(e,t,n,r){let i=e.correlationId,a=r??this.timeout;return t.length===0?(this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${i} - no target clients`),Promise.resolve([])):new Promise(r=>{let o={kind:`server`,results:[],pendingClients:new Set(t),timer:a===0?void 0:setTimeout(()=>{this.debug&&console.warn(`[BroadcastAggregator] Server broadcast ${i} timed out`),this.finalizeServerBroadcast(i)},a),resolve:r};this.pendingBroadcasts.set(i,o);let s=JSON.stringify(e);for(let e of t)n(e,s);this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${i} sent to ${t.length} clients`)})}handleResponse(e,t){let n=this.pendingBroadcasts.get(t.correlationId);return n?(t.results&&n.results.push(...t.results),n.pendingClients.delete(e),this.debug&&console.info(`[BroadcastAggregator] Broadcast ${t.correlationId} got response, ${n.pendingClients.size} pending`),this.checkBroadcastComplete(t.correlationId,n),!0):!1}handleNodeResults(e,t,n){let r=this.pendingBroadcasts.get(e);return!r||r.kind!==`client`?!1:(r.results.push(...t),r.nodeResultsReceived=!0,r.nodeError=n,this.debug&&console.info(`[BroadcastAggregator] Broadcast ${e} node results aggregated${n?` (with error)`:``}`),this.checkBroadcastComplete(e,r),!0)}handleClientDisconnect(e){for(let[t,n]of this.pendingBroadcasts)n.kind===`client`&&n.sender===e?(x(n),this.pendingBroadcasts.delete(t)):n.pendingClients.has(e)&&(n.pendingClients.delete(e),this.checkBroadcastComplete(t,n))}cleanup(){for(let e of this.pendingBroadcasts.values())x(e),e.kind===`server`&&e.resolve(e.results);this.pendingBroadcasts.clear()}checkBroadcastComplete(e,t){if(!(t.pendingClients.size>0))if(t.kind===`client`){if(!t.nodeResultsReceived)return;this.finalizeBroadcast(e)}else this.finalizeServerBroadcast(e)}finalizeBroadcast(e){let t=this.pendingBroadcasts.get(e);if(!t||t.kind!==`client`)return;x(t),this.pendingBroadcasts.delete(e);let n=t.nodeError?{type:`broadcast-response`,correlationId:e,error:t.nodeError}:{type:`broadcast-response`,correlationId:e,results:t.results};t.sender.readyState===1&&t.sender.send(JSON.stringify(n)),this.debug&&console.info(`[BroadcastAggregator] Broadcast ${e} finalized with ${t.results.length} results`)}finalizeServerBroadcast(e){let t=this.pendingBroadcasts.get(e);!t||t.kind!==`server`||(x(t),this.pendingBroadcasts.delete(e),t.resolve(t.results),this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${e} finalized with ${t.results.length} results`))}},fe=class{clients=new Set;authenticatingClients=new Set;clientSubscriptions=new Map;clientFilters=new Map;debug;constructor(e={}){this.debug=e.debug??!1}addAuthenticating(e){this.authenticatingClients.add(e)}removeAuthenticating(e){this.authenticatingClients.delete(e)}isAuthenticating(e){return this.authenticatingClients.has(e)}addClient(e){this.clients.add(e)}removeClient(e){this.clients.delete(e),this.authenticatingClients.delete(e),this.clientSubscriptions.delete(e),this.clientFilters.delete(e),this.debug&&console.info(`[ClientRegistry] Client removed (${this.clients.size} remaining)`)}get size(){return this.clients.size}getAllSockets(){return new Set([...this.clients,...this.authenticatingClients])}handleSubscribeMessage(e,t){let n=this.clientSubscriptions.get(e);n||(n=new Set,this.clientSubscriptions.set(e,n));let r=this.clientFilters.get(e);for(let[i]of Object.entries(t.subjects)){n.add(i);let a=t.filters?.[i];a===void 0?r?.delete(i):(r||(r=new Map,this.clientFilters.set(e,r)),r.set(i,a))}if(this.debug){let e=Object.keys(t.subjects).length,n=t.filters?Object.keys(t.filters).length:0;console.info(`[ClientRegistry] Client subscribed to ${e} subjects, ${n} filters`)}}handleUnsubscribeMessage(e,t){let n=this.clientSubscriptions.get(e),r=this.clientFilters.get(e);for(let e of Object.keys(t))n?.delete(e),r?.delete(e);this.debug&&console.info(`[ClientRegistry] Client unsubscribed from ${Object.keys(t).length} subjects`)}getReadyClients(){let e=[];for(let t of this.clients)t.readyState===1&&e.push(t);return e}getRequestRoutingPriority(e,t,n){let r=this.clientSubscriptions.get(e);return!r||r.size===0?1:this.clientWantsMessage(e,t,n)?2:0}getInterestedClients(e,t,n){let r=[];for(let i of this.clients)i!==n&&i.readyState===1&&this.clientWantsMessage(i,e,t)&&r.push(i);return r}forwardEventToClients(e,t,n){let r=c(t)??void 0,i=`payload`in t?t.payload:void 0,a=JSON.stringify(t),o=this.getInterestedClients(r,i,e);for(let e of o)n(e,a)}clientWantsMessage(e,t,n){return d(t,n,this.clientSubscriptions.get(e)??new Set,this.clientFilters.get(e)??new Map)}};async function S(e,t,n){await Promise.all(Array.from(t).map(async t=>{try{await t(e,n.receiveContext)}catch(e){if(n.debug){let t=n.logContext?` ${n.logContext}`:``;console.error(`[ServerTransport] Handler error${t}:`,e)}}}))}function pe(e,t,n){let{correlations:r,broadcastAggregator:i,debug:a}=t;if(e.type===`heartbeat`)return!0;if(e.type===`response`){let t=e;return typeof t.correlationId==`string`?(t.error?r.reject(t.correlationId,s(t.error)):r.resolve(t.correlationId,t.result),!0):(a&&console.warn(`[ServerTransport] Malformed response message: missing correlationId`),!0)}if(e.type===`broadcast-response`){let t=e;return typeof t.correlationId==`string`?(i.handleResponse(n,t),!0):(a&&console.warn(`[ServerTransport] Malformed broadcast-response: missing correlationId`),!0)}return!1}async function me(e,t,n){let{registry:r,broadcastAggregator:i,handlers:a,normalizeBroadcastTimeout:o,sendSafely:s,debug:c}=n;if(pe(e,n,t))return;let l=n.auth?.getReceiveContext?.(t);if(e.type===`subscribe`){if(!p(e.subjects)){c&&console.warn(`[ServerTransport] Malformed subscribe message: missing subjects record`);return}r.handleSubscribeMessage(t,e),await S(e,a,{debug:c,receiveContext:l,logContext:`dispatching subscribe`});return}if(e.type===`unsubscribe`){if(!p(e.subjects)){c&&console.warn(`[ServerTransport] Malformed unsubscribe message: missing subjects record`);return}r.handleUnsubscribeMessage(t,e.subjects),await S(e,a,{debug:c,receiveContext:l,logContext:`dispatching unsubscribe`});return}if(e.type===`broadcast`){let n=e;if(typeof n.correlationId!=`string`||typeof n.subject!=`string`){c&&console.warn(`[ServerTransport] Malformed broadcast message: missing correlationId or subject`);return}let u=r.getInterestedClients(n.subject,n.payload,t),d=o(n.timeout);i.startClientBroadcast(t,n,u,s,d),await S(e,a,{debug:c,receiveContext:l});return}e.type===`event`&&r.forwardEventToClients(t,e,s),await S(e,a,{debug:c,receiveContext:l})}function he(e,t){let{auth:n,registry:r,debug:i}=t;return async a=>{let o;try{o=JSON.parse(a.toString())}catch(e){i&&console.error(`[ServerTransport] Failed to parse message:`,e);return}let s=o&&typeof o==`object`?o:void 0;if(!s||typeof s.type!=`string`){i&&console.error(`[ServerTransport] Invalid message structure:`,o);return}let c=o;try{if(n?.handleAuthMessage(c,e))return;if(n&&r.isAuthenticating(e)){i&&console.warn(`[ServerTransport] Ignoring message from unauthenticated client`);return}await me(c,e,t)}catch(e){i&&console.error(`[ServerTransport] Failed to process message:`,e)}}}function ge(e){return typeof e!=`number`||!Number.isFinite(e)||e<=0?5e3:Math.min(e,6e4)}async function _e(e,t){let{registry:n,correlations:r,broadcastAggregator:i,handlers:o,auth:s,serverSubscriptions:c,sendSafely:l,debug:u}=t;s&&n.addAuthenticating(e);let d=he(e,{registry:n,correlations:r,broadcastAggregator:i,handlers:o,auth:s,normalizeBroadcastTimeout:ge,sendSafely:l,debug:u}),f=e=>{d(e.data)},p=()=>{s?.cleanupSocket(e),n.removeClient(e),e.removeEventListener(`message`,f),e.removeEventListener(`close`,p),e.removeEventListener(`error`,m),i.handleClientDisconnect(e),u&&console.info(`[ServerTransport] Client disconnected (${n.size} remaining)`)},m=e=>{u&&console.error(`[ServerTransport] Client socket error:`,e)};e.addEventListener(`message`,f),e.addEventListener(`close`,p),e.addEventListener(`error`,m);try{if(s&&(await s.authenticateServer(e,t=>{if(e.readyState!==1)throw Error(`Cannot send auth message: socket not ready (state: ${e.readyState})`);e.send(JSON.stringify(t))}),n.removeAuthenticating(e)),e.readyState!==1)return;if(n.addClient(e),c.size>0){let t=a(c);l(e,JSON.stringify(t))}l(e,JSON.stringify({type:`subscribe-sync-complete`})),u&&console.info(`[ServerTransport] Client connected (${n.size} total)`)}catch(t){u&&console.error(`[ServerTransport] Client authentication failed:`,t),e.close(1008,`Authentication failed`)}}async function ve(e,t,n){let{registry:a,correlations:o}=n,s=`${e.namespace}.${e.subject}`,c=a.getReadyClients().map(t=>({client:t,priority:a.getRequestRoutingPriority(t,s,e.payload)})).sort((e,t)=>t.priority-e.priority).map(({client:e})=>e);if(c.length===0)throw new r(s);for(let[n,r]of c.entries()){let a=`${e.correlationId}:attempt-${n+1}`,c={...e,correlationId:a};try{r.send(JSON.stringify(c))}catch{continue}try{return await o.track(a,t)}catch(e){if(u(e,s)||e instanceof i)continue;throw e}}throw new r(s)}var C=class{name;wss;auth;debug;handlers=new Set;registry;serverSubscriptions=new Map;broadcastAggregator;correlations=new t;connectionListener=null;constructor(e){let{websocket:t,name:n=`websocket`,auth:r,debug:i=!1}=e;this.wss=t,this.name=n,this.auth=r,this.debug=i,this.registry=new fe({debug:i}),this.broadcastAggregator=new de({debug:i})}sendToClientSafely(e,t){try{e.send(t)}catch(e){this.debug&&console.warn(`[ServerTransport] Failed to send message to client:`,e)}}async connect(){if(this.connectionListener!==null)throw Error(`ServerTransport.connect() called while already connected`);this.connectionListener=e=>{_e(e,{registry:this.registry,correlations:this.correlations,broadcastAggregator:this.broadcastAggregator,handlers:this.handlers,auth:this.auth,serverSubscriptions:this.serverSubscriptions,sendSafely:(e,t)=>this.sendToClientSafely(e,t),debug:this.debug})},this.wss.on(`connection`,this.connectionListener),this.debug&&console.info(`[ServerTransport] Listening for connections`)}async disconnect(){this.connectionListener&&=(this.wss.off(`connection`,this.connectionListener),null);let e=this.registry.getAllSockets();for(let t of e)t.close();await new Promise((e,t)=>{this.wss.close(n=>n?t(n):e())}),this.correlations.cleanup(),this.broadcastAggregator.cleanup(),this.auth?.cleanup(),this.handlers.clear(),this.serverSubscriptions.clear(),this.debug&&console.info(`[ServerTransport] Disconnected`)}async send(e,t){if(e.type===`broadcast`){let n=c(e)??void 0,r=`payload`in e?e.payload:void 0,i=this.registry.getInterestedClients(n,r);return this.broadcastAggregator.startServerBroadcast(e,i,(e,t)=>{this.sendToClientSafely(e,t)},t)}if(e.type===`request`)return ve(e,t??n,{registry:this.registry,correlations:this.correlations});if(this.registry.size===0){if(this.debug){let t=c(e);console.debug(`[ServerTransport] No clients to receive ${e.type}${t?`: ${t}`:``}`)}return!1}let r=c(e)??void 0,i=`payload`in e?e.payload:void 0,a=JSON.stringify(e),o=this.registry.getInterestedClients(r,i);for(let e of o)this.sendToClientSafely(e,a);let s=o.length>0;if(!s){if(r&&this.debug&&console.warn(`[ServerTransport] No interested clients for subject: ${r}`),e.type===`response`)return!1;if(!r)throw Error(`No connected clients available to receive message`)}return s}onReceive(e){return this.handlers.add(e),()=>{this.handlers.delete(e)}}cancelRequest(e,t){this.correlations.cancel(e,t)}onBroadcastResults(e,t,n){this.broadcastAggregator.handleNodeResults(e,t,n)}async subscribe(e,t,n=[]){let r=this.serverSubscriptions.get(e)?.filter,i=t??r;if(this.serverSubscriptions.set(e,{filter:i,priorities:n}),this.registry.size>0){let t=a(new Map([[e,{filter:i,priorities:n}]])),r=JSON.stringify(t);for(let e of this.registry.getReadyClients())this.sendToClientSafely(e,r)}}getConnectionCount(){return this.registry.getReadyClients().length}async unsubscribe(e){if(this.serverSubscriptions.delete(e),this.registry.size>0){let t=o({[e]:[]}),n=JSON.stringify(t);for(let e of this.registry.getReadyClients())this.sendToClientSafely(e,n)}}};function ye(e,t){let n=new Event(`close`);return Object.defineProperties(n,{code:{value:e??1e3,enumerable:!0},reason:{value:t??``,enumerable:!0}}),n}function be(e){if(typeof e!=`object`||!e)throw TypeError(`WebSocket transport options must be an object`);let t=e;if(t.mode!==`client`&&t.mode!==`server`)throw TypeError(`WebSocket transport mode must be "client" or "server"`);if(t.mode===`client`){if(!xe(t.websocket))throw TypeError(`WebSocket transport client mode requires a websocket with addEventListener/removeEventListener`);return}if(!Se(t.websocket))throw TypeError(`WebSocket transport server mode requires a websocket with on/off listener methods`)}function xe(e){if(typeof e!=`object`||!e)return!1;let t=e;return typeof t.send==`function`&&typeof t.close==`function`&&typeof t.addEventListener==`function`&&typeof t.removeEventListener==`function`}function Se(e){if(typeof e!=`object`||!e)return!1;let t=e;return typeof t.on==`function`&&typeof t.off==`function`&&typeof t.close==`function`}var Ce=class{secret;algorithm;challengeTimeout;pendingChallenge;pendingResult;queuedChallengeNonce;queuedResult;clientAuthComplete=!1;serverPendingResponses=new Map;constructor(e){this.secret=e.secret,this.algorithm=e.algorithm??`sha256`,this.challengeTimeout=e.challengeTimeout??5e3}async authenticateServer(e,t){let n=crypto.getRandomValues(new Uint8Array(32)),r=Array.from(n).map(e=>e.toString(16).padStart(2,`0`)).join(``),i=await this.computeHmac(r);t({type:`auth-challenge`,nonce:r});let a=!1;try{if(await this.waitForAuthResponse(e)!==i)throw this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!1,error:`Invalid signature`}),a=!0,Error(`HMAC authentication failed: Invalid signature`);this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!0}),a=!0}catch(n){let r=this.serverPendingResponses.has(e);throw this.serverPendingResponses.delete(e),!a&&r&&this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!1,error:n instanceof Error?n.message:`Authentication failed`}),n}finally{this.serverPendingResponses.delete(e)}}async authenticateClient(e){this.clientAuthComplete=!1;let t=await this.waitForAuthChallenge();e({type:`auth-response`,signature:await this.computeHmac(t)});let n=await this.waitForAuthResult();if(!n.success)throw Error(`HMAC authentication failed: ${n.error??`Unknown error`}`);this.clientAuthComplete=!0}handleAuthMessage(e,t){if(typeof e!=`object`||!e||!(`type`in e)||typeof e.type!=`string`)return!1;let n=e;if(n.type===`auth-challenge`)return typeof n.nonce!=`string`||this.clientAuthComplete||(this.pendingChallenge?(clearTimeout(this.pendingChallenge.timeoutHandle),this.pendingChallenge.resolve(n.nonce),this.pendingChallenge=void 0):this.queuedChallengeNonce=n.nonce),!0;if(n.type===`auth-result`){if(typeof n.success!=`boolean`||this.clientAuthComplete)return!0;let e={success:n.success,error:n.error};return this.pendingResult?(clearTimeout(this.pendingResult.timeoutHandle),this.pendingResult.resolve(e),this.pendingResult=void 0):this.queuedResult=e,!0}if(n.type===`auth-response`){if(t){let e=this.serverPendingResponses.get(t);e&&(clearTimeout(e.timeoutHandle),e.resolve(n.signature))}return!0}return!1}async waitForAuthChallenge(){if(this.queuedChallengeNonce!==void 0){let e=this.queuedChallengeNonce;return this.queuedChallengeNonce=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingChallenge=void 0,t(Error(`Authentication challenge timeout`))},this.challengeTimeout);this.pendingChallenge={resolve:e,reject:t,timeoutHandle:n}})}async waitForAuthResponse(e){return new Promise((t,n)=>{let r={resolve:t,reject:n,timeoutHandle:setTimeout(()=>{n(Error(`Authentication response timeout`))},this.challengeTimeout)};this.serverPendingResponses.set(e,r)})}async waitForAuthResult(){if(this.queuedResult!==void 0){let e=this.queuedResult;return this.queuedResult=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingResult=void 0,t(Error(`Authentication result timeout`))},this.challengeTimeout);this.pendingResult={resolve:e,reject:t,timeoutHandle:n}})}async computeHmac(e){let t=new TextEncoder,n=t.encode(this.secret),r=this.algorithm.replace(/^sha/,`SHA-`),i=await crypto.subtle.importKey(`raw`,n,{name:`HMAC`,hash:r},!1,[`sign`]),a=await crypto.subtle.sign(`HMAC`,i,t.encode(e));return Array.from(new Uint8Array(a)).map(e=>e.toString(16).padStart(2,`0`)).join(``)}sendAuthResultBestEffort(e,t){try{e(t)}catch{}}cleanupSocket(e){let t=this.serverPendingResponses.get(e);t&&(clearTimeout(t.timeoutHandle),this.serverPendingResponses.delete(e),t.reject(Error(`Socket disconnected during HMAC authentication`)))}cleanup(){this.pendingChallenge&&=(clearTimeout(this.pendingChallenge.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.queuedChallengeNonce=void 0,this.queuedResult=void 0,this.clientAuthComplete=!1;for(let e of this.serverPendingResponses.values())clearTimeout(e.timeoutHandle);this.serverPendingResponses.clear()}};function w(e){let t=Array.from(e,e=>String.fromCharCode(e)).join(``);return btoa(t).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=/g,``)}function T(e){let t=e.replace(/-/g,`+`).replace(/_/g,`/`),n=(4-t.length%4)%4;t+=`=`.repeat(n);let r=atob(t),i=new Uint8Array(r.length);for(let e=0;e<r.length;e++)i[e]=r.charCodeAt(e);return i}function E(e){return new TextEncoder().encode(e)}function D(e){return new TextDecoder().decode(e)}async function O(e){let t=await crypto.subtle.exportKey(`spki`,e);return w(new Uint8Array(t))}async function k(e){let t=await crypto.subtle.exportKey(`raw`,e);return w(new Uint8Array(t))}async function A(e,t,n=[]){let r=T(e);return crypto.subtle.importKey(`spki`,r,t,!0,n)}async function j(e,t,n=[]){let r=T(e);return crypto.subtle.importKey(`raw`,r,t,!0,n)}async function M(e){let t=await crypto.subtle.exportKey(`pkcs8`,e),n=w(new Uint8Array(t)).replace(/-/g,`+`).replace(/_/g,`/`),r=(4-n.length%4)%4;return n+=`=`.repeat(r),`-----BEGIN PRIVATE KEY-----\n${n.match(/.{1,64}/g)?.join(`
2
- `)??n}\n-----END PRIVATE KEY-----`}async function N(e,t,n){let r=T(e.replace(/-----BEGIN PRIVATE KEY-----/,``).replace(/-----END PRIVATE KEY-----/,``).replace(/\s/g,``).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=/g,``));return crypto.subtle.importKey(`pkcs8`,r,t,!0,n)}const P={name:`ECDH`,namedCurve:`P-256`};async function F(e=!0){return crypto.subtle.generateKey(P,e,[`deriveKey`,`deriveBits`])}async function I(e){return O(e)}async function we(e){return k(e)}async function Te(e){return j(e,P)}async function L(e,t=[]){return A(e,P,t)}async function Ee(e){return M(e)}async function De(e){return N(e,P,[`deriveKey`,`deriveBits`])}async function R(e,t){return crypto.subtle.deriveBits({name:`ECDH`,public:t},e,256)}async function z(e,t){let n=crypto.getRandomValues(new Uint8Array(12)),r=await crypto.subtle.encrypt({name:`AES-GCM`,iv:n},e,t);return{ciphertext:new Uint8Array(r),nonce:n}}async function B(e,t,n){let r=await crypto.subtle.decrypt({name:`AES-GCM`,iv:n},e,t);return new Uint8Array(r)}async function Oe(e){return crypto.subtle.importKey(`raw`,e,{name:`AES-GCM`},!1,[`encrypt`,`decrypt`])}async function V(e,t,n){let r=await crypto.subtle.importKey(`raw`,e,{name:`HKDF`},!1,[`deriveKey`]);return crypto.subtle.deriveKey({name:`HKDF`,hash:`SHA-256`,salt:t,info:E(n)},r,{name:`AES-GCM`,length:256},!1,[`encrypt`,`decrypt`])}const H={name:`ECDSA`,namedCurve:`P-256`};async function ke(e=!0){return crypto.subtle.generateKey(H,e,[`sign`,`verify`])}async function U(e,t){let n=await crypto.subtle.sign({name:`ECDSA`,hash:{name:`SHA-256`}},e,t);return new Uint8Array(n)}async function W(e,t,n){return crypto.subtle.verify({name:`ECDSA`,hash:{name:`SHA-256`}},e,t,n)}async function Ae(e){return O(e)}async function je(e){return A(e,H,[`verify`])}async function Me(e){return k(e)}async function Ne(e){return j(e,H,[`verify`])}async function Pe(e){return M(e)}async function Fe(e){return N(e,H,[`sign`])}var Ie=e({decodeText:()=>D,decrypt:()=>B,deriveSessionKey:()=>V,deriveSharedSecret:()=>R,encodeText:()=>E,encrypt:()=>z,exportPrivateKeyPEM:()=>Ee,exportPublicKey:()=>I,exportPublicKeyRaw:()=>we,exportSigningPrivateKeyPEM:()=>Pe,exportSigningPublicKey:()=>Ae,exportSigningPublicKeyRaw:()=>Me,fromBase64Url:()=>T,generateECDHKeyPair:()=>F,generateSigningKeyPair:()=>ke,importAESKey:()=>Oe,importPrivateKeyPEM:()=>De,importPublicKey:()=>L,importPublicKeyRaw:()=>Te,importSigningPrivateKeyPEM:()=>Fe,importSigningPublicKey:()=>je,importSigningPublicKeyRaw:()=>Ne,sign:()=>U,toBase64Url:()=>w,verify:()=>W});function G(e){let t=e.match(/.{1,2}/g);return new Uint8Array(t?.map(e=>parseInt(e,16))??[])}function K(e){return Array.from(e).map(e=>e.toString(16).padStart(2,`0`)).join(``)}async function q(e,t){let n=await F(!0),r=await I(n.publicKey);return{ephemeralKeyPair:n,ephemeralPublicKey:r,signature:K(await U(e,E(r+t)))}}function Le(){return K(crypto.getRandomValues(new Uint8Array(16)))}async function J(e,t,n,r){let i=E(t+r);return W(e,G(n),i)}async function Y(e,t,n,r){return V(await R(e,await L(t)),G(n),r)}async function Re(e,t,n,r){if(e===t)throw Error(`deriveRelaySaltHex: identityId must differ from peerId`);let[i,a]=e<t?[e,t]:[t,e],[o,s]=e<t?[n,r]:[r,n],c=E(`${i}${a}${o}${s}`),l=new Uint8Array(c).buffer,u=await crypto.subtle.digest(`SHA-256`,l);return K(new Uint8Array(u))}var ze=class{signingKeyPair;identityId;peerId;getPeerSigningKey;timeout;pendingKeyExchange;pendingResult;clientSession;clientEphemeralKeyPair;serverPendingKeyExchange=new Map;serverSessions=new Map;serverEphemeralKeyPairs=new Map;constructor(e){this.signingKeyPair=e.signingKeyPair,this.identityId=e.identityId,this.peerId=e.peerId,this.getPeerSigningKey=e.getPeerSigningKey,this.timeout=e.timeout??1e4}async authenticateClient(e){if(!this.peerId)throw Error(`E2E authentication failed: peerId is required for client authentication`);let{ephemeralKeyPair:t,ephemeralPublicKey:n,signature:r}=await q(this.signingKeyPair.privateKey,this.identityId);this.clientEphemeralKeyPair=t;try{let i=this.waitForKeyExchangeResponse(),a=this.waitForAuthResult();e({type:`e2e-key-exchange`,deviceId:this.identityId,ephemeralPublicKey:n,signature:r});let o=await i,s=await this.getPeerSigningKey(this.peerId);if(!s)throw Error(`E2E authentication failed: Unknown server`);if(!await J(s,o.ephemeralPublicKey,o.signature,this.peerId))throw Error(`E2E authentication failed: Invalid server signature`);let c=await Y(t.privateKey,o.ephemeralPublicKey,o.salt,`makaio-e2e-session-v1`);this.clientSession={sessionKey:c,peerId:this.peerId};let l=await a;if(!l.success)throw Error(`E2E authentication failed: ${l.error??`Unknown error`}`)}catch(e){throw this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.clientSession=void 0,this.clientEphemeralKeyPair=void 0,e}}async authenticateServer(e,t){try{let n=await this.waitForClientKeyExchange(e),r=await this.getPeerSigningKey(n.deviceId);if(!r)throw t({type:`e2e-auth-result`,success:!1,error:`Unknown device`}),Error(`E2E authentication failed: Unknown device ${n.deviceId}`);if(!await J(r,n.ephemeralPublicKey,n.signature,n.deviceId))throw t({type:`e2e-auth-result`,success:!1,error:`Invalid signature`}),Error(`E2E authentication failed: Invalid client signature`);let{ephemeralKeyPair:i,ephemeralPublicKey:a,signature:o}=await q(this.signingKeyPair.privateKey,this.identityId),s=Le();this.serverEphemeralKeyPairs.set(e,i),t({type:`e2e-key-exchange-response`,ephemeralPublicKey:a,signature:o,salt:s});let c=await Y(i.privateKey,n.ephemeralPublicKey,s,`makaio-e2e-session-v1`);this.serverSessions.set(e,{sessionKey:c,peerId:n.deviceId}),t({type:`e2e-auth-result`,success:!0})}catch(n){throw this.serverPendingKeyExchange.delete(e),this.serverEphemeralKeyPairs.delete(e),t({type:`e2e-auth-result`,success:!1,error:n instanceof Error?n.message:`Authentication failed`}),n}finally{this.serverPendingKeyExchange.delete(e)}}handleAuthMessage(e,t){if(typeof e!=`object`||!e||!(`type`in e)||typeof e.type!=`string`)return!1;let n=e;if(n.type===`e2e-key-exchange-response`)return this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),this.pendingKeyExchange.resolve({ephemeralPublicKey:n.ephemeralPublicKey,signature:n.signature,salt:n.salt}),void 0),!0;if(n.type===`e2e-auth-result`)return this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),this.pendingResult.resolve({success:n.success,error:n.error}),void 0),!0;if(n.type===`e2e-key-exchange`&&t){let e=this.serverPendingKeyExchange.get(t);return e&&(clearTimeout(e.timeoutHandle),e.resolve({deviceId:n.deviceId,ephemeralPublicKey:n.ephemeralPublicKey,signature:n.signature})),!0}return!1}async waitForKeyExchangeResponse(){return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingKeyExchange=void 0,t(Error(`E2E key exchange timeout`))},this.timeout);this.pendingKeyExchange={resolve:e,reject:t,timeoutHandle:n}})}async waitForAuthResult(){return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingResult=void 0,t(Error(`E2E authentication result timeout`))},this.timeout);this.pendingResult={resolve:e,reject:t,timeoutHandle:n}})}async waitForClientKeyExchange(e){return new Promise((t,n)=>{let r={resolve:t,reject:n,timeoutHandle:setTimeout(()=>{this.serverPendingKeyExchange.delete(e),n(Error(`E2E key exchange timeout`))},this.timeout)};this.serverPendingKeyExchange.set(e,r)})}getSessionKey(e){return e?this.serverSessions.get(e)?.sessionKey??null:this.clientSession?.sessionKey??null}getPeerId(e){return e?this.serverSessions.get(e)?.peerId??null:this.clientSession?.peerId??null}cleanupSocket(e){let t=this.serverPendingKeyExchange.get(e);t&&(clearTimeout(t.timeoutHandle),this.serverPendingKeyExchange.delete(e)),this.serverSessions.delete(e),this.serverEphemeralKeyPairs.delete(e)}cleanup(){this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.clientSession=void 0,this.clientEphemeralKeyPair=void 0;for(let e of this.serverPendingKeyExchange.values())clearTimeout(e.timeoutHandle);this.serverPendingKeyExchange.clear(),this.serverSessions.clear(),this.serverEphemeralKeyPairs.clear()}};const X=`E2E relay auth session aborted by reconnect`;var Be=class{signingKeyPair;identityId;getPeerSigningKey;timeout;mode;blocking;pendingPeer;sessionKey;peerId;localEphemeral;localExchangeMessage;sentLocalExchange=!1;earlyPeer;sendAuthMessage;authGeneration=0;processingExchange=!1;constructor(e){this.signingKeyPair=e.signingKeyPair,this.identityId=e.identityId,this.getPeerSigningKey=e.getPeerSigningKey,this.timeout=e.timeout??1e4,this.mode=e.mode??`initiator`,this.blocking=e.blocking??!0}async authenticateClient(e){let t=this.sendAuthMessage===void 0?this.earlyPeer:void 0;this.cleanup();let n=this.authGeneration;if(this.earlyPeer=t,this.sendAuthMessage=e,this.mode===`initiator`){if(await this.ensureLocalExchangeMessage(),n!==this.authGeneration)throw Error(X);this.sendLocalExchange()}if(!this.blocking){if(this.earlyPeer){let e=this.earlyPeer;this.earlyPeer=void 0,this.dispatchPeerExchange(e,n)}return}let r=await this.waitForPeerExchange();if(await this.processPeerExchange(r,n),n!==this.authGeneration||!this.sessionKey)throw Error(X)}async authenticateServer(e,t){throw Error(`E2ERelayAuth does not support server authentication`)}handleAuthMessage(e){let t=e;return!t||t.type!==`e2e-relay-key-exchange`?!1:t.identityId===this.identityId?!0:this.pendingPeer?(this.pendingPeer.resolve(t),this.pendingPeer=void 0,!0):(this.earlyPeer=t,!this.blocking&&this.sendAuthMessage&&!this.sessionKey&&!this.processingExchange&&this.dispatchPeerExchange(t,this.authGeneration),!0)}cleanupSocket(e){}cleanup(){this.authGeneration++,this.pendingPeer&&=(this.pendingPeer.reject(Error(X)),void 0),this.earlyPeer&&=void 0,this.sessionKey=void 0,this.peerId=void 0,this.localEphemeral=void 0,this.localExchangeMessage=void 0,this.sentLocalExchange=!1,this.processingExchange=!1,this.sendAuthMessage=void 0}dispatchPeerExchange(e,t){this.processingExchange=!0,this.processPeerExchange(e,t).catch(e=>{e instanceof Error&&e.message===X||console.error(`[E2ERelayAuth] Peer exchange failed:`,e)}).finally(()=>{t===this.authGeneration&&(this.processingExchange=!1,this.retryQueuedPeerExchange(t))})}getSessionKey(){return this.sessionKey??null}getPeerId(){return this.peerId??null}async waitForPeerExchange(){if(this.earlyPeer){let e=this.earlyPeer;return this.earlyPeer=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingPeer=void 0,t(Error(`E2E relay key exchange timeout`))},this.timeout),r=()=>{clearTimeout(n),this.pendingPeer=void 0};this.pendingPeer={resolve:t=>{r(),e(t)},reject:e=>{r(),t(e)},timeoutHandle:n}})}async ensureLocalExchangeMessage(){if(this.localExchangeMessage&&this.localEphemeral)return this.localExchangeMessage;let{ephemeralKeyPair:e,ephemeralPublicKey:t,signature:n}=await q(this.signingKeyPair.privateKey,this.identityId);return this.localEphemeral=e,this.localExchangeMessage={type:`e2e-relay-key-exchange`,identityId:this.identityId,ephemeralPublicKey:t,signature:n},this.localExchangeMessage}sendLocalExchange(e=!1){!this.sendAuthMessage||!this.localExchangeMessage||!e&&this.sentLocalExchange||(this.sendAuthMessage(this.localExchangeMessage),this.sentLocalExchange=!0)}retryQueuedPeerExchange(e){if(this.blocking||!this.sendAuthMessage||this.sessionKey||this.processingExchange||e!==this.authGeneration)return;let t=this.earlyPeer;t&&(this.earlyPeer=void 0,this.dispatchPeerExchange(t,e))}async processPeerExchange(e,t){if(!this.sendAuthMessage){this.earlyPeer=e;return}let n=await this.ensureLocalExchangeMessage();if(t!==this.authGeneration)return;let r=await this.getPeerSigningKey(e.identityId);if(!r)throw Error(`E2E relay authentication failed: Unknown peer ${e.identityId}`);if(!await J(r,e.ephemeralPublicKey,e.signature,e.identityId))throw Error(`E2E relay authentication failed: Invalid peer signature`);let i=await Re(this.identityId,e.identityId,n.ephemeralPublicKey,e.ephemeralPublicKey);if(!this.localEphemeral)throw Error(`E2E relay authentication failed: Local ephemeral key missing`);let a=await Y(this.localEphemeral.privateKey,e.ephemeralPublicKey,i,`makaio-e2e-relay-v1`);t===this.authGeneration&&(this.sessionKey=a,this.peerId=e.identityId,this.mode===`initiator`?this.sendLocalExchange(!0):this.sendLocalExchange())}},Ve=class{hmac;e2e;socketStrategy=new Map;pendingServerAuth=new Map;hmacCancelled=new Map;constructor(e){this.hmac=e.hmac,this.e2e=e.e2e}setE2EAuth(e){this.e2e=e}async authenticateClient(e){let t=this.hmac??this.e2e;if(!t)throw Error(`DispatchingAuth: no auth strategy configured`);return t.authenticateClient(e)}async authenticateServer(e,t){let n=this.resolveSingleStrategy();if(n)return n.authenticateServer(e,t);if(!this.hmac||!this.e2e)throw Error(`DispatchingAuth: no auth strategy configured`);let r={cancelled:!1};this.hmacCancelled.set(e,r);let i=this.hmac.authenticateServer(e,e=>{r.cancelled||t(e)});return new Promise((n,a)=>{this.pendingServerAuth.set(e,{resolve:n,reject:a,send:t}),i.then(n).catch(e=>{r.cancelled||a(e instanceof Error?e:Error(String(e)))})})}handleAuthMessage(e,t){if(!t)return(this.hmac??this.e2e)?.handleAuthMessage(e)??!1;let n=this.socketStrategy.get(t);if(n)return n.handleAuthMessage(e,t);let r=this.resolveStrategy(e),i=this.pendingServerAuth.get(t);return r?(this.socketStrategy.set(t,r),this.pendingServerAuth.delete(t),r===this.hmac?this.hmacCancelled.delete(t):(this.cancelHmac(t),i&&r.authenticateServer(t,i.send).then(i.resolve).catch(e=>{i.reject(e instanceof Error?e:Error(String(e)))})),r.handleAuthMessage(e,t)):(this.cancelHmac(t),i&&(this.pendingServerAuth.delete(t),i.reject(Error(`DispatchingAuth: unrecognised auth message type "${this.peekType(e)}" — no matching strategy`))),!1)}cleanupSocket(e){let t=this.socketStrategy.get(e);t&&(t.cleanupSocket(e),this.socketStrategy.delete(e)),this.cancelHmac(e);let n=this.pendingServerAuth.get(e);n&&(this.pendingServerAuth.delete(e),n.reject(Error(`DispatchingAuth: socket disconnected before auth type was determined`)))}cleanup(){this.hmac?.cleanup(),this.e2e?.cleanup(),this.socketStrategy.clear();for(let e of this.pendingServerAuth.values())e.reject(Error(`DispatchingAuth: cleanup called before authentication completed`));this.pendingServerAuth.clear(),this.hmacCancelled.clear()}peekType(e){if(typeof e!=`object`||!e||!(`type`in e))return;let{type:t}=e;return typeof t==`string`?t:void 0}resolveSingleStrategy(){if(this.hmac&&!this.e2e)return this.hmac;if(this.e2e&&!this.hmac)return this.e2e}resolveStrategy(e){let t=this.peekType(e);if(t){if(t===`e2e-key-exchange`&&this.e2e)return this.e2e;if(t===`auth-response`&&this.hmac)return this.hmac}}cancelHmac(e){let t=this.hmacCancelled.get(e);t&&(t.cancelled=!0,this.hmacCancelled.delete(e),this.hmac?.cleanupSocket(e))}};function Z(e){return`payload`in e}async function He(e,t,n){if(e.type!==`response`||e.result===void 0||e.error!==void 0)return;let{ciphertext:r,nonce:i}=await z(n,E(JSON.stringify(e.result)));t.result=w(r),t.e2e={nonce:w(i),v:1}}async function Ue(e,t,n){if(e.type!==`broadcast-response`||e.results===void 0||e.error!==void 0)return;let{ciphertext:r,nonce:i}=await z(n,E(JSON.stringify(e.results)));t.results=w(r),t.e2e={nonce:w(i),v:1}}async function We(e,t,n){if(!Z(e)||e.payload===void 0)return;let{ciphertext:r,nonce:i}=await z(n,E(JSON.stringify(e.payload)));t.payload=w(r),t.e2e={nonce:w(i),v:1}}async function Ge(e,t,n){if(e.type!==`response`&&e.type!==`broadcast-response`||e.error===void 0)return;let{ciphertext:r,nonce:i}=await z(n,E(JSON.stringify(e.error)));t.error=w(r),t.e2e={nonce:w(i),v:1}}async function Ke(e,t,n,r){if(!Z(e)||typeof e.payload!=`string`)return;let i=D(await B(n,T(e.payload),r));t.payload=JSON.parse(i)}async function qe(e,t,n,r){if(e.type!==`response`||typeof e.result!=`string`)return;let i=D(await B(n,T(e.result),r));t.result=JSON.parse(i)}async function Je(e,t,n,r){if(e.type!==`broadcast-response`||typeof e.results!=`string`)return;let i=D(await B(n,T(e.results),r));t.results=JSON.parse(i)}async function Ye(e,t,n,r){if(e.type!==`response`&&e.type!==`broadcast-response`||typeof e.error!=`string`)return;let i=D(await B(n,T(e.error),r));t.error=JSON.parse(i)}async function Xe(e,t){let n={...e};return await We(e,n,t),await He(e,n,t),await Ue(e,n,t),await Ge(e,n,t),n}async function Ze(e,t){if(!e.e2e)return e;let n={...e};delete n.e2e;let r=T(e.e2e.nonce);return await Ke(e,n,t,r),await qe(e,n,t,r),await Je(e,n,t,r),await Ye(e,n,t,r),n}function Qe(e){let{e2eAuth:t,websocket:n,...r}=e,i=new b({...r,url:`<pre-connected>`,createWebSocket:()=>n,auth:t,autoReconnect:!1,messageTransform:async e=>{let n=t.getSessionKey();if(!n)return e;let r=e;if(!r.e2e)throw Error(`Received plaintext message on E2E-encrypted channel — possible injection`);return Ze(r,n)}});async function a(e,n){let r=t.getSessionKey();if(!r)throw Error(`E2E session key not available - authentication may have failed`);let a=await Xe(e,r);return i.send(a,n)}return{name:i.name,connect:i.connect.bind(i),disconnect:i.disconnect.bind(i),send:a,cancelRequest:i.cancelRequest.bind(i),onReceive:i.onReceive.bind(i),subscribe:i.subscribe.bind(i),unsubscribe:i.unsubscribe.bind(i),getSubscriptions:i.getSubscriptions.bind(i)}}function $e(e){return Qe(e)}function et(e){if(!e||typeof e!=`object`)return!1;let t=e;if(t.type!==`e2e-relay-envelope`||typeof t.payload!=`string`)return!1;let n=t.e2e;return!!n&&typeof n.nonce==`string`&&typeof n.v==`number`}async function tt(e,t){let{ciphertext:n,nonce:r}=await z(t,E(JSON.stringify(e)));return{type:`e2e-relay-envelope`,payload:w(n),e2e:{nonce:w(r),v:1}}}async function nt(e,t){let n=T(e.e2e.nonce),r=D(await B(t,T(e.payload),n));return JSON.parse(r)}function rt(e){let t=()=>{if(!e.isFrozen())throw Error(`RelayControlRegistry must be frozen before processing relay control messages`)};function n(t){return typeof t.namespace!=`string`||typeof t.subject!=`string`||!e.isControlEvent(t.namespace,t.subject)||typeof t.messageId!=`string`?!1:t.payload!==void 0}function r(t){return typeof t.namespace!=`string`||typeof t.subject!=`string`||!e.isControlRequest(t.namespace,t.subject)||typeof t.messageId!=`string`||typeof t.correlationId!=`string`?!1:t.payload!==void 0}function i(e){if(t(),!e||typeof e!=`object`)return!1;let i=e;return i.type===`event`?n(i):i.type===`request`?r(i):!1}function a(e){if(t(),!e||typeof e!=`object`)return!1;let n=e;return n.type!==`relay-control`||n.v!==1||!n.payload||typeof n.payload!=`object`?!1:i(n.payload)}function o(e){if(t(),!i(e))throw Error(`Invalid relay control message`);return{type:`relay-control`,v:1,payload:e}}return{createRelayControlEnvelope:o,isRelayControlEnvelopeMessage:a,isRelayControlBusMessage:i}}function Q(e){let t=Date.now()-3e5;for(let[n,r]of e)r>=t||e.delete(n);for(;e.size>2048;){let t=e.keys().next().value;if(!t)break;e.delete(t)}}const it=e=>{if(!e||typeof e!=`object`)return!1;let t=e;return t.type===`response`&&typeof t.correlationId==`string`},at=e=>e.type===`subscribe`||e.type===`unsubscribe`;function $(e,t,n,r){if(!r.isFrozen())throw Error(`E2ERelay transport requires a frozen relay control registry`);let{createRelayControlEnvelope:i,isRelayControlEnvelopeMessage:a,isRelayControlBusMessage:o}=rt(r),s=e=>{n.delete(e),n.set(e,Date.now()),Q(n)};return{encode:async t=>{if(o(t))return t.type===`request`&&s(t.correlationId),JSON.stringify(i(t));if(Q(n),t.type===`response`&&n.has(t.correlationId))return n.delete(t.correlationId),JSON.stringify(t);let r=e.getSessionKey();if(!r&&at(t))return JSON.stringify(t);if(!r)throw Error(`E2E relay session not established`);let a=await tt(t,r);return JSON.stringify(a)},decode:async r=>{let i=e.getSessionKey();if(a(r)){let e=r.payload;return t&&console.info(`[E2ERelayTransport] Decoded relay control envelope:`,e.type,e.namespace,e.subject),e.type===`request`&&s(e.correlationId),e}if(Q(n),it(r)&&n.has(r.correlationId))return n.delete(r.correlationId),r;if(!i)throw Error(`E2E relay session not established`);if(!et(r))throw Error(`Received plaintext message on relay E2E channel — possible injection`);return nt(r,i)}}}function ot(e,t,n=!1){let r=new Map;return{codec:$(e,n,r,t),reset:()=>r.clear()}}function st(e){let{e2eAuth:t,registry:n,websocket:r,...i}=e,a=e.debug??!1,o=new Map,s=$(t,a,o,n);a&&console.info(`[E2ERelayTransport] Creating inner transport...`);let c=new b({...i,url:`<pre-connected>`,createWebSocket:()=>r,auth:t,codec:s,autoReconnect:!1});return a&&console.info(`[E2ERelayTransport] Inner transport created`),{name:c.name,connect:async()=>{if(!n.isFrozen())throw Error(`E2ERelayClientTransport: registry must be frozen before connect()`);o.clear();try{await c.connect()}catch(e){throw o.clear(),e}},disconnect:async()=>{o.clear();try{await c.disconnect()}finally{o.clear()}},send:c.send.bind(c),cancelRequest:c.cancelRequest.bind(c),onReceive:(...e)=>(a&&console.info(`[E2ERelayTransport] onReceive called, delegating to inner transport`),c.onReceive(...e)),subscribe:c.subscribe.bind(c),unsubscribe:c.unsubscribe.bind(c),getSubscriptions:c.getSubscriptions.bind(c),isReady:()=>!!t.getSessionKey()&&c.isReady()}}function ct(){let e=!1,t=new Map,n=new Map,r=()=>{if(e)throw Error(`RelayControlRegistry is frozen and cannot be modified`)};return{registerEventSubjects(e,n){r();let i=t.get(e)??new Set;for(let e of n)i.add(e);t.set(e,i)},registerRequestNamespace(e,t){if(r(),t.length===0)throw Error(`RelayControlRegistry request namespace "${e}" requires at least one subject`);let i=n.get(e)??new Set;for(let e of t)i.add(e);n.set(e,i)},freeze(){e=!0},isFrozen(){return e},isControlEvent(e,n){return t.get(e)?.has(n)??!1},isControlRequest(e,t){return n.get(e)?.has(t)??!1}}}function lt(e){if(be(e),e.mode===`client`){if(e.connectionOptions!==void 0)throw Error(`createWebSocketTransport(client) does not support connectionOptions when wrapping a pre-created WebSocket. Use WebSocketClientTransport for reconnect or dial-time socket options.`);let t=e.websocket;return new b({url:`<pre-connected>`,createWebSocket:()=>t,auth:e.auth,debug:e.debug,autoReconnect:!1})}else return new C({websocket:e.websocket,auth:e.auth,debug:e.debug})}export{Ve as DispatchingAuth,ze as E2EAuth,Be as E2ERelayAuth,Ce as HmacAuth,C as ServerTransport,b as WebSocketClientTransport,$e as createE2EClientTransport,st as createE2ERelayClientTransport,ot as createE2ERelayCodec,rt as createRelayControlHelpers,ct as createRelayControlRegistry,ye as createWebSocketCloseEvent,lt as createWebSocketTransport,Ie as crypto,h as extractSocketErrorMessage};
1
+ import{r as e}from"../../chunk-DTipWd-i.mjs";import{CorrelationTracker as t,DEFAULT_REQUEST_TIMEOUT_MS as n,NoHandlerError as r,TimeoutError as i,buildSubscribeMessage as a,buildUnsubscribeMessage as o,deserializeTransportError as s,getSubjectFromBusMessage as c,handleCorrelationResponse as l,isNoHandlerErrorForSubject as u,shouldReceiveMessage as d,trackMessageCorrelation as f}from"@makaio/framework/bus";import{isRecord as p}from"@makaio/framework/utils";const m={baseMs:1e3,maxMs:1e4};function ee(e,t,n){let r=Math.max(t,100),i=Math.max(n,r);return Math.min(r*2**e,i)}function te(e,t){return new Promise(n=>{if(t.aborted){n();return}let r=()=>{clearTimeout(i),t.removeEventListener(`abort`,r),n()},i=setTimeout(()=>{t.removeEventListener(`abort`,r),n()},e);t.addEventListener(`abort`,r)})}const ne={encode:async e=>JSON.stringify(e),decode:async e=>e};function re(e){return e===!1?!1:{baseMs:e?.baseMs??m.baseMs,maxMs:e?.maxMs??m.maxMs}}function h(e,t=`unknown error`){return`message`in e?String(e.message):t}async function g(e,t,n){let r=await t.encode(e);n.send(r)}function ie(e){return e.readyState===1?Promise.resolve():e.readyState>=2?Promise.reject(Error(`WebSocket closed before opening`)):new Promise((t,n)=>{let r=()=>{e.removeEventListener(`open`,i),e.removeEventListener(`error`,a),e.removeEventListener(`close`,o)},i=()=>{r(),t()},a=e=>{r(),n(Error(`WebSocket connection failed — ${h(e)}`))},o=()=>{r(),n(Error(`WebSocket closed before opening`))};e.addEventListener(`open`,i),e.addEventListener(`error`,a),e.addEventListener(`close`,o)})}async function ae(e,t,n){let r=await Promise.allSettled(Array.from(t).map(t=>t(e,n.receiveContext)));for(let e of r)e.status===`rejected`&&n.debug&&console.error(`[WebSocketClientTransport:${n.name}] Handler error:`,e.reason);return r.every(e=>e.status===`fulfilled`)}function oe(e,t){return{...t?.getReceiveContext?.(),transportName:e}}async function se(e,t){let{name:n,debug:r,auth:i,codec:a,messageTransform:o,correlations:s,handlers:c}=t;try{let u=JSON.parse(e.toString());if(typeof u!=`object`||!u||typeof u.type!=`string`){r&&console.error(`[WebSocketClientTransport:${n}] Invalid message structure:`,u);return}let d=u;if(i?.handleAuthMessage(d)||d.type===`heartbeat`)return;let f=await a.decode(d);if(o&&(f=await o(f)),f.type===`heartbeat`)return;if(f.type===`subscribe-sync-complete`){t.onSyncComplete();return}if(f.type===`subscription-ack`){typeof f.ackId==`string`&&t.onSubscriptionAck(f.ackId);return}if(l(f,s))return;let p=oe(n,i);await ae(f,c,{debug:r,name:n,receiveContext:p})&&(f.type===`subscribe`||f.type===`unsubscribe`)&&typeof f.ackId==`string`&&await t.sendSubscriptionAck(f.ackId)}catch(e){r&&console.error(`[WebSocketClientTransport:${n}] Failed to parse message:`,e)}}function ce(e,t){let n=n=>{se(n.data,{name:t.name,debug:t.debug,auth:t.auth,codec:t.codec,messageTransform:t.messageTransform,correlations:t.correlations,handlers:t.handlers,onSyncComplete:()=>{t.resolveReady()},onSubscriptionAck:e=>{t.resolveSubscriptionAck(e)},sendSubscriptionAck:async n=>{e.readyState===1&&await g({type:`subscription-ack`,ackId:n},t.codec,e)}})};t.setMessageListener(n),e.addEventListener(`message`,n)}function _(e,t){let n=t.getMessageListener();n!==null&&(e.removeEventListener(`message`,n),t.setMessageListener(null));let r=t.getCloseListener();r!==null&&(e.removeEventListener(`close`,r),t.setCloseListener(null))}async function v(e){e.resolveReady(),e.rejectPendingSubscriptionAcks(Error(`WebSocketClientTransport: reconnecting before subscription ack`)),e.resetReadyPromise();let t=e.getSocket();t!==null&&_(t,e);let n=await e.wsFactory(e.url);e.setSocket(n),e.setAuthComplete(!1);try{ce(n,e),await ie(n),e.auth&&await e.auth.authenticateClient(e=>{if(n.readyState!==1)throw Error(`WebSocketClientTransport: cannot send auth message — socket not open`);n.send(JSON.stringify(e))}),e.setAuthComplete(!0),e.debug&&console.info(`[WebSocketClientTransport:${e.name}] Connected to ${e.url}`),e.localSubscriptions.size>0&&(await g(a(e.localSubscriptions),e.codec,n),e.debug&&console.info(`[WebSocketClientTransport:${e.name}] Replayed ${e.localSubscriptions.size} subscription(s)`)),e.notifyConnected()}catch(t){let r=e.getSocket()===n;throw r&&e.auth?.cleanup(),_(n,e),r&&e.setSocket(null),e.setAuthComplete(!1),r&&(n.readyState===0||n.readyState===1)&&n.close(),t}}function y(e,t){return new Promise(n=>{if(e.readyState===3||t.aborted){n();return}let r=()=>{t.removeEventListener(`abort`,i),n()},i=()=>{e.removeEventListener(`close`,r),n()};e.addEventListener(`close`,r),t.addEventListener(`abort`,i)})}async function le(e,t,n,r,i){i(!0);try{for(;!e.aborted;){let i=n.getSocket(),a=i!==null;if(i!==null&&i.readyState!==3&&await y(i,e),e.aborted)break;a&&(n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connection lost, starting reconnect loop (maxMs=${t.maxMs})`),n.notifyDisconnected());let o=0;for(;!e.aborted;){let i=ee(o,t.baseMs,t.maxMs);n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Reconnecting in ${i}ms (attempt ${o+1})`);let a=new AbortController;if(r(a),await te(i,AbortSignal.any([e,a.signal])),r(null),e.aborted)break;try{await v(n),o=0;let t=n.getSocket();if(t!==null){let r=()=>{n.auth?.cleanup(),n.setAuthComplete(!1),n.debug&&console.info(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connection closed`),n.rejectPendingSubscriptionAcks(Error(`WebSocketClientTransport: disconnected before subscription ack`))};n.setCloseListener(r),t.addEventListener(`close`,r),await y(t,e)}break}catch(e){if(n.debug){let t=e instanceof Error?e.message:String(e);console.warn(`[WebSocketClientTransport:${n.name}] ${new Date().toISOString()} Connect attempt ${o+1} failed: ${t}`)}o++}}}}finally{i(!1)}}function ue(e,t,n){let r=()=>{t.auth?.cleanup(),_(e,t),t.setAuthComplete(!1),t.setSocket(null),n(),t.resolveReady(),t.rejectPendingSubscriptionAcks(Error(`WebSocketClientTransport: disconnected before subscription ack`)),t.notifyDisconnected()};t.setCloseListener(r),e.addEventListener(`close`,r)}async function de(e,t,n,r){let i=r.localSubscriptions.get(e)?.filter,o=t??i;if(r.localSubscriptions.set(e,{filter:o,priorities:n}),r.socket!==null&&r.socket.readyState===1){let t=r.beginSubscriptionAck?.(),i=a(new Map([[e,{filter:o,priorities:n}]]),t?.ackId);try{await g(i,r.codec,r.socket),await t?.promise}catch(e){throw t?.reject(e),e}}r.debug&&console.info(`[WebSocketClientTransport:${r.name}] Subscribed to ${e}${o?` with filter`:``}`)}async function fe(e,t){let n=t.localSubscriptions.get(e);if(t.localSubscriptions.delete(e),t.socket!==null&&t.socket.readyState===1){let r=t.beginSubscriptionAck?.(),i=o({[e]:n?.priorities??[]},r?.ackId);try{await g(i,t.codec,t.socket),await r?.promise}catch(e){throw r?.reject(e),e}}t.debug&&console.info(`[WebSocketClientTransport:${t.name}] Unsubscribed from ${e}`)}var b=class{name;url;auth;codec;messageTransform;autoReconnectConfig;wsFactory;debug;onConnectedCallback;onDisconnectedCallback;socket=null;authComplete=!1;correlations=new t;handlers=new Set;localSubscriptions=new Map;pendingSubscriptionAcks=new Map;subscriptionAckSeq=0;messageListener=null;closeListener=null;reconnectAbort=null;backoffWakeAbort=null;reconnectLoopRunning=!1;readyResolve=null;ready;onNewReadySession=void 0;onConnected=void 0;onDisconnected=void 0;constructor(e){this.url=e.url,this.name=e.name??`ws-client`,this.auth=e.auth,this.codec=e.codec??ne,this.messageTransform=e.messageTransform,this.debug=e.debug??!1,this.autoReconnectConfig=re(e.autoReconnect),this.wsFactory=e.createWebSocket??this.defaultWsFactory,this.onConnectedCallback=e.onConnected,this.onDisconnectedCallback=e.onDisconnected,this.ready=new Promise(e=>{this.readyResolve=e})}async connect(){if(this.reconnectAbort!==null)throw Error(`WebSocketClientTransport: already connected`);let e=new AbortController;this.reconnectAbort=e;try{await v(this.connectionDeps())}catch(e){throw this.reconnectAbort=null,e}this.autoReconnectConfig===!1?this.socket!==null&&this.wireNoReconnectClose(this.socket):this.startReconnectLoop(e.signal)}async disconnect(){let e=this.reconnectAbort;if(this.reconnectAbort=null,e?.abort(),this.readyResolve?.(),this.readyResolve=null,this.socket!==null){_(this.socket,this.connectionDeps());let e=this.socket;this.socket=null,this.authComplete=!1,(e.readyState===0||e.readyState===1)&&e.close()}this.correlations.cleanup(),this.rejectPendingSubscriptionAcks(Error(`WebSocketClientTransport: disconnected before subscription ack`)),this.auth?.cleanup(),this.handlers.clear(),this.debug&&console.info(`[WebSocketClientTransport:${this.name}] Disconnected`)}async send(e,t){if(this.socket===null||this.socket.readyState!==1)throw Error(`WebSocketClientTransport: not connected`);let r=await this.codec.encode(e);return this.socket.send(r),f(e,this.correlations,t??n)}onReceive(e){return this.handlers.add(e),()=>{this.handlers.delete(e)}}async subscribe(e,t,n=[]){await de(e,t,n,this.subscriptionDeps())}async unsubscribe(e){await fe(e,this.subscriptionDeps())}getSubscriptions(){return new Set(this.localSubscriptions.keys())}cancelRequest(e,t){this.correlations.cancel(e,t)}isReady(){return this.socket!==null&&this.socket.readyState===1&&this.authComplete}async reconnect(){if(!this.isReady()){if(this.backoffWakeAbort!==null){this.backoffWakeAbort.abort(),this.backoffWakeAbort=null;return}if(this.autoReconnectConfig!==!1){if(this.reconnectLoopRunning)return;this.reconnectAbort!==null&&this.startReconnectLoop(this.reconnectAbort.signal);return}try{await v(this.connectionDeps()),this.socket!==null&&(this.reconnectAbort=new AbortController,this.wireNoReconnectClose(this.socket))}catch{}}}startReconnectLoop(e){return le(e,this.autoReconnectConfig,this.connectionDeps(),e=>{this.backoffWakeAbort=e},e=>{this.reconnectLoopRunning=e})}subscriptionDeps(){return{name:this.name,debug:this.debug,codec:this.codec,socket:this.socket,localSubscriptions:this.localSubscriptions,beginSubscriptionAck:()=>this.beginSubscriptionAck()}}beginSubscriptionAck(){let e=`${this.name}:sub:${++this.subscriptionAckSeq}`,t,n,r=new Promise((e,r)=>{t=e,n=r});r.catch(()=>void 0);let i=t=>{this.pendingSubscriptionAcks.has(e)&&(this.pendingSubscriptionAcks.delete(e),t())};return this.pendingSubscriptionAcks.set(e,{resolve:()=>i(t),reject:e=>i(()=>n(e))}),{ackId:e,promise:r,reject:t=>this.rejectSubscriptionAck(e,t)}}resolveSubscriptionAck(e){this.pendingSubscriptionAcks.get(e)?.resolve()}rejectSubscriptionAck(e,t){this.pendingSubscriptionAcks.get(e)?.reject(t)}rejectPendingSubscriptionAcks(e){for(let t of this.pendingSubscriptionAcks.keys())this.rejectSubscriptionAck(t,e)}connectionDeps(){return{name:this.name,debug:this.debug,auth:this.auth,codec:this.codec,messageTransform:this.messageTransform,correlations:this.correlations,handlers:this.handlers,localSubscriptions:this.localSubscriptions,wsFactory:this.wsFactory,url:this.url,getSocket:()=>this.socket,setSocket:e=>{this.socket=e},setAuthComplete:e=>{this.authComplete=e},getMessageListener:()=>this.messageListener,setMessageListener:e=>{this.messageListener=e},getCloseListener:()=>this.closeListener,setCloseListener:e=>{this.closeListener=e},resolveReady:()=>{this.readyResolve?.(),this.readyResolve=null},resetReadyPromise:()=>{this.ready=new Promise(e=>{this.readyResolve=e}),this.onNewReadySession?.(this.ready)},resolveSubscriptionAck:e=>{this.resolveSubscriptionAck(e)},rejectPendingSubscriptionAcks:e=>{this.rejectPendingSubscriptionAcks(e)},notifyConnected:()=>{this.onConnectedCallback?.(),this.onConnected?.()},notifyDisconnected:()=>{this.onDisconnectedCallback?.(),this.onDisconnected?.()}}}defaultWsFactory=async e=>new(await(import(`ws`))).WebSocket(e);wireNoReconnectClose(e){ue(e,this.connectionDeps(),()=>{this.reconnectAbort=null})}};function x(e){e.timer!==void 0&&clearTimeout(e.timer)}var pe=class{pendingBroadcasts=new Map;timeout;debug;constructor(e={}){this.timeout=e.timeout??5e3,this.debug=e.debug??!1}startClientBroadcast(e,t,n,r,i){let a=t.correlationId,o=i??this.timeout,s={kind:`client`,sender:e,results:[],pendingClients:new Set(n),nodeResultsReceived:!1,timer:o===0?void 0:setTimeout(()=>{this.debug&&console.warn(`[BroadcastAggregator] Broadcast ${a} timed out`),this.finalizeBroadcast(a)},o)};this.pendingBroadcasts.set(a,s);let c=JSON.stringify(t);for(let e of n)r(e,c);this.debug&&console.info(`[BroadcastAggregator] Broadcast ${a} forwarded to ${n.length} clients`)}startServerBroadcast(e,t,n,r){let i=e.correlationId,a=r??this.timeout;return t.length===0?(this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${i} - no target clients`),Promise.resolve([])):new Promise(r=>{let o={kind:`server`,results:[],pendingClients:new Set(t),timer:a===0?void 0:setTimeout(()=>{this.debug&&console.warn(`[BroadcastAggregator] Server broadcast ${i} timed out`),this.finalizeServerBroadcast(i)},a),resolve:r};this.pendingBroadcasts.set(i,o);let s=JSON.stringify(e);for(let e of t)n(e,s);this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${i} sent to ${t.length} clients`)})}handleResponse(e,t){let n=this.pendingBroadcasts.get(t.correlationId);return n?(t.results&&n.results.push(...t.results),n.pendingClients.delete(e),this.debug&&console.info(`[BroadcastAggregator] Broadcast ${t.correlationId} got response, ${n.pendingClients.size} pending`),this.checkBroadcastComplete(t.correlationId,n),!0):!1}handleNodeResults(e,t,n){let r=this.pendingBroadcasts.get(e);return!r||r.kind!==`client`?!1:(r.results.push(...t),r.nodeResultsReceived=!0,r.nodeError=n,this.debug&&console.info(`[BroadcastAggregator] Broadcast ${e} node results aggregated${n?` (with error)`:``}`),this.checkBroadcastComplete(e,r),!0)}handleClientDisconnect(e){for(let[t,n]of this.pendingBroadcasts)n.kind===`client`&&n.sender===e?(x(n),this.pendingBroadcasts.delete(t)):n.pendingClients.has(e)&&(n.pendingClients.delete(e),this.checkBroadcastComplete(t,n))}cleanup(){for(let e of this.pendingBroadcasts.values())x(e),e.kind===`server`&&e.resolve(e.results);this.pendingBroadcasts.clear()}checkBroadcastComplete(e,t){if(!(t.pendingClients.size>0))if(t.kind===`client`){if(!t.nodeResultsReceived)return;this.finalizeBroadcast(e)}else this.finalizeServerBroadcast(e)}finalizeBroadcast(e){let t=this.pendingBroadcasts.get(e);if(!t||t.kind!==`client`)return;x(t),this.pendingBroadcasts.delete(e);let n=t.nodeError?{type:`broadcast-response`,correlationId:e,error:t.nodeError}:{type:`broadcast-response`,correlationId:e,results:t.results};t.sender.readyState===1&&t.sender.send(JSON.stringify(n)),this.debug&&console.info(`[BroadcastAggregator] Broadcast ${e} finalized with ${t.results.length} results`)}finalizeServerBroadcast(e){let t=this.pendingBroadcasts.get(e);!t||t.kind!==`server`||(x(t),this.pendingBroadcasts.delete(e),t.resolve(t.results),this.debug&&console.info(`[BroadcastAggregator] Server broadcast ${e} finalized with ${t.results.length} results`))}},me=class{clients=new Set;authenticatingClients=new Set;clientSubscriptions=new Map;clientFilters=new Map;debug;constructor(e={}){this.debug=e.debug??!1}addAuthenticating(e){this.authenticatingClients.add(e)}removeAuthenticating(e){this.authenticatingClients.delete(e)}isAuthenticating(e){return this.authenticatingClients.has(e)}addClient(e){this.clients.add(e)}removeClient(e){this.clients.delete(e),this.authenticatingClients.delete(e),this.clientSubscriptions.delete(e),this.clientFilters.delete(e),this.debug&&console.info(`[ClientRegistry] Client removed (${this.clients.size} remaining)`)}get size(){return this.clients.size}getAllSockets(){return new Set([...this.clients,...this.authenticatingClients])}handleSubscribeMessage(e,t){let n=this.clientSubscriptions.get(e);n||(n=new Set,this.clientSubscriptions.set(e,n));let r=this.clientFilters.get(e);for(let[i]of Object.entries(t.subjects)){n.add(i);let a=t.filters?.[i];a===void 0?r?.delete(i):(r||(r=new Map,this.clientFilters.set(e,r)),r.set(i,a))}if(this.debug){let e=Object.keys(t.subjects).length,n=t.filters?Object.keys(t.filters).length:0;console.info(`[ClientRegistry] Client subscribed to ${e} subjects, ${n} filters`)}}handleUnsubscribeMessage(e,t){let n=this.clientSubscriptions.get(e),r=this.clientFilters.get(e);for(let e of Object.keys(t))n?.delete(e),r?.delete(e);this.debug&&console.info(`[ClientRegistry] Client unsubscribed from ${Object.keys(t).length} subjects`)}getReadyClients(){let e=[];for(let t of this.clients)t.readyState===1&&e.push(t);return e}getRequestRoutingPriority(e,t,n){let r=this.clientSubscriptions.get(e);return!r||r.size===0?1:this.clientWantsMessage(e,t,n)?2:0}getInterestedClients(e,t,n){let r=[];for(let i of this.clients)i!==n&&i.readyState===1&&this.clientWantsMessage(i,e,t)&&r.push(i);return r}forwardEventToClients(e,t,n){let r=c(t)??void 0,i=`payload`in t?t.payload:void 0,a=JSON.stringify(t),o=this.getInterestedClients(r,i,e);for(let e of o)n(e,a)}clientWantsMessage(e,t,n){return d(t,n,this.clientSubscriptions.get(e)??new Set,this.clientFilters.get(e)??new Map)}};async function S(e,t,n){let r=await Promise.allSettled(Array.from(t).map(t=>t(e,n.receiveContext)));for(let e of r)if(e.status===`rejected`&&n.debug){let t=n.logContext?` ${n.logContext}`:``;console.error(`[ServerTransport] Handler error${t}:`,e.reason)}return r.every(e=>e.status===`fulfilled`)}function he(e,t,n){let{correlations:r,broadcastAggregator:i,debug:a}=t;if(e.type===`heartbeat`)return!0;if(e.type===`response`){let t=e;return typeof t.correlationId==`string`?(t.error?r.reject(t.correlationId,s(t.error)):r.resolve(t.correlationId,t.result),!0):(a&&console.warn(`[ServerTransport] Malformed response message: missing correlationId`),!0)}if(e.type===`broadcast-response`){let t=e;return typeof t.correlationId==`string`?(i.handleResponse(n,t),!0):(a&&console.warn(`[ServerTransport] Malformed broadcast-response: missing correlationId`),!0)}return!1}async function ge(e,t,n){let{registry:r,broadcastAggregator:i,handlers:a,normalizeBroadcastTimeout:o,sendSafely:s,debug:c}=n;if(he(e,n,t))return;let l=n.auth?.getReceiveContext?.(t);if(e.type===`subscribe`){let n=e;if(!p(n.subjects)){c&&console.warn(`[ServerTransport] Malformed subscribe message: missing subjects record`);return}r.handleSubscribeMessage(t,n),await S(n,a,{debug:c,receiveContext:l,logContext:`dispatching subscribe`})&&typeof n.ackId==`string`&&s(t,JSON.stringify({type:`subscription-ack`,ackId:n.ackId}));return}if(e.type===`unsubscribe`){let n=e;if(!p(n.subjects)){c&&console.warn(`[ServerTransport] Malformed unsubscribe message: missing subjects record`);return}r.handleUnsubscribeMessage(t,n.subjects),await S(n,a,{debug:c,receiveContext:l,logContext:`dispatching unsubscribe`})&&typeof n.ackId==`string`&&s(t,JSON.stringify({type:`subscription-ack`,ackId:n.ackId}));return}if(e.type===`broadcast`){let n=e;if(typeof n.correlationId!=`string`||typeof n.subject!=`string`){c&&console.warn(`[ServerTransport] Malformed broadcast message: missing correlationId or subject`);return}let u=r.getInterestedClients(n.subject,n.payload,t),d=o(n.timeout);i.startClientBroadcast(t,n,u,s,d),await S(e,a,{debug:c,receiveContext:l});return}e.type===`event`&&r.forwardEventToClients(t,e,s),await S(e,a,{debug:c,receiveContext:l})}function _e(e,t){let{auth:n,registry:r,debug:i}=t;return async a=>{let o;try{o=JSON.parse(a.toString())}catch(e){i&&console.error(`[ServerTransport] Failed to parse message:`,e);return}let s=o&&typeof o==`object`?o:void 0;if(!s||typeof s.type!=`string`){i&&console.error(`[ServerTransport] Invalid message structure:`,o);return}let c=o;try{if(n?.handleAuthMessage(c,e))return;if(n&&r.isAuthenticating(e)){i&&console.warn(`[ServerTransport] Ignoring message from unauthenticated client`);return}if(n?.isSocketAuthenticated?.(e)===!1){i&&console.warn(`[ServerTransport] Closing socket with expired authentication`),n.cleanupSocket(e),e.close(1008,`Authentication expired`);return}await ge(c,e,t)}catch(e){i&&console.error(`[ServerTransport] Failed to process message:`,e)}}}function ve(e){return typeof e!=`number`||!Number.isFinite(e)||e<=0?5e3:Math.min(e,6e4)}async function ye(e,t){let{registry:n,correlations:r,broadcastAggregator:i,handlers:o,auth:s,serverSubscriptions:c,sendSafely:l,debug:u}=t;s&&n.addAuthenticating(e);let d=_e(e,{registry:n,correlations:r,broadcastAggregator:i,handlers:o,auth:s,normalizeBroadcastTimeout:ve,sendSafely:l,debug:u}),f=e=>{d(e.data)},p=()=>{s?.cleanupSocket(e),n.removeClient(e),e.removeEventListener(`message`,f),e.removeEventListener(`close`,p),e.removeEventListener(`error`,m),i.handleClientDisconnect(e),u&&console.info(`[ServerTransport] Client disconnected (${n.size} remaining)`)},m=e=>{u&&console.error(`[ServerTransport] Client socket error:`,e)};e.addEventListener(`message`,f),e.addEventListener(`close`,p),e.addEventListener(`error`,m);try{if(s&&(await s.authenticateServer(e,t=>{if(e.readyState!==1)throw Error(`Cannot send auth message: socket not ready (state: ${e.readyState})`);e.send(JSON.stringify(t))}),n.removeAuthenticating(e)),e.readyState!==1)return;if(n.addClient(e),c.size>0){let t=a(c);l(e,JSON.stringify(t))}l(e,JSON.stringify({type:`subscribe-sync-complete`})),u&&console.info(`[ServerTransport] Client connected (${n.size} total)`)}catch(t){u&&console.error(`[ServerTransport] Client authentication failed:`,t),e.close(1008,`Authentication failed`)}}async function be(e,t,n){let{registry:a,correlations:o}=n,s=`${e.namespace}.${e.subject}`,c=a.getReadyClients().map(t=>({client:t,priority:a.getRequestRoutingPriority(t,s,e.payload)})).sort((e,t)=>t.priority-e.priority).map(({client:e})=>e);if(c.length===0)throw new r(s);for(let[n,r]of c.entries()){let a=`${e.correlationId}:attempt-${n+1}`,c={...e,correlationId:a};try{r.send(JSON.stringify(c))}catch{continue}try{return await o.track(a,t)}catch(e){if(u(e,s)||e instanceof i)continue;throw e}}throw new r(s)}var C=class{name;wss;auth;debug;handlers=new Set;registry;serverSubscriptions=new Map;broadcastAggregator;correlations=new t;connectionListener=null;constructor(e){let{websocket:t,name:n=`websocket`,auth:r,debug:i=!1}=e;this.wss=t,this.name=n,this.auth=r,this.debug=i,this.registry=new me({debug:i}),this.broadcastAggregator=new pe({debug:i})}sendToClientSafely(e,t){try{e.send(t)}catch(e){this.debug&&console.warn(`[ServerTransport] Failed to send message to client:`,e)}}async connect(){if(this.connectionListener!==null)throw Error(`ServerTransport.connect() called while already connected`);this.connectionListener=e=>{ye(e,{registry:this.registry,correlations:this.correlations,broadcastAggregator:this.broadcastAggregator,handlers:this.handlers,auth:this.auth,serverSubscriptions:this.serverSubscriptions,sendSafely:(e,t)=>this.sendToClientSafely(e,t),debug:this.debug})},this.wss.on(`connection`,this.connectionListener),this.debug&&console.info(`[ServerTransport] Listening for connections`)}async disconnect(){this.connectionListener&&=(this.wss.off(`connection`,this.connectionListener),null);let e=this.registry.getAllSockets();for(let t of e)t.close();await new Promise((e,t)=>{this.wss.close(n=>n?t(n):e())}),this.correlations.cleanup(),this.broadcastAggregator.cleanup(),this.auth?.cleanup(),this.handlers.clear(),this.serverSubscriptions.clear(),this.debug&&console.info(`[ServerTransport] Disconnected`)}async send(e,t){if(e.type===`broadcast`){let n=c(e)??void 0,r=`payload`in e?e.payload:void 0,i=this.registry.getInterestedClients(n,r);return this.broadcastAggregator.startServerBroadcast(e,i,(e,t)=>{this.sendToClientSafely(e,t)},t)}if(e.type===`request`)return be(e,t??n,{registry:this.registry,correlations:this.correlations});if(this.registry.size===0){if(this.debug){let t=c(e);console.debug(`[ServerTransport] No clients to receive ${e.type}${t?`: ${t}`:``}`)}return!1}let r=c(e)??void 0,i=`payload`in e?e.payload:void 0,a=JSON.stringify(e),o=this.registry.getInterestedClients(r,i);for(let e of o)this.sendToClientSafely(e,a);let s=o.length>0;if(!s){if(r&&this.debug&&console.warn(`[ServerTransport] No interested clients for subject: ${r}`),e.type===`response`)return!1;if(!r)throw Error(`No connected clients available to receive message`)}return s}onReceive(e){return this.handlers.add(e),()=>{this.handlers.delete(e)}}cancelRequest(e,t){this.correlations.cancel(e,t)}onBroadcastResults(e,t,n){this.broadcastAggregator.handleNodeResults(e,t,n)}async subscribe(e,t,n=[]){let r=this.serverSubscriptions.get(e)?.filter,i=t??r;if(this.serverSubscriptions.set(e,{filter:i,priorities:n}),this.registry.size>0){let t=a(new Map([[e,{filter:i,priorities:n}]])),r=JSON.stringify(t);for(let e of this.registry.getReadyClients())this.sendToClientSafely(e,r)}}getConnectionCount(){return this.registry.getReadyClients().length}async unsubscribe(e){if(this.serverSubscriptions.delete(e),this.registry.size>0){let t=o({[e]:[]}),n=JSON.stringify(t);for(let e of this.registry.getReadyClients())this.sendToClientSafely(e,n)}}};function xe(e,t){let n=new Event(`close`);return Object.defineProperties(n,{code:{value:e??1e3,enumerable:!0},reason:{value:t??``,enumerable:!0}}),n}function Se(e){if(typeof e!=`object`||!e)throw TypeError(`WebSocket transport options must be an object`);let t=e;if(t.mode!==`client`&&t.mode!==`server`)throw TypeError(`WebSocket transport mode must be "client" or "server"`);if(t.mode===`client`){if(!Ce(t.websocket))throw TypeError(`WebSocket transport client mode requires a websocket with addEventListener/removeEventListener`);return}if(!we(t.websocket))throw TypeError(`WebSocket transport server mode requires a websocket with on/off listener methods`)}function Ce(e){if(typeof e!=`object`||!e)return!1;let t=e;return typeof t.send==`function`&&typeof t.close==`function`&&typeof t.addEventListener==`function`&&typeof t.removeEventListener==`function`}function we(e){if(typeof e!=`object`||!e)return!1;let t=e;return typeof t.on==`function`&&typeof t.off==`function`&&typeof t.close==`function`}var Te=class{secret;algorithm;challengeTimeout;identityId;resolveSecret;resolvePeer;pendingChallenge;pendingResult;queuedChallengeNonce;queuedResult;clientAuthComplete=!1;serverPendingResponses=new Map;serverAuthenticatedSockets=new Set;serverAuthenticatedPeers=new Map;constructor(e){this.secret=e.secret,this.algorithm=e.algorithm??`sha256`,this.challengeTimeout=e.challengeTimeout??5e3,this.identityId=e.identityId,this.resolveSecret=e.resolveSecret,this.resolvePeer=e.resolvePeer}async authenticateServer(e,t){let n=crypto.getRandomValues(new Uint8Array(32)),r=Array.from(n).map(e=>e.toString(16).padStart(2,`0`)).join(``),i=await this.computeHmac(r);t({type:`auth-challenge`,nonce:r});let a=!1;try{let{signature:n,identityId:o}=await this.waitForAuthResponseWithIdentity(e),s;if(this.resolveSecret&&o!==void 0){let i=this.resolveSecret(o);if(i===null)throw this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!1,error:`Unknown identity`}),a=!0,Error(`HMAC authentication failed: Unknown identity '${o}'`);s=await this.computeHmacWithSecret(r,i),this.constantTimeEqual(n,s)&&this.serverAuthenticatedPeers.set(e,o)}else s=i;if(!this.constantTimeEqual(n,s))throw this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!1,error:`Invalid signature`}),a=!0,Error(`HMAC authentication failed: Invalid signature`);this.serverAuthenticatedSockets.add(e),this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!0}),a=!0}catch(n){let r=this.serverPendingResponses.has(e);throw this.serverPendingResponses.delete(e),!a&&r&&this.sendAuthResultBestEffort(t,{type:`auth-result`,success:!1,error:n instanceof Error?n.message:`Authentication failed`}),n}finally{this.serverPendingResponses.delete(e)}}async authenticateClient(e){this.clientAuthComplete=!1;let t=await this.waitForAuthChallenge();e({type:`auth-response`,signature:await this.computeHmac(t),...this.identityId!==void 0&&{identityId:this.identityId}});let n=await this.waitForAuthResult();if(!n.success)throw Error(`HMAC authentication failed: ${n.error??`Unknown error`}`);this.clientAuthComplete=!0}handleAuthMessage(e,t){if(typeof e!=`object`||!e||!(`type`in e)||typeof e.type!=`string`)return!1;let n=e;if(n.type===`auth-challenge`)return typeof n.nonce!=`string`||this.clientAuthComplete||(this.pendingChallenge?(clearTimeout(this.pendingChallenge.timeoutHandle),this.pendingChallenge.resolve(n.nonce),this.pendingChallenge=void 0):this.queuedChallengeNonce=n.nonce),!0;if(n.type===`auth-result`){if(typeof n.success!=`boolean`||this.clientAuthComplete)return!0;let e={success:n.success,error:n.error};return this.pendingResult?(clearTimeout(this.pendingResult.timeoutHandle),this.pendingResult.resolve(e),this.pendingResult=void 0):this.queuedResult=e,!0}if(n.type===`auth-response`){if(t){let e=this.serverPendingResponses.get(t);e&&(clearTimeout(e.timeoutHandle),e.resolve({signature:n.signature,identityId:n.identityId}))}return!0}return!1}async waitForAuthChallenge(){if(this.queuedChallengeNonce!==void 0){let e=this.queuedChallengeNonce;return this.queuedChallengeNonce=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingChallenge=void 0,t(Error(`Authentication challenge timeout`))},this.challengeTimeout);this.pendingChallenge={resolve:e,reject:t,timeoutHandle:n}})}async waitForAuthResponseWithIdentity(e){return new Promise((t,n)=>{let r={resolve:t,reject:n,timeoutHandle:setTimeout(()=>{n(Error(`Authentication response timeout`))},this.challengeTimeout)};this.serverPendingResponses.set(e,r)})}async waitForAuthResult(){if(this.queuedResult!==void 0){let e=this.queuedResult;return this.queuedResult=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingResult=void 0,t(Error(`Authentication result timeout`))},this.challengeTimeout);this.pendingResult={resolve:e,reject:t,timeoutHandle:n}})}async computeHmac(e){return this.computeHmacWithSecret(e,this.secret)}async computeHmacWithSecret(e,t){let n=new TextEncoder,r=n.encode(t),i=this.algorithm.replace(/^sha/,`SHA-`),a=await crypto.subtle.importKey(`raw`,r,{name:`HMAC`,hash:i},!1,[`sign`]),o=await crypto.subtle.sign(`HMAC`,a,n.encode(e));return Array.from(new Uint8Array(o)).map(e=>e.toString(16).padStart(2,`0`)).join(``)}getReceiveContext(e){if(!e)return;let t=this.serverAuthenticatedPeers.get(e);if(t===void 0)return;let n=this.resolvePeer?.(t);if(this.resolvePeer!==void 0&&n===null)return;let r=n??{kind:`workflow-execution`,id:t};return{transportName:``,peer:{...r,id:r.id??t,authenticated:!0}}}isSocketAuthenticated(e){if(!this.serverAuthenticatedSockets.has(e))return!1;if(!this.resolveSecret)return!0;let t=this.serverAuthenticatedPeers.get(e);return t===void 0?!0:this.resolveSecret(t)===null?(this.cleanupSocket(e),!1):!0}constantTimeEqual(e,t){if(e.length!==t.length)return!1;let n=new Uint8Array(e.length/2),r=new Uint8Array(t.length/2);for(let i=0;i<n.length;i++)n[i]=parseInt(e.slice(i*2,i*2+2),16),r[i]=parseInt(t.slice(i*2,i*2+2),16);let i=0;for(let e=0;e<n.length;e++)i|=n[e]^r[e];return i===0}sendAuthResultBestEffort(e,t){try{e(t)}catch{}}cleanupSocket(e){let t=this.serverPendingResponses.get(e);t&&(clearTimeout(t.timeoutHandle),this.serverPendingResponses.delete(e),t.reject(Error(`Socket disconnected during HMAC authentication`))),this.serverAuthenticatedPeers.delete(e),this.serverAuthenticatedSockets.delete(e)}cleanup(){this.pendingChallenge&&=(clearTimeout(this.pendingChallenge.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.queuedChallengeNonce=void 0,this.queuedResult=void 0,this.clientAuthComplete=!1;for(let e of this.serverPendingResponses.values())clearTimeout(e.timeoutHandle);this.serverPendingResponses.clear(),this.serverAuthenticatedPeers.clear(),this.serverAuthenticatedSockets.clear()}};const w=new Map;function Ee(e,t,n={}){if(e.trim().length===0)throw Error(`registerHmacIdentitySecret requires a non-empty identityId`);if(t.length===0)throw Error(`registerHmacIdentitySecret requires a non-empty secret`);let r={secret:t,peerKind:n.peerKind?.trim()||`workflow-execution`};w.set(e,r);let i=!0;return()=>{i&&(i=!1,w.get(e)===r&&w.delete(e))}}function De(e){return w.get(e)?.secret??null}function Oe(e){let t=w.get(e);return t?{kind:t.peerKind,id:e,authenticated:!0}:null}function ke(){w.clear()}function T(e){let t=Array.from(e,e=>String.fromCharCode(e)).join(``);return btoa(t).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=/g,``)}function E(e){let t=e.replace(/-/g,`+`).replace(/_/g,`/`),n=(4-t.length%4)%4;t+=`=`.repeat(n);let r=atob(t),i=new Uint8Array(r.length);for(let e=0;e<r.length;e++)i[e]=r.charCodeAt(e);return i}function D(e){return new TextEncoder().encode(e)}function O(e){return new TextDecoder().decode(e)}async function k(e){let t=await crypto.subtle.exportKey(`spki`,e);return T(new Uint8Array(t))}async function A(e){let t=await crypto.subtle.exportKey(`raw`,e);return T(new Uint8Array(t))}async function j(e,t,n=[]){let r=E(e);return crypto.subtle.importKey(`spki`,r,t,!0,n)}async function M(e,t,n=[]){let r=E(e);return crypto.subtle.importKey(`raw`,r,t,!0,n)}async function N(e){let t=await crypto.subtle.exportKey(`pkcs8`,e),n=T(new Uint8Array(t)).replace(/-/g,`+`).replace(/_/g,`/`),r=(4-n.length%4)%4;return n+=`=`.repeat(r),`-----BEGIN PRIVATE KEY-----\n${n.match(/.{1,64}/g)?.join(`
2
+ `)??n}\n-----END PRIVATE KEY-----`}async function P(e,t,n){let r=E(e.replace(/-----BEGIN PRIVATE KEY-----/,``).replace(/-----END PRIVATE KEY-----/,``).replace(/\s/g,``).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=/g,``));return crypto.subtle.importKey(`pkcs8`,r,t,!0,n)}const F={name:`ECDH`,namedCurve:`P-256`};async function I(e=!0){return crypto.subtle.generateKey(F,e,[`deriveKey`,`deriveBits`])}async function L(e){return k(e)}async function Ae(e){return A(e)}async function je(e){return M(e,F)}async function R(e,t=[]){return j(e,F,t)}async function Me(e){return N(e)}async function Ne(e){return P(e,F,[`deriveKey`,`deriveBits`])}async function z(e,t){return crypto.subtle.deriveBits({name:`ECDH`,public:t},e,256)}async function B(e,t){let n=crypto.getRandomValues(new Uint8Array(12)),r=await crypto.subtle.encrypt({name:`AES-GCM`,iv:n},e,t);return{ciphertext:new Uint8Array(r),nonce:n}}async function V(e,t,n){let r=await crypto.subtle.decrypt({name:`AES-GCM`,iv:n},e,t);return new Uint8Array(r)}async function Pe(e){return crypto.subtle.importKey(`raw`,e,{name:`AES-GCM`},!1,[`encrypt`,`decrypt`])}async function H(e,t,n){let r=await crypto.subtle.importKey(`raw`,e,{name:`HKDF`},!1,[`deriveKey`]);return crypto.subtle.deriveKey({name:`HKDF`,hash:`SHA-256`,salt:t,info:D(n)},r,{name:`AES-GCM`,length:256},!1,[`encrypt`,`decrypt`])}const U={name:`ECDSA`,namedCurve:`P-256`};async function Fe(e=!0){return crypto.subtle.generateKey(U,e,[`sign`,`verify`])}async function W(e,t){let n=await crypto.subtle.sign({name:`ECDSA`,hash:{name:`SHA-256`}},e,t);return new Uint8Array(n)}async function G(e,t,n){return crypto.subtle.verify({name:`ECDSA`,hash:{name:`SHA-256`}},e,t,n)}async function Ie(e){return k(e)}async function Le(e){return j(e,U,[`verify`])}async function Re(e){return A(e)}async function ze(e){return M(e,U,[`verify`])}async function Be(e){return N(e)}async function Ve(e){return P(e,U,[`sign`])}var He=e({decodeText:()=>O,decrypt:()=>V,deriveSessionKey:()=>H,deriveSharedSecret:()=>z,encodeText:()=>D,encrypt:()=>B,exportPrivateKeyPEM:()=>Me,exportPublicKey:()=>L,exportPublicKeyRaw:()=>Ae,exportSigningPrivateKeyPEM:()=>Be,exportSigningPublicKey:()=>Ie,exportSigningPublicKeyRaw:()=>Re,fromBase64Url:()=>E,generateECDHKeyPair:()=>I,generateSigningKeyPair:()=>Fe,importAESKey:()=>Pe,importPrivateKeyPEM:()=>Ne,importPublicKey:()=>R,importPublicKeyRaw:()=>je,importSigningPrivateKeyPEM:()=>Ve,importSigningPublicKey:()=>Le,importSigningPublicKeyRaw:()=>ze,sign:()=>W,toBase64Url:()=>T,verify:()=>G});function K(e){let t=e.match(/.{1,2}/g);return new Uint8Array(t?.map(e=>parseInt(e,16))??[])}function q(e){return Array.from(e).map(e=>e.toString(16).padStart(2,`0`)).join(``)}async function J(e,t){let n=await I(!0),r=await L(n.publicKey);return{ephemeralKeyPair:n,ephemeralPublicKey:r,signature:q(await W(e,D(r+t)))}}function Ue(){return q(crypto.getRandomValues(new Uint8Array(16)))}async function Y(e,t,n,r){let i=D(t+r);return G(e,K(n),i)}async function X(e,t,n,r){return H(await z(e,await R(t)),K(n),r)}async function We(e,t,n,r){if(e===t)throw Error(`deriveRelaySaltHex: identityId must differ from peerId`);let[i,a]=e<t?[e,t]:[t,e],[o,s]=e<t?[n,r]:[r,n],c=D(`${i}${a}${o}${s}`),l=new Uint8Array(c).buffer,u=await crypto.subtle.digest(`SHA-256`,l);return q(new Uint8Array(u))}var Ge=class{signingKeyPair;identityId;peerId;getPeerSigningKey;timeout;pendingKeyExchange;pendingResult;clientSession;clientEphemeralKeyPair;serverPendingKeyExchange=new Map;serverSessions=new Map;serverEphemeralKeyPairs=new Map;constructor(e){this.signingKeyPair=e.signingKeyPair,this.identityId=e.identityId,this.peerId=e.peerId,this.getPeerSigningKey=e.getPeerSigningKey,this.timeout=e.timeout??1e4}async authenticateClient(e){if(!this.peerId)throw Error(`E2E authentication failed: peerId is required for client authentication`);let{ephemeralKeyPair:t,ephemeralPublicKey:n,signature:r}=await J(this.signingKeyPair.privateKey,this.identityId);this.clientEphemeralKeyPair=t;try{let i=this.waitForKeyExchangeResponse(),a=this.waitForAuthResult();e({type:`e2e-key-exchange`,deviceId:this.identityId,ephemeralPublicKey:n,signature:r});let o=await i,s=await this.getPeerSigningKey(this.peerId);if(!s)throw Error(`E2E authentication failed: Unknown server`);if(!await Y(s,o.ephemeralPublicKey,o.signature,this.peerId))throw Error(`E2E authentication failed: Invalid server signature`);let c=await X(t.privateKey,o.ephemeralPublicKey,o.salt,`makaio-e2e-session-v1`);this.clientSession={sessionKey:c,peerId:this.peerId};let l=await a;if(!l.success)throw Error(`E2E authentication failed: ${l.error??`Unknown error`}`)}catch(e){throw this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.clientSession=void 0,this.clientEphemeralKeyPair=void 0,e}}async authenticateServer(e,t){try{let n=await this.waitForClientKeyExchange(e),r=await this.getPeerSigningKey(n.deviceId);if(!r)throw t({type:`e2e-auth-result`,success:!1,error:`Unknown device`}),Error(`E2E authentication failed: Unknown device ${n.deviceId}`);if(!await Y(r,n.ephemeralPublicKey,n.signature,n.deviceId))throw t({type:`e2e-auth-result`,success:!1,error:`Invalid signature`}),Error(`E2E authentication failed: Invalid client signature`);let{ephemeralKeyPair:i,ephemeralPublicKey:a,signature:o}=await J(this.signingKeyPair.privateKey,this.identityId),s=Ue();this.serverEphemeralKeyPairs.set(e,i),t({type:`e2e-key-exchange-response`,ephemeralPublicKey:a,signature:o,salt:s});let c=await X(i.privateKey,n.ephemeralPublicKey,s,`makaio-e2e-session-v1`);this.serverSessions.set(e,{sessionKey:c,peerId:n.deviceId}),t({type:`e2e-auth-result`,success:!0})}catch(n){throw this.serverPendingKeyExchange.delete(e),this.serverEphemeralKeyPairs.delete(e),t({type:`e2e-auth-result`,success:!1,error:n instanceof Error?n.message:`Authentication failed`}),n}finally{this.serverPendingKeyExchange.delete(e)}}handleAuthMessage(e,t){if(typeof e!=`object`||!e||!(`type`in e)||typeof e.type!=`string`)return!1;let n=e;if(n.type===`e2e-key-exchange-response`)return this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),this.pendingKeyExchange.resolve({ephemeralPublicKey:n.ephemeralPublicKey,signature:n.signature,salt:n.salt}),void 0),!0;if(n.type===`e2e-auth-result`)return this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),this.pendingResult.resolve({success:n.success,error:n.error}),void 0),!0;if(n.type===`e2e-key-exchange`&&t){let e=this.serverPendingKeyExchange.get(t);return e&&(clearTimeout(e.timeoutHandle),e.resolve({deviceId:n.deviceId,ephemeralPublicKey:n.ephemeralPublicKey,signature:n.signature})),!0}return!1}async waitForKeyExchangeResponse(){return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingKeyExchange=void 0,t(Error(`E2E key exchange timeout`))},this.timeout);this.pendingKeyExchange={resolve:e,reject:t,timeoutHandle:n}})}async waitForAuthResult(){return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingResult=void 0,t(Error(`E2E authentication result timeout`))},this.timeout);this.pendingResult={resolve:e,reject:t,timeoutHandle:n}})}async waitForClientKeyExchange(e){return new Promise((t,n)=>{let r={resolve:t,reject:n,timeoutHandle:setTimeout(()=>{this.serverPendingKeyExchange.delete(e),n(Error(`E2E key exchange timeout`))},this.timeout)};this.serverPendingKeyExchange.set(e,r)})}getSessionKey(e){return e?this.serverSessions.get(e)?.sessionKey??null:this.clientSession?.sessionKey??null}getPeerId(e){return e?this.serverSessions.get(e)?.peerId??null:this.clientSession?.peerId??null}getReceiveContext(e){let t=this.getPeerId(e);if(t!==null)return{transportName:``,peer:{kind:`e2e`,id:t,authenticated:!0,encrypted:!0}}}cleanupSocket(e){let t=this.serverPendingKeyExchange.get(e);t&&(clearTimeout(t.timeoutHandle),this.serverPendingKeyExchange.delete(e)),this.serverSessions.delete(e),this.serverEphemeralKeyPairs.delete(e)}cleanup(){this.pendingKeyExchange&&=(clearTimeout(this.pendingKeyExchange.timeoutHandle),void 0),this.pendingResult&&=(clearTimeout(this.pendingResult.timeoutHandle),void 0),this.clientSession=void 0,this.clientEphemeralKeyPair=void 0;for(let e of this.serverPendingKeyExchange.values())clearTimeout(e.timeoutHandle);this.serverPendingKeyExchange.clear(),this.serverSessions.clear(),this.serverEphemeralKeyPairs.clear()}};const Z=`E2E relay auth session aborted by reconnect`;var Ke=class{signingKeyPair;identityId;getPeerSigningKey;timeout;mode;blocking;pendingPeer;sessionKey;peerId;localEphemeral;localExchangeMessage;sentLocalExchange=!1;earlyPeer;sendAuthMessage;authGeneration=0;processingExchange=!1;constructor(e){this.signingKeyPair=e.signingKeyPair,this.identityId=e.identityId,this.getPeerSigningKey=e.getPeerSigningKey,this.timeout=e.timeout??1e4,this.mode=e.mode??`initiator`,this.blocking=e.blocking??!0}async authenticateClient(e){let t=this.sendAuthMessage===void 0?this.earlyPeer:void 0;this.cleanup();let n=this.authGeneration;if(this.earlyPeer=t,this.sendAuthMessage=e,this.mode===`initiator`){if(await this.ensureLocalExchangeMessage(),n!==this.authGeneration)throw Error(Z);this.sendLocalExchange()}if(!this.blocking){if(this.earlyPeer){let e=this.earlyPeer;this.earlyPeer=void 0,this.dispatchPeerExchange(e,n)}return}let r=await this.waitForPeerExchange();if(await this.processPeerExchange(r,n),n!==this.authGeneration||!this.sessionKey)throw Error(Z)}async authenticateServer(e,t){throw Error(`E2ERelayAuth does not support server authentication`)}handleAuthMessage(e){let t=e;return!t||t.type!==`e2e-relay-key-exchange`?!1:t.identityId===this.identityId?!0:this.pendingPeer?(this.pendingPeer.resolve(t),this.pendingPeer=void 0,!0):(this.earlyPeer=t,!this.blocking&&this.sendAuthMessage&&!this.sessionKey&&!this.processingExchange&&this.dispatchPeerExchange(t,this.authGeneration),!0)}cleanupSocket(e){}cleanup(){this.authGeneration++,this.pendingPeer&&=(this.pendingPeer.reject(Error(Z)),void 0),this.earlyPeer&&=void 0,this.sessionKey=void 0,this.peerId=void 0,this.localEphemeral=void 0,this.localExchangeMessage=void 0,this.sentLocalExchange=!1,this.processingExchange=!1,this.sendAuthMessage=void 0}dispatchPeerExchange(e,t){this.processingExchange=!0,this.processPeerExchange(e,t).catch(e=>{e instanceof Error&&e.message===Z||console.error(`[E2ERelayAuth] Peer exchange failed:`,e)}).finally(()=>{t===this.authGeneration&&(this.processingExchange=!1,this.retryQueuedPeerExchange(t))})}getSessionKey(){return this.sessionKey??null}getPeerId(){return this.peerId??null}getReceiveContext(){let e=this.getPeerId();if(e!==null)return{transportName:``,peer:{kind:`e2e`,id:e,authenticated:!0,encrypted:!0}}}async waitForPeerExchange(){if(this.earlyPeer){let e=this.earlyPeer;return this.earlyPeer=void 0,e}return new Promise((e,t)=>{let n=setTimeout(()=>{this.pendingPeer=void 0,t(Error(`E2E relay key exchange timeout`))},this.timeout),r=()=>{clearTimeout(n),this.pendingPeer=void 0};this.pendingPeer={resolve:t=>{r(),e(t)},reject:e=>{r(),t(e)},timeoutHandle:n}})}async ensureLocalExchangeMessage(){if(this.localExchangeMessage&&this.localEphemeral)return this.localExchangeMessage;let{ephemeralKeyPair:e,ephemeralPublicKey:t,signature:n}=await J(this.signingKeyPair.privateKey,this.identityId);return this.localEphemeral=e,this.localExchangeMessage={type:`e2e-relay-key-exchange`,identityId:this.identityId,ephemeralPublicKey:t,signature:n},this.localExchangeMessage}sendLocalExchange(e=!1){!this.sendAuthMessage||!this.localExchangeMessage||!e&&this.sentLocalExchange||(this.sendAuthMessage(this.localExchangeMessage),this.sentLocalExchange=!0)}retryQueuedPeerExchange(e){if(this.blocking||!this.sendAuthMessage||this.sessionKey||this.processingExchange||e!==this.authGeneration)return;let t=this.earlyPeer;t&&(this.earlyPeer=void 0,this.dispatchPeerExchange(t,e))}async processPeerExchange(e,t){if(!this.sendAuthMessage){this.earlyPeer=e;return}let n=await this.ensureLocalExchangeMessage();if(t!==this.authGeneration)return;let r=await this.getPeerSigningKey(e.identityId);if(!r)throw Error(`E2E relay authentication failed: Unknown peer ${e.identityId}`);if(!await Y(r,e.ephemeralPublicKey,e.signature,e.identityId))throw Error(`E2E relay authentication failed: Invalid peer signature`);let i=await We(this.identityId,e.identityId,n.ephemeralPublicKey,e.ephemeralPublicKey);if(!this.localEphemeral)throw Error(`E2E relay authentication failed: Local ephemeral key missing`);let a=await X(this.localEphemeral.privateKey,e.ephemeralPublicKey,i,`makaio-e2e-relay-v1`);t===this.authGeneration&&(this.sessionKey=a,this.peerId=e.identityId,this.mode===`initiator`?this.sendLocalExchange(!0):this.sendLocalExchange())}},qe=class{hmac;e2e;socketStrategy=new Map;pendingServerAuth=new Map;hmacCancelled=new Map;constructor(e){this.hmac=e.hmac,this.e2e=e.e2e}setE2EAuth(e){this.e2e=e}async authenticateClient(e){let t=this.hmac??this.e2e;if(!t)throw Error(`DispatchingAuth: no auth strategy configured`);return t.authenticateClient(e)}async authenticateServer(e,t){let n=this.resolveSingleStrategy();if(n)return n.authenticateServer(e,t);if(!this.hmac||!this.e2e)throw Error(`DispatchingAuth: no auth strategy configured`);let r={cancelled:!1};this.hmacCancelled.set(e,r);let i=this.hmac.authenticateServer(e,e=>{r.cancelled||t(e)});return new Promise((n,a)=>{this.pendingServerAuth.set(e,{resolve:n,reject:a,send:t}),i.then(n).catch(e=>{r.cancelled||a(e instanceof Error?e:Error(String(e)))})})}handleAuthMessage(e,t){if(!t)return(this.hmac??this.e2e)?.handleAuthMessage(e)??!1;let n=this.socketStrategy.get(t);if(n)return n.handleAuthMessage(e,t);let r=this.resolveStrategy(e),i=this.pendingServerAuth.get(t);return r?(this.socketStrategy.set(t,r),this.pendingServerAuth.delete(t),r===this.hmac?this.hmacCancelled.delete(t):(this.cancelHmac(t),i&&r.authenticateServer(t,i.send).then(i.resolve).catch(e=>{i.reject(e instanceof Error?e:Error(String(e)))})),r.handleAuthMessage(e,t)):(this.cancelHmac(t),i&&(this.pendingServerAuth.delete(t),i.reject(Error(`DispatchingAuth: unrecognised auth message type "${this.peekType(e)}" — no matching strategy`))),!1)}cleanupSocket(e){let t=this.socketStrategy.get(e);t&&(t.cleanupSocket(e),this.socketStrategy.delete(e)),this.cancelHmac(e);let n=this.pendingServerAuth.get(e);n&&(this.pendingServerAuth.delete(e),n.reject(Error(`DispatchingAuth: socket disconnected before auth type was determined`)))}cleanup(){this.hmac?.cleanup(),this.e2e?.cleanup(),this.socketStrategy.clear();for(let e of this.pendingServerAuth.values())e.reject(Error(`DispatchingAuth: cleanup called before authentication completed`));this.pendingServerAuth.clear(),this.hmacCancelled.clear()}peekType(e){if(typeof e!=`object`||!e||!(`type`in e))return;let{type:t}=e;return typeof t==`string`?t:void 0}resolveSingleStrategy(){if(this.hmac&&!this.e2e)return this.hmac;if(this.e2e&&!this.hmac)return this.e2e}resolveStrategy(e){let t=this.peekType(e);if(t){if(t===`e2e-key-exchange`&&this.e2e)return this.e2e;if(t===`auth-response`&&this.hmac)return this.hmac}}cancelHmac(e){let t=this.hmacCancelled.get(e);t&&(t.cancelled=!0,this.hmacCancelled.delete(e),this.hmac?.cleanupSocket(e))}};function Je(e){return`payload`in e}async function Ye(e,t,n){if(e.type!==`response`||e.result===void 0||e.error!==void 0)return;let{ciphertext:r,nonce:i}=await B(n,D(JSON.stringify(e.result)));t.result=T(r),t.e2e={nonce:T(i),v:1}}async function Xe(e,t,n){if(e.type!==`broadcast-response`||e.results===void 0||e.error!==void 0)return;let{ciphertext:r,nonce:i}=await B(n,D(JSON.stringify(e.results)));t.results=T(r),t.e2e={nonce:T(i),v:1}}async function Ze(e,t,n){if(!Je(e)||e.payload===void 0)return;let{ciphertext:r,nonce:i}=await B(n,D(JSON.stringify(e.payload)));t.payload=T(r),t.e2e={nonce:T(i),v:1}}async function Qe(e,t,n){if(e.type!==`response`&&e.type!==`broadcast-response`||e.error===void 0)return;let{ciphertext:r,nonce:i}=await B(n,D(JSON.stringify(e.error)));t.error=T(r),t.e2e={nonce:T(i),v:1}}async function $e(e,t,n,r){if(!Je(e)||typeof e.payload!=`string`)return;let i=O(await V(n,E(e.payload),r));t.payload=JSON.parse(i)}async function et(e,t,n,r){if(e.type!==`response`||typeof e.result!=`string`)return;let i=O(await V(n,E(e.result),r));t.result=JSON.parse(i)}async function tt(e,t,n,r){if(e.type!==`broadcast-response`||typeof e.results!=`string`)return;let i=O(await V(n,E(e.results),r));t.results=JSON.parse(i)}async function nt(e,t,n,r){if(e.type!==`response`&&e.type!==`broadcast-response`||typeof e.error!=`string`)return;let i=O(await V(n,E(e.error),r));t.error=JSON.parse(i)}async function rt(e,t){let n={...e};return await Ze(e,n,t),await Ye(e,n,t),await Xe(e,n,t),await Qe(e,n,t),n}async function it(e,t){if(!e.e2e)return e;let n={...e};delete n.e2e;let r=E(e.e2e.nonce);return await $e(e,n,t,r),await et(e,n,t,r),await tt(e,n,t,r),await nt(e,n,t,r),n}function at(e){return e.type===`subscription-ack`&&typeof e.ackId==`string`}function ot(e){let{e2eAuth:t,websocket:n,...r}=e,i=new b({...r,url:`<pre-connected>`,createWebSocket:()=>n,auth:t,autoReconnect:!1,messageTransform:async e=>{let n=t.getSessionKey();if(!n||at(e))return e;let r=e;if(!r.e2e)throw Error(`Received plaintext message on E2E-encrypted channel — possible injection`);return it(r,n)}});async function a(e,n){let r=t.getSessionKey();if(!r)throw Error(`E2E session key not available - authentication may have failed`);let a=await rt(e,r);return i.send(a,n)}return{name:i.name,connect:i.connect.bind(i),disconnect:i.disconnect.bind(i),send:a,cancelRequest:i.cancelRequest.bind(i),onReceive:i.onReceive.bind(i),subscribe:i.subscribe.bind(i),unsubscribe:i.unsubscribe.bind(i),getSubscriptions:i.getSubscriptions.bind(i)}}function st(e){return ot(e)}function ct(e){if(!e||typeof e!=`object`)return!1;let t=e;if(t.type!==`e2e-relay-envelope`||typeof t.payload!=`string`)return!1;let n=t.e2e;return!!n&&typeof n.nonce==`string`&&typeof n.v==`number`}async function lt(e,t){let{ciphertext:n,nonce:r}=await B(t,D(JSON.stringify(e)));return{type:`e2e-relay-envelope`,payload:T(n),e2e:{nonce:T(r),v:1}}}async function ut(e,t){let n=E(e.e2e.nonce),r=O(await V(t,E(e.payload),n));return JSON.parse(r)}function dt(e){let t=()=>{if(!e.isFrozen())throw Error(`RelayControlRegistry must be frozen before processing relay control messages`)};function n(t){return typeof t.namespace!=`string`||typeof t.subject!=`string`||!e.isControlEvent(t.namespace,t.subject)||typeof t.messageId!=`string`?!1:t.payload!==void 0}function r(t){return typeof t.namespace!=`string`||typeof t.subject!=`string`||!e.isControlRequest(t.namespace,t.subject)||typeof t.messageId!=`string`||typeof t.correlationId!=`string`?!1:t.payload!==void 0}function i(e){if(t(),!e||typeof e!=`object`)return!1;let i=e;return i.type===`event`?n(i):i.type===`request`?r(i):!1}function a(e){if(t(),!e||typeof e!=`object`)return!1;let n=e;return n.type!==`relay-control`||n.v!==1||!n.payload||typeof n.payload!=`object`?!1:i(n.payload)}function o(e){if(t(),!i(e))throw Error(`Invalid relay control message`);return{type:`relay-control`,v:1,payload:e}}return{createRelayControlEnvelope:o,isRelayControlEnvelopeMessage:a,isRelayControlBusMessage:i}}function Q(e){let t=Date.now()-3e5;for(let[n,r]of e)r>=t||e.delete(n);for(;e.size>2048;){let t=e.keys().next().value;if(!t)break;e.delete(t)}}const ft=e=>{if(!e||typeof e!=`object`)return!1;let t=e;return t.type===`response`&&typeof t.correlationId==`string`},pt=e=>e.type===`subscribe`||e.type===`unsubscribe`,mt=e=>{if(!e||typeof e!=`object`)return!1;let t=e;return t.type===`subscription-ack`&&typeof t.ackId==`string`};function $(e,t,n,r){if(!r.isFrozen())throw Error(`E2ERelay transport requires a frozen relay control registry`);let{createRelayControlEnvelope:i,isRelayControlEnvelopeMessage:a,isRelayControlBusMessage:o}=dt(r),s=e=>{n.delete(e),n.set(e,Date.now()),Q(n)};return{encode:async t=>{if(o(t))return t.type===`request`&&s(t.correlationId),JSON.stringify(i(t));if(Q(n),t.type===`response`&&n.has(t.correlationId))return n.delete(t.correlationId),JSON.stringify(t);let r=e.getSessionKey();if(!r&&pt(t)||!r&&mt(t))return JSON.stringify(t);if(!r)throw Error(`E2E relay session not established`);let a=await lt(t,r);return JSON.stringify(a)},decode:async r=>{let i=e.getSessionKey();if(a(r)){let e=r.payload;return t&&console.info(`[E2ERelayTransport] Decoded relay control envelope:`,e.type,e.namespace,e.subject),e.type===`request`&&s(e.correlationId),e}if(Q(n),ft(r)&&n.has(r.correlationId))return n.delete(r.correlationId),r;if(!i&&mt(r))return r;if(!i)throw Error(`E2E relay session not established`);if(!ct(r))throw Error(`Received plaintext message on relay E2E channel — possible injection`);return ut(r,i)}}}function ht(e,t,n=!1){let r=new Map;return{codec:$(e,n,r,t),reset:()=>r.clear()}}function gt(e){let{e2eAuth:t,registry:n,websocket:r,...i}=e,a=e.debug??!1,o=new Map,s=$(t,a,o,n);a&&console.info(`[E2ERelayTransport] Creating inner transport...`);let c=new b({...i,url:`<pre-connected>`,createWebSocket:()=>r,auth:t,codec:s,autoReconnect:!1});return a&&console.info(`[E2ERelayTransport] Inner transport created`),{name:c.name,connect:async()=>{if(!n.isFrozen())throw Error(`E2ERelayClientTransport: registry must be frozen before connect()`);o.clear();try{await c.connect()}catch(e){throw o.clear(),e}},disconnect:async()=>{o.clear();try{await c.disconnect()}finally{o.clear()}},send:c.send.bind(c),cancelRequest:c.cancelRequest.bind(c),onReceive:(...e)=>(a&&console.info(`[E2ERelayTransport] onReceive called, delegating to inner transport`),c.onReceive(...e)),subscribe:c.subscribe.bind(c),unsubscribe:c.unsubscribe.bind(c),getSubscriptions:c.getSubscriptions.bind(c),isReady:()=>!!t.getSessionKey()&&c.isReady()}}function _t(){let e=!1,t=new Map,n=new Map,r=()=>{if(e)throw Error(`RelayControlRegistry is frozen and cannot be modified`)};return{registerEventSubjects(e,n){r();let i=t.get(e)??new Set;for(let e of n)i.add(e);t.set(e,i)},registerRequestNamespace(e,t){if(r(),t.length===0)throw Error(`RelayControlRegistry request namespace "${e}" requires at least one subject`);let i=n.get(e)??new Set;for(let e of t)i.add(e);n.set(e,i)},freeze(){e=!0},isFrozen(){return e},isControlEvent(e,n){return t.get(e)?.has(n)??!1},isControlRequest(e,t){return n.get(e)?.has(t)??!1}}}function vt(e){if(Se(e),e.mode===`client`){if(e.connectionOptions!==void 0)throw Error(`createWebSocketTransport(client) does not support connectionOptions when wrapping a pre-created WebSocket. Use WebSocketClientTransport for reconnect or dial-time socket options.`);let t=e.websocket;return new b({url:`<pre-connected>`,createWebSocket:()=>t,auth:e.auth,debug:e.debug,autoReconnect:!1})}else return new C({websocket:e.websocket,auth:e.auth,debug:e.debug})}export{qe as DispatchingAuth,Ge as E2EAuth,Ke as E2ERelayAuth,Te as HmacAuth,C as ServerTransport,b as WebSocketClientTransport,ke as clearHmacIdentitySecretsForTesting,st as createE2EClientTransport,gt as createE2ERelayClientTransport,ht as createE2ERelayCodec,dt as createRelayControlHelpers,_t as createRelayControlRegistry,xe as createWebSocketCloseEvent,vt as createWebSocketTransport,He as crypto,h as extractSocketErrorMessage,Ee as registerHmacIdentitySecret,Oe as resolveHmacIdentityPeer,De as resolveHmacIdentitySecret};
package/dist/{orchestrator-shared-D2txLAUs.mjs → orchestrator-shared-CIDiFJMD.mjs} RENAMED
@@ -1 +1 @@
1
- import{n as e}from"./namespace-DGMO2E8f.mjs";import{MakaioBus as t}from"@makaio/framework/bus";import{AdapterSubjects as n,AgentSubjects as r,SessionSubjects as i}from"@makaio/framework/contracts";function a(){t.__resetHandlers?.()}function o(e=10){return new Promise(t=>setTimeout(t,e))}function s(e,t){let n=Date.now();return{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,sessionId:t?.sessionId??`test-session`,role:`member`,status:`idle`,createdAt:n,lastActivityAt:n,...t}}async function c(e,r=e){await t.emit(n.initialized,{adapterName:e,adapterId:r,capabilities:[]})}async function l(n){return(await t.request(e.getEvents,{sessionId:n})).events}function u(e,n,r){let i=[];return r.push(t.on(e,(e=>{let t=e.payload;i.push(n(t))}))),{received:i,clear:()=>{i.length=0}}}function d(e){return u(i.turn.started,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentIds:[...e.agentIds],initiator:e.initiator}),e)}function f(e){return u(i.turn.completed,e=>({sessionId:e.sessionId,turnId:e.turnId,success:e.success,error:e.error,initiator:e.initiator}),e)}function p(e){return u(i.user_message.sent,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,content:e.content,agentIds:[...e.agentIds],origin:e.origin}),e)}function m(e){return u(i.user_message.acknowledged,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentId:e.agentId}),e)}function h(e){return u(i.user_message.completed,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentId:e.agentId,outcome:e.outcome,error:e.error}),e)}const g=s;function _(e){let t=Date.now();return{sessionId:e.sessionId,createdAt:t,lastActivityAt:t,status:e.status??`active`,agents:e.agents??[],leadAgentId:e.leadAgentId,targetWorkingDirectory:e.targetWorkingDirectory}}function v(e){return t.on(i.create,t=>{let n=t.payload.sessionId??`session-${crypto.randomUUID().slice(0,8)}`;e.set(n,_({sessionId:n,agents:[]})),t.setResult({sessionId:n})})}function y(e){return t.on(i.agent.added,t=>{let n=e.get(t.payload.sessionId);if(!n)return;let r=n.agents.length===0,i=t.payload.role??(r?`lead`:`member`);r&&(n.adapterSessionId=t.payload.adapterSessionId,n.adapterName=t.payload.adapterName,n.adapterId=t.payload.adapterId);let a=Date.now();n.agents.push({agentId:t.payload.agentId,adapterId:t.payload.adapterId,adapterName:t.payload.adapterName,sessionId:t.payload.sessionId,role:i,status:`idle`,createdAt:a,lastActivityAt:a}),i===`lead`&&(n.leadAgentId=t.payload.agentId),n.lastActivityAt=Date.now()})}function b(e){return t.on(i.get,t=>{t.setResult({session:e.get(t.payload.sessionId)??null})})}function x(e){return t.on(n.getAgent,t=>{for(let n of e.values()){let e=n.agents.find(e=>e.agentId===t.payload.agentId);if(e){t.setResult({agent:{agentId:e.agentId,sessionId:n.sessionId,adapterSessionId:``}});return}}t.setResult({agent:null})})}function S(){return t.on(n.rehydrateAgent,e=>{e.setResult({})})}function C(e=`/previous/cwd`){return t.on(r.cwd.change,t=>{t.setResult({success:!0,previousCwd:e})})}function w(){return t.on(r.model.change,e=>{e.setResult({success:!0,swapped:!1})})}function T(e){return t.on(n.startAgent,t=>{let{adapterId:n,initialMessage:r}=t.payload,i=t.payload.sessionId??`session-${crypto.randomUUID().slice(0,8)}`,a=`agent-${crypto.randomUUID().slice(0,8)}`,o=r?`msg-${crypto.randomUUID().slice(0,8)}`:void 0,s=`adapter-session-${i}`;e?.({adapterId:n,sessionId:i,initialMessage:r}),t.setResult({success:!0,agentId:a,adapterId:n,adapterSessionId:s,sessionId:i,...o&&{messageId:o}}),j({sessionId:i,agentId:a,adapterId:n,adapterSessionId:s})})}function E(e){return t.on(n.startAgent,t=>{t.setResult({success:!1,message:e})})}function D(e){return t.on(r.sendMessage,t=>{let{agentId:n,adapterId:r,message:i,messageId:a,sessionContext:o,responseSchema:s}=t.payload,c=a??`msg-${crypto.randomUUID().slice(0,8)}`;e?.({agentId:n,adapterId:r,message:i,messageId:c,sessionContext:o,responseSchema:s}),t.setResult({messageId:c})})}function O(e,n){return t.on(r.sendMessage,t=>{if(e.has(t.payload.agentId))throw Error(n);t.setResult({messageId:t.payload.messageId??`generated-id`})})}async function k(e,n){await t.emit(r.complete,{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,adapterSessionId:`adapter-session-${e}`,messageId:n})}async function A(e,n){await t.emit(r.complete,{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,adapterSessionId:`adapter-session-${e}`,messageId:`msg-error-${e}`,outcome:`error`,error:n})}function j(e){setImmediate(()=>{t.emit(i.agent.added,{sessionId:e.sessionId,agentId:e.agentId,adapterId:e.adapterId,adapterName:e.adapterId,adapterSessionId:e.adapterSessionId,role:e.role})})}function M(e,r){let i=new Map,a=t.on(n.startAgent,t=>{r.payload=t.payload;let n=`agent-${crypto.randomUUID().slice(0,8)}`,a=t.payload.initialMessage?`msg-${crypto.randomUUID().slice(0,8)}`:void 0,o=`adapter-session-${e}`;i.set(n,{agentId:n,sessionId:e,adapterSessionId:o,adapterId:t.payload.adapterId}),t.setResult({success:!0,agentId:n,adapterId:t.payload.adapterId,adapterSessionId:o,sessionId:e,...a&&{messageId:a}}),j({sessionId:e,agentId:n,adapterId:t.payload.adapterId,adapterSessionId:o})}),o=t.on(n.getAgent,e=>{let t=i.get(e.payload.agentId);e.setResult({agent:t?{agentId:t.agentId,sessionId:t.sessionId,adapterSessionId:t.adapterSessionId}:null})});return()=>{a(),o()}}export{c as C,o as E,p as S,a as T,T as _,A as a,m as b,v as c,E as d,x as f,D as g,S as h,k as i,C as l,w as m,_ as n,y as o,b as p,j as r,M as s,g as t,O as u,f as v,l as w,h as x,d as y};
1
+ import{n as e}from"./namespace-DuXK5AYN.mjs";import{MakaioBus as t}from"@makaio/framework/bus";import{AdapterSubjects as n,AgentSubjects as r,SessionSubjects as i}from"@makaio/framework/contracts";function a(){t.__resetHandlers?.()}function o(e=10){return new Promise(t=>setTimeout(t,e))}function s(e,t){let n=Date.now();return{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,sessionId:t?.sessionId??`test-session`,role:`member`,status:`idle`,createdAt:n,lastActivityAt:n,...t}}async function c(e,r=e){await t.emit(n.initialized,{adapterName:e,adapterId:r,capabilities:[]})}async function l(n){return(await t.request(e.getEvents,{sessionId:n})).events}function u(e,n,r){let i=[];return r.push(t.on(e,(e=>{let t=e.payload;i.push(n(t))}))),{received:i,clear:()=>{i.length=0}}}function d(e){return u(i.turn.started,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentIds:[...e.agentIds],initiator:e.initiator}),e)}function f(e){return u(i.turn.completed,e=>({sessionId:e.sessionId,turnId:e.turnId,success:e.success,error:e.error,initiator:e.initiator}),e)}function p(e){return u(i.user_message.sent,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,content:e.content,agentIds:[...e.agentIds],origin:e.origin}),e)}function m(e){return u(i.user_message.acknowledged,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentId:e.agentId}),e)}function h(e){return u(i.user_message.completed,e=>({sessionId:e.sessionId,turnId:e.turnId,messageId:e.messageId,agentId:e.agentId,outcome:e.outcome,error:e.error}),e)}const g=s;function _(e){let t=Date.now();return{sessionId:e.sessionId,createdAt:t,lastActivityAt:t,status:e.status??`active`,agents:e.agents??[],leadAgentId:e.leadAgentId,targetWorkingDirectory:e.targetWorkingDirectory}}function v(e){return t.on(i.create,t=>{let n=t.payload.sessionId??`session-${crypto.randomUUID().slice(0,8)}`;e.set(n,_({sessionId:n,agents:[]})),t.setResult({sessionId:n})})}function y(e){return t.on(i.agent.added,t=>{let n=e.get(t.payload.sessionId);if(!n)return;let r=n.agents.length===0,i=t.payload.role??(r?`lead`:`member`);r&&(n.adapterSessionId=t.payload.adapterSessionId,n.adapterName=t.payload.adapterName,n.adapterId=t.payload.adapterId);let a=Date.now();n.agents.push({agentId:t.payload.agentId,adapterId:t.payload.adapterId,adapterName:t.payload.adapterName,sessionId:t.payload.sessionId,role:i,status:`idle`,createdAt:a,lastActivityAt:a}),i===`lead`&&(n.leadAgentId=t.payload.agentId),n.lastActivityAt=Date.now()})}function b(e){return t.on(i.get,t=>{t.setResult({session:e.get(t.payload.sessionId)??null})})}function x(e){return t.on(n.getAgent,t=>{for(let n of e.values()){let e=n.agents.find(e=>e.agentId===t.payload.agentId);if(e){t.setResult({agent:{agentId:e.agentId,sessionId:n.sessionId,adapterSessionId:``}});return}}t.setResult({agent:null})})}function S(){return t.on(n.rehydrateAgent,e=>{e.setResult({})})}function C(e=`/previous/cwd`){return t.on(r.cwd.change,t=>{t.setResult({success:!0,previousCwd:e})})}function w(){return t.on(r.model.change,e=>{e.setResult({success:!0,swapped:!1})})}function T(e){return t.on(n.startAgent,t=>{let{adapterId:n,initialMessage:r}=t.payload,i=t.payload.sessionId??`session-${crypto.randomUUID().slice(0,8)}`,a=`agent-${crypto.randomUUID().slice(0,8)}`,o=r?`msg-${crypto.randomUUID().slice(0,8)}`:void 0,s=`adapter-session-${i}`;e?.({adapterId:n,sessionId:i,initialMessage:r}),t.setResult({success:!0,agentId:a,adapterId:n,adapterSessionId:s,sessionId:i,...o&&{messageId:o}}),j({sessionId:i,agentId:a,adapterId:n,adapterSessionId:s})})}function E(e){return t.on(n.startAgent,t=>{t.setResult({success:!1,message:e})})}function D(e){return t.on(r.sendMessage,t=>{let{agentId:n,adapterId:r,message:i,messageId:a,sessionContext:o,responseSchema:s}=t.payload,c=a??`msg-${crypto.randomUUID().slice(0,8)}`;e?.({agentId:n,adapterId:r,message:i,messageId:c,sessionContext:o,responseSchema:s}),t.setResult({messageId:c})})}function O(e,n){return t.on(r.sendMessage,t=>{if(e.has(t.payload.agentId))throw Error(n);t.setResult({messageId:t.payload.messageId??`generated-id`})})}async function k(e,n){await t.emit(r.complete,{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,adapterSessionId:`adapter-session-${e}`,messageId:n})}async function A(e,n){await t.emit(r.complete,{agentId:e,adapterId:`adapter-${e}`,adapterName:`test-adapter`,adapterSessionId:`adapter-session-${e}`,messageId:`msg-error-${e}`,outcome:`error`,error:n})}function j(e){setImmediate(()=>{t.emit(i.agent.added,{sessionId:e.sessionId,agentId:e.agentId,adapterId:e.adapterId,adapterName:e.adapterId,adapterSessionId:e.adapterSessionId,role:e.role})})}function M(e,r){let i=new Map,a=t.on(n.startAgent,t=>{r.payload=t.payload;let n=`agent-${crypto.randomUUID().slice(0,8)}`,a=t.payload.initialMessage?`msg-${crypto.randomUUID().slice(0,8)}`:void 0,o=`adapter-session-${e}`;i.set(n,{agentId:n,sessionId:e,adapterSessionId:o,adapterId:t.payload.adapterId}),t.setResult({success:!0,agentId:n,adapterId:t.payload.adapterId,adapterSessionId:o,sessionId:e,...a&&{messageId:a}}),j({sessionId:e,agentId:n,adapterId:t.payload.adapterId,adapterSessionId:o})}),o=t.on(n.getAgent,e=>{let t=i.get(e.payload.agentId);e.setResult({agent:t?{agentId:t.agentId,sessionId:t.sessionId,adapterSessionId:t.adapterSessionId}:null})});return()=>{a(),o()}}export{c as C,o as E,p as S,a as T,T as _,A as a,m as b,v as c,E as d,x as f,D as g,S as h,k as i,C as l,w as m,_ as n,y as o,b as p,j as r,M as s,g as t,O as u,f as v,l as w,h as x,d as y};