npm - @morseai/sdk - Versions diffs - 0.1.0-beta.5 → 0.1.0-beta.7 - Mend

@morseai/sdk 0.1.0-beta.5 → 0.1.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,22 @@
+MIT License
+Copyright (c) 2025 MORSE Team
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,8 +1,12 @@
 # MORSE SDK
+[![npm version](https://badge.fury.io/js/%40morseai%2Fsdk.svg)](https://badge.fury.io/js/%40morseai%2Fsdk)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-blue.svg)](https://www.typescriptlang.org/)
 TypeScript SDK for creating and accessing encrypted signals in the MORSE platform.
-**Version:** 0.1.0-beta.5 (Beta Release)
+**Version:** 0.1.0-beta.7 (Beta Release)
 > ⚠️ **Beta Notice**: This is a beta release. The API is stable but may have minor changes before the 1.0.0 release. Please report any issues you encounter.

package/dist/index.d.mts CHANGED Viewed

@@ -103,7 +103,7 @@ interface CreateSignalResponse {
     expiresAt: string;
 }
 interface CreateSignalResponseEncrypted extends CreateSignalResponse {
-    keyBase64: string;
+    keyBase64?: string;
     shareableLink: string;
 }
 interface OpenSignalResponse {
@@ -378,7 +378,7 @@ declare function getSignalUrl(baseUrl: string, signalId: string, keyBase64?: str
 declare function extractSignalIdFromUrl(url: string): string | null;
 declare function getCipherVersion(): string;
-declare function generateShareableLink(baseUrl: string, signalId: string, keyBase64: string): string;
+declare function generateShareableLink(baseUrl: string, signalId: string, keyBase64?: string): string;
 /**
  * MORSE SDK - X25519 + XChaCha20-Poly1305 Encryption

package/dist/index.d.ts CHANGED Viewed

@@ -103,7 +103,7 @@ interface CreateSignalResponse {
     expiresAt: string;
 }
 interface CreateSignalResponseEncrypted extends CreateSignalResponse {
-    keyBase64: string;
+    keyBase64?: string;
     shareableLink: string;
 }
 interface OpenSignalResponse {
@@ -378,7 +378,7 @@ declare function getSignalUrl(baseUrl: string, signalId: string, keyBase64?: str
 declare function extractSignalIdFromUrl(url: string): string | null;
 declare function getCipherVersion(): string;
-declare function generateShareableLink(baseUrl: string, signalId: string, keyBase64: string): string;
+declare function generateShareableLink(baseUrl: string, signalId: string, keyBase64?: string): string;
 /**
  * MORSE SDK - X25519 + XChaCha20-Poly1305 Encryption

package/dist/index.js CHANGED Viewed

@@ -32,6 +32,7 @@ __export(crypto_x25519_exports, {
   deriveKeyPairFromWalletSignature: () => deriveKeyPairFromWalletSignature,
   generateSignalId: () => generateSignalId,
   openSharedSignal: () => openSharedSignal,
+  sealDataKey: () => sealDataKey,
   verifyKeyCertificate: () => verifyKeyCertificate
 });
 async function getSodium() {
@@ -291,6 +292,54 @@ async function openSharedSignal(encryptedPayloadBase64, payloadNonceBase64, seal
   );
   return payload;
 }
+async function sealDataKey(dataKeyBytes, walletTarget, walletCreator, expiresAt, signalId, domain, chainId, signMessage) {
+  await getSodium();
+  const senderKeypair = sodium.crypto_box_keypair();
+  const recipientKeypair = await deriveKeyPairFromWalletSignature(
+    walletTarget,
+    domain,
+    chainId,
+    signMessage
+  );
+  const recipientPubKey = recipientKeypair.publicKey;
+  const sharedSecret = sodium.crypto_scalarmult(
+    senderKeypair.privateKey,
+    recipientPubKey
+  );
+  const salt = `MORSE_SEAL_${signalId}_v1`;
+  const info = "wrap_datakey";
+  const wrappingKey = await hkdfSha256(sharedSecret, salt, info, 32);
+  const sealedNonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+  const expiresAtInt = Math.floor(Number(expiresAt));
+  const abiCoder = ethers.ethers.AbiCoder.defaultAbiCoder();
+  const senderEphemeralPubKeyHex = ethers.ethers.zeroPadValue(ethers.ethers.hexlify(senderKeypair.publicKey), 32);
+  const aad = abiCoder.encode(
+    ["string", "address", "address", "uint64", "string", "bytes32"],
+    [
+      signalId,
+      walletTarget.toLowerCase(),
+      walletCreator.toLowerCase(),
+      expiresAtInt,
+      exports.X25519_CIPHER_VERSION,
+      senderEphemeralPubKeyHex
+    ]
+  );
+  const aadBytes = ethers.ethers.getBytes(aad);
+  const aadHash = ethers.ethers.keccak256(aad).slice(2);
+  const sealedDataKey = sodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
+    dataKeyBytes,
+    aadBytes,
+    null,
+    sealedNonce,
+    wrappingKey
+  );
+  return {
+    sealedDataKey: Buffer.from(sealedDataKey).toString("base64"),
+    sealedNonce: Buffer.from(sealedNonce).toString("base64"),
+    senderEphemeralPublicKey: Buffer.from(senderKeypair.publicKey).toString("base64"),
+    aadHash
+  };
+}
 function generateSignalId() {
   const bytes = new Uint8Array(16);
   globalThis.crypto.getRandomValues(bytes);
@@ -628,7 +677,7 @@ async function decryptFile(encryptedData, ivBase64, key) {
   return decrypted;
 }
 function generateShareableLink(baseUrl, signalId, keyBase64) {
-  return `${baseUrl}/view/${signalId}#k=${encodeURIComponent(keyBase64)}`;
+  return `${baseUrl}/view/${signalId}`;
 }
 // src/implementations/v1/MorseSDKV1.ts
@@ -1250,6 +1299,35 @@ var MorseSDKV1 = class {
   async createPrivateSignalEncrypted(wallet, options) {
     const key = await generateKey();
     const keyBase64 = await exportKey(key);
+    const signalId = options.signalId || generateSignalId();
+    let expiresAtMs;
+    if (options.expiresAt) {
+      expiresAtMs = new Date(options.expiresAt).getTime();
+    } else if (options.expiresIn) {
+      const match = options.expiresIn.match(/^(\d+)([smhd])$/);
+      if (!match) throw new Error("Invalid expiresIn format");
+      const value = parseInt(match[1], 10);
+      const unit = match[2];
+      const multipliers = { s: 1e3, m: 6e4, h: 36e5, d: 864e5 };
+      expiresAtMs = Date.now() + value * multipliers[unit];
+    } else {
+      expiresAtMs = Date.now() + 24 * 60 * 60 * 1e3;
+    }
+    const walletTarget = wallet.address;
+    const walletCreator = wallet.address;
+    const domain = "morse.app";
+    const chainId = 8453;
+    const keyBytes = this.base64ToUint8Array(keyBase64);
+    const sealedBox = await sealDataKey(
+      keyBytes,
+      walletTarget.toLowerCase(),
+      walletCreator.toLowerCase(),
+      expiresAtMs,
+      signalId,
+      domain,
+      chainId,
+      wallet.signMessage
+    );
     let encryptedText;
     let payloadNonce;
     let fileOptions;
@@ -1276,6 +1354,7 @@ var MorseSDKV1 = class {
       };
     }
     const signalOptions = {
+      signalId,
       walletTarget: options.walletTarget,
       shareWithRecipient: options.shareWithRecipient,
       mode: options.mode,
@@ -1284,16 +1363,18 @@ var MorseSDKV1 = class {
       cipherVersion: getCipherVersion(),
       encryptedText,
       payloadNonce,
+      sealedDataKey: sealedBox.sealedDataKey,
+      sealedNonce: sealedBox.sealedNonce,
+      senderEphemeralPublicKey: sealedBox.senderEphemeralPublicKey,
+      aadHash: sealedBox.aadHash,
       file: fileOptions,
       onChainNotification: options.onChainNotification,
-      expiresAt: options.expiresAt,
-      expiresIn: options.expiresIn
+      expiresAt: new Date(expiresAtMs).toISOString()
     };
     const result = await this.createSignal(wallet, signalOptions);
-    const shareableLink = generateShareableLink(FRONTEND_BASE_URL, result.signalId, keyBase64);
+    const shareableLink = generateShareableLink(FRONTEND_BASE_URL, result.signalId);
     return {
       ...result,
-      keyBase64,
       shareableLink
     };
   }
@@ -1391,8 +1472,6 @@ var MorseSDKV1 = class {
     const shareableLink = `${FRONTEND_BASE_URL}/view/${result.signalId}`;
     return {
       ...result,
-      keyBase64: "",
-      // No key needed for X25519 signals
       shareableLink
     };
   }