@nekzus/liop 2.1.0-beta.3 → 2.1.0-beta.5

package/dist/chunk-V5MKJT6S.js

@@ -1,2 +0,0 @@
-import {a}from'./chunk-S6RJHZV2.js';import i from'path';import {fileURLToPath}from'url';import*as o from'@grpc/grpc-js';import*as d from'@grpc/proto-loader';import*as n from'fs';var S=fileURLToPath(import.meta.url),s=i.dirname(S),m=[i.resolve(s,"./protocol/liop_core.proto"),i.resolve(s,"../protocol/liop_core.proto")],C=i.resolve(s,"../../../../protocol/proto/liop_core.proto"),p=m.find(e=>n.existsSync(e))||C;n.existsSync(p)||a.error(`[LIOP-Proto] CRITICAL: Proto file not found at ${p}`);var v=d.loadSync(p,{keepCase:true,longs:String,enums:String,defaults:true,oneofs:true}),L=o.loadPackageDefinition(v),P=L.liop.v1;var u=()=>process.env.NODE_ENV==="production";function A(e){if(!e?.certChain||!e?.privateKey)return a.warn("[LIOP-TLS] No TLS certificates configured \u2014 using insecure server credentials"),o.ServerCredentials.createInsecure();try{let r=e.rootCert?n.readFileSync(e.rootCert):null,c=n.readFileSync(e.certChain),a=n.readFileSync(e.privateKey);return o.ServerCredentials.createSsl(r,[{cert_chain:c,private_key:a}])}catch(r){if(u())throw new Error(`[LIOP-TLS] FATAL: Server certificate loading failed in production mode. Refusing insecure fallback to prevent MITM/eavesdropping: ${r}`);return a.warn(`[LIOP-TLS] Server certificate loading failed, falling back to insecure (dev mode): ${r}`),o.ServerCredentials.createInsecure()}}function F(e){if(!e?.rootCert)return a.warn("[LIOP-TLS] No TLS root certificate configured \u2014 using insecure channel credentials"),o.credentials.createInsecure();try{let r=n.readFileSync(e.rootCert),c=e.certChain?n.readFileSync(e.certChain):void 0,a=e.privateKey?n.readFileSync(e.privateKey):void 0;return o.credentials.createSsl(r,a,c)}catch(r){if(u())throw new Error(`[LIOP-TLS] FATAL: Channel certificate loading failed in production mode. Refusing insecure fallback to prevent MITM/eavesdropping: ${r}`);return a.warn(`[LIOP-TLS] Channel certificate loading failed, falling back to insecure (dev mode): ${r}`),o.credentials.createInsecure()}}export{P as a,A as b,F as c};//# sourceMappingURL=chunk-V5MKJT6S.js.map
-//# sourceMappingURL=chunk-V5MKJT6S.js.map

package/dist/chunk-V5MKJT6S.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/rpc/proto.ts","../src/rpc/tls.ts"],"names":["__filename","fileURLToPath","__dirname","path","PROD_PATHS","DEV_PROTO_PATH","PROTO_PATH","p","l","log","packageDefinition","liopProto","f","liopV1","isProduction","createServerCredentials","tls","rootCert","certChain","privateKey","error","createChannelCredentials"],"mappings":"kLAKA,IAAMA,CAAAA,CAAaC,aAAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA,CAC1CC,CAAAA,CAAYC,CAAAA,CAAK,OAAA,CAAQH,CAAU,CAAA,CAMnCI,CAAAA,CAAa,CAClBD,CAAAA,CAAK,OAAA,CAAQD,CAAAA,CAAW,4BAA4B,CAAA,CACpDC,CAAAA,CAAK,OAAA,CAAQD,CAAAA,CAAW,6BAA6B,CACtD,CAAA,CAEMG,CAAAA,CAAiBF,CAAAA,CAAK,OAAA,CAC3BD,CAAAA,CACA,4CACD,CAAA,CAGMI,CAAAA,CAAaF,CAAAA,CAAW,IAAA,CAAMG,CAAAA,EAASC,CAAA,CAAA,UAAA,CAAWD,CAAC,CAAC,CAAA,EAAKF,CAAAA,CAEvDG,CAAA,CAAA,UAAA,CAAWF,CAAU,CAAA,EAC5BG,CAAAA,CAAI,KAAA,CAAM,CAAA,+CAAA,EAAkDH,CAAU,EAAE,CAAA,CAOzE,IAAMI,CAAAA,CAAgC,CAAA,CAAA,QAAA,CAASJ,CAAAA,CAAY,CAC1D,QAAA,CAAU,IAAA,CACV,KAAA,CAAO,MAAA,CACP,KAAA,CAAO,MAAA,CACP,QAAA,CAAU,IAAA,CACV,MAAA,CAAQ,IACT,CAAC,CAAA,CAGYK,CAAAA,CAAiBC,CAAA,CAAA,qBAAA,CAAsBF,CAAiB,CAAA,CACxDG,CAAAA,CAASF,CAAAA,CAAU,IAAA,CAAK,GCbrC,IAAMG,CAAAA,CAAe,IAAM,OAAA,CAAQ,GAAA,CAAI,QAAA,GAAa,YAAA,CAM7C,SAASC,CAAAA,CACfC,CAAAA,CACyB,CACzB,GAAI,CAACA,CAAAA,EAAK,SAAA,EAAa,CAACA,CAAAA,EAAK,UAAA,CAC5B,OAAAP,CAAAA,CAAI,IAAA,CACH,oFACD,CAAA,CACY,CAAA,CAAA,iBAAA,CAAkB,cAAA,EAAe,CAG9C,GAAI,CACH,IAAMQ,CAAAA,CAAWD,EAAI,QAAA,CAAc,CAAA,CAAA,YAAA,CAAaA,CAAAA,CAAI,QAAQ,CAAA,CAAI,IAAA,CAC1DE,CAAAA,CAAe,CAAA,CAAA,YAAA,CAAaF,CAAAA,CAAI,SAAS,CAAA,CACzCG,CAAAA,CAAgB,CAAA,CAAA,YAAA,CAAaH,CAAAA,CAAI,UAAU,CAAA,CAEjD,OAAY,CAAA,CAAA,iBAAA,CAAkB,SAAA,CAAUC,CAAAA,CAAU,CACjD,CAAE,UAAA,CAAYC,CAAAA,CAAW,WAAA,CAAaC,CAAW,CAClD,CAAC,CACF,CAAA,MAASC,CAAAA,CAAO,CACf,GAAIN,CAAAA,EAAa,CAChB,MAAM,IAAI,KAAA,CACT,CAAA,kIAAA,EAC8DM,CAAK,CAAA,CACpE,CAAA,CAED,OAAAX,CAAAA,CAAI,IAAA,CACH,CAAA,mFAAA,EAAsFW,CAAK,CAAA,CAC5F,CAAA,CACY,CAAA,CAAA,iBAAA,CAAkB,cAAA,EAC/B,CACD,CAMO,SAASC,CAAAA,CACfL,CAAAA,CAC0B,CAC1B,GAAI,CAACA,CAAAA,EAAK,QAAA,CACT,OAAAP,CAAAA,CAAI,IAAA,CACH,yFACD,CAAA,CACY,CAAA,CAAA,WAAA,CAAY,cAAA,EAAe,CAGxC,GAAI,CACH,IAAMQ,CAAAA,CAAc,CAAA,CAAA,YAAA,CAAaD,CAAAA,CAAI,QAAQ,CAAA,CACvCE,CAAAA,CAAYF,CAAAA,CAAI,SAAA,CAChB,CAAA,CAAA,YAAA,CAAaA,CAAAA,CAAI,SAAS,CAAA,CAC7B,KAAA,CAAA,CACGG,CAAAA,CAAaH,CAAAA,CAAI,UAAA,CACjB,CAAA,CAAA,YAAA,CAAaA,CAAAA,CAAI,UAAU,CAAA,CAC9B,KAAA,CAAA,CAEH,OAAY,CAAA,CAAA,WAAA,CAAY,SAAA,CAAUC,CAAAA,CAAUE,CAAAA,CAAYD,CAAS,CAClE,CAAA,MAASE,CAAAA,CAAO,CACf,GAAIN,CAAAA,EAAa,CAChB,MAAM,IAAI,KAAA,CACT,CAAA,mIAAA,EAC8DM,CAAK,CAAA,CACpE,CAAA,CAED,OAAAX,CAAAA,CAAI,IAAA,CACH,CAAA,oFAAA,EAAuFW,CAAK,CAAA,CAC7F,CAAA,CACY,CAAA,CAAA,WAAA,CAAY,cAAA,EACzB,CACD","file":"chunk-V5MKJT6S.js","sourcesContent":["import path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport * as grpc from \"@grpc/grpc-js\";\nimport * as protoLoader from \"@grpc/proto-loader\";\n\nconst __filename = fileURLToPath(import.meta.url);\nconst __dirname = path.dirname(__filename);\n\nimport * as fs from \"node:fs\";\nimport { log } from \"../utils/logger.js\";\n\n// Selection logic: support both flat dist/ and original src/ structure\nconst PROD_PATHS = [\n\tpath.resolve(__dirname, \"./protocol/liop_core.proto\"), // Flat dist/ (tsup)\n\tpath.resolve(__dirname, \"../protocol/liop_core.proto\"), // dist/rpc/ (tsc)\n];\n\nconst DEV_PROTO_PATH = path.resolve(\n\t__dirname,\n\t\"../../../../protocol/proto/liop_core.proto\",\n);\n\n// Selection logic\nconst PROTO_PATH = PROD_PATHS.find((p) => fs.existsSync(p)) || DEV_PROTO_PATH;\n\nif (!fs.existsSync(PROTO_PATH)) {\n\tlog.error(`[LIOP-Proto] CRITICAL: Proto file not found at ${PROTO_PATH}`);\n}\n\n/**\n * LIOP Proto Loader\n * Loads the core gRPC definitions for the Logic-Injection-on-Origin Protocol.\n */\nconst packageDefinition = protoLoader.loadSync(PROTO_PATH, {\n\tkeepCase: true,\n\tlongs: String,\n\tenums: String,\n\tdefaults: true,\n\toneofs: true,\n});\n\n// biome-ignore lint/suspicious/noExplicitAny: gRPC dynamic loading requires any for the service definition map\nexport const liopProto = grpc.loadPackageDefinition(packageDefinition) as any;\nexport const liopV1 = liopProto.liop.v1;\n","/**\n * LIOP TLS Configuration\n *\n * Provides conditional TLS credential factories for gRPC connections.\n * When TLS options are provided, connections are secured with mutual TLS.\n * Otherwise, falls back to insecure credentials (alpha/development mode).\n *\n * Production Hardening (Phase 128):\n * - When NODE_ENV=production and TLS is configured but certificate loading\n *   fails, the system throws a fatal error instead of silently degrading\n *   to insecure credentials. This prevents MITM/eavesdropping attacks\n *   caused by misconfigured certificate paths going unnoticed.\n * - Reference: gRPC-node official docs — \"Using insecure credentials in\n *   production poses significant security risks including eavesdropping,\n *   MITM attacks, and lack of authentication.\"\n */\n\nimport * as fs from \"node:fs\";\nimport * as grpc from \"@grpc/grpc-js\";\nimport { log } from \"../utils/logger.js\";\n\nexport interface LiopTlsOptions {\n\t/** Path to the root CA certificate (PEM format) */\n\trootCert?: string;\n\t/** Path to the server/client certificate (PEM format) */\n\tcertChain?: string;\n\t/** Path to the private key (PEM format) */\n\tprivateKey?: string;\n}\n\nconst isProduction = () => process.env.NODE_ENV === \"production\";\n\n/**\n * Creates gRPC server credentials from TLS options.\n * In production, refuses to fall back to insecure if TLS loading fails.\n */\nexport function createServerCredentials(\n\ttls?: LiopTlsOptions,\n): grpc.ServerCredentials {\n\tif (!tls?.certChain || !tls?.privateKey) {\n\t\tlog.warn(\n\t\t\t\"[LIOP-TLS] No TLS certificates configured — using insecure server credentials\",\n\t\t);\n\t\treturn grpc.ServerCredentials.createInsecure();\n\t}\n\n\ttry {\n\t\tconst rootCert = tls.rootCert ? fs.readFileSync(tls.rootCert) : null;\n\t\tconst certChain = fs.readFileSync(tls.certChain);\n\t\tconst privateKey = fs.readFileSync(tls.privateKey);\n\n\t\treturn grpc.ServerCredentials.createSsl(rootCert, [\n\t\t\t{ cert_chain: certChain, private_key: privateKey },\n\t\t]);\n\t} catch (error) {\n\t\tif (isProduction()) {\n\t\t\tthrow new Error(\n\t\t\t\t`[LIOP-TLS] FATAL: Server certificate loading failed in production mode. ` +\n\t\t\t\t\t`Refusing insecure fallback to prevent MITM/eavesdropping: ${error}`,\n\t\t\t);\n\t\t}\n\t\tlog.warn(\n\t\t\t`[LIOP-TLS] Server certificate loading failed, falling back to insecure (dev mode): ${error}`,\n\t\t);\n\t\treturn grpc.ServerCredentials.createInsecure();\n\t}\n}\n\n/**\n * Creates gRPC channel credentials from TLS options.\n * In production, refuses to fall back to insecure if TLS loading fails.\n */\nexport function createChannelCredentials(\n\ttls?: LiopTlsOptions,\n): grpc.ChannelCredentials {\n\tif (!tls?.rootCert) {\n\t\tlog.warn(\n\t\t\t\"[LIOP-TLS] No TLS root certificate configured — using insecure channel credentials\",\n\t\t);\n\t\treturn grpc.credentials.createInsecure();\n\t}\n\n\ttry {\n\t\tconst rootCert = fs.readFileSync(tls.rootCert);\n\t\tconst certChain = tls.certChain\n\t\t\t? fs.readFileSync(tls.certChain)\n\t\t\t: undefined;\n\t\tconst privateKey = tls.privateKey\n\t\t\t? fs.readFileSync(tls.privateKey)\n\t\t\t: undefined;\n\n\t\treturn grpc.credentials.createSsl(rootCert, privateKey, certChain);\n\t} catch (error) {\n\t\tif (isProduction()) {\n\t\t\tthrow new Error(\n\t\t\t\t`[LIOP-TLS] FATAL: Channel certificate loading failed in production mode. ` +\n\t\t\t\t\t`Refusing insecure fallback to prevent MITM/eavesdropping: ${error}`,\n\t\t\t);\n\t\t}\n\t\tlog.warn(\n\t\t\t`[LIOP-TLS] Channel certificate loading failed, falling back to insecure (dev mode): ${error}`,\n\t\t);\n\t\treturn grpc.credentials.createInsecure();\n\t}\n}\n"]}

package/dist/kyber-NONMBQNH.js

@@ -1,2 +0,0 @@
-export{a as Kyber768Wrapper}from'./chunk-DBXGYHKY.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=kyber-NONMBQNH.js.map
-//# sourceMappingURL=kyber-NONMBQNH.js.map

package/dist/verifier-XU2DB56Z.js

@@ -1,2 +0,0 @@
-export{a as LiopVerifier}from'./chunk-PWCXZWSE.js';import'./chunk-ANFXJGMP.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=verifier-XU2DB56Z.js.map
-//# sourceMappingURL=verifier-XU2DB56Z.js.map