@nekzus/liop 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. package/README.md +12 -0
  2. package/dist/bin/agent.js +301 -4
  3. package/dist/bin/agent.js.map +1 -1
  4. package/dist/bridge.d.ts +2 -2
  5. package/dist/bridge.js +3 -1
  6. package/dist/chunk-2JLG4DET.js +3354 -0
  7. package/dist/chunk-2JLG4DET.js.map +1 -0
  8. package/dist/chunk-32ADSAJS.js +104 -0
  9. package/dist/chunk-32ADSAJS.js.map +1 -0
  10. package/dist/chunk-72MNYFR6.js +64 -0
  11. package/dist/chunk-72MNYFR6.js.map +1 -0
  12. package/dist/chunk-CT6NHSYP.js +30 -0
  13. package/dist/chunk-CT6NHSYP.js.map +1 -0
  14. package/dist/chunk-E5QBDD5E.js +469 -0
  15. package/dist/chunk-E5QBDD5E.js.map +1 -0
  16. package/dist/chunk-HB5DXX3Q.js +1976 -0
  17. package/dist/chunk-HB5DXX3Q.js.map +1 -0
  18. package/dist/chunk-IJHTRIZC.js +56 -0
  19. package/dist/chunk-IJHTRIZC.js.map +1 -0
  20. package/dist/chunk-J3WPBMJ5.js +332 -0
  21. package/dist/chunk-J3WPBMJ5.js.map +1 -0
  22. package/dist/chunk-NJRSFFD7.js +815 -0
  23. package/dist/chunk-NJRSFFD7.js.map +1 -0
  24. package/dist/chunk-OUUTDSOW.js +24 -0
  25. package/dist/chunk-OUUTDSOW.js.map +1 -0
  26. package/dist/chunk-PHTWUTY7.js +300 -0
  27. package/dist/chunk-PHTWUTY7.js.map +1 -0
  28. package/dist/chunk-QLCOEP5J.js +68 -0
  29. package/dist/chunk-QLCOEP5J.js.map +1 -0
  30. package/dist/chunk-RDWCGZ2A.js +87 -0
  31. package/dist/chunk-RDWCGZ2A.js.map +1 -0
  32. package/dist/chunk-RWRRBYG4.js +1 -0
  33. package/dist/chunk-UVO7DII3.js +463 -0
  34. package/dist/chunk-UVO7DII3.js.map +1 -0
  35. package/dist/client.d.ts +2 -2
  36. package/dist/client.js +8 -1
  37. package/dist/gateway.d.ts +2 -2
  38. package/dist/gateway.js +9 -1
  39. package/dist/{index-DO97j6hP.d.ts → index-BlGc0iym.d.ts} +10 -1
  40. package/dist/{index-Brfvxmdt.d.ts → index-qM8ZH8sC.d.ts} +1 -1
  41. package/dist/index.d.ts +5 -5
  42. package/dist/index.js +58 -4
  43. package/dist/index.js.map +1 -1
  44. package/dist/kyber-3ULIJSE3.js +3 -0
  45. package/dist/{kyber-NONMBQNH.js.map → kyber-3ULIJSE3.js.map} +1 -1
  46. package/dist/mesh.js +4 -1
  47. package/dist/server.d.ts +2 -2
  48. package/dist/server.js +6 -1
  49. package/dist/{types-DzEXgi4s.d.ts → types-sKeUxuky.d.ts} +4 -46
  50. package/dist/types.d.ts +1 -1
  51. package/dist/types.js +2 -1
  52. package/dist/verifier-3FAKCFNN.js +5 -0
  53. package/dist/{verifier-XU2DB56Z.js.map → verifier-3FAKCFNN.js.map} +1 -1
  54. package/dist/workers/logic-execution.js +255 -1
  55. package/dist/workers/logic-execution.js.map +1 -1
  56. package/dist/workers/zk-verifier.js +173 -1
  57. package/dist/workers/zk-verifier.js.map +1 -1
  58. package/package.json +74 -45
  59. package/dist/chunk-2MGFSIXN.js +0 -2
  60. package/dist/chunk-2MGFSIXN.js.map +0 -1
  61. package/dist/chunk-4C666HHU.js +0 -2
  62. package/dist/chunk-4C666HHU.js.map +0 -1
  63. package/dist/chunk-ANFXJGMP.js +0 -2
  64. package/dist/chunk-ANFXJGMP.js.map +0 -1
  65. package/dist/chunk-DBXGYHKY.js +0 -2
  66. package/dist/chunk-DBXGYHKY.js.map +0 -1
  67. package/dist/chunk-DQ6UW6L7.js +0 -2
  68. package/dist/chunk-DQ6UW6L7.js.map +0 -1
  69. package/dist/chunk-GI2LSJYZ.js +0 -13
  70. package/dist/chunk-GI2LSJYZ.js.map +0 -1
  71. package/dist/chunk-GJUZGKZW.js +0 -3
  72. package/dist/chunk-GJUZGKZW.js.map +0 -1
  73. package/dist/chunk-I46YEWND.js +0 -33
  74. package/dist/chunk-I46YEWND.js.map +0 -1
  75. package/dist/chunk-PWCXZWSE.js +0 -2
  76. package/dist/chunk-PWCXZWSE.js.map +0 -1
  77. package/dist/chunk-RYYRR4N5.js +0 -31
  78. package/dist/chunk-RYYRR4N5.js.map +0 -1
  79. package/dist/chunk-S6RJHZV2.js +0 -2
  80. package/dist/chunk-S6RJHZV2.js.map +0 -1
  81. package/dist/chunk-SB5XJXKV.js +0 -2
  82. package/dist/chunk-SB5XJXKV.js.map +0 -1
  83. package/dist/chunk-T3L6OCM3.js +0 -3
  84. package/dist/chunk-T3L6OCM3.js.map +0 -1
  85. package/dist/chunk-TYVG6TXQ.js +0 -2
  86. package/dist/chunk-TYVG6TXQ.js.map +0 -1
  87. package/dist/chunk-UCCGDGHE.js +0 -54
  88. package/dist/chunk-UCCGDGHE.js.map +0 -1
  89. package/dist/chunk-V5MKJT6S.js +0 -2
  90. package/dist/chunk-V5MKJT6S.js.map +0 -1
  91. package/dist/kyber-NONMBQNH.js +0 -2
  92. package/dist/verifier-XU2DB56Z.js +0 -2
package/dist/chunk-T3L6OCM3.js DELETED
@@ -1,3 +0,0 @@
1
- import {a as a$1}from'./chunk-PWCXZWSE.js';import {a as a$4}from'./chunk-DBXGYHKY.js';import {c,a}from'./chunk-V5MKJT6S.js';import {a as a$3}from'./chunk-DQ6UW6L7.js';import {a as a$2}from'./chunk-S6RJHZV2.js';import*as L from'@grpc/grpc-js';import {createDecipheriv,randomBytes,createCipheriv}from'crypto';var v=class{client;token;constructor(e,o,t){let i=c(o);this.client=new a.LogicMesh(e,i),this.token=t;}async negotiateIntent(e){return new Promise((o,t)=>{let i=new L.Metadata;this.token&&i.add("authorization",`Bearer ${this.token}`),this.client.NegotiateIntent(e,i,(n,s)=>{n?t(n):o(s);});})}executeLogic(e){let o=new L.Metadata;return this.token&&o.add("authorization",`Bearer ${this.token}`),this.client.ExecuteLogic(e,o)}close(){this.client.close();}};var M={encryptPayload(u,e){if(e.length!==32)throw new Error("Symmetric Key must be exactly 32 bytes (256 bits).");let o=randomBytes(12),t=createCipheriv("aes-256-gcm",e,o),i=Buffer.concat([t.update(u),t.final()]),n=t.getAuthTag();return {ciphertext:Buffer.concat([i,n]),nonce:o}},decryptPayload(u,e,o){if(u.length<16)throw new Error("Invalid GCM Ciphertext; missing authentication tag length");let t=u.subarray(0,-16),i=u.subarray(-16),n=createDecipheriv("aes-256-gcm",o,e);return n.setAuthTag(i),Buffer.concat([n.update(t),n.final()])}};var x=class{meshNode=null;rpcClients=new Map;manifests=new Map;tlsOptions;serverInfo;verifier=new a$1;oauthToken;constructor(e){this.tlsOptions=e;}async acquireM2MToken(e){let t=`${e.nexusUrl.endsWith("/oidc")?e.nexusUrl:`${e.nexusUrl}/oidc`}/token`;a$2.info(`[LiopClient] Requesting M2M Token from Nexus AS: ${t}`);let i=new URLSearchParams({grant_type:"client_credentials",scope:e.scope||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query",resource:e.audience,client_id:e.clientId,client_secret:e.clientSecret}),n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i.toString()});if(!n.ok){let c=await n.text();throw new Error(`OAuth token request failed with status ${n.status}: ${c}`)}let s=await n.json();if(!s.access_token)throw new Error("OAuth token response did not contain an access_token.");return a$2.info("[LiopClient] M2M Token acquired successfully."),s.access_token}async connect(e,o){let t=o?.auth?.clientId||process.env.LIOP_OAUTH_CLIENT_ID||process.env.LIOP_CLIENT_ID,i=o?.auth?.clientSecret||process.env.LIOP_OAUTH_CLIENT_SECRET||process.env.LIOP_CLIENT_SECRET,n=o?.auth?.nexusUrl||process.env.LIOP_NEXUS_URL||"http://localhost:3000",s=o?.auth?.audience||process.env.LIOP_OAUTH_AUDIENCE||"urn:liop:mesh:api",c=o?.auth?.scope||process.env.LIOP_OAUTH_SCOPE||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query";if(this.oauthToken=o?.auth?.token||process.env.LIOP_OAUTH_TOKEN||process.env.LIOP_TOKEN,t&&i)try{this.oauthToken=await this.acquireM2MToken({clientId:t,clientSecret:i,nexusUrl:n,audience:s,scope:c});}catch(a){a$2.error(`[LiopClient] Failed to acquire OAuth M2M Token: ${a instanceof Error?a.message:String(a)}`);}this.meshNode=new a$3(o?.meshConfig),await this.meshNode.start(),a$2.info(`[LiopClient] Mesh Node synchronized. PeerID: ${this.meshNode.getPeerId()}`),e?(this.rpcClients.set("static",new v(e,this.tlsOptions,this.oauthToken)),this.serverInfo={name:`LiopServer (${e})`,version:"1.0.0"},a$2.info(`[LiopClient] Static gRPC configured for: ${e}`)):this.serverInfo={name:"LiopServer (Mesh Alpha)",version:"1.0.0"};}async resolveCapability(e){if(!this.meshNode)throw new Error("Client must be connected to Mesh to resolve capabilities.");a$2.info(`[LiopClient] Querying Mesh DHT for Provider: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`Kademlia DHT found zero providers for capability: ${e}`);let t=o[0];a$2.info(`[LiopClient] Identified Alpha Provider PeerID: ${t}`);let i=50051,n=await this.meshNode.queryManifest(t);n&&(i=n.grpcPort,a$2.info(`[LiopClient] Manifest resolved: gRPC port ${i}`));let s=await this.meshNode.resolvePeer(t);for(let c of s){let a=c.split("/");if(a[1]==="ip4"){let p=`${a[2]}:${i}`;return a$2.info(`[LiopClient] Translated Multiaddr to gRPC Target: ${p}`),p}}return `127.0.0.1:${i}`}async discoverTools(){if(!this.meshNode)throw new Error("Client must be connected before discovering tools.");a$2.info("[LiopClient] Discovery started...");let e=await this.meshNode.discoverManifestProviders(),o=[],t=new Set;for(let i of e)try{a$2.info(`[LiopClient] Querying manifest from: ${i}`);let n=await this.meshNode.queryManifest(i);if(n){this.manifests.set(i,n);for(let s of n.tools)t.has(s.name)||(o.push({name:s.name,description:s.description}),t.add(s.name));}}catch(n){a$2.info(`[LiopClient] Error querying manifest from ${i}:`,n instanceof Error?n.message:String(n));}return a$2.info(`[LiopClient] Discovery finished. Found ${o.length} unique tools.`),o}async callTool(e,o){if(!this.meshNode)throw new Error("Client must be connected before calling tools.");let t=e.name;a$2.info(`[LiopClient] Resolving Tool: ${t}`);let i=this.rpcClients.get("static");if(i)a$2.info(`[LiopClient] Using existing static gRPC connection for ${t}.`);else {let y=await this.resolveCapability(t);i=this.getOrCreateRpcClient(t,y);}a$2.info(`[LiopClient] Negotiating intent for ${t}...`);let n=this.meshNode?`did:liop:${this.meshNode.getPeerId()}`:"did:liop:ephemeral",s=Buffer.from(`${t}:${Date.now()}`),c=this.meshNode?await this.meshNode.sign(s):s,a=await i.negotiateIntent({agent_did:n,capability_hash:t,proof_of_intent:c});if(!a.accepted)throw new Error(`Intent denied by host: ${a.error_message}`);let p=a.kyber_public_key||a.kyberPublicKey,f=a.session_token||a.sessionToken;if(!p)throw a$2.info("[LiopClient] Critical Error: Kyber Public Key not found in IntentResponse.",a),new Error("Handshake failed: Remote host did not provide a valid Kyber Public Key.");a$2.info(`[LiopClient] Encapsulating Post-Quantum Shared Secret for ${e.name}...`);let{ciphertext:C,sharedSecret:g}=await a$4.encapsulateAsymmetric(p);a$2.info("[LiopClient] Sealing WASM Payload and Inputs...");let T=o||Buffer.from(""),{ciphertext:A,nonce:S}=M.encryptPayload(T,g),_={},I=await import('crypto');for(let[y,h]of Object.entries(e.arguments||{})){let m=I.randomBytes(12),d=I.createCipheriv("aes-256-gcm",g,m),w=Buffer.concat([d.update(JSON.stringify(h)),d.final()]),l=d.getAuthTag();_[y]=Buffer.concat([m,w,l]);}let U={session_token:f,wasm_binary:A,inputs:_,pqc_ciphertext:C,aes_nonce:S};return new Promise((y,h)=>{let m=i.executeLogic(U);if(!m){h(new Error("RPC Client unavailable or failed to create stream."));return}let d=false,w=false;m.on("data",async l=>{if(!d){w=true,a$2.info("[LiopClient] Logic Executed. Verification in progress...");try{if(!l.is_error&&!await this.verifier.verifyZkReceipt(T,Buffer.from(l.cryptographic_proof).toString("hex"),Buffer.from(l.zk_receipt),Buffer.from(g),l.semantic_evidence)){h(new Error("PROTOCOL INTEGRITY VIOLATION: ZK-Receipt verification failed."));return}d=!0,y({content:[{type:"text",text:l.semantic_evidence}],isError:l.is_error});}catch(P){h(P);}}}),m.on("error",l=>{d||(a$2.error("[LiopClient] Stream Error:",l),h(l));}),m.on("end",()=>{!w&&!d&&h(new Error("Logic-on-Origin stream closed without results."));});})}getOrCreateRpcClient(e,o){let t=this.rpcClients.get(e);if(!t){let i=this.oauthToken,n=this.manifests.get(e),s=e;if(!n){for(let[f,C]of this.manifests.entries())if(C.tools.some(g=>g.name===e)){n=C,s=f;break}}let c=n?.serverInfo?.name?.toLowerCase()||"",a,p=n?.tokenSlug;if(p&&(a=process.env[`LIOP_TOKEN_${p}`]||process.env[`LIOP_OAUTH_TOKEN_${p}`]),!a&&s){let f=s.slice(-8).toUpperCase();a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}if(!a&&c){let f=c.toUpperCase().replace(/[^A-Z0-9_]/g,"_");a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}a&&(a$2.info(`[LiopClient] Resolved node-specific token for peer ${s.slice(-8)} (${c||"unknown"})`),i=a),t=new v(o,this.tlsOptions,i),this.rpcClients.set(e,t);}return t}async readResource(e){if(!this.meshNode)throw new Error("Client must be connected before reading resources.");a$2.info(`[LiopClient] Querying Mesh for Resource: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`No mesh providers found for resource: ${e}`);let t=await this.meshNode.queryManifest(o[0]);if(!t)throw new Error("Target peer did not return a valid LIOP Manifest.");let i=t.resources?.find(n=>n.uri===e);if(!i)throw new Error(`Resource ${e} not listed in remote manifest.`);return {contents:[{uri:e,mimeType:i.mimeType||"application/json",text:JSON.stringify(i,null,2)}]}}getServerInfo(){return this.serverInfo}async close(){this.meshNode&&await this.meshNode.stop();}};
2
- export{v as a,x as b};//# sourceMappingURL=chunk-T3L6OCM3.js.map
3
- //# sourceMappingURL=chunk-T3L6OCM3.js.map
package/dist/chunk-T3L6OCM3.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/rpc/client.ts","../src/rpc/crypto/aes.ts","../src/client/index.ts"],"names":["LiopRpcClient","address","tls","token","credentials","createChannelCredentials","liopV1","request","resolve","reject","metadata","error","response","AesGcmWrapper","payload","sharedSecret","nonce","randomBytes","cipher","createCipheriv","encrypted","authTag","ciphertextBuffer","encryptedData","decipher","createDecipheriv","LiopClient","LiopVerifier","authOpts","tokenUrl","log","params","text","data","options","clientId","clientSecret","nexusUrl","audience","scope","err","MeshNode","toolName","providers","providerId","grpcPort","manifest","addrs","maddr","parts","grpcHost","providerIds","tools","seenNames","peerId","tool","_wasmPayload","rpcClient","dynamicAddress","agentDid","intentPayload","proofOfIntent","intentResponse","publicKey","sessionToken","kyberCiphertext","Kyber768Wrapper","_safePayload","encryptedWasm","aesNonce","encryptedInputs","crypto","key","value","inputNonce","logicRequest","stream","resultFulfilled","hasReceivedData","client","nodeToken","realPeerId","pId","m","t","providerName","envToken","slug","shortId","cleanName","uri","resourceDef","r"],"mappings":"mTAcO,IAAMA,EAAN,KAAoB,CAElB,OACA,KAAA,CAER,WAAA,CAAYC,CAAAA,CAAiBC,CAAAA,CAAsBC,EAAgB,CAClE,IAAMC,EAAcC,CAAAA,CAAyBH,CAAG,EAChD,IAAA,CAAK,MAAA,CAAS,IAAII,CAAAA,CAAO,UAAUL,CAAAA,CAASG,CAAW,EACvD,IAAA,CAAK,KAAA,CAAQD,EACd,CAMA,MAAa,gBACZI,CAAAA,CAC0B,CAC1B,OAAO,IAAI,OAAA,CAAQ,CAACC,CAAAA,CAASC,CAAAA,GAAW,CACvC,IAAMC,CAAAA,CAAW,IAAS,CAAA,CAAA,QAAA,CACtB,KAAK,KAAA,EACRA,CAAAA,CAAS,IAAI,eAAA,CAAiB,CAAA,OAAA,EAAU,KAAK,KAAK,CAAA,CAAE,CAAA,CAErD,IAAA,CAAK,OAAO,eAAA,CACXH,CAAAA,CACAG,EACA,CAACC,CAAAA,CAAiCC,IAA6B,CAC1DD,CAAAA,CACHF,CAAAA,CAAOE,CAAK,EAEZH,CAAAA,CAAQI,CAAQ,EAElB,CACD,EACD,CAAC,CACF,CAMO,aACNL,CAAAA,CAC2C,CAC3C,IAAMG,CAAAA,CAAW,IAAS,WAC1B,OAAI,IAAA,CAAK,OACRA,CAAAA,CAAS,GAAA,CAAI,eAAA,CAAiB,CAAA,OAAA,EAAU,KAAK,KAAK,CAAA,CAAE,EAE9C,IAAA,CAAK,MAAA,CAAO,aAAaH,CAAAA,CAASG,CAAQ,CAClD,CAEO,OAAc,CACpB,IAAA,CAAK,OAAO,KAAA,GACb,CACD,EC7DO,IAAMG,EAAgB,CAQ5B,cAAA,CACCC,EACAC,CAAAA,CAIC,CACD,GAAIA,CAAAA,CAAa,MAAA,GAAW,GAC3B,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAIrE,IAAMC,CAAAA,CAAQC,YAAY,EAAE,CAAA,CAEtBC,EAASC,cAAAA,CAAe,aAAA,CAAeJ,EAAcC,CAAK,CAAA,CAG1DI,EAAY,MAAA,CAAO,MAAA,CAAO,CAACF,CAAAA,CAAO,MAAA,CAAOJ,CAAO,CAAA,CAAGI,CAAAA,CAAO,OAAO,CAAC,CAAA,CAClEG,CAAAA,CAAUH,EAAO,UAAA,EAAW,CAMlC,OAAO,CACN,UAAA,CAHuB,OAAO,MAAA,CAAO,CAACE,EAAWC,CAAO,CAAC,EAIzD,KAAA,CAAOL,CACR,CACD,CAAA,CAKA,cAAA,CACCM,EACAN,CAAAA,CACAD,CAAAA,CACS,CACT,GAAIO,EAAiB,MAAA,CAAS,EAAA,CAC7B,MAAM,IAAI,KAAA,CACT,2DACD,CAAA,CAID,IAAMC,CAAAA,CAAgBD,CAAAA,CAAiB,SAAS,CAAA,CAAG,GAAG,EAChDD,CAAAA,CAAUC,CAAAA,CAAiB,SAAS,GAAG,CAAA,CAEvCE,CAAAA,CAAWC,gBAAAA,CAAiB,cAAeV,CAAAA,CAAcC,CAAK,EACpE,OAAAQ,CAAAA,CAAS,WAAWH,CAAO,CAAA,CAEpB,OAAO,MAAA,CAAO,CAACG,EAAS,MAAA,CAAOD,CAAa,EAAGC,CAAAA,CAAS,KAAA,EAAO,CAAC,CACxE,CACD,CAAA,KClDaE,CAAAA,CAAN,KAAiB,CACf,QAAA,CAA4B,IAAA,CAC5B,WAAyC,IAAI,GAAA,CAC7C,SAAA,CAAuC,IAAI,IAC3C,UAAA,CACA,UAAA,CACD,SAAyB,IAAIC,GAAAA,CAC5B,WAER,WAAA,CAAYzB,CAAAA,CAAsB,CACjC,IAAA,CAAK,WAAaA,EACnB,CAKA,MAAc,eAAA,CAAgB0B,CAAAA,CAMV,CAInB,IAAMC,CAAAA,CAAW,GAHDD,CAAAA,CAAS,QAAA,CAAS,SAAS,OAAO,CAAA,CAC/CA,EAAS,QAAA,CACT,CAAA,EAAGA,EAAS,QAAQ,CAAA,KAAA,CACI,CAAA,MAAA,CAAA,CAC3BE,GAAAA,CAAI,KAAK,CAAA,iDAAA,EAAoDD,CAAQ,EAAE,CAAA,CAEvE,IAAME,EAAS,IAAI,eAAA,CAAgB,CAClC,UAAA,CAAY,qBACZ,KAAA,CACCH,CAAAA,CAAS,OACT,sFAAA,CACD,QAAA,CAAUA,EAAS,QAAA,CACnB,SAAA,CAAWA,CAAAA,CAAS,QAAA,CACpB,cAAeA,CAAAA,CAAS,YACzB,CAAC,CAAA,CAEKhB,CAAAA,CAAW,MAAM,KAAA,CAAMiB,CAAAA,CAAU,CACtC,MAAA,CAAQ,MAAA,CACR,QAAS,CACR,cAAA,CAAgB,mCACjB,CAAA,CACA,IAAA,CAAME,EAAO,QAAA,EACd,CAAC,CAAA,CAED,GAAI,CAACnB,CAAAA,CAAS,GAAI,CACjB,IAAMoB,EAAO,MAAMpB,CAAAA,CAAS,MAAK,CACjC,MAAM,IAAI,KAAA,CACT,CAAA,uCAAA,EAA0CA,EAAS,MAAM,CAAA,EAAA,EAAKoB,CAAI,CAAA,CACnE,CACD,CAEA,IAAMC,EAAQ,MAAMrB,CAAAA,CAAS,MAAK,CAIlC,GAAI,CAACqB,CAAAA,CAAK,YAAA,CACT,MAAM,IAAI,KAAA,CAAM,uDAAuD,CAAA,CAGxE,OAAAH,IAAI,IAAA,CAAK,+CAA+C,EACjDG,CAAAA,CAAK,YACb,CAMA,MAAa,QACZhC,CAAAA,CACAiC,CAAAA,CAWgB,CAEhB,IAAMC,CAAAA,CACLD,GAAS,IAAA,EAAM,QAAA,EACf,OAAA,CAAQ,GAAA,CAAI,sBACZ,OAAA,CAAQ,GAAA,CAAI,eACPE,CAAAA,CACLF,CAAAA,EAAS,MAAM,YAAA,EACf,OAAA,CAAQ,GAAA,CAAI,wBAAA,EACZ,QAAQ,GAAA,CAAI,kBAAA,CACPG,EACLH,CAAAA,EAAS,IAAA,EAAM,UACf,OAAA,CAAQ,GAAA,CAAI,gBACZ,uBAAA,CACKI,CAAAA,CACLJ,GAAS,IAAA,EAAM,QAAA,EACf,QAAQ,GAAA,CAAI,mBAAA,EACZ,oBACKK,CAAAA,CACLL,CAAAA,EAAS,IAAA,EAAM,KAAA,EACf,QAAQ,GAAA,CAAI,gBAAA,EACZ,uFAOD,GALA,IAAA,CAAK,WACJA,CAAAA,EAAS,IAAA,EAAM,KAAA,EACf,OAAA,CAAQ,IAAI,gBAAA,EACZ,OAAA,CAAQ,IAAI,UAAA,CAETC,CAAAA,EAAYC,EACf,GAAI,CACH,IAAA,CAAK,UAAA,CAAa,MAAM,IAAA,CAAK,eAAA,CAAgB,CAC5C,QAAA,CAAAD,CAAAA,CACA,aAAAC,CAAAA,CACA,QAAA,CAAAC,EACA,QAAA,CAAAC,CAAAA,CACA,MAAAC,CACD,CAAC,EACF,CAAA,MAASC,CAAAA,CAAc,CACtBV,GAAAA,CAAI,KAAA,CACH,CAAA,gDAAA,EACCU,CAAAA,YAAe,MAAQA,CAAAA,CAAI,OAAA,CAAU,OAAOA,CAAG,CAChD,EACD,EAED,CAGD,IAAA,CAAK,QAAA,CAAW,IAAIC,GAAAA,CAASP,CAAAA,EAAS,UAAU,CAAA,CAChD,MAAM,KAAK,QAAA,CAAS,KAAA,EAAM,CAC1BJ,GAAAA,CAAI,KACH,CAAA,6CAAA,EAAgD,IAAA,CAAK,SAAS,SAAA,EAAW,EAC1E,CAAA,CAEI7B,CAAAA,EACH,KAAK,UAAA,CAAW,GAAA,CACf,SACA,IAAID,CAAAA,CAAcC,EAAS,IAAA,CAAK,UAAA,CAAY,KAAK,UAAU,CAC5D,CAAA,CACA,IAAA,CAAK,WAAa,CAAE,IAAA,CAAM,eAAeA,CAAO,CAAA,CAAA,CAAA,CAAK,QAAS,OAAQ,CAAA,CACtE6B,IAAI,IAAA,CAAK,CAAA,yCAAA,EAA4C7B,CAAO,CAAA,CAAE,CAAA,EAE9D,KAAK,UAAA,CAAa,CAAE,KAAM,yBAAA,CAA2B,OAAA,CAAS,OAAQ,EAExE,CAMA,MAAa,iBAAA,CAAkByC,EAAmC,CACjE,GAAI,CAAC,IAAA,CAAK,QAAA,CACT,MAAM,IAAI,KAAA,CACT,2DACD,CAAA,CAEDZ,GAAAA,CAAI,KAAK,CAAA,6CAAA,EAAgDY,CAAQ,KAAK,CAAA,CACtE,IAAMC,CAAAA,CAAY,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcD,CAAQ,CAAA,CAE5D,GAAIC,EAAU,MAAA,GAAW,CAAA,CACxB,MAAM,IAAI,MACT,CAAA,kDAAA,EAAqDD,CAAQ,EAC9D,CAAA,CAGD,IAAME,EAAaD,CAAAA,CAAU,CAAC,CAAA,CAC9Bb,GAAAA,CAAI,KAAK,CAAA,+CAAA,EAAkDc,CAAU,EAAE,CAAA,CAEvE,IAAIC,EAAW,KAAA,CACTC,CAAAA,CAAW,MAAM,IAAA,CAAK,QAAA,CAAS,cAAcF,CAAU,CAAA,CACzDE,IACHD,CAAAA,CAAWC,CAAAA,CAAS,SACpBhB,GAAAA,CAAI,IAAA,CAAK,CAAA,0CAAA,EAA6Ce,CAAQ,EAAE,CAAA,CAAA,CAGjE,IAAME,EAAQ,MAAM,IAAA,CAAK,SAAS,WAAA,CAAYH,CAAU,CAAA,CACxD,IAAA,IAAWI,KAASD,CAAAA,CAAO,CAC1B,IAAME,CAAAA,CAAQD,CAAAA,CAAM,MAAM,GAAG,CAAA,CAC7B,GAAIC,CAAAA,CAAM,CAAC,CAAA,GAAM,KAAA,CAAO,CACvB,IAAMC,CAAAA,CAAW,GAAGD,CAAAA,CAAM,CAAC,CAAC,CAAA,CAAA,EAAIJ,CAAQ,GACxC,OAAAf,GAAAA,CAAI,KACH,CAAA,kDAAA,EAAqDoB,CAAQ,EAC9D,CAAA,CACOA,CACR,CACD,CAEA,OAAO,CAAA,UAAA,EAAaL,CAAQ,EAC7B,CAKA,MAAa,eAEX,CACD,GAAI,CAAC,IAAA,CAAK,SACT,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAGrEf,IAAI,IAAA,CAAK,mCAAmC,CAAA,CAC5C,IAAMqB,EAAc,MAAM,IAAA,CAAK,SAAS,yBAAA,EAA0B,CAC5DC,EAAkD,EAAC,CACnDC,EAAY,IAAI,GAAA,CAEtB,QAAWC,CAAAA,IAAUH,CAAAA,CACpB,GAAI,CACHrB,GAAAA,CAAI,KAAK,CAAA,qCAAA,EAAwCwB,CAAM,CAAA,CAAE,CAAA,CACzD,IAAMR,CAAAA,CAAW,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcQ,CAAM,CAAA,CACzD,GAAIR,EAAU,CACb,IAAA,CAAK,UAAU,GAAA,CAAIQ,CAAAA,CAAQR,CAAQ,CAAA,CACnC,IAAA,IAAWS,KAAQT,CAAAA,CAAS,KAAA,CACtBO,CAAAA,CAAU,GAAA,CAAIE,EAAK,IAAI,CAAA,GAC3BH,EAAM,IAAA,CAAK,CAAE,KAAMG,CAAAA,CAAK,IAAA,CAAM,YAAaA,CAAAA,CAAK,WAAY,CAAC,CAAA,CAC7DF,CAAAA,CAAU,IAAIE,CAAAA,CAAK,IAAI,GAG1B,CACD,CAAA,MAASf,CAAAA,CAAc,CACtBV,IAAI,IAAA,CACH,CAAA,0CAAA,EAA6CwB,CAAM,CAAA,CAAA,CAAA,CACnDd,CAAAA,YAAe,MAAQA,CAAAA,CAAI,OAAA,CAAU,MAAA,CAAOA,CAAG,CAChD,EACD,CAGD,OAAAV,GAAAA,CAAI,IAAA,CACH,0CAA0CsB,CAAAA,CAAM,MAAM,CAAA,cAAA,CACvD,CAAA,CACOA,CACR,CAKA,MAAa,SACZ7C,CAAAA,CACAiD,CAAAA,CAC0B,CAC1B,GAAI,CAAC,KAAK,QAAA,CACT,MAAM,IAAI,KAAA,CAAM,gDAAgD,EAGjE,IAAMd,CAAAA,CAAWnC,EAAQ,IAAA,CACzBuB,GAAAA,CAAI,IAAA,CAAK,CAAA,6BAAA,EAAgCY,CAAQ,CAAA,CAAE,CAAA,CAGnD,IAAIe,CAAAA,CAAY,IAAA,CAAK,WAAW,GAAA,CAAI,QAAQ,CAAA,CAE5C,GAAKA,EAIJ3B,GAAAA,CAAI,IAAA,CACH,0DAA0DY,CAAQ,CAAA,CAAA,CACnE,OANe,CACf,IAAMgB,CAAAA,CAAiB,MAAM,KAAK,iBAAA,CAAkBhB,CAAQ,EAC5De,CAAAA,CAAY,IAAA,CAAK,qBAAqBf,CAAAA,CAAUgB,CAAc,EAC/D,CAMA5B,GAAAA,CAAI,KAAK,CAAA,oCAAA,EAAuCY,CAAQ,KAAK,CAAA,CAC7D,IAAMiB,EAAW,IAAA,CAAK,QAAA,CACnB,CAAA,SAAA,EAAY,IAAA,CAAK,SAAS,SAAA,EAAW,GACrC,oBAAA,CACGC,CAAAA,CAAgB,OAAO,IAAA,CAAK,CAAA,EAAGlB,CAAQ,CAAA,CAAA,EAAI,KAAK,GAAA,EAAK,EAAE,CAAA,CACvDmB,CAAAA,CAAgB,KAAK,QAAA,CACxB,MAAM,IAAA,CAAK,QAAA,CAAS,KAAKD,CAAa,CAAA,CACtCA,EAEGE,CAAAA,CAAkB,MAAML,EAAU,eAAA,CAAgB,CACvD,UAAWE,CAAAA,CACX,eAAA,CAAiBjB,EACjB,eAAA,CAAiBmB,CAClB,CAAC,CAAA,CASD,GAAI,CAACC,CAAAA,CAAe,QAAA,CACnB,MAAM,IAAI,MAAM,CAAA,uBAAA,EAA0BA,CAAAA,CAAe,aAAa,CAAA,CAAE,CAAA,CAIzE,IAAMC,CAAAA,CACLD,CAAAA,CAAe,kBAAoBA,CAAAA,CAAe,cAAA,CAC7CE,EACLF,CAAAA,CAAe,aAAA,EAAiBA,EAAe,YAAA,CAEhD,GAAI,CAACC,CAAAA,CACJ,MAAAjC,GAAAA,CAAI,IAAA,CACH,6EACAgC,CACD,CAAA,CACM,IAAI,KAAA,CACT,yEACD,EAIDhC,GAAAA,CAAI,IAAA,CACH,6DAA6DvB,CAAAA,CAAQ,IAAI,KAC1E,CAAA,CACA,GAAM,CAAE,UAAA,CAAY0D,CAAAA,CAAiB,aAAAlD,CAAa,CAAA,CACjD,MAAMmD,GAAAA,CAAgB,sBAAsBH,CAAS,CAAA,CAGtDjC,IAAI,IAAA,CAAK,iDAAiD,EAE1D,IAAMqC,CAAAA,CAAeX,CAAAA,EAAgB,MAAA,CAAO,KAAK,EAAE,CAAA,CAG7C,CAAE,UAAA,CAAYY,CAAAA,CAAe,MAAOC,CAAS,CAAA,CAClDxD,CAAAA,CAAc,cAAA,CAAesD,EAAcpD,CAAY,CAAA,CAGlDuD,EAA8C,EAAC,CAC/CC,EAAS,MAAM,OAAO,QAAa,CAAA,CACzC,IAAA,GAAW,CAACC,CAAAA,CAAKC,CAAK,IAAK,MAAA,CAAO,OAAA,CAAQlE,EAAQ,SAAA,EAAa,EAAE,CAAA,CAAG,CACnE,IAAMmE,CAAAA,CAAaH,EAAO,WAAA,CAAY,EAAE,EAClCrD,CAAAA,CAASqD,CAAAA,CAAO,cAAA,CACrB,aAAA,CACAxD,EACA2D,CACD,CAAA,CACMtD,EAAY,MAAA,CAAO,MAAA,CAAO,CAC/BF,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,SAAA,CAAUuD,CAAK,CAAC,CAAA,CACnCvD,EAAO,KAAA,EACR,CAAC,CAAA,CACKG,CAAAA,CAAUH,EAAO,UAAA,EAAW,CAElCoD,EAAgBE,CAAG,CAAA,CAAI,OAAO,MAAA,CAAO,CAACE,EAAYtD,CAAAA,CAAWC,CAAO,CAAC,EACtE,CAGA,IAAMsD,CAAAA,CAA6B,CAClC,aAAA,CAAeX,CAAAA,CACf,YAAaI,CAAAA,CACb,MAAA,CAAQE,CAAAA,CACR,cAAA,CAAgBL,EAChB,SAAA,CAAWI,CACZ,EAEA,OAAO,IAAI,QAAQ,CAAC7D,CAAAA,CAASC,CAAAA,GAAW,CACvC,IAAMmE,CAAAA,CAASnB,CAAAA,CAAU,aAAakB,CAAY,CAAA,CAClD,GAAI,CAACC,CAAAA,CAAQ,CACZnE,CAAAA,CAAO,IAAI,MAAM,oDAAoD,CAAC,EACtE,MACD,CACA,IAAIoE,CAAAA,CAAkB,KAAA,CAClBC,CAAAA,CAAkB,KAAA,CAEtBF,EAAO,EAAA,CAAG,MAAA,CAAQ,MAAOhE,CAAAA,EAA4B,CACpD,GAAI,CAAAiE,CAAAA,CACJ,CAAAC,CAAAA,CAAkB,IAAA,CAElBhD,IAAI,IAAA,CAAK,0DAA0D,EAEnE,GAAI,CAIH,GAAI,CAAClB,CAAAA,CAAS,QAAA,EAST,CARY,MAAM,IAAA,CAAK,QAAA,CAAS,gBACnCuD,CAAAA,CACA,MAAA,CAAO,KAAKvD,CAAAA,CAAS,mBAAmB,EAAE,QAAA,CAAS,KAAK,EACxD,MAAA,CAAO,IAAA,CAAKA,EAAS,UAAU,CAAA,CAC/B,OAAO,IAAA,CAAKG,CAAY,CAAA,CACxBH,CAAAA,CAAS,iBACV,CAAA,CAEc,CACbH,EACC,IAAI,KAAA,CACH,+DACD,CACD,CAAA,CACA,MACD,CAGDoE,EAAkB,CAAA,CAAA,CAClBrE,CAAAA,CAAQ,CACP,OAAA,CAAS,CACR,CACC,IAAA,CAAM,MAAA,CACN,IAAA,CAAMI,CAAAA,CAAS,iBAChB,CACD,CAAA,CACA,QAASA,CAAAA,CAAS,QACnB,CAAC,EACF,CAAA,MAAS4B,EAAK,CACb/B,CAAAA,CAAO+B,CAAG,EACX,CAAA,CACD,CAAC,CAAA,CAEDoC,CAAAA,CAAO,GAAG,OAAA,CAAUpC,CAAAA,EAAQ,CACvBqC,CAAAA,GACJ/C,IAAI,KAAA,CAAM,4BAAA,CAA8BU,CAAG,CAAA,CAC3C/B,CAAAA,CAAO+B,CAAG,CAAA,EACX,CAAC,CAAA,CAEDoC,CAAAA,CAAO,GAAG,KAAA,CAAO,IAAM,CAGlB,CAACE,CAAAA,EAAmB,CAACD,CAAAA,EACxBpE,CAAAA,CAAO,IAAI,KAAA,CAAM,gDAAgD,CAAC,EAEpE,CAAC,EACF,CAAC,CACF,CAEQ,oBAAA,CAAqB6C,EAAgBrD,CAAAA,CAAgC,CAC5E,IAAI8E,CAAAA,CAAS,IAAA,CAAK,WAAW,GAAA,CAAIzB,CAAM,EACvC,GAAI,CAACyB,CAAAA,CAAQ,CACZ,IAAIC,CAAAA,CAAY,IAAA,CAAK,WAEjBlC,CAAAA,CAAW,IAAA,CAAK,UAAU,GAAA,CAAIQ,CAAM,CAAA,CACpC2B,CAAAA,CAAa3B,EAIjB,GAAI,CAACR,GACJ,IAAA,GAAW,CAACoC,EAAKC,CAAC,CAAA,GAAK,IAAA,CAAK,SAAA,CAAU,SAAQ,CAC7C,GAAIA,EAAE,KAAA,CAAM,IAAA,CAAMC,GAAMA,CAAAA,CAAE,IAAA,GAAS9B,CAAM,CAAA,CAAG,CAC3CR,EAAWqC,CAAAA,CACXF,CAAAA,CAAaC,EACb,KACD,CAAA,CAIF,IAAMG,CAAAA,CAAevC,CAAAA,EAAU,UAAA,EAAY,IAAA,EAAM,aAAY,EAAK,EAAA,CAC9DwC,EAGEC,CAAAA,CAAOzC,CAAAA,EAAU,UAQvB,GAPIyC,CAAAA,GACHD,EACC,OAAA,CAAQ,GAAA,CAAI,cAAcC,CAAI,CAAA,CAAE,GAChC,OAAA,CAAQ,GAAA,CAAI,oBAAoBA,CAAI,CAAA,CAAE,CAAA,CAAA,CAIpC,CAACD,GAAYL,CAAAA,CAAY,CAC5B,IAAMO,CAAAA,CAAUP,CAAAA,CAAW,MAAM,EAAE,CAAA,CAAE,aAAY,CACjDK,CAAAA,CACC,QAAQ,GAAA,CAAI,CAAA,WAAA,EAAcE,CAAO,CAAA,CAAE,CAAA,EACnC,QAAQ,GAAA,CAAI,CAAA,iBAAA,EAAoBA,CAAO,CAAA,CAAE,EAC3C,CAGA,GAAI,CAACF,CAAAA,EAAYD,CAAAA,CAAc,CAC9B,IAAMI,CAAAA,CAAYJ,CAAAA,CAChB,WAAA,GACA,OAAA,CAAQ,aAAA,CAAe,GAAG,CAAA,CAC5BC,CAAAA,CACC,QAAQ,GAAA,CAAI,CAAA,WAAA,EAAcG,CAAS,CAAA,CAAE,GACrC,OAAA,CAAQ,GAAA,CAAI,oBAAoBA,CAAS,CAAA,CAAE,EAC7C,CAEIH,CAAAA,GACHxD,IAAI,IAAA,CACH,CAAA,mDAAA,EAAsDmD,EAAW,KAAA,CAAM,EAAE,CAAC,CAAA,EAAA,EAAKI,CAAAA,EAAgB,SAAS,CAAA,CAAA,CACzG,CAAA,CACAL,CAAAA,CAAYM,CAAAA,CAAAA,CAGbP,EAAS,IAAI/E,CAAAA,CAAcC,EAAS,IAAA,CAAK,UAAA,CAAY+E,CAAS,CAAA,CAC9D,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI1B,EAAQyB,CAAM,EACnC,CACA,OAAOA,CACR,CAMA,MAAa,YAAA,CAAaW,CAAAA,CAEvB,CACF,GAAI,CAAC,IAAA,CAAK,SACT,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAErE5D,IAAI,IAAA,CAAK,CAAA,yCAAA,EAA4C4D,CAAG,CAAA,GAAA,CAAK,CAAA,CAG7D,IAAM/C,CAAAA,CAAY,MAAM,KAAK,QAAA,CAAS,aAAA,CAAc+C,CAAG,CAAA,CACvD,GAAI/C,CAAAA,CAAU,MAAA,GAAW,EACxB,MAAM,IAAI,MAAM,CAAA,sCAAA,EAAyC+C,CAAG,CAAA,CAAE,CAAA,CAI/D,IAAM5C,CAAAA,CAAW,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcH,EAAU,CAAC,CAAC,CAAA,CAC/D,GAAI,CAACG,CAAAA,CACJ,MAAM,IAAI,KAAA,CAAM,mDAAmD,EAIpE,IAAM6C,CAAAA,CAAc7C,EAAS,SAAA,EAAW,IAAA,CAAM8C,GAAMA,CAAAA,CAAE,GAAA,GAAQF,CAAG,CAAA,CACjE,GAAI,CAACC,CAAAA,CACJ,MAAM,IAAI,KAAA,CAAM,YAAYD,CAAG,CAAA,+BAAA,CAAiC,EAIjE,OAAO,CACN,SAAU,CACT,CACC,IAAAA,CAAAA,CACA,QAAA,CAAUC,EAAY,QAAA,EAAY,kBAAA,CAClC,KAAM,IAAA,CAAK,SAAA,CAAUA,EAAa,IAAA,CAAM,CAAC,CAC1C,CACD,CACD,CACD,CAEO,eAA+D,CACrE,OAAO,KAAK,UACb,CAKA,MAAa,KAAA,EAAuB,CAC/B,KAAK,QAAA,EACR,MAAM,KAAK,QAAA,CAAS,IAAA,GAEtB,CACD","file":"chunk-T3L6OCM3.js","sourcesContent":["import * as grpc from \"@grpc/grpc-js\";\nimport { liopV1 } from \"./proto.js\";\nimport { createChannelCredentials, type LiopTlsOptions } from \"./tls.js\";\nimport type {\n\tIntentRequest,\n\tIntentResponse,\n\tLogicRequest,\n\tLogicResponse,\n} from \"./types.js\";\n\n/**\n * LIOP gRPC Client Implementation\n * Provides a high-level interface for secure intent negotiation and logic execution.\n */\nexport class LiopRpcClient {\n\t// biome-ignore lint/suspicious/noExplicitAny: internal gRPC client type\n\tprivate client: any;\n\tprivate token?: string;\n\n\tconstructor(address: string, tls?: LiopTlsOptions, token?: string) {\n\t\tconst credentials = createChannelCredentials(tls);\n\t\tthis.client = new liopV1.LogicMesh(address, credentials);\n\t\tthis.token = token;\n\t}\n\n\t/**\n\t * Negotiates intent with the remote host.\n\t * Returns the ephemeral Kyber public key for payload encryption.\n\t */\n\tpublic async negotiateIntent(\n\t\trequest: IntentRequest,\n\t): Promise<IntentResponse> {\n\t\treturn new Promise((resolve, reject) => {\n\t\t\tconst metadata = new grpc.Metadata();\n\t\t\tif (this.token) {\n\t\t\t\tmetadata.add(\"authorization\", `Bearer ${this.token}`);\n\t\t\t}\n\t\t\tthis.client.NegotiateIntent(\n\t\t\t\trequest,\n\t\t\t\tmetadata,\n\t\t\t\t(error: grpc.ServiceError | null, response: IntentResponse) => {\n\t\t\t\t\tif (error) {\n\t\t\t\t\t\treject(error);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tresolve(response);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t);\n\t\t});\n\t}\n\n\t/**\n\t * Pushes the encrypted Logic-on-Origin payload to the origin.\n\t * Returns a stream of semantic responses and ZK proofs.\n\t */\n\tpublic executeLogic(\n\t\trequest: LogicRequest,\n\t): grpc.ClientReadableStream<LogicResponse> {\n\t\tconst metadata = new grpc.Metadata();\n\t\tif (this.token) {\n\t\t\tmetadata.add(\"authorization\", `Bearer ${this.token}`);\n\t\t}\n\t\treturn this.client.ExecuteLogic(request, metadata);\n\t}\n\n\tpublic close(): void {\n\t\tthis.client.close();\n\t}\n}\n","import { createCipheriv, createDecipheriv, randomBytes } from \"node:crypto\";\n\n/**\n * LIOP Symmetric Payload Encryption Wrapper\n * Uses AES-256-GCM to secure WASM Code transport over Zero-Trust networks.\n * Fully compatible with the `aes-gcm` Rust crate used by Wasmtime.\n */\nexport const AesGcmWrapper = {\n\t/**\n\t * Encrypts a raw WASM payload using the shared secret negotiated via Kyber768.\n\t *\n\t * @param payload Raw incoming WASM byte array or string.\n\t * @param sharedSecret A perfectly derived 32-byte (256-bit) shared secret array\n\t * @returns The encrypted buffer to push to the GRPc stream, along with the 12-byte initialization vector natively generated.\n\t */\n\tencryptPayload(\n\t\tpayload: Uint8Array | Buffer,\n\t\tsharedSecret: Uint8Array,\n\t): {\n\t\tciphertext: Buffer;\n\t\tnonce: Buffer;\n\t} {\n\t\tif (sharedSecret.length !== 32) {\n\t\t\tthrow new Error(\"Symmetric Key must be exactly 32 bytes (256 bits).\");\n\t\t}\n\n\t\t// LIOP standard demands 96-bit (12 byte) IVs/Nonces for AES-GCM\n\t\tconst nonce = randomBytes(12);\n\n\t\tconst cipher = createCipheriv(\"aes-256-gcm\", sharedSecret, nonce);\n\n\t\t// Encrypt the payload and seal the tag\n\t\tconst encrypted = Buffer.concat([cipher.update(payload), cipher.final()]);\n\t\tconst authTag = cipher.getAuthTag(); // 16 bytes for GCM integrity\n\n\t\t// In LIOP, the auth tag is strictly appended to the end of the ciphertext bytes\n\t\t// mirroring the default serialization logic within `aes_gcm::Aes256Gcm` in Rust\n\t\tconst finalCiphertext = Buffer.concat([encrypted, authTag]);\n\n\t\treturn {\n\t\t\tciphertext: finalCiphertext,\n\t\t\tnonce: nonce,\n\t\t};\n\t},\n\n\t/**\n\t * Decrypts a remote Zero-Knowledge receipt using AES-256-GCM.\n\t */\n\tdecryptPayload(\n\t\tciphertextBuffer: Buffer,\n\t\tnonce: Buffer,\n\t\tsharedSecret: Uint8Array,\n\t): Buffer {\n\t\tif (ciphertextBuffer.length < 16) {\n\t\t\tthrow new Error(\n\t\t\t\t\"Invalid GCM Ciphertext; missing authentication tag length\",\n\t\t\t);\n\t\t}\n\n\t\t// The last 16 bytes represent the AuthTag appended by rust-aes-gcm\n\t\tconst encryptedData = ciphertextBuffer.subarray(0, -16);\n\t\tconst authTag = ciphertextBuffer.subarray(-16);\n\n\t\tconst decipher = createDecipheriv(\"aes-256-gcm\", sharedSecret, nonce);\n\t\tdecipher.setAuthTag(authTag);\n\n\t\treturn Buffer.concat([decipher.update(encryptedData), decipher.final()]);\n\t},\n};\n","import { LiopVerifier } from \"../crypto/verifier.js\";\nimport {\n\ttype LiopManifest,\n\tMeshNode,\n\ttype MeshNodeConfig,\n} from \"../mesh/node.js\";\nimport { LiopRpcClient } from \"../rpc/client.js\";\nimport { AesGcmWrapper } from \"../rpc/crypto/aes.js\";\nimport { Kyber768Wrapper } from \"../rpc/crypto/kyber.js\";\nimport type { LiopTlsOptions } from \"../rpc/tls.js\";\nimport type { LogicRequest, LogicResponse } from \"../rpc/types.js\";\nimport type { CallToolRequest, CallToolResult } from \"../types.js\";\nimport { log } from \"../utils/logger.js\";\n\n/**\n * LIOP Client\n * High-level orchestration for discovery and execution in the Logic-Injection-on-Origin mesh.\n */\nexport class LiopClient {\n\tprivate meshNode: MeshNode | null = null;\n\tprivate rpcClients: Map<string, LiopRpcClient> = new Map();\n\tprivate manifests: Map<string, LiopManifest> = new Map();\n\tprivate tlsOptions?: LiopTlsOptions;\n\tprivate serverInfo?: { name: string; version: string };\n\tpublic verifier: LiopVerifier = new LiopVerifier();\n\tprivate oauthToken?: string;\n\n\tconstructor(tls?: LiopTlsOptions) {\n\t\tthis.tlsOptions = tls;\n\t}\n\n\t/**\n\t * Requests an M2M access token from the Nexus Authorization Server using Client Credentials.\n\t */\n\tprivate async acquireM2MToken(authOpts: {\n\t\tclientId: string;\n\t\tclientSecret: string;\n\t\tnexusUrl: string;\n\t\taudience: string;\n\t\tscope?: string;\n\t}): Promise<string> {\n\t\tconst baseUrl = authOpts.nexusUrl.endsWith(\"/oidc\")\n\t\t\t? authOpts.nexusUrl\n\t\t\t: `${authOpts.nexusUrl}/oidc`;\n\t\tconst tokenUrl = `${baseUrl}/token`;\n\t\tlog.info(`[LiopClient] Requesting M2M Token from Nexus AS: ${tokenUrl}`);\n\n\t\tconst params = new URLSearchParams({\n\t\t\tgrant_type: \"client_credentials\",\n\t\t\tscope:\n\t\t\t\tauthOpts.scope ||\n\t\t\t\t\"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query\",\n\t\t\tresource: authOpts.audience,\n\t\t\tclient_id: authOpts.clientId,\n\t\t\tclient_secret: authOpts.clientSecret,\n\t\t});\n\n\t\tconst response = await fetch(tokenUrl, {\n\t\t\tmethod: \"POST\",\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t},\n\t\t\tbody: params.toString(),\n\t\t});\n\n\t\tif (!response.ok) {\n\t\t\tconst text = await response.text();\n\t\t\tthrow new Error(\n\t\t\t\t`OAuth token request failed with status ${response.status}: ${text}`,\n\t\t\t);\n\t\t}\n\n\t\tconst data = (await response.json()) as {\n\t\t\taccess_token: string;\n\t\t\texpires_in?: number;\n\t\t};\n\t\tif (!data.access_token) {\n\t\t\tthrow new Error(\"OAuth token response did not contain an access_token.\");\n\t\t}\n\n\t\tlog.info(\"[LiopClient] M2M Token acquired successfully.\");\n\t\treturn data.access_token;\n\t}\n\n\t/**\n\t * Discovers and connects to the target server or mesh capability.\n\t * If address is omitted, it sets up the MeshNode to act purely dynamically.\n\t */\n\tpublic async connect(\n\t\taddress?: string,\n\t\toptions?: {\n\t\t\tmeshConfig?: MeshNodeConfig;\n\t\t\tauth?: {\n\t\t\t\tclientId?: string;\n\t\t\t\tclientSecret?: string;\n\t\t\t\tnexusUrl?: string;\n\t\t\t\taudience?: string;\n\t\t\t\tscope?: string;\n\t\t\t\ttoken?: string;\n\t\t\t};\n\t\t},\n\t): Promise<void> {\n\t\t// Attempt to acquire OAuth M2M access token if credentials are provided\n\t\tconst clientId =\n\t\t\toptions?.auth?.clientId ||\n\t\t\tprocess.env.LIOP_OAUTH_CLIENT_ID ||\n\t\t\tprocess.env.LIOP_CLIENT_ID;\n\t\tconst clientSecret =\n\t\t\toptions?.auth?.clientSecret ||\n\t\t\tprocess.env.LIOP_OAUTH_CLIENT_SECRET ||\n\t\t\tprocess.env.LIOP_CLIENT_SECRET;\n\t\tconst nexusUrl =\n\t\t\toptions?.auth?.nexusUrl ||\n\t\t\tprocess.env.LIOP_NEXUS_URL ||\n\t\t\t\"http://localhost:3000\";\n\t\tconst audience =\n\t\t\toptions?.auth?.audience ||\n\t\t\tprocess.env.LIOP_OAUTH_AUDIENCE ||\n\t\t\t\"urn:liop:mesh:api\";\n\t\tconst scope =\n\t\t\toptions?.auth?.scope ||\n\t\t\tprocess.env.LIOP_OAUTH_SCOPE ||\n\t\t\t\"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query\";\n\n\t\tthis.oauthToken =\n\t\t\toptions?.auth?.token ||\n\t\t\tprocess.env.LIOP_OAUTH_TOKEN ||\n\t\t\tprocess.env.LIOP_TOKEN;\n\n\t\tif (clientId && clientSecret) {\n\t\t\ttry {\n\t\t\t\tthis.oauthToken = await this.acquireM2MToken({\n\t\t\t\t\tclientId,\n\t\t\t\t\tclientSecret,\n\t\t\t\t\tnexusUrl,\n\t\t\t\t\taudience,\n\t\t\t\t\tscope,\n\t\t\t\t});\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.error(\n\t\t\t\t\t`[LiopClient] Failed to acquire OAuth M2M Token: ${\n\t\t\t\t\t\terr instanceof Error ? err.message : String(err)\n\t\t\t\t\t}`,\n\t\t\t\t);\n\t\t\t\t// In development or when using static local token, allow connection to proceed\n\t\t\t}\n\t\t}\n\n\t\tthis.meshNode = new MeshNode(options?.meshConfig);\n\t\tawait this.meshNode.start();\n\t\tlog.info(\n\t\t\t`[LiopClient] Mesh Node synchronized. PeerID: ${this.meshNode.getPeerId()}`,\n\t\t);\n\n\t\tif (address) {\n\t\t\tthis.rpcClients.set(\n\t\t\t\t\"static\",\n\t\t\t\tnew LiopRpcClient(address, this.tlsOptions, this.oauthToken),\n\t\t\t);\n\t\t\tthis.serverInfo = { name: `LiopServer (${address})`, version: \"1.0.0\" };\n\t\t\tlog.info(`[LiopClient] Static gRPC configured for: ${address}`);\n\t\t} else {\n\t\t\tthis.serverInfo = { name: \"LiopServer (Mesh Alpha)\", version: \"1.0.0\" };\n\t\t}\n\t}\n\n\t/**\n\t * Dynamically queries Kademlia DHT to find the optimal PeerID providing the Capability\n\t * and returns the physical gRPC target (host:port) resolved from the provider's manifest.\n\t */\n\tpublic async resolveCapability(toolName: string): Promise<string> {\n\t\tif (!this.meshNode)\n\t\t\tthrow new Error(\n\t\t\t\t\"Client must be connected to Mesh to resolve capabilities.\",\n\t\t\t);\n\n\t\tlog.info(`[LiopClient] Querying Mesh DHT for Provider: ${toolName}...`);\n\t\tconst providers = await this.meshNode.findProviders(toolName);\n\n\t\tif (providers.length === 0) {\n\t\t\tthrow new Error(\n\t\t\t\t`Kademlia DHT found zero providers for capability: ${toolName}`,\n\t\t\t);\n\t\t}\n\n\t\tconst providerId = providers[0];\n\t\tlog.info(`[LiopClient] Identified Alpha Provider PeerID: ${providerId}`);\n\n\t\tlet grpcPort = 50051;\n\t\tconst manifest = await this.meshNode.queryManifest(providerId);\n\t\tif (manifest) {\n\t\t\tgrpcPort = manifest.grpcPort;\n\t\t\tlog.info(`[LiopClient] Manifest resolved: gRPC port ${grpcPort}`);\n\t\t}\n\n\t\tconst addrs = await this.meshNode.resolvePeer(providerId);\n\t\tfor (const maddr of addrs) {\n\t\t\tconst parts = maddr.split(\"/\");\n\t\t\tif (parts[1] === \"ip4\") {\n\t\t\t\tconst grpcHost = `${parts[2]}:${grpcPort}`;\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Translated Multiaddr to gRPC Target: ${grpcHost}`,\n\t\t\t\t);\n\t\t\t\treturn grpcHost;\n\t\t\t}\n\t\t}\n\n\t\treturn `127.0.0.1:${grpcPort}`;\n\t}\n\n\t/**\n\t * Discovers remote capabilities via the LIOP Manifest Protocol.\n\t */\n\tpublic async discoverTools(): Promise<\n\t\t{ name: string; description?: string }[]\n\t> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before discovering tools.\");\n\t\t}\n\n\t\tlog.info(`[LiopClient] Discovery started...`);\n\t\tconst providerIds = await this.meshNode.discoverManifestProviders();\n\t\tconst tools: { name: string; description?: string }[] = [];\n\t\tconst seenNames = new Set<string>();\n\n\t\tfor (const peerId of providerIds) {\n\t\t\ttry {\n\t\t\t\tlog.info(`[LiopClient] Querying manifest from: ${peerId}`);\n\t\t\t\tconst manifest = await this.meshNode.queryManifest(peerId);\n\t\t\t\tif (manifest) {\n\t\t\t\t\tthis.manifests.set(peerId, manifest);\n\t\t\t\t\tfor (const tool of manifest.tools) {\n\t\t\t\t\t\tif (!seenNames.has(tool.name)) {\n\t\t\t\t\t\t\ttools.push({ name: tool.name, description: tool.description });\n\t\t\t\t\t\t\tseenNames.add(tool.name);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Error querying manifest from ${peerId}:`,\n\t\t\t\t\terr instanceof Error ? err.message : String(err),\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tlog.info(\n\t\t\t`[LiopClient] Discovery finished. Found ${tools.length} unique tools.`,\n\t\t);\n\t\treturn tools;\n\t}\n\n\t/**\n\t * Invokes a tool.\n\t */\n\tpublic async callTool(\n\t\trequest: CallToolRequest,\n\t\t_wasmPayload?: Buffer,\n\t): Promise<CallToolResult> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before calling tools.\");\n\t\t}\n\n\t\tconst toolName = request.name;\n\t\tlog.info(`[LiopClient] Resolving Tool: ${toolName}`);\n\n\t\t// [ALPHA-FIX] Bypass DHT discovery if we are already statically connected to a provider (Enterprise/Test mode)\n\t\tlet rpcClient = this.rpcClients.get(\"static\");\n\n\t\tif (!rpcClient) {\n\t\t\tconst dynamicAddress = await this.resolveCapability(toolName);\n\t\t\trpcClient = this.getOrCreateRpcClient(toolName, dynamicAddress);\n\t\t} else {\n\t\t\tlog.info(\n\t\t\t\t`[LiopClient] Using existing static gRPC connection for ${toolName}.`,\n\t\t\t);\n\t\t}\n\n\t\tlog.info(`[LiopClient] Negotiating intent for ${toolName}...`);\n\t\tconst agentDid = this.meshNode\n\t\t\t? `did:liop:${this.meshNode.getPeerId()}`\n\t\t\t: \"did:liop:ephemeral\";\n\t\tconst intentPayload = Buffer.from(`${toolName}:${Date.now()}`);\n\t\tconst proofOfIntent = this.meshNode\n\t\t\t? await this.meshNode.sign(intentPayload)\n\t\t\t: intentPayload;\n\n\t\tconst intentResponse = (await rpcClient.negotiateIntent({\n\t\t\tagent_did: agentDid,\n\t\t\tcapability_hash: toolName,\n\t\t\tproof_of_intent: proofOfIntent,\n\t\t})) as unknown as {\n\t\t\taccepted: boolean;\n\t\t\terror_message: string;\n\t\t\tkyber_public_key: Uint8Array;\n\t\t\tkyberPublicKey: Uint8Array;\n\t\t\tsession_token: string;\n\t\t\tsessionToken: string;\n\t\t};\n\n\t\tif (!intentResponse.accepted) {\n\t\t\tthrow new Error(`Intent denied by host: ${intentResponse.error_message}`);\n\t\t}\n\n\t\t// LIOP Robust Field Extraction (Supports both snake_case and camelCase via gRPC-JS)\n\t\tconst publicKey =\n\t\t\tintentResponse.kyber_public_key || intentResponse.kyberPublicKey;\n\t\tconst sessionToken =\n\t\t\tintentResponse.session_token || intentResponse.sessionToken;\n\n\t\tif (!publicKey) {\n\t\t\tlog.info(\n\t\t\t\t\"[LiopClient] Critical Error: Kyber Public Key not found in IntentResponse.\",\n\t\t\t\tintentResponse,\n\t\t\t);\n\t\t\tthrow new Error(\n\t\t\t\t\"Handshake failed: Remote host did not provide a valid Kyber Public Key.\",\n\t\t\t);\n\t\t}\n\n\t\t// 2. Post-Quantum Encapsulation (ML-KEM-768)\n\t\tlog.info(\n\t\t\t`[LiopClient] Encapsulating Post-Quantum Shared Secret for ${request.name}...`,\n\t\t);\n\t\tconst { ciphertext: kyberCiphertext, sharedSecret } =\n\t\t\tawait Kyber768Wrapper.encapsulateAsymmetric(publicKey);\n\n\t\t// 3. Symmetric Sealing (AES-256-GCM)\n\t\tlog.info(`[LiopClient] Sealing WASM Payload and Inputs...`);\n\n\t\tconst _safePayload = _wasmPayload || Buffer.from(\"\");\n\n\t\t// Encrypt WASM binary\n\t\tconst { ciphertext: encryptedWasm, nonce: aesNonce } =\n\t\t\tAesGcmWrapper.encryptPayload(_safePayload, sharedSecret);\n\n\t\t// Encrypt inputs using a fresh random nonce per input to prevent AES-GCM nonce reuse\n\t\tconst encryptedInputs: Record<string, Uint8Array> = {};\n\t\tconst crypto = await import(\"node:crypto\");\n\t\tfor (const [key, value] of Object.entries(request.arguments || {})) {\n\t\t\tconst inputNonce = crypto.randomBytes(12);\n\t\t\tconst cipher = crypto.createCipheriv(\n\t\t\t\t\"aes-256-gcm\",\n\t\t\t\tsharedSecret,\n\t\t\t\tinputNonce,\n\t\t\t);\n\t\t\tconst encrypted = Buffer.concat([\n\t\t\t\tcipher.update(JSON.stringify(value)),\n\t\t\t\tcipher.final(),\n\t\t\t]);\n\t\t\tconst authTag = cipher.getAuthTag();\n\t\t\t// Prepend the 12-byte nonce to the ciphertext\n\t\t\tencryptedInputs[key] = Buffer.concat([inputNonce, encrypted, authTag]);\n\t\t}\n\n\t\t// 4. Assemble and Execute gRPC LogicRequest\n\t\tconst logicRequest: LogicRequest = {\n\t\t\tsession_token: sessionToken,\n\t\t\twasm_binary: encryptedWasm,\n\t\t\tinputs: encryptedInputs,\n\t\t\tpqc_ciphertext: kyberCiphertext,\n\t\t\taes_nonce: aesNonce,\n\t\t};\n\n\t\treturn new Promise((resolve, reject) => {\n\t\t\tconst stream = rpcClient.executeLogic(logicRequest);\n\t\t\tif (!stream) {\n\t\t\t\treject(new Error(\"RPC Client unavailable or failed to create stream.\"));\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tlet resultFulfilled = false;\n\t\t\tlet hasReceivedData = false;\n\n\t\t\tstream.on(\"data\", async (response: LogicResponse) => {\n\t\t\t\tif (resultFulfilled) return;\n\t\t\t\thasReceivedData = true;\n\n\t\t\t\tlog.info(\"[LiopClient] Logic Executed. Verification in progress...\");\n\n\t\t\t\ttry {\n\t\t\t\t\t// Only verify ZK-Receipt if the remote execution succeeded.\n\t\t\t\t\t// If the remote execution failed due to a policy error (e.g. Egress Shield),\n\t\t\t\t\t// the ZK proof is empty and we should bypass validation to propagate the original error.\n\t\t\t\t\tif (!response.is_error) {\n\t\t\t\t\t\tconst isValid = await this.verifier.verifyZkReceipt(\n\t\t\t\t\t\t\t_safePayload,\n\t\t\t\t\t\t\tBuffer.from(response.cryptographic_proof).toString(\"hex\"),\n\t\t\t\t\t\t\tBuffer.from(response.zk_receipt),\n\t\t\t\t\t\t\tBuffer.from(sharedSecret),\n\t\t\t\t\t\t\tresponse.semantic_evidence,\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tif (!isValid) {\n\t\t\t\t\t\t\treject(\n\t\t\t\t\t\t\t\tnew Error(\n\t\t\t\t\t\t\t\t\t\"PROTOCOL INTEGRITY VIOLATION: ZK-Receipt verification failed.\",\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tresultFulfilled = true;\n\t\t\t\t\tresolve({\n\t\t\t\t\t\tcontent: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\ttype: \"text\",\n\t\t\t\t\t\t\t\ttext: response.semantic_evidence,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tisError: response.is_error,\n\t\t\t\t\t});\n\t\t\t\t} catch (err) {\n\t\t\t\t\treject(err);\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tstream.on(\"error\", (err) => {\n\t\t\t\tif (resultFulfilled) return;\n\t\t\t\tlog.error(\"[LiopClient] Stream Error:\", err);\n\t\t\t\treject(err);\n\t\t\t});\n\n\t\t\tstream.on(\"end\", () => {\n\t\t\t\t// We don't throw here if we already received a response block that is currently\n\t\t\t\t// undergoing ZK Verification in the Piscina worker pool.\n\t\t\t\tif (!hasReceivedData && !resultFulfilled) {\n\t\t\t\t\treject(new Error(\"Logic-on-Origin stream closed without results.\"));\n\t\t\t\t}\n\t\t\t});\n\t\t});\n\t}\n\n\tprivate getOrCreateRpcClient(peerId: string, address: string): LiopRpcClient {\n\t\tlet client = this.rpcClients.get(peerId);\n\t\tif (!client) {\n\t\t\tlet nodeToken = this.oauthToken;\n\n\t\t\tlet manifest = this.manifests.get(peerId);\n\t\t\tlet realPeerId = peerId;\n\n\t\t\t// If peerId is actually a toolName (which happens when called from callTool),\n\t\t\t// resolve the real PeerID and its manifest from the manifest cache.\n\t\t\tif (!manifest) {\n\t\t\t\tfor (const [pId, m] of this.manifests.entries()) {\n\t\t\t\t\tif (m.tools.some((t) => t.name === peerId)) {\n\t\t\t\t\t\tmanifest = m;\n\t\t\t\t\t\trealPeerId = pId;\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst providerName = manifest?.serverInfo?.name?.toLowerCase() || \"\";\n\t\t\tlet envToken: string | undefined;\n\n\t\t\t// 0. Deterministic tokenSlug resolution (highest priority, zero heuristic)\n\t\t\tconst slug = manifest?.tokenSlug;\n\t\t\tif (slug) {\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${slug}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${slug}`];\n\t\t\t}\n\n\t\t\t// 1. PeerID-specific resolution: LIOP_TOKEN_<last 8 chars of PeerID in uppercase>\n\t\t\tif (!envToken && realPeerId) {\n\t\t\t\tconst shortId = realPeerId.slice(-8).toUpperCase();\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${shortId}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${shortId}`];\n\t\t\t}\n\n\t\t\t// 2. Provider-name resolution: LIOP_TOKEN_<CLEAN_PROVIDER_NAME_UPPERCASE>\n\t\t\tif (!envToken && providerName) {\n\t\t\t\tconst cleanName = providerName\n\t\t\t\t\t.toUpperCase()\n\t\t\t\t\t.replace(/[^A-Z0-9_]/g, \"_\");\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${cleanName}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${cleanName}`];\n\t\t\t}\n\n\t\t\tif (envToken) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Resolved node-specific token for peer ${realPeerId.slice(-8)} (${providerName || \"unknown\"})`,\n\t\t\t\t);\n\t\t\t\tnodeToken = envToken;\n\t\t\t}\n\n\t\t\tclient = new LiopRpcClient(address, this.tlsOptions, nodeToken);\n\t\t\tthis.rpcClients.set(peerId, client);\n\t\t}\n\t\treturn client;\n\t}\n\n\t/**\n\t * Reads a specific resource by URI.\n\t * In LIOP, resources can be static definitions or dynamic streams.\n\t */\n\tpublic async readResource(uri: string): Promise<{\n\t\tcontents: Array<{ uri: string; mimeType?: string; text: string }>;\n\t}> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before reading resources.\");\n\t\t}\n\t\tlog.info(`[LiopClient] Querying Mesh for Resource: ${uri}...`);\n\n\t\t// We search for the peer hosting the resource in the P2P Mesh\n\t\tconst providers = await this.meshNode.findProviders(uri);\n\t\tif (providers.length === 0) {\n\t\t\tthrow new Error(`No mesh providers found for resource: ${uri}`);\n\t\t}\n\n\t\t// Query the remote peer's manifest\n\t\tconst manifest = await this.meshNode.queryManifest(providers[0]);\n\t\tif (!manifest) {\n\t\t\tthrow new Error(\"Target peer did not return a valid LIOP Manifest.\");\n\t\t}\n\n\t\t// Locate the exact resource metadata\n\t\tconst resourceDef = manifest.resources?.find((r) => r.uri === uri);\n\t\tif (!resourceDef) {\n\t\t\tthrow new Error(`Resource ${uri} not listed in remote manifest.`);\n\t\t}\n\n\t\t// Return the declarative metadata (Logic-Injection is required for actual data extraction)\n\t\treturn {\n\t\t\tcontents: [\n\t\t\t\t{\n\t\t\t\t\turi,\n\t\t\t\t\tmimeType: resourceDef.mimeType || \"application/json\",\n\t\t\t\t\ttext: JSON.stringify(resourceDef, null, 2),\n\t\t\t\t},\n\t\t\t],\n\t\t};\n\t}\n\n\tpublic getServerInfo(): { name: string; version: string } | undefined {\n\t\treturn this.serverInfo;\n\t}\n\n\t/**\n\t * Destroys the active Mesh Node resources.\n\t */\n\tpublic async close(): Promise<void> {\n\t\tif (this.meshNode) {\n\t\t\tawait this.meshNode.stop();\n\t\t}\n\t}\n}\n"]}
package/dist/chunk-TYVG6TXQ.js DELETED
@@ -1,2 +0,0 @@
1
- import {b}from'./chunk-2MGFSIXN.js';var o=b.object({name:b.string(),description:b.string().optional(),inputSchema:b.record(b.string(),b.unknown())}),i=b.object({uri:b.string(),name:b.string(),description:b.string().optional(),mimeType:b.string().optional()}),s=b.object({name:b.string(),description:b.string().optional(),arguments:b.array(b.object({name:b.string(),description:b.string().optional(),required:b.boolean().optional()})).optional()});export{o as a,i as b,s as c};//# sourceMappingURL=chunk-TYVG6TXQ.js.map
2
- //# sourceMappingURL=chunk-TYVG6TXQ.js.map
package/dist/chunk-TYVG6TXQ.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/types.ts"],"names":["ToolSchema","external_exports","ResourceSchema","PromptSchema"],"mappings":"oCAMO,IAAMA,CAAAA,CAAaC,EAAE,MAAA,CAAO,CAClC,KAAMA,CAAAA,CAAE,MAAA,GACR,WAAA,CAAaA,CAAAA,CAAE,QAAO,CAAE,QAAA,GACxB,WAAA,CAAaA,CAAAA,CAAE,OAAOA,CAAAA,CAAE,MAAA,GAAUA,CAAAA,CAAE,OAAA,EAAS,CAC9C,CAAC,EAIYC,CAAAA,CAAiBD,CAAAA,CAAE,OAAO,CACtC,GAAA,CAAKA,EAAE,MAAA,EAAO,CACd,KAAMA,CAAAA,CAAE,MAAA,GACR,WAAA,CAAaA,CAAAA,CAAE,QAAO,CAAE,QAAA,GACxB,QAAA,CAAUA,CAAAA,CAAE,QAAO,CAAE,QAAA,EACtB,CAAC,CAAA,CAIYE,EAAeF,CAAAA,CAAE,MAAA,CAAO,CACpC,IAAA,CAAMA,CAAAA,CAAE,QAAO,CACf,WAAA,CAAaA,EAAE,MAAA,EAAO,CAAE,UAAS,CACjC,SAAA,CAAWA,EACT,KAAA,CACAA,CAAAA,CAAE,OAAO,CACR,IAAA,CAAMA,EAAE,MAAA,EAAO,CACf,YAAaA,CAAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CACjC,SAAUA,CAAAA,CAAE,OAAA,GAAU,QAAA,EACvB,CAAC,CACF,CAAA,CACC,QAAA,EACH,CAAC","file":"chunk-TYVG6TXQ.js","sourcesContent":["import { z } from \"zod\";\n\n/**\n * Base Protocol Types representing parity with Model Context Protocol\n */\n\nexport const ToolSchema = z.object({\n\tname: z.string(),\n\tdescription: z.string().optional(),\n\tinputSchema: z.record(z.string(), z.unknown()), // Represents a JSON Schema\n});\n\nexport type Tool = z.infer<typeof ToolSchema>;\n\nexport const ResourceSchema = z.object({\n\turi: z.string(),\n\tname: z.string(),\n\tdescription: z.string().optional(),\n\tmimeType: z.string().optional(),\n});\n\nexport type Resource = z.infer<typeof ResourceSchema>;\n\nexport const PromptSchema = z.object({\n\tname: z.string(),\n\tdescription: z.string().optional(),\n\targuments: z\n\t\t.array(\n\t\t\tz.object({\n\t\t\t\tname: z.string(),\n\t\t\t\tdescription: z.string().optional(),\n\t\t\t\trequired: z.boolean().optional(),\n\t\t\t}),\n\t\t)\n\t\t.optional(),\n});\n\nexport type Prompt = z.infer<typeof PromptSchema>;\n\nexport interface CallToolRequest {\n\tname: string;\n\targuments?: Record<string, unknown>;\n}\n\nexport interface CallToolResult {\n\tcontent: Array<{\n\t\ttype: \"text\" | \"image\" | \"resource\";\n\t\ttext?: string;\n\t\tdata?: string;\n\t\tmimeType?: string;\n\t\tresource?: {\n\t\t\turi: string;\n\t\t\ttext?: string;\n\t\t\tblob?: string;\n\t\t};\n\t}>;\n\tisError?: boolean;\n}\n\nexport interface GetPromptRequest {\n\tname: string;\n\targuments?: Record<string, string>;\n}\n\nexport interface GetPromptResult {\n\tdescription?: string;\n\tmessages: Array<{\n\t\trole: \"user\" | \"assistant\";\n\t\tcontent:\n\t\t\t| { type: \"text\"; text: string }\n\t\t\t| { type: \"image\"; data: string; mimeType: string }\n\t\t\t| {\n\t\t\t\t\ttype: \"resource\";\n\t\t\t\t\tresource: { uri: string; text?: string; blob?: string };\n\t\t\t };\n\t}>;\n}\n\nexport interface ServerInfo {\n\tname: string;\n\tversion: string;\n\tcapabilities?: {\n\t\tprompts?: { listChanged?: boolean };\n\t\tresources?: { subscribe?: boolean; listChanged?: boolean };\n\t\ttools?: { listChanged?: boolean };\n\t\tlogging?: Record<string, unknown>;\n\t};\n}\n\nexport interface McpRequest {\n\tmethod: string;\n\tparams?: unknown;\n\tid?: string | number | null;\n\tjsonrpc?: \"2.0\";\n}\n\nexport interface McpResponse {\n\tjsonrpc: \"2.0\";\n\tid?: string | number | null;\n\tresult?: unknown;\n\terror?: {\n\t\tcode: number;\n\t\tmessage: string;\n\t\tdata?: unknown;\n\t};\n}\n\n/**\n * Re-export AuthInfo from the security module for convenience.\n * Compatible with MCP TypeScript SDK AuthInfo interface shape.\n */\nexport type { AuthInfo } from \"./security/jwt-validator.js\";\n"]}