@nority/bridge-sdk 0.1.0

package/dist/conversation/state.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"state.js","sourceRoot":"","sources":["../../src/conversation/state.ts"],"names":[],"mappings":"AAqBA,MAAM,UAAU,uBAAuB,CACrC,cAAsB,EACtB,YAAoB;IAEpB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CACb,uEAAuE,YAAY,CAAC,MAAM,EAAE,CAC7F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,cAAc;QACd,YAAY;QACZ,KAAK,EAAE,EAAE;QACT,cAAc,EAAE,CAAC;QACjB,qBAAqB,EAAE,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,KAAwB;IAExB,uBAAuB,CAAC,KAAK,EAAE,4BAA4B,CAAC,CAAC;IAC7D,OAAO;QACL,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,kBAAkB,EAAE,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzD,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;QACjC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,qBAAqB,EAAE,EAAE,GAAG,KAAK,CAAC,qBAAqB,EAAE;KAC1D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,KAAiC;IAEjC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,oFAAoF,KAAK,CAAC,cAAc,EAAE,CAC3G,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IACrE,MAAM,YAAY,GAAsB;QACtC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,YAAY;QACZ,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;QACjC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,qBAAqB,EAAE,0BAA0B,CAAC,KAAK,CAAC,qBAAqB,CAAC;KAC/E,CAAC;IACF,uBAAuB,CAAC,YAAY,EAAE,8BAA8B,CAAC,CAAC;IACtE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,UAAU,CACxB,KAAwB,EACxB,IAAsB,EACtB,KAAoB;IAEpB,uBAAuB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;QACf,IAAI;QACJ,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAoB;IACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,KAAK;SACT,MAAM,CAAC,CAAC,IAAI,EAAkD,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC;SACtF,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;SACxB,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,IAAiB;IAClC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACzB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IAC3C,CAAC;IACD,OAAO;QACL,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAwB,EACxB,MAAc;IAEd,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,8BAA8B,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,yCAAyC,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,0BAA0B,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,iDAAiD,CAAC,CAAC;IAC9E,CAAC;IACD,2BAA2B,CAAC,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,0BAA0B,CACjC,qBAA0E;IAE1E,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,2BAA2B,CACzB,qBAAqB,EACrB,4BAA4B,CAC7B,CAAC;IACF,OAAO,EAAE,GAAG,qBAAqB,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,2BAA2B,CAClC,qBAA8B,EAC9B,MAAc;IAEd,IACE,OAAO,qBAAqB,KAAK,QAAQ;QACzC,qBAAqB,KAAK,IAAI;QAC9B,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,EACpC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,2CAA2C,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC3E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,gDAAgD,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,8DAA8D,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/crypto/conversation.d.ts

@@ -0,0 +1,20 @@
+import { type KeyObject } from "node:crypto";
+/**
+ * Derive the per-conversation AES-256-GCM key from an X25519 ECDH exchange.
+ *
+ * 1. Compute the shared secret via X25519 ECDH
+ * 2. Derive 32-byte key via HKDF-SHA3-256 with info="nority-conv-v1"
+ */
+export declare function deriveConversationKey(localPrivateKeyPem: string, remotePublicKeyPem: string): Promise<Buffer>;
+export declare function deriveConversationKeyFromKeyObjects(privateKey: KeyObject, publicKey: KeyObject): Buffer;
+export declare function deriveConversationKeyFromSharedSecret(sharedSecret: Buffer): Buffer;
+/**
+ * Encrypt a plaintext payload using AES-256-GCM.
+ * Returns wire format: nonce || ciphertext || tag
+ */
+export declare function encryptPayload(key: Buffer, plaintext: Buffer): Buffer;
+/**
+ * Decrypt a wire-format payload (nonce || ciphertext || tag) using AES-256-GCM.
+ */
+export declare function decryptPayload(key: Buffer, wirePayload: Buffer): Buffer;
+//# sourceMappingURL=conversation.d.ts.map

package/dist/crypto/conversation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"conversation.d.ts","sourceRoot":"","sources":["../../src/crypto/conversation.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,SAAS,EACf,MAAM,aAAa,CAAC;AAQrB;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,kBAAkB,EAAE,MAAM,EAC1B,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,MAAM,CAAC,CAsBjB;AAED,wBAAgB,mCAAmC,CACjD,UAAU,EAAE,SAAS,EACrB,SAAS,EAAE,SAAS,GACnB,MAAM,CAmBR;AAED,wBAAgB,qCAAqC,CACnD,YAAY,EAAE,MAAM,GACnB,MAAM,CAsBR;AA6DD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAuBrE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAyBvE"}

package/dist/crypto/conversation.js

@@ -0,0 +1,134 @@
+import { createPrivateKey, createPublicKey, diffieHellman, randomBytes, createCipheriv, createDecipheriv, } from "node:crypto";
+import { sha3_256 } from "./hkdf-sha3.js";
+const HKDF_INFO = "nority-conv-v1";
+const AES_KEY_LENGTH = 32;
+const NONCE_LENGTH = 12;
+const TAG_LENGTH = 16;
+/**
+ * Derive the per-conversation AES-256-GCM key from an X25519 ECDH exchange.
+ *
+ * 1. Compute the shared secret via X25519 ECDH
+ * 2. Derive 32-byte key via HKDF-SHA3-256 with info="nority-conv-v1"
+ */
+export async function deriveConversationKey(localPrivateKeyPem, remotePublicKeyPem) {
+    if (!localPrivateKeyPem || !remotePublicKeyPem) {
+        throw new Error("deriveConversationKey: both localPrivateKeyPem and remotePublicKeyPem are required");
+    }
+    const privateKey = createPrivateKey(localPrivateKeyPem);
+    const publicKey = createPublicKey(remotePublicKeyPem);
+    if (privateKey.asymmetricKeyType !== "x25519") {
+        throw new Error(`deriveConversationKey: expected x25519 private key, got ${privateKey.asymmetricKeyType}`);
+    }
+    if (publicKey.asymmetricKeyType !== "x25519") {
+        throw new Error(`deriveConversationKey: expected x25519 public key, got ${publicKey.asymmetricKeyType}`);
+    }
+    return deriveConversationKeyFromKeyObjects(privateKey, publicKey);
+}
+export function deriveConversationKeyFromKeyObjects(privateKey, publicKey) {
+    if (!privateKey || !publicKey) {
+        throw new Error("deriveConversationKeyFromKeyObjects: privateKey and publicKey are required");
+    }
+    if (privateKey.asymmetricKeyType !== "x25519") {
+        throw new Error(`deriveConversationKeyFromKeyObjects: expected x25519 private key, got ${privateKey.asymmetricKeyType}`);
+    }
+    if (publicKey.asymmetricKeyType !== "x25519") {
+        throw new Error(`deriveConversationKeyFromKeyObjects: expected x25519 public key, got ${publicKey.asymmetricKeyType}`);
+    }
+    const sharedSecret = diffieHellman({ privateKey, publicKey });
+    return deriveConversationKeyFromSharedSecret(sharedSecret);
+}
+export function deriveConversationKeyFromSharedSecret(sharedSecret) {
+    if (!sharedSecret || sharedSecret.length === 0) {
+        throw new Error("deriveConversationKeyFromSharedSecret: sharedSecret is required");
+    }
+    const infoBytes = Buffer.from(HKDF_INFO, "utf-8");
+    const derivedKey = hkdfSha3256(sharedSecret, Buffer.alloc(0), infoBytes, AES_KEY_LENGTH);
+    if (derivedKey.length !== AES_KEY_LENGTH) {
+        throw new Error(`deriveConversationKeyFromSharedSecret: derived key length ${derivedKey.length} !== ${AES_KEY_LENGTH}`);
+    }
+    return derivedKey;
+}
+/**
+ * HKDF using SHA3-256 as the hash function.
+ * Node's built-in hkdf only supports standard hash names, so we implement HKDF manually.
+ */
+function hkdfSha3256(ikm, salt, info, length) {
+    // Extract: PRK = HMAC-SHA3-256(salt, IKM)
+    // For HKDF, if salt is empty, use a hash-length zero buffer
+    const hashLen = 32; // SHA3-256 output
+    const effectiveSalt = salt.length > 0 ? salt : Buffer.alloc(hashLen, 0);
+    const prk = hmacSha3256(effectiveSalt, ikm);
+    // Expand: OKM = T(1) || T(2) || ...
+    const n = Math.ceil(length / hashLen);
+    if (n > 255) {
+        throw new Error("hkdfSha3256: requested length too large");
+    }
+    const okm = Buffer.alloc(n * hashLen);
+    let prev = Buffer.alloc(0);
+    for (let i = 1; i <= n; i++) {
+        const input = Buffer.concat([prev, info, Buffer.from([i])]);
+        prev = hmacSha3256(prk, input);
+        prev.copy(okm, (i - 1) * hashLen);
+    }
+    return okm.subarray(0, length);
+}
+/**
+ * HMAC-SHA3-256 implementation.
+ */
+function hmacSha3256(key, data) {
+    const blockSize = 136; // SHA3-256 block size (rate)
+    let k = key;
+    if (k.length > blockSize) {
+        k = sha3_256(k);
+    }
+    if (k.length < blockSize) {
+        k = Buffer.concat([k, Buffer.alloc(blockSize - k.length, 0)]);
+    }
+    const iPad = Buffer.alloc(blockSize);
+    const oPad = Buffer.alloc(blockSize);
+    for (let i = 0; i < blockSize; i++) {
+        iPad[i] = k[i] ^ 0x36;
+        oPad[i] = k[i] ^ 0x5c;
+    }
+    const inner = sha3_256(Buffer.concat([iPad, data]));
+    return sha3_256(Buffer.concat([oPad, inner]));
+}
+/**
+ * Encrypt a plaintext payload using AES-256-GCM.
+ * Returns wire format: nonce || ciphertext || tag
+ */
+export function encryptPayload(key, plaintext) {
+    if (key.length !== AES_KEY_LENGTH) {
+        throw new Error(`encryptPayload: key must be ${AES_KEY_LENGTH} bytes, got ${key.length}`);
+    }
+    const nonce = randomBytes(NONCE_LENGTH);
+    const cipher = createCipheriv("aes-256-gcm", key, nonce);
+    const ciphertext = Buffer.concat([
+        cipher.update(plaintext),
+        cipher.final(),
+    ]);
+    const tag = cipher.getAuthTag();
+    if (tag.length !== TAG_LENGTH) {
+        throw new Error(`encryptPayload: auth tag length ${tag.length} !== ${TAG_LENGTH}`);
+    }
+    return Buffer.concat([nonce, ciphertext, tag]);
+}
+/**
+ * Decrypt a wire-format payload (nonce || ciphertext || tag) using AES-256-GCM.
+ */
+export function decryptPayload(key, wirePayload) {
+    if (key.length !== AES_KEY_LENGTH) {
+        throw new Error(`decryptPayload: key must be ${AES_KEY_LENGTH} bytes, got ${key.length}`);
+    }
+    const minLength = NONCE_LENGTH + TAG_LENGTH;
+    if (wirePayload.length < minLength) {
+        throw new Error(`decryptPayload: wire payload too short (${wirePayload.length} < ${minLength})`);
+    }
+    const nonce = wirePayload.subarray(0, NONCE_LENGTH);
+    const ciphertext = wirePayload.subarray(NONCE_LENGTH, wirePayload.length - TAG_LENGTH);
+    const tag = wirePayload.subarray(wirePayload.length - TAG_LENGTH);
+    const decipher = createDecipheriv("aes-256-gcm", key, nonce);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+//# sourceMappingURL=conversation.js.map

package/dist/crypto/conversation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conversation.js","sourceRoot":"","sources":["../../src/crypto/conversation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,WAAW,EACX,cAAc,EACd,gBAAgB,GAEjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,YAAY,GAAG,EAAE,CAAC;AACxB,MAAM,UAAU,GAAG,EAAE,CAAC;AAEtB;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,kBAA0B,EAC1B,kBAA0B;IAE1B,IAAI,CAAC,kBAAkB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,eAAe,CAAC,kBAAkB,CAAC,CAAC;IAEtD,IAAI,UAAU,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,2DAA2D,UAAU,CAAC,iBAAiB,EAAE,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,0DAA0D,SAAS,CAAC,iBAAiB,EAAE,CACxF,CAAC;IACJ,CAAC;IAED,OAAO,mCAAmC,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,mCAAmC,CACjD,UAAqB,EACrB,SAAoB;IAEpB,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;IACJ,CAAC;IACD,IAAI,UAAU,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,yEAAyE,UAAU,CAAC,iBAAiB,EAAE,CACxG,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,wEAAwE,SAAS,CAAC,iBAAiB,EAAE,CACtG,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,OAAO,qCAAqC,CAAC,YAAY,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,qCAAqC,CACnD,YAAoB;IAEpB,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,WAAW,CAC5B,YAAY,EACZ,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EACf,SAAS,EACT,cAAc,CACf,CAAC;IAEF,IAAI,UAAU,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,6DAA6D,UAAU,CAAC,MAAM,QAAQ,cAAc,EAAE,CACvG,CAAC;IACJ,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,GAAW,EACX,IAAY,EACZ,IAAY,EACZ,MAAc;IAEd,0CAA0C;IAC1C,4DAA4D;IAC5D,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,kBAAkB;IACtC,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACxE,MAAM,GAAG,GAAG,WAAW,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAE5C,oCAAoC;IACpC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;IACtC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;IACtC,IAAI,IAAI,GAAW,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,KAAK,CAAW,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW,EAAE,IAAY;IAC5C,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,6BAA6B;IAEpD,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,IAAI,CAAC,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACzB,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACzB,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACxB,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW,EAAE,SAAiB;IAC3D,IAAI,GAAG,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CACb,+BAA+B,cAAc,eAAe,GAAG,CAAC,MAAM,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAEzD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;QACxB,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,mCAAmC,GAAG,CAAC,MAAM,QAAQ,UAAU,EAAE,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW,EAAE,WAAmB;IAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CACb,+BAA+B,cAAc,eAAe,GAAG,CAAC,MAAM,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,GAAG,UAAU,CAAC;IAC5C,IAAI,WAAW,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,2CAA2C,WAAW,CAAC,MAAM,MAAM,SAAS,GAAG,CAChF,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,WAAW,CAAC,QAAQ,CACrC,YAAY,EACZ,WAAW,CAAC,MAAM,GAAG,UAAU,CAChC,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IAElE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC7D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;AACxE,CAAC"}

package/dist/crypto/hkdf-sha3.d.ts

@@ -0,0 +1,5 @@
+/**
+ * SHA3-256 hash using Node's built-in crypto.
+ */
+export declare function sha3_256(data: Buffer): Buffer<ArrayBuffer>;
+//# sourceMappingURL=hkdf-sha3.d.ts.map

package/dist/crypto/hkdf-sha3.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf-sha3.d.ts","sourceRoot":"","sources":["../../src/crypto/hkdf-sha3.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAE1D"}

package/dist/crypto/hkdf-sha3.js

@@ -0,0 +1,8 @@
+import { createHash } from "node:crypto";
+/**
+ * SHA3-256 hash using Node's built-in crypto.
+ */
+export function sha3_256(data) {
+    return createHash("sha3-256").update(data).digest();
+}
+//# sourceMappingURL=hkdf-sha3.js.map

package/dist/crypto/hkdf-sha3.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf-sha3.js","sourceRoot":"","sources":["../../src/crypto/hkdf-sha3.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAyB,CAAC;AAC7E,CAAC"}

package/dist/crypto/identity.d.ts

@@ -0,0 +1,21 @@
+export interface Ed25519Identity {
+    privateKeyPem: string;
+    publicKeyPem: string;
+}
+/**
+ * Generate a new Ed25519 identity for bridge proof-of-possession.
+ */
+export declare function generateEd25519Identity(): Ed25519Identity;
+/**
+ * Return the raw Ed25519 public key encoded as standard base64.
+ */
+export declare function getEd25519PublicKeyBase64(publicKeyPem: string): string;
+/**
+ * Sign data with an Ed25519 private key.
+ */
+export declare function signEd25519(privateKeyPem: string, data: Buffer): Promise<Buffer>;
+/**
+ * Verify an Ed25519 signature against a public key.
+ */
+export declare function verifyEd25519Signature(publicKeyPem: string, data: Buffer, signature: Buffer): Promise<boolean>;
+//# sourceMappingURL=identity.d.ts.map

package/dist/crypto/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/crypto/identity.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAMD;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,eAAe,CAoBzD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAkBtE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,aAAa,EAAE,MAAM,EACrB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,CAajB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAelB"}

package/dist/crypto/identity.js

@@ -0,0 +1,70 @@
+import { createPublicKey, createPrivateKey, generateKeyPairSync, sign, verify, } from "node:crypto";
+/**
+ * Generate a new Ed25519 identity for bridge proof-of-possession.
+ */
+export function generateEd25519Identity() {
+    const { privateKey, publicKey } = generateKeyPairSync("ed25519");
+    const privateKeyPem = privateKey.export({
+        format: "pem",
+        type: "pkcs8",
+    });
+    const publicKeyPem = publicKey.export({
+        format: "pem",
+        type: "spki",
+    });
+    if (typeof privateKeyPem !== "string") {
+        throw new Error("generateEd25519Identity: private key export must be PEM");
+    }
+    if (typeof publicKeyPem !== "string") {
+        throw new Error("generateEd25519Identity: public key export must be PEM");
+    }
+    return { privateKeyPem, publicKeyPem };
+}
+/**
+ * Return the raw Ed25519 public key encoded as standard base64.
+ */
+export function getEd25519PublicKeyBase64(publicKeyPem) {
+    if (!publicKeyPem) {
+        throw new Error("getEd25519PublicKeyBase64: publicKeyPem is required");
+    }
+    const publicKey = createPublicKey(publicKeyPem);
+    if (publicKey.asymmetricKeyType !== "ed25519") {
+        throw new Error(`getEd25519PublicKeyBase64: expected ed25519 key, got ${publicKey.asymmetricKeyType}`);
+    }
+    const jwk = publicKey.export({ format: "jwk" });
+    if (typeof jwk.x !== "string") {
+        throw new Error("getEd25519PublicKeyBase64: JWK x coordinate is required");
+    }
+    return base64UrlToBase64(jwk.x);
+}
+/**
+ * Sign data with an Ed25519 private key.
+ */
+export async function signEd25519(privateKeyPem, data) {
+    if (!privateKeyPem || !data) {
+        throw new Error("signEd25519: privateKeyPem and data are required");
+    }
+    const privateKey = createPrivateKey(privateKeyPem);
+    if (privateKey.asymmetricKeyType !== "ed25519") {
+        throw new Error(`signEd25519: expected ed25519 key, got ${privateKey.asymmetricKeyType}`);
+    }
+    return sign(null, data, privateKey);
+}
+/**
+ * Verify an Ed25519 signature against a public key.
+ */
+export async function verifyEd25519Signature(publicKeyPem, data, signature) {
+    if (!publicKeyPem || !data || !signature) {
+        throw new Error("verifyEd25519Signature: publicKeyPem, data, and signature are required");
+    }
+    const publicKey = createPublicKey(publicKeyPem);
+    if (publicKey.asymmetricKeyType !== "ed25519") {
+        throw new Error(`verifyEd25519Signature: expected ed25519 key, got ${publicKey.asymmetricKeyType}`);
+    }
+    return verify(null, data, publicKey, signature);
+}
+function base64UrlToBase64(value) {
+    const paddingLength = (4 - (value.length % 4)) % 4;
+    return `${value.replace(/-/g, "+").replace(/_/g, "/")}${"=".repeat(paddingLength)}`;
+}
+//# sourceMappingURL=identity.js.map

package/dist/crypto/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/crypto/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,mBAAmB,EACnB,IAAI,EACJ,MAAM,GACP,MAAM,aAAa,CAAC;AAWrB;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAEjE,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC;QACtC,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,OAAO;KACd,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC;QACpC,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IAEH,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,YAAoB;IAC5D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAChD,IAAI,SAAS,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,wDAAwD,SAAS,CAAC,iBAAiB,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAsB,CAAC;IACrE,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,aAAqB,EACrB,IAAY;IAEZ,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,UAAU,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,0CAA0C,UAAU,CAAC,iBAAiB,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,YAAoB,EACpB,IAAY,EACZ,SAAiB;IAEjB,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAChD,IAAI,SAAS,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,qDAAqD,SAAS,CAAC,iBAAiB,EAAE,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;AACtF,CAAC"}

package/dist/crypto/payload.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Encrypt a JSON-serializable object for wire transmission.
+ * Returns base64-encoded wire payload (nonce || ciphertext || tag).
+ */
+export declare function encryptJsonPayload(key: Buffer, payload: unknown): string;
+/**
+ * Decrypt a base64-encoded wire payload back to a parsed JSON object.
+ */
+export declare function decryptJsonPayload(key: Buffer, base64Wire: string): unknown;
+//# sourceMappingURL=payload.d.ts.map

package/dist/crypto/payload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/crypto/payload.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,OAAO,GACf,MAAM,CAQR;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GACjB,OAAO,CAWT"}

package/dist/crypto/payload.js

@@ -0,0 +1,28 @@
+import { encryptPayload, decryptPayload } from "./conversation.js";
+/**
+ * Encrypt a JSON-serializable object for wire transmission.
+ * Returns base64-encoded wire payload (nonce || ciphertext || tag).
+ */
+export function encryptJsonPayload(key, payload) {
+    if (!key || key.length !== 32) {
+        throw new Error("encryptJsonPayload: key must be a 32-byte Buffer");
+    }
+    const plaintext = Buffer.from(JSON.stringify(payload), "utf-8");
+    const wire = encryptPayload(key, plaintext);
+    return wire.toString("base64");
+}
+/**
+ * Decrypt a base64-encoded wire payload back to a parsed JSON object.
+ */
+export function decryptJsonPayload(key, base64Wire) {
+    if (!key || key.length !== 32) {
+        throw new Error("decryptJsonPayload: key must be a 32-byte Buffer");
+    }
+    if (!base64Wire) {
+        throw new Error("decryptJsonPayload: base64Wire is required");
+    }
+    const wire = Buffer.from(base64Wire, "base64");
+    const plaintext = decryptPayload(key, wire);
+    return JSON.parse(plaintext.toString("utf-8"));
+}
+//# sourceMappingURL=payload.js.map

package/dist/crypto/payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/crypto/payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnE;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAAW,EACX,OAAgB;IAEhB,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;IAChE,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAAW,EACX,UAAkB;IAElB,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC"}

package/dist/crypto/x25519.d.ts

@@ -0,0 +1,16 @@
+import { type KeyObject } from "node:crypto";
+interface X25519PrivateJwk {
+    kty: "OKP";
+    crv: "X25519";
+    x: string;
+    d: string;
+}
+export interface X25519EphemeralKeyPair {
+    privateKey: KeyObject;
+    publicKeyBase64: string;
+}
+export declare function generateX25519EphemeralKeyPair(): X25519EphemeralKeyPair;
+export declare function deriveConversationKeyFromBase64(privateKey: KeyObject, remotePublicKeyBase64: string): Buffer;
+export declare function importX25519PrivateKeyFromJwk(privateKeyJwk: X25519PrivateJwk): KeyObject;
+export {};
+//# sourceMappingURL=x25519.d.ts.map

package/dist/crypto/x25519.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x25519.d.ts","sourceRoot":"","sources":["../../src/crypto/x25519.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,SAAS,EACf,MAAM,aAAa,CAAC;AAGrB,UAAU,gBAAgB;IACxB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,QAAQ,CAAC;IACd,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAQD,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,SAAS,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,wBAAgB,8BAA8B,IAAI,sBAAsB,CAavE;AAED,wBAAgB,+BAA+B,CAC7C,UAAU,EAAE,SAAS,EACrB,qBAAqB,EAAE,MAAM,GAC5B,MAAM,CAmBR;AAED,wBAAgB,6BAA6B,CAC3C,aAAa,EAAE,gBAAgB,GAC9B,SAAS,CAOX"}

package/dist/crypto/x25519.js

@@ -0,0 +1,44 @@
+import { createPrivateKey, createPublicKey, generateKeyPairSync, } from "node:crypto";
+import { deriveConversationKeyFromKeyObjects } from "./conversation.js";
+export function generateX25519EphemeralKeyPair() {
+    const { privateKey, publicKey } = generateKeyPairSync("x25519");
+    const publicJwk = publicKey.export({ format: "jwk" });
+    if (publicJwk.kty !== "OKP" || publicJwk.crv !== "X25519" || !publicJwk.x) {
+        throw new Error("generateX25519EphemeralKeyPair: expected X25519 public JWK export");
+    }
+    return {
+        privateKey,
+        publicKeyBase64: base64UrlToBase64(publicJwk.x),
+    };
+}
+export function deriveConversationKeyFromBase64(privateKey, remotePublicKeyBase64) {
+    if (!privateKey) {
+        throw new Error("deriveConversationKeyFromBase64: privateKey is required");
+    }
+    if (!remotePublicKeyBase64) {
+        throw new Error("deriveConversationKeyFromBase64: remotePublicKeyBase64 is required");
+    }
+    const publicKey = createPublicKey({
+        format: "jwk",
+        key: {
+            kty: "OKP",
+            crv: "X25519",
+            x: base64ToBase64Url(remotePublicKeyBase64),
+        },
+    });
+    return deriveConversationKeyFromKeyObjects(privateKey, publicKey);
+}
+export function importX25519PrivateKeyFromJwk(privateKeyJwk) {
+    if (!privateKeyJwk || !privateKeyJwk.d || !privateKeyJwk.x) {
+        throw new Error("importX25519PrivateKeyFromJwk: X25519 private JWK with d and x is required");
+    }
+    return createPrivateKey({ format: "jwk", key: privateKeyJwk });
+}
+function base64UrlToBase64(value) {
+    const paddingLength = (4 - (value.length % 4)) % 4;
+    return `${value.replace(/-/g, "+").replace(/_/g, "/")}${"=".repeat(paddingLength)}`;
+}
+function base64ToBase64Url(value) {
+    return value.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+//# sourceMappingURL=x25519.js.map

package/dist/crypto/x25519.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"x25519.js","sourceRoot":"","sources":["../../src/crypto/x25519.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,mBAAmB,GAEpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,mCAAmC,EAAE,MAAM,mBAAmB,CAAC;AAoBxE,MAAM,UAAU,8BAA8B;IAC5C,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAA6B,CAAC;IAClF,IAAI,SAAS,CAAC,GAAG,KAAK,KAAK,IAAI,SAAS,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU;QACV,eAAe,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAC;KAChD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,UAAqB,EACrB,qBAA6B;IAE7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,CAAC;QAChC,MAAM,EAAE,KAAK;QACb,GAAG,EAAE;YACH,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,QAAQ;YACb,CAAC,EAAE,iBAAiB,CAAC,qBAAqB,CAAC;SAClB;KAC5B,CAAC,CAAC;IACH,OAAO,mCAAmC,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,aAA+B;IAE/B,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;IACJ,CAAC;IACD,OAAO,gBAAgB,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;AACtF,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC3E,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,27 @@
+export type { AgentAdapter, AgentEvent, BridgeConfig, BridgeLogger, ChatTurn, ContentPart, InvokeRequest, MediaReference, PairingInfo, } from "./agent.js";
+export { NorityBridge } from "./bridge.js";
+export type { BridgeState } from "./bridge.js";
+export { validateConfig } from "./config.js";
+export { validateFrame } from "./protocol/validation.js";
+export type { ValidationResult } from "./protocol/validation.js";
+export { createFrame, BRIDGE_FRAME_TYPES, BACKEND_FRAME_TYPES, } from "./protocol/frames.js";
+export type { BridgeFrame, FrameType } from "./protocol/frames.js";
+export { deriveConversationKey, deriveConversationKeyFromKeyObjects, deriveConversationKeyFromSharedSecret, encryptPayload, decryptPayload, } from "./crypto/conversation.js";
+export { generateEd25519Identity, getEd25519PublicKeyBase64, signEd25519, verifyEd25519Signature, } from "./crypto/identity.js";
+export { encryptJsonPayload, decryptJsonPayload, } from "./crypto/payload.js";
+export { deriveConversationKeyFromBase64, generateX25519EphemeralKeyPair, importX25519PrivateKeyFromJwk, } from "./crypto/x25519.js";
+export { rebuildHistory } from "./conversation/replay.js";
+export type { ConversationState, ReplayEvent, Turn, } from "./conversation/replay.js";
+export { PAIRING_TOKEN_TTL_SECONDS, createDeeplinkUrl, createPairingExpiry, createPairingToken, isPairingExpired, } from "./auth/pairing.js";
+export { BRIDGE_JWT_AUDIENCE, BRIDGE_JWT_SCOPES, JwtCache, isJwtExpired, } from "./auth/jwt.js";
+export type { AccessTokenRecord } from "./auth/jwt.js";
+export { BridgeAccessTokenManager, CHALLENGE_ENDPOINT, VERIFY_ENDPOINT, } from "./auth/reconnect.js";
+export { AuthenticatedWebSocketTransport, BACKOFF_BASE_MS, BACKOFF_MAX_MS, BACKOFF_JITTER, calculateBackoff, getCloseCodeAction, } from "./transport/websocket.js";
+export type { CloseCodeAction, TransportState, WebSocketCloseEvent, WebSocketFactory, WebSocketFactoryOptions, WebSocketLike, WebSocketMessageEvent, } from "./transport/websocket.js";
+export { createConversationEntry, deserializeConversationEntry, serializeConversationEntry, } from "./conversation/state.js";
+export type { ConversationEntry, PersistedConversationEntry, } from "./conversation/state.js";
+export { FileConversationStore } from "./storage/conversation-store.js";
+export { ConversationRuntime } from "./conversation/runtime.js";
+export { createProactiveTurnFrame, } from "./runtime/proactive.js";
+export type { ProactiveTurnRequest } from "./runtime/proactive.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,aAAa,EACb,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,YAAY,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAEnE,OAAO,EACL,qBAAqB,EACrB,mCAAmC,EACnC,qCAAqC,EACrC,cAAc,EACd,cAAc,GACf,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,WAAW,EACX,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,6BAA6B,GAC9B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,YAAY,EACV,iBAAiB,EACjB,WAAW,EACX,IAAI,GACL,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,QAAQ,EACR,YAAY,GACb,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEvD,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,+BAA+B,EAC/B,eAAe,EACf,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,uBAAuB,EACvB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,EACL,wBAAwB,GACzB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,18 @@
+export { NorityBridge } from "./bridge.js";
+export { validateConfig } from "./config.js";
+export { validateFrame } from "./protocol/validation.js";
+export { createFrame, BRIDGE_FRAME_TYPES, BACKEND_FRAME_TYPES, } from "./protocol/frames.js";
+export { deriveConversationKey, deriveConversationKeyFromKeyObjects, deriveConversationKeyFromSharedSecret, encryptPayload, decryptPayload, } from "./crypto/conversation.js";
+export { generateEd25519Identity, getEd25519PublicKeyBase64, signEd25519, verifyEd25519Signature, } from "./crypto/identity.js";
+export { encryptJsonPayload, decryptJsonPayload, } from "./crypto/payload.js";
+export { deriveConversationKeyFromBase64, generateX25519EphemeralKeyPair, importX25519PrivateKeyFromJwk, } from "./crypto/x25519.js";
+export { rebuildHistory } from "./conversation/replay.js";
+export { PAIRING_TOKEN_TTL_SECONDS, createDeeplinkUrl, createPairingExpiry, createPairingToken, isPairingExpired, } from "./auth/pairing.js";
+export { BRIDGE_JWT_AUDIENCE, BRIDGE_JWT_SCOPES, JwtCache, isJwtExpired, } from "./auth/jwt.js";
+export { BridgeAccessTokenManager, CHALLENGE_ENDPOINT, VERIFY_ENDPOINT, } from "./auth/reconnect.js";
+export { AuthenticatedWebSocketTransport, BACKOFF_BASE_MS, BACKOFF_MAX_MS, BACKOFF_JITTER, calculateBackoff, getCloseCodeAction, } from "./transport/websocket.js";
+export { createConversationEntry, deserializeConversationEntry, serializeConversationEntry, } from "./conversation/state.js";
+export { FileConversationStore } from "./storage/conversation-store.js";
+export { ConversationRuntime } from "./conversation/runtime.js";
+export { createProactiveTurnFrame, } from "./runtime/proactive.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,qBAAqB,EACrB,mCAAmC,EACnC,qCAAqC,EACrC,cAAc,EACd,cAAc,GACf,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,WAAW,EACX,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,6BAA6B,GAC9B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAO1D,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,QAAQ,EACR,YAAY,GACb,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,+BAA+B,EAC/B,eAAe,EACf,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAWlC,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC;AAMjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,EACL,wBAAwB,GACzB,MAAM,wBAAwB,CAAC"}

package/dist/protocol/frames.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Bridge protocol frame types derived from bridge-protocol package.
+ *
+ * Bridge -> Backend frame types
+ */
+export declare const BRIDGE_FRAME_TYPES: readonly ["pair_request", "key_exchange_response", "agent_event", "replay_request", "assistant_turn_start", "pong", "error"];
+/**
+ * Backend -> Bridge frame types
+ */
+export declare const BACKEND_FRAME_TYPES: readonly ["paired", "key_exchange", "message", "conversation_deleted", "replay", "token_expiring", "error"];
+export type BridgeFrameType = (typeof BRIDGE_FRAME_TYPES)[number];
+export type BackendFrameType = (typeof BACKEND_FRAME_TYPES)[number];
+export type FrameType = BridgeFrameType | BackendFrameType;
+/**
+ * Versioned frame envelope as defined by the bridge protocol.
+ */
+export interface BridgeFrame<T extends FrameType = FrameType> {
+    type: T;
+    version: "v1";
+    conversation_id?: string;
+    payload: Record<string, unknown>;
+}
+/**
+ * Create a protocol-conformant frame envelope.
+ */
+export declare function createFrame<T extends FrameType>(type: T, payload: Record<string, unknown>, conversationId?: string): BridgeFrame<T>;
+//# sourceMappingURL=frames.d.ts.map

package/dist/protocol/frames.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"frames.d.ts","sourceRoot":"","sources":["../../src/protocol/frames.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,8HAQrB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,mBAAmB,6GAQtB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAClE,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAC;AACpE,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,gBAAgB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS;IAC1D,IAAI,EAAE,CAAC,CAAC;IACR,OAAO,EAAE,IAAI,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,SAAS,EAC7C,IAAI,EAAE,CAAC,EACP,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,cAAc,CAAC,EAAE,MAAM,GACtB,WAAW,CAAC,CAAC,CAAC,CAahB"}

package/dist/protocol/frames.js

@@ -0,0 +1,43 @@
+/**
+ * Bridge protocol frame types derived from bridge-protocol package.
+ *
+ * Bridge -> Backend frame types
+ */
+export const BRIDGE_FRAME_TYPES = [
+    "pair_request",
+    "key_exchange_response",
+    "agent_event",
+    "replay_request",
+    "assistant_turn_start",
+    "pong",
+    "error",
+];
+/**
+ * Backend -> Bridge frame types
+ */
+export const BACKEND_FRAME_TYPES = [
+    "paired",
+    "key_exchange",
+    "message",
+    "conversation_deleted",
+    "replay",
+    "token_expiring",
+    "error",
+];
+/**
+ * Create a protocol-conformant frame envelope.
+ */
+export function createFrame(type, payload, conversationId) {
+    if (!type) {
+        throw new Error("createFrame: type is required");
+    }
+    if (!payload || typeof payload !== "object") {
+        throw new Error("createFrame: payload must be a non-null object");
+    }
+    const frame = { type, version: "v1", payload };
+    if (conversationId) {
+        frame.conversation_id = conversationId;
+    }
+    return frame;
+}
+//# sourceMappingURL=frames.js.map

package/dist/protocol/frames.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"frames.js","sourceRoot":"","sources":["../../src/protocol/frames.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,cAAc;IACd,uBAAuB;IACvB,aAAa;IACb,gBAAgB;IAChB,sBAAsB;IACtB,MAAM;IACN,OAAO;CACC,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,QAAQ;IACR,cAAc;IACd,SAAS;IACT,sBAAsB;IACtB,QAAQ;IACR,gBAAgB;IAChB,OAAO;CACC,CAAC;AAgBX;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,IAAO,EACP,OAAgC,EAChC,cAAuB;IAEvB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,KAAK,GAAmB,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC/D,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,CAAC,eAAe,GAAG,cAAc,CAAC;IACzC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/protocol/validation.d.ts

@@ -0,0 +1,6 @@
+export interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+}
+export declare function validateFrame(frame: unknown): ValidationResult;
+//# sourceMappingURL=validation.d.ts.map

package/dist/protocol/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/protocol/validation.ts"],"names":[],"mappings":"AA6BA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAiB9D"}

package/dist/protocol/validation.js

@@ -0,0 +1,33 @@
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import Ajv from "ajv";
+const SCHEMA_PATH = join(import.meta.dirname ?? new URL(".", import.meta.url).pathname, "../../../../bridge-protocol/websocket/schemas/bridge-frame.schema.json");
+let cachedValidator = null;
+function getValidator() {
+    if (cachedValidator)
+        return cachedValidator;
+    let raw;
+    try {
+        raw = readFileSync(SCHEMA_PATH, "utf-8");
+    }
+    catch (err) {
+        throw new Error(`bridge-sdk: failed to load frame schema at ${SCHEMA_PATH}: ${err instanceof Error ? err.message : err}`);
+    }
+    const schema = JSON.parse(raw);
+    const ajv = new Ajv({ strict: false, allErrors: true });
+    cachedValidator = ajv.compile(schema);
+    return cachedValidator;
+}
+export function validateFrame(frame) {
+    if (typeof frame !== "object" || frame === null) {
+        return { valid: false, errors: ["Frame must be a non-null object"] };
+    }
+    const validate = getValidator();
+    const valid = validate(frame);
+    if (valid) {
+        return { valid: true, errors: [] };
+    }
+    const errors = (validate.errors ?? []).map((e) => `${e.instancePath || "/"}: ${e.message ?? "unknown error"}`);
+    return { valid: false, errors };
+}
+//# sourceMappingURL=validation.js.map

package/dist/protocol/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/protocol/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,GAA8B,MAAM,KAAK,CAAC;AAEjD,MAAM,WAAW,GAAG,IAAI,CACtB,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAC7D,wEAAwE,CACzE,CAAC;AAEF,IAAI,eAAe,GAA4B,IAAI,CAAC;AAEpD,SAAS,YAAY;IACnB,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,8CAA8C,WAAW,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,OAAO,eAAe,CAAC;AACzB,CAAC;AAOD,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,iCAAiC,CAAC,EAAE,CAAC;IACvE,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE9B,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,OAAO,IAAI,eAAe,EAAE,CACnE,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAClC,CAAC"}