@orbitmem/sdk 0.1.0

package/src/data/serialization.ts

@@ -0,0 +1,108 @@
+import type { AESEncryptedData, EncryptedData, LitEncryptedData } from "../types.js";
+
+/** JSON-safe AES encrypted data (Uint8Array fields as base64 strings) */
+export interface SerializedAESEncryptedData {
+  engine: "aes";
+  ciphertext: string;
+  iv: string;
+  authTag: string;
+  keyDerivation: {
+    source: "wallet-signature" | "password" | "raw";
+    salt: string;
+    kdf: "hkdf-sha256" | "pbkdf2-sha256";
+    iterations?: number;
+  };
+}
+
+/** JSON-safe Lit encrypted data */
+export interface SerializedLitEncryptedData {
+  engine: "lit";
+  ciphertext: string;
+  dataToEncryptHash: string;
+  accessControlConditions: unknown[];
+  chain: string;
+}
+
+export type SerializedEncryptedData = SerializedAESEncryptedData | SerializedLitEncryptedData;
+
+function uint8ToBase64(bytes: Uint8Array): string {
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+
+function base64ToUint8(b64: string): Uint8Array {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
+export function serializeEncrypted(data: EncryptedData): SerializedEncryptedData {
+  if (data.engine === "aes") {
+    const aes = data as AESEncryptedData;
+    return {
+      engine: "aes",
+      ciphertext: uint8ToBase64(aes.ciphertext),
+      iv: uint8ToBase64(aes.iv),
+      authTag: uint8ToBase64(aes.authTag),
+      keyDerivation: {
+        source: aes.keyDerivation.source,
+        salt: uint8ToBase64(aes.keyDerivation.salt),
+        kdf: aes.keyDerivation.kdf,
+        ...(aes.keyDerivation.iterations != null
+          ? { iterations: aes.keyDerivation.iterations }
+          : {}),
+      },
+    };
+  }
+  const lit = data as LitEncryptedData;
+  return {
+    engine: "lit",
+    ciphertext: uint8ToBase64(lit.ciphertext),
+    dataToEncryptHash: lit.dataToEncryptHash,
+    accessControlConditions: lit.accessControlConditions,
+    chain: lit.chain as string,
+  };
+}
+
+export function deserializeEncrypted(data: SerializedEncryptedData): EncryptedData {
+  if (data.engine === "aes") {
+    return {
+      engine: "aes",
+      ciphertext: base64ToUint8(data.ciphertext),
+      iv: base64ToUint8(data.iv),
+      authTag: base64ToUint8(data.authTag),
+      keyDerivation: {
+        source: data.keyDerivation.source,
+        salt: base64ToUint8(data.keyDerivation.salt),
+        kdf: data.keyDerivation.kdf,
+        ...(data.keyDerivation.iterations != null
+          ? { iterations: data.keyDerivation.iterations }
+          : {}),
+      },
+    };
+  }
+  return {
+    engine: "lit",
+    ciphertext: base64ToUint8(data.ciphertext),
+    dataToEncryptHash: data.dataToEncryptHash,
+    accessControlConditions: data.accessControlConditions as any,
+    chain: data.chain as any,
+  };
+}
+
+/** Check whether a stored value is a serialized encrypted blob */
+export function isSerializedEncrypted(value: unknown): value is SerializedEncryptedData {
+  return (
+    value !== null &&
+    typeof value === "object" &&
+    "engine" in (value as Record<string, unknown>) &&
+    ((value as Record<string, unknown>).engine === "aes" ||
+      (value as Record<string, unknown>).engine === "lit")
+  );
+}

package/src/data/vault.ts

@@ -0,0 +1,382 @@
+// oxlint-disable-next-line typescript/triple-slash-reference
+/// <reference path="../types/orbitdb.d.ts" />
+
+import { useDatabaseType } from "@orbitdb/core";
+import { Nested } from "@orbitdb/nested-db";
+
+import type { AESEngine } from "../encryption/aes.js";
+import type {
+  AESEncryptedData,
+  ChainFamily,
+  EncryptionEngine,
+  IDataLayer,
+  IEncryptionLayer,
+  LitAccessCondition,
+  LitAuthSig,
+  LitEncryptedData,
+  VaultEntry,
+  VaultPath,
+  Visibility,
+  WalletAddress,
+} from "../types.js";
+import {
+  deserializeEncrypted,
+  isSerializedEncrypted,
+  serializeEncrypted,
+} from "./serialization.js";
+
+// Register the Nested database type at the point of use so callers do not depend on setup order.
+useDatabaseType(Nested);
+
+function normalizePath(path: VaultPath): string {
+  return Array.isArray(path) ? path.join("/") : path;
+}
+
+export async function createVault(
+  orbitdb: any,
+  config: {
+    dbName?: string;
+    author?: WalletAddress;
+    authorChain?: ChainFamily;
+    /** AES engine for private/shared encryption */
+    aesEngine?: AESEngine;
+    /** Encryption layer for Lit Protocol operations */
+    encryptionLayer?: IEncryptionLayer;
+  },
+): Promise<
+  IDataLayer & {
+    close: () => Promise<void>;
+    db: any;
+    metaDb: any;
+    setDefaultKey: (key: CryptoKey) => void;
+    setAuthSig: (authSig: LitAuthSig) => void;
+    updateAccess: (
+      path: VaultPath,
+      newConditions: LitAccessCondition[],
+      opts?: { chain?: string },
+    ) => Promise<VaultEntry>;
+  }
+> {
+  const db = await orbitdb.open(config.dbName ?? "orbitmem-vault", { type: "nested" });
+
+  // Metadata store: path -> { visibility, encrypted, encryptionEngine, author, authorChain, timestamp }
+  const metaDb = await orbitdb.open(`${config.dbName ?? "orbitmem-vault"}-meta`, {
+    type: "nested",
+  });
+
+  // Default AES key for private data — set via setDefaultKey() after wallet connect
+  let defaultKey: CryptoKey | undefined;
+  let litAuthSig: LitAuthSig | undefined;
+
+  function makeEntry<T>(
+    _path: string,
+    value: T,
+    visibility: Visibility,
+    encrypted: boolean,
+    engine?: EncryptionEngine,
+  ): VaultEntry<T> {
+    return {
+      value,
+      visibility,
+      author: config.author ?? ("0x0" as WalletAddress),
+      authorChain: config.authorChain ?? "evm",
+      timestamp: Date.now(),
+      encrypted,
+      encryptionEngine: engine,
+      hash: "",
+    };
+  }
+
+  /** Encrypt a value for storage. Returns the serialized blob or the raw value (public). */
+  async function encryptValue(
+    value: unknown,
+    visibility: Visibility,
+    engine: EncryptionEngine | null,
+    opts?: any,
+  ): Promise<unknown> {
+    if (visibility === "public" || !engine) return value;
+
+    const plaintext = new TextEncoder().encode(JSON.stringify(value));
+
+    if (engine === "aes") {
+      if (!config.aesEngine)
+        throw new Error("AES engine not configured — pass aesEngine to createVault");
+      let cryptoKey: CryptoKey | undefined;
+      if (visibility === "private") {
+        cryptoKey = defaultKey;
+        if (!cryptoKey) throw new Error("No default key — call setDefaultKey() or connect() first");
+      } else if (visibility === "shared" && opts?.sharedKeySource) {
+        cryptoKey = await config.aesEngine.deriveKey(opts.sharedKeySource);
+      }
+      if (!cryptoKey) throw new Error("No encryption key available");
+      const encrypted = await config.aesEngine.encrypt(plaintext, cryptoKey);
+      return serializeEncrypted(encrypted);
+    }
+
+    if (engine === "lit") {
+      if (!config.encryptionLayer) throw new Error("Encryption layer not configured for Lit");
+      if (!opts?.accessConditions) throw new Error("accessConditions required for Lit encryption");
+      const encrypted = await config.encryptionLayer.encrypt(plaintext, {
+        engine: "lit",
+        accessConditions: opts.accessConditions,
+      });
+      return serializeEncrypted(encrypted);
+    }
+
+    return value;
+  }
+
+  /** Attempt auto-decryption of a stored value. Returns the decrypted value or the raw value. */
+  async function tryDecrypt(rawValue: unknown, meta: any): Promise<unknown> {
+    if (!meta?.encrypted || !isSerializedEncrypted(rawValue)) return rawValue;
+
+    const encrypted = deserializeEncrypted(rawValue);
+
+    if (
+      encrypted.engine === "aes" &&
+      config.aesEngine &&
+      meta.visibility === "private" &&
+      defaultKey
+    ) {
+      try {
+        const decrypted = await config.aesEngine.decrypt(encrypted as AESEncryptedData, defaultKey);
+        return JSON.parse(new TextDecoder().decode(decrypted));
+      } catch {
+        // Decryption failed — return raw blob
+        return rawValue;
+      }
+    }
+
+    if (encrypted.engine === "lit" && config.encryptionLayer && litAuthSig) {
+      try {
+        const decrypted = await config.encryptionLayer.decrypt(encrypted, { authSig: litAuthSig });
+        return JSON.parse(new TextDecoder().decode(decrypted));
+      } catch {
+        return rawValue;
+      }
+    }
+
+    // shared+aes (no internal key) or lit (no authSig) — return encrypted blob
+    return rawValue;
+  }
+
+  const vaultImpl: IDataLayer & {
+    close: () => Promise<void>;
+    db: any;
+    metaDb: any;
+    setDefaultKey: (key: CryptoKey) => void;
+    setAuthSig: (authSig: LitAuthSig) => void;
+    updateAccess: (
+      path: VaultPath,
+      newConditions: LitAccessCondition[],
+      opts?: { chain?: string },
+    ) => Promise<VaultEntry>;
+  } = {
+    db,
+    metaDb,
+
+    setDefaultKey(key: CryptoKey) {
+      defaultKey = key;
+    },
+
+    setAuthSig(authSig: LitAuthSig) {
+      litAuthSig = authSig;
+    },
+
+    async put(path, value, opts) {
+      const key = normalizePath(path);
+      const visibility = opts?.visibility ?? "private";
+      const encrypted = visibility !== "public";
+      const engine = encrypted ? (opts?.engine ?? "aes") : null;
+
+      const storedValue = await encryptValue(value, visibility, engine, opts);
+      const hash = await db.put(key, storedValue);
+      const meta: Record<string, any> = { visibility, encrypted, timestamp: Date.now() };
+      if (engine) meta.encryptionEngine = engine;
+      await metaDb.put(key, meta);
+
+      return { ...makeEntry(key, value, visibility, encrypted, engine ?? undefined), hash };
+    },
+
+    async insert(obj, opts) {
+      const visibility = opts?.visibility ?? "private";
+      const prefix = opts?.prefix;
+
+      // Flatten the object and put each leaf
+      const flatten = (o: any, parentKey: string = ""): [string, any][] => {
+        const entries: [string, any][] = [];
+        for (const [k, v] of Object.entries(o)) {
+          const newKey = parentKey ? `${parentKey}/${k}` : k;
+          if (v && typeof v === "object" && !Array.isArray(v)) {
+            entries.push(...flatten(v, newKey));
+          } else {
+            entries.push([newKey, v]);
+          }
+        }
+        return entries;
+      };
+
+      const leaves = flatten(obj, prefix ?? "");
+      for (const [leafKey, leafValue] of leaves) {
+        await vaultImpl.put(leafKey, leafValue, { visibility, engine: opts?.engine as any });
+      }
+    },
+
+    async get<T = unknown>(path: VaultPath): Promise<VaultEntry<T> | null> {
+      const key = normalizePath(path);
+      const rawValue = await db.get(key);
+      if (rawValue === undefined) return null;
+
+      const meta = await metaDb.get(key);
+      const visibility = meta?.visibility ?? "private";
+      const encEngine = meta?.encryptionEngine;
+      const value = await tryDecrypt(rawValue, meta);
+      return makeEntry(
+        key,
+        value,
+        visibility,
+        meta?.encrypted ?? visibility !== "public",
+        encEngine,
+      ) as VaultEntry<T>;
+    },
+
+    async del(path) {
+      const key = normalizePath(path);
+      await db.del(key);
+      await metaDb.del(key);
+    },
+
+    async keys(prefix?) {
+      const all = await db.all();
+      const flatten = (o: any, parentKey: string = ""): string[] => {
+        const keys: string[] = [];
+        if (o && typeof o === "object" && !Array.isArray(o) && !isSerializedEncrypted(o)) {
+          for (const [k, v] of Object.entries(o)) {
+            const newKey = parentKey ? `${parentKey}/${k}` : k;
+            keys.push(...flatten(v, newKey));
+          }
+        } else {
+          keys.push(parentKey);
+        }
+        return keys;
+      };
+      const allKeys = flatten(all);
+      if (prefix) return allKeys.filter((k) => k.startsWith(prefix));
+      return allKeys;
+    },
+
+    async all() {
+      return db.all() as any;
+    },
+
+    async query(filter) {
+      const allData = await db.all();
+      const results: VaultEntry[] = [];
+      const flatten = (o: any, parentKey: string = ""): [string, any][] => {
+        const entries: [string, any][] = [];
+        if (o && typeof o === "object" && !Array.isArray(o) && !isSerializedEncrypted(o)) {
+          for (const [k, v] of Object.entries(o)) {
+            const newKey = parentKey ? `${parentKey}/${k}` : k;
+            entries.push(...flatten(v, newKey));
+          }
+        } else {
+          entries.push([parentKey, o]);
+        }
+        return entries;
+      };
+      const leaves = flatten(allData);
+      for (const [key, value] of leaves) {
+        if (filter.prefix && !key.startsWith(filter.prefix)) continue;
+        const meta = await metaDb.get(key);
+        if (filter.visibility && meta?.visibility !== filter.visibility) continue;
+        if (filter.since && (meta?.timestamp ?? 0) < filter.since) continue;
+        const resolved = await tryDecrypt(value, meta);
+        results.push(
+          makeEntry(key, resolved, meta?.visibility ?? "private", meta?.encrypted ?? true),
+        );
+        if (filter.limit && results.length >= filter.limit) break;
+      }
+      return results as any;
+    },
+
+    async sync() {
+      return {
+        syncing: false,
+        pendingPush: 0,
+        pendingPull: 0,
+        lastSynced: Date.now(),
+        connectedPeers: 0,
+      };
+    },
+
+    getSyncStatus() {
+      return {
+        syncing: false,
+        pendingPush: 0,
+        pendingPull: 0,
+        lastSynced: null,
+        connectedPeers: 0,
+      };
+    },
+
+    onChange(callback) {
+      const handler = (entry: any) => {
+        callback({ type: "put", path: entry?.payload?.key ?? "", entry: undefined });
+      };
+      db.events.on("update", handler);
+      return () => db.events.off("update", handler);
+    },
+
+    async exportSnapshot() {
+      const allData = await db.all();
+      const data = new TextEncoder().encode(JSON.stringify(allData));
+      return { data, entryCount: Object.keys(allData).length, timestamp: Date.now() };
+    },
+
+    async importSnapshot(data) {
+      const obj = JSON.parse(new TextDecoder().decode(data));
+      await db.insert(obj);
+      return { merged: Object.keys(obj).length, conflicts: 0 };
+    },
+
+    async updateAccess(path, newConditions, opts) {
+      if (!config.encryptionLayer) throw new Error("Encryption layer not configured for Lit");
+      if (!litAuthSig) throw new Error("No authSig — call setAuthSig() first");
+
+      const key = normalizePath(path);
+      const rawValue = await db.get(key);
+      if (rawValue === undefined) throw new Error(`Not found: ${key}`);
+
+      const meta = await metaDb.get(key);
+      if (meta?.encryptionEngine !== "lit")
+        throw new Error(`Entry "${key}" is not Lit-encrypted (engine: ${meta?.encryptionEngine})`);
+      if (!isSerializedEncrypted(rawValue)) throw new Error(`Entry "${key}" is not encrypted`);
+
+      // Decrypt with current conditions
+      const encrypted = deserializeEncrypted(rawValue) as LitEncryptedData;
+      const plaintext = await config.encryptionLayer.decrypt(encrypted, { authSig: litAuthSig });
+
+      // Re-encrypt with new conditions
+      const reEncrypted = await config.encryptionLayer.encrypt(plaintext, {
+        engine: "lit",
+        accessConditions: newConditions,
+        chain: opts?.chain as any,
+      });
+      const serialized = serializeEncrypted(reEncrypted);
+
+      // Write back
+      await db.put(key, serialized);
+      await metaDb.put(key, { ...meta, timestamp: Date.now() });
+
+      const value = JSON.parse(new TextDecoder().decode(plaintext));
+      return makeEntry(key, value, meta.visibility, true, "lit");
+    },
+
+    async close() {
+      await db.close();
+      await metaDb.close();
+    },
+  };
+
+  return vaultImpl;
+}

package/src/discovery/__tests__/discovery.test.ts

@@ -0,0 +1,49 @@
+import { describe, expect, test } from "bun:test";
+
+import { createDiscoveryLayer } from "../discovery-layer.js";
+
+describe("DiscoveryLayer (mock)", () => {
+  const discovery = createDiscoveryLayer({
+    dataRegistry: "0xDATA_REG" as any,
+    reputationRegistry: "0xREP_REG" as any,
+    registryChain: "base",
+  });
+
+  test("registerData and findData", async () => {
+    const reg = await discovery.registerData({
+      key: "travel/dietary",
+      name: "Dietary Preferences",
+      description: "Dietary restrictions",
+      schema: "orbitmem:dietary:v1",
+      tags: ["verified", "human-curated"],
+    });
+    expect(reg.dataId).toBeGreaterThan(0);
+    expect(reg.name).toBe("Dietary Preferences");
+
+    const results = await discovery.findData({ schema: "orbitmem:dietary:v1" });
+    expect(results).toHaveLength(1);
+    expect(results[0].vaultKey).toBe("travel/dietary");
+  });
+
+  test("rateData and getDataScoreById", async () => {
+    // Register
+    const reg = await discovery.registerData({
+      key: "travel/budget",
+      name: "Budget",
+      description: "Budget range",
+      tags: ["verified"],
+    });
+
+    // Rate
+    await discovery.rateData({
+      dataId: reg.dataId,
+      value: 90,
+      qualityDimension: "accuracy",
+      tag1: "accurate",
+    });
+
+    const score = await discovery.getDataScoreById(reg.dataId);
+    expect(score.quality).toBeGreaterThan(0);
+    expect(score.totalFeedback).toBe(1);
+  });
+});

package/src/discovery/__tests__/on-chain-registry.test.ts

@@ -0,0 +1,176 @@
+import { beforeAll, describe, expect, test } from "bun:test";
+
+import {
+  DataRegistryAbi,
+  DataRegistryBytecode,
+  FeedbackRegistryAbi,
+  FeedbackRegistryBytecode,
+} from "@orbitmem/contracts";
+import {
+  type Address,
+  createPublicClient,
+  createWalletClient,
+  http,
+  type PublicClient,
+  type WalletClient,
+} from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { foundry } from "viem/chains";
+
+import { OnChainRegistry } from "../on-chain-registry.js";
+
+// Skip all tests if Anvil is not running
+async function isAnvilRunning(): Promise<boolean> {
+  try {
+    const res = await fetch("http://127.0.0.1:8545", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ jsonrpc: "2.0", method: "eth_chainId", params: [], id: 1 }),
+    });
+    return res.ok;
+  } catch {
+    return false;
+  }
+}
+
+const ANVIL_AVAILABLE = await isAnvilRunning();
+
+// Anvil default accounts
+const ALICE_KEY = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" as const;
+const BOB_KEY = "0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d" as const;
+
+const aliceAccount = privateKeyToAccount(ALICE_KEY);
+const bobAccount = privateKeyToAccount(BOB_KEY);
+
+let publicClient: PublicClient;
+let aliceWallet: WalletClient;
+let bobWallet: WalletClient;
+let dataRegAddr: Address;
+let feedbackRegAddr: Address;
+
+async function deployContract(
+  wallet: WalletClient,
+  pub: PublicClient,
+  abi: readonly any[],
+  bytecode: `0x${string}`,
+): Promise<Address> {
+  const hash = await wallet.deployContract({
+    abi,
+    bytecode,
+    account: wallet.account!,
+    chain: foundry,
+  });
+  const receipt = await pub.waitForTransactionReceipt({ hash });
+  return receipt.contractAddress!;
+}
+
+describe.skipIf(!ANVIL_AVAILABLE)("OnChainRegistry (Anvil)", () => {
+  beforeAll(async () => {
+    const transport = http("http://127.0.0.1:8545");
+
+    publicClient = createPublicClient({ chain: foundry, transport });
+    aliceWallet = createWalletClient({
+      chain: foundry,
+      transport,
+      account: aliceAccount,
+    });
+    bobWallet = createWalletClient({
+      chain: foundry,
+      transport,
+      account: bobAccount,
+    });
+
+    // Deploy contracts
+    dataRegAddr = await deployContract(
+      aliceWallet,
+      publicClient,
+      DataRegistryAbi,
+      DataRegistryBytecode,
+    );
+    feedbackRegAddr = await deployContract(
+      aliceWallet,
+      publicClient,
+      FeedbackRegistryAbi,
+      FeedbackRegistryBytecode,
+    );
+  });
+
+  test("register data and get score", async () => {
+    const aliceRegistry = new OnChainRegistry({
+      publicClient,
+      walletClient: aliceWallet,
+      dataRegistry: dataRegAddr,
+      feedbackRegistry: feedbackRegAddr,
+    });
+
+    const dataId = await aliceRegistry.registerData("ipfs://data-1");
+    expect(dataId).toBeGreaterThan(0);
+
+    // Bob rates Alice's data
+    const bobRegistry = new OnChainRegistry({
+      publicClient,
+      walletClient: bobWallet,
+      dataRegistry: dataRegAddr,
+      feedbackRegistry: feedbackRegAddr,
+    });
+
+    await bobRegistry.rateData(
+      dataId,
+      90,
+      0,
+      "accurate",
+      "",
+      "",
+      "0x0000000000000000000000000000000000000000000000000000000000000000",
+    );
+
+    const score = await aliceRegistry.getDataScore(dataId);
+    expect(score.quality).toBe(90);
+    expect(score.totalFeedback).toBe(1);
+  });
+
+  test("tag scores tracked separately", async () => {
+    const aliceRegistry = new OnChainRegistry({
+      publicClient,
+      walletClient: aliceWallet,
+      dataRegistry: dataRegAddr,
+      feedbackRegistry: feedbackRegAddr,
+    });
+
+    const dataId = await aliceRegistry.registerData("ipfs://data-tags");
+
+    const bobRegistry = new OnChainRegistry({
+      publicClient,
+      walletClient: bobWallet,
+      dataRegistry: dataRegAddr,
+      feedbackRegistry: feedbackRegAddr,
+    });
+
+    await bobRegistry.rateData(
+      dataId,
+      80,
+      0,
+      "accurate",
+      "",
+      "",
+      "0x0000000000000000000000000000000000000000000000000000000000000000",
+    );
+    await bobRegistry.rateData(
+      dataId,
+      60,
+      0,
+      "fresh",
+      "",
+      "",
+      "0x0000000000000000000000000000000000000000000000000000000000000000",
+    );
+
+    const accurateScore = await aliceRegistry.getTagScore(dataRegAddr, dataId, "accurate");
+    expect(accurateScore.totalValue).toBe(80);
+    expect(accurateScore.count).toBe(1);
+
+    const freshScore = await aliceRegistry.getTagScore(dataRegAddr, dataId, "fresh");
+    expect(freshScore.totalValue).toBe(60);
+    expect(freshScore.count).toBe(1);
+  });
+});