@orbitmem/sdk 0.1.0

package/dist/encryption/aes.js

@@ -0,0 +1,63 @@
+export class AESEngine {
+    config;
+    lastSalt = new Uint8Array(32);
+    lastSource = "raw";
+    constructor(config) {
+        this.config = config;
+    }
+    async deriveKey(source, walletSignature) {
+        if (source.type === "raw") {
+            this.lastSource = "raw";
+            this.lastSalt = new Uint8Array(0);
+            return crypto.subtle.importKey("raw", source.key, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+        }
+        if (source.type === "wallet-signature") {
+            if (!walletSignature)
+                throw new Error("walletSignature required for wallet-signature source");
+            const ikm = await crypto.subtle.importKey("raw", walletSignature, "HKDF", false, ["deriveKey"]);
+            const salt = crypto.getRandomValues(new Uint8Array(32));
+            const info = new TextEncoder().encode("orbitmem-aes-256-gcm");
+            this.lastSource = "wallet-signature";
+            this.lastSalt = salt;
+            return crypto.subtle.deriveKey({ name: "HKDF", hash: "SHA-256", salt, info }, ikm, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
+        }
+        if (source.type === "password") {
+            const enc = new TextEncoder().encode(source.password);
+            const ikm = await crypto.subtle.importKey("raw", enc, "PBKDF2", false, ["deriveKey"]);
+            const salt = crypto.getRandomValues(new Uint8Array(32));
+            this.lastSource = "password";
+            this.lastSalt = salt;
+            return crypto.subtle.deriveKey({ name: "PBKDF2", hash: "SHA-256", salt, iterations: this.config.iterations ?? 100000 }, ikm, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
+        }
+        throw new Error(`Unknown key source type: ${source.type}`);
+    }
+    async encrypt(data, key) {
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const ciphertextWithTag = await crypto.subtle.encrypt({ name: "AES-GCM", iv: iv, tagLength: 128 }, key, data);
+        // AES-GCM appends the 16-byte auth tag to the ciphertext
+        const raw = new Uint8Array(ciphertextWithTag);
+        const ciphertext = raw.slice(0, raw.length - 16);
+        const authTag = raw.slice(raw.length - 16);
+        return {
+            engine: "aes",
+            ciphertext,
+            iv,
+            authTag,
+            keyDerivation: {
+                source: this.lastSource,
+                salt: new Uint8Array(this.lastSalt),
+                kdf: this.config.kdf === "hkdf-sha256" ? "hkdf-sha256" : "pbkdf2-sha256",
+                ...(this.lastSource === "password" ? { iterations: this.config.iterations ?? 100000 } : {}),
+            },
+        };
+    }
+    async decrypt(encrypted, key) {
+        // Reconstruct ciphertext + authTag
+        const combined = new Uint8Array(encrypted.ciphertext.length + encrypted.authTag.length);
+        combined.set(encrypted.ciphertext, 0);
+        combined.set(encrypted.authTag, encrypted.ciphertext.length);
+        const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv: encrypted.iv, tagLength: 128 }, key, combined);
+        return new Uint8Array(plaintext);
+    }
+}
+//# sourceMappingURL=aes.js.map

package/dist/encryption/aes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes.js","sourceRoot":"","sources":["../../src/encryption/aes.ts"],"names":[],"mappings":"AAOA,MAAM,OAAO,SAAS;IACZ,MAAM,CAAY;IAClB,QAAQ,GAAe,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1C,UAAU,GAA4C,KAAK,CAAC;IAEpE,YAAY,MAAiB;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAoB,EAAE,eAA4B;QAChE,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;YACxB,IAAI,CAAC,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,MAAM,CAAC,GAAmB,EAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACvC,IAAI,CAAC,eAAe;gBAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;YAC9F,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,eAA+B,EAC/B,MAAM,EACN,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;YACF,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAC9D,IAAI,CAAC,UAAU,GAAG,kBAAkB,CAAC;YACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;YACrB,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,EAC7C,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;YACtF,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;YACrB,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,EAAE,EACvF,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,4BAA6B,MAAc,CAAC,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAgB,EAAE,GAAc;QAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACtD,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACnD,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAkB,EAAE,SAAS,EAAE,GAAG,EAAE,EAC3D,GAAG,EACH,IAAoB,CACrB,CAAC;QACF,yDAAyD;QACzD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3C,OAAO;YACL,MAAM,EAAE,KAAK;YACb,UAAU;YACV,EAAE;YACF,OAAO;YACP,aAAa,EAAE;gBACb,MAAM,EAAE,IAAI,CAAC,UAAU;gBACvB,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACnC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,eAAe;gBACxE,GAAG,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5F;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAA2B,EAAE,GAAc;QACvD,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACxF,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACtC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE7D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,CAAC,EAAkB,EAAE,SAAS,EAAE,GAAG,EAAE,EACrE,GAAG,EACH,QAAQ,CACT,CAAC;QACF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;CACF"}

package/dist/encryption/encryption-layer.d.ts

@@ -0,0 +1,8 @@
+import type { EncryptionConfig, IEncryptionLayer } from "../types.js";
+import { AESEngine } from "./aes.js";
+import { LitEngine } from "./lit.js";
+export declare function createEncryptionLayer(config: EncryptionConfig): IEncryptionLayer & {
+    aes: AESEngine;
+    lit: LitEngine | null;
+};
+//# sourceMappingURL=encryption-layer.d.ts.map

package/dist/encryption/encryption-layer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption-layer.d.ts","sourceRoot":"","sources":["../../src/encryption/encryption-layer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,gBAAgB,EAEhB,gBAAgB,EAGjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,GAAG;IAClF,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,GAAG,IAAI,CAAC;CACvB,CAoFA"}

package/dist/encryption/encryption-layer.js

@@ -0,0 +1,82 @@
+import { AESEngine } from "./aes.js";
+import { LitEngine } from "./lit.js";
+export function createEncryptionLayer(config) {
+    const aes = new AESEngine({
+        kdf: config.aes?.kdf ?? "hkdf-sha256",
+        iterations: config.aes?.iterations,
+    });
+    const lit = config.lit
+        ? new LitEngine({
+            network: config.lit.network === "cayenne"
+                ? "datil-dev"
+                : config.lit.network === "manzano"
+                    ? "datil-test"
+                    : config.lit.network === "habanero"
+                        ? "datil"
+                        : config.lit.network,
+            debug: config.lit.debug,
+        })
+        : null;
+    return {
+        aes,
+        lit,
+        async encrypt(data, opts) {
+            if (opts.engine === "aes") {
+                const aesOpts = opts;
+                const key = await aes.deriveKey(aesOpts.keySource);
+                return aes.encrypt(data instanceof Uint8Array ? data : new TextEncoder().encode(data), key);
+            }
+            if (opts.engine === "lit") {
+                if (!lit)
+                    throw new Error("Lit Protocol not configured");
+                const litOpts = opts;
+                const raw = data instanceof Uint8Array ? data : new TextEncoder().encode(data);
+                return lit.encrypt(raw, litOpts.accessConditions, litOpts.chain);
+            }
+            throw new Error(`Unknown engine: ${opts.engine}`);
+        },
+        async decrypt(encrypted, opts) {
+            if (encrypted.engine === "aes") {
+                const aesData = encrypted;
+                if (!opts?.keySource)
+                    throw new Error("keySource required for AES decryption");
+                const key = await aes.deriveKey(opts.keySource);
+                return aes.decrypt(aesData, key);
+            }
+            if (encrypted.engine === "lit") {
+                if (!lit)
+                    throw new Error("Lit Protocol not configured");
+                if (!opts?.authSig)
+                    throw new Error("Lit decryption requires authSig in DecryptOptions");
+                return lit.decrypt(encrypted, opts.authSig);
+            }
+            throw new Error(`Unknown engine: ${encrypted.engine}`);
+        },
+        async grantAccess(encrypted, agentAddress, opts) {
+            if (!lit)
+                throw new Error("Lit Protocol not configured");
+            const newCondition = lit.createAddressCondition(agentAddress, (opts?.chain ?? "base"));
+            const updatedConditions = [
+                ...encrypted.accessControlConditions,
+                { operator: "or" },
+                newCondition,
+            ];
+            return { ...encrypted, accessControlConditions: updatedConditions };
+        },
+        async revokeAccess(encrypted, agentAddress) {
+            const filtered = encrypted.accessControlConditions.filter((c) => !("returnValueTest" in c && c.returnValueTest?.value === agentAddress));
+            return { ...encrypted, accessControlConditions: filtered };
+        },
+        async deriveAESKey(source) {
+            return aes.deriveKey(source);
+        },
+        async canDecrypt(encrypted) {
+            if (encrypted.engine === "aes")
+                return true; // caller must have key
+            if (encrypted.engine === "lit")
+                return lit !== null;
+            return false;
+        },
+    };
+}
+//# sourceMappingURL=encryption-layer.js.map

package/dist/encryption/encryption-layer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption-layer.js","sourceRoot":"","sources":["../../src/encryption/encryption-layer.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,MAAM,UAAU,qBAAqB,CAAC,MAAwB;IAI5D,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC;QACxB,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,aAAa;QACrC,UAAU,EAAE,MAAM,CAAC,GAAG,EAAE,UAAU;KACnC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG;QACpB,CAAC,CAAC,IAAI,SAAS,CAAC;YACZ,OAAO,EACL,MAAM,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS;gBAC9B,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS;oBAChC,CAAC,CAAC,YAAY;oBACd,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,KAAK,UAAU;wBACjC,CAAC,CAAC,OAAO;wBACT,CAAC,CAAE,MAAM,CAAC,GAAG,CAAC,OAAe;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK;SACxB,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAET,OAAO;QACL,GAAG;QACH,GAAG;QAEH,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI;YACtB,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,IAAyB,CAAC;gBAC1C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,YAAY,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;YAC9F,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACzD,MAAM,OAAO,GAAG,IAAyB,CAAC;gBAC1C,MAAM,GAAG,GAAG,IAAI,YAAY,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC/E,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,KAAe,CAAC,CAAC;YAC7E,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,mBAAoB,IAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI;YAC3B,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,SAA6B,CAAC;gBAC9C,IAAI,CAAC,IAAI,EAAE,SAAS;oBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC/E,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAChD,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YACD,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/B,IAAI,CAAC,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACzD,IAAI,CAAC,IAAI,EAAE,OAAO;oBAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBACzF,OAAO,GAAG,CAAC,OAAO,CAAC,SAA6B,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,mBAAoB,SAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,IAAI;YAC7C,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACzD,MAAM,YAAY,GAAG,GAAG,CAAC,sBAAsB,CAC7C,YAAsB,EACtB,CAAC,IAAI,EAAE,KAAK,IAAI,MAAM,CAAQ,CAC/B,CAAC;YACF,MAAM,iBAAiB,GAAyB;gBAC9C,GAAG,SAAS,CAAC,uBAAuB;gBACpC,EAAE,QAAQ,EAAE,IAAa,EAAE;gBAC3B,YAAY;aACb,CAAC;YACF,OAAO,EAAE,GAAG,SAAS,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,CAAC;QACtE,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,YAAY;YACxC,MAAM,QAAQ,GAAG,SAAS,CAAC,uBAAuB,CAAC,MAAM,CACvD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,IAAI,CAAC,CAAC,eAAe,EAAE,KAAK,KAAK,YAAY,CAAC,CACnF,CAAC;YACF,OAAO,EAAE,GAAG,SAAS,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;QAC7D,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,MAAM;YACvB,OAAO,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,SAAS;YACxB,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK;gBAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;YACpE,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK;gBAAE,OAAO,GAAG,KAAK,IAAI,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/encryption/index.d.ts

@@ -0,0 +1,6 @@
+export type { AESConfig } from "./aes.js";
+export { AESEngine } from "./aes.js";
+export { createEncryptionLayer } from "./encryption-layer.js";
+export type { LitConfig } from "./lit.js";
+export { LitEngine } from "./lit.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/encryption/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC"}

package/dist/encryption/index.js

@@ -0,0 +1,4 @@
+export { AESEngine } from "./aes.js";
+export { createEncryptionLayer } from "./encryption-layer.js";
+export { LitEngine } from "./lit.js";
+//# sourceMappingURL=index.js.map

package/dist/encryption/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC"}

package/dist/encryption/lit.d.ts

@@ -0,0 +1,23 @@
+import type { EvmChain, LitAccessCondition, LitAuthSig, LitEncryptedData, LitEvmCondition } from "../types.js";
+export interface LitConfig {
+    network: "datil-dev" | "datil-test" | "datil";
+    debug?: boolean;
+}
+export declare class LitEngine {
+    private config;
+    private client;
+    constructor(config: LitConfig);
+    /** Lazy-initialize the Lit client (heavy import) */
+    getClient(): Promise<any>;
+    getSessionSigs(authSig: LitAuthSig, chain: string): Promise<any>;
+    encrypt(data: Uint8Array, accessConditions: LitAccessCondition[], chain?: string): Promise<LitEncryptedData>;
+    decrypt(encrypted: LitEncryptedData, sessionSigsOrAuthSig: any): Promise<Uint8Array>;
+    createAddressCondition(address: string, chain: EvmChain): LitEvmCondition;
+    createReputationCondition(opts: {
+        registryAddress: string;
+        minScore: number;
+        chain: EvmChain;
+    }): LitEvmCondition;
+    disconnect(): Promise<void>;
+}
+//# sourceMappingURL=lit.d.ts.map

package/dist/encryption/lit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lit.d.ts","sourceRoot":"","sources":["../../src/encryption/lit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,QAAQ,EACR,kBAAkB,EAClB,UAAU,EACV,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IAC9C,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,MAAM,CAAoB;gBAEtB,MAAM,EAAE,SAAS;IAI7B,oDAAoD;IAC9C,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC;IAiBzB,cAAc,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAqChE,OAAO,CACX,IAAI,EAAE,UAAU,EAChB,gBAAgB,EAAE,kBAAkB,EAAE,EACtC,KAAK,GAAE,MAAmB,GACzB,OAAO,CAAC,gBAAgB,CAAC;IAiBtB,OAAO,CAAC,SAAS,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC;IA4B1F,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,GAAG,eAAe;IAYzE,yBAAyB,CAAC,IAAI,EAAE;QAC9B,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,QAAQ,CAAC;KACjB,GAAG,eAAe;IAYb,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAMlC"}

package/dist/encryption/lit.js

@@ -0,0 +1,113 @@
+export class LitEngine {
+    config;
+    client = null;
+    constructor(config) {
+        this.config = config;
+    }
+    /** Lazy-initialize the Lit client (heavy import) */
+    async getClient() {
+        if (this.client)
+            return this.client;
+        const { LitNodeClient } = await import("@lit-protocol/lit-node-client");
+        const { LIT_NETWORK } = await import("@lit-protocol/constants");
+        const networkMap = {
+            "datil-dev": LIT_NETWORK.DatilDev,
+            "datil-test": LIT_NETWORK.DatilTest,
+            datil: LIT_NETWORK.Datil,
+        };
+        this.client = new LitNodeClient({
+            litNetwork: networkMap[this.config.network],
+            debug: this.config.debug ?? false,
+        });
+        await this.client.connect();
+        return this.client;
+    }
+    async getSessionSigs(authSig, chain) {
+        const client = await this.getClient();
+        const { LitAbility } = await import("@lit-protocol/constants");
+        const { LitAccessControlConditionResource, createSiweMessageWithRecaps, generateAuthSig } = await import("@lit-protocol/auth-helpers");
+        const litResource = new LitAccessControlConditionResource("*");
+        return client.getSessionSigs({
+            chain,
+            resourceAbilityRequests: [
+                { resource: litResource, ability: LitAbility.AccessControlConditionDecryption },
+            ],
+            authNeededCallback: async (params) => {
+                const toSign = await createSiweMessageWithRecaps({
+                    uri: params.uri,
+                    expiration: params.expiration,
+                    resources: params.resourceAbilityRequests,
+                    walletAddress: authSig.address,
+                    nonce: await client.getLatestBlockhash(),
+                    litNodeClient: client,
+                });
+                return generateAuthSig({
+                    signer: {
+                        signMessage: async () => authSig.sig,
+                        getAddress: async () => authSig.address,
+                    },
+                    toSign,
+                });
+            },
+        });
+    }
+    async encrypt(data, accessConditions, chain = "ethereum") {
+        const client = await this.getClient();
+        const { encryptUint8Array } = await import("@lit-protocol/encryption");
+        const { ciphertext, dataToEncryptHash } = await encryptUint8Array({ accessControlConditions: accessConditions, dataToEncrypt: data }, client);
+        return {
+            engine: "lit",
+            ciphertext: typeof ciphertext === "string" ? new TextEncoder().encode(ciphertext) : ciphertext,
+            dataToEncryptHash,
+            accessControlConditions: accessConditions,
+            chain: chain,
+        };
+    }
+    async decrypt(encrypted, sessionSigsOrAuthSig) {
+        let sessionSigs = sessionSigsOrAuthSig;
+        // If an authSig object is passed, resolve it to sessionSigs
+        if (sessionSigsOrAuthSig?.sig && sessionSigsOrAuthSig?.address) {
+            sessionSigs = await this.getSessionSigs(sessionSigsOrAuthSig, encrypted.chain);
+        }
+        const client = await this.getClient();
+        const { decryptToUint8Array } = await import("@lit-protocol/encryption");
+        return decryptToUint8Array({
+            accessControlConditions: encrypted.accessControlConditions,
+            chain: encrypted.chain,
+            ciphertext: typeof encrypted.ciphertext === "string"
+                ? encrypted.ciphertext
+                : new TextDecoder().decode(encrypted.ciphertext),
+            dataToEncryptHash: encrypted.dataToEncryptHash,
+            sessionSigs,
+        }, client);
+    }
+    createAddressCondition(address, chain) {
+        return {
+            conditionType: "evmBasic",
+            contractAddress: "",
+            standardContractType: "",
+            chain,
+            method: "",
+            parameters: [":userAddress"],
+            returnValueTest: { comparator: "=", value: address },
+        };
+    }
+    createReputationCondition(opts) {
+        return {
+            conditionType: "evmContract",
+            contractAddress: opts.registryAddress,
+            standardContractType: "",
+            chain: opts.chain,
+            method: "getScore",
+            parameters: [":userAddress"],
+            returnValueTest: { comparator: ">=", value: String(opts.minScore) },
+        };
+    }
+    async disconnect() {
+        if (this.client) {
+            await this.client.disconnect();
+            this.client = null;
+        }
+    }
+}
+//# sourceMappingURL=lit.js.map

package/dist/encryption/lit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lit.js","sourceRoot":"","sources":["../../src/encryption/lit.ts"],"names":[],"mappings":"AAcA,MAAM,OAAO,SAAS;IACZ,MAAM,CAAY;IAClB,MAAM,GAAe,IAAI,CAAC;IAElC,YAAY,MAAiB;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,oDAAoD;IACpD,KAAK,CAAC,SAAS;QACb,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QACpC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;QACxE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;QAChE,MAAM,UAAU,GAA2B;YACzC,WAAW,EAAE,WAAW,CAAC,QAAQ;YACjC,YAAY,EAAE,WAAW,CAAC,SAAS;YACnC,KAAK,EAAE,WAAW,CAAC,KAAK;SACzB,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,aAAa,CAAC;YAC9B,UAAU,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAQ;YAClD,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAClC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAmB,EAAE,KAAa;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;QAC/D,MAAM,EAAE,iCAAiC,EAAE,2BAA2B,EAAE,eAAe,EAAE,GACvF,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAE7C,MAAM,WAAW,GAAG,IAAI,iCAAiC,CAAC,GAAG,CAAC,CAAC;QAE/D,OAAO,MAAM,CAAC,cAAc,CAAC;YAC3B,KAAK;YACL,uBAAuB,EAAE;gBACvB,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,CAAC,gCAAgC,EAAE;aAChF;YACD,kBAAkB,EAAE,KAAK,EAAE,MAI1B,EAAE,EAAE;gBACH,MAAM,MAAM,GAAG,MAAM,2BAA2B,CAAC;oBAC/C,GAAG,EAAE,MAAM,CAAC,GAAI;oBAChB,UAAU,EAAE,MAAM,CAAC,UAAW;oBAC9B,SAAS,EAAE,MAAM,CAAC,uBAAwB;oBAC1C,aAAa,EAAE,OAAO,CAAC,OAAO;oBAC9B,KAAK,EAAE,MAAM,MAAM,CAAC,kBAAkB,EAAE;oBACxC,aAAa,EAAE,MAAM;iBACtB,CAAC,CAAC;gBACH,OAAO,eAAe,CAAC;oBACrB,MAAM,EAAE;wBACN,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,OAAO,CAAC,GAAG;wBACpC,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,OAAO,CAAC,OAAO;qBACjC;oBACR,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,IAAgB,EAChB,gBAAsC,EACtC,QAAgB,UAAU;QAE1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACvE,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,GAAG,MAAM,iBAAiB,CAC/D,EAAE,uBAAuB,EAAE,gBAAuB,EAAE,aAAa,EAAE,IAAI,EAAE,EACzE,MAAM,CACP,CAAC;QACF,OAAO;YACL,MAAM,EAAE,KAAK;YACb,UAAU,EACR,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU;YACpF,iBAAiB;YACjB,uBAAuB,EAAE,gBAAgB;YACzC,KAAK,EAAE,KAAY;SACpB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAA2B,EAAE,oBAAyB;QAClE,IAAI,WAAW,GAAG,oBAAoB,CAAC;QAEvC,4DAA4D;QAC5D,IAAI,oBAAoB,EAAE,GAAG,IAAI,oBAAoB,EAAE,OAAO,EAAE,CAAC;YAC/D,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CACrC,oBAAkC,EAClC,SAAS,CAAC,KAAe,CAC1B,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACzE,OAAO,mBAAmB,CACxB;YACE,uBAAuB,EAAE,SAAS,CAAC,uBAA8B;YACjE,KAAK,EAAE,SAAS,CAAC,KAAe;YAChC,UAAU,EACR,OAAO,SAAS,CAAC,UAAU,KAAK,QAAQ;gBACtC,CAAC,CAAC,SAAS,CAAC,UAAU;gBACtB,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC;YACpD,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;YAC9C,WAAW;SACZ,EACD,MAAM,CACP,CAAC;IACJ,CAAC;IAED,sBAAsB,CAAC,OAAe,EAAE,KAAe;QACrD,OAAO;YACL,aAAa,EAAE,UAAU;YACzB,eAAe,EAAE,EAAgB;YACjC,oBAAoB,EAAE,EAAE;YACxB,KAAK;YACL,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,CAAC,cAAc,CAAC;YAC5B,eAAe,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE;SACrD,CAAC;IACJ,CAAC;IAED,yBAAyB,CAAC,IAIzB;QACC,OAAO;YACL,aAAa,EAAE,aAAa;YAC5B,eAAe,EAAE,IAAI,CAAC,eAA6B;YACnD,oBAAoB,EAAE,EAAE;YACxB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,UAAU;YAClB,UAAU,EAAE,CAAC,cAAc,CAAC;YAC5B,eAAe,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;SACpE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;CACF"}

package/dist/encryption/vault-key.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Vault key derivation with optional caching.
+ *
+ * Derives a deterministic AES-256 key from a wallet signature
+ * and caches the signature in storage to avoid re-prompting.
+ */
+export interface VaultKeyConfig {
+    /** Wallet address (used as cache key discriminator) */
+    address: string;
+    /** Wallet signMessage function — returns hex signature */
+    signMessage: (message: string) => Promise<string>;
+    /** Storage adapter for caching (default: sessionStorage if available) */
+    storage?: {
+        getItem(key: string): string | null;
+        setItem(key: string, value: string): void;
+        removeItem(key: string): void;
+    };
+}
+/**
+ * Derive a vault encryption key, caching the signature to avoid
+ * re-prompting the wallet on page reload.
+ *
+ * Usage:
+ * ```ts
+ * const { key, clear } = await deriveVaultKeyWithCache({
+ *   address: "0x...",
+ *   signMessage: (msg) => wagmiSignMessage({ message: msg }),
+ * });
+ * // Use `key` for encryption/decryption
+ * // Call `clear()` on disconnect
+ * ```
+ */
+export declare function deriveVaultKeyWithCache(config: VaultKeyConfig): Promise<{
+    key: CryptoKey;
+    clear: () => void;
+}>;
+//# sourceMappingURL=vault-key.d.ts.map

package/dist/encryption/vault-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-key.d.ts","sourceRoot":"","sources":["../../src/encryption/vault-key.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,yEAAyE;IACzE,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;QACpC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;KAC/B,CAAC;CACH;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC;IAAE,GAAG,EAAE,SAAS,CAAC;IAAC,KAAK,EAAE,MAAM,IAAI,CAAA;CAAE,CAAC,CAqBhD"}

package/dist/encryption/vault-key.js

@@ -0,0 +1,43 @@
+/**
+ * Vault key derivation with optional caching.
+ *
+ * Derives a deterministic AES-256 key from a wallet signature
+ * and caches the signature in storage to avoid re-prompting.
+ */
+import { AESEngine } from "./aes.js";
+const CACHE_PREFIX = "orbitmem:vk";
+const aes = new AESEngine({ kdf: "hkdf-sha256" });
+/**
+ * Derive a vault encryption key, caching the signature to avoid
+ * re-prompting the wallet on page reload.
+ *
+ * Usage:
+ * ```ts
+ * const { key, clear } = await deriveVaultKeyWithCache({
+ *   address: "0x...",
+ *   signMessage: (msg) => wagmiSignMessage({ message: msg }),
+ * });
+ * // Use `key` for encryption/decryption
+ * // Call `clear()` on disconnect
+ * ```
+ */
+export async function deriveVaultKeyWithCache(config) {
+    const { address, signMessage } = config;
+    const storage = config.storage ?? (typeof sessionStorage !== "undefined" ? sessionStorage : null);
+    const cacheKey = `${CACHE_PREFIX}:${address}`;
+    let sig = storage?.getItem(cacheKey) ?? null;
+    if (!sig) {
+        sig = await signMessage("OrbitMem Vault Key v1");
+        storage?.setItem(cacheKey, sig);
+    }
+    const sigBytes = new Uint8Array((sig.slice(2).match(/.{2}/g) ?? []).map((b) => parseInt(b, 16)));
+    const hash = new Uint8Array(await crypto.subtle.digest("SHA-256", sigBytes));
+    const key = await aes.deriveKey({ type: "raw", key: hash });
+    return {
+        key,
+        clear() {
+            storage?.removeItem(cacheKey);
+        },
+    };
+}
+//# sourceMappingURL=vault-key.js.map

package/dist/encryption/vault-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-key.js","sourceRoot":"","sources":["../../src/encryption/vault-key.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,MAAM,YAAY,GAAG,aAAa,CAAC;AACnC,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,CAAC;AAelD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,MAAsB;IAEtB,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,cAAc,KAAK,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClG,MAAM,QAAQ,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAE9C,IAAI,GAAG,GAAG,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAC7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,CAAC;QACjD,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,QAAwB,CAAC,CAAC,CAAC;IAC7F,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5D,OAAO;QACL,GAAG;QACH,KAAK;YACH,OAAO,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/identity/identity-layer.d.ts

@@ -0,0 +1,3 @@
+import type { IdentityConfig, IIdentityLayer } from "../types.js";
+export declare function createIdentityLayer(config: IdentityConfig): IIdentityLayer;
+//# sourceMappingURL=identity-layer.d.ts.map

package/dist/identity/identity-layer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-layer.d.ts","sourceRoot":"","sources":["../../src/identity/identity-layer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,cAAc,EACd,cAAc,EAIf,MAAM,aAAa,CAAC;AAGrB,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,GAAG,cAAc,CAgH1E"}

package/dist/identity/identity-layer.js

@@ -0,0 +1,99 @@
+import { deriveSessionKey } from "./session.js";
+export function createIdentityLayer(config) {
+    let connection = null;
+    let activeSession = null;
+    const sessions = new Map();
+    const listeners = new Set();
+    // Store signer function set by external wallet adapters
+    let signFn = null;
+    return {
+        async connect(opts) {
+            // If an OWS wallet was provided (CLI / server usage), auto-connect via OWS adapter
+            if (config.owsWallet) {
+                const { createOwsAdapter } = await import("./ows-adapter.js");
+                const owsChain = config.owsChain ?? "eip155:84532";
+                const adapter = createOwsAdapter(config.owsWallet, owsChain);
+                const address = await adapter.getAddress();
+                const family = owsChain.startsWith("solana:") ? "solana" : "evm";
+                const algorithm = family === "solana" ? "ed25519" : "ecdsa-secp256k1";
+                connection = {
+                    address,
+                    family,
+                    signatureAlgorithm: algorithm,
+                    connectedAt: Date.now(),
+                };
+                signFn = async (message) => {
+                    return adapter.signMessage(message);
+                };
+                for (const cb of listeners)
+                    cb(connection);
+                return connection;
+            }
+            throw new Error(`connect(${opts.method}) requires a wallet adapter or owsWallet config. ` +
+                "Use setConnection() for testing or integrate a wallet provider.");
+        },
+        async createPasskey() {
+            throw new Error("Passkey creation requires browser WebAuthn API");
+        },
+        async disconnect() {
+            connection = null;
+            activeSession = null;
+            signFn = null;
+            for (const cb of listeners)
+                cb(null);
+        },
+        async signChallenge(message) {
+            if (!signFn)
+                throw new Error("No signer available — connect a wallet first");
+            return signFn(message);
+        },
+        async createSessionKey(permissions, opts) {
+            if (!connection)
+                throw new Error("No wallet connected");
+            if (!signFn)
+                throw new Error("No signer available");
+            const challenge = `OrbitMem Authentication\nTimestamp: ${Date.now()}\nNonce: ${crypto.randomUUID()}`;
+            const { signature } = await signFn(challenge);
+            const session = await deriveSessionKey({
+                family: connection.family,
+                signature,
+                parentAddress: connection.address,
+                permissions,
+                ttl: opts?.ttl ?? config.sessionTTL ?? 3600,
+            });
+            sessions.set(session.id, session);
+            activeSession = session;
+            return session;
+        },
+        async resumeSession(sessionId) {
+            const session = sessions.get(sessionId);
+            if (!session)
+                return null;
+            if (session.expiresAt <= Date.now()) {
+                sessions.delete(sessionId);
+                return null;
+            }
+            activeSession = session;
+            return session;
+        },
+        async revokeSession(sessionId) {
+            sessions.delete(sessionId);
+            if (activeSession?.id === sessionId)
+                activeSession = null;
+        },
+        getConnection() {
+            return connection;
+        },
+        getActiveSession() {
+            if (activeSession && activeSession.expiresAt <= Date.now()) {
+                activeSession = null;
+            }
+            return activeSession;
+        },
+        onConnectionChange(callback) {
+            listeners.add(callback);
+            return () => listeners.delete(callback);
+        },
+    };
+}
+//# sourceMappingURL=identity-layer.js.map

package/dist/identity/identity-layer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-layer.js","sourceRoot":"","sources":["../../src/identity/identity-layer.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,UAAU,mBAAmB,CAAC,MAAsB;IACxD,IAAI,UAAU,GAA4B,IAAI,CAAC;IAC/C,IAAI,aAAa,GAAsB,IAAI,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC/C,MAAM,SAAS,GAAiD,IAAI,GAAG,EAAE,CAAC;IAE1E,wDAAwD;IACxD,IAAI,MAAM,GAEC,IAAI,CAAC;IAEhB,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,IAAI;YAChB,mFAAmF;YACnF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAC9D,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;gBACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC7D,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;gBAE3C,MAAM,MAAM,GAAgB,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9E,MAAM,SAAS,GAAuB,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAC;gBAE1F,UAAU,GAAG;oBACX,OAAO;oBACP,MAAM;oBACN,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;iBACxB,CAAC;gBAEF,MAAM,GAAG,KAAK,EAAE,OAAe,EAAE,EAAE;oBACjC,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACtC,CAAC,CAAC;gBAEF,KAAK,MAAM,EAAE,IAAI,SAAS;oBAAE,EAAE,CAAC,UAAU,CAAC,CAAC;gBAC3C,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,MAAM,IAAI,KAAK,CACb,WAAW,IAAI,CAAC,MAAM,mDAAmD;gBACvE,iEAAiE,CACpE,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,aAAa;YACjB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,KAAK,CAAC,UAAU;YACd,UAAU,GAAG,IAAI,CAAC;YAClB,aAAa,GAAG,IAAI,CAAC;YACrB,MAAM,GAAG,IAAI,CAAC;YACd,KAAK,MAAM,EAAE,IAAI,SAAS;gBAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAO;YACzB,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,WAAW,EAAE,IAAI;YACtC,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACxD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YAEpD,MAAM,SAAS,GAAG,uCAAuC,IAAI,CAAC,GAAG,EAAE,YAAY,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YACrG,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YAE9C,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC;gBACrC,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,SAAS;gBACT,aAAa,EAAE,UAAU,CAAC,OAAO;gBACjC,WAAW;gBACX,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI;aAC5C,CAAC,CAAC;YAEH,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAClC,aAAa,GAAG,OAAO,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,SAAS;YAC3B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC1B,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACpC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,aAAa,GAAG,OAAO,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,SAAS;YAC3B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3B,IAAI,aAAa,EAAE,EAAE,KAAK,SAAS;gBAAE,aAAa,GAAG,IAAI,CAAC;QAC5D,CAAC;QAED,aAAa;YACX,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gBAAgB;YACd,IAAI,aAAa,IAAI,aAAa,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC3D,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;YACD,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,kBAAkB,CAAC,QAAQ;YACzB,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/identity/index.d.ts

@@ -0,0 +1,4 @@
+export { createIdentityLayer } from "./identity-layer.js";
+export { deriveSessionKey } from "./session.js";
+export { createOwsAdapter, type OwsAdapter } from "./ows-adapter.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/identity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/identity/index.js

@@ -0,0 +1,4 @@
+export { createIdentityLayer } from "./identity-layer.js";
+export { deriveSessionKey } from "./session.js";
+export { createOwsAdapter } from "./ows-adapter.js";
+//# sourceMappingURL=index.js.map

package/dist/identity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,kBAAkB,CAAC"}

package/dist/identity/ows-adapter.d.ts

@@ -0,0 +1,15 @@
+import type { SignatureAlgorithm, WalletAddress } from "../types.js";
+export interface OwsAdapter {
+    getAddress(): Promise<WalletAddress>;
+    signMessage(message: string): Promise<{
+        signature: Uint8Array;
+        algorithm: SignatureAlgorithm;
+    }>;
+    toViemAccount(): Promise<import("viem").Account>;
+}
+/**
+ * @param walletName — OWS wallet name (e.g., "orbitmem")
+ * @param chain — CAIP-2 chain ID (e.g., "eip155:84532" for Base Sepolia)
+ */
+export declare function createOwsAdapter(walletName: string, chain: string): OwsAdapter;
+//# sourceMappingURL=ows-adapter.d.ts.map

package/dist/identity/ows-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ows-adapter.d.ts","sourceRoot":"","sources":["../../src/identity/ows-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAErE,MAAM,WAAW,UAAU;IACzB,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IACrC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,kBAAkB,CAAA;KAAE,CAAC,CAAC;IAChG,aAAa,IAAI,OAAO,CAAC,OAAO,MAAM,EAAE,OAAO,CAAC,CAAC;CAClD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,UAAU,CAmE9E"}