@private.me/xbind 1.2.0

package/dist-standalone/cjs/connect.js

@@ -0,0 +1,312 @@
+"use strict";
+/**
+ * @module connect
+ * High-level connect() API for zero-config XBind connections.
+ *
+ * Enables: `const service = await connect('payments-service')`
+ *
+ * Combines:
+ * - Service discovery
+ * - Trust verification
+ * - Agent creation
+ * - Connection establishment
+ *
+ * @example
+ * ```ts
+ * import { connect } from '@private.me/xbind';
+ *
+ * // Connect by name (uses registry):
+ * const payments = await connect('payments-service');
+ *
+ * // Connect by domain (uses .well-known):
+ * const payments = await connect('payments.example.com');
+ *
+ * // Connect by URL (direct):
+ * const payments = await connect('https://api.payments.com/xbind');
+ *
+ * // Use the connection:
+ * await payments.send({
+ *   to: payments.did,
+ *   payload: { action: 'createCharge', amount: 100 },
+ *   scope: 'payments',
+ * });
+ * ```
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConnectErrorCode = void 0;
+exports.connect = connect;
+exports.acceptInvite = acceptInvite;
+const shared_1 = require("../_deps/shared/index.js");
+const crypto_1 = require("../_deps/crypto/index.js");
+const agent_js_1 = require("./agent.js");
+const discovery_js_1 = require("./discovery.js");
+const transport_js_1 = require("./transport.js");
+const trust_registry_js_1 = require("./trust-registry.js");
+const identity_js_1 = require("./identity.js");
+/**
+ * Connect error codes.
+ */
+var ConnectErrorCode;
+(function (ConnectErrorCode) {
+    ConnectErrorCode["DISCOVERY_FAILED"] = "CONNECT_DISCOVERY_FAILED";
+    ConnectErrorCode["AGENT_CREATION_FAILED"] = "CONNECT_AGENT_CREATION_FAILED";
+    ConnectErrorCode["TRUST_VERIFICATION_FAILED"] = "CONNECT_TRUST_VERIFICATION_FAILED";
+    ConnectErrorCode["INVALID_SERVICE_INFO"] = "CONNECT_INVALID_SERVICE_INFO";
+})(ConnectErrorCode || (exports.ConnectErrorCode = ConnectErrorCode = {}));
+/**
+ * Connect to a service with zero configuration.
+ *
+ * @param nameOrUrl - Service name, domain, or URL
+ * @param options - Connection options
+ * @returns Connection or error
+ *
+ * @example
+ * ```ts
+ * // Minimal:
+ * const connection = await connect('payments-service');
+ * if (connection.ok) {
+ *   await connection.value.agent.send({
+ *     to: connection.value.did,
+ *     payload: { action: 'test' },
+ *     scope: 'test',
+ *   });
+ * }
+ *
+ * // With options:
+ * const connection = await connect('payments-service', {
+ *   name: 'billing-service',
+ *   xchange: true, // Use faster Xchange mode
+ *   splitChannel: true, // Use split-channel by default
+ * });
+ * ```
+ */
+async function connect(nameOrUrl, options = {}) {
+    // Step 1: Discover service
+    const discovery = options.discovery || new discovery_js_1.ServiceDiscovery();
+    const serviceResult = await discovery.discover(nameOrUrl);
+    if (!serviceResult.ok) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.DISCOVERY_FAILED,
+            message: `Failed to discover service: ${serviceResult.error.message}`,
+            hint: serviceResult.error.hint,
+            cause: serviceResult.error,
+        });
+    }
+    const service = serviceResult.value;
+    // Step 2: Validate service info
+    if (!service.did || !service.endpoint || !service.publicKey) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.INVALID_SERVICE_INFO,
+            message: 'Service info missing required fields (did, endpoint, publicKey)',
+            hint: 'Service must provide complete metadata',
+        });
+    }
+    // Step 3: Create trust registry and add service
+    const registry = options.registry || new trust_registry_js_1.MemoryTrustRegistry();
+    try {
+        // Import public key (convert from base64 string)
+        const publicKeyBytes = (0, crypto_1.fromBase64)(service.publicKey);
+        const publicKeyResult = await (0, identity_js_1.importPublicKey)(publicKeyBytes);
+        if (!publicKeyResult.ok) {
+            return (0, shared_1.err)({
+                code: ConnectErrorCode.TRUST_VERIFICATION_FAILED,
+                message: 'Invalid service public key',
+                cause: publicKeyResult.error,
+            });
+        }
+        // Add to trust registry
+        await registry.add({
+            did: service.did,
+            publicKey: publicKeyResult.value,
+            x25519PublicKey: service.x25519PublicKey
+                ? await (0, identity_js_1.importPublicKey)((0, crypto_1.fromBase64)(service.x25519PublicKey)).then(r => r.ok ? r.value : undefined)
+                : undefined,
+            mlKemPublicKey: service.mlKemPublicKey
+                ? (0, crypto_1.fromBase64)(service.mlKemPublicKey)
+                : undefined,
+        });
+    }
+    catch (error) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.TRUST_VERIFICATION_FAILED,
+            message: 'Failed to verify service public key',
+            cause: error,
+        });
+    }
+    // Step 4: Create transport
+    const transport = options.transport || new transport_js_1.HttpsTransportAdapter({
+        baseUrl: service.endpoint,
+    });
+    // Step 5: Create agent
+    const agentName = options.name || `client-${Date.now()}`;
+    const agentOptions = {
+        name: agentName,
+        registry,
+        transport,
+        xchange: options.xchange,
+        postQuantumSig: options.postQuantumSig,
+    };
+    const agentResult = await agent_js_1.Agent.create(agentOptions);
+    if (!agentResult.ok) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.AGENT_CREATION_FAILED,
+            message: 'Failed to create agent',
+            cause: agentResult.error,
+        });
+    }
+    // Step 6: Return connection
+    return (0, shared_1.ok)({
+        agent: agentResult.value,
+        service,
+        did: service.did,
+        endpoint: service.endpoint,
+    });
+}
+/**
+ * Accept an invite and establish connection.
+ *
+ * @param inviteUrl - Invite URL
+ * @param options - Connection options
+ * @returns Connection or error
+ *
+ * @example
+ * ```ts
+ * const connection = await acceptInvite('https://xbind.to/invite/abc123', {
+ *   name: 'my-service',
+ * });
+ *
+ * if (connection.ok) {
+ *   console.log('Connected to:', connection.value.service.name);
+ * }
+ * ```
+ */
+async function acceptInvite(inviteUrl, options = {}) {
+    const { InviteService } = await Promise.resolve().then(() => __importStar(require('./invite.js')));
+    const inviteService = new InviteService();
+    // Get invite details
+    const inviteResult = await inviteService.get(inviteUrl);
+    if (!inviteResult.ok) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.DISCOVERY_FAILED,
+            message: `Failed to get invite: ${inviteResult.error.message}`,
+            cause: inviteResult.error,
+        });
+    }
+    const invite = inviteResult.value;
+    // Convert invite.from to ServiceInfo
+    const service = {
+        name: invite.from.name,
+        did: invite.from.did,
+        endpoint: invite.from.endpoint,
+        publicKey: invite.from.publicKey,
+        x25519PublicKey: invite.from.x25519PublicKey,
+        mlKemPublicKey: invite.from.mlKemPublicKey,
+    };
+    // Connect to service (same as connect())
+    // Create trust registry and add service
+    const registry = options.registry || new trust_registry_js_1.MemoryTrustRegistry();
+    try {
+        // Import public key (convert from base64 string)
+        const publicKeyBytes = (0, crypto_1.fromBase64)(service.publicKey);
+        const publicKeyResult = await (0, identity_js_1.importPublicKey)(publicKeyBytes);
+        if (!publicKeyResult.ok) {
+            return (0, shared_1.err)({
+                code: ConnectErrorCode.TRUST_VERIFICATION_FAILED,
+                message: 'Invalid service public key',
+                cause: publicKeyResult.error,
+            });
+        }
+        await registry.add({
+            did: service.did,
+            publicKey: publicKeyResult.value,
+            x25519PublicKey: service.x25519PublicKey
+                ? await (0, identity_js_1.importPublicKey)((0, crypto_1.fromBase64)(service.x25519PublicKey)).then(r => r.ok ? r.value : undefined)
+                : undefined,
+            mlKemPublicKey: service.mlKemPublicKey
+                ? (0, crypto_1.fromBase64)(service.mlKemPublicKey)
+                : undefined,
+        });
+    }
+    catch (error) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.TRUST_VERIFICATION_FAILED,
+            message: 'Failed to verify service public key',
+            cause: error,
+        });
+    }
+    const transport = options.transport || new transport_js_1.HttpsTransportAdapter({
+        baseUrl: service.endpoint,
+    });
+    const agentName = options.name || `client-${Date.now()}`;
+    const agentOptions = {
+        name: agentName,
+        registry,
+        transport,
+        xchange: options.xchange,
+        postQuantumSig: options.postQuantumSig,
+    };
+    const agentResult = await agent_js_1.Agent.create(agentOptions);
+    if (!agentResult.ok) {
+        return (0, shared_1.err)({
+            code: ConnectErrorCode.AGENT_CREATION_FAILED,
+            message: 'Failed to create agent',
+            cause: agentResult.error,
+        });
+    }
+    // Accept the invite
+    const acceptResult = await inviteService.accept({
+        inviteUrl,
+        acceptor: {
+            name: agentOptions.name,
+            did: agentResult.value.did,
+            endpoint: options.endpoint || '', // Agent's endpoint (where it can be reached), empty for client-only agents
+            publicKey: (0, crypto_1.toBase64)(agentResult.value.identity.rawPublicKey),
+            x25519PublicKey: agentResult.value.identity.rawX25519PublicKey
+                ? (0, crypto_1.toBase64)(agentResult.value.identity.rawX25519PublicKey)
+                : undefined,
+        },
+    });
+    if (!acceptResult.ok) {
+        // Connection created but invite acceptance failed - still return connection
+        // (invite acceptance is for tracking/notification, not required for connectivity)
+    }
+    return (0, shared_1.ok)({
+        agent: agentResult.value,
+        service,
+        did: service.did,
+        endpoint: service.endpoint,
+    });
+}

package/dist-standalone/cjs/did-document.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateDidDocument = generateDidDocument;
+exports.resolveDid = resolveDid;
+exports.getServiceEndpoints = getServiceEndpoints;
+const shared_1 = require("../_deps/shared/index.js");
+const crypto_1 = require("../_deps/crypto/index.js");
+/**
+ * Generate a DID document for a given DID.
+ *
+ * Includes service endpoints that advertise PRIVATE.ME/xBind.
+ * Both did:key and did:privateme DIDs generate the same service endpoints.
+ *
+ * @param did - The DID (did:key:z... or did:privateme:z...)
+ * @param rawPublicKey - The 32-byte Ed25519 public key
+ * @param name - Optional name for the identity
+ * @returns DID document with service endpoints
+ */
+function generateDidDocument(did, rawPublicKey, name) {
+    if (!did.startsWith('did:key:') && !did.startsWith('did:privateme:')) {
+        return (0, shared_1.err)('INVALID_DID_FORMAT');
+    }
+    // Convert public key to base64 for inclusion in document
+    const publicKeyBase64 = (0, crypto_1.toBase64)(rawPublicKey);
+    const document = {
+        '@context': [
+            'https://www.w3.org/ns/did/v1',
+            'https://w3id.org/security/suites/ed25519-2020/v1',
+        ],
+        id: did,
+        publicKey: [
+            {
+                id: `${did}#key-1`,
+                type: 'Ed25519VerificationKey2020',
+                controller: did,
+                publicKeyBase64,
+            },
+        ],
+        authentication: [`${did}#key-1`],
+        assertionMethod: [`${did}#key-1`],
+        keyAgreement: [`${did}#key-1`],
+        service: [
+            {
+                id: `${did}#identity-provider`,
+                type: 'IdentityProvider',
+                serviceEndpoint: 'https://private.me',
+                description: 'PRIVATE.ME xBind Agent - M2M identity authentication',
+            },
+            {
+                id: `${did}#documentation`,
+                type: 'Documentation',
+                serviceEndpoint: 'https://private.me/docs/xbind.html',
+                description: 'Learn more about PRIVATE.ME/xBind protocol',
+            },
+        ],
+        ...(name ? { name } : {}),
+    };
+    return (0, shared_1.ok)(document);
+}
+/**
+ * Resolve a DID to its document (simulated).
+ *
+ * In a production system, this would query a DID resolver.
+ * For now, this generates a synthetic document based on the DID.
+ *
+ * @param did - The DID to resolve
+ * @param rawPublicKey - The 32-byte Ed25519 public key
+ * @returns DID document or error
+ */
+async function resolveDid(did, rawPublicKey) {
+    // In a production system, this would make an HTTP request to a DID resolver
+    // For now, generate a synthetic document
+    return generateDidDocument(did, rawPublicKey);
+}
+/**
+ * Extract service endpoints from a DID document.
+ *
+ * Filters for PRIVATE.ME service endpoints to provide discovery information.
+ *
+ * @param document - The DID document
+ * @returns Array of service endpoints advertising PRIVATE.ME services
+ */
+function getServiceEndpoints(document) {
+    if (!document.service)
+        return [];
+    return document.service
+        .filter((svc) => {
+        const endpoint = typeof svc.serviceEndpoint === 'string' ? svc.serviceEndpoint : '';
+        return (endpoint.includes('private.me') ||
+            svc.type.includes('PRIVATE.ME') ||
+            svc.type === 'IdentityProvider' ||
+            svc.type === 'Documentation');
+    })
+        .map((svc) => ({
+        type: svc.type,
+        endpoint: typeof svc.serviceEndpoint === 'string'
+            ? svc.serviceEndpoint
+            : JSON.stringify(svc.serviceEndpoint),
+        description: svc.description,
+    }));
+}

package/dist-standalone/cjs/did-privateme.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.publicKeyToPrivateMeDid = publicKeyToPrivateMeDid;
+exports.privateMeDidToPublicKeyBytes = privateMeDidToPublicKeyBytes;
+exports.isPrivateMeDid = isPrivateMeDid;
+exports.isDidKeyFormat = isDidKeyFormat;
+exports.convertDidFormat = convertDidFormat;
+exports.normalizeDid = normalizeDid;
+exports.parseDid = parseDid;
+const shared_1 = require("../_deps/shared/index.js");
+const identity_js_1 = require("./identity.js");
+/**
+ * Mechanism 4: Convert Ed25519 public key to did:privateme DID.
+ *
+ * Format: did:privateme:z + base58btc(0xed01 || publicKey)
+ *
+ * This is a new DID method identifier for PRIVATE.ME ACIs.
+ * It uses the same base58btc encoding as did:key for compatibility,
+ * but signals that the identity is backed by PRIVATE.ME infrastructure.
+ *
+ * Backward compatible: agents accept both did:key and did:privateme formats.
+ *
+ * @param rawPublicKey - 32-byte Ed25519 public key
+ * @returns DID in format did:privateme:z...
+ */
+function publicKeyToPrivateMeDid(rawPublicKey) {
+    // Use same encoding as did:key, but with privateme method
+    const didKeyFormat = (0, identity_js_1.publicKeyToDid)(rawPublicKey);
+    // Replace did:key: with did:privateme:
+    return didKeyFormat.replace(/^did:key:/, 'did:privateme:');
+}
+/**
+ * Extract raw 32-byte public key from a did:privateme DID.
+ *
+ * Format: did:privateme:z + base58btc(0xed01 || publicKey)
+ *
+ * @param did - DID in format did:privateme:z...
+ * @returns 32-byte public key or error
+ */
+function privateMeDidToPublicKeyBytes(did) {
+    if (!did.startsWith('did:privateme:z')) {
+        return (0, shared_1.err)('INVALID_DID_FORMAT');
+    }
+    // Convert to did:key format temporarily for parsing
+    const didKeyFormat = did.replace(/^did:privateme:/, 'did:key:');
+    // Use the existing parser
+    const result = (0, identity_js_1.didToPublicKeyBytes)(didKeyFormat);
+    if (!result.ok) {
+        return (0, shared_1.err)(result.error);
+    }
+    return (0, shared_1.ok)(result.value);
+}
+/**
+ * Determine if a DID is in the new did:privateme format.
+ *
+ * @param did - The DID to check
+ * @returns true if DID is did:privateme format, false otherwise
+ */
+function isPrivateMeDid(did) {
+    return did.startsWith('did:privateme:');
+}
+/**
+ * Determine if a DID is in the did:key format.
+ *
+ * @param did - The DID to check
+ * @returns true if DID is did:key format, false otherwise
+ */
+function isDidKeyFormat(did) {
+    return did.startsWith('did:key:');
+}
+/**
+ * Convert between DID formats (did:key ↔ did:privateme).
+ *
+ * Allows backward compatibility between old did:key and new did:privateme formats.
+ * The public key remains the same; only the method identifier changes.
+ *
+ * @param did - Source DID in either format
+ * @returns Converted DID in the other format, or error
+ */
+function convertDidFormat(did) {
+    if (isDidKeyFormat(did)) {
+        // Convert did:key to did:privateme
+        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
+    }
+    if (isPrivateMeDid(did)) {
+        // Convert did:privateme to did:key
+        return (0, shared_1.ok)(did.replace(/^did:privateme:/, 'did:key:'));
+    }
+    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
+}
+/**
+ * Normalize a DID to the canonical format (did:privateme).
+ *
+ * All DIDs are converted to did:privateme format for consistency.
+ * Existing did:key DIDs are automatically upgraded.
+ *
+ * @param did - Source DID in any supported format
+ * @returns Normalized DID in did:privateme format
+ */
+function normalizeDid(did) {
+    if (isPrivateMeDid(did)) {
+        // Already in target format
+        return (0, shared_1.ok)(did);
+    }
+    if (isDidKeyFormat(did)) {
+        // Convert to did:privateme
+        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
+    }
+    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
+}
+/**
+ * Parse a DID into method, identifier, and fragment.
+ *
+ * @param did - Full DID string
+ * @returns Parsed DID components or error
+ */
+function parseDid(did) {
+    const fragmentMatch = did.indexOf('#');
+    const base = fragmentMatch >= 0 ? did.substring(0, fragmentMatch) : did;
+    const fragment = fragmentMatch >= 0 ? did.substring(fragmentMatch + 1) : undefined;
+    const parts = base.split(':');
+    if (parts.length < 3 || parts[0] !== 'did') {
+        return (0, shared_1.err)('INVALID_DID_FORMAT');
+    }
+    return (0, shared_1.ok)({
+        method: parts[1],
+        identifier: parts.slice(2).join(':'),
+        fragment,
+    });
+}