@private.me/xbind 1.2.0

package/dist-standalone/cjs/index.js

@@ -0,0 +1,224 @@
+"use strict";
+// @private.me/xbind — public API
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.senderHybridKeyAgreement = exports.combineSharedSecrets = exports.receiverKeyAgreement = exports.senderKeyAgreement = exports.deriveSharedKeyECDH = exports.importX25519PublicKey = exports.generateEphemeralKeyPair = exports.createEnterpriseTrustRegistry = exports.FileTrustRegistry = exports.HttpTrustRegistry = exports.MemoryTrustRegistry = exports.RetryTransportAdapter = exports.HttpsTransportAdapter = exports.RedisNonceStore = exports.MemoryNonceStore = exports.openSignedEnvelope = exports.createSignedEnvelope = exports.generateSharedKey = exports.validateEnvelope = exports.deserializeEnvelope = exports.serializeEnvelope = exports.decryptPayload = exports.createEnvelopeV4 = exports.createEnvelopeV3 = exports.createEnvelopeV2 = exports.createEnvelope = exports.ML_DSA65_SK_BYTES = exports.ML_DSA65_PK_BYTES = exports.ML_DSA65_SIG_BYTES = exports.exportMlDsaPublicKey = exports.exportMlDsaSecretKey = exports.verifyMlDsa65 = exports.signMlDsa65 = exports.exportMlKemPublicKey = exports.exportMlKemSecretKey = exports.extractRawX25519 = exports.extractRawEd25519 = exports.identityFromSeed = exports.importIdentity = exports.importFromPKCS8 = exports.exportX25519PKCS8 = exports.exportPKCS8 = exports.didToPublicKeyBytes = exports.publicKeyToDid = exports.importPublicKey = exports.verify = exports.sign = exports.generateIdentity = exports.cliMain = exports.initCommand = void 0;
+exports.onChallenge = exports.respondToChallenge = exports.requestAuth = exports.DEFAULT_SPLIT_CONFIG = exports.reconstructFromChannel = exports.splitForChannelWithGroupId = exports.splitForChannel = exports.parseDid = exports.normalizeDid = exports.convertDidFormat = exports.isDidKeyFormat = exports.isPrivateMeDid = exports.privateMeDidToPublicKeyBytes = exports.publicKeyToPrivateMeDid = exports.getServiceEndpoints = exports.resolveDid = exports.generateDidDocument = exports.didWebToUrl = exports.DidWebResolver = exports.GatewayTransport = exports.createRegistryAuthMiddleware = exports.toPolicyDenied = exports.extractSuggestion = exports.Guardrails = exports.PolicyDenied = exports.ApprovalErrorCode = exports.ApprovalError = exports.CLIApprovalPresenter = exports.ApprovalFlow = exports.getGlobalPolicyEngine = exports.PolicyEngine = exports.describeSecurityMode = exports.DefaultSecurityPolicy = exports.wrapFetch = exports.createGotCompat = exports.createAxiosCompat = exports.getXBindCapability = exports.isXBindSupported = exports.xfetch = exports.AgentCallError = exports.getToolRegistry = exports.setToolRegistry = exports.ERROR_DETAILS = exports.AgentErrorCode = exports.stream = exports.batchCall = exports.call = exports.parseAgentError = exports.Agent = exports.receiverHybridKeyAgreement = void 0;
+exports.createSuccession = exports.AgentBuilder = exports.generateInvitationToken = exports.InvitationStore = exports.InvitationClient = exports.InvitationErrorCode = exports.LazyAgentErrorCode = exports.createLazyAgent = exports.LazyAgent = exports.AutoAcceptErrorCode = exports.autoAcceptInvite = exports.ConnectErrorCode = exports.acceptInvite = exports.connect = exports.PairingManager = exports.DualModeErrorCode = exports.DualModeAdapter = exports.InviteErrorCode = exports.InviteService = exports.MdnsDiscoveryManager = exports.DiscoveryErrorCode = exports.ServiceDiscovery = exports.search = exports.createPaginationMetadata = exports.paginate = exports.toACIError = exports.isACIError = exports.formatErrorForLog = exports.formatErrorForUser = exports.createDetailedError = exports.createStagedProgress = exports.ProgressReporter = exports.createXBindErrorDetail = exports.isXBindError = exports.toXBindError = exports.XBindAgentError = exports.XBindSplitChannelError = exports.XBindKeyAgreementError = exports.XBindRegistryError = exports.XBindTransportError = exports.XBindEnvelopeError = exports.XBindIdentityError = exports.XBindError = exports.BUNDLE_HEADER_BYTES = exports.AES_IV_BYTES = exports.AES_KEY_BYTES = exports.xchangeDecrypt = exports.xchangeEncrypt = exports.generateXchangeKey = exports.generateRegistrationQR = void 0;
+exports.reconstructKeyFromBackup = exports.splitKeyWithBackup = exports.validateBackupConfig = exports.DEFAULT_BACKUP_CONFIG = exports.hashBloomFilter = exports.resumeSubscription = exports.verifySubscriptionProof = exports.createSubscriptionProof = exports.decodeCheckpoint = exports.encodeCheckpoint = exports.isCacheStale = exports.verifyCheckpoint = exports.createCheckpoint = exports.GatewayConnectionState = exports.decodeSuccession = exports.encodeSuccession = exports.verifySuccession = void 0;
+var init_js_1 = require("./cli/init.js");
+Object.defineProperty(exports, "initCommand", { enumerable: true, get: function () { return init_js_1.initCommand; } });
+Object.defineProperty(exports, "cliMain", { enumerable: true, get: function () { return init_js_1.main; } });
+var identity_js_1 = require("./identity.js");
+Object.defineProperty(exports, "generateIdentity", { enumerable: true, get: function () { return identity_js_1.generateIdentity; } });
+Object.defineProperty(exports, "sign", { enumerable: true, get: function () { return identity_js_1.sign; } });
+Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return identity_js_1.verify; } });
+Object.defineProperty(exports, "importPublicKey", { enumerable: true, get: function () { return identity_js_1.importPublicKey; } });
+Object.defineProperty(exports, "publicKeyToDid", { enumerable: true, get: function () { return identity_js_1.publicKeyToDid; } });
+Object.defineProperty(exports, "didToPublicKeyBytes", { enumerable: true, get: function () { return identity_js_1.didToPublicKeyBytes; } });
+Object.defineProperty(exports, "exportPKCS8", { enumerable: true, get: function () { return identity_js_1.exportPKCS8; } });
+Object.defineProperty(exports, "exportX25519PKCS8", { enumerable: true, get: function () { return identity_js_1.exportX25519PKCS8; } });
+Object.defineProperty(exports, "importFromPKCS8", { enumerable: true, get: function () { return identity_js_1.importFromPKCS8; } });
+Object.defineProperty(exports, "importIdentity", { enumerable: true, get: function () { return identity_js_1.importIdentity; } });
+Object.defineProperty(exports, "identityFromSeed", { enumerable: true, get: function () { return identity_js_1.identityFromSeed; } });
+Object.defineProperty(exports, "extractRawEd25519", { enumerable: true, get: function () { return identity_js_1.extractRawEd25519; } });
+Object.defineProperty(exports, "extractRawX25519", { enumerable: true, get: function () { return identity_js_1.extractRawX25519; } });
+Object.defineProperty(exports, "exportMlKemSecretKey", { enumerable: true, get: function () { return identity_js_1.exportMlKemSecretKey; } });
+Object.defineProperty(exports, "exportMlKemPublicKey", { enumerable: true, get: function () { return identity_js_1.exportMlKemPublicKey; } });
+Object.defineProperty(exports, "signMlDsa65", { enumerable: true, get: function () { return identity_js_1.signMlDsa65; } });
+Object.defineProperty(exports, "verifyMlDsa65", { enumerable: true, get: function () { return identity_js_1.verifyMlDsa65; } });
+Object.defineProperty(exports, "exportMlDsaSecretKey", { enumerable: true, get: function () { return identity_js_1.exportMlDsaSecretKey; } });
+Object.defineProperty(exports, "exportMlDsaPublicKey", { enumerable: true, get: function () { return identity_js_1.exportMlDsaPublicKey; } });
+Object.defineProperty(exports, "ML_DSA65_SIG_BYTES", { enumerable: true, get: function () { return identity_js_1.ML_DSA65_SIG_BYTES; } });
+Object.defineProperty(exports, "ML_DSA65_PK_BYTES", { enumerable: true, get: function () { return identity_js_1.ML_DSA65_PK_BYTES; } });
+Object.defineProperty(exports, "ML_DSA65_SK_BYTES", { enumerable: true, get: function () { return identity_js_1.ML_DSA65_SK_BYTES; } });
+var envelope_js_1 = require("./envelope.js");
+Object.defineProperty(exports, "createEnvelope", { enumerable: true, get: function () { return envelope_js_1.createEnvelope; } });
+Object.defineProperty(exports, "createEnvelopeV2", { enumerable: true, get: function () { return envelope_js_1.createEnvelopeV2; } });
+Object.defineProperty(exports, "createEnvelopeV3", { enumerable: true, get: function () { return envelope_js_1.createEnvelopeV3; } });
+Object.defineProperty(exports, "createEnvelopeV4", { enumerable: true, get: function () { return envelope_js_1.createEnvelopeV4; } });
+Object.defineProperty(exports, "decryptPayload", { enumerable: true, get: function () { return envelope_js_1.decryptPayload; } });
+Object.defineProperty(exports, "serializeEnvelope", { enumerable: true, get: function () { return envelope_js_1.serializeEnvelope; } });
+Object.defineProperty(exports, "deserializeEnvelope", { enumerable: true, get: function () { return envelope_js_1.deserializeEnvelope; } });
+Object.defineProperty(exports, "validateEnvelope", { enumerable: true, get: function () { return envelope_js_1.validateEnvelope; } });
+Object.defineProperty(exports, "generateSharedKey", { enumerable: true, get: function () { return envelope_js_1.generateSharedKey; } });
+Object.defineProperty(exports, "createSignedEnvelope", { enumerable: true, get: function () { return envelope_js_1.createSignedEnvelope; } });
+Object.defineProperty(exports, "openSignedEnvelope", { enumerable: true, get: function () { return envelope_js_1.openSignedEnvelope; } });
+var nonce_store_js_1 = require("./nonce-store.js");
+Object.defineProperty(exports, "MemoryNonceStore", { enumerable: true, get: function () { return nonce_store_js_1.MemoryNonceStore; } });
+var redis_nonce_store_js_1 = require("./redis-nonce-store.js");
+Object.defineProperty(exports, "RedisNonceStore", { enumerable: true, get: function () { return redis_nonce_store_js_1.RedisNonceStore; } });
+var transport_js_1 = require("./transport.js");
+Object.defineProperty(exports, "HttpsTransportAdapter", { enumerable: true, get: function () { return transport_js_1.HttpsTransportAdapter; } });
+var retry_transport_js_1 = require("./retry-transport.js");
+Object.defineProperty(exports, "RetryTransportAdapter", { enumerable: true, get: function () { return retry_transport_js_1.RetryTransportAdapter; } });
+var trust_registry_js_1 = require("./trust-registry.js");
+Object.defineProperty(exports, "MemoryTrustRegistry", { enumerable: true, get: function () { return trust_registry_js_1.MemoryTrustRegistry; } });
+Object.defineProperty(exports, "HttpTrustRegistry", { enumerable: true, get: function () { return trust_registry_js_1.HttpTrustRegistry; } });
+Object.defineProperty(exports, "FileTrustRegistry", { enumerable: true, get: function () { return trust_registry_js_1.FileTrustRegistry; } });
+Object.defineProperty(exports, "createEnterpriseTrustRegistry", { enumerable: true, get: function () { return trust_registry_js_1.createEnterpriseTrustRegistry; } });
+var key_agreement_js_1 = require("./key-agreement.js");
+Object.defineProperty(exports, "generateEphemeralKeyPair", { enumerable: true, get: function () { return key_agreement_js_1.generateEphemeralKeyPair; } });
+Object.defineProperty(exports, "importX25519PublicKey", { enumerable: true, get: function () { return key_agreement_js_1.importX25519PublicKey; } });
+Object.defineProperty(exports, "deriveSharedKeyECDH", { enumerable: true, get: function () { return key_agreement_js_1.deriveSharedKeyECDH; } });
+Object.defineProperty(exports, "senderKeyAgreement", { enumerable: true, get: function () { return key_agreement_js_1.senderKeyAgreement; } });
+Object.defineProperty(exports, "receiverKeyAgreement", { enumerable: true, get: function () { return key_agreement_js_1.receiverKeyAgreement; } });
+Object.defineProperty(exports, "combineSharedSecrets", { enumerable: true, get: function () { return key_agreement_js_1.combineSharedSecrets; } });
+Object.defineProperty(exports, "senderHybridKeyAgreement", { enumerable: true, get: function () { return key_agreement_js_1.senderHybridKeyAgreement; } });
+Object.defineProperty(exports, "receiverHybridKeyAgreement", { enumerable: true, get: function () { return key_agreement_js_1.receiverHybridKeyAgreement; } });
+var agent_js_1 = require("./agent.js");
+Object.defineProperty(exports, "Agent", { enumerable: true, get: function () { return agent_js_1.Agent; } });
+Object.defineProperty(exports, "parseAgentError", { enumerable: true, get: function () { return agent_js_1.parseAgentError; } });
+var agent_call_js_1 = require("./agent-call.js");
+Object.defineProperty(exports, "call", { enumerable: true, get: function () { return agent_call_js_1.call; } });
+Object.defineProperty(exports, "batchCall", { enumerable: true, get: function () { return agent_call_js_1.batchCall; } });
+Object.defineProperty(exports, "stream", { enumerable: true, get: function () { return agent_call_js_1.stream; } });
+Object.defineProperty(exports, "AgentErrorCode", { enumerable: true, get: function () { return agent_call_js_1.AgentErrorCode; } });
+Object.defineProperty(exports, "ERROR_DETAILS", { enumerable: true, get: function () { return agent_call_js_1.ERROR_DETAILS; } });
+Object.defineProperty(exports, "setToolRegistry", { enumerable: true, get: function () { return agent_call_js_1.setToolRegistry; } });
+Object.defineProperty(exports, "getToolRegistry", { enumerable: true, get: function () { return agent_call_js_1.getToolRegistry; } });
+var agent_call_js_2 = require("./agent-call.js");
+Object.defineProperty(exports, "AgentCallError", { enumerable: true, get: function () { return agent_call_js_2.AgentError; } });
+var xfetch_js_1 = require("./xfetch.js");
+Object.defineProperty(exports, "xfetch", { enumerable: true, get: function () { return xfetch_js_1.xfetch; } });
+Object.defineProperty(exports, "isXBindSupported", { enumerable: true, get: function () { return xfetch_js_1.isXBindSupported; } });
+Object.defineProperty(exports, "getXBindCapability", { enumerable: true, get: function () { return xfetch_js_1.getXBindCapability; } });
+var http_compat_js_1 = require("./http-compat.js");
+Object.defineProperty(exports, "createAxiosCompat", { enumerable: true, get: function () { return http_compat_js_1.createAxiosCompat; } });
+Object.defineProperty(exports, "createGotCompat", { enumerable: true, get: function () { return http_compat_js_1.createGotCompat; } });
+Object.defineProperty(exports, "wrapFetch", { enumerable: true, get: function () { return http_compat_js_1.wrapFetch; } });
+var security_policy_js_1 = require("./security-policy.js");
+Object.defineProperty(exports, "DefaultSecurityPolicy", { enumerable: true, get: function () { return security_policy_js_1.DefaultSecurityPolicy; } });
+Object.defineProperty(exports, "describeSecurityMode", { enumerable: true, get: function () { return security_policy_js_1.describeSecurityMode; } });
+var policy_js_1 = require("./policy.js");
+Object.defineProperty(exports, "PolicyEngine", { enumerable: true, get: function () { return policy_js_1.PolicyEngine; } });
+Object.defineProperty(exports, "getGlobalPolicyEngine", { enumerable: true, get: function () { return policy_js_1.getGlobalPolicyEngine; } });
+var approval_js_1 = require("./approval.js");
+Object.defineProperty(exports, "ApprovalFlow", { enumerable: true, get: function () { return approval_js_1.ApprovalFlow; } });
+Object.defineProperty(exports, "CLIApprovalPresenter", { enumerable: true, get: function () { return approval_js_1.CLIApprovalPresenter; } });
+Object.defineProperty(exports, "ApprovalError", { enumerable: true, get: function () { return approval_js_1.ApprovalError; } });
+Object.defineProperty(exports, "ApprovalErrorCode", { enumerable: true, get: function () { return approval_js_1.ApprovalErrorCode; } });
+// Guardrails (enhanced error messages with actionable suggestions)
+var guardrails_js_1 = require("./guardrails.js");
+Object.defineProperty(exports, "PolicyDenied", { enumerable: true, get: function () { return guardrails_js_1.PolicyDenied; } });
+Object.defineProperty(exports, "Guardrails", { enumerable: true, get: function () { return guardrails_js_1.Guardrails; } });
+Object.defineProperty(exports, "extractSuggestion", { enumerable: true, get: function () { return guardrails_js_1.extractSuggestion; } });
+Object.defineProperty(exports, "toPolicyDenied", { enumerable: true, get: function () { return guardrails_js_1.toPolicyDenied; } });
+// Registry auth middleware
+var registry_middleware_js_1 = require("./registry-middleware.js");
+Object.defineProperty(exports, "createRegistryAuthMiddleware", { enumerable: true, get: function () { return registry_middleware_js_1.createRegistryAuthMiddleware; } });
+var gateway_transport_js_1 = require("./gateway-transport.js");
+Object.defineProperty(exports, "GatewayTransport", { enumerable: true, get: function () { return gateway_transport_js_1.GatewayTransport; } });
+var did_web_js_1 = require("./did-web.js");
+Object.defineProperty(exports, "DidWebResolver", { enumerable: true, get: function () { return did_web_js_1.DidWebResolver; } });
+Object.defineProperty(exports, "didWebToUrl", { enumerable: true, get: function () { return did_web_js_1.didWebToUrl; } });
+var did_document_js_1 = require("./did-document.js");
+Object.defineProperty(exports, "generateDidDocument", { enumerable: true, get: function () { return did_document_js_1.generateDidDocument; } });
+Object.defineProperty(exports, "resolveDid", { enumerable: true, get: function () { return did_document_js_1.resolveDid; } });
+Object.defineProperty(exports, "getServiceEndpoints", { enumerable: true, get: function () { return did_document_js_1.getServiceEndpoints; } });
+// did:privateme method (Mechanism 4: new DID format for PRIVATE.ME)
+var did_privateme_js_1 = require("./did-privateme.js");
+Object.defineProperty(exports, "publicKeyToPrivateMeDid", { enumerable: true, get: function () { return did_privateme_js_1.publicKeyToPrivateMeDid; } });
+Object.defineProperty(exports, "privateMeDidToPublicKeyBytes", { enumerable: true, get: function () { return did_privateme_js_1.privateMeDidToPublicKeyBytes; } });
+Object.defineProperty(exports, "isPrivateMeDid", { enumerable: true, get: function () { return did_privateme_js_1.isPrivateMeDid; } });
+Object.defineProperty(exports, "isDidKeyFormat", { enumerable: true, get: function () { return did_privateme_js_1.isDidKeyFormat; } });
+Object.defineProperty(exports, "convertDidFormat", { enumerable: true, get: function () { return did_privateme_js_1.convertDidFormat; } });
+Object.defineProperty(exports, "normalizeDid", { enumerable: true, get: function () { return did_privateme_js_1.normalizeDid; } });
+Object.defineProperty(exports, "parseDid", { enumerable: true, get: function () { return did_privateme_js_1.parseDid; } });
+var split_channel_js_1 = require("./split-channel.js");
+Object.defineProperty(exports, "splitForChannel", { enumerable: true, get: function () { return split_channel_js_1.splitForChannel; } });
+Object.defineProperty(exports, "splitForChannelWithGroupId", { enumerable: true, get: function () { return split_channel_js_1.splitForChannelWithGroupId; } });
+Object.defineProperty(exports, "reconstructFromChannel", { enumerable: true, get: function () { return split_channel_js_1.reconstructFromChannel; } });
+Object.defineProperty(exports, "DEFAULT_SPLIT_CONFIG", { enumerable: true, get: function () { return split_channel_js_1.DEFAULT_SPLIT_CONFIG; } });
+var auth_js_1 = require("./auth.js");
+Object.defineProperty(exports, "requestAuth", { enumerable: true, get: function () { return auth_js_1.requestAuth; } });
+Object.defineProperty(exports, "respondToChallenge", { enumerable: true, get: function () { return auth_js_1.respondToChallenge; } });
+Object.defineProperty(exports, "onChallenge", { enumerable: true, get: function () { return auth_js_1.onChallenge; } });
+Object.defineProperty(exports, "generateRegistrationQR", { enumerable: true, get: function () { return auth_js_1.generateRegistrationQR; } });
+var xchange_1 = require("../_deps/xchange/index.js");
+Object.defineProperty(exports, "generateXchangeKey", { enumerable: true, get: function () { return xchange_1.generateXchangeKey; } });
+Object.defineProperty(exports, "xchangeEncrypt", { enumerable: true, get: function () { return xchange_1.xchangeEncrypt; } });
+Object.defineProperty(exports, "xchangeDecrypt", { enumerable: true, get: function () { return xchange_1.xchangeDecrypt; } });
+var xchange_2 = require("../_deps/xchange/index.js");
+Object.defineProperty(exports, "AES_KEY_BYTES", { enumerable: true, get: function () { return xchange_2.AES_KEY_BYTES; } });
+Object.defineProperty(exports, "AES_IV_BYTES", { enumerable: true, get: function () { return xchange_2.AES_IV_BYTES; } });
+Object.defineProperty(exports, "BUNDLE_HEADER_BYTES", { enumerable: true, get: function () { return xchange_2.BUNDLE_HEADER_BYTES; } });
+// Error class hierarchy (supplementary — existing string codes unchanged)
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "XBindError", { enumerable: true, get: function () { return errors_js_1.XBindError; } });
+Object.defineProperty(exports, "XBindIdentityError", { enumerable: true, get: function () { return errors_js_1.XBindIdentityError; } });
+Object.defineProperty(exports, "XBindEnvelopeError", { enumerable: true, get: function () { return errors_js_1.XBindEnvelopeError; } });
+Object.defineProperty(exports, "XBindTransportError", { enumerable: true, get: function () { return errors_js_1.XBindTransportError; } });
+Object.defineProperty(exports, "XBindRegistryError", { enumerable: true, get: function () { return errors_js_1.XBindRegistryError; } });
+Object.defineProperty(exports, "XBindKeyAgreementError", { enumerable: true, get: function () { return errors_js_1.XBindKeyAgreementError; } });
+Object.defineProperty(exports, "XBindSplitChannelError", { enumerable: true, get: function () { return errors_js_1.XBindSplitChannelError; } });
+Object.defineProperty(exports, "XBindAgentError", { enumerable: true, get: function () { return errors_js_1.XBindAgentError; } });
+Object.defineProperty(exports, "toXBindError", { enumerable: true, get: function () { return errors_js_1.toXBindError; } });
+Object.defineProperty(exports, "isXBindError", { enumerable: true, get: function () { return errors_js_1.isXBindError; } });
+Object.defineProperty(exports, "createXBindErrorDetail", { enumerable: true, get: function () { return errors_js_1.createXBindErrorDetail; } });
+var ux_helpers_1 = require("../_deps/ux-helpers/index.js");
+Object.defineProperty(exports, "ProgressReporter", { enumerable: true, get: function () { return ux_helpers_1.ProgressReporter; } });
+Object.defineProperty(exports, "createStagedProgress", { enumerable: true, get: function () { return ux_helpers_1.createStagedProgress; } });
+Object.defineProperty(exports, "createDetailedError", { enumerable: true, get: function () { return ux_helpers_1.createDetailedError; } });
+Object.defineProperty(exports, "formatErrorForUser", { enumerable: true, get: function () { return ux_helpers_1.formatErrorForUser; } });
+Object.defineProperty(exports, "formatErrorForLog", { enumerable: true, get: function () { return ux_helpers_1.formatErrorForLog; } });
+Object.defineProperty(exports, "isACIError", { enumerable: true, get: function () { return ux_helpers_1.isACIError; } });
+Object.defineProperty(exports, "toACIError", { enumerable: true, get: function () { return ux_helpers_1.toACIError; } });
+Object.defineProperty(exports, "paginate", { enumerable: true, get: function () { return ux_helpers_1.paginate; } });
+Object.defineProperty(exports, "createPaginationMetadata", { enumerable: true, get: function () { return ux_helpers_1.createPaginationMetadata; } });
+Object.defineProperty(exports, "search", { enumerable: true, get: function () { return ux_helpers_1.search; } });
+var discovery_js_1 = require("./discovery.js");
+Object.defineProperty(exports, "ServiceDiscovery", { enumerable: true, get: function () { return discovery_js_1.ServiceDiscovery; } });
+Object.defineProperty(exports, "DiscoveryErrorCode", { enumerable: true, get: function () { return discovery_js_1.DiscoveryErrorCode; } });
+var mdns_discovery_js_1 = require("./mdns-discovery.js");
+Object.defineProperty(exports, "MdnsDiscoveryManager", { enumerable: true, get: function () { return mdns_discovery_js_1.MdnsDiscoveryManager; } });
+var invite_js_1 = require("./invite.js");
+Object.defineProperty(exports, "InviteService", { enumerable: true, get: function () { return invite_js_1.InviteService; } });
+Object.defineProperty(exports, "InviteErrorCode", { enumerable: true, get: function () { return invite_js_1.InviteErrorCode; } });
+var dual_mode_js_1 = require("./dual-mode.js");
+Object.defineProperty(exports, "DualModeAdapter", { enumerable: true, get: function () { return dual_mode_js_1.DualModeAdapter; } });
+Object.defineProperty(exports, "DualModeErrorCode", { enumerable: true, get: function () { return dual_mode_js_1.DualModeErrorCode; } });
+var pairing_manager_js_1 = require("./pairing-manager.js");
+Object.defineProperty(exports, "PairingManager", { enumerable: true, get: function () { return pairing_manager_js_1.PairingManager; } });
+var connect_js_1 = require("./connect.js");
+Object.defineProperty(exports, "connect", { enumerable: true, get: function () { return connect_js_1.connect; } });
+Object.defineProperty(exports, "acceptInvite", { enumerable: true, get: function () { return connect_js_1.acceptInvite; } });
+Object.defineProperty(exports, "ConnectErrorCode", { enumerable: true, get: function () { return connect_js_1.ConnectErrorCode; } });
+var auto_accept_js_1 = require("./auto-accept.js");
+Object.defineProperty(exports, "autoAcceptInvite", { enumerable: true, get: function () { return auto_accept_js_1.autoAcceptInvite; } });
+Object.defineProperty(exports, "AutoAcceptErrorCode", { enumerable: true, get: function () { return auto_accept_js_1.AutoAcceptErrorCode; } });
+var lazy_init_js_1 = require("./lazy-init.js");
+Object.defineProperty(exports, "LazyAgent", { enumerable: true, get: function () { return lazy_init_js_1.LazyAgent; } });
+Object.defineProperty(exports, "createLazyAgent", { enumerable: true, get: function () { return lazy_init_js_1.createLazyAgent; } });
+Object.defineProperty(exports, "LazyAgentErrorCode", { enumerable: true, get: function () { return lazy_init_js_1.LazyAgentErrorCode; } });
+var invitation_js_1 = require("./invitation.js");
+Object.defineProperty(exports, "InvitationErrorCode", { enumerable: true, get: function () { return invitation_js_1.InvitationErrorCode; } });
+Object.defineProperty(exports, "InvitationClient", { enumerable: true, get: function () { return invitation_js_1.InvitationClient; } });
+Object.defineProperty(exports, "InvitationStore", { enumerable: true, get: function () { return invitation_js_1.InvitationStore; } });
+Object.defineProperty(exports, "generateInvitationToken", { enumerable: true, get: function () { return invitation_js_1.generateInvitationToken; } });
+var agent_sdk_js_1 = require("./agent-sdk.js");
+Object.defineProperty(exports, "AgentBuilder", { enumerable: true, get: function () { return agent_sdk_js_1.AgentBuilder; } });
+// DID Succession (trust infrastructure)
+var succession_js_1 = require("./succession.js");
+Object.defineProperty(exports, "createSuccession", { enumerable: true, get: function () { return succession_js_1.createSuccession; } });
+Object.defineProperty(exports, "verifySuccession", { enumerable: true, get: function () { return succession_js_1.verifySuccession; } });
+Object.defineProperty(exports, "encodeSuccession", { enumerable: true, get: function () { return succession_js_1.encodeSuccession; } });
+Object.defineProperty(exports, "decodeSuccession", { enumerable: true, get: function () { return succession_js_1.decodeSuccession; } });
+// Gateway Connection State (trust infrastructure)
+var gateway_state_js_1 = require("./gateway-state.js");
+Object.defineProperty(exports, "GatewayConnectionState", { enumerable: true, get: function () { return gateway_state_js_1.GatewayConnectionState; } });
+var checkpoint_js_1 = require("./checkpoint.js");
+Object.defineProperty(exports, "createCheckpoint", { enumerable: true, get: function () { return checkpoint_js_1.createCheckpoint; } });
+Object.defineProperty(exports, "verifyCheckpoint", { enumerable: true, get: function () { return checkpoint_js_1.verifyCheckpoint; } });
+Object.defineProperty(exports, "isCacheStale", { enumerable: true, get: function () { return checkpoint_js_1.isCacheStale; } });
+Object.defineProperty(exports, "encodeCheckpoint", { enumerable: true, get: function () { return checkpoint_js_1.encodeCheckpoint; } });
+Object.defineProperty(exports, "decodeCheckpoint", { enumerable: true, get: function () { return checkpoint_js_1.decodeCheckpoint; } });
+var subscription_proof_js_1 = require("./subscription-proof.js");
+Object.defineProperty(exports, "createSubscriptionProof", { enumerable: true, get: function () { return subscription_proof_js_1.createSubscriptionProof; } });
+Object.defineProperty(exports, "verifySubscriptionProof", { enumerable: true, get: function () { return subscription_proof_js_1.verifySubscriptionProof; } });
+Object.defineProperty(exports, "resumeSubscription", { enumerable: true, get: function () { return subscription_proof_js_1.resumeSubscription; } });
+Object.defineProperty(exports, "hashBloomFilter", { enumerable: true, get: function () { return subscription_proof_js_1.hashBloomFilter; } });
+var backup_config_js_1 = require("./backup-config.js");
+Object.defineProperty(exports, "DEFAULT_BACKUP_CONFIG", { enumerable: true, get: function () { return backup_config_js_1.DEFAULT_BACKUP_CONFIG; } });
+Object.defineProperty(exports, "validateBackupConfig", { enumerable: true, get: function () { return backup_config_js_1.validateBackupConfig; } });
+Object.defineProperty(exports, "splitKeyWithBackup", { enumerable: true, get: function () { return backup_config_js_1.splitKeyWithBackup; } });
+Object.defineProperty(exports, "reconstructKeyFromBackup", { enumerable: true, get: function () { return backup_config_js_1.reconstructKeyFromBackup; } });

package/dist-standalone/cjs/invitation.js

@@ -0,0 +1,421 @@
+"use strict";
+/**
+ * @module invitation
+ * Growth hack: Turn recipient-not-found failures into invitation opportunities.
+ *
+ * When agent.send() fails because recipient is not registered, this module
+ * provides an invitation mechanism to turn failures into viral growth.
+ *
+ * Flow:
+ * 1. Sender calls agent.send({ to: 'unregistered@example.com', ... })
+ * 2. send() fails with RECIPIENT_NOT_FOUND
+ * 3. Error includes invitationToken and inviteUrl
+ * 4. Sender shares URL with recipient
+ * 5. Recipient clicks link, signs up, joins Xail
+ * 6. Connection auto-establishes
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvitationStore = exports.InvitationClient = exports.InvitationErrorCode = void 0;
+exports.generateInvitationToken = generateInvitationToken;
+const shared_1 = require("../_deps/shared/index.js");
+/**
+ * Error codes for invitation operations.
+ */
+var InvitationErrorCode;
+(function (InvitationErrorCode) {
+    /** Invitation token is invalid format */
+    InvitationErrorCode["INVALID_TOKEN"] = "INVITATION_INVALID_TOKEN";
+    /** Invitation token has expired */
+    InvitationErrorCode["EXPIRED_TOKEN"] = "INVITATION_EXPIRED_TOKEN";
+    /** Invitation token already redeemed */
+    InvitationErrorCode["ALREADY_REDEEMED"] = "INVITATION_ALREADY_REDEEMED";
+    /** Rate limit exceeded (10 invitations/day per DID) */
+    InvitationErrorCode["RATE_LIMIT_EXCEEDED"] = "INVITATION_RATE_LIMIT_EXCEEDED";
+    /** Server communication failed */
+    InvitationErrorCode["SERVER_ERROR"] = "INVITATION_SERVER_ERROR";
+})(InvitationErrorCode || (exports.InvitationErrorCode = InvitationErrorCode = {}));
+/**
+ * Client-side invitation manager.
+ * Creates invitations after send() failures and manages their lifecycle.
+ */
+class InvitationClient {
+    invitationApiUrl;
+    /**
+     * Create invitation client.
+     *
+     * @param options - Configuration
+     * @param options.invitationApiUrl - Invitation API URL (default: https://api.private.me)
+     *
+     * @example
+     * ```ts
+     * const inviteClient = new InvitationClient();
+     * ```
+     */
+    constructor(options = {}) {
+        this.invitationApiUrl = options.invitationApiUrl || 'https://api.private.me';
+    }
+    /**
+     * Create an invitation for a recipient who is not yet registered.
+     *
+     * Called automatically when agent.send() returns RECIPIENT_NOT_FOUND.
+     * Generates a time-limited invitation token that can be shared via email/SMS.
+     *
+     * @param senderDid - DID of the agent sending the invitation
+     * @param recipientContact - Email address or identifier of recipient
+     * @param expiryDays - Days until invitation expires (default: 7)
+     * @returns Invitation token with shareable URL or error
+     *
+     * @example
+     * ```ts
+     * const inviteResult = await inviteClient.create(
+     *   'did:key:z6Mk...',
+     *   'alice@example.com',
+     *   7 // 7-day expiry
+     * );
+     *
+     * if (inviteResult.ok) {
+     *   // Share inviteResult.value.inviteUrl with recipient
+     *   console.log('Share this link:', inviteResult.value.inviteUrl);
+     * } else {
+     *   // Handle error
+     *   console.error('Failed:', inviteResult.error.message);
+     * }
+     * ```
+     */
+    async create(senderDid, recipientContact, expiryDays = 7) {
+        try {
+            const response = await fetch(`${this.invitationApiUrl}/invitations/create`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    senderDid,
+                    recipientContact,
+                    expiryDays,
+                }),
+            });
+            if (response.status === 429) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.RATE_LIMIT_EXCEEDED,
+                    message: 'Too many invitations created. Limit: 10 per day',
+                    hint: 'Wait before creating more invitations',
+                });
+            }
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.SERVER_ERROR,
+                    message: `Server error: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)({
+                token: data.token,
+                expiresAt: new Date(data.expiresAt),
+                senderDid: data.senderDid,
+                recipientContact: data.recipientContact,
+                inviteUrl: data.inviteUrl,
+            });
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.SERVER_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Redeem an invitation token and create a new DID for the recipient.
+     *
+     * Called by recipient after clicking invitation link.
+     * Returns a new DID that can be used immediately for messaging.
+     *
+     * @param token - Invitation token from URL query parameter
+     * @returns New DID for recipient or error
+     *
+     * @example
+     * ```ts
+     * // From URL: https://private.me/invite?token=abc123
+     * const urlParams = new URLSearchParams(window.location.search);
+     * const token = urlParams.get('token');
+     *
+     * const redeemResult = await inviteClient.redeem(token);
+     * if (redeemResult.ok) {
+     *   // Auto-create agent with new DID
+     *   const agent = await Agent.create(redeemResult.value);
+     * } else {
+     *   // Handle: expired, already used, invalid
+     *   console.error(redeemResult.error.message);
+     * }
+     * ```
+     */
+    async redeem(token) {
+        try {
+            if (!token || typeof token !== 'string') {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.INVALID_TOKEN,
+                    message: 'Invitation token is required',
+                });
+            }
+            const response = await fetch(`${this.invitationApiUrl}/invitations/redeem`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ token }),
+            });
+            if (response.status === 400) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.INVALID_TOKEN,
+                    message: 'Invitation token is invalid',
+                    hint: 'Check the token in your URL',
+                });
+            }
+            if (response.status === 410) {
+                const data = await response.json();
+                if (data.reason === 'expired') {
+                    return (0, shared_1.err)({
+                        code: InvitationErrorCode.EXPIRED_TOKEN,
+                        message: 'Invitation has expired',
+                        hint: 'Ask the sender for a new invitation',
+                    });
+                }
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.ALREADY_REDEEMED,
+                    message: 'Invitation has already been used',
+                    hint: 'Each invitation can only be used once',
+                });
+            }
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.SERVER_ERROR,
+                    message: `Server error: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)(data.did);
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.SERVER_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Get invitation details without redeeming.
+     *
+     * Used to preview sender name before accepting invitation.
+     *
+     * @param token - Invitation token
+     * @returns Invitation details or error
+     *
+     * @example
+     * ```ts
+     * const detailsResult = await inviteClient.get(token);
+     * if (detailsResult.ok) {
+     *   console.log(`${detailsResult.value.senderDid} invited you`);
+     * }
+     * ```
+     */
+    async get(token) {
+        try {
+            const response = await fetch(`${this.invitationApiUrl}/invitations/${encodeURIComponent(token)}`, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (response.status === 404) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.INVALID_TOKEN,
+                    message: 'Invitation not found',
+                });
+            }
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: InvitationErrorCode.SERVER_ERROR,
+                    message: `Server error: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)({
+                senderDid: data.senderDid,
+                recipientContact: data.recipientContact,
+                expiresAt: new Date(data.expiresAt),
+            });
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.SERVER_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+}
+exports.InvitationClient = InvitationClient;
+/**
+ * Server-side invitation store (in-memory with JSONL persistence).
+ * Used by /invitations/* API endpoints.
+ */
+class InvitationStore {
+    invitations = new Map();
+    redeemedTokens = new Set();
+    /** Track invitation creation per DID for rate limiting (10/day) */
+    creationCounts = new Map();
+    /**
+     * Create an invitation and return token + expiry.
+     * Enforces rate limit: 10 invitations per DID per 24 hours.
+     *
+     * @param senderDid - DID creating the invitation
+     * @param recipientContact - Email or identifier
+     * @param expiryDays - Days until expiry
+     * @returns Token + metadata or error
+     */
+    create(senderDid, recipientContact, expiryDays = 7) {
+        // Check rate limit
+        const now = Date.now();
+        const limit = this.creationCounts.get(senderDid);
+        if (limit && limit.count >= 10 && now < limit.resetTime) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.RATE_LIMIT_EXCEEDED,
+                message: 'Rate limit exceeded. Maximum 10 invitations per day.',
+            });
+        }
+        // Reset counter if window expired
+        if (limit && now >= limit.resetTime) {
+            this.creationCounts.delete(senderDid);
+        }
+        // Generate token
+        const token = generateInvitationToken();
+        const expiresAt = now + (expiryDays * 24 * 60 * 60 * 1000);
+        const invitation = {
+            token,
+            senderDid,
+            recipientContact,
+            createdAt: now,
+            expiresAt,
+            redeemed: false,
+        };
+        this.invitations.set(token, invitation);
+        // Update rate limit counter
+        if (!limit) {
+            this.creationCounts.set(senderDid, {
+                count: 1,
+                resetTime: now + (24 * 60 * 60 * 1000), // 24-hour window
+            });
+        }
+        else {
+            limit.count += 1;
+        }
+        return (0, shared_1.ok)(invitation);
+    }
+    /**
+     * Get invitation by token without marking as redeemed.
+     *
+     * @param token - Token to lookup
+     * @returns Invitation or error
+     */
+    get(token) {
+        const invitation = this.invitations.get(token);
+        if (!invitation) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.INVALID_TOKEN,
+                message: 'Invitation not found',
+            });
+        }
+        const now = Date.now();
+        if (now > invitation.expiresAt) {
+            // Clean up expired invitation
+            this.invitations.delete(token);
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.EXPIRED_TOKEN,
+                message: 'Invitation has expired',
+            });
+        }
+        if (invitation.redeemed) {
+            return (0, shared_1.err)({
+                code: InvitationErrorCode.ALREADY_REDEEMED,
+                message: 'Invitation has already been redeemed',
+            });
+        }
+        return (0, shared_1.ok)(invitation);
+    }
+    /**
+     * Redeem an invitation (one-time use).
+     * Mark as redeemed and generate new DID.
+     *
+     * @param token - Token to redeem
+     * @returns New DID or error
+     */
+    redeem(token) {
+        const getResult = this.get(token);
+        if (!getResult.ok) {
+            return getResult;
+        }
+        const invitation = getResult.value;
+        invitation.redeemed = true;
+        this.redeemedTokens.add(token);
+        // Generate DID for recipient
+        const did = generateRecipientDid(invitation.senderDid, invitation.recipientContact);
+        return (0, shared_1.ok)(did);
+    }
+    /**
+     * Clean up expired invitations (run daily).
+     * @returns Number of invitations deleted
+     */
+    cleanup() {
+        const now = Date.now();
+        let count = 0;
+        for (const [token, invitation] of this.invitations.entries()) {
+            if (now > invitation.expiresAt || invitation.redeemed) {
+                this.invitations.delete(token);
+                count += 1;
+            }
+        }
+        return count;
+    }
+    /** Get active invitation count */
+    get count() {
+        return this.invitations.size;
+    }
+}
+exports.InvitationStore = InvitationStore;
+/**
+ * Generate a cryptographically secure invitation token.
+ * Format: 48-character hex string (192 bits).
+ * @returns Random token
+ */
+function generateInvitationToken() {
+    const bytes = new Uint8Array(24);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Generate a deterministic DID for invited recipient.
+ * Ensures consistent identity across sessions.
+ *
+ * @param senderDid - DID of sender
+ * @param recipientContact - Email or identifier
+ * @returns Generated DID for recipient
+ */
+function generateRecipientDid(senderDid, recipientContact) {
+    // Create a simple derived identifier
+    // In production: derive from email + hash(senderDid) for uniqueness
+    const hash = hashString(`${senderDid}:${recipientContact}`);
+    return `did:key:z6Mk${hash}`;
+}
+/**
+ * Simple hash function for DID generation.
+ * @param input - String to hash
+ * @returns Hex string
+ */
+function hashString(input) {
+    let hash = 0;
+    for (let i = 0; i < input.length; i += 1) {
+        hash = ((hash << 5) - hash) + input.charCodeAt(i);
+        hash = hash & hash; // Convert to 32bit integer
+    }
+    return Math.abs(hash).toString(16).padStart(8, '0');
+}