npm - @private.me/xbind - Versions diffs - 1.2.0 - Mend

@private.me/xbind 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/AGENTS.md +778 -0
package/LICENSE.md +27 -0
package/README.md +400 -0
package/dist-standalone/_deps/crypto/base64.d.ts +29 -0
package/dist-standalone/_deps/crypto/base64.js +97 -0
package/dist-standalone/_deps/crypto/cjs/base64.js +103 -0
package/dist-standalone/_deps/crypto/cjs/errors.js +119 -0
package/dist-standalone/_deps/crypto/cjs/hmac.js +71 -0
package/dist-standalone/_deps/crypto/cjs/index.js +86 -0
package/dist-standalone/_deps/crypto/cjs/padding.js +57 -0
package/dist-standalone/_deps/crypto/cjs/share-header.js +68 -0
package/dist-standalone/_deps/crypto/cjs/shares.js +152 -0
package/dist-standalone/_deps/crypto/cjs/tlv.js +199 -0
package/dist-standalone/_deps/crypto/cjs/uuid.js +61 -0
package/dist-standalone/_deps/crypto/cjs/verify.js +24 -0
package/dist-standalone/_deps/crypto/cjs/xorida.js +221 -0
package/dist-standalone/_deps/crypto/errors.d.ts +51 -0
package/dist-standalone/_deps/crypto/errors.js +109 -0
package/dist-standalone/_deps/crypto/hmac.d.ts +39 -0
package/dist-standalone/_deps/crypto/hmac.js +66 -0
package/dist-standalone/_deps/crypto/index.d.ts +20 -0
package/dist-standalone/_deps/crypto/index.js +45 -0
package/dist-standalone/_deps/crypto/padding.d.ts +19 -0
package/dist-standalone/_deps/crypto/padding.js +53 -0
package/dist-standalone/_deps/crypto/share-header.d.ts +44 -0
package/dist-standalone/_deps/crypto/share-header.js +63 -0
package/dist-standalone/_deps/crypto/shares.d.ts +27 -0
package/dist-standalone/_deps/crypto/shares.js +148 -0
package/dist-standalone/_deps/crypto/tlv.d.ts +26 -0
package/dist-standalone/_deps/crypto/tlv.js +195 -0
package/dist-standalone/_deps/crypto/uuid.d.ts +22 -0
package/dist-standalone/_deps/crypto/uuid.js +56 -0
package/dist-standalone/_deps/crypto/verify.d.ts +15 -0
package/dist-standalone/_deps/crypto/verify.js +15 -0
package/dist-standalone/_deps/crypto/xorida.d.ts +44 -0
package/dist-standalone/_deps/crypto/xorida.js +215 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +24 -0
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -0
package/dist-standalone/_deps/mldsa-wasm/package.json +46 -0
package/dist-standalone/_deps/mldsa-wasm/types/mldsa.d.ts +30 -0
package/dist-standalone/_deps/shared/cjs/errors.js +582 -0
package/dist-standalone/_deps/shared/cjs/index.js +492 -0
package/dist-standalone/_deps/shared/cjs/package.json +1 -0
package/dist-standalone/_deps/shared/cjs/types.js +403 -0
package/dist-standalone/_deps/shared/errors.d.ts +48 -0
package/dist-standalone/_deps/shared/errors.d.ts.map +1 -0
package/dist-standalone/_deps/shared/errors.js +192 -0
package/dist-standalone/_deps/shared/errors.js.map +1 -0
package/dist-standalone/_deps/shared/index.d.ts +4 -0
package/dist-standalone/_deps/shared/index.d.ts.map +1 -0
package/dist-standalone/_deps/shared/index.js +78 -0
package/dist-standalone/_deps/shared/index.js.map +1 -0
package/dist-standalone/_deps/shared/types.d.ts +1097 -0
package/dist-standalone/_deps/shared/types.d.ts.map +1 -0
package/dist-standalone/_deps/shared/types.js +89 -0
package/dist-standalone/_deps/shared/types.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts +115 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts +13 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/package.json +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts +39 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +83 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts +99 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +143 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts +32 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.js +119 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts +109 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.js +8 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/errors.d.ts +115 -0
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/errors.js +253 -0
package/dist-standalone/_deps/ux-helpers/errors.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/index.d.ts +13 -0
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/index.js +16 -0
package/dist-standalone/_deps/ux-helpers/index.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/pagination.d.ts +39 -0
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/pagination.js +79 -0
package/dist-standalone/_deps/ux-helpers/pagination.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/progress.d.ts +99 -0
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/progress.js +138 -0
package/dist-standalone/_deps/ux-helpers/progress.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/search.d.ts +32 -0
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/search.js +116 -0
package/dist-standalone/_deps/ux-helpers/search.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/types.d.ts +109 -0
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/types.js +7 -0
package/dist-standalone/_deps/ux-helpers/types.js.map +1 -0
package/dist-standalone/_deps/xchange/auto-accept.d.ts +127 -0
package/dist-standalone/_deps/xchange/auto-accept.js +1 -0
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -0
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -0
package/dist-standalone/_deps/xchange/cjs/index.js +1 -0
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -0
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -0
package/dist-standalone/_deps/xchange/cjs/package.json +1 -0
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -0
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -0
package/dist-standalone/_deps/xchange/errors.d.ts +69 -0
package/dist-standalone/_deps/xchange/errors.js +1 -0
package/dist-standalone/_deps/xchange/index.d.ts +15 -0
package/dist-standalone/_deps/xchange/index.js +1 -0
package/dist-standalone/_deps/xchange/invite-client.d.ts +178 -0
package/dist-standalone/_deps/xchange/invite-client.js +1 -0
package/dist-standalone/_deps/xchange/lazy-init.d.ts +176 -0
package/dist-standalone/_deps/xchange/lazy-init.js +1 -0
package/dist-standalone/_deps/xchange/trust-integration.d.ts +102 -0
package/dist-standalone/_deps/xchange/trust-integration.js +1 -0
package/dist-standalone/_deps/xchange/xchange.d.ts +60 -0
package/dist-standalone/_deps/xchange/xchange.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/package.json +1 -0
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -0
package/dist-standalone/_deps/xregistry/discovery.d.ts +126 -0
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/discovery.js +1 -0
package/dist-standalone/_deps/xregistry/discovery.js.map +1 -0
package/dist-standalone/_deps/xregistry/errors.d.ts +41 -0
package/dist-standalone/_deps/xregistry/errors.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/errors.js +1 -0
package/dist-standalone/_deps/xregistry/errors.js.map +1 -0
package/dist-standalone/_deps/xregistry/index.d.ts +8 -0
package/dist-standalone/_deps/xregistry/index.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/index.js +1 -0
package/dist-standalone/_deps/xregistry/index.js.map +1 -0
package/dist-standalone/_deps/xregistry/registry.d.ts +85 -0
package/dist-standalone/_deps/xregistry/registry.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/registry.js +1 -0
package/dist-standalone/_deps/xregistry/registry.js.map +1 -0
package/dist-standalone/_deps/xregistry/schema.d.ts +81 -0
package/dist-standalone/_deps/xregistry/schema.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/schema.js +1 -0
package/dist-standalone/_deps/xregistry/schema.js.map +1 -0
package/dist-standalone/_deps/xregistry/types.d.ts +95 -0
package/dist-standalone/_deps/xregistry/types.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/types.js +1 -0
package/dist-standalone/_deps/xregistry/types.js.map +1 -0
package/dist-standalone/agent-call.d.ts +286 -0
package/dist-standalone/agent-call.js +642 -0
package/dist-standalone/agent-sdk.d.ts +207 -0
package/dist-standalone/agent-sdk.js +328 -0
package/dist-standalone/agent.d.ts +670 -0
package/dist-standalone/agent.js +1529 -0
package/dist-standalone/approval.d.ts +145 -0
package/dist-standalone/approval.js +193 -0
package/dist-standalone/auth.d.ts +75 -0
package/dist-standalone/auth.js +219 -0
package/dist-standalone/auto-accept.d.ts +102 -0
package/dist-standalone/auto-accept.js +229 -0
package/dist-standalone/backup-config.d.ts +150 -0
package/dist-standalone/backup-config.js +201 -0
package/dist-standalone/checkpoint.d.ts +125 -0
package/dist-standalone/checkpoint.js +186 -0
package/dist-standalone/cjs/agent-call.js +651 -0
package/dist-standalone/cjs/agent-sdk.js +332 -0
package/dist-standalone/cjs/agent.js +1566 -0
package/dist-standalone/cjs/approval.js +199 -0
package/dist-standalone/cjs/auth.js +225 -0
package/dist-standalone/cjs/auto-accept.js +233 -0
package/dist-standalone/cjs/backup-config.js +207 -0
package/dist-standalone/cjs/checkpoint.js +193 -0
package/dist-standalone/cjs/cli/init.js +487 -0
package/dist-standalone/cjs/connect.js +312 -0
package/dist-standalone/cjs/did-document.js +101 -0
package/dist-standalone/cjs/did-privateme.js +130 -0
package/dist-standalone/cjs/did-web.js +201 -0
package/dist-standalone/cjs/discovery.js +462 -0
package/dist-standalone/cjs/dual-mode.js +251 -0
package/dist-standalone/cjs/email-templates.js +313 -0
package/dist-standalone/cjs/email-transport.js +239 -0
package/dist-standalone/cjs/envelope.js +510 -0
package/dist-standalone/cjs/errors.js +562 -0
package/dist-standalone/cjs/gateway-state.js +55 -0
package/dist-standalone/cjs/gateway-transport.js +120 -0
package/dist-standalone/cjs/guardrails.js +223 -0
package/dist-standalone/cjs/http-compat.js +272 -0
package/dist-standalone/cjs/identity.js +541 -0
package/dist-standalone/cjs/index.js +224 -0
package/dist-standalone/cjs/invitation.js +421 -0
package/dist-standalone/cjs/invite.js +328 -0
package/dist-standalone/cjs/key-agreement.js +246 -0
package/dist-standalone/cjs/lazy-init.js +300 -0
package/dist-standalone/cjs/mdns-discovery.js +202 -0
package/dist-standalone/cjs/nonce-store.js +66 -0
package/dist-standalone/cjs/package.json +3 -0
package/dist-standalone/cjs/pairing-manager.js +223 -0
package/dist-standalone/cjs/policy.js +320 -0
package/dist-standalone/cjs/redis-nonce-store.js +76 -0
package/dist-standalone/cjs/registry-middleware.js +50 -0
package/dist-standalone/cjs/retry-transport.js +102 -0
package/dist-standalone/cjs/security-policy.js +204 -0
package/dist-standalone/cjs/split-channel.js +177 -0
package/dist-standalone/cjs/subscription-proof.js +230 -0
package/dist-standalone/cjs/succession.js +148 -0
package/dist-standalone/cjs/transport.js +63 -0
package/dist-standalone/cjs/trust-registry.js +742 -0
package/dist-standalone/cjs/verify.js +25 -0
package/dist-standalone/cjs/xfetch.js +252 -0
package/dist-standalone/cli/init.d.ts +63 -0
package/dist-standalone/cli/init.js +450 -0
package/dist-standalone/connect.d.ts +143 -0
package/dist-standalone/connect.js +274 -0
package/dist-standalone/did-document.d.ts +65 -0
package/dist-standalone/did-document.js +96 -0
package/dist-standalone/did-privateme.d.ts +70 -0
package/dist-standalone/did-privateme.js +121 -0
package/dist-standalone/did-web.d.ts +73 -0
package/dist-standalone/did-web.js +196 -0
package/dist-standalone/discovery.d.ts +176 -0
package/dist-standalone/discovery.js +458 -0
package/dist-standalone/dual-mode.d.ts +145 -0
package/dist-standalone/dual-mode.js +247 -0
package/dist-standalone/email-templates.d.ts +41 -0
package/dist-standalone/email-templates.js +309 -0
package/dist-standalone/email-transport.d.ts +139 -0
package/dist-standalone/email-transport.js +232 -0
package/dist-standalone/envelope.d.ts +288 -0
package/dist-standalone/envelope.js +497 -0
package/dist-standalone/errors.d.ts +74 -0
package/dist-standalone/errors.js +548 -0
package/dist-standalone/gateway-state.d.ts +32 -0
package/dist-standalone/gateway-state.js +51 -0
package/dist-standalone/gateway-transport.d.ts +59 -0
package/dist-standalone/gateway-transport.js +116 -0
package/dist-standalone/guardrails.d.ts +136 -0
package/dist-standalone/guardrails.js +216 -0
package/dist-standalone/http-compat.d.ts +150 -0
package/dist-standalone/http-compat.js +267 -0
package/dist-standalone/identity.d.ts +176 -0
package/dist-standalone/identity.js +516 -0
package/dist-standalone/index.d.ts +83 -0
package/dist-standalone/index.js +51 -0
package/dist-standalone/invitation.d.ts +211 -0
package/dist-standalone/invitation.js +415 -0
package/dist-standalone/invite.d.ts +192 -0
package/dist-standalone/invite.js +324 -0
package/dist-standalone/key-agreement.d.ts +122 -0
package/dist-standalone/key-agreement.js +236 -0
package/dist-standalone/lazy-init.d.ts +167 -0
package/dist-standalone/lazy-init.js +295 -0
package/dist-standalone/mdns-discovery.d.ts +117 -0
package/dist-standalone/mdns-discovery.js +195 -0
package/dist-standalone/nonce-store.d.ts +39 -0
package/dist-standalone/nonce-store.js +62 -0
package/dist-standalone/package.json +11 -0
package/dist-standalone/pairing-manager.d.ts +147 -0
package/dist-standalone/pairing-manager.js +219 -0
package/dist-standalone/policy.d.ts +150 -0
package/dist-standalone/policy.js +315 -0
package/dist-standalone/redis-nonce-store.d.ts +93 -0
package/dist-standalone/redis-nonce-store.js +72 -0
package/dist-standalone/registry-middleware.d.ts +38 -0
package/dist-standalone/registry-middleware.js +47 -0
package/dist-standalone/retry-transport.d.ts +76 -0
package/dist-standalone/retry-transport.js +98 -0
package/dist-standalone/security-policy.d.ts +146 -0
package/dist-standalone/security-policy.js +198 -0
package/dist-standalone/split-channel.d.ts +69 -0
package/dist-standalone/split-channel.js +171 -0
package/dist-standalone/subscription-proof.d.ts +103 -0
package/dist-standalone/subscription-proof.js +224 -0
package/dist-standalone/succession.d.ts +57 -0
package/dist-standalone/succession.js +142 -0
package/dist-standalone/transport.d.ts +50 -0
package/dist-standalone/transport.js +59 -0
package/dist-standalone/trust-registry.d.ts +286 -0
package/dist-standalone/trust-registry.js +702 -0
package/dist-standalone/verify.d.ts +16 -0
package/dist-standalone/verify.js +16 -0
package/dist-standalone/xfetch.d.ts +129 -0
package/dist-standalone/xfetch.js +247 -0
package/llms.txt +800 -0
package/package.json +79 -0
package/share1.dat +0 -0

package/dist-standalone/did-web.js ADDED Viewed

@@ -0,0 +1,196 @@
+/**
+ * did:web resolver — resolves DIDs hosted on developer domains.
+ *
+ * Implements the W3C did:web method:
+ *   did:web:example.com -> https://example.com/.well-known/did.json
+ *   did:web:example.com:path:to -> https://example.com/path/to/did.json
+ *
+ * Enables direct agent-to-agent communication without a centralized registry.
+ * Implements TrustRegistry interface for drop-in use with Agent class.
+ */
+import { ok, err } from"./_deps/shared/index.js";
+import { fromBase64 } from"./_deps/crypto/index.js";
+/**
+ * Resolve did:web DIDs by fetching DID documents from the hosting domain.
+ *
+ * Implements TrustRegistry interface so it can be used as a drop-in
+ * replacement for MemoryTrustRegistry or HttpTrustRegistry.
+ */
+export class DidWebResolver {
+    fetchFn;
+    cacheTtlMs;
+    cache = new Map();
+    constructor(opts) {
+        this.fetchFn = opts?.fetch ?? globalThis.fetch.bind(globalThis);
+        this.cacheTtlMs = opts?.cacheTtlMs ?? 300_000;
+    }
+    /** Registration not supported for did:web (developers host their own). */
+    async register(_did, _publicKey, _name, _scopes, _x25519PublicKey) {
+        return err('ALREADY_REGISTERED');
+    }
+    /**
+     * Resolve a did:web DID to its raw public key bytes.
+     * @param did - A did:web DID string.
+     * @returns Public key bytes or error.
+     */
+    async resolve(did) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return entry;
+        if (entry.value.revoked)
+            return err('REVOKED');
+        return ok(entry.value.publicKey);
+    }
+    /**
+     * Check if a did:web DID has a specific scope.
+     * @param did - The DID to check.
+     * @param scope - The scope to verify.
+     * @returns True if scope is granted.
+     */
+    async hasScope(did, scope) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return false;
+        return entry.value.scopes.has(scope);
+    }
+    /**
+     * Check if a did:web DID has a specific receive scope.
+     * @param did - The DID to check.
+     * @param scope - The scope to verify.
+     * @returns True if receive scope is granted.
+     */
+    async hasReceiveScope(did, scope) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return false;
+        // Undefined = accept all scopes (backward compatibility)
+        if (!entry.value.receiveScopes)
+            return true;
+        return entry.value.receiveScopes.has(scope);
+    }
+    /** Revocation not supported for did:web (developer controls their domain). */
+    async revoke(_did) {
+        return err('NOT_FOUND');
+    }
+    /**
+     * Get the full registry entry for a did:web DID.
+     * @param did - The DID to look up.
+     * @returns Full entry or error.
+     */
+    async getEntry(did) {
+        return this.fetchEntry(did);
+    }
+    /** Number of cached entries (for testing). */
+    get cacheSize() {
+        return this.cache.size;
+    }
+    /** Fetch and parse a DID document, with caching. */
+    async fetchEntry(did) {
+        // Check cache
+        const cached = this.cache.get(did);
+        if (cached && Date.now() - cached.fetchedAt < this.cacheTtlMs) {
+            return ok(cached.entry);
+        }
+        const url = didWebToUrl(did);
+        if (!url)
+            return err('NOT_FOUND');
+        try {
+            const res = await this.fetchFn(url);
+            if (!res.ok)
+                return err('NOT_FOUND');
+            const doc = (await res.json());
+            const entry = parseDidDocument(did, doc);
+            if (!entry)
+                return err('NOT_FOUND');
+            this.cache.set(did, { entry, fetchedAt: Date.now() });
+            return ok(entry);
+        }
+        catch {
+            return err('NETWORK_ERROR');
+        }
+    }
+}
+/**
+ * Convert a did:web DID to its HTTPS URL.
+ *   did:web:example.com -> https://example.com/.well-known/did.json
+ *   did:web:example.com:path:to -> https://example.com/path/to/did.json
+ * @param did - The did:web DID string.
+ * @returns HTTPS URL or null if invalid.
+ */
+export function didWebToUrl(did) {
+    if (!did.startsWith('did:web:'))
+        return null;
+    const parts = did.slice('did:web:'.length).split(':');
+    if (parts.length === 0 || !parts[0])
+        return null;
+    const domain = decodeURIComponent(parts[0]);
+    if (parts.length === 1) {
+        return `https://${domain}/.well-known/did.json`;
+    }
+    const path = parts.slice(1).map(decodeURIComponent).join('/');
+    return `https://${domain}/${path}/did.json`;
+}
+/** Parse a DID document into a RegistryEntry. */
+function parseDidDocument(did, doc) {
+    if (!doc.verificationMethod || doc.verificationMethod.length === 0) {
+        return null;
+    }
+    const vm = doc.verificationMethod[0];
+    if (!vm)
+        return null;
+    let publicKey = null;
+    if (vm.publicKeyMultibase) {
+        publicKey = decodeMultibase(vm.publicKeyMultibase);
+    }
+    else if (vm.publicKeyBase64) {
+        publicKey = fromBase64(vm.publicKeyBase64);
+    }
+    if (!publicKey)
+        return null;
+    return {
+        did,
+        publicKey,
+        name: doc.xailName ?? did,
+        scopes: new Set(doc.xailScopes ?? []),
+        revoked: doc.deactivated === true,
+        rotation_sequence: 1, // DID documents don't track rotation, default to 1
+    };
+}
+/** Decode z-prefixed base58btc multibase to bytes. */
+function decodeMultibase(mb) {
+    if (!mb.startsWith('z'))
+        return null;
+    return base58Decode(mb.slice(1));
+}
+/** Base58 decode (Bitcoin alphabet). */
+function base58Decode(s) {
+    const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+    const BASE = BigInt(58);
+    let num = BigInt(0);
+    for (const char of s) {
+        const idx = ALPHABET.indexOf(char);
+        if (idx < 0)
+            return new Uint8Array(0);
+        num = num * BASE + BigInt(idx);
+    }
+    const hex = num.toString(16);
+    const padded = hex.length % 2 ? '0' + hex : hex;
+    const bytes = new Uint8Array(padded.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(padded.slice(i * 2, i * 2 + 2), 16);
+    }
+    // Handle leading zeros (base58 "1" = 0x00)
+    let leadingZeros = 0;
+    for (const c of s) {
+        if (c === '1')
+            leadingZeros++;
+        else
+            break;
+    }
+    if (leadingZeros > 0) {
+        const result = new Uint8Array(leadingZeros + bytes.length);
+        result.set(bytes, leadingZeros);
+        return result;
+    }
+    return bytes;
+}

package/dist-standalone/discovery.d.ts ADDED Viewed

@@ -0,0 +1,176 @@
+/**
+ * @module discovery
+ * Service discovery for zero-config XBind connections.
+ *
+ * Enables: `xbind connect payments-service`
+ *
+ * Four-tier discovery:
+ * 1. Public registry (xbind.registry.io)
+ * 2. Well-known URL (https://service.com/.well-known/xbind)
+ * 3. DNS TXT record (_xbind.service.com)
+ * 4. Direct URL/QR code
+ */
+import { Result } from '@private.me/shared';
+/**
+ * Service metadata returned from discovery.
+ */
+export interface ServiceInfo {
+    /** Service identifier (e.g., "payments-service") */
+    name: string;
+    /** XBind endpoint URL */
+    endpoint: string;
+    /** DID of the service */
+    did: string;
+    /** Public key (Ed25519, base64) */
+    publicKey: string;
+    /** X25519 public key for ECDH (optional, base64) */
+    x25519PublicKey?: string;
+    /** ML-KEM-768 public key for PQ KEM (optional, base64) */
+    mlKemPublicKey?: string;
+    /** Service description */
+    description?: string;
+    /** Logo URL */
+    logo?: string;
+    /** Documentation URL */
+    docs?: string;
+    /** Whether this service is verified */
+    verified?: boolean;
+}
+/**
+ * Discovery error codes.
+ */
+export declare enum DiscoveryErrorCode {
+    SERVICE_NOT_FOUND = "DISCOVERY_SERVICE_NOT_FOUND",
+    REGISTRY_UNREACHABLE = "DISCOVERY_REGISTRY_UNREACHABLE",
+    INVALID_RESPONSE = "DISCOVERY_INVALID_RESPONSE",
+    NETWORK_ERROR = "DISCOVERY_NETWORK_ERROR",
+    INVALID_SERVICE_NAME = "DISCOVERY_INVALID_SERVICE_NAME",
+    DNS_ERROR = "DISCOVERY_DNS_ERROR",
+    INVALID_EMAIL = "DISCOVERY_INVALID_EMAIL",
+    PERSONAL_EMAIL_DOMAIN = "DISCOVERY_PERSONAL_EMAIL_DOMAIN"
+}
+/**
+ * Discovery error.
+ */
+export interface DiscoveryError {
+    code: DiscoveryErrorCode;
+    message: string;
+    hint?: string;
+}
+/**
+ * Discovery client for finding services.
+ */
+export declare class ServiceDiscovery {
+    private registryUrl;
+    private dnsCache;
+    /**
+     * Create a discovery client.
+     *
+     * @param options - Configuration options
+     * @param options.registryUrl - Registry URL (default: https://xbind.registry.io)
+     */
+    constructor(options?: {
+        registryUrl?: string;
+    });
+    /**
+     * Discover a service by name.
+     *
+     * Tries:
+     * 1. Email-based discovery (extracts domain from email)
+     * 2. Public registry lookup
+     * 3. Well-known URL if name is a domain
+     * 4. DNS TXT record (_xbind.domain)
+     * 5. Direct URL if name is a full URL
+     *
+     * @param nameOrUrl - Service name, email, domain, or URL
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     *
+     * // By name (registry lookup):
+     * const result = await discovery.discover('payments-service');
+     *
+     * // By email (domain extraction):
+     * const result = await discovery.discover('alice@company.com');
+     *
+     * // By domain (well-known):
+     * const result = await discovery.discover('payments.example.com');
+     *
+     * // By URL (direct):
+     * const result = await discovery.discover('https://api.payments.com/xbind');
+     * ```
+     */
+    discover(nameOrUrl: string): Promise<Result<ServiceInfo, DiscoveryError>>;
+    /**
+     * Look up service in public registry.
+     *
+     * GET https://xbind.registry.io/lookup/:name
+     */
+    private discoverRegistry;
+    /**
+     * Discover via .well-known/xbind.
+     *
+     * GET https://domain/.well-known/xbind
+     */
+    private discoverWellKnown;
+    /**
+     * Discover via direct URL.
+     */
+    private discoverDirect;
+    /**
+     * Discover via DNS TXT record.
+     *
+     * Looks up TXT record at _xbind.domain
+     *
+     * Supports two formats:
+     * 1. Full record: "xbind-endpoint=https://...;did=did:web:...;publicKey=..." (all fields in DNS)
+     * 2. Simple redirect: "xbind=https://api.example.com/xbind" (fetch from endpoint)
+     *
+     * Includes 5-minute caching to reduce DNS queries.
+     */
+    private discoverDnsTxt;
+    /**
+     * Parse DNS TXT record into ServiceInfo.
+     *
+     * Expected format:
+     * xbind-endpoint=https://...;did=did:web:...;publicKey=...;version=1.0
+     *
+     * Optional fields:
+     * x25519PublicKey=...;mlKemPublicKey=...;description=...;logo=...;docs=...
+     */
+    private parseDnsTxtRecord;
+    /**
+     * Discover service via email address.
+     *
+     * Extracts domain from email and performs discovery.
+     * Personal email domains (gmail.com, outlook.com, etc.) are rejected.
+     *
+     * @param email - Email address (e.g., "alice@company.com")
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     * const result = await discovery.discoverEmail('alice@company.com');
+     * // Discovers service at company.com
+     * ```
+     */
+    private discoverEmail;
+    /**
+     * Extract domain from email address.
+     * Handles edge cases: subdomains, plus addressing, etc.
+     *
+     * @param email - Email address
+     * @returns Domain or null if extraction fails
+     *
+     * @example
+     * ```ts
+     * extractDomain('alice@company.com') // 'company.com'
+     * extractDomain('alice+label@company.com') // 'company.com'
+     * extractDomain('alice@mail.company.com') // 'mail.company.com'
+     * ```
+     */
+    private extractDomain;
+}