npm - @private.me/xbind - Versions diffs - 1.2.0 - Mend

@private.me/xbind 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/AGENTS.md +778 -0
package/LICENSE.md +27 -0
package/README.md +400 -0
package/dist-standalone/_deps/crypto/base64.d.ts +29 -0
package/dist-standalone/_deps/crypto/base64.js +97 -0
package/dist-standalone/_deps/crypto/cjs/base64.js +103 -0
package/dist-standalone/_deps/crypto/cjs/errors.js +119 -0
package/dist-standalone/_deps/crypto/cjs/hmac.js +71 -0
package/dist-standalone/_deps/crypto/cjs/index.js +86 -0
package/dist-standalone/_deps/crypto/cjs/padding.js +57 -0
package/dist-standalone/_deps/crypto/cjs/share-header.js +68 -0
package/dist-standalone/_deps/crypto/cjs/shares.js +152 -0
package/dist-standalone/_deps/crypto/cjs/tlv.js +199 -0
package/dist-standalone/_deps/crypto/cjs/uuid.js +61 -0
package/dist-standalone/_deps/crypto/cjs/verify.js +24 -0
package/dist-standalone/_deps/crypto/cjs/xorida.js +221 -0
package/dist-standalone/_deps/crypto/errors.d.ts +51 -0
package/dist-standalone/_deps/crypto/errors.js +109 -0
package/dist-standalone/_deps/crypto/hmac.d.ts +39 -0
package/dist-standalone/_deps/crypto/hmac.js +66 -0
package/dist-standalone/_deps/crypto/index.d.ts +20 -0
package/dist-standalone/_deps/crypto/index.js +45 -0
package/dist-standalone/_deps/crypto/padding.d.ts +19 -0
package/dist-standalone/_deps/crypto/padding.js +53 -0
package/dist-standalone/_deps/crypto/share-header.d.ts +44 -0
package/dist-standalone/_deps/crypto/share-header.js +63 -0
package/dist-standalone/_deps/crypto/shares.d.ts +27 -0
package/dist-standalone/_deps/crypto/shares.js +148 -0
package/dist-standalone/_deps/crypto/tlv.d.ts +26 -0
package/dist-standalone/_deps/crypto/tlv.js +195 -0
package/dist-standalone/_deps/crypto/uuid.d.ts +22 -0
package/dist-standalone/_deps/crypto/uuid.js +56 -0
package/dist-standalone/_deps/crypto/verify.d.ts +15 -0
package/dist-standalone/_deps/crypto/verify.js +15 -0
package/dist-standalone/_deps/crypto/xorida.d.ts +44 -0
package/dist-standalone/_deps/crypto/xorida.js +215 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +24 -0
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -0
package/dist-standalone/_deps/mldsa-wasm/package.json +46 -0
package/dist-standalone/_deps/mldsa-wasm/types/mldsa.d.ts +30 -0
package/dist-standalone/_deps/shared/cjs/errors.js +582 -0
package/dist-standalone/_deps/shared/cjs/index.js +492 -0
package/dist-standalone/_deps/shared/cjs/package.json +1 -0
package/dist-standalone/_deps/shared/cjs/types.js +403 -0
package/dist-standalone/_deps/shared/errors.d.ts +48 -0
package/dist-standalone/_deps/shared/errors.d.ts.map +1 -0
package/dist-standalone/_deps/shared/errors.js +192 -0
package/dist-standalone/_deps/shared/errors.js.map +1 -0
package/dist-standalone/_deps/shared/index.d.ts +4 -0
package/dist-standalone/_deps/shared/index.d.ts.map +1 -0
package/dist-standalone/_deps/shared/index.js +78 -0
package/dist-standalone/_deps/shared/index.js.map +1 -0
package/dist-standalone/_deps/shared/types.d.ts +1097 -0
package/dist-standalone/_deps/shared/types.d.ts.map +1 -0
package/dist-standalone/_deps/shared/types.js +89 -0
package/dist-standalone/_deps/shared/types.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts +115 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts +13 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/package.json +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts +39 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +83 -0
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts +99 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +143 -0
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts +32 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.js +119 -0
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts +109 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.js +8 -0
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/errors.d.ts +115 -0
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/errors.js +253 -0
package/dist-standalone/_deps/ux-helpers/errors.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/index.d.ts +13 -0
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/index.js +16 -0
package/dist-standalone/_deps/ux-helpers/index.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/pagination.d.ts +39 -0
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/pagination.js +79 -0
package/dist-standalone/_deps/ux-helpers/pagination.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/progress.d.ts +99 -0
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/progress.js +138 -0
package/dist-standalone/_deps/ux-helpers/progress.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/search.d.ts +32 -0
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/search.js +116 -0
package/dist-standalone/_deps/ux-helpers/search.js.map +1 -0
package/dist-standalone/_deps/ux-helpers/types.d.ts +109 -0
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +1 -0
package/dist-standalone/_deps/ux-helpers/types.js +7 -0
package/dist-standalone/_deps/ux-helpers/types.js.map +1 -0
package/dist-standalone/_deps/xchange/auto-accept.d.ts +127 -0
package/dist-standalone/_deps/xchange/auto-accept.js +1 -0
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -0
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -0
package/dist-standalone/_deps/xchange/cjs/index.js +1 -0
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -0
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -0
package/dist-standalone/_deps/xchange/cjs/package.json +1 -0
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -0
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -0
package/dist-standalone/_deps/xchange/errors.d.ts +69 -0
package/dist-standalone/_deps/xchange/errors.js +1 -0
package/dist-standalone/_deps/xchange/index.d.ts +15 -0
package/dist-standalone/_deps/xchange/index.js +1 -0
package/dist-standalone/_deps/xchange/invite-client.d.ts +178 -0
package/dist-standalone/_deps/xchange/invite-client.js +1 -0
package/dist-standalone/_deps/xchange/lazy-init.d.ts +176 -0
package/dist-standalone/_deps/xchange/lazy-init.js +1 -0
package/dist-standalone/_deps/xchange/trust-integration.d.ts +102 -0
package/dist-standalone/_deps/xchange/trust-integration.js +1 -0
package/dist-standalone/_deps/xchange/xchange.d.ts +60 -0
package/dist-standalone/_deps/xchange/xchange.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/package.json +1 -0
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -0
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -0
package/dist-standalone/_deps/xregistry/discovery.d.ts +126 -0
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/discovery.js +1 -0
package/dist-standalone/_deps/xregistry/discovery.js.map +1 -0
package/dist-standalone/_deps/xregistry/errors.d.ts +41 -0
package/dist-standalone/_deps/xregistry/errors.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/errors.js +1 -0
package/dist-standalone/_deps/xregistry/errors.js.map +1 -0
package/dist-standalone/_deps/xregistry/index.d.ts +8 -0
package/dist-standalone/_deps/xregistry/index.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/index.js +1 -0
package/dist-standalone/_deps/xregistry/index.js.map +1 -0
package/dist-standalone/_deps/xregistry/registry.d.ts +85 -0
package/dist-standalone/_deps/xregistry/registry.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/registry.js +1 -0
package/dist-standalone/_deps/xregistry/registry.js.map +1 -0
package/dist-standalone/_deps/xregistry/schema.d.ts +81 -0
package/dist-standalone/_deps/xregistry/schema.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/schema.js +1 -0
package/dist-standalone/_deps/xregistry/schema.js.map +1 -0
package/dist-standalone/_deps/xregistry/types.d.ts +95 -0
package/dist-standalone/_deps/xregistry/types.d.ts.map +1 -0
package/dist-standalone/_deps/xregistry/types.js +1 -0
package/dist-standalone/_deps/xregistry/types.js.map +1 -0
package/dist-standalone/agent-call.d.ts +286 -0
package/dist-standalone/agent-call.js +642 -0
package/dist-standalone/agent-sdk.d.ts +207 -0
package/dist-standalone/agent-sdk.js +328 -0
package/dist-standalone/agent.d.ts +670 -0
package/dist-standalone/agent.js +1529 -0
package/dist-standalone/approval.d.ts +145 -0
package/dist-standalone/approval.js +193 -0
package/dist-standalone/auth.d.ts +75 -0
package/dist-standalone/auth.js +219 -0
package/dist-standalone/auto-accept.d.ts +102 -0
package/dist-standalone/auto-accept.js +229 -0
package/dist-standalone/backup-config.d.ts +150 -0
package/dist-standalone/backup-config.js +201 -0
package/dist-standalone/checkpoint.d.ts +125 -0
package/dist-standalone/checkpoint.js +186 -0
package/dist-standalone/cjs/agent-call.js +651 -0
package/dist-standalone/cjs/agent-sdk.js +332 -0
package/dist-standalone/cjs/agent.js +1566 -0
package/dist-standalone/cjs/approval.js +199 -0
package/dist-standalone/cjs/auth.js +225 -0
package/dist-standalone/cjs/auto-accept.js +233 -0
package/dist-standalone/cjs/backup-config.js +207 -0
package/dist-standalone/cjs/checkpoint.js +193 -0
package/dist-standalone/cjs/cli/init.js +487 -0
package/dist-standalone/cjs/connect.js +312 -0
package/dist-standalone/cjs/did-document.js +101 -0
package/dist-standalone/cjs/did-privateme.js +130 -0
package/dist-standalone/cjs/did-web.js +201 -0
package/dist-standalone/cjs/discovery.js +462 -0
package/dist-standalone/cjs/dual-mode.js +251 -0
package/dist-standalone/cjs/email-templates.js +313 -0
package/dist-standalone/cjs/email-transport.js +239 -0
package/dist-standalone/cjs/envelope.js +510 -0
package/dist-standalone/cjs/errors.js +562 -0
package/dist-standalone/cjs/gateway-state.js +55 -0
package/dist-standalone/cjs/gateway-transport.js +120 -0
package/dist-standalone/cjs/guardrails.js +223 -0
package/dist-standalone/cjs/http-compat.js +272 -0
package/dist-standalone/cjs/identity.js +541 -0
package/dist-standalone/cjs/index.js +224 -0
package/dist-standalone/cjs/invitation.js +421 -0
package/dist-standalone/cjs/invite.js +328 -0
package/dist-standalone/cjs/key-agreement.js +246 -0
package/dist-standalone/cjs/lazy-init.js +300 -0
package/dist-standalone/cjs/mdns-discovery.js +202 -0
package/dist-standalone/cjs/nonce-store.js +66 -0
package/dist-standalone/cjs/package.json +3 -0
package/dist-standalone/cjs/pairing-manager.js +223 -0
package/dist-standalone/cjs/policy.js +320 -0
package/dist-standalone/cjs/redis-nonce-store.js +76 -0
package/dist-standalone/cjs/registry-middleware.js +50 -0
package/dist-standalone/cjs/retry-transport.js +102 -0
package/dist-standalone/cjs/security-policy.js +204 -0
package/dist-standalone/cjs/split-channel.js +177 -0
package/dist-standalone/cjs/subscription-proof.js +230 -0
package/dist-standalone/cjs/succession.js +148 -0
package/dist-standalone/cjs/transport.js +63 -0
package/dist-standalone/cjs/trust-registry.js +742 -0
package/dist-standalone/cjs/verify.js +25 -0
package/dist-standalone/cjs/xfetch.js +252 -0
package/dist-standalone/cli/init.d.ts +63 -0
package/dist-standalone/cli/init.js +450 -0
package/dist-standalone/connect.d.ts +143 -0
package/dist-standalone/connect.js +274 -0
package/dist-standalone/did-document.d.ts +65 -0
package/dist-standalone/did-document.js +96 -0
package/dist-standalone/did-privateme.d.ts +70 -0
package/dist-standalone/did-privateme.js +121 -0
package/dist-standalone/did-web.d.ts +73 -0
package/dist-standalone/did-web.js +196 -0
package/dist-standalone/discovery.d.ts +176 -0
package/dist-standalone/discovery.js +458 -0
package/dist-standalone/dual-mode.d.ts +145 -0
package/dist-standalone/dual-mode.js +247 -0
package/dist-standalone/email-templates.d.ts +41 -0
package/dist-standalone/email-templates.js +309 -0
package/dist-standalone/email-transport.d.ts +139 -0
package/dist-standalone/email-transport.js +232 -0
package/dist-standalone/envelope.d.ts +288 -0
package/dist-standalone/envelope.js +497 -0
package/dist-standalone/errors.d.ts +74 -0
package/dist-standalone/errors.js +548 -0
package/dist-standalone/gateway-state.d.ts +32 -0
package/dist-standalone/gateway-state.js +51 -0
package/dist-standalone/gateway-transport.d.ts +59 -0
package/dist-standalone/gateway-transport.js +116 -0
package/dist-standalone/guardrails.d.ts +136 -0
package/dist-standalone/guardrails.js +216 -0
package/dist-standalone/http-compat.d.ts +150 -0
package/dist-standalone/http-compat.js +267 -0
package/dist-standalone/identity.d.ts +176 -0
package/dist-standalone/identity.js +516 -0
package/dist-standalone/index.d.ts +83 -0
package/dist-standalone/index.js +51 -0
package/dist-standalone/invitation.d.ts +211 -0
package/dist-standalone/invitation.js +415 -0
package/dist-standalone/invite.d.ts +192 -0
package/dist-standalone/invite.js +324 -0
package/dist-standalone/key-agreement.d.ts +122 -0
package/dist-standalone/key-agreement.js +236 -0
package/dist-standalone/lazy-init.d.ts +167 -0
package/dist-standalone/lazy-init.js +295 -0
package/dist-standalone/mdns-discovery.d.ts +117 -0
package/dist-standalone/mdns-discovery.js +195 -0
package/dist-standalone/nonce-store.d.ts +39 -0
package/dist-standalone/nonce-store.js +62 -0
package/dist-standalone/package.json +11 -0
package/dist-standalone/pairing-manager.d.ts +147 -0
package/dist-standalone/pairing-manager.js +219 -0
package/dist-standalone/policy.d.ts +150 -0
package/dist-standalone/policy.js +315 -0
package/dist-standalone/redis-nonce-store.d.ts +93 -0
package/dist-standalone/redis-nonce-store.js +72 -0
package/dist-standalone/registry-middleware.d.ts +38 -0
package/dist-standalone/registry-middleware.js +47 -0
package/dist-standalone/retry-transport.d.ts +76 -0
package/dist-standalone/retry-transport.js +98 -0
package/dist-standalone/security-policy.d.ts +146 -0
package/dist-standalone/security-policy.js +198 -0
package/dist-standalone/split-channel.d.ts +69 -0
package/dist-standalone/split-channel.js +171 -0
package/dist-standalone/subscription-proof.d.ts +103 -0
package/dist-standalone/subscription-proof.js +224 -0
package/dist-standalone/succession.d.ts +57 -0
package/dist-standalone/succession.js +142 -0
package/dist-standalone/transport.d.ts +50 -0
package/dist-standalone/transport.js +59 -0
package/dist-standalone/trust-registry.d.ts +286 -0
package/dist-standalone/trust-registry.js +702 -0
package/dist-standalone/verify.d.ts +16 -0
package/dist-standalone/verify.js +16 -0
package/dist-standalone/xfetch.d.ts +129 -0
package/dist-standalone/xfetch.js +247 -0
package/llms.txt +800 -0
package/package.json +79 -0
package/share1.dat +0 -0

package/dist-standalone/invite.d.ts ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * @module invite
+ * Viral invite system for XBind connections.
+ *
+ * Enables one-click invites:
+ * - Generate: `xbind invite payments-service`
+ * - Accept: Click link or `xbind accept https://xbind.to/invite/abc123`
+ *
+ * The viral loop:
+ * 1. Service A invites Service B
+ * 2. Service B clicks link (< 60 sec setup)
+ * 3. Connection established
+ * 4. Service B invites Service C
+ */
+import { Result } from '@private.me/shared';
+import type { ServiceInfo } from './discovery.js';
+/**
+ * Invite data structure.
+ */
+export interface Invite {
+    /** Unique invite ID */
+    id: string;
+    /** Service that sent the invite */
+    from: {
+        name: string;
+        did: string;
+        endpoint: string;
+        publicKey: string;
+        x25519PublicKey?: string;
+        mlKemPublicKey?: string;
+    };
+    /** Target service (optional, can be open invite) */
+    to?: {
+        name?: string;
+        email?: string;
+    };
+    /** Suggested permissions/template */
+    template?: string;
+    /** Custom permissions */
+    permissions?: string[];
+    /** Invite expiration (ISO timestamp) */
+    expires: string;
+    /** Invite URL */
+    url: string;
+    /** QR code data URL (for airgapped) */
+    qr?: string;
+}
+/**
+ * Invite error codes.
+ */
+export declare enum InviteErrorCode {
+    INVALID_INVITE = "INVITE_INVALID",
+    EXPIRED_INVITE = "INVITE_EXPIRED",
+    INVITE_NOT_FOUND = "INVITE_NOT_FOUND",
+    NETWORK_ERROR = "INVITE_NETWORK_ERROR",
+    ALREADY_CONNECTED = "INVITE_ALREADY_CONNECTED"
+}
+/**
+ * Invite error.
+ */
+export interface InviteError {
+    code: InviteErrorCode;
+    message: string;
+    hint?: string;
+}
+/**
+ * Invite service for creating and accepting invites.
+ */
+export declare class InviteService {
+    private inviteApiUrl;
+    /**
+     * Create invite service.
+     *
+     * @param options - Configuration
+     * @param options.inviteApiUrl - Invite API URL (default: https://xbind.to)
+     */
+    constructor(options?: {
+        inviteApiUrl?: string;
+    });
+    /**
+     * Create an invite.
+     *
+     * @param options - Invite options
+     * @param options.from - Sender service info
+     * @param options.target - Target service (optional)
+     * @param options.template - Suggested template (e.g., "payment-processing")
+     * @param options.permissions - Custom permissions
+     * @param options.expiresIn - Expiration in seconds (default: 7 days)
+     * @returns Invite or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const invite = await inviteService.create({
+     *   from: {
+     *     name: 'billing-service',
+     *     did: 'did:key:z6Mk...',
+     *     endpoint: 'https://billing.example.com',
+     *     publicKey: '...',
+     *   },
+     *   target: {
+     *     name: 'payments-service',
+     *   },
+     *   template: 'payment-processing',
+     * });
+     *
+     * // Share invite.value.url or invite.value.qr
+     * ```
+     */
+    create(options: {
+        from: ServiceInfo;
+        target?: {
+            name?: string;
+            email?: string;
+        };
+        template?: string;
+        permissions?: string[];
+        expiresIn?: number;
+    }): Promise<Result<Invite, InviteError>>;
+    /**
+     * Accept an invite.
+     *
+     * @param options - Accept options
+     * @param options.inviteUrl - Invite URL (e.g., https://xbind.to/invite/abc123)
+     * @param options.acceptor - Acceptor service info
+     * @returns Connection info or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const result = await inviteService.accept({
+     *   inviteUrl: 'https://xbind.to/invite/abc123',
+     *   acceptor: {
+     *     name: 'payments-service',
+     *     did: 'did:key:z6Mk...',
+     *     endpoint: 'https://payments.example.com',
+     *     publicKey: '...',
+     *   }
+     * });
+     *
+     * if (result.ok) {
+     *   console.log('Connected!');
+     * }
+     * ```
+     */
+    accept(options: {
+        inviteUrl: string;
+        acceptor: ServiceInfo;
+    }): Promise<Result<{
+        success: boolean;
+        connection: ServiceInfo;
+    }, InviteError>>;
+    /**
+     * Get invite details without accepting.
+     *
+     * @param inviteUrl - Invite URL
+     * @returns Invite details or error
+     */
+    get(inviteUrl: string): Promise<Result<Invite, InviteError>>;
+    /**
+     * Revoke an invite.
+     *
+     * @param inviteId - Invite ID to revoke
+     * @returns Success or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const result = await inviteService.revoke('inv_abc123');
+     *
+     * if (result.ok) {
+     *   console.log('Invite revoked');
+     * }
+     * ```
+     */
+    revoke(inviteId: string): Promise<Result<{
+        success: boolean;
+    }, InviteError>>;
+    /**
+     * Extract invite ID from URL.
+     *
+     * @param url - Invite URL
+     * @returns Invite ID or null
+     *
+     * @example
+     * ```ts
+     * extractInviteId('https://xbind.to/invite/abc123') // 'abc123'
+     * extractInviteId('https://xbind.to/billing/invite/xyz') // 'xyz'
+     * ```
+     */
+    private extractInviteId;
+}

package/dist-standalone/invite.js ADDED Viewed

@@ -0,0 +1,324 @@
+/**
+ * @module invite
+ * Viral invite system for XBind connections.
+ *
+ * Enables one-click invites:
+ * - Generate: `xbind invite payments-service`
+ * - Accept: Click link or `xbind accept https://xbind.to/invite/abc123`
+ *
+ * The viral loop:
+ * 1. Service A invites Service B
+ * 2. Service B clicks link (< 60 sec setup)
+ * 3. Connection established
+ * 4. Service B invites Service C
+ */
+import { ok, err } from"./_deps/shared/index.js";
+/**
+ * Invite error codes.
+ */
+export var InviteErrorCode;
+(function (InviteErrorCode) {
+    InviteErrorCode["INVALID_INVITE"] = "INVITE_INVALID";
+    InviteErrorCode["EXPIRED_INVITE"] = "INVITE_EXPIRED";
+    InviteErrorCode["INVITE_NOT_FOUND"] = "INVITE_NOT_FOUND";
+    InviteErrorCode["NETWORK_ERROR"] = "INVITE_NETWORK_ERROR";
+    InviteErrorCode["ALREADY_CONNECTED"] = "INVITE_ALREADY_CONNECTED";
+})(InviteErrorCode || (InviteErrorCode = {}));
+/**
+ * Invite service for creating and accepting invites.
+ */
+export class InviteService {
+    inviteApiUrl;
+    /**
+     * Create invite service.
+     *
+     * @param options - Configuration
+     * @param options.inviteApiUrl - Invite API URL (default: https://xbind.to)
+     */
+    constructor(options = {}) {
+        this.inviteApiUrl = options.inviteApiUrl || 'https://xbind.to';
+    }
+    /**
+     * Create an invite.
+     *
+     * @param options - Invite options
+     * @param options.from - Sender service info
+     * @param options.target - Target service (optional)
+     * @param options.template - Suggested template (e.g., "payment-processing")
+     * @param options.permissions - Custom permissions
+     * @param options.expiresIn - Expiration in seconds (default: 7 days)
+     * @returns Invite or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const invite = await inviteService.create({
+     *   from: {
+     *     name: 'billing-service',
+     *     did: 'did:key:z6Mk...',
+     *     endpoint: 'https://billing.example.com',
+     *     publicKey: '...',
+     *   },
+     *   target: {
+     *     name: 'payments-service',
+     *   },
+     *   template: 'payment-processing',
+     * });
+     *
+     * // Share invite.value.url or invite.value.qr
+     * ```
+     */
+    async create(options) {
+        const expiresIn = options.expiresIn || 7 * 24 * 60 * 60; // 7 days
+        const expires = new Date(Date.now() + expiresIn * 1000).toISOString();
+        try {
+            const response = await fetch(`${this.inviteApiUrl}/invites/create`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    from: {
+                        name: options.from.name,
+                        did: options.from.did,
+                        endpoint: options.from.endpoint,
+                        publicKey: options.from.publicKey,
+                        x25519PublicKey: options.from.x25519PublicKey,
+                        mlKemPublicKey: options.from.mlKemPublicKey,
+                    },
+                    to: options.target,
+                    template: options.template,
+                    permissions: options.permissions,
+                    expires,
+                }),
+            });
+            if (!response.ok) {
+                return err({
+                    code: InviteErrorCode.NETWORK_ERROR,
+                    message: `Failed to create invite: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: InviteErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Accept an invite.
+     *
+     * @param options - Accept options
+     * @param options.inviteUrl - Invite URL (e.g., https://xbind.to/invite/abc123)
+     * @param options.acceptor - Acceptor service info
+     * @returns Connection info or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const result = await inviteService.accept({
+     *   inviteUrl: 'https://xbind.to/invite/abc123',
+     *   acceptor: {
+     *     name: 'payments-service',
+     *     did: 'did:key:z6Mk...',
+     *     endpoint: 'https://payments.example.com',
+     *     publicKey: '...',
+     *   }
+     * });
+     *
+     * if (result.ok) {
+     *   console.log('Connected!');
+     * }
+     * ```
+     */
+    async accept(options) {
+        try {
+            // Extract invite ID from URL
+            const inviteId = this.extractInviteId(options.inviteUrl);
+            if (!inviteId) {
+                return err({
+                    code: InviteErrorCode.INVALID_INVITE,
+                    message: 'Invalid invite URL',
+                    hint: 'URL should be like: https://xbind.to/invite/abc123',
+                });
+            }
+            // Accept invite
+            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}/accept`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    acceptor: {
+                        name: options.acceptor.name,
+                        did: options.acceptor.did,
+                        endpoint: options.acceptor.endpoint,
+                        publicKey: options.acceptor.publicKey,
+                        x25519PublicKey: options.acceptor.x25519PublicKey,
+                        mlKemPublicKey: options.acceptor.mlKemPublicKey,
+                    },
+                }),
+            });
+            if (response.status === 404) {
+                return err({
+                    code: InviteErrorCode.INVITE_NOT_FOUND,
+                    message: 'Invite not found or expired',
+                    hint: 'The invite may have been revoked or expired',
+                });
+            }
+            if (response.status === 410) {
+                const errorData = await response.json().catch(() => ({}));
+                return err({
+                    code: InviteErrorCode.EXPIRED_INVITE,
+                    message: errorData.message || 'Invite has expired',
+                    hint: errorData.hint || 'Ask the sender to create a new invite',
+                });
+            }
+            if (response.status === 409) {
+                return err({
+                    code: InviteErrorCode.ALREADY_CONNECTED,
+                    message: 'Services are already connected',
+                    hint: 'You are already connected to this service',
+                });
+            }
+            if (!response.ok) {
+                return err({
+                    code: InviteErrorCode.NETWORK_ERROR,
+                    message: `Failed to accept invite: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: InviteErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+                hint: 'Check your network connection and try again',
+            });
+        }
+    }
+    /**
+     * Get invite details without accepting.
+     *
+     * @param inviteUrl - Invite URL
+     * @returns Invite details or error
+     */
+    async get(inviteUrl) {
+        try {
+            const inviteId = this.extractInviteId(inviteUrl);
+            if (!inviteId) {
+                return err({
+                    code: InviteErrorCode.INVALID_INVITE,
+                    message: 'Invalid invite URL',
+                });
+            }
+            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}`, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (response.status === 404) {
+                return err({
+                    code: InviteErrorCode.INVITE_NOT_FOUND,
+                    message: 'Invite not found',
+                });
+            }
+            if (!response.ok) {
+                return err({
+                    code: InviteErrorCode.NETWORK_ERROR,
+                    message: `Failed to get invite: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: InviteErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Revoke an invite.
+     *
+     * @param inviteId - Invite ID to revoke
+     * @returns Success or error
+     *
+     * @example
+     * ```ts
+     * const inviteService = new InviteService();
+     * const result = await inviteService.revoke('inv_abc123');
+     *
+     * if (result.ok) {
+     *   console.log('Invite revoked');
+     * }
+     * ```
+     */
+    async revoke(inviteId) {
+        try {
+            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}/revoke`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+            });
+            if (response.status === 404) {
+                return err({
+                    code: InviteErrorCode.INVITE_NOT_FOUND,
+                    message: 'Invite not found',
+                    hint: 'The invite may have already been revoked or expired',
+                });
+            }
+            if (!response.ok) {
+                return err({
+                    code: InviteErrorCode.NETWORK_ERROR,
+                    message: `Failed to revoke invite: ${response.status}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: InviteErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Extract invite ID from URL.
+     *
+     * @param url - Invite URL
+     * @returns Invite ID or null
+     *
+     * @example
+     * ```ts
+     * extractInviteId('https://xbind.to/invite/abc123') // 'abc123'
+     * extractInviteId('https://xbind.to/billing/invite/xyz') // 'xyz'
+     * ```
+     */
+    extractInviteId(url) {
+        try {
+            const parsed = new URL(url);
+            const segments = parsed.pathname.split('/').filter(s => s.length > 0);
+            // Look for 'invite' segment followed by ID
+            const inviteIndex = segments.indexOf('invite');
+            if (inviteIndex !== -1 && segments[inviteIndex + 1]) {
+                return segments[inviteIndex + 1] ?? null;
+            }
+            // Fallback: last segment
+            if (segments.length > 0) {
+                return segments[segments.length - 1] ?? null;
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+}

package/dist-standalone/key-agreement.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+import type { Result } from '@private.me/shared';
+/** X25519 ephemeral key pair for ECDH key agreement. */
+export interface EphemeralKeyPair {
+    /** Web Crypto private key handle (X25519). */
+    readonly privateKey: CryptoKey;
+    /** Web Crypto public key handle (X25519). */
+    readonly publicKey: CryptoKey;
+    /** Raw 32-byte X25519 public key for wire transport. */
+    readonly rawPublicKey: Uint8Array;
+}
+/** Result of ECDH key agreement. */
+export interface KeyAgreementResult {
+    /** Derived AES-256-GCM shared key. */
+    readonly sharedKey: CryptoKey;
+    /** Ephemeral public key to include in envelope. */
+    readonly ephemeralPublicKey: Uint8Array;
+}
+/** Result of hybrid (X25519 + ML-KEM-768) key agreement. */
+export interface HybridKeyAgreementResult {
+    /** Derived AES-256-GCM shared key (from HKDF over X25519 + ML-KEM shared secrets). */
+    readonly sharedKey: CryptoKey;
+    /** Ephemeral X25519 public key to include in envelope (32 bytes). */
+    readonly ephemeralPublicKey: Uint8Array;
+    /** ML-KEM-768 ciphertext to include in envelope (1088 bytes). */
+    readonly kemCiphertext: Uint8Array;
+}
+/** Error codes for key agreement operations. Sub-codes give context. */
+export type KeyAgreementError = 'KEYGEN_FAILED' | 'DERIVE_FAILED' | 'IMPORT_FAILED' | 'INVALID_KEY_LENGTH' | 'INVALID_KEY_LENGTH:EXPECTED_32' | 'KEM_ENCAPSULATE_FAILED' | 'KEM_DECAPSULATE_FAILED' | 'HKDF_FAILED';
+/**
+ * Generate an ephemeral X25519 key pair for ECDH key agreement.
+ *
+ * Uses Web Crypto API to generate a fresh X25519 key pair.
+ * The key pair is ephemeral -- it should be used for a single
+ * key agreement and then discarded.
+ *
+ * @returns Result containing the ephemeral key pair or error.
+ */
+export declare function generateEphemeralKeyPair(): Promise<Result<EphemeralKeyPair, KeyAgreementError>>;
+/**
+ * Import a raw 32-byte X25519 public key into a CryptoKey.
+ *
+ * Used by the receiver to import the sender's ephemeral public
+ * key from the envelope for ECDH derivation.
+ *
+ * @param rawPublicKey - Raw 32-byte X25519 public key.
+ * @returns Result containing the imported CryptoKey or error.
+ */
+export declare function importX25519PublicKey(rawPublicKey: Uint8Array): Promise<Result<CryptoKey, KeyAgreementError>>;
+/**
+ * Derive a shared AES-256-GCM key via X25519 ECDH.
+ *
+ * Performs ECDH key agreement between a local private key and a
+ * remote public key, producing 256 bits of shared secret that
+ * are imported as an AES-256-GCM key.
+ *
+ * @param localPrivateKey - Local X25519 private key.
+ * @param remotePublicKey - Remote X25519 public key (CryptoKey).
+ * @returns Result containing the derived AES-256-GCM key or error.
+ */
+export declare function deriveSharedKeyECDH(localPrivateKey: CryptoKey, remotePublicKey: CryptoKey): Promise<Result<CryptoKey, KeyAgreementError>>;
+/**
+ * Perform sender-side ECDH key agreement.
+ *
+ * Generates an ephemeral X25519 key pair, derives a shared key
+ * with the recipient's static X25519 public key, and returns
+ * both the shared key and the ephemeral public key to include
+ * in the envelope.
+ *
+ * @param recipientX25519PubKey - Recipient's static X25519 public key.
+ * @returns Result containing the key agreement result or error.
+ */
+export declare function senderKeyAgreement(recipientX25519PubKey: CryptoKey): Promise<Result<KeyAgreementResult, KeyAgreementError>>;
+/**
+ * Perform receiver-side ECDH key agreement.
+ *
+ * Imports the sender's ephemeral public key from the envelope
+ * and derives the shared key using the receiver's static X25519
+ * private key.
+ *
+ * @param receiverPrivateKey - Receiver's static X25519 private key.
+ * @param senderEphemeralPubRaw - Sender's ephemeral public key (raw bytes).
+ * @returns Result containing the derived AES-256-GCM key or error.
+ */
+export declare function receiverKeyAgreement(receiverPrivateKey: CryptoKey, senderEphemeralPubRaw: Uint8Array): Promise<Result<CryptoKey, KeyAgreementError>>;
+/**
+ * Combine X25519 and ML-KEM shared secrets via HKDF-SHA256.
+ *
+ * Concatenates 32B X25519 + 32B ML-KEM shared secrets, runs HKDF
+ * with zero salt and 'xail-hybrid-kem-v2' info, outputs 256-bit AES key.
+ * Secure as long as either X25519 OR ML-KEM remains unbroken.
+ *
+ * @param x25519Shared - 32-byte raw X25519 ECDH shared bits.
+ * @param mlKemShared - 32-byte ML-KEM-768 shared secret.
+ * @returns AES-256-GCM CryptoKey derived from both secrets.
+ */
+export declare function combineSharedSecrets(x25519Shared: Uint8Array, mlKemShared: Uint8Array): Promise<Result<CryptoKey, KeyAgreementError>>;
+/**
+ * Perform sender-side hybrid key agreement (X25519 + ML-KEM-768).
+ *
+ * 1. Generate ephemeral X25519, ECDH → x25519SharedBits
+ * 2. ML-KEM-768 encapsulate → kemCiphertext + mlKemShared
+ * 3. HKDF(x25519Shared || mlKemShared) → AES-256-GCM key
+ *
+ * @param recipientX25519Pub - Recipient's static X25519 public key.
+ * @param recipientMlKemPub - Recipient's ML-KEM-768 public key (1184B).
+ * @returns Hybrid key agreement result with shared key, ephemeral pub, and KEM ciphertext.
+ */
+export declare function senderHybridKeyAgreement(recipientX25519Pub: CryptoKey, recipientMlKemPub: Uint8Array): Promise<Result<HybridKeyAgreementResult, KeyAgreementError>>;
+/**
+ * Perform receiver-side hybrid key agreement (X25519 + ML-KEM-768).
+ *
+ * 1. Import ephemeral X25519, ECDH → x25519SharedBits
+ * 2. ML-KEM-768 decapsulate → mlKemShared
+ * 3. HKDF(x25519Shared || mlKemShared) → same AES-256-GCM key
+ *
+ * @param x25519PrivateKey - Receiver's static X25519 private key.
+ * @param ephPubRaw - Sender's ephemeral X25519 public key (32B).
+ * @param kemCiphertext - ML-KEM-768 ciphertext from sender (1088B).
+ * @param mlKemSecretKey - Receiver's ML-KEM-768 secret key (2400B).
+ * @returns AES-256-GCM shared key or error.
+ */
+export declare function receiverHybridKeyAgreement(x25519PrivateKey: CryptoKey, ephPubRaw: Uint8Array, kemCiphertext: Uint8Array, mlKemSecretKey: Uint8Array): Promise<Result<CryptoKey, KeyAgreementError>>;