@private.me/xbind 1.3.0 → 2.3.4

package/dist-standalone/cjs/pairing-manager.js

@@ -1,223 +1 @@
-"use strict";
-/**
- * @module pairing-manager
- * Security validation for peer-to-peer device pairing via mDNS.
- *
- * Security properties:
- * - 16-byte cryptographically secure nonce (prevents replay attacks)
- * - 60-second timeout (limits attack window)
- * - User confirmation required on BOTH devices
- * - Nonce echo in response (prevents MITM substitution)
- * - Trust registry integration (stores paired DIDs with scopes)
- * - Gold Standard compliant (GS-CONNECT requirement #26, GS-SEC-RNG compliant)
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PairingManager = void 0;
-const shared_1 = require("../_deps/shared/index.js");
-/**
- * Pairing manager for secure peer-to-peer device pairing.
- *
- * Implements challenge-response protocol with user confirmation.
- * Integrates with trust registry for persistent pairing storage.
- */
-class PairingManager {
-    pendingNonces = new Map(); // nonce → timestamp
-    registry;
-    deviceDid;
-    /**
-     * Create pairing manager.
-     *
-     * @param deviceDid - DID of this device
-     * @param registry - Trust registry instance
-     */
-    constructor(deviceDid, registry) {
-        this.deviceDid = deviceDid;
-        this.registry = registry;
-        // Clean up expired nonces every 10 seconds
-        setInterval(() => {
-            const now = Date.now();
-            for (const [nonce, timestamp] of this.pendingNonces.entries()) {
-                if (now - timestamp > 60_000) {
-                    this.pendingNonces.delete(nonce);
-                }
-            }
-        }, 10_000);
-    }
-    /**
-     * Create pairing request.
-     *
-     * Generates cryptographically secure nonce and stores it for validation.
-     * Device A calls this before sending request to Device B.
-     *
-     * @returns Pairing request to send to remote device
-     *
-     * @example
-     * ```typescript
-     * const manager = new PairingManager('did:key:z6MkA...', registry);
-     * const request = manager.createRequest();
-     * // Send request to Device B via HTTP POST
-     * const response = await fetch(`${deviceB.endpoint}/pair`, {
-     *   method: 'POST',
-     *   body: JSON.stringify(request),
-     * });
-     * ```
-     */
-    createRequest() {
-        // Generate cryptographically secure nonce (GS-SEC-RNG: NEVER use Math.random)
-        const nonceBytes = new Uint8Array(16);
-        if (typeof globalThis.crypto !== 'undefined' && globalThis.crypto.getRandomValues) {
-            globalThis.crypto.getRandomValues(nonceBytes);
-        }
-        else {
-            // Node.js environment
-            // eslint-disable-next-line @typescript-eslint/no-var-requires
-            const crypto = require('node:crypto');
-            crypto.getRandomValues(nonceBytes);
-        }
-        const nonce = Array.from(nonceBytes)
-            .map((b) => b.toString(16).padStart(2, '0'))
-            .join('');
-        const timestamp = Date.now();
-        // Store nonce for validation (60-second TTL)
-        this.pendingNonces.set(nonce, timestamp);
-        return {
-            device_a_did: this.deviceDid,
-            nonce,
-            timestamp,
-        };
-    }
-    /**
-     * Validate pairing request.
-     *
-     * Checks timeout and nonce uniqueness.
-     * Device B calls this when receiving request from Device A.
-     *
-     * @param request - Pairing request from remote device
-     * @returns Ok if valid, Err with reason if invalid
-     *
-     * @example
-     * ```typescript
-     * // Device B receives request
-     * const validation = manager.validateRequest(request);
-     * if (!validation.ok) {
-     *   return res.status(400).json({ error: validation.error });
-     * }
-     * ```
-     */
-    validateRequest(request) {
-        // Check timeout (60-second window)
-        const age = Date.now() - request.timestamp;
-        if (age > 60_000) {
-            return (0, shared_1.err)(`Request expired (${Math.floor(age / 1000)}s old, max 60s)`);
-        }
-        if (age < 0) {
-            return (0, shared_1.err)('Request timestamp in the future (clock skew detected)');
-        }
-        // Check required fields
-        if (!request.device_a_did || !request.nonce || !request.timestamp) {
-            return (0, shared_1.err)('Missing required fields (device_a_did, nonce, timestamp)');
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    /**
-     * Accept pairing request.
-     *
-     * Shows UI prompt for user confirmation, then stores in trust registry.
-     * Device B calls this after validating request.
-     *
-     * @param request - Validated pairing request
-     * @param promptCallback - Async function to show UI prompt (returns true if accepted)
-     * @returns Pairing response to send back to Device A
-     *
-     * @example
-     * ```typescript
-     * const response = await manager.acceptPairing(request, async () => {
-     *   // Show modal: "Device {name} wants to pair. Accept?"
-     *   return await showConfirmationDialog({
-     *     title: 'Pair with Device?',
-     *     message: `DID: ${request.device_a_did.slice(0, 20)}...`,
-     *   });
-     * });
-     *
-     * if (response.ok && response.value.accepted) {
-     *   // Send response back to Device A
-     * }
-     * ```
-     */
-    async acceptPairing(request, promptCallback) {
-        // Validate request first
-        const validation = this.validateRequest(request);
-        if (!validation.ok) {
-            return (0, shared_1.err)(validation.error);
-        }
-        // Prompt user for confirmation
-        const accepted = await promptCallback();
-        if (accepted) {
-            // Store in trust registry (Device A → Device B)
-            const registerResult = await this.registry.register(request.device_a_did, new Uint8Array(32), 'Paired Device', ['pairing']);
-            if (!registerResult.ok) {
-                const errorMsg = typeof registerResult.error === 'string'
-                    ? registerResult.error
-                    : 'Unknown error';
-                return (0, shared_1.err)(`Failed to register pairing: ${errorMsg}`);
-            }
-        }
-        // Return response (echo nonce to prevent MITM)
-        return (0, shared_1.ok)({
-            device_b_did: this.deviceDid,
-            accepted,
-            nonce: request.nonce,
-        });
-    }
-    /**
-     * Finalize pairing.
-     *
-     * Verifies response nonce and stores remote DID in trust registry.
-     * Device A calls this after receiving response from Device B.
-     *
-     * @param response - Pairing response from Device B
-     * @param expectedNonce - Nonce from original request (for verification)
-     * @returns Ok if successful, Err if nonce mismatch or storage failed
-     *
-     * @example
-     * ```typescript
-     * const request = manager.createRequest();
-     * const response = await sendPairingRequest(deviceB.endpoint, request);
-     *
-     * const result = await manager.finalizePairing(response, request.nonce);
-     * if (result.ok) {
-     *   console.log('Pairing successful!');
-     * } else {
-     *   console.error('Pairing failed:', result.error);
-     * }
-     * ```
-     */
-    async finalizePairing(response, expectedNonce) {
-        // Verify nonce echo (prevents MITM substitution)
-        if (response.nonce !== expectedNonce) {
-            return (0, shared_1.err)('Nonce mismatch (possible MITM attack)');
-        }
-        // Check if pairing was accepted
-        if (!response.accepted) {
-            return (0, shared_1.err)('Pairing rejected by remote device');
-        }
-        // Remove nonce from pending set
-        this.pendingNonces.delete(expectedNonce);
-        // Store in trust registry (Device B → Device A)
-        const registerResult = await this.registry.register(response.device_b_did, new Uint8Array(32), 'Paired Device', ['pairing']);
-        if (!registerResult.ok) {
-            const errorMsg = typeof registerResult.error === 'string'
-                ? registerResult.error
-                : 'Unknown error';
-            return (0, shared_1.err)(`Failed to register pairing: ${errorMsg}`);
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    /**
-     * Get pending nonce count (for debugging/monitoring).
-     */
-    getPendingNonceCount() {
-        return this.pendingNonces.size;
-    }
-}
-exports.PairingManager = PairingManager;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.PairingManager=void 0;const shared_1=require("../_deps/shared/index.js");class PairingManager{pendingNonces=new Map;registry;deviceDid;constructor(e,r){this.deviceDid=e,this.registry=r,setInterval(()=>{const e=Date.now();for(const[r,i]of this.pendingNonces.entries())e-i>6e4&&this.pendingNonces.delete(r)},1e4)}createRequest(){const e=new Uint8Array(16);if(void 0!==globalThis.crypto&&globalThis.crypto.getRandomValues)globalThis.crypto.getRandomValues(e);else{require("node:crypto").getRandomValues(e)}const r=Array.from(e).map(e=>e.toString(16).padStart(2,"0")).join(""),i=Date.now();return this.pendingNonces.set(r,i),{device_a_did:this.deviceDid,nonce:r,timestamp:i}}validateRequest(e){const r=Date.now()-e.timestamp;return r>6e4?(0,shared_1.err)(`Request expired (${Math.floor(r/1e3)}s old, max 60s)`):r<0?(0,shared_1.err)("Request timestamp in the future (clock skew detected)"):e.device_a_did&&e.nonce&&e.timestamp?(0,shared_1.ok)(void 0):(0,shared_1.err)("Missing required fields (device_a_did, nonce, timestamp)")}async acceptPairing(e,r){const i=this.validateRequest(e);if(!i.ok)return(0,shared_1.err)(i.error);const t=await r();if(t){const r=await this.registry.register(e.device_a_did,new Uint8Array(32),"Paired Device",["pairing"]);if(!r.ok){const e="string"==typeof r.error?r.error:"Unknown error";return(0,shared_1.err)(`Failed to register pairing: ${e}`)}}return(0,shared_1.ok)({device_b_did:this.deviceDid,accepted:t,nonce:e.nonce})}async finalizePairing(e,r){if(e.nonce!==r)return(0,shared_1.err)("Nonce mismatch (possible MITM attack)");if(!e.accepted)return(0,shared_1.err)("Pairing rejected by remote device");this.pendingNonces.delete(r);const i=await this.registry.register(e.device_b_did,new Uint8Array(32),"Paired Device",["pairing"]);if(!i.ok){const e="string"==typeof i.error?i.error:"Unknown error";return(0,shared_1.err)(`Failed to register pairing: ${e}`)}return(0,shared_1.ok)(void 0)}getPendingNonceCount(){return this.pendingNonces.size}}exports.PairingManager=PairingManager;

package/dist-standalone/cjs/plugin-system.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.PluginBuilder=exports.MiddlewareChain=void 0,exports.createPluginContext=createPluginContext,exports.createPlugin=createPlugin;const shared_1=require("../_deps/shared/index.js");class MiddlewareChain{plugins=[];initialized=!1;constructor(e=[]){this.plugins=[...e].sort((e,r)=>(e.priority??100)-(r.priority??100))}register(e){return this.plugins.some(r=>r.name===e.name)?(0,shared_1.err)(`PLUGIN_ALREADY_REGISTERED:${e.name}`):(this.plugins.push(e),this.plugins.sort((e,r)=>(e.priority??100)-(r.priority??100)),(0,shared_1.ok)(void 0))}unregister(e){const r=this.plugins.findIndex(r=>r.name===e);return-1===r?(0,shared_1.err)(`PLUGIN_NOT_FOUND:${e}`):(this.plugins.splice(r,1),(0,shared_1.ok)(void 0))}getPlugins(){return[...this.plugins]}async initialize(){if(this.initialized)return(0,shared_1.ok)(void 0);for(const e of this.plugins)if(e.onInit){const r=await e.onInit();if(!1===r.ok)return(0,shared_1.err)(`PLUGIN_INIT_FAILED:${e.name}:${r.error}`)}return this.initialized=!0,(0,shared_1.ok)(void 0)}async destroy(){const e=[];for(const r of this.plugins)if(r.onDestroy){const t=await r.onDestroy();!1===t.ok&&e.push(`${r.name}:${t.error}`)}return this.initialized=!1,e.length>0?(0,shared_1.err)(`PLUGIN_DESTROY_FAILED:${e.join(",")}`):(0,shared_1.ok)(void 0)}async executeSend(e,r){if(!this.initialized)return(0,shared_1.err)("MIDDLEWARE_NOT_INITIALIZED");let t=e;for(const e of this.plugins)if(e.onSend){const i=await e.onSend(t,r);if(!1===i.ok)return(0,shared_1.err)(`PLUGIN_HOOK_FAILED:${e.name}:${i.error}`);const n=i.value;if(n.abort)return(0,shared_1.err)(`PLUGIN_ABORTED:${e.name}:${n.reason??"no reason"}`);t=n.payload,n.metadata&&Object.assign(r.metadata,n.metadata)}return(0,shared_1.ok)(t)}async executeReceive(e,r){if(!this.initialized)return(0,shared_1.err)("MIDDLEWARE_NOT_INITIALIZED");let t=e;for(const e of this.plugins)if(e.onReceive){const i=await e.onReceive(t,r);if(!1===i.ok)return(0,shared_1.err)(`PLUGIN_HOOK_FAILED:${e.name}:${i.error}`);const n=i.value;if(n.abort)return(0,shared_1.err)(`PLUGIN_ABORTED:${e.name}:${n.reason??"no reason"}`);t=n.payload,n.metadata&&Object.assign(r.metadata,n.metadata)}return(0,shared_1.ok)(t)}async executeEncrypt(e,r){if(!this.initialized)return(0,shared_1.err)("MIDDLEWARE_NOT_INITIALIZED");let t=e;for(const e of this.plugins)if(e.onEncrypt){const i=await e.onEncrypt(t,r);if(!1===i.ok)return(0,shared_1.err)(`PLUGIN_HOOK_FAILED:${e.name}:${i.error}`);const n=i.value;if(n.abort)return(0,shared_1.err)(`PLUGIN_ABORTED:${e.name}:${n.reason??"no reason"}`);t=n.payload,n.metadata&&Object.assign(r.metadata,n.metadata)}return(0,shared_1.ok)(t)}async executeDecrypt(e,r){if(!this.initialized)return(0,shared_1.err)("MIDDLEWARE_NOT_INITIALIZED");let t=e;for(const e of this.plugins)if(e.onDecrypt){const i=await e.onDecrypt(t,r);if(!1===i.ok)return(0,shared_1.err)(`PLUGIN_HOOK_FAILED:${e.name}:${i.error}`);const n=i.value;if(n.abort)return(0,shared_1.err)(`PLUGIN_ABORTED:${e.name}:${n.reason??"no reason"}`);t=n.payload,n.metadata&&Object.assign(r.metadata,n.metadata)}return(0,shared_1.ok)(t)}}function createPluginContext(e,r={}){return{agent:e,recipient:r.recipient,scope:r.scope,timestamp:r.timestamp??Date.now(),state:r.state??new Map,metadata:r.metadata??{}}}exports.MiddlewareChain=MiddlewareChain;class PluginBuilder{plugin={};constructor(e,r){this.plugin.name=e,this.plugin.version=r}description(e){return this.plugin.description=e,this}priority(e){return this.plugin.priority=e,this}onSend(e){return this.plugin.onSend=e,this}onReceive(e){return this.plugin.onReceive=e,this}onEncrypt(e){return this.plugin.onEncrypt=e,this}onDecrypt(e){return this.plugin.onDecrypt=e,this}onInit(e){return this.plugin.onInit=e,this}onDestroy(e){return this.plugin.onDestroy=e,this}build(){if(!this.plugin.name||!this.plugin.version)throw new Error("Plugin name and version are required");return this.plugin}}function createPlugin(e,r){return new PluginBuilder(e,r)}exports.PluginBuilder=PluginBuilder;

package/dist-standalone/cjs/plugins/logging.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.LoggingPlugin=exports.LogLevel=void 0,exports.createLoggingPlugin=createLoggingPlugin;const shared_1=require("../../_deps/shared/index.js");var LogLevel;!function(e){e.DEBUG="debug",e.INFO="info",e.WARN="warn",e.ERROR="error"}(LogLevel||(exports.LogLevel=LogLevel={}));class LoggingPlugin{name="logging";version="1.0.0";description="Captures message processing events for debugging and audit trails";priority=10;options;logs=[];constructor(e={}){this.options={level:e.level??LogLevel.INFO,includeSize:e.includeSize??!0,includeMetadata:e.includeMetadata??!1,logHandler:e.logHandler??(e=>console.log(JSON.stringify(e))),filter:e.filter??(()=>!0)}}onInit(){return this.log({timestamp:(new Date).toISOString(),level:LogLevel.INFO,event:"send",agent:"system",metadata:{message:"Logging plugin initialized"}}),(0,shared_1.ok)(void 0)}onDestroy(){return this.log({timestamp:(new Date).toISOString(),level:LogLevel.INFO,event:"send",agent:"system",metadata:{message:"Logging plugin destroyed",totalLogs:this.logs.length}}),this.logs=[],(0,shared_1.ok)(void 0)}onSend(e,t){const i=this.options.includeSize?this.estimateSize(e):void 0;return this.log({timestamp:(new Date).toISOString(),level:LogLevel.INFO,event:"send",agent:t.agent.did,recipient:t.recipient,scope:t.scope,payloadSize:i,metadata:this.options.includeMetadata?t.metadata:void 0}),(0,shared_1.ok)({payload:e})}onReceive(e,t){const i=this.options.includeSize?this.estimateSize(e):void 0;return this.log({timestamp:(new Date).toISOString(),level:LogLevel.INFO,event:"receive",agent:t.agent.did,recipient:e.sender,scope:t.scope,payloadSize:i,metadata:this.options.includeMetadata?t.metadata:void 0}),(0,shared_1.ok)({payload:e})}onEncrypt(e,t){return this.log({timestamp:(new Date).toISOString(),level:LogLevel.DEBUG,event:"encrypt",agent:t.agent.did,recipient:t.recipient,scope:t.scope,payloadSize:this.options.includeSize?e.length:void 0,metadata:this.options.includeMetadata?t.metadata:void 0}),(0,shared_1.ok)({payload:e})}onDecrypt(e,t){return this.log({timestamp:(new Date).toISOString(),level:LogLevel.DEBUG,event:"decrypt",agent:t.agent.did,scope:t.scope,payloadSize:this.options.includeSize?e.length:void 0,metadata:this.options.includeMetadata?t.metadata:void 0}),(0,shared_1.ok)({payload:e})}getLogs(){return[...this.logs]}clearLogs(){this.logs=[]}getFilteredLogs(e){return this.logs.filter(e)}log(e){this.shouldLog(e.level)&&this.options.filter(e)&&(this.logs.push(e),this.options.logHandler(e))}shouldLog(e){const t=[LogLevel.DEBUG,LogLevel.INFO,LogLevel.WARN,LogLevel.ERROR],i=t.indexOf(this.options.level);return t.indexOf(e)>=i}estimateSize(e){if(e instanceof Uint8Array)return e.length;try{return JSON.stringify(e).length}catch{return 0}}}function createLoggingPlugin(e){return new LoggingPlugin(e)}exports.LoggingPlugin=LoggingPlugin;

package/dist-standalone/cjs/plugins/metrics.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MetricsPlugin=void 0,exports.createMetricsPlugin=createMetricsPlugin;const shared_1=require("../../_deps/shared/index.js");class MetricsPlugin{name="metrics";version="1.0.0";description="Tracks performance metrics, message counts, and error rates";priority=20;options;metrics=[];startTime=Date.now();exportTimer;constructor(t={}){this.options={highResolution:t.highResolution??!0,maxMetrics:t.maxMetrics??1e4,onExport:t.onExport??(()=>{}),exportInterval:t.exportInterval??6e4}}onInit(){return this.startTime=Date.now(),this.options.exportInterval>0&&(this.exportTimer=setInterval(()=>{this.export()},this.options.exportInterval)),(0,shared_1.ok)(void 0)}onDestroy(){return this.exportTimer&&(clearInterval(this.exportTimer),this.exportTimer=void 0),this.export(),this.metrics=[],(0,shared_1.ok)(void 0)}onSend(t,e){const r=this.now(),s=this.now();return this.record({timestamp:Date.now(),event:"send",duration:s-r,success:!0}),(0,shared_1.ok)({payload:t})}onReceive(t,e){const r=this.now(),s=this.now();return this.record({timestamp:Date.now(),event:"receive",duration:s-r,success:!0}),(0,shared_1.ok)({payload:t})}onEncrypt(t,e){const r=this.now(),s=this.now();return this.record({timestamp:Date.now(),event:"encrypt",duration:s-r,success:!0}),(0,shared_1.ok)({payload:t})}onDecrypt(t,e){const r=this.now(),s=this.now();return this.record({timestamp:Date.now(),event:"decrypt",duration:s-r,success:!0}),(0,shared_1.ok)({payload:t})}getMetrics(){return[...this.metrics]}getAggregatedMetrics(){const t=this.metrics.filter(t=>"send"===t.event),e=this.metrics.filter(t=>"receive"===t.event),r=this.metrics.filter(t=>"encrypt"===t.event),s=this.metrics.filter(t=>"decrypt"===t.event),i=this.metrics.filter(t=>!t.success),n=t=>0===t.length?0:t.reduce((t,e)=>t+e.duration,0)/t.length,o=this.metrics.length;return{totalSends:t.length,totalReceives:e.length,totalEncrypts:r.length,totalDecrypts:s.length,avgSendDuration:n(t),avgReceiveDuration:n(e),avgEncryptDuration:n(r),avgDecryptDuration:n(s),totalErrors:i.length,errorRate:o>0?i.length/o:0,uptime:Date.now()-this.startTime}}clearMetrics(){this.metrics=[],this.startTime=Date.now()}export(){this.metrics.length>0&&this.options.onExport([...this.metrics])}getMetricsInRange(t,e){return this.metrics.filter(r=>r.timestamp>=t&&r.timestamp<=e)}getMetricsByEvent(t){return this.metrics.filter(e=>e.event===t)}record(t){this.metrics.push(t),this.metrics.length>this.options.maxMetrics&&this.metrics.shift()}now(){return this.options.highResolution&&"undefined"!=typeof performance?performance.now():Date.now()}}function createMetricsPlugin(t){return new MetricsPlugin(t)}exports.MetricsPlugin=MetricsPlugin;

package/dist-standalone/cjs/plugins/validation.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CommonRules=exports.ValidationPlugin=void 0,exports.createValidationPlugin=createValidationPlugin;const shared_1=require("../../_deps/shared/index.js");class ValidationPlugin{name="validation";version="1.0.0";description="Validates payloads and envelopes before processing";priority=5;options;validationErrors=[];constructor(e={}){this.options={maxPayloadSize:e.maxPayloadSize??10485760,maxEnvelopeSize:e.maxEnvelopeSize??15728640,allowedScopes:e.allowedScopes??[],customRules:e.customRules??[],strictMode:e.strictMode??!1,validateSchema:e.validateSchema??!1}}onInit(){return(0,shared_1.ok)(void 0)}onDestroy(){return this.validationErrors=[],(0,shared_1.ok)(void 0)}onSend(e,r){const t=this.validatePayloadSize(e);if(!1===t.ok)return this.recordError("payload_size",t.error),(0,shared_1.err)(t.error);if(r.scope){const e=this.validateScope(r.scope);if(!1===e.ok)return this.recordError("scope",e.error),(0,shared_1.err)(e.error)}const i=this.validatePayloadStructure(e);if(!1===i.ok)return this.recordError("payload_structure",i.error),(0,shared_1.err)(i.error);for(const t of this.options.customRules)if(!t.appliesTo||t.appliesTo.includes("send")){const i=t.validate(e,r);if(i)return this.recordError(t.name,i),(0,shared_1.err)(`VALIDATION_FAILED:${t.name}:${i}`)}return(0,shared_1.ok)({payload:e})}onReceive(e,r){const t=this.validateEnvelopeSize(e);if(!1===t.ok)return this.recordError("envelope_size",t.error),(0,shared_1.err)(t.error);const i=this.validateEnvelopeStructure(e);if(!1===i.ok)return this.recordError("envelope_structure",i.error),(0,shared_1.err)(i.error);for(const t of this.options.customRules)if(!t.appliesTo||t.appliesTo.includes("receive")){const i=t.validate(e,r);if(i)return this.recordError(t.name,i),(0,shared_1.err)(`VALIDATION_FAILED:${t.name}:${i}`)}return(0,shared_1.ok)({payload:e})}onEncrypt(e,r){if(0===e.length)return this.recordError("plaintext_empty","Plaintext cannot be empty"),(0,shared_1.err)("VALIDATION_FAILED:PLAINTEXT_EMPTY");if(e.length>this.options.maxPayloadSize)return this.recordError("plaintext_size",`Plaintext exceeds max size: ${e.length} bytes`),(0,shared_1.err)(`VALIDATION_FAILED:PLAINTEXT_TOO_LARGE:${e.length}`);for(const t of this.options.customRules)if(!t.appliesTo||t.appliesTo.includes("encrypt")){const i=t.validate(e,r);if(i)return this.recordError(t.name,i),(0,shared_1.err)(`VALIDATION_FAILED:${t.name}:${i}`)}return(0,shared_1.ok)({payload:e})}onDecrypt(e,r){if(0===e.length)return this.recordError("plaintext_empty","Decrypted plaintext is empty"),(0,shared_1.err)("VALIDATION_FAILED:DECRYPTED_EMPTY");for(const t of this.options.customRules)if(!t.appliesTo||t.appliesTo.includes("decrypt")){const i=t.validate(e,r);if(i)return this.recordError(t.name,i),(0,shared_1.err)(`VALIDATION_FAILED:${t.name}:${i}`)}return(0,shared_1.ok)({payload:e})}getValidationErrors(){return[...this.validationErrors]}clearErrors(){this.validationErrors=[]}addRule(e){this.options.customRules.push(e)}removeRule(e){const r=this.options.customRules.findIndex(r=>r.name===e);return-1!==r&&(this.options.customRules.splice(r,1),!0)}validatePayloadSize(e){const r=this.estimateSize(e);return r>this.options.maxPayloadSize?(0,shared_1.err)(`VALIDATION_FAILED:PAYLOAD_TOO_LARGE:${r}>${this.options.maxPayloadSize}`):(0,shared_1.ok)(void 0)}validateEnvelopeSize(e){const r=this.estimateSize(e);return r>this.options.maxEnvelopeSize?(0,shared_1.err)(`VALIDATION_FAILED:ENVELOPE_TOO_LARGE:${r}>${this.options.maxEnvelopeSize}`):(0,shared_1.ok)(void 0)}validateScope(e){return this.options.allowedScopes.length>0&&!this.options.allowedScopes.includes(e)?(0,shared_1.err)(`VALIDATION_FAILED:SCOPE_NOT_ALLOWED:${e}`):(0,shared_1.ok)(void 0)}validatePayloadStructure(e){if(null==e)return(0,shared_1.err)("VALIDATION_FAILED:PAYLOAD_NULL_OR_UNDEFINED");try{JSON.stringify(e)}catch(e){return(0,shared_1.err)(`VALIDATION_FAILED:PAYLOAD_NOT_SERIALIZABLE:${String(e)}`)}return(0,shared_1.ok)(void 0)}validateEnvelopeStructure(e){return"v"in e||"version"in e?e.sender?e.recipient?"payload"in e||"ciphertext"in e?(0,shared_1.ok)(void 0):(0,shared_1.err)("VALIDATION_FAILED:ENVELOPE_MISSING_CIPHERTEXT"):(0,shared_1.err)("VALIDATION_FAILED:ENVELOPE_MISSING_RECIPIENT"):(0,shared_1.err)("VALIDATION_FAILED:ENVELOPE_MISSING_SENDER"):(0,shared_1.err)("VALIDATION_FAILED:ENVELOPE_MISSING_VERSION")}estimateSize(e){if(e instanceof Uint8Array)return e.length;try{return JSON.stringify(e).length}catch{return 0}}recordError(e,r){this.validationErrors.push({timestamp:Date.now(),rule:e,error:r}),this.validationErrors.length>1e3&&this.validationErrors.shift()}}function createValidationPlugin(e){return new ValidationPlugin(e)}exports.ValidationPlugin=ValidationPlugin,exports.CommonRules={requireFields:e=>({name:"require_fields",appliesTo:["send"],validate:r=>{if("object"!=typeof r||null===r)return"Payload must be an object";const t=r,i=e.filter(e=>!(e in t));return i.length>0?`Missing required fields: ${i.join(", ")}`:null}}),validateDIDFormat:()=>({name:"did_format",appliesTo:["send","receive"],validate:(e,r)=>r.recipient&&!r.recipient.startsWith("did:")?`Invalid DID format: ${r.recipient}`:null}),validateTimestamp:(e=3e5)=>({name:"timestamp_freshness",appliesTo:["receive"],validate:(r,t)=>{const i=Date.now()-t.timestamp;return i>e?`Timestamp too old: ${i}ms > ${e}ms`:null}})};

package/dist-standalone/cjs/policy.js

@@ -1,320 +1 @@
-"use strict";
-/**
- * @module policy
- * PolicyEngine for agent.call() constraint enforcement
- *
- * Enforces spending limits, rate limits, scope restrictions, and data filters
- * on agent tool calls. Separate from SecurityPolicy (risk classification).
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PolicyEngine = void 0;
-exports.getGlobalPolicyEngine = getGlobalPolicyEngine;
-const shared_1 = require("../_deps/shared/index.js");
-const agent_call_js_1 = require("./agent-call.js");
-/**
- * PolicyEngine - Enforces constraints on agent.call() requests
- *
- * Tracks:
- * - Per-transaction spending limits
- * - Daily spending limits
- * - Rate limits (calls per minute)
- * - Allowed tools/scopes
- *
- * Thread-safe for concurrent requests from the same agent.
- */
-class PolicyEngine {
-    /** Rate limit tracker by agent DID */
-    rateLimits = new Map();
-    /** Daily spending tracker by agent DID */
-    dailySpending = new Map();
-    /** Monthly spending tracker by agent DID */
-    monthlySpending = new Map();
-    /**
-     * Evaluate a policy against a request
-     *
-     * @param agentDID - Agent DID making the request
-     * @param tool - Tool being called (e.g., "stripe:createCharge")
-     * @param params - Tool parameters
-     * @param constraints - Policy constraints to enforce
-     * @returns Policy evaluation result
-     */
-    evaluate(agentDID, tool, params, constraints) {
-        // Check allowed tools
-        if (constraints.allowedTools && constraints.allowedTools.length > 0) {
-            const [service] = tool.split(':');
-            const isAllowed = constraints.allowedTools.some((allowed) => allowed === tool || allowed === `${service}:*` || allowed === '*');
-            if (!isAllowed) {
-                const details = {
-                    requested: tool,
-                    allowed: constraints.allowedTools,
-                    constraint: 'tool',
-                    fix: `Update policy.allowedTools to include "${tool}" or "${service}:*" or request approval`,
-                };
-                return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Tool "${tool}" is not allowed by policy`, details));
-            }
-        }
-        // Check scopes
-        if (constraints.scopes && constraints.scopes.length > 0) {
-            // Extract scope from params if present
-            const scope = typeof params === 'object' && params !== null && 'scope' in params
-                ? params.scope
-                : undefined;
-            if (scope && !constraints.scopes.includes(scope)) {
-                const details = {
-                    requested: scope,
-                    allowed: constraints.scopes,
-                    constraint: 'scope',
-                    fix: `Update policy.scopes to include "${scope}" or request additional permissions`,
-                };
-                return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Scope "${scope}" is not allowed by policy`, details));
-            }
-        }
-        // Check rate limits
-        if (constraints.limits?.callsPerMinute) {
-            const rateCheck = this.checkRateLimit(agentDID, constraints.limits.callsPerMinute);
-            if (!rateCheck.ok) {
-                return rateCheck;
-            }
-        }
-        // Check spending limits (if amount is in params)
-        const amount = this.extractAmount(params);
-        if (amount !== null) {
-            // Check per-transaction limit
-            if (constraints.limits?.amountPerTxn && amount > constraints.limits.amountPerTxn) {
-                const details = {
-                    requested: amount,
-                    allowed: constraints.limits.amountPerTxn,
-                    constraint: 'amountPerTxn',
-                    fix: `Reduce amount to ${constraints.limits.amountPerTxn} or less, or update policy.limits.amountPerTxn`,
-                };
-                return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} exceeds per-transaction limit of ${constraints.limits.amountPerTxn}`, details));
-            }
-            // Check daily limit
-            if (constraints.limits?.dailyAmount) {
-                const dailyCheck = this.checkDailyLimit(agentDID, amount, constraints.limits.dailyAmount);
-                if (!dailyCheck.ok) {
-                    return dailyCheck;
-                }
-            }
-            // Check monthly limit
-            if (constraints.limits?.monthlyAmount) {
-                const monthlyCheck = this.checkMonthlyLimit(agentDID, amount, constraints.limits.monthlyAmount);
-                if (!monthlyCheck.ok) {
-                    return monthlyCheck;
-                }
-            }
-        }
-        // All checks passed
-        return (0, shared_1.ok)(undefined);
-    }
-    /**
-     * Record a successful call (for rate limiting)
-     *
-     * @param agentDID - Agent DID
-     */
-    recordCall(agentDID) {
-        const now = Date.now();
-        const entry = this.rateLimits.get(agentDID) ?? {
-            calls: [],
-            windowStart: now,
-        };
-        entry.calls.push(now);
-        // Clean up old calls (older than 1 minute)
-        const oneMinuteAgo = now - 60000;
-        entry.calls = entry.calls.filter((timestamp) => timestamp > oneMinuteAgo);
-        this.rateLimits.set(agentDID, entry);
-    }
-    /**
-     * Record successful spending (for daily and monthly limits)
-     *
-     * @param agentDID - Agent DID
-     * @param amount - Amount spent
-     */
-    recordSpending(agentDID, amount) {
-        const today = this.getCurrentDay();
-        const thisMonth = this.getCurrentMonth();
-        // Update daily spending
-        const dailyEntry = this.dailySpending.get(agentDID);
-        if (dailyEntry && dailyEntry.day === today) {
-            dailyEntry.amount += amount;
-        }
-        else {
-            this.dailySpending.set(agentDID, {
-                amount,
-                day: today,
-            });
-        }
-        // Update monthly spending
-        const monthlyEntry = this.monthlySpending.get(agentDID);
-        if (monthlyEntry && monthlyEntry.month === thisMonth) {
-            monthlyEntry.amount += amount;
-        }
-        else {
-            this.monthlySpending.set(agentDID, {
-                amount,
-                month: thisMonth,
-            });
-        }
-    }
-    /**
-     * Get current rate limit status for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Calls in current minute
-     */
-    getCurrentRateLimit(agentDID) {
-        const entry = this.rateLimits.get(agentDID);
-        if (!entry)
-            return 0;
-        const now = Date.now();
-        const oneMinuteAgo = now - 60000;
-        // Count calls in last minute
-        return entry.calls.filter((timestamp) => timestamp > oneMinuteAgo).length;
-    }
-    /**
-     * Get current daily spending for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Amount spent today
-     */
-    getDailySpending(agentDID) {
-        const today = this.getCurrentDay();
-        const entry = this.dailySpending.get(agentDID);
-        if (!entry || entry.day !== today)
-            return 0;
-        return entry.amount;
-    }
-    /**
-     * Get current monthly spending for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Amount spent this month
-     */
-    getMonthlySpending(agentDID) {
-        const thisMonth = this.getCurrentMonth();
-        const entry = this.monthlySpending.get(agentDID);
-        if (!entry || entry.month !== thisMonth)
-            return 0;
-        return entry.amount;
-    }
-    /**
-     * Reset all limits for an agent (for testing)
-     *
-     * @param agentDID - Agent DID
-     */
-    reset(agentDID) {
-        this.rateLimits.delete(agentDID);
-        this.dailySpending.delete(agentDID);
-        this.monthlySpending.delete(agentDID);
-    }
-    /**
-     * Check rate limit
-     */
-    checkRateLimit(agentDID, limit) {
-        const current = this.getCurrentRateLimit(agentDID);
-        if (current >= limit) {
-            const details = {
-                requested: current + 1,
-                allowed: limit,
-                constraint: 'callsPerMinute',
-                current,
-                fix: `Wait before making additional calls, or update policy.limits.callsPerMinute to a higher value`,
-            };
-            return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Rate limit exceeded: ${current}/${limit} calls per minute`, details));
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    /**
-     * Check daily spending limit
-     */
-    checkDailyLimit(agentDID, amount, limit) {
-        const current = this.getDailySpending(agentDID);
-        const newTotal = current + amount;
-        if (newTotal > limit) {
-            const remaining = limit - current;
-            const details = {
-                requested: amount,
-                allowed: limit,
-                constraint: 'dailyAmount',
-                current,
-                newTotal,
-                fix: remaining > 0
-                    ? `Reduce amount to ${remaining} or less (remaining today), or update policy.limits.dailyAmount`
-                    : `Daily limit already reached. Wait until tomorrow or update policy.limits.dailyAmount`,
-            };
-            return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} would exceed daily limit: ${newTotal}/${limit} (current: ${current})`, details));
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    /**
-     * Extract amount from params
-     */
-    extractAmount(params) {
-        if (typeof params !== 'object' || params === null)
-            return null;
-        const obj = params;
-        // Check common amount field names
-        if (typeof obj.amount === 'number')
-            return obj.amount;
-        if (typeof obj.value === 'number')
-            return obj.value;
-        if (typeof obj.price === 'number')
-            return obj.price;
-        if (typeof obj.total === 'number')
-            return obj.total;
-        return null;
-    }
-    /**
-     * Get current day identifier (YYYY-MM-DD in UTC)
-     */
-    getCurrentDay() {
-        const now = new Date();
-        return now.toISOString().split('T')[0] ?? '';
-    }
-    /**
-     * Get current month identifier (YYYY-MM in UTC)
-     */
-    getCurrentMonth() {
-        const now = new Date();
-        const iso = now.toISOString();
-        return iso.substring(0, 7); // YYYY-MM
-    }
-    /**
-     * Check monthly spending limit
-     */
-    checkMonthlyLimit(agentDID, amount, limit) {
-        const current = this.getMonthlySpending(agentDID);
-        const newTotal = current + amount;
-        if (newTotal > limit) {
-            const remaining = limit - current;
-            const details = {
-                requested: amount,
-                allowed: limit,
-                constraint: 'dailyAmount', // Reuse constraint type (will add monthlyAmount later)
-                current,
-                newTotal,
-                fix: remaining > 0
-                    ? `Reduce amount to ${remaining} or less (remaining this month), or update policy.limits.monthlyAmount`
-                    : `Monthly limit already reached. Wait until next month or update policy.limits.monthlyAmount`,
-            };
-            return (0, shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} would exceed monthly limit: ${newTotal}/${limit} (current: ${current})`, details));
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-}
-exports.PolicyEngine = PolicyEngine;
-/**
- * Global policy engine instance (singleton)
- */
-let globalPolicyEngine = null;
-/**
- * Get the global policy engine instance
- *
- * @returns PolicyEngine instance
- */
-function getGlobalPolicyEngine() {
-    if (!globalPolicyEngine) {
-        globalPolicyEngine = new PolicyEngine();
-    }
-    return globalPolicyEngine;
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.PolicyEngine=void 0,exports.getGlobalPolicyEngine=getGlobalPolicyEngine;const shared_1=require("../_deps/shared/index.js"),agent_call_js_1=require("./agent-call.js");class PolicyEngine{rateLimits=new Map;dailySpending=new Map;monthlySpending=new Map;evaluate(t,e,n,o){if(o.allowedTools&&o.allowedTools.length>0){const[t]=e.split(":");if(!o.allowedTools.some(n=>n===e||n===`${t}:*`||"*"===n)){const n={requested:e,allowed:o.allowedTools,constraint:"tool",fix:`Update policy.allowedTools to include "${e}" or "${t}:*" or request approval`};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Tool "${e}" is not allowed by policy`,n))}}if(o.scopes&&o.scopes.length>0){const t="object"==typeof n&&null!==n&&"scope"in n?n.scope:void 0;if(t&&!o.scopes.includes(t)){const e={requested:t,allowed:o.scopes,constraint:"scope",fix:`Update policy.scopes to include "${t}" or request additional permissions`};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Scope "${t}" is not allowed by policy`,e))}}if(o.limits?.callsPerMinute){const e=this.checkRateLimit(t,o.limits.callsPerMinute);if(!e.ok)return e}const i=this.extractAmount(n);if(null!==i){if(o.limits?.amountPerTxn&&i>o.limits.amountPerTxn){const t={requested:i,allowed:o.limits.amountPerTxn,constraint:"amountPerTxn",fix:`Reduce amount to ${o.limits.amountPerTxn} or less, or update policy.limits.amountPerTxn`};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Amount ${i} exceeds per-transaction limit of ${o.limits.amountPerTxn}`,t))}if(o.limits?.dailyAmount){const e=this.checkDailyLimit(t,i,o.limits.dailyAmount);if(!e.ok)return e}if(o.limits?.monthlyAmount){const e=this.checkMonthlyLimit(t,i,o.limits.monthlyAmount);if(!e.ok)return e}}return(0,shared_1.ok)(void 0)}recordCall(t){const e=Date.now(),n=this.rateLimits.get(t)??{calls:[],windowStart:e};n.calls.push(e);const o=e-6e4;n.calls=n.calls.filter(t=>t>o),this.rateLimits.set(t,n)}recordSpending(t,e){const n=this.getCurrentDay(),o=this.getCurrentMonth(),i=this.dailySpending.get(t);i&&i.day===n?i.amount+=e:this.dailySpending.set(t,{amount:e,day:n});const l=this.monthlySpending.get(t);l&&l.month===o?l.amount+=e:this.monthlySpending.set(t,{amount:e,month:o})}getCurrentRateLimit(t){const e=this.rateLimits.get(t);if(!e)return 0;const n=Date.now()-6e4;return e.calls.filter(t=>t>n).length}getDailySpending(t){const e=this.getCurrentDay(),n=this.dailySpending.get(t);return n&&n.day===e?n.amount:0}getMonthlySpending(t){const e=this.getCurrentMonth(),n=this.monthlySpending.get(t);return n&&n.month===e?n.amount:0}reset(t){this.rateLimits.delete(t),this.dailySpending.delete(t),this.monthlySpending.delete(t)}checkRateLimit(t,e){const n=this.getCurrentRateLimit(t);if(n>=e){const t={requested:n+1,allowed:e,constraint:"callsPerMinute",current:n,fix:"Wait before making additional calls, or update policy.limits.callsPerMinute to a higher value"};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Rate limit exceeded: ${n}/${e} calls per minute`,t))}return(0,shared_1.ok)(void 0)}checkDailyLimit(t,e,n){const o=this.getDailySpending(t),i=o+e;if(i>n){const t=n-o,l={requested:e,allowed:n,constraint:"dailyAmount",current:o,newTotal:i,fix:t>0?`Reduce amount to ${t} or less (remaining today), or update policy.limits.dailyAmount`:"Daily limit already reached. Wait until tomorrow or update policy.limits.dailyAmount"};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Amount ${e} would exceed daily limit: ${i}/${n} (current: ${o})`,l))}return(0,shared_1.ok)(void 0)}extractAmount(t){if("object"!=typeof t||null===t)return null;const e=t;return"number"==typeof e.amount?e.amount:"number"==typeof e.value?e.value:"number"==typeof e.price?e.price:"number"==typeof e.total?e.total:null}getCurrentDay(){return(new Date).toISOString().split("T")[0]??""}getCurrentMonth(){return(new Date).toISOString().substring(0,7)}checkMonthlyLimit(t,e,n){const o=this.getMonthlySpending(t),i=o+e;if(i>n){const t=n-o,l={requested:e,allowed:n,constraint:"dailyAmount",current:o,newTotal:i,fix:t>0?`Reduce amount to ${t} or less (remaining this month), or update policy.limits.monthlyAmount`:"Monthly limit already reached. Wait until next month or update policy.limits.monthlyAmount"};return(0,shared_1.err)(new agent_call_js_1.AgentError(agent_call_js_1.AgentErrorCode.POLICY_VIOLATION,`Amount ${e} would exceed monthly limit: ${i}/${n} (current: ${o})`,l))}return(0,shared_1.ok)(void 0)}}exports.PolicyEngine=PolicyEngine;let globalPolicyEngine=null;function getGlobalPolicyEngine(){return globalPolicyEngine||(globalPolicyEngine=new PolicyEngine),globalPolicyEngine}

package/dist-standalone/cjs/progress-callbacks.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.EncryptionProgressTracker=exports.ShareDistributionTracker=exports.TransferProgressTracker=exports.OperationProgressTracker=void 0;const ux_helpers_1=require("../_deps/ux-helpers/index.js");class OperationProgressTracker{callback;throttleMs;lastUpdateTime=0;currentStage="";currentStageWeight=0;currentStageProgress=0;completedWeight=0;metadata={};constructor(t,e){this.callback=t,this.throttleMs=e?.throttleMs??100}startStage(t,e,s){this.currentStage=t,this.currentStageWeight=Math.max(0,Math.min(100,e)),this.currentStageProgress=0,this.reportProgress(s??`Starting ${t}...`)}updateStageProgress(t,e,s){this.currentStageProgress=Math.max(0,Math.min(100,t)),s&&(this.metadata={...this.metadata,...s});const r=e??`${this.currentStage} (${Math.round(t)}%)`;this.reportProgress(r)}completeStage(){this.currentStageProgress=100,this.completedWeight+=this.currentStageWeight,this.reportProgress(`${this.currentStage} complete`),this.currentStage="",this.currentStageWeight=0,this.currentStageProgress=0}complete(){this.completedWeight=100,this.currentStageProgress=100,this.reportProgress("Complete")}getProgress(){const t=this.currentStageWeight*this.currentStageProgress/100;return Math.min(100,this.completedWeight+t)}updateMetadata(t){this.metadata={...this.metadata,...t}}reportProgress(t){if(!this.callback)return;const e=Date.now();if(e-this.lastUpdateTime<this.throttleMs){if(this.getProgress()<100)return}this.lastUpdateTime=e;const s=this.getProgress();if(this.isEnhancedCallback(this.callback)){const e={stage:this.currentStage,progress:s,stageProgress:this.currentStageProgress,status:t,metadata:Object.keys(this.metadata).length>0?this.metadata:void 0};this.callback(e)}else this.callback(t,s)}isEnhancedCallback(t){return 1===t.length}}exports.OperationProgressTracker=OperationProgressTracker;class TransferProgressTracker{totalBytes;callback;reporter;throttleMs;bytesTransferred=0;startTime=Date.now();lastUpdateTime=0;samples=[];maxSamples=10;constructor(t,e,s=100){this.totalBytes=t,this.callback=e,this.throttleMs=s,this.reporter=new ux_helpers_1.ProgressReporter("function"==typeof e&&2===e.length?e:void 0)}addTransferred(t){this.bytesTransferred+=t;const e=Date.now();this.samples.push({time:e,bytes:this.bytesTransferred}),this.samples.length>this.maxSamples&&this.samples.shift(),e-this.lastUpdateTime<this.throttleMs||(this.lastUpdateTime=e,this.reportProgress())}complete(){this.bytesTransferred=this.totalBytes,this.reportProgress()}getProgress(){return 0===this.totalBytes?100:Math.min(100,this.bytesTransferred/this.totalBytes*100)}calculateBytesPerSecond(){if(this.samples.length<2){const t=(Date.now()-this.startTime)/1e3;return t>0?this.bytesTransferred/t:0}const t=this.samples[0],e=this.samples[this.samples.length-1];if(!t||!e)return 0;const s=(e.time-t.time)/1e3,r=e.bytes-t.bytes;return s>0?r/s:0}estimateTimeRemaining(){const t=this.calculateBytesPerSecond();if(0===t)return 0;return(this.totalBytes-this.bytesTransferred)/t*1e3}reportProgress(){if(!this.callback)return;const t=this.getProgress(),e=this.calculateBytesPerSecond(),s=this.estimateTimeRemaining(),r=this.formatStatus(t,e,s);if(this.isEnhancedCallback(this.callback)){const a={stage:"transfer",progress:t,stageProgress:t,status:r,metadata:{bytesTransferred:this.bytesTransferred,totalBytes:this.totalBytes,bytesPerSecond:e,estimatedTimeRemaining:s}};this.callback(a)}else this.reporter.report(r,t)}formatStatus(t,e,s){const r=this.formatBytes(this.bytesTransferred),a=this.formatBytes(this.totalBytes),i=this.formatBytes(e),o=this.formatTime(s);return`Transferring ${r} / ${a} (${Math.round(t)}%) - ${i}/s - ${o} remaining`}formatBytes(t){const e=["B","KB","MB","GB","TB"];let s=t,r=0;for(;s>=1024&&r<e.length-1;)s/=1024,r++;return`${s.toFixed(1)} ${e[r]}`}formatTime(t){const e=Math.floor(t/1e3);if(e<60)return`${e}s`;const s=Math.floor(e/60);if(s<60)return`${s}m ${e%60}s`;return`${Math.floor(s/60)}h ${s%60}m`}isEnhancedCallback(t){return 1===t.length}}exports.TransferProgressTracker=TransferProgressTracker;class ShareDistributionTracker{totalShares;callback;reporter;distributedShares=new Set;constructor(t,e){this.totalShares=t,this.callback=e,this.reporter=new ux_helpers_1.ProgressReporter("function"==typeof e&&2===e.length?e:void 0)}markShareDistributed(t){this.distributedShares.add(t),this.reportProgress()}complete(){for(let t=0;t<this.totalShares;t++)this.distributedShares.add(t);this.reportProgress()}getProgress(){return 0===this.totalShares?100:this.distributedShares.size/this.totalShares*100}reportProgress(){if(!this.callback)return;const t=this.getProgress(),e=`Distributed ${this.distributedShares.size} / ${this.totalShares} shares`;if(this.isEnhancedCallback(this.callback)){const s={stage:"distribution",progress:t,stageProgress:t,status:e,metadata:{sharesDistributed:this.distributedShares.size,totalShares:this.totalShares}};this.callback(s)}else this.reporter.report(e,t)}isEnhancedCallback(t){return 1===t.length}}exports.ShareDistributionTracker=ShareDistributionTracker;class EncryptionProgressTracker{operation;totalItems;callback;reporter;itemsProcessed=0;constructor(t,e,s){this.operation=t,this.totalItems=e,this.callback=s,this.reporter=new ux_helpers_1.ProgressReporter("function"==typeof s&&2===s.length?s:void 0)}incrementProcessed(t=1){this.itemsProcessed+=t,this.reportProgress()}complete(){this.itemsProcessed=this.totalItems,this.reportProgress()}getProgress(){return 0===this.totalItems?100:Math.min(100,this.itemsProcessed/this.totalItems*100)}reportProgress(){if(!this.callback)return;const t=this.getProgress(),e=`${this.operation.charAt(0).toUpperCase()+this.operation.slice(1)}ing: ${this.itemsProcessed} / ${this.totalItems} items`;if(this.isEnhancedCallback(this.callback)){const s={stage:this.operation,progress:t,stageProgress:t,status:e,metadata:{cryptoOperation:this.operation,itemsProcessed:this.itemsProcessed,totalItems:this.totalItems}};this.callback(s)}else this.reporter.report(e,t)}isEnhancedCallback(t){return 1===t.length}}exports.EncryptionProgressTracker=EncryptionProgressTracker;