npm - @private.me/xbind - Versions diffs - 1.3.0 → 2.3.4 - Mend

@private.me/xbind 1.3.0 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (305) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -275
package/dist-standalone/_deps/shared/cjs/index.js +1 -138
package/dist-standalone/_deps/shared/cjs/types.js +1 -90
package/dist-standalone/_deps/shared/errors.js +1 -262
package/dist-standalone/_deps/shared/index.js +1 -77
package/dist-standalone/_deps/shared/types.js +1 -91
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -541
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -516
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +66 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -209
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -103
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -119
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -71
package/dist-standalone/_deps/crypto/cjs/index.js +0 -86
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -57
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -68
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -152
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -199
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -61
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -24
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -221
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -109
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -66
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -45
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -53
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -63
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -148
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -195
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -56
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -15
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -215
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/lazy-init.js CHANGED Viewed

@@ -1,295 +1 @@
-/**
- * @module lazy-init
- * Lazy agent initialization for zero-click onboarding.
- *
- * Defers invite acceptance and identity generation until first
- * send/receive call. Enables: `Agent.lazy({ name: 'my-service' })`
- * with no async/await at construction time.
- *
- * @example
- * ```ts
- * // Environment: XBIND_INVITE_CODE=XBD-abc123
- *
- * // Old way (explicit):
- * const agent = await Agent.create({ name: 'my-service', registry, transport });
- *
- * // New way (lazy):
- * const agent = Agent.lazy({ name: 'my-service' });
- * // No await, no async — agent is constructed synchronously.
- * // Invite auto-accepts on first send/receive:
- * await agent.send({ to: partnerDid, payload: data, scope: 'test' });
- * ```
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { Agent } from './agent.js';
-import { autoAcceptInvite } from './auto-accept.js';
-import { MemoryTrustRegistry } from './trust-registry.js';
-import { HttpsTransportAdapter } from './transport.js';
-import { toBase64 } from"./_deps/crypto/index.js";
-/**
- * Lazy agent error codes.
- */
-export var LazyAgentErrorCode;
-(function (LazyAgentErrorCode) {
-    LazyAgentErrorCode["INIT_FAILED"] = "LAZY_AGENT_INIT_FAILED";
-    LazyAgentErrorCode["AUTO_ACCEPT_FAILED"] = "LAZY_AGENT_AUTO_ACCEPT_FAILED";
-    LazyAgentErrorCode["AGENT_CREATION_FAILED"] = "LAZY_AGENT_AGENT_CREATION_FAILED";
-})(LazyAgentErrorCode || (LazyAgentErrorCode = {}));
-/**
- * Lazy agent wrapper.
- *
- * Proxies all Agent methods and initializes on first call.
- * Caches the initialized agent for subsequent calls.
- */
-export class LazyAgent {
-    config;
-    agent = null;
-    initPromise = null;
-    lastError = null;
-    constructor(config) {
-        this.config = config;
-    }
-    /**
-     * Get the agent's DID.
-     *
-     * Triggers initialization if not already initialized.
-     * Throws if initialization fails.
-     */
-    get did() {
-        if (!this.agent) {
-            throw new Error('Agent not initialized. Call send/receive first or await ensureInitialized().');
-        }
-        return this.agent.did;
-    }
-    /**
-     * Check if agent is ready (initialized).
-     */
-    isReady() {
-        return this.agent !== null;
-    }
-    /**
-     * Get last initialization error (if any).
-     */
-    getLastError() {
-        return this.lastError;
-    }
-    /**
-     * Ensure agent is initialized.
-     *
-     * Can be called explicitly to trigger init before first send/receive.
-     * Safe to call multiple times — subsequent calls return cached agent.
-     *
-     * @returns Agent instance or error
-     */
-    async ensureInitialized() {
-        // If already initialized, return cached agent
-        if (this.agent) {
-            return ok(this.agent);
-        }
-        // If initialization is in progress, wait for it
-        if (this.initPromise) {
-            return this.initPromise;
-        }
-        // Start initialization
-        this.initPromise = this.initialize();
-        const result = await this.initPromise;
-        // Clear promise after completion (success or failure)
-        this.initPromise = null;
-        if (result.ok) {
-            this.agent = result.value;
-            this.lastError = null;
-        }
-        else {
-            this.lastError = {
-                code: LazyAgentErrorCode.INIT_FAILED,
-                message: `Agent initialization failed: ${result.error}`,
-                cause: result.error,
-            };
-        }
-        return result;
-    }
-    /**
-     * Internal initialization logic.
-     *
-     * 1. Auto-accept invite (if XBIND_INVITE_CODE set)
-     * 2. Create agent identity
-     * 3. Configure registry and transport
-     * 4. Return initialized agent
-     */
-    async initialize() {
-        // Step 1: Attempt auto-accept if invite code is available
-        const inviteCode = this.config.inviteCode ?? this.getEnv('XBIND_INVITE_CODE');
-        let registry = this.config.registry;
-        let transport = this.config.transport;
-        const endpoint = this.config.endpoint ?? this.getEnv('XBIND_ENDPOINT') ?? '';
-        if (inviteCode) {
-            // Create temporary agent to get DID and public key for invite acceptance
-            const tempAgentResult = await Agent.create({
-                name: this.config.name,
-                registry: new MemoryTrustRegistry(),
-                transport: new HttpsTransportAdapter({ baseUrl: 'http://localhost' }), // Placeholder
-                postQuantumSig: this.config.postQuantumSig,
-                xchange: this.config.xchange,
-            });
-            if (!tempAgentResult.ok) {
-                return err(tempAgentResult.error);
-            }
-            const tempAgent = tempAgentResult.value;
-            // Export public key for invite acceptance
-            const seedsResult = await tempAgent.exportSeeds();
-            if (!seedsResult.ok) {
-                return err('IDENTITY_FAILED');
-            }
-            const publicKey = toBase64(tempAgent.identity.rawPublicKey);
-            const x25519PublicKey = tempAgent.identity.rawX25519PublicKey
-                ? toBase64(tempAgent.identity.rawX25519PublicKey)
-                : undefined;
-            // Auto-accept invite
-            const acceptResult = await autoAcceptInvite({
-                inviteCode,
-                enabled: true,
-                registry: this.config.autoAccept?.registry,
-                inviteApiUrl: this.config.autoAccept?.inviteApiUrl,
-            }, {
-                name: this.config.name,
-                did: tempAgent.did,
-                endpoint,
-                publicKey,
-                x25519PublicKey,
-            });
-            if (!acceptResult.ok) {
-                this.lastError = {
-                    code: LazyAgentErrorCode.AUTO_ACCEPT_FAILED,
-                    message: acceptResult.error.message,
-                    hint: acceptResult.error.hint,
-                    cause: acceptResult.error,
-                };
-                // Non-fatal: continue with temp agent even if auto-accept fails
-                // (registry may already be configured)
-            }
-            else {
-                // Use auto-configured registry if not provided
-                if (!registry && acceptResult.value.registryAutoconfigured) {
-                    // Registry was already configured by autoAcceptInvite
-                    registry = this.config.autoAccept?.registry ?? new MemoryTrustRegistry();
-                }
-                // Use inviter's endpoint as default transport if not provided
-                if (!transport) {
-                    transport = new HttpsTransportAdapter({
-                        baseUrl: acceptResult.value.from.endpoint,
-                    });
-                }
-            }
-            // Return temp agent as initialized agent
-            this.agent = tempAgent;
-            return ok(tempAgent);
-        }
-        // Step 2: No invite code — create agent normally
-        const defaultRegistry = registry ?? new MemoryTrustRegistry();
-        const defaultTransport = transport ?? new HttpsTransportAdapter({
-            baseUrl: endpoint || 'http://localhost',
-        });
-        const agentResult = await Agent.create({
-            name: this.config.name,
-            registry: defaultRegistry,
-            transport: defaultTransport,
-            postQuantumSig: this.config.postQuantumSig,
-            xchange: this.config.xchange,
-        });
-        if (!agentResult.ok) {
-            this.lastError = {
-                code: LazyAgentErrorCode.AGENT_CREATION_FAILED,
-                message: `Agent creation failed: ${agentResult.error}`,
-                cause: agentResult.error,
-            };
-            return agentResult;
-        }
-        this.agent = agentResult.value;
-        return ok(this.agent);
-    }
-    /**
-     * Send a message (proxied to underlying agent).
-     *
-     * Automatically initializes agent on first call.
-     */
-    async send(opts) {
-        const agentResult = await this.ensureInitialized();
-        if (!agentResult.ok) {
-            return agentResult;
-        }
-        return agentResult.value.send(opts);
-    }
-    /**
-     * Receive a message (proxied to underlying agent).
-     *
-     * Automatically initializes agent on first call.
-     */
-    async receive(envelope, opts) {
-        const agentResult = await this.ensureInitialized();
-        if (!agentResult.ok) {
-            return err(agentResult.error);
-        }
-        return agentResult.value.receive(envelope, opts);
-    }
-    /**
-     * Receive a split-channel share (proxied to underlying agent).
-     *
-     * Automatically initializes agent on first call.
-     */
-    async receiveSplitShare(envelope) {
-        const agentResult = await this.ensureInitialized();
-        if (!agentResult.ok) {
-            return err(agentResult.error);
-        }
-        return agentResult.value.receiveSplitShare(envelope);
-    }
-    /**
-     * Get environment variable value.
-     *
-     * @param key - Environment variable name
-     * @returns Environment variable value or empty string
-     */
-    getEnv(key) {
-        // SAFETY: Check for Node.js environment before accessing process
-        if (typeof process !== 'undefined' && typeof process.env !== 'undefined') {
-            return process.env[key] ?? '';
-        }
-        return '';
-    }
-    /**
-     * Export the underlying agent (for advanced use cases).
-     *
-     * Throws if agent is not initialized.
-     */
-    getAgent() {
-        if (!this.agent) {
-            throw new Error('Agent not initialized. Call send/receive first or await ensureInitialized().');
-        }
-        return this.agent;
-    }
-}
-/**
- * Create a lazy agent that initializes on first use.
- *
- * Extension method for Agent class. Adds `Agent.lazy()` factory.
- *
- * @param config - Lazy agent configuration
- * @returns Lazy agent wrapper
- *
- * @example
- * ```ts
- * // Environment: XBIND_INVITE_CODE=XBD-abc123
- *
- * const agent = createLazyAgent({ name: 'my-service' });
- *
- * // No initialization yet — happens on first send:
- * await agent.send({
- *   to: 'did:key:z6Mk...',
- *   payload: { action: 'test' },
- *   scope: 'test',
- * });
- * ```
- */
-export function createLazyAgent(config) {
-    return new LazyAgent(config);
-}
+import{ok,err}from"./_deps/shared/index.js";import{Agent}from"./agent.js";import{autoAcceptInvite}from"./auto-accept.js";import{MemoryTrustRegistry}from"./trust-registry.js";import{HttpsTransportAdapter}from"./transport.js";import{toBase64}from"./crypto-utils.js";export var LazyAgentErrorCode;!function(t){t.INIT_FAILED="LAZY_AGENT_INIT_FAILED",t.AUTO_ACCEPT_FAILED="LAZY_AGENT_AUTO_ACCEPT_FAILED",t.AGENT_CREATION_FAILED="LAZY_AGENT_AGENT_CREATION_FAILED"}(LazyAgentErrorCode||(LazyAgentErrorCode={}));export class LazyAgent{config;agent=null;initPromise=null;lastError=null;constructor(t){this.config=t}get did(){if(!this.agent)throw new Error("Agent not initialized. Call send/receive first or await ensureInitialized().");return this.agent.did}isReady(){return null!==this.agent}getLastError(){return this.lastError}async ensureInitialized(){if(this.agent)return ok(this.agent);if(this.initPromise)return this.initPromise;this.initPromise=this.initialize();const t=await this.initPromise;return this.initPromise=null,t.ok?(this.agent=t.value,this.lastError=null):this.lastError={code:LazyAgentErrorCode.INIT_FAILED,message:`Agent initialization failed: ${t.error}`,cause:t.error},t}async initialize(){const t=this.config.inviteCode??this.getEnv("XBIND_INVITE_CODE");let e=this.config.registry,r=this.config.transport;const i=this.config.endpoint??this.getEnv("XBIND_ENDPOINT")??"";if(t){const n=await Agent.create({name:this.config.name,registry:new MemoryTrustRegistry,transport:new HttpsTransportAdapter({baseUrl:"http://localhost"}),postQuantumSig:this.config.postQuantumSig,xchange:this.config.xchange});if(!n.ok)return err(n.error);const s=n.value;if(!(await s.exportSeeds()).ok)return err("IDENTITY_FAILED");const o=toBase64(s.identity.rawPublicKey),a=s.identity.rawX25519PublicKey?toBase64(s.identity.rawX25519PublicKey):void 0,c=await autoAcceptInvite({inviteCode:t,enabled:!0,registry:this.config.autoAccept?.registry,inviteApiUrl:this.config.autoAccept?.inviteApiUrl},{name:this.config.name,did:s.did,endpoint:i,publicKey:o,x25519PublicKey:a});return c.ok?(!e&&c.value.registryAutoconfigured&&(e=this.config.autoAccept?.registry??new MemoryTrustRegistry),r||(r=new HttpsTransportAdapter({baseUrl:c.value.from.endpoint}))):this.lastError={code:LazyAgentErrorCode.AUTO_ACCEPT_FAILED,message:c.error.message,hint:c.error.hint,cause:c.error},this.agent=s,ok(s)}const n=e??new MemoryTrustRegistry,s=r??new HttpsTransportAdapter({baseUrl:i||"http://localhost"}),o=await Agent.create({name:this.config.name,registry:n,transport:s,postQuantumSig:this.config.postQuantumSig,xchange:this.config.xchange});return o.ok?(this.agent=o.value,ok(this.agent)):(this.lastError={code:LazyAgentErrorCode.AGENT_CREATION_FAILED,message:`Agent creation failed: ${o.error}`,cause:o.error},o)}async send(t){const e=await this.ensureInitialized();return e.ok?e.value.send(t):e}async receive(t,e){const r=await this.ensureInitialized();return r.ok?r.value.receive(t,e):err(r.error)}async receiveSplitShare(t){const e=await this.ensureInitialized();return e.ok?e.value.receiveSplitShare(t):err(e.error)}getEnv(t){return"undefined"!=typeof process&&void 0!==process.env?process.env[t]??"":""}getAgent(){if(!this.agent)throw new Error("Agent not initialized. Call send/receive first or await ensureInitialized().");return this.agent}}export function createLazyAgent(t){return new LazyAgent(t)}

package/dist-standalone/logger.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * @module logger
+ * Structured logging for debugging with context fields and sensitive data redaction
+ *
+ * Provides structured logging with multiple log levels, context tracking,
+ * and automatic redaction of sensitive information like DIDs, keys, and tokens.
+ *
+ * Usage:
+ * ```typescript
+ * import { createLogger } from '@private.me/xbind';
+ *
+ * const logger = createLogger('agent-gateway');
+ *
+ * // Basic logging
+ * logger.info('Agent initialized', { did: 'did:key:z6Mk...' });
+ *
+ * // With context
+ * logger.debug('Processing message', {
+ *   nonce: '12345',
+ *   scope: 'billing',
+ *   encrypted: true
+ * });
+ *
+ * // Errors
+ * logger.error('Authentication failed', { code: 'AUTH_FAILED' }, error);
+ * ```
+ */
+/**
+ * Log level enumeration
+ */
+export declare enum LogLevel {
+    DEBUG = 0,
+    INFO = 1,
+    WARN = 2,
+    ERROR = 3,
+    SILENT = 4
+}
+/**
+ * Context fields for structured logging
+ */
+export interface LogContext {
+    [key: string]: unknown;
+    /** Optional trace ID for correlation */
+    traceId?: string;
+    /** Optional span ID for correlation */
+    spanId?: string;
+    /** Optional parent span ID for correlation */
+    parentSpanId?: string;
+}
+/**
+ * Logger interface for structured logging
+ */
+export interface Logger {
+    debug(message: string, context?: LogContext): void;
+    info(message: string, context?: LogContext): void;
+    warn(message: string, context?: LogContext): void;
+    error(message: string, context?: LogContext, error?: Error | unknown): void;
+    setLevel(level: LogLevel): void;
+    getLevel(): LogLevel;
+    isEnabled(level: LogLevel): boolean;
+}
+/**
+ * Create a logger instance with optional name
+ */
+export declare function createLogger(name?: string): Logger;
+/**
+ * Get or create global logger
+ */
+export declare function getGlobalLogger(): Logger;
+/**
+ * Set global logger instance
+ */
+export declare function setGlobalLogger(logger: Logger): void;
+/**
+ * Default export for convenience
+ */
+export declare const logger: Logger;

package/dist-standalone/logger.js ADDED Viewed

@@ -0,0 +1 @@

+ export var LogLevel;!function(e){e[e.DEBUG=0]="DEBUG",e[e.INFO=1]="INFO",e[e.WARN=2]="WARN",e[e.ERROR=3]="ERROR",e[e.SILENT=4]="SILENT"}(LogLevel||(LogLevel={}));const SENSITIVE_PATTERNS={did:/^did:[a-zA-Z0-9]+:/,nonce:/^[a-f0-9]{32,}$|^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/,key:/^[a-zA-Z0-9+/]{40,}={0,2}$|^[a-f0-9]{64,}$/,token:/^eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*$/,email:/^[^\s@]+@[^\s@]+\.[^\s@]+$/,phone:/^\+?[1-9]\d{9,14}$/,apiKey:/^(sk_|pk_|ak_)[a-zA-Z0-9_-]{20,}$/},SENSITIVE_FIELD_NAMES=new Set(["password","secret","apiKey","api_key","privateKey","private_key","accessToken","access_token","refreshToken","refresh_token","masterKey","master_key","encryptionKey","encryption_key","authToken","auth_token","sessionToken","session_token","jwtToken","jwt_token","did","nonce","key","token","seed","entropy"]);function isSensitive(e,t){if("string"!=typeof t)return!1;const o=e.toLowerCase();if(SENSITIVE_FIELD_NAMES.has(o))return!0;for(const[e,n]of Object.entries(SENSITIVE_PATTERNS))if(o.includes(e)&&n.test(t))return!0;return!1}function redactValue(e){if(e.length<=4)return"*".repeat(Math.max(1,e.length));const t=Math.min(4,Math.ceil(e.length/4));return e.substring(0,t)+"*".repeat(Math.max(3,e.length-t-2))+e.substring(e.length-2)}function parseContextForLogging(e){const t=[],o={};for(const[n,r]of Object.entries(e))if(null!=r)if("object"==typeof r)if(r instanceof Error)o[n]={name:r.name,message:r.message};else if(r instanceof Map||r instanceof Set)o[n]=`[${r.constructor.name}]`;else if(Array.isArray(r))o[n]=r.map(e=>"string"==typeof e&&isSensitive(n,e)?(t.push(n),redactValue(e)):e);else{const e=parseContextForLogging(r);o[n]=e.context,e.redacted.length>0&&t.push(...e.redacted.map(e=>`${n}.${e}`))}else"string"==typeof r?isSensitive(n,r)?(t.push(n),o[n]=redactValue(r)):o[n]=r:o[n]="boolean"==typeof r||"number"==typeof r?r:`[${typeof r}]`;else o[n]=r;return{redacted:t,context:o}}function formatLogEntry(e,t,o,n,r){const a={timestamp:n,level:e,message:t};return o&&Object.keys(o).length>0&&(a.context=o),r.length>0&&(a.redacted=r),JSON.stringify(a)}export function createLogger(e="default"){let t=LogLevel.INFO;const o=process.env.XAIL_LOG_LEVEL?.toUpperCase();o&&o in LogLevel&&(t=LogLevel[o]);return{debug(t,o){if(!this.isEnabled(LogLevel.DEBUG))return;const n=(new Date).toISOString(),r=o?parseContextForLogging(o):{redacted:[],context:{}},a=formatLogEntry("DEBUG",t,r.context,n,r.redacted);console.debug(`[${e}] ${a}`)},info(t,o){if(!this.isEnabled(LogLevel.INFO))return;const n=(new Date).toISOString(),r=o?parseContextForLogging(o):{redacted:[],context:{}},a=formatLogEntry("INFO",t,r.context,n,r.redacted);console.log(`[${e}] ${a}`)},warn(t,o){if(!this.isEnabled(LogLevel.WARN))return;const n=(new Date).toISOString(),r=o?parseContextForLogging(o):{redacted:[],context:{}},a=formatLogEntry("WARN",t,r.context,n,r.redacted);console.warn(`[${e}] ${a}`)},error(t,o,n){if(!this.isEnabled(LogLevel.ERROR))return;const r=(new Date).toISOString(),a=o?{...o}:{};n instanceof Error?a.error={name:n.name,message:n.message,stack:n.stack}:void 0!==n&&(a.error=n);const s=Object.keys(a).length>0?parseContextForLogging(a):{redacted:[],context:{}},g=formatLogEntry("ERROR",t,s.context,r,s.redacted);console.error(`[${e}] ${g}`)},setLevel(e){t=e},getLevel:()=>t,isEnabled:e=>e>=t}}let globalLogger=null;export function getGlobalLogger(){return globalLogger||(globalLogger=createLogger("xbind")),globalLogger}export function setGlobalLogger(e){globalLogger=e}export const logger=getGlobalLogger();

package/dist-standalone/mdns-discovery.js CHANGED Viewed

@@ -1,195 +1 @@
-/**
- * @module mdns-discovery
- * mDNS service discovery for local network device pairing.
- *
- * Service Type: _privateme._tcp.local (RFC 6763 compliant)
- * Port: 58472 (dynamic range 58000-58999)
- * TXT Record: did=z6Mk..., endpoint=http://192.168.1.5:58472, name=Desktop
- *
- * Security properties:
- * - Physical proximity required (same LAN)
- * - User confirmation on both devices
- * - Nonce-based challenge-response
- * - 60-second timeout
- * - Gold Standard compliant (GS-CONNECT requirement #26)
- */
-import Bonjour from 'bonjour-service';
-import { ok, err } from"./_deps/shared/index.js";
-/**
- * Discovery error types.
- */
-export var DiscoveryErrorCode;
-(function (DiscoveryErrorCode) {
-    DiscoveryErrorCode["NETWORK_ERROR"] = "NETWORK_ERROR";
-    DiscoveryErrorCode["TIMEOUT"] = "TIMEOUT";
-    DiscoveryErrorCode["NO_SERVICES"] = "NO_SERVICES";
-    DiscoveryErrorCode["INVALID_SERVICE"] = "INVALID_SERVICE";
-})(DiscoveryErrorCode || (DiscoveryErrorCode = {}));
-/**
- * mDNS discovery manager.
- *
- * Advertises service on local network and scans for other devices.
- * Uses bonjour-service library (RFC 6763/6762 compliant).
- */
-export class MdnsDiscoveryManager {
-    bonjour;
-    service = null;
-    serviceType = 'privateme';
-    protocol = 'tcp';
-    port = 58472;
-    constructor() {
-        this.bonjour = new Bonjour();
-    }
-    /**
-     * Advertise service on local network.
-     *
-     * Broadcasts mDNS announcement with device DID and HTTP endpoint.
-     * Other devices on the same LAN can discover this service via scan().
-     *
-     * @param name - Device name (e.g., "Desktop", "MacBook Pro")
-     * @param did - Device DID
-     * @param port - Local HTTP server port (default: 58472)
-     *
-     * @example
-     * ```typescript
-     * const manager = new MdnsDiscoveryManager();
-     * manager.advertise('Desktop', 'did:key:z6Mk...', 58472);
-     * // Service now visible to other devices on LAN
-     * ```
-     */
-    advertise(name, did, port = this.port) {
-        // Stop existing advertisement
-        if (this.service) {
-            this.service.stop?.();
-        }
-        // Publish service
-        this.service = this.bonjour.publish({
-            name,
-            type: this.serviceType,
-            protocol: this.protocol,
-            port,
-            txt: {
-                did,
-                endpoint: `http://localhost:${port}`, // Will be replaced with actual IP by Bonjour
-                name,
-            },
-        });
-    }
-    /**
-     * Scan local network for services.
-     *
-     * Discovers all Private.Me devices on the same LAN.
-     * Filters out own DID from results (can't pair with self).
-     *
-     * @param ownDid - Own device DID (to filter out)
-     * @param timeoutMs - Scan timeout in milliseconds (default: 5000ms)
-     * @returns Array of discovered services
-     *
-     * @example
-     * ```typescript
-     * const manager = new MdnsDiscoveryManager();
-     * const result = await manager.scan('did:key:z6Mk...myDid', 5000);
-     * if (result.ok) {
-     *   console.log(`Found ${result.value.length} devices`);
-     *   for (const service of result.value) {
-     *     console.log(`${service.name} - ${service.did}`);
-     *   }
-     * }
-     * ```
-     */
-    async scan(ownDid, timeoutMs = 5000) {
-        return new Promise((resolve) => {
-            const discovered = new Map();
-            let resolved = false;
-            // Browse for services
-            const browser = this.bonjour.find({
-                type: this.serviceType,
-                protocol: this.protocol,
-            });
-            // Handle service discovery
-            browser.on('up', (service) => {
-                try {
-                    // Parse TXT record
-                    const txt = service.txt;
-                    if (!txt || !txt.did || !txt.name) {
-                        return; // Invalid service - missing required fields
-                    }
-                    // Filter out own DID
-                    if (txt.did === ownDid) {
-                        return;
-                    }
-                    // Extract endpoint
-                    const endpoint = txt.endpoint || `http://${service.host || 'localhost'}:${service.port}`;
-                    // Extract addresses (filter IPv4 only)
-                    const addresses = (service.addresses || []).filter((addr) => {
-                        // Simple IPv4 check (contains dots, not colons)
-                        return addr.includes('.') && !addr.includes(':');
-                    });
-                    const info = {
-                        name: txt.name,
-                        did: txt.did,
-                        endpoint,
-                        addresses,
-                        port: service.port || this.port,
-                    };
-                    discovered.set(txt.did, info);
-                }
-                catch (error) {
-                    // Ignore invalid service
-                }
-            });
-            // Timeout after specified duration
-            const timeoutId = setTimeout(() => {
-                if (resolved)
-                    return;
-                resolved = true;
-                browser.stop();
-                if (discovered.size === 0) {
-                    resolve(err({
-                        code: DiscoveryErrorCode.NO_SERVICES,
-                        message: 'No devices found on local network',
-                        hint: 'Ensure both devices are on the same Wi-Fi network',
-                    }));
-                }
-                else {
-                    resolve(ok(Array.from(discovered.values())));
-                }
-            }, timeoutMs);
-            // Allow cleanup if promise resolves early
-            browser.on('error', (error) => {
-                if (resolved)
-                    return;
-                resolved = true;
-                clearTimeout(timeoutId);
-                browser.stop();
-                resolve(err({
-                    code: DiscoveryErrorCode.NETWORK_ERROR,
-                    message: error.message,
-                    hint: 'Check firewall settings and network connectivity',
-                }));
-            });
-        });
-    }
-    /**
-     * Stop advertising service.
-     *
-     * Removes mDNS announcement from local network.
-     * Other devices will no longer see this service.
-     */
-    stopAdvertising() {
-        if (this.service) {
-            this.service.stop?.();
-            this.service = null;
-        }
-    }
-    /**
-     * Release resources.
-     *
-     * Stops advertising and cleans up Bonjour instance.
-     * Call this when shutting down the application.
-     */
-    destroy() {
-        this.stopAdvertising();
-        this.bonjour.destroy();
-    }
-}
+import Bonjour from"bonjour-service";import{ok,err}from"./_deps/shared/index.js";export var DiscoveryErrorCode;!function(e){e.NETWORK_ERROR="NETWORK_ERROR",e.TIMEOUT="TIMEOUT",e.NO_SERVICES="NO_SERVICES",e.INVALID_SERVICE="INVALID_SERVICE"}(DiscoveryErrorCode||(DiscoveryErrorCode={}));export class MdnsDiscoveryManager{bonjour;service=null;serviceType="privateme";protocol="tcp";port=58472;constructor(){this.bonjour=new Bonjour}advertise(e,o,r=this.port){this.service&&this.service.stop?.(),this.service=this.bonjour.publish({name:e,type:this.serviceType,protocol:this.protocol,port:r,txt:{did:o,endpoint:`http://localhost:${r}`,name:e}})}async scan(e,o=5e3){return new Promise(r=>{const t=new Map;let s=!1;const i=this.bonjour.find({type:this.serviceType,protocol:this.protocol});i.on("up",o=>{try{const r=o.txt;if(!r||!r.did||!r.name)return;if(r.did===e)return;const s=r.endpoint||`http://${o.host||"localhost"}:${o.port}`,i=(o.addresses||[]).filter(e=>e.includes(".")&&!e.includes(":")),n={name:r.name,did:r.did,endpoint:s,addresses:i,port:o.port||this.port};t.set(r.did,n)}catch(e){}});const n=setTimeout(()=>{s||(s=!0,i.stop(),0===t.size?r(err({code:DiscoveryErrorCode.NO_SERVICES,message:"No devices found on local network",hint:"Ensure both devices are on the same Wi-Fi network"})):r(ok(Array.from(t.values()))))},o);i.on("error",e=>{s||(s=!0,clearTimeout(n),i.stop(),r(err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e.message,hint:"Check firewall settings and network connectivity"})))})})}stopAdvertising(){this.service&&(this.service.stop?.(),this.service=null)}destroy(){this.stopAdvertising(),this.bonjour.destroy()}}

package/dist-standalone/nonce-store.d.ts CHANGED Viewed

@@ -1,10 +1,19 @@
+/** Optional context for share-aware deduplication. */
+export interface ShareContext {
+    /** Share group identifier (e.g., for XorIDA splitting). */
+    readonly shareGroupId?: string;
+    /** Share index within the group (0-based). */
+    readonly shareIndex?: number;
+}
 /** Interface for nonce stores that prevent replay attacks. */
 export interface NonceStore {
     /**
      * Check if a nonce is fresh and record it atomically.
+     * With shareContext: allows same nonce with different shares (idempotent retries).
+     * Without shareContext: blocks any nonce reuse (pure replay protection).
      * @returns true if nonce is new (accepted), false if duplicate (rejected).
      */
-    check(nonce: string, senderDid: string): Promise<boolean>;
+    check(nonce: string, senderDid: string, shareContext?: ShareContext): Promise<boolean>;
     /** Remove expired entries. Called automatically on interval. */
     cleanup(): void;
     /** Shut down the store and clear any timers. */
@@ -20,7 +29,9 @@ export interface MemoryNonceStoreOptions {
 /**
  * In-memory nonce store for development and single-process deployments.
  *
- * Stores nonces in a Map keyed by "senderDid:nonce" with expiry timestamps.
+ * Stores nonces in a Map keyed by "senderDid:nonce:shareContext" with expiry timestamps.
+ * Supports share-aware deduplication: same nonce + different shares = allowed (idempotent retry),
+ * same nonce + same share = blocked (true replay).
  * Periodic cleanup removes expired entries to prevent unbounded growth.
  */
 export declare class MemoryNonceStore implements NonceStore {
@@ -31,7 +42,9 @@ export declare class MemoryNonceStore implements NonceStore {
     constructor(opts?: MemoryNonceStoreOptions);
     /** Start cleanup timer on first use. */
     private ensureTimer;
-    check(nonce: string, senderDid: string): Promise<boolean>;
+    /** Build composite key: senderDid:nonce:shareGroupId:shareIndex */
+    private buildKey;
+    check(nonce: string, senderDid: string, shareContext?: ShareContext): Promise<boolean>;
     cleanup(): void;
     dispose(): void;
     /** Number of active (non-expired) entries. Useful for testing. */