npm - @private.me/xbind - Versions diffs - 1.3.0 → 2.3.4 - Mend

@private.me/xbind 1.3.0 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (305) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -275
package/dist-standalone/_deps/shared/cjs/index.js +1 -138
package/dist-standalone/_deps/shared/cjs/types.js +1 -90
package/dist-standalone/_deps/shared/errors.js +1 -262
package/dist-standalone/_deps/shared/index.js +1 -77
package/dist-standalone/_deps/shared/types.js +1 -91
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -541
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -516
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +66 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -209
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -103
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -119
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -71
package/dist-standalone/_deps/crypto/cjs/index.js +0 -86
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -57
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -68
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -152
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -199
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -61
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -24
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -221
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -109
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -66
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -45
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -53
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -63
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -148
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -195
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -56
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -15
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -215
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/vault-auth.d.ts ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * @module vault-auth
+ * DID-based authentication for Vault Store API requests.
+ *
+ * Implements Ed25519 signature over canonical request representation with:
+ * - Timestamp (prevents replay attacks >5min old)
+ * - Nonce (prevents duplicate requests)
+ * - Request body hash (ensures integrity)
+ *
+ * Server verifies signature + timestamp + nonce before serving vault content.
+ */
+import type { Result } from '@private.me/shared';
+import type { AgentIdentity } from './identity.js';
+/**
+ * Signed vault request metadata.
+ */
+export interface SignedVaultRequest {
+    /** Base64-encoded Ed25519 signature */
+    signature: string;
+    /** Request timestamp (Unix milliseconds) */
+    timestamp: number;
+    /** Unique nonce (UUID v4) */
+    nonce: string;
+}
+/**
+ * Sign a vault store API request with agent's DID identity.
+ *
+ * Creates canonical request representation:
+ * ```
+ * {method}\n{endpoint}\n{timestamp}\n{nonce}\n{bodyHash}
+ * ```
+ *
+ * Server verifies:
+ * 1. Signature matches DID public key
+ * 2. Timestamp within ±5min (prevents replay)
+ * 3. Nonce not seen before (prevents duplicate)
+ * 4. Body hash matches (ensures integrity)
+ *
+ * @param identity - Agent identity (contains signing key)
+ * @param endpoint - API endpoint (e.g., "/api/vault-store/crypto")
+ * @param body - Request body (JSON-serializable)
+ * @returns Signed request metadata or error
+ *
+ * @example
+ * ```typescript
+ * const sigResult = await signVaultRequest(agent.identity, '/api/vault-store/crypto', {
+ *   requestedVersion: 'latest',
+ *   clientVersion: '1.5.0',
+ * });
+ *
+ * if (!sigResult.ok) {
+ *   throw new Error('Failed to sign vault request');
+ * }
+ *
+ * const { signature, timestamp, nonce } = sigResult.value;
+ *
+ * const response = await fetch('https://private.me/api/vault-store/crypto', {
+ *   method: 'POST',
+ *   headers: {
+ *     'X-DID': agent.did,
+ *     'X-Signature': signature,
+ *     'X-Timestamp': timestamp.toString(),
+ *     'X-Nonce': nonce,
+ *   },
+ *   body: JSON.stringify(body),
+ * });
+ * ```
+ */
+export declare function signVaultRequest(identity: AgentIdentity, endpoint: string, body: unknown): Promise<Result<SignedVaultRequest, 'SIGN_FAILED'>>;
+/**
+ * Verify vault request signature (server-side only).
+ *
+ * Validates:
+ * 1. Signature matches DID public key
+ * 2. Timestamp within ±5min window
+ * 3. Body hash matches
+ *
+ * Note: Nonce verification requires server-side nonce store (not implemented here).
+ *
+ * @param did - Sender DID
+ * @param publicKeyBytes - Ed25519 public key (32 bytes)
+ * @param endpoint - API endpoint
+ * @param body - Request body (JSON string)
+ * @param signature - Base64-encoded signature
+ * @param timestamp - Request timestamp (Unix ms)
+ * @param nonce - Request nonce
+ * @returns True if signature is valid
+ *
+ * @internal Server-side verification only
+ */
+export declare function verifyVaultRequest(did: string, publicKeyBytes: Uint8Array, endpoint: string, body: string, signature: string, timestamp: number, nonce: string): Promise<boolean>;

package/dist-standalone/vault-auth.js ADDED Viewed

@@ -0,0 +1 @@

+ import{ok,err}from"./_deps/shared/index.js";import{toBase64}from"./crypto-utils.js";export async function signVaultRequest(t,e,n){const r=Date.now(),a=generateNonce(),o=JSON.stringify(n),c=`POST\n${e}\n${r}\n${a}\n${await hashString(o)}`;let i;try{const e=(new TextEncoder).encode(c);i=await crypto.subtle.sign({name:"Ed25519"},t.privateKey,e)}catch{return err("SIGN_FAILED")}return ok({signature:toBase64(new Uint8Array(i)),timestamp:r,nonce:a})}function generateNonce(){if("undefined"!=typeof crypto&&crypto.randomUUID)return crypto.randomUUID();const t=new Uint8Array(16);crypto.getRandomValues(t),t[6]=15&t[6]|64,t[8]=63&t[8]|128;const e=Array.from(t).map(t=>t.toString(16).padStart(2,"0")).join("");return[e.slice(0,8),e.slice(8,12),e.slice(12,16),e.slice(16,20),e.slice(20,32)].join("-")}async function hashString(t){const e=(new TextEncoder).encode(t),n=await crypto.subtle.digest("SHA-256",e);return toBase64(new Uint8Array(n))}export async function verifyVaultRequest(t,e,n,r,a,o,c){const i=Date.now();if(Math.abs(i-o)>3e5)return!1;const s=`POST\n${n}\n${o}\n${c}\n${await hashString(r)}`;let y;try{const t=new ArrayBuffer(e.byteLength);new Uint8Array(t).set(e),y=await crypto.subtle.importKey("raw",t,{name:"Ed25519"},!1,["verify"])}catch{return!1}try{const t=(new TextEncoder).encode(s),e=Uint8Array.from(atob(a),t=>t.charCodeAt(0));return await crypto.subtle.verify({name:"Ed25519"},y,e,t)}catch{return!1}}

package/dist-standalone/vault-store-loader.d.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * @module vault-store-loader
+ * Runtime loader for payment-gated crypto packages (Full Control IP protection).
+ *
+ * Fetches XorIDA algorithm from EC2 Vault Store with:
+ * - DID-based authentication (Ed25519 signatures)
+ * - Usage quota verification (Free: 100K/month, Pro: unlimited)
+ * - Memory caching (7-day TTL, session-only)
+ * - Automatic re-fetch on expiration
+ *
+ * Security: Crypto package NEVER bundled in npm. Always fetched at runtime
+ * with payment gate enforcement. Share 2 (Vault Store) completes algorithm.
+ */
+import type { Result } from '@private.me/shared';
+import type { AgentIdentity } from './identity.js';
+/**
+ * Crypto package interface (XorIDA algorithm exports).
+ * Dynamically loaded from Vault Store, NOT bundled in npm.
+ *
+ * Matches @private.me/crypto package signatures.
+ */
+export interface CryptoPackage {
+    /** Split data into shares using XorIDA threshold secret sharing */
+    splitXorIDA: (data: Uint8Array, totalShares: number, requiredShares: number) => Uint8Array[];
+    /** Reconstruct data from threshold shares */
+    reconstructXorIDA: (shares: Uint8Array[], indices: number[], requiredShares: number, totalShares: number) => Uint8Array;
+    /** Generate next odd prime >= n (for field selection) */
+    nextOddPrime: (n: number) => number;
+    /** PKCS7 padding */
+    pkcs7Pad: (data: Uint8Array, blockSize: number) => Uint8Array;
+    /** PKCS7 unpadding - returns Result type */
+    pkcs7Unpad: (data: Uint8Array, blockSize: number) => {
+        ok: true;
+        value: Uint8Array;
+    } | {
+        ok: false;
+        error: unknown;
+    };
+    /** Generate HMAC-SHA256 - generates random key and signs data */
+    generateHMAC: (data: Uint8Array) => Promise<{
+        key: Uint8Array;
+        signature: Uint8Array;
+    }>;
+    /** Verify HMAC-SHA256 */
+    verifyHMAC: (key: Uint8Array, data: Uint8Array, expectedHmac: Uint8Array) => Promise<boolean>;
+}
+/**
+ * Error codes for vault store operations.
+ */
+export type VaultStoreError = 'VAULT_FETCH_FAILED' | 'VAULT_AUTH_FAILED' | 'VAULT_QUOTA_EXCEEDED' | 'VAULT_PAYMENT_REQUIRED' | 'VAULT_LOAD_FAILED' | 'VAULT_INVALID_RESPONSE';
+/**
+ * Load crypto package from Vault Store with authentication and caching.
+ *
+ * Flow:
+ * 1. Check cache (if valid, return cached)
+ * 2. Sign vault request with DID
+ * 3. POST to /api/vault-store/crypto
+ * 4. Server verifies: signature + quota + payment
+ * 5. Receive crypto bundle + share2
+ * 6. Evaluate bundle (dynamic import)
+ * 7. Cache for 7 days
+ *
+ * @param identity - Agent identity (for DID signature)
+ * @returns Crypto package exports or error
+ *
+ * @example
+ * ```typescript
+ * const cryptoResult = await loadCryptoPackage(agent.identity);
+ * if (!cryptoResult.ok) {
+ *   if (cryptoResult.error === 'VAULT_QUOTA_EXCEEDED') {
+ *     console.error('Free tier quota exceeded. Upgrade to Pro for unlimited access.');
+ *   }
+ *   throw new Error(cryptoResult.error);
+ * }
+ * const { splitXorIDA, reconstructXorIDA } = cryptoResult.value;
+ * ```
+ */
+export declare function loadCryptoPackage(identity: AgentIdentity): Promise<Result<CryptoPackage, VaultStoreError>>;
+/**
+ * Get cached crypto package without fetching.
+ *
+ * Returns null if cache is empty or expired.
+ * Use loadCryptoPackage() to fetch and cache.
+ *
+ * @returns Cached crypto package or null
+ */
+export declare function getCrypto(): CryptoPackage | null;
+/**
+ * Check if crypto package is loaded and valid.
+ *
+ * @returns True if crypto is cached and not expired
+ */
+export declare function isCryptoLoaded(): boolean;
+/**
+ * Clear crypto cache (force re-fetch on next load).
+ *
+ * Useful for testing or forcing quota re-verification.
+ */
+export declare function clearCryptoCache(): void;
+/**
+ * Get cache status (for debugging).
+ *
+ * @returns Cache metadata or null if empty
+ */
+export declare function getCacheStatus(): {
+    loaded: boolean;
+    version?: string;
+    expiresAt?: number;
+    ttlRemaining?: number;
+};

package/dist-standalone/vault-store-loader.js ADDED Viewed

@@ -0,0 +1 @@

+ import{ok,err}from"./_deps/shared/index.js";import{signVaultRequest}from"./vault-auth.js";const VAULT_STORE_URL=process.env.VAULT_STORE_URL||"https://private.me/api/vault-store",CACHE_TTL_MS=6048e5;let cryptoCache=null;export async function loadCryptoPackage(identity){if(cryptoCache&&Date.now()<cryptoCache.expiresAt)return ok(cryptoCache.module);const signatureResult=await signVaultRequest(identity,"/api/vault-store/crypto",{requestedVersion:"latest",clientVersion:"1.5.0"});if(!signatureResult.ok)return err("VAULT_AUTH_FAILED");const{signature:signature,timestamp:timestamp,nonce:nonce}=signatureResult.value;let response,vaultData,cryptoModule;try{response=await fetch(`${VAULT_STORE_URL}/crypto`,{method:"POST",headers:{"Content-Type":"application/json","X-DID":identity.did,"X-Signature":signature,"X-Timestamp":timestamp.toString(),"X-Nonce":nonce},body:JSON.stringify({requestedVersion:"latest",clientVersion:"1.5.0"})})}catch(t){return err("VAULT_FETCH_FAILED")}if(!response.ok)return 402===response.status?err("VAULT_QUOTA_EXCEEDED"):401===response.status||403===response.status?err("VAULT_AUTH_FAILED"):451===response.status?err("VAULT_PAYMENT_REQUIRED"):err("VAULT_FETCH_FAILED");try{vaultData=await response.json()}catch{return err("VAULT_INVALID_RESPONSE")}if(!vaultData.cryptoBundle||!vaultData.version)return err("VAULT_INVALID_RESPONSE");try{const bundleCode=atob(vaultData.cryptoBundle),moduleExports=eval(`(function() {\n const exports = {};\n ${bundleCode}\n return exports;\n })()`);if(cryptoModule=moduleExports,"function"!=typeof cryptoModule.splitXorIDA||"function"!=typeof cryptoModule.reconstructXorIDA)return err("VAULT_LOAD_FAILED")}catch{return err("VAULT_LOAD_FAILED")}const ttlMs=vaultData.cacheTtl?1e3*vaultData.cacheTtl:CACHE_TTL_MS;return cryptoCache={module:cryptoModule,expiresAt:Date.now()+ttlMs,version:vaultData.version},ok(cryptoModule)}export function getCrypto(){return cryptoCache&&Date.now()<cryptoCache.expiresAt?cryptoCache.module:null}export function isCryptoLoaded(){return null!==cryptoCache&&Date.now()<cryptoCache.expiresAt}export function clearCryptoCache(){cryptoCache=null}export function getCacheStatus(){if(!cryptoCache)return{loaded:!1};const t=Date.now();return{loaded:t<cryptoCache.expiresAt,version:cryptoCache.version,expiresAt:cryptoCache.expiresAt,ttlRemaining:Math.max(0,cryptoCache.expiresAt-t)}}

package/dist-standalone/verify.js CHANGED Viewed

@@ -1,16 +1 @@
-/**
- * @module verify
- * Lightweight sub-path export for verification-only use cases.
- *
- * Import as `@private.me/xbind/verify` for tree-shaking on edge/serverless:
- * ```ts
- * import { verify, importPublicKey, validateEnvelope } from '@private.me/xbind/verify';
- * ```
- *
- * This module re-exports only the functions needed to verify signatures
- * and validate envelopes — no key generation, no encryption, no transport.
- */
-// Identity — verify + key import only
-export { verify, importPublicKey, didToPublicKeyBytes } from './identity.js';
-// Envelope — validation + signed envelope verification
-export { validateEnvelope, deserializeEnvelope, openSignedEnvelope, } from './envelope.js';
+export{verify,importPublicKey,didToPublicKeyBytes}from"./identity.js";export{validateEnvelope,deserializeEnvelope,openSignedEnvelope}from"./envelope.js";

package/dist-standalone/version-info.d.ts ADDED Viewed

@@ -0,0 +1,259 @@
+/**
+ * @module version-info
+ * Runtime SDK version information and capability detection
+ *
+ * Provides version metadata, feature flags, deprecation warnings,
+ * and compatibility checks for the xBind SDK.
+ *
+ * Usage:
+ * ```typescript
+ * import { getVersion, hasCapability, checkCompatibility } from '@private.me/xbind';
+ *
+ * // Get version information
+ * const version = getVersion();
+ * console.log(version.semver); // "1.4.0"
+ * console.log(version.features); // ["envelope-v4", "ml-kem-768", ...]
+ *
+ * // Check capabilities
+ * if (hasCapability('envelope-v4')) {
+ *   // Use v4 envelopes
+ * }
+ *
+ * // Compatibility check
+ * const compat = checkCompatibility('1.0.0');
+ * if (!compat.compatible) {
+ *   console.warn(compat.message);
+ * }
+ * ```
+ */
+/**
+ * SDK version information
+ */
+export interface VersionInfo {
+    /** Semantic version (e.g., "1.4.0") */
+    semver: string;
+    /** Major version number */
+    major: number;
+    /** Minor version number */
+    minor: number;
+    /** Patch version number */
+    patch: number;
+    /** Pre-release tag (e.g., "alpha", "beta", "rc.1") */
+    prerelease?: string;
+    /** Build metadata (e.g., git commit hash) */
+    build?: string;
+    /** SDK capabilities and features */
+    features: string[];
+    /** Deprecated features with migration paths */
+    deprecated: DeprecatedFeature[];
+    /** Build timestamp (ISO 8601) */
+    buildDate: string;
+    /** Node.js version used for build */
+    nodeVersion?: string;
+}
+/**
+ * Deprecated feature information
+ */
+export interface DeprecatedFeature {
+    /** Feature name */
+    name: string;
+    /** Version when deprecated */
+    since: string;
+    /** Version when removed (if scheduled) */
+    removedIn?: string;
+    /** Migration instructions */
+    migration: string;
+    /** Documentation URL */
+    docs?: string;
+}
+/**
+ * Compatibility check result
+ */
+export interface CompatibilityResult {
+    /** True if versions are compatible */
+    compatible: boolean;
+    /** Human-readable message */
+    message: string;
+    /** Severity level */
+    severity: 'info' | 'warning' | 'error';
+    /** Required version range */
+    required?: string;
+    /** Actual version */
+    actual?: string;
+}
+/**
+ * Feature capability flags
+ */
+export declare enum Capability {
+    /** Transport Envelope v1 support */
+    ENVELOPE_V1 = "envelope-v1",
+    /** Transport Envelope v2 support (split-channel) */
+    ENVELOPE_V2 = "envelope-v2",
+    /** Transport Envelope v3 support (hybrid PQ) */
+    ENVELOPE_V3 = "envelope-v3",
+    /** Transport Envelope v4 support (ML-DSA signatures) */
+    ENVELOPE_V4 = "envelope-v4",
+    /** ML-KEM-768 post-quantum KEM */
+    ML_KEM_768 = "ml-kem-768",
+    /** ML-DSA-65 post-quantum signatures */
+    ML_DSA_65 = "ml-dsa-65",
+    /** X25519 ECDH key agreement */
+    X25519_ECDH = "x25519-ecdh",
+    /** Ed25519 signatures */
+    ED25519_SIG = "ed25519-sig",
+    /** XorIDA threshold sharing */
+    XORIDA = "xorida",
+    /** Split-channel transport */
+    SPLIT_CHANNEL = "split-channel",
+    /** Trust registry support */
+    TRUST_REGISTRY = "trust-registry",
+    /** Service discovery (mDNS) */
+    SERVICE_DISCOVERY = "service-discovery",
+    /** Invite system (viral growth) */
+    INVITE_SYSTEM = "invite-system",
+    /** Agent.call() API */
+    AGENT_CALL = "agent-call",
+    /** xFetch auto-upgrade */
+    XFETCH = "xfetch",
+    /** Dual-mode adapter (xBind + API key fallback) */
+    DUAL_MODE = "dual-mode",
+    /** Encrypted backup/restore */
+    BACKUP_RESTORE = "backup-restore",
+    /** Correlation ID tracing */
+    CORRELATION_ID = "correlation-id",
+    /** Structured logging */
+    STRUCTURED_LOGGING = "structured-logging",
+    /** DID succession */
+    DID_SUCCESSION = "did-succession",
+    /** Gateway connection state */
+    GATEWAY_STATE = "gateway-state",
+    /** Subscription proofs (portability) */
+    SUBSCRIPTION_PROOF = "subscription-proof",
+    /** Policy engine (constraints) */
+    POLICY_ENGINE = "policy-engine",
+    /** Approval flow (consent) */
+    APPROVAL_FLOW = "approval-flow",
+    /** Guardrails (error suggestions) */
+    GUARDRAILS = "guardrails",
+    /** HTTP client compatibility (axios, got) */
+    HTTP_COMPAT = "http-compat",
+    /** did:web resolver */
+    DID_WEB = "did-web",
+    /** did:privateme method */
+    DID_PRIVATEME = "did:privateme",
+    /** Redis nonce store */
+    REDIS_NONCE = "redis-nonce",
+    /** Retry transport */
+    RETRY_TRANSPORT = "retry-transport"
+}
+/**
+ * Get SDK version information
+ *
+ * Returns complete version metadata including semver, capabilities,
+ * deprecated features, and build information.
+ *
+ * @returns Version information object
+ *
+ * @example
+ * ```typescript
+ * const version = getVersion();
+ * console.log(`xBind v${version.semver}`);
+ * console.log(`Features: ${version.features.join(', ')}`);
+ * ```
+ */
+export declare function getVersion(): Readonly<VersionInfo>;
+/**
+ * Check if SDK supports a specific capability
+ *
+ * @param capability - Capability name to check
+ * @returns True if capability is supported
+ *
+ * @example
+ * ```typescript
+ * if (hasCapability('envelope-v4')) {
+ *   // Use ML-DSA signatures
+ * }
+ * ```
+ */
+export declare function hasCapability(capability: string | Capability): boolean;
+/**
+ * Get all supported capabilities
+ *
+ * @returns Array of capability names
+ */
+export declare function getCapabilities(): readonly string[];
+/**
+ * Check if a feature is deprecated
+ *
+ * @param feature - Feature name to check
+ * @returns Deprecation info if deprecated, undefined otherwise
+ */
+export declare function getDeprecationInfo(feature: string): DeprecatedFeature | undefined;
+export declare function warnIfDeprecated(feature: string): void;
+/**
+ * Parse semantic version string
+ *
+ * @param version - Version string (e.g., "1.3.5-beta.1+abc123")
+ * @returns Parsed version components
+ */
+export declare function parseVersion(version: string): {
+    major: number;
+    minor: number;
+    patch: number;
+    prerelease?: string;
+    build?: string;
+};
+/**
+ * Compare two semantic versions
+ *
+ * @param a - First version
+ * @param b - Second version
+ * @returns -1 if a < b, 0 if a == b, 1 if a > b
+ */
+export declare function compareVersions(a: string, b: string): -1 | 0 | 1;
+/**
+ * Check version compatibility
+ *
+ * Determines if the current SDK version is compatible with a
+ * required version constraint. Follows semantic versioning rules:
+ * - Breaking changes increment major version
+ * - Minor/patch updates are backward compatible
+ *
+ * @param requiredVersion - Required version or range (e.g., "1.0.0", "^1.2.0")
+ * @returns Compatibility result with message
+ *
+ * @example
+ * ```typescript
+ * const compat = checkCompatibility('1.0.0');
+ * if (!compat.compatible) {
+ *   throw new Error(compat.message);
+ * }
+ * ```
+ */
+export declare function checkCompatibility(requiredVersion: string): CompatibilityResult;
+/**
+ * Get recommended SDK version for a feature
+ *
+ * Returns the minimum SDK version required to use a specific feature.
+ *
+ * @param feature - Feature or capability name
+ * @returns Minimum version string, or undefined if feature is unknown
+ */
+export declare function getMinimumVersionFor(feature: string): string | undefined;
+/**
+ * Assert minimum SDK version
+ *
+ * Throws an error if the current SDK version does not meet the
+ * minimum required version.
+ *
+ * @param minVersion - Minimum required version
+ * @param context - Optional context message
+ * @throws Error if version is too old
+ *
+ * @example
+ * ```typescript
+ * assertMinimumVersion('1.2.0', 'ML-KEM-768 support');
+ * // Throws if SDK < 1.2.0
+ * ```
+ */
+export declare function assertMinimumVersion(minVersion: string, context?: string): void;

package/dist-standalone/version-info.js ADDED Viewed

@@ -0,0 +1 @@

+ import{createLogger}from"./logger.js";const logger=createLogger("version-info");export var Capability;!function(e){e.ENVELOPE_V1="envelope-v1",e.ENVELOPE_V2="envelope-v2",e.ENVELOPE_V3="envelope-v3",e.ENVELOPE_V4="envelope-v4",e.ML_KEM_768="ml-kem-768",e.ML_DSA_65="ml-dsa-65",e.X25519_ECDH="x25519-ecdh",e.ED25519_SIG="ed25519-sig",e.XORIDA="xorida",e.SPLIT_CHANNEL="split-channel",e.TRUST_REGISTRY="trust-registry",e.SERVICE_DISCOVERY="service-discovery",e.INVITE_SYSTEM="invite-system",e.AGENT_CALL="agent-call",e.XFETCH="xfetch",e.DUAL_MODE="dual-mode",e.BACKUP_RESTORE="backup-restore",e.CORRELATION_ID="correlation-id",e.STRUCTURED_LOGGING="structured-logging",e.DID_SUCCESSION="did-succession",e.GATEWAY_STATE="gateway-state",e.SUBSCRIPTION_PROOF="subscription-proof",e.POLICY_ENGINE="policy-engine",e.APPROVAL_FLOW="approval-flow",e.GUARDRAILS="guardrails",e.HTTP_COMPAT="http-compat",e.DID_WEB="did-web",e.DID_PRIVATEME="did:privateme",e.REDIS_NONCE="redis-nonce",e.RETRY_TRANSPORT="retry-transport"}(Capability||(Capability={}));const VERSION_METADATA={semver:"2.3.4",major:1,minor:4,patch:2,prerelease:void 0,build:void 0,features:[Capability.ENVELOPE_V1,Capability.ENVELOPE_V2,Capability.ENVELOPE_V3,Capability.ENVELOPE_V4,Capability.ML_KEM_768,Capability.ML_DSA_65,Capability.X25519_ECDH,Capability.ED25519_SIG,Capability.XORIDA,Capability.SPLIT_CHANNEL,Capability.TRUST_REGISTRY,Capability.SERVICE_DISCOVERY,Capability.INVITE_SYSTEM,Capability.AGENT_CALL,Capability.XFETCH,Capability.DUAL_MODE,Capability.BACKUP_RESTORE,Capability.CORRELATION_ID,Capability.STRUCTURED_LOGGING,Capability.DID_SUCCESSION,Capability.GATEWAY_STATE,Capability.SUBSCRIPTION_PROOF,Capability.POLICY_ENGINE,Capability.APPROVAL_FLOW,Capability.GUARDRAILS,Capability.HTTP_COMPAT,Capability.DID_WEB,Capability.DID_PRIVATEME,Capability.REDIS_NONCE,Capability.RETRY_TRANSPORT],deprecated:[{name:"envelope-v1",since:"1.2.0",removedIn:"2.0.0",migration:"Use createEnvelopeV2() or higher for split-channel support",docs:"https://private.me/docs/xbind/migration-v2"}],buildDate:(new Date).toISOString(),nodeVersion:process.version};export function getVersion(){return Object.freeze({...VERSION_METADATA})}export function hasCapability(e){return VERSION_METADATA.features.includes(e)}export function getCapabilities(){return Object.freeze([...VERSION_METADATA.features])}export function getDeprecationInfo(e){return VERSION_METADATA.deprecated.find(i=>i.name===e)}const warnedFeatures=new Set;export function warnIfDeprecated(e){if(warnedFeatures.has(e))return;const i=getDeprecationInfo(e);if(!i)return;warnedFeatures.add(e);const r=[`Feature "${e}" is deprecated since v${i.since}`,i.removedIn?`and will be removed in v${i.removedIn}.`:".",i.migration].join(" ");logger.warn(r,{feature:e,deprecatedSince:i.since,removedIn:i.removedIn,docs:i.docs}),"undefined"!=typeof console&&console.warn&&(console.warn(`[xBind] ${r}`),i.docs&&console.warn(`[xBind] See: ${i.docs}`))}export function parseVersion(e){const i=e.match(/^(\d+)\.(\d+)\.(\d+)(?:-([a-zA-Z0-9.-]+))?(?:\+([a-zA-Z0-9.-]+))?$/);if(!(i&&i[1]&&i[2]&&i[3]))throw new Error(`Invalid semantic version: ${e}`);return{major:parseInt(i[1],10),minor:parseInt(i[2],10),patch:parseInt(i[3],10),prerelease:i[4]||void 0,build:i[5]||void 0}}export function compareVersions(e,i){const r=parseVersion(e),a=parseVersion(i);if(r.major<a.major)return-1;if(r.major>a.major)return 1;if(r.minor<a.minor)return-1;if(r.minor>a.minor)return 1;if(r.patch<a.patch)return-1;if(r.patch>a.patch)return 1;if(r.prerelease&&!a.prerelease)return-1;if(!r.prerelease&&a.prerelease)return 1;if(r.prerelease&&a.prerelease){if(r.prerelease<a.prerelease)return-1;if(r.prerelease>a.prerelease)return 1}return 0}export function checkCompatibility(e){const i=VERSION_METADATA.semver;if(e.startsWith("^")){const r=e.slice(1),a=parseVersion(r);return parseVersion(i).major!==a.major?{compatible:!1,message:`Incompatible major version. Required: ^${r}, Current: ${i}`,severity:"error",required:e,actual:i}:compareVersions(i,r)<0?{compatible:!1,message:`SDK version too old. Required: ^${r}, Current: ${i}`,severity:"error",required:e,actual:i}:{compatible:!0,message:`Compatible (${i} satisfies ^${r})`,severity:"info",required:e,actual:i}}if(e.startsWith("~")){const r=e.slice(1),a=parseVersion(r),t=parseVersion(i);return t.major!==a.major||t.minor!==a.minor?{compatible:!1,message:`Incompatible version. Required: ~${r}, Current: ${i}`,severity:"error",required:e,actual:i}:compareVersions(i,r)<0?{compatible:!1,message:`SDK version too old. Required: ~${r}, Current: ${i}`,severity:"error",required:e,actual:i}:{compatible:!0,message:`Compatible (${i} satisfies ~${r})`,severity:"info",required:e,actual:i}}let r,a,t;try{r=compareVersions(i,e)}catch(r){return{compatible:!1,message:`Invalid version format: ${e}`,severity:"error",required:e,actual:i}}if(0===r)return{compatible:!0,message:`Exact version match (${i})`,severity:"info",required:e,actual:i};if(r<0)return{compatible:!1,message:`SDK version too old. Required: ${e}, Current: ${i}`,severity:"error",required:e,actual:i};try{a=parseVersion(e),t=parseVersion(i)}catch(r){return{compatible:!0,message:`Compatible (${i} is newer than ${e})`,severity:"info",required:e,actual:i}}return t.major>a.major?{compatible:!1,message:`Breaking changes in SDK. Required: ${e}, Current: ${i}`,severity:"warning",required:e,actual:i}:{compatible:!0,message:`Compatible (${i} is newer than ${e})`,severity:"info",required:e,actual:i}}export function getMinimumVersionFor(e){return{[Capability.ENVELOPE_V1]:"1.0.0",[Capability.ENVELOPE_V2]:"1.1.0",[Capability.ENVELOPE_V3]:"1.2.0",[Capability.ENVELOPE_V4]:"1.3.0",[Capability.ML_KEM_768]:"1.2.0",[Capability.ML_DSA_65]:"1.3.0",[Capability.X25519_ECDH]:"1.0.0",[Capability.ED25519_SIG]:"1.0.0",[Capability.XORIDA]:"1.0.0",[Capability.SPLIT_CHANNEL]:"1.1.0",[Capability.TRUST_REGISTRY]:"1.0.0",[Capability.SERVICE_DISCOVERY]:"1.1.0",[Capability.INVITE_SYSTEM]:"1.1.0",[Capability.AGENT_CALL]:"1.0.0",[Capability.XFETCH]:"1.2.0",[Capability.DUAL_MODE]:"1.2.0",[Capability.BACKUP_RESTORE]:"1.3.0",[Capability.CORRELATION_ID]:"1.3.0",[Capability.STRUCTURED_LOGGING]:"1.3.0",[Capability.DID_SUCCESSION]:"1.2.0",[Capability.GATEWAY_STATE]:"1.2.0",[Capability.SUBSCRIPTION_PROOF]:"1.2.0",[Capability.POLICY_ENGINE]:"1.1.0",[Capability.APPROVAL_FLOW]:"1.1.0",[Capability.GUARDRAILS]:"1.2.0",[Capability.HTTP_COMPAT]:"1.2.0",[Capability.DID_WEB]:"1.1.0",[Capability.DID_PRIVATEME]:"1.2.0",[Capability.REDIS_NONCE]:"1.1.0",[Capability.RETRY_TRANSPORT]:"1.1.0"}[e]}export function assertMinimumVersion(e,i){const r=checkCompatibility(e);if(!r.compatible&&"error"===r.severity){const a=i?`${i} requires xBind >= ${e} (current: ${VERSION_METADATA.semver})`:r.message;throw new Error(a)}}