npm - @private.me/xbind - Versions diffs - 1.3.0 → 2.3.4 - Mend

@private.me/xbind 1.3.0 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (305) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -275
package/dist-standalone/_deps/shared/cjs/index.js +1 -138
package/dist-standalone/_deps/shared/cjs/types.js +1 -90
package/dist-standalone/_deps/shared/errors.js +1 -262
package/dist-standalone/_deps/shared/index.js +1 -77
package/dist-standalone/_deps/shared/types.js +1 -91
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -541
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -516
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +66 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -209
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -103
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -119
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -71
package/dist-standalone/_deps/crypto/cjs/index.js +0 -86
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -57
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -68
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -152
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -199
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -61
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -24
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -221
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -109
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -66
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -45
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -53
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -63
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -148
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -195
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -56
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -15
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -215
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/_deps/crypto/hmac.d.ts DELETED Viewed

@@ -1,39 +0,0 @@
-/**
- * HMAC-SHA256 integrity verification using Web Crypto API.
- *
- * Provides message-level integrity for the XorIDA pipeline.
- * The HMAC is computed over the padded payload (after TLV serialization + PKCS#7 padding)
- * and verified after reconstruction, before unpadding.
- *
- * Uses crypto.subtle for constant-time verification (no manual byte comparison).
- */
-/**
- * Generate a fresh random HMAC key and sign data with HMAC-SHA256.
- *
- * @param data - Bytes to sign (the padded payload)
- * @returns Object containing the raw key bytes and the 32-byte signature
- */
-export declare function generateHMAC(data: Uint8Array): Promise<{
-    key: Uint8Array;
-    signature: Uint8Array;
-}>;
-/**
- * Verify an HMAC-SHA256 signature using constant-time comparison.
- *
- * Uses crypto.subtle.verify() which is constant-time by specification.
- * NEVER manually compare HMAC bytes (timing attack risk).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Data that was signed
- * @param signature - Expected HMAC-SHA256 signature (32 bytes)
- * @returns true if signature is valid, false otherwise
- */
-export declare function verifyHMAC(key: Uint8Array, data: Uint8Array, signature: Uint8Array): Promise<boolean>;
-/**
- * Sign data with a provided HMAC key (for cases where the key is already known).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Bytes to sign
- * @returns 32-byte HMAC-SHA256 signature
- */
-export declare function signHMAC(key: Uint8Array, data: Uint8Array): Promise<Uint8Array>;

package/dist-standalone/_deps/crypto/hmac.js DELETED Viewed

@@ -1,66 +0,0 @@
-/**
- * HMAC-SHA256 integrity verification using Web Crypto API.
- *
- * Provides message-level integrity for the XorIDA pipeline.
- * The HMAC is computed over the padded payload (after TLV serialization + PKCS#7 padding)
- * and verified after reconstruction, before unpadding.
- *
- * Uses crypto.subtle for constant-time verification (no manual byte comparison).
- */
-/** HMAC key length in bytes. */
-const HMAC_KEY_LENGTH = 32;
-/** HMAC algorithm config. */
-const HMAC_ALGO = { name: 'HMAC', hash: 'SHA-256' };
-/** Copy a Uint8Array into a fresh ArrayBuffer (avoids SharedArrayBuffer type issues). */
-function toArrayBuffer(data) {
-    const buf = new ArrayBuffer(data.byteLength);
-    new Uint8Array(buf).set(data);
-    return buf;
-}
-/**
- * Import a raw key buffer for HMAC operations.
- * Copies to a fresh ArrayBuffer to satisfy Web Crypto API typing.
- */
-async function importKey(keyBytes, usage) {
-    return crypto.subtle.importKey('raw', toArrayBuffer(keyBytes), HMAC_ALGO, false, [usage]);
-}
-/**
- * Generate a fresh random HMAC key and sign data with HMAC-SHA256.
- *
- * @param data - Bytes to sign (the padded payload)
- * @returns Object containing the raw key bytes and the 32-byte signature
- */
-export async function generateHMAC(data) {
-    const keyBytes = new Uint8Array(HMAC_KEY_LENGTH);
-    crypto.getRandomValues(keyBytes);
-    const cryptoKey = await importKey(keyBytes, 'sign');
-    const sig = await crypto.subtle.sign('HMAC', cryptoKey, toArrayBuffer(data));
-    return { key: keyBytes, signature: new Uint8Array(sig) };
-}
-/**
- * Verify an HMAC-SHA256 signature using constant-time comparison.
- *
- * Uses crypto.subtle.verify() which is constant-time by specification.
- * NEVER manually compare HMAC bytes (timing attack risk).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Data that was signed
- * @param signature - Expected HMAC-SHA256 signature (32 bytes)
- * @returns true if signature is valid, false otherwise
- */
-export async function verifyHMAC(key, data, signature) {
-    const cryptoKey = await importKey(key, 'verify');
-    return crypto.subtle.verify('HMAC', cryptoKey, toArrayBuffer(signature), toArrayBuffer(data));
-}
-/**
- * Sign data with a provided HMAC key (for cases where the key is already known).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Bytes to sign
- * @returns 32-byte HMAC-SHA256 signature
- */
-export async function signHMAC(key, data) {
-    const cryptoKey = await importKey(key, 'sign');
-    const sig = await crypto.subtle.sign('HMAC', cryptoKey, toArrayBuffer(data));
-    return new Uint8Array(sig);
-}

package/dist-standalone/_deps/crypto/index.d.ts DELETED Viewed

@@ -1,20 +0,0 @@
-export * from './errors.js';
-export { splitXorIDA, reconstructXorIDA, nextOddPrime } from './xorida.js';
-export { pkcs7Pad, pkcs7Unpad } from './padding.js';
-export { generateHMAC, verifyHMAC, signHMAC } from './hmac.js';
-export { serializeMessage, deserializeMessage } from './tlv.js';
-export { generateUUID, uuidToBytes, bytesToUuid } from './uuid.js';
-export { toBase64, fromBase64, toBase64Url, fromBase64Url } from './base64.js';
-export { createShares, reconstructMessage } from './shares.js';
-export { formatShareHeader, parseShareHeader, hasShareHeader } from './share-header.js';
-/**
- * Check if the runtime supports the required Web Crypto APIs.
- *
- * Verifies that `crypto.subtle` is available with HMAC, AES-GCM,
- * and `crypto.getRandomValues`. Call this before using any crypto
- * operations to provide a clear error message on unsupported runtimes.
- *
- * @returns `true` if the runtime has the required Web Crypto APIs.
- */
-export declare function isSupported(): boolean;
-export { splitWithRandom } from './xorida.js';

package/dist-standalone/_deps/crypto/index.js DELETED Viewed

@@ -1,45 +0,0 @@
-// @private.me/crypto — public API
-// Errors
-export * from './errors.js';
-// XorIDA Threshold Sharing
-export { splitXorIDA, reconstructXorIDA, nextOddPrime } from './xorida.js';
-// Padding
-export { pkcs7Pad, pkcs7Unpad } from './padding.js';
-// Integrity
-export { generateHMAC, verifyHMAC, signHMAC } from './hmac.js';
-// Serialization
-export { serializeMessage, deserializeMessage } from './tlv.js';
-// UUID
-export { generateUUID, uuidToBytes, bytesToUuid } from './uuid.js';
-// Base64
-export { toBase64, fromBase64, toBase64Url, fromBase64Url } from './base64.js';
-// High-level API
-export { createShares, reconstructMessage } from './shares.js';
-// Branded Share Header (IDA5 copyright layer)
-export { formatShareHeader, parseShareHeader, hasShareHeader } from './share-header.js';
-// Capability check
-/**
- * Check if the runtime supports the required Web Crypto APIs.
- *
- * Verifies that `crypto.subtle` is available with HMAC, AES-GCM,
- * and `crypto.getRandomValues`. Call this before using any crypto
- * operations to provide a clear error message on unsupported runtimes.
- *
- * @returns `true` if the runtime has the required Web Crypto APIs.
- */
-export function isSupported() {
-    try {
-        return (typeof globalThis.crypto !== 'undefined' &&
-            typeof globalThis.crypto.subtle !== 'undefined' &&
-            typeof globalThis.crypto.subtle.importKey === 'function' &&
-            typeof globalThis.crypto.subtle.sign === 'function' &&
-            typeof globalThis.crypto.subtle.verify === 'function' &&
-            typeof globalThis.crypto.subtle.encrypt === 'function' &&
-            typeof globalThis.crypto.getRandomValues === 'function');
-    }
-    catch {
-        return false;
-    }
-}
-// Re-export for testing (internal, not part of public API contract)
-export { splitWithRandom } from './xorida.js';

package/dist-standalone/_deps/crypto/padding.d.ts DELETED Viewed

@@ -1,19 +0,0 @@
-import type { Result, PaddingError } from '@private.me/shared';
-/**
- * PKCS#7 pad data to a multiple of blockSize bytes.
- * Always adds at least 1 byte of padding, even when already aligned.
- *
- * @param data - Input bytes to pad
- * @param blockSize - Block size in bytes (must be 1–255)
- * @returns Padded byte array
- */
-export declare function pkcs7Pad(data: Uint8Array, blockSize: number): Uint8Array;
-/**
- * Remove PKCS#7 padding. Validates that padding bytes are consistent.
- * Returns an error if padding is invalid (possible tampering).
- *
- * @param data - Padded byte array
- * @param blockSize - Block size used during padding (must be 1–255)
- * @returns Unpadded bytes, or PaddingError if invalid
- */
-export declare function pkcs7Unpad(data: Uint8Array, blockSize: number): Result<Uint8Array, PaddingError>;

package/dist-standalone/_deps/crypto/padding.js DELETED Viewed

@@ -1,53 +0,0 @@
-import { ok, err } from"../shared/index.js";
-/**
- * PKCS#7 pad data to a multiple of blockSize bytes.
- * Always adds at least 1 byte of padding, even when already aligned.
- *
- * @param data - Input bytes to pad
- * @param blockSize - Block size in bytes (must be 1–255)
- * @returns Padded byte array
- */
-export function pkcs7Pad(data, blockSize) {
-    const padLen = blockSize - (data.length % blockSize);
-    const padded = new Uint8Array(data.length + padLen);
-    padded.set(data);
-    for (let i = data.length; i < padded.length; i++) {
-        padded[i] = padLen;
-    }
-    return padded;
-}
-/**
- * Remove PKCS#7 padding. Validates that padding bytes are consistent.
- * Returns an error if padding is invalid (possible tampering).
- *
- * @param data - Padded byte array
- * @param blockSize - Block size used during padding (must be 1–255)
- * @returns Unpadded bytes, or PaddingError if invalid
- */
-export function pkcs7Unpad(data, blockSize) {
-    if (data.length === 0) {
-        return err({ code: 'INVALID_PADDING', message: 'Input is empty' });
-    }
-    if (data.length % blockSize !== 0) {
-        return err({
-            code: 'INVALID_PADDING',
-            message: 'Input length is not a multiple of block size',
-        });
-    }
-    const padLen = data[data.length - 1];
-    if (padLen === undefined || padLen < 1 || padLen > blockSize) {
-        return err({
-            code: 'INVALID_PADDING',
-            message: `Invalid padding value: ${padLen}`,
-        });
-    }
-    for (let i = data.length - padLen; i < data.length; i++) {
-        if (data[i] !== padLen) {
-            return err({
-                code: 'INVALID_PADDING',
-                message: 'Inconsistent padding bytes',
-            });
-        }
-    }
-    return ok(data.slice(0, data.length - padLen));
-}

package/dist-standalone/_deps/crypto/share-header.d.ts DELETED Viewed

@@ -1,44 +0,0 @@
-/**
- * Branded share header — IDA5 copyright layer.
- *
- * Wraps every XorIDA share output with the patent-locked branded string:
- *
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * This provides triple legal protection on every share artifact:
- * - Patent (20 years): XorIDA algorithm and split-channel architecture
- * - Copyright (95 years): the literal branded header expression
- * - Trademark (indefinite): Xecret(TM) and PRIVATE .ME(R) marks
- *
- * NEVER modify the header format. It is patent-locked.
- */
-/**
- * Wrap share data with the branded IDA5 copyright header.
- *
- * Output format (patent-locked, NEVER change):
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * @param data - Base64-encoded share data (or any string payload)
- * @returns Branded string with copyright header wrapping the data
- */
-export declare function formatShareHeader(data: string): string;
-/**
- * Extract share data from a branded IDA5 header string.
- *
- * Backward-compatible: if the branded markers are not found, returns
- * the input string trimmed (handles legacy headerless shares).
- *
- * @param input - Branded share string or legacy raw data
- * @returns Extracted share data with whitespace trimmed
- */
-export declare function parseShareHeader(input: string): string;
-/**
- * Check whether a string contains the branded IDA5 share header.
- *
- * Useful for format detection — distinguishing branded shares from
- * legacy raw base64 shares.
- *
- * @param input - String to check
- * @returns true if the branded markers are present
- */
-export declare function hasShareHeader(input: string): boolean;

package/dist-standalone/_deps/crypto/share-header.js DELETED Viewed

@@ -1,63 +0,0 @@
-/**
- * Branded share header — IDA5 copyright layer.
- *
- * Wraps every XorIDA share output with the patent-locked branded string:
- *
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * This provides triple legal protection on every share artifact:
- * - Patent (20 years): XorIDA algorithm and split-channel architecture
- * - Copyright (95 years): the literal branded header expression
- * - Trademark (indefinite): Xecret(TM) and PRIVATE .ME(R) marks
- *
- * NEVER modify the header format. It is patent-locked.
- */
-/** Start marker for the branded share data region. */
-const START_MARKER = 'Encrypted://';
-/** End marker for the branded share data region. */
-const END_MARKER = '=> Generated by Xecret (TM)';
-/** Branded prefix before the start marker. */
-const BRAND_PREFIX = 'Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> ';
-/**
- * Wrap share data with the branded IDA5 copyright header.
- *
- * Output format (patent-locked, NEVER change):
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * @param data - Base64-encoded share data (or any string payload)
- * @returns Branded string with copyright header wrapping the data
- */
-export function formatShareHeader(data) {
-    return `${BRAND_PREFIX}${START_MARKER} ${data} ${END_MARKER}`;
-}
-/**
- * Extract share data from a branded IDA5 header string.
- *
- * Backward-compatible: if the branded markers are not found, returns
- * the input string trimmed (handles legacy headerless shares).
- *
- * @param input - Branded share string or legacy raw data
- * @returns Extracted share data with whitespace trimmed
- */
-export function parseShareHeader(input) {
-    const startIdx = input.indexOf(START_MARKER);
-    if (startIdx < 0)
-        return input.trim();
-    const dataStart = startIdx + START_MARKER.length;
-    const endIdx = input.indexOf(END_MARKER, dataStart);
-    if (endIdx < 0)
-        return input.trim();
-    return input.substring(dataStart, endIdx).trim();
-}
-/**
- * Check whether a string contains the branded IDA5 share header.
- *
- * Useful for format detection — distinguishing branded shares from
- * legacy raw base64 shares.
- *
- * @param input - String to check
- * @returns true if the branded markers are present
- */
-export function hasShareHeader(input) {
-    return input.includes(START_MARKER) && input.includes(END_MARKER);
-}

package/dist-standalone/_deps/crypto/shares.d.ts DELETED Viewed

@@ -1,27 +0,0 @@
-/**
- * High-level share creation and reconstruction API.
- *
- * Sender pipeline:  serialize (TLV) → pad (PKCS#7) → HMAC (sign) → split (XorIDA)
- * Receiver pipeline: reconstruct (XorIDA) → verify (HMAC) → unpad (PKCS#7) → deserialize (TLV)
- */
-import type { Result, XailMessage, XailShare, ReconstructionError } from '@private.me/shared';
-/**
- * Create shares from a XailMessage.
- *
- * Pipeline: serialize → pad → HMAC → split → package as XailShare[]
- *
- * @param message - The message to split into shares
- * @param n - Total number of shares to produce
- * @param k - Threshold: minimum shares needed for reconstruction
- * @returns Array of n XailShare objects ready for transport
- */
-export declare function createShares(message: XailMessage, n: number, k: number): Promise<XailShare[]>;
-/**
- * Reconstruct a XailMessage from k shares.
- *
- * Pipeline: validate → reconstruct → verify HMAC → unpad → deserialize
- *
- * @param shares - Array of k XailShare objects (must share the same UUID)
- * @returns Reconstructed message, or ReconstructionError
- */
-export declare function reconstructMessage(shares: readonly XailShare[]): Promise<Result<XailMessage, ReconstructionError>>;

package/dist-standalone/_deps/crypto/shares.js DELETED Viewed

@@ -1,148 +0,0 @@
-/**
- * High-level share creation and reconstruction API.
- *
- * Sender pipeline:  serialize (TLV) → pad (PKCS#7) → HMAC (sign) → split (XorIDA)
- * Receiver pipeline: reconstruct (XorIDA) → verify (HMAC) → unpad (PKCS#7) → deserialize (TLV)
- */
-import { ok, err } from"../shared/index.js";
-import { serializeMessage, deserializeMessage } from './tlv.js';
-import { pkcs7Pad, pkcs7Unpad } from './padding.js';
-import { generateHMAC, verifyHMAC } from './hmac.js';
-import { splitXorIDA, reconstructXorIDA, nextOddPrime } from './xorida.js';
-import { generateUUID } from './uuid.js';
-/**
- * Create shares from a XailMessage.
- *
- * Pipeline: serialize → pad → HMAC → split → package as XailShare[]
- *
- * @param message - The message to split into shares
- * @param n - Total number of shares to produce
- * @param k - Threshold: minimum shares needed for reconstruction
- * @returns Array of n XailShare objects ready for transport
- */
-export async function createShares(message, n, k) {
-    // Ensure UUID is set before serialization so TLV and share headers match.
-    const uuid = message.uuid || generateUUID();
-    const messageWithUuid = uuid !== message.uuid ? { ...message, uuid } : message;
-    // Step 1: Serialize to TLV
-    const tlvPayload = serializeMessage(messageWithUuid);
-    // Step 2: Pad to XorIDA block boundary
-    const p = nextOddPrime(n);
-    const blockSize = p - 1;
-    const padded = pkcs7Pad(tlvPayload, blockSize);
-    // Step 3: HMAC the padded payload
-    const { key: hmacKey, signature: hmacSignature } = await generateHMAC(padded);
-    // Step 4: Split via XorIDA
-    const shareDataArrays = splitXorIDA(padded, n, k);
-    const shares = shareDataArrays.map((data, index) => ({
-        uuid,
-        index,
-        totalShares: n,
-        threshold: k,
-        data,
-        hmacKey: hmacKey.slice(), // each share carries a copy
-        hmacSignature: hmacSignature.slice(),
-    }));
-    return shares;
-}
-/**
- * Reconstruct a XailMessage from k shares.
- *
- * Pipeline: validate → reconstruct → verify HMAC → unpad → deserialize
- *
- * @param shares - Array of k XailShare objects (must share the same UUID)
- * @returns Reconstructed message, or ReconstructionError
- */
-export async function reconstructMessage(shares) {
-    // Validation: need at least k shares
-    if (shares.length === 0) {
-        return err({ code: 'INSUFFICIENT_SHARES', message: 'No shares provided' });
-    }
-    const first = shares[0];
-    const k = first.threshold;
-    const n = first.totalShares;
-    if (shares.length < k) {
-        return err({
-            code: 'INSUFFICIENT_SHARES',
-            message: `Need ${k} shares, got ${shares.length}`,
-        });
-    }
-    // Validate consistency
-    const indices = [];
-    const indexSet = new Set();
-    for (const share of shares) {
-        if (share.uuid !== first.uuid) {
-            return err({
-                code: 'INVALID_SHARES',
-                message: 'Shares have different UUIDs',
-            });
-        }
-        if (share.totalShares !== n || share.threshold !== k) {
-            return err({
-                code: 'INVALID_SHARES',
-                message: 'Shares have inconsistent n/k values',
-            });
-        }
-        if (share.index < 0 || share.index >= n) {
-            return err({
-                code: 'INVALID_INDEX',
-                message: `Share index ${share.index} out of range [0, ${n})`,
-            });
-        }
-        if (indexSet.has(share.index)) {
-            return err({
-                code: 'INVALID_INDEX',
-                message: `Duplicate share index ${share.index}`,
-            });
-        }
-        indexSet.add(share.index);
-        indices.push(share.index);
-    }
-    // Take first k shares
-    const usedShares = shares.slice(0, k);
-    const usedIndices = indices.slice(0, k);
-    const shareData = usedShares.map((s) => s.data);
-    // Step 1: Reconstruct padded payload
-    const padded = reconstructXorIDA(shareData, usedIndices, n, k);
-    // Step 2: Verify HMAC (before unpadding — fail closed)
-    const hmacValid = await verifyHMAC(first.hmacKey, padded, first.hmacSignature);
-    if (!hmacValid) {
-        return err({
-            code: 'HMAC_FAILURE',
-            message: 'HMAC verification failed — data may be corrupted or tampered',
-        });
-    }
-    // Step 3: Unpad
-    const p = nextOddPrime(n);
-    const blockSize = p - 1;
-    const unpadResult = pkcs7Unpad(padded, blockSize);
-    if (!unpadResult.ok) {
-        return err({
-            code: 'HMAC_FAILURE',
-            message: `Unpadding failed: ${unpadResult.error.message}`,
-        });
-    }
-    // Step 4: Deserialize TLV
-    const msgResult = deserializeMessage(unpadResult.value);
-    if (!msgResult.ok) {
-        return err({
-            code: 'INVALID_SHARES',
-            message: `Deserialization failed: ${msgResult.error.message}`,
-        });
-    }
-    // UUID cross-check: if the TLV payload contains a UUID, it must match the envelope UUID.
-    // Normalize both to lowercase+trimmed — bytesToUuid() always returns lowercase,
-    // but envelope UUIDs from email headers may differ in casing or have whitespace.
-    const tlvUuid = msgResult.value.uuid;
-    if (tlvUuid && tlvUuid.toLowerCase().trim() !== first.uuid.toLowerCase().trim()) {
-        return err({
-            code: 'UUID_MISMATCH',
-            message: 'TLV UUID does not match envelope UUID',
-        });
-    }
-    // The share headers carry the authoritative UUID (X-Xail-UUID).
-    // The TLV payload may have a stale or empty UUID if the sender didn't
-    // pre-populate message.uuid before calling createShares(). Stamp the
-    // share-header UUID onto the reconstructed message.
-    return ok({ ...msgResult.value, uuid: first.uuid });
-}

package/dist-standalone/_deps/crypto/tlv.d.ts DELETED Viewed

@@ -1,26 +0,0 @@
-/**
- * TLV (Type-Length-Value) serialization for Xail messages.
- *
- * Format: [Type: 1 byte][Length: 4 bytes uint32 BE][Value: Length bytes]
- *
- * Serialization order: MESSAGE_UUID, SENDER_ID, TIMESTAMP, CONTENT_TYPE,
- * MESSAGE_BODY, ATTACHMENT(s).
- *
- * HMAC key/signature and per-share metadata are NOT in the TLV payload —
- * they travel in the share envelope.
- */
-import type { Result, SerializationError, XailMessage } from '@private.me/shared';
-/**
- * Serialize a XailMessage into a TLV byte stream.
- *
- * @param message - Message to serialize
- * @returns TLV-encoded byte array
- */
-export declare function serializeMessage(message: XailMessage): Uint8Array;
-/**
- * Deserialize a TLV byte stream into a XailMessage.
- *
- * @param data - TLV-encoded byte array
- * @returns Deserialized message, or SerializationError if invalid
- */
-export declare function deserializeMessage(data: Uint8Array): Result<XailMessage, SerializationError>;