@private.me/xbind 1.3.5 → 2.3.4

package/dist-standalone/cjs/debug-mode.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.enableDebugMode=enableDebugMode,exports.disableDebugMode=disableDebugMode,exports.isDebugEnabled=isDebugEnabled,exports.getDebugOptions=getDebugOptions,exports.createDebugLogger=createDebugLogger,exports.startProfiling=startProfiling,exports.endProfiling=endProfiling,exports.getPerformanceMeasurements=getPerformanceMeasurements,exports.clearPerformanceMeasurements=clearPerformanceMeasurements,exports.traceNetworkRequest=traceNetworkRequest,exports.traceNetworkResponse=traceNetworkResponse,exports.getNetworkTraces=getNetworkTraces,exports.clearNetworkTraces=clearNetworkTraces,exports.traceCryptoOperation=traceCryptoOperation,exports.getCryptoTraces=getCryptoTraces,exports.clearCryptoTraces=clearCryptoTraces,exports.dumpState=dumpState,exports.getStateSnapshots=getStateSnapshots,exports.clearStateSnapshots=clearStateSnapshots,exports.exportDebugData=exportDebugData,exports.clearAllDebugData=clearAllDebugData,exports.generateDebugReport=generateDebugReport;const logger_js_1=require("./logger.js");class DebugModeState{enabled=!1;options={};measurements=[];networkTraces=[];cryptoTraces=[];stateSnapshots=[];activeTimers=new Map}const globalDebugState=new DebugModeState;function enableDebugMode(e={}){globalDebugState.enabled=!0,globalDebugState.options={verbose:e.verbose??!1,traceNetwork:e.traceNetwork??!1,traceCrypto:e.traceCrypto??!1,profile:e.profile??!1,trackMemory:e.trackMemory??!1,traceState:e.traceState??!1,output:e.output??console.log,filters:e.filters};const t=(0,logger_js_1.createLogger)("debug-mode");t.setLevel(logger_js_1.LogLevel.DEBUG),t.info("Debug mode enabled",{options:globalDebugState.options})}function disableDebugMode(){globalDebugState.enabled=!1,globalDebugState.measurements=[],globalDebugState.networkTraces=[],globalDebugState.cryptoTraces=[],globalDebugState.stateSnapshots=[],globalDebugState.activeTimers.clear();(0,logger_js_1.createLogger)("debug-mode").info("Debug mode disabled")}function isDebugEnabled(){return globalDebugState.enabled}function getDebugOptions(){return{...globalDebugState.options}}function createDebugLogger(e){const t=(0,logger_js_1.createLogger)(e);return globalDebugState.enabled&&globalDebugState.options.verbose&&t.setLevel(logger_js_1.LogLevel.DEBUG),{...t,trace(e,o){if(globalDebugState.enabled&&globalDebugState.options.verbose){if(globalDebugState.options.filters){const{include:t,exclude:o}=globalDebugState.options.filters;if(t&&!t.some(t=>t.test(e)))return;if(o&&o.some(t=>t.test(e)))return}t.debug(e,o)}}}}function startProfiling(e,t){if(!globalDebugState.enabled||!globalDebugState.options.profile)return;const o=performance.now();globalDebugState.activeTimers.set(e,{startTime:o,context:t});createDebugLogger("profiler").trace(`[PROFILE] Starting: ${e}`,t)}function endProfiling(e,t){if(!globalDebugState.enabled||!globalDebugState.options.profile)return;const o=globalDebugState.activeTimers.get(e);if(!o){return void createDebugLogger("profiler").warn(`[PROFILE] No start time found for: ${e}`)}const r=performance.now(),a=r-o.startTime,s=t??o.context;let n,u,g;if(globalDebugState.options.trackMemory&&"undefined"!=typeof process&&process.memoryUsage){u=process.memoryUsage().heapUsed,n=u,g=0}const l={operation:e,startTime:o.startTime,endTime:r,duration:a,memoryBefore:n,memoryAfter:u,memoryDelta:g,context:s};globalDebugState.measurements.push(l),globalDebugState.activeTimers.delete(e);createDebugLogger("profiler").trace(`[PROFILE] Completed: ${e} (${a.toFixed(2)}ms)`,{duration:a,memoryDelta:g,...t})}function getPerformanceMeasurements(){return[...globalDebugState.measurements]}function clearPerformanceMeasurements(){globalDebugState.measurements=[],globalDebugState.activeTimers.clear()}function traceNetworkRequest(e,t,o,r,a){if(!globalDebugState.enabled||!globalDebugState.options.traceNetwork)return;const s={id:e,method:t,url:o,requestHeaders:redactHeaders(r),requestBody:truncateBody(a),startTime:performance.now()};globalDebugState.networkTraces.push(s);createDebugLogger("network").trace(`[NETWORK] ${t} ${o}`,{requestId:e,headers:s.requestHeaders,bodyLength:a?.length??0})}function traceNetworkResponse(e,t,o,r,a){if(!globalDebugState.enabled||!globalDebugState.options.traceNetwork)return;const s=globalDebugState.networkTraces.find(t=>t.id===e);if(!s)return;s.endTime=performance.now(),s.duration=s.endTime-s.startTime,s.status=t,s.responseHeaders=o?redactHeaders(o):void 0,s.responseBody=truncateBody(r),s.error=a;createDebugLogger("network").trace(`[NETWORK] Response ${t??"ERROR"} (${s.duration.toFixed(2)}ms)`,{requestId:e,status:t,duration:s.duration,error:a})}function getNetworkTraces(){return[...globalDebugState.networkTraces]}function clearNetworkTraces(){globalDebugState.networkTraces=[]}function traceCryptoOperation(e,t,o,r,a,s,n){if(!globalDebugState.enabled||!globalDebugState.options.traceCrypto)return;const u={operation:e,algorithm:t,inputSize:o,outputSize:r,duration:a??0,success:s??!0,error:n,timestamp:Date.now()};globalDebugState.cryptoTraces.push(u);createDebugLogger("crypto").trace(`[CRYPTO] ${e} (${t})`,{inputSize:o,outputSize:r,duration:a,success:s,error:n})}function getCryptoTraces(){return[...globalDebugState.cryptoTraces]}function clearCryptoTraces(){globalDebugState.cryptoTraces=[]}function dumpState(e){const t={did:e.did,identityMode:e.identityMode??"persistent",registered:e.registered??!1,registryUrl:e.registry?.url,nonceStoreType:e.nonceStore?.constructor?.name??"unknown",nonceCount:e.nonceStore?.size??0,transportType:e.transport?.constructor?.name??"unknown",securityPolicy:{level:e.securityPolicy?.level??"unknown",replayWindow:e.securityPolicy?.replayWindow??0,timestampTolerance:e.securityPolicy?.timestampTolerance??0},postQuantum:e.postQuantum??!1,memoryUsage:"undefined"!=typeof process&&process.memoryUsage?process.memoryUsage().heapUsed:void 0,timestamp:Date.now()};globalDebugState.enabled&&globalDebugState.options.traceState&&globalDebugState.stateSnapshots.push(t);return createDebugLogger("state").trace("[STATE] Agent snapshot",t),t}function getStateSnapshots(){return[...globalDebugState.stateSnapshots]}function clearStateSnapshots(){globalDebugState.stateSnapshots=[]}function exportDebugData(){const e={enabled:globalDebugState.enabled,options:globalDebugState.options,measurements:globalDebugState.measurements,networkTraces:globalDebugState.networkTraces,cryptoTraces:globalDebugState.cryptoTraces,stateSnapshots:globalDebugState.stateSnapshots,exportedAt:(new Date).toISOString()};return JSON.stringify(e,null,2)}function clearAllDebugData(){clearPerformanceMeasurements(),clearNetworkTraces(),clearCryptoTraces(),clearStateSnapshots()}function redactHeaders(e){const t={},o=new Set(["authorization","cookie","set-cookie","x-api-key","x-auth-token"]);for(const[r,a]of Object.entries(e)){const e=r.toLowerCase();o.has(e)?t[r]="[REDACTED]":t[r]=a}return t}function truncateBody(e){if(!e)return;const t=1e3;return e.length<=t?e:e.substring(0,t)+`... (${e.length-t} more bytes)`}function generateDebugReport(){const e=[];if(e.push("=".repeat(80)),e.push("xBind Debug Report"),e.push("=".repeat(80)),e.push(""),e.push(`Generated: ${(new Date).toISOString()}`),e.push("Debug Mode: "+(globalDebugState.enabled?"ENABLED":"DISABLED")),e.push(""),globalDebugState.measurements.length>0){e.push("Performance Measurements:"),e.push("-".repeat(80));for(const t of globalDebugState.measurements)e.push(`  ${t.operation}: ${t.duration.toFixed(2)}ms`),void 0!==t.memoryDelta&&e.push(`    Memory: ${formatBytes(t.memoryDelta)}`);e.push("")}if(globalDebugState.networkTraces.length>0){e.push("Network Traces:"),e.push("-".repeat(80));for(const t of globalDebugState.networkTraces)e.push(`  ${t.method} ${t.url}`),t.status&&e.push(`    Status: ${t.status}`),t.duration&&e.push(`    Duration: ${t.duration.toFixed(2)}ms`),t.error&&e.push(`    Error: ${t.error}`);e.push("")}if(globalDebugState.cryptoTraces.length>0){e.push("Crypto Operations:"),e.push("-".repeat(80));for(const t of globalDebugState.cryptoTraces)e.push(`  ${t.operation} (${t.algorithm})`),e.push(`    Input: ${formatBytes(t.inputSize)}`),t.outputSize&&e.push(`    Output: ${formatBytes(t.outputSize)}`),e.push(`    Duration: ${t.duration.toFixed(2)}ms`),e.push(`    Success: ${t.success}`),t.error&&e.push(`    Error: ${t.error}`);e.push("")}if(globalDebugState.stateSnapshots.length>0){e.push("State Snapshots:"),e.push("-".repeat(80));const t=globalDebugState.stateSnapshots[globalDebugState.stateSnapshots.length-1];t&&(e.push(`  DID: ${t.did}`),e.push(`  Mode: ${t.identityMode}`),e.push(`  Registered: ${t.registered}`),e.push(`  Post-Quantum: ${t.postQuantum}`),e.push(`  Nonce Count: ${t.nonceCount}`),t.memoryUsage&&e.push(`  Memory Usage: ${formatBytes(t.memoryUsage)}`)),e.push("")}return e.push("=".repeat(80)),e.join("\n")}function formatBytes(e){if(0===e)return"0 B";const t=Math.floor(Math.log(Math.abs(e))/Math.log(1024));return`${(e/Math.pow(1024,t)).toFixed(2)} ${["B","KB","MB","GB"][t]}`}

package/dist-standalone/cjs/did-document.js

@@ -1,101 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateDidDocument = generateDidDocument;
-exports.resolveDid = resolveDid;
-exports.getServiceEndpoints = getServiceEndpoints;
-const shared_1 = require("../_deps/shared/index.js");
-const crypto_1 = require("../_deps/crypto/index.js");
-/**
- * Generate a DID document for a given DID.
- *
- * Includes service endpoints that advertise PRIVATE.ME/xBind.
- * Both did:key and did:privateme DIDs generate the same service endpoints.
- *
- * @param did - The DID (did:key:z... or did:privateme:z...)
- * @param rawPublicKey - The 32-byte Ed25519 public key
- * @param name - Optional name for the identity
- * @returns DID document with service endpoints
- */
-function generateDidDocument(did, rawPublicKey, name) {
-    if (!did.startsWith('did:key:') && !did.startsWith('did:privateme:')) {
-        return (0, shared_1.err)('INVALID_DID_FORMAT');
-    }
-    // Convert public key to base64 for inclusion in document
-    const publicKeyBase64 = (0, crypto_1.toBase64)(rawPublicKey);
-    const document = {
-        '@context': [
-            'https://www.w3.org/ns/did/v1',
-            'https://w3id.org/security/suites/ed25519-2020/v1',
-        ],
-        id: did,
-        publicKey: [
-            {
-                id: `${did}#key-1`,
-                type: 'Ed25519VerificationKey2020',
-                controller: did,
-                publicKeyBase64,
-            },
-        ],
-        authentication: [`${did}#key-1`],
-        assertionMethod: [`${did}#key-1`],
-        keyAgreement: [`${did}#key-1`],
-        service: [
-            {
-                id: `${did}#identity-provider`,
-                type: 'IdentityProvider',
-                serviceEndpoint: 'https://private.me',
-                description: 'PRIVATE.ME xBind Agent - M2M identity authentication',
-            },
-            {
-                id: `${did}#documentation`,
-                type: 'Documentation',
-                serviceEndpoint: 'https://private.me/docs/xbind.html',
-                description: 'Learn more about PRIVATE.ME/xBind protocol',
-            },
-        ],
-        ...(name ? { name } : {}),
-    };
-    return (0, shared_1.ok)(document);
-}
-/**
- * Resolve a DID to its document (simulated).
- *
- * In a production system, this would query a DID resolver.
- * For now, this generates a synthetic document based on the DID.
- *
- * @param did - The DID to resolve
- * @param rawPublicKey - The 32-byte Ed25519 public key
- * @returns DID document or error
- */
-async function resolveDid(did, rawPublicKey) {
-    // In a production system, this would make an HTTP request to a DID resolver
-    // For now, generate a synthetic document
-    return generateDidDocument(did, rawPublicKey);
-}
-/**
- * Extract service endpoints from a DID document.
- *
- * Filters for PRIVATE.ME service endpoints to provide discovery information.
- *
- * @param document - The DID document
- * @returns Array of service endpoints advertising PRIVATE.ME services
- */
-function getServiceEndpoints(document) {
-    if (!document.service)
-        return [];
-    return document.service
-        .filter((svc) => {
-        const endpoint = typeof svc.serviceEndpoint === 'string' ? svc.serviceEndpoint : '';
-        return (endpoint.includes('private.me') ||
-            svc.type.includes('PRIVATE.ME') ||
-            svc.type === 'IdentityProvider' ||
-            svc.type === 'Documentation');
-    })
-        .map((svc) => ({
-        type: svc.type,
-        endpoint: typeof svc.serviceEndpoint === 'string'
-            ? svc.serviceEndpoint
-            : JSON.stringify(svc.serviceEndpoint),
-        description: svc.description,
-    }));
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.generateDidDocument=generateDidDocument,exports.resolveDid=resolveDid,exports.getServiceEndpoints=getServiceEndpoints;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");function generateDidDocument(e,t,i){if(!e.startsWith("did:key:")&&!e.startsWith("did:privateme:"))return(0,shared_1.err)("INVALID_DID_FORMAT");const n={"@context":["https://www.w3.org/ns/did/v1","https://w3id.org/security/suites/ed25519-2020/v1"],id:e,publicKey:[{id:`${e}#key-1`,type:"Ed25519VerificationKey2020",controller:e,publicKeyBase64:(0,crypto_utils_js_1.toBase64)(t)}],authentication:[`${e}#key-1`],assertionMethod:[`${e}#key-1`],keyAgreement:[`${e}#key-1`],service:[{id:`${e}#identity-provider`,type:"IdentityProvider",serviceEndpoint:"https://private.me",description:"PRIVATE.ME xBind Agent - M2M identity authentication"},{id:`${e}#documentation`,type:"Documentation",serviceEndpoint:"https://private.me/docs/xbind.html",description:"Learn more about PRIVATE.ME/xBind protocol"}],...i?{name:i}:{}};return(0,shared_1.ok)(n)}async function resolveDid(e,t){return generateDidDocument(e,t)}function getServiceEndpoints(e){return e.service?e.service.filter(e=>("string"==typeof e.serviceEndpoint?e.serviceEndpoint:"").includes("private.me")||e.type.includes("PRIVATE.ME")||"IdentityProvider"===e.type||"Documentation"===e.type).map(e=>({type:e.type,endpoint:"string"==typeof e.serviceEndpoint?e.serviceEndpoint:JSON.stringify(e.serviceEndpoint),description:e.description})):[]}

package/dist-standalone/cjs/did-privateme.js

@@ -1,130 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.publicKeyToPrivateMeDid = publicKeyToPrivateMeDid;
-exports.privateMeDidToPublicKeyBytes = privateMeDidToPublicKeyBytes;
-exports.isPrivateMeDid = isPrivateMeDid;
-exports.isDidKeyFormat = isDidKeyFormat;
-exports.convertDidFormat = convertDidFormat;
-exports.normalizeDid = normalizeDid;
-exports.parseDid = parseDid;
-const shared_1 = require("../_deps/shared/index.js");
-const identity_js_1 = require("./identity.js");
-/**
- * Mechanism 4: Convert Ed25519 public key to did:privateme DID.
- *
- * Format: did:privateme:z + base58btc(0xed01 || publicKey)
- *
- * This is a new DID method identifier for PRIVATE.ME ACIs.
- * It uses the same base58btc encoding as did:key for compatibility,
- * but signals that the identity is backed by PRIVATE.ME infrastructure.
- *
- * Backward compatible: agents accept both did:key and did:privateme formats.
- *
- * @param rawPublicKey - 32-byte Ed25519 public key
- * @returns DID in format did:privateme:z...
- */
-function publicKeyToPrivateMeDid(rawPublicKey) {
-    // Use same encoding as did:key, but with privateme method
-    const didKeyFormat = (0, identity_js_1.publicKeyToDid)(rawPublicKey);
-    // Replace did:key: with did:privateme:
-    return didKeyFormat.replace(/^did:key:/, 'did:privateme:');
-}
-/**
- * Extract raw 32-byte public key from a did:privateme DID.
- *
- * Format: did:privateme:z + base58btc(0xed01 || publicKey)
- *
- * @param did - DID in format did:privateme:z...
- * @returns 32-byte public key or error
- */
-function privateMeDidToPublicKeyBytes(did) {
-    if (!did.startsWith('did:privateme:z')) {
-        return (0, shared_1.err)('INVALID_DID_FORMAT');
-    }
-    // Convert to did:key format temporarily for parsing
-    const didKeyFormat = did.replace(/^did:privateme:/, 'did:key:');
-    // Use the existing parser
-    const result = (0, identity_js_1.didToPublicKeyBytes)(didKeyFormat);
-    if (!result.ok) {
-        return (0, shared_1.err)(result.error);
-    }
-    return (0, shared_1.ok)(result.value);
-}
-/**
- * Determine if a DID is in the new did:privateme format.
- *
- * @param did - The DID to check
- * @returns true if DID is did:privateme format, false otherwise
- */
-function isPrivateMeDid(did) {
-    return did.startsWith('did:privateme:');
-}
-/**
- * Determine if a DID is in the did:key format.
- *
- * @param did - The DID to check
- * @returns true if DID is did:key format, false otherwise
- */
-function isDidKeyFormat(did) {
-    return did.startsWith('did:key:');
-}
-/**
- * Convert between DID formats (did:key ↔ did:privateme).
- *
- * Allows backward compatibility between old did:key and new did:privateme formats.
- * The public key remains the same; only the method identifier changes.
- *
- * @param did - Source DID in either format
- * @returns Converted DID in the other format, or error
- */
-function convertDidFormat(did) {
-    if (isDidKeyFormat(did)) {
-        // Convert did:key to did:privateme
-        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
-    }
-    if (isPrivateMeDid(did)) {
-        // Convert did:privateme to did:key
-        return (0, shared_1.ok)(did.replace(/^did:privateme:/, 'did:key:'));
-    }
-    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
-}
-/**
- * Normalize a DID to the canonical format (did:privateme).
- *
- * All DIDs are converted to did:privateme format for consistency.
- * Existing did:key DIDs are automatically upgraded.
- *
- * @param did - Source DID in any supported format
- * @returns Normalized DID in did:privateme format
- */
-function normalizeDid(did) {
-    if (isPrivateMeDid(did)) {
-        // Already in target format
-        return (0, shared_1.ok)(did);
-    }
-    if (isDidKeyFormat(did)) {
-        // Convert to did:privateme
-        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
-    }
-    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
-}
-/**
- * Parse a DID into method, identifier, and fragment.
- *
- * @param did - Full DID string
- * @returns Parsed DID components or error
- */
-function parseDid(did) {
-    const fragmentMatch = did.indexOf('#');
-    const base = fragmentMatch >= 0 ? did.substring(0, fragmentMatch) : did;
-    const fragment = fragmentMatch >= 0 ? did.substring(fragmentMatch + 1) : undefined;
-    const parts = base.split(':');
-    if (parts.length < 3 || parts[0] !== 'did') {
-        return (0, shared_1.err)('INVALID_DID_FORMAT');
-    }
-    return (0, shared_1.ok)({
-        method: parts[1],
-        identifier: parts.slice(2).join(':'),
-        fragment,
-    });
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.publicKeyToPrivateMeDid=publicKeyToPrivateMeDid,exports.privateMeDidToPublicKeyBytes=privateMeDidToPublicKeyBytes,exports.isPrivateMeDid=isPrivateMeDid,exports.isDidKeyFormat=isDidKeyFormat,exports.convertDidFormat=convertDidFormat,exports.normalizeDid=normalizeDid,exports.parseDid=parseDid;const shared_1=require("../_deps/shared/index.js"),identity_js_1=require("./identity.js");function publicKeyToPrivateMeDid(e){return(0,identity_js_1.publicKeyToDid)(e).replace(/^did:key:/,"did:privateme:")}function privateMeDidToPublicKeyBytes(e){if(!e.startsWith("did:privateme:z"))return(0,shared_1.err)("INVALID_DID_FORMAT");const i=e.replace(/^did:privateme:/,"did:key:"),r=(0,identity_js_1.didToPublicKeyBytes)(i);return r.ok?(0,shared_1.ok)(r.value):(0,shared_1.err)(r.error)}function isPrivateMeDid(e){return e.startsWith("did:privateme:")}function isDidKeyFormat(e){return e.startsWith("did:key:")}function convertDidFormat(e){return isDidKeyFormat(e)?(0,shared_1.ok)(e.replace(/^did:key:/,"did:privateme:")):isPrivateMeDid(e)?(0,shared_1.ok)(e.replace(/^did:privateme:/,"did:key:")):(0,shared_1.err)("UNSUPPORTED_DID_FORMAT")}function normalizeDid(e){return isPrivateMeDid(e)?(0,shared_1.ok)(e):isDidKeyFormat(e)?(0,shared_1.ok)(e.replace(/^did:key:/,"did:privateme:")):(0,shared_1.err)("UNSUPPORTED_DID_FORMAT")}function parseDid(e){const i=e.indexOf("#"),r=i>=0?e.substring(0,i):e,t=i>=0?e.substring(i+1):void 0,d=r.split(":");return d.length<3||"did"!==d[0]?(0,shared_1.err)("INVALID_DID_FORMAT"):(0,shared_1.ok)({method:d[1],identifier:d.slice(2).join(":"),fragment:t})}

package/dist-standalone/cjs/did-web.js

@@ -1,201 +1 @@
-"use strict";
-/**
- * did:web resolver — resolves DIDs hosted on developer domains.
- *
- * Implements the W3C did:web method:
- *   did:web:example.com -> https://example.com/.well-known/did.json
- *   did:web:example.com:path:to -> https://example.com/path/to/did.json
- *
- * Enables direct agent-to-agent communication without a centralized registry.
- * Implements TrustRegistry interface for drop-in use with Agent class.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DidWebResolver = void 0;
-exports.didWebToUrl = didWebToUrl;
-const shared_1 = require("../_deps/shared/index.js");
-const crypto_1 = require("../_deps/crypto/index.js");
-/**
- * Resolve did:web DIDs by fetching DID documents from the hosting domain.
- *
- * Implements TrustRegistry interface so it can be used as a drop-in
- * replacement for MemoryTrustRegistry or HttpTrustRegistry.
- */
-class DidWebResolver {
-    fetchFn;
-    cacheTtlMs;
-    cache = new Map();
-    constructor(opts) {
-        this.fetchFn = opts?.fetch ?? globalThis.fetch.bind(globalThis);
-        this.cacheTtlMs = opts?.cacheTtlMs ?? 300_000;
-    }
-    /** Registration not supported for did:web (developers host their own). */
-    async register(_did, _publicKey, _name, _scopes, _x25519PublicKey) {
-        return (0, shared_1.err)('ALREADY_REGISTERED');
-    }
-    /**
-     * Resolve a did:web DID to its raw public key bytes.
-     * @param did - A did:web DID string.
-     * @returns Public key bytes or error.
-     */
-    async resolve(did) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return entry;
-        if (entry.value.revoked)
-            return (0, shared_1.err)('REVOKED');
-        return (0, shared_1.ok)(entry.value.publicKey);
-    }
-    /**
-     * Check if a did:web DID has a specific scope.
-     * @param did - The DID to check.
-     * @param scope - The scope to verify.
-     * @returns True if scope is granted.
-     */
-    async hasScope(did, scope) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return false;
-        return entry.value.scopes.has(scope);
-    }
-    /**
-     * Check if a did:web DID has a specific receive scope.
-     * @param did - The DID to check.
-     * @param scope - The scope to verify.
-     * @returns True if receive scope is granted.
-     */
-    async hasReceiveScope(did, scope) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return false;
-        // Undefined = accept all scopes (backward compatibility)
-        if (!entry.value.receiveScopes)
-            return true;
-        return entry.value.receiveScopes.has(scope);
-    }
-    /** Revocation not supported for did:web (developer controls their domain). */
-    async revoke(_did) {
-        return (0, shared_1.err)('NOT_FOUND');
-    }
-    /**
-     * Get the full registry entry for a did:web DID.
-     * @param did - The DID to look up.
-     * @returns Full entry or error.
-     */
-    async getEntry(did) {
-        return this.fetchEntry(did);
-    }
-    /** Number of cached entries (for testing). */
-    get cacheSize() {
-        return this.cache.size;
-    }
-    /** Fetch and parse a DID document, with caching. */
-    async fetchEntry(did) {
-        // Check cache
-        const cached = this.cache.get(did);
-        if (cached && Date.now() - cached.fetchedAt < this.cacheTtlMs) {
-            return (0, shared_1.ok)(cached.entry);
-        }
-        const url = didWebToUrl(did);
-        if (!url)
-            return (0, shared_1.err)('NOT_FOUND');
-        try {
-            const res = await this.fetchFn(url);
-            if (!res.ok)
-                return (0, shared_1.err)('NOT_FOUND');
-            const doc = (await res.json());
-            const entry = parseDidDocument(did, doc);
-            if (!entry)
-                return (0, shared_1.err)('NOT_FOUND');
-            this.cache.set(did, { entry, fetchedAt: Date.now() });
-            return (0, shared_1.ok)(entry);
-        }
-        catch {
-            return (0, shared_1.err)('NETWORK_ERROR');
-        }
-    }
-}
-exports.DidWebResolver = DidWebResolver;
-/**
- * Convert a did:web DID to its HTTPS URL.
- *   did:web:example.com -> https://example.com/.well-known/did.json
- *   did:web:example.com:path:to -> https://example.com/path/to/did.json
- * @param did - The did:web DID string.
- * @returns HTTPS URL or null if invalid.
- */
-function didWebToUrl(did) {
-    if (!did.startsWith('did:web:'))
-        return null;
-    const parts = did.slice('did:web:'.length).split(':');
-    if (parts.length === 0 || !parts[0])
-        return null;
-    const domain = decodeURIComponent(parts[0]);
-    if (parts.length === 1) {
-        return `https://${domain}/.well-known/did.json`;
-    }
-    const path = parts.slice(1).map(decodeURIComponent).join('/');
-    return `https://${domain}/${path}/did.json`;
-}
-/** Parse a DID document into a RegistryEntry. */
-function parseDidDocument(did, doc) {
-    if (!doc.verificationMethod || doc.verificationMethod.length === 0) {
-        return null;
-    }
-    const vm = doc.verificationMethod[0];
-    if (!vm)
-        return null;
-    let publicKey = null;
-    if (vm.publicKeyMultibase) {
-        publicKey = decodeMultibase(vm.publicKeyMultibase);
-    }
-    else if (vm.publicKeyBase64) {
-        publicKey = (0, crypto_1.fromBase64)(vm.publicKeyBase64);
-    }
-    if (!publicKey)
-        return null;
-    return {
-        did,
-        publicKey,
-        name: doc.xailName ?? did,
-        scopes: new Set(doc.xailScopes ?? []),
-        revoked: doc.deactivated === true,
-        rotation_sequence: 1, // DID documents don't track rotation, default to 1
-    };
-}
-/** Decode z-prefixed base58btc multibase to bytes. */
-function decodeMultibase(mb) {
-    if (!mb.startsWith('z'))
-        return null;
-    return base58Decode(mb.slice(1));
-}
-/** Base58 decode (Bitcoin alphabet). */
-function base58Decode(s) {
-    const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-    const BASE = BigInt(58);
-    let num = BigInt(0);
-    for (const char of s) {
-        const idx = ALPHABET.indexOf(char);
-        if (idx < 0)
-            return new Uint8Array(0);
-        num = num * BASE + BigInt(idx);
-    }
-    const hex = num.toString(16);
-    const padded = hex.length % 2 ? '0' + hex : hex;
-    const bytes = new Uint8Array(padded.length / 2);
-    for (let i = 0; i < bytes.length; i++) {
-        bytes[i] = parseInt(padded.slice(i * 2, i * 2 + 2), 16);
-    }
-    // Handle leading zeros (base58 "1" = 0x00)
-    let leadingZeros = 0;
-    for (const c of s) {
-        if (c === '1')
-            leadingZeros++;
-        else
-            break;
-    }
-    if (leadingZeros > 0) {
-        const result = new Uint8Array(leadingZeros + bytes.length);
-        result.set(bytes, leadingZeros);
-        return result;
-    }
-    return bytes;
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DidWebResolver=void 0,exports.didWebToUrl=didWebToUrl;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");class DidWebResolver{fetchFn;cacheTtlMs;cache=new Map;constructor(e){this.fetchFn=e?.fetch??globalThis.fetch.bind(globalThis),this.cacheTtlMs=e?.cacheTtlMs??3e5}async register(e,t,r,n,s){return(0,shared_1.err)("ALREADY_REGISTERED")}async resolve(e){const t=await this.fetchEntry(e);return t.ok?t.value.revoked?(0,shared_1.err)("REVOKED"):(0,shared_1.ok)(t.value.publicKey):t}async hasScope(e,t){const r=await this.fetchEntry(e);return!!r.ok&&r.value.scopes.has(t)}async hasReceiveScope(e,t){const r=await this.fetchEntry(e);return!!r.ok&&(!r.value.receiveScopes||r.value.receiveScopes.has(t))}async revoke(e){return(0,shared_1.err)("NOT_FOUND")}async getEntry(e){return this.fetchEntry(e)}get cacheSize(){return this.cache.size}async fetchEntry(e){const t=this.cache.get(e);if(t&&Date.now()-t.fetchedAt<this.cacheTtlMs)return(0,shared_1.ok)(t.entry);const r=didWebToUrl(e);if(!r)return(0,shared_1.err)("NOT_FOUND");try{const t=await this.fetchFn(r);if(!t.ok)return(0,shared_1.err)("NOT_FOUND");const n=parseDidDocument(e,await t.json());return n?(this.cache.set(e,{entry:n,fetchedAt:Date.now()}),(0,shared_1.ok)(n)):(0,shared_1.err)("NOT_FOUND")}catch{return(0,shared_1.err)("NETWORK_ERROR")}}}function didWebToUrl(e){if(!e.startsWith("did:web:"))return null;const t=e.slice(8).split(":");if(0===t.length||!t[0])return null;const r=decodeURIComponent(t[0]);if(1===t.length)return`https://${r}/.well-known/did.json`;return`https://${r}/${t.slice(1).map(decodeURIComponent).join("/")}/did.json`}function parseDidDocument(e,t){if(!t.verificationMethod||0===t.verificationMethod.length)return null;const r=t.verificationMethod[0];if(!r)return null;let n=null;return r.publicKeyMultibase?n=decodeMultibase(r.publicKeyMultibase):r.publicKeyBase64&&(n=(0,crypto_utils_js_1.fromBase64)(r.publicKeyBase64)),n?{did:e,publicKey:n,name:t.xailName??e,scopes:new Set(t.xailScopes??[]),revoked:!0===t.deactivated,rotation_sequence:1}:null}function decodeMultibase(e){return e.startsWith("z")?base58Decode(e.slice(1)):null}function base58Decode(e){const t=BigInt(58);let r=BigInt(0);for(const n of e){const e="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".indexOf(n);if(e<0)return new Uint8Array(0);r=r*t+BigInt(e)}const n=r.toString(16),s=n.length%2?"0"+n:n,i=new Uint8Array(s.length/2);for(let e=0;e<i.length;e++)i[e]=parseInt(s.slice(2*e,2*e+2),16);let c=0;for(const t of e){if("1"!==t)break;c++}if(c>0){const e=new Uint8Array(c+i.length);return e.set(i,c),e}return i}exports.DidWebResolver=DidWebResolver;