npm - @private.me/xbind - Versions diffs - 1.3.5 → 2.3.4 - Mend

@private.me/xbind 1.3.5 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -639
package/dist-standalone/_deps/shared/cjs/index.js +1 -496
package/dist-standalone/_deps/shared/cjs/types.js +1 -317
package/dist-standalone/_deps/shared/errors.js +1 -255
package/dist-standalone/_deps/shared/index.js +1 -74
package/dist-standalone/_deps/shared/types.js +1 -90
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -540
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -515
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +65 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -222
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -665
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -675
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -473
package/dist-standalone/_deps/crypto/cjs/index.js +0 -852
package/dist-standalone/_deps/crypto/cjs/package.json +0 -1
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -511
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -372
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -874
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -1021
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -443
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -414
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -923
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -199
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -134
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -145
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -159
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -92
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -295
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -364
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -136
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -71
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -366
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/cjs/invite.js CHANGED Viewed

@@ -1,328 +1 @@
-"use strict";
-/**
- * @module invite
- * Viral invite system for XBind connections.
- *
- * Enables one-click invites:
- * - Generate: `xbind invite payments-service`
- * - Accept: Click link or `xbind accept https://xbind.to/invite/abc123`
- *
- * The viral loop:
- * 1. Service A invites Service B
- * 2. Service B clicks link (< 60 sec setup)
- * 3. Connection established
- * 4. Service B invites Service C
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.InviteService = exports.InviteErrorCode = void 0;
-const shared_1 = require("../_deps/shared/index.js");
-/**
- * Invite error codes.
- */
-var InviteErrorCode;
-(function (InviteErrorCode) {
-    InviteErrorCode["INVALID_INVITE"] = "INVITE_INVALID";
-    InviteErrorCode["EXPIRED_INVITE"] = "INVITE_EXPIRED";
-    InviteErrorCode["INVITE_NOT_FOUND"] = "INVITE_NOT_FOUND";
-    InviteErrorCode["NETWORK_ERROR"] = "INVITE_NETWORK_ERROR";
-    InviteErrorCode["ALREADY_CONNECTED"] = "INVITE_ALREADY_CONNECTED";
-})(InviteErrorCode || (exports.InviteErrorCode = InviteErrorCode = {}));
-/**
- * Invite service for creating and accepting invites.
- */
-class InviteService {
-    inviteApiUrl;
-    /**
-     * Create invite service.
-     *
-     * @param options - Configuration
-     * @param options.inviteApiUrl - Invite API URL (default: https://xbind.to)
-     */
-    constructor(options = {}) {
-        this.inviteApiUrl = options.inviteApiUrl || 'https://xbind.to';
-    }
-    /**
-     * Create an invite.
-     *
-     * @param options - Invite options
-     * @param options.from - Sender service info
-     * @param options.target - Target service (optional)
-     * @param options.template - Suggested template (e.g., "payment-processing")
-     * @param options.permissions - Custom permissions
-     * @param options.expiresIn - Expiration in seconds (default: 7 days)
-     * @returns Invite or error
-     *
-     * @example
-     * ```ts
-     * const inviteService = new InviteService();
-     * const invite = await inviteService.create({
-     *   from: {
-     *     name: 'billing-service',
-     *     did: 'did:key:z6Mk...',
-     *     endpoint: 'https://billing.example.com',
-     *     publicKey: '...',
-     *   },
-     *   target: {
-     *     name: 'payments-service',
-     *   },
-     *   template: 'payment-processing',
-     * });
-     *
-     * // Share invite.value.url or invite.value.qr
-     * ```
-     */
-    async create(options) {
-        const expiresIn = options.expiresIn || 7 * 24 * 60 * 60; // 7 days
-        const expires = new Date(Date.now() + expiresIn * 1000).toISOString();
-        try {
-            const response = await fetch(`${this.inviteApiUrl}/invites/create`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify({
-                    from: {
-                        name: options.from.name,
-                        did: options.from.did,
-                        endpoint: options.from.endpoint,
-                        publicKey: options.from.publicKey,
-                        x25519PublicKey: options.from.x25519PublicKey,
-                        mlKemPublicKey: options.from.mlKemPublicKey,
-                    },
-                    to: options.target,
-                    template: options.template,
-                    permissions: options.permissions,
-                    expires,
-                }),
-            });
-            if (!response.ok) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.NETWORK_ERROR,
-                    message: `Failed to create invite: ${response.status}`,
-                });
-            }
-            const data = await response.json();
-            return (0, shared_1.ok)(data);
-        }
-        catch (error) {
-            return (0, shared_1.err)({
-                code: InviteErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Accept an invite.
-     *
-     * @param options - Accept options
-     * @param options.inviteUrl - Invite URL (e.g., https://xbind.to/invite/abc123)
-     * @param options.acceptor - Acceptor service info
-     * @returns Connection info or error
-     *
-     * @example
-     * ```ts
-     * const inviteService = new InviteService();
-     * const result = await inviteService.accept({
-     *   inviteUrl: 'https://xbind.to/invite/abc123',
-     *   acceptor: {
-     *     name: 'payments-service',
-     *     did: 'did:key:z6Mk...',
-     *     endpoint: 'https://payments.example.com',
-     *     publicKey: '...',
-     *   }
-     * });
-     *
-     * if (result.ok) {
-     *   console.log('Connected!');
-     * }
-     * ```
-     */
-    async accept(options) {
-        try {
-            // Extract invite ID from URL
-            const inviteId = this.extractInviteId(options.inviteUrl);
-            if (!inviteId) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.INVALID_INVITE,
-                    message: 'Invalid invite URL',
-                    hint: 'URL should be like: https://xbind.to/invite/abc123',
-                });
-            }
-            // Accept invite
-            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}/accept`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify({
-                    acceptor: {
-                        name: options.acceptor.name,
-                        did: options.acceptor.did,
-                        endpoint: options.acceptor.endpoint,
-                        publicKey: options.acceptor.publicKey,
-                        x25519PublicKey: options.acceptor.x25519PublicKey,
-                        mlKemPublicKey: options.acceptor.mlKemPublicKey,
-                    },
-                }),
-            });
-            if (response.status === 404) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.INVITE_NOT_FOUND,
-                    message: 'Invite not found or expired',
-                    hint: 'The invite may have been revoked or expired',
-                });
-            }
-            if (response.status === 410) {
-                const errorData = await response.json().catch(() => ({}));
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.EXPIRED_INVITE,
-                    message: errorData.message || 'Invite has expired',
-                    hint: errorData.hint || 'Ask the sender to create a new invite',
-                });
-            }
-            if (response.status === 409) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.ALREADY_CONNECTED,
-                    message: 'Services are already connected',
-                    hint: 'You are already connected to this service',
-                });
-            }
-            if (!response.ok) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.NETWORK_ERROR,
-                    message: `Failed to accept invite: ${response.status}`,
-                });
-            }
-            const data = await response.json();
-            return (0, shared_1.ok)(data);
-        }
-        catch (error) {
-            return (0, shared_1.err)({
-                code: InviteErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-                hint: 'Check your network connection and try again',
-            });
-        }
-    }
-    /**
-     * Get invite details without accepting.
-     *
-     * @param inviteUrl - Invite URL
-     * @returns Invite details or error
-     */
-    async get(inviteUrl) {
-        try {
-            const inviteId = this.extractInviteId(inviteUrl);
-            if (!inviteId) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.INVALID_INVITE,
-                    message: 'Invalid invite URL',
-                });
-            }
-            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}`, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (response.status === 404) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.INVITE_NOT_FOUND,
-                    message: 'Invite not found',
-                });
-            }
-            if (!response.ok) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.NETWORK_ERROR,
-                    message: `Failed to get invite: ${response.status}`,
-                });
-            }
-            const data = await response.json();
-            return (0, shared_1.ok)(data);
-        }
-        catch (error) {
-            return (0, shared_1.err)({
-                code: InviteErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Revoke an invite.
-     *
-     * @param inviteId - Invite ID to revoke
-     * @returns Success or error
-     *
-     * @example
-     * ```ts
-     * const inviteService = new InviteService();
-     * const result = await inviteService.revoke('inv_abc123');
-     *
-     * if (result.ok) {
-     *   console.log('Invite revoked');
-     * }
-     * ```
-     */
-    async revoke(inviteId) {
-        try {
-            const response = await fetch(`${this.inviteApiUrl}/invites/${inviteId}/revoke`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-            });
-            if (response.status === 404) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.INVITE_NOT_FOUND,
-                    message: 'Invite not found',
-                    hint: 'The invite may have already been revoked or expired',
-                });
-            }
-            if (!response.ok) {
-                return (0, shared_1.err)({
-                    code: InviteErrorCode.NETWORK_ERROR,
-                    message: `Failed to revoke invite: ${response.status}`,
-                });
-            }
-            const data = await response.json();
-            return (0, shared_1.ok)(data);
-        }
-        catch (error) {
-            return (0, shared_1.err)({
-                code: InviteErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Extract invite ID from URL.
-     *
-     * @param url - Invite URL
-     * @returns Invite ID or null
-     *
-     * @example
-     * ```ts
-     * extractInviteId('https://xbind.to/invite/abc123') // 'abc123'
-     * extractInviteId('https://xbind.to/billing/invite/xyz') // 'xyz'
-     * ```
-     */
-    extractInviteId(url) {
-        try {
-            const parsed = new URL(url);
-            const segments = parsed.pathname.split('/').filter(s => s.length > 0);
-            // Look for 'invite' segment followed by ID
-            const inviteIndex = segments.indexOf('invite');
-            if (inviteIndex !== -1 && segments[inviteIndex + 1]) {
-                return segments[inviteIndex + 1] ?? null;
-            }
-            // Fallback: last segment
-            if (segments.length > 0) {
-                return segments[segments.length - 1] ?? null;
-            }
-            return null;
-        }
-        catch {
-            return null;
-        }
-    }
-}
-exports.InviteService = InviteService;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.InviteService=exports.InviteErrorCode=void 0;const shared_1=require("../_deps/shared/index.js");var InviteErrorCode;!function(e){e.INVALID_INVITE="INVITE_INVALID",e.EXPIRED_INVITE="INVITE_EXPIRED",e.INVITE_NOT_FOUND="INVITE_NOT_FOUND",e.NETWORK_ERROR="INVITE_NETWORK_ERROR",e.ALREADY_CONNECTED="INVITE_ALREADY_CONNECTED"}(InviteErrorCode||(exports.InviteErrorCode=InviteErrorCode={}));class InviteService{inviteApiUrl;constructor(e={}){this.inviteApiUrl=e.inviteApiUrl||"https://xbind.to"}async create(e){const r=e.expiresIn||604800,t=new Date(Date.now()+1e3*r).toISOString();try{const r=await fetch(`${this.inviteApiUrl}/invites/create`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({from:{name:e.from.name,did:e.from.did,endpoint:e.from.endpoint,publicKey:e.from.publicKey,x25519PublicKey:e.from.x25519PublicKey,mlKemPublicKey:e.from.mlKemPublicKey},to:e.target,template:e.template,permissions:e.permissions,expires:t})});if(!r.ok)return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:`Failed to create invite: ${r.status}`});const i=await r.json();return(0,shared_1.ok)(i)}catch(e){return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async accept(e){try{const r=this.extractInviteId(e.inviteUrl);if(!r)return(0,shared_1.err)({code:InviteErrorCode.INVALID_INVITE,message:"Invalid invite URL",hint:"URL should be like: https://xbind.to/invite/abc123"});const t=await fetch(`${this.inviteApiUrl}/invites/${r}/accept`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({acceptor:{name:e.acceptor.name,did:e.acceptor.did,endpoint:e.acceptor.endpoint,publicKey:e.acceptor.publicKey,x25519PublicKey:e.acceptor.x25519PublicKey,mlKemPublicKey:e.acceptor.mlKemPublicKey}})});if(404===t.status)return(0,shared_1.err)({code:InviteErrorCode.INVITE_NOT_FOUND,message:"Invite not found or expired",hint:"The invite may have been revoked or expired"});if(410===t.status){const e=await t.json().catch(()=>({}));return(0,shared_1.err)({code:InviteErrorCode.EXPIRED_INVITE,message:e.message||"Invite has expired",hint:e.hint||"Ask the sender to create a new invite"})}if(409===t.status)return(0,shared_1.err)({code:InviteErrorCode.ALREADY_CONNECTED,message:"Services are already connected",hint:"You are already connected to this service"});if(!t.ok)return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:`Failed to accept invite: ${t.status}`});const i=await t.json();return(0,shared_1.ok)(i)}catch(e){return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error",hint:"Check your network connection and try again"})}}async get(e){try{const r=this.extractInviteId(e);if(!r)return(0,shared_1.err)({code:InviteErrorCode.INVALID_INVITE,message:"Invalid invite URL"});const t=await fetch(`${this.inviteApiUrl}/invites/${r}`,{headers:{Accept:"application/json"}});if(404===t.status)return(0,shared_1.err)({code:InviteErrorCode.INVITE_NOT_FOUND,message:"Invite not found"});if(!t.ok)return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:`Failed to get invite: ${t.status}`});const i=await t.json();return(0,shared_1.ok)(i)}catch(e){return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async revoke(e){try{const r=await fetch(`${this.inviteApiUrl}/invites/${e}/revoke`,{method:"POST",headers:{"Content-Type":"application/json"}});if(404===r.status)return(0,shared_1.err)({code:InviteErrorCode.INVITE_NOT_FOUND,message:"Invite not found",hint:"The invite may have already been revoked or expired"});if(!r.ok)return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:`Failed to revoke invite: ${r.status}`});const t=await r.json();return(0,shared_1.ok)(t)}catch(e){return(0,shared_1.err)({code:InviteErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}extractInviteId(e){try{const r=new URL(e).pathname.split("/").filter(e=>e.length>0),t=r.indexOf("invite");return-1!==t&&r[t+1]?r[t+1]??null:r.length>0?r[r.length-1]??null:null}catch{return null}}}exports.InviteService=InviteService;

package/dist-standalone/cjs/key-agreement.js CHANGED Viewed

@@ -1,246 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateEphemeralKeyPair = generateEphemeralKeyPair;
-exports.importX25519PublicKey = importX25519PublicKey;
-exports.deriveSharedKeyECDH = deriveSharedKeyECDH;
-exports.senderKeyAgreement = senderKeyAgreement;
-exports.receiverKeyAgreement = receiverKeyAgreement;
-exports.combineSharedSecrets = combineSharedSecrets;
-exports.senderHybridKeyAgreement = senderHybridKeyAgreement;
-exports.receiverHybridKeyAgreement = receiverHybridKeyAgreement;
-const shared_1 = require("../_deps/shared/index.js");
-const mlkem_1 = require("mlkem");
-/* -- Constants -- */
-const X25519_RAW_KEY_BYTES = 32;
-const AES_KEY_BITS = 256;
-/* -- Helpers -- */
-/** Copy Uint8Array to fresh ArrayBuffer. */
-function toArrayBuffer(data) {
-    const buf = new ArrayBuffer(data.byteLength);
-    new Uint8Array(buf).set(data);
-    return buf;
-}
-/* -- Key Generation -- */
-/**
- * Generate an ephemeral X25519 key pair for ECDH key agreement.
- *
- * Uses Web Crypto API to generate a fresh X25519 key pair.
- * The key pair is ephemeral -- it should be used for a single
- * key agreement and then discarded.
- *
- * @returns Result containing the ephemeral key pair or error.
- */
-async function generateEphemeralKeyPair() {
-    try {
-        // SAFETY: X25519 generateKey always returns CryptoKeyPair
-        const keyPair = await crypto.subtle.generateKey({ name: 'X25519' }, true, ['deriveBits']);
-        const rawPub = new Uint8Array(await crypto.subtle.exportKey('raw', keyPair.publicKey));
-        return (0, shared_1.ok)({
-            privateKey: keyPair.privateKey,
-            publicKey: keyPair.publicKey,
-            rawPublicKey: rawPub,
-        });
-    }
-    catch {
-        return (0, shared_1.err)('KEYGEN_FAILED');
-    }
-}
-/* -- Key Import -- */
-/**
- * Import a raw 32-byte X25519 public key into a CryptoKey.
- *
- * Used by the receiver to import the sender's ephemeral public
- * key from the envelope for ECDH derivation.
- *
- * @param rawPublicKey - Raw 32-byte X25519 public key.
- * @returns Result containing the imported CryptoKey or error.
- */
-async function importX25519PublicKey(rawPublicKey) {
-    if (rawPublicKey.length !== X25519_RAW_KEY_BYTES) {
-        return (0, shared_1.err)('INVALID_KEY_LENGTH:EXPECTED_32');
-    }
-    try {
-        const key = await crypto.subtle.importKey('raw', toArrayBuffer(rawPublicKey), { name: 'X25519' }, true, []);
-        return (0, shared_1.ok)(key);
-    }
-    catch {
-        return (0, shared_1.err)('IMPORT_FAILED');
-    }
-}
-/* -- ECDH Key Derivation -- */
-/**
- * Derive a shared AES-256-GCM key via X25519 ECDH.
- *
- * Performs ECDH key agreement between a local private key and a
- * remote public key, producing 256 bits of shared secret that
- * are imported as an AES-256-GCM key.
- *
- * @param localPrivateKey - Local X25519 private key.
- * @param remotePublicKey - Remote X25519 public key (CryptoKey).
- * @returns Result containing the derived AES-256-GCM key or error.
- */
-async function deriveSharedKeyECDH(localPrivateKey, remotePublicKey) {
-    try {
-        const sharedBits = await crypto.subtle.deriveBits({ name: 'X25519', public: remotePublicKey }, localPrivateKey, AES_KEY_BITS);
-        const aesKey = await crypto.subtle.importKey('raw', sharedBits, { name: 'AES-GCM', length: AES_KEY_BITS }, false, ['encrypt', 'decrypt']);
-        return (0, shared_1.ok)(aesKey);
-    }
-    catch {
-        return (0, shared_1.err)('DERIVE_FAILED');
-    }
-}
-/* -- High-Level API -- */
-/**
- * Perform sender-side ECDH key agreement.
- *
- * Generates an ephemeral X25519 key pair, derives a shared key
- * with the recipient's static X25519 public key, and returns
- * both the shared key and the ephemeral public key to include
- * in the envelope.
- *
- * @param recipientX25519PubKey - Recipient's static X25519 public key.
- * @returns Result containing the key agreement result or error.
- */
-async function senderKeyAgreement(recipientX25519PubKey) {
-    const ephemeral = await generateEphemeralKeyPair();
-    if (!ephemeral.ok)
-        return ephemeral;
-    const shared = await deriveSharedKeyECDH(ephemeral.value.privateKey, recipientX25519PubKey);
-    if (!shared.ok)
-        return shared;
-    return (0, shared_1.ok)({
-        sharedKey: shared.value,
-        ephemeralPublicKey: ephemeral.value.rawPublicKey,
-    });
-}
-/**
- * Perform receiver-side ECDH key agreement.
- *
- * Imports the sender's ephemeral public key from the envelope
- * and derives the shared key using the receiver's static X25519
- * private key.
- *
- * @param receiverPrivateKey - Receiver's static X25519 private key.
- * @param senderEphemeralPubRaw - Sender's ephemeral public key (raw bytes).
- * @returns Result containing the derived AES-256-GCM key or error.
- */
-async function receiverKeyAgreement(receiverPrivateKey, senderEphemeralPubRaw) {
-    const imported = await importX25519PublicKey(senderEphemeralPubRaw);
-    if (!imported.ok)
-        return imported;
-    return deriveSharedKeyECDH(receiverPrivateKey, imported.value);
-}
-/* -- Hybrid Key Agreement (X25519 + ML-KEM-768) -- */
-const HYBRID_HKDF_INFO = 'xail-hybrid-kem-v2';
-/**
- * Combine X25519 and ML-KEM shared secrets via HKDF-SHA256.
- *
- * Concatenates 32B X25519 + 32B ML-KEM shared secrets, runs HKDF
- * with zero salt and 'xail-hybrid-kem-v2' info, outputs 256-bit AES key.
- * Secure as long as either X25519 OR ML-KEM remains unbroken.
- *
- * @param x25519Shared - 32-byte raw X25519 ECDH shared bits.
- * @param mlKemShared - 32-byte ML-KEM-768 shared secret.
- * @returns AES-256-GCM CryptoKey derived from both secrets.
- */
-async function combineSharedSecrets(x25519Shared, mlKemShared) {
-    try {
-        const combined = new Uint8Array(x25519Shared.length + mlKemShared.length);
-        combined.set(x25519Shared);
-        combined.set(mlKemShared, x25519Shared.length);
-        const baseKey = await crypto.subtle.importKey('raw', toArrayBuffer(combined), 'HKDF', false, ['deriveBits']);
-        const derived = await crypto.subtle.deriveBits({
-            name: 'HKDF',
-            hash: 'SHA-256',
-            salt: new Uint8Array(32),
-            info: new TextEncoder().encode(HYBRID_HKDF_INFO),
-        }, baseKey, AES_KEY_BITS);
-        const aesKey = await crypto.subtle.importKey('raw', derived, { name: 'AES-GCM', length: AES_KEY_BITS }, false, ['encrypt', 'decrypt']);
-        return (0, shared_1.ok)(aesKey);
-    }
-    catch {
-        return (0, shared_1.err)('HKDF_FAILED');
-    }
-}
-/**
- * Perform sender-side hybrid key agreement (X25519 + ML-KEM-768).
- *
- * 1. Generate ephemeral X25519, ECDH → x25519SharedBits
- * 2. ML-KEM-768 encapsulate → kemCiphertext + mlKemShared
- * 3. HKDF(x25519Shared || mlKemShared) → AES-256-GCM key
- *
- * @param recipientX25519Pub - Recipient's static X25519 public key.
- * @param recipientMlKemPub - Recipient's ML-KEM-768 public key (1184B).
- * @returns Hybrid key agreement result with shared key, ephemeral pub, and KEM ciphertext.
- */
-async function senderHybridKeyAgreement(recipientX25519Pub, recipientMlKemPub) {
-    // Step 1: Ephemeral X25519 ECDH
-    const ephemeral = await generateEphemeralKeyPair();
-    if (!ephemeral.ok)
-        return ephemeral;
-    let x25519Shared;
-    try {
-        x25519Shared = new Uint8Array(await crypto.subtle.deriveBits({ name: 'X25519', public: recipientX25519Pub }, ephemeral.value.privateKey, AES_KEY_BITS));
-    }
-    catch {
-        return (0, shared_1.err)('DERIVE_FAILED');
-    }
-    // Step 2: ML-KEM-768 encapsulate
-    let kemCipherText;
-    let kemSharedSecret;
-    try {
-        const mlkem = new mlkem_1.MlKem768();
-        const [cipherText, sharedSecret] = await mlkem.encap(recipientMlKemPub);
-        kemCipherText = cipherText;
-        kemSharedSecret = sharedSecret;
-    }
-    catch {
-        return (0, shared_1.err)('KEM_ENCAPSULATE_FAILED');
-    }
-    // Step 3: Combine via HKDF
-    const combined = await combineSharedSecrets(x25519Shared, kemSharedSecret);
-    if (!combined.ok)
-        return combined;
-    return (0, shared_1.ok)({
-        sharedKey: combined.value,
-        ephemeralPublicKey: ephemeral.value.rawPublicKey,
-        kemCiphertext: kemCipherText,
-    });
-}
-/**
- * Perform receiver-side hybrid key agreement (X25519 + ML-KEM-768).
- *
- * 1. Import ephemeral X25519, ECDH → x25519SharedBits
- * 2. ML-KEM-768 decapsulate → mlKemShared
- * 3. HKDF(x25519Shared || mlKemShared) → same AES-256-GCM key
- *
- * @param x25519PrivateKey - Receiver's static X25519 private key.
- * @param ephPubRaw - Sender's ephemeral X25519 public key (32B).
- * @param kemCiphertext - ML-KEM-768 ciphertext from sender (1088B).
- * @param mlKemSecretKey - Receiver's ML-KEM-768 secret key (2400B).
- * @returns AES-256-GCM shared key or error.
- */
-async function receiverHybridKeyAgreement(x25519PrivateKey, ephPubRaw, kemCiphertext, mlKemSecretKey) {
-    // Step 1: X25519 ECDH
-    const imported = await importX25519PublicKey(ephPubRaw);
-    if (!imported.ok)
-        return imported;
-    let x25519Shared;
-    try {
-        x25519Shared = new Uint8Array(await crypto.subtle.deriveBits({ name: 'X25519', public: imported.value }, x25519PrivateKey, AES_KEY_BITS));
-    }
-    catch {
-        return (0, shared_1.err)('DERIVE_FAILED');
-    }
-    // Step 2: ML-KEM-768 decapsulate
-    let mlKemShared;
-    try {
-        const mlkem = new mlkem_1.MlKem768();
-        mlKemShared = await mlkem.decap(kemCiphertext, mlKemSecretKey);
-    }
-    catch {
-        return (0, shared_1.err)('KEM_DECAPSULATE_FAILED');
-    }
-    // Step 3: Combine via HKDF
-    return combineSharedSecrets(x25519Shared, mlKemShared);
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.generateEphemeralKeyPair=generateEphemeralKeyPair,exports.importX25519PublicKey=importX25519PublicKey,exports.deriveSharedKeyECDH=deriveSharedKeyECDH,exports.senderKeyAgreement=senderKeyAgreement,exports.receiverKeyAgreement=receiverKeyAgreement,exports.combineSharedSecrets=combineSharedSecrets,exports.senderHybridKeyAgreement=senderHybridKeyAgreement,exports.receiverHybridKeyAgreement=receiverHybridKeyAgreement;const shared_1=require("../_deps/shared/index.js"),mlkem_1=require("mlkem"),X25519_RAW_KEY_BYTES=32,AES_KEY_BITS=256;function toArrayBuffer(e){const r=new ArrayBuffer(e.byteLength);return new Uint8Array(r).set(e),r}async function generateEphemeralKeyPair(){try{const e=await crypto.subtle.generateKey({name:"X25519"},!0,["deriveBits"]),r=new Uint8Array(await crypto.subtle.exportKey("raw",e.publicKey));return(0,shared_1.ok)({privateKey:e.privateKey,publicKey:e.publicKey,rawPublicKey:r})}catch{return(0,shared_1.err)("KEYGEN_FAILED")}}async function importX25519PublicKey(e){if(e.length!==X25519_RAW_KEY_BYTES)return(0,shared_1.err)("INVALID_KEY_LENGTH:EXPECTED_32");try{const r=await crypto.subtle.importKey("raw",toArrayBuffer(e),{name:"X25519"},!0,[]);return(0,shared_1.ok)(r)}catch{return(0,shared_1.err)("IMPORT_FAILED")}}async function deriveSharedKeyECDH(e,r){try{const t=await crypto.subtle.deriveBits({name:"X25519",public:r},e,AES_KEY_BITS),a=await crypto.subtle.importKey("raw",t,{name:"AES-GCM",length:AES_KEY_BITS},!1,["encrypt","decrypt"]);return(0,shared_1.ok)(a)}catch{return(0,shared_1.err)("DERIVE_FAILED")}}async function senderKeyAgreement(e){const r=await generateEphemeralKeyPair();if(!r.ok)return r;const t=await deriveSharedKeyECDH(r.value.privateKey,e);return t.ok?(0,shared_1.ok)({sharedKey:t.value,ephemeralPublicKey:r.value.rawPublicKey}):t}async function receiverKeyAgreement(e,r){const t=await importX25519PublicKey(r);return t.ok?deriveSharedKeyECDH(e,t.value):t}const HYBRID_HKDF_INFO="xail-hybrid-kem-v2";async function combineSharedSecrets(e,r,t,a,n,i){try{const c=e.length+r.length+t.length+a.length+n.length+i.length,y=new Uint8Array(c);let s=0;y.set(e,s),s+=e.length,y.set(r,s),s+=r.length,y.set(t,s),s+=t.length,y.set(a,s),s+=a.length,y.set(n,s),s+=n.length,y.set(i,s);const o=(new TextEncoder).encode("XWingKEM"),u=await crypto.subtle.importKey("raw",toArrayBuffer(y),"HKDF",!1,["deriveBits"]),l=await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:o,info:(new TextEncoder).encode(HYBRID_HKDF_INFO)},u,AES_KEY_BITS),K=await crypto.subtle.importKey("raw",l,{name:"AES-GCM",length:AES_KEY_BITS},!1,["encrypt","decrypt"]);return(0,shared_1.ok)(K)}catch{return(0,shared_1.err)("HKDF_FAILED")}}async function senderHybridKeyAgreement(e,r){const t=await generateEphemeralKeyPair();if(!t.ok)return t;let a,n,i,c;try{a=new Uint8Array(await crypto.subtle.deriveBits({name:"X25519",public:e},t.value.privateKey,AES_KEY_BITS))}catch{return(0,shared_1.err)("DERIVE_FAILED")}try{const e=await(0,mlkem_1.createMlKem768)(),[t,a]=e.encap(r);n=t,i=a}catch{return(0,shared_1.err)("KEM_ENCAPSULATE_FAILED")}try{const r=await crypto.subtle.exportKey("raw",e);c=new Uint8Array(r)}catch{return(0,shared_1.err)("EXPORT_KEY_FAILED")}const y=await combineSharedSecrets(i,n,a,t.value.rawPublicKey,c,r);return y.ok?(0,shared_1.ok)({sharedKey:y.value,ephemeralPublicKey:t.value.rawPublicKey,kemCiphertext:n}):y}async function receiverHybridKeyAgreement(e,r,t,a,n,i){const c=await importX25519PublicKey(t);if(!c.ok)return c;let y,s;try{y=new Uint8Array(await crypto.subtle.deriveBits({name:"X25519",public:c.value},e,AES_KEY_BITS))}catch{return(0,shared_1.err)("DERIVE_FAILED")}try{s=(await(0,mlkem_1.createMlKem768)()).decap(a,n)}catch{return(0,shared_1.err)("KEM_DECAPSULATE_FAILED")}return combineSharedSecrets(s,a,y,t,r,i)}