npm - @private.me/xbind - Versions diffs - 1.3.5 → 3.0.0 - Mend

@private.me/xbind 1.3.5 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -639
package/dist-standalone/_deps/shared/cjs/index.js +1 -496
package/dist-standalone/_deps/shared/cjs/types.js +1 -317
package/dist-standalone/_deps/shared/errors.js +1 -255
package/dist-standalone/_deps/shared/index.js +1 -74
package/dist-standalone/_deps/shared/types.js +1 -90
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -540
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -515
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +65 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -222
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -665
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -675
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -473
package/dist-standalone/_deps/crypto/cjs/index.js +0 -852
package/dist-standalone/_deps/crypto/cjs/package.json +0 -1
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -511
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -372
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -874
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -1021
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -443
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -414
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -923
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -199
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -134
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -145
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -159
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -92
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -295
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -364
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -136
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -71
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -366
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/agent-sdk.js CHANGED Viewed

@@ -1,328 +1 @@
-/**
- * @module agent-sdk
- * Agent builder wrapper for AI-first interface
- *
- * Provides simplified agent creation with ephemeral identities,
- * policy constraints, and automatic lifecycle management.
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { generateIdentity, identityFromSeed } from './identity.js';
-import { call } from './agent-call.js';
-import { AgentError, AgentErrorCode } from './agent-call.js';
-import { getGlobalPolicyEngine } from './policy.js';
-/**
- * Agent builder - AI-first wrapper for xBind agent creation
- *
- * Provides high-level API for creating agents with automatic
- * identity management, policy enforcement, and lifecycle cleanup.
- *
- * This is the simplified xBind agent builder for AI agents. For full
- * transport-level control, use the Agent class from './agent.js'.
- *
- * @example
- * ```typescript
- * // Create ephemeral agent (auto-cleanup after 1 hour)
- * const agent = await AgentBuilder.create({
- *   name: "invoice-agent",
- *   policy: {
- *     allowedTools: ["payments:createCharge", "payments:refund"],
- *     limits: {
- *       amountPerTxn: 1000,
- *       dailyAmount: 10000
- *     }
- *   }
- * });
- *
- * // Use agent to call tools
- * const result = await agent.call("payments:createCharge", {
- *   amount: 100,
- *   currency: "USD"
- * });
- * ```
- */
-export class AgentBuilder {
-    /** Agent identity (cryptographic keys + DID) */
-    _identity;
-    /** Agent metadata */
-    _metadata;
-    /** Policy constraints (optional) */
-    _policy;
-    /**
-     * Create a new AgentBuilder instance.
-     *
-     * @param identity - Agent identity
-     * @param metadata - Agent metadata
-     * @param policy - Optional policy constraints
-     */
-    constructor(identity, metadata, policy) {
-        this._identity = identity;
-        this._metadata = metadata;
-        this._policy = policy;
-    }
-    /**
-     * Agent DID (decentralized identifier).
-     */
-    get did() {
-        return this._identity.did;
-    }
-    /**
-     * Agent name.
-     */
-    get name() {
-        return this._metadata.name;
-    }
-    /**
-     * Creation timestamp (milliseconds since epoch).
-     */
-    get created() {
-        return this._metadata.created;
-    }
-    /**
-     * Identity mode ('ephemeral' or 'persistent').
-     */
-    get identityMode() {
-        return this._metadata.identityMode;
-    }
-    /**
-     * Time-to-live for ephemeral agents (milliseconds).
-     * Returns undefined for persistent agents.
-     */
-    get ttl() {
-        return this._metadata.ttl;
-    }
-    /**
-     * Time remaining until auto-cleanup (milliseconds).
-     * Returns undefined for persistent agents or if already expired.
-     */
-    get timeRemaining() {
-        if (!this._metadata.ttl)
-            return undefined;
-        const elapsed = Date.now() - this._metadata.created;
-        const remaining = this._metadata.ttl - elapsed;
-        return remaining > 0 ? remaining : 0;
-    }
-    /**
-     * Create a new agent instance.
-     *
-     * @param options - Agent creation options
-     * @returns AgentBuilder instance or error
-     *
-     * @example
-     * ```typescript
-     * // Ephemeral agent (default)
-     * const agent = await AgentBuilder.create({
-     *   name: "task-agent",
-     *   policy: {
-     *     allowedTools: ["slack:sendMessage"],
-     *     limits: { callsPerMinute: 10 }
-     *   }
-     * });
-     * ```
-     *
-     * @example
-     * ```typescript
-     * // Persistent agent from seed
-     * const seed = new Uint8Array(32);
-     * crypto.getRandomValues(seed);
-     *
-     * const agent = await AgentBuilder.create({
-     *   name: "persistent-agent",
-     *   identity: seed, // Deterministic DID
-     * });
-     * ```
-     */
-    static async create(options) {
-        try {
-            // Determine identity mode
-            let identity;
-            let identityMode;
-            if (!options.identity || options.identity === 'ephemeral') {
-                // Generate ephemeral identity
-                const idResult = await generateIdentity();
-                if (!idResult.ok) {
-                    return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED, 'Failed to generate ephemeral identity', { cause: idResult.error }));
-                }
-                identity = idResult.value;
-                identityMode = 'ephemeral';
-            }
-            else if (options.identity === 'persistent') {
-                // Generate persistent identity
-                const idResult = await generateIdentity();
-                if (!idResult.ok) {
-                    return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED, 'Failed to generate persistent identity', { cause: idResult.error }));
-                }
-                identity = idResult.value;
-                identityMode = 'persistent';
-            }
-            else if (options.identity instanceof Uint8Array) {
-                // Deterministic identity from seed
-                if (options.identity.length !== 32) {
-                    return err(new AgentError(AgentErrorCode.INVALID_PARAMS, 'Identity seed must be exactly 32 bytes', { seedLength: options.identity.length }));
-                }
-                const idResult = await identityFromSeed(options.identity);
-                if (!idResult.ok) {
-                    return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED, 'Failed to derive identity from seed', { cause: idResult.error }));
-                }
-                identity = idResult.value;
-                identityMode = 'persistent';
-            }
-            else {
-                // Use provided AgentIdentity
-                identity = options.identity;
-                identityMode = 'persistent';
-            }
-            // Create metadata
-            const metadata = {
-                name: options.name,
-                did: identity.did,
-                created: Date.now(),
-                identityMode,
-                ttl: identityMode === 'ephemeral' ? (options.ttl ?? 3600000) : undefined,
-            };
-            // Create agent instance
-            const agent = new AgentBuilder(identity, metadata, options.policy);
-            // Setup auto-cleanup for ephemeral agents
-            if (identityMode === 'ephemeral' && metadata.ttl) {
-                metadata.cleanupTimer = setTimeout(() => {
-                    agent.cleanup();
-                }, metadata.ttl);
-            }
-            return ok(agent);
-        }
-        catch (error) {
-            return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED, error instanceof Error ? error.message : 'Unknown error during agent creation', { originalError: error }));
-        }
-    }
-    /**
-     * Call a tool/service via xBind.
-     *
-     * This method wraps agent-call.ts call() function with agent context
-     * and enforces policy constraints defined during agent creation.
-     *
-     * @param tool - Tool alias (e.g., "stripe:createCharge")
-     * @param params - Parameters to pass to the tool
-     * @param options - Optional call options (overrides agent policy)
-     * @returns Result with response data and audit receipt, or error
-     *
-     * @example
-     * ```typescript
-     * const result = await agent.call("payments:createCharge", {
-     *   amount: 100,
-     *   currency: "USD"
-     * });
-     *
-     * if (!result.ok) {
-     *   console.error(`Payment failed: ${result.error.message}`);
-     *   return;
-     * }
-     *
-     * console.log(`Charge created: ${result.value.data.id}`);
-     * console.log(`Audit: ${result.value.audit.timestamp}`);
-     * ```
-     */
-    async call(tool, params, options) {
-        // Merge agent policy with call-specific options
-        const callOptions = {
-            ...options,
-            policy: this._policy ? {
-                ...this._policy,
-                ...options?.policy,
-                // Merge allowed tools arrays
-                allowedTools: options?.policy?.allowedTools
-                    ? [...(this._policy.allowedTools || []), ...options.policy.allowedTools]
-                    : this._policy.allowedTools,
-                // Merge scopes arrays
-                scopes: options?.policy?.scopes
-                    ? [...(this._policy.scopes || []), ...options.policy.scopes]
-                    : this._policy.scopes,
-                // Take minimum of limits (most restrictive)
-                limits: {
-                    amountPerTxn: Math.min(this._policy.limits?.amountPerTxn ?? Infinity, options?.policy?.limits?.amountPerTxn ?? Infinity) === Infinity ? undefined : Math.min(this._policy.limits?.amountPerTxn ?? Infinity, options?.policy?.limits?.amountPerTxn ?? Infinity),
-                    dailyAmount: Math.min(this._policy.limits?.dailyAmount ?? Infinity, options?.policy?.limits?.dailyAmount ?? Infinity) === Infinity ? undefined : Math.min(this._policy.limits?.dailyAmount ?? Infinity, options?.policy?.limits?.dailyAmount ?? Infinity),
-                    callsPerMinute: Math.min(this._policy.limits?.callsPerMinute ?? Infinity, options?.policy?.limits?.callsPerMinute ?? Infinity) === Infinity ? undefined : Math.min(this._policy.limits?.callsPerMinute ?? Infinity, options?.policy?.limits?.callsPerMinute ?? Infinity),
-                },
-            } : options?.policy,
-        };
-        // Delegate to agent-call.ts call() function
-        const result = await call(tool, params, callOptions);
-        // Record successful call for rate limiting
-        if (result.ok) {
-            const policyEngine = getGlobalPolicyEngine();
-            policyEngine.recordCall(this.did);
-            // Record spending if amount is in params
-            if (typeof params === 'object' && params !== null) {
-                const obj = params;
-                const amount = obj.amount ?? obj.value ?? obj.price ?? obj.total;
-                if (typeof amount === 'number') {
-                    policyEngine.recordSpending(this.did, amount);
-                }
-            }
-        }
-        return result;
-    }
-    /**
-     * Cleanup agent resources.
-     *
-     * For ephemeral agents, this clears the cleanup timer and marks
-     * the agent as cleaned up. For persistent agents, this is a no-op.
-     *
-     * This method is called automatically when TTL expires for ephemeral agents.
-     */
-    cleanup() {
-        if (this._metadata.cleanupTimer) {
-            clearTimeout(this._metadata.cleanupTimer);
-            this._metadata.cleanupTimer = undefined;
-        }
-        // Reset policy engine state for this agent
-        const policyEngine = getGlobalPolicyEngine();
-        policyEngine.reset(this.did);
-    }
-    /**
-     * Extend TTL for ephemeral agents.
-     *
-     * @param additionalTime - Additional time in milliseconds
-     * @returns true if extended, false if not an ephemeral agent
-     *
-     * @example
-     * ```typescript
-     * // Extend by 30 minutes
-     * agent.extendTTL(30 * 60 * 1000);
-     * ```
-     */
-    extendTTL(additionalTime) {
-        if (this._metadata.identityMode !== 'ephemeral' || !this._metadata.ttl) {
-            return false;
-        }
-        // Clear existing timer
-        if (this._metadata.cleanupTimer) {
-            clearTimeout(this._metadata.cleanupTimer);
-        }
-        // Calculate new TTL (extend the total TTL, not just remaining time)
-        const elapsed = Date.now() - this._metadata.created;
-        const currentRemaining = this._metadata.ttl - elapsed;
-        const newRemaining = currentRemaining + additionalTime;
-        // Update the TTL to reflect the extension
-        // SAFETY: We're modifying metadata which is intentionally mutable for lifecycle management
-        this._metadata.ttl = this._metadata.ttl + additionalTime;
-        // Setup new timer
-        this._metadata.cleanupTimer = setTimeout(() => {
-            this.cleanup();
-        }, newRemaining);
-        return true;
-    }
-    /**
-     * Convert agent to JSON-serializable format.
-     *
-     * @returns Agent metadata (without private keys)
-     */
-    toJSON() {
-        return {
-            name: this.name,
-            did: this.did,
-            created: this.created,
-            identityMode: this.identityMode,
-            ttl: this.ttl,
-            timeRemaining: this.timeRemaining,
-        };
-    }
-}
+import{ok,err}from"./_deps/shared/index.js";import{generateIdentity,identityFromSeed}from"./identity.js";import{call}from"./agent-call.js";import{AgentError,AgentErrorCode}from"./agent-call.js";import{getGlobalPolicyEngine}from"./policy.js";export class AgentBuilder{_identity;_metadata;_policy;constructor(t,e,i){this._identity=t,this._metadata=e,this._policy=i}get did(){return this._identity.did}get name(){return this._metadata.name}get created(){return this._metadata.created}get identityMode(){return this._metadata.identityMode}get ttl(){return this._metadata.ttl}get timeRemaining(){if(!this._metadata.ttl)return;const t=Date.now()-this._metadata.created,e=this._metadata.ttl-t;return e>0?e:0}static async create(t){try{let e,i;if(t.identity&&"ephemeral"!==t.identity)if("persistent"===t.identity){const t=await generateIdentity();if(!t.ok)return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED,"Failed to generate persistent identity",{cause:t.error}));e=t.value,i="persistent"}else if(t.identity instanceof Uint8Array){if(32!==t.identity.length)return err(new AgentError(AgentErrorCode.INVALID_PARAMS,"Identity seed must be exactly 32 bytes",{seedLength:t.identity.length}));const a=await identityFromSeed(t.identity);if(!a.ok)return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED,"Failed to derive identity from seed",{cause:a.error}));e=a.value,i="persistent"}else e=t.identity,i="persistent";else{const t=await generateIdentity();if(!t.ok)return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED,"Failed to generate ephemeral identity",{cause:t.error}));e=t.value,i="ephemeral"}const a={name:t.name,did:e.did,created:Date.now(),identityMode:i,ttl:"ephemeral"===i?t.ttl??36e5:void 0},r=new AgentBuilder(e,a,t.policy);return"ephemeral"===i&&a.ttl&&(a.cleanupTimer=setTimeout(()=>{r.cleanup()},a.ttl)),ok(r)}catch(t){return err(new AgentError(AgentErrorCode.AUTHENTICATION_FAILED,t instanceof Error?t.message:"Unknown error during agent creation",{originalError:t}))}}async call(t,e,i){const a={...i,policy:this._policy?{...this._policy,...i?.policy,allowedTools:i?.policy?.allowedTools?[...this._policy.allowedTools||[],...i.policy.allowedTools]:this._policy.allowedTools,scopes:i?.policy?.scopes?[...this._policy.scopes||[],...i.policy.scopes]:this._policy.scopes,limits:{amountPerTxn:Math.min(this._policy.limits?.amountPerTxn??1/0,i?.policy?.limits?.amountPerTxn??1/0)===1/0?void 0:Math.min(this._policy.limits?.amountPerTxn??1/0,i?.policy?.limits?.amountPerTxn??1/0),dailyAmount:Math.min(this._policy.limits?.dailyAmount??1/0,i?.policy?.limits?.dailyAmount??1/0)===1/0?void 0:Math.min(this._policy.limits?.dailyAmount??1/0,i?.policy?.limits?.dailyAmount??1/0),callsPerMinute:Math.min(this._policy.limits?.callsPerMinute??1/0,i?.policy?.limits?.callsPerMinute??1/0)===1/0?void 0:Math.min(this._policy.limits?.callsPerMinute??1/0,i?.policy?.limits?.callsPerMinute??1/0)}}:i?.policy},r=await call(t,e,a);if(r.ok){const t=getGlobalPolicyEngine();if(t.recordCall(this.did),"object"==typeof e&&null!==e){const i=e,a=i.amount??i.value??i.price??i.total;"number"==typeof a&&t.recordSpending(this.did,a)}}return r}cleanup(){this._metadata.cleanupTimer&&(clearTimeout(this._metadata.cleanupTimer),this._metadata.cleanupTimer=void 0);getGlobalPolicyEngine().reset(this.did)}extendTTL(t){if("ephemeral"!==this._metadata.identityMode||!this._metadata.ttl)return!1;this._metadata.cleanupTimer&&clearTimeout(this._metadata.cleanupTimer);const e=Date.now()-this._metadata.created,i=this._metadata.ttl-e+t;return this._metadata.ttl=this._metadata.ttl+t,this._metadata.cleanupTimer=setTimeout(()=>{this.cleanup()},i),!0}toJSON(){return{name:this.name,did:this.did,created:this.created,identityMode:this.identityMode,ttl:this.ttl,timeRemaining:this.timeRemaining}}}

package/dist-standalone/agent.d.ts CHANGED Viewed

@@ -188,14 +188,65 @@ export interface AgentErrorDetail {
  */
 export declare function parseAgentError(error: string): AgentErrorDetail;
 /** Agent-level error codes. Sub-codes give precise failure context. */
-export type AgentError = TransportError | 'IDENTITY_FAILED' | 'IDENTITY_FAILED:KEYGEN' | 'REGISTRATION_FAILED' | 'REGISTRATION_FAILED:ALREADY_REGISTERED' | 'REGISTRATION_FAILED:NETWORK_ERROR' | 'RECIPIENT_NOT_FOUND' | 'RECIPIENT_REVOKED' | 'KEY_AGREEMENT_FAILED' | 'KEY_AGREEMENT_FAILED:RECIPIENT_HAS_NO_X25519_KEY' | 'ENVELOPE_FAILED' | 'ENVELOPE_FAILED:ENCRYPT' | 'ENVELOPE_FAILED:SIGN' | 'ENVELOPE_FAILED:SPLIT' | 'VERIFICATION_FAILED' | 'VERIFICATION_FAILED:UNSUPPORTED_VERSION' | 'VERIFICATION_FAILED:DID_NOT_IN_REGISTRY' | 'VERIFICATION_FAILED:KEY_IMPORT_FAILED' | 'VERIFICATION_FAILED:SIGNATURE_MISMATCH' | 'VERIFICATION_FAILED:PQ_KEY_MISSING' | 'VERIFICATION_FAILED:PQ_SIGNATURE_MISMATCH' | 'ENVELOPE_FAILED:PQ_KEY_MISSING' | 'REPLAY_DETECTED' | 'SCOPE_DENIED' | 'RECEIVER_SCOPE_DENIED' | 'TIMESTAMP_EXPIRED' | 'DECRYPT_FAILED' | 'DECRYPT_FAILED:KEY_AGREEMENT' | 'DECRYPT_FAILED:NO_EPHEMERAL_KEY' | 'DECRYPT_FAILED:DECRYPTION' | 'DECRYPT_FAILED:PARSE' | 'SEND_FAILED:BELOW_THRESHOLD';
+export type AgentError = TransportError | 'IDENTITY_FAILED' | 'IDENTITY_FAILED:KEYGEN' | 'IDENTITY_FAILED:VAULT_STORE' | 'REGISTRATION_FAILED' | 'REGISTRATION_FAILED:ALREADY_REGISTERED' | 'REGISTRATION_FAILED:NETWORK_ERROR' | 'RECIPIENT_NOT_FOUND' | 'RECIPIENT_REVOKED' | 'KEY_AGREEMENT_FAILED' | 'KEY_AGREEMENT_FAILED:RECIPIENT_HAS_NO_X25519_KEY' | 'ENVELOPE_FAILED' | 'ENVELOPE_FAILED:ENCRYPT' | 'ENVELOPE_FAILED:SIGN' | 'ENVELOPE_FAILED:SPLIT' | 'VERIFICATION_FAILED' | 'VERIFICATION_FAILED:UNSUPPORTED_VERSION' | 'VERIFICATION_FAILED:DID_NOT_IN_REGISTRY' | 'VERIFICATION_FAILED:KEY_IMPORT_FAILED' | 'VERIFICATION_FAILED:SIGNATURE_MISMATCH' | 'VERIFICATION_FAILED:PQ_KEY_MISSING' | 'VERIFICATION_FAILED:PQ_SIGNATURE_MISMATCH' | 'ENVELOPE_FAILED:PQ_KEY_MISSING' | 'REPLAY_DETECTED' | 'SCOPE_DENIED' | 'RECEIVER_SCOPE_DENIED' | 'TIMESTAMP_EXPIRED' | 'DECRYPT_FAILED' | 'DECRYPT_FAILED:KEY_AGREEMENT' | 'DECRYPT_FAILED:NO_EPHEMERAL_KEY' | 'DECRYPT_FAILED:DECRYPTION' | 'DECRYPT_FAILED:PARSE' | 'SEND_FAILED:BELOW_THRESHOLD' | 'QUOTA_EXCEEDED';
 /**
  * Top-level Xail Agent SDK API.
  *
- * Matches xail.io/sdk specification:
- * - Agent.create({ name, registry }) — generate identity + register
- * - agent.send({ to, payload, scope }) — encrypt, sign, deliver
- * - agent.receive(envelope) — verify, decrypt, return message
+ * Provides cryptographically secure agent-to-agent messaging with:
+ * - Ed25519 digital signatures
+ * - X25519 ECDH forward secrecy
+ * - ML-KEM-768 post-quantum encryption
+ * - ML-DSA-65 post-quantum signatures (opt-in)
+ * - XorIDA information-theoretic split-channel delivery
+ *
+ * @example Basic Agent Usage
+ * ```typescript
+ * import { Agent } from '@private.me/xbind';
+ *
+ * // Create an agent with auto-generated identity
+ * const alice = await Agent.create({
+ *   name: 'alice',
+ *   registry: 'https://private.me/registry'
+ * });
+ * if (!alice.ok) throw new Error(alice.error);
+ *
+ * const bob = await Agent.create({
+ *   name: 'bob',
+ *   registry: 'https://private.me/registry'
+ * });
+ * if (!bob.ok) throw new Error(bob.error);
+ *
+ * // Send encrypted message
+ * const result = await alice.value.send({
+ *   to: bob.value.identity.did,
+ *   payload: { message: 'Hello, Bob!' },
+ *   scope: ['read:profile']
+ * });
+ *
+ * // Receive and decrypt message
+ * if (result.ok && result.value.envelope) {
+ *   const message = await bob.value.receive(result.value.envelope);
+ *   if (message.ok) {
+ *     console.log('Received:', message.value.payload);
+ *   }
+ * }
+ * ```
+ *
+ * @example Using Existing Identity
+ * ```typescript
+ * import { Agent, identityFromSeed } from '@private.me/xbind';
+ *
+ * // Restore identity from seed
+ * const seed = process.env.XBIND_SEED;
+ * const identity = await identityFromSeed(seed);
+ * if (!identity.ok) throw new Error(identity.error);
+ *
+ * // Create agent from existing identity
+ * const agent = new Agent(identity.value, {
+ *   name: 'my-agent',
+ *   registry: 'https://private.me/registry'
+ * });
+ * ```
  */
 export declare class Agent {
     readonly identity: AgentIdentity;
@@ -214,6 +265,8 @@ export declare class Agent {
     private lastSecurityDecision?;
     /** Timer for ephemeral agent auto-cleanup. */
     private cleanupTimer?;
+    /** Crypto package (XorIDA algorithms) loaded from Vault Store. */
+    private cryptoModule;
     /**
      * Human-readable diagnostic from the last failed receive/verify call.
      *
@@ -233,6 +286,25 @@ export declare class Agent {
     private constructor();
     /** The agent's DID. */
     get did(): string;
+    /**
+     * Get the agent's transport adapters.
+     * @internal Used by MessageStream for envelope handling.
+     */
+    getTransports(): XailTransportAdapter[];
+    /**
+     * Ensure crypto package is loaded from Vault Store.
+     *
+     * Loads XorIDA algorithms with:
+     * - DID-based authentication
+     * - Usage quota verification (Free: 100K/month, Pro: unlimited)
+     * - 7-day memory cache
+     *
+     * @returns Crypto package or throws QuotaExceededError/VaultStoreError
+     * @throws {QuotaExceededError} If Free tier quota exceeded (>120K hard cap)
+     * @throws {VaultStoreError} If vault fetch/load fails
+     * @private
+     */
+    private ensureCrypto;
     /**
      * Check whether the runtime supports the SDK's crypto requirements.
      *
@@ -406,6 +478,9 @@ export declare class Agent {
     /**
      * Verify and decrypt an incoming encrypted envelope (v1 or v2).
      *
+     * ROT-1: Supports key rotation with fallback to old keys.
+     * If decryption fails with current keys, tries old rotated keys.
+     *
      * @param envelope - Incoming transport envelope.
      * @param opts - Optional receive options (e.g. allowCleartext).
      */
@@ -647,8 +722,23 @@ export declare class Agent {
     /**
      * Verify and decrypt an envelope, returning raw text (no JSON parse).
      * Used by receiveSplitShare to get the raw decrypted share data.
+     *
+     * ROT-1: Supports key rotation with fallback to old keys.
      */
     private receiveRaw;
+    /**
+     * Create a test envelope for testing purposes.
+     *
+     * This is a helper method for tests to create properly signed and encrypted
+     * envelopes without going through the full send() flow.
+     *
+     * @param recipientDid - Recipient DID
+     * @param payload - Payload object (will be JSON serialized)
+     * @param scope - Permission scope
+     * @returns TransportEnvelope or null if creation failed
+     * @internal
+     */
+    private createTestEnvelope;
     /**
      * Send email invitation to establish connection.
      *