npm - @private.me/xbind - Versions diffs - 1.3.5 → 3.0.0 - Mend

@private.me/xbind 1.3.5 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -639
package/dist-standalone/_deps/shared/cjs/index.js +1 -496
package/dist-standalone/_deps/shared/cjs/types.js +1 -317
package/dist-standalone/_deps/shared/errors.js +1 -255
package/dist-standalone/_deps/shared/index.js +1 -74
package/dist-standalone/_deps/shared/types.js +1 -90
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -540
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -515
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +65 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -222
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -665
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -675
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -473
package/dist-standalone/_deps/crypto/cjs/index.js +0 -852
package/dist-standalone/_deps/crypto/cjs/package.json +0 -1
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -511
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -372
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -874
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -1021
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -443
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -414
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -923
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -199
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -134
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -145
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -159
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -92
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -295
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -364
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -136
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -71
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -366
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/cjs/approval.js CHANGED Viewed

@@ -1,199 +1 @@
-"use strict";
-/**
- * @module approval
- * OAuth-style approval flow for agents
- *
- * Enterprise agents require explicit user consent before performing
- * sensitive operations. This module implements OAuth-style consent
- * screens and approval tokens.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ApprovalFlow = exports.CLIApprovalPresenter = exports.ApprovalError = exports.ApprovalErrorCode = void 0;
-const shared_1 = require("../_deps/shared/index.js");
-/**
- * Approval error codes
- */
-var ApprovalErrorCode;
-(function (ApprovalErrorCode) {
-    ApprovalErrorCode["USER_DENIED"] = "APPROVAL_USER_DENIED";
-    ApprovalErrorCode["TIMEOUT"] = "APPROVAL_TIMEOUT";
-    ApprovalErrorCode["INVALID_DURATION"] = "APPROVAL_INVALID_DURATION";
-    ApprovalErrorCode["SIGNATURE_FAILED"] = "APPROVAL_SIGNATURE_FAILED";
-    ApprovalErrorCode["TOKEN_EXPIRED"] = "APPROVAL_TOKEN_EXPIRED";
-    ApprovalErrorCode["TOKEN_REVOKED"] = "APPROVAL_TOKEN_REVOKED";
-    ApprovalErrorCode["INVALID_TOKEN"] = "APPROVAL_INVALID_TOKEN";
-})(ApprovalErrorCode || (exports.ApprovalErrorCode = ApprovalErrorCode = {}));
-/**
- * Approval error
- */
-class ApprovalError extends Error {
-    code;
-    details;
-    constructor(code, message, details) {
-        super(message);
-        this.code = code;
-        this.details = details;
-        this.name = 'ApprovalError';
-    }
-}
-exports.ApprovalError = ApprovalError;
-/**
- * CLI approval presenter (prints to console, reads stdin)
- * This is a legitimate CLI interface - console output is intentional
- */
-class CLIApprovalPresenter {
-    /* eslint-disable no-console */
-    async present(options) {
-        console.log('\n=== AGENT APPROVAL REQUEST ===');
-        console.log(`Agent: ${options.agentDid}`);
-        console.log(`Duration: ${options.duration}`);
-        console.log('\nRequested Scopes:');
-        for (const scope of options.scopes) {
-            console.log(`  - ${scope}`);
-        }
-        if (options.limits) {
-            console.log('\nPolicy Limits:');
-            if (options.limits.amountPerTxn) {
-                console.log(`  - Max per transaction: $${options.limits.amountPerTxn.toLocaleString()}`);
-            }
-            if (options.limits.dailyAmount) {
-                console.log(`  - Daily limit: $${options.limits.dailyAmount.toLocaleString()}`);
-            }
-            if (options.limits.callsPerMinute) {
-                console.log(`  - Rate limit: ${options.limits.callsPerMinute} calls/minute`);
-            }
-        }
-        if (options.description) {
-            console.log(`\nDescription: ${options.description}`);
-        }
-        console.log('\n[This is a mock presenter - auto-approving for development]');
-        console.log('In production, this would prompt for user input.\n');
-        // Auto-approve for development (production would prompt for y/n)
-        return (0, shared_1.ok)({
-            approved: true,
-        });
-    }
-}
-exports.CLIApprovalPresenter = CLIApprovalPresenter;
-/**
- * Approval flow coordinator
- *
- * Orchestrates the consent flow: present to user → sign token → track expiry
- */
-class ApprovalFlow {
-    presenter;
-    tokens = new Map();
-    constructor(options = {}) {
-        this.presenter = options.presenter ?? new CLIApprovalPresenter();
-    }
-    /**
-     * Request approval from user
-     *
-     * @param options - Approval request options
-     * @returns Approval result with token (if approved)
-     */
-    async requestApproval(options) {
-        // Validate duration
-        const durationMs = this.parseDuration(options.duration);
-        if (durationMs <= 0) {
-            return (0, shared_1.err)(new ApprovalError(ApprovalErrorCode.INVALID_DURATION, `Invalid duration: ${options.duration}`));
-        }
-        // Present to user
-        const result = await this.presenter.present(options);
-        if (!result.ok)
-            return result;
-        if (!result.value.approved) {
-            return (0, shared_1.ok)({
-                approved: false,
-                reason: result.value.reason ?? 'User denied approval',
-            });
-        }
-        // Generate approval token
-        const now = Date.now();
-        const token = {
-            id: this.generateTokenId(),
-            agentDid: options.agentDid,
-            scopes: options.scopes,
-            limits: options.limits,
-            expiresAt: now + durationMs,
-            createdAt: now,
-            valid: true,
-            signature: await this.signToken(options.agentDid, options.scopes, now + durationMs),
-        };
-        // Store token
-        this.tokens.set(token.id, token);
-        return (0, shared_1.ok)({
-            approved: true,
-            token,
-        });
-    }
-    /**
-     * Verify an approval token
-     *
-     * @param tokenId - Token ID to verify
-     * @returns Token if valid, error otherwise
-     */
-    verifyToken(tokenId) {
-        const token = this.tokens.get(tokenId);
-        if (!token) {
-            return (0, shared_1.err)(new ApprovalError(ApprovalErrorCode.INVALID_TOKEN, `Token ${tokenId} not found`));
-        }
-        if (!token.valid) {
-            return (0, shared_1.err)(new ApprovalError(ApprovalErrorCode.TOKEN_REVOKED, `Token ${tokenId} has been revoked`));
-        }
-        if (Date.now() > token.expiresAt) {
-            return (0, shared_1.err)(new ApprovalError(ApprovalErrorCode.TOKEN_EXPIRED, `Token ${tokenId} expired at ${new Date(token.expiresAt).toISOString()}`));
-        }
-        return (0, shared_1.ok)(token);
-    }
-    /**
-     * Revoke an approval token
-     *
-     * @param tokenId - Token ID to revoke
-     */
-    revokeToken(tokenId) {
-        const token = this.tokens.get(tokenId);
-        if (token) {
-            this.tokens.set(tokenId, { ...token, valid: false });
-        }
-    }
-    /**
-     * Parse duration string to milliseconds
-     */
-    parseDuration(duration) {
-        if (typeof duration === 'number')
-            return duration;
-        // Parse ISO 8601 duration or simple format
-        const matches = duration.match(/^(\d+)([smhd])$/);
-        if (!matches)
-            return -1;
-        const value = parseInt(matches[1] ?? '0', 10);
-        const unit = matches[2];
-        switch (unit) {
-            case 's': return value * 1000;
-            case 'm': return value * 60 * 1000;
-            case 'h': return value * 60 * 60 * 1000;
-            case 'd': return value * 24 * 60 * 60 * 1000;
-            default: return -1;
-        }
-    }
-    /**
-     * Generate a unique token ID
-     */
-    generateTokenId() {
-        const randomBytes = new Uint8Array(12);
-        crypto.getRandomValues(randomBytes);
-        const randomString = Array.from(randomBytes, b => b.toString(16).padStart(2, '0')).join('');
-        return `appr_${Date.now()}_${randomString}`;
-    }
-    /**
-     * Sign an approval token (stub - production would use Ed25519)
-     */
-    async signToken(agentDid, scopes, expiresAt) {
-        // Production would use Ed25519 signature over JSON.stringify({ agentDid, scopes, expiresAt })
-        // For now, return a mock signature
-        const payload = JSON.stringify({ agentDid, scopes, expiresAt });
-        return btoa(payload).substring(0, 32);
-    }
-}
-exports.ApprovalFlow = ApprovalFlow;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ApprovalFlow=exports.CLIApprovalPresenter=exports.ApprovalError=exports.ApprovalErrorCode=void 0;const shared_1=require("../_deps/shared/index.js");var ApprovalErrorCode;!function(r){r.USER_DENIED="APPROVAL_USER_DENIED",r.TIMEOUT="APPROVAL_TIMEOUT",r.INVALID_DURATION="APPROVAL_INVALID_DURATION",r.SIGNATURE_FAILED="APPROVAL_SIGNATURE_FAILED",r.TOKEN_EXPIRED="APPROVAL_TOKEN_EXPIRED",r.TOKEN_REVOKED="APPROVAL_TOKEN_REVOKED",r.INVALID_TOKEN="APPROVAL_INVALID_TOKEN"}(ApprovalErrorCode||(exports.ApprovalErrorCode=ApprovalErrorCode={}));class ApprovalError extends Error{code;details;constructor(r,e,o){super(e),this.code=r,this.details=o,this.name="ApprovalError"}}exports.ApprovalError=ApprovalError;class CLIApprovalPresenter{async present(r){console.log("\n=== AGENT APPROVAL REQUEST ==="),console.log(`Agent: ${r.agentDid}`),console.log(`Duration: ${r.duration}`),console.log("\nRequested Scopes:");for(const e of r.scopes)console.log(`  - ${e}`);return r.limits&&(console.log("\nPolicy Limits:"),r.limits.amountPerTxn&&console.log(`  - Max per transaction: $${r.limits.amountPerTxn.toLocaleString()}`),r.limits.dailyAmount&&console.log(`  - Daily limit: $${r.limits.dailyAmount.toLocaleString()}`),r.limits.callsPerMinute&&console.log(`  - Rate limit: ${r.limits.callsPerMinute} calls/minute`)),r.description&&console.log(`\nDescription: ${r.description}`),console.log("\n[This is a mock presenter - auto-approving for development]"),console.log("In production, this would prompt for user input.\n"),(0,shared_1.ok)({approved:!0})}}exports.CLIApprovalPresenter=CLIApprovalPresenter;class ApprovalFlow{presenter;tokens=new Map;constructor(r={}){this.presenter=r.presenter??new CLIApprovalPresenter}async requestApproval(r){const e=this.parseDuration(r.duration);if(e<=0)return(0,shared_1.err)(new ApprovalError(ApprovalErrorCode.INVALID_DURATION,`Invalid duration: ${r.duration}`));const o=await this.presenter.present(r);if(!o.ok)return o;if(!o.value.approved)return(0,shared_1.ok)({approved:!1,reason:o.value.reason??"User denied approval"});const t=Date.now(),s={id:this.generateTokenId(),agentDid:r.agentDid,scopes:r.scopes,limits:r.limits,expiresAt:t+e,createdAt:t,valid:!0,signature:await this.signToken(r.agentDid,r.scopes,t+e)};return this.tokens.set(s.id,s),(0,shared_1.ok)({approved:!0,token:s})}verifyToken(r){const e=this.tokens.get(r);return e?e.valid?Date.now()>e.expiresAt?(0,shared_1.err)(new ApprovalError(ApprovalErrorCode.TOKEN_EXPIRED,`Token ${r} expired at ${new Date(e.expiresAt).toISOString()}`)):(0,shared_1.ok)(e):(0,shared_1.err)(new ApprovalError(ApprovalErrorCode.TOKEN_REVOKED,`Token ${r} has been revoked`)):(0,shared_1.err)(new ApprovalError(ApprovalErrorCode.INVALID_TOKEN,`Token ${r} not found`))}revokeToken(r){const e=this.tokens.get(r);e&&this.tokens.set(r,{...e,valid:!1})}parseDuration(r){if("number"==typeof r)return r;const e=r.match(/^(\d+)([smhd])$/);if(!e)return-1;const o=parseInt(e[1]??"0",10);switch(e[2]){case"s":return 1e3*o;case"m":return 60*o*1e3;case"h":return 60*o*60*1e3;case"d":return 24*o*60*60*1e3;default:return-1}}generateTokenId(){const r=new Uint8Array(12);crypto.getRandomValues(r);const e=Array.from(r,r=>r.toString(16).padStart(2,"0")).join("");return`appr_${Date.now()}_${e}`}async signToken(r,e,o){const t=JSON.stringify({agentDid:r,scopes:e,expiresAt:o});return btoa(t).substring(0,32)}}exports.ApprovalFlow=ApprovalFlow;

package/dist-standalone/cjs/async-iterators.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MessageStream=void 0,exports.collectMessages=collectMessages,exports.mapStream=mapStream,exports.filterStream=filterStream,exports.takeStream=takeStream,exports.mergeStreams=mergeStreams,exports.installAsyncIterators=installAsyncIterators;class MessageStream{agent;options;state;constructor(e,t={}){this.agent=e,this.options={from:t.from,scope:t.scope,bufferSize:t.bufferSize??100,signal:t.signal,allowCleartext:t.allowCleartext??!1},this.state={buffer:[],pending:[],done:!1},this.options.signal&&this.options.signal.addEventListener("abort",()=>{this.close(new Error("Stream aborted"))});const s=e=>{this.handleEnvelope(e)},r=this.agent.getTransports()[0];r&&(r.onReceive(s),this.state.cleanup=()=>{})}async handleEnvelope(e){if(this.state.done)return;const t=await this.agent.receive(e,{allowCleartext:this.options.allowCleartext});if(!t.ok)return;const s=t.value;if(!(this.options.from&&s.sender!==this.options.from||this.options.scope&&s.scope!==this.options.scope))if(this.state.pending.length>0){this.state.pending.shift()({value:s,done:!1})}else this.state.buffer.length<this.options.bufferSize&&this.state.buffer.push(s)}close(e){if(!this.state.done){this.state.done=!0,this.state.error=e;for(const e of this.state.pending)e({value:void 0,done:!0});this.state.pending=[],this.state.cleanup&&this.state.cleanup()}}async next(){if(this.state.done)return{value:void 0,done:!0};if(this.options.signal?.aborted)return this.close(new Error("Stream aborted")),{value:void 0,done:!0};if(this.state.buffer.length>0){return{value:this.state.buffer.shift(),done:!1}}return new Promise(e=>{this.state.pending.push(e)})}async return(e){return this.close(),{value:void 0,done:!0}}async throw(e){return this.close(e instanceof Error?e:new Error(String(e))),{value:void 0,done:!0}}[Symbol.asyncIterator](){return this}get bufferedCount(){return this.state.buffer.length}get closed(){return this.state.done}get error(){return this.state.error}}async function collectMessages(e,t={}){const s=[],r=new MessageStream(e,t);let a;t.timeout&&(a=setTimeout(()=>{r.return()},t.timeout));try{for await(const e of r)if(s.push(e),t.limit&&s.length>=t.limit)break}finally{a&&clearTimeout(a),r.closed||await r.return()}return s}async function*mapStream(e,t){for await(const s of e)yield await t(s)}async function*filterStream(e,t){for await(const s of e)await t(s)&&(yield s)}async function*takeStream(e,t){let s=0;for await(const r of e){if(s>=t)break;yield r,s++}}async function*mergeStreams(e){const t=e.map(e=>e[Symbol.asyncIterator]()),s=new Map;for(let e=0;e<t.length;e++)s.set(e,t[e].next());for(;s.size>0;){const e=Array.from(s.entries()),r=await Promise.race(e.map(async([e,t])=>({idx:e,result:await t})));s.delete(r.idx),r.result.done||(yield r.result.value,s.set(r.idx,t[r.idx].next()))}}function installAsyncIterators(e){"subscribe"in e.prototype||(e.prototype.subscribe=function(e){return new MessageStream(this,e)})}exports.MessageStream=MessageStream;

package/dist-standalone/cjs/auth.js CHANGED Viewed

@@ -1,225 +1 @@
-"use strict";
-/**
- * Xlock auth challenge module for Agent SDK.
- *
- * Provides requestAuth(), respondToChallenge(), and onChallenge()
- * functions that work with an Agent instance and the XBind gateway.
- *
- * These functions are also re-exported as thin methods on the Agent class.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.requestAuth = requestAuth;
-exports.respondToChallenge = respondToChallenge;
-exports.onChallenge = onChallenge;
-exports.generateRegistrationQR = generateRegistrationQR;
-const shared_1 = require("../_deps/shared/index.js");
-const envelope_js_1 = require("./envelope.js");
-/** Default poll interval for challenge status. */
-const DEFAULT_POLL_INTERVAL_MS = 2_000;
-/** Default TTL for challenges (5 minutes). */
-const DEFAULT_TTL_MS = 5 * 60 * 1000;
-/** Max poll iterations (TTL / pollInterval + safety margin). */
-const MAX_POLL_ITERATIONS = 200;
-/**
- * Create an auth challenge and poll until the user responds.
- *
- * Sends a challenge via the XBind gateway, then polls the status
- * endpoint until the challenge is approved, denied, or expires.
- *
- * @param agent - The Agent requesting authorization.
- * @param request - Auth request details (recipient DID, action, metadata).
- * @param gateway - Gateway connection options.
- * @returns Auth result (approved/denied) or error.
- */
-async function requestAuth(agent, request, gateway) {
-    const ttlMs = request.ttlMs ?? DEFAULT_TTL_MS;
-    const pollIntervalMs = request.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
-    // Build the challenge payload
-    const payload = {
-        recipientDid: request.to,
-        action: request.action,
-        metadata: request.metadata ?? {},
-        ttlMs,
-    };
-    // Create a signed envelope wrapping the challenge request
-    const envelopeResult = await (0, envelope_js_1.createSignedEnvelope)({
-        senderDid: agent.did,
-        recipientDid: request.to,
-        scope: 'xlock:challenge',
-        plaintext: new TextEncoder().encode(JSON.stringify(payload)),
-        privateKey: agent.identity.privateKey,
-    });
-    if (!envelopeResult.ok) {
-        return (0, shared_1.err)('INVALID_REQUEST');
-    }
-    // POST to gateway
-    let challengeId;
-    let expiresAt;
-    try {
-        const response = await fetch(`${gateway.gatewayUrl}/gateway/auth/challenge`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(envelopeResult.value),
-        });
-        if (response.status === 429)
-            return (0, shared_1.err)('RATE_LIMITED');
-        if (!response.ok) {
-            const body = await response.json().catch(() => null);
-            const code = body
-                ?.error?.code;
-            return (0, shared_1.err)(code ?? 'INVALID_REQUEST');
-        }
-        const data = await response.json();
-        challengeId = data.challengeId;
-        expiresAt = data.expiresAt;
-    }
-    catch {
-        return (0, shared_1.err)('INVALID_REQUEST');
-    }
-    // Poll for status
-    return pollChallengeStatus(challengeId, expiresAt, pollIntervalMs, gateway);
-}
-/**
- * Respond to an incoming auth challenge (approve or deny).
- *
- * Sends a signed response envelope to the gateway.
- *
- * @param agent - The Agent responding to the challenge.
- * @param challengeId - The challenge ID to respond to.
- * @param approved - Whether the user approved the challenge.
- * @param gateway - Gateway connection options.
- * @returns Success or error.
- */
-async function respondToChallenge(agent, challengeId, approved, gateway) {
-    const payload = {
-        challengeId,
-        approved,
-        timestamp: Date.now(),
-    };
-    // Create a signed envelope for the response
-    const envelopeResult = await (0, envelope_js_1.createSignedEnvelope)({
-        senderDid: agent.did,
-        recipientDid: agent.did, // Self-addressed (gateway verifies recipient match)
-        scope: 'xlock:respond',
-        plaintext: new TextEncoder().encode(JSON.stringify(payload)),
-        privateKey: agent.identity.privateKey,
-    });
-    if (!envelopeResult.ok) {
-        return (0, shared_1.err)('INVALID_REQUEST');
-    }
-    try {
-        const response = await fetch(`${gateway.gatewayUrl}/gateway/auth/respond`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                ...envelopeResult.value,
-                // Include response fields at top level for the server
-                challengeId,
-                approved,
-                responseEnvelope: envelopeResult.value,
-            }),
-        });
-        if (!response.ok) {
-            const body = await response.json().catch(() => null);
-            const code = body
-                ?.error?.code;
-            return (0, shared_1.err)(code ?? 'INVALID_REQUEST');
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    catch {
-        return (0, shared_1.err)('INVALID_REQUEST');
-    }
-}
-/**
- * Register a callback for incoming auth challenges via WebSocket.
- *
- * The callback fires when an `auth:challenge` message arrives
- * over the gateway WebSocket connection.
- *
- * @param ws - The WebSocket connection to the gateway.
- * @param callback - Handler for incoming challenges.
- * @returns Cleanup function to unregister the listener.
- */
-function onChallenge(ws, callback) {
-    const handler = (event) => {
-        try {
-            const msg = JSON.parse(event.data);
-            if (msg.type === 'auth:challenge' && msg.data) {
-                callback(msg.data);
-            }
-        }
-        catch {
-            // Skip non-JSON messages
-        }
-    };
-    ws.addEventListener('message', handler);
-    return () => ws.removeEventListener('message', handler);
-}
-/**
- * Generate a registration QR code URI for TOTP migration.
- *
- * Creates a `xlock://register` URI that replaces `otpauth://` for
- * asymmetric DID-based registration.
- *
- * @param options - Registration options.
- * @returns The registration URI string.
- */
-function generateRegistrationQR(options) {
-    const params = new URLSearchParams({
-        app: options.appName,
-        did: options.appDid,
-        registry: options.registryUrl,
-        callback: options.callbackUrl,
-    });
-    if (options.appIcon)
-        params.set('icon', options.appIcon);
-    return `xlock://register?${params.toString()}`;
-}
-/** Poll the gateway for challenge status until resolved or expired. */
-async function pollChallengeStatus(challengeId, expiresAt, pollIntervalMs, gateway) {
-    for (let i = 0; i < MAX_POLL_ITERATIONS; i++) {
-        if (Date.now() > expiresAt) {
-            return (0, shared_1.err)('CHALLENGE_EXPIRED');
-        }
-        await sleep(pollIntervalMs);
-        try {
-            const response = await fetch(`${gateway.gatewayUrl}/gateway/auth/status/${challengeId}`, {
-                headers: { Authorization: `Bearer ${gateway.accessToken}` },
-            });
-            if (!response.ok) {
-                if (response.status === 404)
-                    return (0, shared_1.err)('CHALLENGE_NOT_FOUND');
-                continue; // Retry on transient errors
-            }
-            const data = await response.json();
-            if (data.status === 'approved') {
-                return (0, shared_1.ok)({
-                    challengeId: data.challengeId,
-                    approved: true,
-                    respondedAt: data.respondedAt,
-                    envelope: data.envelope,
-                });
-            }
-            if (data.status === 'denied') {
-                return (0, shared_1.ok)({
-                    challengeId: data.challengeId,
-                    approved: false,
-                    respondedAt: data.respondedAt,
-                });
-            }
-            if (data.status === 'expired') {
-                return (0, shared_1.err)('CHALLENGE_EXPIRED');
-            }
-            // Still pending — continue polling
-        }
-        catch {
-            // Network error — continue polling
-        }
-    }
-    return (0, shared_1.err)('CHALLENGE_TIMEOUT');
-}
-/** Promise-based sleep. */
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.requestAuth=requestAuth,exports.respondToChallenge=respondToChallenge,exports.onChallenge=onChallenge,exports.generateRegistrationQR=generateRegistrationQR;const shared_1=require("../_deps/shared/index.js"),envelope_js_1=require("./envelope.js"),DEFAULT_POLL_INTERVAL_MS=2e3,DEFAULT_TTL_MS=3e5,MAX_POLL_ITERATIONS=200;async function requestAuth(e,t,r){const a=t.ttlMs??DEFAULT_TTL_MS,n=t.pollIntervalMs??DEFAULT_POLL_INTERVAL_MS,s={recipientDid:t.to,action:t.action,metadata:t.metadata??{},ttlMs:a},o=await(0,envelope_js_1.createSignedEnvelope)({senderDid:e.did,recipientDid:t.to,scope:"xlock:challenge",plaintext:(new TextEncoder).encode(JSON.stringify(s)),privateKey:e.identity.privateKey});if(!o.ok)return(0,shared_1.err)("INVALID_REQUEST");let i,d;try{const e=await fetch(`${r.gatewayUrl}/gateway/auth/challenge`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(o.value)});if(429===e.status)return(0,shared_1.err)("RATE_LIMITED");if(!e.ok){const t=await e.json().catch(()=>null),r=t?.error?.code;return(0,shared_1.err)(r??"INVALID_REQUEST")}const t=await e.json();i=t.challengeId,d=t.expiresAt}catch{return(0,shared_1.err)("INVALID_REQUEST")}return pollChallengeStatus(i,d,n,r)}async function respondToChallenge(e,t,r,a){const n={challengeId:t,approved:r,timestamp:Date.now()},s=await(0,envelope_js_1.createSignedEnvelope)({senderDid:e.did,recipientDid:e.did,scope:"xlock:respond",plaintext:(new TextEncoder).encode(JSON.stringify(n)),privateKey:e.identity.privateKey});if(!s.ok)return(0,shared_1.err)("INVALID_REQUEST");try{const e=await fetch(`${a.gatewayUrl}/gateway/auth/respond`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({...s.value,challengeId:t,approved:r,responseEnvelope:s.value})});if(!e.ok){const t=await e.json().catch(()=>null),r=t?.error?.code;return(0,shared_1.err)(r??"INVALID_REQUEST")}return(0,shared_1.ok)(void 0)}catch{return(0,shared_1.err)("INVALID_REQUEST")}}function onChallenge(e,t){const r=e=>{try{const r=JSON.parse(e.data);"auth:challenge"===r.type&&r.data&&t(r.data)}catch{}};return e.addEventListener("message",r),()=>e.removeEventListener("message",r)}function generateRegistrationQR(e){const t=new URLSearchParams({app:e.appName,did:e.appDid,registry:e.registryUrl,callback:e.callbackUrl});return e.appIcon&&t.set("icon",e.appIcon),`xlock://register?${t.toString()}`}async function pollChallengeStatus(e,t,r,a){for(let n=0;n<200;n++){if(Date.now()>t)return(0,shared_1.err)("CHALLENGE_EXPIRED");await sleep(r);try{const t=await fetch(`${a.gatewayUrl}/gateway/auth/status/${e}`,{headers:{Authorization:`Bearer ${a.accessToken}`}});if(!t.ok){if(404===t.status)return(0,shared_1.err)("CHALLENGE_NOT_FOUND");continue}const r=await t.json();if("approved"===r.status)return(0,shared_1.ok)({challengeId:r.challengeId,approved:!0,respondedAt:r.respondedAt,envelope:r.envelope});if("denied"===r.status)return(0,shared_1.ok)({challengeId:r.challengeId,approved:!1,respondedAt:r.respondedAt});if("expired"===r.status)return(0,shared_1.err)("CHALLENGE_EXPIRED")}catch{}}return(0,shared_1.err)("CHALLENGE_TIMEOUT")}function sleep(e){return new Promise(t=>setTimeout(t,e))}

package/dist-standalone/cjs/auto-accept.js CHANGED Viewed

@@ -1,233 +1 @@
-"use strict";
-/**
- * @module auto-accept
- * Auto-accept invite on first SDK call for zero-click onboarding.
- *
- * Enables services to accept invites automatically without explicit
- * accept commands. Invite code comes from environment variable.
- *
- * @example
- * ```ts
- * // Environment: XBIND_INVITE_CODE=XBD-abc123, XBIND_AUTO_ACCEPT=true
- *
- * // Auto-accept happens on first Agent method call:
- * const agent = Agent.lazy({ name: 'my-service' });
- * await agent.send({ to: partnerDid, payload: data, scope: 'test' });
- * // ↑ Invite auto-accepted before send()
- * ```
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AutoAcceptErrorCode = void 0;
-exports.autoAcceptInvite = autoAcceptInvite;
-const shared_1 = require("../_deps/shared/index.js");
-const invite_js_1 = require("./invite.js");
-const trust_registry_js_1 = require("./trust-registry.js");
-const crypto_1 = require("../_deps/crypto/index.js");
-const identity_js_1 = require("./identity.js");
-/**
- * Auto-accept error codes.
- */
-var AutoAcceptErrorCode;
-(function (AutoAcceptErrorCode) {
-    AutoAcceptErrorCode["NO_INVITE_CODE"] = "AUTO_ACCEPT_NO_INVITE_CODE";
-    AutoAcceptErrorCode["DISABLED"] = "AUTO_ACCEPT_DISABLED";
-    AutoAcceptErrorCode["INVITE_FAILED"] = "AUTO_ACCEPT_INVITE_FAILED";
-    AutoAcceptErrorCode["REGISTRY_SETUP_FAILED"] = "AUTO_ACCEPT_REGISTRY_SETUP_FAILED";
-})(AutoAcceptErrorCode || (exports.AutoAcceptErrorCode = AutoAcceptErrorCode = {}));
-/**
- * Auto-accept an invite on first SDK call.
- *
- * Reads invite code from config or environment variable `XBIND_INVITE_CODE`.
- * If `XBIND_AUTO_ACCEPT` is false, returns error with code DISABLED.
- *
- * When successful:
- * 1. Fetches invite details from invite server
- * 2. Adds inviter to trust registry
- * 3. Auto-detects registry endpoint from invite metadata (if present)
- * 4. Marks invite as accepted
- *
- * This is called internally by `Agent.lazy()` before the first send/receive.
- *
- * @param config - Auto-accept configuration
- * @param acceptorInfo - Acceptor service info (DID, endpoint, publicKey)
- * @returns Accept details or error
- *
- * @example
- * ```ts
- * // Manual usage (typically called internally by Agent.lazy):
- * const result = await autoAcceptInvite(
- *   { inviteCode: 'XBD-abc123' },
- *   {
- *     name: 'my-service',
- *     did: 'did:key:z6Mk...',
- *     endpoint: 'https://my-service.com',
- *     publicKey: '...',
- *   }
- * );
- *
- * if (result.ok) {
- *   console.log('Auto-accepted invite from:', result.value.from.name);
- * }
- * ```
- */
-async function autoAcceptInvite(config, acceptorInfo) {
-    // Step 1: Check if auto-accept is enabled
-    const autoAcceptEnabled = config.enabled ?? getEnvFlag('XBIND_AUTO_ACCEPT', true);
-    if (!autoAcceptEnabled) {
-        return (0, shared_1.err)({
-            code: AutoAcceptErrorCode.DISABLED,
-            message: 'Auto-accept is disabled',
-            hint: 'Set XBIND_AUTO_ACCEPT=true or pass { enabled: true } in config',
-        });
-    }
-    // Step 2: Get invite code
-    const inviteCode = config.inviteCode ?? getEnv('XBIND_INVITE_CODE');
-    if (!inviteCode) {
-        return (0, shared_1.err)({
-            code: AutoAcceptErrorCode.NO_INVITE_CODE,
-            message: 'No invite code provided',
-            hint: 'Set XBIND_INVITE_CODE environment variable or pass inviteCode in config',
-        });
-    }
-    // Step 3: Fetch invite details
-    const inviteService = new invite_js_1.InviteService({
-        inviteApiUrl: config.inviteApiUrl ?? getEnv('XBIND_INVITE_API_URL') ?? 'https://xbind.to',
-    });
-    const inviteUrl = normalizeInviteCode(inviteCode);
-    const inviteResult = await inviteService.get(inviteUrl);
-    if (!inviteResult.ok) {
-        return (0, shared_1.err)({
-            code: AutoAcceptErrorCode.INVITE_FAILED,
-            message: `Failed to fetch invite: ${inviteResult.error.message}`,
-            hint: inviteResult.error.hint,
-            cause: inviteResult.error,
-        });
-    }
-    const invite = inviteResult.value;
-    // Step 4: Add inviter to trust registry
-    const registry = config.registry ?? await autoConfigureRegistry(invite);
-    try {
-        // Import public key from base64
-        const publicKeyBytes = (0, crypto_1.fromBase64)(invite.from.publicKey);
-        const publicKeyResult = await (0, identity_js_1.importPublicKey)(publicKeyBytes);
-        if (!publicKeyResult.ok) {
-            return (0, shared_1.err)({
-                code: AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,
-                message: 'Invalid inviter public key',
-                hint: 'The invite may be corrupted',
-                cause: publicKeyResult.error,
-            });
-        }
-        // Add to registry
-        const addResult = await registry.register(invite.from.did, publicKeyBytes, invite.from.name, invite.permissions, invite.from.x25519PublicKey ? (0, crypto_1.fromBase64)(invite.from.x25519PublicKey) : undefined, invite.from.mlKemPublicKey ? (0, crypto_1.fromBase64)(invite.from.mlKemPublicKey) : undefined, undefined, // mlDsaPublicKey (not in invite yet)
-        false);
-        if (!addResult.ok) {
-            // If already registered, that's OK (idempotent)
-            if (addResult.error !== 'ALREADY_REGISTERED') {
-                return (0, shared_1.err)({
-                    code: AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,
-                    message: `Failed to add inviter to registry: ${addResult.error}`,
-                    cause: addResult.error,
-                });
-            }
-        }
-    }
-    catch (error) {
-        return (0, shared_1.err)({
-            code: AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,
-            message: 'Failed to configure trust registry',
-            cause: error,
-        });
-    }
-    // Step 5: Accept the invite (marks as accepted on server)
-    const acceptResult = await inviteService.accept({ inviteUrl, acceptor: acceptorInfo });
-    if (!acceptResult.ok) {
-        // Non-fatal: invite acceptance is for tracking/notification only
-        // The connection is still established locally via registry add
-    }
-    return (0, shared_1.ok)({
-        invite,
-        from: invite.from,
-        registryUrl: extractRegistryUrl(invite),
-        registryAutoconfigured: config.registry === undefined,
-    });
-}
-/**
- * Auto-configure trust registry from invite metadata.
- *
- * Attempts to extract registry URL from invite. If found, creates HttpTrustRegistry.
- * Otherwise falls back to MemoryTrustRegistry.
- *
- * @param invite - Invite details
- * @returns Trust registry instance
- */
-async function autoConfigureRegistry(invite) {
-    const registryUrl = extractRegistryUrl(invite);
-    if (registryUrl) {
-        return new trust_registry_js_1.HttpTrustRegistry({ baseUrl: registryUrl });
-    }
-    return new trust_registry_js_1.MemoryTrustRegistry();
-}
-/**
- * Extract registry URL from invite metadata.
- *
- * Checks for registry URL in invite.from.endpoint or custom metadata fields.
- *
- * @param invite - Invite details
- * @returns Registry URL or undefined
- */
-function extractRegistryUrl(invite) {
-    // Check if endpoint is a registry URL (heuristic: contains /registry or /trust)
-    if (invite.from.endpoint.includes('/registry') || invite.from.endpoint.includes('/trust')) {
-        return invite.from.endpoint;
-    }
-    // Future: check invite.metadata.registryUrl when invite system adds it
-    return undefined;
-}
-/**
- * Normalize invite code to full URL.
- *
- * If code is already a URL, returns as-is.
- * If code is short form (e.g., 'XBD-abc123'), converts to https://xbind.to/invite/{code}.
- *
- * @param code - Invite code or URL
- * @returns Full invite URL
- */
-function normalizeInviteCode(code) {
-    if (code.startsWith('http://') || code.startsWith('https://')) {
-        return code;
-    }
-    // Short form: XBD-abc123 or just abc123
-    const cleanCode = code.replace(/^XBD-/i, '');
-    return `https://xbind.to/invite/${cleanCode}`;
-}
-/**
- * Get environment variable value.
- *
- * @param key - Environment variable name
- * @param defaultValue - Default value if not set
- * @returns Environment variable value or default
- */
-function getEnv(key, defaultValue) {
-    // SAFETY: Check for Node.js environment before accessing process
-    if (typeof process !== 'undefined' && typeof process.env !== 'undefined') {
-        return process.env[key] ?? defaultValue;
-    }
-    return defaultValue;
-}
-/**
- * Get environment variable as boolean flag.
- *
- * Treats 'true', '1', 'yes' as true. Everything else as false.
- *
- * @param key - Environment variable name
- * @param defaultValue - Default value if not set
- * @returns Boolean flag
- */
-function getEnvFlag(key, defaultValue) {
-    const value = getEnv(key);
-    if (value === undefined)
-        return defaultValue;
-    const normalized = value.toLowerCase().trim();
-    return normalized === 'true' || normalized === '1' || normalized === 'yes';
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AutoAcceptErrorCode=void 0,exports.autoAcceptInvite=autoAcceptInvite;const shared_1=require("../_deps/shared/index.js"),invite_js_1=require("./invite.js"),trust_registry_js_1=require("./trust-registry.js"),crypto_utils_js_1=require("./crypto-utils.js"),identity_js_1=require("./identity.js");var AutoAcceptErrorCode;async function autoAcceptInvite(e,r){if(!(e.enabled??getEnvFlag("XBIND_AUTO_ACCEPT",!0)))return(0,shared_1.err)({code:AutoAcceptErrorCode.DISABLED,message:"Auto-accept is disabled",hint:"Set XBIND_AUTO_ACCEPT=true or pass { enabled: true } in config"});const t=e.inviteCode??getEnv("XBIND_INVITE_CODE");if(!t)return(0,shared_1.err)({code:AutoAcceptErrorCode.NO_INVITE_CODE,message:"No invite code provided",hint:"Set XBIND_INVITE_CODE environment variable or pass inviteCode in config"});const i=new invite_js_1.InviteService({inviteApiUrl:e.inviteApiUrl??getEnv("XBIND_INVITE_API_URL")??"https://xbind.to"}),o=normalizeInviteCode(t),s=await i.get(o);if(!s.ok)return(0,shared_1.err)({code:AutoAcceptErrorCode.INVITE_FAILED,message:`Failed to fetch invite: ${s.error.message}`,hint:s.error.hint,cause:s.error});const n=s.value,c=e.registry??await autoConfigureRegistry(n);try{const e=(0,crypto_utils_js_1.fromBase64)(n.from.publicKey),r=await(0,identity_js_1.importPublicKey)(e);if(!r.ok)return(0,shared_1.err)({code:AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,message:"Invalid inviter public key",hint:"The invite may be corrupted",cause:r.error});const t=await c.register(n.from.did,e,n.from.name,n.permissions,n.from.x25519PublicKey?(0,crypto_utils_js_1.fromBase64)(n.from.x25519PublicKey):void 0,n.from.mlKemPublicKey?(0,crypto_utils_js_1.fromBase64)(n.from.mlKemPublicKey):void 0,void 0,!1);if(!t.ok&&"ALREADY_REGISTERED"!==t.error)return(0,shared_1.err)({code:AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,message:`Failed to add inviter to registry: ${t.error}`,cause:t.error})}catch(e){return(0,shared_1.err)({code:AutoAcceptErrorCode.REGISTRY_SETUP_FAILED,message:"Failed to configure trust registry",cause:e})}return(await i.accept({inviteUrl:o,acceptor:r})).ok,(0,shared_1.ok)({invite:n,from:n.from,registryUrl:extractRegistryUrl(n),registryAutoconfigured:void 0===e.registry})}async function autoConfigureRegistry(e){const r=extractRegistryUrl(e);return r?new trust_registry_js_1.HttpTrustRegistry({baseUrl:r}):new trust_registry_js_1.MemoryTrustRegistry}function extractRegistryUrl(e){if(e.from.endpoint.includes("/registry")||e.from.endpoint.includes("/trust"))return e.from.endpoint}function normalizeInviteCode(e){if(e.startsWith("http://")||e.startsWith("https://"))return e;return`https://xbind.to/invite/${e.replace(/^XBD-/i,"")}`}function getEnv(e,r){return"undefined"!=typeof process&&void 0!==process.env?process.env[e]??r:r}function getEnvFlag(e,r){const t=getEnv(e);if(void 0===t)return r;const i=t.toLowerCase().trim();return"true"===i||"1"===i||"yes"===i}!function(e){e.NO_INVITE_CODE="AUTO_ACCEPT_NO_INVITE_CODE",e.DISABLED="AUTO_ACCEPT_DISABLED",e.INVITE_FAILED="AUTO_ACCEPT_INVITE_FAILED",e.REGISTRY_SETUP_FAILED="AUTO_ACCEPT_REGISTRY_SETUP_FAILED"}(AutoAcceptErrorCode||(exports.AutoAcceptErrorCode=AutoAcceptErrorCode={}));