npm - @private.me/xbind - Versions diffs - 1.3.5 → 3.0.0 - Mend

@private.me/xbind 1.3.5 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -639
package/dist-standalone/_deps/shared/cjs/index.js +1 -496
package/dist-standalone/_deps/shared/cjs/types.js +1 -317
package/dist-standalone/_deps/shared/errors.js +1 -255
package/dist-standalone/_deps/shared/index.js +1 -74
package/dist-standalone/_deps/shared/types.js +1 -90
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -540
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -515
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +65 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -222
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -665
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -675
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -473
package/dist-standalone/_deps/crypto/cjs/index.js +0 -852
package/dist-standalone/_deps/crypto/cjs/package.json +0 -1
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -511
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -372
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -874
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -1021
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -443
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -414
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -923
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -199
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -134
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -145
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -159
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -92
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -295
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -364
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -136
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -71
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -366
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/did-web.js CHANGED Viewed

@@ -1,196 +1 @@
-/**
- * did:web resolver — resolves DIDs hosted on developer domains.
- *
- * Implements the W3C did:web method:
- *   did:web:example.com -> https://example.com/.well-known/did.json
- *   did:web:example.com:path:to -> https://example.com/path/to/did.json
- *
- * Enables direct agent-to-agent communication without a centralized registry.
- * Implements TrustRegistry interface for drop-in use with Agent class.
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { fromBase64 } from"./_deps/crypto/index.js";
-/**
- * Resolve did:web DIDs by fetching DID documents from the hosting domain.
- *
- * Implements TrustRegistry interface so it can be used as a drop-in
- * replacement for MemoryTrustRegistry or HttpTrustRegistry.
- */
-export class DidWebResolver {
-    fetchFn;
-    cacheTtlMs;
-    cache = new Map();
-    constructor(opts) {
-        this.fetchFn = opts?.fetch ?? globalThis.fetch.bind(globalThis);
-        this.cacheTtlMs = opts?.cacheTtlMs ?? 300_000;
-    }
-    /** Registration not supported for did:web (developers host their own). */
-    async register(_did, _publicKey, _name, _scopes, _x25519PublicKey) {
-        return err('ALREADY_REGISTERED');
-    }
-    /**
-     * Resolve a did:web DID to its raw public key bytes.
-     * @param did - A did:web DID string.
-     * @returns Public key bytes or error.
-     */
-    async resolve(did) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return entry;
-        if (entry.value.revoked)
-            return err('REVOKED');
-        return ok(entry.value.publicKey);
-    }
-    /**
-     * Check if a did:web DID has a specific scope.
-     * @param did - The DID to check.
-     * @param scope - The scope to verify.
-     * @returns True if scope is granted.
-     */
-    async hasScope(did, scope) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return false;
-        return entry.value.scopes.has(scope);
-    }
-    /**
-     * Check if a did:web DID has a specific receive scope.
-     * @param did - The DID to check.
-     * @param scope - The scope to verify.
-     * @returns True if receive scope is granted.
-     */
-    async hasReceiveScope(did, scope) {
-        const entry = await this.fetchEntry(did);
-        if (!entry.ok)
-            return false;
-        // Undefined = accept all scopes (backward compatibility)
-        if (!entry.value.receiveScopes)
-            return true;
-        return entry.value.receiveScopes.has(scope);
-    }
-    /** Revocation not supported for did:web (developer controls their domain). */
-    async revoke(_did) {
-        return err('NOT_FOUND');
-    }
-    /**
-     * Get the full registry entry for a did:web DID.
-     * @param did - The DID to look up.
-     * @returns Full entry or error.
-     */
-    async getEntry(did) {
-        return this.fetchEntry(did);
-    }
-    /** Number of cached entries (for testing). */
-    get cacheSize() {
-        return this.cache.size;
-    }
-    /** Fetch and parse a DID document, with caching. */
-    async fetchEntry(did) {
-        // Check cache
-        const cached = this.cache.get(did);
-        if (cached && Date.now() - cached.fetchedAt < this.cacheTtlMs) {
-            return ok(cached.entry);
-        }
-        const url = didWebToUrl(did);
-        if (!url)
-            return err('NOT_FOUND');
-        try {
-            const res = await this.fetchFn(url);
-            if (!res.ok)
-                return err('NOT_FOUND');
-            const doc = (await res.json());
-            const entry = parseDidDocument(did, doc);
-            if (!entry)
-                return err('NOT_FOUND');
-            this.cache.set(did, { entry, fetchedAt: Date.now() });
-            return ok(entry);
-        }
-        catch {
-            return err('NETWORK_ERROR');
-        }
-    }
-}
-/**
- * Convert a did:web DID to its HTTPS URL.
- *   did:web:example.com -> https://example.com/.well-known/did.json
- *   did:web:example.com:path:to -> https://example.com/path/to/did.json
- * @param did - The did:web DID string.
- * @returns HTTPS URL or null if invalid.
- */
-export function didWebToUrl(did) {
-    if (!did.startsWith('did:web:'))
-        return null;
-    const parts = did.slice('did:web:'.length).split(':');
-    if (parts.length === 0 || !parts[0])
-        return null;
-    const domain = decodeURIComponent(parts[0]);
-    if (parts.length === 1) {
-        return `https://${domain}/.well-known/did.json`;
-    }
-    const path = parts.slice(1).map(decodeURIComponent).join('/');
-    return `https://${domain}/${path}/did.json`;
-}
-/** Parse a DID document into a RegistryEntry. */
-function parseDidDocument(did, doc) {
-    if (!doc.verificationMethod || doc.verificationMethod.length === 0) {
-        return null;
-    }
-    const vm = doc.verificationMethod[0];
-    if (!vm)
-        return null;
-    let publicKey = null;
-    if (vm.publicKeyMultibase) {
-        publicKey = decodeMultibase(vm.publicKeyMultibase);
-    }
-    else if (vm.publicKeyBase64) {
-        publicKey = fromBase64(vm.publicKeyBase64);
-    }
-    if (!publicKey)
-        return null;
-    return {
-        did,
-        publicKey,
-        name: doc.xailName ?? did,
-        scopes: new Set(doc.xailScopes ?? []),
-        revoked: doc.deactivated === true,
-        rotation_sequence: 1, // DID documents don't track rotation, default to 1
-    };
-}
-/** Decode z-prefixed base58btc multibase to bytes. */
-function decodeMultibase(mb) {
-    if (!mb.startsWith('z'))
-        return null;
-    return base58Decode(mb.slice(1));
-}
-/** Base58 decode (Bitcoin alphabet). */
-function base58Decode(s) {
-    const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-    const BASE = BigInt(58);
-    let num = BigInt(0);
-    for (const char of s) {
-        const idx = ALPHABET.indexOf(char);
-        if (idx < 0)
-            return new Uint8Array(0);
-        num = num * BASE + BigInt(idx);
-    }
-    const hex = num.toString(16);
-    const padded = hex.length % 2 ? '0' + hex : hex;
-    const bytes = new Uint8Array(padded.length / 2);
-    for (let i = 0; i < bytes.length; i++) {
-        bytes[i] = parseInt(padded.slice(i * 2, i * 2 + 2), 16);
-    }
-    // Handle leading zeros (base58 "1" = 0x00)
-    let leadingZeros = 0;
-    for (const c of s) {
-        if (c === '1')
-            leadingZeros++;
-        else
-            break;
-    }
-    if (leadingZeros > 0) {
-        const result = new Uint8Array(leadingZeros + bytes.length);
-        result.set(bytes, leadingZeros);
-        return result;
-    }
-    return bytes;
-}
+import{ok,err}from"./_deps/shared/index.js";import{fromBase64}from"./crypto-utils.js";export class DidWebResolver{fetchFn;cacheTtlMs;cache=new Map;constructor(e){this.fetchFn=e?.fetch??globalThis.fetch.bind(globalThis),this.cacheTtlMs=e?.cacheTtlMs??3e5}async register(e,t,n,r,c){return err("ALREADY_REGISTERED")}async resolve(e){const t=await this.fetchEntry(e);return t.ok?t.value.revoked?err("REVOKED"):ok(t.value.publicKey):t}async hasScope(e,t){const n=await this.fetchEntry(e);return!!n.ok&&n.value.scopes.has(t)}async hasReceiveScope(e,t){const n=await this.fetchEntry(e);return!!n.ok&&(!n.value.receiveScopes||n.value.receiveScopes.has(t))}async revoke(e){return err("NOT_FOUND")}async getEntry(e){return this.fetchEntry(e)}get cacheSize(){return this.cache.size}async fetchEntry(e){const t=this.cache.get(e);if(t&&Date.now()-t.fetchedAt<this.cacheTtlMs)return ok(t.entry);const n=didWebToUrl(e);if(!n)return err("NOT_FOUND");try{const t=await this.fetchFn(n);if(!t.ok)return err("NOT_FOUND");const r=parseDidDocument(e,await t.json());return r?(this.cache.set(e,{entry:r,fetchedAt:Date.now()}),ok(r)):err("NOT_FOUND")}catch{return err("NETWORK_ERROR")}}}export function didWebToUrl(e){if(!e.startsWith("did:web:"))return null;const t=e.slice(8).split(":");if(0===t.length||!t[0])return null;const n=decodeURIComponent(t[0]);if(1===t.length)return`https://${n}/.well-known/did.json`;return`https://${n}/${t.slice(1).map(decodeURIComponent).join("/")}/did.json`}function parseDidDocument(e,t){if(!t.verificationMethod||0===t.verificationMethod.length)return null;const n=t.verificationMethod[0];if(!n)return null;let r=null;return n.publicKeyMultibase?r=decodeMultibase(n.publicKeyMultibase):n.publicKeyBase64&&(r=fromBase64(n.publicKeyBase64)),r?{did:e,publicKey:r,name:t.xailName??e,scopes:new Set(t.xailScopes??[]),revoked:!0===t.deactivated,rotation_sequence:1}:null}function decodeMultibase(e){return e.startsWith("z")?base58Decode(e.slice(1)):null}function base58Decode(e){const t=BigInt(58);let n=BigInt(0);for(const r of e){const e="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".indexOf(r);if(e<0)return new Uint8Array(0);n=n*t+BigInt(e)}const r=n.toString(16),c=r.length%2?"0"+r:r,s=new Uint8Array(c.length/2);for(let e=0;e<s.length;e++)s[e]=parseInt(c.slice(2*e,2*e+2),16);let i=0;for(const t of e){if("1"!==t)break;i++}if(i>0){const e=new Uint8Array(i+s.length);return e.set(s,i),e}return s}

package/dist-standalone/discovery.js CHANGED Viewed

@@ -1,458 +1 @@
-/**
- * @module discovery
- * Service discovery for zero-config XBind connections.
- *
- * Enables: `xbind connect payments-service`
- *
- * Four-tier discovery:
- * 1. Public registry (xbind.registry.io)
- * 2. Well-known URL (https://service.com/.well-known/xbind)
- * 3. DNS TXT record (_xbind.service.com)
- * 4. Direct URL/QR code
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { promises as dns } from 'dns';
-/**
- * Discovery error codes.
- */
-export var DiscoveryErrorCode;
-(function (DiscoveryErrorCode) {
-    DiscoveryErrorCode["SERVICE_NOT_FOUND"] = "DISCOVERY_SERVICE_NOT_FOUND";
-    DiscoveryErrorCode["REGISTRY_UNREACHABLE"] = "DISCOVERY_REGISTRY_UNREACHABLE";
-    DiscoveryErrorCode["INVALID_RESPONSE"] = "DISCOVERY_INVALID_RESPONSE";
-    DiscoveryErrorCode["NETWORK_ERROR"] = "DISCOVERY_NETWORK_ERROR";
-    DiscoveryErrorCode["INVALID_SERVICE_NAME"] = "DISCOVERY_INVALID_SERVICE_NAME";
-    DiscoveryErrorCode["DNS_ERROR"] = "DISCOVERY_DNS_ERROR";
-    DiscoveryErrorCode["INVALID_EMAIL"] = "DISCOVERY_INVALID_EMAIL";
-    DiscoveryErrorCode["PERSONAL_EMAIL_DOMAIN"] = "DISCOVERY_PERSONAL_EMAIL_DOMAIN";
-})(DiscoveryErrorCode || (DiscoveryErrorCode = {}));
-/**
- * Personal email domains that are blacklisted from discovery.
- * Corporate services should use their own domain, not personal email.
- */
-const PERSONAL_EMAIL_DOMAINS = new Set([
-    'gmail.com',
-    'googlemail.com',
-    'outlook.com',
-    'hotmail.com',
-    'live.com',
-    'yahoo.com',
-    'ymail.com',
-    'icloud.com',
-    'me.com',
-    'protonmail.com',
-    'proton.me',
-    'aol.com',
-    'mail.com',
-    'zoho.com',
-    'gmx.com',
-    'tutanota.com',
-    'fastmail.com',
-]);
-/**
- * Discovery client for finding services.
- */
-export class ServiceDiscovery {
-    registryUrl;
-    dnsCache;
-    /**
-     * Create a discovery client.
-     *
-     * @param options - Configuration options
-     * @param options.registryUrl - Registry URL (default: https://xbind.registry.io)
-     */
-    constructor(options = {}) {
-        this.registryUrl = options.registryUrl || 'https://xbind.registry.io';
-        this.dnsCache = new Map();
-    }
-    /**
-     * Discover a service by name.
-     *
-     * Tries:
-     * 1. Email-based discovery (extracts domain from email)
-     * 2. Public registry lookup
-     * 3. Well-known URL if name is a domain
-     * 4. DNS TXT record (_xbind.domain)
-     * 5. Direct URL if name is a full URL
-     *
-     * @param nameOrUrl - Service name, email, domain, or URL
-     * @returns Service info or error
-     *
-     * @example
-     * ```ts
-     * const discovery = new ServiceDiscovery();
-     *
-     * // By name (registry lookup):
-     * const result = await discovery.discover('payments-service');
-     *
-     * // By email (domain extraction):
-     * const result = await discovery.discover('alice@company.com');
-     *
-     * // By domain (well-known):
-     * const result = await discovery.discover('payments.example.com');
-     *
-     * // By URL (direct):
-     * const result = await discovery.discover('https://api.payments.com/xbind');
-     * ```
-     */
-    async discover(nameOrUrl) {
-        // Validate input
-        if (!nameOrUrl || nameOrUrl.trim().length === 0) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_SERVICE_NAME,
-                message: 'Service name cannot be empty',
-                hint: 'Provide a service name, domain, email, or URL',
-            });
-        }
-        nameOrUrl = nameOrUrl.trim();
-        // If full URL, try direct
-        if (nameOrUrl.startsWith('http://') || nameOrUrl.startsWith('https://')) {
-            return this.discoverDirect(nameOrUrl);
-        }
-        // If email address, extract domain and discover
-        if (nameOrUrl.includes('@') && !nameOrUrl.includes('/')) {
-            return this.discoverEmail(nameOrUrl);
-        }
-        // If looks like domain, try well-known first, then DNS TXT
-        if (nameOrUrl.includes('.') && !nameOrUrl.includes('/')) {
-            const wellKnownResult = await this.discoverWellKnown(nameOrUrl);
-            if (wellKnownResult.ok) {
-                return wellKnownResult;
-            }
-            // Try DNS TXT as fallback
-            const dnsTxtResult = await this.discoverDnsTxt(nameOrUrl);
-            if (dnsTxtResult.ok) {
-                return dnsTxtResult;
-            }
-            // Fall through to registry if both fail
-        }
-        // Try registry lookup
-        return this.discoverRegistry(nameOrUrl);
-    }
-    /**
-     * Look up service in public registry.
-     *
-     * GET https://xbind.registry.io/lookup/:name
-     */
-    async discoverRegistry(name) {
-        try {
-            const url = `${this.registryUrl}/lookup/${encodeURIComponent(name)}`;
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (response.status === 404) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `Service "${name}" not found in registry`,
-                    hint: 'Check service name or register at xbind.registry.io',
-                });
-            }
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.REGISTRY_UNREACHABLE,
-                    message: `Registry returned ${response.status}`,
-                    hint: 'Try again later or use direct URL',
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-                hint: 'Check internet connection',
-            });
-        }
-    }
-    /**
-     * Discover via .well-known/xbind.
-     *
-     * GET https://domain/.well-known/xbind
-     */
-    async discoverWellKnown(domain) {
-        try {
-            const url = `https://${domain}/.well-known/xbind`;
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `No .well-known/xbind found at ${domain}`,
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Discover via direct URL.
-     */
-    async discoverDirect(url) {
-        try {
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `Service not found at ${url}`,
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Discover via DNS TXT record.
-     *
-     * Looks up TXT record at _xbind.domain
-     *
-     * Supports two formats:
-     * 1. Full record: "xbind-endpoint=https://...;did=did:web:...;publicKey=..." (all fields in DNS)
-     * 2. Simple redirect: "xbind=https://api.example.com/xbind" (fetch from endpoint)
-     *
-     * Includes 5-minute caching to reduce DNS queries.
-     */
-    async discoverDnsTxt(domain) {
-        // Check cache first (5 minute TTL)
-        const cached = this.dnsCache.get(domain);
-        if (cached && cached.expiry > Date.now()) {
-            return ok(cached.info);
-        }
-        try {
-            const txtRecords = await dns.resolveTxt(`_xbind.${domain}`);
-            // Find xbind record
-            for (const record of txtRecords) {
-                const txt = record.join('');
-                // Format 1: Full record with all fields
-                if (txt.includes('xbind-endpoint=')) {
-                    const parsed = this.parseDnsTxtRecord(txt, domain);
-                    if (parsed.ok) {
-                        // Cache for 5 minutes
-                        this.dnsCache.set(domain, {
-                            info: parsed.value,
-                            expiry: Date.now() + 5 * 60 * 1000,
-                        });
-                        return parsed;
-                    }
-                }
-                // Format 2: Simple redirect to endpoint
-                if (txt.startsWith('xbind=')) {
-                    const endpoint = txt.substring(6);
-                    // Fetch service info from endpoint
-                    const result = await this.discoverDirect(endpoint);
-                    if (result.ok) {
-                        // Cache for 5 minutes
-                        this.dnsCache.set(domain, {
-                            info: result.value,
-                            expiry: Date.now() + 5 * 60 * 1000,
-                        });
-                    }
-                    return result;
-                }
-            }
-            return err({
-                code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                message: `No _xbind TXT record found for ${domain}`,
-                hint: 'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."',
-            });
-        }
-        catch (error) {
-            // Handle DNS-specific errors
-            if (error && typeof error === 'object' && 'code' in error) {
-                const dnsError = error;
-                if (dnsError.code === 'ENOTFOUND' || dnsError.code === 'ENODATA') {
-                    return err({
-                        code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                        message: `No DNS TXT record found for _xbind.${domain}`,
-                    });
-                }
-                if (dnsError.code === 'ETIMEOUT') {
-                    return err({
-                        code: DiscoveryErrorCode.DNS_ERROR,
-                        message: 'DNS query timeout',
-                        hint: 'Check network connection or try again',
-                    });
-                }
-            }
-            return err({
-                code: DiscoveryErrorCode.DNS_ERROR,
-                message: error instanceof Error ? error.message : 'DNS lookup failed',
-                hint: 'Check domain name and DNS configuration',
-            });
-        }
-    }
-    /**
-     * Parse DNS TXT record into ServiceInfo.
-     *
-     * Expected format:
-     * xbind-endpoint=https://...;did=did:web:...;publicKey=...;version=1.0
-     *
-     * Optional fields:
-     * x25519PublicKey=...;mlKemPublicKey=...;description=...;logo=...;docs=...
-     */
-    parseDnsTxtRecord(txtRecord, domain) {
-        try {
-            const fields = new Map();
-            // Split by semicolon and parse key=value pairs
-            const parts = txtRecord.split(';').map(p => p.trim()).filter(p => p.length > 0);
-            for (const part of parts) {
-                const eqIndex = part.indexOf('=');
-                if (eqIndex === -1)
-                    continue;
-                const key = part.substring(0, eqIndex).trim();
-                const value = part.substring(eqIndex + 1).trim();
-                fields.set(key, value);
-            }
-            // Validate required fields
-            const endpoint = fields.get('xbind-endpoint');
-            const did = fields.get('did');
-            const publicKey = fields.get('publicKey');
-            if (!endpoint || !did || !publicKey) {
-                return err({
-                    code: DiscoveryErrorCode.INVALID_RESPONSE,
-                    message: 'DNS TXT record missing required fields',
-                    hint: 'Required: xbind-endpoint, did, publicKey',
-                });
-            }
-            // Build ServiceInfo
-            const info = {
-                name: domain,
-                endpoint,
-                did,
-                publicKey,
-            };
-            // Add optional fields
-            if (fields.has('x25519PublicKey')) {
-                info.x25519PublicKey = fields.get('x25519PublicKey');
-            }
-            if (fields.has('mlKemPublicKey')) {
-                info.mlKemPublicKey = fields.get('mlKemPublicKey');
-            }
-            if (fields.has('description')) {
-                info.description = fields.get('description');
-            }
-            if (fields.has('logo')) {
-                info.logo = fields.get('logo');
-            }
-            if (fields.has('docs')) {
-                info.docs = fields.get('docs');
-            }
-            return ok(info);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_RESPONSE,
-                message: error instanceof Error ? error.message : 'Failed to parse DNS TXT record',
-            });
-        }
-    }
-    /**
-     * Discover service via email address.
-     *
-     * Extracts domain from email and performs discovery.
-     * Personal email domains (gmail.com, outlook.com, etc.) are rejected.
-     *
-     * @param email - Email address (e.g., "alice@company.com")
-     * @returns Service info or error
-     *
-     * @example
-     * ```ts
-     * const discovery = new ServiceDiscovery();
-     * const result = await discovery.discoverEmail('alice@company.com');
-     * // Discovers service at company.com
-     * ```
-     */
-    async discoverEmail(email) {
-        // Validate email format
-        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-        if (!emailRegex.test(email)) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_EMAIL,
-                message: `Invalid email format: ${email}`,
-                hint: 'Provide a valid email address (e.g., alice@company.com)',
-            });
-        }
-        // Extract domain (everything after @)
-        const domain = this.extractDomain(email);
-        if (!domain) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_EMAIL,
-                message: `Could not extract domain from email: ${email}`,
-                hint: 'Check email format',
-            });
-        }
-        // Check for personal email domains
-        if (PERSONAL_EMAIL_DOMAINS.has(domain.toLowerCase())) {
-            return err({
-                code: DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,
-                message: `Personal email domains not supported for discovery: ${domain}`,
-                hint: 'Use a corporate email address or provide the company domain directly',
-            });
-        }
-        // Discover using the extracted domain
-        // Try well-known first, then DNS TXT, then registry
-        const wellKnownResult = await this.discoverWellKnown(domain);
-        if (wellKnownResult.ok) {
-            return wellKnownResult;
-        }
-        const dnsTxtResult = await this.discoverDnsTxt(domain);
-        if (dnsTxtResult.ok) {
-            return dnsTxtResult;
-        }
-        // Try registry with domain
-        return this.discoverRegistry(domain);
-    }
-    /**
-     * Extract domain from email address.
-     * Handles edge cases: subdomains, plus addressing, etc.
-     *
-     * @param email - Email address
-     * @returns Domain or null if extraction fails
-     *
-     * @example
-     * ```ts
-     * extractDomain('alice@company.com') // 'company.com'
-     * extractDomain('alice+label@company.com') // 'company.com'
-     * extractDomain('alice@mail.company.com') // 'mail.company.com'
-     * ```
-     */
-    extractDomain(email) {
-        const parts = email.split('@');
-        if (parts.length !== 2 || !parts[1]) {
-            return null;
-        }
-        // Domain is everything after @
-        const domain = parts[1].trim().toLowerCase();
-        // Validate domain has at least one dot and valid characters
-        if (!domain.includes('.') || domain.length < 3) {
-            return null;
-        }
-        // Basic domain validation (alphanumeric, dots, hyphens)
-        const domainRegex = /^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/;
-        if (!domainRegex.test(domain)) {
-            return null;
-        }
-        return domain;
-    }
-}
+import{ok,err}from"./_deps/shared/index.js";import{promises as dns}from"dns";export var DiscoveryErrorCode;!function(e){e.SERVICE_NOT_FOUND="DISCOVERY_SERVICE_NOT_FOUND",e.REGISTRY_UNREACHABLE="DISCOVERY_REGISTRY_UNREACHABLE",e.INVALID_RESPONSE="DISCOVERY_INVALID_RESPONSE",e.NETWORK_ERROR="DISCOVERY_NETWORK_ERROR",e.INVALID_SERVICE_NAME="DISCOVERY_INVALID_SERVICE_NAME",e.DNS_ERROR="DISCOVERY_DNS_ERROR",e.INVALID_EMAIL="DISCOVERY_INVALID_EMAIL",e.PERSONAL_EMAIL_DOMAIN="DISCOVERY_PERSONAL_EMAIL_DOMAIN"}(DiscoveryErrorCode||(DiscoveryErrorCode={}));const PERSONAL_EMAIL_DOMAINS=new Set(["gmail.com","googlemail.com","outlook.com","hotmail.com","live.com","yahoo.com","ymail.com","icloud.com","me.com","secure-email-provider-1.com","secure-email-provider-2.com","aol.com","mail.com","zoho.com","gmx.com","tutanota.com","fastmail.com"]);export class ServiceDiscovery{registryUrl;dnsCache;constructor(e={}){this.registryUrl=e.registryUrl||"https://xbind.registry.io",this.dnsCache=new Map}async discover(e){if(!e||0===e.trim().length)return err({code:DiscoveryErrorCode.INVALID_SERVICE_NAME,message:"Service name cannot be empty",hint:"Provide a service name, domain, email, or URL"});if((e=e.trim()).startsWith("http://")||e.startsWith("https://"))return this.discoverDirect(e);if(e.includes("@")&&!e.includes("/"))return this.discoverEmail(e);if(e.includes(".")&&!e.includes("/")){const r=await this.discoverWellKnown(e);if(r.ok)return r;const o=await this.discoverDnsTxt(e);if(o.ok)return o}return this.discoverRegistry(e)}async discoverRegistry(e){try{const r=`${this.registryUrl}/lookup/${encodeURIComponent(e)}`,o=await fetch(r,{headers:{Accept:"application/json"}});if(404===o.status)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service "${e}" not found in registry`,hint:"Check service name or register at xbind.registry.io"});if(!o.ok)return err({code:DiscoveryErrorCode.REGISTRY_UNREACHABLE,message:`Registry returned ${o.status}`,hint:"Try again later or use direct URL"});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error",hint:"Check internet connection"})}}async discoverWellKnown(e){try{const r=`https://${e}/.well-known/xbind`,o=await fetch(r,{headers:{Accept:"application/json"}});if(!o.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No .well-known/xbind found at ${e}`});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDirect(e){try{const r=await fetch(e,{headers:{Accept:"application/json"}});if(!r.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service not found at ${e}`});const o=await r.json();return ok(o)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDnsTxt(e){const r=this.dnsCache.get(e);if(r&&r.expiry>Date.now())return ok(r.info);try{const r=await dns.resolveTxt(`_xbind.${e}`);for(const o of r){const r=o.join("");if(r.includes("xbind-endpoint=")){const o=this.parseDnsTxtRecord(r,e);if(o.ok)return this.dnsCache.set(e,{info:o.value,expiry:Date.now()+3e5}),o}if(r.startsWith("xbind=")){const o=r.substring(6),t=await this.discoverDirect(o);return t.ok&&this.dnsCache.set(e,{info:t.value,expiry:Date.now()+3e5}),t}}return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No _xbind TXT record found for ${e}`,hint:'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."'})}catch(r){if(r&&"object"==typeof r&&"code"in r){const o=r;if("ENOTFOUND"===o.code||"ENODATA"===o.code)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No DNS TXT record found for _xbind.${e}`});if("ETIMEOUT"===o.code)return err({code:DiscoveryErrorCode.DNS_ERROR,message:"DNS query timeout",hint:"Check network connection or try again"})}return err({code:DiscoveryErrorCode.DNS_ERROR,message:r instanceof Error?r.message:"DNS lookup failed",hint:"Check domain name and DNS configuration"})}}parseDnsTxtRecord(e,r){try{const o=new Map,t=e.split(";").map(e=>e.trim()).filter(e=>e.length>0);for(const e of t){const r=e.indexOf("=");if(-1===r)continue;const t=e.substring(0,r).trim(),i=e.substring(r+1).trim();o.set(t,i)}const i=o.get("xbind-endpoint"),s=o.get("did"),n=o.get("publicKey");if(!i||!s||!n)return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:"DNS TXT record missing required fields",hint:"Required: xbind-endpoint, did, publicKey"});const c={name:r,endpoint:i,did:s,publicKey:n};return o.has("x25519PublicKey")&&(c.x25519PublicKey=o.get("x25519PublicKey")),o.has("mlKemPublicKey")&&(c.mlKemPublicKey=o.get("mlKemPublicKey")),o.has("description")&&(c.description=o.get("description")),o.has("logo")&&(c.logo=o.get("logo")),o.has("docs")&&(c.docs=o.get("docs")),ok(c)}catch(e){return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:e instanceof Error?e.message:"Failed to parse DNS TXT record"})}}async discoverEmail(e){if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e))return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Invalid email format: ${e}`,hint:"Provide a valid email address (e.g., alice@company.com)"});const r=this.extractDomain(e);if(!r)return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Could not extract domain from email: ${e}`,hint:"Check email format"});if(PERSONAL_EMAIL_DOMAINS.has(r.toLowerCase()))return err({code:DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,message:`Personal email domains not supported for discovery: ${r}`,hint:"Use a corporate email address or provide the company domain directly"});const o=await this.discoverWellKnown(r);if(o.ok)return o;const t=await this.discoverDnsTxt(r);return t.ok?t:this.discoverRegistry(r)}extractDomain(e){const r=e.split("@");if(2!==r.length||!r[1])return null;const o=r[1].trim().toLowerCase();if(!o.includes(".")||o.length<3)return null;return/^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/.test(o)?o:null}}