@private.me/xbind 2.3.4 → 3.0.1

package/dist-standalone/runtime/browser.d.ts

@@ -0,0 +1,311 @@
+/**
+ * Browser Runtime Compatibility Layer
+ *
+ * Provides polyfills and runtime detection for browser environments.
+ * Ensures xBind works seamlessly in Chrome, Firefox, Safari, and service workers.
+ *
+ * @module runtime/browser
+ * @packageDocumentation
+ */
+import type { Result } from '@private.me/shared';
+/**
+ * Runtime environment type.
+ */
+export type RuntimeEnvironment = 'browser' | 'node' | 'service-worker' | 'web-worker' | 'unknown';
+/**
+ * Detect the current runtime environment.
+ *
+ * @returns The detected runtime environment type
+ *
+ * @example
+ * ```typescript
+ * import { detectRuntime } from '@private.me/xbind/runtime/browser';
+ *
+ * const runtime = detectRuntime();
+ * console.log('Running in:', runtime);
+ * // => 'browser' | 'node' | 'service-worker' | 'web-worker' | 'unknown'
+ * ```
+ */
+export declare function detectRuntime(): RuntimeEnvironment;
+/**
+ * Check if running in a browser environment.
+ *
+ * @returns True if running in browser, service worker, or web worker
+ */
+export declare function isBrowser(): boolean;
+/**
+ * Check if running in Node.js environment.
+ *
+ * @returns True if running in Node.js
+ */
+export declare function isNode(): boolean;
+/**
+ * Check if running in a service worker.
+ *
+ * @returns True if running in service worker context
+ */
+export declare function isServiceWorker(): boolean;
+/**
+ * Browser-compatible random bytes generator.
+ * Uses Web Crypto API's getRandomValues.
+ *
+ * @param length - Number of random bytes to generate
+ * @returns Uint8Array of cryptographically secure random bytes
+ *
+ * @throws {Error} If Web Crypto API is not available
+ *
+ * @example
+ * ```typescript
+ * import { getRandomBytes } from '@private.me/xbind/runtime/browser';
+ *
+ * const nonce = getRandomBytes(16);
+ * console.log('Random nonce:', nonce);
+ * ```
+ */
+export declare function getRandomBytes(length: number): Uint8Array;
+/**
+ * Generate a cryptographically secure random UUID.
+ * Uses Web Crypto API's randomUUID if available, falls back to manual generation.
+ *
+ * @returns UUID v4 string (e.g., "550e8400-e29b-41d4-a716-446655440000")
+ *
+ * @example
+ * ```typescript
+ * import { generateUUID } from '@private.me/xbind/runtime/browser';
+ *
+ * const id = generateUUID();
+ * console.log('Generated UUID:', id);
+ * ```
+ */
+export declare function generateUUID(): string;
+/**
+ * Browser storage interface for persisting agent identity and state.
+ */
+export interface BrowserStorage {
+    /**
+     * Store a value.
+     * @param key - Storage key
+     * @param value - Value to store (will be JSON serialized)
+     */
+    setItem(key: string, value: unknown): Promise<void>;
+    /**
+     * Retrieve a value.
+     * @param key - Storage key
+     * @returns Stored value or null if not found
+     */
+    getItem<T = unknown>(key: string): Promise<T | null>;
+    /**
+     * Remove a value.
+     * @param key - Storage key
+     */
+    removeItem(key: string): Promise<void>;
+    /**
+     * Clear all stored values.
+     */
+    clear(): Promise<void>;
+}
+/**
+ * LocalStorage-based implementation of BrowserStorage.
+ * Suitable for browser environments with persistent storage needs.
+ */
+export declare class LocalStorageAdapter implements BrowserStorage {
+    private prefix;
+    /**
+     * Create a new LocalStorage adapter.
+     *
+     * @param prefix - Key prefix to avoid collisions (default: 'xbind:')
+     */
+    constructor(prefix?: string);
+    setItem(key: string, value: unknown): Promise<void>;
+    getItem<T = unknown>(key: string): Promise<T | null>;
+    removeItem(key: string): Promise<void>;
+    clear(): Promise<void>;
+}
+/**
+ * IndexedDB-based implementation of BrowserStorage.
+ * Suitable for larger datasets and service workers.
+ */
+export declare class IndexedDBAdapter implements BrowserStorage {
+    private dbName;
+    private storeName;
+    private version;
+    private db;
+    /**
+     * Create a new IndexedDB adapter.
+     *
+     * @param dbName - Database name (default: 'xbind-storage')
+     * @param storeName - Object store name (default: 'keyval')
+     * @param version - Database version (default: 1)
+     */
+    constructor(dbName?: string, storeName?: string, version?: number);
+    /**
+     * Initialize the database connection.
+     * Called automatically by storage operations.
+     */
+    private ensureDB;
+    setItem(key: string, value: unknown): Promise<void>;
+    getItem<T = unknown>(key: string): Promise<T | null>;
+    removeItem(key: string): Promise<void>;
+    clear(): Promise<void>;
+    /**
+     * Close the database connection.
+     * Should be called when storage is no longer needed.
+     */
+    close(): void;
+}
+/**
+ * In-memory storage implementation for testing and ephemeral use cases.
+ */
+export declare class MemoryStorageAdapter implements BrowserStorage {
+    private store;
+    setItem(key: string, value: unknown): Promise<void>;
+    getItem<T = unknown>(key: string): Promise<T | null>;
+    removeItem(key: string): Promise<void>;
+    clear(): Promise<void>;
+}
+/**
+ * Error codes for WASM operations.
+ */
+export type WasmError = 'WASM_NOT_SUPPORTED' | 'WASM_LOAD_FAILED' | 'WASM_INIT_FAILED';
+/**
+ * Check if WebAssembly is supported in the current environment.
+ *
+ * @returns True if WebAssembly is supported
+ *
+ * @example
+ * ```typescript
+ * import { isWasmSupported } from '@private.me/xbind/runtime/browser';
+ *
+ * if (isWasmSupported()) {
+ *   console.log('WASM is supported - using post-quantum crypto');
+ * } else {
+ *   console.log('WASM not supported - falling back to classical crypto');
+ * }
+ * ```
+ */
+export declare function isWasmSupported(): boolean;
+/**
+ * Load and instantiate a WebAssembly module from a URL.
+ *
+ * @param url - URL to WASM module
+ * @param importObject - Optional imports for WASM module
+ * @returns Result containing the WASM instance or error
+ *
+ * @example
+ * ```typescript
+ * import { loadWasmModule } from '@private.me/xbind/runtime/browser';
+ *
+ * const result = await loadWasmModule('/mldsa.wasm');
+ * if (!result.ok) {
+ *   console.error('Failed to load WASM:', result.error);
+ *   return;
+ * }
+ *
+ * const instance = result.value;
+ * // Use WASM exports...
+ * ```
+ */
+export declare function loadWasmModule(url: string, importObject?: WebAssembly.Imports): Promise<Result<WebAssembly.Instance, WasmError>>;
+/**
+ * Browser capabilities and feature support.
+ */
+export interface BrowserCapabilities {
+    /** WebCrypto API available */
+    webCrypto: boolean;
+    /** SubtleCrypto API available */
+    subtleCrypto: boolean;
+    /** Ed25519 support in WebCrypto */
+    ed25519: boolean;
+    /** X25519 support in WebCrypto */
+    x25519: boolean;
+    /** WebAssembly support */
+    wasm: boolean;
+    /** IndexedDB support */
+    indexedDB: boolean;
+    /** LocalStorage support */
+    localStorage: boolean;
+    /** Service Worker support */
+    serviceWorker: boolean;
+    /** Web Worker support */
+    webWorker: boolean;
+    /** Fetch API support */
+    fetch: boolean;
+    /** TextEncoder/TextDecoder support */
+    textEncoding: boolean;
+}
+/**
+ * Detect browser capabilities and feature support.
+ *
+ * @returns Object describing available browser features
+ *
+ * @example
+ * ```typescript
+ * import { detectCapabilities } from '@private.me/xbind/runtime/browser';
+ *
+ * const caps = await detectCapabilities();
+ *
+ * if (!caps.webCrypto) {
+ *   throw new Error('WebCrypto required for xBind');
+ * }
+ *
+ * if (!caps.ed25519) {
+ *   console.warn('Ed25519 not supported - using polyfill');
+ * }
+ *
+ * if (caps.serviceWorker) {
+ *   console.log('Service workers supported - can run in background');
+ * }
+ * ```
+ */
+export declare function detectCapabilities(): Promise<BrowserCapabilities>;
+/**
+ * Install Node.js compatibility shims for browser environments.
+ * Only installs missing APIs - does not override existing implementations.
+ *
+ * @example
+ * ```typescript
+ * import { installNodePolyfills } from '@private.me/xbind/runtime/browser';
+ *
+ * // Install polyfills at application startup
+ * installNodePolyfills();
+ *
+ * // Now Node.js-style code works in browser
+ * import { randomBytes } from 'crypto'; // Works!
+ * ```
+ */
+export declare function installNodePolyfills(): void;
+/**
+ * Configuration for service worker compatibility mode.
+ */
+export interface ServiceWorkerConfig {
+    /** Cache strategy for WASM modules */
+    wasmCacheStrategy: 'cache-first' | 'network-first' | 'no-cache';
+    /** Maximum age for cached WASM modules (milliseconds) */
+    wasmCacheMaxAge: number;
+    /** Enable background sync for pending messages */
+    enableBackgroundSync: boolean;
+}
+/**
+ * Default service worker configuration.
+ */
+export declare const DEFAULT_SERVICE_WORKER_CONFIG: ServiceWorkerConfig;
+/**
+ * Initialize xBind for service worker environment.
+ * Sets up caching strategies and background sync handlers.
+ *
+ * @param config - Service worker configuration
+ *
+ * @example
+ * ```typescript
+ * // In your service worker (sw.js):
+ * import { initServiceWorker } from '@private.me/xbind/runtime/browser';
+ *
+ * initServiceWorker({
+ *   wasmCacheStrategy: 'cache-first',
+ *   wasmCacheMaxAge: 24 * 60 * 60 * 1000,
+ *   enableBackgroundSync: true,
+ * });
+ * ```
+ */
+export declare function initServiceWorker(config?: Partial<ServiceWorkerConfig>): void;
+export type { Result, };

package/dist-standalone/runtime/browser.js

@@ -0,0 +1 @@
+import{ok,err}from"../_deps/shared/index.js";export function detectRuntime(){return"undefined"!=typeof self&&"ServiceWorkerGlobalScope"in self?"service-worker":"undefined"!=typeof self&&"WorkerGlobalScope"in self&&"importScripts"in self?"web-worker":"undefined"!=typeof window&&"undefined"!=typeof document?"browser":"undefined"!=typeof process&&process.versions&&process.versions.node?"node":"unknown"}export function isBrowser(){const e=detectRuntime();return"browser"===e||"service-worker"===e||"web-worker"===e}export function isNode(){return"node"===detectRuntime()}export function isServiceWorker(){return"service-worker"===detectRuntime()}export function getRandomBytes(e){if("undefined"==typeof crypto||!crypto.getRandomValues)throw new Error("Web Crypto API not available - secure random generation impossible");const t=new Uint8Array(e);return crypto.getRandomValues(t),t}export function generateUUID(){if("undefined"!=typeof crypto&&crypto.randomUUID)return crypto.randomUUID();const e=getRandomBytes(16),t=e[6],r=e[8];void 0!==t&&(e[6]=15&t|64),void 0!==r&&(e[8]=63&r|128);const o=Array.from(e).map(e=>e.toString(16).padStart(2,"0")).join("");return[o.slice(0,8),o.slice(8,12),o.slice(12,16),o.slice(16,20),o.slice(20,32)].join("-")}export class LocalStorageAdapter{prefix;constructor(e="xbind:"){if(this.prefix=e,"undefined"==typeof localStorage)throw new Error("localStorage not available in this environment")}async setItem(e,t){const r=this.prefix+e,o=JSON.stringify(t);localStorage.setItem(r,o)}async getItem(e){const t=this.prefix+e,r=localStorage.getItem(t);if(null===r)return null;try{return JSON.parse(r)}catch{return null}}async removeItem(e){const t=this.prefix+e;localStorage.removeItem(t)}async clear(){Object.keys(localStorage).filter(e=>e.startsWith(this.prefix)).forEach(e=>localStorage.removeItem(e))}}export class IndexedDBAdapter{dbName;storeName;version;db=null;constructor(e="xbind-storage",t="keyval",r=1){this.dbName=e,this.storeName=t,this.version=r}async ensureDB(){return this.db?this.db:new Promise((e,t)=>{const r=indexedDB.open(this.dbName,this.version);r.onerror=()=>t(r.error),r.onsuccess=()=>{this.db=r.result,e(r.result)},r.onupgradeneeded=e=>{const t=e.target.result;t.objectStoreNames.contains(this.storeName)||t.createObjectStore(this.storeName)}})}async setItem(e,t){const r=(await this.ensureDB()).transaction(this.storeName,"readwrite").objectStore(this.storeName);return new Promise((o,n)=>{const s=r.put(t,e);s.onerror=()=>n(s.error),s.onsuccess=()=>o()})}async getItem(e){const t=(await this.ensureDB()).transaction(this.storeName,"readonly").objectStore(this.storeName);return new Promise((r,o)=>{const n=t.get(e);n.onerror=()=>o(n.error),n.onsuccess=()=>{const e=n.result;r(void 0===e?null:e)}})}async removeItem(e){const t=(await this.ensureDB()).transaction(this.storeName,"readwrite").objectStore(this.storeName);return new Promise((r,o)=>{const n=t.delete(e);n.onerror=()=>o(n.error),n.onsuccess=()=>r()})}async clear(){const e=(await this.ensureDB()).transaction(this.storeName,"readwrite").objectStore(this.storeName);return new Promise((t,r)=>{const o=e.clear();o.onerror=()=>r(o.error),o.onsuccess=()=>t()})}close(){this.db&&(this.db.close(),this.db=null)}}export class MemoryStorageAdapter{store=new Map;async setItem(e,t){this.store.set(e,t)}async getItem(e){const t=this.store.get(e);return void 0===t?null:t}async removeItem(e){this.store.delete(e)}async clear(){this.store.clear()}}export function isWasmSupported(){try{if("undefined"==typeof WebAssembly)return!1;const e=new WebAssembly.Module(new Uint8Array([0,97,115,109,1,0,0,0]));if(!(e instanceof WebAssembly.Module))return!1;return new WebAssembly.Instance(e)instanceof WebAssembly.Instance}catch{return!1}}export async function loadWasmModule(e,t){if(!isWasmSupported())return err("WASM_NOT_SUPPORTED");try{if(void 0!==WebAssembly.instantiateStreaming){const r=await fetch(e),o=await WebAssembly.instantiateStreaming(r,t);return ok(o.instance)}const r=await fetch(e),o=await r.arrayBuffer(),n=await WebAssembly.instantiate(o,t);return ok(n.instance)}catch(e){return console.error("WASM load failed:",e),err("WASM_LOAD_FAILED")}}export async function detectCapabilities(){const e={webCrypto:"undefined"!=typeof crypto&&!!crypto.subtle,subtleCrypto:"undefined"!=typeof crypto&&!!crypto.subtle,ed25519:!1,x25519:!1,wasm:isWasmSupported(),indexedDB:"undefined"!=typeof indexedDB,localStorage:"undefined"!=typeof localStorage,serviceWorker:"undefined"!=typeof navigator&&"serviceWorker"in navigator,webWorker:"undefined"!=typeof Worker,fetch:"undefined"!=typeof fetch,textEncoding:"undefined"!=typeof TextEncoder&&"undefined"!=typeof TextDecoder};if(e.subtleCrypto)try{await crypto.subtle.generateKey({name:"Ed25519"},!0,["sign","verify"]),e.ed25519=!0}catch{e.ed25519=!1}if(e.subtleCrypto)try{await crypto.subtle.generateKey({name:"X25519"},!0,["deriveBits"]),e.x25519=!0}catch{e.x25519=!1}return e}export function installNodePolyfills(){isBrowser()&&(void 0===globalThis.process&&(globalThis.process={env:{},versions:{},nextTick:e=>Promise.resolve().then(e)}),void 0===globalThis.Buffer&&(globalThis.Buffer={from:(e,t)=>{if(e instanceof Uint8Array)return e;if("base64"===t){const t=atob(e);return new Uint8Array(t.split("").map(e=>e.charCodeAt(0)))}return(new TextEncoder).encode(e)},alloc:e=>new Uint8Array(e)}),void 0===globalThis.global&&(globalThis.global=globalThis))}export const DEFAULT_SERVICE_WORKER_CONFIG={wasmCacheStrategy:"cache-first",wasmCacheMaxAge:864e5,enableBackgroundSync:!0};export function initServiceWorker(e={}){const t={...DEFAULT_SERVICE_WORKER_CONFIG,...e};if(!isServiceWorker())throw new Error("initServiceWorker() must be called from service worker context");self.__xbind_sw_config=t,console.log("[xBind] Service worker initialized with config:",t)}

package/dist-standalone/runtime/edge.d.ts

@@ -0,0 +1,282 @@
+/**
+ * Edge Runtime Support for xBind
+ *
+ * Enables xBind to run on edge compute platforms:
+ * - Cloudflare Workers
+ * - Vercel Edge Functions
+ * - Deno Deploy
+ *
+ * Key Features:
+ * - Edge-compatible crypto operations (Web Crypto API only)
+ * - KV storage integration for nonce stores and trust registry
+ * - Size-optimized build (<1MB constraint)
+ * - No Node.js dependencies (no fs, crypto, process)
+ */
+import type { Result } from '@private.me/shared';
+import type { NonceStore, ShareContext } from '../nonce-store.js';
+import type { TrustRegistry, RegistryError } from '../trust-registry.js';
+import type { XailTransportAdapter, EnvelopeHandler, TransportError } from '../transport.js';
+import type { AnyTransportEnvelope } from '../envelope.js';
+/**
+ * Detected edge runtime environment.
+ */
+export type EdgeRuntime = 'cloudflare' | 'vercel' | 'deno' | 'node' | 'unknown';
+/**
+ * Detect the current edge runtime environment.
+ *
+ * Detection order:
+ * 1. Cloudflare Workers: globalThis.caches + EdgeRuntime
+ * 2. Vercel Edge: process.env.VERCEL + EdgeRuntime
+ * 3. Deno Deploy: globalThis.Deno
+ * 4. Node.js: process.versions.node
+ * 5. Unknown: fallback
+ */
+export declare function detectRuntime(): EdgeRuntime;
+/**
+ * Check if the current runtime is an edge environment.
+ */
+export declare function isEdgeRuntime(): boolean;
+/**
+ * Validate that the runtime supports required Web Crypto APIs.
+ *
+ * Edge runtimes MUST provide:
+ * - crypto.subtle (Ed25519, X25519, AES-GCM, HMAC)
+ * - crypto.getRandomValues()
+ * - TextEncoder/TextDecoder
+ */
+export declare function validateEdgeRuntime(): Result<void, string>;
+/**
+ * Generic KV storage interface for edge runtimes.
+ *
+ * Implementations:
+ * - Cloudflare KV
+ * - Vercel KV (Redis)
+ * - Deno KV
+ */
+export interface EdgeKVStore {
+    /**
+     * Get a value by key.
+     * @returns value or null if not found
+     */
+    get(key: string): Promise<string | null>;
+    /**
+     * Set a value with optional TTL.
+     * @param key Storage key
+     * @param value String value
+     * @param ttlSeconds Time-to-live in seconds (optional)
+     */
+    put(key: string, value: string, ttlSeconds?: number): Promise<void>;
+    /**
+     * Delete a key.
+     */
+    delete(key: string): Promise<void>;
+    /**
+     * List keys with optional prefix.
+     * @param prefix Key prefix for filtering
+     * @param limit Maximum number of keys to return
+     * @returns Array of matching keys
+     */
+    list(prefix?: string, limit?: number): Promise<string[]>;
+}
+/**
+ * Cloudflare Workers KV namespace binding.
+ * Available via env.NAMESPACE in Workers.
+ */
+export interface CloudflareKVNamespace {
+    get(key: string): Promise<string | null>;
+    put(key: string, value: string, options?: {
+        expirationTtl?: number;
+    }): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(options?: {
+        prefix?: string;
+        limit?: number;
+    }): Promise<{
+        keys: Array<{
+            name: string;
+        }>;
+    }>;
+}
+/**
+ * Adapter for Cloudflare Workers KV.
+ */
+export declare class CloudflareKVAdapter implements EdgeKVStore {
+    private readonly namespace;
+    constructor(namespace: CloudflareKVNamespace);
+    get(key: string): Promise<string | null>;
+    put(key: string, value: string, ttlSeconds?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(prefix?: string, limit?: number): Promise<string[]>;
+}
+/**
+ * Vercel KV client interface (Redis-compatible).
+ */
+export interface VercelKVClient {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string, options?: {
+        ex?: number;
+    }): Promise<void>;
+    del(key: string): Promise<void>;
+    keys(pattern: string): Promise<string[]>;
+}
+/**
+ * Adapter for Vercel KV (Redis).
+ */
+export declare class VercelKVAdapter implements EdgeKVStore {
+    private readonly client;
+    constructor(client: VercelKVClient);
+    get(key: string): Promise<string | null>;
+    put(key: string, value: string, ttlSeconds?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(prefix?: string, limit?: number): Promise<string[]>;
+}
+/**
+ * Deno KV interface.
+ */
+export interface DenoKV {
+    get(key: string[]): Promise<{
+        value: string | null;
+    }>;
+    set(key: string[], value: string, options?: {
+        expireIn?: number;
+    }): Promise<void>;
+    delete(key: string[]): Promise<void>;
+    list(selector: {
+        prefix: string[];
+    }): AsyncIterableIterator<{
+        key: string[];
+        value: string;
+    }>;
+}
+/**
+ * Adapter for Deno KV.
+ */
+export declare class DenoKVAdapter implements EdgeKVStore {
+    private readonly kv;
+    constructor(kv: DenoKV);
+    get(key: string): Promise<string | null>;
+    put(key: string, value: string, ttlSeconds?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(prefix?: string, limit?: number): Promise<string[]>;
+}
+/**
+ * Nonce store implementation using KV storage.
+ *
+ * Suitable for edge runtimes where in-memory storage
+ * is ephemeral across invocations.
+ */
+export declare class KVNonceStore implements NonceStore {
+    private readonly kv;
+    private readonly ttlSeconds;
+    constructor(kv: EdgeKVStore, ttlMs?: number);
+    /**
+     * Build composite key: xbind:nonce:{senderDid}:{nonce}:{shareGroupId}:{shareIndex}
+     */
+    private buildKey;
+    check(nonce: string, senderDid: string, shareContext?: ShareContext): Promise<boolean>;
+    cleanup(): void;
+    dispose(): void;
+}
+/**
+ * Trust registry implementation using KV storage.
+ *
+ * Stores DID registrations in edge KV for distributed lookups.
+ * Simplified version suitable for edge runtimes - stores minimal metadata.
+ */
+export declare class KVTrustRegistry implements TrustRegistry {
+    private readonly kv;
+    constructor(kv: EdgeKVStore);
+    /**
+     * Build key: xbind:trust:{did}
+     */
+    private buildKey;
+    register(did: string, publicKey: Uint8Array, name: string, scopes?: string[], x25519PublicKey?: Uint8Array, mlKemPublicKey?: Uint8Array, mlDsaPublicKey?: Uint8Array, xchange?: boolean, receiveScopes?: string[], sdkVersion?: string, minEnvelopeVersion?: number, maxEnvelopeVersion?: number, ttlMs?: number): Promise<Result<void, RegistryError>>;
+    resolve(did: string): Promise<Result<Uint8Array, RegistryError>>;
+    hasScope(did: string, scope: string): Promise<boolean>;
+    hasReceiveScope(did: string, scope: string): Promise<boolean>;
+    revoke(did: string): Promise<Result<void, RegistryError>>;
+    list(): Promise<string[]>;
+    getEntry(did: string): Promise<Result<import('../trust-registry.js').RegistryEntry, RegistryError>>;
+    /** Additional methods for edge compatibility */
+    getFullEntry(did: string): Promise<Result<Record<string, unknown>, RegistryError>>;
+    dispose(): void;
+}
+/**
+ * Edge-compatible HTTPS transport adapter.
+ *
+ * Uses standard fetch API (available in all edge runtimes).
+ * Optimized for edge constraints:
+ * - No Node.js http/https modules
+ * - No setTimeout (uses AbortSignal.timeout)
+ * - Minimal allocations
+ */
+export declare class EdgeTransportAdapter implements XailTransportAdapter {
+    private readonly baseUrl;
+    private readonly timeoutMs;
+    private handlers;
+    constructor(opts: {
+        baseUrl: string;
+        timeoutMs?: number;
+    });
+    send(envelope: AnyTransportEnvelope, recipientDid: string): Promise<Result<void, TransportError>>;
+    onReceive(handler: EnvelopeHandler): void;
+    /**
+     * Dispatch received envelope to all handlers.
+     * Called by edge function handler when processing incoming requests.
+     */
+    dispatch(envelope: AnyTransportEnvelope): void;
+    dispose(): void;
+}
+/**
+ * Options for creating an edge-compatible agent.
+ */
+export interface EdgeAgentOptions {
+    /** KV store for nonce deduplication and trust registry */
+    readonly kv: EdgeKVStore;
+    /** Base URL for message transport */
+    readonly baseUrl: string;
+    /** Request timeout in milliseconds */
+    readonly timeoutMs?: number;
+    /** Nonce TTL in milliseconds */
+    readonly nonceTtlMs?: number;
+}
+/**
+ * Create edge-compatible xBind components.
+ *
+ * Returns nonce store, trust registry, and transport adapter
+ * configured for the edge runtime.
+ *
+ * @example
+ * ```typescript
+ * // Cloudflare Workers
+ * const kv = new CloudflareKVAdapter(env.XBIND_KV);
+ * const { nonceStore, trustRegistry, transport } = createEdgeAgent({
+ *   kv,
+ *   baseUrl: 'https://private.me/relay',
+ * });
+ *
+ * const agent = new Agent({
+ *   identity: 'persistent',
+ *   nonceStore,
+ *   trustRegistry,
+ *   transport,
+ * });
+ * ```
+ */
+export declare function createEdgeAgent(opts: EdgeAgentOptions): {
+    nonceStore: KVNonceStore;
+    trustRegistry: KVTrustRegistry;
+    transport: EdgeTransportAdapter;
+};
+/**
+ * Check if the bundled size is within edge runtime limits.
+ *
+ * Cloudflare Workers: 1MB compressed limit
+ * Vercel Edge: 1MB limit
+ * Deno Deploy: 1MB limit
+ */
+export declare function checkBundleSize(bundleSizeBytes: number): Result<void, string>;
+/**
+ * Get edge-optimized build recommendations.
+ */
+export declare function getOptimizationTips(): string[];

package/dist-standalone/runtime/edge.js

@@ -0,0 +1 @@
+import{ok,err}from"../_deps/shared/index.js";export function detectRuntime(){const e=globalThis;return void 0!==e.caches&&"string"==typeof e.EdgeRuntime?"cloudflare":"string"==typeof e.EdgeRuntime&&"undefined"!=typeof process&&"1"===process.env?.VERCEL?"vercel":void 0!==e.Deno?"deno":"undefined"!=typeof process&&"string"==typeof process.versions?.node?"node":"unknown"}export function isEdgeRuntime(){const e=detectRuntime();return"cloudflare"===e||"vercel"===e||"deno"===e}export function validateEdgeRuntime(){if(void 0===globalThis.crypto)return err("Missing globalThis.crypto");if(void 0===globalThis.crypto.subtle)return err("Missing crypto.subtle");if("function"!=typeof globalThis.crypto.getRandomValues)return err("Missing crypto.getRandomValues");const e=["generateKey","sign","verify","encrypt","decrypt","deriveBits","importKey","exportKey"];for(const t of e)if("function"!=typeof globalThis.crypto.subtle[t])return err(`Missing crypto.subtle.${t}`);return void 0===globalThis.TextEncoder?err("Missing TextEncoder"):void 0===globalThis.TextDecoder?err("Missing TextDecoder"):"function"!=typeof globalThis.fetch?err("Missing fetch API"):ok(void 0)}export class CloudflareKVAdapter{namespace;constructor(e){this.namespace=e}async get(e){return await this.namespace.get(e)}async put(e,t,r){const s=r?{expirationTtl:r}:void 0;await this.namespace.put(e,t,s)}async delete(e){await this.namespace.delete(e)}async list(e,t){return(await this.namespace.list({prefix:e,limit:t})).keys.map(e=>e.name)}}export class VercelKVAdapter{client;constructor(e){this.client=e}async get(e){return await this.client.get(e)}async put(e,t,r){const s=r?{ex:r}:void 0;await this.client.set(e,t,s)}async delete(e){await this.client.del(e)}async list(e,t){const r=e?`${e}*`:"*",s=await this.client.keys(r);return t?s.slice(0,t):s}}export class DenoKVAdapter{kv;constructor(e){this.kv=e}async get(e){return(await this.kv.get([e])).value}async put(e,t,r){const s=r?{expireIn:1e3*r}:void 0;await this.kv.set([e],t,s)}async delete(e){await this.kv.delete([e])}async list(e,t){const r={prefix:e?[e]:[]},s=[];for await(const e of this.kv.list(r))if(s.push(e.key.join("/")),t&&s.length>=t)break;return s}}export class KVNonceStore{kv;ttlSeconds;constructor(e,t=6e5){this.kv=e,this.ttlSeconds=Math.floor(t/1e3)}buildKey(e,t,r){const s=`xbind:nonce:${t}:${e}`;if(!r)return s;return`${s}:${r.shareGroupId??""}:${void 0!==r.shareIndex?String(r.shareIndex):""}`}async check(e,t,r){const s=this.buildKey(e,t,r);return null===await this.kv.get(s)&&(await this.kv.put(s,Date.now().toString(),this.ttlSeconds),!0)}cleanup(){}dispose(){}}export class KVTrustRegistry{kv;constructor(e){this.kv=e}buildKey(e){return`xbind:trust:${e}`}async register(e,t,r,s,n,i,o,c,a,l,u,d,p){const y=this.buildKey(e),h=e=>btoa(String.fromCharCode(...Array.from(e))),m={did:e,publicKey:h(t),name:r,scopes:s??[],x25519PublicKey:n?h(n):void 0,mlKemPublicKey:i?h(i):void 0,mlDsaPublicKey:o?h(o):void 0,xchange:c??!1,receiveScopes:a??[],sdkVersion:l,minEnvelopeVersion:u,maxEnvelopeVersion:d,registeredAt:Date.now(),rotation_sequence:0};try{const e=p?Math.floor(p/1e3):void 0;return await this.kv.put(y,JSON.stringify(m),e),ok(void 0)}catch(e){return err("NETWORK_ERROR")}}async resolve(e){const t=this.buildKey(e);try{const e=await this.kv.get(t);if(null===e)return err("NOT_FOUND");const r=JSON.parse(e);return ok((e=>Uint8Array.from(atob(e),e=>e.charCodeAt(0)))(r.publicKey))}catch(e){return err("NETWORK_ERROR")}}async hasScope(e,t){const r=this.buildKey(e);try{const e=await this.kv.get(r);if(null===e)return!1;const s=JSON.parse(e);return s.scopes?.includes(t)??!1}catch{return!1}}async hasReceiveScope(e,t){const r=this.buildKey(e);try{const e=await this.kv.get(r);if(null===e)return!1;const s=JSON.parse(e);return s.receiveScopes?.includes(t)??!1}catch{return!1}}async revoke(e){const t=this.buildKey(e);try{return await this.kv.delete(t),ok(void 0)}catch(e){return err("NETWORK_ERROR")}}async list(){try{return(await this.kv.list("xbind:trust:",1e3)).map(e=>e.replace("xbind:trust:",""))}catch{return[]}}async getEntry(e){const t=this.buildKey(e);try{const e=await this.kv.get(t);if(null===e)return err("NOT_FOUND");const r=JSON.parse(e),s=e=>Uint8Array.from(atob(e),e=>e.charCodeAt(0)),n={did:r.did,publicKey:s(r.publicKey),name:r.name,scopes:new Set(r.scopes),receiveScopes:r.receiveScopes?new Set(r.receiveScopes):void 0,revoked:!1,x25519PublicKey:r.x25519PublicKey?s(r.x25519PublicKey):void 0,mlKemPublicKey:r.mlKemPublicKey?s(r.mlKemPublicKey):void 0,mlDsaPublicKey:r.mlDsaPublicKey?s(r.mlDsaPublicKey):void 0,xchange:r.xchange,rotation_sequence:r.rotation_sequence,sdkVersion:r.sdkVersion,minEnvelopeVersion:r.minEnvelopeVersion,maxEnvelopeVersion:r.maxEnvelopeVersion};return ok(n)}catch(e){return err("NETWORK_ERROR")}}async getFullEntry(e){const t=this.buildKey(e);try{const e=await this.kv.get(t);if(null===e)return err("NOT_FOUND");const r=JSON.parse(e);return ok(r)}catch(e){return err("NETWORK_ERROR")}}dispose(){}}export class EdgeTransportAdapter{baseUrl;timeoutMs;handlers=[];constructor(e){this.baseUrl=e.baseUrl.replace(/\/$/,""),this.timeoutMs=e.timeoutMs??1e4}async send(e,t){const r=`${this.baseUrl}/deliver/${encodeURIComponent(t)}`;try{const t=new AbortController,s=setTimeout(()=>t.abort(),this.timeoutMs),n=await globalThis.fetch(r,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e),signal:t.signal});return clearTimeout(s),n.ok?ok(void 0):err(404===n.status?"RECIPIENT_UNREACHABLE":"SEND_FAILED")}catch(e){return e instanceof DOMException&&"AbortError"===e.name?err("TIMEOUT"):err("NETWORK_ERROR")}}onReceive(e){this.handlers.push(e)}dispatch(e){for(const t of this.handlers)t(e)}dispose(){this.handlers=[]}}export function createEdgeAgent(e){return{nonceStore:new KVNonceStore(e.kv,e.nonceTtlMs),trustRegistry:new KVTrustRegistry(e.kv),transport:new EdgeTransportAdapter({baseUrl:e.baseUrl,timeoutMs:e.timeoutMs})}}export function checkBundleSize(e){const t=1048576;if(e>t){const t=(e/1024/1024).toFixed(2),r=1..toFixed(2);return err(`Bundle size ${t}MB exceeds edge runtime limit of ${r}MB. Consider using tree-shaking or dynamic imports.`)}return ok(void 0)}export function getOptimizationTips(){return["1. Use tree-shaking: Import only required functions","2. Enable minification in bundler config","3. Use dynamic imports for large dependencies (mlkem, mldsa)","4. Exclude Node.js polyfills (crypto, fs, process)","5. Use Brotli compression for Cloudflare Workers","6. Consider splitting post-quantum crypto into separate bundle","7. Use KV storage instead of in-memory caches"]}