npm - @private.me/xbind - Versions diffs - 3.0.0 → 3.0.2 - Mend

@private.me/xbind 3.0.0 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/README.md +55 -7
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
package/dist-standalone/_deps/shared/cjs/index.js +463 -1
package/dist-standalone/_deps/shared/cjs/types.js +315 -1
package/dist-standalone/_deps/shared/errors.js +244 -1
package/dist-standalone/_deps/shared/index.js +72 -1
package/dist-standalone/_deps/shared/types.js +86 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +659 -1
package/dist-standalone/agent-sdk.js +328 -1
package/dist-standalone/agent.js +1800 -1
package/dist-standalone/approval.js +193 -1
package/dist-standalone/async-iterators.js +382 -1
package/dist-standalone/auth.js +219 -1
package/dist-standalone/auto-accept.js +229 -1
package/dist-standalone/backup-config.js +201 -1
package/dist-standalone/backup.js +326 -1
package/dist-standalone/batch-operations.js +388 -1
package/dist-standalone/cancellation.js +477 -1
package/dist-standalone/checkpoint.js +186 -1
package/dist-standalone/circuit-breaker.js +468 -1
package/dist-standalone/cjs/agent-call.js +701 -1
package/dist-standalone/cjs/agent-sdk.js +332 -1
package/dist-standalone/cjs/agent.js +1837 -1
package/dist-standalone/cjs/approval.js +199 -1
package/dist-standalone/cjs/async-iterators.js +392 -1
package/dist-standalone/cjs/auth.js +225 -1
package/dist-standalone/cjs/auto-accept.js +233 -1
package/dist-standalone/cjs/backup-config.js +207 -1
package/dist-standalone/cjs/backup.js +330 -1
package/dist-standalone/cjs/batch-operations.js +397 -1
package/dist-standalone/cjs/cancellation.js +490 -1
package/dist-standalone/cjs/checkpoint.js +193 -1
package/dist-standalone/cjs/circuit-breaker.js +476 -1
package/dist-standalone/cjs/cli/init.js +492 -1
package/dist-standalone/cjs/config-validation.js +522 -1
package/dist-standalone/cjs/connect.js +312 -1
package/dist-standalone/cjs/connection-pool.js +506 -1
package/dist-standalone/cjs/correlation-id.js +339 -1
package/dist-standalone/cjs/crypto-utils.js +176 -1
package/dist-standalone/cjs/debug-mode.js +534 -1
package/dist-standalone/cjs/did-document.js +101 -1
package/dist-standalone/cjs/did-privateme.js +130 -1
package/dist-standalone/cjs/did-web.js +201 -1
package/dist-standalone/cjs/discovery.js +462 -1
package/dist-standalone/cjs/dual-mode.js +251 -1
package/dist-standalone/cjs/email-templates.js +313 -1
package/dist-standalone/cjs/email-transport.js +239 -1
package/dist-standalone/cjs/envelope.js +538 -1
package/dist-standalone/cjs/errors.js +913 -1
package/dist-standalone/cjs/event-emitter.js +461 -1
package/dist-standalone/cjs/gateway-state.js +55 -1
package/dist-standalone/cjs/gateway-transport.js +120 -1
package/dist-standalone/cjs/graceful-degradation.js +403 -1
package/dist-standalone/cjs/guardrails.js +223 -1
package/dist-standalone/cjs/health-check.js +336 -1
package/dist-standalone/cjs/http-compat.js +272 -1
package/dist-standalone/cjs/http-status-map.js +571 -1
package/dist-standalone/cjs/identity.js +645 -1
package/dist-standalone/cjs/index.js +406 -1
package/dist-standalone/cjs/invitation.js +421 -1
package/dist-standalone/cjs/invite.js +328 -1
package/dist-standalone/cjs/key-agreement.js +335 -1
package/dist-standalone/cjs/lazy-init.js +300 -1
package/dist-standalone/cjs/logger.js +291 -1
package/dist-standalone/cjs/mdns-discovery.js +202 -1
package/dist-standalone/cjs/nonce-store.js +80 -1
package/dist-standalone/cjs/pairing-manager.js +223 -1
package/dist-standalone/cjs/plugin-system.js +264 -1
package/dist-standalone/cjs/plugins/logging.js +168 -1
package/dist-standalone/cjs/plugins/metrics.js +181 -1
package/dist-standalone/cjs/plugins/validation.js +302 -1
package/dist-standalone/cjs/policy.js +320 -1
package/dist-standalone/cjs/progress-callbacks.js +583 -1
package/dist-standalone/cjs/redis-nonce-store.js +76 -1
package/dist-standalone/cjs/registry-middleware.js +50 -1
package/dist-standalone/cjs/retry-strategies.js +544 -1
package/dist-standalone/cjs/retry-transport.js +102 -1
package/dist-standalone/cjs/runtime/browser.js +533 -1
package/dist-standalone/cjs/runtime/edge.js +526 -1
package/dist-standalone/cjs/runtime/react-native.js +394 -1
package/dist-standalone/cjs/security-policy.js +245 -1
package/dist-standalone/cjs/serialization.js +1040 -1
package/dist-standalone/cjs/split-channel.js +225 -1
package/dist-standalone/cjs/subscription-proof.js +230 -1
package/dist-standalone/cjs/succession.js +148 -1
package/dist-standalone/cjs/timeouts.js +412 -1
package/dist-standalone/cjs/trace-context.js +424 -1
package/dist-standalone/cjs/trace-spans.js +495 -1
package/dist-standalone/cjs/transport.js +63 -1
package/dist-standalone/cjs/trust-registry.js +991 -1
package/dist-standalone/cjs/types/error-response.js +56 -1
package/dist-standalone/cjs/vault-auth.js +178 -1
package/dist-standalone/cjs/vault-store-loader.js +194 -1
package/dist-standalone/cjs/verify.js +25 -1
package/dist-standalone/cjs/version-info.js +543 -1
package/dist-standalone/cjs/xfetch.js +340 -1
package/dist-standalone/cli/init.js +455 -1
package/dist-standalone/cli/setup.js +514 -1
package/dist-standalone/cli/types.js +27 -1
package/dist-standalone/cli/xbind.js +148 -1
package/dist-standalone/config-validation.js +513 -1
package/dist-standalone/connect.js +274 -1
package/dist-standalone/connection-pool.js +500 -1
package/dist-standalone/correlation-id.js +326 -1
package/dist-standalone/crypto-utils.js +157 -1
package/dist-standalone/debug-mode.js +510 -1
package/dist-standalone/did-document.js +96 -1
package/dist-standalone/did-privateme.js +121 -1
package/dist-standalone/did-web.js +196 -1
package/dist-standalone/discovery.js +458 -1
package/dist-standalone/dual-mode.js +247 -1
package/dist-standalone/email-templates.js +309 -1
package/dist-standalone/email-transport.js +232 -1
package/dist-standalone/envelope.js +525 -1
package/dist-standalone/errors.js +896 -1
package/dist-standalone/event-emitter.js +456 -1
package/dist-standalone/gateway-state.js +51 -1
package/dist-standalone/gateway-transport.js +116 -1
package/dist-standalone/graceful-degradation.js +396 -1
package/dist-standalone/guardrails.js +216 -1
package/dist-standalone/health-check.js +332 -1
package/dist-standalone/http-compat.js +267 -1
package/dist-standalone/http-status-map.js +561 -1
package/dist-standalone/identity.js +619 -1
package/dist-standalone/index.js +78 -1
package/dist-standalone/invitation.js +415 -1
package/dist-standalone/invite.js +324 -1
package/dist-standalone/key-agreement.js +325 -1
package/dist-standalone/lazy-init.js +295 -1
package/dist-standalone/logger.js +285 -1
package/dist-standalone/mdns-discovery.js +195 -1
package/dist-standalone/nonce-store.js +76 -1
package/dist-standalone/pairing-manager.js +219 -1
package/dist-standalone/plugin-system.js +257 -1
package/dist-standalone/plugins/logging.d.ts +84 -0
package/dist-standalone/plugins/logging.js +163 -0
package/dist-standalone/plugins/metrics.d.ts +111 -0
package/dist-standalone/plugins/metrics.js +176 -0
package/dist-standalone/plugins/validation.d.ts +104 -0
package/dist-standalone/plugins/validation.js +297 -0
package/dist-standalone/policy.js +315 -1
package/dist-standalone/progress-callbacks.js +576 -1
package/dist-standalone/redis-nonce-store.js +72 -1
package/dist-standalone/registry-middleware.js +47 -1
package/dist-standalone/retry-strategies.js +534 -1
package/dist-standalone/retry-transport.js +98 -1
package/dist-standalone/runtime/browser.d.ts +311 -0
package/dist-standalone/runtime/browser.js +516 -0
package/dist-standalone/runtime/edge.d.ts +282 -0
package/dist-standalone/runtime/edge.js +511 -0
package/dist-standalone/runtime/react-native.d.ts +157 -0
package/dist-standalone/runtime/react-native.js +383 -0
package/dist-standalone/security-policy.js +239 -1
package/dist-standalone/serialization.js +1031 -1
package/dist-standalone/split-channel.js +219 -1
package/dist-standalone/subscription-proof.js +224 -1
package/dist-standalone/succession.js +142 -1
package/dist-standalone/timeouts.js +398 -1
package/dist-standalone/trace-context.js +414 -1
package/dist-standalone/trace-spans.js +488 -1
package/dist-standalone/transport.js +59 -1
package/dist-standalone/trust-registry.js +950 -1
package/dist-standalone/types/error-response.d.ts +209 -0
package/dist-standalone/types/error-response.js +52 -0
package/dist-standalone/vault-auth.js +174 -1
package/dist-standalone/vault-store-loader.js +187 -1
package/dist-standalone/verify.js +16 -1
package/dist-standalone/version-info.js +530 -1
package/dist-standalone/xfetch.js +335 -1
package/package.json +4 -10
package/share1.dat +0 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
package/dist-standalone/_deps/shared/cjs/package.json +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
package/dist-standalone/cjs/package.json +0 -3
package/dist-standalone/package.json +0 -10

package/dist-standalone/cjs/discovery.js CHANGED Viewed

@@ -1 +1,462 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ServiceDiscovery=exports.DiscoveryErrorCode=void 0;const shared_1=require("../_deps/shared/index.js"),dns_1=require("dns");var DiscoveryErrorCode;!function(e){e.SERVICE_NOT_FOUND="DISCOVERY_SERVICE_NOT_FOUND",e.REGISTRY_UNREACHABLE="DISCOVERY_REGISTRY_UNREACHABLE",e.INVALID_RESPONSE="DISCOVERY_INVALID_RESPONSE",e.NETWORK_ERROR="DISCOVERY_NETWORK_ERROR",e.INVALID_SERVICE_NAME="DISCOVERY_INVALID_SERVICE_NAME",e.DNS_ERROR="DISCOVERY_DNS_ERROR",e.INVALID_EMAIL="DISCOVERY_INVALID_EMAIL",e.PERSONAL_EMAIL_DOMAIN="DISCOVERY_PERSONAL_EMAIL_DOMAIN"}(DiscoveryErrorCode||(exports.DiscoveryErrorCode=DiscoveryErrorCode={}));const PERSONAL_EMAIL_DOMAINS=new Set(["gmail.com","googlemail.com","outlook.com","hotmail.com","live.com","yahoo.com","ymail.com","icloud.com","me.com","secure-email-provider-1.com","secure-email-provider-2.com","aol.com","mail.com","zoho.com","gmx.com","tutanota.com","fastmail.com"]);class ServiceDiscovery{registryUrl;dnsCache;constructor(e={}){this.registryUrl=e.registryUrl||"https://xbind.registry.io",this.dnsCache=new Map}async discover(e){if(!e||0===e.trim().length)return(0,shared_1.err)({code:DiscoveryErrorCode.INVALID_SERVICE_NAME,message:"Service name cannot be empty",hint:"Provide a service name, domain, email, or URL"});if((e=e.trim()).startsWith("http://")||e.startsWith("https://"))return this.discoverDirect(e);if(e.includes("@")&&!e.includes("/"))return this.discoverEmail(e);if(e.includes(".")&&!e.includes("/")){const r=await this.discoverWellKnown(e);if(r.ok)return r;const o=await this.discoverDnsTxt(e);if(o.ok)return o}return this.discoverRegistry(e)}async discoverRegistry(e){try{const r=`${this.registryUrl}/lookup/${encodeURIComponent(e)}`,o=await fetch(r,{headers:{Accept:"application/json"}});if(404===o.status)return(0,shared_1.err)({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service "${e}" not found in registry`,hint:"Check service name or register at xbind.registry.io"});if(!o.ok)return(0,shared_1.err)({code:DiscoveryErrorCode.REGISTRY_UNREACHABLE,message:`Registry returned ${o.status}`,hint:"Try again later or use direct URL"});const s=await o.json();return(0,shared_1.ok)(s)}catch(e){return(0,shared_1.err)({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error",hint:"Check internet connection"})}}async discoverWellKnown(e){try{const r=`https://${e}/.well-known/xbind`,o=await fetch(r,{headers:{Accept:"application/json"}});if(!o.ok)return(0,shared_1.err)({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No .well-known/xbind found at ${e}`});const s=await o.json();return(0,shared_1.ok)(s)}catch(e){return(0,shared_1.err)({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDirect(e){try{const r=await fetch(e,{headers:{Accept:"application/json"}});if(!r.ok)return(0,shared_1.err)({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service not found at ${e}`});const o=await r.json();return(0,shared_1.ok)(o)}catch(e){return(0,shared_1.err)({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDnsTxt(e){const r=this.dnsCache.get(e);if(r&&r.expiry>Date.now())return(0,shared_1.ok)(r.info);try{const r=await dns_1.promises.resolveTxt(`_xbind.${e}`);for(const o of r){const r=o.join("");if(r.includes("xbind-endpoint=")){const o=this.parseDnsTxtRecord(r,e);if(o.ok)return this.dnsCache.set(e,{info:o.value,expiry:Date.now()+3e5}),o}if(r.startsWith("xbind=")){const o=r.substring(6),s=await this.discoverDirect(o);return s.ok&&this.dnsCache.set(e,{info:s.value,expiry:Date.now()+3e5}),s}}return(0,shared_1.err)({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No _xbind TXT record found for ${e}`,hint:'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."'})}catch(r){if(r&&"object"==typeof r&&"code"in r){const o=r;if("ENOTFOUND"===o.code||"ENODATA"===o.code)return(0,shared_1.err)({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No DNS TXT record found for _xbind.${e}`});if("ETIMEOUT"===o.code)return(0,shared_1.err)({code:DiscoveryErrorCode.DNS_ERROR,message:"DNS query timeout",hint:"Check network connection or try again"})}return(0,shared_1.err)({code:DiscoveryErrorCode.DNS_ERROR,message:r instanceof Error?r.message:"DNS lookup failed",hint:"Check domain name and DNS configuration"})}}parseDnsTxtRecord(e,r){try{const o=new Map,s=e.split(";").map(e=>e.trim()).filter(e=>e.length>0);for(const e of s){const r=e.indexOf("=");if(-1===r)continue;const s=e.substring(0,r).trim(),t=e.substring(r+1).trim();o.set(s,t)}const t=o.get("xbind-endpoint"),i=o.get("did"),n=o.get("publicKey");if(!t||!i||!n)return(0,shared_1.err)({code:DiscoveryErrorCode.INVALID_RESPONSE,message:"DNS TXT record missing required fields",hint:"Required: xbind-endpoint, did, publicKey"});const c={name:r,endpoint:t,did:i,publicKey:n};return o.has("x25519PublicKey")&&(c.x25519PublicKey=o.get("x25519PublicKey")),o.has("mlKemPublicKey")&&(c.mlKemPublicKey=o.get("mlKemPublicKey")),o.has("description")&&(c.description=o.get("description")),o.has("logo")&&(c.logo=o.get("logo")),o.has("docs")&&(c.docs=o.get("docs")),(0,shared_1.ok)(c)}catch(e){return(0,shared_1.err)({code:DiscoveryErrorCode.INVALID_RESPONSE,message:e instanceof Error?e.message:"Failed to parse DNS TXT record"})}}async discoverEmail(e){if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e))return(0,shared_1.err)({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Invalid email format: ${e}`,hint:"Provide a valid email address (e.g., alice@company.com)"});const r=this.extractDomain(e);if(!r)return(0,shared_1.err)({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Could not extract domain from email: ${e}`,hint:"Check email format"});if(PERSONAL_EMAIL_DOMAINS.has(r.toLowerCase()))return(0,shared_1.err)({code:DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,message:`Personal email domains not supported for discovery: ${r}`,hint:"Use a corporate email address or provide the company domain directly"});const o=await this.discoverWellKnown(r);if(o.ok)return o;const s=await this.discoverDnsTxt(r);return s.ok?s:this.discoverRegistry(r)}extractDomain(e){const r=e.split("@");if(2!==r.length||!r[1])return null;const o=r[1].trim().toLowerCase();if(!o.includes(".")||o.length<3)return null;return/^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/.test(o)?o:null}}exports.ServiceDiscovery=ServiceDiscovery;
+"use strict";
+/**
+ * @module discovery
+ * Service discovery for zero-config XBind connections.
+ *
+ * Enables: `xbind connect payments-service`
+ *
+ * Four-tier discovery:
+ * 1. Public registry (xbind.registry.io)
+ * 2. Well-known URL (https://service.com/.well-known/xbind)
+ * 3. DNS TXT record (_xbind.service.com)
+ * 4. Direct URL/QR code
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServiceDiscovery = exports.DiscoveryErrorCode = void 0;
+const shared_1 = require("../_deps/shared/index.js");
+const dns_1 = require("dns");
+/**
+ * Discovery error codes.
+ */
+var DiscoveryErrorCode;
+(function (DiscoveryErrorCode) {
+    DiscoveryErrorCode["SERVICE_NOT_FOUND"] = "DISCOVERY_SERVICE_NOT_FOUND";
+    DiscoveryErrorCode["REGISTRY_UNREACHABLE"] = "DISCOVERY_REGISTRY_UNREACHABLE";
+    DiscoveryErrorCode["INVALID_RESPONSE"] = "DISCOVERY_INVALID_RESPONSE";
+    DiscoveryErrorCode["NETWORK_ERROR"] = "DISCOVERY_NETWORK_ERROR";
+    DiscoveryErrorCode["INVALID_SERVICE_NAME"] = "DISCOVERY_INVALID_SERVICE_NAME";
+    DiscoveryErrorCode["DNS_ERROR"] = "DISCOVERY_DNS_ERROR";
+    DiscoveryErrorCode["INVALID_EMAIL"] = "DISCOVERY_INVALID_EMAIL";
+    DiscoveryErrorCode["PERSONAL_EMAIL_DOMAIN"] = "DISCOVERY_PERSONAL_EMAIL_DOMAIN";
+})(DiscoveryErrorCode || (exports.DiscoveryErrorCode = DiscoveryErrorCode = {}));
+/**
+ * Personal email domains that are blacklisted from discovery.
+ * Corporate services should use their own domain, not personal email.
+ */
+const PERSONAL_EMAIL_DOMAINS = new Set([
+    'gmail.com',
+    'googlemail.com',
+    'outlook.com',
+    'hotmail.com',
+    'live.com',
+    'yahoo.com',
+    'ymail.com',
+    'icloud.com',
+    'me.com',
+    'secure-email-provider-1.com',
+    'secure-email-provider-2.com',
+    'aol.com',
+    'mail.com',
+    'zoho.com',
+    'gmx.com',
+    'tutanota.com',
+    'fastmail.com',
+]);
+/**
+ * Discovery client for finding services.
+ */
+class ServiceDiscovery {
+    registryUrl;
+    dnsCache;
+    /**
+     * Create a discovery client.
+     *
+     * @param options - Configuration options
+     * @param options.registryUrl - Registry URL (default: https://xbind.registry.io)
+     */
+    constructor(options = {}) {
+        this.registryUrl = options.registryUrl || 'https://xbind.registry.io';
+        this.dnsCache = new Map();
+    }
+    /**
+     * Discover a service by name.
+     *
+     * Tries:
+     * 1. Email-based discovery (extracts domain from email)
+     * 2. Public registry lookup
+     * 3. Well-known URL if name is a domain
+     * 4. DNS TXT record (_xbind.domain)
+     * 5. Direct URL if name is a full URL
+     *
+     * @param nameOrUrl - Service name, email, domain, or URL
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     *
+     * // By name (registry lookup):
+     * const result = await discovery.discover('payments-service');
+     *
+     * // By email (domain extraction):
+     * const result = await discovery.discover('alice@company.com');
+     *
+     * // By domain (well-known):
+     * const result = await discovery.discover('payments.example.com');
+     *
+     * // By URL (direct):
+     * const result = await discovery.discover('https://api.payments.com/xbind');
+     * ```
+     */
+    async discover(nameOrUrl) {
+        // Validate input
+        if (!nameOrUrl || nameOrUrl.trim().length === 0) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.INVALID_SERVICE_NAME,
+                message: 'Service name cannot be empty',
+                hint: 'Provide a service name, domain, email, or URL',
+            });
+        }
+        nameOrUrl = nameOrUrl.trim();
+        // If full URL, try direct
+        if (nameOrUrl.startsWith('http://') || nameOrUrl.startsWith('https://')) {
+            return this.discoverDirect(nameOrUrl);
+        }
+        // If email address, extract domain and discover
+        if (nameOrUrl.includes('@') && !nameOrUrl.includes('/')) {
+            return this.discoverEmail(nameOrUrl);
+        }
+        // If looks like domain, try well-known first, then DNS TXT
+        if (nameOrUrl.includes('.') && !nameOrUrl.includes('/')) {
+            const wellKnownResult = await this.discoverWellKnown(nameOrUrl);
+            if (wellKnownResult.ok) {
+                return wellKnownResult;
+            }
+            // Try DNS TXT as fallback
+            const dnsTxtResult = await this.discoverDnsTxt(nameOrUrl);
+            if (dnsTxtResult.ok) {
+                return dnsTxtResult;
+            }
+            // Fall through to registry if both fail
+        }
+        // Try registry lookup
+        return this.discoverRegistry(nameOrUrl);
+    }
+    /**
+     * Look up service in public registry.
+     *
+     * GET https://xbind.registry.io/lookup/:name
+     */
+    async discoverRegistry(name) {
+        try {
+            const url = `${this.registryUrl}/lookup/${encodeURIComponent(name)}`;
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (response.status === 404) {
+                return (0, shared_1.err)({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `Service "${name}" not found in registry`,
+                    hint: 'Check service name or register at xbind.registry.io',
+                });
+            }
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: DiscoveryErrorCode.REGISTRY_UNREACHABLE,
+                    message: `Registry returned ${response.status}`,
+                    hint: 'Try again later or use direct URL',
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)(data);
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+                hint: 'Check internet connection',
+            });
+        }
+    }
+    /**
+     * Discover via .well-known/xbind.
+     *
+     * GET https://domain/.well-known/xbind
+     */
+    async discoverWellKnown(domain) {
+        try {
+            const url = `https://${domain}/.well-known/xbind`;
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `No .well-known/xbind found at ${domain}`,
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)(data);
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Discover via direct URL.
+     */
+    async discoverDirect(url) {
+        try {
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (!response.ok) {
+                return (0, shared_1.err)({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `Service not found at ${url}`,
+                });
+            }
+            const data = await response.json();
+            return (0, shared_1.ok)(data);
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Discover via DNS TXT record.
+     *
+     * Looks up TXT record at _xbind.domain
+     *
+     * Supports two formats:
+     * 1. Full record: "xbind-endpoint=https://...;did=did:web:...;publicKey=..." (all fields in DNS)
+     * 2. Simple redirect: "xbind=https://api.example.com/xbind" (fetch from endpoint)
+     *
+     * Includes 5-minute caching to reduce DNS queries.
+     */
+    async discoverDnsTxt(domain) {
+        // Check cache first (5 minute TTL)
+        const cached = this.dnsCache.get(domain);
+        if (cached && cached.expiry > Date.now()) {
+            return (0, shared_1.ok)(cached.info);
+        }
+        try {
+            const txtRecords = await dns_1.promises.resolveTxt(`_xbind.${domain}`);
+            // Find xbind record
+            for (const record of txtRecords) {
+                const txt = record.join('');
+                // Format 1: Full record with all fields
+                if (txt.includes('xbind-endpoint=')) {
+                    const parsed = this.parseDnsTxtRecord(txt, domain);
+                    if (parsed.ok) {
+                        // Cache for 5 minutes
+                        this.dnsCache.set(domain, {
+                            info: parsed.value,
+                            expiry: Date.now() + 5 * 60 * 1000,
+                        });
+                        return parsed;
+                    }
+                }
+                // Format 2: Simple redirect to endpoint
+                if (txt.startsWith('xbind=')) {
+                    const endpoint = txt.substring(6);
+                    // Fetch service info from endpoint
+                    const result = await this.discoverDirect(endpoint);
+                    if (result.ok) {
+                        // Cache for 5 minutes
+                        this.dnsCache.set(domain, {
+                            info: result.value,
+                            expiry: Date.now() + 5 * 60 * 1000,
+                        });
+                    }
+                    return result;
+                }
+            }
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                message: `No _xbind TXT record found for ${domain}`,
+                hint: 'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."',
+            });
+        }
+        catch (error) {
+            // Handle DNS-specific errors
+            if (error && typeof error === 'object' && 'code' in error) {
+                const dnsError = error;
+                if (dnsError.code === 'ENOTFOUND' || dnsError.code === 'ENODATA') {
+                    return (0, shared_1.err)({
+                        code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                        message: `No DNS TXT record found for _xbind.${domain}`,
+                    });
+                }
+                if (dnsError.code === 'ETIMEOUT') {
+                    return (0, shared_1.err)({
+                        code: DiscoveryErrorCode.DNS_ERROR,
+                        message: 'DNS query timeout',
+                        hint: 'Check network connection or try again',
+                    });
+                }
+            }
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.DNS_ERROR,
+                message: error instanceof Error ? error.message : 'DNS lookup failed',
+                hint: 'Check domain name and DNS configuration',
+            });
+        }
+    }
+    /**
+     * Parse DNS TXT record into ServiceInfo.
+     *
+     * Expected format:
+     * xbind-endpoint=https://...;did=did:web:...;publicKey=...;version=1.0
+     *
+     * Optional fields:
+     * x25519PublicKey=...;mlKemPublicKey=...;description=...;logo=...;docs=...
+     */
+    parseDnsTxtRecord(txtRecord, domain) {
+        try {
+            const fields = new Map();
+            // Split by semicolon and parse key=value pairs
+            const parts = txtRecord.split(';').map(p => p.trim()).filter(p => p.length > 0);
+            for (const part of parts) {
+                const eqIndex = part.indexOf('=');
+                if (eqIndex === -1)
+                    continue;
+                const key = part.substring(0, eqIndex).trim();
+                const value = part.substring(eqIndex + 1).trim();
+                fields.set(key, value);
+            }
+            // Validate required fields
+            const endpoint = fields.get('xbind-endpoint');
+            const did = fields.get('did');
+            const publicKey = fields.get('publicKey');
+            if (!endpoint || !did || !publicKey) {
+                return (0, shared_1.err)({
+                    code: DiscoveryErrorCode.INVALID_RESPONSE,
+                    message: 'DNS TXT record missing required fields',
+                    hint: 'Required: xbind-endpoint, did, publicKey',
+                });
+            }
+            // Build ServiceInfo
+            const info = {
+                name: domain,
+                endpoint,
+                did,
+                publicKey,
+            };
+            // Add optional fields
+            if (fields.has('x25519PublicKey')) {
+                info.x25519PublicKey = fields.get('x25519PublicKey');
+            }
+            if (fields.has('mlKemPublicKey')) {
+                info.mlKemPublicKey = fields.get('mlKemPublicKey');
+            }
+            if (fields.has('description')) {
+                info.description = fields.get('description');
+            }
+            if (fields.has('logo')) {
+                info.logo = fields.get('logo');
+            }
+            if (fields.has('docs')) {
+                info.docs = fields.get('docs');
+            }
+            return (0, shared_1.ok)(info);
+        }
+        catch (error) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.INVALID_RESPONSE,
+                message: error instanceof Error ? error.message : 'Failed to parse DNS TXT record',
+            });
+        }
+    }
+    /**
+     * Discover service via email address.
+     *
+     * Extracts domain from email and performs discovery.
+     * Personal email domains (gmail.com, outlook.com, etc.) are rejected.
+     *
+     * @param email - Email address (e.g., "alice@company.com")
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     * const result = await discovery.discoverEmail('alice@company.com');
+     * // Discovers service at company.com
+     * ```
+     */
+    async discoverEmail(email) {
+        // Validate email format
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.INVALID_EMAIL,
+                message: `Invalid email format: ${email}`,
+                hint: 'Provide a valid email address (e.g., alice@company.com)',
+            });
+        }
+        // Extract domain (everything after @)
+        const domain = this.extractDomain(email);
+        if (!domain) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.INVALID_EMAIL,
+                message: `Could not extract domain from email: ${email}`,
+                hint: 'Check email format',
+            });
+        }
+        // Check for personal email domains
+        if (PERSONAL_EMAIL_DOMAINS.has(domain.toLowerCase())) {
+            return (0, shared_1.err)({
+                code: DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,
+                message: `Personal email domains not supported for discovery: ${domain}`,
+                hint: 'Use a corporate email address or provide the company domain directly',
+            });
+        }
+        // Discover using the extracted domain
+        // Try well-known first, then DNS TXT, then registry
+        const wellKnownResult = await this.discoverWellKnown(domain);
+        if (wellKnownResult.ok) {
+            return wellKnownResult;
+        }
+        const dnsTxtResult = await this.discoverDnsTxt(domain);
+        if (dnsTxtResult.ok) {
+            return dnsTxtResult;
+        }
+        // Try registry with domain
+        return this.discoverRegistry(domain);
+    }
+    /**
+     * Extract domain from email address.
+     * Handles edge cases: subdomains, plus addressing, etc.
+     *
+     * @param email - Email address
+     * @returns Domain or null if extraction fails
+     *
+     * @example
+     * ```ts
+     * extractDomain('alice@company.com') // 'company.com'
+     * extractDomain('alice+label@company.com') // 'company.com'
+     * extractDomain('alice@mail.company.com') // 'mail.company.com'
+     * ```
+     */
+    extractDomain(email) {
+        const parts = email.split('@');
+        if (parts.length !== 2 || !parts[1]) {
+            return null;
+        }
+        // Domain is everything after @
+        const domain = parts[1].trim().toLowerCase();
+        // Validate domain has at least one dot and valid characters
+        if (!domain.includes('.') || domain.length < 3) {
+            return null;
+        }
+        // Basic domain validation (alphanumeric, dots, hyphens)
+        const domainRegex = /^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/;
+        if (!domainRegex.test(domain)) {
+            return null;
+        }
+        return domain;
+    }
+}
+exports.ServiceDiscovery = ServiceDiscovery;