@private.me/xbind 3.0.0 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +55 -7
- package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
- package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
- package/dist-standalone/_deps/shared/cjs/index.js +463 -1
- package/dist-standalone/_deps/shared/cjs/types.js +315 -1
- package/dist-standalone/_deps/shared/errors.js +244 -1
- package/dist-standalone/_deps/shared/index.js +72 -1
- package/dist-standalone/_deps/shared/types.js +86 -1
- package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
- package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
- package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
- package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
- package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
- package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
- package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
- package/dist-standalone/_deps/ux-helpers/index.js +1 -1
- package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
- package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
- package/dist-standalone/_deps/ux-helpers/search.js +1 -1
- package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
- package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
- package/dist-standalone/_deps/xchange/errors.js +1 -1
- package/dist-standalone/_deps/xchange/index.js +1 -1
- package/dist-standalone/_deps/xchange/invite-client.js +1 -1
- package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
- package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
- package/dist-standalone/_deps/xchange/xchange.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
- package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
- package/dist-standalone/_deps/xregistry/discovery.js +1 -1
- package/dist-standalone/_deps/xregistry/errors.js +1 -1
- package/dist-standalone/_deps/xregistry/index.js +1 -1
- package/dist-standalone/_deps/xregistry/registry.js +1 -1
- package/dist-standalone/_deps/xregistry/schema.js +1 -1
- package/dist-standalone/_deps/xregistry/types.js +1 -1
- package/dist-standalone/agent-call.js +659 -1
- package/dist-standalone/agent-sdk.js +328 -1
- package/dist-standalone/agent.js +1800 -1
- package/dist-standalone/approval.js +193 -1
- package/dist-standalone/async-iterators.js +382 -1
- package/dist-standalone/auth.js +219 -1
- package/dist-standalone/auto-accept.js +229 -1
- package/dist-standalone/backup-config.js +201 -1
- package/dist-standalone/backup.js +326 -1
- package/dist-standalone/batch-operations.js +388 -1
- package/dist-standalone/cancellation.js +477 -1
- package/dist-standalone/checkpoint.js +186 -1
- package/dist-standalone/circuit-breaker.js +468 -1
- package/dist-standalone/cjs/agent-call.js +701 -1
- package/dist-standalone/cjs/agent-sdk.js +332 -1
- package/dist-standalone/cjs/agent.js +1837 -1
- package/dist-standalone/cjs/approval.js +199 -1
- package/dist-standalone/cjs/async-iterators.js +392 -1
- package/dist-standalone/cjs/auth.js +225 -1
- package/dist-standalone/cjs/auto-accept.js +233 -1
- package/dist-standalone/cjs/backup-config.js +207 -1
- package/dist-standalone/cjs/backup.js +330 -1
- package/dist-standalone/cjs/batch-operations.js +397 -1
- package/dist-standalone/cjs/cancellation.js +490 -1
- package/dist-standalone/cjs/checkpoint.js +193 -1
- package/dist-standalone/cjs/circuit-breaker.js +476 -1
- package/dist-standalone/cjs/cli/init.js +492 -1
- package/dist-standalone/cjs/config-validation.js +522 -1
- package/dist-standalone/cjs/connect.js +312 -1
- package/dist-standalone/cjs/connection-pool.js +506 -1
- package/dist-standalone/cjs/correlation-id.js +339 -1
- package/dist-standalone/cjs/crypto-utils.js +176 -1
- package/dist-standalone/cjs/debug-mode.js +534 -1
- package/dist-standalone/cjs/did-document.js +101 -1
- package/dist-standalone/cjs/did-privateme.js +130 -1
- package/dist-standalone/cjs/did-web.js +201 -1
- package/dist-standalone/cjs/discovery.js +462 -1
- package/dist-standalone/cjs/dual-mode.js +251 -1
- package/dist-standalone/cjs/email-templates.js +313 -1
- package/dist-standalone/cjs/email-transport.js +239 -1
- package/dist-standalone/cjs/envelope.js +538 -1
- package/dist-standalone/cjs/errors.js +913 -1
- package/dist-standalone/cjs/event-emitter.js +461 -1
- package/dist-standalone/cjs/gateway-state.js +55 -1
- package/dist-standalone/cjs/gateway-transport.js +120 -1
- package/dist-standalone/cjs/graceful-degradation.js +403 -1
- package/dist-standalone/cjs/guardrails.js +223 -1
- package/dist-standalone/cjs/health-check.js +336 -1
- package/dist-standalone/cjs/http-compat.js +272 -1
- package/dist-standalone/cjs/http-status-map.js +571 -1
- package/dist-standalone/cjs/identity.js +645 -1
- package/dist-standalone/cjs/index.js +406 -1
- package/dist-standalone/cjs/invitation.js +421 -1
- package/dist-standalone/cjs/invite.js +328 -1
- package/dist-standalone/cjs/key-agreement.js +335 -1
- package/dist-standalone/cjs/lazy-init.js +300 -1
- package/dist-standalone/cjs/logger.js +291 -1
- package/dist-standalone/cjs/mdns-discovery.js +202 -1
- package/dist-standalone/cjs/nonce-store.js +80 -1
- package/dist-standalone/cjs/pairing-manager.js +223 -1
- package/dist-standalone/cjs/plugin-system.js +264 -1
- package/dist-standalone/cjs/plugins/logging.js +168 -1
- package/dist-standalone/cjs/plugins/metrics.js +181 -1
- package/dist-standalone/cjs/plugins/validation.js +302 -1
- package/dist-standalone/cjs/policy.js +320 -1
- package/dist-standalone/cjs/progress-callbacks.js +583 -1
- package/dist-standalone/cjs/redis-nonce-store.js +76 -1
- package/dist-standalone/cjs/registry-middleware.js +50 -1
- package/dist-standalone/cjs/retry-strategies.js +544 -1
- package/dist-standalone/cjs/retry-transport.js +102 -1
- package/dist-standalone/cjs/runtime/browser.js +533 -1
- package/dist-standalone/cjs/runtime/edge.js +526 -1
- package/dist-standalone/cjs/runtime/react-native.js +394 -1
- package/dist-standalone/cjs/security-policy.js +245 -1
- package/dist-standalone/cjs/serialization.js +1040 -1
- package/dist-standalone/cjs/split-channel.js +225 -1
- package/dist-standalone/cjs/subscription-proof.js +230 -1
- package/dist-standalone/cjs/succession.js +148 -1
- package/dist-standalone/cjs/timeouts.js +412 -1
- package/dist-standalone/cjs/trace-context.js +424 -1
- package/dist-standalone/cjs/trace-spans.js +495 -1
- package/dist-standalone/cjs/transport.js +63 -1
- package/dist-standalone/cjs/trust-registry.js +991 -1
- package/dist-standalone/cjs/types/error-response.js +56 -1
- package/dist-standalone/cjs/vault-auth.js +178 -1
- package/dist-standalone/cjs/vault-store-loader.js +194 -1
- package/dist-standalone/cjs/verify.js +25 -1
- package/dist-standalone/cjs/version-info.js +543 -1
- package/dist-standalone/cjs/xfetch.js +340 -1
- package/dist-standalone/cli/init.js +455 -1
- package/dist-standalone/cli/setup.js +514 -1
- package/dist-standalone/cli/types.js +27 -1
- package/dist-standalone/cli/xbind.js +148 -1
- package/dist-standalone/config-validation.js +513 -1
- package/dist-standalone/connect.js +274 -1
- package/dist-standalone/connection-pool.js +500 -1
- package/dist-standalone/correlation-id.js +326 -1
- package/dist-standalone/crypto-utils.js +157 -1
- package/dist-standalone/debug-mode.js +510 -1
- package/dist-standalone/did-document.js +96 -1
- package/dist-standalone/did-privateme.js +121 -1
- package/dist-standalone/did-web.js +196 -1
- package/dist-standalone/discovery.js +458 -1
- package/dist-standalone/dual-mode.js +247 -1
- package/dist-standalone/email-templates.js +309 -1
- package/dist-standalone/email-transport.js +232 -1
- package/dist-standalone/envelope.js +525 -1
- package/dist-standalone/errors.js +896 -1
- package/dist-standalone/event-emitter.js +456 -1
- package/dist-standalone/gateway-state.js +51 -1
- package/dist-standalone/gateway-transport.js +116 -1
- package/dist-standalone/graceful-degradation.js +396 -1
- package/dist-standalone/guardrails.js +216 -1
- package/dist-standalone/health-check.js +332 -1
- package/dist-standalone/http-compat.js +267 -1
- package/dist-standalone/http-status-map.js +561 -1
- package/dist-standalone/identity.js +619 -1
- package/dist-standalone/index.js +78 -1
- package/dist-standalone/invitation.js +415 -1
- package/dist-standalone/invite.js +324 -1
- package/dist-standalone/key-agreement.js +325 -1
- package/dist-standalone/lazy-init.js +295 -1
- package/dist-standalone/logger.js +285 -1
- package/dist-standalone/mdns-discovery.js +195 -1
- package/dist-standalone/nonce-store.js +76 -1
- package/dist-standalone/pairing-manager.js +219 -1
- package/dist-standalone/plugin-system.js +257 -1
- package/dist-standalone/plugins/logging.d.ts +84 -0
- package/dist-standalone/plugins/logging.js +163 -0
- package/dist-standalone/plugins/metrics.d.ts +111 -0
- package/dist-standalone/plugins/metrics.js +176 -0
- package/dist-standalone/plugins/validation.d.ts +104 -0
- package/dist-standalone/plugins/validation.js +297 -0
- package/dist-standalone/policy.js +315 -1
- package/dist-standalone/progress-callbacks.js +576 -1
- package/dist-standalone/redis-nonce-store.js +72 -1
- package/dist-standalone/registry-middleware.js +47 -1
- package/dist-standalone/retry-strategies.js +534 -1
- package/dist-standalone/retry-transport.js +98 -1
- package/dist-standalone/runtime/browser.d.ts +311 -0
- package/dist-standalone/runtime/browser.js +516 -0
- package/dist-standalone/runtime/edge.d.ts +282 -0
- package/dist-standalone/runtime/edge.js +511 -0
- package/dist-standalone/runtime/react-native.d.ts +157 -0
- package/dist-standalone/runtime/react-native.js +383 -0
- package/dist-standalone/security-policy.js +239 -1
- package/dist-standalone/serialization.js +1031 -1
- package/dist-standalone/split-channel.js +219 -1
- package/dist-standalone/subscription-proof.js +224 -1
- package/dist-standalone/succession.js +142 -1
- package/dist-standalone/timeouts.js +398 -1
- package/dist-standalone/trace-context.js +414 -1
- package/dist-standalone/trace-spans.js +488 -1
- package/dist-standalone/transport.js +59 -1
- package/dist-standalone/trust-registry.js +950 -1
- package/dist-standalone/types/error-response.d.ts +209 -0
- package/dist-standalone/types/error-response.js +52 -0
- package/dist-standalone/vault-auth.js +174 -1
- package/dist-standalone/vault-store-loader.js +187 -1
- package/dist-standalone/verify.js +16 -1
- package/dist-standalone/version-info.js +530 -1
- package/dist-standalone/xfetch.js +335 -1
- package/package.json +4 -10
- package/share1.dat +0 -0
- package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
- package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
- package/dist-standalone/_deps/shared/cjs/package.json +0 -1
- package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
- package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
- package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
- package/dist-standalone/cjs/package.json +0 -3
- package/dist-standalone/package.json +0 -10
|
@@ -1 +1,526 @@
|
|
|
1
|
-
"use strict";
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Edge Runtime Support for xBind
|
|
4
|
+
*
|
|
5
|
+
* Enables xBind to run on edge compute platforms:
|
|
6
|
+
* - Cloudflare Workers
|
|
7
|
+
* - Vercel Edge Functions
|
|
8
|
+
* - Deno Deploy
|
|
9
|
+
*
|
|
10
|
+
* Key Features:
|
|
11
|
+
* - Edge-compatible crypto operations (Web Crypto API only)
|
|
12
|
+
* - KV storage integration for nonce stores and trust registry
|
|
13
|
+
* - Size-optimized build (<1MB constraint)
|
|
14
|
+
* - No Node.js dependencies (no fs, crypto, process)
|
|
15
|
+
*/
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.EdgeTransportAdapter = exports.KVTrustRegistry = exports.KVNonceStore = exports.DenoKVAdapter = exports.VercelKVAdapter = exports.CloudflareKVAdapter = void 0;
|
|
18
|
+
exports.detectRuntime = detectRuntime;
|
|
19
|
+
exports.isEdgeRuntime = isEdgeRuntime;
|
|
20
|
+
exports.validateEdgeRuntime = validateEdgeRuntime;
|
|
21
|
+
exports.createEdgeAgent = createEdgeAgent;
|
|
22
|
+
exports.checkBundleSize = checkBundleSize;
|
|
23
|
+
exports.getOptimizationTips = getOptimizationTips;
|
|
24
|
+
const shared_1 = require("../../_deps/shared/index.js");
|
|
25
|
+
/**
|
|
26
|
+
* Detect the current edge runtime environment.
|
|
27
|
+
*
|
|
28
|
+
* Detection order:
|
|
29
|
+
* 1. Cloudflare Workers: globalThis.caches + EdgeRuntime
|
|
30
|
+
* 2. Vercel Edge: process.env.VERCEL + EdgeRuntime
|
|
31
|
+
* 3. Deno Deploy: globalThis.Deno
|
|
32
|
+
* 4. Node.js: process.versions.node
|
|
33
|
+
* 5. Unknown: fallback
|
|
34
|
+
*/
|
|
35
|
+
function detectRuntime() {
|
|
36
|
+
// SAFETY: Edge runtime detection requires checking for vendor-specific globals
|
|
37
|
+
const global = globalThis;
|
|
38
|
+
// Cloudflare Workers: Has global caches API and no process
|
|
39
|
+
if (typeof global.caches !== 'undefined' &&
|
|
40
|
+
typeof global.EdgeRuntime === 'string') {
|
|
41
|
+
return 'cloudflare';
|
|
42
|
+
}
|
|
43
|
+
// Vercel Edge: Has EdgeRuntime and process.env.VERCEL
|
|
44
|
+
if (typeof global.EdgeRuntime === 'string' &&
|
|
45
|
+
typeof process !== 'undefined' &&
|
|
46
|
+
process.env?.VERCEL === '1') {
|
|
47
|
+
return 'vercel';
|
|
48
|
+
}
|
|
49
|
+
// Deno Deploy: Has global Deno object
|
|
50
|
+
if (typeof global.Deno !== 'undefined') {
|
|
51
|
+
return 'deno';
|
|
52
|
+
}
|
|
53
|
+
// Node.js: Has process.versions.node
|
|
54
|
+
if (typeof process !== 'undefined' &&
|
|
55
|
+
typeof process.versions?.node === 'string') {
|
|
56
|
+
return 'node';
|
|
57
|
+
}
|
|
58
|
+
return 'unknown';
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Check if the current runtime is an edge environment.
|
|
62
|
+
*/
|
|
63
|
+
function isEdgeRuntime() {
|
|
64
|
+
const runtime = detectRuntime();
|
|
65
|
+
return runtime === 'cloudflare' || runtime === 'vercel' || runtime === 'deno';
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Validate that the runtime supports required Web Crypto APIs.
|
|
69
|
+
*
|
|
70
|
+
* Edge runtimes MUST provide:
|
|
71
|
+
* - crypto.subtle (Ed25519, X25519, AES-GCM, HMAC)
|
|
72
|
+
* - crypto.getRandomValues()
|
|
73
|
+
* - TextEncoder/TextDecoder
|
|
74
|
+
*/
|
|
75
|
+
function validateEdgeRuntime() {
|
|
76
|
+
// Check Web Crypto API
|
|
77
|
+
if (typeof globalThis.crypto === 'undefined') {
|
|
78
|
+
return (0, shared_1.err)('Missing globalThis.crypto');
|
|
79
|
+
}
|
|
80
|
+
if (typeof globalThis.crypto.subtle === 'undefined') {
|
|
81
|
+
return (0, shared_1.err)('Missing crypto.subtle');
|
|
82
|
+
}
|
|
83
|
+
if (typeof globalThis.crypto.getRandomValues !== 'function') {
|
|
84
|
+
return (0, shared_1.err)('Missing crypto.getRandomValues');
|
|
85
|
+
}
|
|
86
|
+
// Check required subtle crypto methods
|
|
87
|
+
const requiredMethods = [
|
|
88
|
+
'generateKey',
|
|
89
|
+
'sign',
|
|
90
|
+
'verify',
|
|
91
|
+
'encrypt',
|
|
92
|
+
'decrypt',
|
|
93
|
+
'deriveBits',
|
|
94
|
+
'importKey',
|
|
95
|
+
'exportKey',
|
|
96
|
+
];
|
|
97
|
+
for (const method of requiredMethods) {
|
|
98
|
+
if (typeof globalThis.crypto.subtle[method] !== 'function') {
|
|
99
|
+
return (0, shared_1.err)(`Missing crypto.subtle.${method}`);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
// Check TextEncoder/TextDecoder
|
|
103
|
+
if (typeof globalThis.TextEncoder === 'undefined') {
|
|
104
|
+
return (0, shared_1.err)('Missing TextEncoder');
|
|
105
|
+
}
|
|
106
|
+
if (typeof globalThis.TextDecoder === 'undefined') {
|
|
107
|
+
return (0, shared_1.err)('Missing TextDecoder');
|
|
108
|
+
}
|
|
109
|
+
// Check fetch API
|
|
110
|
+
if (typeof globalThis.fetch !== 'function') {
|
|
111
|
+
return (0, shared_1.err)('Missing fetch API');
|
|
112
|
+
}
|
|
113
|
+
return (0, shared_1.ok)(undefined);
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Adapter for Cloudflare Workers KV.
|
|
117
|
+
*/
|
|
118
|
+
class CloudflareKVAdapter {
|
|
119
|
+
namespace;
|
|
120
|
+
constructor(namespace) {
|
|
121
|
+
this.namespace = namespace;
|
|
122
|
+
}
|
|
123
|
+
async get(key) {
|
|
124
|
+
return await this.namespace.get(key);
|
|
125
|
+
}
|
|
126
|
+
async put(key, value, ttlSeconds) {
|
|
127
|
+
const options = ttlSeconds ? { expirationTtl: ttlSeconds } : undefined;
|
|
128
|
+
await this.namespace.put(key, value, options);
|
|
129
|
+
}
|
|
130
|
+
async delete(key) {
|
|
131
|
+
await this.namespace.delete(key);
|
|
132
|
+
}
|
|
133
|
+
async list(prefix, limit) {
|
|
134
|
+
const result = await this.namespace.list({ prefix, limit });
|
|
135
|
+
return result.keys.map((k) => k.name);
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
exports.CloudflareKVAdapter = CloudflareKVAdapter;
|
|
139
|
+
/**
|
|
140
|
+
* Adapter for Vercel KV (Redis).
|
|
141
|
+
*/
|
|
142
|
+
class VercelKVAdapter {
|
|
143
|
+
client;
|
|
144
|
+
constructor(client) {
|
|
145
|
+
this.client = client;
|
|
146
|
+
}
|
|
147
|
+
async get(key) {
|
|
148
|
+
return await this.client.get(key);
|
|
149
|
+
}
|
|
150
|
+
async put(key, value, ttlSeconds) {
|
|
151
|
+
const options = ttlSeconds ? { ex: ttlSeconds } : undefined;
|
|
152
|
+
await this.client.set(key, value, options);
|
|
153
|
+
}
|
|
154
|
+
async delete(key) {
|
|
155
|
+
await this.client.del(key);
|
|
156
|
+
}
|
|
157
|
+
async list(prefix, limit) {
|
|
158
|
+
const pattern = prefix ? `${prefix}*` : '*';
|
|
159
|
+
const allKeys = await this.client.keys(pattern);
|
|
160
|
+
return limit ? allKeys.slice(0, limit) : allKeys;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
exports.VercelKVAdapter = VercelKVAdapter;
|
|
164
|
+
/**
|
|
165
|
+
* Adapter for Deno KV.
|
|
166
|
+
*/
|
|
167
|
+
class DenoKVAdapter {
|
|
168
|
+
kv;
|
|
169
|
+
constructor(kv) {
|
|
170
|
+
this.kv = kv;
|
|
171
|
+
}
|
|
172
|
+
async get(key) {
|
|
173
|
+
const result = await this.kv.get([key]);
|
|
174
|
+
return result.value;
|
|
175
|
+
}
|
|
176
|
+
async put(key, value, ttlSeconds) {
|
|
177
|
+
const options = ttlSeconds ? { expireIn: ttlSeconds * 1000 } : undefined;
|
|
178
|
+
await this.kv.set([key], value, options);
|
|
179
|
+
}
|
|
180
|
+
async delete(key) {
|
|
181
|
+
await this.kv.delete([key]);
|
|
182
|
+
}
|
|
183
|
+
async list(prefix, limit) {
|
|
184
|
+
const selector = { prefix: prefix ? [prefix] : [] };
|
|
185
|
+
const keys = [];
|
|
186
|
+
for await (const entry of this.kv.list(selector)) {
|
|
187
|
+
keys.push(entry.key.join('/'));
|
|
188
|
+
if (limit && keys.length >= limit)
|
|
189
|
+
break;
|
|
190
|
+
}
|
|
191
|
+
return keys;
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
exports.DenoKVAdapter = DenoKVAdapter;
|
|
195
|
+
/* ── KV-Backed Nonce Store ── */
|
|
196
|
+
/**
|
|
197
|
+
* Nonce store implementation using KV storage.
|
|
198
|
+
*
|
|
199
|
+
* Suitable for edge runtimes where in-memory storage
|
|
200
|
+
* is ephemeral across invocations.
|
|
201
|
+
*/
|
|
202
|
+
class KVNonceStore {
|
|
203
|
+
kv;
|
|
204
|
+
ttlSeconds;
|
|
205
|
+
constructor(kv, ttlMs = 10 * 60 * 1000) {
|
|
206
|
+
this.kv = kv;
|
|
207
|
+
this.ttlSeconds = Math.floor(ttlMs / 1000);
|
|
208
|
+
}
|
|
209
|
+
/**
|
|
210
|
+
* Build composite key: xbind:nonce:{senderDid}:{nonce}:{shareGroupId}:{shareIndex}
|
|
211
|
+
*/
|
|
212
|
+
buildKey(nonce, senderDid, shareContext) {
|
|
213
|
+
const base = `xbind:nonce:${senderDid}:${nonce}`;
|
|
214
|
+
if (!shareContext)
|
|
215
|
+
return base;
|
|
216
|
+
const groupId = shareContext.shareGroupId ?? '';
|
|
217
|
+
const index = shareContext.shareIndex !== undefined ? String(shareContext.shareIndex) : '';
|
|
218
|
+
return `${base}:${groupId}:${index}`;
|
|
219
|
+
}
|
|
220
|
+
async check(nonce, senderDid, shareContext) {
|
|
221
|
+
const key = this.buildKey(nonce, senderDid, shareContext);
|
|
222
|
+
const existing = await this.kv.get(key);
|
|
223
|
+
if (existing !== null) {
|
|
224
|
+
// Nonce already seen
|
|
225
|
+
return false;
|
|
226
|
+
}
|
|
227
|
+
// Record nonce with TTL
|
|
228
|
+
await this.kv.put(key, Date.now().toString(), this.ttlSeconds);
|
|
229
|
+
return true;
|
|
230
|
+
}
|
|
231
|
+
cleanup() {
|
|
232
|
+
// KV stores auto-expire via TTL, no manual cleanup needed
|
|
233
|
+
}
|
|
234
|
+
dispose() {
|
|
235
|
+
// No resources to clean up
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
exports.KVNonceStore = KVNonceStore;
|
|
239
|
+
/* ── KV-Backed Trust Registry ── */
|
|
240
|
+
/**
|
|
241
|
+
* Trust registry implementation using KV storage.
|
|
242
|
+
*
|
|
243
|
+
* Stores DID registrations in edge KV for distributed lookups.
|
|
244
|
+
* Simplified version suitable for edge runtimes - stores minimal metadata.
|
|
245
|
+
*/
|
|
246
|
+
class KVTrustRegistry {
|
|
247
|
+
kv;
|
|
248
|
+
constructor(kv) {
|
|
249
|
+
this.kv = kv;
|
|
250
|
+
}
|
|
251
|
+
/**
|
|
252
|
+
* Build key: xbind:trust:{did}
|
|
253
|
+
*/
|
|
254
|
+
buildKey(did) {
|
|
255
|
+
return `xbind:trust:${did}`;
|
|
256
|
+
}
|
|
257
|
+
async register(did, publicKey, name, scopes, x25519PublicKey, mlKemPublicKey, mlDsaPublicKey, xchange, receiveScopes, sdkVersion, minEnvelopeVersion, maxEnvelopeVersion, ttlMs) {
|
|
258
|
+
const key = this.buildKey(did);
|
|
259
|
+
// Convert Uint8Arrays to base64 for JSON storage
|
|
260
|
+
const toBase64 = (arr) => btoa(String.fromCharCode(...Array.from(arr)));
|
|
261
|
+
const entry = {
|
|
262
|
+
did,
|
|
263
|
+
publicKey: toBase64(publicKey),
|
|
264
|
+
name,
|
|
265
|
+
scopes: scopes ?? [],
|
|
266
|
+
x25519PublicKey: x25519PublicKey ? toBase64(x25519PublicKey) : undefined,
|
|
267
|
+
mlKemPublicKey: mlKemPublicKey ? toBase64(mlKemPublicKey) : undefined,
|
|
268
|
+
mlDsaPublicKey: mlDsaPublicKey ? toBase64(mlDsaPublicKey) : undefined,
|
|
269
|
+
xchange: xchange ?? false,
|
|
270
|
+
receiveScopes: receiveScopes ?? [],
|
|
271
|
+
sdkVersion,
|
|
272
|
+
minEnvelopeVersion,
|
|
273
|
+
maxEnvelopeVersion,
|
|
274
|
+
registeredAt: Date.now(),
|
|
275
|
+
rotation_sequence: 0,
|
|
276
|
+
};
|
|
277
|
+
try {
|
|
278
|
+
const ttlSeconds = ttlMs ? Math.floor(ttlMs / 1000) : undefined;
|
|
279
|
+
await this.kv.put(key, JSON.stringify(entry), ttlSeconds);
|
|
280
|
+
return (0, shared_1.ok)(undefined);
|
|
281
|
+
}
|
|
282
|
+
catch (e) {
|
|
283
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
async resolve(did) {
|
|
287
|
+
const key = this.buildKey(did);
|
|
288
|
+
try {
|
|
289
|
+
const value = await this.kv.get(key);
|
|
290
|
+
if (value === null) {
|
|
291
|
+
return (0, shared_1.err)('NOT_FOUND');
|
|
292
|
+
}
|
|
293
|
+
const entry = JSON.parse(value);
|
|
294
|
+
// Convert base64 back to Uint8Array
|
|
295
|
+
const fromBase64 = (b64) => Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
|
|
296
|
+
return (0, shared_1.ok)(fromBase64(entry.publicKey));
|
|
297
|
+
}
|
|
298
|
+
catch (e) {
|
|
299
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
async hasScope(did, scope) {
|
|
303
|
+
const key = this.buildKey(did);
|
|
304
|
+
try {
|
|
305
|
+
const value = await this.kv.get(key);
|
|
306
|
+
if (value === null)
|
|
307
|
+
return false;
|
|
308
|
+
const entry = JSON.parse(value);
|
|
309
|
+
return entry.scopes?.includes(scope) ?? false;
|
|
310
|
+
}
|
|
311
|
+
catch {
|
|
312
|
+
return false;
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
async hasReceiveScope(did, scope) {
|
|
316
|
+
const key = this.buildKey(did);
|
|
317
|
+
try {
|
|
318
|
+
const value = await this.kv.get(key);
|
|
319
|
+
if (value === null)
|
|
320
|
+
return false;
|
|
321
|
+
const entry = JSON.parse(value);
|
|
322
|
+
return entry.receiveScopes?.includes(scope) ?? false;
|
|
323
|
+
}
|
|
324
|
+
catch {
|
|
325
|
+
return false;
|
|
326
|
+
}
|
|
327
|
+
}
|
|
328
|
+
async revoke(did) {
|
|
329
|
+
const key = this.buildKey(did);
|
|
330
|
+
try {
|
|
331
|
+
await this.kv.delete(key);
|
|
332
|
+
return (0, shared_1.ok)(undefined);
|
|
333
|
+
}
|
|
334
|
+
catch (e) {
|
|
335
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
async list() {
|
|
339
|
+
try {
|
|
340
|
+
const keys = await this.kv.list('xbind:trust:', 1000);
|
|
341
|
+
return keys.map((k) => k.replace('xbind:trust:', ''));
|
|
342
|
+
}
|
|
343
|
+
catch {
|
|
344
|
+
return [];
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
async getEntry(did) {
|
|
348
|
+
const key = this.buildKey(did);
|
|
349
|
+
try {
|
|
350
|
+
const value = await this.kv.get(key);
|
|
351
|
+
if (value === null) {
|
|
352
|
+
return (0, shared_1.err)('NOT_FOUND');
|
|
353
|
+
}
|
|
354
|
+
const stored = JSON.parse(value);
|
|
355
|
+
// Convert base64 back to Uint8Array
|
|
356
|
+
const fromBase64 = (b64) => Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
|
|
357
|
+
const entry = {
|
|
358
|
+
did: stored.did,
|
|
359
|
+
publicKey: fromBase64(stored.publicKey),
|
|
360
|
+
name: stored.name,
|
|
361
|
+
scopes: new Set(stored.scopes),
|
|
362
|
+
receiveScopes: stored.receiveScopes ? new Set(stored.receiveScopes) : undefined,
|
|
363
|
+
revoked: false,
|
|
364
|
+
x25519PublicKey: stored.x25519PublicKey ? fromBase64(stored.x25519PublicKey) : undefined,
|
|
365
|
+
mlKemPublicKey: stored.mlKemPublicKey ? fromBase64(stored.mlKemPublicKey) : undefined,
|
|
366
|
+
mlDsaPublicKey: stored.mlDsaPublicKey ? fromBase64(stored.mlDsaPublicKey) : undefined,
|
|
367
|
+
xchange: stored.xchange,
|
|
368
|
+
rotation_sequence: stored.rotation_sequence,
|
|
369
|
+
sdkVersion: stored.sdkVersion,
|
|
370
|
+
minEnvelopeVersion: stored.minEnvelopeVersion,
|
|
371
|
+
maxEnvelopeVersion: stored.maxEnvelopeVersion,
|
|
372
|
+
};
|
|
373
|
+
return (0, shared_1.ok)(entry);
|
|
374
|
+
}
|
|
375
|
+
catch (e) {
|
|
376
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
377
|
+
}
|
|
378
|
+
}
|
|
379
|
+
/** Additional methods for edge compatibility */
|
|
380
|
+
async getFullEntry(did) {
|
|
381
|
+
const key = this.buildKey(did);
|
|
382
|
+
try {
|
|
383
|
+
const value = await this.kv.get(key);
|
|
384
|
+
if (value === null) {
|
|
385
|
+
return (0, shared_1.err)('NOT_FOUND');
|
|
386
|
+
}
|
|
387
|
+
const entry = JSON.parse(value);
|
|
388
|
+
return (0, shared_1.ok)(entry);
|
|
389
|
+
}
|
|
390
|
+
catch (e) {
|
|
391
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
dispose() {
|
|
395
|
+
// No resources to clean up
|
|
396
|
+
}
|
|
397
|
+
}
|
|
398
|
+
exports.KVTrustRegistry = KVTrustRegistry;
|
|
399
|
+
/* ── Edge-Compatible Transport ── */
|
|
400
|
+
/**
|
|
401
|
+
* Edge-compatible HTTPS transport adapter.
|
|
402
|
+
*
|
|
403
|
+
* Uses standard fetch API (available in all edge runtimes).
|
|
404
|
+
* Optimized for edge constraints:
|
|
405
|
+
* - No Node.js http/https modules
|
|
406
|
+
* - No setTimeout (uses AbortSignal.timeout)
|
|
407
|
+
* - Minimal allocations
|
|
408
|
+
*/
|
|
409
|
+
class EdgeTransportAdapter {
|
|
410
|
+
baseUrl;
|
|
411
|
+
timeoutMs;
|
|
412
|
+
handlers = [];
|
|
413
|
+
constructor(opts) {
|
|
414
|
+
this.baseUrl = opts.baseUrl.replace(/\/$/, '');
|
|
415
|
+
this.timeoutMs = opts.timeoutMs ?? 10_000;
|
|
416
|
+
}
|
|
417
|
+
async send(envelope, recipientDid) {
|
|
418
|
+
const url = `${this.baseUrl}/deliver/${encodeURIComponent(recipientDid)}`;
|
|
419
|
+
try {
|
|
420
|
+
// Use AbortSignal.timeout (supported in modern edge runtimes)
|
|
421
|
+
const controller = new AbortController();
|
|
422
|
+
const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
|
|
423
|
+
const response = await globalThis.fetch(url, {
|
|
424
|
+
method: 'POST',
|
|
425
|
+
headers: { 'Content-Type': 'application/json' },
|
|
426
|
+
body: JSON.stringify(envelope),
|
|
427
|
+
signal: controller.signal,
|
|
428
|
+
});
|
|
429
|
+
clearTimeout(timeoutId);
|
|
430
|
+
if (!response.ok) {
|
|
431
|
+
return (0, shared_1.err)(response.status === 404 ? 'RECIPIENT_UNREACHABLE' : 'SEND_FAILED');
|
|
432
|
+
}
|
|
433
|
+
return (0, shared_1.ok)(undefined);
|
|
434
|
+
}
|
|
435
|
+
catch (e) {
|
|
436
|
+
if (e instanceof DOMException && e.name === 'AbortError') {
|
|
437
|
+
return (0, shared_1.err)('TIMEOUT');
|
|
438
|
+
}
|
|
439
|
+
return (0, shared_1.err)('NETWORK_ERROR');
|
|
440
|
+
}
|
|
441
|
+
}
|
|
442
|
+
onReceive(handler) {
|
|
443
|
+
this.handlers.push(handler);
|
|
444
|
+
}
|
|
445
|
+
/**
|
|
446
|
+
* Dispatch received envelope to all handlers.
|
|
447
|
+
* Called by edge function handler when processing incoming requests.
|
|
448
|
+
*/
|
|
449
|
+
dispatch(envelope) {
|
|
450
|
+
for (const handler of this.handlers) {
|
|
451
|
+
handler(envelope);
|
|
452
|
+
}
|
|
453
|
+
}
|
|
454
|
+
dispose() {
|
|
455
|
+
this.handlers = [];
|
|
456
|
+
}
|
|
457
|
+
}
|
|
458
|
+
exports.EdgeTransportAdapter = EdgeTransportAdapter;
|
|
459
|
+
/**
|
|
460
|
+
* Create edge-compatible xBind components.
|
|
461
|
+
*
|
|
462
|
+
* Returns nonce store, trust registry, and transport adapter
|
|
463
|
+
* configured for the edge runtime.
|
|
464
|
+
*
|
|
465
|
+
* @example
|
|
466
|
+
* ```typescript
|
|
467
|
+
* // Cloudflare Workers
|
|
468
|
+
* const kv = new CloudflareKVAdapter(env.XBIND_KV);
|
|
469
|
+
* const { nonceStore, trustRegistry, transport } = createEdgeAgent({
|
|
470
|
+
* kv,
|
|
471
|
+
* baseUrl: 'https://private.me/relay',
|
|
472
|
+
* });
|
|
473
|
+
*
|
|
474
|
+
* const agent = new Agent({
|
|
475
|
+
* identity: 'persistent',
|
|
476
|
+
* nonceStore,
|
|
477
|
+
* trustRegistry,
|
|
478
|
+
* transport,
|
|
479
|
+
* });
|
|
480
|
+
* ```
|
|
481
|
+
*/
|
|
482
|
+
function createEdgeAgent(opts) {
|
|
483
|
+
const nonceStore = new KVNonceStore(opts.kv, opts.nonceTtlMs);
|
|
484
|
+
const trustRegistry = new KVTrustRegistry(opts.kv);
|
|
485
|
+
const transport = new EdgeTransportAdapter({
|
|
486
|
+
baseUrl: opts.baseUrl,
|
|
487
|
+
timeoutMs: opts.timeoutMs,
|
|
488
|
+
});
|
|
489
|
+
return {
|
|
490
|
+
nonceStore,
|
|
491
|
+
trustRegistry,
|
|
492
|
+
transport,
|
|
493
|
+
};
|
|
494
|
+
}
|
|
495
|
+
/* ── Size Optimization Helpers ── */
|
|
496
|
+
/**
|
|
497
|
+
* Check if the bundled size is within edge runtime limits.
|
|
498
|
+
*
|
|
499
|
+
* Cloudflare Workers: 1MB compressed limit
|
|
500
|
+
* Vercel Edge: 1MB limit
|
|
501
|
+
* Deno Deploy: 1MB limit
|
|
502
|
+
*/
|
|
503
|
+
function checkBundleSize(bundleSizeBytes) {
|
|
504
|
+
const MAX_SIZE_BYTES = 1024 * 1024; // 1MB
|
|
505
|
+
if (bundleSizeBytes > MAX_SIZE_BYTES) {
|
|
506
|
+
const sizeMB = (bundleSizeBytes / 1024 / 1024).toFixed(2);
|
|
507
|
+
const limitMB = (MAX_SIZE_BYTES / 1024 / 1024).toFixed(2);
|
|
508
|
+
return (0, shared_1.err)(`Bundle size ${sizeMB}MB exceeds edge runtime limit of ${limitMB}MB. ` +
|
|
509
|
+
`Consider using tree-shaking or dynamic imports.`);
|
|
510
|
+
}
|
|
511
|
+
return (0, shared_1.ok)(undefined);
|
|
512
|
+
}
|
|
513
|
+
/**
|
|
514
|
+
* Get edge-optimized build recommendations.
|
|
515
|
+
*/
|
|
516
|
+
function getOptimizationTips() {
|
|
517
|
+
return [
|
|
518
|
+
'1. Use tree-shaking: Import only required functions',
|
|
519
|
+
'2. Enable minification in bundler config',
|
|
520
|
+
'3. Use dynamic imports for large dependencies (mlkem, mldsa)',
|
|
521
|
+
'4. Exclude Node.js polyfills (crypto, fs, process)',
|
|
522
|
+
'5. Use Brotli compression for Cloudflare Workers',
|
|
523
|
+
'6. Consider splitting post-quantum crypto into separate bundle',
|
|
524
|
+
'7. Use KV storage instead of in-memory caches',
|
|
525
|
+
];
|
|
526
|
+
}
|