npm - @private.me/xbind - Versions diffs - 3.0.1 → 3.0.2 - Mend

@private.me/xbind 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/README.md +55 -14
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
package/dist-standalone/_deps/shared/cjs/index.js +463 -1
package/dist-standalone/_deps/shared/cjs/types.js +315 -1
package/dist-standalone/_deps/shared/errors.js +244 -1
package/dist-standalone/_deps/shared/index.js +72 -1
package/dist-standalone/_deps/shared/types.js +86 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +659 -1
package/dist-standalone/agent-sdk.js +328 -1
package/dist-standalone/agent.js +1800 -1
package/dist-standalone/approval.js +193 -1
package/dist-standalone/async-iterators.js +382 -1
package/dist-standalone/auth.js +219 -1
package/dist-standalone/auto-accept.js +229 -1
package/dist-standalone/backup-config.js +201 -1
package/dist-standalone/backup.js +326 -1
package/dist-standalone/batch-operations.js +388 -1
package/dist-standalone/cancellation.js +477 -1
package/dist-standalone/checkpoint.js +186 -1
package/dist-standalone/circuit-breaker.js +468 -1
package/dist-standalone/cjs/agent-call.js +701 -1
package/dist-standalone/cjs/agent-sdk.js +332 -1
package/dist-standalone/cjs/agent.js +1837 -1
package/dist-standalone/cjs/approval.js +199 -1
package/dist-standalone/cjs/async-iterators.js +392 -1
package/dist-standalone/cjs/auth.js +225 -1
package/dist-standalone/cjs/auto-accept.js +233 -1
package/dist-standalone/cjs/backup-config.js +207 -1
package/dist-standalone/cjs/backup.js +330 -1
package/dist-standalone/cjs/batch-operations.js +397 -1
package/dist-standalone/cjs/cancellation.js +490 -1
package/dist-standalone/cjs/checkpoint.js +193 -1
package/dist-standalone/cjs/circuit-breaker.js +476 -1
package/dist-standalone/cjs/cli/init.js +492 -1
package/dist-standalone/cjs/config-validation.js +522 -1
package/dist-standalone/cjs/connect.js +312 -1
package/dist-standalone/cjs/connection-pool.js +506 -1
package/dist-standalone/cjs/correlation-id.js +339 -1
package/dist-standalone/cjs/crypto-utils.js +176 -1
package/dist-standalone/cjs/debug-mode.js +534 -1
package/dist-standalone/cjs/did-document.js +101 -1
package/dist-standalone/cjs/did-privateme.js +130 -1
package/dist-standalone/cjs/did-web.js +201 -1
package/dist-standalone/cjs/discovery.js +462 -1
package/dist-standalone/cjs/dual-mode.js +251 -1
package/dist-standalone/cjs/email-templates.js +313 -1
package/dist-standalone/cjs/email-transport.js +239 -1
package/dist-standalone/cjs/envelope.js +538 -1
package/dist-standalone/cjs/errors.js +913 -1
package/dist-standalone/cjs/event-emitter.js +461 -1
package/dist-standalone/cjs/gateway-state.js +55 -1
package/dist-standalone/cjs/gateway-transport.js +120 -1
package/dist-standalone/cjs/graceful-degradation.js +403 -1
package/dist-standalone/cjs/guardrails.js +223 -1
package/dist-standalone/cjs/health-check.js +336 -1
package/dist-standalone/cjs/http-compat.js +272 -1
package/dist-standalone/cjs/http-status-map.js +571 -1
package/dist-standalone/cjs/identity.js +645 -1
package/dist-standalone/cjs/index.js +406 -1
package/dist-standalone/cjs/invitation.js +421 -1
package/dist-standalone/cjs/invite.js +328 -1
package/dist-standalone/cjs/key-agreement.js +335 -1
package/dist-standalone/cjs/lazy-init.js +300 -1
package/dist-standalone/cjs/logger.js +291 -1
package/dist-standalone/cjs/mdns-discovery.js +202 -1
package/dist-standalone/cjs/nonce-store.js +80 -1
package/dist-standalone/cjs/pairing-manager.js +223 -1
package/dist-standalone/cjs/plugin-system.js +264 -1
package/dist-standalone/cjs/plugins/logging.js +168 -1
package/dist-standalone/cjs/plugins/metrics.js +181 -1
package/dist-standalone/cjs/plugins/validation.js +302 -1
package/dist-standalone/cjs/policy.js +320 -1
package/dist-standalone/cjs/progress-callbacks.js +583 -1
package/dist-standalone/cjs/redis-nonce-store.js +76 -1
package/dist-standalone/cjs/registry-middleware.js +50 -1
package/dist-standalone/cjs/retry-strategies.js +544 -1
package/dist-standalone/cjs/retry-transport.js +102 -1
package/dist-standalone/cjs/runtime/browser.js +533 -1
package/dist-standalone/cjs/runtime/edge.js +526 -1
package/dist-standalone/cjs/runtime/react-native.js +394 -1
package/dist-standalone/cjs/security-policy.js +245 -1
package/dist-standalone/cjs/serialization.js +1040 -1
package/dist-standalone/cjs/split-channel.js +225 -1
package/dist-standalone/cjs/subscription-proof.js +230 -1
package/dist-standalone/cjs/succession.js +148 -1
package/dist-standalone/cjs/timeouts.js +412 -1
package/dist-standalone/cjs/trace-context.js +424 -1
package/dist-standalone/cjs/trace-spans.js +495 -1
package/dist-standalone/cjs/transport.js +63 -1
package/dist-standalone/cjs/trust-registry.js +991 -1
package/dist-standalone/cjs/types/error-response.js +56 -1
package/dist-standalone/cjs/vault-auth.js +178 -1
package/dist-standalone/cjs/vault-store-loader.js +194 -1
package/dist-standalone/cjs/verify.js +25 -1
package/dist-standalone/cjs/version-info.js +543 -1
package/dist-standalone/cjs/xfetch.js +340 -1
package/dist-standalone/cli/init.js +455 -1
package/dist-standalone/cli/setup.js +514 -1
package/dist-standalone/cli/types.js +27 -1
package/dist-standalone/cli/xbind.js +148 -1
package/dist-standalone/config-validation.js +513 -1
package/dist-standalone/connect.js +274 -1
package/dist-standalone/connection-pool.js +500 -1
package/dist-standalone/correlation-id.js +326 -1
package/dist-standalone/crypto-utils.js +157 -1
package/dist-standalone/debug-mode.js +510 -1
package/dist-standalone/did-document.js +96 -1
package/dist-standalone/did-privateme.js +121 -1
package/dist-standalone/did-web.js +196 -1
package/dist-standalone/discovery.js +458 -1
package/dist-standalone/dual-mode.js +247 -1
package/dist-standalone/email-templates.js +309 -1
package/dist-standalone/email-transport.js +232 -1
package/dist-standalone/envelope.js +525 -1
package/dist-standalone/errors.js +896 -1
package/dist-standalone/event-emitter.js +456 -1
package/dist-standalone/gateway-state.js +51 -1
package/dist-standalone/gateway-transport.js +116 -1
package/dist-standalone/graceful-degradation.js +396 -1
package/dist-standalone/guardrails.js +216 -1
package/dist-standalone/health-check.js +332 -1
package/dist-standalone/http-compat.js +267 -1
package/dist-standalone/http-status-map.js +561 -1
package/dist-standalone/identity.js +619 -1
package/dist-standalone/index.js +78 -1
package/dist-standalone/invitation.js +415 -1
package/dist-standalone/invite.js +324 -1
package/dist-standalone/key-agreement.js +325 -1
package/dist-standalone/lazy-init.js +295 -1
package/dist-standalone/logger.js +285 -1
package/dist-standalone/mdns-discovery.js +195 -1
package/dist-standalone/nonce-store.js +76 -1
package/dist-standalone/pairing-manager.js +219 -1
package/dist-standalone/plugin-system.js +257 -1
package/dist-standalone/plugins/logging.js +163 -1
package/dist-standalone/plugins/metrics.js +176 -1
package/dist-standalone/plugins/validation.js +297 -1
package/dist-standalone/policy.js +315 -1
package/dist-standalone/progress-callbacks.js +576 -1
package/dist-standalone/redis-nonce-store.js +72 -1
package/dist-standalone/registry-middleware.js +47 -1
package/dist-standalone/retry-strategies.js +534 -1
package/dist-standalone/retry-transport.js +98 -1
package/dist-standalone/runtime/browser.js +516 -1
package/dist-standalone/runtime/edge.js +511 -1
package/dist-standalone/runtime/react-native.js +383 -1
package/dist-standalone/security-policy.js +239 -1
package/dist-standalone/serialization.js +1031 -1
package/dist-standalone/split-channel.js +219 -1
package/dist-standalone/subscription-proof.js +224 -1
package/dist-standalone/succession.js +142 -1
package/dist-standalone/timeouts.js +398 -1
package/dist-standalone/trace-context.js +414 -1
package/dist-standalone/trace-spans.js +488 -1
package/dist-standalone/transport.js +59 -1
package/dist-standalone/trust-registry.js +950 -1
package/dist-standalone/types/error-response.js +52 -1
package/dist-standalone/vault-auth.js +174 -1
package/dist-standalone/vault-store-loader.js +187 -1
package/dist-standalone/verify.js +16 -1
package/dist-standalone/version-info.js +530 -1
package/dist-standalone/xfetch.js +335 -1
package/package.json +4 -13
package/share1.dat +0 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
package/dist-standalone/_deps/shared/cjs/package.json +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
package/dist-standalone/cjs/package.json +0 -3
package/dist-standalone/package.json +0 -10

package/dist-standalone/cjs/did-privateme.js CHANGED Viewed

@@ -1 +1,130 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.publicKeyToPrivateMeDid=publicKeyToPrivateMeDid,exports.privateMeDidToPublicKeyBytes=privateMeDidToPublicKeyBytes,exports.isPrivateMeDid=isPrivateMeDid,exports.isDidKeyFormat=isDidKeyFormat,exports.convertDidFormat=convertDidFormat,exports.normalizeDid=normalizeDid,exports.parseDid=parseDid;const shared_1=require("../_deps/shared/index.js"),identity_js_1=require("./identity.js");function publicKeyToPrivateMeDid(e){return(0,identity_js_1.publicKeyToDid)(e).replace(/^did:key:/,"did:privateme:")}function privateMeDidToPublicKeyBytes(e){if(!e.startsWith("did:privateme:z"))return(0,shared_1.err)("INVALID_DID_FORMAT");const i=e.replace(/^did:privateme:/,"did:key:"),r=(0,identity_js_1.didToPublicKeyBytes)(i);return r.ok?(0,shared_1.ok)(r.value):(0,shared_1.err)(r.error)}function isPrivateMeDid(e){return e.startsWith("did:privateme:")}function isDidKeyFormat(e){return e.startsWith("did:key:")}function convertDidFormat(e){return isDidKeyFormat(e)?(0,shared_1.ok)(e.replace(/^did:key:/,"did:privateme:")):isPrivateMeDid(e)?(0,shared_1.ok)(e.replace(/^did:privateme:/,"did:key:")):(0,shared_1.err)("UNSUPPORTED_DID_FORMAT")}function normalizeDid(e){return isPrivateMeDid(e)?(0,shared_1.ok)(e):isDidKeyFormat(e)?(0,shared_1.ok)(e.replace(/^did:key:/,"did:privateme:")):(0,shared_1.err)("UNSUPPORTED_DID_FORMAT")}function parseDid(e){const i=e.indexOf("#"),r=i>=0?e.substring(0,i):e,t=i>=0?e.substring(i+1):void 0,d=r.split(":");return d.length<3||"did"!==d[0]?(0,shared_1.err)("INVALID_DID_FORMAT"):(0,shared_1.ok)({method:d[1],identifier:d.slice(2).join(":"),fragment:t})}
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.publicKeyToPrivateMeDid = publicKeyToPrivateMeDid;
+exports.privateMeDidToPublicKeyBytes = privateMeDidToPublicKeyBytes;
+exports.isPrivateMeDid = isPrivateMeDid;
+exports.isDidKeyFormat = isDidKeyFormat;
+exports.convertDidFormat = convertDidFormat;
+exports.normalizeDid = normalizeDid;
+exports.parseDid = parseDid;
+const shared_1 = require("../_deps/shared/index.js");
+const identity_js_1 = require("./identity.js");
+/**
+ * Mechanism 4: Convert Ed25519 public key to did:privateme DID.
+ *
+ * Format: did:privateme:z + base58btc(0xed01 || publicKey)
+ *
+ * This is a new DID method identifier for PRIVATE.ME ACIs.
+ * It uses the same base58btc encoding as did:key for compatibility,
+ * but signals that the identity is backed by PRIVATE.ME infrastructure.
+ *
+ * Backward compatible: agents accept both did:key and did:privateme formats.
+ *
+ * @param rawPublicKey - 32-byte Ed25519 public key
+ * @returns DID in format did:privateme:z...
+ */
+function publicKeyToPrivateMeDid(rawPublicKey) {
+    // Use same encoding as did:key, but with privateme method
+    const didKeyFormat = (0, identity_js_1.publicKeyToDid)(rawPublicKey);
+    // Replace did:key: with did:privateme:
+    return didKeyFormat.replace(/^did:key:/, 'did:privateme:');
+}
+/**
+ * Extract raw 32-byte public key from a did:privateme DID.
+ *
+ * Format: did:privateme:z + base58btc(0xed01 || publicKey)
+ *
+ * @param did - DID in format did:privateme:z...
+ * @returns 32-byte public key or error
+ */
+function privateMeDidToPublicKeyBytes(did) {
+    if (!did.startsWith('did:privateme:z')) {
+        return (0, shared_1.err)('INVALID_DID_FORMAT');
+    }
+    // Convert to did:key format temporarily for parsing
+    const didKeyFormat = did.replace(/^did:privateme:/, 'did:key:');
+    // Use the existing parser
+    const result = (0, identity_js_1.didToPublicKeyBytes)(didKeyFormat);
+    if (!result.ok) {
+        return (0, shared_1.err)(result.error);
+    }
+    return (0, shared_1.ok)(result.value);
+}
+/**
+ * Determine if a DID is in the new did:privateme format.
+ *
+ * @param did - The DID to check
+ * @returns true if DID is did:privateme format, false otherwise
+ */
+function isPrivateMeDid(did) {
+    return did.startsWith('did:privateme:');
+}
+/**
+ * Determine if a DID is in the did:key format.
+ *
+ * @param did - The DID to check
+ * @returns true if DID is did:key format, false otherwise
+ */
+function isDidKeyFormat(did) {
+    return did.startsWith('did:key:');
+}
+/**
+ * Convert between DID formats (did:key ↔ did:privateme).
+ *
+ * Allows backward compatibility between old did:key and new did:privateme formats.
+ * The public key remains the same; only the method identifier changes.
+ *
+ * @param did - Source DID in either format
+ * @returns Converted DID in the other format, or error
+ */
+function convertDidFormat(did) {
+    if (isDidKeyFormat(did)) {
+        // Convert did:key to did:privateme
+        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
+    }
+    if (isPrivateMeDid(did)) {
+        // Convert did:privateme to did:key
+        return (0, shared_1.ok)(did.replace(/^did:privateme:/, 'did:key:'));
+    }
+    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
+}
+/**
+ * Normalize a DID to the canonical format (did:privateme).
+ *
+ * All DIDs are converted to did:privateme format for consistency.
+ * Existing did:key DIDs are automatically upgraded.
+ *
+ * @param did - Source DID in any supported format
+ * @returns Normalized DID in did:privateme format
+ */
+function normalizeDid(did) {
+    if (isPrivateMeDid(did)) {
+        // Already in target format
+        return (0, shared_1.ok)(did);
+    }
+    if (isDidKeyFormat(did)) {
+        // Convert to did:privateme
+        return (0, shared_1.ok)(did.replace(/^did:key:/, 'did:privateme:'));
+    }
+    return (0, shared_1.err)('UNSUPPORTED_DID_FORMAT');
+}
+/**
+ * Parse a DID into method, identifier, and fragment.
+ *
+ * @param did - Full DID string
+ * @returns Parsed DID components or error
+ */
+function parseDid(did) {
+    const fragmentMatch = did.indexOf('#');
+    const base = fragmentMatch >= 0 ? did.substring(0, fragmentMatch) : did;
+    const fragment = fragmentMatch >= 0 ? did.substring(fragmentMatch + 1) : undefined;
+    const parts = base.split(':');
+    if (parts.length < 3 || parts[0] !== 'did') {
+        return (0, shared_1.err)('INVALID_DID_FORMAT');
+    }
+    return (0, shared_1.ok)({
+        method: parts[1],
+        identifier: parts.slice(2).join(':'),
+        fragment,
+    });
+}

package/dist-standalone/cjs/did-web.js CHANGED Viewed

@@ -1 +1,201 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DidWebResolver=void 0,exports.didWebToUrl=didWebToUrl;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");class DidWebResolver{fetchFn;cacheTtlMs;cache=new Map;constructor(e){this.fetchFn=e?.fetch??globalThis.fetch.bind(globalThis),this.cacheTtlMs=e?.cacheTtlMs??3e5}async register(e,t,r,n,s){return(0,shared_1.err)("ALREADY_REGISTERED")}async resolve(e){const t=await this.fetchEntry(e);return t.ok?t.value.revoked?(0,shared_1.err)("REVOKED"):(0,shared_1.ok)(t.value.publicKey):t}async hasScope(e,t){const r=await this.fetchEntry(e);return!!r.ok&&r.value.scopes.has(t)}async hasReceiveScope(e,t){const r=await this.fetchEntry(e);return!!r.ok&&(!r.value.receiveScopes||r.value.receiveScopes.has(t))}async revoke(e){return(0,shared_1.err)("NOT_FOUND")}async getEntry(e){return this.fetchEntry(e)}get cacheSize(){return this.cache.size}async fetchEntry(e){const t=this.cache.get(e);if(t&&Date.now()-t.fetchedAt<this.cacheTtlMs)return(0,shared_1.ok)(t.entry);const r=didWebToUrl(e);if(!r)return(0,shared_1.err)("NOT_FOUND");try{const t=await this.fetchFn(r);if(!t.ok)return(0,shared_1.err)("NOT_FOUND");const n=parseDidDocument(e,await t.json());return n?(this.cache.set(e,{entry:n,fetchedAt:Date.now()}),(0,shared_1.ok)(n)):(0,shared_1.err)("NOT_FOUND")}catch{return(0,shared_1.err)("NETWORK_ERROR")}}}function didWebToUrl(e){if(!e.startsWith("did:web:"))return null;const t=e.slice(8).split(":");if(0===t.length||!t[0])return null;const r=decodeURIComponent(t[0]);if(1===t.length)return`https://${r}/.well-known/did.json`;return`https://${r}/${t.slice(1).map(decodeURIComponent).join("/")}/did.json`}function parseDidDocument(e,t){if(!t.verificationMethod||0===t.verificationMethod.length)return null;const r=t.verificationMethod[0];if(!r)return null;let n=null;return r.publicKeyMultibase?n=decodeMultibase(r.publicKeyMultibase):r.publicKeyBase64&&(n=(0,crypto_utils_js_1.fromBase64)(r.publicKeyBase64)),n?{did:e,publicKey:n,name:t.xailName??e,scopes:new Set(t.xailScopes??[]),revoked:!0===t.deactivated,rotation_sequence:1}:null}function decodeMultibase(e){return e.startsWith("z")?base58Decode(e.slice(1)):null}function base58Decode(e){const t=BigInt(58);let r=BigInt(0);for(const n of e){const e="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".indexOf(n);if(e<0)return new Uint8Array(0);r=r*t+BigInt(e)}const n=r.toString(16),s=n.length%2?"0"+n:n,i=new Uint8Array(s.length/2);for(let e=0;e<i.length;e++)i[e]=parseInt(s.slice(2*e,2*e+2),16);let c=0;for(const t of e){if("1"!==t)break;c++}if(c>0){const e=new Uint8Array(c+i.length);return e.set(i,c),e}return i}exports.DidWebResolver=DidWebResolver;
+"use strict";
+/**
+ * did:web resolver — resolves DIDs hosted on developer domains.
+ *
+ * Implements the W3C did:web method:
+ *   did:web:example.com -> https://example.com/.well-known/did.json
+ *   did:web:example.com:path:to -> https://example.com/path/to/did.json
+ *
+ * Enables direct agent-to-agent communication without a centralized registry.
+ * Implements TrustRegistry interface for drop-in use with Agent class.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DidWebResolver = void 0;
+exports.didWebToUrl = didWebToUrl;
+const shared_1 = require("../_deps/shared/index.js");
+const crypto_utils_js_1 = require("./crypto-utils.js");
+/**
+ * Resolve did:web DIDs by fetching DID documents from the hosting domain.
+ *
+ * Implements TrustRegistry interface so it can be used as a drop-in
+ * replacement for MemoryTrustRegistry or HttpTrustRegistry.
+ */
+class DidWebResolver {
+    fetchFn;
+    cacheTtlMs;
+    cache = new Map();
+    constructor(opts) {
+        this.fetchFn = opts?.fetch ?? globalThis.fetch.bind(globalThis);
+        this.cacheTtlMs = opts?.cacheTtlMs ?? 300_000;
+    }
+    /** Registration not supported for did:web (developers host their own). */
+    async register(_did, _publicKey, _name, _scopes, _x25519PublicKey) {
+        return (0, shared_1.err)('ALREADY_REGISTERED');
+    }
+    /**
+     * Resolve a did:web DID to its raw public key bytes.
+     * @param did - A did:web DID string.
+     * @returns Public key bytes or error.
+     */
+    async resolve(did) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return entry;
+        if (entry.value.revoked)
+            return (0, shared_1.err)('REVOKED');
+        return (0, shared_1.ok)(entry.value.publicKey);
+    }
+    /**
+     * Check if a did:web DID has a specific scope.
+     * @param did - The DID to check.
+     * @param scope - The scope to verify.
+     * @returns True if scope is granted.
+     */
+    async hasScope(did, scope) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return false;
+        return entry.value.scopes.has(scope);
+    }
+    /**
+     * Check if a did:web DID has a specific receive scope.
+     * @param did - The DID to check.
+     * @param scope - The scope to verify.
+     * @returns True if receive scope is granted.
+     */
+    async hasReceiveScope(did, scope) {
+        const entry = await this.fetchEntry(did);
+        if (!entry.ok)
+            return false;
+        // Undefined = accept all scopes (backward compatibility)
+        if (!entry.value.receiveScopes)
+            return true;
+        return entry.value.receiveScopes.has(scope);
+    }
+    /** Revocation not supported for did:web (developer controls their domain). */
+    async revoke(_did) {
+        return (0, shared_1.err)('NOT_FOUND');
+    }
+    /**
+     * Get the full registry entry for a did:web DID.
+     * @param did - The DID to look up.
+     * @returns Full entry or error.
+     */
+    async getEntry(did) {
+        return this.fetchEntry(did);
+    }
+    /** Number of cached entries (for testing). */
+    get cacheSize() {
+        return this.cache.size;
+    }
+    /** Fetch and parse a DID document, with caching. */
+    async fetchEntry(did) {
+        // Check cache
+        const cached = this.cache.get(did);
+        if (cached && Date.now() - cached.fetchedAt < this.cacheTtlMs) {
+            return (0, shared_1.ok)(cached.entry);
+        }
+        const url = didWebToUrl(did);
+        if (!url)
+            return (0, shared_1.err)('NOT_FOUND');
+        try {
+            const res = await this.fetchFn(url);
+            if (!res.ok)
+                return (0, shared_1.err)('NOT_FOUND');
+            const doc = (await res.json());
+            const entry = parseDidDocument(did, doc);
+            if (!entry)
+                return (0, shared_1.err)('NOT_FOUND');
+            this.cache.set(did, { entry, fetchedAt: Date.now() });
+            return (0, shared_1.ok)(entry);
+        }
+        catch {
+            return (0, shared_1.err)('NETWORK_ERROR');
+        }
+    }
+}
+exports.DidWebResolver = DidWebResolver;
+/**
+ * Convert a did:web DID to its HTTPS URL.
+ *   did:web:example.com -> https://example.com/.well-known/did.json
+ *   did:web:example.com:path:to -> https://example.com/path/to/did.json
+ * @param did - The did:web DID string.
+ * @returns HTTPS URL or null if invalid.
+ */
+function didWebToUrl(did) {
+    if (!did.startsWith('did:web:'))
+        return null;
+    const parts = did.slice('did:web:'.length).split(':');
+    if (parts.length === 0 || !parts[0])
+        return null;
+    const domain = decodeURIComponent(parts[0]);
+    if (parts.length === 1) {
+        return `https://${domain}/.well-known/did.json`;
+    }
+    const path = parts.slice(1).map(decodeURIComponent).join('/');
+    return `https://${domain}/${path}/did.json`;
+}
+/** Parse a DID document into a RegistryEntry. */
+function parseDidDocument(did, doc) {
+    if (!doc.verificationMethod || doc.verificationMethod.length === 0) {
+        return null;
+    }
+    const vm = doc.verificationMethod[0];
+    if (!vm)
+        return null;
+    let publicKey = null;
+    if (vm.publicKeyMultibase) {
+        publicKey = decodeMultibase(vm.publicKeyMultibase);
+    }
+    else if (vm.publicKeyBase64) {
+        publicKey = (0, crypto_utils_js_1.fromBase64)(vm.publicKeyBase64);
+    }
+    if (!publicKey)
+        return null;
+    return {
+        did,
+        publicKey,
+        name: doc.xailName ?? did,
+        scopes: new Set(doc.xailScopes ?? []),
+        revoked: doc.deactivated === true,
+        rotation_sequence: 1, // DID documents don't track rotation, default to 1
+    };
+}
+/** Decode z-prefixed base58btc multibase to bytes. */
+function decodeMultibase(mb) {
+    if (!mb.startsWith('z'))
+        return null;
+    return base58Decode(mb.slice(1));
+}
+/** Base58 decode (Bitcoin alphabet). */
+function base58Decode(s) {
+    const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+    const BASE = BigInt(58);
+    let num = BigInt(0);
+    for (const char of s) {
+        const idx = ALPHABET.indexOf(char);
+        if (idx < 0)
+            return new Uint8Array(0);
+        num = num * BASE + BigInt(idx);
+    }
+    const hex = num.toString(16);
+    const padded = hex.length % 2 ? '0' + hex : hex;
+    const bytes = new Uint8Array(padded.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(padded.slice(i * 2, i * 2 + 2), 16);
+    }
+    // Handle leading zeros (base58 "1" = 0x00)
+    let leadingZeros = 0;
+    for (const c of s) {
+        if (c === '1')
+            leadingZeros++;
+        else
+            break;
+    }
+    if (leadingZeros > 0) {
+        const result = new Uint8Array(leadingZeros + bytes.length);
+        result.set(bytes, leadingZeros);
+        return result;
+    }
+    return bytes;
+}