npm - @private.me/xbind - Versions diffs - 3.0.1 → 3.0.2 - Mend

@private.me/xbind 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/README.md +55 -14
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
package/dist-standalone/_deps/shared/cjs/index.js +463 -1
package/dist-standalone/_deps/shared/cjs/types.js +315 -1
package/dist-standalone/_deps/shared/errors.js +244 -1
package/dist-standalone/_deps/shared/index.js +72 -1
package/dist-standalone/_deps/shared/types.js +86 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +659 -1
package/dist-standalone/agent-sdk.js +328 -1
package/dist-standalone/agent.js +1800 -1
package/dist-standalone/approval.js +193 -1
package/dist-standalone/async-iterators.js +382 -1
package/dist-standalone/auth.js +219 -1
package/dist-standalone/auto-accept.js +229 -1
package/dist-standalone/backup-config.js +201 -1
package/dist-standalone/backup.js +326 -1
package/dist-standalone/batch-operations.js +388 -1
package/dist-standalone/cancellation.js +477 -1
package/dist-standalone/checkpoint.js +186 -1
package/dist-standalone/circuit-breaker.js +468 -1
package/dist-standalone/cjs/agent-call.js +701 -1
package/dist-standalone/cjs/agent-sdk.js +332 -1
package/dist-standalone/cjs/agent.js +1837 -1
package/dist-standalone/cjs/approval.js +199 -1
package/dist-standalone/cjs/async-iterators.js +392 -1
package/dist-standalone/cjs/auth.js +225 -1
package/dist-standalone/cjs/auto-accept.js +233 -1
package/dist-standalone/cjs/backup-config.js +207 -1
package/dist-standalone/cjs/backup.js +330 -1
package/dist-standalone/cjs/batch-operations.js +397 -1
package/dist-standalone/cjs/cancellation.js +490 -1
package/dist-standalone/cjs/checkpoint.js +193 -1
package/dist-standalone/cjs/circuit-breaker.js +476 -1
package/dist-standalone/cjs/cli/init.js +492 -1
package/dist-standalone/cjs/config-validation.js +522 -1
package/dist-standalone/cjs/connect.js +312 -1
package/dist-standalone/cjs/connection-pool.js +506 -1
package/dist-standalone/cjs/correlation-id.js +339 -1
package/dist-standalone/cjs/crypto-utils.js +176 -1
package/dist-standalone/cjs/debug-mode.js +534 -1
package/dist-standalone/cjs/did-document.js +101 -1
package/dist-standalone/cjs/did-privateme.js +130 -1
package/dist-standalone/cjs/did-web.js +201 -1
package/dist-standalone/cjs/discovery.js +462 -1
package/dist-standalone/cjs/dual-mode.js +251 -1
package/dist-standalone/cjs/email-templates.js +313 -1
package/dist-standalone/cjs/email-transport.js +239 -1
package/dist-standalone/cjs/envelope.js +538 -1
package/dist-standalone/cjs/errors.js +913 -1
package/dist-standalone/cjs/event-emitter.js +461 -1
package/dist-standalone/cjs/gateway-state.js +55 -1
package/dist-standalone/cjs/gateway-transport.js +120 -1
package/dist-standalone/cjs/graceful-degradation.js +403 -1
package/dist-standalone/cjs/guardrails.js +223 -1
package/dist-standalone/cjs/health-check.js +336 -1
package/dist-standalone/cjs/http-compat.js +272 -1
package/dist-standalone/cjs/http-status-map.js +571 -1
package/dist-standalone/cjs/identity.js +645 -1
package/dist-standalone/cjs/index.js +406 -1
package/dist-standalone/cjs/invitation.js +421 -1
package/dist-standalone/cjs/invite.js +328 -1
package/dist-standalone/cjs/key-agreement.js +335 -1
package/dist-standalone/cjs/lazy-init.js +300 -1
package/dist-standalone/cjs/logger.js +291 -1
package/dist-standalone/cjs/mdns-discovery.js +202 -1
package/dist-standalone/cjs/nonce-store.js +80 -1
package/dist-standalone/cjs/pairing-manager.js +223 -1
package/dist-standalone/cjs/plugin-system.js +264 -1
package/dist-standalone/cjs/plugins/logging.js +168 -1
package/dist-standalone/cjs/plugins/metrics.js +181 -1
package/dist-standalone/cjs/plugins/validation.js +302 -1
package/dist-standalone/cjs/policy.js +320 -1
package/dist-standalone/cjs/progress-callbacks.js +583 -1
package/dist-standalone/cjs/redis-nonce-store.js +76 -1
package/dist-standalone/cjs/registry-middleware.js +50 -1
package/dist-standalone/cjs/retry-strategies.js +544 -1
package/dist-standalone/cjs/retry-transport.js +102 -1
package/dist-standalone/cjs/runtime/browser.js +533 -1
package/dist-standalone/cjs/runtime/edge.js +526 -1
package/dist-standalone/cjs/runtime/react-native.js +394 -1
package/dist-standalone/cjs/security-policy.js +245 -1
package/dist-standalone/cjs/serialization.js +1040 -1
package/dist-standalone/cjs/split-channel.js +225 -1
package/dist-standalone/cjs/subscription-proof.js +230 -1
package/dist-standalone/cjs/succession.js +148 -1
package/dist-standalone/cjs/timeouts.js +412 -1
package/dist-standalone/cjs/trace-context.js +424 -1
package/dist-standalone/cjs/trace-spans.js +495 -1
package/dist-standalone/cjs/transport.js +63 -1
package/dist-standalone/cjs/trust-registry.js +991 -1
package/dist-standalone/cjs/types/error-response.js +56 -1
package/dist-standalone/cjs/vault-auth.js +178 -1
package/dist-standalone/cjs/vault-store-loader.js +194 -1
package/dist-standalone/cjs/verify.js +25 -1
package/dist-standalone/cjs/version-info.js +543 -1
package/dist-standalone/cjs/xfetch.js +340 -1
package/dist-standalone/cli/init.js +455 -1
package/dist-standalone/cli/setup.js +514 -1
package/dist-standalone/cli/types.js +27 -1
package/dist-standalone/cli/xbind.js +148 -1
package/dist-standalone/config-validation.js +513 -1
package/dist-standalone/connect.js +274 -1
package/dist-standalone/connection-pool.js +500 -1
package/dist-standalone/correlation-id.js +326 -1
package/dist-standalone/crypto-utils.js +157 -1
package/dist-standalone/debug-mode.js +510 -1
package/dist-standalone/did-document.js +96 -1
package/dist-standalone/did-privateme.js +121 -1
package/dist-standalone/did-web.js +196 -1
package/dist-standalone/discovery.js +458 -1
package/dist-standalone/dual-mode.js +247 -1
package/dist-standalone/email-templates.js +309 -1
package/dist-standalone/email-transport.js +232 -1
package/dist-standalone/envelope.js +525 -1
package/dist-standalone/errors.js +896 -1
package/dist-standalone/event-emitter.js +456 -1
package/dist-standalone/gateway-state.js +51 -1
package/dist-standalone/gateway-transport.js +116 -1
package/dist-standalone/graceful-degradation.js +396 -1
package/dist-standalone/guardrails.js +216 -1
package/dist-standalone/health-check.js +332 -1
package/dist-standalone/http-compat.js +267 -1
package/dist-standalone/http-status-map.js +561 -1
package/dist-standalone/identity.js +619 -1
package/dist-standalone/index.js +78 -1
package/dist-standalone/invitation.js +415 -1
package/dist-standalone/invite.js +324 -1
package/dist-standalone/key-agreement.js +325 -1
package/dist-standalone/lazy-init.js +295 -1
package/dist-standalone/logger.js +285 -1
package/dist-standalone/mdns-discovery.js +195 -1
package/dist-standalone/nonce-store.js +76 -1
package/dist-standalone/pairing-manager.js +219 -1
package/dist-standalone/plugin-system.js +257 -1
package/dist-standalone/plugins/logging.js +163 -1
package/dist-standalone/plugins/metrics.js +176 -1
package/dist-standalone/plugins/validation.js +297 -1
package/dist-standalone/policy.js +315 -1
package/dist-standalone/progress-callbacks.js +576 -1
package/dist-standalone/redis-nonce-store.js +72 -1
package/dist-standalone/registry-middleware.js +47 -1
package/dist-standalone/retry-strategies.js +534 -1
package/dist-standalone/retry-transport.js +98 -1
package/dist-standalone/runtime/browser.js +516 -1
package/dist-standalone/runtime/edge.js +511 -1
package/dist-standalone/runtime/react-native.js +383 -1
package/dist-standalone/security-policy.js +239 -1
package/dist-standalone/serialization.js +1031 -1
package/dist-standalone/split-channel.js +219 -1
package/dist-standalone/subscription-proof.js +224 -1
package/dist-standalone/succession.js +142 -1
package/dist-standalone/timeouts.js +398 -1
package/dist-standalone/trace-context.js +414 -1
package/dist-standalone/trace-spans.js +488 -1
package/dist-standalone/transport.js +59 -1
package/dist-standalone/trust-registry.js +950 -1
package/dist-standalone/types/error-response.js +52 -1
package/dist-standalone/vault-auth.js +174 -1
package/dist-standalone/vault-store-loader.js +187 -1
package/dist-standalone/verify.js +16 -1
package/dist-standalone/version-info.js +530 -1
package/dist-standalone/xfetch.js +335 -1
package/package.json +4 -13
package/share1.dat +0 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
package/dist-standalone/_deps/shared/cjs/package.json +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
package/dist-standalone/cjs/package.json +0 -3
package/dist-standalone/package.json +0 -10

package/dist-standalone/discovery.js CHANGED Viewed

@@ -1 +1,458 @@
-import{ok,err}from"./_deps/shared/index.js";import{promises as dns}from"dns";export var DiscoveryErrorCode;!function(e){e.SERVICE_NOT_FOUND="DISCOVERY_SERVICE_NOT_FOUND",e.REGISTRY_UNREACHABLE="DISCOVERY_REGISTRY_UNREACHABLE",e.INVALID_RESPONSE="DISCOVERY_INVALID_RESPONSE",e.NETWORK_ERROR="DISCOVERY_NETWORK_ERROR",e.INVALID_SERVICE_NAME="DISCOVERY_INVALID_SERVICE_NAME",e.DNS_ERROR="DISCOVERY_DNS_ERROR",e.INVALID_EMAIL="DISCOVERY_INVALID_EMAIL",e.PERSONAL_EMAIL_DOMAIN="DISCOVERY_PERSONAL_EMAIL_DOMAIN"}(DiscoveryErrorCode||(DiscoveryErrorCode={}));const PERSONAL_EMAIL_DOMAINS=new Set(["gmail.com","googlemail.com","outlook.com","hotmail.com","live.com","yahoo.com","ymail.com","icloud.com","me.com","secure-email-provider-1.com","secure-email-provider-2.com","aol.com","mail.com","zoho.com","gmx.com","tutanota.com","fastmail.com"]);export class ServiceDiscovery{registryUrl;dnsCache;constructor(e={}){this.registryUrl=e.registryUrl||"https://xbind.registry.io",this.dnsCache=new Map}async discover(e){if(!e||0===e.trim().length)return err({code:DiscoveryErrorCode.INVALID_SERVICE_NAME,message:"Service name cannot be empty",hint:"Provide a service name, domain, email, or URL"});if((e=e.trim()).startsWith("http://")||e.startsWith("https://"))return this.discoverDirect(e);if(e.includes("@")&&!e.includes("/"))return this.discoverEmail(e);if(e.includes(".")&&!e.includes("/")){const r=await this.discoverWellKnown(e);if(r.ok)return r;const o=await this.discoverDnsTxt(e);if(o.ok)return o}return this.discoverRegistry(e)}async discoverRegistry(e){try{const r=`${this.registryUrl}/lookup/${encodeURIComponent(e)}`,o=await fetch(r,{headers:{Accept:"application/json"}});if(404===o.status)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service "${e}" not found in registry`,hint:"Check service name or register at xbind.registry.io"});if(!o.ok)return err({code:DiscoveryErrorCode.REGISTRY_UNREACHABLE,message:`Registry returned ${o.status}`,hint:"Try again later or use direct URL"});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error",hint:"Check internet connection"})}}async discoverWellKnown(e){try{const r=`https://${e}/.well-known/xbind`,o=await fetch(r,{headers:{Accept:"application/json"}});if(!o.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No .well-known/xbind found at ${e}`});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDirect(e){try{const r=await fetch(e,{headers:{Accept:"application/json"}});if(!r.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service not found at ${e}`});const o=await r.json();return ok(o)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDnsTxt(e){const r=this.dnsCache.get(e);if(r&&r.expiry>Date.now())return ok(r.info);try{const r=await dns.resolveTxt(`_xbind.${e}`);for(const o of r){const r=o.join("");if(r.includes("xbind-endpoint=")){const o=this.parseDnsTxtRecord(r,e);if(o.ok)return this.dnsCache.set(e,{info:o.value,expiry:Date.now()+3e5}),o}if(r.startsWith("xbind=")){const o=r.substring(6),t=await this.discoverDirect(o);return t.ok&&this.dnsCache.set(e,{info:t.value,expiry:Date.now()+3e5}),t}}return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No _xbind TXT record found for ${e}`,hint:'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."'})}catch(r){if(r&&"object"==typeof r&&"code"in r){const o=r;if("ENOTFOUND"===o.code||"ENODATA"===o.code)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No DNS TXT record found for _xbind.${e}`});if("ETIMEOUT"===o.code)return err({code:DiscoveryErrorCode.DNS_ERROR,message:"DNS query timeout",hint:"Check network connection or try again"})}return err({code:DiscoveryErrorCode.DNS_ERROR,message:r instanceof Error?r.message:"DNS lookup failed",hint:"Check domain name and DNS configuration"})}}parseDnsTxtRecord(e,r){try{const o=new Map,t=e.split(";").map(e=>e.trim()).filter(e=>e.length>0);for(const e of t){const r=e.indexOf("=");if(-1===r)continue;const t=e.substring(0,r).trim(),i=e.substring(r+1).trim();o.set(t,i)}const i=o.get("xbind-endpoint"),s=o.get("did"),n=o.get("publicKey");if(!i||!s||!n)return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:"DNS TXT record missing required fields",hint:"Required: xbind-endpoint, did, publicKey"});const c={name:r,endpoint:i,did:s,publicKey:n};return o.has("x25519PublicKey")&&(c.x25519PublicKey=o.get("x25519PublicKey")),o.has("mlKemPublicKey")&&(c.mlKemPublicKey=o.get("mlKemPublicKey")),o.has("description")&&(c.description=o.get("description")),o.has("logo")&&(c.logo=o.get("logo")),o.has("docs")&&(c.docs=o.get("docs")),ok(c)}catch(e){return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:e instanceof Error?e.message:"Failed to parse DNS TXT record"})}}async discoverEmail(e){if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e))return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Invalid email format: ${e}`,hint:"Provide a valid email address (e.g., alice@company.com)"});const r=this.extractDomain(e);if(!r)return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Could not extract domain from email: ${e}`,hint:"Check email format"});if(PERSONAL_EMAIL_DOMAINS.has(r.toLowerCase()))return err({code:DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,message:`Personal email domains not supported for discovery: ${r}`,hint:"Use a corporate email address or provide the company domain directly"});const o=await this.discoverWellKnown(r);if(o.ok)return o;const t=await this.discoverDnsTxt(r);return t.ok?t:this.discoverRegistry(r)}extractDomain(e){const r=e.split("@");if(2!==r.length||!r[1])return null;const o=r[1].trim().toLowerCase();if(!o.includes(".")||o.length<3)return null;return/^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/.test(o)?o:null}}
+/**
+ * @module discovery
+ * Service discovery for zero-config XBind connections.
+ *
+ * Enables: `xbind connect payments-service`
+ *
+ * Four-tier discovery:
+ * 1. Public registry (xbind.registry.io)
+ * 2. Well-known URL (https://service.com/.well-known/xbind)
+ * 3. DNS TXT record (_xbind.service.com)
+ * 4. Direct URL/QR code
+ */
+import { ok, err } from"./_deps/shared/index.js";
+import { promises as dns } from 'dns';
+/**
+ * Discovery error codes.
+ */
+export var DiscoveryErrorCode;
+(function (DiscoveryErrorCode) {
+    DiscoveryErrorCode["SERVICE_NOT_FOUND"] = "DISCOVERY_SERVICE_NOT_FOUND";
+    DiscoveryErrorCode["REGISTRY_UNREACHABLE"] = "DISCOVERY_REGISTRY_UNREACHABLE";
+    DiscoveryErrorCode["INVALID_RESPONSE"] = "DISCOVERY_INVALID_RESPONSE";
+    DiscoveryErrorCode["NETWORK_ERROR"] = "DISCOVERY_NETWORK_ERROR";
+    DiscoveryErrorCode["INVALID_SERVICE_NAME"] = "DISCOVERY_INVALID_SERVICE_NAME";
+    DiscoveryErrorCode["DNS_ERROR"] = "DISCOVERY_DNS_ERROR";
+    DiscoveryErrorCode["INVALID_EMAIL"] = "DISCOVERY_INVALID_EMAIL";
+    DiscoveryErrorCode["PERSONAL_EMAIL_DOMAIN"] = "DISCOVERY_PERSONAL_EMAIL_DOMAIN";
+})(DiscoveryErrorCode || (DiscoveryErrorCode = {}));
+/**
+ * Personal email domains that are blacklisted from discovery.
+ * Corporate services should use their own domain, not personal email.
+ */
+const PERSONAL_EMAIL_DOMAINS = new Set([
+    'gmail.com',
+    'googlemail.com',
+    'outlook.com',
+    'hotmail.com',
+    'live.com',
+    'yahoo.com',
+    'ymail.com',
+    'icloud.com',
+    'me.com',
+    'secure-email-provider-1.com',
+    'secure-email-provider-2.com',
+    'aol.com',
+    'mail.com',
+    'zoho.com',
+    'gmx.com',
+    'tutanota.com',
+    'fastmail.com',
+]);
+/**
+ * Discovery client for finding services.
+ */
+export class ServiceDiscovery {
+    registryUrl;
+    dnsCache;
+    /**
+     * Create a discovery client.
+     *
+     * @param options - Configuration options
+     * @param options.registryUrl - Registry URL (default: https://xbind.registry.io)
+     */
+    constructor(options = {}) {
+        this.registryUrl = options.registryUrl || 'https://xbind.registry.io';
+        this.dnsCache = new Map();
+    }
+    /**
+     * Discover a service by name.
+     *
+     * Tries:
+     * 1. Email-based discovery (extracts domain from email)
+     * 2. Public registry lookup
+     * 3. Well-known URL if name is a domain
+     * 4. DNS TXT record (_xbind.domain)
+     * 5. Direct URL if name is a full URL
+     *
+     * @param nameOrUrl - Service name, email, domain, or URL
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     *
+     * // By name (registry lookup):
+     * const result = await discovery.discover('payments-service');
+     *
+     * // By email (domain extraction):
+     * const result = await discovery.discover('alice@company.com');
+     *
+     * // By domain (well-known):
+     * const result = await discovery.discover('payments.example.com');
+     *
+     * // By URL (direct):
+     * const result = await discovery.discover('https://api.payments.com/xbind');
+     * ```
+     */
+    async discover(nameOrUrl) {
+        // Validate input
+        if (!nameOrUrl || nameOrUrl.trim().length === 0) {
+            return err({
+                code: DiscoveryErrorCode.INVALID_SERVICE_NAME,
+                message: 'Service name cannot be empty',
+                hint: 'Provide a service name, domain, email, or URL',
+            });
+        }
+        nameOrUrl = nameOrUrl.trim();
+        // If full URL, try direct
+        if (nameOrUrl.startsWith('http://') || nameOrUrl.startsWith('https://')) {
+            return this.discoverDirect(nameOrUrl);
+        }
+        // If email address, extract domain and discover
+        if (nameOrUrl.includes('@') && !nameOrUrl.includes('/')) {
+            return this.discoverEmail(nameOrUrl);
+        }
+        // If looks like domain, try well-known first, then DNS TXT
+        if (nameOrUrl.includes('.') && !nameOrUrl.includes('/')) {
+            const wellKnownResult = await this.discoverWellKnown(nameOrUrl);
+            if (wellKnownResult.ok) {
+                return wellKnownResult;
+            }
+            // Try DNS TXT as fallback
+            const dnsTxtResult = await this.discoverDnsTxt(nameOrUrl);
+            if (dnsTxtResult.ok) {
+                return dnsTxtResult;
+            }
+            // Fall through to registry if both fail
+        }
+        // Try registry lookup
+        return this.discoverRegistry(nameOrUrl);
+    }
+    /**
+     * Look up service in public registry.
+     *
+     * GET https://xbind.registry.io/lookup/:name
+     */
+    async discoverRegistry(name) {
+        try {
+            const url = `${this.registryUrl}/lookup/${encodeURIComponent(name)}`;
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (response.status === 404) {
+                return err({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `Service "${name}" not found in registry`,
+                    hint: 'Check service name or register at xbind.registry.io',
+                });
+            }
+            if (!response.ok) {
+                return err({
+                    code: DiscoveryErrorCode.REGISTRY_UNREACHABLE,
+                    message: `Registry returned ${response.status}`,
+                    hint: 'Try again later or use direct URL',
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+                hint: 'Check internet connection',
+            });
+        }
+    }
+    /**
+     * Discover via .well-known/xbind.
+     *
+     * GET https://domain/.well-known/xbind
+     */
+    async discoverWellKnown(domain) {
+        try {
+            const url = `https://${domain}/.well-known/xbind`;
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (!response.ok) {
+                return err({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `No .well-known/xbind found at ${domain}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Discover via direct URL.
+     */
+    async discoverDirect(url) {
+        try {
+            const response = await fetch(url, {
+                headers: {
+                    'Accept': 'application/json',
+                },
+            });
+            if (!response.ok) {
+                return err({
+                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                    message: `Service not found at ${url}`,
+                });
+            }
+            const data = await response.json();
+            return ok(data);
+        }
+        catch (error) {
+            return err({
+                code: DiscoveryErrorCode.NETWORK_ERROR,
+                message: error instanceof Error ? error.message : 'Network error',
+            });
+        }
+    }
+    /**
+     * Discover via DNS TXT record.
+     *
+     * Looks up TXT record at _xbind.domain
+     *
+     * Supports two formats:
+     * 1. Full record: "xbind-endpoint=https://...;did=did:web:...;publicKey=..." (all fields in DNS)
+     * 2. Simple redirect: "xbind=https://api.example.com/xbind" (fetch from endpoint)
+     *
+     * Includes 5-minute caching to reduce DNS queries.
+     */
+    async discoverDnsTxt(domain) {
+        // Check cache first (5 minute TTL)
+        const cached = this.dnsCache.get(domain);
+        if (cached && cached.expiry > Date.now()) {
+            return ok(cached.info);
+        }
+        try {
+            const txtRecords = await dns.resolveTxt(`_xbind.${domain}`);
+            // Find xbind record
+            for (const record of txtRecords) {
+                const txt = record.join('');
+                // Format 1: Full record with all fields
+                if (txt.includes('xbind-endpoint=')) {
+                    const parsed = this.parseDnsTxtRecord(txt, domain);
+                    if (parsed.ok) {
+                        // Cache for 5 minutes
+                        this.dnsCache.set(domain, {
+                            info: parsed.value,
+                            expiry: Date.now() + 5 * 60 * 1000,
+                        });
+                        return parsed;
+                    }
+                }
+                // Format 2: Simple redirect to endpoint
+                if (txt.startsWith('xbind=')) {
+                    const endpoint = txt.substring(6);
+                    // Fetch service info from endpoint
+                    const result = await this.discoverDirect(endpoint);
+                    if (result.ok) {
+                        // Cache for 5 minutes
+                        this.dnsCache.set(domain, {
+                            info: result.value,
+                            expiry: Date.now() + 5 * 60 * 1000,
+                        });
+                    }
+                    return result;
+                }
+            }
+            return err({
+                code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                message: `No _xbind TXT record found for ${domain}`,
+                hint: 'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."',
+            });
+        }
+        catch (error) {
+            // Handle DNS-specific errors
+            if (error && typeof error === 'object' && 'code' in error) {
+                const dnsError = error;
+                if (dnsError.code === 'ENOTFOUND' || dnsError.code === 'ENODATA') {
+                    return err({
+                        code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
+                        message: `No DNS TXT record found for _xbind.${domain}`,
+                    });
+                }
+                if (dnsError.code === 'ETIMEOUT') {
+                    return err({
+                        code: DiscoveryErrorCode.DNS_ERROR,
+                        message: 'DNS query timeout',
+                        hint: 'Check network connection or try again',
+                    });
+                }
+            }
+            return err({
+                code: DiscoveryErrorCode.DNS_ERROR,
+                message: error instanceof Error ? error.message : 'DNS lookup failed',
+                hint: 'Check domain name and DNS configuration',
+            });
+        }
+    }
+    /**
+     * Parse DNS TXT record into ServiceInfo.
+     *
+     * Expected format:
+     * xbind-endpoint=https://...;did=did:web:...;publicKey=...;version=1.0
+     *
+     * Optional fields:
+     * x25519PublicKey=...;mlKemPublicKey=...;description=...;logo=...;docs=...
+     */
+    parseDnsTxtRecord(txtRecord, domain) {
+        try {
+            const fields = new Map();
+            // Split by semicolon and parse key=value pairs
+            const parts = txtRecord.split(';').map(p => p.trim()).filter(p => p.length > 0);
+            for (const part of parts) {
+                const eqIndex = part.indexOf('=');
+                if (eqIndex === -1)
+                    continue;
+                const key = part.substring(0, eqIndex).trim();
+                const value = part.substring(eqIndex + 1).trim();
+                fields.set(key, value);
+            }
+            // Validate required fields
+            const endpoint = fields.get('xbind-endpoint');
+            const did = fields.get('did');
+            const publicKey = fields.get('publicKey');
+            if (!endpoint || !did || !publicKey) {
+                return err({
+                    code: DiscoveryErrorCode.INVALID_RESPONSE,
+                    message: 'DNS TXT record missing required fields',
+                    hint: 'Required: xbind-endpoint, did, publicKey',
+                });
+            }
+            // Build ServiceInfo
+            const info = {
+                name: domain,
+                endpoint,
+                did,
+                publicKey,
+            };
+            // Add optional fields
+            if (fields.has('x25519PublicKey')) {
+                info.x25519PublicKey = fields.get('x25519PublicKey');
+            }
+            if (fields.has('mlKemPublicKey')) {
+                info.mlKemPublicKey = fields.get('mlKemPublicKey');
+            }
+            if (fields.has('description')) {
+                info.description = fields.get('description');
+            }
+            if (fields.has('logo')) {
+                info.logo = fields.get('logo');
+            }
+            if (fields.has('docs')) {
+                info.docs = fields.get('docs');
+            }
+            return ok(info);
+        }
+        catch (error) {
+            return err({
+                code: DiscoveryErrorCode.INVALID_RESPONSE,
+                message: error instanceof Error ? error.message : 'Failed to parse DNS TXT record',
+            });
+        }
+    }
+    /**
+     * Discover service via email address.
+     *
+     * Extracts domain from email and performs discovery.
+     * Personal email domains (gmail.com, outlook.com, etc.) are rejected.
+     *
+     * @param email - Email address (e.g., "alice@company.com")
+     * @returns Service info or error
+     *
+     * @example
+     * ```ts
+     * const discovery = new ServiceDiscovery();
+     * const result = await discovery.discoverEmail('alice@company.com');
+     * // Discovers service at company.com
+     * ```
+     */
+    async discoverEmail(email) {
+        // Validate email format
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            return err({
+                code: DiscoveryErrorCode.INVALID_EMAIL,
+                message: `Invalid email format: ${email}`,
+                hint: 'Provide a valid email address (e.g., alice@company.com)',
+            });
+        }
+        // Extract domain (everything after @)
+        const domain = this.extractDomain(email);
+        if (!domain) {
+            return err({
+                code: DiscoveryErrorCode.INVALID_EMAIL,
+                message: `Could not extract domain from email: ${email}`,
+                hint: 'Check email format',
+            });
+        }
+        // Check for personal email domains
+        if (PERSONAL_EMAIL_DOMAINS.has(domain.toLowerCase())) {
+            return err({
+                code: DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,
+                message: `Personal email domains not supported for discovery: ${domain}`,
+                hint: 'Use a corporate email address or provide the company domain directly',
+            });
+        }
+        // Discover using the extracted domain
+        // Try well-known first, then DNS TXT, then registry
+        const wellKnownResult = await this.discoverWellKnown(domain);
+        if (wellKnownResult.ok) {
+            return wellKnownResult;
+        }
+        const dnsTxtResult = await this.discoverDnsTxt(domain);
+        if (dnsTxtResult.ok) {
+            return dnsTxtResult;
+        }
+        // Try registry with domain
+        return this.discoverRegistry(domain);
+    }
+    /**
+     * Extract domain from email address.
+     * Handles edge cases: subdomains, plus addressing, etc.
+     *
+     * @param email - Email address
+     * @returns Domain or null if extraction fails
+     *
+     * @example
+     * ```ts
+     * extractDomain('alice@company.com') // 'company.com'
+     * extractDomain('alice+label@company.com') // 'company.com'
+     * extractDomain('alice@mail.company.com') // 'mail.company.com'
+     * ```
+     */
+    extractDomain(email) {
+        const parts = email.split('@');
+        if (parts.length !== 2 || !parts[1]) {
+            return null;
+        }
+        // Domain is everything after @
+        const domain = parts[1].trim().toLowerCase();
+        // Validate domain has at least one dot and valid characters
+        if (!domain.includes('.') || domain.length < 3) {
+            return null;
+        }
+        // Basic domain validation (alphanumeric, dots, hyphens)
+        const domainRegex = /^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/;
+        if (!domainRegex.test(domain)) {
+            return null;
+        }
+        return domain;
+    }
+}