npm - @private.me/xbind - Versions diffs - 3.0.2 → 3.0.3 - Mend

@private.me/xbind 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (221) hide show

package/README.md +2366 -204
package/README.md.backup +2121 -0
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -729
package/dist-standalone/_deps/shared/cjs/index.js +1 -463
package/dist-standalone/_deps/shared/cjs/types.js +1 -315
package/dist-standalone/_deps/shared/errors.js +1 -244
package/dist-standalone/_deps/shared/index.js +1 -72
package/dist-standalone/_deps/shared/types.js +1 -86
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.d.ts +2 -2
package/dist-standalone/agent-call.js +1 -659
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +2 -0
package/dist-standalone/agent.js +1 -1800
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +3 -3
package/dist-standalone/async-iterators.js +1 -382
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.js +1 -326
package/dist-standalone/batch-operations.js +1 -388
package/dist-standalone/cancellation.js +1 -477
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.js +1 -468
package/dist-standalone/cjs/agent-call.js +1 -701
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1837
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -392
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -330
package/dist-standalone/cjs/batch-operations.js +1 -397
package/dist-standalone/cjs/cancellation.js +1 -490
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -476
package/dist-standalone/cjs/cli/init.js +1 -492
package/dist-standalone/cjs/config-validation.js +1 -522
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -506
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -176
package/dist-standalone/cjs/debug-mode.js +1 -534
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -538
package/dist-standalone/cjs/errors.js +1 -913
package/dist-standalone/cjs/event-emitter.js +1 -461
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -403
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -336
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -645
package/dist-standalone/cjs/index.js +1 -406
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -335
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -291
package/dist-standalone/cjs/loopback-transport.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -80
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -264
package/dist-standalone/cjs/plugins/logging.js +1 -168
package/dist-standalone/cjs/plugins/metrics.js +1 -181
package/dist-standalone/cjs/plugins/validation.js +1 -302
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -583
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -544
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -533
package/dist-standalone/cjs/runtime/edge.js +1 -526
package/dist-standalone/cjs/runtime/react-native.js +1 -394
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -1040
package/dist-standalone/cjs/split-channel.js +1 -225
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -412
package/dist-standalone/cjs/trace-context.js +1 -424
package/dist-standalone/cjs/trace-spans.js +1 -495
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -991
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -178
package/dist-standalone/cjs/vault-store-loader.js +1 -194
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -543
package/dist-standalone/cjs/xfetch.js +1 -340
package/dist-standalone/cli/init.js +1 -455
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.js +1 -513
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.js +1 -500
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +2 -7
package/dist-standalone/crypto-utils.js +1 -157
package/dist-standalone/debug-mode.js +1 -510
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.d.ts +2 -2
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.js +1 -525
package/dist-standalone/errors.d.ts +13 -3
package/dist-standalone/errors.js +1 -896
package/dist-standalone/event-emitter.js +1 -456
package/dist-standalone/gateway-state.d.ts +1 -1
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.js +1 -396
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +5 -1
package/dist-standalone/health-check.js +1 -332
package/dist-standalone/http-compat.d.ts +1 -1
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.js +1 -619
package/dist-standalone/index.d.ts +15 -4
package/dist-standalone/index.js +1 -78
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.js +1 -325
package/dist-standalone/lazy-init.d.ts +11 -6
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.js +1 -285
package/dist-standalone/loopback-transport.d.ts +87 -0
package/dist-standalone/loopback-transport.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.js +1 -76
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.js +1 -257
package/dist-standalone/plugins/logging.js +1 -163
package/dist-standalone/plugins/metrics.d.ts +4 -4
package/dist-standalone/plugins/metrics.js +1 -176
package/dist-standalone/plugins/validation.js +1 -297
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.js +1 -576
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.js +1 -534
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/runtime/browser.js +1 -516
package/dist-standalone/runtime/edge.js +1 -511
package/dist-standalone/runtime/react-native.d.ts +1 -1
package/dist-standalone/runtime/react-native.js +1 -383
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.js +1 -1031
package/dist-standalone/split-channel.js +1 -219
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.js +1 -398
package/dist-standalone/trace-context.js +1 -414
package/dist-standalone/trace-spans.js +1 -488
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +3 -3
package/dist-standalone/trust-registry.js +1 -950
package/dist-standalone/types/error-response.js +1 -52
package/dist-standalone/vault-auth.js +1 -174
package/dist-standalone/vault-store-loader.d.ts +9 -0
package/dist-standalone/vault-store-loader.js +1 -187
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.js +1 -530
package/dist-standalone/xfetch.js +1 -335
package/package.json +1 -1
package/share1.dat +0 -0

package/dist-standalone/discovery.js CHANGED Viewed

@@ -1,458 +1 @@
-/**
- * @module discovery
- * Service discovery for zero-config XBind connections.
- *
- * Enables: `xbind connect payments-service`
- *
- * Four-tier discovery:
- * 1. Public registry (xbind.registry.io)
- * 2. Well-known URL (https://service.com/.well-known/xbind)
- * 3. DNS TXT record (_xbind.service.com)
- * 4. Direct URL/QR code
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { promises as dns } from 'dns';
-/**
- * Discovery error codes.
- */
-export var DiscoveryErrorCode;
-(function (DiscoveryErrorCode) {
-    DiscoveryErrorCode["SERVICE_NOT_FOUND"] = "DISCOVERY_SERVICE_NOT_FOUND";
-    DiscoveryErrorCode["REGISTRY_UNREACHABLE"] = "DISCOVERY_REGISTRY_UNREACHABLE";
-    DiscoveryErrorCode["INVALID_RESPONSE"] = "DISCOVERY_INVALID_RESPONSE";
-    DiscoveryErrorCode["NETWORK_ERROR"] = "DISCOVERY_NETWORK_ERROR";
-    DiscoveryErrorCode["INVALID_SERVICE_NAME"] = "DISCOVERY_INVALID_SERVICE_NAME";
-    DiscoveryErrorCode["DNS_ERROR"] = "DISCOVERY_DNS_ERROR";
-    DiscoveryErrorCode["INVALID_EMAIL"] = "DISCOVERY_INVALID_EMAIL";
-    DiscoveryErrorCode["PERSONAL_EMAIL_DOMAIN"] = "DISCOVERY_PERSONAL_EMAIL_DOMAIN";
-})(DiscoveryErrorCode || (DiscoveryErrorCode = {}));
-/**
- * Personal email domains that are blacklisted from discovery.
- * Corporate services should use their own domain, not personal email.
- */
-const PERSONAL_EMAIL_DOMAINS = new Set([
-    'gmail.com',
-    'googlemail.com',
-    'outlook.com',
-    'hotmail.com',
-    'live.com',
-    'yahoo.com',
-    'ymail.com',
-    'icloud.com',
-    'me.com',
-    'secure-email-provider-1.com',
-    'secure-email-provider-2.com',
-    'aol.com',
-    'mail.com',
-    'zoho.com',
-    'gmx.com',
-    'tutanota.com',
-    'fastmail.com',
-]);
-/**
- * Discovery client for finding services.
- */
-export class ServiceDiscovery {
-    registryUrl;
-    dnsCache;
-    /**
-     * Create a discovery client.
-     *
-     * @param options - Configuration options
-     * @param options.registryUrl - Registry URL (default: https://xbind.registry.io)
-     */
-    constructor(options = {}) {
-        this.registryUrl = options.registryUrl || 'https://xbind.registry.io';
-        this.dnsCache = new Map();
-    }
-    /**
-     * Discover a service by name.
-     *
-     * Tries:
-     * 1. Email-based discovery (extracts domain from email)
-     * 2. Public registry lookup
-     * 3. Well-known URL if name is a domain
-     * 4. DNS TXT record (_xbind.domain)
-     * 5. Direct URL if name is a full URL
-     *
-     * @param nameOrUrl - Service name, email, domain, or URL
-     * @returns Service info or error
-     *
-     * @example
-     * ```ts
-     * const discovery = new ServiceDiscovery();
-     *
-     * // By name (registry lookup):
-     * const result = await discovery.discover('payments-service');
-     *
-     * // By email (domain extraction):
-     * const result = await discovery.discover('alice@company.com');
-     *
-     * // By domain (well-known):
-     * const result = await discovery.discover('payments.example.com');
-     *
-     * // By URL (direct):
-     * const result = await discovery.discover('https://api.payments.com/xbind');
-     * ```
-     */
-    async discover(nameOrUrl) {
-        // Validate input
-        if (!nameOrUrl || nameOrUrl.trim().length === 0) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_SERVICE_NAME,
-                message: 'Service name cannot be empty',
-                hint: 'Provide a service name, domain, email, or URL',
-            });
-        }
-        nameOrUrl = nameOrUrl.trim();
-        // If full URL, try direct
-        if (nameOrUrl.startsWith('http://') || nameOrUrl.startsWith('https://')) {
-            return this.discoverDirect(nameOrUrl);
-        }
-        // If email address, extract domain and discover
-        if (nameOrUrl.includes('@') && !nameOrUrl.includes('/')) {
-            return this.discoverEmail(nameOrUrl);
-        }
-        // If looks like domain, try well-known first, then DNS TXT
-        if (nameOrUrl.includes('.') && !nameOrUrl.includes('/')) {
-            const wellKnownResult = await this.discoverWellKnown(nameOrUrl);
-            if (wellKnownResult.ok) {
-                return wellKnownResult;
-            }
-            // Try DNS TXT as fallback
-            const dnsTxtResult = await this.discoverDnsTxt(nameOrUrl);
-            if (dnsTxtResult.ok) {
-                return dnsTxtResult;
-            }
-            // Fall through to registry if both fail
-        }
-        // Try registry lookup
-        return this.discoverRegistry(nameOrUrl);
-    }
-    /**
-     * Look up service in public registry.
-     *
-     * GET https://xbind.registry.io/lookup/:name
-     */
-    async discoverRegistry(name) {
-        try {
-            const url = `${this.registryUrl}/lookup/${encodeURIComponent(name)}`;
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (response.status === 404) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `Service "${name}" not found in registry`,
-                    hint: 'Check service name or register at xbind.registry.io',
-                });
-            }
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.REGISTRY_UNREACHABLE,
-                    message: `Registry returned ${response.status}`,
-                    hint: 'Try again later or use direct URL',
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-                hint: 'Check internet connection',
-            });
-        }
-    }
-    /**
-     * Discover via .well-known/xbind.
-     *
-     * GET https://domain/.well-known/xbind
-     */
-    async discoverWellKnown(domain) {
-        try {
-            const url = `https://${domain}/.well-known/xbind`;
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `No .well-known/xbind found at ${domain}`,
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Discover via direct URL.
-     */
-    async discoverDirect(url) {
-        try {
-            const response = await fetch(url, {
-                headers: {
-                    'Accept': 'application/json',
-                },
-            });
-            if (!response.ok) {
-                return err({
-                    code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                    message: `Service not found at ${url}`,
-                });
-            }
-            const data = await response.json();
-            return ok(data);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.NETWORK_ERROR,
-                message: error instanceof Error ? error.message : 'Network error',
-            });
-        }
-    }
-    /**
-     * Discover via DNS TXT record.
-     *
-     * Looks up TXT record at _xbind.domain
-     *
-     * Supports two formats:
-     * 1. Full record: "xbind-endpoint=https://...;did=did:web:...;publicKey=..." (all fields in DNS)
-     * 2. Simple redirect: "xbind=https://api.example.com/xbind" (fetch from endpoint)
-     *
-     * Includes 5-minute caching to reduce DNS queries.
-     */
-    async discoverDnsTxt(domain) {
-        // Check cache first (5 minute TTL)
-        const cached = this.dnsCache.get(domain);
-        if (cached && cached.expiry > Date.now()) {
-            return ok(cached.info);
-        }
-        try {
-            const txtRecords = await dns.resolveTxt(`_xbind.${domain}`);
-            // Find xbind record
-            for (const record of txtRecords) {
-                const txt = record.join('');
-                // Format 1: Full record with all fields
-                if (txt.includes('xbind-endpoint=')) {
-                    const parsed = this.parseDnsTxtRecord(txt, domain);
-                    if (parsed.ok) {
-                        // Cache for 5 minutes
-                        this.dnsCache.set(domain, {
-                            info: parsed.value,
-                            expiry: Date.now() + 5 * 60 * 1000,
-                        });
-                        return parsed;
-                    }
-                }
-                // Format 2: Simple redirect to endpoint
-                if (txt.startsWith('xbind=')) {
-                    const endpoint = txt.substring(6);
-                    // Fetch service info from endpoint
-                    const result = await this.discoverDirect(endpoint);
-                    if (result.ok) {
-                        // Cache for 5 minutes
-                        this.dnsCache.set(domain, {
-                            info: result.value,
-                            expiry: Date.now() + 5 * 60 * 1000,
-                        });
-                    }
-                    return result;
-                }
-            }
-            return err({
-                code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                message: `No _xbind TXT record found for ${domain}`,
-                hint: 'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."',
-            });
-        }
-        catch (error) {
-            // Handle DNS-specific errors
-            if (error && typeof error === 'object' && 'code' in error) {
-                const dnsError = error;
-                if (dnsError.code === 'ENOTFOUND' || dnsError.code === 'ENODATA') {
-                    return err({
-                        code: DiscoveryErrorCode.SERVICE_NOT_FOUND,
-                        message: `No DNS TXT record found for _xbind.${domain}`,
-                    });
-                }
-                if (dnsError.code === 'ETIMEOUT') {
-                    return err({
-                        code: DiscoveryErrorCode.DNS_ERROR,
-                        message: 'DNS query timeout',
-                        hint: 'Check network connection or try again',
-                    });
-                }
-            }
-            return err({
-                code: DiscoveryErrorCode.DNS_ERROR,
-                message: error instanceof Error ? error.message : 'DNS lookup failed',
-                hint: 'Check domain name and DNS configuration',
-            });
-        }
-    }
-    /**
-     * Parse DNS TXT record into ServiceInfo.
-     *
-     * Expected format:
-     * xbind-endpoint=https://...;did=did:web:...;publicKey=...;version=1.0
-     *
-     * Optional fields:
-     * x25519PublicKey=...;mlKemPublicKey=...;description=...;logo=...;docs=...
-     */
-    parseDnsTxtRecord(txtRecord, domain) {
-        try {
-            const fields = new Map();
-            // Split by semicolon and parse key=value pairs
-            const parts = txtRecord.split(';').map(p => p.trim()).filter(p => p.length > 0);
-            for (const part of parts) {
-                const eqIndex = part.indexOf('=');
-                if (eqIndex === -1)
-                    continue;
-                const key = part.substring(0, eqIndex).trim();
-                const value = part.substring(eqIndex + 1).trim();
-                fields.set(key, value);
-            }
-            // Validate required fields
-            const endpoint = fields.get('xbind-endpoint');
-            const did = fields.get('did');
-            const publicKey = fields.get('publicKey');
-            if (!endpoint || !did || !publicKey) {
-                return err({
-                    code: DiscoveryErrorCode.INVALID_RESPONSE,
-                    message: 'DNS TXT record missing required fields',
-                    hint: 'Required: xbind-endpoint, did, publicKey',
-                });
-            }
-            // Build ServiceInfo
-            const info = {
-                name: domain,
-                endpoint,
-                did,
-                publicKey,
-            };
-            // Add optional fields
-            if (fields.has('x25519PublicKey')) {
-                info.x25519PublicKey = fields.get('x25519PublicKey');
-            }
-            if (fields.has('mlKemPublicKey')) {
-                info.mlKemPublicKey = fields.get('mlKemPublicKey');
-            }
-            if (fields.has('description')) {
-                info.description = fields.get('description');
-            }
-            if (fields.has('logo')) {
-                info.logo = fields.get('logo');
-            }
-            if (fields.has('docs')) {
-                info.docs = fields.get('docs');
-            }
-            return ok(info);
-        }
-        catch (error) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_RESPONSE,
-                message: error instanceof Error ? error.message : 'Failed to parse DNS TXT record',
-            });
-        }
-    }
-    /**
-     * Discover service via email address.
-     *
-     * Extracts domain from email and performs discovery.
-     * Personal email domains (gmail.com, outlook.com, etc.) are rejected.
-     *
-     * @param email - Email address (e.g., "alice@company.com")
-     * @returns Service info or error
-     *
-     * @example
-     * ```ts
-     * const discovery = new ServiceDiscovery();
-     * const result = await discovery.discoverEmail('alice@company.com');
-     * // Discovers service at company.com
-     * ```
-     */
-    async discoverEmail(email) {
-        // Validate email format
-        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-        if (!emailRegex.test(email)) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_EMAIL,
-                message: `Invalid email format: ${email}`,
-                hint: 'Provide a valid email address (e.g., alice@company.com)',
-            });
-        }
-        // Extract domain (everything after @)
-        const domain = this.extractDomain(email);
-        if (!domain) {
-            return err({
-                code: DiscoveryErrorCode.INVALID_EMAIL,
-                message: `Could not extract domain from email: ${email}`,
-                hint: 'Check email format',
-            });
-        }
-        // Check for personal email domains
-        if (PERSONAL_EMAIL_DOMAINS.has(domain.toLowerCase())) {
-            return err({
-                code: DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,
-                message: `Personal email domains not supported for discovery: ${domain}`,
-                hint: 'Use a corporate email address or provide the company domain directly',
-            });
-        }
-        // Discover using the extracted domain
-        // Try well-known first, then DNS TXT, then registry
-        const wellKnownResult = await this.discoverWellKnown(domain);
-        if (wellKnownResult.ok) {
-            return wellKnownResult;
-        }
-        const dnsTxtResult = await this.discoverDnsTxt(domain);
-        if (dnsTxtResult.ok) {
-            return dnsTxtResult;
-        }
-        // Try registry with domain
-        return this.discoverRegistry(domain);
-    }
-    /**
-     * Extract domain from email address.
-     * Handles edge cases: subdomains, plus addressing, etc.
-     *
-     * @param email - Email address
-     * @returns Domain or null if extraction fails
-     *
-     * @example
-     * ```ts
-     * extractDomain('alice@company.com') // 'company.com'
-     * extractDomain('alice+label@company.com') // 'company.com'
-     * extractDomain('alice@mail.company.com') // 'mail.company.com'
-     * ```
-     */
-    extractDomain(email) {
-        const parts = email.split('@');
-        if (parts.length !== 2 || !parts[1]) {
-            return null;
-        }
-        // Domain is everything after @
-        const domain = parts[1].trim().toLowerCase();
-        // Validate domain has at least one dot and valid characters
-        if (!domain.includes('.') || domain.length < 3) {
-            return null;
-        }
-        // Basic domain validation (alphanumeric, dots, hyphens)
-        const domainRegex = /^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/;
-        if (!domainRegex.test(domain)) {
-            return null;
-        }
-        return domain;
-    }
-}
+import{ok,err}from"./_deps/shared/index.js";import{promises as dns}from"dns";export var DiscoveryErrorCode;!function(e){e.SERVICE_NOT_FOUND="DISCOVERY_SERVICE_NOT_FOUND",e.REGISTRY_UNREACHABLE="DISCOVERY_REGISTRY_UNREACHABLE",e.INVALID_RESPONSE="DISCOVERY_INVALID_RESPONSE",e.NETWORK_ERROR="DISCOVERY_NETWORK_ERROR",e.INVALID_SERVICE_NAME="DISCOVERY_INVALID_SERVICE_NAME",e.DNS_ERROR="DISCOVERY_DNS_ERROR",e.INVALID_EMAIL="DISCOVERY_INVALID_EMAIL",e.PERSONAL_EMAIL_DOMAIN="DISCOVERY_PERSONAL_EMAIL_DOMAIN"}(DiscoveryErrorCode||(DiscoveryErrorCode={}));const PERSONAL_EMAIL_DOMAINS=new Set(["gmail.com","googlemail.com","outlook.com","hotmail.com","live.com","yahoo.com","ymail.com","icloud.com","me.com","secure-email-provider-1.com","secure-email-provider-2.com","aol.com","mail.com","zoho.com","gmx.com","tutanota.com","fastmail.com"]);export class ServiceDiscovery{registryUrl;dnsCache;constructor(e={}){this.registryUrl=e.registryUrl||"https://xbind.registry.io",this.dnsCache=new Map}async discover(e){if(!e||0===e.trim().length)return err({code:DiscoveryErrorCode.INVALID_SERVICE_NAME,message:"Service name cannot be empty",hint:"Provide a service name, domain, email, or URL"});if((e=e.trim()).startsWith("http://")||e.startsWith("https://"))return this.discoverDirect(e);if(e.includes("@")&&!e.includes("/"))return this.discoverEmail(e);if(e.includes(".")&&!e.includes("/")){const r=await this.discoverWellKnown(e);if(r.ok)return r;const o=await this.discoverDnsTxt(e);if(o.ok)return o}return this.discoverRegistry(e)}async discoverRegistry(e){try{const r=`${this.registryUrl}/lookup/${encodeURIComponent(e)}`,o=await fetch(r,{headers:{Accept:"application/json"}});if(404===o.status)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service "${e}" not found in registry`,hint:"Check service name or register at xbind.registry.io"});if(!o.ok)return err({code:DiscoveryErrorCode.REGISTRY_UNREACHABLE,message:`Registry returned ${o.status}`,hint:"Try again later or use direct URL"});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error",hint:"Check internet connection"})}}async discoverWellKnown(e){try{const r=`https://${e}/.well-known/xbind`,o=await fetch(r,{headers:{Accept:"application/json"}});if(!o.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No .well-known/xbind found at ${e}`});const t=await o.json();return ok(t)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDirect(e){try{const r=await fetch(e,{headers:{Accept:"application/json"}});if(!r.ok)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`Service not found at ${e}`});const o=await r.json();return ok(o)}catch(e){return err({code:DiscoveryErrorCode.NETWORK_ERROR,message:e instanceof Error?e.message:"Network error"})}}async discoverDnsTxt(e){const r=this.dnsCache.get(e);if(r&&r.expiry>Date.now())return ok(r.info);try{const r=await dns.resolveTxt(`_xbind.${e}`);for(const o of r){const r=o.join("");if(r.includes("xbind-endpoint=")){const o=this.parseDnsTxtRecord(r,e);if(o.ok)return this.dnsCache.set(e,{info:o.value,expiry:Date.now()+3e5}),o}if(r.startsWith("xbind=")){const o=r.substring(6),t=await this.discoverDirect(o);return t.ok&&this.dnsCache.set(e,{info:t.value,expiry:Date.now()+3e5}),t}}return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No _xbind TXT record found for ${e}`,hint:'Add DNS TXT record: _xbind.example.com IN TXT "xbind-endpoint=https://...;did=did:web:...;publicKey=..."'})}catch(r){if(r&&"object"==typeof r&&"code"in r){const o=r;if("ENOTFOUND"===o.code||"ENODATA"===o.code)return err({code:DiscoveryErrorCode.SERVICE_NOT_FOUND,message:`No DNS TXT record found for _xbind.${e}`});if("ETIMEOUT"===o.code)return err({code:DiscoveryErrorCode.DNS_ERROR,message:"DNS query timeout",hint:"Check network connection or try again"})}return err({code:DiscoveryErrorCode.DNS_ERROR,message:r instanceof Error?r.message:"DNS lookup failed",hint:"Check domain name and DNS configuration"})}}parseDnsTxtRecord(e,r){try{const o=new Map,t=e.split(";").map(e=>e.trim()).filter(e=>e.length>0);for(const e of t){const r=e.indexOf("=");if(-1===r)continue;const t=e.substring(0,r).trim(),i=e.substring(r+1).trim();o.set(t,i)}const i=o.get("xbind-endpoint"),s=o.get("did"),n=o.get("publicKey");if(!i||!s||!n)return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:"DNS TXT record missing required fields",hint:"Required: xbind-endpoint, did, publicKey"});const c={name:r,endpoint:i,did:s,publicKey:n};return o.has("x25519PublicKey")&&(c.x25519PublicKey=o.get("x25519PublicKey")),o.has("mlKemPublicKey")&&(c.mlKemPublicKey=o.get("mlKemPublicKey")),o.has("description")&&(c.description=o.get("description")),o.has("logo")&&(c.logo=o.get("logo")),o.has("docs")&&(c.docs=o.get("docs")),ok(c)}catch(e){return err({code:DiscoveryErrorCode.INVALID_RESPONSE,message:e instanceof Error?e.message:"Failed to parse DNS TXT record"})}}async discoverEmail(e){if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e))return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Invalid email format: ${e}`,hint:"Provide a valid email address (e.g., alice@company.com)"});const r=this.extractDomain(e);if(!r)return err({code:DiscoveryErrorCode.INVALID_EMAIL,message:`Could not extract domain from email: ${e}`,hint:"Check email format"});if(PERSONAL_EMAIL_DOMAINS.has(r.toLowerCase()))return err({code:DiscoveryErrorCode.PERSONAL_EMAIL_DOMAIN,message:`Personal email domains not supported for discovery: ${r}`,hint:"Use a corporate email address or provide the company domain directly"});const o=await this.discoverWellKnown(r);if(o.ok)return o;const t=await this.discoverDnsTxt(r);return t.ok?t:this.discoverRegistry(r)}extractDomain(e){const r=e.split("@");if(2!==r.length||!r[1])return null;const o=r[1].trim().toLowerCase();if(!o.includes(".")||o.length<3)return null;return/^[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+$/.test(o)?o:null}}