@private.me/xbind 3.0.3 → 3.1.0

package/MIGRATING.md

@@ -0,0 +1,205 @@
+# xBind Migration Guide
+
+## 3.0.4 → 3.1.0 (Current)
+
+### Documentation Improvements
+
+**No Breaking Changes** - This is a documentation-only release:
+
+- ✅ **Migration Guide:** Added this MIGRATING.md file with upgrade paths for all versions
+- ✅ **Error Reference:** Comprehensive error code documentation with fixes for common issues
+- ✅ **Security API:** Clarified `security` parameter (official API) vs `payload.risk` (application data)
+- ✅ **Bundled README:** Fixed broken relative links, removed internal tracking codes, consistent PQ examples
+
+**Migration:** Update package version - no code changes required:
+```bash
+npm install @private.me/xbind@3.1.0
+```
+
+---
+
+## 3.0.3 → 3.0.4
+
+### Bug Fixes
+
+**H1 Security Tier Fix:**
+- **Issue:** `agent.send({ security: 'high' })` threw synchronously instead of returning `Result<T,E>`
+- **Fixed:** Now returns `Result` with error code `SPLIT_FAILED:CRYPTO_NOT_LOADED` when crypto package unavailable
+- **Migration:** No code changes required. If you had try-catch around `send()`, you can now use standard Result handling
+
+**Loopback URL Support:**
+- **Issue:** v3.0.3 broke dev/test workflows by rejecting `http://127.0.0.1` and `http://localhost`
+- **Fixed:** RFC 6761 loopback addresses now work without HTTPS requirement
+- **Migration:** No code changes required. Remove any HTTPS workarounds for local development
+
+### Supported Loopback Addresses
+- `http://127.0.0.1` (IPv4 loopback)
+- `http://localhost` (standard hostname)
+- `http://[::1]` or `http://::1` (IPv6 loopback)
+- `http://*.localhost` (RFC 6761 reserved)
+
+---
+
+## 1.x → 3.x (Major Version)
+
+### Breaking Changes
+
+**1. Full Control IP Protection**
+
+v3.x introduced 2-share XorIDA (Store Front + Vault Store) for IP protection:
+
+```typescript
+// v1.x: All crypto bundled in npm package
+npm install @private.me/xbind@1.4.2  // 8MB package
+
+// v3.x: Share 1 in npm, Share 2 payment-gated on EC2
+npm install @private.me/xbind@3.1.0  // 1.2MB package
+// Share 2 auto-fetched with billing OR set FULL_CONTROL_MASTER_KEY
+```
+
+**Migration:**
+- **No code changes** if you have active billing (Share 2 auto-fetched)
+- **For offline/dev:** Set `FULL_CONTROL_MASTER_KEY` environment variable (contact contact@private.me for key)
+
+**2. Result<T,E> Error Handling**
+
+All APIs now return `Result<T,E>` instead of throwing:
+
+```typescript
+// v1.x: Exception-based
+try {
+  const agent = await Agent.create({ ... });
+  await agent.send({ ... });
+} catch (error) {
+  console.error('Failed:', error);
+}
+
+// v3.x: Result-based
+const agentResult = await Agent.create({ ... });
+if (!agentResult.ok) {
+  console.error('Agent creation failed:', agentResult.error);
+  return;
+}
+
+const agent = agentResult.value;
+const sendResult = await agent.send({ ... });
+if (!sendResult.ok) {
+  console.error('Send failed:', sendResult.error);
+}
+```
+
+**3. Security Tier API**
+
+Explicit `security` parameter for split-channel:
+
+```typescript
+// v1.x: Implicit/auto-detection
+await agent.send({
+  to: recipientDid,
+  payload: { sensitive: true }
+});
+
+// v3.x: Explicit security parameter
+await agent.send({
+  to: recipientDid,
+  security: 'high',  // 2-of-3 threshold
+  payload: { sensitive: true }
+});
+```
+
+Options: `'standard'` (default), `'high'` (2-of-3), `'critical'` (3-of-5)
+
+**4. Transport Configuration**
+
+v3.x requires explicit transport configuration:
+
+```typescript
+// v1.x: Auto-configured
+const agent = await Agent.create({ name: 'MyAgent' });
+
+// v3.x: Explicit transport
+import { HttpsTransportAdapter } from '@private.me/xbind';
+
+const agent = await Agent.create({
+  name: 'MyAgent',
+  transport: new HttpsTransportAdapter({
+    baseUrl: 'https://private.me/relay'
+  })
+});
+```
+
+---
+
+## Common Migration Issues
+
+### Issue: npm install silently downgrades version
+
+**Symptom:** Running `npm install @private.me/xbind@latest` after local `file:` testing uninstalls xBind
+
+**Cause:** npm's `file:` protocol creates a local package reference that persists across installs
+
+**Fix:**
+```bash
+# Remove cached local reference
+npm uninstall @private.me/xbind
+rm -rf node_modules/@private.me
+rm package-lock.json
+
+# Clean install from registry
+npm install @private.me/xbind@3.1.0
+```
+
+### Issue: ENVELOPE_FAILED:SPLIT error
+
+**Symptom:** `security:'high'` or `security:'critical'` returns `ENVELOPE_FAILED:SPLIT`
+
+**Cause:** Split-channel requires 3+ transports for `'high'`, 5+ for `'critical'`
+
+**Fix:**
+```typescript
+// Add multiple transports
+const agent = await Agent.create({
+  name: 'MyAgent',
+  transport: new HttpsTransportAdapter({ baseUrl: 'https://relay1.private.me' }),
+  // OR use quickstart which auto-configures transports
+});
+
+// Add more transports after creation
+agent.addTransport(new HttpsTransportAdapter({ baseUrl: 'https://relay2.private.me' }));
+agent.addTransport(new HttpsTransportAdapter({ baseUrl: 'https://relay3.private.me' }));
+
+// Now 'high' security will work
+const result = await agent.send({
+  to: recipientDid,
+  security: 'high',
+  payload: { message: 'Secured' }
+});
+```
+
+### Issue: IDENTITY_FAILED:VAULT_STORE error
+
+**Symptom:** Agent creation fails with `IDENTITY_FAILED:VAULT_STORE`
+
+**Cause:** Share 2 (Vault Store) unavailable - no billing and no `FULL_CONTROL_MASTER_KEY`
+
+**Fix (Production):**
+- Ensure billing is active (free tier: 100K ops/month)
+- Check internet connectivity
+
+**Fix (Development/Offline):**
+```bash
+# Add to .env
+FULL_CONTROL_MASTER_KEY=<your-key>
+
+# Contact contact@private.me for development key
+```
+
+---
+
+## Support
+
+- **Documentation:** https://private.me/docs/xbind.html
+- **npm:** https://www.npmjs.com/package/@private.me/xbind
+- **Email:** contact@private.me
+
+For enterprise migration assistance, contact contact@private.me

package/README.md

@@ -1,7 +1,7 @@
 # @private.me/xbind
 
 ![npm version](https://img.shields.io/npm/v/@private.me/xbind)
-![version](https://img.shields.io/badge/version-3.0.3-blue)
+![version](https://img.shields.io/badge/version-3.1.0-blue)
 ![tests](https://img.shields.io/badge/tests-2951%20passing-brightgreen)
 ![TypeScript](https://img.shields.io/badge/TypeScript-strict-blue)
 ![license](https://img.shields.io/badge/license-Proprietary-blue)
@@ -12,7 +12,7 @@ Build AI agents that communicate securely using ML-DSA-65 DID identity, ML-KEM-7
 
 Part of the **Private.Me** platform—where APIs have keys, but ACIs have identity.
 
-**Version 3.0.3** — **Major Features:** LoopbackTransport export for testing (GAP-CORE-2), describeSecurityModeStructured export (GAP-API-3), Agent.quickstart() signature fixes. Full Control IP Protection (PLAN-13) - Vault Store architecture with payment-gated algorithm delivery. Store Front (npm) contains Share 1 only, Vault Store (EC2) contains Share 2 (payment-gated). Runtime crypto loading, 4-layer security (DID auth + usage quotas + rate limiting + audit logging). Usage-based model: Free tier 100K ops/month (includes vault access), Pro tier unlimited. Previous v3.0.2: Full Control IP Protection launch. Previous v1.4.2: Runtime compatibility, API enhancements.
+**Version 3.1.0** — **Documentation Improvements:** Migration guide (MIGRATING.md), comprehensive error reference, security API clarification, fixed all bundled README issues. **Bug Fixes (v3.0.4):** H1 security tier fix (security:'high'|'critical' now returns Result instead of throwing), loopback URL support restored (http://127.0.0.1 for dev/test workflows), deployment health endpoint added. Full Control IP Protection - Vault Store architecture with payment-gated algorithm delivery. Store Front (npm) contains Share 1 only, Vault Store (EC2) contains Share 2 (payment-gated). Runtime crypto loading, 4-layer security (DID auth + usage quotas + rate limiting + audit logging). Usage-based model: Free tier 100K ops/month (includes vault access), Pro tier unlimited. Previous v3.0.3: LoopbackTransport export, describeSecurityModeStructured export, Agent.quickstart() fixes. Previous v3.0.2: Full Control IP Protection launch.
 
 ## Install
 
@@ -26,7 +26,7 @@ pip install private-me-xbind
 
 **Distribution Model:** xBind uses Full Control IP protection (2-share XorIDA). Share 1 (Store Front) is distributed via npm registry. Share 2 (Vault Store) is served via `/api/full-control/share2/:package/:version` and requires payment verification and xBind authentication.
 
-[Python SDK documentation](./python/README.md) • [Complete docs](./docs/README.md) • [White paper](https://private.me/docs/xbind.html)
+[Migration Guide](./MIGRATING.md) • [Python SDK](https://pypi.org/project/private-me-xbind/) • [White paper](https://private.me/docs/xbind.html) • [npm](https://www.npmjs.com/package/@private.me/xbind)
 
 ## Security Notice
 
@@ -106,7 +106,7 @@ const seed = await getSeed();
 const result = await Agent.fromSeed(Buffer.from(seed, 'hex'), {
   registry: new HttpTrustRegistry({ baseUrl: 'https://private.me/registry' }),
   transport: new HttpsTransportAdapter({ baseUrl: 'https://private.me/relay' }),
-  postQuantumSig: false
+  postQuantumSig: true  // ML-DSA-65 post-quantum signatures (default)
 });
 
 if (!result.ok) {
@@ -136,7 +136,7 @@ if (!seed) throw new Error('Seed not found in credential store');
 const result = await Agent.fromSeed(Buffer.from(seed, 'hex'), {
   registry: new HttpTrustRegistry({ baseUrl: 'https://private.me/registry' }),
   transport: new HttpsTransportAdapter({ baseUrl: 'https://private.me/relay' }),
-  postQuantumSig: false
+  postQuantumSig: true  // ML-DSA-65 post-quantum signatures (default)
 });
 
 if (!result.ok) {
@@ -165,7 +165,7 @@ if (!seed) throw new Error('Seed not found in Secret Service');
 const result = await Agent.fromSeed(Buffer.from(seed, 'hex'), {
   registry: new HttpTrustRegistry({ baseUrl: 'https://private.me/registry' }),
   transport: new HttpsTransportAdapter({ baseUrl: 'https://private.me/relay' }),
-  postQuantumSig: false
+  postQuantumSig: true  // ML-DSA-65 post-quantum signatures (default)
 });
 
 if (!result.ok) {
@@ -211,7 +211,7 @@ const decryptedSeed = await kms.send(new DecryptCommand({
 const result = await Agent.fromSeed(Buffer.from(decryptedSeed.Plaintext), {
   registry: new HttpTrustRegistry({ baseUrl: 'https://private.me/registry' }),
   transport: new HttpsTransportAdapter({ baseUrl: 'https://private.me/relay' }),
-  postQuantumSig: false
+  postQuantumSig: true  // ML-DSA-65 post-quantum signatures (default)
 });
 
 if (!result.ok) {
@@ -543,7 +543,7 @@ console.log('Scope:', message.scope);
 
 **JITR (Just-in-Time Registration):** Agents created with `Agent.fromSeed()` automatically register with the trust registry on first use. No manual registration scripts required. Includes all encryption keys (Ed25519, X25519, ML-KEM, ML-DSA) for zero-config encrypted messaging.
 
-[More examples](./docs/examples.md) • [Python examples](./python/README.md)
+[White paper](https://private.me/docs/xbind.html) • [Python SDK](https://pypi.org/project/private-me-xbind/)
 
 ## Programmatic Quickstart
 
@@ -622,7 +622,7 @@ Transport type: HttpsTransportAdapter
 - Exceeding 100K operations/month
 - Accessing production features
 
-[More examples](./docs/examples.md) • [Python examples](./python/README.md)
+[White paper](https://private.me/docs/xbind.html) • [Python SDK](https://pypi.org/project/private-me-xbind/)
 
 ## Post-Quantum Cryptography & Envelopes
 
@@ -1684,7 +1684,7 @@ else:
     print(f"Error: {result['error']['message']}")
 ```
 
-See [Python SDK documentation](./python/README.md) for complete API reference and examples.
+See [Python SDK on PyPI](https://pypi.org/project/private-me-xbind/) for complete API reference and examples.
 
 ## Why xBind?
 
@@ -1768,11 +1768,11 @@ Zero key management, zero cascade failures, zero bearer credentials. Cryptograph
 - **End-to-end integration:** Full message flow tests (Agent A → Gateway → Agent B)
 - **Gateway concurrency:** 100 concurrent sends, race condition detection
 - **Network partition recovery:** Disconnect/reconnect cycles with retry logic
-- **PLAN-3 hybrid signatures:** Bilateral authorization with composite verification
+- **Hybrid signatures:** Bilateral authorization with composite verification
 
 ## Bundle Size Optimization (Tree-Shaking)
 
-**New in v3.0.3:** LoopbackTransport export (testing workflow), describeSecurityModeStructured export (white paper examples), Agent.quickstart() signature fixes (README correctness). Full Control IP Protection (v3.0.2) - cryptographic algorithms delivered via payment-gated Vault Store. Share 1 in npm (useless alone), Share 2 in EC2 (completes algorithm). Information-theoretic security for proprietary IP.
+**New in v3.1.0:** Documentation improvements - Migration guide (MIGRATING.md), comprehensive error reference section, security API clarification (security parameter vs payload.risk), fixed all customer-reported README issues (broken links, tracking codes, PQ example consistency). Previous v3.0.4: Bug fixes - H1 security tier fix, loopback URL support, deployment health endpoint. Full Control IP Protection (v3.0.2) - cryptographic algorithms delivered via payment-gated Vault Store. Share 1 in npm (useless alone), Share 2 in EC2 (completes algorithm). Information-theoretic security for proprietary IP.
 
 ### Full Import (Convenience)
 
@@ -1810,36 +1810,35 @@ import { generateIdentity } from '@private.me/xbind/identity';
 
 xBind automatically activates information-theoretic XorIDA threshold sharing for high-risk operations. No code changes required—security is transparent.
 
-### Risk Tags (Recommended for Crypto)
+### Security Tiers (Official API)
 
-For cryptocurrency transactions (BTC, ETH, etc.), use explicit risk tags in your payload:
+**Use the `security` parameter to control split-channel protection level:**
 
 ```typescript
-// Low risk: 2-of-2 threshold
+// Standard: Single-channel delivery (default, fastest)
 await agent.send({
   to: recipientDid,
-  payload: { amount: 0.5, currency: 'BTC', risk: 'low' }
+  security: 'standard',  // Default, no split-channel
+  payload: { amount: 0.5, currency: 'BTC' }
 });
 
-// Medium risk: 2-of-3 threshold
+// High: 2-of-3 threshold sharing (recommended for crypto)
 await agent.send({
   to: recipientDid,
-  payload: { amount: 5.0, currency: 'ETH', risk: 'medium' }
+  security: 'high',  // Requires 3+ transports
+  payload: { amount: 50, currency: 'BTC' }
 });
 
-// High risk: 3-of-5 threshold
+// Critical: 3-of-5 threshold sharing (maximum security)
 await agent.send({
   to: recipientDid,
-  payload: { amount: 50, currency: 'BTC', risk: 'high' }
-});
-
-// Critical risk: 3-of-5 threshold
-await agent.send({
-  to: recipientDid,
-  payload: { amount: 100, currency: 'BTC', risk: 'critical' }
+  security: 'critical',  // Requires 5+ transports
+  payload: { amount: 100, currency: 'BTC' }
 });
 ```
 
+**Note:** The `security` parameter controls xBind's cryptographic protection. Application-level risk assessment (like `payload.risk`) is separate from xBind's security tier and has no effect on split-channel behavior.
+
 ### Fiat Currency Auto-Detection
 
 For fiat currencies (USD, EUR, GBP), xBind uses numeric thresholds:
@@ -2739,7 +2738,7 @@ await registry.register(
   mlDsaPublicKey,
   true, // xchange enabled
   ['billing', 'auth'], // receive scopes
-  '3.0.3', // SDK version
+  '3.0.4', // SDK version
   1, // minEnvelopeVersion
   4  // maxEnvelopeVersion
 );
@@ -2948,6 +2947,70 @@ const received = await bob.receive(envelope);
 - CI/CD pipelines that need fast, deterministic tests
 - Integration testing of multi-agent workflows
 
+## Error Reference
+
+xBind returns detailed error codes via `Result<T,E>` pattern. All errors follow the format `CATEGORY:SUBCODE` for precise diagnostics.
+
+### Common Errors
+
+**ENVELOPE_FAILED Family** - Message envelope creation/processing failures:
+
+- `ENVELOPE_FAILED:SPLIT` - Split-channel requires 3+ transports. **Fix:** Add more transports to your agent configuration OR disable split-channel (use `security:'standard'` instead of `'high'`/`'critical'`)
+- `ENVELOPE_FAILED:SIGNATURE` - Message signing failed (corrupted keys or invalid DID)
+- `ENVELOPE_FAILED:ENCRYPTION` - Key agreement or encryption failed
+
+**IDENTITY_FAILED Family** - Agent identity/key issues:
+
+- `IDENTITY_FAILED:KEYGEN` - Cryptographic key generation failed
+- `IDENTITY_FAILED:VAULT_STORE` - Share 2 (Vault Store) unavailable. **Fix:** Check internet connectivity, verify billing status, or set `FULL_CONTROL_MASTER_KEY` environment variable for offline mode
+- `SPLIT_FAILED:CRYPTO_NOT_LOADED` - Crypto package not loaded (missing Share 2). **Fix:** Ensure `loadCryptoPackage()` is called OR billing is active for automatic Vault Store access
+
+**Network/Transport Errors:**
+
+- `RECIPIENT_UNREACHABLE` - Unable to deliver message to recipient DID
+- `TIMEOUT` - Network operation exceeded timeout threshold (default: 10s)
+- `NETWORK_ERROR` - General network failure (DNS, connection refused, etc.)
+- `HTTPS_REQUIRED` - Non-loopback HTTP URL rejected (security policy). **Fix:** Use HTTPS URLs for production OR use loopback addresses (127.0.0.1, localhost, ::1) for development
+
+**Registry Errors:**
+
+- `REGISTRATION_FAILED:ALREADY_REGISTERED` - DID already exists in trust registry
+- `REGISTRATION_FAILED:NETWORK_ERROR` - Registry unreachable or network failure
+- `RESOLVE_FAILED:NOT_FOUND` - Recipient DID not found in trust registry
+
+### Error Handling Example
+
+```typescript
+const result = await agent.send({
+  to: recipientDid,
+  security: 'high',  // Requires 3+ transports
+  payload: { message: 'Hello' }
+});
+
+if (!result.ok) {
+  switch (result.error) {
+    case 'ENVELOPE_FAILED:SPLIT':
+      console.error('Need 3+ transports for high security. Add more transports or use security:"standard"');
+      break;
+    case 'IDENTITY_FAILED:VAULT_STORE':
+      console.error('Vault Store unavailable. Check billing or set FULL_CONTROL_MASTER_KEY');
+      break;
+    case 'RECIPIENT_UNREACHABLE':
+      console.error('Cannot reach recipient. Check DID and network connectivity');
+      break;
+    default:
+      console.error('Send failed:', result.error);
+  }
+}
+```
+
+### Debugging Tips
+
+1. **Split-channel errors:** Ensure `agent.transports.length >= 3` before using `security:'high'` or `'critical'`
+2. **Vault Store errors:** Check `.env` for `FULL_CONTROL_MASTER_KEY` (offline mode) or verify billing status (online mode)
+3. **Network errors:** Enable debug logging with `DEBUG=xbind:* npm start`
+4. **Type safety:** Use TypeScript for autocomplete on all error codes
+
 ## Full Control IP Protection
 
 xBind uses **Full Control** (2-share XorIDA) to protect proprietary cryptographic algorithms while maintaining a seamless developer experience.
@@ -3138,7 +3201,7 @@ This package contains cryptographic software. Export restrictions may apply. Use
 
 ---
 
-**Questions?** [Documentation](./docs/README.md) • [White paper](https://private.me/docs/xbind.html) • [Issues](https://github.com/xail-io/xail/issues)
+**Questions?** [White paper](https://private.me/docs/xbind.html) • [npm](https://www.npmjs.com/package/@private.me/xbind) • contact@private.me
 
 ### Stream Processing Utilities
 

package/dist-standalone/cjs/split-channel.js

@@ -1 +1 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DEFAULT_SPLIT_CONFIG=void 0,exports.splitForChannel=splitForChannel,exports.splitForChannelWithGroupId=splitForChannelWithGroupId,exports.reconstructFromChannel=reconstructFromChannel;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");async function splitForChannel(r,t=exports.DEFAULT_SPLIT_CONFIG){const{totalShares:e,threshold:s}=t;if(e<2||s<2||s>e)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");return splitForChannelWithGroupId(r,t,(0,crypto_utils_js_1.generateUUID)())}async function splitForChannelWithGroupId(r,t,e){const{totalShares:s,threshold:_}=t;if(s<2||_<2||_>s)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");const o=(0,crypto_utils_js_1.nextOddPrime)(s)-1,a=(0,crypto_utils_js_1.pkcs7Pad)(r,o),{key:n,signature:i}=await(0,crypto_utils_js_1.generateHMAC)(a);let c;try{c=(0,crypto_utils_js_1.splitXorIDA)(a,s,_)}catch{return(0,shared_1.err)("SPLIT_FAILED")}const u=(0,crypto_utils_js_1.toBase64)(n),l=(0,crypto_utils_js_1.toBase64)(i),d=c.map((r,t)=>({data:(0,crypto_utils_js_1.formatShareHeader)((0,crypto_utils_js_1.toBase64)(r)),index:t,total:s,threshold:_,groupId:e,hmacKey:u,hmacSig:l}));return(0,shared_1.ok)(d)}async function reconstructFromChannel(r){const t=validateShares(r);if(!t.ok)return t;const{k:e,n:s}=t.value;return reconstructValidated(r.slice(0,e),s,e)}function validateShares(r){if(0===r.length)return(0,shared_1.err)("INSUFFICIENT_SHARES");const t=r[0],e=t.threshold,s=t.total;if(r.length<e)return(0,shared_1.err)("INSUFFICIENT_SHARES");const _=new Set;for(const o of r){if(o.groupId!==t.groupId)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.total!==s||o.threshold!==e)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.index<0||o.index>=s)return(0,shared_1.err)("INVALID_SHARE_DATA");if(_.has(o.index))return(0,shared_1.err)("INVALID_SHARE_DATA");_.add(o.index)}return(0,shared_1.ok)({k:e,n:s,groupId:t.groupId})}async function reconstructValidated(r,t,e){let s;try{s=r.map(r=>(0,crypto_utils_js_1.fromBase64)((0,crypto_utils_js_1.parseShareHeader)(r.data)))}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:BASE64")}const _=r.map(r=>r.index);let o;try{o=(0,crypto_utils_js_1.reconstructXorIDA)(s,_,t,e)}catch{return(0,shared_1.err)("SPLIT_FAILED:RECONSTRUCT")}const a=r[0];let n,i;try{n=(0,crypto_utils_js_1.fromBase64)(a.hmacKey),i=(0,crypto_utils_js_1.fromBase64)(a.hmacSig)}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:HMAC_DECODE")}if(!await(0,crypto_utils_js_1.verifyHMAC)(n,o,i))return(0,shared_1.err)("HMAC_VERIFICATION_FAILED");const c=(0,crypto_utils_js_1.nextOddPrime)(t)-1,u=(0,crypto_utils_js_1.pkcs7Unpad)(o,c);return u.ok?(0,shared_1.ok)(u.value):(0,shared_1.err)("UNPAD_FAILED")}exports.DEFAULT_SPLIT_CONFIG={totalShares:3,threshold:2};
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DEFAULT_SPLIT_CONFIG=void 0,exports.splitForChannel=splitForChannel,exports.splitForChannelWithGroupId=splitForChannelWithGroupId,exports.reconstructFromChannel=reconstructFromChannel;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");async function splitForChannel(r,t=exports.DEFAULT_SPLIT_CONFIG){const{totalShares:e,threshold:s}=t;if(e<2||s<2||s>e)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");return splitForChannelWithGroupId(r,t,(0,crypto_utils_js_1.generateUUID)())}async function splitForChannelWithGroupId(r,t,e){const{totalShares:s,threshold:_}=t;if(s<2||_<2||_>s)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");let o,a,n;try{const t=(0,crypto_utils_js_1.nextOddPrime)(s)-1,e=(0,crypto_utils_js_1.pkcs7Pad)(r,t),i=await(0,crypto_utils_js_1.generateHMAC)(e);a=i.key,n=i.signature,o=(0,crypto_utils_js_1.splitXorIDA)(e,s,_)}catch(r){return(0,shared_1.err)("SPLIT_FAILED:CRYPTO_NOT_LOADED")}const i=(0,crypto_utils_js_1.toBase64)(a),c=(0,crypto_utils_js_1.toBase64)(n),u=o.map((r,t)=>({data:(0,crypto_utils_js_1.formatShareHeader)((0,crypto_utils_js_1.toBase64)(r)),index:t,total:s,threshold:_,groupId:e,hmacKey:i,hmacSig:c}));return(0,shared_1.ok)(u)}async function reconstructFromChannel(r){const t=validateShares(r);if(!t.ok)return t;const{k:e,n:s}=t.value;return reconstructValidated(r.slice(0,e),s,e)}function validateShares(r){if(0===r.length)return(0,shared_1.err)("INSUFFICIENT_SHARES");const t=r[0],e=t.threshold,s=t.total;if(r.length<e)return(0,shared_1.err)("INSUFFICIENT_SHARES");const _=new Set;for(const o of r){if(o.groupId!==t.groupId)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.total!==s||o.threshold!==e)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.index<0||o.index>=s)return(0,shared_1.err)("INVALID_SHARE_DATA");if(_.has(o.index))return(0,shared_1.err)("INVALID_SHARE_DATA");_.add(o.index)}return(0,shared_1.ok)({k:e,n:s,groupId:t.groupId})}async function reconstructValidated(r,t,e){let s;try{s=r.map(r=>(0,crypto_utils_js_1.fromBase64)((0,crypto_utils_js_1.parseShareHeader)(r.data)))}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:BASE64")}const _=r.map(r=>r.index),o=r[0];let a,n;try{a=(0,crypto_utils_js_1.fromBase64)(o.hmacKey),n=(0,crypto_utils_js_1.fromBase64)(o.hmacSig)}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:HMAC_DECODE")}try{const r=(0,crypto_utils_js_1.reconstructXorIDA)(s,_,t,e);if(!await(0,crypto_utils_js_1.verifyHMAC)(a,r,n))return(0,shared_1.err)("HMAC_VERIFICATION_FAILED");const o=(0,crypto_utils_js_1.nextOddPrime)(t)-1,i=(0,crypto_utils_js_1.pkcs7Unpad)(r,o);return i.ok?(0,shared_1.ok)(i.value):(0,shared_1.err)("UNPAD_FAILED")}catch(r){return(0,shared_1.err)("SPLIT_FAILED:CRYPTO_NOT_LOADED")}}exports.DEFAULT_SPLIT_CONFIG={totalShares:3,threshold:2};

package/dist-standalone/cjs/transport.js

@@ -1 +1 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.HttpsTransportAdapter=void 0;const shared_1=require("../_deps/shared/index.js");class HttpsTransportAdapter{baseUrl;timeoutMs;fetchFn;handlers=[];constructor(t){if(!t.baseUrl||"string"!=typeof t.baseUrl)throw new TypeError("HttpsTransportOptions.baseUrl is required and must be a string");if(0===t.baseUrl.trim().length)throw new TypeError("HttpsTransportOptions.baseUrl cannot be empty");try{if("https:"!==new URL(t.baseUrl).protocol)throw new TypeError("HttpsTransportOptions.baseUrl must use HTTPS protocol")}catch(r){if(r instanceof TypeError&&r.message.includes("HTTPS protocol"))throw r;throw new TypeError(`HttpsTransportOptions.baseUrl is not a valid URL: ${t.baseUrl}`)}this.baseUrl=t.baseUrl.replace(/\/$/,""),this.timeoutMs=t.timeoutMs??1e4,this.fetchFn=t.fetch??globalThis.fetch.bind(globalThis)}async send(t,r){const e=`${this.baseUrl}/deliver/${encodeURIComponent(r)}`;try{const r=new AbortController,s=setTimeout(()=>r.abort(),this.timeoutMs),o=await this.fetchFn(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),signal:r.signal});return clearTimeout(s),o.ok?(0,shared_1.ok)(void 0):(0,shared_1.err)(404===o.status?"RECIPIENT_UNREACHABLE":"SEND_FAILED")}catch(t){return t instanceof DOMException&&"AbortError"===t.name?(0,shared_1.err)("TIMEOUT"):(0,shared_1.err)("NETWORK_ERROR")}}onReceive(t){this.handlers.push(t)}dispatch(t){for(const r of this.handlers)r(t)}dispose(){this.handlers=[]}}exports.HttpsTransportAdapter=HttpsTransportAdapter;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.HttpsTransportAdapter=void 0;const shared_1=require("../_deps/shared/index.js");class HttpsTransportAdapter{baseUrl;timeoutMs;fetchFn;handlers=[];constructor(t){if(!t.baseUrl||"string"!=typeof t.baseUrl)throw new TypeError("HttpsTransportOptions.baseUrl is required and must be a string");if(0===t.baseUrl.trim().length)throw new TypeError("HttpsTransportOptions.baseUrl cannot be empty");this.baseUrl=t.baseUrl.replace(/\/$/,""),this.timeoutMs=t.timeoutMs??1e4,this.fetchFn=t.fetch??globalThis.fetch.bind(globalThis)}async send(t,e){try{const t=new URL(this.baseUrl),e=t.hostname.toLowerCase(),r="127.0.0.1"===e||"localhost"===e||"[::1]"===e||"::1"===e||e.startsWith("127.")||e.endsWith(".localhost");if("https:"!==t.protocol&&!r)return(0,shared_1.err)("HTTPS_REQUIRED")}catch{return(0,shared_1.err)("INVALID_URL")}const r=`${this.baseUrl}/deliver/${encodeURIComponent(e)}`;try{const e=new AbortController,s=setTimeout(()=>e.abort(),this.timeoutMs),o=await this.fetchFn(r,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),signal:e.signal});return clearTimeout(s),o.ok?(0,shared_1.ok)(void 0):(0,shared_1.err)(404===o.status?"RECIPIENT_UNREACHABLE":"SEND_FAILED")}catch(t){return t instanceof DOMException&&"AbortError"===t.name?(0,shared_1.err)("TIMEOUT"):(0,shared_1.err)("NETWORK_ERROR")}}onReceive(t){this.handlers.push(t)}dispatch(t){for(const e of this.handlers)e(t)}dispose(){this.handlers=[]}}exports.HttpsTransportAdapter=HttpsTransportAdapter;

package/dist-standalone/split-channel.d.ts

@@ -35,7 +35,7 @@ export interface ChannelShare {
     readonly hmacSig: string;
 }
 /** Error codes for split-channel operations. Sub-codes give context. */
-export type SplitChannelError = 'SPLIT_FAILED' | 'SPLIT_FAILED:INVALID_PARAMS' | 'SPLIT_FAILED:RECONSTRUCT' | 'INSUFFICIENT_SHARES' | 'INCONSISTENT_SHARES' | 'HMAC_VERIFICATION_FAILED' | 'UNPAD_FAILED' | 'INVALID_SHARE_DATA' | 'INVALID_SHARE_DATA:BASE64' | 'INVALID_SHARE_DATA:HMAC_DECODE';
+export type SplitChannelError = 'SPLIT_FAILED' | 'SPLIT_FAILED:INVALID_PARAMS' | 'SPLIT_FAILED:RECONSTRUCT' | 'SPLIT_FAILED:CRYPTO_NOT_LOADED' | 'INSUFFICIENT_SHARES' | 'INCONSISTENT_SHARES' | 'HMAC_VERIFICATION_FAILED' | 'UNPAD_FAILED' | 'INVALID_SHARE_DATA' | 'INVALID_SHARE_DATA:BASE64' | 'INVALID_SHARE_DATA:HMAC_DECODE';
 /** Default split-channel configuration: 3 shares, threshold 2. */
 export declare const DEFAULT_SPLIT_CONFIG: SplitChannelConfig;
 /**

package/dist-standalone/split-channel.js

@@ -1 +1 @@
-import{ok,err}from"./_deps/shared/index.js";import{splitXorIDA,reconstructXorIDA,nextOddPrime,pkcs7Pad,pkcs7Unpad,generateHMAC,verifyHMAC,toBase64,fromBase64,generateUUID,formatShareHeader,parseShareHeader}from"./crypto-utils.js";export const DEFAULT_SPLIT_CONFIG={totalShares:3,threshold:2};export async function splitForChannel(r,e=DEFAULT_SPLIT_CONFIG){const{totalShares:t,threshold:n}=e;if(t<2||n<2||n>t)return err("SPLIT_FAILED:INVALID_PARAMS");return splitForChannelWithGroupId(r,e,generateUUID())}export async function splitForChannelWithGroupId(r,e,t){const{totalShares:n,threshold:a}=e;if(n<2||a<2||a>n)return err("SPLIT_FAILED:INVALID_PARAMS");const o=nextOddPrime(n),s=pkcs7Pad(r,o-1),{key:I,signature:c}=await generateHMAC(s);let i;try{i=splitXorIDA(s,n,a)}catch{return err("SPLIT_FAILED")}const A=toBase64(I),d=toBase64(c),u=i.map((r,e)=>({data:formatShareHeader(toBase64(r)),index:e,total:n,threshold:a,groupId:t,hmacKey:A,hmacSig:d}));return ok(u)}export async function reconstructFromChannel(r){const e=validateShares(r);if(!e.ok)return e;const{k:t,n:n}=e.value;return reconstructValidated(r.slice(0,t),n,t)}function validateShares(r){if(0===r.length)return err("INSUFFICIENT_SHARES");const e=r[0],t=e.threshold,n=e.total;if(r.length<t)return err("INSUFFICIENT_SHARES");const a=new Set;for(const o of r){if(o.groupId!==e.groupId)return err("INCONSISTENT_SHARES");if(o.total!==n||o.threshold!==t)return err("INCONSISTENT_SHARES");if(o.index<0||o.index>=n)return err("INVALID_SHARE_DATA");if(a.has(o.index))return err("INVALID_SHARE_DATA");a.add(o.index)}return ok({k:t,n:n,groupId:e.groupId})}async function reconstructValidated(r,e,t){let n;try{n=r.map(r=>fromBase64(parseShareHeader(r.data)))}catch{return err("INVALID_SHARE_DATA:BASE64")}const a=r.map(r=>r.index);let o;try{o=reconstructXorIDA(n,a,e,t)}catch{return err("SPLIT_FAILED:RECONSTRUCT")}const s=r[0];let I,c;try{I=fromBase64(s.hmacKey),c=fromBase64(s.hmacSig)}catch{return err("INVALID_SHARE_DATA:HMAC_DECODE")}if(!await verifyHMAC(I,o,c))return err("HMAC_VERIFICATION_FAILED");const i=nextOddPrime(e),A=pkcs7Unpad(o,i-1);return A.ok?ok(A.value):err("UNPAD_FAILED")}
+import{ok,err}from"./_deps/shared/index.js";import{splitXorIDA,reconstructXorIDA,nextOddPrime,pkcs7Pad,pkcs7Unpad,generateHMAC,verifyHMAC,toBase64,fromBase64,generateUUID,formatShareHeader,parseShareHeader}from"./crypto-utils.js";export const DEFAULT_SPLIT_CONFIG={totalShares:3,threshold:2};export async function splitForChannel(r,e=DEFAULT_SPLIT_CONFIG){const{totalShares:t,threshold:n}=e;if(t<2||n<2||n>t)return err("SPLIT_FAILED:INVALID_PARAMS");return splitForChannelWithGroupId(r,e,generateUUID())}export async function splitForChannelWithGroupId(r,e,t){const{totalShares:n,threshold:a}=e;if(n<2||a<2||a>n)return err("SPLIT_FAILED:INVALID_PARAMS");let o,s,I;try{const e=nextOddPrime(n),t=pkcs7Pad(r,e-1),c=await generateHMAC(t);s=c.key,I=c.signature,o=splitXorIDA(t,n,a)}catch(r){return err("SPLIT_FAILED:CRYPTO_NOT_LOADED")}const c=toBase64(s),A=toBase64(I),i=o.map((r,e)=>({data:formatShareHeader(toBase64(r)),index:e,total:n,threshold:a,groupId:t,hmacKey:c,hmacSig:A}));return ok(i)}export async function reconstructFromChannel(r){const e=validateShares(r);if(!e.ok)return e;const{k:t,n:n}=e.value;return reconstructValidated(r.slice(0,t),n,t)}function validateShares(r){if(0===r.length)return err("INSUFFICIENT_SHARES");const e=r[0],t=e.threshold,n=e.total;if(r.length<t)return err("INSUFFICIENT_SHARES");const a=new Set;for(const o of r){if(o.groupId!==e.groupId)return err("INCONSISTENT_SHARES");if(o.total!==n||o.threshold!==t)return err("INCONSISTENT_SHARES");if(o.index<0||o.index>=n)return err("INVALID_SHARE_DATA");if(a.has(o.index))return err("INVALID_SHARE_DATA");a.add(o.index)}return ok({k:t,n:n,groupId:e.groupId})}async function reconstructValidated(r,e,t){let n;try{n=r.map(r=>fromBase64(parseShareHeader(r.data)))}catch{return err("INVALID_SHARE_DATA:BASE64")}const a=r.map(r=>r.index),o=r[0];let s,I;try{s=fromBase64(o.hmacKey),I=fromBase64(o.hmacSig)}catch{return err("INVALID_SHARE_DATA:HMAC_DECODE")}try{const r=reconstructXorIDA(n,a,e,t);if(!await verifyHMAC(s,r,I))return err("HMAC_VERIFICATION_FAILED");const o=nextOddPrime(e),c=pkcs7Unpad(r,o-1);return c.ok?ok(c.value):err("UNPAD_FAILED")}catch(r){return err("SPLIT_FAILED:CRYPTO_NOT_LOADED")}}

package/dist-standalone/transport.d.ts

@@ -1,7 +1,7 @@
 import type { Result } from '@private.me/shared';
 import type { AnyTransportEnvelope } from './envelope.js';
 /** Transport-level error codes. */
-export type TransportError = 'SEND_FAILED' | 'NETWORK_ERROR' | 'RECIPIENT_UNREACHABLE' | 'TIMEOUT';
+export type TransportError = 'SEND_FAILED' | 'NETWORK_ERROR' | 'RECIPIENT_UNREACHABLE' | 'TIMEOUT' | 'HTTPS_REQUIRED' | 'INVALID_URL';
 /** Handler invoked when an envelope is received. */
 export type EnvelopeHandler = (envelope: AnyTransportEnvelope) => void;
 /**

package/dist-standalone/transport.js

@@ -1 +1 @@
-import{ok,err}from"./_deps/shared/index.js";export class HttpsTransportAdapter{baseUrl;timeoutMs;fetchFn;handlers=[];constructor(t){if(!t.baseUrl||"string"!=typeof t.baseUrl)throw new TypeError("HttpsTransportOptions.baseUrl is required and must be a string");if(0===t.baseUrl.trim().length)throw new TypeError("HttpsTransportOptions.baseUrl cannot be empty");try{if("https:"!==new URL(t.baseUrl).protocol)throw new TypeError("HttpsTransportOptions.baseUrl must use HTTPS protocol")}catch(r){if(r instanceof TypeError&&r.message.includes("HTTPS protocol"))throw r;throw new TypeError(`HttpsTransportOptions.baseUrl is not a valid URL: ${t.baseUrl}`)}this.baseUrl=t.baseUrl.replace(/\/$/,""),this.timeoutMs=t.timeoutMs??1e4,this.fetchFn=t.fetch??globalThis.fetch.bind(globalThis)}async send(t,r){const e=`${this.baseUrl}/deliver/${encodeURIComponent(r)}`;try{const r=new AbortController,s=setTimeout(()=>r.abort(),this.timeoutMs),o=await this.fetchFn(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),signal:r.signal});return clearTimeout(s),o.ok?ok(void 0):err(404===o.status?"RECIPIENT_UNREACHABLE":"SEND_FAILED")}catch(t){return t instanceof DOMException&&"AbortError"===t.name?err("TIMEOUT"):err("NETWORK_ERROR")}}onReceive(t){this.handlers.push(t)}dispatch(t){for(const r of this.handlers)r(t)}dispose(){this.handlers=[]}}
+import{ok,err}from"./_deps/shared/index.js";export class HttpsTransportAdapter{baseUrl;timeoutMs;fetchFn;handlers=[];constructor(t){if(!t.baseUrl||"string"!=typeof t.baseUrl)throw new TypeError("HttpsTransportOptions.baseUrl is required and must be a string");if(0===t.baseUrl.trim().length)throw new TypeError("HttpsTransportOptions.baseUrl cannot be empty");this.baseUrl=t.baseUrl.replace(/\/$/,""),this.timeoutMs=t.timeoutMs??1e4,this.fetchFn=t.fetch??globalThis.fetch.bind(globalThis)}async send(t,e){try{const t=new URL(this.baseUrl),e=t.hostname.toLowerCase(),r="127.0.0.1"===e||"localhost"===e||"[::1]"===e||"::1"===e||e.startsWith("127.")||e.endsWith(".localhost");if("https:"!==t.protocol&&!r)return err("HTTPS_REQUIRED")}catch{return err("INVALID_URL")}const r=`${this.baseUrl}/deliver/${encodeURIComponent(e)}`;try{const e=new AbortController,s=setTimeout(()=>e.abort(),this.timeoutMs),o=await this.fetchFn(r,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),signal:e.signal});return clearTimeout(s),o.ok?ok(void 0):err(404===o.status?"RECIPIENT_UNREACHABLE":"SEND_FAILED")}catch(t){return t instanceof DOMException&&"AbortError"===t.name?err("TIMEOUT"):err("NETWORK_ERROR")}}onReceive(t){this.handlers.push(t)}dispatch(t){for(const e of this.handlers)e(t)}dispose(){this.handlers=[]}}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@private.me/xbind",
-  "version": "3.0.3",
+  "version": "3.1.0",
   "description": "Identity-based M2M authentication (Contains encryption - export restrictions apply)",
   "license": "Proprietary",
   "author": "Private.Me Contributors",
@@ -83,6 +83,7 @@
     "!dist-standalone/_deps/crypto/**",
     "share1.dat",
     "README.md",
+    "MIGRATING.md",
     "LICENSE.md",
     "LICENSES.md",
     "AGENTS.md",