@qidcloud/sdk 1.1.0 → 1.2.0

package/dist/QidCloud.d.ts

@@ -1,31 +0,0 @@
-import { IStorage } from './storage';
-export interface QidConfig {
-    baseUrl?: string;
-    apiKey: string;
-    storage?: IStorage;
-}
-export interface UserProfile {
-    userId: string;
-    username: string;
-    role?: string;
-    plan?: string;
-    accountLimits?: {
-        maxProjects: number;
-        maxUsersTotal: number;
-    };
-}
-export declare class QidCloud {
-    private api;
-    private storage;
-    private config;
-    constructor(config: QidConfig);
-    hasIdentity(): Promise<boolean>;
-    register(username: string, tenantId?: string): Promise<UserProfile>;
-    /**
-     * Login / Authenticate
-     * Uses stored PQC keys to sign a challenge from the server
-     */
-    login(): Promise<string>;
-    logout(): Promise<void>;
-    getProfile(): Promise<UserProfile>;
-}

package/dist/QidCloud.js

@@ -1,142 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-import axios from 'axios';
-import * as PQC from './crypto/pqc';
-import UnifiedStorage from './storage';
-import { generateUUID, toBase64, fromBase64 } from './utils';
-const DEFAULT_BACKEND_URL = 'https://qgate.onrender.com';
-export class QidCloud {
-    constructor(config) {
-        this.config = Object.assign(Object.assign({}, config), { baseUrl: config.baseUrl || DEFAULT_BACKEND_URL });
-        this.storage = config.storage || UnifiedStorage;
-        this.api = axios.create({
-            baseURL: this.config.baseUrl,
-            headers: {
-                'Content-Type': 'application/json',
-                'X-API-KEY': config.apiKey
-            }
-        });
-        // Attach token interceptor
-        this.api.interceptors.request.use((req) => __awaiter(this, void 0, void 0, function* () {
-            const token = yield this.storage.getItem('qgate_token');
-            if (token) {
-                req.headers.Authorization = `Bearer ${token} `;
-            }
-            return req;
-        }));
-    }
-    hasIdentity() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const seed = yield this.storage.getItem('qgate_pqc_seed');
-            return !!seed;
-        });
-    }
-    register(username_1) {
-        return __awaiter(this, arguments, void 0, function* (username, tenantId = 'default') {
-            // 1. Generate Seed
-            const seedHex = yield PQC.generateDilithiumSeed();
-            // 2. Persist Locally
-            yield this.storage.setItem('qgate_pqc_seed', seedHex);
-            // 3. Derive Keys
-            const keys = yield PQC.getKeysFromSeed(seedHex);
-            const initResp = yield this.api.post('/api/register/initiate', { tenantId });
-            const { regSessionId, regNonce } = initResp.data;
-            // 4. Sign Nonce
-            // Backend sends nonce as Base64
-            const nonceBytes = fromBase64(regNonce);
-            const signature = keys.sign(nonceBytes);
-            const signatureBase64 = toBase64(signature);
-            // 5. Complete Registration
-            const completeResp = yield this.api.post('/api/register/complete', {
-                regSessionId,
-                did: generateUUID(), // Device ID
-                username,
-                attestation: {
-                    format: 'web-sdk',
-                    signature: signatureBase64,
-                    nonce: regNonce, // Echo back
-                    publicKey: toBase64(keys.publicKey)
-                }
-            });
-            const { user, token } = completeResp.data;
-            // 6. Store Session
-            if (token) {
-                yield this.storage.setItem('qgate_token', token);
-            }
-            if (user && user.userId) {
-                yield this.storage.setItem('qgate_user_id', user.userId);
-                return user;
-            }
-            return user || { userId: 'unknown', username };
-        });
-    }
-    /**
-     * Login / Authenticate
-     * Uses stored PQC keys to sign a challenge from the server
-     */
-    login() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!(yield this.hasIdentity())) {
-                throw new Error('NO_IDENTITY: Device not registered. Call register() first.');
-            }
-            const seedHex = yield this.storage.getItem('qgate_pqc_seed');
-            if (!seedHex) {
-                throw new Error('NO_IDENTITY_SEED: Seed not found. Re-register.');
-            }
-            const keys = yield PQC.getKeysFromSeed(seedHex);
-            // 1. Initiate Auth Challenge
-            let userId = yield this.storage.getItem('qgate_user_id');
-            if (!userId) {
-                // Try to find user from profile if logged in? No, we are logging in.
-                throw new Error('MISSING_USER_ID: Cannot look up user. Re-register.');
-            }
-            const initResp = yield this.api.post('/api/initiate', {
-                regUserId: userId,
-                clientHint: 'web-sdk'
-            });
-            const { sessionId, nonce } = initResp.data;
-            // 2. Sign Challenge
-            // Backend sends nonce as Base64
-            const nonceBytes = fromBase64(nonce);
-            const signature = keys.sign(nonceBytes);
-            const signatureBase64 = toBase64(signature);
-            // 3. Verify
-            const verifyResp = yield this.api.post('/api/verify', {
-                sessionId,
-                signature: signatureBase64
-            });
-            const { token } = verifyResp.data;
-            if (token) {
-                yield this.storage.setItem('qgate_token', token);
-                return token;
-            }
-            throw new Error('Authentication failed');
-        });
-    }
-    logout() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                // Attempt to notify server
-                yield this.api.post('/api/logout');
-            }
-            catch (e) {
-                console.warn('Logout API call failed', e);
-            }
-            yield this.storage.removeItem('qgate_token');
-            // Optional: Keep identity keys? Usually yes.
-        });
-    }
-    getProfile() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resp = yield this.api.get('/api/me');
-            return resp.data;
-        });
-    }
-}

package/dist/crypto/pqc.d.ts

@@ -1,12 +0,0 @@
-export declare function generateKyberKeyPair(): Promise<{
-    publicKey: any;
-    privateKey: any;
-}>;
-export declare function decapsulateSecret(privateKey: Uint8Array, cipherText: Uint8Array): Promise<any>;
-export declare function generateDilithiumSeed(): Promise<string>;
-export declare function getKeysFromSeed(seedHex: string): Promise<{
-    publicKey: Uint8Array<ArrayBufferLike>;
-    privateKey: Uint8Array<ArrayBufferLike>;
-    sign: (msg: Uint8Array) => Uint8Array<ArrayBufferLike>;
-}>;
-export declare function signMessage(seedHex: string, message: Uint8Array | string): Promise<Uint8Array<ArrayBufferLike>>;

package/dist/crypto/pqc.js

@@ -1,91 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-// PQC Crypto Utility for Q-Gate SDK
-import { DilithiumLevel, DilithiumKeyPair } from '@asanrom/dilithium';
-import { Kyber1024 } from 'crystals-kyber-js';
-import { hex2buf } from '../utils';
-export function generateKyberKeyPair() {
-    return __awaiter(this, void 0, void 0, function* () {
-        // Hardcoded sizes for Kyber1024
-        const PK_SIZE = 1568;
-        const SK_SIZE = 3168;
-        // Assume Kyber1024 is a class we can instantiate or it has static methods.
-        // Based on library patterns, if static props were missing, maybe it's an instance.
-        const kyber = new Kyber1024();
-        // Try async generation first
-        try {
-            // @ts-ignore
-            if (kyber.generateKeyPair) {
-                // @ts-ignore
-                const [pk, sk] = yield kyber.generateKeyPair();
-                return { publicKey: pk, privateKey: sk };
-            }
-        }
-        catch (e) { }
-        // Fallback to buffer passing
-        const pk = new Uint8Array(PK_SIZE);
-        const sk = new Uint8Array(SK_SIZE);
-        // @ts-ignore
-        kyber.keyPair(pk, sk);
-        return {
-            publicKey: pk,
-            privateKey: sk
-        };
-    });
-}
-export function decapsulateSecret(privateKey, cipherText) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const kyber = new Kyber1024();
-        // @ts-ignore
-        if (kyber.decap) {
-            // @ts-ignore
-            return yield kyber.decap(cipherText, privateKey);
-        }
-        // Fallback
-        const SS_SIZE = 32;
-        const sharedSecret = new Uint8Array(SS_SIZE);
-        // @ts-ignore
-        kyber.decaps(sharedSecret, cipherText, privateKey);
-        return sharedSecret;
-    });
-}
-export function generateDilithiumSeed() {
-    return __awaiter(this, void 0, void 0, function* () {
-        const seed = new Uint8Array(32);
-        if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
-            crypto.getRandomValues(seed);
-        }
-        else {
-            for (let i = 0; i < 32; i++)
-                seed[i] = Math.floor(Math.random() * 256);
-        }
-        return Array.prototype.map.call(seed, (x) => ('00' + x.toString(16)).slice(-2)).join('');
-    });
-}
-export function getKeysFromSeed(seedHex) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const level = DilithiumLevel.get(3);
-        const seed = hex2buf(seedHex);
-        const kp = DilithiumKeyPair.generate(level, seed);
-        return {
-            publicKey: kp.getPublicKey().getBytes(),
-            privateKey: kp.getPrivateKey().getBytes(),
-            // Helper to sign and return Uint8Array
-            sign: (msg) => kp.sign(msg).getBytes()
-        };
-    });
-}
-export function signMessage(seedHex, message) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const keys = yield getKeysFromSeed(seedHex);
-        const msgBytes = typeof message === 'string' ? new TextEncoder().encode(message) : message;
-        return keys.sign(msgBytes);
-    });
-}

package/dist/storage/index.d.ts

@@ -1,18 +0,0 @@
-export interface IStorage {
-    getItem(key: string): Promise<string | null>;
-    setItem(key: string, value: string): Promise<void>;
-    removeItem(key: string): Promise<void>;
-}
-export declare class MemoryStorage implements IStorage {
-    private storage;
-    getItem(key: string): Promise<string | null>;
-    setItem(key: string, value: string): Promise<void>;
-    removeItem(key: string): Promise<void>;
-}
-export declare class LocalStorageAdapter implements IStorage {
-    getItem(key: string): Promise<string | null>;
-    setItem(key: string, value: string): Promise<void>;
-    removeItem(key: string): Promise<void>;
-}
-declare const storage: MemoryStorage | LocalStorageAdapter;
-export default storage;

package/dist/storage/index.js

@@ -1,58 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-export class MemoryStorage {
-    constructor() {
-        this.storage = new Map();
-    }
-    getItem(key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.storage.get(key) || null;
-        });
-    }
-    setItem(key, value) {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.storage.set(key, value);
-        });
-    }
-    removeItem(key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.storage.delete(key);
-        });
-    }
-}
-export class LocalStorageAdapter {
-    getItem(key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (typeof window !== 'undefined' && window.localStorage) {
-                return window.localStorage.getItem(key);
-            }
-            return null;
-        });
-    }
-    setItem(key, value) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (typeof window !== 'undefined' && window.localStorage) {
-                window.localStorage.setItem(key, value);
-            }
-        });
-    }
-    removeItem(key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (typeof window !== 'undefined' && window.localStorage) {
-                window.localStorage.removeItem(key);
-            }
-        });
-    }
-}
-// Default export: Auto-detect
-const storage = typeof window !== 'undefined' && window.localStorage
-    ? new LocalStorageAdapter()
-    : new MemoryStorage();
-export default storage;

package/dist/utils.d.ts

@@ -1,5 +0,0 @@
-export declare function generateUUID(): string;
-export declare function buf2hex(buffer: Uint8Array): string;
-export declare function hex2buf(hex: string): Uint8Array;
-export declare function toBase64(bytes: Uint8Array): string;
-export declare function fromBase64(base64: string): Uint8Array;

package/dist/utils.js

@@ -1,46 +0,0 @@
-export function generateUUID() {
-    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
-        return crypto.randomUUID();
-    }
-    // Fallback for environments without randomUUID
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
-        var r = Math.random() * 16 | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
-        return v.toString(16);
-    });
-}
-export function buf2hex(buffer) {
-    return Array.prototype.map.call(new Uint8Array(buffer), (x) => ('00' + x.toString(16)).slice(-2)).join('');
-}
-export function hex2buf(hex) {
-    if (!hex)
-        return new Uint8Array(0);
-    const bytes = new Uint8Array(Math.ceil(hex.length / 2));
-    for (let i = 0; i < bytes.length; i++)
-        bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
-    return bytes;
-}
-export function toBase64(bytes) {
-    if (typeof Buffer !== 'undefined') {
-        return Buffer.from(bytes).toString('base64');
-    }
-    // Browser fallback
-    let binary = '';
-    const len = bytes.byteLength;
-    for (let i = 0; i < len; i++) {
-        binary += String.fromCharCode(bytes[i]);
-    }
-    return window.btoa(binary);
-}
-export function fromBase64(base64) {
-    if (typeof Buffer !== 'undefined') {
-        return new Uint8Array(Buffer.from(base64, 'base64'));
-    }
-    // Browser fallback
-    const binary_string = window.atob(base64);
-    const len = binary_string.length;
-    const bytes = new Uint8Array(len);
-    for (let i = 0; i < len; i++) {
-        bytes[i] = binary_string.charCodeAt(i);
-    }
-    return bytes;
-}

package/src/QidCloud.ts

@@ -1,171 +0,0 @@
-import axios, { AxiosInstance } from 'axios';
-import * as PQC from './crypto/pqc';
-import UnifiedStorage, { IStorage } from './storage';
-import { generateUUID, toBase64, hex2buf, fromBase64 } from './utils';
-
-export interface QidConfig {
-    baseUrl?: string; // Optional, defaults to production backend
-    apiKey: string;
-    storage?: IStorage;
-}
-
-const DEFAULT_BACKEND_URL = 'https://qgate.onrender.com';
-
-export interface UserProfile {
-    userId: string;
-    username: string;
-    role?: string;
-    plan?: string;
-    accountLimits?: {
-        maxProjects: number;
-        maxUsersTotal: number;
-    };
-}
-
-export class QidCloud {
-    private api: AxiosInstance;
-    private storage: IStorage;
-    private config: QidConfig;
-
-    constructor(config: QidConfig) {
-        this.config = {
-            ...config,
-            baseUrl: config.baseUrl || DEFAULT_BACKEND_URL
-        };
-        this.storage = config.storage || UnifiedStorage;
-        this.api = axios.create({
-            baseURL: this.config.baseUrl,
-            headers: {
-                'Content-Type': 'application/json',
-                'X-API-KEY': config.apiKey
-            }
-        });
-
-        // Attach token interceptor
-        this.api.interceptors.request.use(async (req) => {
-            const token = await this.storage.getItem('qgate_token');
-            if (token) {
-                req.headers.Authorization = `Bearer ${token} `;
-            }
-            return req;
-        });
-    }
-
-    async hasIdentity(): Promise<boolean> {
-        const seed = await this.storage.getItem('qgate_pqc_seed');
-        return !!seed;
-    }
-
-    async register(username: string, tenantId: string = 'default'): Promise<UserProfile> {
-        // 1. Generate Seed
-        const seedHex = await PQC.generateDilithiumSeed();
-
-        // 2. Persist Locally
-        await this.storage.setItem('qgate_pqc_seed', seedHex);
-
-        // 3. Derive Keys
-        const keys = await PQC.getKeysFromSeed(seedHex);
-
-        const initResp = await this.api.post('/api/register/initiate', { tenantId });
-        const { regSessionId, regNonce } = initResp.data;
-
-        // 4. Sign Nonce
-        // Backend sends nonce as Base64
-        const nonceBytes = fromBase64(regNonce);
-        const signature = keys.sign(nonceBytes);
-        const signatureBase64 = toBase64(signature);
-
-        // 5. Complete Registration
-        const completeResp = await this.api.post('/api/register/complete', {
-            regSessionId,
-            did: generateUUID(), // Device ID
-            username,
-            attestation: {
-                format: 'web-sdk',
-                signature: signatureBase64,
-                nonce: regNonce, // Echo back
-                publicKey: toBase64(keys.publicKey)
-            }
-        });
-
-        const { user, token } = completeResp.data;
-
-        // 6. Store Session
-        if (token) {
-            await this.storage.setItem('qgate_token', token);
-        }
-        if (user && user.userId) {
-            await this.storage.setItem('qgate_user_id', user.userId);
-            return user;
-        }
-
-        return user || { userId: 'unknown', username };
-    }
-
-    /**
-     * Login / Authenticate
-     * Uses stored PQC keys to sign a challenge from the server
-     */
-    async login(): Promise<string> {
-        if (!(await this.hasIdentity())) {
-            throw new Error('NO_IDENTITY: Device not registered. Call register() first.');
-        }
-
-        const seedHex = await this.storage.getItem('qgate_pqc_seed');
-        if (!seedHex) {
-            throw new Error('NO_IDENTITY_SEED: Seed not found. Re-register.');
-        }
-        const keys = await PQC.getKeysFromSeed(seedHex);
-
-        // 1. Initiate Auth Challenge
-        let userId = await this.storage.getItem('qgate_user_id');
-
-        if (!userId) {
-            // Try to find user from profile if logged in? No, we are logging in.
-            throw new Error('MISSING_USER_ID: Cannot look up user. Re-register.');
-        }
-
-        const initResp = await this.api.post('/api/initiate', {
-            regUserId: userId,
-            clientHint: 'web-sdk'
-        });
-
-        const { sessionId, nonce } = initResp.data;
-
-        // 2. Sign Challenge
-        // Backend sends nonce as Base64
-        const nonceBytes = fromBase64(nonce);
-        const signature = keys.sign(nonceBytes);
-        const signatureBase64 = toBase64(signature);
-
-        // 3. Verify
-        const verifyResp = await this.api.post('/api/verify', {
-            sessionId,
-            signature: signatureBase64
-        });
-
-        const { token } = verifyResp.data;
-        if (token) {
-            await this.storage.setItem('qgate_token', token);
-            return token;
-        }
-
-        throw new Error('Authentication failed');
-    }
-
-    async logout(): Promise<void> {
-        try {
-            // Attempt to notify server
-            await this.api.post('/api/logout');
-        } catch (e) {
-            console.warn('Logout API call failed', e);
-        }
-        await this.storage.removeItem('qgate_token');
-        // Optional: Keep identity keys? Usually yes.
-    }
-
-    async getProfile(): Promise<UserProfile> {
-        const resp = await this.api.get('/api/me');
-        return resp.data;
-    }
-}

package/src/crypto/pqc.ts

@@ -1,79 +0,0 @@
-// PQC Crypto Utility for Q-Gate SDK
-import { DilithiumLevel, DilithiumKeyPair } from '@asanrom/dilithium';
-import { Kyber1024 } from 'crystals-kyber-js';
-import { hex2buf } from '../utils';
-
-export async function generateKyberKeyPair() {
-    // Hardcoded sizes for Kyber1024
-    const PK_SIZE = 1568;
-    const SK_SIZE = 3168;
-
-    // Assume Kyber1024 is a class we can instantiate or it has static methods.
-    // Based on library patterns, if static props were missing, maybe it's an instance.
-    const kyber = new Kyber1024();
-    // Try async generation first
-    try {
-        // @ts-ignore
-        if (kyber.generateKeyPair) {
-            // @ts-ignore
-            const [pk, sk] = await kyber.generateKeyPair();
-            return { publicKey: pk, privateKey: sk };
-        }
-    } catch (e) { }
-
-    // Fallback to buffer passing
-    const pk = new Uint8Array(PK_SIZE);
-    const sk = new Uint8Array(SK_SIZE);
-    // @ts-ignore
-    kyber.keyPair(pk, sk);
-
-    return {
-        publicKey: pk,
-        privateKey: sk
-    };
-}
-
-export async function decapsulateSecret(privateKey: Uint8Array, cipherText: Uint8Array) {
-    const kyber = new Kyber1024();
-    // @ts-ignore
-    if (kyber.decap) {
-        // @ts-ignore
-        return await kyber.decap(cipherText, privateKey);
-    }
-
-    // Fallback
-    const SS_SIZE = 32;
-    const sharedSecret = new Uint8Array(SS_SIZE);
-    // @ts-ignore
-    kyber.decaps(sharedSecret, cipherText, privateKey);
-    return sharedSecret;
-}
-
-export async function generateDilithiumSeed(): Promise<string> {
-    const seed = new Uint8Array(32);
-    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
-        crypto.getRandomValues(seed);
-    } else {
-        for (let i = 0; i < 32; i++) seed[i] = Math.floor(Math.random() * 256);
-    }
-    return Array.prototype.map.call(seed, (x: number) => ('00' + x.toString(16)).slice(-2)).join('');
-}
-
-export async function getKeysFromSeed(seedHex: string) {
-    const level = DilithiumLevel.get(3);
-    const seed = hex2buf(seedHex);
-
-    const kp = DilithiumKeyPair.generate(level, seed);
-    return {
-        publicKey: kp.getPublicKey().getBytes(),
-        privateKey: kp.getPrivateKey().getBytes(),
-        // Helper to sign and return Uint8Array
-        sign: (msg: Uint8Array) => kp.sign(msg).getBytes()
-    };
-}
-
-export async function signMessage(seedHex: string, message: Uint8Array | string) {
-    const keys = await getKeysFromSeed(seedHex);
-    const msgBytes = typeof message === 'string' ? new TextEncoder().encode(message) : message;
-    return keys.sign(msgBytes);
-}

package/src/index.ts

@@ -1,7 +0,0 @@
-import { QidCloud, QidConfig, UserProfile } from './QidCloud';
-import UnifiedStorage from './storage';
-import * as PQC from './crypto/pqc';
-
-export { QidCloud, QidCloud as PQAuth, QidConfig, UserProfile, UnifiedStorage, PQC };
-
-export default QidCloud;