@qidcloud/sdk 1.1.1 → 1.2.1

package/src/QidCloud.ts

@@ -1,171 +0,0 @@
-import axios, { AxiosInstance } from 'axios';
-import * as PQC from './crypto/pqc';
-import UnifiedStorage, { IStorage } from './storage';
-import { generateUUID, toBase64, hex2buf, fromBase64 } from './utils';
-
-export interface QidConfig {
-    baseUrl?: string; // Optional, defaults to production backend
-    apiKey: string;
-    storage?: IStorage;
-}
-
-const DEFAULT_BACKEND_URL = 'https://qgate.onrender.com';
-
-export interface UserProfile {
-    userId: string;
-    username: string;
-    role?: string;
-    plan?: string;
-    accountLimits?: {
-        maxProjects: number;
-        maxUsersTotal: number;
-    };
-}
-
-export class QidCloud {
-    private api: AxiosInstance;
-    private storage: IStorage;
-    private config: QidConfig;
-
-    constructor(config: QidConfig) {
-        this.config = {
-            ...config,
-            baseUrl: config.baseUrl || DEFAULT_BACKEND_URL
-        };
-        this.storage = config.storage || UnifiedStorage;
-        this.api = axios.create({
-            baseURL: this.config.baseUrl,
-            headers: {
-                'Content-Type': 'application/json',
-                'X-API-KEY': config.apiKey
-            }
-        });
-
-        // Attach token interceptor
-        this.api.interceptors.request.use(async (req) => {
-            const token = await this.storage.getItem('qgate_token');
-            if (token) {
-                req.headers.Authorization = `Bearer ${token} `;
-            }
-            return req;
-        });
-    }
-
-    async hasIdentity(): Promise<boolean> {
-        const seed = await this.storage.getItem('qgate_pqc_seed');
-        return !!seed;
-    }
-
-    async register(username: string, tenantId: string = 'default'): Promise<UserProfile> {
-        // 1. Generate Seed
-        const seedHex = await PQC.generateDilithiumSeed();
-
-        // 2. Persist Locally
-        await this.storage.setItem('qgate_pqc_seed', seedHex);
-
-        // 3. Derive Keys
-        const keys = await PQC.getKeysFromSeed(seedHex);
-
-        const initResp = await this.api.post('/api/register/initiate', { tenantId });
-        const { regSessionId, regNonce } = initResp.data;
-
-        // 4. Sign Nonce
-        // Backend sends nonce as Base64
-        const nonceBytes = fromBase64(regNonce);
-        const signature = keys.sign(nonceBytes);
-        const signatureBase64 = toBase64(signature);
-
-        // 5. Complete Registration
-        const completeResp = await this.api.post('/api/register/complete', {
-            regSessionId,
-            did: generateUUID(), // Device ID
-            username,
-            attestation: {
-                format: 'web-sdk',
-                signature: signatureBase64,
-                nonce: regNonce, // Echo back
-                publicKey: toBase64(keys.publicKey)
-            }
-        });
-
-        const { user, token } = completeResp.data;
-
-        // 6. Store Session
-        if (token) {
-            await this.storage.setItem('qgate_token', token);
-        }
-        if (user && user.userId) {
-            await this.storage.setItem('qgate_user_id', user.userId);
-            return user;
-        }
-
-        return user || { userId: 'unknown', username };
-    }
-
-    /**
-     * Login / Authenticate
-     * Uses stored PQC keys to sign a challenge from the server
-     */
-    async login(): Promise<string> {
-        if (!(await this.hasIdentity())) {
-            throw new Error('NO_IDENTITY: Device not registered. Call register() first.');
-        }
-
-        const seedHex = await this.storage.getItem('qgate_pqc_seed');
-        if (!seedHex) {
-            throw new Error('NO_IDENTITY_SEED: Seed not found. Re-register.');
-        }
-        const keys = await PQC.getKeysFromSeed(seedHex);
-
-        // 1. Initiate Auth Challenge
-        let userId = await this.storage.getItem('qgate_user_id');
-
-        if (!userId) {
-            // Try to find user from profile if logged in? No, we are logging in.
-            throw new Error('MISSING_USER_ID: Cannot look up user. Re-register.');
-        }
-
-        const initResp = await this.api.post('/api/initiate', {
-            regUserId: userId,
-            clientHint: 'web-sdk'
-        });
-
-        const { sessionId, nonce } = initResp.data;
-
-        // 2. Sign Challenge
-        // Backend sends nonce as Base64
-        const nonceBytes = fromBase64(nonce);
-        const signature = keys.sign(nonceBytes);
-        const signatureBase64 = toBase64(signature);
-
-        // 3. Verify
-        const verifyResp = await this.api.post('/api/verify', {
-            sessionId,
-            signature: signatureBase64
-        });
-
-        const { token } = verifyResp.data;
-        if (token) {
-            await this.storage.setItem('qgate_token', token);
-            return token;
-        }
-
-        throw new Error('Authentication failed');
-    }
-
-    async logout(): Promise<void> {
-        try {
-            // Attempt to notify server
-            await this.api.post('/api/logout');
-        } catch (e) {
-            console.warn('Logout API call failed', e);
-        }
-        await this.storage.removeItem('qgate_token');
-        // Optional: Keep identity keys? Usually yes.
-    }
-
-    async getProfile(): Promise<UserProfile> {
-        const resp = await this.api.get('/api/me');
-        return resp.data;
-    }
-}

package/src/crypto/pqc.ts

@@ -1,79 +0,0 @@
-// PQC Crypto Utility for Q-Gate SDK
-import { DilithiumLevel, DilithiumKeyPair } from '@asanrom/dilithium';
-import { Kyber1024 } from 'crystals-kyber-js';
-import { hex2buf } from '../utils';
-
-export async function generateKyberKeyPair() {
-    // Hardcoded sizes for Kyber1024
-    const PK_SIZE = 1568;
-    const SK_SIZE = 3168;
-
-    // Assume Kyber1024 is a class we can instantiate or it has static methods.
-    // Based on library patterns, if static props were missing, maybe it's an instance.
-    const kyber = new Kyber1024();
-    // Try async generation first
-    try {
-        // @ts-ignore
-        if (kyber.generateKeyPair) {
-            // @ts-ignore
-            const [pk, sk] = await kyber.generateKeyPair();
-            return { publicKey: pk, privateKey: sk };
-        }
-    } catch (e) { }
-
-    // Fallback to buffer passing
-    const pk = new Uint8Array(PK_SIZE);
-    const sk = new Uint8Array(SK_SIZE);
-    // @ts-ignore
-    kyber.keyPair(pk, sk);
-
-    return {
-        publicKey: pk,
-        privateKey: sk
-    };
-}
-
-export async function decapsulateSecret(privateKey: Uint8Array, cipherText: Uint8Array) {
-    const kyber = new Kyber1024();
-    // @ts-ignore
-    if (kyber.decap) {
-        // @ts-ignore
-        return await kyber.decap(cipherText, privateKey);
-    }
-
-    // Fallback
-    const SS_SIZE = 32;
-    const sharedSecret = new Uint8Array(SS_SIZE);
-    // @ts-ignore
-    kyber.decaps(sharedSecret, cipherText, privateKey);
-    return sharedSecret;
-}
-
-export async function generateDilithiumSeed(): Promise<string> {
-    const seed = new Uint8Array(32);
-    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
-        crypto.getRandomValues(seed);
-    } else {
-        for (let i = 0; i < 32; i++) seed[i] = Math.floor(Math.random() * 256);
-    }
-    return Array.prototype.map.call(seed, (x: number) => ('00' + x.toString(16)).slice(-2)).join('');
-}
-
-export async function getKeysFromSeed(seedHex: string) {
-    const level = DilithiumLevel.get(3);
-    const seed = hex2buf(seedHex);
-
-    const kp = DilithiumKeyPair.generate(level, seed);
-    return {
-        publicKey: kp.getPublicKey().getBytes(),
-        privateKey: kp.getPrivateKey().getBytes(),
-        // Helper to sign and return Uint8Array
-        sign: (msg: Uint8Array) => kp.sign(msg).getBytes()
-    };
-}
-
-export async function signMessage(seedHex: string, message: Uint8Array | string) {
-    const keys = await getKeysFromSeed(seedHex);
-    const msgBytes = typeof message === 'string' ? new TextEncoder().encode(message) : message;
-    return keys.sign(msgBytes);
-}

package/src/storage/index.ts

@@ -1,49 +0,0 @@
-export interface IStorage {
-    getItem(key: string): Promise<string | null>;
-    setItem(key: string, value: string): Promise<void>;
-    removeItem(key: string): Promise<void>;
-}
-
-export class MemoryStorage implements IStorage {
-    private storage: Map<string, string> = new Map();
-
-    async getItem(key: string): Promise<string | null> {
-        return this.storage.get(key) || null;
-    }
-
-    async setItem(key: string, value: string): Promise<void> {
-        this.storage.set(key, value);
-    }
-
-    async removeItem(key: string): Promise<void> {
-        this.storage.delete(key);
-    }
-}
-
-export class LocalStorageAdapter implements IStorage {
-    async getItem(key: string): Promise<string | null> {
-        if (typeof window !== 'undefined' && window.localStorage) {
-            return window.localStorage.getItem(key);
-        }
-        return null;
-    }
-
-    async setItem(key: string, value: string): Promise<void> {
-        if (typeof window !== 'undefined' && window.localStorage) {
-            window.localStorage.setItem(key, value);
-        }
-    }
-
-    async removeItem(key: string): Promise<void> {
-        if (typeof window !== 'undefined' && window.localStorage) {
-            window.localStorage.removeItem(key);
-        }
-    }
-}
-
-// Default export: Auto-detect
-const storage = typeof window !== 'undefined' && window.localStorage
-    ? new LocalStorageAdapter()
-    : new MemoryStorage();
-
-export default storage;

package/src/utils.ts

@@ -1,48 +0,0 @@
-export function generateUUID(): string {
-    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
-        return crypto.randomUUID();
-    }
-    // Fallback for environments without randomUUID
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
-        var r = Math.random() * 16 | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
-        return v.toString(16);
-    });
-}
-
-export function buf2hex(buffer: Uint8Array): string {
-    return Array.prototype.map.call(new Uint8Array(buffer), (x: number) => ('00' + x.toString(16)).slice(-2)).join('');
-}
-
-export function hex2buf(hex: string): Uint8Array {
-    if (!hex) return new Uint8Array(0);
-    const bytes = new Uint8Array(Math.ceil(hex.length / 2));
-    for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
-    return bytes;
-}
-
-export function toBase64(bytes: Uint8Array): string {
-    if (typeof Buffer !== 'undefined') {
-        return Buffer.from(bytes).toString('base64');
-    }
-    // Browser fallback
-    let binary = '';
-    const len = bytes.byteLength;
-    for (let i = 0; i < len; i++) {
-        binary += String.fromCharCode(bytes[i]);
-    }
-    return window.btoa(binary);
-}
-
-export function fromBase64(base64: string): Uint8Array {
-    if (typeof Buffer !== 'undefined') {
-        return new Uint8Array(Buffer.from(base64, 'base64'));
-    }
-    // Browser fallback
-    const binary_string = window.atob(base64);
-    const len = binary_string.length;
-    const bytes = new Uint8Array(len);
-    for (let i = 0; i < len; i++) {
-        bytes[i] = binary_string.charCodeAt(i);
-    }
-    return bytes;
-}

package/verify_sdk.ts

@@ -1,53 +0,0 @@
-import { QGateClient } from './src';
-import * as PQC from './src/crypto/pqc';
-
-async function verify() {
-    console.log('--- QGate SDK Verification ---');
-
-    // 1. Verify Exports
-    if (!QGateClient) {
-        throw new Error('QGateClient export missing');
-    }
-    console.log('✅ QGateClient exported');
-
-    // 2. Verify PQC Generation (Dilithium)
-    console.log('Testing Dilithium Seed Generation...');
-    const seed = await PQC.generateDilithiumSeed();
-    console.log('Generated Seed:', seed);
-    if (!seed || seed.length !== 64) { // 32 bytes hex
-        throw new Error('Invalid seed generated');
-    }
-    console.log('✅ Dilithium Seed Generated');
-
-    // 3. Verify Key Derivation
-    console.log('Deriving Keys...');
-    const keys = await PQC.getKeysFromSeed(seed);
-    if (!keys.publicKey || !keys.privateKey) {
-        throw new Error('Failed to derive keys');
-    }
-    console.log('✅ Keys Derived');
-
-    // 4. Verify Signing
-    console.log('Testing Signing...');
-    const msg = "Hello QGate";
-    const sig = keys.sign(new TextEncoder().encode(msg));
-    console.log('Signature Length:', sig.length);
-    if (sig.length === 0) {
-        throw new Error('Signature failed');
-    }
-    console.log('✅ Signing Success'); // Verification requires Dilithium library verify which we didn't export in PQC yet but sign works.
-
-    // 5. Verify Client Instantiation
-    const client = new QGateClient({
-        baseUrl: 'http://localhost:3000',
-        apiKey: 'test-key'
-    });
-    console.log('✅ Client Instantiated');
-
-    console.log('--- SDK VERIFIED ---');
-}
-
-verify().catch(err => {
-    console.error('❌ VERIFICATION FAILED:', err);
-    process.exit(1);
-});