@rainfall-devkit/sdk 0.2.1 → 0.2.3

package/dist/chunk-KOCCGNEQ.mjs

@@ -0,0 +1,269 @@
+// src/security/edge-node.ts
+import * as sodium from "libsodium-wrappers-sumo";
+var EdgeNodeSecurity = class {
+  sodiumReady;
+  backendSecret;
+  keyPair;
+  constructor(options = {}) {
+    this.sodiumReady = sodium.ready;
+    this.backendSecret = options.backendSecret;
+    this.keyPair = options.keyPair;
+  }
+  /**
+   * Initialize libsodium
+   */
+  async initialize() {
+    await this.sodiumReady;
+  }
+  // ============================================================================
+  // JWT Token Management
+  // ============================================================================
+  /**
+   * Generate a JWT token for an edge node
+   * Note: In production, this is done by the backend. This is for testing.
+   */
+  generateJWT(edgeNodeId, subscriberId, expiresInDays = 30) {
+    if (!this.backendSecret) {
+      throw new Error("Backend secret not configured");
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + expiresInDays * 24 * 60 * 60;
+    const jti = this.generateTokenId();
+    const payload = {
+      sub: edgeNodeId,
+      iss: "rainfall-backend",
+      iat: now,
+      exp,
+      jti,
+      scope: ["edge:heartbeat", "edge:claim", "edge:submit", "edge:queue"]
+    };
+    const header = { alg: "HS256", typ: "JWT" };
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
+    const signature = this.hmacSha256(
+      `${encodedHeader}.${encodedPayload}`,
+      this.backendSecret
+    );
+    const encodedSignature = this.base64UrlEncode(signature);
+    return `${encodedHeader}.${encodedPayload}.${encodedSignature}`;
+  }
+  /**
+   * Validate a JWT token
+   */
+  validateJWT(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      throw new Error("Invalid JWT format");
+    }
+    const [encodedHeader, encodedPayload, encodedSignature] = parts;
+    if (this.backendSecret) {
+      const expectedSignature = this.hmacSha256(
+        `${encodedHeader}.${encodedPayload}`,
+        this.backendSecret
+      );
+      const expectedEncoded = this.base64UrlEncode(expectedSignature);
+      if (!this.timingSafeEqual(encodedSignature, expectedEncoded)) {
+        throw new Error("Invalid JWT signature");
+      }
+    }
+    const payload = JSON.parse(this.base64UrlDecode(encodedPayload));
+    const now = Math.floor(Date.now() / 1e3);
+    if (payload.exp < now) {
+      throw new Error("JWT token expired");
+    }
+    if (payload.iss !== "rainfall-backend") {
+      throw new Error("Invalid JWT issuer");
+    }
+    return {
+      edgeNodeId: payload.sub,
+      subscriberId: payload.sub,
+      // Same as edge node ID for now
+      scopes: payload.scope,
+      expiresAt: payload.exp
+    };
+  }
+  /**
+   * Extract bearer token from Authorization header
+   */
+  extractBearerToken(authHeader) {
+    if (!authHeader) return null;
+    const match = authHeader.match(/^Bearer\s+(.+)$/i);
+    return match ? match[1] : null;
+  }
+  // ============================================================================
+  // ACL Enforcement
+  // ============================================================================
+  /**
+   * Check if an edge node is allowed to perform an action on a job
+   * Rule: Edge nodes can only access jobs for their own subscriber
+   */
+  checkACL(check) {
+    if (check.subscriberId !== check.jobSubscriberId) {
+      return {
+        allowed: false,
+        reason: `Edge node ${check.edgeNodeId} cannot access jobs from subscriber ${check.jobSubscriberId}`
+      };
+    }
+    const allowedActions = ["heartbeat", "claim", "submit", "queue"];
+    if (!allowedActions.includes(check.action)) {
+      return {
+        allowed: false,
+        reason: `Unknown action: ${check.action}`
+      };
+    }
+    return { allowed: true };
+  }
+  /**
+   * Middleware-style ACL check for job operations
+   */
+  requireSameSubscriber(edgeNodeSubscriberId, jobSubscriberId, operation) {
+    const result = this.checkACL({
+      edgeNodeId: edgeNodeSubscriberId,
+      subscriberId: edgeNodeSubscriberId,
+      jobSubscriberId,
+      action: operation
+    });
+    if (!result.allowed) {
+      throw new Error(result.reason);
+    }
+  }
+  // ============================================================================
+  // Encryption (Libsodium)
+  // ============================================================================
+  /**
+   * Generate a new Ed25519 key pair for an edge node
+   */
+  async generateKeyPair() {
+    await this.sodiumReady;
+    const keyPair = sodium.crypto_box_keypair();
+    return {
+      publicKey: this.bytesToBase64(keyPair.publicKey),
+      privateKey: this.bytesToBase64(keyPair.privateKey)
+    };
+  }
+  /**
+   * Encrypt job parameters for a target edge node using its public key
+   */
+  async encryptForEdgeNode(plaintext, targetPublicKeyBase64) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const targetPublicKey = this.base64ToBytes(targetPublicKeyBase64);
+    const ephemeralKeyPair = sodium.crypto_box_keypair();
+    const nonce = sodium.randombytes_buf(sodium.crypto_box_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_box_easy(
+      message,
+      nonce,
+      targetPublicKey,
+      ephemeralKeyPair.privateKey
+    );
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce),
+      ephemeralPublicKey: this.bytesToBase64(ephemeralKeyPair.publicKey)
+    };
+  }
+  /**
+   * Decrypt job parameters received from the backend
+   */
+  async decryptFromBackend(encrypted) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const privateKey = this.base64ToBytes(this.keyPair.privateKey);
+    const ephemeralPublicKey = this.base64ToBytes(encrypted.ephemeralPublicKey);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_box_open_easy(
+      ciphertext,
+      nonce,
+      ephemeralPublicKey,
+      privateKey
+    );
+    if (!decrypted) {
+      throw new Error("Decryption failed - invalid ciphertext or keys");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  /**
+   * Encrypt job parameters for local storage (using secretbox)
+   */
+  async encryptLocal(plaintext, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_secretbox_easy(message, nonce, keyBytes);
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce)
+    };
+  }
+  /**
+   * Decrypt locally stored job parameters
+   */
+  async decryptLocal(encrypted, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_secretbox_open_easy(ciphertext, nonce, keyBytes);
+    if (!decrypted) {
+      throw new Error("Local decryption failed");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  // ============================================================================
+  // Utility Methods
+  // ============================================================================
+  generateTokenId() {
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+  }
+  base64UrlEncode(str) {
+    return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  base64UrlDecode(str) {
+    const padding = "=".repeat((4 - str.length % 4) % 4);
+    const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + padding;
+    return atob(base64);
+  }
+  hmacSha256(message, secret) {
+    const key = new TextEncoder().encode(secret);
+    const msg = new TextEncoder().encode(message);
+    const hash = sodium.crypto_auth(msg, key);
+    return this.bytesToBase64(hash);
+  }
+  timingSafeEqual(a, b) {
+    if (a.length !== b.length) return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+  bytesToBase64(bytes) {
+    const binString = Array.from(bytes, (b) => String.fromCharCode(b)).join("");
+    return btoa(binString);
+  }
+  base64ToBytes(base64) {
+    const binString = atob(base64);
+    return Uint8Array.from(binString, (m) => m.charCodeAt(0));
+  }
+  deriveKey(password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    return sodium.crypto_generichash(32, passwordBytes, null);
+  }
+};
+async function createEdgeNodeSecurity(options = {}) {
+  const security = new EdgeNodeSecurity(options);
+  await security.initialize();
+  return security;
+}
+
+export {
+  EdgeNodeSecurity,
+  createEdgeNodeSecurity
+};

package/dist/chunk-LJQEO3CY.mjs

@@ -0,0 +1,150 @@
+// src/errors.ts
+var RainfallError = class _RainfallError extends Error {
+  constructor(message, code, statusCode, details) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.details = details;
+    this.name = "RainfallError";
+    Object.setPrototypeOf(this, _RainfallError.prototype);
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      statusCode: this.statusCode,
+      details: this.details
+    };
+  }
+};
+var AuthenticationError = class _AuthenticationError extends RainfallError {
+  constructor(message = "Invalid API key", details) {
+    super(message, "AUTHENTICATION_ERROR", 401, details);
+    this.name = "AuthenticationError";
+    Object.setPrototypeOf(this, _AuthenticationError.prototype);
+  }
+};
+var RateLimitError = class _RateLimitError extends RainfallError {
+  retryAfter;
+  limit;
+  remaining;
+  resetAt;
+  constructor(message = "Rate limit exceeded", retryAfter = 60, limit = 0, remaining = 0, resetAt) {
+    super(message, "RATE_LIMIT_ERROR", 429, { retryAfter, limit, remaining });
+    this.name = "RateLimitError";
+    this.retryAfter = retryAfter;
+    this.limit = limit;
+    this.remaining = remaining;
+    this.resetAt = resetAt || new Date(Date.now() + retryAfter * 1e3);
+    Object.setPrototypeOf(this, _RateLimitError.prototype);
+  }
+};
+var ValidationError = class _ValidationError extends RainfallError {
+  constructor(message, details) {
+    super(message, "VALIDATION_ERROR", 400, details);
+    this.name = "ValidationError";
+    Object.setPrototypeOf(this, _ValidationError.prototype);
+  }
+};
+var NotFoundError = class _NotFoundError extends RainfallError {
+  constructor(resource, identifier) {
+    super(
+      `${resource}${identifier ? ` '${identifier}'` : ""} not found`,
+      "NOT_FOUND_ERROR",
+      404,
+      { resource, identifier }
+    );
+    this.name = "NotFoundError";
+    Object.setPrototypeOf(this, _NotFoundError.prototype);
+  }
+};
+var ServerError = class _ServerError extends RainfallError {
+  constructor(message = "Internal server error", statusCode = 500) {
+    super(message, "SERVER_ERROR", statusCode);
+    this.name = "ServerError";
+    Object.setPrototypeOf(this, _ServerError.prototype);
+  }
+};
+var TimeoutError = class _TimeoutError extends RainfallError {
+  constructor(timeoutMs) {
+    super(`Request timed out after ${timeoutMs}ms`, "TIMEOUT_ERROR", 408);
+    this.name = "TimeoutError";
+    Object.setPrototypeOf(this, _TimeoutError.prototype);
+  }
+};
+var NetworkError = class _NetworkError extends RainfallError {
+  constructor(message = "Network error", details) {
+    super(message, "NETWORK_ERROR", void 0, details);
+    this.name = "NetworkError";
+    Object.setPrototypeOf(this, _NetworkError.prototype);
+  }
+};
+var ToolNotFoundError = class _ToolNotFoundError extends RainfallError {
+  constructor(toolId) {
+    super(`Tool '${toolId}' not found`, "TOOL_NOT_FOUND", 404, { toolId });
+    this.name = "ToolNotFoundError";
+    Object.setPrototypeOf(this, _ToolNotFoundError.prototype);
+  }
+};
+function parseErrorResponse(response, data) {
+  const statusCode = response.status;
+  if (statusCode === 429) {
+    const retryAfter = parseInt(response.headers.get("retry-after") || "60", 10);
+    const limit = parseInt(response.headers.get("x-ratelimit-limit") || "0", 10);
+    const remaining = parseInt(response.headers.get("x-ratelimit-remaining") || "0", 10);
+    const resetHeader = response.headers.get("x-ratelimit-reset");
+    const resetAt = resetHeader ? new Date(parseInt(resetHeader, 10) * 1e3) : void 0;
+    return new RateLimitError(
+      typeof data === "object" && data && "message" in data ? String(data.message) : "Rate limit exceeded",
+      retryAfter,
+      limit,
+      remaining,
+      resetAt
+    );
+  }
+  switch (statusCode) {
+    case 401:
+      return new AuthenticationError(
+        typeof data === "object" && data && "message" in data ? String(data.message) : "Invalid API key"
+      );
+    case 404:
+      return new NotFoundError(
+        typeof data === "object" && data && "resource" in data ? String(data.resource) : "Resource",
+        typeof data === "object" && data && "identifier" in data ? String(data.identifier) : void 0
+      );
+    case 400:
+      return new ValidationError(
+        typeof data === "object" && data && "message" in data ? String(data.message) : "Invalid request",
+        typeof data === "object" && data && "details" in data ? data.details : void 0
+      );
+    case 500:
+    case 502:
+    case 503:
+    case 504:
+      return new ServerError(
+        typeof data === "object" && data && "message" in data ? String(data.message) : "Server error",
+        statusCode
+      );
+    default:
+      return new RainfallError(
+        typeof data === "object" && data && "message" in data ? String(data.message) : `HTTP ${statusCode}`,
+        "UNKNOWN_ERROR",
+        statusCode,
+        typeof data === "object" ? data : void 0
+      );
+  }
+}
+
+export {
+  RainfallError,
+  AuthenticationError,
+  RateLimitError,
+  ValidationError,
+  NotFoundError,
+  ServerError,
+  TimeoutError,
+  NetworkError,
+  ToolNotFoundError,
+  parseErrorResponse
+};

package/dist/chunk-NCQVOLS4.mjs

@@ -0,0 +1,269 @@
+// src/security/edge-node.ts
+import sodium from "libsodium-wrappers-sumo";
+var EdgeNodeSecurity = class {
+  sodiumReady;
+  backendSecret;
+  keyPair;
+  constructor(options = {}) {
+    this.sodiumReady = sodium.ready;
+    this.backendSecret = options.backendSecret;
+    this.keyPair = options.keyPair;
+  }
+  /**
+   * Initialize libsodium
+   */
+  async initialize() {
+    await this.sodiumReady;
+  }
+  // ============================================================================
+  // JWT Token Management
+  // ============================================================================
+  /**
+   * Generate a JWT token for an edge node
+   * Note: In production, this is done by the backend. This is for testing.
+   */
+  generateJWT(edgeNodeId, subscriberId, expiresInDays = 30) {
+    if (!this.backendSecret) {
+      throw new Error("Backend secret not configured");
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + expiresInDays * 24 * 60 * 60;
+    const jti = this.generateTokenId();
+    const payload = {
+      sub: edgeNodeId,
+      iss: "rainfall-backend",
+      iat: now,
+      exp,
+      jti,
+      scope: ["edge:heartbeat", "edge:claim", "edge:submit", "edge:queue"]
+    };
+    const header = { alg: "HS256", typ: "JWT" };
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
+    const signature = this.hmacSha256(
+      `${encodedHeader}.${encodedPayload}`,
+      this.backendSecret
+    );
+    const encodedSignature = this.base64UrlEncode(signature);
+    return `${encodedHeader}.${encodedPayload}.${encodedSignature}`;
+  }
+  /**
+   * Validate a JWT token
+   */
+  validateJWT(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      throw new Error("Invalid JWT format");
+    }
+    const [encodedHeader, encodedPayload, encodedSignature] = parts;
+    if (this.backendSecret) {
+      const expectedSignature = this.hmacSha256(
+        `${encodedHeader}.${encodedPayload}`,
+        this.backendSecret
+      );
+      const expectedEncoded = this.base64UrlEncode(expectedSignature);
+      if (!this.timingSafeEqual(encodedSignature, expectedEncoded)) {
+        throw new Error("Invalid JWT signature");
+      }
+    }
+    const payload = JSON.parse(this.base64UrlDecode(encodedPayload));
+    const now = Math.floor(Date.now() / 1e3);
+    if (payload.exp < now) {
+      throw new Error("JWT token expired");
+    }
+    if (payload.iss !== "rainfall-backend") {
+      throw new Error("Invalid JWT issuer");
+    }
+    return {
+      edgeNodeId: payload.sub,
+      subscriberId: payload.sub,
+      // Same as edge node ID for now
+      scopes: payload.scope,
+      expiresAt: payload.exp
+    };
+  }
+  /**
+   * Extract bearer token from Authorization header
+   */
+  extractBearerToken(authHeader) {
+    if (!authHeader) return null;
+    const match = authHeader.match(/^Bearer\s+(.+)$/i);
+    return match ? match[1] : null;
+  }
+  // ============================================================================
+  // ACL Enforcement
+  // ============================================================================
+  /**
+   * Check if an edge node is allowed to perform an action on a job
+   * Rule: Edge nodes can only access jobs for their own subscriber
+   */
+  checkACL(check) {
+    if (check.subscriberId !== check.jobSubscriberId) {
+      return {
+        allowed: false,
+        reason: `Edge node ${check.edgeNodeId} cannot access jobs from subscriber ${check.jobSubscriberId}`
+      };
+    }
+    const allowedActions = ["heartbeat", "claim", "submit", "queue"];
+    if (!allowedActions.includes(check.action)) {
+      return {
+        allowed: false,
+        reason: `Unknown action: ${check.action}`
+      };
+    }
+    return { allowed: true };
+  }
+  /**
+   * Middleware-style ACL check for job operations
+   */
+  requireSameSubscriber(edgeNodeSubscriberId, jobSubscriberId, operation) {
+    const result = this.checkACL({
+      edgeNodeId: edgeNodeSubscriberId,
+      subscriberId: edgeNodeSubscriberId,
+      jobSubscriberId,
+      action: operation
+    });
+    if (!result.allowed) {
+      throw new Error(result.reason);
+    }
+  }
+  // ============================================================================
+  // Encryption (Libsodium)
+  // ============================================================================
+  /**
+   * Generate a new Ed25519 key pair for an edge node
+   */
+  async generateKeyPair() {
+    await this.sodiumReady;
+    const keyPair = sodium.crypto_box_keypair();
+    return {
+      publicKey: this.bytesToBase64(keyPair.publicKey),
+      privateKey: this.bytesToBase64(keyPair.privateKey)
+    };
+  }
+  /**
+   * Encrypt job parameters for a target edge node using its public key
+   */
+  async encryptForEdgeNode(plaintext, targetPublicKeyBase64) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const targetPublicKey = this.base64ToBytes(targetPublicKeyBase64);
+    const ephemeralKeyPair = sodium.crypto_box_keypair();
+    const nonce = sodium.randombytes_buf(sodium.crypto_box_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_box_easy(
+      message,
+      nonce,
+      targetPublicKey,
+      ephemeralKeyPair.privateKey
+    );
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce),
+      ephemeralPublicKey: this.bytesToBase64(ephemeralKeyPair.publicKey)
+    };
+  }
+  /**
+   * Decrypt job parameters received from the backend
+   */
+  async decryptFromBackend(encrypted) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const privateKey = this.base64ToBytes(this.keyPair.privateKey);
+    const ephemeralPublicKey = this.base64ToBytes(encrypted.ephemeralPublicKey);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_box_open_easy(
+      ciphertext,
+      nonce,
+      ephemeralPublicKey,
+      privateKey
+    );
+    if (!decrypted) {
+      throw new Error("Decryption failed - invalid ciphertext or keys");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  /**
+   * Encrypt job parameters for local storage (using secretbox)
+   */
+  async encryptLocal(plaintext, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_secretbox_easy(message, nonce, keyBytes);
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce)
+    };
+  }
+  /**
+   * Decrypt locally stored job parameters
+   */
+  async decryptLocal(encrypted, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_secretbox_open_easy(ciphertext, nonce, keyBytes);
+    if (!decrypted) {
+      throw new Error("Local decryption failed");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  // ============================================================================
+  // Utility Methods
+  // ============================================================================
+  generateTokenId() {
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+  }
+  base64UrlEncode(str) {
+    return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  base64UrlDecode(str) {
+    const padding = "=".repeat((4 - str.length % 4) % 4);
+    const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + padding;
+    return atob(base64);
+  }
+  hmacSha256(message, secret) {
+    const key = new TextEncoder().encode(secret);
+    const msg = new TextEncoder().encode(message);
+    const hash = sodium.crypto_auth(msg, key);
+    return this.bytesToBase64(hash);
+  }
+  timingSafeEqual(a, b) {
+    if (a.length !== b.length) return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+  bytesToBase64(bytes) {
+    const binString = Array.from(bytes, (b) => String.fromCharCode(b)).join("");
+    return btoa(binString);
+  }
+  base64ToBytes(base64) {
+    const binString = atob(base64);
+    return Uint8Array.from(binString, (m) => m.charCodeAt(0));
+  }
+  deriveKey(password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    return sodium.crypto_generichash(32, passwordBytes, null);
+  }
+};
+async function createEdgeNodeSecurity(options = {}) {
+  const security = new EdgeNodeSecurity(options);
+  await security.initialize();
+  return security;
+}
+
+export {
+  EdgeNodeSecurity,
+  createEdgeNodeSecurity
+};