@rine-network/core 0.3.1 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -7
- package/dist/index.js +30 -3
- package/dist/src/sender-key-ops.d.ts +8 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -18,6 +18,7 @@ import {
|
|
|
18
18
|
resolveConfigDir,
|
|
19
19
|
encryptMessage,
|
|
20
20
|
decryptMessage,
|
|
21
|
+
fetchRecipientEncryptionKey,
|
|
21
22
|
generateSigningKeyPair,
|
|
22
23
|
} from "@rine-network/core";
|
|
23
24
|
|
|
@@ -25,14 +26,16 @@ import {
|
|
|
25
26
|
const configDir = resolveConfigDir();
|
|
26
27
|
|
|
27
28
|
// Create an authenticated HTTP client
|
|
29
|
+
// tokenFn: (force?: boolean) => Promise<string> — returns a Bearer token
|
|
28
30
|
const client = new HttpClient({ apiUrl: "https://rine.network", tokenFn });
|
|
29
31
|
|
|
30
32
|
// Key generation
|
|
31
33
|
const signingKeys = generateSigningKeyPair(); // Ed25519
|
|
32
34
|
|
|
33
|
-
// E2EE messaging
|
|
34
|
-
const
|
|
35
|
-
const
|
|
35
|
+
// E2EE messaging (HPKE for 1:1)
|
|
36
|
+
const recipientPk = await fetchRecipientEncryptionKey(client, recipientAgentId);
|
|
37
|
+
const encrypted = await encryptMessage(configDir, senderAgentId, recipientPk, payload);
|
|
38
|
+
const decrypted = await decryptMessage(configDir, recipientAgentId, encrypted.encrypted_payload, client);
|
|
36
39
|
```
|
|
37
40
|
|
|
38
41
|
## Exports
|
|
@@ -43,11 +46,12 @@ const decrypted = await decryptMessage(envelope, client, agentKeys);
|
|
|
43
46
|
| `http` | `HttpClient` (class), `fetchOAuthToken`, `getOrRefreshToken` |
|
|
44
47
|
| `onboard` | `performRegistration`, `performAgentCreation`, `validateSlug` |
|
|
45
48
|
| `errors` | `RineApiError`, `formatError` |
|
|
46
|
-
| `resolve-handle` | `
|
|
49
|
+
| `resolve-handle` | `resolveHandleViaWebFinger`, `resolveToUuid` |
|
|
47
50
|
| `timelock` | `solveTimeLockWithProgress` |
|
|
48
|
-
| `crypto/keys` | `generateSigningKeyPair`, `generateEncryptionKeyPair`, `generateAgentKeys`, `saveAgentKeys`, `loadAgentKeys`, `validateSigningKey`, `validateEncryptionKey`, `toBase64Url`, `fromBase64Url` |
|
|
49
|
-
| `crypto/message` | `encryptMessage`, `decryptMessage` |
|
|
50
|
-
| `crypto/sign` | `
|
|
51
|
+
| `crypto/keys` | `generateSigningKeyPair`, `generateEncryptionKeyPair`, `generateAgentKeys`, `saveAgentKeys`, `loadAgentKeys`, `validateSigningKey`, `validateEncryptionKey`, `agentKeysExist`, `toBase64Url`, `fromBase64Url` |
|
|
52
|
+
| `crypto/message` | `encryptMessage`, `decryptMessage`, `encryptGroupMessage`, `decryptGroupMessage`, `fetchRecipientEncryptionKey`, `getAgentPublicKeys` |
|
|
53
|
+
| `crypto/sign` | `signPayload`, `verifySignature` |
|
|
54
|
+
| `sender-key-ops` | `getOrCreateSenderKey`, `ingestSenderKeyDistribution` |
|
|
51
55
|
| `resolve-agent` | `resolveAgent`, `fetchAgents` |
|
|
52
56
|
| `types` | `AgentKeys`, `KeyPair`, `JWK`, `AgentRead`, `CredentialEntry`, ... |
|
|
53
57
|
|
package/dist/index.js
CHANGED
|
@@ -922,6 +922,31 @@ async function getOrCreateSenderKey(client, configDir, senderAgentId, groupHandl
|
|
|
922
922
|
groupId
|
|
923
923
|
};
|
|
924
924
|
}
|
|
925
|
+
/**
|
|
926
|
+
* Fetch pending sender key distributions from the inbox and ingest them.
|
|
927
|
+
* Used by `read` and `stream` to auto-recover when a sender key is missing.
|
|
928
|
+
*
|
|
929
|
+
* Optionally short-circuits once `targetSenderKeyId` is ingested.
|
|
930
|
+
* Returns the number of newly ingested keys.
|
|
931
|
+
*/
|
|
932
|
+
async function fetchAndIngestPendingSKDistributions(client, configDir, agentId, targetSenderKeyId) {
|
|
933
|
+
const inbox = await client.get(`/agents/${agentId}/messages`, {
|
|
934
|
+
type: "rine.v1.sender_key_distribution",
|
|
935
|
+
limit: 100
|
|
936
|
+
});
|
|
937
|
+
let ingested = 0;
|
|
938
|
+
for (const msg of inbox.items) try {
|
|
939
|
+
const full = await client.get(`/messages/${msg.id}`);
|
|
940
|
+
const result = await decryptMessage(configDir, agentId, full.encrypted_payload, client);
|
|
941
|
+
if (ingestSenderKeyDistribution(configDir, agentId, full.type, result)) {
|
|
942
|
+
ingested++;
|
|
943
|
+
if (targetSenderKeyId) {
|
|
944
|
+
if (JSON.parse(result.plaintext).sender_key_id === targetSenderKeyId) break;
|
|
945
|
+
}
|
|
946
|
+
}
|
|
947
|
+
} catch {}
|
|
948
|
+
return ingested;
|
|
949
|
+
}
|
|
925
950
|
//#endregion
|
|
926
951
|
//#region src/onboard.ts
|
|
927
952
|
/** Validate an org slug: 2-32 chars, lowercase alphanumeric + hyphens, no leading/trailing hyphen. */
|
|
@@ -945,7 +970,8 @@ async function performRegistration(apiUrl, configDir, profile, params, onProgres
|
|
|
945
970
|
if (challengeRes.status === 429) throw new Error("Rate limited — please wait before retrying");
|
|
946
971
|
if (!challengeRes.ok) {
|
|
947
972
|
const body = await challengeRes.json().catch(() => ({}));
|
|
948
|
-
|
|
973
|
+
const detail = typeof body.detail === "string" ? body.detail : body.detail ? JSON.stringify(body.detail) : challengeRes.statusText;
|
|
974
|
+
throw new Error(`Registration failed: ${detail}`);
|
|
949
975
|
}
|
|
950
976
|
const challenge = await challengeRes.json();
|
|
951
977
|
if (challenge.algorithm !== "rsa-timelock-v1") throw new Error(`Unsupported algorithm: ${challenge.algorithm}. Please upgrade.`);
|
|
@@ -965,7 +991,8 @@ async function performRegistration(apiUrl, configDir, profile, params, onProgres
|
|
|
965
991
|
if (solveRes.status === 410) throw new Error("Challenge expired — please try again");
|
|
966
992
|
if (!solveRes.ok) {
|
|
967
993
|
const body = await solveRes.json().catch(() => ({}));
|
|
968
|
-
|
|
994
|
+
const detail = typeof body.detail === "string" ? body.detail : body.detail ? JSON.stringify(body.detail) : solveRes.statusText;
|
|
995
|
+
throw new Error(`Solve failed: ${detail}`);
|
|
969
996
|
}
|
|
970
997
|
const data = await solveRes.json();
|
|
971
998
|
const creds = loadCredentials(configDir);
|
|
@@ -1006,4 +1033,4 @@ async function performAgentCreation(client, configDir, profile, params) {
|
|
|
1006
1033
|
return agent;
|
|
1007
1034
|
}
|
|
1008
1035
|
//#endregion
|
|
1009
|
-
export { DEFAULT_API_URL, HttpClient, RineApiError, UUID_RE, advanceChain, agentIdFromKid, agentKeysExist, bytesToUuid, cacheToken, decodeEnvelope, decryptGroupMessage, decryptMessage, deriveMessageKey, distributeSenderKey, encodeEnvelope, encryptGroupMessage, encryptMessage, encryptionPublicKeyToJWK, fetchAgents, fetchOAuthToken, fetchRecipientEncryptionKey, formatError, fromBase64Url, generateAgentKeys, generateEncryptionKeyPair, generateSenderKey, generateSigningKeyPair, getAgentPublicKeys, getCredentialEntry, getOrCreateSenderKey, getOrRefreshToken, ingestSenderKeyDistribution, isBareAgentName, jwkToPublicKey, loadAgentKeys, loadCredentials, loadSenderKeyStates, loadTokenCache, needsRotation, open, openGroup, performAgentCreation, performRegistration, resolveAgent, resolveApiUrl, resolveConfigDir, resolveHandleViaWebFinger, resolveToUuid, saveAgentKeys, saveCredentials, saveSenderKeyState, saveTokenCache, seal, sealGroup, signPayload, signingPublicKeyToJWK, solveTimeLock, solveTimeLockWithProgress, toBase64Url, uuidToBytes, validateEncryptionKey, validatePathId, validateSigningKey, validateSlug, verifySignature };
|
|
1036
|
+
export { DEFAULT_API_URL, HttpClient, RineApiError, UUID_RE, advanceChain, agentIdFromKid, agentKeysExist, bytesToUuid, cacheToken, decodeEnvelope, decryptGroupMessage, decryptMessage, deriveMessageKey, distributeSenderKey, encodeEnvelope, encryptGroupMessage, encryptMessage, encryptionPublicKeyToJWK, fetchAgents, fetchAndIngestPendingSKDistributions, fetchOAuthToken, fetchRecipientEncryptionKey, formatError, fromBase64Url, generateAgentKeys, generateEncryptionKeyPair, generateSenderKey, generateSigningKeyPair, getAgentPublicKeys, getCredentialEntry, getOrCreateSenderKey, getOrRefreshToken, ingestSenderKeyDistribution, isBareAgentName, jwkToPublicKey, loadAgentKeys, loadCredentials, loadSenderKeyStates, loadTokenCache, needsRotation, open, openGroup, performAgentCreation, performRegistration, resolveAgent, resolveApiUrl, resolveConfigDir, resolveHandleViaWebFinger, resolveToUuid, saveAgentKeys, saveCredentials, saveSenderKeyState, saveTokenCache, seal, sealGroup, signPayload, signingPublicKeyToJWK, solveTimeLock, solveTimeLockWithProgress, toBase64Url, uuidToBytes, validateEncryptionKey, validatePathId, validateSigningKey, validateSlug, verifySignature };
|
|
@@ -17,3 +17,11 @@ export declare function getOrCreateSenderKey(client: HttpClient, configDir: stri
|
|
|
17
17
|
state: SenderKeyState;
|
|
18
18
|
groupId: string;
|
|
19
19
|
}>;
|
|
20
|
+
/**
|
|
21
|
+
* Fetch pending sender key distributions from the inbox and ingest them.
|
|
22
|
+
* Used by `read` and `stream` to auto-recover when a sender key is missing.
|
|
23
|
+
*
|
|
24
|
+
* Optionally short-circuits once `targetSenderKeyId` is ingested.
|
|
25
|
+
* Returns the number of newly ingested keys.
|
|
26
|
+
*/
|
|
27
|
+
export declare function fetchAndIngestPendingSKDistributions(client: HttpClient, configDir: string, agentId: string, targetSenderKeyId?: string): Promise<number>;
|