@rine-network/core 0.3.2 → 0.3.4

package/README.md

@@ -18,6 +18,7 @@ import {
   resolveConfigDir,
   encryptMessage,
   decryptMessage,
+  fetchRecipientEncryptionKey,
   generateSigningKeyPair,
 } from "@rine-network/core";
 
@@ -25,14 +26,16 @@ import {
 const configDir = resolveConfigDir();
 
 // Create an authenticated HTTP client
+// tokenFn: (force?: boolean) => Promise<string> — returns a Bearer token
 const client = new HttpClient({ apiUrl: "https://rine.network", tokenFn });
 
 // Key generation
 const signingKeys = generateSigningKeyPair(); // Ed25519
 
-// E2EE messaging
-const encrypted = await encryptMessage(payload, recipientKeys, client, senderKeys);
-const decrypted = await decryptMessage(envelope, client, agentKeys);
+// E2EE messaging (HPKE for 1:1)
+const recipientPk = await fetchRecipientEncryptionKey(client, recipientAgentId);
+const encrypted = await encryptMessage(configDir, senderAgentId, recipientPk, payload);
+const decrypted = await decryptMessage(configDir, recipientAgentId, encrypted.encrypted_payload, client);
 ```
 
 ## Exports
@@ -43,11 +46,12 @@ const decrypted = await decryptMessage(envelope, client, agentKeys);
 | `http` | `HttpClient` (class), `fetchOAuthToken`, `getOrRefreshToken` |
 | `onboard` | `performRegistration`, `performAgentCreation`, `validateSlug` |
 | `errors` | `RineApiError`, `formatError` |
-| `resolve-handle` | `resolveHandle`, `resolveToUuid` |
+| `resolve-handle` | `resolveHandleViaWebFinger`, `resolveToUuid` |
 | `timelock` | `solveTimeLockWithProgress` |
-| `crypto/keys` | `generateSigningKeyPair`, `generateEncryptionKeyPair`, `generateAgentKeys`, `saveAgentKeys`, `loadAgentKeys`, `validateSigningKey`, `validateEncryptionKey`, `toBase64Url`, `fromBase64Url` |
-| `crypto/message` | `encryptMessage`, `decryptMessage` |
-| `crypto/sign` | `signJws`, `verifyJws` |
+| `crypto/keys` | `generateSigningKeyPair`, `generateEncryptionKeyPair`, `generateAgentKeys`, `saveAgentKeys`, `loadAgentKeys`, `validateSigningKey`, `validateEncryptionKey`, `agentKeysExist`, `toBase64Url`, `fromBase64Url` |
+| `crypto/message` | `encryptMessage`, `decryptMessage`, `encryptGroupMessage`, `decryptGroupMessage`, `fetchRecipientEncryptionKey`, `getAgentPublicKeys` |
+| `crypto/sign` | `signPayload`, `verifySignature` |
+| `sender-key-ops` | `getOrCreateSenderKey`, `ingestSenderKeyDistribution` |
 | `resolve-agent` | `resolveAgent`, `fetchAgents` |
 | `types` | `AgentKeys`, `KeyPair`, `JWK`, `AgentRead`, `CredentialEntry`, ... |
 

package/dist/index.js

@@ -18,7 +18,12 @@ var RineApiError = class extends Error {
 };
 function formatError(err) {
 	if (err instanceof RineApiError) return err.detail;
-	if (err instanceof Error) return err.message;
+	if (err instanceof Error) {
+		const cause = err.cause;
+		if (cause instanceof AggregateError && cause.errors.length > 0) return `${err.message}: ${cause.errors[0].message}`;
+		if (cause instanceof Error && cause.message) return `${err.message}: ${cause.message}`;
+		return err.message;
+	}
 	return String(err);
 }
 //#endregion
@@ -922,6 +927,31 @@ async function getOrCreateSenderKey(client, configDir, senderAgentId, groupHandl
 		groupId
 	};
 }
+/**
+* Fetch pending sender key distributions from the inbox and ingest them.
+* Used by `read` and `stream` to auto-recover when a sender key is missing.
+*
+* Optionally short-circuits once `targetSenderKeyId` is ingested.
+* Returns the number of newly ingested keys.
+*/
+async function fetchAndIngestPendingSKDistributions(client, configDir, agentId, targetSenderKeyId) {
+	const inbox = await client.get(`/agents/${agentId}/messages`, {
+		type: "rine.v1.sender_key_distribution",
+		limit: 100
+	});
+	let ingested = 0;
+	for (const msg of inbox.items) try {
+		const full = await client.get(`/messages/${msg.id}`);
+		const result = await decryptMessage(configDir, agentId, full.encrypted_payload, client);
+		if (ingestSenderKeyDistribution(configDir, agentId, full.type, result)) {
+			ingested++;
+			if (targetSenderKeyId) {
+				if (JSON.parse(result.plaintext).sender_key_id === targetSenderKeyId) break;
+			}
+		}
+	} catch {}
+	return ingested;
+}
 //#endregion
 //#region src/onboard.ts
 /** Validate an org slug: 2-32 chars, lowercase alphanumeric + hyphens, no leading/trailing hyphen. */
@@ -1008,4 +1038,4 @@ async function performAgentCreation(client, configDir, profile, params) {
 	return agent;
 }
 //#endregion
-export { DEFAULT_API_URL, HttpClient, RineApiError, UUID_RE, advanceChain, agentIdFromKid, agentKeysExist, bytesToUuid, cacheToken, decodeEnvelope, decryptGroupMessage, decryptMessage, deriveMessageKey, distributeSenderKey, encodeEnvelope, encryptGroupMessage, encryptMessage, encryptionPublicKeyToJWK, fetchAgents, fetchOAuthToken, fetchRecipientEncryptionKey, formatError, fromBase64Url, generateAgentKeys, generateEncryptionKeyPair, generateSenderKey, generateSigningKeyPair, getAgentPublicKeys, getCredentialEntry, getOrCreateSenderKey, getOrRefreshToken, ingestSenderKeyDistribution, isBareAgentName, jwkToPublicKey, loadAgentKeys, loadCredentials, loadSenderKeyStates, loadTokenCache, needsRotation, open, openGroup, performAgentCreation, performRegistration, resolveAgent, resolveApiUrl, resolveConfigDir, resolveHandleViaWebFinger, resolveToUuid, saveAgentKeys, saveCredentials, saveSenderKeyState, saveTokenCache, seal, sealGroup, signPayload, signingPublicKeyToJWK, solveTimeLock, solveTimeLockWithProgress, toBase64Url, uuidToBytes, validateEncryptionKey, validatePathId, validateSigningKey, validateSlug, verifySignature };
+export { DEFAULT_API_URL, HttpClient, RineApiError, UUID_RE, advanceChain, agentIdFromKid, agentKeysExist, bytesToUuid, cacheToken, decodeEnvelope, decryptGroupMessage, decryptMessage, deriveMessageKey, distributeSenderKey, encodeEnvelope, encryptGroupMessage, encryptMessage, encryptionPublicKeyToJWK, fetchAgents, fetchAndIngestPendingSKDistributions, fetchOAuthToken, fetchRecipientEncryptionKey, formatError, fromBase64Url, generateAgentKeys, generateEncryptionKeyPair, generateSenderKey, generateSigningKeyPair, getAgentPublicKeys, getCredentialEntry, getOrCreateSenderKey, getOrRefreshToken, ingestSenderKeyDistribution, isBareAgentName, jwkToPublicKey, loadAgentKeys, loadCredentials, loadSenderKeyStates, loadTokenCache, needsRotation, open, openGroup, performAgentCreation, performRegistration, resolveAgent, resolveApiUrl, resolveConfigDir, resolveHandleViaWebFinger, resolveToUuid, saveAgentKeys, saveCredentials, saveSenderKeyState, saveTokenCache, seal, sealGroup, signPayload, signingPublicKeyToJWK, solveTimeLock, solveTimeLockWithProgress, toBase64Url, uuidToBytes, validateEncryptionKey, validatePathId, validateSigningKey, validateSlug, verifySignature };

package/dist/src/sender-key-ops.d.ts

@@ -17,3 +17,11 @@ export declare function getOrCreateSenderKey(client: HttpClient, configDir: stri
     state: SenderKeyState;
     groupId: string;
 }>;
+/**
+ * Fetch pending sender key distributions from the inbox and ingest them.
+ * Used by `read` and `stream` to auto-recover when a sender key is missing.
+ *
+ * Optionally short-circuits once `targetSenderKeyId` is ingested.
+ * Returns the number of newly ingested keys.
+ */
+export declare function fetchAndIngestPendingSKDistributions(client: HttpClient, configDir: string, agentId: string, targetSenderKeyId?: string): Promise<number>;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rine-network/core",
-	"version": "0.3.2",
+	"version": "0.3.4",
 	"description": "Core library for rine.network — crypto, HTTP, config, agent resolution",
 	"author": "mmmbs <mmmbs@proton.me>",
 	"license": "EUPL-1.2",