@rookdaemon/agora 0.2.6 → 0.2.8

package/README.md

@@ -363,6 +363,8 @@ This enables:
 - **Privacy**: The relay only sees encrypted signed envelopes, not message content
 - **Decentralization**: Anyone can run a relay server
 
+**Relay with REST API (optional):** For Python and other HTTP clients, the package can run a relay with an optional REST API. Set `AGORA_RELAY_JWT_SECRET` and use `runRelay()` from the package; the REST API runs on `PORT+1` (e.g. WebSocket on 3001, REST on 3002). Endpoints: `POST /v1/register`, `POST /v1/send`, `GET /v1/peers`, `GET /v1/messages`, `DELETE /v1/disconnect`. See the [agora-relay](https://github.com/rookdaemon/agora-relay) repo for the standalone CLI and Python examples.
+
 #### Peer Discovery (`agora peers discover`)
 
 Discover other agents connected to a relay server without manual configuration:
@@ -892,6 +894,37 @@ npm install -g @rookdaemon/agora
 npm install @rookdaemon/agora
 ```
 
+## For Agent Developers
+
+If you're building an autonomous agent and want to integrate Agora:
+
+- **SKILLS.md template** — [docs/SKILLS-template.md](docs/SKILLS-template.md) provides a reference SKILLS.md file showing how to track Agora capabilities alongside your other agent skills. This template demonstrates the two-tier knowledge system pattern: short-form index entries in the main file, with detailed documentation in subdirectories.
+
+- **Integration guide** — See the [Adding Agora to Your Agent](https://rookdaemon.github.io/writing/adding-agora-to-your-agent/) blog post for a step-by-step walkthrough of identity setup, peer configuration, and message handling.
+
+The SKILLS template is designed to be copied directly into your agent's substrate/memory system as a starting point.
+
+## Security
+
+**For comprehensive security documentation, see [SECURITY.md](SECURITY.md).**
+
+Quick summary:
+- **Ed25519 message signing** — All messages cryptographically signed, verified before routing
+- **Dumb pipe architecture** — Relay does not parse/interpret payloads (no prompt injection risk at relay layer)
+- **No persistence** — Messages stored in-memory only (no database, no logs)
+- **Content sanitization is agent-side** — Treat Agora messages as untrusted input (validate, sanitize before LLM processing)
+- **Rate limiting** — 60 req/min per IP (REST API)
+- **Reputation system** — Trust is agent-side concern (see RFC-001 for commit-reveal pattern, verification chains)
+
+**Key principle:** The relay is transport infrastructure, not a security policy engine. Agents are responsible for input validation, peer allowlisting, and trust decisions.
+
+See SECURITY.md for:
+- 5-layer security architecture
+- Threat model (what relay protects vs agent responsibilities)
+- Prompt injection defense patterns
+- Comparison to SSB/A2A protocols
+- Security checklist for agent developers
+
 ## What's In The Box
 
 - **Ed25519 cryptographic identity**: you are your keypair, no registration needed

package/dist/config.d.ts

@@ -12,8 +12,10 @@ export interface RelayConfig {
  */
 export interface AgoraPeerConfig {
     publicKey: string;
-    url: string;
-    token: string;
+    /** Webhook URL (undefined for relay-only peers) */
+    url?: string;
+    /** Webhook auth token (undefined for relay-only peers) */
+    token?: string;
     name?: string;
 }
 /**

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACvC,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAK7C;AAsDD;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,CAgB1D;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAsB9E"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACvC,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAK7C;AAsDD;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,CAgB1D;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAsB9E"}

package/dist/config.js

@@ -28,11 +28,11 @@ function parseConfig(config) {
     if (config.peers && typeof config.peers === 'object') {
         for (const [name, entry] of Object.entries(config.peers)) {
             const peer = entry;
-            if (peer && typeof peer.publicKey === 'string' && typeof peer.url === 'string' && typeof peer.token === 'string') {
+            if (peer && typeof peer.publicKey === 'string') {
                 peers[name] = {
                     publicKey: peer.publicKey,
-                    url: peer.url,
-                    token: peer.token,
+                    url: typeof peer.url === 'string' ? peer.url : undefined,
+                    token: typeof peer.token === 'string' ? peer.token : undefined,
                     name: typeof peer.name === 'string' ? peer.name : undefined,
                 };
             }

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAyClC;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAA+B;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAA+C,CAAC;IAC3E,IAAI,CAAC,WAAW,EAAE,SAAS,IAAI,CAAC,WAAW,EAAE,UAAU,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IACD,MAAM,QAAQ,GAAkB;QAC9B,SAAS,EAAE,WAAW,CAAC,SAAmB;QAC1C,UAAU,EAAE,WAAW,CAAC,UAAoB;QAC5C,IAAI,EAAE,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;KAC1E,CAAC;IAEF,MAAM,KAAK,GAAoC,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,GAAG,KAAgC,CAAC;YAC9C,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACjH,KAAK,CAAC,IAAI,CAAC,GAAG;oBACZ,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,GAAG,EAAE,IAAI,CAAC,GAAa;oBACvB,KAAK,EAAE,IAAI,CAAC,KAAe;oBAC3B,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAA8B,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;IAC9B,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,KAAK,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC/C,CAAC;SAAM,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,CAAC,GAAG,QAAmC,CAAC;QAC9C,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC9B,KAAK,GAAG;gBACN,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,WAAW,EAAE,OAAO,CAAC,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;gBACtE,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBACrD,cAAc,EAAE,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;aACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK;QACL,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,UAAU,GAAG,IAAI,IAAI,oBAAoB,EAAE,CAAC;IAElD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,2CAA2C,CAAC,CAAC;IACrG,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAa;IACtD,MAAM,UAAU,GAAG,IAAI,IAAI,oBAAoB,EAAE,CAAC;IAElD,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,CAAC,CAAC,CAAE,GAA6B,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/G,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,2CAA2C,CAAC,CAAC;QACrG,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AA2ClC;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAA+B;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAA+C,CAAC;IAC3E,IAAI,CAAC,WAAW,EAAE,SAAS,IAAI,CAAC,WAAW,EAAE,UAAU,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IACD,MAAM,QAAQ,GAAkB;QAC9B,SAAS,EAAE,WAAW,CAAC,SAAmB;QAC1C,UAAU,EAAE,WAAW,CAAC,UAAoB;QAC5C,IAAI,EAAE,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;KAC1E,CAAC;IAEF,MAAM,KAAK,GAAoC,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,GAAG,KAAgC,CAAC;YAC9C,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC/C,KAAK,CAAC,IAAI,CAAC,GAAG;oBACZ,SAAS,EAAE,IAAI,CAAC,SAAmB;oBACnC,GAAG,EAAE,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;oBACxD,KAAK,EAAE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;oBAC9D,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAA8B,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;IAC9B,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,KAAK,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC/C,CAAC;SAAM,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,CAAC,GAAG,QAAmC,CAAC;QAC9C,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC9B,KAAK,GAAG;gBACN,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,WAAW,EAAE,OAAO,CAAC,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;gBACtE,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBACrD,cAAc,EAAE,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;aACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK;QACL,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,UAAU,GAAG,IAAI,IAAI,oBAAoB,EAAE,CAAC;IAElD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,2CAA2C,CAAC,CAAC;IACrG,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAa;IACtD,MAAM,UAAU,GAAG,IAAI,IAAI,oBAAoB,EAAE,CAAC;IAElD,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,CAAC,CAAC,CAAE,GAA6B,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/G,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,2CAA2C,CAAC,CAAC;QACrG,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC"}

package/dist/index.d.ts

@@ -13,6 +13,11 @@ export * from './config.js';
 export * from './relay/server.js';
 export * from './relay/client.js';
 export * from './relay/types.js';
+export * from './relay/message-buffer.js';
+export * from './relay/store.js';
+export { createToken, revokeToken, requireAuth, type JwtPayload, type AuthenticatedRequest, } from './relay/jwt-auth.js';
+export { createRestRouter, type RelayInterface, type RestSession, type CreateEnvelopeFn, type VerifyEnvelopeFn, } from './relay/rest-api.js';
+export { runRelay, type RunRelayOptions } from './relay/run-relay.js';
 export * from './utils.js';
 export * from './service.js';
 export * from './discovery/peer-discovery.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,oCAAoC,CAAC;AACnD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,aAAa,CAAC;AAC5B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,oCAAoC,CAAC;AACnD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,aAAa,CAAC;AAC5B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kBAAkB,CAAC;AACjC,OAAO,EACL,WAAW,EACX,WAAW,EACX,WAAW,EACX,KAAK,UAAU,EACf,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACtE,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC"}

package/dist/index.js

@@ -13,6 +13,11 @@ export * from './config.js';
 export * from './relay/server.js';
 export * from './relay/client.js';
 export * from './relay/types.js';
+export * from './relay/message-buffer.js';
+export * from './relay/store.js';
+export { createToken, revokeToken, requireAuth, } from './relay/jwt-auth.js';
+export { createRestRouter, } from './relay/rest-api.js';
+export { runRelay } from './relay/run-relay.js';
 export * from './utils.js';
 export * from './service.js';
 export * from './discovery/peer-discovery.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,oCAAoC,CAAC;AACnD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,aAAa,CAAC;AAC5B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,oCAAoC,CAAC;AACnD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,aAAa,CAAC;AAC5B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,kBAAkB,CAAC;AACjC,OAAO,EACL,WAAW,EACX,WAAW,EACX,WAAW,GAGZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,GAKjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAwB,MAAM,sBAAsB,CAAC;AACtE,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC"}

package/dist/relay/jwt-auth.d.ts

@@ -0,0 +1,40 @@
+/**
+ * jwt-auth.ts — JWT token creation and validation middleware.
+ *
+ * Tokens are signed with AGORA_RELAY_JWT_SECRET (required env var).
+ * Expiry defaults to 3600 seconds (1 hour), configurable via AGORA_JWT_EXPIRY_SECONDS.
+ *
+ * Token payload: { publicKey, name }
+ */
+import type { Request, Response, NextFunction } from 'express';
+export interface JwtPayload {
+    publicKey: string;
+    name?: string;
+}
+/**
+ * Augment Express Request to carry decoded JWT payload.
+ */
+export interface AuthenticatedRequest extends Request {
+    agent?: JwtPayload;
+}
+/**
+ * Create a signed JWT for a registered agent.
+ * Returns the token string and its expiry timestamp (ms since epoch).
+ */
+export declare function createToken(payload: JwtPayload): {
+    token: string;
+    expiresAt: number;
+};
+/**
+ * Revoke a token by its jti claim so it cannot be used again.
+ * The revocation entry is stored with the token's expiry so it can be
+ * pruned automatically once the token would no longer be valid anyway.
+ */
+export declare function revokeToken(token: string): void;
+/**
+ * Express middleware that validates the Authorization: Bearer <token> header.
+ * Attaches decoded payload to `req.agent` on success.
+ * Responds with 401 if missing/invalid/expired/revoked.
+ */
+export declare function requireAuth(req: AuthenticatedRequest, res: Response, next: NextFunction): void;
+//# sourceMappingURL=jwt-auth.d.ts.map

package/dist/relay/jwt-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.d.ts","sourceRoot":"","sources":["../../src/relay/jwt-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AA4CD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAaA;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAe/C;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,oBAAoB,EACzB,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CA8BN"}

package/dist/relay/jwt-auth.js

@@ -0,0 +1,109 @@
+/**
+ * jwt-auth.ts — JWT token creation and validation middleware.
+ *
+ * Tokens are signed with AGORA_RELAY_JWT_SECRET (required env var).
+ * Expiry defaults to 3600 seconds (1 hour), configurable via AGORA_JWT_EXPIRY_SECONDS.
+ *
+ * Token payload: { publicKey, name }
+ */
+import jwt from 'jsonwebtoken';
+import { randomBytes } from 'node:crypto';
+/**
+ * Revocation set for invalidated tokens (populated by DELETE /v1/disconnect).
+ * Stored as a Map of JWT `jti` → expiry timestamp (ms).
+ * Entries are automatically removed once their JWT would have expired anyway,
+ * preventing unbounded memory growth.
+ */
+const revokedJtis = new Map();
+/**
+ * Remove revoked JTI entries whose token expiry has already passed.
+ * These tokens can no longer be used regardless, so no need to keep them.
+ */
+function pruneExpiredRevocations() {
+    const now = Date.now();
+    for (const [jti, expiry] of revokedJtis) {
+        if (expiry <= now) {
+            revokedJtis.delete(jti);
+        }
+    }
+}
+function getJwtSecret() {
+    const secret = process.env.AGORA_RELAY_JWT_SECRET;
+    if (!secret) {
+        throw new Error('AGORA_RELAY_JWT_SECRET environment variable is required but not set');
+    }
+    return secret;
+}
+function getExpirySeconds() {
+    const raw = process.env.AGORA_JWT_EXPIRY_SECONDS;
+    if (raw) {
+        const parsed = parseInt(raw, 10);
+        if (!isNaN(parsed) && parsed > 0) {
+            return parsed;
+        }
+    }
+    return 3600; // 1 hour default
+}
+/**
+ * Create a signed JWT for a registered agent.
+ * Returns the token string and its expiry timestamp (ms since epoch).
+ */
+export function createToken(payload) {
+    const secret = getJwtSecret();
+    const expirySeconds = getExpirySeconds();
+    const jti = `${Date.now()}-${randomBytes(16).toString('hex')}`;
+    const token = jwt.sign({ publicKey: payload.publicKey, name: payload.name, jti }, secret, { expiresIn: expirySeconds });
+    const expiresAt = Date.now() + expirySeconds * 1000;
+    return { token, expiresAt };
+}
+/**
+ * Revoke a token by its jti claim so it cannot be used again.
+ * The revocation entry is stored with the token's expiry so it can be
+ * pruned automatically once the token would no longer be valid anyway.
+ */
+export function revokeToken(token) {
+    try {
+        const secret = getJwtSecret();
+        const decoded = jwt.verify(token, secret);
+        if (decoded.jti) {
+            const expiry = decoded.exp ? decoded.exp * 1000 : Date.now();
+            revokedJtis.set(decoded.jti, expiry);
+            pruneExpiredRevocations();
+        }
+    }
+    catch {
+        // Token already invalid — nothing to revoke
+    }
+}
+/**
+ * Express middleware that validates the Authorization: Bearer <token> header.
+ * Attaches decoded payload to `req.agent` on success.
+ * Responds with 401 if missing/invalid/expired/revoked.
+ */
+export function requireAuth(req, res, next) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        res.status(401).json({ error: 'Missing or malformed Authorization header' });
+        return;
+    }
+    const token = authHeader.slice(7);
+    try {
+        const secret = getJwtSecret();
+        const decoded = jwt.verify(token, secret);
+        if (decoded.jti && revokedJtis.has(decoded.jti)) {
+            res.status(401).json({ error: 'Token has been revoked' });
+            return;
+        }
+        req.agent = { publicKey: decoded.publicKey, name: decoded.name };
+        next();
+    }
+    catch (err) {
+        if (err instanceof jwt.TokenExpiredError) {
+            res.status(401).json({ error: 'Token expired' });
+        }
+        else {
+            res.status(401).json({ error: 'Invalid token' });
+        }
+    }
+}
+//# sourceMappingURL=jwt-auth.js.map

package/dist/relay/jwt-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.js","sourceRoot":"","sources":["../../src/relay/jwt-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAe1C;;;;;GAKG;AACH,MAAM,WAAW,GAAwB,IAAI,GAAG,EAAE,CAAC;AAEnD;;;GAGG;AACH,SAAS,uBAAuB;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QACxC,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YAClB,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACjD,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,iBAAiB;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,OAAmB;IAI7C,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IAE/D,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CACpB,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,EACzD,MAAM,EACN,EAAE,SAAS,EAAE,aAAa,EAAE,CAC7B,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC;IACpD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAGvC,CAAC;QACF,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7D,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACrC,uBAAuB,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;IAC9C,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,GAAyB,EACzB,GAAa,EACb,IAAkB;IAElB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC,CAAC;QAC7E,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAIvC,CAAC;QAEF,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QAED,GAAG,CAAC,KAAK,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;QACjE,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/relay/message-buffer.d.ts

@@ -0,0 +1,41 @@
+/**
+ * message-buffer.ts — In-memory bounded message queue per agent.
+ *
+ * When messages are delivered to an agent via the relay, they are also
+ * stored here so that HTTP polling clients can retrieve them via GET /v1/messages.
+ */
+export interface BufferedMessage {
+    id: string;
+    from: string;
+    fromName?: string;
+    type: string;
+    payload: unknown;
+    timestamp: number;
+    inReplyTo?: string;
+}
+/**
+ * MessageBuffer stores inbound messages per agent public key.
+ * FIFO eviction when the buffer is full (max 100 messages).
+ */
+export declare class MessageBuffer {
+    private buffers;
+    /**
+     * Add a message to an agent's buffer.
+     * Evicts the oldest message if the buffer is full.
+     */
+    add(publicKey: string, message: BufferedMessage): void;
+    /**
+     * Retrieve messages for an agent, optionally filtering by `since` timestamp.
+     * Returns messages with timestamp > since (exclusive).
+     */
+    get(publicKey: string, since?: number): BufferedMessage[];
+    /**
+     * Clear all messages for an agent (after polling without `since`).
+     */
+    clear(publicKey: string): void;
+    /**
+     * Remove all state for a disconnected agent.
+     */
+    delete(publicKey: string): void;
+}
+//# sourceMappingURL=message-buffer.d.ts.map

package/dist/relay/message-buffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"message-buffer.d.ts","sourceRoot":"","sources":["../../src/relay/message-buffer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAA6C;IAE5D;;;OAGG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,IAAI;IAYtD;;;OAGG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe,EAAE;IAQzD;;OAEG;IACH,KAAK,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;CAGhC"}

package/dist/relay/message-buffer.js

@@ -0,0 +1,53 @@
+/**
+ * message-buffer.ts — In-memory bounded message queue per agent.
+ *
+ * When messages are delivered to an agent via the relay, they are also
+ * stored here so that HTTP polling clients can retrieve them via GET /v1/messages.
+ */
+const MAX_MESSAGES_PER_AGENT = 100;
+/**
+ * MessageBuffer stores inbound messages per agent public key.
+ * FIFO eviction when the buffer is full (max 100 messages).
+ */
+export class MessageBuffer {
+    buffers = new Map();
+    /**
+     * Add a message to an agent's buffer.
+     * Evicts the oldest message if the buffer is full.
+     */
+    add(publicKey, message) {
+        let queue = this.buffers.get(publicKey);
+        if (!queue) {
+            queue = [];
+            this.buffers.set(publicKey, queue);
+        }
+        queue.push(message);
+        if (queue.length > MAX_MESSAGES_PER_AGENT) {
+            queue.shift(); // FIFO eviction
+        }
+    }
+    /**
+     * Retrieve messages for an agent, optionally filtering by `since` timestamp.
+     * Returns messages with timestamp > since (exclusive).
+     */
+    get(publicKey, since) {
+        const queue = this.buffers.get(publicKey) ?? [];
+        if (since === undefined) {
+            return [...queue];
+        }
+        return queue.filter((m) => m.timestamp > since);
+    }
+    /**
+     * Clear all messages for an agent (after polling without `since`).
+     */
+    clear(publicKey) {
+        this.buffers.set(publicKey, []);
+    }
+    /**
+     * Remove all state for a disconnected agent.
+     */
+    delete(publicKey) {
+        this.buffers.delete(publicKey);
+    }
+}
+//# sourceMappingURL=message-buffer.js.map

package/dist/relay/message-buffer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"message-buffer.js","sourceRoot":"","sources":["../../src/relay/message-buffer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,MAAM,sBAAsB,GAAG,GAAG,CAAC;AAEnC;;;GAGG;AACH,MAAM,OAAO,aAAa;IAChB,OAAO,GAAmC,IAAI,GAAG,EAAE,CAAC;IAE5D;;;OAGG;IACH,GAAG,CAAC,SAAiB,EAAE,OAAwB;QAC7C,IAAI,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,IAAI,KAAK,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;YAC1C,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,gBAAgB;QACjC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,SAAiB,EAAE,KAAc;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAiB;QACrB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,SAAiB;QACtB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;CACF"}

package/dist/relay/rest-api.d.ts

@@ -0,0 +1,68 @@
+/**
+ * rest-api.ts — Express router implementing the Agora relay REST API.
+ *
+ * Endpoints:
+ *   POST   /v1/register   — Register agent, obtain JWT session token
+ *   POST   /v1/send       — Send message to a peer (requires auth)
+ *   GET    /v1/peers      — List online peers (requires auth)
+ *   GET    /v1/messages   — Poll for new inbound messages (requires auth)
+ *   DELETE /v1/disconnect — Invalidate token and disconnect (requires auth)
+ */
+import { Router } from 'express';
+import { MessageBuffer } from './message-buffer.js';
+/**
+ * A session for a REST-connected agent.
+ * privateKey is held only in memory and never logged or persisted.
+ */
+export interface RestSession {
+    publicKey: string;
+    privateKey: string;
+    name?: string;
+    metadata?: {
+        version?: string;
+        capabilities?: string[];
+    };
+    registeredAt: number;
+    expiresAt: number;
+    token: string;
+}
+/**
+ * Minimal interface for the relay server that the REST API depends on.
+ */
+export interface RelayInterface {
+    getAgents(): Map<string, {
+        publicKey: string;
+        name?: string;
+        lastSeen: number;
+        metadata?: {
+            version?: string;
+            capabilities?: string[];
+        };
+        socket: unknown;
+    }>;
+    on(event: 'message-relayed', handler: (from: string, to: string, envelope: unknown) => void): void;
+}
+/**
+ * Envelope creation function interface (matches createEnvelope from message/envelope).
+ */
+export type CreateEnvelopeFn = (type: string, sender: string, privateKey: string, payload: unknown, timestamp?: number, inReplyTo?: string) => {
+    id: string;
+    type: string;
+    sender: string;
+    timestamp: number;
+    payload: unknown;
+    signature: string;
+    inReplyTo?: string;
+};
+/**
+ * Envelope verification function interface.
+ */
+export type VerifyEnvelopeFn = (envelope: unknown) => {
+    valid: boolean;
+    reason?: string;
+};
+/**
+ * Create the REST API router.
+ */
+export declare function createRestRouter(relay: RelayInterface, buffer: MessageBuffer, sessions: Map<string, RestSession>, createEnv: CreateEnvelopeFn, verifyEnv: VerifyEnvelopeFn): Router;
+//# sourceMappingURL=rest-api.d.ts.map

package/dist/relay/rest-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rest-api.d.ts","sourceRoot":"","sources":["../../src/relay/rest-api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AASjC,OAAO,EAAE,aAAa,EAAwB,MAAM,qBAAqB,CAAC;AAU1E;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACzD,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAeD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,SAAS,IAAI,GAAG,CACd,MAAM,EACN;QACE,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE;YAAE,OAAO,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;QACzD,MAAM,EAAE,OAAO,CAAC;KACjB,CACF,CAAC;IACF,EAAE,CACA,KAAK,EAAE,iBAAiB,EACxB,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,KAAK,IAAI,GAC7D,IAAI,CAAC;CACT;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,KACf;IACH,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,OAAO,KAAK;IACpD,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,MAAM,EAAE,aAAa,EACrB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,EAClC,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,gBAAgB,GAC1B,MAAM,CA4QR"}