@rookdaemon/agora 0.3.0 → 0.4.1

package/dist/index.js

@@ -1,27 +1,19 @@
 import {
   DEFAULT_BOOTSTRAP_RELAYS,
-  MessageStore,
   PeerDiscoveryService,
   RelayClient,
-  RelayServer,
   ReputationStore,
-  canonicalize,
   computeAllTrustScores,
-  computeId,
   computeTrustScore,
   computeTrustScores,
   createCommit,
-  createEnvelope,
   createReveal,
   createVerification,
   decay,
   decodeInboundEnvelope,
-  exportKeyPair,
   formatDisplayName,
-  generateKeyPair,
   getDefaultBootstrapRelay,
   hashPrediction,
-  importKeyPair,
   initPeerConfig,
   loadPeerConfig,
   parseBootstrapRelay,
@@ -30,15 +22,33 @@ import {
   sendToPeer,
   sendViaRelay,
   shortKey,
-  signMessage,
   validateCommitRecord,
   validateRevealRecord,
   validateVerificationRecord,
-  verifyEnvelope,
   verifyReveal,
-  verifySignature,
   verifyVerificationSignature
-} from "./chunk-JUOGKXFN.js";
+} from "./chunk-IOHECZYT.js";
+import {
+  MessageBuffer,
+  createRestRouter,
+  createToken,
+  requireAuth,
+  revokeToken,
+  runRelay
+} from "./chunk-2U4PZINT.js";
+import {
+  MessageStore,
+  RelayServer,
+  canonicalize,
+  computeId,
+  createEnvelope,
+  exportKeyPair,
+  generateKeyPair,
+  importKeyPair,
+  signMessage,
+  verifyEnvelope,
+  verifySignature
+} from "./chunk-D7Y66GFC.js";
 
 // src/registry/capability.ts
 import { createHash } from "crypto";
@@ -495,416 +505,6 @@ async function loadAgoraConfigAsync(path) {
   return parseConfig(config);
 }
 
-// src/relay/message-buffer.ts
-var MAX_MESSAGES_PER_AGENT = 100;
-var MessageBuffer = class {
-  buffers = /* @__PURE__ */ new Map();
-  /**
-   * Add a message to an agent's buffer.
-   * Evicts the oldest message if the buffer is full.
-   */
-  add(publicKey, message) {
-    let queue = this.buffers.get(publicKey);
-    if (!queue) {
-      queue = [];
-      this.buffers.set(publicKey, queue);
-    }
-    queue.push(message);
-    if (queue.length > MAX_MESSAGES_PER_AGENT) {
-      queue.shift();
-    }
-  }
-  /**
-   * Retrieve messages for an agent, optionally filtering by `since` timestamp.
-   * Returns messages with timestamp > since (exclusive).
-   */
-  get(publicKey, since) {
-    const queue = this.buffers.get(publicKey) ?? [];
-    if (since === void 0) {
-      return [...queue];
-    }
-    return queue.filter((m) => m.timestamp > since);
-  }
-  /**
-   * Clear all messages for an agent (after polling without `since`).
-   */
-  clear(publicKey) {
-    this.buffers.set(publicKey, []);
-  }
-  /**
-   * Remove all state for a disconnected agent.
-   */
-  delete(publicKey) {
-    this.buffers.delete(publicKey);
-  }
-};
-
-// src/relay/jwt-auth.ts
-import jwt from "jsonwebtoken";
-import { randomBytes } from "crypto";
-var revokedJtis = /* @__PURE__ */ new Map();
-function pruneExpiredRevocations() {
-  const now = Date.now();
-  for (const [jti, expiry] of revokedJtis) {
-    if (expiry <= now) {
-      revokedJtis.delete(jti);
-    }
-  }
-}
-function getJwtSecret() {
-  const secret = process.env.AGORA_RELAY_JWT_SECRET;
-  if (!secret) {
-    throw new Error(
-      "AGORA_RELAY_JWT_SECRET environment variable is required but not set"
-    );
-  }
-  return secret;
-}
-function getExpirySeconds() {
-  const raw = process.env.AGORA_JWT_EXPIRY_SECONDS;
-  if (raw) {
-    const parsed = parseInt(raw, 10);
-    if (!isNaN(parsed) && parsed > 0) {
-      return parsed;
-    }
-  }
-  return 3600;
-}
-function createToken(payload) {
-  const secret = getJwtSecret();
-  const expirySeconds = getExpirySeconds();
-  const jti = `${Date.now()}-${randomBytes(16).toString("hex")}`;
-  const token = jwt.sign(
-    { publicKey: payload.publicKey, name: payload.name, jti },
-    secret,
-    { expiresIn: expirySeconds }
-  );
-  const expiresAt = Date.now() + expirySeconds * 1e3;
-  return { token, expiresAt };
-}
-function revokeToken(token) {
-  try {
-    const secret = getJwtSecret();
-    const decoded = jwt.verify(token, secret);
-    if (decoded.jti) {
-      const expiry = decoded.exp ? decoded.exp * 1e3 : Date.now();
-      revokedJtis.set(decoded.jti, expiry);
-      pruneExpiredRevocations();
-    }
-  } catch {
-  }
-}
-function requireAuth(req, res, next) {
-  const authHeader = req.headers.authorization;
-  if (!authHeader || !authHeader.startsWith("Bearer ")) {
-    res.status(401).json({ error: "Missing or malformed Authorization header" });
-    return;
-  }
-  const token = authHeader.slice(7);
-  try {
-    const secret = getJwtSecret();
-    const decoded = jwt.verify(token, secret);
-    if (decoded.jti && revokedJtis.has(decoded.jti)) {
-      res.status(401).json({ error: "Token has been revoked" });
-      return;
-    }
-    req.agent = { publicKey: decoded.publicKey, name: decoded.name };
-    next();
-  } catch (err) {
-    if (err instanceof jwt.TokenExpiredError) {
-      res.status(401).json({ error: "Token expired" });
-    } else {
-      res.status(401).json({ error: "Invalid token" });
-    }
-  }
-}
-
-// src/relay/rest-api.ts
-import { Router } from "express";
-import { rateLimit } from "express-rate-limit";
-var apiRateLimit = rateLimit({
-  windowMs: 6e4,
-  limit: 60,
-  standardHeaders: "draft-7",
-  legacyHeaders: false,
-  message: { error: "Too many requests \u2014 try again later" }
-});
-function pruneExpiredSessions(sessions, buffer) {
-  const now = Date.now();
-  for (const [publicKey, session] of sessions) {
-    if (session.expiresAt <= now) {
-      sessions.delete(publicKey);
-      buffer.delete(publicKey);
-    }
-  }
-}
-function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv) {
-  const router = Router();
-  router.use(apiRateLimit);
-  relay.on("message-relayed", (from, to, envelope) => {
-    if (!sessions.has(to)) return;
-    const agentMap = relay.getAgents();
-    const senderAgent = agentMap.get(from);
-    const env = envelope;
-    const msg = {
-      id: env.id,
-      from,
-      fromName: senderAgent?.name,
-      type: env.type,
-      payload: env.payload,
-      timestamp: env.timestamp,
-      inReplyTo: env.inReplyTo
-    };
-    buffer.add(to, msg);
-  });
-  router.post("/v1/register", async (req, res) => {
-    const { publicKey, privateKey, name, metadata } = req.body;
-    if (!publicKey || typeof publicKey !== "string") {
-      res.status(400).json({ error: "publicKey is required" });
-      return;
-    }
-    if (!privateKey || typeof privateKey !== "string") {
-      res.status(400).json({ error: "privateKey is required" });
-      return;
-    }
-    const testEnvelope = createEnv(
-      "announce",
-      publicKey,
-      privateKey,
-      { challenge: "register" },
-      Date.now()
-    );
-    const verification = verifyEnv(testEnvelope);
-    if (!verification.valid) {
-      res.status(400).json({ error: "Key pair verification failed: " + verification.reason });
-      return;
-    }
-    const { token, expiresAt } = createToken({ publicKey, name });
-    pruneExpiredSessions(sessions, buffer);
-    const session = {
-      publicKey,
-      privateKey,
-      name,
-      metadata,
-      registeredAt: Date.now(),
-      expiresAt,
-      token
-    };
-    sessions.set(publicKey, session);
-    const wsAgents = relay.getAgents();
-    const peers = [];
-    for (const agent of wsAgents.values()) {
-      if (agent.publicKey !== publicKey) {
-        peers.push({
-          publicKey: agent.publicKey,
-          name: agent.name,
-          lastSeen: agent.lastSeen
-        });
-      }
-    }
-    for (const s of sessions.values()) {
-      if (s.publicKey !== publicKey && !wsAgents.has(s.publicKey)) {
-        peers.push({
-          publicKey: s.publicKey,
-          name: s.name,
-          lastSeen: s.registeredAt
-        });
-      }
-    }
-    res.json({ token, expiresAt, peers });
-  });
-  router.post(
-    "/v1/send",
-    requireAuth,
-    async (req, res) => {
-      const { to, type, payload, inReplyTo } = req.body;
-      if (!to || typeof to !== "string") {
-        res.status(400).json({ error: "to is required" });
-        return;
-      }
-      if (!type || typeof type !== "string") {
-        res.status(400).json({ error: "type is required" });
-        return;
-      }
-      if (payload === void 0) {
-        res.status(400).json({ error: "payload is required" });
-        return;
-      }
-      const senderPublicKey = req.agent.publicKey;
-      const session = sessions.get(senderPublicKey);
-      if (!session) {
-        res.status(401).json({ error: "Session not found \u2014 please re-register" });
-        return;
-      }
-      const envelope = createEnv(
-        type,
-        senderPublicKey,
-        session.privateKey,
-        payload,
-        Date.now(),
-        inReplyTo
-      );
-      const wsAgents = relay.getAgents();
-      const wsRecipient = wsAgents.get(to);
-      if (wsRecipient && wsRecipient.socket) {
-        const ws = wsRecipient.socket;
-        const OPEN = 1;
-        if (ws.readyState !== OPEN) {
-          res.status(503).json({ error: "Recipient connection is not open" });
-          return;
-        }
-        try {
-          const relayMsg = JSON.stringify({
-            type: "message",
-            from: senderPublicKey,
-            name: session.name,
-            envelope
-          });
-          ws.send(relayMsg);
-          res.json({ ok: true, envelopeId: envelope.id });
-          return;
-        } catch (err) {
-          res.status(500).json({
-            error: "Failed to deliver message: " + (err instanceof Error ? err.message : String(err))
-          });
-          return;
-        }
-      }
-      const restRecipient = sessions.get(to);
-      if (restRecipient) {
-        const senderAgent = wsAgents.get(senderPublicKey);
-        const msg = {
-          id: envelope.id,
-          from: senderPublicKey,
-          fromName: session.name ?? senderAgent?.name,
-          type: envelope.type,
-          payload: envelope.payload,
-          timestamp: envelope.timestamp,
-          inReplyTo: envelope.inReplyTo
-        };
-        buffer.add(to, msg);
-        res.json({ ok: true, envelopeId: envelope.id });
-        return;
-      }
-      res.status(404).json({ error: "Recipient not connected" });
-    }
-  );
-  router.get(
-    "/v1/peers",
-    requireAuth,
-    (req, res) => {
-      const callerPublicKey = req.agent.publicKey;
-      const wsAgents = relay.getAgents();
-      const peerList = [];
-      for (const agent of wsAgents.values()) {
-        if (agent.publicKey !== callerPublicKey) {
-          peerList.push({
-            publicKey: agent.publicKey,
-            name: agent.name,
-            lastSeen: agent.lastSeen,
-            metadata: agent.metadata
-          });
-        }
-      }
-      for (const s of sessions.values()) {
-        if (s.publicKey !== callerPublicKey && !wsAgents.has(s.publicKey)) {
-          peerList.push({
-            publicKey: s.publicKey,
-            name: s.name,
-            lastSeen: s.registeredAt,
-            metadata: s.metadata
-          });
-        }
-      }
-      res.json({ peers: peerList });
-    }
-  );
-  router.get(
-    "/v1/messages",
-    requireAuth,
-    (req, res) => {
-      const publicKey = req.agent.publicKey;
-      const sinceRaw = req.query.since;
-      const limitRaw = req.query.limit;
-      const since = sinceRaw ? parseInt(sinceRaw, 10) : void 0;
-      const limit = Math.min(limitRaw ? parseInt(limitRaw, 10) : 50, 100);
-      let messages = buffer.get(publicKey, since);
-      const hasMore = messages.length > limit;
-      if (hasMore) {
-        messages = messages.slice(0, limit);
-      }
-      if (since === void 0) {
-        buffer.clear(publicKey);
-      }
-      res.json({ messages, hasMore });
-    }
-  );
-  router.delete(
-    "/v1/disconnect",
-    requireAuth,
-    (req, res) => {
-      const publicKey = req.agent.publicKey;
-      const authHeader = req.headers.authorization;
-      const token = authHeader.slice(7);
-      revokeToken(token);
-      sessions.delete(publicKey);
-      buffer.delete(publicKey);
-      res.json({ ok: true });
-    }
-  );
-  return router;
-}
-
-// src/relay/run-relay.ts
-import http from "http";
-import express from "express";
-var createEnvelopeForRest = (type, sender, privateKey, payload, timestamp, inReplyTo) => createEnvelope(
-  type,
-  sender,
-  privateKey,
-  payload,
-  timestamp ?? Date.now(),
-  inReplyTo
-);
-async function runRelay(options = {}) {
-  const wsPort = options.wsPort ?? parseInt(process.env.PORT ?? "3001", 10);
-  const enableRest = options.enableRest ?? (typeof process.env.AGORA_RELAY_JWT_SECRET === "string" && process.env.AGORA_RELAY_JWT_SECRET.length > 0);
-  const relay = new RelayServer(options.relayOptions);
-  await relay.start(wsPort);
-  if (!enableRest) {
-    return { relay };
-  }
-  if (!process.env.AGORA_RELAY_JWT_SECRET) {
-    await relay.stop();
-    throw new Error(
-      "AGORA_RELAY_JWT_SECRET environment variable is required when REST API is enabled"
-    );
-  }
-  const restPort = options.restPort ?? wsPort + 1;
-  const messageBuffer = new MessageBuffer();
-  const restSessions = /* @__PURE__ */ new Map();
-  const app = express();
-  app.use(express.json());
-  const verifyForRest = (envelope) => verifyEnvelope(envelope);
-  const router = createRestRouter(
-    relay,
-    messageBuffer,
-    restSessions,
-    createEnvelopeForRest,
-    verifyForRest
-  );
-  app.use(router);
-  app.use((_req, res) => {
-    res.status(404).json({ error: "Not found" });
-  });
-  const httpServer = http.createServer(app);
-  await new Promise((resolve2, reject) => {
-    httpServer.listen(restPort, () => resolve2());
-    httpServer.on("error", reject);
-  });
-  return { relay, httpServer };
-}
-
 // src/service.ts
 var AgoraService = class {
   config;
@@ -931,7 +531,7 @@ var AgoraService = class {
         error: `Unknown peer: ${options.peerName}`
       };
     }
-    if (peer.url) {
+    if (peer.url && !options.relayOnly) {
       const transportConfig = {
         identity: {
           publicKey: this.config.identity.publicKey,
@@ -950,6 +550,19 @@ var AgoraService = class {
         return httpResult;
       }
       this.logger?.debug(`HTTP send to ${options.peerName} failed: ${httpResult.error}`);
+      if (options.direct) {
+        return {
+          ok: false,
+          status: httpResult.status,
+          error: `Direct send to ${options.peerName} failed: ${httpResult.error}`
+        };
+      }
+    } else if (options.direct && !peer.url) {
+      return {
+        ok: false,
+        status: 0,
+        error: `Direct send failed: peer '${options.peerName}' has no URL configured`
+      };
     }
     if (this.relayClient?.connected() && this.config.relay) {
       const relayResult = await sendViaRelay(
@@ -1076,6 +689,73 @@ var AgoraService = class {
     };
   }
 };
+
+// src/reputation/network.ts
+var MAX_VERIFICATIONS_IN_RESPONSE = 50;
+async function handleReputationQuery(query, store, currentTime) {
+  const allVerifications = await store.getVerifications();
+  let relevantVerifications = allVerifications.filter((v) => v.target === query.agent);
+  if (query.domain !== void 0) {
+    relevantVerifications = relevantVerifications.filter((v) => v.domain === query.domain);
+  }
+  if (query.after !== void 0) {
+    const after = query.after;
+    relevantVerifications = relevantVerifications.filter((v) => v.timestamp > after);
+  }
+  let scores;
+  if (query.domain !== void 0) {
+    const score = computeTrustScore(query.agent, query.domain, allVerifications, currentTime);
+    scores = { [query.domain]: score };
+  } else {
+    const scoreMap = computeTrustScores(query.agent, allVerifications, currentTime);
+    scores = {};
+    for (const [domain, score] of scoreMap.entries()) {
+      scores[domain] = score;
+    }
+  }
+  const limitedVerifications = relevantVerifications.slice().sort((a, b) => b.timestamp - a.timestamp).slice(0, MAX_VERIFICATIONS_IN_RESPONSE);
+  const response = {
+    agent: query.agent,
+    verifications: limitedVerifications,
+    scores
+  };
+  if (query.domain !== void 0) {
+    response.domain = query.domain;
+  }
+  return response;
+}
+
+// src/reputation/sync.ts
+async function syncReputationFromPeer(agentPublicKey, domain, store, sendMessage) {
+  const query = {
+    agent: agentPublicKey,
+    domain
+  };
+  const response = await sendMessage("reputation_query", query);
+  const existing = await store.getVerifications();
+  const existingIds = new Set(existing.map((v) => v.id));
+  let added = 0;
+  let skipped = 0;
+  for (const record of response.verifications) {
+    if (existingIds.has(record.id)) {
+      skipped++;
+      continue;
+    }
+    const sigResult = verifyVerificationSignature(record);
+    if (!sigResult.valid) {
+      skipped++;
+      continue;
+    }
+    if (record.domain !== domain) {
+      skipped++;
+      continue;
+    }
+    await store.addVerification(record);
+    existingIds.add(record.id);
+    added++;
+  }
+  return { added, skipped };
+}
 export {
   AgoraService,
   DEFAULT_BOOTSTRAP_RELAYS,
@@ -1106,6 +786,7 @@ export {
   generateKeyPair,
   getDefaultBootstrapRelay,
   getDefaultConfigPath,
+  handleReputationQuery,
   hashPrediction,
   importKeyPair,
   initPeerConfig,
@@ -1121,6 +802,7 @@ export {
   sendToPeer,
   shortKey,
   signMessage,
+  syncReputationFromPeer,
   validateCapability,
   validateCommitRecord,
   validatePeerListRequest,