@sideband/secure-relay 0.2.2 → 0.3.0

package/dist/handshake.js

@@ -0,0 +1,93 @@
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * E2EE handshake protocol for Sideband Relay Protocol (SBRP).
+ *
+ * Implements the authenticated key exchange between client and daemon,
+ * with Ed25519 signatures for MITM protection.
+ */
+import { computeSharedSecret, createSignaturePayload, createTranscriptHash, deriveSessionKeys, generateEphemeralKeyPair, signPayload, verifySignature, zeroize, } from "./crypto.js";
+import { SbrpError, SbrpErrorCode } from "./types.js";
+/**
+ * Create a handshake init message (client side).
+ *
+ * Generates an ephemeral X25519 keypair for this session.
+ */
+export function createHandshakeInit() {
+    const ephemeralKeyPair = generateEphemeralKeyPair();
+    return {
+        message: {
+            type: "handshake.init",
+            initPublicKey: ephemeralKeyPair.publicKey,
+        },
+        ephemeralKeyPair,
+    };
+}
+/**
+ * Process handshake init and create accept message (daemon side).
+ *
+ * 1. Generate ephemeral X25519 keypair
+ * 2. Sign ephemeral public key with identity key (context-bound)
+ * 3. Derive session keys
+ *
+ * NOTE: Callers MUST enforce a 30-second handshake timeout per SBRP §1.4.
+ * This function does not track time; timeout enforcement is a transport concern.
+ */
+export function processHandshakeInit(init, daemonId, identityKeyPair) {
+    const ephemeralKeyPair = generateEphemeralKeyPair();
+    // Sign ephemeral key with context binding
+    const signaturePayload = createSignaturePayload(daemonId, init.initPublicKey, ephemeralKeyPair.publicKey);
+    const signature = signPayload(signaturePayload, identityKeyPair.privateKey);
+    // Derive session keys
+    const sharedSecret = computeSharedSecret(ephemeralKeyPair.privateKey, init.initPublicKey);
+    const transcriptHash = createTranscriptHash(daemonId, init.initPublicKey, ephemeralKeyPair.publicKey, signature);
+    const sessionKeys = deriveSessionKeys(sharedSecret, transcriptHash);
+    // Best-effort zeroize secrets
+    zeroize(sharedSecret);
+    zeroize(ephemeralKeyPair.privateKey);
+    return {
+        message: {
+            type: "handshake.accept",
+            identityPublicKey: identityKeyPair.publicKey,
+            acceptPublicKey: ephemeralKeyPair.publicKey,
+            signature,
+        },
+        sessionKeys,
+    };
+}
+/**
+ * Process handshake accept message (client side).
+ *
+ * 1. Verify signature using PINNED identity key (TOFU)
+ * 2. Derive session keys using same transcript hash as daemon
+ *
+ * NOTE: Callers MUST enforce a 30-second handshake timeout per SBRP §1.4.
+ * This function does not track time; timeout enforcement is a transport concern.
+ *
+ * @param ephemeralKeyPair The privateKey is zeroized in-place after key derivation.
+ * @throws {SbrpError} IdentityKeyChanged if advertised key doesn't match pinned key
+ * @throws {SbrpError} HandshakeFailed if signature verification fails
+ */
+export function processHandshakeAccept(accept, daemonId, pinnedIdentityPublicKey, ephemeralKeyPair) {
+    // Reject if advertised identity key doesn't match pinned key.
+    // Signature is verified against pinnedIdentityPublicKey, but an attacker
+    // could swap the advertised field to mislead higher layers.
+    if (accept.identityPublicKey.length !== pinnedIdentityPublicKey.length ||
+        !accept.identityPublicKey.every((b, i) => b === pinnedIdentityPublicKey[i])) {
+        throw new SbrpError(SbrpErrorCode.IdentityKeyChanged, "Advertised identity key does not match pinned key");
+    }
+    // Verify daemon signature using PINNED key (not relay-provided!)
+    const signaturePayload = createSignaturePayload(daemonId, ephemeralKeyPair.publicKey, accept.acceptPublicKey);
+    const valid = verifySignature(signaturePayload, accept.signature, pinnedIdentityPublicKey);
+    if (!valid) {
+        throw new SbrpError(SbrpErrorCode.HandshakeFailed, "Signature verification failed");
+    }
+    // Derive session keys using same transcript hash as daemon
+    const sharedSecret = computeSharedSecret(ephemeralKeyPair.privateKey, accept.acceptPublicKey);
+    const transcriptHash = createTranscriptHash(daemonId, ephemeralKeyPair.publicKey, accept.acceptPublicKey, accept.signature);
+    const sessionKeys = deriveSessionKeys(sharedSecret, transcriptHash);
+    // Best-effort zeroize secrets
+    zeroize(sharedSecret);
+    zeroize(ephemeralKeyPair.privateKey);
+    return sessionKeys;
+}
+//# sourceMappingURL=handshake.js.map

package/dist/handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../src/handshake.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC;;;;;GAKG;AAEH,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AASrB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEtD;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IAIjC,MAAM,gBAAgB,GAAG,wBAAwB,EAAE,CAAC;IACpD,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,gBAAgB;YACtB,aAAa,EAAE,gBAAgB,CAAC,SAAS;SAC1C;QACD,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAmB,EACnB,QAAkB,EAClB,eAAgC;IAEhC,MAAM,gBAAgB,GAAG,wBAAwB,EAAE,CAAC;IAEpD,0CAA0C;IAC1C,MAAM,gBAAgB,GAAG,sBAAsB,CAC7C,QAAQ,EACR,IAAI,CAAC,aAAa,EAClB,gBAAgB,CAAC,SAAS,CAC3B,CAAC;IACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IAE5E,sBAAsB;IACtB,MAAM,YAAY,GAAG,mBAAmB,CACtC,gBAAgB,CAAC,UAAU,EAC3B,IAAI,CAAC,aAAa,CACnB,CAAC;IACF,MAAM,cAAc,GAAG,oBAAoB,CACzC,QAAQ,EACR,IAAI,CAAC,aAAa,EAClB,gBAAgB,CAAC,SAAS,EAC1B,SAAS,CACV,CAAC;IACF,MAAM,WAAW,GAAG,iBAAiB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEpE,8BAA8B;IAC9B,OAAO,CAAC,YAAY,CAAC,CAAC;IACtB,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAErC,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,kBAAkB;YACxB,iBAAiB,EAAE,eAAe,CAAC,SAAS;YAC5C,eAAe,EAAE,gBAAgB,CAAC,SAAS;YAC3C,SAAS;SACV;QACD,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAuB,EACvB,QAAkB,EAClB,uBAAmC,EACnC,gBAAkC;IAElC,8DAA8D;IAC9D,yEAAyE;IACzE,4DAA4D;IAC5D,IACE,MAAM,CAAC,iBAAiB,CAAC,MAAM,KAAK,uBAAuB,CAAC,MAAM;QAClE,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,uBAAuB,CAAC,CAAC,CAAC,CAAC,EAC3E,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,kBAAkB,EAChC,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,sBAAsB,CAC7C,QAAQ,EACR,gBAAgB,CAAC,SAAS,EAC1B,MAAM,CAAC,eAAe,CACvB,CAAC;IAEF,MAAM,KAAK,GAAG,eAAe,CAC3B,gBAAgB,EAChB,MAAM,CAAC,SAAS,EAChB,uBAAuB,CACxB,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,eAAe,EAC7B,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,mBAAmB,CACtC,gBAAgB,CAAC,UAAU,EAC3B,MAAM,CAAC,eAAe,CACvB,CAAC;IACF,MAAM,cAAc,GAAG,oBAAoB,CACzC,QAAQ,EACR,gBAAgB,CAAC,SAAS,EAC1B,MAAM,CAAC,eAAe,EACtB,MAAM,CAAC,SAAS,CACjB,CAAC;IACF,MAAM,WAAW,GAAG,iBAAiB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEpE,8BAA8B;IAC9B,OAAO,CAAC,YAAY,CAAC,CAAC;IACtB,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAErC,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,46 @@
+/**
+ * @sideband/secure-relay
+ *
+ * Sideband Relay Protocol (SBRP) implementation for E2EE communication
+ * between daemons and clients via a relay server.
+ *
+ * Features:
+ * - Ed25519 identity signatures for MITM protection
+ * - X25519 ephemeral key exchange for forward secrecy
+ * - ChaCha20-Poly1305 authenticated encryption
+ * - TOFU (Trust On First Use) identity pinning
+ * - Bitmap-based replay protection
+ *
+ * @example
+ * ```typescript
+ * // Daemon side: generate identity keypair on first run
+ * const identity = generateIdentityKeyPair();
+ *
+ * // Client side: create handshake init
+ * const { message: init, ephemeralKeyPair } = createHandshakeInit();
+ *
+ * // Daemon side: process init and create accept
+ * const { message: accept, sessionKeys } = processHandshakeInit(init, daemonId, identity);
+ * const clientSession = createClientSession(clientId, sessionKeys);
+ *
+ * // Client side: process accept (with TOFU-pinned identity)
+ * const clientKeys = processHandshakeAccept(accept, daemonId, pinnedKey, ephemeralKeyPair);
+ * const daemonSession = createDaemonSession(clientKeys);
+ *
+ * // Encrypt/decrypt messages
+ * const encrypted = encryptClientToDaemon(daemonSession, plaintext);
+ * const decrypted = decryptClientToDaemon(clientSession, encrypted);
+ * ```
+ */
+export type { ClientId, DaemonId, EncryptedMessage, EphemeralKeyPair, HandshakeAccept, HandshakeInit, IdentityKeyPair, SessionId, SessionKeys, } from "./types.js";
+export { asClientId, asDaemonId, Direction, SbrpError, SbrpErrorCode, SignalCode, SignalReason, } from "./types.js";
+export { AUTH_TAG_LENGTH, DEFAULT_REPLAY_WINDOW_SIZE, DIRECTION_CLIENT_TO_DAEMON, DIRECTION_DAEMON_TO_CLIENT, ED25519_PRIVATE_KEY_LENGTH, ED25519_PUBLIC_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, FRAME_HEADER_SIZE, HANDSHAKE_ACCEPT_PAYLOAD_SIZE, HANDSHAKE_INIT_PAYLOAD_SIZE, MAX_PAYLOAD_SIZE, MAX_PING_PAYLOAD_SIZE, MIN_CONTROL_PAYLOAD_SIZE, MIN_ENCRYPTED_PAYLOAD_SIZE, NONCE_LENGTH, SBRP_HANDSHAKE_CONTEXT, SBRP_SESSION_KEYS_INFO, SBRP_TRANSCRIPT_CONTEXT, SESSION_KEYS_LENGTH, SIGNAL_PAYLOAD_SIZE, SYMMETRIC_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH, X25519_PUBLIC_KEY_LENGTH, } from "./constants.js";
+export { computeFingerprint, computeSharedSecret, constructNonce, createSignaturePayload, createTranscriptHash, decrypt, deriveSessionKeys, encrypt, extractSequence, generateEphemeralKeyPair, generateIdentityKeyPair, randomBytes, signPayload, verifySignature, zeroize, } from "./crypto.js";
+export { createHandshakeInit, processHandshakeAccept, processHandshakeInit, } from "./handshake.js";
+export type { ReplayWindow } from "./replay.js";
+export { checkAndUpdateReplay, createReplayWindow, isValidSequence, resetReplayWindow, } from "./replay.js";
+export type { ClientSession, DaemonSession } from "./session.js";
+export { clearClientSession, clearDaemonSession, createClientSession, createDaemonSession, decryptClientToDaemon, decryptDaemonToClient, encryptClientToDaemon, encryptDaemonToClient, } from "./session.js";
+export type { ControlPayload, Frame, FrameHeader, SignalPayload, } from "./frame.js";
+export { decodeControl, decodeData, decodeFrame, decodeHandshakeAccept, decodeHandshakeInit, decodeSignal, encodeControl, encodeData, encodeFrame, encodeHandshakeAccept, encodeHandshakeInit, encodePing, encodePong, encodeSignal, FrameDecoder, FrameType, fromWireControlCode, isTerminalCode, readFrameHeader, toWireControlCode, WireControlCode, } from "./frame.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,eAAe,EACf,SAAS,EACT,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,UAAU,EACV,UAAU,EACV,SAAS,EACT,SAAS,EACT,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,EACjB,6BAA6B,EAC7B,2BAA2B,EAC3B,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,YAAY,EACZ,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,OAAO,EACP,iBAAiB,EACjB,OAAO,EACP,eAAe,EACf,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAEjE,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAGtB,YAAY,EACV,cAAc,EACd,KAAK,EACL,WAAW,EACX,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,aAAa,EACb,UAAU,EACV,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,eAAe,GAChB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: Apache-2.0
+export { asClientId, asDaemonId, Direction, SbrpError, SbrpErrorCode, SignalCode, SignalReason, } from "./types.js";
+// Constants
+export { AUTH_TAG_LENGTH, DEFAULT_REPLAY_WINDOW_SIZE, DIRECTION_CLIENT_TO_DAEMON, DIRECTION_DAEMON_TO_CLIENT, ED25519_PRIVATE_KEY_LENGTH, ED25519_PUBLIC_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, FRAME_HEADER_SIZE, HANDSHAKE_ACCEPT_PAYLOAD_SIZE, HANDSHAKE_INIT_PAYLOAD_SIZE, MAX_PAYLOAD_SIZE, MAX_PING_PAYLOAD_SIZE, MIN_CONTROL_PAYLOAD_SIZE, MIN_ENCRYPTED_PAYLOAD_SIZE, NONCE_LENGTH, SBRP_HANDSHAKE_CONTEXT, SBRP_SESSION_KEYS_INFO, SBRP_TRANSCRIPT_CONTEXT, SESSION_KEYS_LENGTH, SIGNAL_PAYLOAD_SIZE, SYMMETRIC_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH, X25519_PUBLIC_KEY_LENGTH, } from "./constants.js";
+// Crypto primitives
+export { computeFingerprint, computeSharedSecret, constructNonce, createSignaturePayload, createTranscriptHash, decrypt, deriveSessionKeys, encrypt, extractSequence, generateEphemeralKeyPair, generateIdentityKeyPair, randomBytes, signPayload, verifySignature, zeroize, } from "./crypto.js";
+// Handshake
+export { createHandshakeInit, processHandshakeAccept, processHandshakeInit, } from "./handshake.js";
+export { checkAndUpdateReplay, createReplayWindow, isValidSequence, resetReplayWindow, } from "./replay.js";
+export { clearClientSession, clearDaemonSession, createClientSession, createDaemonSession, decryptClientToDaemon, decryptDaemonToClient, encryptClientToDaemon, encryptDaemonToClient, } from "./session.js";
+export { decodeControl, decodeData, decodeFrame, decodeHandshakeAccept, decodeHandshakeInit, decodeSignal, encodeControl, encodeData, encodeFrame, encodeHandshakeAccept, encodeHandshakeInit, encodePing, encodePong, encodeSignal, FrameDecoder, FrameType, fromWireControlCode, isTerminalCode, readFrameHeader, toWireControlCode, WireControlCode, } from "./frame.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAkDtC,OAAO,EACL,UAAU,EACV,UAAU,EACV,SAAS,EACT,SAAS,EACT,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB,YAAY;AACZ,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,yBAAyB,EACzB,wBAAwB,EACxB,iBAAiB,EACjB,6BAA6B,EAC7B,2BAA2B,EAC3B,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,YAAY,EACZ,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAExB,oBAAoB;AACpB,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,OAAO,EACP,iBAAiB,EACjB,OAAO,EACP,eAAe,EACf,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AAErB,YAAY;AACZ,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAKxB,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAKrB,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAUtB,OAAO,EACL,aAAa,EACb,UAAU,EACV,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,UAAU,EACV,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,eAAe,GAChB,MAAM,YAAY,CAAC"}

package/dist/replay.d.ts

@@ -0,0 +1,32 @@
+/** Replay window state */
+export interface ReplayWindow {
+    /** Highest accepted sequence number */
+    maxSeen: bigint;
+    /** Bitmap: bit i set = sequence (maxSeen - i) was seen */
+    bitmap: bigint;
+    /** Window size in bits */
+    windowSize: bigint;
+}
+/**
+ * Create a new replay window.
+ *
+ * @param windowSize - Window size in bits (default: 64)
+ */
+export declare function createReplayWindow(windowSize?: bigint): ReplayWindow;
+/**
+ * Check if a sequence number is valid (not a replay) and update the window.
+ *
+ * @returns true if the sequence is valid and accepted, false if it's a replay
+ */
+export declare function checkAndUpdateReplay(seq: bigint, window: ReplayWindow): boolean;
+/**
+ * Check if a sequence number would be valid without updating the window.
+ *
+ * Useful for pre-validation before decryption.
+ */
+export declare function isValidSequence(seq: bigint, window: ReplayWindow): boolean;
+/**
+ * Reset the replay window to initial state.
+ */
+export declare function resetReplayWindow(window: ReplayWindow): void;
+//# sourceMappingURL=replay.d.ts.map

package/dist/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAYA,0BAA0B;AAC1B,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,GAAE,MAAmC,GAC9C,YAAY,CAMd;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,YAAY,GACnB,OAAO,CAqCT;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAgB1E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAG5D"}

package/dist/replay.js

@@ -0,0 +1,88 @@
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Bitmap-based replay protection for Sideband Relay Protocol (SBRP).
+ *
+ * Uses a sliding window to track seen sequence numbers and prevent
+ * replay attacks while avoiding memory exhaustion from attacker-controlled
+ * sequence numbers.
+ */
+import { DEFAULT_REPLAY_WINDOW_SIZE } from "./constants.js";
+/**
+ * Create a new replay window.
+ *
+ * @param windowSize - Window size in bits (default: 64)
+ */
+export function createReplayWindow(windowSize = DEFAULT_REPLAY_WINDOW_SIZE) {
+    return {
+        maxSeen: -1n, // No messages seen yet
+        bitmap: 0n,
+        windowSize,
+    };
+}
+/**
+ * Check if a sequence number is valid (not a replay) and update the window.
+ *
+ * @returns true if the sequence is valid and accepted, false if it's a replay
+ */
+export function checkAndUpdateReplay(seq, window) {
+    // First message ever
+    if (window.maxSeen === -1n) {
+        window.maxSeen = seq;
+        window.bitmap = 1n;
+        return true;
+    }
+    if (seq > window.maxSeen) {
+        // New high sequence - shift window
+        const shift = seq - window.maxSeen;
+        if (shift >= window.windowSize) {
+            // Sequence is far ahead, reset bitmap
+            window.bitmap = 1n;
+        }
+        else {
+            window.bitmap = (window.bitmap << shift) | 1n;
+        }
+        window.maxSeen = seq;
+        return true;
+    }
+    // Sequence is within or before the window
+    const diff = window.maxSeen - seq;
+    if (diff >= window.windowSize) {
+        // Too old, outside window
+        return false;
+    }
+    const mask = 1n << diff;
+    if (window.bitmap & mask) {
+        // Already seen (replay)
+        return false;
+    }
+    // Mark as seen
+    window.bitmap |= mask;
+    return true;
+}
+/**
+ * Check if a sequence number would be valid without updating the window.
+ *
+ * Useful for pre-validation before decryption.
+ */
+export function isValidSequence(seq, window) {
+    if (window.maxSeen === -1n) {
+        return true;
+    }
+    if (seq > window.maxSeen) {
+        return true;
+    }
+    const diff = window.maxSeen - seq;
+    if (diff >= window.windowSize) {
+        return false;
+    }
+    const mask = 1n << diff;
+    return (window.bitmap & mask) === 0n;
+}
+/**
+ * Reset the replay window to initial state.
+ */
+export function resetReplayWindow(window) {
+    window.maxSeen = -1n;
+    window.bitmap = 0n;
+}
+//# sourceMappingURL=replay.js.map

package/dist/replay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.js","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC;;;;;;GAMG;AAEH,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAY5D;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,aAAqB,0BAA0B;IAE/C,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,EAAE,uBAAuB;QACrC,MAAM,EAAE,EAAE;QACV,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,GAAW,EACX,MAAoB;IAEpB,qBAAqB;IACrB,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;QACrB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,mCAAmC;QACnC,MAAM,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC;QACnC,IAAI,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC/B,sCAAsC;YACtC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0CAA0C;IAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;IAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC9B,0BAA0B;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,IAAI,IAAI,CAAC;IACxB,IAAI,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QACzB,wBAAwB;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,eAAe;IACf,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,MAAoB;IAC/D,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;IAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,IAAI,IAAI,CAAC;IACxB,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAoB;IACpD,MAAM,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;IACrB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;AACrB,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,67 @@
+import { type ReplayWindow } from "./replay.js";
+import type { ClientId, EncryptedMessage, SessionKeys } from "./types.js";
+/** Crypto state for one direction of communication (traffic key, counters, replay) */
+interface ChannelState {
+    trafficKey: Uint8Array;
+    sendSeq: bigint;
+    recvWindow: ReplayWindow;
+}
+/** Client session (daemon-side state for each connected client) */
+export interface ClientSession {
+    clientId: ClientId;
+    clientToDaemon: ChannelState;
+    daemonToClient: ChannelState;
+}
+/** Daemon session (client-side state for communicating with daemon) */
+export interface DaemonSession {
+    clientToDaemon: ChannelState;
+    daemonToClient: ChannelState;
+}
+/**
+ * Create a client session (daemon side).
+ *
+ * Used by daemon to manage state for each connected client.
+ */
+export declare function createClientSession(clientId: ClientId, sessionKeys: SessionKeys): ClientSession;
+/**
+ * Create a daemon session (client side).
+ *
+ * Used by client to communicate with daemon.
+ */
+export declare function createDaemonSession(sessionKeys: SessionKeys): DaemonSession;
+/**
+ * Encrypt a message from client to daemon.
+ */
+export declare function encryptClientToDaemon(session: DaemonSession, plaintext: Uint8Array): EncryptedMessage;
+/**
+ * Encrypt a message from daemon to client.
+ */
+export declare function encryptDaemonToClient(session: ClientSession, plaintext: Uint8Array): EncryptedMessage;
+/**
+ * Decrypt a message received by daemon from client.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export declare function decryptClientToDaemon(session: ClientSession, message: EncryptedMessage): Uint8Array;
+/**
+ * Decrypt a message received by client from daemon.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export declare function decryptDaemonToClient(session: DaemonSession, message: EncryptedMessage): Uint8Array;
+/**
+ * Clear all key material from a client session.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export declare function clearClientSession(session: ClientSession): void;
+/**
+ * Clear all key material from a daemon session.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export declare function clearDaemonSession(session: DaemonSession): void;
+export {};
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAUA,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG1E,sFAAsF;AACtF,UAAU,YAAY;IACpB,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,YAAY,CAAC;CAC1B;AAED,mEAAmE;AACnE,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc,EAAE,YAAY,CAAC;IAC7B,cAAc,EAAE,YAAY,CAAC;CAC9B;AAED,uEAAuE;AACvE,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,YAAY,CAAC;IAC7B,cAAc,EAAE,YAAY,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,GACvB,aAAa,CAcf;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,WAAW,GAAG,aAAa,CAa3E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,UAAU,GACpB,gBAAgB,CAUlB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,UAAU,GACpB,gBAAgB,CAUlB;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,gBAAgB,GACxB,UAAU,CAkBZ;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,gBAAgB,GACxB,UAAU,CAkBZ;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAG/D;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAG/D"}

package/dist/session.js

@@ -0,0 +1,122 @@
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Session management for Sideband Relay Protocol (SBRP).
+ *
+ * Handles encrypted message sending/receiving with proper key selection,
+ * sequence number tracking, and replay protection.
+ */
+import { decrypt, encrypt, extractSequence, zeroize } from "./crypto.js";
+import { checkAndUpdateReplay, createReplayWindow, } from "./replay.js";
+import { Direction, SbrpError, SbrpErrorCode } from "./types.js";
+/**
+ * Create a client session (daemon side).
+ *
+ * Used by daemon to manage state for each connected client.
+ */
+export function createClientSession(clientId, sessionKeys) {
+    return {
+        clientId,
+        clientToDaemon: {
+            trafficKey: sessionKeys.clientToDaemon,
+            sendSeq: 0n,
+            recvWindow: createReplayWindow(),
+        },
+        daemonToClient: {
+            trafficKey: sessionKeys.daemonToClient,
+            sendSeq: 0n,
+            recvWindow: createReplayWindow(),
+        },
+    };
+}
+/**
+ * Create a daemon session (client side).
+ *
+ * Used by client to communicate with daemon.
+ */
+export function createDaemonSession(sessionKeys) {
+    return {
+        clientToDaemon: {
+            trafficKey: sessionKeys.clientToDaemon,
+            sendSeq: 0n,
+            recvWindow: createReplayWindow(),
+        },
+        daemonToClient: {
+            trafficKey: sessionKeys.daemonToClient,
+            sendSeq: 0n,
+            recvWindow: createReplayWindow(),
+        },
+    };
+}
+/**
+ * Encrypt a message from client to daemon.
+ */
+export function encryptClientToDaemon(session, plaintext) {
+    const seq = session.clientToDaemon.sendSeq++;
+    const data = encrypt(session.clientToDaemon.trafficKey, Direction.ClientToDaemon, seq, plaintext);
+    return { type: "encrypted", seq, data };
+}
+/**
+ * Encrypt a message from daemon to client.
+ */
+export function encryptDaemonToClient(session, plaintext) {
+    const seq = session.daemonToClient.sendSeq++;
+    const data = encrypt(session.daemonToClient.trafficKey, Direction.DaemonToClient, seq, plaintext);
+    return { type: "encrypted", seq, data };
+}
+/**
+ * Decrypt a message received by daemon from client.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export function decryptClientToDaemon(session, message) {
+    // Check replay protection
+    const seq = extractSequence(message.data);
+    if (!checkAndUpdateReplay(seq, session.clientToDaemon.recvWindow)) {
+        throw new SbrpError(SbrpErrorCode.SequenceError, "Sequence number outside valid window or replay detected");
+    }
+    try {
+        return decrypt(session.clientToDaemon.trafficKey, message.data);
+    }
+    catch {
+        throw new SbrpError(SbrpErrorCode.DecryptFailed, "Message decryption failed");
+    }
+}
+/**
+ * Decrypt a message received by client from daemon.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export function decryptDaemonToClient(session, message) {
+    // Check replay protection
+    const seq = extractSequence(message.data);
+    if (!checkAndUpdateReplay(seq, session.daemonToClient.recvWindow)) {
+        throw new SbrpError(SbrpErrorCode.SequenceError, "Sequence number outside valid window or replay detected");
+    }
+    try {
+        return decrypt(session.daemonToClient.trafficKey, message.data);
+    }
+    catch {
+        throw new SbrpError(SbrpErrorCode.DecryptFailed, "Message decryption failed");
+    }
+}
+/**
+ * Clear all key material from a client session.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export function clearClientSession(session) {
+    zeroize(session.clientToDaemon.trafficKey);
+    zeroize(session.daemonToClient.trafficKey);
+}
+/**
+ * Clear all key material from a daemon session.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export function clearDaemonSession(session) {
+    zeroize(session.clientToDaemon.trafficKey);
+    zeroize(session.daemonToClient.trafficKey);
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EACL,oBAAoB,EACpB,kBAAkB,GAEnB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAsBjE;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAkB,EAClB,WAAwB;IAExB,OAAO;QACL,QAAQ;QACR,cAAc,EAAE;YACd,UAAU,EAAE,WAAW,CAAC,cAAc;YACtC,OAAO,EAAE,EAAE;YACX,UAAU,EAAE,kBAAkB,EAAE;SACjC;QACD,cAAc,EAAE;YACd,UAAU,EAAE,WAAW,CAAC,cAAc;YACtC,OAAO,EAAE,EAAE;YACX,UAAU,EAAE,kBAAkB,EAAE;SACjC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAwB;IAC1D,OAAO;QACL,cAAc,EAAE;YACd,UAAU,EAAE,WAAW,CAAC,cAAc;YACtC,OAAO,EAAE,EAAE;YACX,UAAU,EAAE,kBAAkB,EAAE;SACjC;QACD,cAAc,EAAE;YACd,UAAU,EAAE,WAAW,CAAC,cAAc;YACtC,OAAO,EAAE,EAAE;YACX,UAAU,EAAE,kBAAkB,EAAE;SACjC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAsB,EACtB,SAAqB;IAErB,MAAM,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,OAAO,CAClB,OAAO,CAAC,cAAc,CAAC,UAAU,EACjC,SAAS,CAAC,cAAc,EACxB,GAAG,EACH,SAAS,CACV,CAAC;IAEF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAsB,EACtB,SAAqB;IAErB,MAAM,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,OAAO,CAClB,OAAO,CAAC,cAAc,CAAC,UAAU,EACjC,SAAS,CAAC,cAAc,EACxB,GAAG,EACH,SAAS,CACV,CAAC;IAEF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAsB,EACtB,OAAyB;IAEzB,0BAA0B;IAC1B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,2BAA2B,CAC5B,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAsB,EACtB,OAAyB;IAEzB,0BAA0B;IAC1B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,aAAa,EAC3B,2BAA2B,CAC5B,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAsB;IACvD,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC3C,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;AAC7C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAsB;IACvD,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC3C,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;AAC7C,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,120 @@
+/**
+ * Type definitions for Sideband Relay Protocol (SBRP).
+ */
+/** Branded type for daemon identifiers */
+export type DaemonId = string & {
+    readonly __brand: "DaemonId";
+};
+/** Branded type for client session identifiers (relay-assigned) */
+export type ClientId = string & {
+    readonly __brand: "ClientId";
+};
+/**
+ * Session identifier (uint64).
+ * Assigned by control plane, included in JWT `sid` claim as decimal string.
+ * Used in frame headers for routing.
+ */
+export type SessionId = bigint;
+/** Ed25519 identity keypair for daemon authentication */
+export interface IdentityKeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+/** X25519 ephemeral keypair for key exchange */
+export interface EphemeralKeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+/** Session keys derived from handshake (directional symmetric keys) */
+export interface SessionKeys {
+    /** Key for encrypting client→daemon messages */
+    clientToDaemon: Uint8Array;
+    /** Key for encrypting daemon→client messages */
+    daemonToClient: Uint8Array;
+}
+/** Handshake init message (client → daemon) */
+export interface HandshakeInit {
+    type: "handshake.init";
+    initPublicKey: Uint8Array;
+}
+/** Handshake accept message (daemon → client) */
+export interface HandshakeAccept {
+    type: "handshake.accept";
+    identityPublicKey: Uint8Array;
+    acceptPublicKey: Uint8Array;
+    signature: Uint8Array;
+}
+/** Encrypted message envelope */
+export interface EncryptedMessage {
+    type: "encrypted";
+    seq: bigint;
+    data: Uint8Array;
+}
+/** Direction of message flow (used in nonce construction) */
+export declare const Direction: {
+    readonly ClientToDaemon: 1;
+    readonly DaemonToClient: 2;
+};
+export type Direction = (typeof Direction)[keyof typeof Direction];
+/**
+ * SBRP error codes (string constants for SDK use).
+ *
+ * Wire codes use numeric values in Control frames (see frame.ts).
+ * These string constants provide type-safe SDK-level error handling.
+ */
+export declare const SbrpErrorCode: {
+    readonly Unauthorized: "unauthorized";
+    readonly Forbidden: "forbidden";
+    readonly DaemonNotFound: "daemon_not_found";
+    readonly DaemonOffline: "daemon_offline";
+    readonly SessionNotFound: "session_not_found";
+    readonly SessionExpired: "session_expired";
+    readonly MalformedFrame: "malformed_frame";
+    readonly PayloadTooLarge: "payload_too_large";
+    readonly InvalidFrameType: "invalid_frame_type";
+    readonly InvalidSessionId: "invalid_session_id";
+    readonly DisallowedSender: "disallowed_sender";
+    readonly InternalError: "internal_error";
+    readonly RateLimited: "rate_limited";
+    readonly Backpressure: "backpressure";
+    readonly SessionPaused: "session_paused";
+    readonly SessionResumed: "session_resumed";
+    readonly SessionEnded: "session_ended";
+    readonly SessionPending: "session_pending";
+    readonly IdentityKeyChanged: "identity_key_changed";
+    readonly HandshakeFailed: "handshake_failed";
+    readonly HandshakeTimeout: "handshake_timeout";
+    readonly DecryptFailed: "decrypt_failed";
+    readonly SequenceError: "sequence_error";
+};
+export type SbrpErrorCode = (typeof SbrpErrorCode)[keyof typeof SbrpErrorCode];
+/** Signal codes for Signal frame (0x04) */
+export declare const SignalCode: {
+    readonly Ready: 0;
+    readonly Close: 1;
+};
+export type SignalCode = (typeof SignalCode)[keyof typeof SignalCode];
+/** Reason codes for Signal frames (§13.4) */
+export declare const SignalReason: {
+    /** No specific reason (default for ready signal) */
+    readonly None: 0;
+    /** Process restart, memory cleared */
+    readonly StateLost: 1;
+    /** Graceful daemon shutdown */
+    readonly Shutdown: 2;
+    /** Internal policy denial */
+    readonly Policy: 3;
+    /** Internal daemon error */
+    readonly Error: 4;
+};
+export type SignalReason = (typeof SignalReason)[keyof typeof SignalReason];
+/** SBRP-specific error */
+export declare class SbrpError extends Error {
+    readonly code: SbrpErrorCode;
+    constructor(code: SbrpErrorCode, message: string);
+}
+/** Brand a string as DaemonId (no validation) */
+export declare function asDaemonId(value: string): DaemonId;
+/** Brand a string as ClientId (no validation) */
+export declare function asClientId(value: string): ClientId;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA;;GAEG;AAEH,0CAA0C;AAC1C,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AAEjE,mEAAmE;AACnE,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AAEjE;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAE/B,yDAAyD;AACzD,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,UAAU,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,UAAU,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC1B,gDAAgD;IAChD,cAAc,EAAE,UAAU,CAAC;IAC3B,gDAAgD;IAChD,cAAc,EAAE,UAAU,CAAC;CAC5B;AAED,+CAA+C;AAC/C,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,gBAAgB,CAAC;IACvB,aAAa,EAAE,UAAU,CAAC;CAC3B;AAED,iDAAiD;AACjD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,kBAAkB,CAAC;IACzB,iBAAiB,EAAE,UAAU,CAAC;IAC9B,eAAe,EAAE,UAAU,CAAC;IAC5B,SAAS,EAAE,UAAU,CAAC;CACvB;AAED,iCAAiC;AACjC,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,WAAW,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,6DAA6D;AAC7D,eAAO,MAAM,SAAS;;;CAGZ,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE;;;;;GAKG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;CAuChB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,OAAO,aAAa,CAAC,CAAC;AAE/E,2CAA2C;AAC3C,eAAO,MAAM,UAAU;;;CAGb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE,6CAA6C;AAC7C,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAEpD,sCAAsC;;IAEtC,+BAA+B;;IAE/B,6BAA6B;;IAE7B,4BAA4B;;CAEpB,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC;AAE5E,0BAA0B;AAC1B,qBAAa,SAAU,SAAQ,KAAK;aAEhB,IAAI,EAAE,aAAa;gBAAnB,IAAI,EAAE,aAAa,EACnC,OAAO,EAAE,MAAM;CAKlB;AAED,iDAAiD;AACjD,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAElD;AAED,iDAAiD;AACjD,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAElD"}