@skillkit/mesh 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +190 -0
- package/README.md +220 -0
- package/dist/index.d.ts +781 -0
- package/dist/index.js +3326 -0
- package/dist/index.js.map +1 -0
- package/package.json +56 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,781 @@
|
|
|
1
|
+
import WebSocket from 'ws';
|
|
2
|
+
|
|
3
|
+
interface PeerKeypair {
|
|
4
|
+
publicKey: Uint8Array;
|
|
5
|
+
privateKey: Uint8Array;
|
|
6
|
+
fingerprint: string;
|
|
7
|
+
}
|
|
8
|
+
interface SerializedIdentity {
|
|
9
|
+
publicKey: string;
|
|
10
|
+
privateKey: string;
|
|
11
|
+
fingerprint: string;
|
|
12
|
+
}
|
|
13
|
+
declare class PeerIdentity {
|
|
14
|
+
private keypair;
|
|
15
|
+
private constructor();
|
|
16
|
+
static generate(): Promise<PeerIdentity>;
|
|
17
|
+
static fromPrivateKey(privateKey: Uint8Array): Promise<PeerIdentity>;
|
|
18
|
+
static fromSerialized(data: SerializedIdentity): PeerIdentity;
|
|
19
|
+
static computeFingerprint(publicKey: Uint8Array): string;
|
|
20
|
+
static verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
|
|
21
|
+
static verifyHex(signatureHex: string, messageHex: string, publicKeyHex: string): Promise<boolean>;
|
|
22
|
+
sign(message: Uint8Array): Promise<Uint8Array>;
|
|
23
|
+
signString(message: string): Promise<string>;
|
|
24
|
+
signObject(obj: object): Promise<string>;
|
|
25
|
+
deriveSharedSecret(peerPublicKey: Uint8Array): Uint8Array;
|
|
26
|
+
deriveSharedSecretHex(peerPublicKeyHex: string): Uint8Array;
|
|
27
|
+
serialize(): SerializedIdentity;
|
|
28
|
+
get publicKey(): Uint8Array;
|
|
29
|
+
get publicKeyHex(): string;
|
|
30
|
+
get privateKey(): Uint8Array;
|
|
31
|
+
get privateKeyHex(): string;
|
|
32
|
+
get fingerprint(): string;
|
|
33
|
+
toJSON(): {
|
|
34
|
+
publicKey: string;
|
|
35
|
+
fingerprint: string;
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
interface EncryptedMessage {
|
|
40
|
+
nonce: string;
|
|
41
|
+
ciphertext: string;
|
|
42
|
+
}
|
|
43
|
+
interface PublicKeyEncryptedMessage {
|
|
44
|
+
ephemeralPublicKey: string;
|
|
45
|
+
nonce: string;
|
|
46
|
+
ciphertext: string;
|
|
47
|
+
}
|
|
48
|
+
declare class MessageEncryption {
|
|
49
|
+
private key;
|
|
50
|
+
constructor(sharedSecret: Uint8Array);
|
|
51
|
+
encrypt(plaintext: string | Uint8Array): EncryptedMessage;
|
|
52
|
+
decrypt(encrypted: EncryptedMessage): Uint8Array;
|
|
53
|
+
decryptToString(encrypted: EncryptedMessage): string;
|
|
54
|
+
decryptToObject<T = unknown>(encrypted: EncryptedMessage): T;
|
|
55
|
+
encryptObject(obj: unknown): EncryptedMessage;
|
|
56
|
+
static fromSharedSecret(sharedSecret: Uint8Array): MessageEncryption;
|
|
57
|
+
}
|
|
58
|
+
declare class PublicKeyEncryption {
|
|
59
|
+
static encrypt(message: Uint8Array, recipientPublicKey: Uint8Array): PublicKeyEncryptedMessage;
|
|
60
|
+
static encryptString(message: string, recipientPublicKey: Uint8Array): PublicKeyEncryptedMessage;
|
|
61
|
+
static encryptStringHex(message: string, recipientPublicKeyHex: string): PublicKeyEncryptedMessage;
|
|
62
|
+
static decrypt(encrypted: PublicKeyEncryptedMessage, recipientPrivateKey: Uint8Array): Uint8Array;
|
|
63
|
+
static decryptToString(encrypted: PublicKeyEncryptedMessage, recipientPrivateKey: Uint8Array): string;
|
|
64
|
+
static decryptToObject<T = unknown>(encrypted: PublicKeyEncryptedMessage, recipientPrivateKey: Uint8Array): T;
|
|
65
|
+
}
|
|
66
|
+
declare function generateNonce(): string;
|
|
67
|
+
declare function generateMessageId(): string;
|
|
68
|
+
|
|
69
|
+
interface SignedData<T> {
|
|
70
|
+
data: T;
|
|
71
|
+
signature: string;
|
|
72
|
+
senderFingerprint: string;
|
|
73
|
+
senderPublicKey: string;
|
|
74
|
+
timestamp: string;
|
|
75
|
+
nonce: string;
|
|
76
|
+
}
|
|
77
|
+
interface SignatureVerificationResult {
|
|
78
|
+
valid: boolean;
|
|
79
|
+
fingerprint?: string;
|
|
80
|
+
error?: string;
|
|
81
|
+
}
|
|
82
|
+
declare function signData<T>(data: T, identity: PeerIdentity): Promise<SignedData<T>>;
|
|
83
|
+
declare function verifySignedData<T>(signed: SignedData<T>, trustedPublicKey?: Uint8Array): Promise<SignatureVerificationResult>;
|
|
84
|
+
declare function isSignedDataExpired(signed: SignedData<unknown>, maxAgeMs?: number): boolean;
|
|
85
|
+
declare function extractSignerFingerprint(signed: SignedData<unknown>): string | null;
|
|
86
|
+
|
|
87
|
+
interface KeystoreConfig {
|
|
88
|
+
path?: string;
|
|
89
|
+
encryptionKey?: string;
|
|
90
|
+
useMachineKey?: boolean;
|
|
91
|
+
}
|
|
92
|
+
interface TrustedPeer {
|
|
93
|
+
fingerprint: string;
|
|
94
|
+
publicKey: string;
|
|
95
|
+
name?: string;
|
|
96
|
+
addedAt: string;
|
|
97
|
+
}
|
|
98
|
+
interface KeystoreData {
|
|
99
|
+
version: '1.0';
|
|
100
|
+
trustedPeers: TrustedPeer[];
|
|
101
|
+
revokedFingerprints: string[];
|
|
102
|
+
}
|
|
103
|
+
declare class SecureKeystore {
|
|
104
|
+
private path;
|
|
105
|
+
private passphrase;
|
|
106
|
+
private identity;
|
|
107
|
+
private keystoreData;
|
|
108
|
+
constructor(config?: KeystoreConfig);
|
|
109
|
+
private get keypairPath();
|
|
110
|
+
private get keystoreDataPath();
|
|
111
|
+
ensureDirectory(): Promise<void>;
|
|
112
|
+
loadOrCreateIdentity(): Promise<PeerIdentity>;
|
|
113
|
+
saveIdentity(): Promise<void>;
|
|
114
|
+
getIdentity(): Promise<PeerIdentity | null>;
|
|
115
|
+
hasIdentity(): Promise<boolean>;
|
|
116
|
+
deleteIdentity(): Promise<void>;
|
|
117
|
+
private loadKeystoreData;
|
|
118
|
+
private saveKeystoreData;
|
|
119
|
+
addTrustedPeer(fingerprint: string, publicKey: string, name?: string): Promise<void>;
|
|
120
|
+
removeTrustedPeer(fingerprint: string): Promise<void>;
|
|
121
|
+
revokePeer(fingerprint: string): Promise<void>;
|
|
122
|
+
isRevoked(fingerprint: string): Promise<boolean>;
|
|
123
|
+
isTrusted(fingerprint: string): Promise<boolean>;
|
|
124
|
+
getTrustedPeer(fingerprint: string): Promise<TrustedPeer | null>;
|
|
125
|
+
getTrustedPeers(): Promise<TrustedPeer[]>;
|
|
126
|
+
getRevokedFingerprints(): Promise<string[]>;
|
|
127
|
+
clearRevokedPeers(): Promise<void>;
|
|
128
|
+
exportPublicInfo(): Promise<{
|
|
129
|
+
fingerprint: string;
|
|
130
|
+
publicKey: string;
|
|
131
|
+
}>;
|
|
132
|
+
}
|
|
133
|
+
declare function getKeystore(config?: KeystoreConfig): SecureKeystore;
|
|
134
|
+
declare function resetKeystore(): void;
|
|
135
|
+
|
|
136
|
+
interface EncryptedFile {
|
|
137
|
+
version: '2.0';
|
|
138
|
+
encrypted: true;
|
|
139
|
+
algorithm: 'aes-256-gcm';
|
|
140
|
+
kdf: 'scrypt';
|
|
141
|
+
salt: string;
|
|
142
|
+
iv: string;
|
|
143
|
+
ciphertext: string;
|
|
144
|
+
authTag: string;
|
|
145
|
+
}
|
|
146
|
+
declare function deriveKey(passphrase: string, salt: Uint8Array): Promise<Buffer>;
|
|
147
|
+
declare function generateSalt(): Uint8Array;
|
|
148
|
+
declare function generateIV(): Uint8Array;
|
|
149
|
+
declare function encryptData(data: Uint8Array | string, passphrase: string): Promise<EncryptedFile>;
|
|
150
|
+
declare function decryptData(encrypted: EncryptedFile, passphrase: string): Promise<Buffer>;
|
|
151
|
+
declare function encryptObject(obj: unknown, passphrase: string): Promise<EncryptedFile>;
|
|
152
|
+
declare function decryptObject<T = unknown>(encrypted: EncryptedFile, passphrase: string): Promise<T>;
|
|
153
|
+
declare function encryptFile(data: unknown, passphrase: string, outputPath: string): Promise<void>;
|
|
154
|
+
declare function decryptFile<T = unknown>(inputPath: string, passphrase: string): Promise<T>;
|
|
155
|
+
declare function isEncryptedFile(data: unknown): data is EncryptedFile;
|
|
156
|
+
declare function hashPassphrase(passphrase: string): string;
|
|
157
|
+
declare function generateMachineKey(): string;
|
|
158
|
+
|
|
159
|
+
type DiscoverySecurityMode = 'open' | 'signed' | 'trusted-only';
|
|
160
|
+
type TransportEncryption = 'none' | 'optional' | 'required';
|
|
161
|
+
type TLSMode = 'none' | 'self-signed' | 'ca-signed';
|
|
162
|
+
interface DiscoverySecurityConfig {
|
|
163
|
+
mode: DiscoverySecurityMode;
|
|
164
|
+
}
|
|
165
|
+
interface TransportSecurityConfig {
|
|
166
|
+
encryption: TransportEncryption;
|
|
167
|
+
tls: TLSMode;
|
|
168
|
+
requireAuth: boolean;
|
|
169
|
+
}
|
|
170
|
+
interface TrustConfig {
|
|
171
|
+
autoTrustFirst: boolean;
|
|
172
|
+
requireManualApproval: boolean;
|
|
173
|
+
trustedFingerprints?: string[];
|
|
174
|
+
}
|
|
175
|
+
interface MeshSecurityConfig {
|
|
176
|
+
identityPath?: string;
|
|
177
|
+
discovery: DiscoverySecurityConfig;
|
|
178
|
+
transport: TransportSecurityConfig;
|
|
179
|
+
trust: TrustConfig;
|
|
180
|
+
}
|
|
181
|
+
declare const SECURITY_PRESETS: {
|
|
182
|
+
readonly development: {
|
|
183
|
+
readonly discovery: {
|
|
184
|
+
readonly mode: "open";
|
|
185
|
+
};
|
|
186
|
+
readonly transport: {
|
|
187
|
+
readonly encryption: "none";
|
|
188
|
+
readonly tls: "none";
|
|
189
|
+
readonly requireAuth: false;
|
|
190
|
+
};
|
|
191
|
+
readonly trust: {
|
|
192
|
+
readonly autoTrustFirst: true;
|
|
193
|
+
readonly requireManualApproval: false;
|
|
194
|
+
};
|
|
195
|
+
};
|
|
196
|
+
readonly signed: {
|
|
197
|
+
readonly discovery: {
|
|
198
|
+
readonly mode: "signed";
|
|
199
|
+
};
|
|
200
|
+
readonly transport: {
|
|
201
|
+
readonly encryption: "optional";
|
|
202
|
+
readonly tls: "none";
|
|
203
|
+
readonly requireAuth: false;
|
|
204
|
+
};
|
|
205
|
+
readonly trust: {
|
|
206
|
+
readonly autoTrustFirst: true;
|
|
207
|
+
readonly requireManualApproval: false;
|
|
208
|
+
};
|
|
209
|
+
};
|
|
210
|
+
readonly secure: {
|
|
211
|
+
readonly discovery: {
|
|
212
|
+
readonly mode: "signed";
|
|
213
|
+
};
|
|
214
|
+
readonly transport: {
|
|
215
|
+
readonly encryption: "required";
|
|
216
|
+
readonly tls: "self-signed";
|
|
217
|
+
readonly requireAuth: true;
|
|
218
|
+
};
|
|
219
|
+
readonly trust: {
|
|
220
|
+
readonly autoTrustFirst: true;
|
|
221
|
+
readonly requireManualApproval: false;
|
|
222
|
+
};
|
|
223
|
+
};
|
|
224
|
+
readonly strict: {
|
|
225
|
+
readonly discovery: {
|
|
226
|
+
readonly mode: "trusted-only";
|
|
227
|
+
};
|
|
228
|
+
readonly transport: {
|
|
229
|
+
readonly encryption: "required";
|
|
230
|
+
readonly tls: "self-signed";
|
|
231
|
+
readonly requireAuth: true;
|
|
232
|
+
};
|
|
233
|
+
readonly trust: {
|
|
234
|
+
readonly autoTrustFirst: false;
|
|
235
|
+
readonly requireManualApproval: true;
|
|
236
|
+
};
|
|
237
|
+
};
|
|
238
|
+
};
|
|
239
|
+
type SecurityPreset = keyof typeof SECURITY_PRESETS;
|
|
240
|
+
declare const DEFAULT_SECURITY_CONFIG: MeshSecurityConfig;
|
|
241
|
+
declare function getSecurityPreset(preset: SecurityPreset): MeshSecurityConfig;
|
|
242
|
+
declare function mergeSecurityConfig(base: MeshSecurityConfig, overrides: Partial<MeshSecurityConfig>): MeshSecurityConfig;
|
|
243
|
+
declare function validateSecurityConfig(config: MeshSecurityConfig): string[];
|
|
244
|
+
declare function isSecurityEnabled(config: MeshSecurityConfig): boolean;
|
|
245
|
+
declare function describeSecurityLevel(config: MeshSecurityConfig): string;
|
|
246
|
+
|
|
247
|
+
interface AuthToken {
|
|
248
|
+
hostId: string;
|
|
249
|
+
fingerprint: string;
|
|
250
|
+
publicKey: string;
|
|
251
|
+
capabilities: string[];
|
|
252
|
+
iat: number;
|
|
253
|
+
exp: number;
|
|
254
|
+
}
|
|
255
|
+
interface AuthChallengeRequest {
|
|
256
|
+
challenge: string;
|
|
257
|
+
timestamp: string;
|
|
258
|
+
}
|
|
259
|
+
interface AuthChallengeResponse {
|
|
260
|
+
challenge: string;
|
|
261
|
+
signature: string;
|
|
262
|
+
publicKey: string;
|
|
263
|
+
fingerprint: string;
|
|
264
|
+
timestamp: string;
|
|
265
|
+
}
|
|
266
|
+
interface AuthResult {
|
|
267
|
+
authenticated: boolean;
|
|
268
|
+
fingerprint?: string;
|
|
269
|
+
publicKey?: string;
|
|
270
|
+
error?: string;
|
|
271
|
+
}
|
|
272
|
+
declare class AuthManager {
|
|
273
|
+
private identity;
|
|
274
|
+
private pendingChallenges;
|
|
275
|
+
constructor(identity: PeerIdentity);
|
|
276
|
+
private getSigningKey;
|
|
277
|
+
private getVerifyingKey;
|
|
278
|
+
createToken(hostId: string, capabilities?: string[], ttlSeconds?: number): Promise<string>;
|
|
279
|
+
verifyToken(token: string): Promise<AuthToken | null>;
|
|
280
|
+
createChallenge(): AuthChallengeRequest;
|
|
281
|
+
respondToChallenge(challengeRequest: AuthChallengeRequest): Promise<AuthChallengeResponse>;
|
|
282
|
+
verifyChallengeResponse(response: AuthChallengeResponse): Promise<AuthResult>;
|
|
283
|
+
private cleanupExpiredChallenges;
|
|
284
|
+
createSignedMessage(payload: unknown): Promise<{
|
|
285
|
+
payload: unknown;
|
|
286
|
+
signature: string;
|
|
287
|
+
fingerprint: string;
|
|
288
|
+
timestamp: string;
|
|
289
|
+
}>;
|
|
290
|
+
verifySignedMessage(message: {
|
|
291
|
+
payload: unknown;
|
|
292
|
+
signature: string;
|
|
293
|
+
fingerprint: string;
|
|
294
|
+
timestamp: string;
|
|
295
|
+
publicKey?: string;
|
|
296
|
+
}): Promise<{
|
|
297
|
+
valid: boolean;
|
|
298
|
+
fingerprint?: string;
|
|
299
|
+
error?: string;
|
|
300
|
+
}>;
|
|
301
|
+
get fingerprint(): string;
|
|
302
|
+
get publicKey(): string;
|
|
303
|
+
}
|
|
304
|
+
declare function extractBearerToken(authHeader: string | undefined): string | null;
|
|
305
|
+
declare function createBearerHeader(token: string): string;
|
|
306
|
+
|
|
307
|
+
interface TLSContextOptions {
|
|
308
|
+
cert?: string;
|
|
309
|
+
key?: string;
|
|
310
|
+
ca?: string[];
|
|
311
|
+
requestCert?: boolean;
|
|
312
|
+
rejectUnauthorized?: boolean;
|
|
313
|
+
}
|
|
314
|
+
interface CertificateInfo {
|
|
315
|
+
cert: string;
|
|
316
|
+
key: string;
|
|
317
|
+
fingerprint: string;
|
|
318
|
+
notBefore: Date;
|
|
319
|
+
notAfter: Date;
|
|
320
|
+
subject: string;
|
|
321
|
+
}
|
|
322
|
+
interface TLSConfig {
|
|
323
|
+
certPath?: string;
|
|
324
|
+
keyPath?: string;
|
|
325
|
+
caPath?: string;
|
|
326
|
+
rejectUnauthorized?: boolean;
|
|
327
|
+
}
|
|
328
|
+
declare class TLSManager {
|
|
329
|
+
private certPath;
|
|
330
|
+
constructor(certPath?: string);
|
|
331
|
+
ensureDirectory(): Promise<void>;
|
|
332
|
+
generateCertificate(hostId: string, hostName?: string, validDays?: number): Promise<CertificateInfo>;
|
|
333
|
+
loadCertificate(hostId: string): Promise<CertificateInfo | null>;
|
|
334
|
+
loadOrCreateCertificate(hostId: string, hostName?: string): Promise<CertificateInfo>;
|
|
335
|
+
hasCertificate(hostId: string): Promise<boolean>;
|
|
336
|
+
getCertificatePath(hostId: string): {
|
|
337
|
+
certPath: string;
|
|
338
|
+
keyPath: string;
|
|
339
|
+
};
|
|
340
|
+
createServerContext(certInfo: CertificateInfo, options?: {
|
|
341
|
+
requestClientCert?: boolean;
|
|
342
|
+
trustedCAs?: string[];
|
|
343
|
+
}): TLSContextOptions;
|
|
344
|
+
createClientContext(certInfo?: CertificateInfo, options?: {
|
|
345
|
+
serverFingerprint?: string;
|
|
346
|
+
trustedCAs?: string[];
|
|
347
|
+
}): TLSContextOptions;
|
|
348
|
+
static computeCertFingerprint(cert: string): string;
|
|
349
|
+
static verifyCertFingerprint(cert: string, expectedFingerprint: string): boolean;
|
|
350
|
+
}
|
|
351
|
+
declare function getTLSManager(certPath?: string): TLSManager;
|
|
352
|
+
declare function resetTLSManager(): void;
|
|
353
|
+
|
|
354
|
+
type HostStatus = 'online' | 'offline' | 'unknown';
|
|
355
|
+
interface Host {
|
|
356
|
+
id: string;
|
|
357
|
+
name: string;
|
|
358
|
+
address: string;
|
|
359
|
+
port: number;
|
|
360
|
+
tailscaleIP?: string;
|
|
361
|
+
status: HostStatus;
|
|
362
|
+
lastSeen: string;
|
|
363
|
+
version?: string;
|
|
364
|
+
metadata?: Record<string, unknown>;
|
|
365
|
+
}
|
|
366
|
+
interface Peer {
|
|
367
|
+
hostId: string;
|
|
368
|
+
agentId: string;
|
|
369
|
+
agentName: string;
|
|
370
|
+
aliases: string[];
|
|
371
|
+
capabilities: string[];
|
|
372
|
+
status: HostStatus;
|
|
373
|
+
lastSeen: string;
|
|
374
|
+
}
|
|
375
|
+
interface PeerMesh {
|
|
376
|
+
localHost: Host;
|
|
377
|
+
peers: Map<string, Peer>;
|
|
378
|
+
hosts: Map<string, Host>;
|
|
379
|
+
}
|
|
380
|
+
interface HostConfig {
|
|
381
|
+
id: string;
|
|
382
|
+
name: string;
|
|
383
|
+
port: number;
|
|
384
|
+
tailscaleIP?: string;
|
|
385
|
+
autoStart?: boolean;
|
|
386
|
+
discoveryEnabled?: boolean;
|
|
387
|
+
discoveryPort?: number;
|
|
388
|
+
}
|
|
389
|
+
interface HostsFile {
|
|
390
|
+
version: string;
|
|
391
|
+
localHost: HostConfig;
|
|
392
|
+
knownHosts: Host[];
|
|
393
|
+
lastUpdated: string;
|
|
394
|
+
}
|
|
395
|
+
interface DiscoveryMessage {
|
|
396
|
+
type: 'announce' | 'query' | 'response';
|
|
397
|
+
hostId: string;
|
|
398
|
+
hostName: string;
|
|
399
|
+
address: string;
|
|
400
|
+
port: number;
|
|
401
|
+
tailscaleIP?: string;
|
|
402
|
+
version: string;
|
|
403
|
+
timestamp: string;
|
|
404
|
+
}
|
|
405
|
+
interface SignedDiscoveryMessage extends DiscoveryMessage {
|
|
406
|
+
signature: string;
|
|
407
|
+
publicKey: string;
|
|
408
|
+
fingerprint: string;
|
|
409
|
+
}
|
|
410
|
+
interface HealthCheckResult {
|
|
411
|
+
hostId: string;
|
|
412
|
+
address: string;
|
|
413
|
+
port: number;
|
|
414
|
+
status: HostStatus;
|
|
415
|
+
latencyMs: number;
|
|
416
|
+
error?: string;
|
|
417
|
+
checkedAt: string;
|
|
418
|
+
}
|
|
419
|
+
interface PeerRegistration {
|
|
420
|
+
hostId: string;
|
|
421
|
+
agentId: string;
|
|
422
|
+
agentName: string;
|
|
423
|
+
aliases: string[];
|
|
424
|
+
capabilities: string[];
|
|
425
|
+
}
|
|
426
|
+
interface TransportMessage {
|
|
427
|
+
id: string;
|
|
428
|
+
type: string;
|
|
429
|
+
from: string;
|
|
430
|
+
to: string;
|
|
431
|
+
payload: unknown;
|
|
432
|
+
timestamp: string;
|
|
433
|
+
}
|
|
434
|
+
interface SecureTransportMessage extends TransportMessage {
|
|
435
|
+
signature: string;
|
|
436
|
+
senderFingerprint: string;
|
|
437
|
+
senderPublicKey: string;
|
|
438
|
+
nonce: string;
|
|
439
|
+
encrypted?: boolean;
|
|
440
|
+
}
|
|
441
|
+
interface EncryptedTransportMessage {
|
|
442
|
+
id: string;
|
|
443
|
+
senderFingerprint: string;
|
|
444
|
+
nonce: string;
|
|
445
|
+
ciphertext: string;
|
|
446
|
+
timestamp: string;
|
|
447
|
+
}
|
|
448
|
+
interface TransportOptions {
|
|
449
|
+
timeout?: number;
|
|
450
|
+
retries?: number;
|
|
451
|
+
retryDelay?: number;
|
|
452
|
+
}
|
|
453
|
+
interface SecureTransportOptions extends TransportOptions {
|
|
454
|
+
requireEncryption?: boolean;
|
|
455
|
+
requireAuth?: boolean;
|
|
456
|
+
authToken?: string;
|
|
457
|
+
}
|
|
458
|
+
declare const DEFAULT_PORT = 9876;
|
|
459
|
+
declare const DEFAULT_DISCOVERY_PORT = 9877;
|
|
460
|
+
declare const HEALTH_CHECK_TIMEOUT = 5000;
|
|
461
|
+
declare const DISCOVERY_INTERVAL = 30000;
|
|
462
|
+
declare const MESH_VERSION = "1.7.11";
|
|
463
|
+
|
|
464
|
+
declare function getHostsFilePath(): Promise<string>;
|
|
465
|
+
declare function loadHostsFile(): Promise<HostsFile>;
|
|
466
|
+
declare function saveHostsFile(hostsFile: HostsFile): Promise<void>;
|
|
467
|
+
declare function createDefaultHostsFile(): HostsFile;
|
|
468
|
+
declare function getLocalHostConfig(): Promise<HostConfig>;
|
|
469
|
+
declare function updateLocalHostConfig(updates: Partial<HostConfig>): Promise<HostConfig>;
|
|
470
|
+
declare function addKnownHost(host: Host): Promise<void>;
|
|
471
|
+
declare function removeKnownHost(hostId: string): Promise<boolean>;
|
|
472
|
+
declare function getKnownHosts(): Promise<Host[]>;
|
|
473
|
+
declare function getKnownHost(hostId: string): Promise<Host | undefined>;
|
|
474
|
+
declare function updateKnownHost(hostId: string, updates: Partial<Host>): Promise<Host | null>;
|
|
475
|
+
declare function initializeHostsFile(): Promise<HostsFile>;
|
|
476
|
+
|
|
477
|
+
interface LocalDiscoveryOptions {
|
|
478
|
+
port?: number;
|
|
479
|
+
interval?: number;
|
|
480
|
+
onDiscover?: (host: Host) => void;
|
|
481
|
+
}
|
|
482
|
+
declare class LocalDiscovery {
|
|
483
|
+
private socket;
|
|
484
|
+
private announceInterval;
|
|
485
|
+
private running;
|
|
486
|
+
private options;
|
|
487
|
+
private discoveredHosts;
|
|
488
|
+
constructor(options?: LocalDiscoveryOptions);
|
|
489
|
+
start(): Promise<void>;
|
|
490
|
+
stop(): Promise<void>;
|
|
491
|
+
announce(): Promise<void>;
|
|
492
|
+
query(): Promise<void>;
|
|
493
|
+
getDiscoveredHosts(): Host[];
|
|
494
|
+
isRunning(): boolean;
|
|
495
|
+
private handleMessage;
|
|
496
|
+
}
|
|
497
|
+
declare function getLocalIPAddress(): string;
|
|
498
|
+
declare function getAllLocalIPAddresses(): string[];
|
|
499
|
+
declare function discoverOnce(timeout?: number): Promise<Host[]>;
|
|
500
|
+
|
|
501
|
+
interface SecureLocalDiscoveryOptions {
|
|
502
|
+
port?: number;
|
|
503
|
+
interval?: number;
|
|
504
|
+
onDiscover?: (host: Host, fingerprint?: string) => void;
|
|
505
|
+
security?: MeshSecurityConfig;
|
|
506
|
+
identity?: PeerIdentity;
|
|
507
|
+
keystore?: SecureKeystore;
|
|
508
|
+
}
|
|
509
|
+
declare class SecureLocalDiscovery {
|
|
510
|
+
private socket;
|
|
511
|
+
private announceInterval;
|
|
512
|
+
private running;
|
|
513
|
+
private options;
|
|
514
|
+
private discoveredHosts;
|
|
515
|
+
private identity;
|
|
516
|
+
private keystore;
|
|
517
|
+
private securityMode;
|
|
518
|
+
constructor(options?: SecureLocalDiscoveryOptions);
|
|
519
|
+
initialize(): Promise<void>;
|
|
520
|
+
start(): Promise<void>;
|
|
521
|
+
stop(): Promise<void>;
|
|
522
|
+
announce(): Promise<void>;
|
|
523
|
+
query(): Promise<void>;
|
|
524
|
+
getDiscoveredHosts(): Host[];
|
|
525
|
+
isRunning(): boolean;
|
|
526
|
+
getFingerprint(): string | null;
|
|
527
|
+
private handleMessage;
|
|
528
|
+
private isSignedMessage;
|
|
529
|
+
private verifySignedMessage;
|
|
530
|
+
}
|
|
531
|
+
declare function discoverOnceSecure(timeout?: number, options?: SecureLocalDiscoveryOptions): Promise<Host[]>;
|
|
532
|
+
|
|
533
|
+
interface TailscaleStatus {
|
|
534
|
+
available: boolean;
|
|
535
|
+
self?: TailscalePeer;
|
|
536
|
+
peers: TailscalePeer[];
|
|
537
|
+
magicDNSSuffix?: string;
|
|
538
|
+
}
|
|
539
|
+
interface TailscalePeer {
|
|
540
|
+
id: string;
|
|
541
|
+
name: string;
|
|
542
|
+
tailscaleIP: string;
|
|
543
|
+
hostname: string;
|
|
544
|
+
online: boolean;
|
|
545
|
+
os?: string;
|
|
546
|
+
lastSeen?: string;
|
|
547
|
+
}
|
|
548
|
+
declare function getTailscaleStatus(): Promise<TailscaleStatus>;
|
|
549
|
+
declare function isTailscaleAvailable(): Promise<boolean>;
|
|
550
|
+
declare function getTailscaleIP(): Promise<string | null>;
|
|
551
|
+
declare function discoverTailscaleHosts(skillkitPort: number): Promise<Host[]>;
|
|
552
|
+
declare function resolveTailscaleName(hostname: string): Promise<string | null>;
|
|
553
|
+
|
|
554
|
+
interface PeerRegistry {
|
|
555
|
+
peers: Map<string, Peer>;
|
|
556
|
+
localPeers: Map<string, Peer>;
|
|
557
|
+
}
|
|
558
|
+
declare class PeerRegistryManager {
|
|
559
|
+
private registry;
|
|
560
|
+
initialize(): Promise<void>;
|
|
561
|
+
registerLocalPeer(registration: PeerRegistration): Promise<Peer>;
|
|
562
|
+
unregisterLocalPeer(agentId: string): Promise<boolean>;
|
|
563
|
+
registerRemotePeer(peer: Peer): void;
|
|
564
|
+
unregisterRemotePeer(hostId: string, agentId: string): boolean;
|
|
565
|
+
getPeer(hostId: string, agentId: string): Peer | undefined;
|
|
566
|
+
getLocalPeer(agentId: string): Peer | undefined;
|
|
567
|
+
getAllPeers(): Peer[];
|
|
568
|
+
getLocalPeers(): Peer[];
|
|
569
|
+
getRemotePeers(): Peer[];
|
|
570
|
+
getPeersByHost(hostId: string): Peer[];
|
|
571
|
+
findPeerByName(name: string): Peer | undefined;
|
|
572
|
+
findPeersByCapability(capability: string): Peer[];
|
|
573
|
+
resolvePeerAddress(nameOrId: string): Promise<{
|
|
574
|
+
host: Host;
|
|
575
|
+
peer: Peer;
|
|
576
|
+
} | null>;
|
|
577
|
+
updatePeerStatus(hostId: string, agentId: string, status: Peer['status']): void;
|
|
578
|
+
markHostOffline(hostId: string): void;
|
|
579
|
+
markHostOnline(hostId: string): void;
|
|
580
|
+
clearRemotePeers(): void;
|
|
581
|
+
private loadLocalPeers;
|
|
582
|
+
private saveLocalPeers;
|
|
583
|
+
}
|
|
584
|
+
declare function getPeerRegistry(): Promise<PeerRegistryManager>;
|
|
585
|
+
|
|
586
|
+
interface HealthCheckOptions {
|
|
587
|
+
timeout?: number;
|
|
588
|
+
updateStatus?: boolean;
|
|
589
|
+
}
|
|
590
|
+
declare function checkHostHealth(host: Host, options?: HealthCheckOptions): Promise<HealthCheckResult>;
|
|
591
|
+
declare function checkAllHostsHealth(options?: HealthCheckOptions): Promise<HealthCheckResult[]>;
|
|
592
|
+
declare function getOnlineHosts(): Promise<Host[]>;
|
|
593
|
+
declare function getOfflineHosts(): Promise<Host[]>;
|
|
594
|
+
declare function waitForHost(host: Host, maxWaitMs?: number, intervalMs?: number): Promise<boolean>;
|
|
595
|
+
declare class HealthMonitor {
|
|
596
|
+
private interval;
|
|
597
|
+
private running;
|
|
598
|
+
private checking;
|
|
599
|
+
private onStatusChange?;
|
|
600
|
+
constructor(options?: {
|
|
601
|
+
onStatusChange?: (host: Host, oldStatus: HostStatus, newStatus: HostStatus) => void;
|
|
602
|
+
});
|
|
603
|
+
start(intervalMs?: number): Promise<void>;
|
|
604
|
+
stop(): void;
|
|
605
|
+
isRunning(): boolean;
|
|
606
|
+
private checkAll;
|
|
607
|
+
}
|
|
608
|
+
|
|
609
|
+
interface HttpTransportOptions extends TransportOptions {
|
|
610
|
+
baseUrl?: string;
|
|
611
|
+
headers?: Record<string, string>;
|
|
612
|
+
}
|
|
613
|
+
declare class HttpTransport {
|
|
614
|
+
private client;
|
|
615
|
+
private options;
|
|
616
|
+
constructor(host: Host, options?: HttpTransportOptions);
|
|
617
|
+
send(path: string, payload: unknown): Promise<TransportMessage>;
|
|
618
|
+
sendMessage(to: string, type: string, payload: unknown): Promise<TransportMessage>;
|
|
619
|
+
registerPeer(registration: unknown): Promise<TransportMessage>;
|
|
620
|
+
getPeers(): Promise<TransportMessage>;
|
|
621
|
+
healthCheck(): Promise<boolean>;
|
|
622
|
+
}
|
|
623
|
+
declare function sendToHost(host: Host, path: string, payload: unknown, options?: HttpTransportOptions): Promise<TransportMessage>;
|
|
624
|
+
declare function broadcastToHosts(hosts: Host[], path: string, payload: unknown, options?: HttpTransportOptions): Promise<Map<string, TransportMessage | Error>>;
|
|
625
|
+
|
|
626
|
+
interface WebSocketTransportOptions extends TransportOptions {
|
|
627
|
+
reconnect?: boolean;
|
|
628
|
+
reconnectInterval?: number;
|
|
629
|
+
maxReconnectAttempts?: number;
|
|
630
|
+
}
|
|
631
|
+
type MessageHandler = (message: TransportMessage, socket: WebSocket) => void;
|
|
632
|
+
declare class WebSocketTransport {
|
|
633
|
+
private socket;
|
|
634
|
+
private options;
|
|
635
|
+
private url;
|
|
636
|
+
private reconnectAttempts;
|
|
637
|
+
private messageHandlers;
|
|
638
|
+
private connected;
|
|
639
|
+
private reconnectTimer;
|
|
640
|
+
private manualClose;
|
|
641
|
+
constructor(host: Host, options?: WebSocketTransportOptions);
|
|
642
|
+
connect(): Promise<void>;
|
|
643
|
+
disconnect(): void;
|
|
644
|
+
send(message: Omit<TransportMessage, 'id' | 'timestamp'>): Promise<void>;
|
|
645
|
+
onMessage(handler: MessageHandler): () => void;
|
|
646
|
+
isConnected(): boolean;
|
|
647
|
+
private scheduleReconnect;
|
|
648
|
+
}
|
|
649
|
+
declare class WebSocketServer2 {
|
|
650
|
+
private server;
|
|
651
|
+
private clients;
|
|
652
|
+
private messageHandlers;
|
|
653
|
+
private port;
|
|
654
|
+
private running;
|
|
655
|
+
constructor(port?: number);
|
|
656
|
+
start(): Promise<void>;
|
|
657
|
+
stop(): void;
|
|
658
|
+
broadcast(message: Omit<TransportMessage, 'id' | 'timestamp'>): void;
|
|
659
|
+
sendTo(socket: WebSocket, message: Omit<TransportMessage, 'id' | 'timestamp'>): void;
|
|
660
|
+
onMessage(handler: MessageHandler): () => void;
|
|
661
|
+
getClientCount(): number;
|
|
662
|
+
isRunning(): boolean;
|
|
663
|
+
}
|
|
664
|
+
|
|
665
|
+
interface SecureWebSocketOptions {
|
|
666
|
+
timeout?: number;
|
|
667
|
+
reconnect?: boolean;
|
|
668
|
+
reconnectInterval?: number;
|
|
669
|
+
maxReconnectAttempts?: number;
|
|
670
|
+
security?: MeshSecurityConfig;
|
|
671
|
+
identity?: PeerIdentity;
|
|
672
|
+
keystore?: SecureKeystore;
|
|
673
|
+
}
|
|
674
|
+
type SecureMessageHandler = (message: TransportMessage, socket: WebSocket, senderFingerprint?: string) => void;
|
|
675
|
+
declare class SecureWebSocketTransport {
|
|
676
|
+
private socket;
|
|
677
|
+
private host;
|
|
678
|
+
private options;
|
|
679
|
+
private identity;
|
|
680
|
+
private keystore;
|
|
681
|
+
private authManager;
|
|
682
|
+
private encryption;
|
|
683
|
+
private reconnectAttempts;
|
|
684
|
+
private messageHandlers;
|
|
685
|
+
private connected;
|
|
686
|
+
private authenticated;
|
|
687
|
+
private reconnectTimer;
|
|
688
|
+
constructor(host: Host, options?: SecureWebSocketOptions);
|
|
689
|
+
initialize(): Promise<void>;
|
|
690
|
+
private getUrl;
|
|
691
|
+
connect(): Promise<void>;
|
|
692
|
+
private performClientHandshake;
|
|
693
|
+
disconnect(): void;
|
|
694
|
+
send(message: Omit<TransportMessage, 'id' | 'timestamp'>): Promise<void>;
|
|
695
|
+
onMessage(handler: SecureMessageHandler): () => void;
|
|
696
|
+
isConnected(): boolean;
|
|
697
|
+
isAuthenticated(): boolean;
|
|
698
|
+
getFingerprint(): string | null;
|
|
699
|
+
private scheduleReconnect;
|
|
700
|
+
}
|
|
701
|
+
declare class SecureWebSocketServer {
|
|
702
|
+
private wss;
|
|
703
|
+
private httpsServer;
|
|
704
|
+
private clients;
|
|
705
|
+
private messageHandlers;
|
|
706
|
+
private port;
|
|
707
|
+
private running;
|
|
708
|
+
private identity;
|
|
709
|
+
private keystore;
|
|
710
|
+
private authManager;
|
|
711
|
+
private tlsManager;
|
|
712
|
+
private certInfo;
|
|
713
|
+
private security;
|
|
714
|
+
private hostId;
|
|
715
|
+
constructor(port?: number, options?: {
|
|
716
|
+
security?: MeshSecurityConfig;
|
|
717
|
+
identity?: PeerIdentity;
|
|
718
|
+
keystore?: SecureKeystore;
|
|
719
|
+
hostId?: string;
|
|
720
|
+
});
|
|
721
|
+
initialize(): Promise<void>;
|
|
722
|
+
start(): Promise<void>;
|
|
723
|
+
private handleConnection;
|
|
724
|
+
private performServerHandshake;
|
|
725
|
+
stop(): void;
|
|
726
|
+
broadcast(message: Omit<TransportMessage, 'id' | 'timestamp'>): Promise<void>;
|
|
727
|
+
sendTo(socket: WebSocket, message: Omit<TransportMessage, 'id' | 'timestamp'>): Promise<void>;
|
|
728
|
+
onMessage(handler: SecureMessageHandler): () => void;
|
|
729
|
+
getClientCount(): number;
|
|
730
|
+
isRunning(): boolean;
|
|
731
|
+
getFingerprint(): string | null;
|
|
732
|
+
getAuthenticatedClients(): Array<{
|
|
733
|
+
fingerprint: string;
|
|
734
|
+
publicKey: string;
|
|
735
|
+
}>;
|
|
736
|
+
}
|
|
737
|
+
|
|
738
|
+
interface SecureHttpTransportOptions {
|
|
739
|
+
timeout?: number;
|
|
740
|
+
retries?: number;
|
|
741
|
+
retryDelay?: number;
|
|
742
|
+
headers?: Record<string, string>;
|
|
743
|
+
security?: MeshSecurityConfig;
|
|
744
|
+
identity?: PeerIdentity;
|
|
745
|
+
keystore?: SecureKeystore;
|
|
746
|
+
authToken?: string;
|
|
747
|
+
}
|
|
748
|
+
declare class SecureHttpTransport {
|
|
749
|
+
private client;
|
|
750
|
+
private options;
|
|
751
|
+
private identity;
|
|
752
|
+
private keystore;
|
|
753
|
+
private authManager;
|
|
754
|
+
private authToken;
|
|
755
|
+
private host;
|
|
756
|
+
private security;
|
|
757
|
+
constructor(host: Host, options?: SecureHttpTransportOptions);
|
|
758
|
+
initialize(): Promise<void>;
|
|
759
|
+
private getSecureHeaders;
|
|
760
|
+
send(path: string, payload: unknown): Promise<TransportMessage>;
|
|
761
|
+
sendMessage(to: string, type: string, payload: unknown): Promise<TransportMessage>;
|
|
762
|
+
registerPeer(registration: unknown): Promise<TransportMessage>;
|
|
763
|
+
getPeers(): Promise<TransportMessage>;
|
|
764
|
+
healthCheck(): Promise<boolean>;
|
|
765
|
+
getFingerprint(): string | null;
|
|
766
|
+
setAuthToken(token: string): void;
|
|
767
|
+
}
|
|
768
|
+
declare function sendToHostSecure(host: Host, path: string, payload: unknown, options?: SecureHttpTransportOptions): Promise<TransportMessage>;
|
|
769
|
+
declare function broadcastToHostsSecure(hosts: Host[], path: string, payload: unknown, options?: SecureHttpTransportOptions): Promise<Map<string, TransportMessage | Error>>;
|
|
770
|
+
declare function verifySecureMessage(message: SecureTransportMessage): {
|
|
771
|
+
valid: boolean;
|
|
772
|
+
error?: string;
|
|
773
|
+
};
|
|
774
|
+
|
|
775
|
+
declare function initializeMesh(): Promise<void>;
|
|
776
|
+
declare function initializeSecureMesh(securityConfig?: MeshSecurityConfig): Promise<{
|
|
777
|
+
identity: PeerIdentity;
|
|
778
|
+
keystore: SecureKeystore;
|
|
779
|
+
}>;
|
|
780
|
+
|
|
781
|
+
export { type AuthChallengeRequest, type AuthChallengeResponse, AuthManager, type AuthResult, type AuthToken, type CertificateInfo, DEFAULT_DISCOVERY_PORT, DEFAULT_PORT, DEFAULT_SECURITY_CONFIG, DISCOVERY_INTERVAL, type DiscoveryMessage, type DiscoverySecurityConfig, type DiscoverySecurityMode, type EncryptedFile, type EncryptedMessage, type EncryptedTransportMessage, HEALTH_CHECK_TIMEOUT, type HealthCheckOptions, type HealthCheckResult, HealthMonitor, type Host, type HostConfig, type HostStatus, type HostsFile, HttpTransport, type HttpTransportOptions, type KeystoreConfig, type KeystoreData, LocalDiscovery, type LocalDiscoveryOptions, MESH_VERSION, type MeshSecurityConfig, MessageEncryption, type MessageHandler, type Peer, PeerIdentity, type PeerKeypair, type PeerMesh, type PeerRegistration, type PeerRegistry, PeerRegistryManager, type PublicKeyEncryptedMessage, PublicKeyEncryption, SECURITY_PRESETS, SecureHttpTransport, type SecureHttpTransportOptions, SecureKeystore, SecureLocalDiscovery, type SecureLocalDiscoveryOptions, type SecureMessageHandler, type SecureTransportMessage, type SecureTransportOptions, type SecureWebSocketOptions, SecureWebSocketServer, SecureWebSocketTransport, type SecurityPreset, type SerializedIdentity, type SignatureVerificationResult, type SignedData, type SignedDiscoveryMessage, type TLSConfig, type TLSContextOptions, TLSManager, type TLSMode, type TailscalePeer, type TailscaleStatus, type TransportEncryption, type TransportMessage, type TransportOptions, type TransportSecurityConfig, type TrustConfig, type TrustedPeer, WebSocketServer2 as WebSocketServer, WebSocketTransport, type WebSocketTransportOptions, addKnownHost, broadcastToHosts, broadcastToHostsSecure, checkAllHostsHealth, checkHostHealth, createBearerHeader, createDefaultHostsFile, decryptData, decryptFile, decryptObject, deriveKey, describeSecurityLevel, discoverOnce, discoverOnceSecure, discoverTailscaleHosts, encryptData, encryptFile, encryptObject, extractBearerToken, extractSignerFingerprint, generateIV, generateMachineKey, generateMessageId, generateNonce, generateSalt, getAllLocalIPAddresses, getHostsFilePath, getKeystore, getKnownHost, getKnownHosts, getLocalHostConfig, getLocalIPAddress, getOfflineHosts, getOnlineHosts, getPeerRegistry, getSecurityPreset, getTLSManager, getTailscaleIP, getTailscaleStatus, hashPassphrase, initializeHostsFile, initializeMesh, initializeSecureMesh, isEncryptedFile, isSecurityEnabled, isSignedDataExpired, isTailscaleAvailable, loadHostsFile, mergeSecurityConfig, removeKnownHost, resetKeystore, resetTLSManager, resolveTailscaleName, saveHostsFile, sendToHost, sendToHostSecure, signData, updateKnownHost, updateLocalHostConfig, validateSecurityConfig, verifySecureMessage, verifySignedData, waitForHost };
|