@versini/sassysaint-common 3.0.0 → 3.1.0

package/dist/index.d.ts

@@ -81,4 +81,202 @@ declare const CALLISTO_CHAT_ID_HEADER = "x-callisto-chat-id";
  */
 declare const findProvider: (modelName: string) => null | typeof PROVIDER_ANTHROPIC | typeof PROVIDER_OPENAI | typeof PROVIDER_GOOGLE;
 
-export { ALL_MODELS, ALL_PROVIDERS, ALL_REASONING_MODELS, CALLISTO_CHAT_ID_HEADER, DEFAULT_PROVIDER, MODELS_PER_PROVIDER, MODEL_CLAUDE_HAIKU, MODEL_CLAUDE_SONNET, MODEL_GEMINI_FLASH, MODEL_GEMINI_PRO, MODEL_GPT4_MINI, MODEL_GPT5, MODEL_SONAR, MODEL_SONAR_PRO, PLAN_FREE, PLAN_PLUS, PLAN_PREMIUM, POLICY_GRANTS, PROVIDER_ANTHROPIC, PROVIDER_GOOGLE, PROVIDER_MEMORY, PROVIDER_OPENAI, PROVIDER_PERPLEXITY, PROVIDER_ROLE_MAP, PROVIDER_SUMMARY, ROLE_ASSISTANT, ROLE_HIDDEN, ROLE_INTERNAL, ROLE_SYSTEM, ROLE_USER, findProvider };
+/**
+ * TypeScript interfaces for Server-Mediated Encryption
+ */
+/**
+ * RSA key pair stored in memory for the current session
+ */
+interface ClientCryptoKeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+}
+/**
+ * Serializable format for public key exchange with server
+ */
+interface SerializablePublicKey {
+    /** Public key in JSON Web Key format */
+    jwk: JsonWebKey;
+    /** Key type identifier */
+    kty: "RSA";
+    /** Algorithm identifier */
+    alg: "RSA-OAEP-256";
+}
+/**
+ * Response from server's key exchange mutation
+ */
+interface KeyExchangeResponse {
+    /** Server's public key in JWK format */
+    serverPublicKey: string;
+    /** Server's key identifier for rotation tracking */
+    keyId: string;
+    /** List of supported encryption algorithms */
+    supportedAlgorithms: string[];
+}
+/**
+ * Client crypto session state stored in memory
+ */
+interface CryptoSession {
+    /** Client's RSA key pair */
+    clientKeyPair: ClientCryptoKeyPair;
+    /** Server's public key for encryption */
+    serverPublicKey: CryptoKey;
+    /** Unique device/session identifier */
+    deviceId: string;
+    /** Server's key identifier */
+    serverKeyId: string;
+    /** When this session was established */
+    establishedAt: Date;
+}
+/**
+ * Encrypted message format for transport
+ */
+interface EncryptedMessage {
+    /** Base64-encoded encrypted data */
+    data: string;
+    /** Algorithm used for encryption */
+    algorithm: "RSA-OAEP";
+    /** Key ID used for encryption */
+    keyId: string;
+}
+/**
+ * Parameters for RSA key generation
+ */
+interface RSAKeyGenParams {
+    /** RSA modulus length in bits */
+    modulusLength: 2048 | 4096;
+    /** Public exponent */
+    publicExponent: Uint8Array;
+    /** Hash algorithm for OAEP */
+    hash: "SHA-256";
+}
+/**
+ * Error types for crypto operations
+ */
+declare class CryptoError extends Error {
+    readonly code: "KEY_GENERATION_FAILED" | "ENCRYPTION_FAILED" | "DECRYPTION_FAILED" | "KEY_IMPORT_FAILED" | "INVALID_KEY_FORMAT";
+    readonly originalError?: Error | undefined;
+    constructor(message: string, code: "KEY_GENERATION_FAILED" | "ENCRYPTION_FAILED" | "DECRYPTION_FAILED" | "KEY_IMPORT_FAILED" | "INVALID_KEY_FORMAT", originalError?: Error | undefined);
+}
+/**
+ * Configuration options for crypto operations
+ */
+interface CryptoConfig {
+    /** RSA key size in bits */
+    keySize: 2048 | 4096;
+    /** Enable debug logging */
+    debug: boolean;
+}
+/**
+ * Default crypto configuration
+ */
+declare const DEFAULT_CRYPTO_CONFIG: CryptoConfig;
+
+/**
+ * Generate a new RSA key pair for the current session
+ */
+declare function generateClientKeyPair(config?: Partial<CryptoConfig>): Promise<ClientCryptoKeyPair>;
+/**
+ * Export public key to serializable format for server exchange
+ */
+declare function exportPublicKey(publicKey: CryptoKey): Promise<SerializablePublicKey>;
+/**
+ * Import server's public key from JWK format
+ */
+declare function importServerPublicKey(serverPublicKeyJWK: string): Promise<CryptoKey>;
+/**
+ * Encrypt message for transmission to server
+ */
+declare function encryptForServer(message: string, serverPublicKey: CryptoKey, serverKeyId: string): Promise<EncryptedMessage>;
+/**
+ * Decrypt message received from server
+ */
+declare function decryptFromServer(encryptedMessage: EncryptedMessage, clientPrivateKey: CryptoKey): Promise<string>;
+/**
+ * Create a complete crypto session with key exchange
+ */
+declare function establishCryptoSession(keyExchangeResponse: KeyExchangeResponse, clientKeyPair: ClientCryptoKeyPair, deviceId: string): Promise<CryptoSession>;
+/**
+ * Validate that a crypto session is still valid
+ */
+declare function isCryptoSessionValid(session: CryptoSession): boolean;
+
+/**
+ * Utility functions for crypto operations
+ */
+/**
+ * Generate a unique device ID for this session
+ */
+declare function generateDeviceId(): string;
+/**
+ * Check if the current environment supports Web Crypto API
+ */
+declare function isWebCryptoSupported(): boolean;
+/**
+ * Validate that we're in a secure context (required for Web Crypto API)
+ */
+declare function isSecureContext(): boolean;
+/**
+ * Check if encryption is available in the current environment
+ */
+declare function canUseEncryption(): boolean;
+/**
+ * Convert ArrayBuffer to base64 string
+ */
+declare function arrayBufferToBase64(buffer: ArrayBuffer): string;
+/**
+ * Convert base64 string to ArrayBuffer
+ */
+declare function base64ToArrayBuffer(base64: string): ArrayBuffer;
+/**
+ * Safely stringify JSON with error handling
+ */
+declare function safeStringify(obj: unknown): string;
+/**
+ * Safely parse JSON with error handling
+ */
+declare function safeParse<T = unknown>(json: string): T | null;
+/**
+ * Debug logger for crypto operations (only in development)
+ *
+ * ⚠️ SECURITY WARNING: Never log sensitive data such as:
+ * - Private or public key objects
+ * - Encrypted or decrypted data
+ * - Raw cryptographic material
+ * - Device IDs or session identifiers
+ *
+ * Only log non-sensitive metadata like algorithms, key sizes, operation status, etc.
+ */
+declare function debugLog(message: string, ...args: unknown[]): void;
+
+type index_ClientCryptoKeyPair = ClientCryptoKeyPair;
+type index_CryptoConfig = CryptoConfig;
+type index_CryptoError = CryptoError;
+declare const index_CryptoError: typeof CryptoError;
+type index_CryptoSession = CryptoSession;
+declare const index_DEFAULT_CRYPTO_CONFIG: typeof DEFAULT_CRYPTO_CONFIG;
+type index_EncryptedMessage = EncryptedMessage;
+type index_KeyExchangeResponse = KeyExchangeResponse;
+type index_RSAKeyGenParams = RSAKeyGenParams;
+type index_SerializablePublicKey = SerializablePublicKey;
+declare const index_arrayBufferToBase64: typeof arrayBufferToBase64;
+declare const index_base64ToArrayBuffer: typeof base64ToArrayBuffer;
+declare const index_canUseEncryption: typeof canUseEncryption;
+declare const index_debugLog: typeof debugLog;
+declare const index_decryptFromServer: typeof decryptFromServer;
+declare const index_encryptForServer: typeof encryptForServer;
+declare const index_establishCryptoSession: typeof establishCryptoSession;
+declare const index_exportPublicKey: typeof exportPublicKey;
+declare const index_generateClientKeyPair: typeof generateClientKeyPair;
+declare const index_generateDeviceId: typeof generateDeviceId;
+declare const index_importServerPublicKey: typeof importServerPublicKey;
+declare const index_isCryptoSessionValid: typeof isCryptoSessionValid;
+declare const index_isSecureContext: typeof isSecureContext;
+declare const index_isWebCryptoSupported: typeof isWebCryptoSupported;
+declare const index_safeParse: typeof safeParse;
+declare const index_safeStringify: typeof safeStringify;
+declare namespace index {
+  export { type index_ClientCryptoKeyPair as ClientCryptoKeyPair, type index_CryptoConfig as CryptoConfig, index_CryptoError as CryptoError, type index_CryptoSession as CryptoSession, index_DEFAULT_CRYPTO_CONFIG as DEFAULT_CRYPTO_CONFIG, type index_EncryptedMessage as EncryptedMessage, type index_KeyExchangeResponse as KeyExchangeResponse, type index_RSAKeyGenParams as RSAKeyGenParams, type index_SerializablePublicKey as SerializablePublicKey, index_arrayBufferToBase64 as arrayBufferToBase64, index_base64ToArrayBuffer as base64ToArrayBuffer, index_canUseEncryption as canUseEncryption, index_debugLog as debugLog, index_decryptFromServer as decryptFromServer, index_encryptForServer as encryptForServer, index_establishCryptoSession as establishCryptoSession, index_exportPublicKey as exportPublicKey, index_generateClientKeyPair as generateClientKeyPair, index_generateDeviceId as generateDeviceId, index_importServerPublicKey as importServerPublicKey, index_isCryptoSessionValid as isCryptoSessionValid, index_isSecureContext as isSecureContext, index_isWebCryptoSupported as isWebCryptoSupported, index_safeParse as safeParse, index_safeStringify as safeStringify };
+}
+
+export { ALL_MODELS, ALL_PROVIDERS, ALL_REASONING_MODELS, CALLISTO_CHAT_ID_HEADER, DEFAULT_PROVIDER, MODELS_PER_PROVIDER, MODEL_CLAUDE_HAIKU, MODEL_CLAUDE_SONNET, MODEL_GEMINI_FLASH, MODEL_GEMINI_PRO, MODEL_GPT4_MINI, MODEL_GPT5, MODEL_SONAR, MODEL_SONAR_PRO, PLAN_FREE, PLAN_PLUS, PLAN_PREMIUM, POLICY_GRANTS, PROVIDER_ANTHROPIC, PROVIDER_GOOGLE, PROVIDER_MEMORY, PROVIDER_OPENAI, PROVIDER_PERPLEXITY, PROVIDER_ROLE_MAP, PROVIDER_SUMMARY, ROLE_ASSISTANT, ROLE_HIDDEN, ROLE_INTERNAL, ROLE_SYSTEM, ROLE_USER, index as crypto, findProvider };

package/dist/index.js

@@ -1,88 +1,290 @@
-const T = "system", s = "user", E = "assistant", C = "hidden", f = "data", n = "OpenAI", t = "Anthropic", O = "Google", N = "Summary", S = "Memory", o = "Perplexity", h = n, H = [
-  n,
-  t,
-  O
-], _ = "gpt-5", P = "gpt-4.1-nano", A = "claude-3-5-haiku-latest", R = "claude-sonnet-4-20250514", L = "gemini-2.5-flash-preview-05-20", c = "gemini-2.5-pro", I = "sonar", M = "sonar-pro", i = "claude-sonnet-4", d = "claude-3", l = "gpt-4", p = "gpt-5", G = "o3", u = "o4", V = "gemini", U = "sonar", X = {
-  [t]: [
-    i,
-    d
+const w = "system", s = "user", c = "assistant", ee = "hidden", te = "data", a = "OpenAI", i = "Anthropic", y = "Google", g = "Summary", M = "Memory", d = "Perplexity", re = a, ne = [
+  a,
+  i,
+  y
+], u = "gpt-5", _ = "gpt-4.1-nano", l = "claude-3-5-haiku-latest", p = "claude-sonnet-4-20250514", f = "gemini-2.5-flash-preview-05-20", A = "gemini-2.5-pro", P = "sonar", R = "sonar-pro", b = "claude-sonnet-4", h = "claude-3", m = "gpt-4", T = "gpt-5", N = "o3", v = "o4", K = "gemini", C = "sonar", U = {
+  [i]: [
+    b,
+    h
   ],
-  [n]: [
-    p,
-    l,
-    G,
-    u
+  [a]: [
+    T,
+    m,
+    N,
+    v
   ],
-  [O]: [V],
-  [o]: [U]
-}, v = [
+  [y]: [K],
+  [d]: [C]
+}, oe = [
+  u,
   _,
-  P,
+  l,
+  p,
+  f,
   A,
-  R,
-  L,
-  c,
-  I,
-  M
-], Y = [
-  _,
-  R,
-  c
-], x = {
-  [n]: [P, _],
-  [t]: [A, R],
-  [O]: [L, c],
-  [o]: [I, M]
-}, F = {
-  [n]: [T, s, E],
-  [t]: [s, E],
-  [N]: [s, E],
-  [S]: [s, E],
-  [O]: [s, E],
-  [o]: [s, E]
-}, g = "sassy:free", m = "sassy:plus", y = "sassy:advanced", b = {
-  PLAN_FREE: g,
-  PLAN_PLUS: m,
-  PLAN_PREMIUM: y,
+  P,
+  R
+], se = [
+  u,
+  p,
+  A
+], ce = {
+  [a]: [_, u],
+  [i]: [l, p],
+  [y]: [f, A],
+  [d]: [P, R]
+}, ae = {
+  [a]: [w, s, c],
+  [i]: [s, c],
+  [g]: [s, c],
+  [M]: [s, c],
+  [y]: [s, c],
+  [d]: [s, c]
+}, k = "sassy:free", F = "sassy:plus", G = "sassy:advanced", ie = {
+  PLAN_FREE: k,
+  PLAN_PLUS: F,
+  PLAN_PREMIUM: G,
   REASONING: "sassy:advanced:reasoning"
-}, j = "x-callisto-chat-id", k = (D) => {
-  for (const [e, a] of Object.entries(
-    X
+}, ye = "x-callisto-chat-id", Ee = (r) => {
+  for (const [e, n] of Object.entries(
+    U
   ))
-    if (a.some((r) => D.startsWith(r)))
+    if (n.some((t) => r.startsWith(t)))
       return e;
   return null;
 };
+class o extends Error {
+  constructor(e, n, t) {
+    super(e), this.code = n, this.originalError = t, this.name = "CryptoError";
+  }
+}
+const S = {
+  keySize: 4096,
+  debug: !1
+};
+async function V(r = {}) {
+  const e = { ...S, ...r };
+  try {
+    const n = {
+      modulusLength: e.keySize,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      // 65537
+      hash: "SHA-256"
+    }, t = await crypto.subtle.generateKey(
+      {
+        name: "RSA-OAEP",
+        ...n
+      },
+      !0,
+      // extractable for public key export
+      ["encrypt", "decrypt"]
+    );
+    return e.debug && console.info("🔐 Generated RSA key pair:", {
+      keySize: e.keySize,
+      algorithm: "RSA-OAEP",
+      hash: "SHA-256",
+      publicKeyType: t.publicKey.type,
+      privateKeyType: t.privateKey.type,
+      publicKeyUsages: t.publicKey.usages,
+      privateKeyUsages: t.privateKey.usages
+    }), {
+      publicKey: t.publicKey,
+      privateKey: t.privateKey
+    };
+  } catch (n) {
+    throw new o(
+      `Failed to generate RSA key pair: ${n instanceof Error ? n.message : "Unknown error"}`,
+      "KEY_GENERATION_FAILED",
+      n instanceof Error ? n : void 0
+    );
+  }
+}
+async function x(r) {
+  try {
+    return {
+      jwk: await crypto.subtle.exportKey("jwk", r),
+      kty: "RSA",
+      alg: "RSA-OAEP-256"
+    };
+  } catch (e) {
+    throw new o(
+      `Failed to export public key: ${e instanceof Error ? e.message : "Unknown error"}`,
+      "KEY_IMPORT_FAILED",
+      e instanceof Error ? e : void 0
+    );
+  }
+}
+async function I(r) {
+  try {
+    const e = JSON.parse(r);
+    return await crypto.subtle.importKey(
+      "jwk",
+      e,
+      {
+        name: "RSA-OAEP",
+        hash: "SHA-256"
+      },
+      !1,
+      // not extractable
+      ["encrypt"]
+    );
+  } catch (e) {
+    throw new o(
+      `Failed to import server public key: ${e instanceof Error ? e.message : "Unknown error"}`,
+      "KEY_IMPORT_FAILED",
+      e instanceof Error ? e : void 0
+    );
+  }
+}
+async function Y(r, e, n) {
+  try {
+    const O = new TextEncoder().encode(r), E = await crypto.subtle.encrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      e,
+      O
+    );
+    return {
+      data: btoa(
+        String.fromCharCode(...new Uint8Array(E))
+      ),
+      algorithm: "RSA-OAEP",
+      keyId: n
+    };
+  } catch (t) {
+    throw new o(
+      `Failed to encrypt message for server: ${t instanceof Error ? t.message : "Unknown error"}`,
+      "ENCRYPTION_FAILED",
+      t instanceof Error ? t : void 0
+    );
+  }
+}
+async function X(r, e) {
+  try {
+    const n = Uint8Array.from(
+      atob(r.data),
+      (E) => E.charCodeAt(0)
+    ), t = await crypto.subtle.decrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      e,
+      n
+    );
+    return new TextDecoder().decode(t);
+  } catch (n) {
+    throw new o(
+      `Failed to decrypt message from server: ${n instanceof Error ? n.message : "Unknown error"}`,
+      "DECRYPTION_FAILED",
+      n instanceof Error ? n : void 0
+    );
+  }
+}
+async function H(r, e, n) {
+  try {
+    const t = await I(
+      r.serverPublicKey
+    );
+    return {
+      clientKeyPair: e,
+      serverPublicKey: t,
+      deviceId: n,
+      serverKeyId: r.keyId,
+      establishedAt: /* @__PURE__ */ new Date()
+    };
+  } catch (t) {
+    throw new o(
+      `Failed to establish crypto session: ${t instanceof Error ? t.message : "Unknown error"}`,
+      "KEY_IMPORT_FAILED",
+      t instanceof Error ? t : void 0
+    );
+  }
+}
+function $(r) {
+  return !(!r || !r.clientKeyPair || !r.serverPublicKey);
+}
+function j() {
+  const r = Date.now().toString(36), e = new Uint8Array(8);
+  if (typeof window < "u" && window.crypto?.getRandomValues)
+    window.crypto.getRandomValues(e);
+  else
+    for (let t = 0; t < e.length; t++)
+      e[t] = Math.floor(Math.random() * 256);
+  const n = Array.from(e).map((t) => t.toString(36)).join("");
+  return `device_${r}_${n}`;
+}
+function D() {
+  return typeof window < "u" && typeof window.crypto < "u" && typeof window.crypto.subtle < "u";
+}
+function L() {
+  return typeof window < "u" && (window.isSecureContext || window.location.protocol === "https:");
+}
+function z() {
+  return D() && L();
+}
+function B(r) {
+  const e = new Uint8Array(r);
+  let n = "";
+  for (let t = 0; t < e.byteLength; t++)
+    n += String.fromCharCode(e[t]);
+  return btoa(n);
+}
+function J(r) {
+  const e = atob(r), n = new Uint8Array(e.length);
+  for (let t = 0; t < e.length; t++)
+    n[t] = e.charCodeAt(t);
+  return n.buffer;
+}
+function W(r) {
+  try {
+    return JSON.stringify(r);
+  } catch {
+    return String(r);
+  }
+}
+function q(r) {
+  try {
+    return JSON.parse(r);
+  } catch {
+    return null;
+  }
+}
+function Q(r, ...e) {
+  typeof process < "u" && process.env && process.env.NODE_ENV === "development" && console.info(`🔐 [Crypto] ${r}`, ...e);
+}
+const de = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({ __proto__: null, CryptoError: o, DEFAULT_CRYPTO_CONFIG: S, arrayBufferToBase64: B, base64ToArrayBuffer: J, canUseEncryption: z, debugLog: Q, decryptFromServer: X, encryptForServer: Y, establishCryptoSession: H, exportPublicKey: x, generateClientKeyPair: V, generateDeviceId: j, importServerPublicKey: I, isCryptoSessionValid: $, isSecureContext: L, isWebCryptoSupported: D, safeParse: q, safeStringify: W }, Symbol.toStringTag, { value: "Module" }));
 export {
-  v as ALL_MODELS,
-  H as ALL_PROVIDERS,
-  Y as ALL_REASONING_MODELS,
-  j as CALLISTO_CHAT_ID_HEADER,
-  h as DEFAULT_PROVIDER,
-  x as MODELS_PER_PROVIDER,
-  A as MODEL_CLAUDE_HAIKU,
-  R as MODEL_CLAUDE_SONNET,
-  L as MODEL_GEMINI_FLASH,
-  c as MODEL_GEMINI_PRO,
-  P as MODEL_GPT4_MINI,
-  _ as MODEL_GPT5,
-  I as MODEL_SONAR,
-  M as MODEL_SONAR_PRO,
-  g as PLAN_FREE,
-  m as PLAN_PLUS,
-  y as PLAN_PREMIUM,
-  b as POLICY_GRANTS,
-  t as PROVIDER_ANTHROPIC,
-  O as PROVIDER_GOOGLE,
-  S as PROVIDER_MEMORY,
-  n as PROVIDER_OPENAI,
-  o as PROVIDER_PERPLEXITY,
-  F as PROVIDER_ROLE_MAP,
-  N as PROVIDER_SUMMARY,
-  E as ROLE_ASSISTANT,
-  C as ROLE_HIDDEN,
-  f as ROLE_INTERNAL,
-  T as ROLE_SYSTEM,
+  oe as ALL_MODELS,
+  ne as ALL_PROVIDERS,
+  se as ALL_REASONING_MODELS,
+  ye as CALLISTO_CHAT_ID_HEADER,
+  re as DEFAULT_PROVIDER,
+  ce as MODELS_PER_PROVIDER,
+  l as MODEL_CLAUDE_HAIKU,
+  p as MODEL_CLAUDE_SONNET,
+  f as MODEL_GEMINI_FLASH,
+  A as MODEL_GEMINI_PRO,
+  _ as MODEL_GPT4_MINI,
+  u as MODEL_GPT5,
+  P as MODEL_SONAR,
+  R as MODEL_SONAR_PRO,
+  k as PLAN_FREE,
+  F as PLAN_PLUS,
+  G as PLAN_PREMIUM,
+  ie as POLICY_GRANTS,
+  i as PROVIDER_ANTHROPIC,
+  y as PROVIDER_GOOGLE,
+  M as PROVIDER_MEMORY,
+  a as PROVIDER_OPENAI,
+  d as PROVIDER_PERPLEXITY,
+  ae as PROVIDER_ROLE_MAP,
+  g as PROVIDER_SUMMARY,
+  c as ROLE_ASSISTANT,
+  ee as ROLE_HIDDEN,
+  te as ROLE_INTERNAL,
+  w as ROLE_SYSTEM,
   s as ROLE_USER,
-  k as findProvider
+  de as crypto,
+  Ee as findProvider
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/sassysaint-common",
-	"version": "3.0.0",
+	"version": "3.1.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -29,5 +29,5 @@
 		"test:watch": "vitest",
 		"watch": "npm-run-all dev"
 	},
-	"gitHead": "18adc2e2e0af0d3c2cb50fcbcadccb8918a17986"
+	"gitHead": "75668de599749ad01cf9522e46e655b2946cbdb8"
 }