@xtr-dev/rondevu-server 0.5.0 → 0.5.6

package/src/crypto.ts

@@ -1,380 +1,477 @@
 /**
- * Crypto utilities for Ed25519-based authentication
- * Uses @noble/ed25519 for Ed25519 signature verification
+ * Crypto utilities for credential generation and validation
  * Uses Web Crypto API for compatibility with both Node.js and Cloudflare Workers
  */
 
-import * as ed25519 from '@noble/ed25519';
-
-// Set SHA-512 hash function for ed25519 (required in @noble/ed25519 v3+)
-// Uses Web Crypto API (compatible with both Node.js and Cloudflare Workers)
-ed25519.hashes.sha512Async = async (message: Uint8Array) => {
-  return new Uint8Array(await crypto.subtle.digest('SHA-512', message as BufferSource));
-};
+import { Buffer } from 'node:buffer';
 
 // Username validation
-const USERNAME_REGEX = /^[a-z0-9][a-z0-9-]*[a-z0-9]$/;
-const USERNAME_MIN_LENGTH = 3;
+// Rules: 4-32 chars, lowercase alphanumeric + dashes + periods, must start/end with alphanumeric
+const USERNAME_REGEX = /^[a-z0-9][a-z0-9.-]*[a-z0-9]$/;
+const USERNAME_MIN_LENGTH = 4;
 const USERNAME_MAX_LENGTH = 32;
 
-// Timestamp validation (5 minutes tolerance)
-const TIMESTAMP_TOLERANCE_MS = 5 * 60 * 1000;
-
 /**
- * Generates an anonymous username for users who don't want to claim one
- * Format: anon-{timestamp}-{random}
- * This reduces collision probability to near-zero
+ * Generates a random credential name
+ * Format: {adjective}-{noun}-{random}
+ * Example: "brave-tiger-7a3f2b1c9d8e", "quick-river-9b2e4c1a5f3d"
  */
-export function generateAnonymousUsername(): string {
-  const timestamp = Date.now().toString(36);
-  const random = crypto.getRandomValues(new Uint8Array(3));
+export function generateCredentialName(): string {
+  const adjectives = [
+    'brave', 'calm', 'eager', 'fancy', 'gentle', 'happy', 'jolly', 'kind',
+    'lively', 'merry', 'nice', 'proud', 'quiet', 'swift', 'witty', 'young',
+    'bright', 'clever', 'daring', 'fair', 'grand', 'humble', 'noble', 'quick'
+  ];
+
+  const nouns = [
+    'tiger', 'eagle', 'river', 'mountain', 'ocean', 'forest', 'desert', 'valley',
+    'thunder', 'wind', 'fire', 'stone', 'cloud', 'star', 'moon', 'sun',
+    'wolf', 'bear', 'hawk', 'lion', 'fox', 'deer', 'owl', 'swan'
+  ];
+
+  const adjective = adjectives[Math.floor(Math.random() * adjectives.length)];
+  const noun = nouns[Math.floor(Math.random() * nouns.length)];
+
+  // Generate 16-character hex suffix for uniqueness (8 bytes = 2^64 combinations)
+  // With 576 adjective-noun pairs, total space: 576 × 2^64 ≈ 1.06 × 10^22 names
+  // Birthday paradox collision at ~4.3 billion credentials (extremely safe for large deployments)
+  // Increased from 6 bytes to 8 bytes for maximum collision resistance
+  const random = crypto.getRandomValues(new Uint8Array(8));
   const hex = Array.from(random).map(b => b.toString(16).padStart(2, '0')).join('');
-  return `anon-${timestamp}-${hex}`;
-}
 
-/**
- * Convert Uint8Array to base64 string
- */
-function bytesToBase64(bytes: Uint8Array): string {
-  const binString = Array.from(bytes, (byte) =>
-    String.fromCodePoint(byte)
-  ).join('');
-  return btoa(binString);
+  return `${adjective}-${noun}-${hex}`;
 }
 
 /**
- * Convert base64 string to Uint8Array
+ * Generates a random secret (API key style)
+ * Format: 64-character hex string (256 bits of entropy)
+ * 256 bits provides optimal security for HMAC-SHA256 and future-proofs against brute force
  */
-function base64ToBytes(base64: string): Uint8Array {
-  const binString = atob(base64);
-  return Uint8Array.from(binString, (char) => char.codePointAt(0)!);
-}
+export function generateSecret(): string {
+  const bytes = crypto.getRandomValues(new Uint8Array(32)); // 32 bytes = 256 bits
+  const secret = Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
 
-/**
- * Validates a generic auth message format
- * Expected format: action:username:params:timestamp
- * Validates that the message contains the expected username and has a valid timestamp
- */
-export function validateAuthMessage(
-  expectedUsername: string,
-  message: string
-): { valid: boolean; error?: string } {
-  const parts = message.split(':');
-
-  if (parts.length < 3) {
-    return { valid: false, error: 'Invalid message format: must have at least action:username:timestamp' };
+  // Validation: Ensure output is exactly 64 characters and valid hex
+  if (secret.length !== 64) {
+    throw new Error('Secret generation failed: invalid length');
   }
 
-  // Extract username (second part) and timestamp (last part)
-  const messageUsername = parts[1];
-  const timestamp = parseInt(parts[parts.length - 1], 10);
-
-  // Validate username matches
-  if (messageUsername !== expectedUsername) {
-    return { valid: false, error: 'Username in message does not match authenticated username' };
-  }
-
-  // Validate timestamp
-  if (isNaN(timestamp)) {
-    return { valid: false, error: 'Invalid timestamp in message' };
-  }
-
-  const timestampCheck = validateTimestamp(timestamp);
-  if (!timestampCheck.valid) {
-    return timestampCheck;
+  // Validate all characters are valid hex digits (0-9, a-f)
+  for (let i = 0; i < secret.length; i++) {
+    const c = secret[i];
+    if ((c < '0' || c > '9') && (c < 'a' || c > 'f')) {
+      throw new Error(`Secret generation failed: invalid hex character at position ${i}: '${c}'`);
+    }
   }
 
-  return { valid: true };
+  return secret;
 }
 
-// ===== Username and Ed25519 Signature Utilities =====
+// ===== Secret Encryption/Decryption (Database Storage) =====
 
 /**
- * Validates username format
- * Rules: 3-32 chars, lowercase alphanumeric + dash, must start/end with alphanumeric
+ * Convert hex string to byte array with validation
+ * @param hex Hex string (must be even length)
+ * @returns Uint8Array of bytes
  */
-export function validateUsername(username: string): { valid: boolean; error?: string } {
-  if (typeof username !== 'string') {
-    return { valid: false, error: 'Username must be a string' };
+function hexToBytes(hex: string): Uint8Array {
+  if (hex.length % 2 !== 0) {
+    throw new Error('Hex string must have even length');
   }
 
-  if (username.length < USERNAME_MIN_LENGTH) {
-    return { valid: false, error: `Username must be at least ${USERNAME_MIN_LENGTH} characters` };
+  // Pre-validate that all characters are valid hex digits (0-9, a-f, A-F)
+  // This prevents parseInt from silently truncating invalid input like "0z" -> 0
+  for (let i = 0; i < hex.length; i++) {
+    const c = hex[i].toLowerCase();
+    if ((c < '0' || c > '9') && (c < 'a' || c > 'f')) {
+      throw new Error(`Invalid hex character at position ${i}: '${hex[i]}'`);
+    }
   }
 
-  if (username.length > USERNAME_MAX_LENGTH) {
-    return { valid: false, error: `Username must be at most ${USERNAME_MAX_LENGTH} characters` };
+  const match = hex.match(/.{1,2}/g);
+  if (!match) {
+    throw new Error('Invalid hex string format');
   }
 
-  if (!USERNAME_REGEX.test(username)) {
-    return { valid: false, error: 'Username must be lowercase alphanumeric with optional dashes, and start/end with alphanumeric' };
+  return new Uint8Array(match.map(byte => {
+    const parsed = parseInt(byte, 16);
+    if (isNaN(parsed)) {
+      throw new Error(`Invalid hex byte: ${byte}`);
+    }
+    return parsed;
+  }));
+}
+
+/**
+ * Encrypt a secret using AES-256-GCM with master key
+ * Format: iv:ciphertext (all hex-encoded, auth tag included in ciphertext)
+ *
+ * @param secret The plaintext secret to encrypt
+ * @param masterKeyHex The master encryption key (64-char hex = 32 bytes)
+ * @returns Encrypted secret in format "iv:ciphertext"
+ */
+export async function encryptSecret(secret: string, masterKeyHex: string): Promise<string> {
+  // Validate master key
+  if (!masterKeyHex || masterKeyHex.length !== 64) {
+    throw new Error('Master key must be 64-character hex string (32 bytes)');
   }
 
-  return { valid: true };
+  // Convert master key from hex to bytes (with validation)
+  const keyBytes = hexToBytes(masterKeyHex);
+
+  // Import master key
+  const key = await crypto.subtle.importKey(
+    'raw',
+    keyBytes,
+    { name: 'AES-GCM', length: 256 },
+    false,
+    ['encrypt']
+  );
+
+  // Generate random IV (12 bytes for AES-GCM)
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+
+  // Encrypt secret
+  const encoder = new TextEncoder();
+  const secretBytes = encoder.encode(secret);
+
+  // AES-GCM returns ciphertext with auth tag already appended (no manual splitting needed)
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv, tagLength: 128 },
+    key,
+    secretBytes
+  );
+
+  // Convert to hex: iv:ciphertext (ciphertext includes 16-byte auth tag at end)
+  const ivHex = Array.from(iv).map(b => b.toString(16).padStart(2, '0')).join('');
+  const ciphertextHex = Array.from(new Uint8Array(ciphertext))
+    .map(b => b.toString(16).padStart(2, '0'))
+    .join('');
+
+  return `${ivHex}:${ciphertextHex}`;
 }
 
 /**
- * Validates service FQN format (service:version@username or service:version)
- * Service name: lowercase alphanumeric with dots/dashes (e.g., chat, file-share, com.example.chat)
- * Version: semantic versioning (1.0.0, 2.1.3-beta, etc.)
- * Username: optional, lowercase alphanumeric with dashes
+ * Decrypt a secret using AES-256-GCM with master key
+ *
+ * @param encryptedSecret Encrypted secret in format "iv:ciphertext" (ciphertext includes auth tag)
+ * @param masterKeyHex The master encryption key (64-char hex = 32 bytes)
+ * @returns Decrypted plaintext secret
  */
-export function validateServiceFqn(fqn: string): { valid: boolean; error?: string } {
-  if (typeof fqn !== 'string') {
-    return { valid: false, error: 'Service FQN must be a string' };
+export async function decryptSecret(encryptedSecret: string, masterKeyHex: string): Promise<string> {
+  // Validate master key
+  if (!masterKeyHex || masterKeyHex.length !== 64) {
+    throw new Error('Master key must be 64-character hex string (32 bytes)');
   }
 
-  // Parse the FQN
-  const parsed = parseServiceFqn(fqn);
-  if (!parsed) {
-    return { valid: false, error: 'Service FQN must be in format: service:version[@username]' };
+  // Parse encrypted format: iv:ciphertext
+  const parts = encryptedSecret.split(':');
+  if (parts.length !== 2) {
+    throw new Error('Invalid encrypted secret format (expected iv:ciphertext)');
   }
 
-  const { serviceName, version, username } = parsed;
+  const [ivHex, ciphertextHex] = parts;
 
-  // Validate service name (alphanumeric with dots/dashes)
-  const serviceNameRegex = /^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/;
-  if (!serviceNameRegex.test(serviceName)) {
-    return { valid: false, error: 'Service name must be lowercase alphanumeric with optional dots/dashes' };
+  // Validate IV length (must be 12 bytes = 24 hex characters for AES-GCM)
+  if (ivHex.length !== 24) {
+    throw new Error('Invalid IV length (expected 12 bytes = 24 hex characters)');
   }
 
-  if (serviceName.length < 1 || serviceName.length > 128) {
-    return { valid: false, error: 'Service name must be 1-128 characters' };
+  // Validate ciphertext length (must include at least 16-byte auth tag)
+  // Minimum: 16 bytes for auth tag = 32 hex characters
+  if (ciphertextHex.length < 32) {
+    throw new Error('Invalid ciphertext length (must include 16-byte auth tag)');
   }
 
-  // Validate version (semantic versioning)
-  const versionRegex = /^[0-9]+\.[0-9]+\.[0-9]+(-[a-z0-9.-]+)?$/;
-  if (!versionRegex.test(version)) {
-    return { valid: false, error: 'Version must be semantic versioning (e.g., 1.0.0, 2.1.3-beta)' };
-  }
+  // Convert from hex to bytes (with validation)
+  const iv = hexToBytes(ivHex);
+  const ciphertext = hexToBytes(ciphertextHex);
+
+  // Convert master key from hex to bytes (with validation)
+  const keyBytes = hexToBytes(masterKeyHex);
+
+  // Import master key
+  const key = await crypto.subtle.importKey(
+    'raw',
+    keyBytes,
+    { name: 'AES-GCM', length: 256 },
+    false,
+    ['decrypt']
+  );
+
+  // Decrypt (ciphertext already includes 16-byte auth tag at end)
+  const decryptedBytes = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv, tagLength: 128 },
+    key,
+    ciphertext
+  );
+
+  // Convert to string
+  const decoder = new TextDecoder();
+  return decoder.decode(decryptedBytes);
+}
 
-  // Validate username if present
-  if (username) {
-    const usernameCheck = validateUsername(username);
-    if (!usernameCheck.valid) {
-      return usernameCheck;
-    }
-  }
+// ===== HMAC Signature Generation and Verification =====
 
-  return { valid: true };
+/**
+ * Generate HMAC-SHA256 signature for request authentication
+ * Uses Web Crypto API for compatibility with both Node.js and Cloudflare Workers
+ *
+ * @param secret The credential secret (hex string)
+ * @param message The message to sign (typically: timestamp + method + params)
+ * @returns Promise<string> Base64-encoded signature
+ */
+export async function generateSignature(secret: string, message: string): Promise<string> {
+  // Convert secret from hex to bytes (with validation)
+  const secretBytes = hexToBytes(secret);
+
+  // Import secret as HMAC key
+  const key = await crypto.subtle.importKey(
+    'raw',
+    secretBytes,
+    { name: 'HMAC', hash: 'SHA-256' },
+    false,
+    ['sign']
+  );
+
+  // Convert message to bytes
+  const encoder = new TextEncoder();
+  const messageBytes = encoder.encode(message);
+
+  // Generate HMAC signature
+  const signatureBytes = await crypto.subtle.sign('HMAC', key, messageBytes);
+
+  // Convert to base64
+  return Buffer.from(signatureBytes).toString('base64');
 }
 
 /**
- * Parse semantic version string into components
+ * Verify HMAC-SHA256 signature for request authentication
+ * Uses crypto.subtle.verify() for constant-time comparison
+ *
+ * @param secret The credential secret (hex string)
+ * @param message The message that was signed
+ * @param signature The signature to verify (base64)
+ * @returns Promise<boolean> True if signature is valid
  */
-export function parseVersion(version: string): { major: number; minor: number; patch: number; prerelease?: string } | null {
-  const match = version.match(/^([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z0-9.-]+)?$/);
-  if (!match) return null;
-
-  return {
-    major: parseInt(match[1], 10),
-    minor: parseInt(match[2], 10),
-    patch: parseInt(match[3], 10),
-    prerelease: match[4]?.substring(1), // Remove leading dash
-  };
+export async function verifySignature(secret: string, message: string, signature: string): Promise<boolean> {
+  try {
+    // Convert secret from hex to bytes (with validation)
+    const secretBytes = hexToBytes(secret);
+
+    // Import secret as HMAC key for verification
+    const key = await crypto.subtle.importKey(
+      'raw',
+      secretBytes,
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['verify']
+    );
+
+    // Convert message to bytes
+    const encoder = new TextEncoder();
+    const messageBytes = encoder.encode(message);
+
+    // Convert signature from base64 to bytes
+    const signatureBytes = Buffer.from(signature, 'base64');
+
+    // Use Web Crypto API's verify() for constant-time comparison
+    // This is cryptographically secure and resistant to timing attacks
+    return await crypto.subtle.verify('HMAC', key, signatureBytes, messageBytes);
+  } catch (error) {
+    // Log error for debugging (helps identify implementation bugs)
+    console.error('Signature verification error:', error);
+    return false;
+  }
 }
 
 /**
- * Check if two versions are compatible (same major version)
- * Following semver rules: ^1.0.0 matches 1.x.x but not 2.x.x
+ * Canonical JSON serialization with sorted keys
+ * Ensures deterministic output regardless of property insertion order
+ * Must match client's canonicalJSON implementation exactly
  */
-export function isVersionCompatible(requested: string, available: string): boolean {
-  const req = parseVersion(requested);
-  const avail = parseVersion(available);
+function canonicalJSON(obj: any, depth: number = 0): string {
+  const MAX_DEPTH = 100;
 
-  if (!req || !avail) return false;
+  if (depth > MAX_DEPTH) {
+    throw new Error('Object nesting too deep for canonicalization');
+  }
+
+  if (obj === null) return 'null';
+  if (obj === undefined) return JSON.stringify(undefined);
 
-  // Major version must match
-  if (req.major !== avail.major) return false;
+  const type = typeof obj;
 
-  // If major is 0, minor must also match (0.x.y is unstable)
-  if (req.major === 0 && req.minor !== avail.minor) return false;
+  if (type === 'function') throw new Error('Functions are not supported in RPC parameters');
+  if (type === 'symbol' || type === 'bigint') throw new Error(`${type} is not supported in RPC parameters`);
+  if (type === 'number' && !Number.isFinite(obj)) throw new Error('NaN and Infinity are not supported in RPC parameters');
 
-  // Available version must be >= requested version
-  if (avail.minor < req.minor) return false;
-  if (avail.minor === req.minor && avail.patch < req.patch) return false;
+  if (type !== 'object') return JSON.stringify(obj);
 
-  // Prerelease versions are only compatible with exact matches
-  if (req.prerelease && req.prerelease !== avail.prerelease) return false;
+  if (Array.isArray(obj)) {
+    return '[' + obj.map(item => canonicalJSON(item, depth + 1)).join(',') + ']';
+  }
 
-  return true;
+  const sortedKeys = Object.keys(obj).sort();
+  const pairs = sortedKeys.map(key => JSON.stringify(key) + ':' + canonicalJSON(obj[key], depth + 1));
+  return '{' + pairs.join(',') + '}';
 }
 
 /**
- * Parse service FQN into components
- * Formats supported:
- * - service:version@username (e.g., "chat:1.0.0@alice")
- * - service:version (e.g., "chat:1.0.0") for discovery
+ * Build the message string for signing
+ * Format: timestamp:nonce:method:canonicalJSON(params || {})
+ * Uses colons as delimiters to prevent collision attacks
+ * Includes nonce to prevent signature reuse within timestamp window
+ * Uses canonical JSON (sorted keys) for deterministic serialization
+ *
+ * @param timestamp Unix timestamp in milliseconds
+ * @param nonce Cryptographic nonce (UUID v4) to prevent replay attacks
+ * @param method RPC method name
+ * @param params RPC method parameters (optional)
+ * @returns String to be signed
  */
-export function parseServiceFqn(fqn: string): { serviceName: string; version: string; username: string | null } | null {
-  if (!fqn || typeof fqn !== 'string') return null;
-
-  // Check if username is present
-  const atIndex = fqn.lastIndexOf('@');
-  let serviceVersion: string;
-  let username: string | null = null;
+export function buildSignatureMessage(timestamp: number, nonce: string, method: string, params?: any): string {
+  // Validate nonce is UUID v4 format to prevent colon injection attacks
+  // UUID v4 format: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx (8-4-4-4-12 hex digits with dashes)
+  // Use simple format checks instead of regex to avoid any timing or ReDoS concerns
+
+  // Check total length (36 characters for UUID v4)
+  if (nonce.length !== 36) {
+    throw new Error('Nonce must be a valid UUID v4 (use crypto.randomUUID())');
+  }
 
-  if (atIndex > 0) {
-    // Format: service:version@username
-    serviceVersion = fqn.substring(0, atIndex);
-    username = fqn.substring(atIndex + 1);
-  } else {
-    // Format: service:version (no username)
-    serviceVersion = fqn;
+  // Check dash positions (indices 8, 13, 18, 23)
+  if (nonce[8] !== '-' || nonce[13] !== '-' || nonce[18] !== '-' || nonce[23] !== '-') {
+    throw new Error('Nonce must be a valid UUID v4 (use crypto.randomUUID())');
   }
 
-  // Split service:version
-  const colonIndex = serviceVersion.indexOf(':');
-  if (colonIndex <= 0) return null; // No colon or colon at start
+  // Check version (character at index 14 must be '4')
+  if (nonce[14] !== '4') {
+    throw new Error('Nonce must be a valid UUID v4 (use crypto.randomUUID())');
+  }
 
-  const serviceName = serviceVersion.substring(0, colonIndex);
-  const version = serviceVersion.substring(colonIndex + 1);
+  // Check variant (character at index 19 must be 8, 9, a, or b)
+  const variant = nonce[19].toLowerCase();
+  if (variant !== '8' && variant !== '9' && variant !== 'a' && variant !== 'b') {
+    throw new Error('Nonce must be a valid UUID v4 (use crypto.randomUUID())');
+  }
 
-  if (!serviceName || !version) return null;
+  // Validate all other characters are hex digits (0-9, a-f)
+  const hexChars = nonce.replace(/-/g, ''); // Remove dashes
+  for (let i = 0; i < hexChars.length; i++) {
+    const c = hexChars[i].toLowerCase();
+    if ((c < '0' || c > '9') && (c < 'a' || c > 'f')) {
+      throw new Error('Nonce must be a valid UUID v4 (use crypto.randomUUID())');
+    }
+  }
 
-  return {
-    serviceName,
-    version,
-    username,
-  };
+  // Use canonical JSON (sorted keys) to match client's signature
+  const paramsStr = canonicalJSON(params || {});
+  // Use delimiters to prevent collision: timestamp=12,method="34" vs timestamp=1,method="234"
+  // Include nonce to make each request unique (prevents signature reuse in same millisecond)
+  return `${timestamp}:${nonce}:${method}:${paramsStr}`;
 }
 
+// ===== Username Validation =====
+
 /**
- * Validates timestamp is within acceptable range (prevents replay attacks)
+ * Validates username format
+ * Rules: 4-32 chars, lowercase alphanumeric + dashes + periods, must start/end with alphanumeric
  */
-export function validateTimestamp(timestamp: number): { valid: boolean; error?: string } {
-  if (typeof timestamp !== 'number' || !Number.isFinite(timestamp)) {
-    return { valid: false, error: 'Timestamp must be a finite number' };
+export function validateUsername(username: string): { valid: boolean; error?: string } {
+  if (typeof username !== 'string') {
+    return { valid: false, error: 'Username must be a string' };
   }
 
-  const now = Date.now();
-  const diff = Math.abs(now - timestamp);
+  if (username.length < USERNAME_MIN_LENGTH) {
+    return { valid: false, error: `Username must be at least ${USERNAME_MIN_LENGTH} characters` };
+  }
+
+  if (username.length > USERNAME_MAX_LENGTH) {
+    return { valid: false, error: `Username must be at most ${USERNAME_MAX_LENGTH} characters` };
+  }
 
-  if (diff > TIMESTAMP_TOLERANCE_MS) {
-    return { valid: false, error: `Timestamp too old or too far in future (tolerance: ${TIMESTAMP_TOLERANCE_MS / 1000}s)` };
+  if (!USERNAME_REGEX.test(username)) {
+    return { valid: false, error: 'Username must be lowercase alphanumeric with optional dashes/periods, and start/end with alphanumeric' };
   }
 
   return { valid: true };
 }
 
-/**
- * Verifies Ed25519 signature
- * @param publicKey Base64-encoded Ed25519 public key (32 bytes)
- * @param signature Base64-encoded Ed25519 signature (64 bytes)
- * @param message Message that was signed (UTF-8 string)
- * @returns true if signature is valid, false otherwise
- */
-export async function verifyEd25519Signature(
-  publicKey: string,
-  signature: string,
-  message: string
-): Promise<boolean> {
-  try {
-    // Decode base64 to bytes
-    const publicKeyBytes = base64ToBytes(publicKey);
-    const signatureBytes = base64ToBytes(signature);
-
-    // Encode message as UTF-8
-    const encoder = new TextEncoder();
-    const messageBytes = encoder.encode(message);
+// ===== Tag Validation =====
 
-    // Verify signature using @noble/ed25519 (async version)
-    const isValid = await ed25519.verifyAsync(signatureBytes, messageBytes, publicKeyBytes);
-    return isValid;
-  } catch (err) {
-    console.error('Ed25519 signature verification failed:', err);
-    return false;
-  }
-}
+// Tag validation constants
+const TAG_MIN_LENGTH = 1;
+const TAG_MAX_LENGTH = 64;
+const TAG_REGEX = /^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/;
 
 /**
- * Validates a username claim request
- * Verifies format, timestamp, and signature
+ * Validates a single tag format
+ * Rules: 1-64 chars, lowercase alphanumeric with optional dots/dashes
+ * Must start and end with alphanumeric character
+ *
+ * Valid examples: "chat", "video-call", "com.example.service", "v2"
+ * Invalid examples: "", "UPPERCASE", "-starts-dash", "ends-dash-"
  */
-export async function validateUsernameClaim(
-  username: string,
-  publicKey: string,
-  signature: string,
-  message: string
-): Promise<{ valid: boolean; error?: string }> {
-  // Validate username format
-  const usernameCheck = validateUsername(username);
-  if (!usernameCheck.valid) {
-    return usernameCheck;
+export function validateTag(tag: string): { valid: boolean; error?: string } {
+  if (typeof tag !== 'string') {
+    return { valid: false, error: 'Tag must be a string' };
   }
 
-  // Parse message format: "claim:{username}:{timestamp}"
-  const parts = message.split(':');
-  if (parts.length !== 3 || parts[0] !== 'claim' || parts[1] !== username) {
-    return { valid: false, error: 'Invalid message format (expected: claim:{username}:{timestamp})' };
+  if (tag.length < TAG_MIN_LENGTH) {
+    return { valid: false, error: `Tag must be at least ${TAG_MIN_LENGTH} character` };
   }
 
-  const timestamp = parseInt(parts[2], 10);
-  if (isNaN(timestamp)) {
-    return { valid: false, error: 'Invalid timestamp in message' };
+  if (tag.length > TAG_MAX_LENGTH) {
+    return { valid: false, error: `Tag must be at most ${TAG_MAX_LENGTH} characters` };
   }
 
-  // Validate timestamp
-  const timestampCheck = validateTimestamp(timestamp);
-  if (!timestampCheck.valid) {
-    return timestampCheck;
+  // Single character tags just need to be alphanumeric
+  if (tag.length === 1) {
+    if (!/^[a-z0-9]$/.test(tag)) {
+      return { valid: false, error: 'Tag must be lowercase alphanumeric' };
+    }
+    return { valid: true };
   }
 
-  // Verify signature
-  const signatureValid = await verifyEd25519Signature(publicKey, signature, message);
-  if (!signatureValid) {
-    return { valid: false, error: 'Invalid signature' };
+  // Multi-character tags must match the pattern
+  if (!TAG_REGEX.test(tag)) {
+    return { valid: false, error: 'Tag must be lowercase alphanumeric with optional dots/dashes, and start/end with alphanumeric' };
   }
 
   return { valid: true };
 }
 
 /**
- * Validates a service publish signature
- * Message format: publish:{username}:{serviceFqn}:{timestamp}
+ * Validates an array of tags
+ * @param tags Array of tags to validate
+ * @param maxTags Maximum number of tags allowed (default: 20)
  */
-export async function validateServicePublish(
-  username: string,
-  serviceFqn: string,
-  publicKey: string,
-  signature: string,
-  message: string
-): Promise<{ valid: boolean; error?: string }> {
-  // Validate username format
-  const usernameCheck = validateUsername(username);
-  if (!usernameCheck.valid) {
-    return usernameCheck;
+export function validateTags(tags: string[], maxTags: number = 20): { valid: boolean; error?: string } {
+  if (!Array.isArray(tags)) {
+    return { valid: false, error: 'Tags must be an array' };
   }
 
-  // Parse message format: "publish:{username}:{serviceFqn}:{timestamp}"
-  // Note: serviceFqn can contain colons (e.g., "chat:2.0.0@user"), so we need careful parsing
-  const parts = message.split(':');
-  if (parts.length < 4 || parts[0] !== 'publish' || parts[1] !== username) {
-    return { valid: false, error: 'Invalid message format (expected: publish:{username}:{serviceFqn}:{timestamp})' };
+  if (tags.length === 0) {
+    return { valid: false, error: 'At least one tag is required' };
   }
 
-  // The timestamp is the last part
-  const timestamp = parseInt(parts[parts.length - 1], 10);
-  if (isNaN(timestamp)) {
-    return { valid: false, error: 'Invalid timestamp in message' };
+  if (tags.length > maxTags) {
+    return { valid: false, error: `Maximum ${maxTags} tags allowed` };
   }
 
-  // The serviceFqn is everything between username and timestamp
-  const extractedServiceFqn = parts.slice(2, parts.length - 1).join(':');
-  if (extractedServiceFqn !== serviceFqn) {
-    return { valid: false, error: `Service FQN mismatch (expected: ${serviceFqn}, got: ${extractedServiceFqn})` };
-  }
-
-  // Validate timestamp
-  const timestampCheck = validateTimestamp(timestamp);
-  if (!timestampCheck.valid) {
-    return timestampCheck;
+  // Validate each tag
+  for (let i = 0; i < tags.length; i++) {
+    const result = validateTag(tags[i]);
+    if (!result.valid) {
+      return { valid: false, error: `Tag ${i + 1}: ${result.error}` };
+    }
   }
 
-  // Verify signature
-  const signatureValid = await verifyEd25519Signature(publicKey, signature, message);
-  if (!signatureValid) {
-    return { valid: false, error: 'Invalid signature' };
+  // Check for duplicates
+  const uniqueTags = new Set(tags);
+  if (uniqueTags.size !== tags.length) {
+    return { valid: false, error: 'Duplicate tags are not allowed' };
   }
 
   return { valid: true };