cairn-p2p 0.2.0

package/dist/index.cjs

@@ -0,0 +1,1883 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthenticationFailedError: () => AuthenticationFailedError,
+  CairnError: () => CairnError,
+  DEFAULT_MESH_SETTINGS: () => DEFAULT_MESH_SETTINGS,
+  DEFAULT_RECONNECTION_POLICY: () => DEFAULT_RECONNECTION_POLICY,
+  DEFAULT_STUN_SERVERS: () => DEFAULT_STUN_SERVERS,
+  DEFAULT_TRANSPORT_PREFERENCES: () => DEFAULT_TRANSPORT_PREFERENCES,
+  ErrorBehavior: () => ErrorBehavior,
+  MeshRouteNotFoundError: () => MeshRouteNotFoundError,
+  Node: () => Node,
+  NodeChannel: () => NodeChannel,
+  NodeSession: () => NodeSession,
+  PairingExpiredError: () => PairingExpiredError,
+  PairingRejectedError: () => PairingRejectedError,
+  PeerUnreachableError: () => PeerUnreachableError,
+  SessionExpiredError: () => SessionExpiredError,
+  SessionStateMachine: () => SessionStateMachine,
+  TransportExhaustedError: () => TransportExhaustedError,
+  VersionMismatchError: () => VersionMismatchError,
+  defaultServerConfig: () => defaultServerConfig,
+  isValidTransition: () => isValidTransition
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/config.ts
+var DEFAULT_STUN_SERVERS = [
+  "stun:stun.l.google.com:19302",
+  "stun:stun1.l.google.com:19302",
+  "stun:stun.cloudflare.com:3478"
+];
+var DEFAULT_TRANSPORT_PREFERENCES = [
+  "quic",
+  "tcp",
+  "websocket",
+  "webtransport",
+  "circuit-relay-v2"
+];
+var DEFAULT_RECONNECTION_POLICY = {
+  connectTimeout: 3e4,
+  transportTimeout: 1e4,
+  reconnectMaxDuration: 36e5,
+  reconnectBackoff: {
+    initialDelay: 1e3,
+    maxDelay: 6e4,
+    factor: 2
+  },
+  rendezvousPollInterval: 3e4,
+  sessionExpiry: 864e5,
+  pairingPayloadExpiry: 3e5
+};
+var DEFAULT_MESH_SETTINGS = {
+  meshEnabled: false,
+  maxHops: 3,
+  relayWilling: false,
+  relayCapacity: 10
+};
+
+// src/errors.ts
+var ErrorBehavior = /* @__PURE__ */ ((ErrorBehavior2) => {
+  ErrorBehavior2["Retry"] = "retry";
+  ErrorBehavior2["Reconnect"] = "reconnect";
+  ErrorBehavior2["Abort"] = "abort";
+  ErrorBehavior2["ReGenerate"] = "regenerate";
+  ErrorBehavior2["Wait"] = "wait";
+  ErrorBehavior2["Inform"] = "inform";
+  return ErrorBehavior2;
+})(ErrorBehavior || {});
+var CairnError = class extends Error {
+  code;
+  details;
+  constructor(code, message, details) {
+    super(message);
+    this.name = "CairnError";
+    this.code = code;
+    this.details = details;
+  }
+  errorBehavior() {
+    return "abort" /* Abort */;
+  }
+};
+var TransportExhaustedError = class extends CairnError {
+  constructor(message, details) {
+    super("TRANSPORT_EXHAUSTED", message, {
+      suggestion: "deploy the cairn signaling server and/or TURN relay",
+      ...details
+    });
+    this.name = "TransportExhaustedError";
+  }
+  errorBehavior() {
+    return "retry" /* Retry */;
+  }
+};
+var SessionExpiredError = class extends CairnError {
+  constructor(message, details) {
+    super("SESSION_EXPIRED", message, details);
+    this.name = "SessionExpiredError";
+  }
+  errorBehavior() {
+    return "reconnect" /* Reconnect */;
+  }
+};
+var PeerUnreachableError = class extends CairnError {
+  constructor(message, details) {
+    super("PEER_UNREACHABLE", message, details);
+    this.name = "PeerUnreachableError";
+  }
+  errorBehavior() {
+    return "wait" /* Wait */;
+  }
+};
+var AuthenticationFailedError = class extends CairnError {
+  constructor(message, details) {
+    super("AUTHENTICATION_FAILED", message, details);
+    this.name = "AuthenticationFailedError";
+  }
+  errorBehavior() {
+    return "abort" /* Abort */;
+  }
+};
+var PairingRejectedError = class extends CairnError {
+  constructor(message, details) {
+    super("PAIRING_REJECTED", message, details);
+    this.name = "PairingRejectedError";
+  }
+  errorBehavior() {
+    return "inform" /* Inform */;
+  }
+};
+var PairingExpiredError = class extends CairnError {
+  constructor(message, details) {
+    super("PAIRING_EXPIRED", message, details);
+    this.name = "PairingExpiredError";
+  }
+  errorBehavior() {
+    return "regenerate" /* ReGenerate */;
+  }
+};
+var MeshRouteNotFoundError = class extends CairnError {
+  constructor(message, details) {
+    super("MESH_ROUTE_NOT_FOUND", message, {
+      suggestion: "try a direct connection or wait for mesh route discovery",
+      ...details
+    });
+    this.name = "MeshRouteNotFoundError";
+  }
+  errorBehavior() {
+    return "wait" /* Wait */;
+  }
+};
+var VersionMismatchError = class extends CairnError {
+  constructor(message, details) {
+    super("VERSION_MISMATCH", message, {
+      suggestion: "peer needs to update to a compatible cairn version",
+      ...details
+    });
+    this.name = "VersionMismatchError";
+  }
+  errorBehavior() {
+    return "abort" /* Abort */;
+  }
+};
+
+// src/crypto/identity.ts
+var ed = __toESM(require("@noble/ed25519"), 1);
+var import_sha256 = require("@noble/hashes/sha256");
+var IdentityKeypair = class _IdentityKeypair {
+  secret;
+  pubKey;
+  constructor(secret, pubKey) {
+    this.secret = secret;
+    this.pubKey = pubKey;
+  }
+  /** Generate a new random Ed25519 identity keypair. */
+  static async generate() {
+    const secret = ed.utils.randomPrivateKey();
+    const pubKey = await ed.getPublicKeyAsync(secret);
+    return new _IdentityKeypair(secret, pubKey);
+  }
+  /** Restore from a 32-byte secret key seed. */
+  static async fromBytes(secret) {
+    if (secret.length !== 32) {
+      throw new CairnError("CRYPTO", "Ed25519 secret key must be 32 bytes");
+    }
+    const copy = new Uint8Array(secret);
+    const pubKey = await ed.getPublicKeyAsync(copy);
+    return new _IdentityKeypair(copy, pubKey);
+  }
+  /** Export the 32-byte secret key seed. */
+  secretBytes() {
+    return new Uint8Array(this.secret);
+  }
+  /** Get the 32-byte public key. */
+  publicKey() {
+    return new Uint8Array(this.pubKey);
+  }
+  /** Derive the Peer ID: SHA-256 hash of the Ed25519 public key bytes (32 bytes). */
+  peerId() {
+    return peerIdFromPublicKey(this.pubKey);
+  }
+  /** Sign a message. Returns 64-byte signature. */
+  async sign(message) {
+    try {
+      return await ed.signAsync(message, this.secret);
+    } catch (e) {
+      throw new CairnError("CRYPTO", `Ed25519 sign error: ${e}`);
+    }
+  }
+  /** Verify a signature against this keypair's public key. Throws on failure. */
+  async verify(message, signature) {
+    return verifySignature(this.pubKey, message, signature);
+  }
+};
+function peerIdFromPublicKey(publicKey) {
+  return (0, import_sha256.sha256)(publicKey);
+}
+async function verifySignature(publicKey, message, signature) {
+  try {
+    const valid = await ed.verifyAsync(signature, message, publicKey);
+    if (!valid) {
+      throw new CairnError("CRYPTO", "Ed25519 signature verification failed");
+    }
+  } catch (e) {
+    if (e instanceof CairnError) throw e;
+    throw new CairnError("CRYPTO", `Ed25519 verify error: ${e}`);
+  }
+}
+
+// src/crypto/noise.ts
+var import_sha2563 = require("@noble/hashes/sha256");
+var import_ed25519 = require("@noble/curves/ed25519");
+var import_ed255192 = require("@noble/curves/ed25519");
+
+// src/crypto/hkdf.ts
+var import_hkdf = require("@noble/hashes/hkdf");
+var import_sha2562 = require("@noble/hashes/sha256");
+var encoder = new TextEncoder();
+var HKDF_INFO_SESSION_KEY = encoder.encode("cairn-session-key-v1");
+var HKDF_INFO_RENDEZVOUS = encoder.encode("cairn-rendezvous-id-v1");
+var HKDF_INFO_SAS = encoder.encode("cairn-sas-derivation-v1");
+var HKDF_INFO_CHAIN_KEY = encoder.encode("cairn-chain-key-v1");
+var HKDF_INFO_MESSAGE_KEY = encoder.encode("cairn-message-key-v1");
+function hkdfSha256(ikm, salt, info, length) {
+  try {
+    return (0, import_hkdf.hkdf)(import_sha2562.sha256, ikm, salt, info, length);
+  } catch (e) {
+    throw new CairnError("CRYPTO", `HKDF-SHA256 error: ${e}`);
+  }
+}
+
+// src/crypto/aead.ts
+var import_aes = require("@noble/ciphers/aes");
+var import_chacha20poly1305 = require("@stablelib/chacha20poly1305");
+var NONCE_SIZE = 12;
+var KEY_SIZE = 32;
+function aeadEncrypt(cipher, key, nonce, plaintext, aad) {
+  if (key.length !== KEY_SIZE) {
+    throw new CairnError("CRYPTO", `AEAD key must be ${KEY_SIZE} bytes, got ${key.length}`);
+  }
+  if (nonce.length !== NONCE_SIZE) {
+    throw new CairnError("CRYPTO", `AEAD nonce must be ${NONCE_SIZE} bytes, got ${nonce.length}`);
+  }
+  try {
+    if (cipher === "aes-256-gcm") {
+      const aes = (0, import_aes.gcm)(key, nonce, aad);
+      return aes.encrypt(plaintext);
+    } else {
+      const chacha = new import_chacha20poly1305.ChaCha20Poly1305(key);
+      return chacha.seal(nonce, plaintext, aad);
+    }
+  } catch (e) {
+    throw new CairnError("CRYPTO", `AEAD encrypt error: ${e}`);
+  }
+}
+function aeadDecrypt(cipher, key, nonce, ciphertext, aad) {
+  if (key.length !== KEY_SIZE) {
+    throw new CairnError("CRYPTO", `AEAD key must be ${KEY_SIZE} bytes, got ${key.length}`);
+  }
+  if (nonce.length !== NONCE_SIZE) {
+    throw new CairnError("CRYPTO", `AEAD nonce must be ${NONCE_SIZE} bytes, got ${nonce.length}`);
+  }
+  try {
+    if (cipher === "aes-256-gcm") {
+      const aes = (0, import_aes.gcm)(key, nonce, aad);
+      return aes.decrypt(ciphertext);
+    } else {
+      const chacha = new import_chacha20poly1305.ChaCha20Poly1305(key);
+      const result = chacha.open(nonce, ciphertext, aad);
+      if (result === null) {
+        throw new CairnError("CRYPTO", "ChaCha20-Poly1305 authentication failed");
+      }
+      return result;
+    }
+  } catch (e) {
+    if (e instanceof CairnError) throw e;
+    throw new CairnError("CRYPTO", `AEAD decrypt error: ${e}`);
+  }
+}
+
+// src/crypto/noise.ts
+var PROTOCOL_NAME = new TextEncoder().encode("Noise_XX_25519_ChaChaPoly_SHA256");
+var TAG_SIZE = 16;
+var DH_KEY_SIZE = 32;
+var ED25519_PUB_SIZE = 32;
+var ZERO_NONCE = new Uint8Array(12);
+var NoiseXXHandshake = class {
+  state;
+  localIdentity;
+  localStaticX25519Secret;
+  localEphemeralSecret;
+  localEphemeralPub;
+  remoteEphemeralPub;
+  remoteStaticEd25519;
+  chainingKey;
+  handshakeHash;
+  currentKey;
+  pakeSecret;
+  cachedResult;
+  constructor(role, identity, pakeSecret) {
+    this.localStaticX25519Secret = import_ed25519.ed25519.utils.toMontgomerySecret(identity.secretBytes());
+    if (PROTOCOL_NAME.length <= 32) {
+      this.handshakeHash = new Uint8Array(32);
+      this.handshakeHash.set(PROTOCOL_NAME);
+    } else {
+      this.handshakeHash = (0, import_sha2563.sha256)(PROTOCOL_NAME);
+    }
+    this.chainingKey = new Uint8Array(this.handshakeHash);
+    this.localIdentity = identity;
+    this.state = role === "initiator" ? "initiator_start" : "responder_wait_msg1";
+    if (pakeSecret) {
+      if (pakeSecret.length !== 32) {
+        throw new CairnError("CRYPTO", "PAKE secret must be 32 bytes");
+      }
+      this.pakeSecret = new Uint8Array(pakeSecret);
+    }
+  }
+  /**
+   * Process the next handshake step.
+   *
+   * Initiator: step() -> step(msg2)
+   * Responder: step(msg1) -> step(msg3)
+   */
+  step(input) {
+    switch (this.state) {
+      case "initiator_start":
+        if (input !== void 0) {
+          throw new CairnError("CRYPTO", "initiator start expects no input");
+        }
+        return this.initiatorSendMsg1();
+      case "responder_wait_msg1":
+        if (input === void 0) {
+          throw new CairnError("CRYPTO", "responder expects message 1 input");
+        }
+        return this.responderRecvMsg1SendMsg2(input);
+      case "initiator_wait_msg2":
+        if (input === void 0) {
+          throw new CairnError("CRYPTO", "initiator expects message 2 input");
+        }
+        return this.initiatorRecvMsg2SendMsg3(input);
+      case "responder_wait_msg3":
+        if (input === void 0) {
+          throw new CairnError("CRYPTO", "responder expects message 3 input");
+        }
+        return this.responderRecvMsg3(input);
+      case "complete":
+        throw new CairnError("CRYPTO", "handshake already complete");
+    }
+  }
+  /** Get the handshake result after the initiator has sent message 3. */
+  getResult() {
+    if (!this.cachedResult) {
+      throw new CairnError("CRYPTO", "handshake not yet complete");
+    }
+    return this.cachedResult;
+  }
+  // --- Message 1: -> e ---
+  initiatorSendMsg1() {
+    const ephemeralSecret = import_ed255192.x25519.utils.randomSecretKey();
+    const ephemeralPub = import_ed255192.x25519.getPublicKey(ephemeralSecret);
+    this.mixHash(ephemeralPub);
+    this.localEphemeralSecret = ephemeralSecret;
+    this.localEphemeralPub = ephemeralPub;
+    this.state = "initiator_wait_msg2";
+    return { type: "send_message", data: new Uint8Array(ephemeralPub) };
+  }
+  // --- Message 2: <- e, ee, s, es ---
+  responderRecvMsg1SendMsg2(msg1) {
+    if (msg1.length !== DH_KEY_SIZE) {
+      throw new CairnError("CRYPTO", `message 1 invalid length: expected ${DH_KEY_SIZE}, got ${msg1.length}`);
+    }
+    this.remoteEphemeralPub = new Uint8Array(msg1);
+    this.mixHash(this.remoteEphemeralPub);
+    const parts = [];
+    const ephemeralSecret = import_ed255192.x25519.utils.randomSecretKey();
+    const ephemeralPub = import_ed255192.x25519.getPublicKey(ephemeralSecret);
+    this.mixHash(ephemeralPub);
+    parts.push(ephemeralPub);
+    this.localEphemeralSecret = ephemeralSecret;
+    this.localEphemeralPub = ephemeralPub;
+    const eeShared = import_ed255192.x25519.getSharedSecret(ephemeralSecret, this.remoteEphemeralPub);
+    this.mixKey(eeShared);
+    const staticPubBytes = this.localIdentity.publicKey();
+    const encryptedStatic = this.encryptAndHash(staticPubBytes);
+    parts.push(encryptedStatic);
+    const esShared = import_ed255192.x25519.getSharedSecret(this.localStaticX25519Secret, this.remoteEphemeralPub);
+    this.mixKey(esShared);
+    const encryptedPayload = this.encryptAndHash(new Uint8Array(0));
+    parts.push(encryptedPayload);
+    this.state = "responder_wait_msg3";
+    return { type: "send_message", data: concatBytes(...parts) };
+  }
+  // --- Initiator: recv message 2, send message 3 ---
+  initiatorRecvMsg2SendMsg3(msg2) {
+    const minLen = DH_KEY_SIZE + (ED25519_PUB_SIZE + TAG_SIZE) + TAG_SIZE;
+    if (msg2.length < minLen) {
+      throw new CairnError("CRYPTO", `message 2 too short: expected at least ${minLen}, got ${msg2.length}`);
+    }
+    let offset = 0;
+    const remoteEBytes = msg2.slice(offset, offset + DH_KEY_SIZE);
+    this.mixHash(remoteEBytes);
+    offset += DH_KEY_SIZE;
+    this.remoteEphemeralPub = remoteEBytes;
+    if (!this.localEphemeralSecret) {
+      throw new CairnError("CRYPTO", "missing local ephemeral for ee DH");
+    }
+    const eeShared = import_ed255192.x25519.getSharedSecret(this.localEphemeralSecret, remoteEBytes);
+    this.mixKey(eeShared);
+    const encryptedStatic = msg2.slice(offset, offset + ED25519_PUB_SIZE + TAG_SIZE);
+    const staticPubBytes = this.decryptAndHash(encryptedStatic);
+    offset += ED25519_PUB_SIZE + TAG_SIZE;
+    if (staticPubBytes.length !== ED25519_PUB_SIZE) {
+      throw new CairnError("CRYPTO", "decrypted static key wrong size");
+    }
+    const remoteStaticX25519 = import_ed25519.ed25519.utils.toMontgomery(staticPubBytes);
+    this.remoteStaticEd25519 = new Uint8Array(staticPubBytes);
+    const esShared = import_ed255192.x25519.getSharedSecret(this.localEphemeralSecret, remoteStaticX25519);
+    this.mixKey(esShared);
+    const encryptedPayload = msg2.slice(offset);
+    this.decryptAndHash(encryptedPayload);
+    const parts = [];
+    const ourStaticPubBytes = this.localIdentity.publicKey();
+    const encryptedOurStatic = this.encryptAndHash(ourStaticPubBytes);
+    parts.push(encryptedOurStatic);
+    const seShared = import_ed255192.x25519.getSharedSecret(this.localStaticX25519Secret, remoteEBytes);
+    this.mixKey(seShared);
+    if (this.pakeSecret) {
+      this.mixKey(this.pakeSecret);
+    }
+    const encryptedMsg3Payload = this.encryptAndHash(new Uint8Array(0));
+    parts.push(encryptedMsg3Payload);
+    const sessionKey = this.deriveSessionKey();
+    const result = {
+      sessionKey,
+      remoteStatic: new Uint8Array(staticPubBytes),
+      transcriptHash: new Uint8Array(this.handshakeHash)
+    };
+    this.state = "complete";
+    this.cachedResult = result;
+    return { type: "send_message", data: concatBytes(...parts) };
+  }
+  // --- Message 3: responder receives -> s, se ---
+  responderRecvMsg3(msg3) {
+    const minLen = ED25519_PUB_SIZE + TAG_SIZE + TAG_SIZE;
+    if (msg3.length < minLen) {
+      throw new CairnError("CRYPTO", `message 3 too short: expected at least ${minLen}, got ${msg3.length}`);
+    }
+    let offset = 0;
+    const encryptedStatic = msg3.slice(offset, offset + ED25519_PUB_SIZE + TAG_SIZE);
+    const staticPubBytes = this.decryptAndHash(encryptedStatic);
+    offset += ED25519_PUB_SIZE + TAG_SIZE;
+    if (staticPubBytes.length !== ED25519_PUB_SIZE) {
+      throw new CairnError("CRYPTO", "decrypted static key wrong size");
+    }
+    const remoteStaticX25519 = import_ed25519.ed25519.utils.toMontgomery(staticPubBytes);
+    this.remoteStaticEd25519 = new Uint8Array(staticPubBytes);
+    if (!this.localEphemeralSecret) {
+      throw new CairnError("CRYPTO", "missing local ephemeral for se DH");
+    }
+    const seShared = import_ed255192.x25519.getSharedSecret(this.localEphemeralSecret, remoteStaticX25519);
+    this.mixKey(seShared);
+    if (this.pakeSecret) {
+      this.mixKey(this.pakeSecret);
+    }
+    const encryptedPayload = msg3.slice(offset);
+    this.decryptAndHash(encryptedPayload);
+    const sessionKey = this.deriveSessionKey();
+    this.state = "complete";
+    const result = {
+      sessionKey,
+      remoteStatic: new Uint8Array(staticPubBytes),
+      transcriptHash: new Uint8Array(this.handshakeHash)
+    };
+    this.cachedResult = result;
+    return { type: "complete", result };
+  }
+  // --- Noise symmetric state operations ---
+  /**
+   * Mix a DH result into the chaining key via HKDF.
+   * Updates the chaining key and stores the derived encryption key.
+   */
+  mixKey(inputKeyMaterial) {
+    const output = hkdfSha256(inputKeyMaterial, this.chainingKey, new Uint8Array(0), 64);
+    this.chainingKey = output.slice(0, 32);
+    this.currentKey = output.slice(32, 64);
+  }
+  /** Mix data into the handshake hash: h = SHA-256(h || data). */
+  mixHash(data) {
+    const combined = concatBytes(this.handshakeHash, data);
+    this.handshakeHash = (0, import_sha2563.sha256)(combined);
+  }
+  /** Encrypt plaintext and mix the ciphertext into the handshake hash. */
+  encryptAndHash(plaintext) {
+    if (!this.currentKey) {
+      throw new CairnError("CRYPTO", "no encryption key available (mixKey not called)");
+    }
+    const ciphertext = aeadEncrypt(
+      "chacha20-poly1305",
+      this.currentKey,
+      ZERO_NONCE,
+      plaintext,
+      this.handshakeHash
+    );
+    this.mixHash(ciphertext);
+    return ciphertext;
+  }
+  /** Decrypt ciphertext and mix it into the handshake hash. */
+  decryptAndHash(ciphertext) {
+    if (!this.currentKey) {
+      throw new CairnError("CRYPTO", "no decryption key available (mixKey not called)");
+    }
+    const hBefore = new Uint8Array(this.handshakeHash);
+    this.mixHash(ciphertext);
+    return aeadDecrypt(
+      "chacha20-poly1305",
+      this.currentKey,
+      ZERO_NONCE,
+      ciphertext,
+      hBefore
+    );
+  }
+  /** Derive the final session key from the chaining key. */
+  deriveSessionKey() {
+    return hkdfSha256(this.chainingKey, void 0, HKDF_INFO_SESSION_KEY, 32);
+  }
+};
+function concatBytes(...arrays) {
+  let totalLen = 0;
+  for (const arr of arrays) totalLen += arr.length;
+  const result = new Uint8Array(totalLen);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+
+// src/crypto/exchange.ts
+var import_ed255193 = require("@noble/curves/ed25519");
+var X25519Keypair = class _X25519Keypair {
+  secret;
+  pubKey;
+  constructor(secret, pubKey) {
+    this.secret = secret;
+    this.pubKey = pubKey;
+  }
+  /** Generate a new random X25519 keypair. */
+  static generate() {
+    const secret = import_ed255193.x25519.utils.randomSecretKey();
+    const pubKey = import_ed255193.x25519.getPublicKey(secret);
+    return new _X25519Keypair(secret, pubKey);
+  }
+  /** Restore from a 32-byte secret key. */
+  static fromBytes(secret) {
+    if (secret.length !== 32) {
+      throw new CairnError("CRYPTO", "X25519 secret key must be 32 bytes");
+    }
+    const copy = new Uint8Array(secret);
+    const pubKey = import_ed255193.x25519.getPublicKey(copy);
+    return new _X25519Keypair(copy, pubKey);
+  }
+  /** Get the 32-byte public key. */
+  publicKeyBytes() {
+    return new Uint8Array(this.pubKey);
+  }
+  /** Export the 32-byte secret key. */
+  secretBytes() {
+    return new Uint8Array(this.secret);
+  }
+  /** Perform Diffie-Hellman key exchange with a peer's public key. Returns 32-byte shared secret. */
+  diffieHellman(peerPublic) {
+    try {
+      return import_ed255193.x25519.getSharedSecret(this.secret, peerPublic);
+    } catch (e) {
+      throw new CairnError("CRYPTO", `X25519 DH error: ${e}`);
+    }
+  }
+};
+
+// src/crypto/double-ratchet.ts
+var ROOT_KDF_INFO = new TextEncoder().encode("cairn-root-chain-v1");
+var CHAIN_KDF_INFO = new TextEncoder().encode("cairn-chain-advance-v1");
+var MESSAGE_KEY_KDF_INFO = new TextEncoder().encode("cairn-msg-encrypt-v1");
+var DEFAULT_CONFIG = {
+  maxSkip: 100,
+  cipher: "aes-256-gcm"
+};
+var DoubleRatchet = class _DoubleRatchet {
+  state;
+  config;
+  constructor(state, config) {
+    this.state = state;
+    this.config = config;
+  }
+  /**
+   * Initialize as the sender (initiator/Alice) after a shared secret
+   * has been established (e.g., from Noise XX handshake).
+   */
+  static initSender(sharedSecret, remoteDh, config) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    const dhSelf = X25519Keypair.generate();
+    const dhOutput = dhSelf.diffieHellman(remoteDh);
+    const [rootKey, chainKeySend] = kdfRk(sharedSecret, dhOutput);
+    const state = {
+      dhSelfSecret: dhSelf.secretBytes(),
+      dhSelfPublic: dhSelf.publicKeyBytes(),
+      dhRemote: new Uint8Array(remoteDh),
+      rootKey,
+      chainKeySend,
+      chainKeyRecv: null,
+      msgNumSend: 0,
+      msgNumRecv: 0,
+      prevChainLen: 0,
+      skippedKeys: /* @__PURE__ */ new Map()
+    };
+    return new _DoubleRatchet(state, cfg);
+  }
+  /**
+   * Initialize as the receiver (responder/Bob) after a shared secret
+   * has been established.
+   */
+  static initReceiver(sharedSecret, ourKeypair, config) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    const state = {
+      dhSelfSecret: ourKeypair.secretBytes(),
+      dhSelfPublic: ourKeypair.publicKeyBytes(),
+      dhRemote: null,
+      rootKey: new Uint8Array(sharedSecret),
+      chainKeySend: null,
+      chainKeyRecv: null,
+      msgNumSend: 0,
+      msgNumRecv: 0,
+      prevChainLen: 0,
+      skippedKeys: /* @__PURE__ */ new Map()
+    };
+    return new _DoubleRatchet(state, cfg);
+  }
+  /** Encrypt a message. Returns header and ciphertext. */
+  encrypt(plaintext) {
+    if (!this.state.chainKeySend) {
+      throw new CairnError("CRYPTO", "no sending chain key established");
+    }
+    const [newChainKey, messageKey] = kdfCk(this.state.chainKeySend);
+    this.state.chainKeySend = newChainKey;
+    const header = {
+      dhPublic: new Uint8Array(this.state.dhSelfPublic),
+      prevChainLen: this.state.prevChainLen,
+      msgNum: this.state.msgNumSend
+    };
+    this.state.msgNumSend++;
+    const nonce = deriveNonce(messageKey, header.msgNum);
+    const aad = serializeHeader(header);
+    const ciphertext = aeadEncrypt(this.config.cipher, messageKey, nonce, plaintext, aad);
+    messageKey.fill(0);
+    return { header, ciphertext };
+  }
+  /** Decrypt a message given the header and ciphertext. */
+  decrypt(header, ciphertext) {
+    const skippedId = skippedKeyId(header.dhPublic, header.msgNum);
+    const skippedMk = this.state.skippedKeys.get(skippedId);
+    if (skippedMk) {
+      this.state.skippedKeys.delete(skippedId);
+      return decryptWithKey(this.config.cipher, skippedMk, header, ciphertext);
+    }
+    const needDhRatchet = this.state.dhRemote === null || !bytesEqual(this.state.dhRemote, header.dhPublic);
+    if (needDhRatchet) {
+      this.skipMessageKeys(header.prevChainLen);
+      this.dhRatchet(header.dhPublic);
+    }
+    this.skipMessageKeys(header.msgNum);
+    if (!this.state.chainKeyRecv) {
+      throw new CairnError("CRYPTO", "no receiving chain key established");
+    }
+    const [newChainKey, messageKey] = kdfCk(this.state.chainKeyRecv);
+    this.state.chainKeyRecv = newChainKey;
+    this.state.msgNumRecv++;
+    const result = decryptWithKey(this.config.cipher, messageKey, header, ciphertext);
+    messageKey.fill(0);
+    return result;
+  }
+  /** Export the ratchet state for persistence. */
+  exportState() {
+    const skippedEntries = [];
+    for (const [key, value] of this.state.skippedKeys) {
+      skippedEntries.push([key, Array.from(value)]);
+    }
+    const obj = {
+      dhSelfSecret: Array.from(this.state.dhSelfSecret),
+      dhSelfPublic: Array.from(this.state.dhSelfPublic),
+      dhRemote: this.state.dhRemote ? Array.from(this.state.dhRemote) : null,
+      rootKey: Array.from(this.state.rootKey),
+      chainKeySend: this.state.chainKeySend ? Array.from(this.state.chainKeySend) : null,
+      chainKeyRecv: this.state.chainKeyRecv ? Array.from(this.state.chainKeyRecv) : null,
+      msgNumSend: this.state.msgNumSend,
+      msgNumRecv: this.state.msgNumRecv,
+      prevChainLen: this.state.prevChainLen,
+      skippedKeys: skippedEntries
+    };
+    return new TextEncoder().encode(JSON.stringify(obj));
+  }
+  /** Import ratchet state from persisted bytes. */
+  static importState(data, config) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    try {
+      const json = new TextDecoder().decode(data);
+      const obj = JSON.parse(json);
+      const skippedKeys = /* @__PURE__ */ new Map();
+      if (obj.skippedKeys) {
+        for (const [key, value] of obj.skippedKeys) {
+          skippedKeys.set(key, new Uint8Array(value));
+        }
+      }
+      const state = {
+        dhSelfSecret: new Uint8Array(obj.dhSelfSecret),
+        dhSelfPublic: new Uint8Array(obj.dhSelfPublic),
+        dhRemote: obj.dhRemote ? new Uint8Array(obj.dhRemote) : null,
+        rootKey: new Uint8Array(obj.rootKey),
+        chainKeySend: obj.chainKeySend ? new Uint8Array(obj.chainKeySend) : null,
+        chainKeyRecv: obj.chainKeyRecv ? new Uint8Array(obj.chainKeyRecv) : null,
+        msgNumSend: obj.msgNumSend,
+        msgNumRecv: obj.msgNumRecv,
+        prevChainLen: obj.prevChainLen,
+        skippedKeys
+      };
+      return new _DoubleRatchet(state, cfg);
+    } catch (e) {
+      if (e instanceof CairnError) throw e;
+      throw new CairnError("CRYPTO", `ratchet state deserialization: ${e}`);
+    }
+  }
+  /** Skip message keys up to (but not including) the given message number. */
+  skipMessageKeys(until) {
+    if (!this.state.chainKeyRecv) return;
+    const toSkip = until - this.state.msgNumRecv;
+    if (toSkip <= 0) return;
+    if (toSkip > this.config.maxSkip) {
+      throw new CairnError("CRYPTO", "max skip threshold exceeded");
+    }
+    let ck = this.state.chainKeyRecv;
+    for (let i = this.state.msgNumRecv; i < until; i++) {
+      const [newCk, mk] = kdfCk(ck);
+      if (!this.state.dhRemote) {
+        throw new CairnError("CRYPTO", "no remote DH key for skipping");
+      }
+      const id = skippedKeyId(this.state.dhRemote, i);
+      this.state.skippedKeys.set(id, mk);
+      ck = newCk;
+      this.state.msgNumRecv++;
+    }
+    this.state.chainKeyRecv = ck;
+  }
+  /** Perform a DH ratchet step when the peer's public key changes. */
+  dhRatchet(newRemotePublic) {
+    this.state.prevChainLen = this.state.msgNumSend;
+    this.state.msgNumSend = 0;
+    this.state.msgNumRecv = 0;
+    this.state.dhRemote = new Uint8Array(newRemotePublic);
+    const dhSelf = X25519Keypair.fromBytes(this.state.dhSelfSecret);
+    const dhOutput = dhSelf.diffieHellman(newRemotePublic);
+    const [rootKey1, chainKeyRecv] = kdfRk(this.state.rootKey, dhOutput);
+    this.state.rootKey = rootKey1;
+    this.state.chainKeyRecv = chainKeyRecv;
+    const newDhSelf = X25519Keypair.generate();
+    this.state.dhSelfSecret = newDhSelf.secretBytes();
+    this.state.dhSelfPublic = newDhSelf.publicKeyBytes();
+    const dhOutput2 = newDhSelf.diffieHellman(newRemotePublic);
+    const [rootKey2, chainKeySend] = kdfRk(this.state.rootKey, dhOutput2);
+    this.state.rootKey = rootKey2;
+    this.state.chainKeySend = chainKeySend;
+  }
+};
+function kdfRk(rootKey, dhOutput) {
+  const output = hkdfSha256(dhOutput, rootKey, ROOT_KDF_INFO, 64);
+  return [output.slice(0, 32), output.slice(32, 64)];
+}
+function kdfCk(chainKey) {
+  const newCk = hkdfSha256(chainKey, void 0, CHAIN_KDF_INFO, 32);
+  const mk = hkdfSha256(chainKey, void 0, MESSAGE_KEY_KDF_INFO, 32);
+  return [newCk, mk];
+}
+function deriveNonce(messageKey, msgNum) {
+  const nonce = new Uint8Array(12);
+  nonce.set(messageKey.slice(0, 8), 0);
+  const view = new DataView(nonce.buffer, nonce.byteOffset, nonce.byteLength);
+  view.setUint32(8, msgNum);
+  return nonce;
+}
+function serializeHeader(header) {
+  const obj = {
+    dh_public: Array.from(header.dhPublic),
+    prev_chain_len: header.prevChainLen,
+    msg_num: header.msgNum
+  };
+  return new TextEncoder().encode(JSON.stringify(obj));
+}
+function decryptWithKey(cipher, messageKey, header, ciphertext) {
+  const nonce = deriveNonce(messageKey, header.msgNum);
+  const aad = serializeHeader(header);
+  return aeadDecrypt(cipher, messageKey, nonce, ciphertext, aad);
+}
+function skippedKeyId(dhPublic, msgNum) {
+  return bytesToHex(dhPublic) + ":" + msgNum;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function bytesEqual(a, b) {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+
+// src/crypto/spake2.ts
+var import_ed255194 = require("@noble/curves/ed25519");
+var import_sha2564 = require("@noble/hashes/sha256");
+var ExtendedPoint = import_ed255194.ed25519.ExtendedPoint;
+var SPAKE2_ID_INITIATOR = new TextEncoder().encode("cairn-initiator");
+var SPAKE2_ID_RESPONDER = new TextEncoder().encode("cairn-responder");
+var L = 2n ** 252n + 27742317777372353535851937790883648493n;
+function bytesToScalar(bytes) {
+  let n = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    n = n << 8n | BigInt(bytes[i]);
+  }
+  return n;
+}
+function derivePoint(label) {
+  const hash = (0, import_sha2564.sha256)(label);
+  let n = bytesToScalar(hash) % L;
+  if (n === 0n) n = 1n;
+  return ExtendedPoint.BASE.multiply(n);
+}
+var M_POINT = derivePoint(new TextEncoder().encode("SPAKE2-Ed25519-M"));
+var N_POINT = derivePoint(new TextEncoder().encode("SPAKE2-Ed25519-N"));
+function passwordToScalar(password) {
+  const hash = (0, import_sha2564.sha256)(password);
+  let n = bytesToScalar(hash) % L;
+  if (n === 0n) n = 1n;
+  return n;
+}
+function randomScalar() {
+  const bytes = crypto.getRandomValues(new Uint8Array(64));
+  let n = bytesToScalar(bytes) % L;
+  if (n === 0n) n = 1n;
+  return n;
+}
+var Spake2 = class _Spake2 {
+  role;
+  scalar;
+  pwScalar;
+  idA;
+  idB;
+  /** Our outbound message (the blinded public key). */
+  outboundMsg;
+  constructor(role, password, idA, idB) {
+    this.role = role;
+    this.idA = idA;
+    this.idB = idB;
+    this.scalar = randomScalar();
+    this.pwScalar = passwordToScalar(password);
+    const blindingPoint = role === "A" ? M_POINT : N_POINT;
+    const blinded = blindingPoint.multiply(this.pwScalar);
+    const ephemeral = ExtendedPoint.BASE.multiply(this.scalar);
+    const T = blinded.add(ephemeral);
+    this.outboundMsg = T.toRawBytes();
+  }
+  /** Start SPAKE2 as side A (initiator). */
+  static startA(password) {
+    return new _Spake2("A", password, SPAKE2_ID_INITIATOR, SPAKE2_ID_RESPONDER);
+  }
+  /** Start SPAKE2 as side B (responder). */
+  static startB(password) {
+    return new _Spake2("B", password, SPAKE2_ID_INITIATOR, SPAKE2_ID_RESPONDER);
+  }
+  /**
+   * Finish the SPAKE2 exchange with the peer's message.
+   * Returns the 32-byte shared key.
+   */
+  finish(peerMsg) {
+    try {
+      const peerPoint = ExtendedPoint.fromHex(peerMsg);
+      const peerBlindingPoint = this.role === "A" ? N_POINT : M_POINT;
+      const unblinded = peerPoint.add(peerBlindingPoint.multiply(this.pwScalar).negate());
+      const Z = unblinded.multiply(this.scalar);
+      const tA = this.role === "A" ? this.outboundMsg : peerMsg;
+      const tB = this.role === "A" ? peerMsg : this.outboundMsg;
+      const transcript = concatBytes2(
+        lengthPrefix(this.idA),
+        lengthPrefix(this.idB),
+        lengthPrefix(tA),
+        lengthPrefix(tB),
+        lengthPrefix(Z.toRawBytes())
+      );
+      return (0, import_sha2564.sha256)(transcript);
+    } catch (e) {
+      if (e instanceof CairnError) throw e;
+      throw new CairnError("CRYPTO", `SPAKE2 finish error: ${e}`);
+    }
+  }
+};
+function lengthPrefix(data) {
+  const len = new Uint8Array(4);
+  const view = new DataView(len.buffer);
+  view.setUint32(0, data.length, true);
+  return concatBytes2(len, data);
+}
+function concatBytes2(...arrays) {
+  let totalLen = 0;
+  for (const arr of arrays) totalLen += arr.length;
+  const result = new Uint8Array(totalLen);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+
+// src/pairing/payload.ts
+var import_cborg = require("cborg");
+function encodePairingPayload(payload) {
+  const map = /* @__PURE__ */ new Map();
+  map.set(0, payload.peerId);
+  map.set(1, payload.nonce);
+  map.set(2, payload.pakeCredential);
+  if (payload.hints && payload.hints.length > 0) {
+    const hintArrays = payload.hints.map((h) => [h.hintType, h.value]);
+    map.set(3, hintArrays);
+  }
+  map.set(4, payload.createdAt);
+  map.set(5, payload.expiresAt);
+  return (0, import_cborg.encode)(map);
+}
+function decodePairingPayload(data) {
+  try {
+    const map = (0, import_cborg.decode)(data, { useMaps: true });
+    const peerId = map.get(0);
+    const nonce = map.get(1);
+    const pakeCredential = map.get(2);
+    if (!peerId || !nonce || !pakeCredential) {
+      throw new CairnError("PAIRING", "missing required fields in pairing payload");
+    }
+    let hints;
+    const rawHints = map.get(3);
+    if (rawHints && Array.isArray(rawHints)) {
+      hints = rawHints.map((h) => {
+        const arr = h;
+        return { hintType: arr[0], value: arr[1] };
+      });
+    }
+    const createdAt = map.get(4) ?? 0;
+    const expiresAt = map.get(5) ?? 0;
+    return { peerId, nonce, pakeCredential, hints, createdAt, expiresAt };
+  } catch (e) {
+    if (e instanceof CairnError) throw e;
+    throw new CairnError("PAIRING", `failed to decode pairing payload: ${e}`);
+  }
+}
+function generateNonce() {
+  return crypto.getRandomValues(new Uint8Array(16));
+}
+
+// src/pairing/qr.ts
+var MAX_QR_PAYLOAD_SIZE = 256;
+function generateQrPayload(payload) {
+  const cbor = encodePairingPayload(payload);
+  if (cbor.length > MAX_QR_PAYLOAD_SIZE) {
+    throw new CairnError(
+      "PAIRING",
+      `QR payload exceeds max size: ${cbor.length} > ${MAX_QR_PAYLOAD_SIZE} bytes`
+    );
+  }
+  return cbor;
+}
+function consumeQrPayload(raw) {
+  if (raw.length > MAX_QR_PAYLOAD_SIZE) {
+    throw new CairnError(
+      "PAIRING",
+      `QR payload exceeds max size: ${raw.length} > ${MAX_QR_PAYLOAD_SIZE} bytes`
+    );
+  }
+  const payload = decodePairingPayload(raw);
+  const now = Math.floor(Date.now() / 1e3);
+  if (now > payload.expiresAt) {
+    throw new CairnError("PAIRING", "QR pairing payload has expired");
+  }
+  return payload;
+}
+
+// src/pairing/pin.ts
+var CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+var PIN_LENGTH = 8;
+var HKDF_INFO_PIN_RENDEZVOUS = new TextEncoder().encode("cairn-pin-rendezvous-v1");
+function generatePin() {
+  const bytes = crypto.getRandomValues(new Uint8Array(5));
+  return encodeCrockford(bytes);
+}
+function formatPin(pin) {
+  if (pin.length === PIN_LENGTH) {
+    return `${pin.slice(0, 4)}-${pin.slice(4)}`;
+  }
+  return pin;
+}
+function normalizePin(input) {
+  return input.split("").filter((c) => c !== "-" && c !== " ").map((c) => c.toUpperCase()).filter((c) => c !== "U").map((c) => {
+    if (c === "I" || c === "L") return "1";
+    if (c === "O") return "0";
+    return c;
+  }).join("");
+}
+function validatePin(normalized) {
+  if (normalized.length !== PIN_LENGTH) {
+    throw new CairnError("PAIRING", `expected ${PIN_LENGTH} characters, got ${normalized.length}`);
+  }
+  for (const ch of normalized) {
+    if (!CROCKFORD_ALPHABET.includes(ch)) {
+      throw new CairnError("PAIRING", `invalid Crockford character: '${ch}'`);
+    }
+  }
+}
+function encodeCrockford(bytes) {
+  let bits = 0n;
+  for (const b of bytes) {
+    bits = bits << 8n | BigInt(b);
+  }
+  let result = "";
+  for (let i = 7; i >= 0; i--) {
+    const index = Number(bits >> BigInt(i * 5) & 0x1Fn);
+    result += CROCKFORD_ALPHABET[index];
+  }
+  return result;
+}
+
+// src/pairing/link.ts
+var DEFAULT_SCHEME = "cairn";
+function generatePairingLink(payload, scheme = DEFAULT_SCHEME) {
+  const pid = bytesToHex2(payload.peerId);
+  const nonce = bytesToHex2(payload.nonce);
+  const pake = bytesToHex2(payload.pakeCredential);
+  let uri = `${scheme}://pair?pid=${pid}&nonce=${nonce}&pake=${pake}`;
+  if (payload.hints && payload.hints.length > 0) {
+    const hintsStr = payload.hints.map((h) => `${h.hintType}:${h.value}`).join(",");
+    uri += `&hints=${encodeURIComponent(hintsStr)}`;
+  }
+  uri += `&t=${payload.createdAt}&x=${payload.expiresAt}`;
+  return uri;
+}
+function parsePairingLink(uri, scheme = DEFAULT_SCHEME) {
+  if (!uri.startsWith(`${scheme}://pair?`)) {
+    throw new CairnError("PAIRING", `invalid pairing link: expected ${scheme}://pair?...`);
+  }
+  const queryStart = uri.indexOf("?");
+  if (queryStart === -1) {
+    throw new CairnError("PAIRING", "invalid pairing link: missing query string");
+  }
+  const params = new URLSearchParams(uri.slice(queryStart + 1));
+  const pidHex = params.get("pid");
+  if (!pidHex) {
+    throw new CairnError("PAIRING", "missing 'pid' parameter in pairing link");
+  }
+  const peerId = hexToBytes(pidHex);
+  const nonceHex = params.get("nonce");
+  if (!nonceHex) {
+    throw new CairnError("PAIRING", "missing 'nonce' parameter in pairing link");
+  }
+  const nonce = hexToBytes(nonceHex);
+  if (nonce.length !== 16) {
+    throw new CairnError("PAIRING", `nonce must be 16 bytes, got ${nonce.length}`);
+  }
+  const pakeHex = params.get("pake");
+  if (!pakeHex) {
+    throw new CairnError("PAIRING", "missing 'pake' parameter in pairing link");
+  }
+  const pakeCredential = hexToBytes(pakeHex);
+  let hints;
+  const hintsStr = params.get("hints");
+  if (hintsStr) {
+    hints = hintsStr.split(",").map((part) => {
+      const colonIdx = part.indexOf(":");
+      if (colonIdx === -1) {
+        throw new CairnError("PAIRING", `invalid hint format: '${part}'`);
+      }
+      return {
+        hintType: part.slice(0, colonIdx),
+        value: part.slice(colonIdx + 1)
+      };
+    });
+  }
+  const createdAt = parseInt(params.get("t") ?? "0", 10) || 0;
+  const expiresAt = parseInt(params.get("x") ?? "0", 10) || 0;
+  const now = Math.floor(Date.now() / 1e3);
+  if (now > expiresAt) {
+    throw new CairnError("PAIRING", "pairing link has expired");
+  }
+  return { peerId, nonce, pakeCredential, hints, createdAt, expiresAt };
+}
+function bytesToHex2(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function hexToBytes(hex) {
+  if (hex.length % 2 !== 0) {
+    throw new CairnError("PAIRING", `invalid hex string length: ${hex.length}`);
+  }
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+
+// src/protocol/envelope.ts
+var import_cborg2 = require("cborg");
+var import_uuid = require("uuid");
+function newMsgId() {
+  const uuid = (0, import_uuid.v7)();
+  return new Uint8Array((0, import_uuid.parse)(uuid));
+}
+function envelopeToMap(envelope) {
+  const map = /* @__PURE__ */ new Map();
+  map.set(0, envelope.version);
+  map.set(1, envelope.type);
+  map.set(2, envelope.msgId);
+  if (envelope.sessionId !== void 0) {
+    map.set(3, envelope.sessionId);
+  }
+  map.set(4, envelope.payload);
+  if (envelope.authTag !== void 0) {
+    map.set(5, envelope.authTag);
+  }
+  return map;
+}
+function mapToEnvelope(map) {
+  const version = map.get(0);
+  if (version === void 0) {
+    throw new CairnError("PROTOCOL", "missing required field: version (key 0)");
+  }
+  const type = map.get(1);
+  if (type === void 0) {
+    throw new CairnError("PROTOCOL", "missing required field: type (key 1)");
+  }
+  const msgId = map.get(2);
+  if (msgId === void 0) {
+    throw new CairnError("PROTOCOL", "missing required field: msgId (key 2)");
+  }
+  if (!(msgId instanceof Uint8Array) || msgId.length !== 16) {
+    throw new CairnError("PROTOCOL", "msgId must be 16 bytes");
+  }
+  const payload = map.get(4);
+  if (payload === void 0) {
+    throw new CairnError("PROTOCOL", "missing required field: payload (key 4)");
+  }
+  const sessionId = map.get(3);
+  if (sessionId !== void 0 && (!(sessionId instanceof Uint8Array) || sessionId.length !== 32)) {
+    throw new CairnError("PROTOCOL", "sessionId must be 32 bytes");
+  }
+  const authTag = map.get(5);
+  return {
+    version,
+    type,
+    msgId,
+    sessionId,
+    payload: payload instanceof Uint8Array ? payload : new Uint8Array(payload),
+    authTag
+  };
+}
+function encodeEnvelope(envelope) {
+  try {
+    return (0, import_cborg2.encode)(envelopeToMap(envelope));
+  } catch (e) {
+    throw new CairnError("PROTOCOL", `CBOR encode error: ${e}`);
+  }
+}
+function decodeEnvelope(data) {
+  try {
+    const decoded = (0, import_cborg2.decode)(data, { useMaps: true });
+    if (!(decoded instanceof Map)) {
+      throw new CairnError("PROTOCOL", "expected CBOR map");
+    }
+    return mapToEnvelope(decoded);
+  } catch (e) {
+    if (e instanceof CairnError) throw e;
+    throw new CairnError("PROTOCOL", `CBOR decode error: ${e}`);
+  }
+}
+
+// src/protocol/message-types.ts
+var DATA_MESSAGE = 768;
+
+// src/session/message-queue.ts
+function defaultQueueConfig() {
+  return {
+    enabled: true,
+    maxSize: 1e3,
+    maxAgeMs: 36e5,
+    strategy: "fifo"
+  };
+}
+var MessageQueue = class {
+  _config;
+  _messages = [];
+  constructor(config) {
+    const defaults = defaultQueueConfig();
+    this._config = {
+      enabled: config?.enabled ?? defaults.enabled,
+      maxSize: config?.maxSize ?? defaults.maxSize,
+      maxAgeMs: config?.maxAgeMs ?? defaults.maxAgeMs,
+      strategy: config?.strategy ?? defaults.strategy
+    };
+  }
+  /** Enqueue a message. Returns the enqueue result. */
+  enqueue(sequence, payload) {
+    if (!this._config.enabled) {
+      return "disabled";
+    }
+    this.expireStale();
+    const msg = {
+      sequence,
+      payload,
+      enqueuedAt: Date.now()
+    };
+    if (this._messages.length >= this._config.maxSize) {
+      if (this._config.strategy === "fifo") {
+        return "full";
+      }
+      this._messages.shift();
+      this._messages.push(msg);
+      return "enqueued_with_eviction";
+    }
+    this._messages.push(msg);
+    return "enqueued";
+  }
+  /** Drain all queued messages in sequence order for retransmission. */
+  drain() {
+    this.expireStale();
+    const msgs = [...this._messages];
+    this._messages = [];
+    return msgs;
+  }
+  /** Discard all queued messages (e.g., on session re-establishment). */
+  clear() {
+    this._messages = [];
+  }
+  /** Get the number of currently queued messages. */
+  get length() {
+    return this._messages.length;
+  }
+  /** Check whether the queue is empty. */
+  get isEmpty() {
+    return this._messages.length === 0;
+  }
+  /** Get the remaining capacity. */
+  get remainingCapacity() {
+    return Math.max(0, this._config.maxSize - this._messages.length);
+  }
+  /** Peek at the next message without removing it. */
+  peek() {
+    return this._messages[0];
+  }
+  /** Get the queue configuration. */
+  get config() {
+    return this._config;
+  }
+  /** Remove messages older than maxAge. */
+  expireStale() {
+    const now = Date.now();
+    this._messages = this._messages.filter((msg) => now - msg.enqueuedAt < this._config.maxAgeMs);
+  }
+};
+
+// src/node.ts
+var APP_MSG_TYPE_MIN = 61440;
+var APP_MSG_TYPE_MAX = 65535;
+var NodeChannel = class {
+  constructor(name) {
+    this.name = name;
+  }
+  _open = true;
+  get isOpen() {
+    return this._open;
+  }
+  close() {
+    this._open = false;
+  }
+};
+var NodeSession = class {
+  constructor(peerId) {
+    this.peerId = peerId;
+  }
+  _state = "connected";
+  _channels = /* @__PURE__ */ new Map();
+  _stateListeners = [];
+  _channelListeners = [];
+  _errorListeners = [];
+  _messageHandlers = /* @__PURE__ */ new Map();
+  _customHandlers = /* @__PURE__ */ new Map();
+  _ratchet = null;
+  _messageQueue = new MessageQueue();
+  _sequenceCounter = 0;
+  /** Outbox of encoded envelopes (transport would drain this). */
+  outbox = [];
+  /** Get the current connection state. */
+  get state() {
+    return this._state;
+  }
+  /** Get the Double Ratchet (for testing/inspection). */
+  get ratchet() {
+    return this._ratchet;
+  }
+  /** Get the message queue. */
+  get messageQueue() {
+    return this._messageQueue;
+  }
+  /** Set the ratchet for this session (called during connect). */
+  _setRatchet(ratchet) {
+    this._ratchet = ratchet;
+  }
+  /** Open a named channel. */
+  openChannel(name) {
+    if (!name) {
+      throw new CairnError("PROTOCOL", "channel name cannot be empty");
+    }
+    if (name.startsWith("__cairn_")) {
+      throw new CairnError("PROTOCOL", "reserved channel name prefix");
+    }
+    const channel = new NodeChannel(name);
+    this._channels.set(name, channel);
+    for (const listener of this._channelListeners) {
+      listener(channel);
+    }
+    return channel;
+  }
+  /** Send data on a channel. Encrypts via Double Ratchet and wraps in CBOR envelope. */
+  send(channel, data) {
+    if (!channel.isOpen) {
+      throw new CairnError("PROTOCOL", "channel is not open");
+    }
+    if (this._state === "disconnected" || this._state === "reconnecting" || this._state === "suspended") {
+      const seq = this._sequenceCounter++;
+      const result = this._messageQueue.enqueue(seq, data);
+      if (result === "full") {
+        throw new CairnError("PROTOCOL", "message queue is full");
+      }
+      if (result === "disabled") {
+        throw new CairnError("PROTOCOL", "message queuing is disabled");
+      }
+      return;
+    }
+    let payload;
+    if (this._ratchet) {
+      const { header, ciphertext } = this._ratchet.encrypt(data);
+      const headerJson = new TextEncoder().encode(JSON.stringify({
+        dh_public: Array.from(header.dhPublic),
+        prev_chain_len: header.prevChainLen,
+        msg_num: header.msgNum
+      }));
+      const buf = new Uint8Array(4 + headerJson.length + ciphertext.length);
+      const view = new DataView(buf.buffer);
+      view.setUint32(0, headerJson.length);
+      buf.set(headerJson, 4);
+      buf.set(ciphertext, 4 + headerJson.length);
+      payload = buf;
+    } else {
+      payload = data;
+    }
+    const envelope = {
+      version: 1,
+      type: DATA_MESSAGE,
+      msgId: newMsgId(),
+      payload
+    };
+    const encoded = encodeEnvelope(envelope);
+    this.outbox.push(encoded);
+  }
+  /** Register a callback for incoming messages on a channel. */
+  onMessage(channel, callback) {
+    const handlers = this._messageHandlers.get(channel.name);
+    if (handlers) {
+      handlers.push(callback);
+    } else {
+      this._messageHandlers.set(channel.name, [callback]);
+    }
+  }
+  /** Register a callback for connection state changes. */
+  onStateChange(callback) {
+    this._stateListeners.push(callback);
+  }
+  /** Register a callback for channel opened events. */
+  onChannelOpened(callback) {
+    this._channelListeners.push(callback);
+  }
+  /** Register a callback for errors. */
+  onError(callback) {
+    this._errorListeners.push(callback);
+  }
+  /**
+   * Register a handler for application-specific message types (0xF000-0xFFFF).
+   */
+  onCustomMessage(typeCode, callback) {
+    if (typeCode < APP_MSG_TYPE_MIN || typeCode > APP_MSG_TYPE_MAX) {
+      throw new CairnError(
+        "PROTOCOL",
+        `custom message type 0x${typeCode.toString(16).padStart(4, "0")} outside application range 0xF000-0xFFFF`
+      );
+    }
+    this._customHandlers.set(typeCode, callback);
+  }
+  /**
+   * Dispatch an incoming CBOR envelope from the transport layer.
+   * Decrypts if needed and routes to appropriate callbacks.
+   */
+  dispatchIncoming(envelopeBytes) {
+    const envelope = decodeEnvelope(envelopeBytes);
+    if (envelope.type === DATA_MESSAGE) {
+      let plaintext;
+      if (this._ratchet && envelope.payload.length >= 4) {
+        const view = new DataView(envelope.payload.buffer, envelope.payload.byteOffset, envelope.payload.byteLength);
+        const headerLen = view.getUint32(0);
+        if (envelope.payload.length < 4 + headerLen) {
+          throw new CairnError("PROTOCOL", "payload too short for header");
+        }
+        const headerJson = new TextDecoder().decode(envelope.payload.slice(4, 4 + headerLen));
+        const headerObj = JSON.parse(headerJson);
+        const header = {
+          dhPublic: new Uint8Array(headerObj.dh_public),
+          prevChainLen: headerObj.prev_chain_len,
+          msgNum: headerObj.msg_num
+        };
+        const ciphertext = envelope.payload.slice(4 + headerLen);
+        plaintext = this._ratchet.decrypt(header, ciphertext);
+      } else {
+        plaintext = envelope.payload;
+      }
+      for (const [, cbs] of this._messageHandlers) {
+        for (const cb of cbs) {
+          cb(plaintext);
+        }
+      }
+    } else if (envelope.type >= APP_MSG_TYPE_MIN && envelope.type <= APP_MSG_TYPE_MAX) {
+      const handler = this._customHandlers.get(envelope.type);
+      if (handler) {
+        handler(envelope.payload);
+      }
+    }
+  }
+  /** Drain queued messages after reconnection. Returns payloads. */
+  drainMessageQueue() {
+    return this._messageQueue.drain().map((m) => m.payload);
+  }
+  /** Close this session. */
+  close() {
+    const prev = this._state;
+    this._state = "disconnected";
+    for (const listener of this._stateListeners) {
+      listener(prev, "disconnected");
+    }
+  }
+  /** Transition state (for internal/test use). */
+  _transitionState(to) {
+    const prev = this._state;
+    this._state = to;
+    for (const listener of this._stateListeners) {
+      listener(prev, to);
+    }
+  }
+};
+var Node = class _Node {
+  _config;
+  _sessions = /* @__PURE__ */ new Map();
+  _peerPairedListeners = [];
+  _peerUnpairedListeners = [];
+  _errorListeners = [];
+  _customRegistry = /* @__PURE__ */ new Map();
+  _natType = "unknown";
+  _closed = false;
+  _identity = null;
+  _pairedPeers = /* @__PURE__ */ new Set();
+  constructor(config) {
+    this._config = config;
+  }
+  /** Create a new cairn peer node with zero-config defaults (Tier 0). */
+  static async create(config) {
+    const resolved = resolveConfig(config);
+    const node = new _Node(resolved);
+    node._identity = await IdentityKeypair.generate();
+    return node;
+  }
+  /**
+   * Create a server-mode cairn node.
+   *
+   * Server mode is NOT a separate class — it applies server-mode defaults:
+   * meshEnabled: true, relayWilling: true, relayCapacity: 100, etc.
+   */
+  static async createServer(config) {
+    const serverMeshDefaults = {
+      meshEnabled: true,
+      relayWilling: true,
+      relayCapacity: 100,
+      maxHops: 3
+    };
+    const serverReconnectionDefaults = {
+      ...DEFAULT_RECONNECTION_POLICY,
+      sessionExpiry: 7 * 24 * 60 * 60 * 1e3,
+      rendezvousPollInterval: 3e4,
+      reconnectMaxDuration: Infinity
+    };
+    const merged = {
+      ...config,
+      meshSettings: { ...serverMeshDefaults, ...config?.meshSettings },
+      reconnectionPolicy: { ...serverReconnectionDefaults, ...config?.reconnectionPolicy }
+    };
+    const resolved = resolveConfig(merged);
+    const node = new _Node(resolved);
+    node._identity = await IdentityKeypair.generate();
+    return node;
+  }
+  /** Get the node configuration. */
+  get config() {
+    return this._config;
+  }
+  /** Whether this node has been closed. */
+  get isClosed() {
+    return this._closed;
+  }
+  /** Get the node's identity keypair. */
+  get identity() {
+    return this._identity;
+  }
+  /** Get the node's peer ID. */
+  get peerId() {
+    return this._identity?.peerId() ?? null;
+  }
+  // --- Event listeners ---
+  onPeerPaired(callback) {
+    this._peerPairedListeners.push(callback);
+  }
+  onPeerUnpaired(callback) {
+    this._peerUnpairedListeners.push(callback);
+  }
+  onError(callback) {
+    this._errorListeners.push(callback);
+  }
+  /**
+   * Register a node-wide handler for a custom message type (0xF000-0xFFFF).
+   *
+   * Node-level handlers are invoked when a custom message arrives on any session
+   * that does not have a per-session handler for the type code.
+   */
+  registerCustomMessage(typeCode, handler) {
+    if (typeCode < APP_MSG_TYPE_MIN || typeCode > APP_MSG_TYPE_MAX) {
+      throw new CairnError(
+        "PROTOCOL",
+        `custom message type 0x${typeCode.toString(16).padStart(4, "0")} outside application range 0xF000-0xFFFF`
+      );
+    }
+    this._customRegistry.set(typeCode, handler);
+  }
+  // --- Internal helpers ---
+  _createPairingPayload() {
+    if (!this._identity) {
+      throw new CairnError("PROTOCOL", "node identity not initialized");
+    }
+    const nonce = generateNonce();
+    const now = Math.floor(Date.now() / 1e3);
+    const ttlSec = Math.floor(this._config.reconnectionPolicy.pairingPayloadExpiry / 1e3);
+    return {
+      peerId: this._identity.peerId(),
+      nonce,
+      pakeCredential: nonce,
+      // use nonce as PAKE credential (same as Rust)
+      createdAt: now,
+      expiresAt: now + ttlSec
+    };
+  }
+  _runPairingExchange(password) {
+    const alice = Spake2.startA(password);
+    const bob = Spake2.startB(password);
+    alice.finish(bob.outboundMsg);
+    bob.finish(alice.outboundMsg);
+  }
+  _completePairing(remotePeerId) {
+    this._pairedPeers.add(remotePeerId);
+    for (const listener of this._peerPairedListeners) {
+      listener(remotePeerId);
+    }
+  }
+  async _performNoiseHandshake() {
+    if (!this._identity) {
+      throw new CairnError("PROTOCOL", "node identity not initialized");
+    }
+    const remoteId = await IdentityKeypair.generate();
+    const initiator = new NoiseXXHandshake("initiator", this._identity);
+    const responder = new NoiseXXHandshake("responder", remoteId);
+    const out1 = initiator.step();
+    if (out1.type !== "send_message") throw new CairnError("CRYPTO", "unexpected at msg1");
+    const out2 = responder.step(out1.data);
+    if (out2.type !== "send_message") throw new CairnError("CRYPTO", "unexpected at msg2");
+    const out3 = initiator.step(out2.data);
+    if (out3.type !== "send_message") throw new CairnError("CRYPTO", "unexpected at msg3");
+    responder.step(out3.data);
+    return initiator.getResult();
+  }
+  // --- Pairing methods (spec section 3.3) ---
+  async pairGenerateQr() {
+    const payload = this._createPairingPayload();
+    const cbor = generateQrPayload(payload);
+    return {
+      payload: cbor,
+      expiresIn: this._config.reconnectionPolicy.pairingPayloadExpiry
+    };
+  }
+  async pairScanQr(data) {
+    const payload = consumeQrPayload(data);
+    this._runPairingExchange(payload.pakeCredential);
+    const remotePeerId = bytesToHex3(payload.peerId);
+    this._completePairing(remotePeerId);
+    return remotePeerId;
+  }
+  async pairGeneratePin() {
+    const raw = generatePin();
+    return {
+      pin: formatPin(raw),
+      expiresIn: this._config.reconnectionPolicy.pairingPayloadExpiry
+    };
+  }
+  async pairEnterPin(pin) {
+    const normalized = normalizePin(pin);
+    validatePin(normalized);
+    const password = new TextEncoder().encode(normalized);
+    this._runPairingExchange(password);
+    const remotePeerId = bytesToHex3(crypto.getRandomValues(new Uint8Array(32)));
+    this._completePairing(remotePeerId);
+    return remotePeerId;
+  }
+  async pairGenerateLink() {
+    const payload = this._createPairingPayload();
+    const uri = generatePairingLink(payload);
+    return {
+      uri,
+      expiresIn: this._config.reconnectionPolicy.pairingPayloadExpiry
+    };
+  }
+  async pairFromLink(uri) {
+    const payload = parsePairingLink(uri);
+    this._runPairingExchange(payload.pakeCredential);
+    const remotePeerId = bytesToHex3(payload.peerId);
+    this._completePairing(remotePeerId);
+    return remotePeerId;
+  }
+  // --- Connection methods ---
+  /** Connect to a paired peer. Performs Noise XX handshake and Double Ratchet init. */
+  async connect(peerId, _options) {
+    const handshakeResult = await this._performNoiseHandshake();
+    const bobDh = X25519Keypair.generate();
+    const ratchet = DoubleRatchet.initSender(handshakeResult.sessionKey, bobDh.publicKeyBytes());
+    const session = new NodeSession(peerId);
+    session._setRatchet(ratchet);
+    this._sessions.set(peerId, session);
+    return session;
+  }
+  /** Unpair a peer, removing trust and closing sessions. */
+  async unpair(peerId) {
+    this._pairedPeers.delete(peerId);
+    this._sessions.delete(peerId);
+    for (const listener of this._peerUnpairedListeners) {
+      listener(peerId);
+    }
+  }
+  /** Get network diagnostic information. */
+  async networkInfo() {
+    return { natType: this._natType };
+  }
+  /** Update the detected NAT type (called by transport layer). */
+  setNatType(natType) {
+    this._natType = natType;
+  }
+  /** Close the node and all sessions. */
+  async close() {
+    this._closed = true;
+    for (const session of this._sessions.values()) {
+      session.close();
+    }
+    this._sessions.clear();
+  }
+};
+function resolveConfig(partial) {
+  return {
+    stunServers: partial?.stunServers ?? [...DEFAULT_STUN_SERVERS],
+    turnServers: partial?.turnServers ?? [],
+    signalingServers: partial?.signalingServers ?? [],
+    trackerUrls: partial?.trackerUrls ?? [],
+    bootstrapNodes: partial?.bootstrapNodes ?? [],
+    transportPreferences: partial?.transportPreferences ?? [...DEFAULT_TRANSPORT_PREFERENCES],
+    reconnectionPolicy: {
+      connectTimeout: DEFAULT_RECONNECTION_POLICY.connectTimeout,
+      transportTimeout: DEFAULT_RECONNECTION_POLICY.transportTimeout,
+      reconnectMaxDuration: DEFAULT_RECONNECTION_POLICY.reconnectMaxDuration,
+      reconnectBackoff: {
+        ...DEFAULT_RECONNECTION_POLICY.reconnectBackoff,
+        ...partial?.reconnectionPolicy?.reconnectBackoff
+      },
+      rendezvousPollInterval: DEFAULT_RECONNECTION_POLICY.rendezvousPollInterval,
+      sessionExpiry: DEFAULT_RECONNECTION_POLICY.sessionExpiry,
+      pairingPayloadExpiry: DEFAULT_RECONNECTION_POLICY.pairingPayloadExpiry,
+      ...partial?.reconnectionPolicy
+    },
+    meshSettings: {
+      meshEnabled: DEFAULT_MESH_SETTINGS.meshEnabled,
+      maxHops: DEFAULT_MESH_SETTINGS.maxHops,
+      relayWilling: DEFAULT_MESH_SETTINGS.relayWilling,
+      relayCapacity: DEFAULT_MESH_SETTINGS.relayCapacity,
+      ...partial?.meshSettings
+    },
+    storageBackend: partial?.storageBackend ?? "memory"
+  };
+}
+function bytesToHex3(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/session/state-machine.ts
+var VALID_TRANSITIONS = [
+  ["connected", "unstable"],
+  ["connected", "disconnected"],
+  ["unstable", "disconnected"],
+  ["unstable", "connected"],
+  ["disconnected", "reconnecting"],
+  ["reconnecting", "reconnected"],
+  ["reconnecting", "suspended"],
+  ["suspended", "reconnecting"],
+  ["suspended", "failed"],
+  ["reconnected", "connected"]
+];
+function isValidTransition(from, to) {
+  return VALID_TRANSITIONS.some(([f, t]) => f === from && t === to);
+}
+var SessionStateMachine = class {
+  _sessionId;
+  _state;
+  _listeners = [];
+  constructor(sessionId, initialState = "connected") {
+    this._sessionId = sessionId;
+    this._state = initialState;
+  }
+  /** Get the current state. */
+  get state() {
+    return this._state;
+  }
+  /** Get the session ID. */
+  get sessionId() {
+    return this._sessionId;
+  }
+  /** Subscribe to state change events. */
+  onStateChanged(listener) {
+    this._listeners.push(listener);
+  }
+  /**
+   * Attempt a state transition.
+   *
+   * Throws CairnError if the transition is not allowed by the state diagram.
+   * Calls all registered state_changed listeners on success.
+   */
+  transition(to, reason) {
+    if (!isValidTransition(this._state, to)) {
+      throw new CairnError(
+        "PROTOCOL",
+        `invalid session state transition: ${this._state} -> ${to}`
+      );
+    }
+    const from = this._state;
+    this._state = to;
+    const event = {
+      sessionId: this._sessionId,
+      fromState: from,
+      toState: to,
+      timestamp: Date.now(),
+      reason
+    };
+    for (const listener of this._listeners) {
+      listener(event);
+    }
+  }
+};
+
+// src/server/management.ts
+var import_node_http = require("http");
+var import_node_crypto = require("crypto");
+
+// src/server/index.ts
+function defaultServerConfig() {
+  return {
+    meshEnabled: true,
+    relayWilling: true,
+    relayCapacity: 100,
+    storeForwardEnabled: true,
+    storeForwardMaxPerPeer: 1e3,
+    storeForwardMaxAgeMs: 7 * 24 * 60 * 60 * 1e3,
+    // 7 days
+    storeForwardMaxTotalSize: 1073741824,
+    // 1 GB
+    sessionExpiryMs: 7 * 24 * 60 * 60 * 1e3,
+    // 7 days
+    heartbeatIntervalMs: 6e4,
+    // 60s
+    reconnectMaxDurationMs: null,
+    // indefinite
+    headless: true
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthenticationFailedError,
+  CairnError,
+  DEFAULT_MESH_SETTINGS,
+  DEFAULT_RECONNECTION_POLICY,
+  DEFAULT_STUN_SERVERS,
+  DEFAULT_TRANSPORT_PREFERENCES,
+  ErrorBehavior,
+  MeshRouteNotFoundError,
+  Node,
+  NodeChannel,
+  NodeSession,
+  PairingExpiredError,
+  PairingRejectedError,
+  PeerUnreachableError,
+  SessionExpiredError,
+  SessionStateMachine,
+  TransportExhaustedError,
+  VersionMismatchError,
+  defaultServerConfig,
+  isValidTransition
+});