cojson 0.0.11 → 0.0.13

package/src/coValue.test.ts

@@ -1,25 +1,17 @@
-import {
-    Transaction,
-    getAgent,
-    getAgentID,
-    newRandomAgentCredential,
-    newRandomSessionID,
-} from './coValue.js';
-import { LocalNode } from './node.js';
-import { createdNowUnique, sign } from './crypto.js';
+import { Transaction } from "./coValue.js";
+import { LocalNode } from "./node.js";
+import { createdNowUnique, getAgentSignerSecret, newRandomAgentSecret, sign } from "./crypto.js";
+import { randomAnonymousAccountAndSessionID } from "./testUtils.js";
 
 test("Can create coValue with new agent credentials and add transaction to it", () => {
-    const agentCredential = newRandomAgentCredential("agent1");
-    const node = new LocalNode(
-        agentCredential,
-        newRandomSessionID(getAgentID(getAgent(agentCredential)))
-    );
+    const [account, sessionID] = randomAnonymousAccountAndSessionID();
+    const node = new LocalNode(account, sessionID);
 
     const coValue = node.createCoValue({
         type: "costream",
         ruleset: { type: "unsafeAllowAll" },
         meta: null,
-        ...createdNowUnique()
+        ...createdNowUnique(),
     });
 
     const transaction: Transaction = {
@@ -42,24 +34,21 @@ test("Can create coValue with new agent credentials and add transaction to it",
             node.ownSessionID,
             [transaction],
             expectedNewHash,
-            sign(agentCredential.signatorySecret, expectedNewHash)
+            sign(account.currentSignerSecret(), expectedNewHash)
         )
     ).toBe(true);
 });
 
 test("transactions with wrong signature are rejected", () => {
-    const wrongAgent = newRandomAgentCredential("wrongAgent");
-    const agentCredential = newRandomAgentCredential("agent1");
-    const node = new LocalNode(
-        agentCredential,
-        newRandomSessionID(getAgentID(getAgent(agentCredential)))
-    );
+    const wrongAgent = newRandomAgentSecret();
+    const [agentSecret, sessionID] = randomAnonymousAccountAndSessionID();
+    const node = new LocalNode(agentSecret, sessionID);
 
     const coValue = node.createCoValue({
         type: "costream",
         ruleset: { type: "unsafeAllowAll" },
         meta: null,
-        ...createdNowUnique()
+        ...createdNowUnique(),
     });
 
     const transaction: Transaction = {
@@ -82,23 +71,20 @@ test("transactions with wrong signature are rejected", () => {
             node.ownSessionID,
             [transaction],
             expectedNewHash,
-            sign(wrongAgent.signatorySecret, expectedNewHash)
+            sign(getAgentSignerSecret(wrongAgent), expectedNewHash)
         )
     ).toBe(false);
 });
 
 test("transactions with correctly signed, but wrong hash are rejected", () => {
-    const agentCredential = newRandomAgentCredential("agent1");
-    const node = new LocalNode(
-        agentCredential,
-        newRandomSessionID(getAgentID(getAgent(agentCredential)))
-    );
+    const [account, sessionID] = randomAnonymousAccountAndSessionID();
+    const node = new LocalNode(account, sessionID);
 
     const coValue = node.createCoValue({
         type: "costream",
         ruleset: { type: "unsafeAllowAll" },
         meta: null,
-        ...createdNowUnique()
+        ...createdNowUnique(),
     });
 
     const transaction: Transaction = {
@@ -131,7 +117,7 @@ test("transactions with correctly signed, but wrong hash are rejected", () => {
             node.ownSessionID,
             [transaction],
             expectedNewHash,
-            sign(agentCredential.signatorySecret, expectedNewHash)
+            sign(account.currentSignerSecret(), expectedNewHash)
         )
     ).toBe(false);
 });

package/src/coValue.ts

@@ -1,74 +1,65 @@
 import { randomBytes } from "@noble/hashes/utils";
-import { ContentType } from './contentType.js';
-import { Static } from './contentTypes/static.js';
-import { CoStream } from './contentTypes/coStream.js';
-import { CoMap } from './contentTypes/coMap.js';
+import { ContentType } from "./contentType.js";
+import { Static } from "./contentTypes/static.js";
+import { CoStream } from "./contentTypes/coStream.js";
+import { CoMap } from "./contentTypes/coMap.js";
 import {
     Encrypted,
     Hash,
     KeySecret,
-    RecipientID,
-    RecipientSecret,
-    SignatoryID,
-    SignatorySecret,
     Signature,
     StreamingHash,
-    getRecipientID,
-    getSignatoryID,
-    newRandomRecipient,
-    newRandomSignatory,
-    openAs,
+    unseal,
     shortHash,
     sign,
     verify,
     encryptForTransaction,
     decryptForTransaction,
     KeyID,
-    unsealKeySecret,
-    signatorySecretToBytes,
-    recipientSecretToBytes,
-    signatorySecretFromBytes,
-    recipientSecretFromBytes,
-} from './crypto.js';
-import { JsonValue } from './jsonValue.js';
+    decryptKeySecret,
+    getAgentSignerID,
+    getAgentSealerID,
+} from "./crypto.js";
+import { JsonObject, JsonValue } from "./jsonValue.js";
 import { base58 } from "@scure/base";
 import {
     PermissionsDef as RulesetDef,
     Team,
     determineValidTransactions,
     expectTeamContent,
-} from './permissions.js';
-import { LocalNode } from './node.js';
-import { CoValueKnownState, NewContentMessage } from './sync.js';
-import { AgentID, RawCoValueID, SessionID, TransactionID } from './ids.js';
-import { CoList } from './contentTypes/coList.js';
+    isKeyForKeyField,
+} from "./permissions.js";
+import { LocalNode } from "./node.js";
+import { CoValueKnownState, NewContentMessage } from "./sync.js";
+import { RawCoID, SessionID, TransactionID } from "./ids.js";
+import { CoList } from "./contentTypes/coList.js";
+import {
+    AccountID,
+    AccountIDOrAgentID,
+    GeneralizedControlledAccount,
+} from "./account.js";
 
 export type CoValueHeader = {
     type: ContentType["type"];
     ruleset: RulesetDef;
-    meta: JsonValue;
+    meta: JsonObject | null;
     createdAt: `2${string}` | null;
     uniqueness: `z${string}` | null;
-    publicNickname?: string;
 };
 
-function coValueIDforHeader(header: CoValueHeader): RawCoValueID {
+export function idforHeader(header: CoValueHeader): RawCoID {
     const hash = shortHash(header);
-    if (header.publicNickname) {
-        return `co_${header.publicNickname}_z${hash.slice(
-            "shortHash_z".length
-        )}`;
-    } else {
-        return `co_z${hash.slice("shortHash_z".length)}`;
-    }
+    return `co_z${hash.slice("shortHash_z".length)}`;
 }
 
-export function agentIDfromSessionID(sessionID: SessionID): AgentID {
-    return sessionID.split("_session")[0] as AgentID;
+export function accountOrAgentIDfromSessionID(
+    sessionID: SessionID
+): AccountIDOrAgentID {
+    return sessionID.split("_session")[0] as AccountIDOrAgentID;
 }
 
-export function newRandomSessionID(agentID: AgentID): SessionID {
-    return `${agentID}_session_z${base58.encode(randomBytes(8))}`;
+export function newRandomSessionID(accountID: AccountIDOrAgentID): SessionID {
+    return `${accountID}_session_z${base58.encode(randomBytes(8))}`;
 }
 
 type SessionLog = {
@@ -84,7 +75,7 @@ export type PrivateTransaction = {
     keyUsed: KeyID;
     encryptedChanges: Encrypted<
         JsonValue[],
-        { in: RawCoValueID; tx: TransactionID }
+        { in: RawCoID; tx: TransactionID }
     >;
 };
 
@@ -103,7 +94,7 @@ export type DecryptedTransaction = {
 };
 
 export class CoValue {
-    id: RawCoValueID;
+    id: RawCoID;
     node: LocalNode;
     header: CoValueHeader;
     sessions: { [key: SessionID]: SessionLog };
@@ -111,18 +102,18 @@ export class CoValue {
     listeners: Set<(content?: ContentType) => void> = new Set();
 
     constructor(header: CoValueHeader, node: LocalNode) {
-        this.id = coValueIDforHeader(header);
+        this.id = idforHeader(header);
         this.header = header;
         this.sessions = {};
         this.node = node;
     }
 
-    testWithDifferentCredentials(
-        agentCredential: AgentCredential,
+    testWithDifferentAccount(
+        account: GeneralizedControlledAccount,
         ownSessionID: SessionID
     ): CoValue {
-        const newNode = this.node.testWithDifferentCredentials(
-            agentCredential,
+        const newNode = this.node.testWithDifferentAccount(
+            account,
             ownSessionID
         );
 
@@ -131,7 +122,7 @@ export class CoValue {
 
     knownState(): CoValueKnownState {
         return {
-            coValueID: this.id,
+            id: this.id,
             header: true,
             sessions: Object.fromEntries(
                 Object.entries(this.sessions).map(([k, v]) => [
@@ -157,16 +148,21 @@ export class CoValue {
     tryAddTransactions(
         sessionID: SessionID,
         newTransactions: Transaction[],
-        newHash: Hash,
+        givenExpectedNewHash: Hash | undefined,
         newSignature: Signature
     ): boolean {
-        const signatoryID = this.node.expectAgentLoaded(
-            agentIDfromSessionID(sessionID),
-            "Expected to know signatory of transaction"
-        ).signatoryID;
+        const signerID = getAgentSignerID(
+            this.node.resolveAccountAgent(
+                accountOrAgentIDfromSessionID(sessionID),
+                "Expected to know signer of transaction"
+            )
+        );
 
-        if (!signatoryID) {
-            console.warn("Unknown agent", agentIDfromSessionID(sessionID));
+        if (!signerID) {
+            console.warn(
+                "Unknown agent",
+                accountOrAgentIDfromSessionID(sessionID)
+            );
             return false;
         }
 
@@ -175,17 +171,17 @@ export class CoValue {
             newTransactions
         );
 
-        if (newHash !== expectedNewHash) {
-            console.warn("Invalid hash", { newHash, expectedNewHash });
+        if (givenExpectedNewHash && givenExpectedNewHash !== expectedNewHash) {
+            console.warn("Invalid hash", { expectedNewHash, givenExpectedNewHash });
             return false;
         }
 
-        if (!verify(newSignature, newHash, signatoryID)) {
+        if (!verify(newSignature, expectedNewHash, signerID)) {
             console.warn(
                 "Invalid signature",
                 newSignature,
-                newHash,
-                signatoryID
+                expectedNewHash,
+                signerID
             );
             return false;
         }
@@ -196,7 +192,7 @@ export class CoValue {
 
         this.sessions[sessionID] = {
             transactions,
-            lastHash: newHash,
+            lastHash: expectedNewHash,
             streamingHash: newStreamingHash,
             lastSignature: newSignature,
         };
@@ -281,7 +277,7 @@ export class CoValue {
         ]);
 
         const signature = sign(
-            this.node.agentCredential.signatorySecret,
+            this.node.account.currentSignerSecret(),
             expectedNewHash
         );
 
@@ -374,7 +370,7 @@ export class CoValue {
         if (this.header.ruleset.type === "team") {
             const content = expectTeamContent(this.getCurrentContent());
 
-            const currentKeyId = content.get("readKey")?.keyID;
+            const currentKeyId = content.get("readKey");
 
             if (!currentKeyId) {
                 throw new Error("No readKey set");
@@ -401,61 +397,63 @@ export class CoValue {
         if (this.header.ruleset.type === "team") {
             const content = expectTeamContent(this.getCurrentContent());
 
-            const readKeyHistory = content.getHistory("readKey");
+            // Try to find key revelation for us
 
-            // Try to find direct relevation of key for us
+            const readKeyEntry = content.getLastEntry(`${keyID}_for_${this.node.account.id}`);
 
-            for (const entry of readKeyHistory) {
-                if (entry.value?.keyID === keyID) {
-                    const revealer = agentIDfromSessionID(entry.txID.sessionID);
-                    const revealerAgent = this.node.expectAgentLoaded(
-                        revealer,
-                        "Expected to know revealer"
-                    );
+            if (readKeyEntry) {
+                const revealer = accountOrAgentIDfromSessionID(
+                    readKeyEntry.txID.sessionID
+                );
+                const revealerAgent = this.node.resolveAccountAgent(
+                    revealer,
+                    "Expected to know revealer"
+                );
 
-                    const secret = openAs(
-                        entry.value.revelation,
-                        this.node.agentCredential.recipientSecret,
-                        revealerAgent.recipientID,
-                        {
-                            in: this.id,
-                            tx: entry.txID,
-                        }
-                    );
+                const secret = unseal(
+                    readKeyEntry.value,
+                    this.node.account.currentSealerSecret(),
+                    getAgentSealerID(revealerAgent),
+                    {
+                        in: this.id,
+                        tx: readKeyEntry.txID,
+                    }
+                );
 
-                    if (secret) return secret as KeySecret;
-                }
+                if (secret) return secret as KeySecret;
             }
 
             // Try to find indirect revelation through previousKeys
 
-            for (const entry of readKeyHistory) {
-                const encryptedPreviousKey = entry.value?.previousKeys?.[keyID];
-                if (entry.value && encryptedPreviousKey) {
-                    const sealingKeyID = entry.value.keyID;
-                    const sealingKeySecret = this.getReadKey(sealingKeyID);
+            for (const field of content.keys()) {
+                if (isKeyForKeyField(field) && field.startsWith(keyID)) {
+                    const encryptingKeyID = field.split("_for_")[1] as KeyID;
+                    const encryptingKeySecret = this.getReadKey(encryptingKeyID);
 
-                    if (!sealingKeySecret) {
+                    if (!encryptingKeySecret) {
                         continue;
                     }
 
-                    const secret = unsealKeySecret(
+                    const encryptedPreviousKey = content.get(field)!;
+
+                    const secret = decryptKeySecret(
                         {
-                            sealed: keyID,
-                            sealing: sealingKeyID,
+                            encryptedID: keyID,
+                            encryptingID: encryptingKeyID,
                             encrypted: encryptedPreviousKey,
                         },
-                        sealingKeySecret
+                        encryptingKeySecret
                     );
 
                     if (secret) {
                         return secret;
                     } else {
                         console.error(
-                            `Sealing ${sealingKeyID} key didn't unseal ${keyID}`
+                            `Encrypting ${encryptingKeyID} key didn't decrypt ${keyID}`
                         );
                     }
                 }
+
             }
 
             return undefined;
@@ -493,10 +491,10 @@ export class CoValue {
         knownState: CoValueKnownState | undefined
     ): NewContentMessage | undefined {
         const newContent: NewContentMessage = {
-            action: "newContent",
-            coValueID: this.id,
+            action: "content",
+            id: this.id,
             header: knownState?.header ? undefined : this.header,
-            newContent: Object.fromEntries(
+            new: Object.fromEntries(
                 Object.entries(this.sessions)
                     .map(([sessionID, log]) => {
                         const newTransactions = log.transactions.slice(
@@ -519,7 +517,6 @@ export class CoValue {
                                         sessionID as SessionID
                                     ] || 0,
                                 newTransactions,
-                                lastHash: log.lastHash,
                                 lastSignature: log.lastSignature,
                             },
                         ];
@@ -530,7 +527,7 @@ export class CoValue {
 
         if (
             !newContent.header &&
-            Object.keys(newContent.newContent).length === 0
+            Object.keys(newContent.new).length === 0
         ) {
             return undefined;
         }
@@ -538,97 +535,13 @@ export class CoValue {
         return newContent;
     }
 
-    getDependedOnCoValues(): RawCoValueID[] {
+    getDependedOnCoValues(): RawCoID[] {
         return this.header.ruleset.type === "team"
             ? expectTeamContent(this.getCurrentContent())
                   .keys()
-                  .filter((k): k is AgentID => k.startsWith("co_agent"))
+                  .filter((k): k is AccountID => k.startsWith("co_"))
             : this.header.ruleset.type === "ownedByTeam"
             ? [this.header.ruleset.team]
             : [];
     }
-}
-
-export type Agent = {
-    signatoryID: SignatoryID;
-    recipientID: RecipientID;
-    publicNickname?: string;
-};
-
-export function getAgent(agentCredential: AgentCredential) {
-    return {
-        signatoryID: getSignatoryID(agentCredential.signatorySecret),
-        recipientID: getRecipientID(agentCredential.recipientSecret),
-        publicNickname: agentCredential.publicNickname,
-    };
-}
-
-export function getAgentCoValueHeader(agent: Agent): CoValueHeader {
-    return {
-        type: "comap",
-        ruleset: {
-            type: "agent",
-            initialSignatoryID: agent.signatoryID,
-            initialRecipientID: agent.recipientID,
-        },
-        meta: null,
-        createdAt: null,
-        uniqueness: null,
-        publicNickname:
-            "agent" + (agent.publicNickname ? `-${agent.publicNickname}` : ""),
-    };
-}
-
-export function getAgentID(agent: Agent): AgentID {
-    return coValueIDforHeader(getAgentCoValueHeader(agent)) as AgentID;
-}
-
-export type AgentCredential = {
-    signatorySecret: SignatorySecret;
-    recipientSecret: RecipientSecret;
-    publicNickname?: string;
-};
-
-export function newRandomAgentCredential(
-    publicNickname?: string
-): AgentCredential {
-    const signatorySecret = newRandomSignatory();
-    const recipientSecret = newRandomRecipient();
-    return { signatorySecret, recipientSecret, publicNickname };
-}
-
-export function agentCredentialToBytes(cred: AgentCredential): Uint8Array {
-    if (cred.publicNickname) {
-        throw new Error("Can't convert agent credential with publicNickname");
-    }
-    const bytes = new Uint8Array(64);
-    const signatorySecretBytes = signatorySecretToBytes(cred.signatorySecret);
-    if (signatorySecretBytes.length !== 32) {
-        throw new Error("Invalid signatorySecret length");
-    }
-    bytes.set(signatorySecretBytes);
-    const recipientSecretBytes = recipientSecretToBytes(cred.recipientSecret);
-    if (recipientSecretBytes.length !== 32) {
-        throw new Error("Invalid recipientSecret length");
-    }
-    bytes.set(recipientSecretBytes, 32);
-
-    return bytes;
-}
-
-export function agentCredentialFromBytes(
-    bytes: Uint8Array
-): AgentCredential | undefined {
-    if (bytes.length !== 64) {
-        return undefined;
-    }
-
-    const signatorySecret = signatorySecretFromBytes(bytes.slice(0, 32));
-    const recipientSecret = recipientSecretFromBytes(bytes.slice(32));
-
-    return { signatorySecret, recipientSecret };
-}
-
-// type Role = "admin" | "writer" | "reader";
-
-// type PermissionsDef = CJMap<AgentID, Role, {[agent: AgentID]: Role}>;
+}