cojson 0.0.7 → 0.0.9

package/dist/crypto.test.mjs

@@ -1,155 +0,0 @@
-"use strict";
-import {
-  getRecipientID,
-  getSignatoryID,
-  secureHash,
-  newRandomRecipient,
-  newRandomSignatory,
-  seal,
-  sign,
-  openAs,
-  verify,
-  shortHash,
-  newRandomKeySecret,
-  encryptForTransaction,
-  decryptForTransaction,
-  sealKeySecret,
-  unsealKeySecret
-} from "./crypto";
-import { base58, base64url } from "@scure/base";
-import { x25519 } from "@noble/curves/ed25519";
-import { xsalsa20_poly1305 } from "@noble/ciphers/salsa";
-import { blake3 } from "@noble/hashes/blake3";
-import stableStringify from "fast-json-stable-stringify";
-test("Signatures round-trip and use stable stringify", () => {
-  const data = { b: "world", a: "hello" };
-  const signatory = newRandomSignatory();
-  const signature = sign(signatory, data);
-  expect(signature).toMatch(/^signature_z/);
-  expect(
-    verify(signature, { a: "hello", b: "world" }, getSignatoryID(signatory))
-  ).toBe(true);
-});
-test("Invalid signatures don't verify", () => {
-  const data = { b: "world", a: "hello" };
-  const signatory = newRandomSignatory();
-  const signatory2 = newRandomSignatory();
-  const wrongSignature = sign(signatory2, data);
-  expect(verify(wrongSignature, data, getSignatoryID(signatory))).toBe(false);
-});
-test("Sealing round-trips, but invalid receiver can't unseal", () => {
-  const data = { b: "world", a: "hello" };
-  const sender = newRandomRecipient();
-  const recipient1 = newRandomRecipient();
-  const recipient2 = newRandomRecipient();
-  const recipient3 = newRandomRecipient();
-  const nOnceMaterial = {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 0 }
-  };
-  const sealed = seal(
-    data,
-    sender,
-    /* @__PURE__ */ new Set([getRecipientID(recipient1), getRecipientID(recipient2)]),
-    nOnceMaterial
-  );
-  expect(sealed[getRecipientID(recipient1)]).toMatch(/^sealed_U/);
-  expect(sealed[getRecipientID(recipient2)]).toMatch(/^sealed_U/);
-  expect(
-    openAs(sealed, recipient1, getRecipientID(sender), nOnceMaterial)
-  ).toEqual(data);
-  expect(
-    openAs(sealed, recipient2, getRecipientID(sender), nOnceMaterial)
-  ).toEqual(data);
-  expect(
-    openAs(sealed, recipient3, getRecipientID(sender), nOnceMaterial)
-  ).toBeUndefined();
-  const nOnce = blake3(
-    new TextEncoder().encode(stableStringify(nOnceMaterial))
-  ).slice(0, 24);
-  const recipient3priv = base58.decode(
-    recipient3.substring("recipientSecret_z".length)
-  );
-  const senderPub = base58.decode(
-    getRecipientID(sender).substring("recipient_z".length)
-  );
-  const sealedBytes = base64url.decode(
-    sealed[getRecipientID(recipient1)].substring("sealed_U".length)
-  );
-  const sharedSecret = x25519.getSharedSecret(recipient3priv, senderPub);
-  expect(() => {
-    const _ = xsalsa20_poly1305(sharedSecret, nOnce).decrypt(sealedBytes);
-  }).toThrow("Wrong tag");
-});
-test("Hashing is deterministic", () => {
-  expect(secureHash({ b: "world", a: "hello" })).toEqual(
-    secureHash({ a: "hello", b: "world" })
-  );
-  expect(shortHash({ b: "world", a: "hello" })).toEqual(
-    shortHash({ a: "hello", b: "world" })
-  );
-});
-test("Encryption for transactions round-trips", () => {
-  const { secret } = newRandomKeySecret();
-  const encrypted1 = encryptForTransaction({ a: "hello" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 0 }
-  });
-  const encrypted2 = encryptForTransaction({ b: "world" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 1 }
-  });
-  const decrypted1 = decryptForTransaction(encrypted1, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 0 }
-  });
-  const decrypted2 = decryptForTransaction(encrypted2, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 1 }
-  });
-  expect([decrypted1, decrypted2]).toEqual([{ a: "hello" }, { b: "world" }]);
-});
-test("Encryption for transactions doesn't decrypt with a wrong key", () => {
-  const { secret } = newRandomKeySecret();
-  const { secret: secret2 } = newRandomKeySecret();
-  const encrypted1 = encryptForTransaction({ a: "hello" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 0 }
-  });
-  const encrypted2 = encryptForTransaction({ b: "world" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 1 }
-  });
-  const decrypted1 = decryptForTransaction(encrypted1, secret2, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 0 }
-  });
-  const decrypted2 = decryptForTransaction(encrypted2, secret2, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_agent_zTEST_session_zTEST", txIndex: 1 }
-  });
-  expect([decrypted1, decrypted2]).toEqual([void 0, void 0]);
-});
-test("Encryption of keySecrets round-trips", () => {
-  const toSeal = newRandomKeySecret();
-  const sealing = newRandomKeySecret();
-  const keys = {
-    toSeal,
-    sealing
-  };
-  const sealed = sealKeySecret(keys);
-  const unsealed = unsealKeySecret(sealed, sealing.secret);
-  expect(unsealed).toEqual(toSeal.secret);
-});
-test("Encryption of keySecrets doesn't unseal with a wrong key", () => {
-  const toSeal = newRandomKeySecret();
-  const sealing = newRandomKeySecret();
-  const sealingWrong = newRandomKeySecret();
-  const keys = {
-    toSeal,
-    sealing
-  };
-  const sealed = sealKeySecret(keys);
-  const unsealed = unsealKeySecret(sealed, sealingWrong.secret);
-  expect(unsealed).toBeUndefined();
-});

package/dist/ids.mjs

@@ -1 +0,0 @@
-"use strict";

package/dist/index.mjs

@@ -1,21 +0,0 @@
-"use strict";
-import {
-  CoValue,
-  agentCredentialFromBytes,
-  agentCredentialToBytes,
-  getAgent,
-  getAgentID,
-  newRandomAgentCredential,
-  newRandomSessionID
-} from "./coValue";
-import { LocalNode } from "./node";
-import { CoMap } from "./contentTypes/coMap";
-const internals = {
-  agentCredentialToBytes,
-  agentCredentialFromBytes,
-  getAgent,
-  getAgentID,
-  newRandomAgentCredential,
-  newRandomSessionID
-};
-export { LocalNode, CoValue, CoMap, internals };

package/dist/jsonValue.mjs

@@ -1 +0,0 @@
-"use strict";

package/dist/node.mjs

@@ -1,144 +0,0 @@
-"use strict";
-import { createdNowUnique, newRandomKeySecret, seal } from "./crypto";
-import {
-  CoValue,
-  getAgent,
-  getAgentID,
-  getAgentCoValueHeader,
-  newRandomAgentCredential
-} from "./coValue";
-import { Team, expectTeamContent } from "./permissions";
-import { SyncManager } from "./sync";
-export class LocalNode {
-  coValues = {};
-  agentCredential;
-  agentID;
-  ownSessionID;
-  sync = new SyncManager(this);
-  constructor(agentCredential, ownSessionID) {
-    this.agentCredential = agentCredential;
-    const agent = getAgent(agentCredential);
-    const agentID = getAgentID(agent);
-    this.agentID = agentID;
-    this.ownSessionID = ownSessionID;
-    const agentCoValue = new CoValue(getAgentCoValueHeader(agent), this);
-    this.coValues[agentCoValue.id] = {
-      state: "loaded",
-      coValue: agentCoValue
-    };
-  }
-  createCoValue(header) {
-    const coValue = new CoValue(header, this);
-    this.coValues[coValue.id] = { state: "loaded", coValue };
-    void this.sync.syncCoValue(coValue);
-    return coValue;
-  }
-  loadCoValue(id) {
-    let entry = this.coValues[id];
-    if (!entry) {
-      entry = newLoadingState();
-      this.coValues[id] = entry;
-      this.sync.loadFromPeers(id);
-    }
-    if (entry.state === "loaded") {
-      return Promise.resolve(entry.coValue);
-    }
-    return entry.done;
-  }
-  async load(id) {
-    return (await this.loadCoValue(id)).getCurrentContent();
-  }
-  expectCoValueLoaded(id, expectation) {
-    const entry = this.coValues[id];
-    if (!entry) {
-      throw new Error(
-        `${expectation ? expectation + ": " : ""}Unknown CoValue ${id}`
-      );
-    }
-    if (entry.state === "loading") {
-      throw new Error(
-        `${expectation ? expectation + ": " : ""}CoValue ${id} not yet loaded`
-      );
-    }
-    return entry.coValue;
-  }
-  createAgent(publicNickname) {
-    const agentCredential = newRandomAgentCredential(publicNickname);
-    this.createCoValue(getAgentCoValueHeader(getAgent(agentCredential)));
-    return agentCredential;
-  }
-  expectAgentLoaded(id, expectation) {
-    var _a;
-    const coValue = this.expectCoValueLoaded(
-      id,
-      expectation
-    );
-    if (coValue.header.type !== "comap" || coValue.header.ruleset.type !== "agent") {
-      throw new Error(
-        `${expectation ? expectation + ": " : ""}CoValue ${id} is not an agent`
-      );
-    }
-    return {
-      recipientID: coValue.header.ruleset.initialRecipientID,
-      signatoryID: coValue.header.ruleset.initialSignatoryID,
-      publicNickname: (_a = coValue.header.publicNickname) == null ? void 0 : _a.replace("agent-", "")
-    };
-  }
-  createTeam() {
-    const teamCoValue = this.createCoValue({
-      type: "comap",
-      ruleset: { type: "team", initialAdmin: this.agentID },
-      meta: null,
-      ...createdNowUnique(),
-      publicNickname: "team"
-    });
-    let teamContent = expectTeamContent(teamCoValue.getCurrentContent());
-    teamContent = teamContent.edit((editable) => {
-      editable.set(this.agentID, "admin", "trusting");
-      const readKey = newRandomKeySecret();
-      const revelation = seal(
-        readKey.secret,
-        this.agentCredential.recipientSecret,
-        /* @__PURE__ */ new Set([getAgent(this.agentCredential).recipientID]),
-        {
-          in: teamCoValue.id,
-          tx: teamCoValue.nextTransactionID()
-        }
-      );
-      editable.set(
-        "readKey",
-        { keyID: readKey.id, revelation },
-        "trusting"
-      );
-    });
-    return new Team(teamContent, this);
-  }
-  testWithDifferentCredentials(agentCredential, ownSessionID) {
-    const newNode = new LocalNode(agentCredential, ownSessionID);
-    newNode.coValues = Object.fromEntries(
-      Object.entries(this.coValues).map(([id, entry]) => {
-        if (entry.state === "loading") {
-          return void 0;
-        }
-        const newCoValue = new CoValue(
-          entry.coValue.header,
-          newNode
-        );
-        newCoValue.sessions = entry.coValue.sessions;
-        return [id, { state: "loaded", coValue: newCoValue }];
-      }).filter((x) => !!x)
-    );
-    return newNode;
-  }
-}
-export function newLoadingState() {
-  let resolve;
-  const promise = new Promise((r) => {
-    resolve = r;
-  });
-  return {
-    state: "loading",
-    done: promise,
-    resolve
-  };
-}

package/dist/permissions.mjs

@@ -1,244 +0,0 @@
-"use strict";
-import {
-  createdNowUnique,
-  newRandomKeySecret,
-  seal,
-  sealKeySecret
-} from "./crypto";
-import {
-  agentIDfromSessionID
-} from "./coValue";
-export function determineValidTransactions(coValue) {
-  if (coValue.header.ruleset.type === "team") {
-    const allTrustingTransactionsSorted = Object.entries(
-      coValue.sessions
-    ).flatMap(([sessionID, sessionLog]) => {
-      return sessionLog.transactions.map((tx, txIndex) => ({ sessionID, txIndex, tx })).filter(({ tx }) => {
-        if (tx.privacy === "trusting") {
-          return true;
-        } else {
-          console.warn("Unexpected private transaction in Team");
-          return false;
-        }
-      });
-    });
-    allTrustingTransactionsSorted.sort((a, b) => {
-      return a.tx.madeAt - b.tx.madeAt;
-    });
-    const initialAdmin = coValue.header.ruleset.initialAdmin;
-    if (!initialAdmin) {
-      throw new Error("Team must have initialAdmin");
-    }
-    const memberState = {};
-    const validTransactions = [];
-    for (const {
-      sessionID,
-      txIndex,
-      tx
-    } of allTrustingTransactionsSorted) {
-      const transactor = agentIDfromSessionID(sessionID);
-      const change = tx.changes[0];
-      if (tx.changes.length !== 1) {
-        console.warn("Team transaction must have exactly one change");
-        continue;
-      }
-      if (change.op !== "insert") {
-        console.warn("Team transaction must set a role or readKey");
-        continue;
-      }
-      if (change.key === "readKey") {
-        if (memberState[transactor] !== "admin") {
-          console.warn("Only admins can set readKeys");
-          continue;
-        }
-        validTransactions.push({ txID: { sessionID, txIndex }, tx });
-        continue;
-      }
-      const affectedMember = change.key;
-      const assignedRole = change.value;
-      if (change.value !== "admin" && change.value !== "writer" && change.value !== "reader" && change.value !== "revoked") {
-        console.warn("Team transaction must set a valid role");
-        continue;
-      }
-      const isFirstSelfAppointment = !memberState[transactor] && transactor === initialAdmin && change.op === "insert" && change.key === transactor && change.value === "admin";
-      if (!isFirstSelfAppointment) {
-        if (memberState[transactor] !== "admin") {
-          console.warn(
-            "Team transaction must be made by current admin"
-          );
-          continue;
-        }
-        if (memberState[affectedMember] === "admin" && affectedMember !== transactor && assignedRole !== "admin") {
-          console.warn("Admins can only demote themselves.");
-          continue;
-        }
-      }
-      memberState[affectedMember] = change.value;
-      validTransactions.push({ txID: { sessionID, txIndex }, tx });
-    }
-    return validTransactions;
-  } else if (coValue.header.ruleset.type === "ownedByTeam") {
-    const teamContent = coValue.node.expectCoValueLoaded(
-      coValue.header.ruleset.team,
-      "Determining valid transaction in owned object but its team wasn't loaded"
-    ).getCurrentContent();
-    if (teamContent.type !== "comap") {
-      throw new Error("Team must be a map");
-    }
-    return Object.entries(coValue.sessions).flatMap(
-      ([sessionID, sessionLog]) => {
-        const transactor = agentIDfromSessionID(sessionID);
-        return sessionLog.transactions.filter((tx) => {
-          const transactorRoleAtTxTime = teamContent.getAtTime(
-            transactor,
-            tx.madeAt
-          );
-          return transactorRoleAtTxTime === "admin" || transactorRoleAtTxTime === "writer";
-        }).map((tx, txIndex) => ({
-          txID: { sessionID, txIndex },
-          tx
-        }));
-      }
-    );
-  } else if (coValue.header.ruleset.type === "unsafeAllowAll") {
-    return Object.entries(coValue.sessions).flatMap(
-      ([sessionID, sessionLog]) => {
-        return sessionLog.transactions.map((tx, txIndex) => ({
-          txID: { sessionID, txIndex },
-          tx
-        }));
-      }
-    );
-  } else if (coValue.header.ruleset.type === "agent") {
-    return [];
-  } else {
-    throw new Error("Unknown ruleset type " + coValue.header.ruleset.type);
-  }
-}
-export function expectTeamContent(content) {
-  if (content.type !== "comap") {
-    throw new Error("Expected map");
-  }
-  return content;
-}
-export class Team {
-  teamMap;
-  node;
-  constructor(teamMap, node) {
-    this.teamMap = teamMap;
-    this.node = node;
-  }
-  get id() {
-    return this.teamMap.id;
-  }
-  addMember(agentID, role) {
-    this.teamMap = this.teamMap.edit((map) => {
-      const agent = this.node.expectAgentLoaded(agentID, "Expected to know agent to add them to team");
-      if (!agent) {
-        throw new Error("Unknown agent " + agentID);
-      }
-      map.set(agentID, role, "trusting");
-      if (map.get(agentID) !== role) {
-        throw new Error("Failed to set role");
-      }
-      const currentReadKey = this.teamMap.coValue.getCurrentReadKey();
-      if (!currentReadKey.secret) {
-        throw new Error("Can't add member without read key secret");
-      }
-      const revelation = seal(
-        currentReadKey.secret,
-        this.teamMap.coValue.node.agentCredential.recipientSecret,
-        /* @__PURE__ */ new Set([agent.recipientID]),
-        {
-          in: this.teamMap.coValue.id,
-          tx: this.teamMap.coValue.nextTransactionID()
-        }
-      );
-      map.set(
-        "readKey",
-        { keyID: currentReadKey.id, revelation },
-        "trusting"
-      );
-    });
-  }
-  rotateReadKey() {
-    const currentlyPermittedReaders = this.teamMap.keys().filter((key) => {
-      if (key.startsWith("co_agent")) {
-        const role = this.teamMap.get(key);
-        return role === "admin" || role === "writer" || role === "reader";
-      } else {
-        return false;
-      }
-    });
-    const maybeCurrentReadKey = this.teamMap.coValue.getCurrentReadKey();
-    if (!maybeCurrentReadKey.secret) {
-      throw new Error("Can't rotate read key secret we don't have access to");
-    }
-    const currentReadKey = {
-      id: maybeCurrentReadKey.id,
-      secret: maybeCurrentReadKey.secret
-    };
-    const newReadKey = newRandomKeySecret();
-    const newReadKeyRevelation = seal(
-      newReadKey.secret,
-      this.teamMap.coValue.node.agentCredential.recipientSecret,
-      new Set(
-        currentlyPermittedReaders.map(
-          (reader) => {
-            const readerAgent = this.node.expectAgentLoaded(reader, "Expected to know currently permitted reader");
-            if (!readerAgent) {
-              throw new Error("Unknown agent " + reader);
-            }
-            return readerAgent.recipientID;
-          }
-        )
-      ),
-      {
-        in: this.teamMap.coValue.id,
-        tx: this.teamMap.coValue.nextTransactionID()
-      }
-    );
-    this.teamMap = this.teamMap.edit((map) => {
-      map.set(
-        "readKey",
-        {
-          keyID: newReadKey.id,
-          revelation: newReadKeyRevelation,
-          previousKeys: {
-            [currentReadKey.id]: sealKeySecret({
-              sealing: newReadKey,
-              toSeal: currentReadKey
-            }).encrypted
-          }
-        },
-        "trusting"
-      );
-    });
-  }
-  removeMember(agentID) {
-    this.teamMap = this.teamMap.edit((map) => {
-      map.set(agentID, "revoked", "trusting");
-    });
-    this.rotateReadKey();
-  }
-  createMap(meta) {
-    return this.node.createCoValue({
-      type: "comap",
-      ruleset: {
-        type: "ownedByTeam",
-        team: this.teamMap.id
-      },
-      meta: meta || null,
-      ...createdNowUnique(),
-      publicNickname: "map"
-    }).getCurrentContent();
-  }
-  testWithDifferentCredentials(credential, sessionId) {
-    return new Team(
-      expectTeamContent(
-        this.teamMap.coValue.testWithDifferentCredentials(credential, sessionId).getCurrentContent()
-      ),
-      this.node
-    );
-  }
-}