cojson 0.20.7 → 0.20.9

package/src/crypto/NapiCrypto.ts

@@ -1,5 +1,5 @@
 import {
-  SessionLog,
+  SessionMap as NativeSessionMap,
   Blake3Hasher,
   blake3HashOnce,
   blake3HashOnceWithContext,
@@ -10,37 +10,37 @@ import {
   newEd25519SigningKey,
   newX25519PrivateKey,
   seal,
+  sealForGroup,
+  shortHash,
   sign,
   unseal,
+  unsealForGroup,
   verify,
 } from "cojson-core-napi";
 import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import { RawCoID, SessionID, TransactionID } from "../ids.js";
+import { RawCoID, TransactionID } from "../ids.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
-import { JsonObject, JsonValue } from "../jsonValue.js";
+import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
 import {
   CryptoProvider,
   Encrypted,
-  KeyID,
   KeySecret,
   Sealed,
+  SealedForGroup,
   SealerID,
   SealerSecret,
+  SessionMapImpl,
+  ShortHash,
   Signature,
   SignerID,
   SignerSecret,
   textDecoder,
   textEncoder,
 } from "./crypto.js";
-import { ControlledAccountOrAgent } from "../coValues/account.js";
 import { WasmCrypto } from "./WasmCrypto.js";
 
-import {
-  PrivateTransaction,
-  Transaction,
-  TrustingTransaction,
-} from "../coValueCore/verifiedState.js";
+import { Transaction } from "../coValueCore/verifiedState.js";
 
 type Blake3State = Blake3Hasher;
 
@@ -72,6 +72,10 @@ export class NapiCrypto extends CryptoProvider<Blake3State> {
     return blake3HashOnceWithContext(data, context);
   }
 
+  shortHash(value: JsonValue): ShortHash {
+    return shortHash(stableStringify(value)) as ShortHash;
+  }
+
   newEd25519SigningKey(): Uint8Array {
     return newEd25519SigningKey();
   }
@@ -176,119 +180,218 @@ export class NapiCrypto extends CryptoProvider<Blake3State> {
     }
   }
 
-  createSessionLog(coID: RawCoID, sessionID: SessionID, signerID?: SignerID) {
-    return new SessionLogAdapter(new SessionLog(coID, sessionID, signerID));
+  sealForGroup<T extends JsonValue>({
+    message,
+    to,
+    nOnceMaterial,
+  }: {
+    message: T;
+    to: SealerID;
+    nOnceMaterial: { in: RawCoID; tx: TransactionID };
+  }): SealedForGroup<T> {
+    return `sealedForGroup_U${bytesToBase64url(
+      sealForGroup(
+        textEncoder.encode(stableStringify(message)),
+        to,
+        textEncoder.encode(stableStringify(nOnceMaterial)),
+      ),
+    )}` as SealedForGroup<T>;
+  }
+
+  unsealForGroup<T extends JsonValue>(
+    sealed: SealedForGroup<T>,
+    groupSealerSecret: SealerSecret,
+    nOnceMaterial: { in: RawCoID; tx: TransactionID },
+  ): T | undefined {
+    try {
+      const plaintext = textDecoder.decode(
+        unsealForGroup(
+          base64URLtoBytes(sealed.substring("sealedForGroup_U".length)),
+          groupSealerSecret,
+          textEncoder.encode(stableStringify(nOnceMaterial)),
+        ),
+      );
+      return JSON.parse(plaintext) as T;
+    } catch (e) {
+      logger.error("Failed to decrypt/parse sealed for group message", {
+        err: e,
+      });
+      return undefined;
+    }
+  }
+
+  createSessionMap(
+    coID: RawCoID,
+    headerJson: string,
+    maxTxSize?: number,
+    skipVerify?: boolean,
+  ): SessionMapImpl {
+    return new SessionMapAdapter(
+      new NativeSessionMap(coID, headerJson, maxTxSize, skipVerify),
+    );
   }
 }
 
-class SessionLogAdapter {
-  constructor(private readonly sessionLog: SessionLog) {}
+/**
+ * Adapter wrapping NativeSessionMap to implement SessionMapImpl interface
+ */
+class SessionMapAdapter implements SessionMapImpl {
+  constructor(private readonly sessionMap: NativeSessionMap) {}
+
+  // === Header ===
+  getHeader(): string {
+    return this.sessionMap.getHeader();
+  }
 
-  tryAdd(
-    transactions: Transaction[],
-    newSignature: Signature,
+  // === Transaction Operations ===
+  addTransactions(
+    sessionId: string,
+    signerId: string | undefined,
+    transactionsJson: string,
+    signature: string,
     skipVerify: boolean,
   ): void {
-    // Use direct calls instead of JSON.stringify for better performance
-    for (const tx of transactions) {
-      if (tx.privacy === "private") {
-        this.sessionLog.addExistingPrivateTransaction(
-          tx.encryptedChanges,
-          tx.keyUsed,
-          tx.madeAt,
-          tx.meta,
-        );
-      } else {
-        this.sessionLog.addExistingTrustingTransaction(
-          tx.changes,
-          tx.madeAt,
-          tx.meta,
-        );
-      }
-    }
-    this.sessionLog.commitTransactions(newSignature, skipVerify);
+    this.sessionMap.addTransactions(
+      sessionId,
+      signerId,
+      transactionsJson,
+      signature,
+      skipVerify,
+    );
   }
 
-  addNewPrivateTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
-    keyID: KeyID,
-    keySecret: KeySecret,
+  makeNewPrivateTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    keyId: string,
+    keySecret: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: PrivateTransaction } {
-    const output = this.sessionLog.addNewPrivateTransaction(
-      // We can avoid stableStringify because it will be encrypted.
-      JSON.stringify(changes),
-      signerAgent.currentSignerSecret(),
+  ): string {
+    return this.sessionMap.makeNewPrivateTransaction(
+      sessionId,
+      signerSecret,
+      changesJson,
+      keyId,
       keySecret,
-      keyID,
+      metaJson,
       madeAt,
-      // We can avoid stableStringify because it will be encrypted.
-      meta ? JSON.stringify(meta) : undefined,
     );
-    const parsedOutput = JSON.parse(output);
-    const transaction: PrivateTransaction = {
-      privacy: "private",
-      madeAt,
-      encryptedChanges: parsedOutput.encrypted_changes,
-      keyUsed: keyID,
-      meta: parsedOutput.meta,
-    };
-    return { signature: parsedOutput.signature, transaction };
   }
 
-  addNewTrustingTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
+  makeNewTrustingTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: TrustingTransaction } {
-    // We can avoid stableStringify because the changes will be in a string format already.
-    const stringifiedChanges = JSON.stringify(changes);
-    // We can avoid stableStringify because the meta will be in a string format already.
-    const stringifiedMeta = meta ? JSON.stringify(meta) : undefined;
-    const output = this.sessionLog.addNewTrustingTransaction(
-      stringifiedChanges,
-      signerAgent.currentSignerSecret(),
+  ): string {
+    return this.sessionMap.makeNewTrustingTransaction(
+      sessionId,
+      signerSecret,
+      changesJson,
+      metaJson,
       madeAt,
-      stringifiedMeta,
     );
-    const transaction: TrustingTransaction = {
-      privacy: "trusting",
-      madeAt,
-      changes: stringifiedChanges as Stringified<JsonValue[]>,
-      meta: stringifiedMeta as Stringified<JsonObject> | undefined,
+  }
+
+  // === Session Queries ===
+  getSessionIds(): string[] {
+    return this.sessionMap.getSessionIds();
+  }
+
+  getTransactionCount(sessionId: string): number {
+    return this.sessionMap.getTransactionCount(sessionId);
+  }
+
+  getTransaction(sessionId: string, txIndex: number): Transaction | undefined {
+    const result = this.sessionMap.getTransaction(sessionId, txIndex);
+    if (!result) return undefined;
+    return JSON.parse(result) as Transaction;
+  }
+
+  getSessionTransactions(
+    sessionId: string,
+    fromIndex: number,
+  ): Transaction[] | undefined {
+    const result = this.sessionMap.getSessionTransactions(sessionId, fromIndex);
+    if (!result) return undefined;
+    return result.map((tx) => JSON.parse(tx) as Transaction);
+  }
+
+  getLastSignature(sessionId: string): string | undefined {
+    return this.sessionMap.getLastSignature(sessionId) ?? undefined;
+  }
+
+  getSignatureAfter(sessionId: string, txIndex: number): string | undefined {
+    return this.sessionMap.getSignatureAfter(sessionId, txIndex) ?? undefined;
+  }
+
+  getLastSignatureCheckpoint(sessionId: string): number | undefined {
+    return this.sessionMap.getLastSignatureCheckpoint(sessionId) ?? undefined;
+  }
+
+  // === Known State ===
+  getKnownState(): {
+    id: string;
+    header: boolean;
+    sessions: Record<string, number>;
+  } {
+    // NAPI returns a native JS object via #[napi(object)]
+    return this.sessionMap.getKnownState() as {
+      id: string;
+      header: boolean;
+      sessions: Record<string, number>;
     };
-    return { signature: output as Signature, transaction };
   }
 
-  decryptNextTransactionChangesJson(
-    txIndex: number,
-    keySecret: KeySecret,
-  ): string {
-    const output = this.sessionLog.decryptNextTransactionChangesJson(
-      txIndex,
-      keySecret,
-    );
-    return output;
+  getKnownStateWithStreaming():
+    | { id: string; header: boolean; sessions: Record<string, number> }
+    | undefined {
+    // NAPI returns a native JS object via #[napi(object)], or undefined
+    const result = this.sessionMap.getKnownStateWithStreaming();
+    if (!result || result === undefined) return undefined;
+    return result as {
+      id: string;
+      header: boolean;
+      sessions: Record<string, number>;
+    };
+  }
+
+  setStreamingKnownState(streamingJson: string): void {
+    this.sessionMap.setStreamingKnownState(streamingJson);
+  }
+
+  // === Deletion ===
+  markAsDeleted(): void {
+    this.sessionMap.markAsDeleted();
+  }
+
+  isDeleted(): boolean {
+    return this.sessionMap.isDeleted();
   }
 
-  decryptNextTransactionMetaJson(
+  // === Decryption ===
+  decryptTransaction(
+    sessionId: string,
     txIndex: number,
-    keySecret: KeySecret,
+    keySecret: string,
   ): string | undefined {
     return (
-      this.sessionLog.decryptNextTransactionMetaJson(txIndex, keySecret) ||
+      this.sessionMap.decryptTransaction(sessionId, txIndex, keySecret) ??
       undefined
     );
   }
 
-  free() {
-    // No-op since the underlying SessionLog doesn't require explicit freeing
-  }
-
-  clone(): SessionLogAdapter {
-    return new SessionLogAdapter(this.sessionLog.clone());
+  decryptTransactionMeta(
+    sessionId: string,
+    txIndex: number,
+    keySecret: string,
+  ): string | undefined {
+    return (
+      this.sessionMap.decryptTransactionMeta(sessionId, txIndex, keySecret) ??
+      undefined
+    );
   }
 }