cojson 0.20.7 → 0.20.9

package/src/crypto/WasmCrypto.ts

@@ -1,5 +1,5 @@
 import {
-  SessionLog,
+  SessionMap as WasmSessionMap,
   initialize,
   initializeSync,
   Blake3Hasher,
@@ -12,35 +12,35 @@ import {
   newEd25519SigningKey,
   newX25519PrivateKey,
   seal,
+  sealForGroup,
+  shortHash,
   sign,
   unseal,
+  unsealForGroup,
   verify,
 } from "cojson-core-wasm";
 import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import { RawCoID, SessionID, TransactionID } from "../ids.js";
+import { RawCoID, TransactionID } from "../ids.js";
+import { Transaction } from "../coValueCore/verifiedState.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
-import { JsonObject, JsonValue } from "../jsonValue.js";
+import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
 import {
   CryptoProvider,
   Encrypted,
-  KeyID,
   KeySecret,
   Sealed,
+  SealedForGroup,
   SealerID,
   SealerSecret,
+  SessionMapImpl,
+  ShortHash,
   Signature,
   SignerID,
   SignerSecret,
   textDecoder,
   textEncoder,
 } from "./crypto.js";
-import { ControlledAccountOrAgent } from "../coValues/account.js";
-import {
-  PrivateTransaction,
-  Transaction,
-  TrustingTransaction,
-} from "../coValueCore/verifiedState.js";
 import { isCloudflare, isEvalAllowed } from "../platformUtils.js";
 
 type Blake3State = Blake3Hasher;
@@ -117,6 +117,10 @@ export class WasmCrypto extends CryptoProvider<Blake3State> {
     return blake3HashOnceWithContext(data, context);
   }
 
+  shortHash(value: JsonValue): ShortHash {
+    return shortHash(stableStringify(value)) as ShortHash;
+  }
+
   newEd25519SigningKey(): Uint8Array {
     return newEd25519SigningKey();
   }
@@ -221,116 +225,218 @@ export class WasmCrypto extends CryptoProvider<Blake3State> {
     }
   }
 
-  createSessionLog(coID: RawCoID, sessionID: SessionID, signerID?: SignerID) {
-    return new SessionLogAdapter(new SessionLog(coID, sessionID, signerID));
+  sealForGroup<T extends JsonValue>({
+    message,
+    to,
+    nOnceMaterial,
+  }: {
+    message: T;
+    to: SealerID;
+    nOnceMaterial: { in: RawCoID; tx: TransactionID };
+  }): SealedForGroup<T> {
+    return `sealedForGroup_U${bytesToBase64url(
+      sealForGroup(
+        textEncoder.encode(stableStringify(message)),
+        to,
+        textEncoder.encode(stableStringify(nOnceMaterial)),
+      ),
+    )}` as SealedForGroup<T>;
+  }
+
+  unsealForGroup<T extends JsonValue>(
+    sealed: SealedForGroup<T>,
+    groupSealerSecret: SealerSecret,
+    nOnceMaterial: { in: RawCoID; tx: TransactionID },
+  ): T | undefined {
+    try {
+      const plaintext = textDecoder.decode(
+        unsealForGroup(
+          base64URLtoBytes(sealed.substring("sealedForGroup_U".length)),
+          groupSealerSecret,
+          textEncoder.encode(stableStringify(nOnceMaterial)),
+        ),
+      );
+      return JSON.parse(plaintext) as T;
+    } catch (e) {
+      logger.error("Failed to decrypt/parse sealed for group message", {
+        err: e,
+      });
+      return undefined;
+    }
+  }
+
+  createSessionMap(
+    coID: RawCoID,
+    headerJson: string,
+    maxTxSize?: number,
+    skipVerify?: boolean,
+  ): SessionMapImpl {
+    return new SessionMapAdapter(
+      new WasmSessionMap(coID, headerJson, maxTxSize, skipVerify),
+    );
   }
 }
 
-class SessionLogAdapter {
-  constructor(private readonly sessionLog: SessionLog) {}
+/**
+ * Adapter wrapping WasmSessionMap to implement SessionMapImpl interface
+ */
+class SessionMapAdapter implements SessionMapImpl {
+  constructor(private readonly sessionMap: WasmSessionMap) {}
+
+  // === Header ===
+  getHeader(): string {
+    return this.sessionMap.getHeader();
+  }
 
-  tryAdd(
-    transactions: Transaction[],
-    newSignature: Signature,
+  // === Transaction Operations ===
+  addTransactions(
+    sessionId: string,
+    signerId: string | undefined,
+    transactionsJson: string,
+    signature: string,
     skipVerify: boolean,
   ): void {
-    // Use direct calls instead of JSON.stringify for better performance
-    for (const tx of transactions) {
-      if (tx.privacy === "private") {
-        this.sessionLog.addExistingPrivateTransaction(
-          tx.encryptedChanges,
-          tx.keyUsed,
-          tx.madeAt,
-          tx.meta,
-        );
-      } else {
-        this.sessionLog.addExistingTrustingTransaction(
-          tx.changes,
-          tx.madeAt,
-          tx.meta,
-        );
-      }
-    }
-    this.sessionLog.commitTransactions(newSignature, skipVerify);
+    this.sessionMap.addTransactions(
+      sessionId,
+      signerId,
+      transactionsJson,
+      signature,
+      skipVerify,
+    );
   }
 
-  addNewPrivateTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
-    keyID: KeyID,
-    keySecret: KeySecret,
+  makeNewPrivateTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    keyId: string,
+    keySecret: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: PrivateTransaction } {
-    const output = this.sessionLog.addNewPrivateTransaction(
-      // We can avoid stableStringify because it will be encrypted.
-      JSON.stringify(changes),
-      signerAgent.currentSignerSecret(),
+  ): string {
+    return this.sessionMap.makeNewPrivateTransaction(
+      sessionId,
+      signerSecret,
+      changesJson,
+      keyId,
       keySecret,
-      keyID,
+      metaJson,
       madeAt,
-      // We can avoid stableStringify because it will be encrypted.
-      meta ? JSON.stringify(meta) : undefined,
     );
-    const parsedOutput = JSON.parse(output);
-    const transaction: PrivateTransaction = {
-      privacy: "private",
-      madeAt,
-      encryptedChanges: parsedOutput.encrypted_changes,
-      keyUsed: keyID,
-      meta: parsedOutput.meta,
-    };
-    return { signature: parsedOutput.signature, transaction };
   }
 
-  addNewTrustingTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
+  makeNewTrustingTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: TrustingTransaction } {
-    // We can avoid stableStringify because the changes will be in a string format already.
-    const stringifiedChanges = JSON.stringify(changes);
-    // We can avoid stableStringify because the meta will be in a string format already.
-    const stringifiedMeta = meta ? JSON.stringify(meta) : undefined;
-    const output = this.sessionLog.addNewTrustingTransaction(
-      stringifiedChanges,
-      signerAgent.currentSignerSecret(),
+  ): string {
+    return this.sessionMap.makeNewTrustingTransaction(
+      sessionId,
+      signerSecret,
+      changesJson,
+      metaJson,
       madeAt,
-      stringifiedMeta,
     );
-    const transaction: TrustingTransaction = {
-      privacy: "trusting",
-      madeAt,
-      changes: stringifiedChanges as Stringified<JsonValue[]>,
-      meta: stringifiedMeta as Stringified<JsonObject> | undefined,
+  }
+
+  // === Session Queries ===
+  getSessionIds(): string[] {
+    return this.sessionMap.getSessionIds();
+  }
+
+  getTransactionCount(sessionId: string): number {
+    return this.sessionMap.getTransactionCount(sessionId);
+  }
+
+  getTransaction(sessionId: string, txIndex: number): Transaction | undefined {
+    const result = this.sessionMap.getTransaction(sessionId, txIndex);
+    if (!result) return undefined;
+    return JSON.parse(result) as Transaction;
+  }
+
+  getSessionTransactions(
+    sessionId: string,
+    fromIndex: number,
+  ): Transaction[] | undefined {
+    const result = this.sessionMap.getSessionTransactions(sessionId, fromIndex);
+    if (!result) return undefined;
+    return result.map((tx) => JSON.parse(tx) as Transaction);
+  }
+
+  getLastSignature(sessionId: string): string | undefined {
+    return this.sessionMap.getLastSignature(sessionId) ?? undefined;
+  }
+
+  getSignatureAfter(sessionId: string, txIndex: number): string | undefined {
+    return this.sessionMap.getSignatureAfter(sessionId, txIndex) ?? undefined;
+  }
+
+  getLastSignatureCheckpoint(sessionId: string): number | undefined {
+    return this.sessionMap.getLastSignatureCheckpoint(sessionId) ?? undefined;
+  }
+
+  // === Known State ===
+  getKnownState(): {
+    id: string;
+    header: boolean;
+    sessions: Record<string, number>;
+  } {
+    // WASM returns a native JS object via serde_wasm_bindgen
+    return this.sessionMap.getKnownState() as {
+      id: string;
+      header: boolean;
+      sessions: Record<string, number>;
     };
-    return { signature: output as Signature, transaction };
   }
 
-  decryptNextTransactionChangesJson(
-    txIndex: number,
-    keySecret: KeySecret,
-  ): string {
-    const output = this.sessionLog.decryptNextTransactionChangesJson(
-      txIndex,
-      keySecret,
-    );
-    return output;
+  getKnownStateWithStreaming():
+    | { id: string; header: boolean; sessions: Record<string, number> }
+    | undefined {
+    // WASM returns a native JS object via serde_wasm_bindgen, or undefined
+    const result = this.sessionMap.getKnownStateWithStreaming();
+    if (!result || result === undefined) return undefined;
+    return result as {
+      id: string;
+      header: boolean;
+      sessions: Record<string, number>;
+    };
   }
 
-  decryptNextTransactionMetaJson(
-    txIndex: number,
-    keySecret: KeySecret,
-  ): string | undefined {
-    return this.sessionLog.decryptNextTransactionMetaJson(txIndex, keySecret);
+  setStreamingKnownState(streamingJson: string): void {
+    this.sessionMap.setStreamingKnownState(streamingJson);
+  }
+
+  // === Deletion ===
+  markAsDeleted(): void {
+    this.sessionMap.markAsDeleted();
   }
 
-  free() {
-    this.sessionLog.free();
+  isDeleted(): boolean {
+    return this.sessionMap.isDeleted();
   }
 
-  clone(): SessionLogAdapter {
-    return new SessionLogAdapter(this.sessionLog.clone());
+  // === Decryption ===
+  decryptTransaction(
+    sessionId: string,
+    txIndex: number,
+    keySecret: string,
+  ): string | undefined {
+    return (
+      this.sessionMap.decryptTransaction(sessionId, txIndex, keySecret) ??
+      undefined
+    );
+  }
+
+  decryptTransactionMeta(
+    sessionId: string,
+    txIndex: number,
+    keySecret: string,
+  ): string | undefined {
+    return (
+      this.sessionMap.decryptTransactionMeta(sessionId, txIndex, keySecret) ??
+      undefined
+    );
   }
 }

package/src/crypto/crypto.ts

@@ -1,21 +1,16 @@
 import { base58 } from "@scure/base";
-import { ControlledAccountOrAgent, RawAccountID } from "../coValues/account.js";
+import { RawAccountID } from "../coValues/account.js";
 import {
   AgentID,
   RawCoID,
   TransactionID,
-  SessionID,
   ActiveSessionID,
   DeleteSessionID,
 } from "../ids.js";
 import { Stringified, parseJSON, stableStringify } from "../jsonStringify.js";
-import { JsonObject, JsonValue } from "../jsonValue.js";
+import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
-import {
-  PrivateTransaction,
-  Transaction,
-  TrustingTransaction,
-} from "../coValueCore/verifiedState.js";
+import { Transaction } from "../coValueCore/verifiedState.js";
 
 function randomBytes(bytesLength = 32): Uint8Array {
   return crypto.getRandomValues(new Uint8Array(bytesLength));
@@ -28,6 +23,8 @@ export type Signature = `signature_z${string}`;
 export type SealerSecret = `sealerSecret_z${string}`;
 export type SealerID = `sealer_z${string}`;
 export type Sealed<T> = `sealed_U${string}` & { __type: T };
+// Anonymous box - encrypted to a group's sealer without sender authentication
+export type SealedForGroup<T> = `sealedForGroup_U${string}` & { __type: T };
 
 export type AgentSecret = `${SealerSecret}/${SignerSecret}`;
 
@@ -111,14 +108,7 @@ export abstract class CryptoProvider<Blake3State = any> {
     )}`;
   }
 
-  shortHash(value: JsonValue): ShortHash {
-    return `shortHash_z${base58.encode(
-      this.blake3HashOnce(textEncoder.encode(stableStringify(value))).slice(
-        0,
-        shortHashLength,
-      ),
-    )}`;
-  }
+  abstract shortHash(value: JsonValue): ShortHash;
 
   abstract encrypt<T extends JsonValue, N extends JsonValue>(
     value: T,
@@ -217,6 +207,45 @@ export abstract class CryptoProvider<Blake3State = any> {
     nOnceMaterial: { in: RawCoID; tx: TransactionID },
   ): T | undefined;
 
+  // Derive group sealer deterministically from read key
+  // This ensures concurrent migrations by different admins produce the same result
+  groupSealerFromReadKey(readKeySecret: KeySecret): {
+    publicKey: SealerID;
+    secret: SealerSecret;
+  } {
+    const sealerBytes = this.blake3HashOnceWithContext(
+      textEncoder.encode(readKeySecret),
+      { context: textEncoder.encode("groupSealer") },
+    );
+    // Blake3 output must be exactly 32 bytes to match X25519 secret key length
+    if (sealerBytes.length !== 32) {
+      throw new Error(
+        `Blake3 output must be 32 bytes for X25519 key, got ${sealerBytes.length}`,
+      );
+    }
+    const secret: SealerSecret = `sealerSecret_z${base58.encode(sealerBytes)}`;
+    return {
+      secret,
+      publicKey: this.getSealerID(secret),
+    };
+  }
+
+  // Anonymous box - encrypt data to a group's sealer without sender authentication
+  // Uses ephemeral key pair, embeds ephemeral public key in output
+  abstract sealForGroup<T extends JsonValue>(args: {
+    message: T;
+    to: SealerID;
+    nOnceMaterial: { in: RawCoID; tx: TransactionID };
+  }): SealedForGroup<T>;
+
+  // Decrypt data sealed to a group
+  // Extracts ephemeral public key from sealed data, derives shared secret
+  abstract unsealForGroup<T extends JsonValue>(
+    sealed: SealedForGroup<T>,
+    groupSealerSecret: SealerSecret,
+    nOnceMaterial: { in: RawCoID; tx: TransactionID },
+  ): T | undefined;
+
   uniquenessForHeader(): `z${string}` {
     return `z${base58.encode(this.randomBytes(12))}`;
   }
@@ -262,11 +291,12 @@ export abstract class CryptoProvider<Blake3State = any> {
     return `${accountID}_session_d${randomPart}$`;
   }
 
-  abstract createSessionLog(
+  abstract createSessionMap(
     coID: RawCoID,
-    sessionID: SessionID,
-    signerID?: SignerID,
-  ): SessionLogImpl;
+    headerJson: string,
+    maxTxSize?: number,
+    skipVerify?: boolean,
+  ): SessionMapImpl;
 }
 
 export type Hash = `hash_z${string}`;
@@ -283,34 +313,77 @@ export type KeyID = `key_z${string}`;
 
 export const secretSeedLength = 32;
 
-export interface SessionLogImpl {
-  clone(): SessionLogImpl;
-  tryAdd(
-    transactions: Transaction[],
-    newSignature: Signature,
+/**
+ * SessionMapImpl - Native implementation of SessionMap
+ * One instance per CoValue, owns all session data including header
+ */
+export interface SessionMapImpl {
+  // === Header ===
+  getHeader(): string;
+
+  // === Transaction Operations ===
+  addTransactions(
+    sessionId: string,
+    signerId: string | undefined,
+    transactionsJson: string,
+    signature: string,
     skipVerify: boolean,
   ): void;
-  addNewPrivateTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
-    keyID: KeyID,
-    keySecret: KeySecret,
+
+  makeNewPrivateTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    keyId: string,
+    keySecret: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: PrivateTransaction };
-  addNewTrustingTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
+  ): string; // Returns JSON: { signature, transaction }
+
+  makeNewTrustingTransaction(
+    sessionId: string,
+    signerSecret: string,
+    changesJson: string,
+    metaJson: string | undefined,
     madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: TrustingTransaction };
-  decryptNextTransactionChangesJson(
-    tx_index: number,
-    key_secret: KeySecret,
-  ): string;
-  free(): void;
-  decryptNextTransactionMetaJson(
-    tx_index: number,
-    key_secret: KeySecret,
+  ): string; // Returns JSON: { signature, transaction }
+
+  // === Session Queries ===
+  getSessionIds(): string[];
+  getTransactionCount(sessionId: string): number; // -1 if not found
+  getTransaction(sessionId: string, txIndex: number): Transaction | undefined;
+  getSessionTransactions(
+    sessionId: string,
+    fromIndex: number,
+  ): Transaction[] | undefined;
+  getLastSignature(sessionId: string): string | undefined;
+  getSignatureAfter(sessionId: string, txIndex: number): string | undefined;
+  getLastSignatureCheckpoint(sessionId: string): number | undefined; // -1 if no checkpoints, undefined if session not found
+
+  // === Known State ===
+  getKnownState(): {
+    id: string;
+    header: boolean;
+    sessions: Record<string, number>;
+  };
+  getKnownStateWithStreaming():
+    | { id: string; header: boolean; sessions: Record<string, number> }
+    | undefined;
+  setStreamingKnownState(streamingJson: string): void;
+
+  // === Deletion ===
+  markAsDeleted(): void;
+  isDeleted(): boolean;
+
+  // === Decryption ===
+  decryptTransaction(
+    sessionId: string,
+    txIndex: number,
+    keySecret: string,
+  ): string | undefined;
+  decryptTransactionMeta(
+    sessionId: string,
+    txIndex: number,
+    keySecret: string,
   ): string | undefined;
 }

package/src/exports.ts

@@ -1,4 +1,8 @@
-import { base64URLtoBytes, bytesToBase64url } from "./base64url.js";
+import {
+  base64URLtoBytes,
+  bytesToBase64url,
+  bytesToBase64,
+} from "./base64url.js";
 import { type RawCoValue } from "./coValue.js";
 import {
   CoValueCore,
@@ -23,10 +27,9 @@ import { RawCoPlainText, stringifyOpID } from "./coValues/coPlainText.js";
 import {
   BinaryStreamItem,
   BinaryStreamStart,
-  CoStreamItem,
   RawBinaryCoStream,
-  RawCoStream,
-} from "./coValues/coStream.js";
+} from "./coValues/binaryCoStream.js";
+import { CoStreamItem, RawCoStream } from "./coValues/coStream.js";
 import { EVERYONE, RawGroup } from "./coValues/group.js";
 import type { Everyone } from "./coValues/group.js";
 import {
@@ -58,7 +61,7 @@ import type {
 import type {
   BinaryCoStreamMeta,
   BinaryStreamInfo,
-} from "./coValues/coStream.js";
+} from "./coValues/binaryCoStream.js";
 import type { InviteSecret } from "./coValues/group.js";
 import { AgentSecret, textDecoder, textEncoder } from "./crypto/crypto.js";
 import type { AgentID, RawCoID, SessionID } from "./ids.js";
@@ -112,6 +115,7 @@ export const cojsonInternals = {
   expectGroup,
   base64URLtoBytes,
   bytesToBase64url,
+  bytesToBase64,
   parseJSON,
   stableStringify,
   getDependedOnCoValues,
@@ -229,6 +233,8 @@ export namespace CojsonInternalTypes {
   export type RawCoID = import("./ids.js").RawCoID;
   export type ProfileShape = import("./coValues/account.js").ProfileShape;
   export type SealerSecret = import("./crypto/crypto.js").SealerSecret;
+  export type SealerID = import("./crypto/crypto.js").SealerID;
+  export type SealedForGroup<T> = import("./crypto/crypto.js").SealedForGroup<T>;
   export type SignerID = import("./crypto/crypto.js").SignerID;
   export type SignerSecret = import("./crypto/crypto.js").SignerSecret;
   export type JsonObject = import("./jsonValue.js").JsonObject;

package/src/localNode.ts

@@ -27,6 +27,7 @@ import {
 import {
   type InviteSecret,
   type RawGroup,
+  formatGroupSealerValue,
   secretSeedFromInviteSecret,
 } from "./coValues/group.js";
 import { CO_VALUE_LOADING_CONFIG } from "./config.js";
@@ -824,13 +825,19 @@ export class LocalNode {
 
   createGroup(
     uniqueness: CoValueUniqueness = this.crypto.createdNowUnique(),
+    options?: { name?: string },
   ): RawGroup {
     const account = this.getCurrentAgent();
 
+    const meta =
+      options?.name != null && options.name !== ""
+        ? { name: options.name }
+        : null;
+
     const groupCoValue = this.createCoValue({
       type: "comap",
       ruleset: { type: "group", initialAdmin: account.id },
-      meta: null,
+      meta,
       ...(uniqueness.createdAt !== undefined
         ? { createdAt: uniqueness.createdAt }
         : {}),
@@ -859,6 +866,15 @@ export class LocalNode {
 
     group.set("readKey", readKey.id, "trusting");
 
+    // Initialize the group sealer (derived deterministically from the read key)
+    // Store composite value with readKeyID for deterministic readKey association
+    const groupSealer = this.crypto.groupSealerFromReadKey(readKey.secret);
+    group.set(
+      "groupSealer",
+      formatGroupSealerValue(readKey.id, groupSealer.publicKey),
+      "trusting",
+    );
+
     return group;
   }
 

package/src/media.ts

@@ -1,5 +1,5 @@
 import { RawCoMap } from "./coValues/coMap.js";
-import { RawBinaryCoStream } from "./coValues/coStream.js";
+import { RawBinaryCoStream } from "./coValues/binaryCoStream.js";
 
 export type ImageDefinition = RawCoMap<{
   originalSize: [number, number];