npm - cojson - Versions diffs - 0.8.12 → 0.8.17 - Mend

cojson 0.8.12 → 0.8.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/CHANGELOG.md +95 -83
package/dist/native/PeerKnownStates.js +6 -1
package/dist/native/PeerKnownStates.js.map +1 -1
package/dist/native/PeerState.js +4 -3
package/dist/native/PeerState.js.map +1 -1
package/dist/native/PriorityBasedMessageQueue.js +1 -10
package/dist/native/PriorityBasedMessageQueue.js.map +1 -1
package/dist/native/SyncStateSubscriptionManager.js +70 -0
package/dist/native/SyncStateSubscriptionManager.js.map +1 -0
package/dist/native/base64url.js.map +1 -1
package/dist/native/base64url.test.js +1 -1
package/dist/native/base64url.test.js.map +1 -1
package/dist/native/coValue.js.map +1 -1
package/dist/native/coValueCore.js +141 -149
package/dist/native/coValueCore.js.map +1 -1
package/dist/native/coValueState.js.map +1 -1
package/dist/native/coValues/account.js +6 -6
package/dist/native/coValues/account.js.map +1 -1
package/dist/native/coValues/coList.js +2 -3
package/dist/native/coValues/coList.js.map +1 -1
package/dist/native/coValues/coMap.js +1 -1
package/dist/native/coValues/coMap.js.map +1 -1
package/dist/native/coValues/coStream.js +3 -5
package/dist/native/coValues/coStream.js.map +1 -1
package/dist/native/coValues/group.js +11 -11
package/dist/native/coValues/group.js.map +1 -1
package/dist/native/coreToCoValue.js +2 -2
package/dist/native/coreToCoValue.js.map +1 -1
package/dist/native/crypto/PureJSCrypto.js +4 -4
package/dist/native/crypto/PureJSCrypto.js.map +1 -1
package/dist/native/crypto/crypto.js.map +1 -1
package/dist/native/exports.js +12 -12
package/dist/native/exports.js.map +1 -1
package/dist/native/ids.js.map +1 -1
package/dist/native/jsonStringify.js.map +1 -1
package/dist/native/localNode.js +5 -7
package/dist/native/localNode.js.map +1 -1
package/dist/native/permissions.js +4 -7
package/dist/native/permissions.js.map +1 -1
package/dist/native/priority.js.map +1 -1
package/dist/native/storage/FileSystem.js.map +1 -1
package/dist/native/storage/chunksAndKnownStates.js +2 -4
package/dist/native/storage/chunksAndKnownStates.js.map +1 -1
package/dist/native/storage/index.js +6 -15
package/dist/native/storage/index.js.map +1 -1
package/dist/native/streamUtils.js.map +1 -1
package/dist/native/sync.js +57 -7
package/dist/native/sync.js.map +1 -1
package/dist/native/typeUtils/accountOrAgentIDfromSessionID.js.map +1 -1
package/dist/native/typeUtils/expectGroup.js.map +1 -1
package/dist/native/typeUtils/isAccountID.js.map +1 -1
package/dist/native/typeUtils/isCoValue.js +1 -1
package/dist/native/typeUtils/isCoValue.js.map +1 -1
package/dist/web/PeerKnownStates.js +6 -1
package/dist/web/PeerKnownStates.js.map +1 -1
package/dist/web/PeerState.js +4 -3
package/dist/web/PeerState.js.map +1 -1
package/dist/web/PriorityBasedMessageQueue.js +1 -10
package/dist/web/PriorityBasedMessageQueue.js.map +1 -1
package/dist/web/SyncStateSubscriptionManager.js +70 -0
package/dist/web/SyncStateSubscriptionManager.js.map +1 -0
package/dist/web/base64url.js.map +1 -1
package/dist/web/base64url.test.js +1 -1
package/dist/web/base64url.test.js.map +1 -1
package/dist/web/coValue.js.map +1 -1
package/dist/web/coValueCore.js +141 -149
package/dist/web/coValueCore.js.map +1 -1
package/dist/web/coValueState.js.map +1 -1
package/dist/web/coValues/account.js +6 -6
package/dist/web/coValues/account.js.map +1 -1
package/dist/web/coValues/coList.js +2 -3
package/dist/web/coValues/coList.js.map +1 -1
package/dist/web/coValues/coMap.js +1 -1
package/dist/web/coValues/coMap.js.map +1 -1
package/dist/web/coValues/coStream.js +3 -5
package/dist/web/coValues/coStream.js.map +1 -1
package/dist/web/coValues/group.js +11 -11
package/dist/web/coValues/group.js.map +1 -1
package/dist/web/coreToCoValue.js +2 -2
package/dist/web/coreToCoValue.js.map +1 -1
package/dist/web/crypto/PureJSCrypto.js +4 -4
package/dist/web/crypto/PureJSCrypto.js.map +1 -1
package/dist/web/crypto/WasmCrypto.js +5 -5
package/dist/web/crypto/WasmCrypto.js.map +1 -1
package/dist/web/crypto/crypto.js.map +1 -1
package/dist/web/exports.js +12 -12
package/dist/web/exports.js.map +1 -1
package/dist/web/ids.js.map +1 -1
package/dist/web/jsonStringify.js.map +1 -1
package/dist/web/localNode.js +5 -7
package/dist/web/localNode.js.map +1 -1
package/dist/web/permissions.js +4 -7
package/dist/web/permissions.js.map +1 -1
package/dist/web/priority.js.map +1 -1
package/dist/web/storage/FileSystem.js.map +1 -1
package/dist/web/storage/chunksAndKnownStates.js +2 -4
package/dist/web/storage/chunksAndKnownStates.js.map +1 -1
package/dist/web/storage/index.js +6 -15
package/dist/web/storage/index.js.map +1 -1
package/dist/web/streamUtils.js.map +1 -1
package/dist/web/sync.js +57 -7
package/dist/web/sync.js.map +1 -1
package/dist/web/typeUtils/accountOrAgentIDfromSessionID.js.map +1 -1
package/dist/web/typeUtils/expectGroup.js.map +1 -1
package/dist/web/typeUtils/isAccountID.js.map +1 -1
package/dist/web/typeUtils/isCoValue.js +1 -1
package/dist/web/typeUtils/isCoValue.js.map +1 -1
package/package.json +4 -14
package/src/PeerKnownStates.ts +98 -90
package/src/PeerState.ts +92 -73
package/src/PriorityBasedMessageQueue.ts +42 -49
package/src/SyncStateSubscriptionManager.ts +124 -0
package/src/base64url.test.ts +24 -24
package/src/base64url.ts +44 -45
package/src/coValue.ts +45 -45
package/src/coValueCore.ts +746 -785
package/src/coValueState.ts +82 -72
package/src/coValues/account.ts +143 -150
package/src/coValues/coList.ts +520 -522
package/src/coValues/coMap.ts +283 -285
package/src/coValues/coStream.ts +320 -324
package/src/coValues/group.ts +306 -305
package/src/coreToCoValue.ts +28 -31
package/src/crypto/PureJSCrypto.ts +188 -194
package/src/crypto/WasmCrypto.ts +236 -254
package/src/crypto/crypto.ts +302 -309
package/src/exports.ts +116 -116
package/src/ids.ts +9 -9
package/src/jsonStringify.ts +46 -46
package/src/jsonValue.ts +24 -10
package/src/localNode.ts +635 -660
package/src/media.ts +3 -3
package/src/permissions.ts +272 -278
package/src/priority.ts +21 -19
package/src/storage/FileSystem.ts +91 -99
package/src/storage/chunksAndKnownStates.ts +110 -115
package/src/storage/index.ts +466 -497
package/src/streamUtils.ts +60 -60
package/src/sync.ts +656 -608
package/src/tests/PeerKnownStates.test.ts +38 -34
package/src/tests/PeerState.test.ts +101 -64
package/src/tests/PriorityBasedMessageQueue.test.ts +91 -91
package/src/tests/SyncStateSubscriptionManager.test.ts +232 -0
package/src/tests/account.test.ts +59 -59
package/src/tests/coList.test.ts +65 -65
package/src/tests/coMap.test.ts +137 -137
package/src/tests/coStream.test.ts +254 -257
package/src/tests/coValueCore.test.ts +153 -156
package/src/tests/crypto.test.ts +136 -144
package/src/tests/cryptoImpl.test.ts +205 -197
package/src/tests/group.test.ts +24 -24
package/src/tests/permissions.test.ts +1306 -1371
package/src/tests/priority.test.ts +65 -82
package/src/tests/sync.test.ts +1573 -1263
package/src/tests/testUtils.ts +85 -53
package/src/typeUtils/accountOrAgentIDfromSessionID.ts +4 -4
package/src/typeUtils/expectGroup.ts +9 -9
package/src/typeUtils/isAccountID.ts +1 -1
package/src/typeUtils/isCoValue.ts +9 -9
package/tsconfig.json +4 -6
package/tsconfig.native.json +9 -11
package/tsconfig.web.json +4 -10
package/.eslintrc.cjs +0 -25
package/.prettierrc.js +0 -9

package/src/crypto/WasmCrypto.ts CHANGED Viewed

@@ -1,265 +1,247 @@
 import {
-    initBundledOnce,
-    Ed25519SigningKey,
-    Ed25519VerifyingKey,
-    X25519StaticSecret,
-    Memory,
-    Ed25519Signature,
-    X25519PublicKey,
+  Ed25519Signature,
+  Ed25519SigningKey,
+  Ed25519VerifyingKey,
+  Memory,
+  X25519PublicKey,
+  X25519StaticSecret,
+  initBundledOnce,
 } from "@hazae41/berith";
-import { xsalsa20_poly1305, xsalsa20 } from "@noble/ciphers/salsa";
-import { JsonValue } from "../jsonValue.js";
-import { base58 } from "@scure/base";
+import { xsalsa20, xsalsa20_poly1305 } from "@noble/ciphers/salsa";
 import { randomBytes } from "@noble/ciphers/webcrypto/utils";
-import { RawCoID, TransactionID } from "../ids.js";
-import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
+import { base58 } from "@scure/base";
 import { createBLAKE3 } from "hash-wasm";
+import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
+import { RawCoID, TransactionID } from "../ids.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
+import { JsonValue } from "../jsonValue.js";
 import {
-    CryptoProvider,
-    SignerSecret,
-    SignerID,
-    Signature,
-    textEncoder,
-    SealerSecret,
-    SealerID,
-    KeySecret,
-    Encrypted,
-    textDecoder,
-    Sealed,
+  CryptoProvider,
+  Encrypted,
+  KeySecret,
+  Sealed,
+  SealerID,
+  SealerSecret,
+  Signature,
+  SignerID,
+  SignerSecret,
+  textDecoder,
+  textEncoder,
 } from "./crypto.js";
 export class WasmCrypto extends CryptoProvider<Uint8Array> {
-    private constructor(
-        public blake3Instance: Awaited<ReturnType<typeof createBLAKE3>>,
-    ) {
-        super();
-    }
-    static async create(): Promise<WasmCrypto> {
-        return Promise.all([
-            createBLAKE3(),
-            initBundledOnce(),
-            new Promise<void>((resolve) => {
-                if ("crypto" in globalThis) {
-                    resolve();
-                } else {
-                    return import(/*webpackIgnore: true*/ "node:crypto").then(
-                        ({ webcrypto }) => {
-                            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                            (globalThis as any).crypto = webcrypto;
-                            resolve();
-                        },
-                    );
-                }
-            }),
-        ]).then(([blake3instance]) => new WasmCrypto(blake3instance));
-    }
-    randomBytes(length: number): Uint8Array {
-        return randomBytes(length);
-    }
-    emptyBlake3State(): Uint8Array {
-        return this.blake3Instance.init().save();
-    }
-    cloneBlake3State(state: Uint8Array): Uint8Array {
-        return this.blake3Instance.load(state).save();
-    }
-    blake3HashOnce(data: Uint8Array) {
-        return this.blake3Instance.init().update(data).digest("binary");
-    }
-    blake3HashOnceWithContext(
-        data: Uint8Array,
-        { context }: { context: Uint8Array },
-    ) {
-        return this.blake3Instance
-            .init()
-            .update(context)
-            .update(data)
-            .digest("binary");
-    }
-    blake3IncrementalUpdate(state: Uint8Array, data: Uint8Array): Uint8Array {
-        return this.blake3Instance.load(state).update(data).save();
-    }
-    blake3DigestForState(state: Uint8Array): Uint8Array {
-        return this.blake3Instance.load(state).digest("binary");
-    }
-    newEd25519SigningKey(): Uint8Array {
-        return new Ed25519SigningKey().to_bytes().copyAndDispose();
-    }
-    getSignerID(secret: SignerSecret): SignerID {
-        return `signer_z${base58.encode(
-            Ed25519SigningKey.from_bytes(
-                new Memory(
-                    base58.decode(secret.substring("signerSecret_z".length)),
-                ),
-            )
-                .public()
-                .to_bytes()
-                .copyAndDispose(),
-        )}`;
-    }
-    sign(secret: SignerSecret, message: JsonValue): Signature {
-        const signature = Ed25519SigningKey.from_bytes(
-            new Memory(
-                base58.decode(secret.substring("signerSecret_z".length)),
-            ),
-        )
-            .sign(new Memory(textEncoder.encode(stableStringify(message))))
-            .to_bytes()
-            .copyAndDispose();
-        return `signature_z${base58.encode(signature)}`;
-    }
-    verify(signature: Signature, message: JsonValue, id: SignerID): boolean {
-        return new Ed25519VerifyingKey(
-            new Memory(base58.decode(id.substring("signer_z".length))),
-        ).verify(
-            new Memory(textEncoder.encode(stableStringify(message))),
-            new Ed25519Signature(
-                new Memory(
-                    base58.decode(signature.substring("signature_z".length)),
-                ),
-            ),
-        );
-    }
-    newX25519StaticSecret(): Uint8Array {
-        return new X25519StaticSecret().to_bytes().copyAndDispose();
-    }
-    getSealerID(secret: SealerSecret): SealerID {
-        return `sealer_z${base58.encode(
-            X25519StaticSecret.from_bytes(
-                new Memory(
-                    base58.decode(secret.substring("sealerSecret_z".length)),
-                ),
-            )
-                .to_public()
-                .to_bytes()
-                .copyAndDispose(),
-        )}`;
-    }
-    encrypt<T extends JsonValue, N extends JsonValue>(
-        value: T,
-        keySecret: KeySecret,
-        nOnceMaterial: N,
-    ): Encrypted<T, N> {
-        const keySecretBytes = base58.decode(
-            keySecret.substring("keySecret_z".length),
-        );
-        const nOnce = this.blake3HashOnce(
-            textEncoder.encode(stableStringify(nOnceMaterial)),
-        ).slice(0, 24);
-        const plaintext = textEncoder.encode(stableStringify(value));
-        const ciphertext = xsalsa20(keySecretBytes, nOnce, plaintext);
-        return `encrypted_U${bytesToBase64url(ciphertext)}` as Encrypted<T, N>;
-    }
-    decryptRaw<T extends JsonValue, N extends JsonValue>(
-        encrypted: Encrypted<T, N>,
-        keySecret: KeySecret,
-        nOnceMaterial: N,
-    ): Stringified<T> {
-        const keySecretBytes = base58.decode(
-            keySecret.substring("keySecret_z".length),
-        );
-        const nOnce = this.blake3HashOnce(
-            textEncoder.encode(stableStringify(nOnceMaterial)),
-        ).slice(0, 24);
-        const ciphertext = base64URLtoBytes(
-            encrypted.substring("encrypted_U".length),
-        );
-        const plaintext = xsalsa20(keySecretBytes, nOnce, ciphertext);
-        return textDecoder.decode(plaintext) as Stringified<T>;
-    }
-    seal<T extends JsonValue>({
-        message,
-        from,
-        to,
-        nOnceMaterial,
-    }: {
-        message: T;
-        from: SealerSecret;
-        to: SealerID;
-        nOnceMaterial: { in: RawCoID; tx: TransactionID };
-    }): Sealed<T> {
-        const nOnce = this.blake3HashOnce(
-            textEncoder.encode(stableStringify(nOnceMaterial)),
-        ).slice(0, 24);
-        const sealerPub = base58.decode(to.substring("sealer_z".length));
-        const senderPriv = base58.decode(
-            from.substring("sealerSecret_z".length),
-        );
-        const plaintext = textEncoder.encode(stableStringify(message));
-        const sharedSecret = X25519StaticSecret.from_bytes(
-            new Memory(senderPriv),
-        )
-            .diffie_hellman(X25519PublicKey.from_bytes(new Memory(sealerPub)))
-            .to_bytes()
-            .copyAndDispose();
-        const sealedBytes = xsalsa20_poly1305(sharedSecret, nOnce).encrypt(
-            plaintext,
-        );
-        return `sealed_U${bytesToBase64url(sealedBytes)}` as Sealed<T>;
-    }
-    unseal<T extends JsonValue>(
-        sealed: Sealed<T>,
-        sealer: SealerSecret,
-        from: SealerID,
-        nOnceMaterial: { in: RawCoID; tx: TransactionID },
-    ): T | undefined {
-        const nOnce = this.blake3HashOnce(
-            textEncoder.encode(stableStringify(nOnceMaterial)),
-        ).slice(0, 24);
-        const sealerPriv = base58.decode(
-            sealer.substring("sealerSecret_z".length),
-        );
-        const senderPub = base58.decode(from.substring("sealer_z".length));
-        const sealedBytes = base64URLtoBytes(
-            sealed.substring("sealed_U".length),
-        );
-        const sharedSecret = X25519StaticSecret.from_bytes(
-            new Memory(sealerPriv),
-        )
-            .diffie_hellman(X25519PublicKey.from_bytes(new Memory(senderPub)))
-            .to_bytes()
-            .copyAndDispose();
-        const plaintext = xsalsa20_poly1305(sharedSecret, nOnce).decrypt(
-            sealedBytes,
-        );
-        try {
-            return JSON.parse(textDecoder.decode(plaintext));
-        } catch (e) {
-            console.error("Failed to decrypt/parse sealed message", e);
-            return undefined;
+  private constructor(
+    public blake3Instance: Awaited<ReturnType<typeof createBLAKE3>>,
+  ) {
+    super();
+  }
+  static async create(): Promise<WasmCrypto> {
+    return Promise.all([
+      createBLAKE3(),
+      initBundledOnce(),
+      new Promise<void>((resolve) => {
+        if ("crypto" in globalThis) {
+          resolve();
+        } else {
+          return import(/*webpackIgnore: true*/ "node:crypto").then(
+            ({ webcrypto }) => {
+              // eslint-disable-next-line @typescript-eslint/no-explicit-any
+              (globalThis as any).crypto = webcrypto;
+              resolve();
+            },
+          );
         }
-    }
+      }),
+    ]).then(([blake3instance]) => new WasmCrypto(blake3instance));
+  }
+  randomBytes(length: number): Uint8Array {
+    return randomBytes(length);
+  }
+  emptyBlake3State(): Uint8Array {
+    return this.blake3Instance.init().save();
+  }
+  cloneBlake3State(state: Uint8Array): Uint8Array {
+    return this.blake3Instance.load(state).save();
+  }
+  blake3HashOnce(data: Uint8Array) {
+    return this.blake3Instance.init().update(data).digest("binary");
+  }
+  blake3HashOnceWithContext(
+    data: Uint8Array,
+    { context }: { context: Uint8Array },
+  ) {
+    return this.blake3Instance
+      .init()
+      .update(context)
+      .update(data)
+      .digest("binary");
+  }
+  blake3IncrementalUpdate(state: Uint8Array, data: Uint8Array): Uint8Array {
+    return this.blake3Instance.load(state).update(data).save();
+  }
+  blake3DigestForState(state: Uint8Array): Uint8Array {
+    return this.blake3Instance.load(state).digest("binary");
+  }
+  newEd25519SigningKey(): Uint8Array {
+    return new Ed25519SigningKey().to_bytes().copyAndDispose();
+  }
+  getSignerID(secret: SignerSecret): SignerID {
+    return `signer_z${base58.encode(
+      Ed25519SigningKey.from_bytes(
+        new Memory(base58.decode(secret.substring("signerSecret_z".length))),
+      )
+        .public()
+        .to_bytes()
+        .copyAndDispose(),
+    )}`;
+  }
+  sign(secret: SignerSecret, message: JsonValue): Signature {
+    const signature = Ed25519SigningKey.from_bytes(
+      new Memory(base58.decode(secret.substring("signerSecret_z".length))),
+    )
+      .sign(new Memory(textEncoder.encode(stableStringify(message))))
+      .to_bytes()
+      .copyAndDispose();
+    return `signature_z${base58.encode(signature)}`;
+  }
+  verify(signature: Signature, message: JsonValue, id: SignerID): boolean {
+    return new Ed25519VerifyingKey(
+      new Memory(base58.decode(id.substring("signer_z".length))),
+    ).verify(
+      new Memory(textEncoder.encode(stableStringify(message))),
+      new Ed25519Signature(
+        new Memory(base58.decode(signature.substring("signature_z".length))),
+      ),
+    );
+  }
+  newX25519StaticSecret(): Uint8Array {
+    return new X25519StaticSecret().to_bytes().copyAndDispose();
+  }
+  getSealerID(secret: SealerSecret): SealerID {
+    return `sealer_z${base58.encode(
+      X25519StaticSecret.from_bytes(
+        new Memory(base58.decode(secret.substring("sealerSecret_z".length))),
+      )
+        .to_public()
+        .to_bytes()
+        .copyAndDispose(),
+    )}`;
+  }
+  encrypt<T extends JsonValue, N extends JsonValue>(
+    value: T,
+    keySecret: KeySecret,
+    nOnceMaterial: N,
+  ): Encrypted<T, N> {
+    const keySecretBytes = base58.decode(
+      keySecret.substring("keySecret_z".length),
+    );
+    const nOnce = this.blake3HashOnce(
+      textEncoder.encode(stableStringify(nOnceMaterial)),
+    ).slice(0, 24);
+    const plaintext = textEncoder.encode(stableStringify(value));
+    const ciphertext = xsalsa20(keySecretBytes, nOnce, plaintext);
+    return `encrypted_U${bytesToBase64url(ciphertext)}` as Encrypted<T, N>;
+  }
+  decryptRaw<T extends JsonValue, N extends JsonValue>(
+    encrypted: Encrypted<T, N>,
+    keySecret: KeySecret,
+    nOnceMaterial: N,
+  ): Stringified<T> {
+    const keySecretBytes = base58.decode(
+      keySecret.substring("keySecret_z".length),
+    );
+    const nOnce = this.blake3HashOnce(
+      textEncoder.encode(stableStringify(nOnceMaterial)),
+    ).slice(0, 24);
+    const ciphertext = base64URLtoBytes(
+      encrypted.substring("encrypted_U".length),
+    );
+    const plaintext = xsalsa20(keySecretBytes, nOnce, ciphertext);
+    return textDecoder.decode(plaintext) as Stringified<T>;
+  }
+  seal<T extends JsonValue>({
+    message,
+    from,
+    to,
+    nOnceMaterial,
+  }: {
+    message: T;
+    from: SealerSecret;
+    to: SealerID;
+    nOnceMaterial: { in: RawCoID; tx: TransactionID };
+  }): Sealed<T> {
+    const nOnce = this.blake3HashOnce(
+      textEncoder.encode(stableStringify(nOnceMaterial)),
+    ).slice(0, 24);
+    const sealerPub = base58.decode(to.substring("sealer_z".length));
+    const senderPriv = base58.decode(from.substring("sealerSecret_z".length));
+    const plaintext = textEncoder.encode(stableStringify(message));
+    const sharedSecret = X25519StaticSecret.from_bytes(new Memory(senderPriv))
+      .diffie_hellman(X25519PublicKey.from_bytes(new Memory(sealerPub)))
+      .to_bytes()
+      .copyAndDispose();
+    const sealedBytes = xsalsa20_poly1305(sharedSecret, nOnce).encrypt(
+      plaintext,
+    );
+    return `sealed_U${bytesToBase64url(sealedBytes)}` as Sealed<T>;
+  }
+  unseal<T extends JsonValue>(
+    sealed: Sealed<T>,
+    sealer: SealerSecret,
+    from: SealerID,
+    nOnceMaterial: { in: RawCoID; tx: TransactionID },
+  ): T | undefined {
+    const nOnce = this.blake3HashOnce(
+      textEncoder.encode(stableStringify(nOnceMaterial)),
+    ).slice(0, 24);
+    const sealerPriv = base58.decode(sealer.substring("sealerSecret_z".length));
+    const senderPub = base58.decode(from.substring("sealer_z".length));
+    const sealedBytes = base64URLtoBytes(sealed.substring("sealed_U".length));
+    const sharedSecret = X25519StaticSecret.from_bytes(new Memory(sealerPriv))
+      .diffie_hellman(X25519PublicKey.from_bytes(new Memory(senderPub)))
+      .to_bytes()
+      .copyAndDispose();
+    const plaintext = xsalsa20_poly1305(sharedSecret, nOnce).decrypt(
+      sealedBytes,
+    );
+    try {
+      return JSON.parse(textDecoder.decode(plaintext));
+    } catch (e) {
+      console.error("Failed to decrypt/parse sealed message", e);
+      return undefined;
+    }
+  }
 }