ehbp 0.0.3 → 0.0.5

package/dist/cjs/client.d.ts

@@ -0,0 +1,51 @@
+import { Identity } from './identity.js';
+/**
+ * HTTP transport for EHBP
+ */
+export declare class Transport {
+    private clientIdentity;
+    private serverHost;
+    private serverPublicKey;
+    constructor(clientIdentity: Identity, serverHost: string, serverPublicKey: CryptoKey);
+    /**
+     * Create a new transport by fetching server public key
+     */
+    static create(serverURL: string, clientIdentity: Identity): Promise<Transport>;
+    /**
+     * Get the server public key
+     */
+    getServerPublicKey(): CryptoKey;
+    /**
+     * Get the server public key as hex string
+     */
+    getServerPublicKeyHex(): Promise<string>;
+    /**
+     * Get the client public key
+     */
+    getClientPublicKey(): CryptoKey;
+    /**
+     * Make an encrypted HTTP request
+     */
+    request(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
+    /**
+     * Convenience method for GET requests
+     */
+    get(url: string | URL, init?: RequestInit): Promise<Response>;
+    /**
+     * Convenience method for POST requests
+     */
+    post(url: string | URL, body?: BodyInit, init?: RequestInit): Promise<Response>;
+    /**
+     * Convenience method for PUT requests
+     */
+    put(url: string | URL, body?: BodyInit, init?: RequestInit): Promise<Response>;
+    /**
+     * Convenience method for DELETE requests
+     */
+    delete(url: string | URL, init?: RequestInit): Promise<Response>;
+}
+/**
+ * Create a new transport instance
+ */
+export declare function createTransport(serverURL: string, clientIdentity: Identity): Promise<Transport>;
+//# sourceMappingURL=client.d.ts.map

package/dist/cjs/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,eAAe,CAAY;gBAEvB,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,eAAe,EAAE,SAAS;IAMpF;;OAEG;WACU,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;IAwBpF;;OAEG;IACH,kBAAkB,IAAI,SAAS;IAI/B;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC;IAQ9C;;OAEG;IACH,kBAAkB,IAAI,SAAS;IAI/B;;OAEG;IACG,OAAO,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA0E9E;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAInE;;OAEG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIrF;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIpF;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CAGvE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAErG"}

package/dist/cjs/client.js

@@ -0,0 +1,160 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Transport = void 0;
+exports.createTransport = createTransport;
+const identity_js_1 = require("./identity.js");
+const protocol_js_1 = require("./protocol.js");
+/**
+ * HTTP transport for EHBP
+ */
+class Transport {
+    clientIdentity;
+    serverHost;
+    serverPublicKey;
+    constructor(clientIdentity, serverHost, serverPublicKey) {
+        this.clientIdentity = clientIdentity;
+        this.serverHost = serverHost;
+        this.serverPublicKey = serverPublicKey;
+    }
+    /**
+     * Create a new transport by fetching server public key
+     */
+    static async create(serverURL, clientIdentity) {
+        const url = new URL(serverURL);
+        const serverHost = url.host;
+        // Fetch server public key
+        const keysURL = new URL(protocol_js_1.PROTOCOL.KEYS_PATH, serverURL);
+        const response = await fetch(keysURL.toString());
+        if (!response.ok) {
+            throw new Error(`Failed to get server public key: ${response.status}`);
+        }
+        const contentType = response.headers.get('content-type');
+        if (contentType !== protocol_js_1.PROTOCOL.KEYS_MEDIA_TYPE) {
+            throw new Error(`Invalid content type: ${contentType}`);
+        }
+        const keysData = new Uint8Array(await response.arrayBuffer());
+        const serverIdentity = await identity_js_1.Identity.unmarshalPublicConfig(keysData);
+        const serverPublicKey = serverIdentity.getPublicKey();
+        return new Transport(clientIdentity, serverHost, serverPublicKey);
+    }
+    /**
+     * Get the server public key
+     */
+    getServerPublicKey() {
+        return this.serverPublicKey;
+    }
+    /**
+     * Get the server public key as hex string
+     */
+    async getServerPublicKeyHex() {
+        const exported = await crypto.subtle.exportKey('raw', this.serverPublicKey);
+        const keyBytes = new Uint8Array(exported);
+        return Array.from(keyBytes)
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    /**
+     * Get the client public key
+     */
+    getClientPublicKey() {
+        return this.clientIdentity.getPublicKey();
+    }
+    /**
+     * Make an encrypted HTTP request
+     */
+    async request(input, init) {
+        // Extract body from init or original request before creating Request object
+        let requestBody = null;
+        if (input instanceof Request) {
+            // If input is a Request, extract its body
+            if (input.body) {
+                requestBody = await input.arrayBuffer();
+            }
+        }
+        else {
+            // If input is URL/string, get body from init
+            requestBody = init?.body || null;
+        }
+        // Create the URL with correct host
+        let url;
+        let method;
+        let headers;
+        if (input instanceof Request) {
+            url = new URL(input.url);
+            method = input.method;
+            headers = input.headers;
+        }
+        else {
+            url = new URL(input);
+            method = init?.method || 'GET';
+            headers = init?.headers || {};
+        }
+        url.host = this.serverHost;
+        let request = new Request(url.toString(), {
+            method,
+            headers,
+            body: requestBody,
+            duplex: 'half'
+        });
+        // Encrypt request body if present (check the original requestBody, not request.body)
+        if (requestBody !== null && requestBody !== undefined) {
+            request = await this.clientIdentity.encryptRequest(request, this.serverPublicKey);
+        }
+        else {
+            // No body, just set client public key header
+            const headers = new Headers(request.headers);
+            headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.clientIdentity.getPublicKeyHex());
+            request = new Request(request.url, {
+                method: request.method,
+                headers,
+                body: null
+            });
+        }
+        // Make the request
+        const response = await fetch(request);
+        if (!response.ok) {
+            console.warn(`Server returned non-OK status: ${response.status}`);
+        }
+        // Check for encapsulated key header
+        const encapKeyHeader = response.headers.get(protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER);
+        if (!encapKeyHeader) {
+            throw new Error(`Missing ${protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER} encapsulated key header`);
+        }
+        // Decode encapsulated key
+        const serverEncapKey = new Uint8Array(encapKeyHeader.match(/.{2}/g).map(byte => parseInt(byte, 16)));
+        // Decrypt response
+        return await this.clientIdentity.decryptResponse(response, serverEncapKey);
+    }
+    /**
+     * Convenience method for GET requests
+     */
+    async get(url, init) {
+        return this.request(url, { ...init, method: 'GET' });
+    }
+    /**
+     * Convenience method for POST requests
+     */
+    async post(url, body, init) {
+        return this.request(url, { ...init, method: 'POST', body });
+    }
+    /**
+     * Convenience method for PUT requests
+     */
+    async put(url, body, init) {
+        return this.request(url, { ...init, method: 'PUT', body });
+    }
+    /**
+     * Convenience method for DELETE requests
+     */
+    async delete(url, init) {
+        return this.request(url, { ...init, method: 'DELETE' });
+    }
+}
+exports.Transport = Transport;
+/**
+ * Create a new transport instance
+ */
+async function createTransport(serverURL, clientIdentity) {
+    return Transport.create(serverURL, clientIdentity);
+}
+//# sourceMappingURL=client.js.map

package/dist/cjs/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";;;AAkLA,0CAEC;AApLD,+CAAyC;AACzC,+CAAyC;AAEzC;;GAEG;AACH,MAAa,SAAS;IACZ,cAAc,CAAW;IACzB,UAAU,CAAS;IACnB,eAAe,CAAY;IAEnC,YAAY,cAAwB,EAAE,UAAkB,EAAE,eAA0B;QAClF,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,cAAwB;QAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;QAE5B,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,sBAAQ,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,WAAW,KAAK,sBAAQ,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,MAAM,sBAAQ,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACtE,MAAM,eAAe,GAAG,cAAc,CAAC,YAAY,EAAE,CAAC;QAEtD,OAAO,IAAI,SAAS,CAAC,cAAc,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB;QACzB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5E,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;aACxB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,KAAwB,EAAE,IAAkB;QACxD,4EAA4E;QAC5E,IAAI,WAAW,GAAoB,IAAI,CAAC;QAExC,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,0CAA0C;YAC1C,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,WAAW,GAAG,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,IAAI,GAAQ,CAAC;QACb,IAAI,MAAc,CAAC;QACnB,IAAI,OAAoB,CAAC;QAEzB,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;YACtB,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YACrB,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC;YAC/B,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;QAChC,CAAC;QAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;QAE3B,IAAI,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACxC,MAAM;YACN,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;SACA,CAAC,CAAC;QAElB,qFAAqF;QACrF,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YACtD,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,wBAAwB,EAAE,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,CAAC;YAC5F,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO;gBACP,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;QAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,kCAAkC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,oCAAoC;QACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,uBAAuB,CAAC,CAAC;QAC9E,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,WAAW,sBAAQ,CAAC,uBAAuB,0BAA0B,CAAC,CAAC;QACzF,CAAC;QAED,0BAA0B;QAC1B,MAAM,cAAc,GAAG,IAAI,UAAU,CACnC,cAAc,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAC/D,CAAC;QAEF,mBAAmB;QACnB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAkB;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC/D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAkB;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF;AAvKD,8BAuKC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CAAC,SAAiB,EAAE,cAAwB;IAC/E,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;AACrD,CAAC"}

package/dist/cjs/identity.d.ts

@@ -0,0 +1,52 @@
+import { CipherSuite } from '@hpke/core';
+/**
+ * Identity class for managing HPKE key pairs and encryption/decryption
+ */
+export declare class Identity {
+    private suite;
+    private publicKey;
+    private privateKey;
+    constructor(suite: CipherSuite, publicKey: CryptoKey, privateKey: CryptoKey);
+    /**
+     * Generate a new identity with X25519 key pair
+     */
+    static generate(): Promise<Identity>;
+    /**
+     * Create identity from JSON string
+     */
+    static fromJSON(json: string): Promise<Identity>;
+    /**
+     * Convert identity to JSON string
+     */
+    toJSON(): Promise<string>;
+    /**
+     * Get public key as CryptoKey
+     */
+    getPublicKey(): CryptoKey;
+    /**
+     * Get public key as hex string
+     */
+    getPublicKeyHex(): Promise<string>;
+    /**
+     * Get private key as CryptoKey
+     */
+    getPrivateKey(): CryptoKey;
+    /**
+     * Marshal public key configuration for server key distribution
+     * Implements RFC 9458 format
+     */
+    marshalConfig(): Promise<Uint8Array>;
+    /**
+     * Unmarshal public configuration from server
+     */
+    static unmarshalPublicConfig(data: Uint8Array): Promise<Identity>;
+    /**
+     * Encrypt request body and set appropriate headers
+     */
+    encryptRequest(request: Request, serverPublicKey: CryptoKey): Promise<Request>;
+    /**
+     * Decrypt response body
+     */
+    decryptResponse(response: Response, serverEncapKey: Uint8Array): Promise<Response>;
+}
+//# sourceMappingURL=identity.d.ts.map

package/dist/cjs/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAgD,MAAM,YAAY,CAAC;AAGvF;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,UAAU,CAAY;gBAElB,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS;IAM3E;;OAEG;WACU,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;IAsB1C;;OAEG;WACU,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAwBtD;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAY/B;;OAEG;IACH,YAAY,IAAI,SAAS;IAIzB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAOxC;;OAEG;IACH,aAAa,IAAI,SAAS;IAI1B;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC;IA0C1C;;OAEG;WACU,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;IAwCvE;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAgDpF;;OAEG;IACG,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;CAwFzF"}

package/dist/cjs/identity.js

@@ -0,0 +1,275 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Identity = void 0;
+const core_1 = require("@hpke/core");
+const protocol_js_1 = require("./protocol.js");
+/**
+ * Identity class for managing HPKE key pairs and encryption/decryption
+ */
+class Identity {
+    suite;
+    publicKey;
+    privateKey;
+    constructor(suite, publicKey, privateKey) {
+        this.suite = suite;
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
+    }
+    /**
+     * Generate a new identity with X25519 key pair
+     */
+    static async generate() {
+        const suite = new core_1.CipherSuite({
+            kem: new core_1.DhkemX25519HkdfSha256(),
+            kdf: new core_1.HkdfSha256(),
+            aead: new core_1.Aes256Gcm()
+        });
+        const { publicKey, privateKey } = await suite.kem.generateKeyPair();
+        // Make sure the public key is extractable for serialization
+        const extractablePublicKey = await crypto.subtle.importKey('raw', await crypto.subtle.exportKey('raw', publicKey), { name: 'X25519' }, true, // extractable
+        []);
+        return new Identity(suite, extractablePublicKey, privateKey);
+    }
+    /**
+     * Create identity from JSON string
+     */
+    static async fromJSON(json) {
+        const data = JSON.parse(json);
+        const suite = new core_1.CipherSuite({
+            kem: new core_1.DhkemX25519HkdfSha256(),
+            kdf: new core_1.HkdfSha256(),
+            aead: new core_1.Aes256Gcm()
+        });
+        // Import public key
+        const publicKey = await crypto.subtle.importKey('raw', new Uint8Array(data.publicKey), { name: 'X25519' }, true, // extractable
+        []);
+        // Deserialize private key using HPKE library
+        const privateKey = await suite.kem.deserializePrivateKey(new Uint8Array(data.privateKey).buffer);
+        return new Identity(suite, publicKey, privateKey);
+    }
+    /**
+     * Convert identity to JSON string
+     */
+    async toJSON() {
+        const publicKeyBytes = new Uint8Array(await crypto.subtle.exportKey('raw', this.publicKey));
+        // For X25519, we need to use the HPKE library's serialization for private keys
+        const privateKeyBytes = await this.suite.kem.serializePrivateKey(this.privateKey);
+        return JSON.stringify({
+            publicKey: Array.from(publicKeyBytes),
+            privateKey: Array.from(new Uint8Array(privateKeyBytes))
+        });
+    }
+    /**
+     * Get public key as CryptoKey
+     */
+    getPublicKey() {
+        return this.publicKey;
+    }
+    /**
+     * Get public key as hex string
+     */
+    async getPublicKeyHex() {
+        const exported = await crypto.subtle.exportKey('raw', this.publicKey);
+        return Array.from(new Uint8Array(exported))
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    /**
+     * Get private key as CryptoKey
+     */
+    getPrivateKey() {
+        return this.privateKey;
+    }
+    /**
+     * Marshal public key configuration for server key distribution
+     * Implements RFC 9458 format
+     */
+    async marshalConfig() {
+        const kemId = protocol_js_1.HPKE_CONFIG.KEM;
+        const kdfId = protocol_js_1.HPKE_CONFIG.KDF;
+        const aeadId = protocol_js_1.HPKE_CONFIG.AEAD;
+        // Export public key as raw bytes
+        const publicKeyBytes = new Uint8Array(await crypto.subtle.exportKey('raw', this.publicKey));
+        // Key ID (1 byte) + KEM ID (2 bytes) + Public Key + Cipher Suites
+        const keyId = 0;
+        const publicKeySize = publicKeyBytes.length;
+        const cipherSuitesSize = 2 + 2; // KDF ID + AEAD ID
+        const buffer = new Uint8Array(1 + 2 + publicKeySize + 2 + cipherSuitesSize);
+        let offset = 0;
+        // Key ID
+        buffer[offset++] = keyId;
+        // KEM ID
+        buffer[offset++] = (kemId >> 8) & 0xFF;
+        buffer[offset++] = kemId & 0xFF;
+        // Public Key
+        buffer.set(publicKeyBytes, offset);
+        offset += publicKeySize;
+        // Cipher Suites Length (2 bytes)
+        buffer[offset++] = (cipherSuitesSize >> 8) & 0xFF;
+        buffer[offset++] = cipherSuitesSize & 0xFF;
+        // KDF ID
+        buffer[offset++] = (kdfId >> 8) & 0xFF;
+        buffer[offset++] = kdfId & 0xFF;
+        // AEAD ID
+        buffer[offset++] = (aeadId >> 8) & 0xFF;
+        buffer[offset++] = aeadId & 0xFF;
+        return buffer;
+    }
+    /**
+     * Unmarshal public configuration from server
+     */
+    static async unmarshalPublicConfig(data) {
+        let offset = 0;
+        // Read Key ID
+        const keyId = data[offset++];
+        // Read KEM ID
+        const kemId = (data[offset++] << 8) | data[offset++];
+        // Read Public Key (32 bytes for X25519)
+        const publicKeySize = 32;
+        const publicKeyBytes = data.slice(offset, offset + publicKeySize);
+        offset += publicKeySize;
+        // Read Cipher Suites Length
+        const cipherSuitesLength = (data[offset++] << 8) | data[offset++];
+        // Read KDF ID
+        const kdfId = (data[offset++] << 8) | data[offset++];
+        // Read AEAD ID
+        const aeadId = (data[offset++] << 8) | data[offset++];
+        // Create suite (assuming X25519 for now)
+        const suite = new core_1.CipherSuite({
+            kem: new core_1.DhkemX25519HkdfSha256(),
+            kdf: new core_1.HkdfSha256(),
+            aead: new core_1.Aes256Gcm()
+        });
+        // Import public key using HPKE library
+        const publicKey = await suite.kem.deserializePublicKey(publicKeyBytes.buffer);
+        // For server config, we only have the public key, no private key
+        // We'll create a dummy private key that won't be used
+        const dummyPrivateKey = await suite.kem.deserializePrivateKey(new Uint8Array(32).buffer);
+        return new Identity(suite, publicKey, dummyPrivateKey);
+    }
+    /**
+     * Encrypt request body and set appropriate headers
+     */
+    async encryptRequest(request, serverPublicKey) {
+        const body = await request.arrayBuffer();
+        if (body.byteLength === 0) {
+            // No body to encrypt, just set client public key header
+            const headers = new Headers(request.headers);
+            headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.getPublicKeyHex());
+            return new Request(request.url, {
+                method: request.method,
+                headers,
+                body: null
+            });
+        }
+        // Create sender for encryption
+        const sender = await this.suite.createSenderContext({
+            recipientPublicKey: serverPublicKey
+        });
+        // Encrypt the body
+        const encrypted = await sender.seal(body);
+        // Get encapsulated key
+        const encapKey = sender.enc;
+        // Create chunked format: 4-byte length header + encrypted data
+        const chunkLength = new Uint8Array(4);
+        const view = new DataView(chunkLength.buffer);
+        view.setUint32(0, encrypted.byteLength, false); // Big-endian
+        const chunkedData = new Uint8Array(4 + encrypted.byteLength);
+        chunkedData.set(chunkLength, 0);
+        chunkedData.set(new Uint8Array(encrypted), 4);
+        // Create new request with encrypted body and headers
+        const headers = new Headers(request.headers);
+        headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.getPublicKeyHex());
+        headers.set(protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER, Array.from(new Uint8Array(encapKey))
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join(''));
+        return new Request(request.url, {
+            method: request.method,
+            headers,
+            body: chunkedData,
+            duplex: 'half'
+        });
+    }
+    /**
+     * Decrypt response body
+     */
+    async decryptResponse(response, serverEncapKey) {
+        if (!response.body) {
+            return response;
+        }
+        // Create receiver for decryption
+        const receiver = await this.suite.createRecipientContext({
+            recipientKey: this.privateKey,
+            enc: serverEncapKey.buffer
+        });
+        // Create a readable stream that decrypts chunks as they arrive
+        const decryptedStream = new ReadableStream({
+            start(controller) {
+                const reader = response.body.getReader();
+                let buffer = new Uint8Array(0);
+                let offset = 0;
+                async function pump() {
+                    try {
+                        while (true) {
+                            const { done, value } = await reader.read();
+                            if (done)
+                                break;
+                            // Append new data to buffer
+                            const newBuffer = new Uint8Array(buffer.length + value.length);
+                            newBuffer.set(buffer);
+                            newBuffer.set(value, buffer.length);
+                            buffer = newBuffer;
+                            // Process complete chunks
+                            while (offset + 4 <= buffer.length) {
+                                // Read chunk length (4 bytes big-endian)
+                                const chunkLength = (buffer[offset] << 24) |
+                                    (buffer[offset + 1] << 16) |
+                                    (buffer[offset + 2] << 8) |
+                                    buffer[offset + 3];
+                                offset += 4;
+                                if (chunkLength === 0) {
+                                    continue; // Empty chunk
+                                }
+                                // Check if we have the complete chunk
+                                if (offset + chunkLength > buffer.length) {
+                                    // Not enough data yet, rewind offset and wait for more
+                                    offset -= 4;
+                                    break;
+                                }
+                                // Extract and decrypt the chunk
+                                const encryptedChunk = buffer.slice(offset, offset + chunkLength);
+                                offset += chunkLength;
+                                try {
+                                    const decryptedChunk = await receiver.open(encryptedChunk.buffer);
+                                    controller.enqueue(new Uint8Array(decryptedChunk));
+                                }
+                                catch (error) {
+                                    controller.error(new Error(`Failed to decrypt chunk: ${error}`));
+                                    return;
+                                }
+                            }
+                            // Remove processed data from buffer
+                            if (offset > 0) {
+                                buffer = buffer.slice(offset);
+                                offset = 0;
+                            }
+                        }
+                        controller.close();
+                    }
+                    catch (error) {
+                        controller.error(error);
+                    }
+                }
+                pump();
+            }
+        });
+        // Create new response with decrypted stream
+        return new Response(decryptedStream, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers
+        });
+    }
+}
+exports.Identity = Identity;
+//# sourceMappingURL=identity.js.map

package/dist/cjs/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":";;;AAAA,qCAAuF;AACvF,+CAAsD;AAEtD;;GAEG;AACH,MAAa,QAAQ;IACX,KAAK,CAAc;IACnB,SAAS,CAAY;IACrB,UAAU,CAAY;IAE9B,YAAY,KAAkB,EAAE,SAAoB,EAAE,UAAqB;QACzE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ;QACnB,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;YAC5B,GAAG,EAAE,IAAI,4BAAqB,EAAE;YAChC,GAAG,EAAE,IAAI,iBAAU,EAAE;YACrB,IAAI,EAAE,IAAI,gBAAS,EAAE;SACtB,CAAC,CAAC;QAEH,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QAEpE,4DAA4D;QAC5D,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACxD,KAAK,EACL,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAC/C,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,cAAc;QACpB,EAAE,CACH,CAAC;QAEF,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,oBAAoB,EAAE,UAAU,CAAC,CAAC;IAC/D,CAAC;IAGD;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAY;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;YAC5B,GAAG,EAAE,IAAI,4BAAqB,EAAE;YAChC,GAAG,EAAE,IAAI,iBAAU,EAAE;YACrB,IAAI,EAAE,IAAI,gBAAS,EAAE;SACtB,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,cAAc;QACpB,EAAE,CACH,CAAC;QAEF,6CAA6C;QAC7C,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;QAEjG,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAGD;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAE5F,+EAA+E;QAC/E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAElF,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC;YACrC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACtE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;aACxC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,MAAM,GAAG,yBAAW,CAAC,IAAI,CAAC;QAEhC,iCAAiC;QACjC,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAE5F,kEAAkE;QAClE,MAAM,KAAK,GAAG,CAAC,CAAC;QAChB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;QAEnD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC;QAC5E,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC;QAEzB,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,aAAa;QACb,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,IAAI,aAAa,CAAC;QAExB,iCAAiC;QACjC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAClD,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,gBAAgB,GAAG,IAAI,CAAC;QAE3C,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,UAAU;QACV,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACxC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,GAAG,IAAI,CAAC;QAEjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAgB;QACjD,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,cAAc;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAE7B,cAAc;QACd,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAErD,wCAAwC;QACxC,MAAM,aAAa,GAAG,EAAE,CAAC;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC;QAClE,MAAM,IAAI,aAAa,CAAC;QAExB,4BAA4B;QAC5B,MAAM,kBAAkB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAElE,cAAc;QACd,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAErD,eAAe;QACf,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAEtD,yCAAyC;QACzC,MAAM,KAAK,GAAG,IAAI,kBAAW,CAAC;YAC5B,GAAG,EAAE,IAAI,4BAAqB,EAAE;YAChC,GAAG,EAAE,IAAI,iBAAU,EAAE;YACrB,IAAI,EAAE,IAAI,gBAAS,EAAE;SACtB,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAE9E,iEAAiE;QACjE,sDAAsD;QACtD,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QAEzF,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAgB,EAAE,eAA0B;QAC/D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC1B,wDAAwD;YACxD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,wBAAwB,EAAE,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;YAC7E,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;gBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO;gBACP,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC;YAClD,kBAAkB,EAAE,eAAe;SACpC,CAAC,CAAC;QAEH,mBAAmB;QACnB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1C,uBAAuB;QACvB,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;QAE5B,+DAA+D;QAC/D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,aAAa;QAE7D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC7D,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAChC,WAAW,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAE9C,qDAAqD;QACrD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,wBAAwB,EAAE,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,uBAAuB,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;aAC/E,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAEb,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;SACA,CAAC,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAkB,EAAE,cAA0B;QAClE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC;YACvD,YAAY,EAAE,IAAI,CAAC,UAAU;YAC7B,GAAG,EAAE,cAAc,CAAC,MAAqB;SAC1C,CAAC,CAAC;QAEH,+DAA+D;QAC/D,MAAM,eAAe,GAAG,IAAI,cAAc,CAAC;YACzC,KAAK,CAAC,UAAU;gBACd,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAK,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,MAAM,GAAG,CAAC,CAAC;gBAEf,KAAK,UAAU,IAAI;oBACjB,IAAI,CAAC;wBACH,OAAO,IAAI,EAAE,CAAC;4BACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;4BAC5C,IAAI,IAAI;gCAAE,MAAM;4BAEhB,4BAA4B;4BAC5B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;4BAC/D,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;4BACtB,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;4BACpC,MAAM,GAAG,SAAS,CAAC;4BAEnB,0BAA0B;4BAC1B,OAAO,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gCACnC,yCAAyC;gCACzC,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oCACxB,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;oCAC1B,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;oCACzB,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gCACrC,MAAM,IAAI,CAAC,CAAC;gCAEZ,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;oCACtB,SAAS,CAAC,cAAc;gCAC1B,CAAC;gCAED,sCAAsC;gCACtC,IAAI,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;oCACzC,uDAAuD;oCACvD,MAAM,IAAI,CAAC,CAAC;oCACZ,MAAM;gCACR,CAAC;gCAED,gCAAgC;gCAChC,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC,CAAC;gCAClE,MAAM,IAAI,WAAW,CAAC;gCAEtB,IAAI,CAAC;oCACH,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;oCAClE,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;gCACrD,CAAC;gCAAC,OAAO,KAAK,EAAE,CAAC;oCACf,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC,CAAC;oCACjE,OAAO;gCACT,CAAC;4BACH,CAAC;4BAED,oCAAoC;4BACpC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;gCACf,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gCAC9B,MAAM,GAAG,CAAC,CAAC;4BACb,CAAC;wBACH,CAAC;wBAED,UAAU,CAAC,KAAK,EAAE,CAAC;oBACrB,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAED,IAAI,EAAE,CAAC;YACT,CAAC;SACF,CAAC,CAAC;QAEH,4CAA4C;QAC5C,OAAO,IAAI,QAAQ,CAAC,eAAe,EAAE;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO,EAAE,QAAQ,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;CAEF;AA7UD,4BA6UC"}

package/{src/index.ts → dist/cjs/index.d.ts}

@@ -1,14 +1,12 @@
 /**
  * JavaScript client for Encrypted HTTP Body Protocol (EHBP) using HPKE
- * 
+ *
  * This library provides secure HTTP communication using Hybrid Public Key Encryption (HPKE)
  * as specified in RFC 9180. It automatically encrypts request bodies and decrypts response
  * bodies while preserving HTTP headers for routing.
  */
-
 export { Identity } from './identity.js';
 export { Transport, createTransport } from './client.js';
 export { PROTOCOL, HPKE_CONFIG } from './protocol.js';
-
-// Re-export commonly used types
 export type { CipherSuite } from '@hpke/core';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGtD,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}

package/dist/cjs/index.js

@@ -0,0 +1,19 @@
+"use strict";
+/**
+ * JavaScript client for Encrypted HTTP Body Protocol (EHBP) using HPKE
+ *
+ * This library provides secure HTTP communication using Hybrid Public Key Encryption (HPKE)
+ * as specified in RFC 9180. It automatically encrypts request bodies and decrypts response
+ * bodies while preserving HTTP headers for routing.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HPKE_CONFIG = exports.PROTOCOL = exports.createTransport = exports.Transport = exports.Identity = void 0;
+var identity_js_1 = require("./identity.js");
+Object.defineProperty(exports, "Identity", { enumerable: true, get: function () { return identity_js_1.Identity; } });
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "Transport", { enumerable: true, get: function () { return client_js_1.Transport; } });
+Object.defineProperty(exports, "createTransport", { enumerable: true, get: function () { return client_js_1.createTransport; } });
+var protocol_js_1 = require("./protocol.js");
+Object.defineProperty(exports, "PROTOCOL", { enumerable: true, get: function () { return protocol_js_1.PROTOCOL; } });
+Object.defineProperty(exports, "HPKE_CONFIG", { enumerable: true, get: function () { return protocol_js_1.HPKE_CONFIG; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,6CAAyC;AAAhC,uGAAA,QAAQ,OAAA;AACjB,yCAAyD;AAAhD,sGAAA,SAAS,OAAA;AAAE,4GAAA,eAAe,OAAA;AACnC,6CAAsD;AAA7C,uGAAA,QAAQ,OAAA;AAAE,0GAAA,WAAW,OAAA"}

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type":"commonjs"}

package/dist/cjs/protocol.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Protocol constants for EHBP (Encrypted HTTP Body Protocol)
+ */
+export declare const PROTOCOL: {
+    readonly ENCAPSULATED_KEY_HEADER: "Ehbp-Encapsulated-Key";
+    readonly CLIENT_PUBLIC_KEY_HEADER: "Ehbp-Client-Public-Key";
+    readonly KEYS_MEDIA_TYPE: "application/ohttp-keys";
+    readonly KEYS_PATH: "/.well-known/hpke-keys";
+    readonly FALLBACK_HEADER: "Ehbp-Fallback";
+};
+/**
+ * HPKE suite configuration matching the Go implementation
+ */
+export declare const HPKE_CONFIG: {
+    readonly KEM: 32;
+    readonly KDF: 1;
+    readonly AEAD: 2;
+};
+//# sourceMappingURL=protocol.d.ts.map

package/dist/cjs/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../src/protocol.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,QAAQ;;;;;;CAMX,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,WAAW;;;;CAId,CAAC"}