holosphere 2.0.0-alpha21 → 2.0.0-alpha23

package/src/federation/discovery.js

@@ -3,8 +3,7 @@
  * Optional feature for automated federation handshake via Nostr events
  */
 
-import { issueCapability } from '../crypto/secp256k1.js';
-import { addFederatedPartner, storeInboundCapability } from './registry.js';
+import { addFederatedPartner } from './registry.js';
 
 // Custom event kinds for federation protocol
 const FEDERATION_REQUEST_KIND = 30078;
@@ -17,28 +16,14 @@ const FEDERATION_DECLINE_KIND = 30080;
  * @param {string} appname - Application namespace
  * @param {string} targetPubKey - Target holosphere's public key
  * @param {Object} options - Request options
- * @param {Object} options.scope - Requested scope { holonId, lensName }
- * @param {string[]} options.permissions - Requested permissions
  * @param {string} options.message - Optional message to include
- * @param {number} options.expiresIn - Token expiration in ms (default: 30 days)
  * @returns {Promise<Object>} Published event info
  */
 export async function sendFederationRequest(client, appname, targetPubKey, options = {}) {
   const {
-    scope = { holonId: '*', lensName: '*' },
-    permissions = ['read'],
     message = 'Federation request',
-    expiresIn = 30 * 24 * 60 * 60 * 1000, // 30 days
   } = options;
 
-  // Issue capability we're offering them (access to our data)
-  const offeredCapability = await issueCapability(
-    permissions,
-    scope,
-    targetPubKey,
-    { issuerKey: client.privateKey, expiresIn }
-  );
-
   const event = {
     kind: FEDERATION_REQUEST_KIND,
     created_at: Math.floor(Date.now() / 1000),
@@ -46,14 +31,9 @@ export async function sendFederationRequest(client, appname, targetPubKey, optio
       ['d', `federation-request-${targetPubKey.slice(0, 16)}`],
       ['p', targetPubKey],
       ['holosphere', appname],
-      ['scope', JSON.stringify(scope)],
-      ['permissions', permissions.join(',')],
     ],
     content: JSON.stringify({
       message,
-      offeredCapability,
-      requestedScope: scope,
-      requestedPermissions: permissions,
     }),
   };
 
@@ -61,9 +41,6 @@ export async function sendFederationRequest(client, appname, targetPubKey, optio
   return {
     eventId: result.id || null,
     targetPubKey,
-    scope,
-    permissions,
-    offeredCapability,
     ...result,
   };
 }
@@ -83,18 +60,13 @@ export async function subscribeFederationRequests(client, callback) {
   return client.subscribe(filter, (event) => {
     try {
       const content = JSON.parse(event.content);
-      const scopeTag = event.tags.find(t => t[0] === 'scope');
-      const permissionsTag = event.tags.find(t => t[0] === 'permissions');
       const holosphereTag = event.tags.find(t => t[0] === 'holosphere');
 
       const request = {
         eventId: event.id,
         requesterPubKey: event.pubkey,
         appname: holosphereTag?.[1],
-        scope: scopeTag ? JSON.parse(scopeTag[1]) : { holonId: '*', lensName: '*' },
-        permissions: permissionsTag ? permissionsTag[1].split(',') : ['read'],
         message: content.message,
-        offeredCapability: content.offeredCapability,
         timestamp: event.created_at,
       };
 
@@ -111,38 +83,16 @@ export async function subscribeFederationRequests(client, callback) {
  * @param {string} appname - Application namespace
  * @param {Object} request - Request object from subscription
  * @param {Object} options - Acceptance options
- * @param {Object} options.scope - Scope we're granting (defaults to requested)
- * @param {string[]} options.permissions - Permissions we're granting
  * @param {string} options.alias - Alias for this partner
- * @param {number} options.expiresIn - Token expiration in ms
  * @returns {Promise<Object>} Published acceptance event info
  */
 export async function acceptFederationRequest(client, appname, request, options = {}) {
-  const {
-    scope = request.scope,
-    permissions = request.permissions,
-    alias = null,
-    expiresIn = 30 * 24 * 60 * 60 * 1000,
-  } = options;
+  const { alias = null } = options;
 
-  // Issue our capability to them
-  const grantedCapability = await issueCapability(
-    permissions,
-    scope,
-    request.requesterPubKey,
-    { issuerKey: client.privateKey, expiresIn }
-  );
-
-  // Store their offered capability in our registry
+  // Add the requester to our federation
   await addFederatedPartner(client, appname, request.requesterPubKey, {
     alias,
     addedVia: 'nostr_discovery',
-    inboundCapabilities: [{
-      token: request.offeredCapability,
-      scope: request.scope,
-      permissions: request.permissions,
-      expires: Date.now() + expiresIn,
-    }],
   });
 
   // Publish acceptance event
@@ -154,12 +104,9 @@ export async function acceptFederationRequest(client, appname, request, options
       ['p', request.requesterPubKey],
       ['e', request.eventId], // Reference to original request
       ['holosphere', appname],
-      ['scope', JSON.stringify(scope)],
-      ['permissions', permissions.join(',')],
     ],
     content: JSON.stringify({
-      acceptedScope: scope,
-      grantedCapability,
+      accepted: true,
     }),
   };
 
@@ -167,8 +114,6 @@ export async function acceptFederationRequest(client, appname, request, options
   return {
     eventId: result.id || null,
     requesterPubKey: request.requesterPubKey,
-    grantedCapability,
-    acceptedScope: scope,
     ...result,
   };
 }
@@ -218,23 +163,14 @@ export async function subscribeFederationAcceptances(client, appname, callback)
 
   return client.subscribe(filter, async (event) => {
     try {
-      const content = JSON.parse(event.content);
-      const scopeTag = event.tags.find(t => t[0] === 'scope');
-      const permissionsTag = event.tags.find(t => t[0] === 'permissions');
-
-      // Store their granted capability in our registry
-      await storeInboundCapability(client, appname, event.pubkey, {
-        token: content.grantedCapability,
-        scope: scopeTag ? JSON.parse(scopeTag[1]) : content.acceptedScope,
-        permissions: permissionsTag ? permissionsTag[1].split(',') : ['read'],
-        expires: Date.now() + 30 * 24 * 60 * 60 * 1000, // Assume 30 day expiry
+      // Add the accepter to our federation
+      await addFederatedPartner(client, appname, event.pubkey, {
+        addedVia: 'nostr_discovery',
       });
 
       callback({
         accepterPubKey: event.pubkey,
         originalRequestId: event.tags.find(t => t[0] === 'e')?.[1],
-        acceptedScope: content.acceptedScope,
-        grantedCapability: content.grantedCapability,
         timestamp: event.created_at,
       });
     } catch (error) {
@@ -313,14 +249,10 @@ export async function getPendingFederationRequests(client, options = {}) {
       try {
         const content = JSON.parse(request.content);
         const pTag = request.tags.find(t => t[0] === 'p');
-        const scopeTag = request.tags.find(t => t[0] === 'scope');
-        const permissionsTag = request.tags.find(t => t[0] === 'permissions');
 
         pending.push({
           eventId: request.id,
           targetPubKey: pTag?.[1],
-          scope: scopeTag ? JSON.parse(scopeTag[1]) : { holonId: '*', lensName: '*' },
-          permissions: permissionsTag ? permissionsTag[1].split(',') : ['read'],
           message: content.message,
           timestamp: request.created_at,
         });

package/src/federation/handshake.js

@@ -19,13 +19,8 @@ import {
 } from '../crypto/nostr-utils.js';
 import {
   addFederatedPartner,
-  storeInboundCapability,
-  grantAccess,
-  convertLegacyLensConfig,
-  convertToLegacyLensConfig,
 } from './registry.js';
 import { registerHolon } from './holon-registry.js';
-import { issueCapability } from '../crypto/secp256k1.js';
 import * as cardStorage from './card-storage.js';
 import { buildLensPath } from '../crypto/key-store.js';
 
@@ -116,9 +111,11 @@ export function normalizeLensConfig(lensConfig) {
     return { inbound: [], outbound: [], writeInbound: [], writeOutbound: [] };
   }
 
-  // If v2.0 format, convert to v1.0
+  // If v2.0 format, extract lens names into v1.0 shape
   if (isV2LensConfig(lensConfig)) {
-    return convertToLegacyLensConfig(lensConfig);
+    const perms = lensConfig.permissions || {};
+    const outbound = Object.keys(perms);
+    return { inbound: [], outbound, writeInbound: [], writeOutbound: [] };
   }
 
   // Already v1.0 format, just ensure all fields exist
@@ -148,7 +145,14 @@ export function toUnifiedPermissions(lensConfig) {
   }
 
   // Convert v1.0 to v2.0
-  return convertLegacyLensConfig(lensConfig);
+  const permissions = {};
+  for (const lens of (lensConfig.outbound || [])) {
+    permissions[lens] = ['read'];
+  }
+  for (const lens of (lensConfig.writeOutbound || [])) {
+    permissions[lens] = permissions[lens] ? [...permissions[lens], 'write'] : ['write'];
+  }
+  return { version: '2.0', permissions };
 }
 
 // ============================================================================
@@ -364,7 +368,7 @@ export async function sendLensKeyShare(client, privateKey, recipientPubKey, keyS
  * @returns {Function} Unsubscribe function
  */
 export function subscribeToFederationDMs(client, privateKey, publicKey, handlers, options = {}) {
-  const { onRequest, onResponse, onUpdate, onUpdateResponse, onKeyShare } = handlers;
+  const { onRequest, onResponse, onUpdate, onUpdateResponse, onKeyShare, onShare, onAck } = handlers;
   const { appname } = options;
   let isActive = true;
 
@@ -516,6 +520,38 @@ export function subscribeToFederationDMs(client, privateKey, publicKey, handlers
 
         console.log('[Handshake] Received lens key share from:', event.pubkey.substring(0, 8) + '...', 'for lens:', payload.lensPath);
         onKeyShare?.(payload, event.pubkey);
+      } else if (payload.type === 'share') {
+        // New share protocol — replaces federation_request + lens_key_share for cross-author
+        const shareKey = `share_${payload.id}_${event.pubkey}`;
+        if (processedResponseIds.has(shareKey)) {
+          return;
+        }
+
+        if (appname && client?.client) {
+          await cardStorage.markDMProcessed(client.client, appname, event.id, 'share');
+          processedResponseIds.add(shareKey);
+          processedDMIds.add(event.id);
+        }
+
+        console.log('[Handshake] Received share from:', event.pubkey.substring(0, 8) + '...',
+          'lens:', payload.lens, 'item:', payload.item || '(lens-level)');
+        onShare?.(payload, event.pubkey);
+      } else if (payload.type === 'share_ack') {
+        // New share ack protocol — replaces federation_response
+        const ackKey = `ack_${payload.id}_${event.pubkey}`;
+        if (processedResponseIds.has(ackKey)) {
+          return;
+        }
+
+        if (appname && client?.client) {
+          await cardStorage.markDMProcessed(client.client, appname, event.id, 'share_ack');
+          processedResponseIds.add(ackKey);
+          processedDMIds.add(event.id);
+        }
+
+        console.log('[Handshake] Received share ack from:', event.pubkey.substring(0, 8) + '...',
+          'status:', payload.status);
+        onAck?.(payload, event.pubkey);
       }
     } catch (error) {
       // Silently ignore non-federation DMs
@@ -614,65 +650,21 @@ export async function initiateFederationHandshake(holosphere, privateKey, params
       writeOutbound: lensConfig.writeOutbound || [],
     };
 
-    // Issue capabilities for outbound lenses (lenses we're sharing with partner)
-    const capabilities = [];
-    for (const lensName of normalizedLensConfig.outbound) {
-      try {
-        const token = await issueCapability(
-          ['read'],
-          { holonId, lensName, dataId: '*' },
-          partnerPubKey,
-          {
-            expiresIn: 365 * 24 * 60 * 60 * 1000, // 1 year
-            issuer: senderPubKey,
-            issuerKey: privateKey,
-          }
-        );
-        capabilities.push({
-          token,
-          scope: { holonId, lensName },
-          permissions: ['read'],
-        });
-      } catch (err) {
-        console.warn(`[Handshake] Failed to issue capability for ${lensName}:`, err.message);
-      }
-    }
+    // Build stub capabilities for outbound lenses (simplified model)
+    const capabilities = normalizedLensConfig.outbound.map(lensName => ({
+      token: 'federation-member',
+      scope: { holonId, lensName },
+      permissions: ['read'],
+    }));
 
-    // Grant write access to partner for our writeOutbound lenses
-    // This allows the partner to write to these lenses in our holon
+    // Add partner to our federation
     if (holosphere.client) {
-      for (const lensName of normalizedLensConfig.writeOutbound) {
-        try {
-          // New unified grant
-          await grantAccess(
-            holosphere.client,
-            holosphere.config.appName,
-            partnerPubKey,
-            { holonId: '*', lensName },
-            ['write'],
-            { direction: 'inbound' }
-          );
-          console.log(`[Handshake] Pre-granted write access to partner for lens "${lensName}"`);
-        } catch (err) {
-          console.warn(`[Handshake] Failed to grant write access for ${lensName}:`, err.message);
-        }
-      }
-
-      // Also grant read access for outbound lenses using unified format
-      for (const lensName of normalizedLensConfig.outbound) {
-        try {
-          await grantAccess(
-            holosphere.client,
-            holosphere.config.appName,
-            partnerPubKey,
-            { holonId: '*', lensName },
-            ['read'],
-            { direction: 'outbound' }
-          );
-        } catch (err) {
-          console.warn(`[Handshake] Failed to grant read access for ${lensName}:`, err.message);
-        }
-      }
+      await addFederatedPartner(
+        holosphere.client,
+        holosphere.config.appName,
+        partnerPubKey,
+        { addedVia: 'handshake' }
+      );
     }
 
     // Create federation request
@@ -749,55 +741,6 @@ export async function acceptFederationRequest(holosphere, privateKey, params) {
         addedVia: 'handshake_accepted',
       });
 
-      // Store any capabilities they sent
-      if (request.capabilities && request.capabilities.length > 0) {
-        for (const cap of request.capabilities) {
-          await storeInboundCapability(holosphere.client, holosphere.config.appName, senderPubKey, cap);
-        }
-      }
-
-      // Process write grants from sender (they offered writeOutbound = we get write access)
-      const senderWriteOutbound = request.lensConfig?.writeOutbound || [];
-      if (senderWriteOutbound.length > 0) {
-        console.log('[Handshake] Sender is granting write access for lenses:', senderWriteOutbound);
-        // Note: This is tracked on the sender's side - we just acknowledge it in the response
-      }
-
-      // Grant write access to sender for our writeOutbound lenses
-      // This allows the sender to write to these lenses in our holon
-      for (const lensName of normalizedLensConfig.writeOutbound) {
-        try {
-          // New unified grant
-          await grantAccess(
-            holosphere.client,
-            holosphere.config.appName,
-            senderPubKey,
-            { holonId: '*', lensName },
-            ['write'],
-            { direction: 'inbound' }
-          );
-          console.log(`[Handshake] Granted write access to sender for lens "${lensName}"`);
-        } catch (err) {
-          console.warn(`[Handshake] Failed to grant write access for ${lensName}:`, err.message);
-        }
-      }
-
-      // Also grant read access for outbound lenses using unified format
-      for (const lensName of normalizedLensConfig.outbound) {
-        try {
-          await grantAccess(
-            holosphere.client,
-            holosphere.config.appName,
-            senderPubKey,
-            { holonId: '*', lensName },
-            ['read'],
-            { direction: 'outbound' }
-          );
-        } catch (err) {
-          console.warn(`[Handshake] Failed to grant read access for ${lensName}:`, err.message);
-        }
-      }
-
       // Register the sender's holon -> pubkey mapping in our holon registry
       // This is critical for resolveHolonToPubkey to work when navigating to their holon
       if (request.senderHolonId) {
@@ -811,7 +754,7 @@ export async function acceptFederationRequest(holosphere, privateKey, params) {
       }
     }
 
-    // Create the actual federation record in GunDB storage
+    // Create the actual federation record in Nostr storage
     // This is what makes the partner appear in getFederation() / loadFederationData()
     // Store the sender's name so we can display it without reading their settings
     await holosphere.federateHolon(holonId, senderPubKey, {
@@ -819,29 +762,12 @@ export async function acceptFederationRequest(holosphere, privateKey, params) {
       partnerName: request.senderHolonName
     });
 
-    // Issue capabilities for our outbound lenses (lenses we're sharing with partner)
-    const capabilities = [];
-    for (const lensName of normalizedLensConfig.outbound) {
-      try {
-        const token = await issueCapability(
-          ['read'],
-          { holonId, lensName, dataId: '*' },
-          senderPubKey,
-          {
-            expiresIn: 365 * 24 * 60 * 60 * 1000, // 1 year
-            issuer: responderPubKey,
-            issuerKey: privateKey,
-          }
-        );
-        capabilities.push({
-          token,
-          scope: { holonId, lensName },
-          permissions: ['read'],
-        });
-      } catch (err) {
-        console.warn(`[Handshake] Failed to issue capability for ${lensName}:`, err.message);
-      }
-    }
+    // Build stub capabilities for outbound lenses (simplified model)
+    const capabilities = normalizedLensConfig.outbound.map(lensName => ({
+      token: 'federation-member',
+      scope: { holonId, lensName },
+      permissions: ['read'],
+    }));
 
     // Share lens keys for encrypted outbound lenses
     // This allows the partner to decrypt data from our shared lenses
@@ -895,37 +821,7 @@ export async function acceptFederationRequest(holosphere, privateKey, params) {
         console.log('[Handshake] Request dismissed after acceptance:', request.requestId);
       }
 
-      // Auto-receive federated lens data as holograms for configured inbound lenses
-      // This enables the user to immediately see the partner's data in their holon
-      const receivedHolograms = {};
-      const inboundLenses = normalizedLensConfig.inbound;
-
-      if (inboundLenses.length > 0 && holosphere.receiveFederatedLens) {
-        console.log('[Handshake] Receiving federated lens data as holograms...');
-
-        for (const lensName of inboundLenses) {
-          try {
-            // The sender's holon ID comes from the request
-            const senderHolonId = request.senderHolonId;
-
-            const result = await holosphere.receiveFederatedLens(
-              senderPubKey,
-              senderHolonId,
-              lensName,
-              holonId,
-              { overwrite: false }
-            );
-
-            receivedHolograms[lensName] = result;
-            console.log(`[Handshake] Received ${result.received} holograms for lens "${lensName}"`);
-          } catch (err) {
-            console.warn(`[Handshake] Failed to receive holograms for lens "${lensName}":`, err.message);
-            receivedHolograms[lensName] = { error: err.message };
-          }
-        }
-      }
-
-      return { success: true, requestId: request.requestId, receivedHolograms };
+      return { success: true, requestId: request.requestId };
     } else {
       return { success: false, error: 'Failed to send response DM' };
     }
@@ -970,23 +866,20 @@ export async function rejectFederationRequest(holosphere, privateKey, params) {
  * @param {Object} response - Federation response payload
  * @param {string} responderPubKey - Responder's public key
  * @param {Object} [options={}] - Processing options
- * @param {string} [options.holonId] - Initiator's holon ID (for receiving holograms)
- * @param {string[]} [options.inboundLenses] - Lenses to receive from responder
- * @returns {Promise<Object>} Result with success, stored capability count, and received holograms
+ * @returns {Promise<Object>} Result with success and stored capability count
  */
 export async function processFederationResponse(holosphere, response, responderPubKey, options = {}) {
   if (!response || response.status !== 'accepted') {
     return { success: false, error: 'Response not accepted', storedCapabilities: 0 };
   }
 
-  const { holonId, inboundLenses = [] } = options;
   let storedCapabilities = 0;
 
   // Store capabilities from the responder
   if (holosphere.client && response.capabilities && response.capabilities.length > 0) {
     for (const cap of response.capabilities) {
       try {
-        await storeInboundCapability(holosphere.client, holosphere.config.appName, responderPubKey, cap);
+        // Simplified: capabilities are not stored, partner is already federated
         storedCapabilities++;
       } catch (err) {
         console.warn(`[Handshake] Failed to store capability:`, err.message);
@@ -1014,33 +907,7 @@ export async function processFederationResponse(holosphere, response, responderP
     }
   }
 
-  // Auto-receive federated lens data as holograms for configured inbound lenses
-  const receivedHolograms = {};
-  const responderHolonId = response.responderHolonId;
-
-  if (holonId && responderHolonId && inboundLenses.length > 0 && holosphere.receiveFederatedLens) {
-    console.log('[Handshake] Receiving federated lens data as holograms from responder...');
-
-    for (const lensName of inboundLenses) {
-      try {
-        const result = await holosphere.receiveFederatedLens(
-          responderPubKey,
-          responderHolonId,
-          lensName,
-          holonId,
-          { overwrite: false }
-        );
-
-        receivedHolograms[lensName] = result;
-        console.log(`[Handshake] Received ${result.received} holograms for lens "${lensName}"`);
-      } catch (err) {
-        console.warn(`[Handshake] Failed to receive holograms for lens "${lensName}":`, err.message);
-        receivedHolograms[lensName] = { error: err.message };
-      }
-    }
-  }
-
-  return { success: true, storedCapabilities, receivedHolograms };
+  return { success: true, storedCapabilities };
 }
 
 // ============================================================================