oceanbus 0.1.0

package/dist/index.js

@@ -0,0 +1,269 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OceanBus = void 0;
+exports.createOceanBus = createOceanBus;
+const http_client_1 = require("./client/http-client");
+const store_1 = require("./agent/store");
+const identity_1 = require("./agent/identity");
+const keys_1 = require("./agent/keys");
+const send_1 = require("./messaging/send");
+const blocklist_1 = require("./messaging/blocklist");
+const sync_1 = require("./mailbox/sync");
+const poller_1 = require("./mailbox/poller");
+const cursor_1 = require("./mailbox/cursor");
+const loader_1 = require("./config/loader");
+const errors_1 = require("./client/errors");
+// Crypto
+const ed25519_1 = require("./crypto/ed25519");
+const canonical_json_1 = require("./crypto/canonical-json");
+// L1
+const dispatcher_1 = require("./l1/dispatcher");
+const yellow_pages_1 = require("./l1/yellow-pages");
+const ca_1 = require("./l1/ca");
+const reputation_1 = require("./l1/reputation");
+// Interceptors
+const chain_1 = require("./interceptors/chain");
+const llm_1 = require("./interceptors/llm");
+// Quota
+const manager_1 = require("./quota/manager");
+class OceanBus {
+    config;
+    http;
+    identity;
+    keys;
+    messaging;
+    blocklist;
+    mailbox;
+    poller = null;
+    keyStore;
+    cursor;
+    l1Dispatcher = null;
+    // Crypto
+    crypto;
+    // L1
+    l1;
+    // Interceptors
+    interceptors;
+    _quota; // internal, exposed via getter
+    constructor(config, keyStore) {
+        this.config = config;
+        this.keyStore = keyStore;
+        // HTTP client
+        this.http = new http_client_1.HttpClient(config.baseUrl, config.http);
+        // Identity
+        this.identity = new identity_1.AgentIdentityManager(this.http, config.identity?.api_key, config.identity?.agent_id);
+        // API Keys
+        this.keys = new keys_1.ApiKeyManager(this.http, () => this.identity.getApiKey());
+        // Messaging
+        this.messaging = new send_1.MessagingService(this.http, () => this.identity.getApiKey());
+        // Blocklist
+        this.blocklist = new blocklist_1.BlocklistManager(this.http, () => this.identity.getApiKey());
+        // Mailbox cursor
+        this.cursor = new cursor_1.SeqCursor();
+        this.mailbox = new sync_1.MailboxSync(this.http, () => this.identity.getApiKey(), this.cursor, config.mailbox.defaultPageSize);
+        // Interceptors
+        this.interceptors = new chain_1.InterceptorChain();
+        if (config.interceptor.enabled) {
+            // Note: noopEvaluator passes all messages — user must provide custom LLMEvaluatorFn
+            // via ob.interceptors.register(new LLMInterceptor(yourEvaluator))
+            this.interceptors.register(new llm_1.LLMInterceptor(llm_1.noopEvaluator));
+        }
+        // Quota
+        this._quota = new manager_1.QuotaManager(undefined, config.quota.dailyLimitWarnThreshold, config.quota.dailyLimit);
+        // Crypto
+        this.crypto = {
+            generateKeypair: ed25519_1.generateKeypair,
+            sign: (keypair, payload) => (0, ed25519_1.sign)(keypair.secretKey, payload),
+            verify: ed25519_1.verify,
+            canonicalize: canonical_json_1.canonicalize,
+            keypairToHex: ed25519_1.keypairToHex,
+            hexToKeypair: ed25519_1.hexToKeypair,
+            verifyCertificate: async (cert, trustedCAs) => {
+                // Use the shared CAClient if available (post-create), otherwise create a temp one
+                if (this.l1) {
+                    return this.l1.ca.verifyCertificateOffline(cert);
+                }
+                const ca = new ca_1.CAClient({ send: () => Promise.resolve(), sendJson: () => Promise.resolve() }, '', trustedCAs || []);
+                return ca.verifyCertificateOffline(cert);
+            },
+        };
+    }
+    static async create(userConfig) {
+        const config = (0, loader_1.resolveConfig)(userConfig);
+        // Initialize key store
+        let keyStore;
+        if (config.keyStore.type === 'file') {
+            keyStore = new store_1.FileKeyStore(config.keyStore.filePath);
+        }
+        else {
+            keyStore = new store_1.MemoryKeyStore();
+        }
+        const ob = new OceanBus(config, keyStore);
+        // Load persisted identity if not provided via config
+        if (!config.identity?.api_key) {
+            const saved = await keyStore.load();
+            if (saved) {
+                ob.identity.fromState(saved);
+            }
+        }
+        // Load persisted blocklist
+        await ob.blocklist.loadLocal();
+        // Load quota
+        await ob._quota.load();
+        // Load seq cursor
+        await ob.cursor.load();
+        // Set up shared L1 dispatcher — one polling engine for all L1 requests
+        ob.l1Dispatcher = new dispatcher_1.L1Dispatcher(ob.mailbox, config.l1.requestTimeoutMs, config.l1.requestPollIntervalMs);
+        // Initialize L1 clients
+        // L1 transport bypasses quota — infrastructure messages (heartbeat, CA, YP)
+        // are not user messages and should not count toward daily limits
+        const transport = {
+            send: (to, content, cid) => ob.messaging.send(to, content, cid),
+            sendJson: (to, data, cid) => ob.messaging.sendJson(to, data, cid),
+        };
+        ob.l1 = {
+            yellowPages: new yellow_pages_1.YellowPagesClient(transport, config.l1.ypOpenids[0] || '', ob.l1Dispatcher, config.l1.requestTimeoutMs),
+            ca: new ca_1.CAClient(transport, config.l1.trustedCAs[0]?.ca_openid || '', config.l1.trustedCAs, ob.l1Dispatcher, config.l1.requestTimeoutMs),
+            reputation: new reputation_1.ReputationClient(transport, '', ob.l1Dispatcher, config.l1.requestTimeoutMs),
+        };
+        return ob;
+    }
+    // Identity convenience methods
+    async register() {
+        const data = await this.identity.register();
+        await this.keyStore.save(this.identity.toState());
+        return data;
+    }
+    async whoami() {
+        const data = await this.identity.whoami();
+        return { agent_id: this.identity.getAgentId(), openid: data.my_openid };
+    }
+    async getOpenId() {
+        return this.identity.getOpenId();
+    }
+    // API Key convenience methods
+    async createApiKey() {
+        return this.keys.createApiKeyWithRetry();
+    }
+    async revokeApiKey(keyId) {
+        return this.keys.revokeApiKey(keyId);
+    }
+    // Messaging convenience methods
+    async send(toOpenid, content, opts) {
+        // Quota check
+        if (this.config.quota.enforceLocal) {
+            const q = await this._quota.checkAndIncrement();
+            if (!q.allowed) {
+                throw new errors_1.OceanBusError('Daily message quota exceeded');
+            }
+        }
+        return this.messaging.send(toOpenid, content, opts?.clientMsgId);
+    }
+    async sendJson(toOpenid, data, opts) {
+        if (this.config.quota.enforceLocal) {
+            const q = await this._quota.checkAndIncrement();
+            if (!q.allowed) {
+                throw new errors_1.OceanBusError('Daily message quota exceeded');
+            }
+        }
+        return this.messaging.sendJson(toOpenid, data, opts?.clientMsgId);
+    }
+    // Mailbox convenience methods
+    async sync(sinceSeq, limit) {
+        return this.mailbox.sync(sinceSeq, limit);
+    }
+    startListening(onMessage, options) {
+        if (this.poller)
+            this.poller.stop();
+        this.poller = new poller_1.AutoPollEngine(this.mailbox, async (msg) => {
+            // Run through interceptor chain
+            if (this.config.interceptor.enabled) {
+                const ctx = {
+                    agentId: this.identity.getAgentId() || '',
+                    timestamp: Date.now(),
+                };
+                const result = await this.interceptors.process(msg, ctx);
+                if (result.decision.action === 'block')
+                    return; // silent discard
+                if (result.decision.action === 'flag') {
+                    // Attach flag metadata for the handler
+                    msg.flagged = true;
+                    msg.flagReason = result.decision.reason;
+                }
+            }
+            await onMessage(msg);
+        }, (err) => { console.error('[oceanbus] listen error:', err.message); }, options?.intervalMs ?? this.config.mailbox.pollIntervalMs);
+        this.poller.start();
+        return () => {
+            if (this.poller) {
+                this.poller.stop();
+                this.poller = null;
+            }
+        };
+    }
+    stopListening() {
+        if (this.poller) {
+            this.poller.stop();
+            this.poller = null;
+        }
+    }
+    // Blocklist convenience methods
+    async blockSender(fromOpenid) {
+        return this.blocklist.block(fromOpenid);
+    }
+    async unblockSender(fromOpenid) {
+        return this.blocklist.unblock(fromOpenid);
+    }
+    isBlocked(fromOpenid) {
+        return this.blocklist.isBlocked(fromOpenid);
+    }
+    getBlocklist() {
+        return this.blocklist.getBlocklist();
+    }
+    async reverseLookup(openid) {
+        return this.blocklist.reverseLookup(openid);
+    }
+    // Quota convenience methods
+    get quota() {
+        return {
+            getDailyUsage: () => this._quota.getUsage(),
+            resetDailyCount: () => this._quota.reset(),
+        };
+    }
+    // Lifecycle
+    async destroy() {
+        this.stopListening();
+        if (this.l1Dispatcher) {
+            this.l1Dispatcher.destroy();
+            this.l1Dispatcher = null;
+        }
+        if (this.identity.getAgentId()) {
+            await this.keyStore.save(this.identity.toState());
+        }
+        await this.cursor.save();
+        await this.blocklist.saveLocal();
+        await this._quota.save();
+    }
+}
+exports.OceanBus = OceanBus;
+async function createOceanBus(config) {
+    return OceanBus.create(config);
+}
+// Re-export all types
+__exportStar(require("./types"), exports);
+__exportStar(require("./client/errors"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoWA,wCAEC;AAtWD,sDAAkD;AAClD,yCAA6D;AAE7D,+CAAwD;AACxD,uCAA6C;AAC7C,2CAAoD;AACpD,qDAAyD;AACzD,yCAA6C;AAC7C,6CAAkD;AAElD,6CAA6C;AAC7C,4CAAgD;AAIhD,4CAAgD;AAEhD,SAAS;AACT,8CAM0B;AAC1B,4DAAuD;AAGvD,KAAK;AACL,gDAA+C;AAC/C,oDAAsD;AACtD,gCAAmC;AACnC,gDAAmD;AAEnD,eAAe;AACf,gDAAwD;AAExD,4CAAmE;AAEnE,QAAQ;AACR,6CAA+C;AAE/C,MAAa,QAAQ;IACnB,MAAM,CAAiB;IACvB,IAAI,CAAa;IACjB,QAAQ,CAAuB;IAC/B,IAAI,CAAgB;IACpB,SAAS,CAAmB;IAC5B,SAAS,CAAmB;IAC5B,OAAO,CAAc;IACb,MAAM,GAA0B,IAAI,CAAC;IACrC,QAAQ,CAAW;IACnB,MAAM,CAAY;IAClB,YAAY,GAAwB,IAAI,CAAC;IAEjD,SAAS;IACT,MAAM,CAQJ;IAEF,KAAK;IACL,EAAE,CAIA;IAEF,eAAe;IACf,YAAY,CAAmB;IAE/B,MAAM,CAAe,CAAE,+BAA+B;IAEtD,YAAoB,MAAsB,EAAE,QAAkB;QAC5D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,cAAc;QACd,IAAI,CAAC,IAAI,GAAG,IAAI,wBAAU,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAExD,WAAW;QACX,IAAI,CAAC,QAAQ,GAAG,IAAI,+BAAoB,CACtC,IAAI,CAAC,IAAI,EACT,MAAM,CAAC,QAAQ,EAAE,OAAO,EACxB,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAC1B,CAAC;QAEF,WAAW;QACX,IAAI,CAAC,IAAI,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAE1E,YAAY;QACZ,IAAI,CAAC,SAAS,GAAG,IAAI,uBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAElF,YAAY;QACZ,IAAI,CAAC,SAAS,GAAG,IAAI,4BAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAElF,iBAAiB;QACjB,IAAI,CAAC,MAAM,GAAG,IAAI,kBAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,OAAO,GAAG,IAAI,kBAAW,CAC5B,IAAI,CAAC,IAAI,EACT,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,EAC/B,IAAI,CAAC,MAAM,EACX,MAAM,CAAC,OAAO,CAAC,eAAe,CAC/B,CAAC;QAEF,eAAe;QACf,IAAI,CAAC,YAAY,GAAG,IAAI,wBAAgB,EAAE,CAAC;QAC3C,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YAC/B,oFAAoF;YACpF,kEAAkE;YAClE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,oBAAc,CAAC,mBAAa,CAAC,CAAC,CAAC;QAChE,CAAC;QAED,QAAQ;QACR,IAAI,CAAC,MAAM,GAAG,IAAI,sBAAY,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAEzG,SAAS;QACT,IAAI,CAAC,MAAM,GAAG;YACZ,eAAe,EAAf,yBAAe;YACf,IAAI,EAAE,CAAC,OAAuB,EAAE,OAAgC,EAAE,EAAE,CAAC,IAAA,cAAI,EAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;YACrG,MAAM,EAAN,gBAAM;YACN,YAAY,EAAZ,6BAAY;YACZ,YAAY,EAAZ,sBAAY;YACZ,YAAY,EAAZ,sBAAY;YACZ,iBAAiB,EAAE,KAAK,EAAE,IAAiB,EAAE,UAA0B,EAAE,EAAE;gBACzE,kFAAkF;gBAClF,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;oBACZ,OAAO,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;gBACnD,CAAC;gBACD,MAAM,EAAE,GAAG,IAAI,aAAQ,CACrB,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,EACpE,EAAE,EACF,UAAU,IAAI,EAAE,CACjB,CAAC;gBACF,OAAO,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;YAC3C,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAA0B;QAC5C,MAAM,MAAM,GAAG,IAAA,sBAAa,EAAC,UAAU,CAAC,CAAC;QAEzC,uBAAuB;QACvB,IAAI,QAAkB,CAAC;QACvB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACpC,QAAQ,GAAG,IAAI,oBAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAI,sBAAc,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE1C,qDAAqD;QACrD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,IAAI,KAAK,EAAE,CAAC;gBACV,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QAE/B,aAAa;QACb,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAEvB,kBAAkB;QAClB,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAEvB,uEAAuE;QACvE,EAAE,CAAC,YAAY,GAAG,IAAI,yBAAY,CAChC,EAAE,CAAC,OAAO,EACV,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAC1B,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAChC,CAAC;QAEF,wBAAwB;QACxB,4EAA4E;QAC5E,iEAAiE;QACjE,MAAM,SAAS,GAAG;YAChB,IAAI,EAAE,CAAC,EAAU,EAAE,OAAe,EAAE,GAAY,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC;YACxF,QAAQ,EAAE,CAAC,EAAU,EAAE,IAAY,EAAE,GAAY,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC;SAC3F,CAAC;QAEF,EAAE,CAAC,EAAE,GAAG;YACN,WAAW,EAAE,IAAI,gCAAiB,CAChC,SAAS,EACT,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,EAC5B,EAAE,CAAC,YAAY,EACf,MAAM,CAAC,EAAE,CAAC,gBAAgB,CAC3B;YACD,EAAE,EAAE,IAAI,aAAQ,CACd,SAAS,EACT,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,EAAE,EACxC,MAAM,CAAC,EAAE,CAAC,UAAU,EACpB,EAAE,CAAC,YAAY,EACf,MAAM,CAAC,EAAE,CAAC,gBAAgB,CAC3B;YACD,UAAU,EAAE,IAAI,6BAAgB,CAC9B,SAAS,EACT,EAAE,EACF,EAAE,CAAC,YAAY,EACf,MAAM,CAAC,EAAE,CAAC,gBAAgB,CAC3B;SACF,CAAC;QAEF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,+BAA+B;IAC/B,KAAK,CAAC,QAAQ;QACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC1C,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAG,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,SAAS;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;IACnC,CAAC;IAED,8BAA8B;IAC9B,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IAED,gCAAgC;IAChC,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,OAAe,EAAE,IAAkB;QAC9D,cAAc;QACd,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;gBACf,MAAM,IAAI,sBAAa,CAAC,8BAA8B,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAAgB,EAAE,IAAY,EAAE,IAAkB;QAC/D,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;gBACf,MAAM,IAAI,sBAAa,CAAC,8BAA8B,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,8BAA8B;IAC9B,KAAK,CAAC,IAAI,CAAC,QAAiB,EAAE,KAAc;QAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED,cAAc,CACZ,SAAyB,EACzB,OAAuB;QAEvB,IAAI,IAAI,CAAC,MAAM;YAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAEpC,IAAI,CAAC,MAAM,GAAG,IAAI,uBAAc,CAC9B,IAAI,CAAC,OAAO,EACZ,KAAK,EAAE,GAAY,EAAE,EAAE;YACrB,gCAAgC;YAChC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACpC,MAAM,GAAG,GAAuB;oBAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE;oBACzC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACzD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,OAAO;oBAAE,OAAO,CAAC,iBAAiB;gBACjE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtC,uCAAuC;oBACtC,GAA0D,CAAC,OAAO,GAAG,IAAI,CAAC;oBAC1E,GAA0D,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAClG,CAAC;YACH,CAAC;YACD,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC,EACD,CAAC,GAAU,EAAE,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAC3E,OAAO,EAAE,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAC1D,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO,GAAG,EAAE;YACV,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACrB,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED,aAAa;QACX,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,CAAC,WAAW,CAAC,UAAkB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,UAAkB;QACpC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC;IAED,SAAS,CAAC,UAAkB;QAC1B,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAc;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,4BAA4B;IAC5B,IAAI,KAAK;QACP,OAAO;YACL,aAAa,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC3C,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,YAAY;IACZ,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAC3B,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC3B,CAAC;CACF;AAxTD,4BAwTC;AAEM,KAAK,UAAU,cAAc,CAAC,MAAsB;IACzD,OAAO,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,sBAAsB;AACtB,0CAAwB;AACxB,kDAAgC"}

package/dist/interceptors/chain.d.ts

@@ -0,0 +1,33 @@
+import type { Message } from '../types/messaging';
+export interface InterceptorContext {
+    agentId: string;
+    timestamp: number;
+    sessionCount?: number;
+    [key: string]: unknown;
+}
+export type InterceptorDecision = {
+    action: 'pass';
+} | {
+    action: 'flag';
+    reason: string;
+    risk: 'low' | 'medium' | 'high';
+} | {
+    action: 'block';
+    reason: string;
+};
+export interface MessageInterceptor {
+    name: string;
+    priority: number;
+    evaluate(message: Message, context: InterceptorContext): Promise<InterceptorDecision>;
+}
+export declare class InterceptorChain {
+    private interceptors;
+    register(interceptor: MessageInterceptor): void;
+    remove(name: string): boolean;
+    list(): ReadonlyArray<MessageInterceptor>;
+    process(message: Message, context: InterceptorContext): Promise<{
+        decision: InterceptorDecision;
+        by: string;
+    }>;
+}
+//# sourceMappingURL=chain.d.ts.map

package/dist/interceptors/chain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain.d.ts","sourceRoot":"","sources":["../../src/interceptors/chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAA;CAAE,GACnE;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAExC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACvF;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,YAAY,CAA4B;IAEhD,QAAQ,CAAC,WAAW,EAAE,kBAAkB,GAAG,IAAI;IAM/C,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAO7B,IAAI,IAAI,aAAa,CAAC,kBAAkB,CAAC;IAInC,OAAO,CACX,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CAS1D"}

package/dist/interceptors/chain.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InterceptorChain = void 0;
+class InterceptorChain {
+    interceptors = [];
+    register(interceptor) {
+        this.interceptors.push(interceptor);
+        // Sort by priority (higher runs first)
+        this.interceptors.sort((a, b) => b.priority - a.priority);
+    }
+    remove(name) {
+        const idx = this.interceptors.findIndex((i) => i.name === name);
+        if (idx === -1)
+            return false;
+        this.interceptors.splice(idx, 1);
+        return true;
+    }
+    list() {
+        return this.interceptors;
+    }
+    async process(message, context) {
+        for (const interceptor of this.interceptors) {
+            const decision = await interceptor.evaluate(message, context);
+            if (decision.action === 'block' || decision.action === 'flag') {
+                return { decision, by: interceptor.name };
+            }
+        }
+        return { decision: { action: 'pass' }, by: 'default' };
+    }
+}
+exports.InterceptorChain = InterceptorChain;
+//# sourceMappingURL=chain.js.map

package/dist/interceptors/chain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain.js","sourceRoot":"","sources":["../../src/interceptors/chain.ts"],"names":[],"mappings":";;;AAoBA,MAAa,gBAAgB;IACnB,YAAY,GAAyB,EAAE,CAAC;IAEhD,QAAQ,CAAC,WAA+B;QACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpC,uCAAuC;QACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAY;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAChE,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAAgB,EAChB,OAA2B;QAE3B,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9D,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;IACzD,CAAC;CACF;AAhCD,4CAgCC"}

package/dist/interceptors/index.d.ts

@@ -0,0 +1,5 @@
+export { InterceptorChain } from './chain';
+export type { MessageInterceptor, InterceptorContext, InterceptorDecision } from './chain';
+export { LLMInterceptor, DEFAULT_SECURITY_PROMPT, noopEvaluator } from './llm';
+export type { LLMEvaluatorFn } from './llm';
+//# sourceMappingURL=index.d.ts.map

package/dist/interceptors/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interceptors/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC3F,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAC/E,YAAY,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC"}

package/dist/interceptors/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noopEvaluator = exports.DEFAULT_SECURITY_PROMPT = exports.LLMInterceptor = exports.InterceptorChain = void 0;
+var chain_1 = require("./chain");
+Object.defineProperty(exports, "InterceptorChain", { enumerable: true, get: function () { return chain_1.InterceptorChain; } });
+var llm_1 = require("./llm");
+Object.defineProperty(exports, "LLMInterceptor", { enumerable: true, get: function () { return llm_1.LLMInterceptor; } });
+Object.defineProperty(exports, "DEFAULT_SECURITY_PROMPT", { enumerable: true, get: function () { return llm_1.DEFAULT_SECURITY_PROMPT; } });
+Object.defineProperty(exports, "noopEvaluator", { enumerable: true, get: function () { return llm_1.noopEvaluator; } });
+//# sourceMappingURL=index.js.map

package/dist/interceptors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interceptors/index.ts"],"names":[],"mappings":";;;AAAA,iCAA2C;AAAlC,yGAAA,gBAAgB,OAAA;AAEzB,6BAA+E;AAAtE,qGAAA,cAAc,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,oGAAA,aAAa,OAAA"}

package/dist/interceptors/llm.d.ts

@@ -0,0 +1,13 @@
+import type { MessageInterceptor, InterceptorContext, InterceptorDecision } from './chain';
+import type { Message } from '../types/messaging';
+export type LLMEvaluatorFn = (message: Message, context: InterceptorContext) => Promise<InterceptorDecision>;
+export declare class LLMInterceptor implements MessageInterceptor {
+    name: string;
+    priority: number;
+    private evaluator;
+    constructor(evaluator: LLMEvaluatorFn);
+    evaluate(message: Message, context: InterceptorContext): Promise<InterceptorDecision>;
+}
+export declare const DEFAULT_SECURITY_PROMPT = "\u4F60\u662F\u4E3B\u4EBA\u7684\u672C\u5730\u53CD\u8BC8\u5B89\u5168\u5B88\u536B\u3002\u8BF7\u5206\u6790\u4EE5\u4E0B\u89E3\u5BC6\u4FE1\u606F\u3002\u5982\u679C\u5176\u4E2D\u5305\u542B\u660E\u663E\u7684\"\u65E0\u62C5\u4FDD\u4EA4\u6613\u8981\u6C42\"\u3001\"\u9493\u9C7C\u5916\u90E8\u94FE\u63A5\"\u3001\"\u5192\u5145\u5B98\u65B9\u5BA2\u670D\"\u7B49\u5178\u578B\u6B3A\u8BC8\u7279\u5F81\uFF0C\u8BF7\u76F4\u63A5\u8FD4\u56DE [BLOCK]\uFF0C\u5E76\u5728\u672C\u5730\u9759\u9ED8\u9500\u6BC1\u8BE5\u6D88\u606F\u3002";
+export declare const noopEvaluator: LLMEvaluatorFn;
+//# sourceMappingURL=llm.d.ts.map

package/dist/interceptors/llm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm.d.ts","sourceRoot":"","sources":["../../src/interceptors/llm.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC3F,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG,CAC3B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,kBAAkB,KACxB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,qBAAa,cAAe,YAAW,kBAAkB;IACvD,IAAI,SAA0B;IAC9B,QAAQ,SAAO;IACf,OAAO,CAAC,SAAS,CAAiB;gBAEtB,SAAS,EAAE,cAAc;IAI/B,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAG5F;AAGD,eAAO,MAAM,uBAAuB,yfAAmG,CAAC;AAGxI,eAAO,MAAM,aAAa,EAAE,cAAiD,CAAC"}

package/dist/interceptors/llm.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noopEvaluator = exports.DEFAULT_SECURITY_PROMPT = exports.LLMInterceptor = void 0;
+class LLMInterceptor {
+    name = 'llm-security-scanner';
+    priority = 100;
+    evaluator;
+    constructor(evaluator) {
+        this.evaluator = evaluator;
+    }
+    async evaluate(message, context) {
+        return this.evaluator(message, context);
+    }
+}
+exports.LLMInterceptor = LLMInterceptor;
+// Default system prompt for LLM-based fraud detection
+exports.DEFAULT_SECURITY_PROMPT = `你是主人的本地反诈安全守卫。请分析以下解密信息。如果其中包含明显的"无担保交易要求"、"钓鱼外部链接"、"冒充官方客服"等典型欺诈特征，请直接返回 [BLOCK]，并在本地静默销毁该消息。`;
+// No-op evaluator that passes everything (default when no LLM configured)
+const noopEvaluator = async () => ({ action: 'pass' });
+exports.noopEvaluator = noopEvaluator;
+//# sourceMappingURL=llm.js.map

package/dist/interceptors/llm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm.js","sourceRoot":"","sources":["../../src/interceptors/llm.ts"],"names":[],"mappings":";;;AAQA,MAAa,cAAc;IACzB,IAAI,GAAG,sBAAsB,CAAC;IAC9B,QAAQ,GAAG,GAAG,CAAC;IACP,SAAS,CAAiB;IAElC,YAAY,SAAyB;QACnC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAgB,EAAE,OAA2B;QAC1D,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;CACF;AAZD,wCAYC;AAED,sDAAsD;AACzC,QAAA,uBAAuB,GAAG,gGAAgG,CAAC;AAExI,0EAA0E;AACnE,MAAM,aAAa,GAAmB,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AAAjE,QAAA,aAAa,iBAAoD"}

package/dist/l1/base-client.d.ts

@@ -0,0 +1,17 @@
+import type { L1Request, L1Response } from '../types/l1';
+import type { L1Dispatcher } from './dispatcher';
+export interface L1Transport {
+    send(toOpenid: string, content: string, clientMsgId?: string): Promise<void>;
+    sendJson(toOpenid: string, data: object, clientMsgId?: string): Promise<void>;
+}
+export declare class L1Client {
+    protected sendFn: L1Transport;
+    protected serviceOpenid: string;
+    protected requestTimeoutMs: number;
+    private dispatcher;
+    constructor(sendFn: L1Transport, serviceOpenid: string, dispatcher?: L1Dispatcher, requestTimeoutMs?: number);
+    setDispatcher(dispatcher: L1Dispatcher): void;
+    protected buildRequest(action: string, extra?: Record<string, unknown>): L1Request;
+    sendAction(request: L1Request): Promise<L1Response>;
+}
+//# sourceMappingURL=base-client.d.ts.map

package/dist/l1/base-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-client.d.ts","sourceRoot":"","sources":["../../src/l1/base-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEjD,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7E,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/E;AAED,qBAAa,QAAQ;IACnB,SAAS,CAAC,MAAM,EAAE,WAAW,CAAC;IAC9B,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC;IAChC,SAAS,CAAC,gBAAgB,EAAE,MAAM,CAAC;IACnC,OAAO,CAAC,UAAU,CAAsB;gBAGtC,MAAM,EAAE,WAAW,EACnB,aAAa,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,YAAY,EACzB,gBAAgB,GAAE,MAAc;IAQlC,aAAa,CAAC,UAAU,EAAE,YAAY,GAAG,IAAI;IAI7C,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,SAAS;IAQhF,UAAU,CAAC,OAAO,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;CAc1D"}

package/dist/l1/base-client.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.L1Client = void 0;
+const idgen_1 = require("../messaging/idgen");
+const errors_1 = require("../client/errors");
+class L1Client {
+    sendFn;
+    serviceOpenid;
+    requestTimeoutMs;
+    dispatcher;
+    constructor(sendFn, serviceOpenid, dispatcher, requestTimeoutMs = 30000) {
+        this.sendFn = sendFn;
+        this.serviceOpenid = serviceOpenid;
+        this.dispatcher = dispatcher || null;
+        this.requestTimeoutMs = requestTimeoutMs;
+    }
+    setDispatcher(dispatcher) {
+        this.dispatcher = dispatcher;
+    }
+    buildRequest(action, extra = {}) {
+        return {
+            action,
+            request_id: (0, idgen_1.generateRequestId)(),
+            ...extra,
+        };
+    }
+    async sendAction(request) {
+        if (!this.dispatcher) {
+            throw new errors_1.OceanBusError('L1 dispatcher not configured');
+        }
+        // Register pending request with dispatcher BEFORE sending
+        const responsePromise = this.dispatcher.register(request.request_id, this.requestTimeoutMs);
+        // Send the request
+        await this.sendFn.sendJson(this.serviceOpenid, request);
+        // Wait for the shared dispatcher to match the response
+        return responsePromise;
+    }
+}
+exports.L1Client = L1Client;
+//# sourceMappingURL=base-client.js.map

package/dist/l1/base-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-client.js","sourceRoot":"","sources":["../../src/l1/base-client.ts"],"names":[],"mappings":";;;AACA,8CAAuD;AACvD,6CAAiD;AAQjD,MAAa,QAAQ;IACT,MAAM,CAAc;IACpB,aAAa,CAAS;IACtB,gBAAgB,CAAS;IAC3B,UAAU,CAAsB;IAExC,YACE,MAAmB,EACnB,aAAqB,EACrB,UAAyB,EACzB,mBAA2B,KAAK;QAEhC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,IAAI,CAAC;QACrC,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAED,aAAa,CAAC,UAAwB;QACpC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAES,YAAY,CAAC,MAAc,EAAE,QAAiC,EAAE;QACxE,OAAO;YACL,MAAM;YACN,UAAU,EAAE,IAAA,yBAAiB,GAAE;YAC/B,GAAG,KAAK;SACT,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAkB;QACjC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,sBAAa,CAAC,8BAA8B,CAAC,CAAC;QAC1D,CAAC;QAED,0DAA0D;QAC1D,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE5F,mBAAmB;QACnB,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAExD,uDAAuD;QACvD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF;AA5CD,4BA4CC"}

package/dist/l1/ca.d.ts

@@ -0,0 +1,16 @@
+import { L1Client, L1Transport } from './base-client';
+import type { L1Dispatcher } from './dispatcher';
+import type { CaApplyRequest } from '../types/l1';
+import type { L1Response } from '../types/l1';
+import type { Certificate, TrustAnchor, CertVerifyResult } from '../types/crypto';
+export declare class CAClient extends L1Client {
+    private trustedCAs;
+    constructor(sendFn: L1Transport, serviceOpenid: string, trustedCAs?: TrustAnchor[], dispatcher?: L1Dispatcher, requestTimeoutMs?: number);
+    addTrustAnchor(anchor: TrustAnchor): void;
+    applyCert(application: CaApplyRequest['application']): Promise<L1Response>;
+    challengeResponse(applicationId: string, signedNonce: string): Promise<L1Response>;
+    verifyCertOnline(certId: string): Promise<L1Response>;
+    getCRL(): Promise<L1Response>;
+    verifyCertificateOffline(certificate: Certificate): Promise<CertVerifyResult>;
+}
+//# sourceMappingURL=ca.d.ts.map

package/dist/l1/ca.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca.d.ts","sourceRoot":"","sources":["../../src/l1/ca.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EACV,cAAc,EAIf,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGlF,qBAAa,QAAS,SAAQ,QAAQ;IACpC,OAAO,CAAC,UAAU,CAAuC;gBAGvD,MAAM,EAAE,WAAW,EACnB,aAAa,EAAE,MAAM,EACrB,UAAU,GAAE,WAAW,EAAO,EAC9B,UAAU,CAAC,EAAE,YAAY,EACzB,gBAAgB,GAAE,MAAc;IAgBlC,cAAc,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAUnC,SAAS,CAAC,WAAW,EAAE,cAAc,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAS1E,iBAAiB,CAAC,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAUlF,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IASrD,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC;IAQ7B,wBAAwB,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,gBAAgB,CAAC;CA+BpF"}

package/dist/l1/ca.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CAClient = void 0;
+const base_client_1 = require("./base-client");
+const crypto_1 = require("../crypto");
+class CAClient extends base_client_1.L1Client {
+    trustedCAs;
+    constructor(sendFn, serviceOpenid, trustedCAs = [], dispatcher, requestTimeoutMs = 30000) {
+        super(sendFn, serviceOpenid, dispatcher, requestTimeoutMs);
+        this.trustedCAs = new Map();
+        for (const ca of trustedCAs) {
+            const keyMap = new Map();
+            for (const key of ca.keys) {
+                if (key.status === 'active') {
+                    keyMap.set(key.key_id, (0, crypto_1.hexToBuffer)(key.public_key.replace('ed25519:', '')));
+                }
+            }
+            this.trustedCAs.set(ca.issuer, keyMap);
+        }
+    }
+    addTrustAnchor(anchor) {
+        const keyMap = new Map();
+        for (const key of anchor.keys) {
+            if (key.status === 'active') {
+                keyMap.set(key.key_id, (0, crypto_1.hexToBuffer)(key.public_key.replace('ed25519:', '')));
+            }
+        }
+        this.trustedCAs.set(anchor.issuer, keyMap);
+    }
+    async applyCert(application) {
+        const request = {
+            ...this.buildRequest('apply_cert'),
+            action: 'apply_cert',
+            application,
+        };
+        return this.sendAction(request);
+    }
+    async challengeResponse(applicationId, signedNonce) {
+        const request = {
+            ...this.buildRequest('cert_challenge_response'),
+            action: 'cert_challenge_response',
+            application_id: applicationId,
+            signed_nonce: signedNonce,
+        };
+        return this.sendAction(request);
+    }
+    async verifyCertOnline(certId) {
+        const request = {
+            ...this.buildRequest('verify_cert'),
+            action: 'verify_cert',
+            cert_id: certId,
+        };
+        return this.sendAction(request);
+    }
+    async getCRL() {
+        const request = {
+            ...this.buildRequest('get_crl'),
+            action: 'get_crl',
+        };
+        return this.sendAction(request);
+    }
+    async verifyCertificateOffline(certificate) {
+        try {
+            const issuerKeys = this.trustedCAs.get(certificate.cert.issuer);
+            if (!issuerKeys) {
+                return { valid: false, error: `Unknown CA issuer: ${certificate.cert.issuer}` };
+            }
+            const caPk = issuerKeys.get(certificate.cert.issuer_key_id);
+            if (!caPk) {
+                return { valid: false, error: `Unknown CA key_id: ${certificate.cert.issuer_key_id}` };
+            }
+            const valid = await (0, crypto_1.verify)(caPk, certificate.cert, certificate.sig);
+            if (!valid) {
+                return { valid: false, error: 'Signature verification failed' };
+            }
+            const now = new Date();
+            const expires = new Date(certificate.cert.expires_at);
+            if (isNaN(expires.getTime())) {
+                return { valid: false, error: 'Invalid expiry date' };
+            }
+            if (now > expires) {
+                return { valid: false, error: 'Certificate expired' };
+            }
+            return { valid: true, level: certificate.cert.level };
+        }
+        catch (err) {
+            return { valid: false, error: err.message };
+        }
+    }
+}
+exports.CAClient = CAClient;
+//# sourceMappingURL=ca.js.map

package/dist/l1/ca.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca.js","sourceRoot":"","sources":["../../src/l1/ca.ts"],"names":[],"mappings":";;;AAAA,+CAAsD;AAUtD,sCAAgD;AAEhD,MAAa,QAAS,SAAQ,sBAAQ;IAC5B,UAAU,CAAuC;IAEzD,YACE,MAAmB,EACnB,aAAqB,EACrB,aAA4B,EAAE,EAC9B,UAAyB,EACzB,mBAA2B,KAAK;QAEhC,KAAK,CAAC,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAC3D,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QAE5B,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;YAC7C,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,IAAA,oBAAW,EAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,cAAc,CAAC,MAAmB;QAChC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;QAC7C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,IAAA,oBAAW,EAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,WAA0C;QACxD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;YAClC,MAAM,EAAE,YAAY;YACpB,WAAW;SACZ,CAAC;QACF,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,aAAqB,EAAE,WAAmB;QAChE,MAAM,OAAO,GAAwB;YACnC,GAAG,IAAI,CAAC,YAAY,CAAC,yBAAyB,CAAC;YAC/C,MAAM,EAAE,yBAAyB;YACjC,cAAc,EAAE,aAAa;YAC7B,YAAY,EAAE,WAAW;SAC1B,CAAC;QACF,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,MAAM,OAAO,GAAoB;YAC/B,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC;YACnC,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,MAAM;SAChB,CAAC;QACF,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,OAAO,GAAiB;YAC5B,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;YAC/B,MAAM,EAAE,SAAS;SAClB,CAAC;QACF,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,WAAwB;QACrD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YAClF,CAAC;YAED,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC5D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,WAAW,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YACzF,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,eAAM,EAAC,IAAI,EAAE,WAAW,CAAC,IAA0C,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1G,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;YAClE,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YACD,IAAI,GAAG,GAAG,OAAO,EAAE,CAAC;gBAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YACxD,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QACzD,CAAC;IACH,CAAC;CACF;AArGD,4BAqGC"}

package/dist/l1/dispatcher.d.ts

@@ -0,0 +1,15 @@
+import type { MailboxSync } from '../mailbox/sync';
+import type { L1Response } from '../types/l1';
+export declare class L1Dispatcher {
+    private mailbox;
+    private engine;
+    private pending;
+    private requestTimeoutMs;
+    private pollIntervalMs;
+    constructor(mailbox: MailboxSync, requestTimeoutMs?: number, pollIntervalMs?: number);
+    private dispatch;
+    register(requestId: string, timeoutMs?: number): Promise<L1Response>;
+    get pendingCount(): number;
+    destroy(): void;
+}
+//# sourceMappingURL=dispatcher.d.ts.map

package/dist/l1/dispatcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../../src/l1/dispatcher.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQ9C,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAc;IAC7B,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,OAAO,CAA0C;IACzD,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,cAAc,CAAS;gBAG7B,OAAO,EAAE,WAAW,EACpB,gBAAgB,GAAE,MAAc,EAChC,cAAc,GAAE,MAAa;IAO/B,OAAO,CAAC,QAAQ;IAmBhB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA4BpE,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,OAAO,IAAI,IAAI;CAYhB"}