payment-kit 1.27.1 → 1.28.0

package/cloudflare/shims/blocklet-sdk/auth-service.ts

@@ -0,0 +1,33 @@
+export class BlockletService {
+  async getVault() {
+    return { address: (globalThis as any).__CF_ENV__?.VAULT_ADDRESS || '' };
+  }
+  async getBlocklet() {
+    return { id: '', site: { id: '' } };
+  }
+  async updateRoutingRule() {}
+  async addRoutingRule() {}
+  async getPermissionsByRole(_role: string) {
+    return [];
+  }
+  async getRoles() {
+    return [];
+  }
+  async getUsers(_params?: any) {
+    return [];
+  }
+  async getUser(did: string, _opts?: any) {
+    // In CF Workers, the DID from DID Connect IS the wallet DID.
+    // Return it as a connectedAccount so getWalletDid(user) works correctly.
+    return {
+      user: {
+        did,
+        fullName: did,
+        email: '',
+        phone: '',
+        remark: '',
+        connectedAccounts: [{ provider: 'wallet', did }],
+      },
+    };
+  }
+}

package/cloudflare/shims/blocklet-sdk/cdn.ts

@@ -0,0 +1,3 @@
+export function cdn() {
+  return (_req: any, _res: any, next: any) => next();
+}

package/cloudflare/shims/blocklet-sdk/component-api.ts

@@ -0,0 +1,35 @@
+// componentApi shim — HTTP client with signature headers
+// Mirrors the subset of axios API used by payment-kit (post, get, request)
+export const componentApi = {
+  post: async (url: string, data: any, _opts?: any) => {
+    const res = await fetch(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(data),
+    });
+    return { data: await res.json() };
+  },
+  get: async (url: string, _opts?: any) => {
+    const res = await fetch(url);
+    return { data: await res.json() };
+  },
+  // Used by queues/webhook.ts for webhook delivery
+  request: async (config: { url: string; method?: string; data?: any; headers?: Record<string, string>; timeout?: number }) => {
+    const controller = new AbortController();
+    const timeoutId = config.timeout ? setTimeout(() => controller.abort(), config.timeout) : null;
+    try {
+      const res = await fetch(config.url, {
+        method: config.method || 'POST',
+        headers: { 'Content-Type': 'application/json', ...config.headers },
+        body: config.data ? JSON.stringify(config.data) : undefined,
+        signal: controller.signal,
+      });
+      const data = await res.json().catch(() => null);
+      return { data, status: res.status, headers: Object.fromEntries(res.headers.entries()) };
+    } finally {
+      if (timeoutId) clearTimeout(timeoutId);
+    }
+  },
+};
+
+export default componentApi;

package/cloudflare/shims/blocklet-sdk/component.ts

@@ -0,0 +1,18 @@
+// @blocklet/sdk/lib/component shim
+function _getUrl(path?: string) {
+  const base = (globalThis as any).__CF_ENV__?.APP_URL || '';
+  if (!path) return base;
+  // In CF Workers there is no blocklet prefix — assets are served from root
+  return `${base}${path.startsWith('/') ? path : '/' + path}`;
+}
+
+const component = {
+  getUrl: _getUrl,
+};
+
+export default component;
+export function getUrl(path?: string) {
+  return _getUrl(path);
+}
+export function getResources() { return []; }
+export function getPackResources() { return []; }

package/cloudflare/shims/blocklet-sdk/config.ts

@@ -0,0 +1,8 @@
+import { env } from './env';
+
+export { env };
+export const Events = {};
+export const events = { on: () => {}, emit: () => {} };
+
+const config = { env, Events, events };
+export default config;

package/cloudflare/shims/blocklet-sdk/did.ts

@@ -0,0 +1,14 @@
+// In Blocklet Server, getWalletDid(user) extracts wallet DID from user.connectedAccounts.
+// In CF Workers, the user's DID from DID Connect IS the wallet DID (wallet signed directly).
+export function getWalletDid(user?: any) {
+  if (user) {
+    // If user has connectedAccounts (from enriched getUser), use it
+    if (user.connectedAccounts) {
+      const walletAccount = user.connectedAccounts.find((a: any) => a.provider === 'wallet');
+      if (walletAccount) return walletAccount.did;
+    }
+    // In CF Workers, user.did IS the wallet DID (signed via DID Connect)
+    if (user.did) return user.did;
+  }
+  return (globalThis as any).__CF_ENV__?.WALLET_DID || '';
+}

package/cloudflare/shims/blocklet-sdk/env.ts

@@ -0,0 +1,12 @@
+// @blocklet/sdk/lib/env shim
+const env = {
+  get appPid() { return (globalThis as any).__CF_ENV__?.APP_PID || ''; },
+  get appName() { return (globalThis as any).__CF_ENV__?.APP_NAME || 'Payment Kit'; },
+  get appUrl() { return (globalThis as any).__CF_ENV__?.APP_URL || ''; },
+  get componentDid() { return (globalThis as any).__CF_ENV__?.COMPONENT_DID || ''; },
+  get dataDir() { return '/tmp'; },
+  get appId() { return (globalThis as any).__CF_ENV__?.APP_ID || ''; },
+};
+
+export { env };
+export default env;

package/cloudflare/shims/blocklet-sdk/eventbus.ts

@@ -0,0 +1,3 @@
+export async function publish(_event: string, _data: any) {
+  // TODO: CF Queues or HTTP POST
+}

package/cloudflare/shims/blocklet-sdk/fallback.ts

@@ -0,0 +1,3 @@
+export function fallback(_file: string, _opts?: any) {
+  return (_req: any, _res: any, next: any) => next();
+}

package/cloudflare/shims/blocklet-sdk/index.ts

@@ -0,0 +1,11 @@
+// @blocklet/sdk main entry shim
+export { env } from './env';
+export { Notification } from './notification';
+
+export const component = {
+  getUrl: (..._args: any[]) => (globalThis as any).__CF_ENV__?.APP_URL || '',
+};
+
+export function getUrl(..._args: any[]) {
+  return (globalThis as any).__CF_ENV__?.APP_URL || '';
+}

package/cloudflare/shims/blocklet-sdk/logger.ts

@@ -0,0 +1,11 @@
+// @blocklet/logger shim
+function createLogger(_name) {
+  return {
+    info: function() { console.log.apply(console, ['[INFO]'].concat(Array.from(arguments))); },
+    warn: function() { console.warn.apply(console, ['[WARN]'].concat(Array.from(arguments))); },
+    error: function() { console.error.apply(console, ['[ERROR]'].concat(Array.from(arguments))); },
+    debug: function() {},
+  };
+}
+
+module.exports = createLogger;

package/cloudflare/shims/blocklet-sdk/middlewares.ts

@@ -0,0 +1,15 @@
+// @blocklet/sdk/lib/middlewares shim
+export function csrf() {
+  return (_req: any, _res: any, next: any) => next();
+}
+
+export function auth(options?: { roles?: string[] }) {
+  return (req: any, res: any, next: any) => {
+    if (!options?.roles) return next();
+    if (!req.user?.did) return res.status(401).json({ error: 'Login required' });
+    if (!options.roles.includes(req.user.role)) {
+      return res.status(403).json({ error: 'Insufficient permissions' });
+    }
+    next();
+  };
+}

package/cloudflare/shims/blocklet-sdk/notification.ts

@@ -0,0 +1,11 @@
+export async function sendToRelay(_channel: string, _event: string, _data: any) {
+  // TODO: HTTP POST to notification service
+}
+
+export class Notification {
+  static async sendToUser(_did: string, _notification: any, _opts?: any) {
+    // TODO: HTTP POST to notification service
+  }
+}
+
+export default Notification;

package/cloudflare/shims/blocklet-sdk/security.ts

@@ -0,0 +1,53 @@
+// @blocklet/sdk/lib/security shim for CF Workers
+//
+// Uses the same crypto chain as original Blocklet Server:
+//   password = PBKDF2(BLOCKLET_APP_EK, BLOCKLET_DID, 256, 32, sha512).hex()
+//   plaintext = CryptoJS.AES.decrypt(ciphertext, password)
+
+import crypto from 'crypto';
+import CryptoJS from 'crypto-js';
+
+let _password: string | null = null;
+
+/** Initialize with EK + DID. After this, encrypt/decrypt work identically to Blocklet Server. */
+export function initSecurity(appEk: string, blockletDid: string): void {
+  _password = crypto.pbkdf2Sync(appEk, blockletDid, 256, 32, 'sha512').toString('hex');
+}
+
+export function encrypt(data: string, password?: string, salt?: string): string {
+  const pw = password || _password;
+  if (!pw) return data;
+  return CryptoJS.AES.encrypt(data, pw).toString();
+}
+
+export function decrypt(data: string, password?: string, salt?: string): string {
+  const pw = password || _password;
+  if (!pw || !data) return data;
+  return CryptoJS.AES.decrypt(data, pw).toString(CryptoJS.enc.Utf8);
+}
+
+/**
+ * Fetch EK from AUTH_SERVICE and initialize. Call once at worker startup.
+ */
+export async function initFromAuthService(env: {
+  AUTH_SERVICE?: any;
+  APP_PID?: string;
+}): Promise<void> {
+  const { AUTH_SERVICE, APP_PID } = env;
+  if (!AUTH_SERVICE || !APP_PID) return;
+
+  try {
+    const appEk = await AUTH_SERVICE.getAppEk(APP_PID);
+    if (!appEk) {
+      console.warn('[Security] No APP_EK found for instance', APP_PID);
+      return;
+    }
+    // BLOCKLET_DID = APP_PID in Blocklet Server
+    initSecurity(appEk, APP_PID);
+    console.log('[Security] Initialized with EK from AUTH_SERVICE');
+  } catch (err: any) {
+    console.error('[Security] initFromAuthService failed:', err?.message);
+  }
+}
+
+export default { encrypt, decrypt, initSecurity, initFromAuthService };

package/cloudflare/shims/blocklet-sdk/session.ts

@@ -0,0 +1,8 @@
+// @blocklet/sdk/lib/middlewares/session shim
+// Auth is resolved in Hono middleware layer via AUTH_SERVICE RPC.
+// req.user is already populated by mountExpressRoutes().
+export default function sessionMiddleware(_options?: any) {
+  return (_req: any, _res: any, next: any) => next();
+}
+
+export { sessionMiddleware };

package/cloudflare/shims/blocklet-sdk/verify-sign.ts

@@ -0,0 +1,38 @@
+// @blocklet/sdk/lib/util/verify-sign shim for CF Workers
+//
+// In Blocklet Server, component.call uses ED25519 signatures (x-component-sig)
+// to authenticate inter-component calls.
+//
+// In CF Workers, all authentication is delegated to AUTH_SERVICE (blocklet-service)
+// via the Hono caller middleware. By the time security.ts runs, the caller identity
+// is already resolved and injected into req.headers['x-user-did'] / req.user.
+//
+// This shim delegates to AUTH_SERVICE.resolveIdentity() using the request's
+// existing credentials (Cookie JWT or Authorization header), instead of
+// doing local ED25519 signature verification.
+
+export function getVerifyData(req: any, type = 'component') {
+  const sig = req.get?.(`x-${type}-sig`) || req.headers?.[`x-${type}-sig`] || '';
+  return { sig, data: {}, sigVersion: '', sigPk: '' };
+}
+
+export async function verify(_data: any, _sig: any): Promise<boolean> {
+  // AUTH_SERVICE handles all authentication in CF Workers.
+  // The Hono caller middleware (worker.ts) already called AUTH_SERVICE.resolveIdentity()
+  // and injected the result into x-user-did / x-user-role headers before Express runs.
+  //
+  // If AUTH_SERVICE verified the caller → x-user-did is set → security.ts x-user-did path handles it.
+  // If AUTH_SERVICE couldn't verify → caller is null → this path should reject.
+  //
+  // We return false here so the component.call path in security.ts falls through
+  // to the x-user-did path, which uses the AUTH_SERVICE-resolved identity.
+  const env = (globalThis as any).__CF_ENV__;
+  if (env?.AUTH_SERVICE) {
+    // AUTH_SERVICE is available — don't trust local signature, let the x-user-did path handle auth
+    return false;
+  }
+  // No AUTH_SERVICE — cannot verify
+  return false;
+}
+
+export default { verify, getVerifyData };

package/cloudflare/shims/blocklet-sdk/wallet-authenticator.ts

@@ -0,0 +1,3 @@
+export class WalletAuthenticator {
+  constructor(_opts?: any) {}
+}

package/cloudflare/shims/blocklet-sdk/wallet-handler.ts

@@ -0,0 +1,6 @@
+export class WalletHandlers {
+  constructor(_opts?: any) {}
+  attach(_opts: any) {
+    // TODO: implement DID Connect for CF
+  }
+}

package/cloudflare/shims/blocklet-sdk/wallet.ts

@@ -0,0 +1,103 @@
+// @blocklet/sdk/lib/wallet shim
+// Uses @ocap/wallet to create real wallets from APP_SK for on-chain operations
+import * as Mcrypto from '@ocap/mcrypto';
+import { fromSecretKey } from '@ocap/wallet';
+
+const walletTypeArcblock = {
+  role: Mcrypto.types.RoleType.ROLE_APPLICATION,
+  pk: Mcrypto.types.KeyType.ED25519,
+  hash: Mcrypto.types.HashType.SHA3,
+};
+
+const walletTypeEthereum = {
+  role: Mcrypto.types.RoleType.ROLE_APPLICATION,
+  pk: Mcrypto.types.KeyType.SECP256K1,
+  hash: Mcrypto.types.HashType.KECCAK,
+};
+
+// Cache wallets per type so they are not re-created on every call
+let _arcblockWallet: any = null;
+let _ethereumWallet: any = null;
+let _lastSK: string = '';
+
+function getAppSK(): string {
+  return (globalThis as any).__CF_ENV__?.APP_SK || process.env.APP_SK || '';
+}
+
+function ensureWallet(type?: string): any {
+  const sk = getAppSK();
+  if (!sk) {
+    return null;
+  }
+
+  // If SK changed, invalidate cached wallets
+  if (sk !== _lastSK) {
+    _arcblockWallet = null;
+    _ethereumWallet = null;
+    _lastSK = sk;
+  }
+
+  try {
+    if (type === 'ethereum') {
+      if (!_ethereumWallet) {
+        // Ethereum wallet uses first 66 chars of SK (0x + 32 bytes hex)
+        // matching @blocklet/sdk behavior: appSk.slice(0, 66)
+        const ethSk = sk.slice(0, 66);
+        _ethereumWallet = fromSecretKey(ethSk, walletTypeEthereum);
+      }
+      return _ethereumWallet;
+    }
+
+    if (!_arcblockWallet) {
+      _arcblockWallet = fromSecretKey(sk, walletTypeArcblock);
+    }
+    return _arcblockWallet;
+  } catch (e: any) {
+    console.error(`[CF Worker] ensureWallet(${type}) failed:`, e?.message);
+    return null;
+  }
+}
+
+/**
+ * Returns a wallet proxy that lazily initializes the real wallet on first property access.
+ * This is needed because auth.ts calls getWallet() at module init time, before __CF_ENV__
+ * is available. The proxy defers the real wallet creation to request time.
+ */
+export function getWallet(type?: string, _appSk?: string, _keyType?: string): any {
+  return new Proxy(
+    {},
+    {
+      get(_target, prop) {
+        const realWallet = ensureWallet(type);
+        if (!realWallet) {
+          if (prop === 'address') return '';
+          if (prop === 'publicKey') return '';
+          if (prop === 'toJSON') return () => ({});
+          if (prop === 'sign') return async () => '';
+          if (prop === 'verify') return async () => true;
+          if (prop === 'signJWT') return async () => '';
+          if (prop === 'then') return undefined;
+          return undefined;
+        }
+        const value = realWallet[prop];
+        if (typeof value === 'function') {
+          return value.bind(realWallet);
+        }
+        return value;
+      },
+      has(_target, prop) {
+        const realWallet = ensureWallet(type);
+        if (!realWallet) return false;
+        return prop in realWallet;
+      },
+    }
+  );
+}
+
+// CF shim re-exports: on CF the runtime/permanent/access wallets all derive
+// from the single APP_SK, so these just alias getWallet. Needed because
+// payment-kit's api/src/libs/auth.ts imports { getAccessWallet } and the
+// patch in that file calls getWallet(undefined, '', 'sk').
+export const getAccessWallet = () => getWallet('arcblock');
+export const getPermanentWallet = () => getWallet('arcblock');
+export const getEthereumWallet = () => getWallet('ethereum');

package/cloudflare/shims/cookie-parser.ts

@@ -0,0 +1,3 @@
+export default function cookieParser() {
+  return (_req: any, _res: any, next: any) => next();
+}

package/cloudflare/shims/cors.ts

@@ -0,0 +1,21 @@
+// Minimal cors shim for CF Workers
+// Uses Object.assign pattern so both ESM and CJS interop work:
+// - ESM: import cors from 'cors' -> cors is the function
+// - CJS: const cors = require('cors') -> cors is the function (via __toCommonJS default)
+function cors(_opts?: any) {
+  return (_req: any, res: any, next: any) => {
+    res?.set?.('Access-Control-Allow-Origin', '*');
+    res?.set?.('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,PATCH,OPTIONS');
+    res?.set?.('Access-Control-Allow-Headers', 'Content-Type,Authorization,x-user-did,x-csrf-token');
+    if (_req?.method === 'OPTIONS') {
+      res?.status?.(204)?.end?.();
+      return;
+    }
+    next();
+  };
+}
+
+// @ts-ignore - module.exports for CJS compat
+module.exports = cors;
+// @ts-ignore
+module.exports.default = cors;

package/cloudflare/shims/cron.ts

@@ -0,0 +1,189 @@
+// @abtnode/cron shim for CF Cron Triggers
+//
+// The real @abtnode/cron exports { init } where init({ context, jobs, onError }) registers jobs.
+// In CF Workers, we store the jobs and execute them via the scheduled() handler.
+//
+// The shim parses 6-field cron expressions (sec min hour day month weekday)
+// and only runs jobs whose schedule matches the current 5-minute window.
+
+type CronJob = {
+  name: string;
+  time: string;
+  fn: () => Promise<any> | any;
+  options?: { runOnInit?: boolean };
+};
+
+type InitOptions = {
+  context?: any;
+  jobs: CronJob[];
+  onError?: (error: Error, name: string) => void;
+};
+
+// Singleton storage for registered cron jobs
+const registeredJobs: CronJob[] = [];
+let onErrorHandler: ((error: Error, name: string) => void) | undefined;
+
+// --- Cron expression matcher ---
+// Supports 6-field format: second minute hour dayOfMonth month dayOfWeek
+// Supports: numbers, *, */N, ranges (1-5), lists (1,3,5)
+
+function parseField(field: string, min: number, max: number): number[] | null {
+  // null means "match all"
+  if (field === '*') return null;
+
+  const values = new Set<number>();
+
+  for (const part of field.split(',')) {
+    // */N — every N
+    const stepMatch = part.match(/^\*\/(\d+)$/);
+    if (stepMatch) {
+      const step = parseInt(stepMatch[1], 10);
+      for (let i = min; i <= max; i += step) {
+        values.add(i);
+      }
+      continue;
+    }
+
+    // N-M — range
+    const rangeMatch = part.match(/^(\d+)-(\d+)$/);
+    if (rangeMatch) {
+      const from = parseInt(rangeMatch[1], 10);
+      const to = parseInt(rangeMatch[2], 10);
+      for (let i = from; i <= to; i++) {
+        values.add(i);
+      }
+      continue;
+    }
+
+    // N — single value
+    const num = parseInt(part, 10);
+    if (!isNaN(num)) {
+      values.add(num);
+    }
+  }
+
+  return values.size > 0 ? Array.from(values) : null;
+}
+
+/**
+ * Check if a date matches a 6-field cron expression.
+ * Returns true if the date's minute/hour/day/month/weekday match.
+ * Seconds field is ignored (CF triggers are minute-level).
+ */
+function matchesCron(cronExpr: string, date: Date): boolean {
+  const fields = cronExpr.trim().split(/\s+/);
+  if (fields.length < 5) return true; // Can't parse — run it
+
+  // 6-field: sec min hour dom month dow
+  // 5-field: min hour dom month dow
+  const offset = fields.length >= 6 ? 1 : 0;
+
+  const minuteField = parseField(fields[offset], 0, 59);
+  const hourField = parseField(fields[offset + 1], 0, 23);
+  const domField = parseField(fields[offset + 2], 1, 31);
+  const monthField = parseField(fields[offset + 3], 0, 11); // cron months are 1-12, JS is 0-11
+  const dowField = parseField(fields[offset + 4], 0, 6);
+
+  const m = date.getUTCMinutes();
+  const h = date.getUTCHours();
+  const dom = date.getUTCDate();
+  const month = date.getUTCMonth() + 1; // JS 0-based → cron 1-based
+  const dow = date.getUTCDay(); // 0=Sunday
+
+  if (minuteField && !minuteField.includes(m)) return false;
+  if (hourField && !hourField.includes(h)) return false;
+  if (domField && !domField.includes(dom)) return false;
+  if (monthField && !monthField.includes(month)) return false;
+  if (dowField && !dowField.includes(dow)) return false;
+
+  return true;
+}
+
+// Check if a cron expression should fire at the given date (minute-level match).
+//
+// History: this helper previously used a 5-minute look-ahead window, under the
+// assumption that CF Cron Triggers fire every 5 minutes. Once the deploy config
+// switched to every-minute cron, that window made every stepped expression fire
+// 5x more often than intended, driving CF Queues past the free-tier daily cap
+// (2026-04-17 incident). With CF Scheduled firing every minute, we only check
+// the current minute — each cron expression triggers at its designed frequency.
+// See docs/cf-queues-ops-alert-analysis.md § 改动 B.
+function shouldRunInWindow(cronExpr: string, date: Date): boolean {
+  return matchesCron(cronExpr, date);
+}
+
+// --- Cron shim API ---
+
+function init(options: InitOptions) {
+  registeredJobs.length = 0;
+  onErrorHandler = options.onError;
+
+  for (const job of options.jobs || []) {
+    if (job.name && job.time && typeof job.fn === 'function') {
+      registeredJobs.push(job);
+    }
+  }
+
+  // Skip runOnInit jobs in CF Workers — they'll run on the next matching trigger
+  // (running them at module init time would block the request and may exceed CPU limits)
+
+  return {
+    addJob(name: string, time: string, fn: Function, opts?: any) {
+      registeredJobs.push({ name, time, fn: fn as any, options: opts });
+    },
+    start() { /* no-op */ },
+  };
+}
+
+// Called by worker.ts scheduled handler — only runs jobs matching the trigger time.
+// Accepts an optional `now` so the caller can pass `event.scheduledTime` (the
+// intended trigger minute) instead of relying on wall-clock at execution time.
+// CF may deliver scheduled events with a small delay that crosses a minute
+// boundary; matching on `scheduledTime` keeps exact-minute cron reliable.
+async function runAll(now: Date = new Date()) {
+  const matched: string[] = [];
+  const skipped: string[] = [];
+
+  for (const job of registeredJobs) {
+    if (shouldRunInWindow(job.time, now)) {
+      matched.push(job.name);
+      try {
+        await job.fn();
+      } catch (err: any) {
+        console.error(`[Cron] ${job.name} failed:`, err?.message || err);
+        onErrorHandler?.(err, job.name);
+      }
+    } else {
+      skipped.push(job.name);
+    }
+  }
+
+  console.log(`[Cron] Ran ${matched.length} jobs: [${matched.join(', ')}]. Skipped ${skipped.length}.`);
+}
+
+async function runJob(name: string) {
+  const job = registeredJobs.find((j) => j.name === name);
+  if (job) {
+    try {
+      await job.fn();
+    } catch (err: any) {
+      console.error(`[Cron] ${name} failed:`, err?.message || err);
+      onErrorHandler?.(err, name);
+    }
+  } else {
+    console.warn(`[Cron] Job ${name} not found`);
+  }
+}
+
+function getJobNames(): string[] {
+  return registeredJobs.map((j) => `${j.name} (${j.time})`);
+}
+
+// Export matching @abtnode/cron API: default export is { init }
+export default { init };
+
+// Export helper functions for the worker.ts scheduled handler
+export const cronInstance = { runAll, runJob, getJobNames };
+
+// Exported for unit tests; not part of the public cron API.
+export const __test__ = { matchesCron, shouldRunInWindow };

package/cloudflare/shims/crypto-js-warn.ts

@@ -0,0 +1,7 @@
+// crypto-js shim — warns when AES legacy encryption is attempted in CF Workers
+const warn = (method: string) =>
+  console.warn(`[cf-shim] crypto-js/${method} called — legacy AES crypto is not available in CF Workers`);
+
+export const encrypt = (..._args: any[]) => { warn('aes.encrypt'); return ''; };
+export const decrypt = (..._args: any[]) => { warn('aes.decrypt'); return ''; };
+export default { encrypt, decrypt };

package/cloudflare/shims/did-space-js.ts

@@ -0,0 +1,17 @@
+// noop shim for @blocklet/did-space-js in CF Workers
+const noop = (..._args: any[]) => {};
+
+export class SpaceClient {
+  constructor(..._args: any[]) {}
+  send = noop;
+}
+
+export class GetObjectCommand {
+  constructor(..._args: any[]) {}
+}
+
+export class PutObjectCommand {
+  constructor(..._args: any[]) {}
+}
+
+export default { SpaceClient, GetObjectCommand, PutObjectCommand };

package/cloudflare/shims/did-space.ts

@@ -0,0 +1,11 @@
+// @blocklet/did-space-js shim
+export class SpaceClient {
+  constructor(_opts?: any) {}
+  async send(_cmd: any) { return {}; }
+}
+export class GetObjectCommand {
+  constructor(_opts?: any) {}
+}
+export class PutObjectCommand {
+  constructor(_opts?: any) {}
+}