@agentcommunity/aid-engine
Version:
Core engine for Agent Identity & Discovery (AID) validation and discovery
1 lines • 40.9 kB
Source Map (JSON)
{"version":3,"sources":["../src/dns.ts","../src/tls_inspect.ts","../src/dnssec.ts","../src/protoProbe.ts","../src/error_messages.ts","../src/checker.ts","../src/generator.ts","../src/keys.ts"],"names":["discover","URL","tls","enforceRedirectPolicy","AidError","performPKAHandshake","parse","nodeWebcrypto"],"mappings":";;;;;;;;;;;;AAeA,eAAsB,gBAAA,CACpB,QACA,OAAA,EAYA;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAMA,YAAA,CAAS,MAAA,EAAQ;AAAA,MACjC,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,SAAS,OAAA,CAAQ,SAAA;AAAA,MACjB,mBAAmB,OAAA,CAAQ,aAAA;AAAA,MAC3B,oBAAoB,OAAA,CAAQ;AAAA,KAC7B,CAAA;AACD,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,GAAA,EAAI;AAAA,EAChC,SAAS,CAAA,EAAG;AACV,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,CAAA,EAAc;AAAA,EAC3C;AACF;AC5BA,eAAsB,UAAA,CAAW,GAAA,EAAa,SAAA,GAAY,GAAA,EAA8B;AACtF,EAAA,MAAM,CAAA,GAAI,IAAIC,OAAAA,CAAI,GAAG,CAAA;AACrB,EAAA,MAAM,OAAO,CAAA,CAAE,QAAA;AACf,EAAA,MAAM,OAAO,CAAA,CAAE,IAAA,GAAO,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA,GAAI,GAAA;AAEvC,EAAA,OAAO,MAAM,IAAI,OAAA,CAAuB,CAAC,SAAS,MAAA,KAAW;AAC3D,IAAA,MAAM,SAASC,oBAAA,CAAI,OAAA;AAAA,MACjB;AAAA,QACE,IAAA;AAAA,QACA,IAAA;AAAA,QACA,UAAA,EAAY,IAAA;AAAA,QACZ,OAAA,EAAS,SAAA;AAAA,QACT,kBAAA,EAAoB;AAAA,OACtB;AAAA,MACA,MAAM;AACJ,QAAA,MAAM,IAAA,GAAO,MAAA,CAAO,kBAAA,CAAmB,IAAI,CAAA;AAM3C,QAAA,MAAM,SAAS,IAAA,EAAM,MAAA,EAAQ,EAAA,IAAM,IAAA,EAAM,QAAQ,UAAA,IAAc,IAAA;AAC/D,QAAA,MAAM,MACJ,OAAO,IAAA,EAAM,mBAAmB,QAAA,GAC5B,IAAA,CAAK,eACF,KAAA,CAAM,GAAG,EACT,GAAA,CAAI,CAAC,MAAc,CAAA,CAAE,IAAA,EAAM,CAAA,CAC3B,MAAA,CAAO,OAAO,CAAA,GACjB,IAAA;AACN,QAAA,MAAM,SAAA,GAAY,MAAM,UAAA,GAAa,IAAI,KAAK,IAAA,CAAK,UAAU,CAAA,CAAE,WAAA,EAAY,GAAI,IAAA;AAC/E,QAAA,MAAM,OAAA,GAAU,MAAM,QAAA,GAAW,IAAI,KAAK,IAAA,CAAK,QAAQ,CAAA,CAAE,WAAA,EAAY,GAAI,IAAA;AACzE,QAAA,IAAI,aAAA,GAA+B,IAAA;AACnC,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,MAAM,EAAA,GAAK,IAAI,IAAA,CAAK,OAAO,EAAE,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AAClD,UAAA,aAAA,GAAgB,IAAA,CAAK,KAAA,CAAM,EAAA,IAAM,EAAA,GAAK,OAAO,GAAA,CAAK,CAAA;AAAA,QACpD;AACA,QAAA,OAAA,CAAQ,EAAE,MAAM,GAAA,EAAK,IAAA,EAAM,QAAQ,GAAA,EAAK,SAAA,EAAW,OAAA,EAAS,aAAA,EAAe,CAAA;AAC3E,QAAA,MAAA,CAAO,GAAA,EAAI;AAAA,MACb;AAAA,KACF;AACA,IAAA,MAAA,CAAO,GAAG,OAAA,EAAS,CAAC,GAAA,KAAQ,MAAA,CAAO,GAAG,CAAC,CAAA;AACvC,IAAA,MAAA,CAAO,EAAA,CAAG,WAAW,MAAM;AACzB,MAAA,MAAA,CAAO,OAAA,EAAQ;AACf,MAAA,MAAA,CAAO,IAAI,KAAA,CAAM,aAAa,CAAC,CAAA;AAAA,IACjC,CAAC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;;;AChDA,eAAsB,mBAAA,CACpB,IAAA,EACA,GAAA,GAAM,sCAAA,EACN,YAAY,GAAA,EACgB;AAC5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAG,CAAA;AACvB,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAA,EAAQ,IAAI,CAAA;AACjC,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAA,EAAQ,OAAO,CAAA;AAEpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AACzD,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,CAAI,UAAS,EAAG;AAAA,MACtC,OAAA,EAAS,EAAE,MAAA,EAAQ,sBAAA,EAAuB;AAAA,MAC1C,QAAQ,UAAA,CAAW;AAAA,KACpB,CAAA;AACD,IAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,OAAO,EAAE,SAAS,KAAA,EAAO,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,IAAA,EAAK;AACnE,IAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,MAAA,IAAU,EAAC;AAChC,IAAA,MAAM,WAAW,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,SAAS,EAAE,CAAA;AAClD,IAAA,OAAO,EAAE,SAAS,QAAA,EAAU,MAAA,EAAQ,SAAS,KAAA,EAAO,QAAA,GAAW,UAAU,IAAA,EAAK;AAAA,EAChF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,OAAA,EAAS,OAAO,IAAA,EAAK;AAAA,EACxD,CAAA,SAAE;AACA,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACjB;AACF;AClCA,eAAsB,gBAAA,CACpB,MAAA,EACA,QAAA,EACA,SAAA,EACsD;AACtD,EAAA,MAAM,IAAA,GAAO,CAAA,QAAA,EAAW,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC1C,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAMF,YAAAA,CAAS,IAAA,EAAM;AAAA,MAC/B,OAAA,EAAS,SAAA;AAAA,MACT,iBAAA,EAAmB;AAAA;AAAA,KACpB,CAAA;AACD,IAAA,OAAO;AAAA,MACL,OAAA,EAAS;AAAA,QACP,IAAA;AAAA,QACA,IAAA,EAAM,KAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,KAAK,GAAA,CAAI,GAAA;AAAA,QACT,YAAY,IAAI,WAAA,GAAc,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA,CAAE;AAAA;AAChD,KACF;AAAA,EACF,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,KAAA,GAAQ,CAAA;AACd,IAAA,IAAI,KAAA,CAAM,cAAc,eAAA,EAAiB;AACvC,MAAA,OAAO,EAAE,SAAS,EAAE,IAAA,EAAM,MAAM,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAW,EAAG,KAAA,EAAM;AAAA,IACrE;AACA,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,EAAE,IAAA,EAAM,IAAA,EAAM,KAAA,EAAO,QAAQ,OAAA,EAAS,MAAA,EAAQ,KAAA,CAAM,SAAA,IAAa,SAAA,EAAU;AAAA,MACpF;AAAA,KACF;AAAA,EACF;AACF;;;AC5BO,IAAM,cAAA,GAAiB;AAAA;AAAA,EAE5B,aAAA,EAAe,sEAAA;AAAA;AAAA,EAGf,iBAAA,EACE,6FAAA;AAAA,EACF,eAAA,EACE,sFAAA;AAAA;AAAA,EAGF,kBAAA,EACE,6FAAA;AAAA,EACF,oBAAA,EACE,+FAAA;AAAA,EACF,iBAAA,EACE,wFAAA;AAAA;AAAA,EAGF,kBAAA,EAAoB,qEAAA;AAAA,EACpB,qBAAA,EACE,qFAAA;AAAA,EACF,oBAAA,EACE,2FAAA;AAAA;AAAA,EAGF,eAAA,EAAiB,gFAAA;AAAA;AAAA,EAGjB,mBAAA,EAAqB,4EAAA;AAAA;AAAA,EAGrB,kBAAA,EAAoB,qEAAA;AAAA,EACpB,iBAAA,EAAmB,6DAAA;AAAA,EACnB,mBAAA,EAAqB,mDAAA;AAAA,EACrB,eAAA,EAAiB,iEAAA;AAAA,EACjB,kBAAA,EACE,gFAAA;AAAA;AAAA,EAGF,aAAA,EAAe,kEAAA;AAAA,EACf,OAAA,EAAS,8DAAA;AAAA,EACT,SAAA,EAAW,sDAAA;AAAA,EACX,WAAA,EAAa;AACf;;;ACzCA,SAAS,UAAA,CAAW,QAAgB,QAAA,EAAiC;AACnE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,QAAA,EAAU,YAAA;AAAA,MACV,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,KAAA,EAAO,OAAA,EAAS,OAAA,CAAQ,QAAQ,CAAA,EAAE;AAAA,MACnE,UAAU,EAAC;AAAA,MACX,SAAA,EAAW;AAAA,QACT,SAAA,EAAW,KAAA;AAAA,QACX,IAAA,EAAM,KAAA;AAAA,QACN,GAAA,EAAK,IAAA;AAAA,QACL,UAAA,EAAY,IAAA;AAAA,QACZ,WAAA,EAAa,IAAA;AAAA,QACb,UAAA,EAAY,IAAA;AAAA,QACZ,MAAA,EAAQ,IAAA;AAAA,QACR,OAAA,EAAS;AAAA;AACX,KACF;AAAA,IACA,MAAA,EAAQ,EAAE,GAAA,EAAK,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,KAAA,EAAO,QAAA,EAAU,EAAC,EAAG,MAAA,EAAQ,EAAC,EAAE;AAAA,IAC1E,QAAQ,EAAE,OAAA,EAAS,OAAO,MAAA,EAAQ,OAAA,EAAS,OAAO,IAAA,EAAK;AAAA,IACvD,GAAA,EAAK;AAAA,MACH,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO,IAAA;AAAA,MACP,IAAA,EAAM,IAAA;AAAA,MACN,GAAA,EAAK,IAAA;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,GAAA,EAAK,IAAA;AAAA,MACL,SAAA,EAAW,IAAA;AAAA,MACX,OAAA,EAAS,IAAA;AAAA,MACT,aAAA,EAAe,IAAA;AAAA,MACf,eAAA,EAAiB;AAAA,KACnB;AAAA,IACA,GAAA,EAAK;AAAA,MACH,OAAA,EAAS,KAAA;AAAA,MACT,SAAA,EAAW,KAAA;AAAA,MACX,QAAA,EAAU,IAAA;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,IAAA;AAAA,MACL,cAAA,EAAgB,IAAA;AAAA,MAChB,OAAA,EAAS;AAAA,KACX;AAAA,IACA,WAAW,EAAE,OAAA,EAAS,OAAO,QAAA,EAAU,IAAA,EAAM,QAAQ,IAAA,EAAK;AAAA,IAC1D,QAAA,EAAU,CAAA;AAAA,IACV,UAAA,EAAY;AAAA,GACd;AACF;AAEA,eAAsB,QAAA,CAAS,QAAgB,IAAA,EAA2C;AACxF,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA;AAE/C,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,gBAAA,CAAiB,MAAA,EAAQ;AAAA,MAC5C,GAAI,IAAA,CAAK,QAAA,IAAY,EAAE,QAAA,EAAU,KAAK,QAAA,EAAS;AAAA,MAC/C,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,eAAe,IAAA,CAAK,aAAA;AAAA,MACpB,oBAAoB,IAAA,CAAK;AAAA,KAC1B,CAAA;AAED,IAAA,MAAM,QAAQ,MAAA,CAAO,KAAA;AACrB,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA;AACxB,IAAA,MAAM,OAAA,GAAwB;AAAA,MAC5B,IAAA,EAAM,SAAA;AAAA,MACN,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,SAAA;AAAA,MACR,KAAK,KAAA,CAAM;AAAA,KACb;AACA,IAAA,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,CAAK,OAAO,CAAA;AACpC,IAAA,IAAI,KAAA,CAAM,SAAA,CAAU,UAAA,CAAW,OAAO,CAAA,EAAG;AACvC,MAAA,MAAA,CAAO,OAAA,CAAQ,UAAU,IAAA,GAAO,IAAA;AAChC,MAAA,MAAA,CAAO,OAAA,CAAQ,UAAU,SAAA,GAAY,IAAA;AACrC,MAAA,MAAA,CAAO,OAAA,CAAQ,SAAA,CAAU,GAAA,GAAM,KAAA,CAAM,SAAA;AAAA,IACvC;AAGA,IAAA,IAAI,IAAA,CAAK,QAAA,IAAY,IAAA,CAAK,oBAAA,EAAsB;AAC9C,MAAA,MAAM,WAAW,MAAM,gBAAA,CAAiB,QAAQ,IAAA,CAAK,QAAA,EAAU,KAAK,SAAS,CAAA;AAC7E,MAAA,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,CAAK,QAAA,CAAS,OAAO,CAAA;AAC7C,MAAA,IAAI,CAAC,SAAS,KAAA,EAAO;AACnB,QAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,UAC1B,IAAA,EAAM,2BAAA;AAAA,UACN,OAAA,EAAS,CAAA,2DAAA,EAA8D,IAAA,CAAK,QAAQ,IAAI,MAAM,CAAA,wCAAA;AAAA,SAC/F,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,MAAM,SAAS,KAAA,CAAM,MAAA;AACrB,IAAA,MAAA,CAAO,OAAO,MAAA,GAAS,MAAA;AACvB,IAAA,MAAA,CAAO,OAAO,KAAA,GAAQ,IAAA;AACtB,IAAA,MAAA,CAAO,MAAA,CAAO,OAAO,MAAM;AAGzB,MAAA,MAAM,KAAA,GAAkB,CAAC,QAAQ,CAAA;AACjC,MAAA,IAAI,OAAO,GAAA,EAAK,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,GAAG,CAAA,CAAE,CAAA;AAC5C,MAAA,IAAI,OAAO,KAAA,EAAO,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AAChD,MAAA,IAAI,OAAO,IAAA,EAAM,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAC9C,MAAA,IAAI,OAAO,IAAA,EAAM,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAC9C,MAAA,IAAI,OAAO,IAAA,EAAM,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAC9C,MAAA,IAAI,OAAO,GAAA,EAAK;AACd,QAAA,MAAM,OAAA,GAAU,IAAI,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AACnC,QAAA,IAAI,OAAA,CAAQ,OAAA,EAAQ,GAAI,IAAA,CAAK,KAAI,EAAG;AAClC,UAAA,MAAA,CAAO,MAAA,CAAO,OAAO,IAAA,CAAK;AAAA,YACxB,IAAA,EAAM,YAAA;AAAA,YACN,SAAS,cAAA,CAAe;AAAA,WACzB,CAAA;AACD,UAAA,MAAA,CAAO,OAAO,KAAA,GAAQ,KAAA;AACtB,UAAA,MAAA,CAAO,QAAA,GAAW,IAAA;AAAA,QACpB,CAAA,MAAO;AACL,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,YAC1B,IAAA,EAAM,uBAAA;AAAA,YACN,OAAA,EAAS,CAAA,uCAAA,EAA0C,MAAA,CAAO,GAAG,CAAA;AAAA,WAC9D,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,IAAI,OAAO,GAAA,EAAK,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,GAAG,CAAA,CAAE,CAAA;AAC5C,MAAA,IAAI,OAAO,GAAA,EAAK,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,MAAA,CAAO,GAAG,CAAA,CAAE,CAAA;AAC5C,MAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AAAA,IACvB,CAAA,GAAG;AAGH,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,OAAO,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,CAAE,MAAA;AAC5D,IAAA,IAAI,UAAU,GAAA,EAAK;AACjB,MAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,QAC1B,IAAA,EAAM,YAAA;AAAA,QACN,SAAS,cAAA,CAAe;AAAA,OACzB,CAAA;AAAA,IACH;AAGA,IAAA,MAAM,YAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IAAe,QAAQ,GAAA,IAAO,OAAA,CAAQ,IAAI,iBAAA,KAAsB,GAAA;AACrF,IAAA,IAAI,CAAC,YAAA,IAAgB,MAAA,CAAO,UAAU,OAAA,IAAW,MAAA,CAAO,UAAU,UAAA,EAAY;AAC5E,MAAA,IAAI;AACF,QAAA,MAAMG,yBAAA,CAAsB,MAAA,CAAO,GAAA,EAAK,IAAA,CAAK,SAAS,CAAA;AAEtD,QAAA,IAAI,MAAA,CAAO,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AACrC,UAAA,MAAM,UAAU,MAAM,UAAA,CAAW,MAAA,CAAO,GAAA,EAAK,KAAK,SAAS,CAAA;AAC3D,UAAA,MAAA,CAAO,IAAI,OAAA,GAAU,IAAA;AACrB,UAAA,MAAA,CAAO,IAAI,KAAA,GAAQ,IAAA;AACnB,UAAA,MAAA,CAAO,GAAA,CAAI,OAAO,OAAA,CAAQ,IAAA;AAC1B,UAAA,MAAA,CAAO,GAAA,CAAI,MAAM,OAAA,CAAQ,GAAA;AACzB,UAAA,MAAA,CAAO,GAAA,CAAI,SAAS,OAAA,CAAQ,MAAA;AAC5B,UAAA,MAAA,CAAO,GAAA,CAAI,MAAM,OAAA,CAAQ,GAAA;AACzB,UAAA,MAAA,CAAO,GAAA,CAAI,YAAY,OAAA,CAAQ,SAAA;AAC/B,UAAA,MAAA,CAAO,GAAA,CAAI,UAAU,OAAA,CAAQ,OAAA;AAC7B,UAAA,MAAA,CAAO,GAAA,CAAI,gBAAgB,OAAA,CAAQ,aAAA;AACnC,UAAA,IAAI,OAAA,CAAQ,aAAA,KAAkB,IAAA,IAAQ,OAAA,CAAQ,gBAAgB,EAAA,EAAI;AAChE,YAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,cAC1B,IAAA,EAAM,cAAA;AAAA,cACN,SAAS,cAAA,CAAe;AAAA,aACzB,CAAA;AAAA,UACH;AAAA,QACF,CAAA,MAAO;AAEL,UAAA,MAAA,CAAO,IAAI,OAAA,GAAU,KAAA;AACrB,UAAA,MAAA,CAAO,IAAI,KAAA,GAAQ,IAAA;AAAA,QACrB;AAAA,MACF,SAAS,CAAA,EAAG;AACV,QAAA,MAAM,GAAA,GAAM,CAAA;AACZ,QAAA,MAAA,CAAO,IAAI,OAAA,GAAU,IAAA;AACrB,QAAA,MAAA,CAAO,IAAI,KAAA,GAAQ,KAAA;AACnB,QAAA,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,GAAA,CAAI,SAAA,IAAa,cAAA,EAAgB,OAAA,EAAS,GAAA,CAAI,OAAA,EAAS,CAAA;AACzF,QAAA,MAAA,CAAO,QAAA,GAAW,GAAA,YAAeC,YAAAA,GAAW,GAAA,CAAI,IAAA,GAAO,IAAA;AACvD,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,IAAI;AACF,MAAA,MAAM,CAAA,GAAI,MAAM,mBAAA,CAAoB,KAAA,CAAM,SAAS,CAAA;AACnD,MAAA,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA,CAAE,OAAA;AAC1B,MAAA,MAAA,CAAO,MAAA,CAAO,QAAQ,CAAA,CAAE,KAAA;AAAA,IAC1B,CAAA,CAAA,MAAQ;AAAA,IAER;AAGA,IAAA,IAAI,MAAA,CAAO,GAAA,IAAO,MAAA,CAAO,GAAA,EAAK;AAC5B,MAAA,MAAA,CAAO,IAAI,OAAA,GAAU,IAAA;AACrB,MAAA,MAAA,CAAO,GAAA,CAAI,MAAM,MAAA,CAAO,GAAA;AACxB,MAAA,MAAA,CAAO,IAAI,GAAA,GAAM,SAAA;AACjB,MAAA,MAAA,CAAO,IAAI,SAAA,GAAY,IAAA;AACvB,MAAA,IAAI;AACF,QAAA,MAAMC,wBAAoB,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,GAAA,EAAK,OAAO,GAAG,CAAA;AAC5D,QAAA,MAAA,CAAO,IAAI,QAAA,GAAW,IAAA;AAAA,MACxB,SAAS,CAAA,EAAG;AACV,QAAA,MAAM,GAAA,GAAM,CAAA;AACZ,QAAA,MAAA,CAAO,IAAI,QAAA,GAAW,KAAA;AACtB,QAAA,MAAA,CAAO,MAAA,CAAO,OAAO,IAAA,CAAK;AAAA,UACxB,IAAA,EAAM,IAAI,SAAA,IAAa,cAAA;AAAA,UACvB,SAAS,cAAA,CAAe;AAAA,SACzB,CAAA;AACD,QAAA,MAAA,CAAO,QAAA,GAAW,GAAA,YAAeD,YAAAA,GAAW,GAAA,CAAI,IAAA,GAAO,IAAA;AACvD,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,MAAA,CAAO,UAAU,OAAA,GAAU,IAAA;AAC3B,MAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,QAAA,MAAM,OAAO,IAAA,CAAK,kBAAA;AAClB,QAAA,MAAA,CAAO,SAAA,CAAU,WAAW,EAAE,GAAA,EAAK,KAAK,GAAA,EAAK,GAAA,EAAK,KAAK,GAAA,EAAI;AAC3D,QAAA,MAAM,MAAA,GAAS,OAAO,GAAA,IAAO,IAAA;AAC7B,QAAA,MAAM,MAAA,GAAS,OAAO,GAAA,IAAO,IAAA;AAC7B,QAAA,IAAI,IAAA,CAAK,GAAA,IAAO,CAAC,MAAA,EAAQ;AACvB,UAAA,MAAA,CAAO,UAAU,MAAA,GAAS,WAAA;AAC1B,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,YAC1B,IAAA,EAAM,WAAA;AAAA,YACN,SAAS,cAAA,CAAe;AAAA,WACzB,CAAA;AAAA,QACH,WAAW,IAAA,CAAK,GAAA,IAAO,MAAA,IAAU,IAAA,CAAK,QAAQ,MAAA,EAAQ;AACpD,UAAA,MAAA,CAAO,UAAU,MAAA,GAAS,WAAA;AAC1B,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,YAC1B,IAAA,EAAM,WAAA;AAAA,YACN,SAAS,cAAA,CAAe;AAAA,WACzB,CAAA;AAAA,QACH,WAAW,IAAA,CAAK,GAAA,IAAO,MAAA,IAAU,IAAA,CAAK,QAAQ,MAAA,EAAQ;AACpD,UAAA,MAAA,CAAO,UAAU,MAAA,GAAS,WAAA;AAC1B,UAAA,MAAA,CAAO,MAAA,CAAO,SAAS,IAAA,CAAK;AAAA,YAC1B,IAAA,EAAM,WAAA;AAAA,YACN,SAAS,cAAA,CAAe;AAAA,WACzB,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,MAAA,CAAO,UAAU,MAAA,GAAS,WAAA;AAAA,QAC5B;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAA,CAAO,UAAU,MAAA,GAAS,YAAA;AAAA,MAC5B;AAEA,MAAA,MAAA,CAAO,UAAA,GAAa;AAAA,QAClB,QAAA,EAAA,iBAAU,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,QACjC,GAAA,EAAK,OAAO,GAAA,IAAO,IAAA;AAAA,QACnB,GAAA,EAAK,OAAO,GAAA,IAAO;AAAA,OACrB;AAAA,IACF;AAEA,IAAA,MAAA,CAAO,QAAA,GAAW,CAAA;AAClB,IAAA,OAAO,MAAA;AAAA,EACT,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,GAAA,GAAM,CAAA;AACZ,IAAA,MAAA,CAAO,QAAA,GAAW,GAAA,YAAeA,YAAAA,GAAW,GAAA,CAAI,IAAA,GAAO,GAAA;AACvD,IAAA,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,GAAA,CAAI,SAAA,IAAa,eAAA,EAAiB,OAAA,EAAS,GAAA,CAAI,OAAA,EAAS,CAAA;AAG1F,IAAA,IAAI,GAAA,CAAI,SAAA,KAAc,qBAAA,IAAyB,GAAA,CAAI,OAAA,EAAS;AAC1D,MAAA,MAAA,CAAO,OAAA,CAAQ,UAAU,SAAA,GAAY,IAAA;AACrC,MAAA,MAAA,CAAO,OAAA,CAAQ,SAAA,CAAU,UAAA,GAAa,GAAA,CAAI,OAAA,CAAQ,UAAA;AAClD,MAAA,MAAA,CAAO,OAAA,CAAQ,SAAA,CAAU,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,WAAA;AACnD,MAAA,MAAA,CAAO,OAAA,CAAQ,SAAA,CAAU,OAAA,GAAU,GAAA,CAAI,OAAA,CAAQ,OAAA;AAC/C,MAAA,MAAA,CAAO,OAAA,CAAQ,SAAA,CAAU,UAAA,GAAa,GAAA,CAAI,OAAA,CAAQ,UAAA;AAAA,IACpD;AAGA,IAAA,IAAI,IAAA,CAAK,QAAA,IAAY,IAAA,CAAK,mBAAA,EAAqB;AAC7C,MAAA,MAAM,WAAW,MAAM,gBAAA,CAAiB,QAAQ,IAAA,CAAK,QAAA,EAAU,KAAK,SAAS,CAAA;AAC7E,MAAA,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,CAAK,QAAA,CAAS,OAAO,CAAA;AAAA,IAC/C;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;ACtPO,SAAS,qBAAA,CAAsB,UAA4B,UAAA,EAA6B;AAC7F,EAAA,MAAM,KAAA,GAAkB,CAAC,QAAQ,CAAA;AACjC,EAAA,MAAM,CAAA,GAAI,CAAC,IAAA,EAAc,KAAA,KAAmB,aAAa,KAAA,GAAQ,IAAA;AACjE,EAAA,IAAI,QAAA,CAAS,GAAA,EAAK,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,KAAA,EAAO,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,GAAG,CAAA,CAAE,CAAA;AAC/D,EAAA,IAAI,QAAA,CAAS,KAAA,EAAO,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,OAAA,EAAS,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,KAAK,CAAA,CAAE,CAAA;AACrE,EAAA,IAAI,QAAA,CAAS,IAAA,EAAM,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,MAAA,EAAQ,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,IAAI,CAAA,CAAE,CAAA;AAClE,EAAA,IAAI,QAAA,CAAS,IAAA,EAAM,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,MAAA,EAAQ,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,IAAI,CAAA,CAAE,CAAA;AAClE,EAAA,IAAI,QAAA,CAAS,IAAA,EAAM,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,MAAA,EAAQ,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,IAAI,CAAA,CAAE,CAAA;AAClE,EAAA,IAAI,QAAA,CAAS,GAAA,EAAK,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,KAAA,EAAO,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,GAAG,CAAA,CAAE,CAAA;AAC/D,EAAA,IAAI,QAAA,CAAS,GAAA,EAAK,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,KAAA,EAAO,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,GAAG,CAAA,CAAE,CAAA;AAC/D,EAAA,IAAI,QAAA,CAAS,GAAA,EAAK,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,CAAA,CAAE,KAAA,EAAO,GAAG,CAAC,CAAA,CAAA,EAAI,QAAA,CAAS,GAAG,CAAA,CAAE,CAAA;AAC/D,EAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AACvB;AAEO,SAAS,eAAe,QAAA,EAAoC;AACjE,EAAA,MAAM,IAAA,GAAO,qBAAA,CAAsB,QAAA,EAAU,KAAK,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,qBAAA,CAAsB,QAAA,EAAU,IAAI,CAAA;AAElD,EAAA,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA,CAAE,MAAA,IAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,IAAI,CAAA,CAAE,SAC5E,KAAA,GACA,IAAA;AACN;AAGO,SAAS,kBAAkB,MAAA,EAAsD;AACtF,EAAA,IAAI;AACF,IAAAE,SAAA,CAAM,MAAM,CAAA;AACZ,IAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,EACzB,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,EAAE,SAAS,KAAA,EAAO,KAAA,EAAO,iBAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,SAAA,EAAU;AAAA,EACrF;AACF;ACpDA,SAAS,gBAAgB,KAAA,EAA2B;AAClD,EAAA,MAAM,QAAA,GAAW,4DAAA;AACjB,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,OAAO,QAAQ,KAAA,CAAM,MAAA,IAAU,KAAA,CAAM,KAAK,MAAM,CAAA,EAAG,KAAA,EAAA;AACnD,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,IAAA,CAAM,KAAA,CAAM,MAAA,GAAS,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,GAAK,IAAA,CAAK,GAAA,CAAI,EAAE,CAAC,CAAA,GAAI,CAAA;AACxE,EAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,IAAI,CAAA;AAC7B,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,KAAA,EAAO,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACzC,IAAA,IAAI,KAAA,GAAQ,MAAM,CAAC,CAAA;AACnB,IAAA,IAAI,IAAI,IAAA,GAAO,CAAA;AACf,IAAA,OAAO,KAAA,KAAU,CAAA,IAAK,CAAA,IAAK,IAAA,GAAO,MAAA,EAAQ;AACxC,MAAA,KAAA,IAAS,GAAA,GAAM,EAAE,CAAC,CAAA;AAClB,MAAA,CAAA,CAAE,CAAC,IAAI,KAAA,GAAQ,EAAA;AACf,MAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,KAAA,GAAQ,EAAE,CAAA;AAC7B,MAAA,CAAA,EAAA;AAAA,IACF;AACA,IAAA,MAAA,GAAS,OAAO,CAAA,GAAI,CAAA;AAAA,EACtB;AACA,EAAA,IAAI,KAAK,IAAA,GAAO,MAAA;AAChB,EAAA,OAAO,EAAA,GAAK,IAAA,IAAQ,CAAA,CAAE,EAAE,MAAM,CAAA,EAAG,EAAA,EAAA;AACjC,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,MAAA,CAAO,KAAK,CAAA;AAC1B,EAAA,KAAA,IAAS,CAAA,GAAI,IAAI,CAAA,GAAI,IAAA,EAAM,KAAK,GAAA,IAAO,QAAA,CAAS,CAAA,CAAE,CAAC,CAAC,CAAA;AACpD,EAAA,OAAO,GAAA;AACT;AAMA,eAAsB,sBAAA,GAInB;AACD,EAAA,MAAM,KAAM,MAAMC,gBAAA,CAAc,MAAA,CAAO,WAAA,CAAY,WAAW,IAAA,EAAM;AAAA,IAClE,MAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,MAAMA,gBAAA,CAAc,OAAO,SAAA,CAAU,KAAA,EAAO,EAAA,CAAG,SAAS,CAAC,CAAA;AACvF,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAMA,gBAAA,CAAc,OAAO,SAAA,CAAU,OAAA,EAAS,EAAA,CAAG,UAAU,CAAC,CAAA;AACzF,EAAA,MAAM,KAAA,GAAQ,GAAA,GAAM,eAAA,CAAgB,MAAM,CAAA;AAC1C,EAAA,MAAM,GAAA,GACJ,kCACA,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GACpC,+BAAA;AAEF,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,KAAA;AAAA,IACX,aAAA,EAAe,GAAA;AAAA,IACf,eAAA,EAAiB;AAAA,GACnB;AACF;AAEO,SAAS,UAAU,GAAA,EAAkD;AAC1E,EAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,CAAC,CAAA,KAAM,GAAA,EAAK,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,4BAAA,EAA6B;AACxF,EAAA,MAAM,CAAA,GAAI,GAAA,CAAI,KAAA,CAAM,CAAC,CAAA;AACrB,EAAA,MAAM,QAAA,GAAW,4DAAA;AACjB,EAAA,KAAA,MAAW,CAAA,IAAK,CAAA;AACd,IAAA,IAAI,CAAC,QAAA,CAAS,QAAA,CAAS,CAAC,CAAA,SAAU,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,0BAAA,EAA2B;AAEvF,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAO,CAAA,CAAE,MAAA,GAAS,IAAA,CAAK,GAAA,CAAI,EAAE,CAAA,GAAK,IAAA,CAAK,GAAA,CAAI,GAAG,CAAC,CAAA;AACnE,EAAA,IAAI,MAAA,KAAW,MAAM,MAAA,KAAW,EAAA,SAAW,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,uBAAA,EAAwB;AAC3F,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB","file":"index.cjs","sourcesContent":["import { discover, AidError, SPEC_VERSION } from '@agentcommunity/aid';\nimport type { ProbeAttempt } from './types';\n\nexport interface DnsQueryResult<T> {\n ok: boolean;\n value?: T;\n error?: AidError;\n}\n\nexport interface BaseDiscovery {\n queryName: string;\n raw: string;\n ttl: number;\n}\n\nexport async function runBaseDiscovery(\n domain: string,\n options: {\n protocol?: string;\n timeoutMs: number;\n allowFallback: boolean;\n wellKnownTimeoutMs: number;\n },\n): Promise<\n DnsQueryResult<{\n record: import('@agentcommunity/aid').AidRecord;\n queryName: string;\n ttl?: number;\n }>\n> {\n try {\n const res = await discover(domain, {\n protocol: options.protocol,\n timeout: options.timeoutMs,\n wellKnownFallback: options.allowFallback,\n wellKnownTimeoutMs: options.wellKnownTimeoutMs,\n });\n return { ok: true, value: res };\n } catch (e) {\n return { ok: false, error: e as AidError };\n }\n}\n\nexport function computeTxtByteLength(raw: string): number {\n return new TextEncoder().encode(raw).length;\n}\n\nexport function attemptFromDnsResult(\n name: string,\n result: { ok: boolean; value?: { ttl?: number; record: { v: string } }; error?: AidError },\n): ProbeAttempt {\n if (result.ok) {\n const rawLen = result.value?.record?.v === SPEC_VERSION ? undefined : undefined;\n return {\n name,\n type: 'TXT',\n result: 'NOERROR',\n ttl: result.value?.ttl,\n byteLength: rawLen,\n };\n }\n const err = result.error;\n if (err && err.errorCode === 'ERR_NO_RECORD') {\n return { name, type: 'TXT', result: 'NXDOMAIN' };\n }\n if (err && err.errorCode === 'ERR_DNS_LOOKUP_FAILED') {\n return { name, type: 'TXT', result: 'ERROR', reason: 'network' };\n }\n return { name, type: 'TXT', result: 'ERROR', reason: err?.errorCode || 'unknown' };\n}\n","import tls from 'node:tls';\nimport { URL } from 'node:url';\n\nexport interface TlsInspection {\n host: string;\n sni: string;\n issuer: string | null;\n san: string[] | null;\n validFrom: string | null;\n validTo: string | null;\n daysRemaining: number | null;\n}\n\nexport async function inspectTls(uri: string, timeoutMs = 5000): Promise<TlsInspection> {\n const u = new URL(uri);\n const host = u.hostname;\n const port = u.port ? Number(u.port) : 443;\n\n return await new Promise<TlsInspection>((resolve, reject) => {\n const socket = tls.connect(\n {\n host,\n port,\n servername: host,\n timeout: timeoutMs,\n rejectUnauthorized: true,\n },\n () => {\n const peer = socket.getPeerCertificate(true) as unknown as {\n issuer?: { CN?: string; commonName?: string };\n subjectaltname?: string;\n valid_from?: string;\n valid_to?: string;\n };\n const issuer = peer?.issuer?.CN || peer?.issuer?.commonName || null;\n const san: string[] | null =\n typeof peer?.subjectaltname === 'string'\n ? peer.subjectaltname\n .split(',')\n .map((s: string) => s.trim())\n .filter(Boolean)\n : null;\n const validFrom = peer?.valid_from ? new Date(peer.valid_from).toISOString() : null;\n const validTo = peer?.valid_to ? new Date(peer.valid_to).toISOString() : null;\n let daysRemaining: number | null = null;\n if (validTo) {\n const ms = new Date(validTo).getTime() - Date.now();\n daysRemaining = Math.floor(ms / (24 * 3600 * 1000));\n }\n resolve({ host, sni: host, issuer, san, validFrom, validTo, daysRemaining });\n socket.end();\n },\n );\n socket.on('error', (err) => reject(err));\n socket.on('timeout', () => {\n socket.destroy();\n reject(new Error('TLS timeout'));\n });\n });\n}\n","export interface DnssecProbeResult {\n present: boolean;\n method: 'RRSIG';\n proof: unknown | null;\n}\n\ninterface DoHResponse {\n Status: number;\n Answer?: Array<{ name: string; type: number; TTL: number; data: string }>;\n}\n\nexport async function probeDnssecRrsigTxt(\n name: string,\n doh = 'https://cloudflare-dns.com/dns-query',\n timeoutMs = 5000,\n): Promise<DnssecProbeResult> {\n const url = new URL(doh);\n url.searchParams.set('name', name);\n url.searchParams.set('type', 'RRSIG');\n\n const controller = new AbortController();\n const id = setTimeout(() => controller.abort(), timeoutMs);\n try {\n const res = await fetch(url.toString(), {\n headers: { Accept: 'application/dns-json' },\n signal: controller.signal,\n });\n if (!res.ok) return { present: false, method: 'RRSIG', proof: null };\n const json = (await res.json()) as DoHResponse;\n const answers = json.Answer ?? [];\n const hasRrsig = answers.some((a) => a.type === 46);\n return { present: hasRrsig, method: 'RRSIG', proof: hasRrsig ? answers : null };\n } catch {\n return { present: false, method: 'RRSIG', proof: null };\n } finally {\n clearTimeout(id);\n }\n}\n","import { discover, AidError } from '@agentcommunity/aid';\nimport type { ProbeAttempt } from './types';\n\nexport async function runProtocolProbe(\n domain: string,\n protocol: string,\n timeoutMs: number,\n): Promise<{ attempt: ProbeAttempt; error?: AidError }> {\n const name = `_agent._${protocol}.${domain}`;\n try {\n const res = await discover(name, {\n timeout: timeoutMs,\n wellKnownFallback: false, // Probes are DNS-only\n });\n return {\n attempt: {\n name,\n type: 'TXT',\n result: 'NOERROR',\n ttl: res.ttl,\n byteLength: new TextEncoder().encode(res.raw).length,\n },\n };\n } catch (e) {\n const error = e as AidError;\n if (error.errorCode === 'ERR_NO_RECORD') {\n return { attempt: { name, type: 'TXT', result: 'NXDOMAIN' }, error };\n }\n return {\n attempt: { name, type: 'TXT', result: 'ERROR', reason: error.errorCode || 'unknown' },\n error,\n };\n }\n}\n","/**\n * Standardized error messages for aid-doctor CLI\n * Ensures consistency across all modules\n */\n\nexport const ERROR_MESSAGES = {\n // General\n UNKNOWN_ERROR: 'An unexpected error occurred. Please check your input and try again.',\n\n // DNS\n DNS_LOOKUP_FAILED:\n 'DNS lookup failed for the specified domain. Check network connectivity and domain spelling.',\n NO_RECORD_FOUND:\n 'No AID TXT record found for the domain. Ensure the record exists at _agent.<domain>.',\n\n // Record validation\n INVALID_TXT_FORMAT:\n 'The AID TXT record has an invalid format. Ensure it follows v=aid1;key=value;... structure.',\n UNSUPPORTED_PROTOCOL:\n 'The specified protocol is not supported. See the official protocol registry for valid tokens.',\n DEPRECATED_RECORD:\n 'The AID record has been deprecated. Check the deprecation date and update accordingly.',\n\n // Security\n SECURITY_VIOLATION: 'A security check failed. The record or endpoint may be compromised.',\n TLS_VALIDATION_FAILED:\n 'TLS certificate validation failed. Ensure the certificate is valid and not expired.',\n PKA_HANDSHAKE_FAILED:\n 'PKA endpoint proof handshake failed. Verify the public key and private key configuration.',\n\n // Fallback\n FALLBACK_FAILED: 'The .well-known fallback failed. Ensure the HTTPS endpoint returns valid JSON.',\n\n // Byte limits\n BYTE_LIMIT_EXCEEDED: 'The record exceeds the 255-byte DNS limit. Use aliases and shorten fields.',\n\n // Warnings\n BYTE_LIMIT_WARNING: 'Record size is close to the 255-byte limit. Consider using aliases.',\n TLS_EXPIRING_SOON: 'TLS certificate expires soon. Renew to avoid interruptions.',\n DNSSEC_NOT_DETECTED: 'DNSSEC not detected. Enable for better integrity.',\n PKA_NOT_PRESENT: 'Endpoint proof (PKA) not present. Consider adding for security.',\n DOWNGRADE_DETECTED:\n 'Security downgrade detected: a previously present PKA or KID has been removed.',\n\n // Recommendations\n ENABLE_DNSSEC: 'Enable DNSSEC at your domain registrar to improve DNS integrity.',\n ADD_PKA: \"Add PKA endpoint proof by running 'aid-doctor pka generate'.\",\n RENEW_TLS: 'Renew your TLS certificate soon to avoid expiration.',\n USE_ALIASES: 'Use single-letter aliases (e.g., u for uri) to reduce record size.',\n} as const;\n","import { AidError, enforceRedirectPolicy, performPKAHandshake } from '@agentcommunity/aid';\nimport type { DoctorReport, CheckOptions, ProbeAttempt } from './types';\nimport { runBaseDiscovery } from './dns';\nimport { inspectTls } from './tls_inspect';\nimport { probeDnssecRrsigTxt } from './dnssec';\nimport { runProtocolProbe } from './protoProbe';\nimport { ERROR_MESSAGES } from './error_messages';\n\nfunction initReport(domain: string, protocol?: string): DoctorReport {\n return {\n domain,\n queried: {\n strategy: 'base-first',\n hint: { proto: protocol, source: 'cli', present: Boolean(protocol) },\n attempts: [],\n wellKnown: {\n attempted: false,\n used: false,\n url: null,\n httpStatus: null,\n contentType: null,\n byteLength: null,\n status: null,\n snippet: null,\n },\n },\n record: { raw: null, parsed: null, valid: false, warnings: [], errors: [] },\n dnssec: { present: false, method: 'RRSIG', proof: null },\n tls: {\n checked: false,\n valid: null,\n host: null,\n sni: null,\n issuer: null,\n san: null,\n validFrom: null,\n validTo: null,\n daysRemaining: null,\n redirectBlocked: null,\n },\n pka: {\n present: false,\n attempted: false,\n verified: null,\n kid: null,\n alg: null,\n createdSkewSec: null,\n covered: null,\n },\n downgrade: { checked: false, previous: null, status: null },\n exitCode: 1,\n cacheEntry: null,\n };\n}\n\nexport async function runCheck(domain: string, opts: CheckOptions): Promise<DoctorReport> {\n const report = initReport(domain, opts.protocol);\n\n try {\n const dnsRes = await runBaseDiscovery(domain, {\n ...(opts.protocol && { protocol: opts.protocol }),\n timeoutMs: opts.timeoutMs,\n allowFallback: opts.allowFallback,\n wellKnownTimeoutMs: opts.wellKnownTimeoutMs,\n });\n // This is the success path now\n const value = dnsRes.value!;\n const queryName = value.queryName;\n const attempt: ProbeAttempt = {\n name: queryName,\n type: 'TXT',\n result: 'NOERROR',\n ttl: value.ttl,\n };\n report.queried.attempts.push(attempt);\n if (value.queryName.startsWith('https')) {\n report.queried.wellKnown.used = true;\n report.queried.wellKnown.attempted = true;\n report.queried.wellKnown.url = value.queryName;\n }\n\n // Optional: probe proto subdomain even if base exists (for drift detection)\n if (opts.protocol && opts.probeProtoEvenIfBase) {\n const probeRes = await runProtocolProbe(domain, opts.protocol, opts.timeoutMs);\n report.queried.attempts.push(probeRes.attempt);\n if (!probeRes.error) {\n report.record.warnings.push({\n code: 'PROTOCOL_SUBDOMAIN_EXISTS',\n message: `A record exists at the protocol-specific subdomain _agent._${opts.protocol}.${domain}, which may differ from the base record.`,\n });\n }\n }\n\n // Fill record\n const record = value.record;\n report.record.parsed = record;\n report.record.valid = true;\n report.record.raw = (() => {\n // For DNS, we don't receive raw concatenated string from SDK; synthesize minimal\n // to enable byte warnings based on a canonicalized render.\n const parts: string[] = ['v=aid1'];\n if (record.uri) parts.push(`u=${record.uri}`);\n if (record.proto) parts.push(`p=${record.proto}`);\n if (record.auth) parts.push(`a=${record.auth}`);\n if (record.desc) parts.push(`s=${record.desc}`);\n if (record.docs) parts.push(`d=${record.docs}`);\n if (record.dep) {\n const depDate = new Date(record.dep);\n if (depDate.getTime() < Date.now()) {\n report.record.errors.push({\n code: 'DEPRECATED',\n message: ERROR_MESSAGES.DEPRECATED_RECORD,\n });\n report.record.valid = false;\n report.exitCode = 1001; // ERR_INVALID_TXT\n } else {\n report.record.warnings.push({\n code: 'DEPRECATION_SCHEDULED',\n message: `Record is scheduled for deprecation on ${record.dep}`,\n });\n }\n }\n if (record.pka) parts.push(`k=${record.pka}`);\n if (record.kid) parts.push(`i=${record.kid}`);\n return parts.join(';');\n })();\n\n // Byte length warning\n const byteLen = new TextEncoder().encode(report.record.raw).length;\n if (byteLen > 255) {\n report.record.warnings.push({\n code: 'BYTE_LIMIT',\n message: ERROR_MESSAGES.BYTE_LIMIT_EXCEEDED,\n });\n }\n\n // TLS redirect policy (minimal for M1; full TLS module to be added M2)\n const skipSecurity =\n typeof process !== 'undefined' && process.env && process.env.AID_SKIP_SECURITY === '1';\n if (!skipSecurity && record.proto !== 'local' && record.proto !== 'zeroconf') {\n try {\n await enforceRedirectPolicy(record.uri, opts.timeoutMs);\n // Only perform TLS inspection for HTTPS URLs\n if (record.uri.startsWith('https://')) {\n const tlsInfo = await inspectTls(record.uri, opts.timeoutMs);\n report.tls.checked = true;\n report.tls.valid = true;\n report.tls.host = tlsInfo.host;\n report.tls.sni = tlsInfo.sni;\n report.tls.issuer = tlsInfo.issuer;\n report.tls.san = tlsInfo.san;\n report.tls.validFrom = tlsInfo.validFrom;\n report.tls.validTo = tlsInfo.validTo;\n report.tls.daysRemaining = tlsInfo.daysRemaining;\n if (tlsInfo.daysRemaining !== null && tlsInfo.daysRemaining < 21) {\n report.record.warnings.push({\n code: 'TLS_EXPIRING',\n message: ERROR_MESSAGES.TLS_EXPIRING_SOON,\n });\n }\n } else {\n // Skip TLS for HTTP URLs\n report.tls.checked = false;\n report.tls.valid = null;\n }\n } catch (e) {\n const err = e as AidError;\n report.tls.checked = true;\n report.tls.valid = false;\n report.record.errors.push({ code: err.errorCode ?? 'ERR_SECURITY', message: err.message });\n report.exitCode = err instanceof AidError ? err.code : 1003;\n return report;\n }\n }\n\n // DNSSEC presence probe (best-effort)\n try {\n const r = await probeDnssecRrsigTxt(value.queryName);\n report.dnssec.present = r.present;\n report.dnssec.proof = r.proof;\n } catch {\n // ignore\n }\n\n // PKA presence (handshake can be enabled in future if exported by SDK)\n if (record.pka && record.kid) {\n report.pka.present = true;\n report.pka.kid = record.kid;\n report.pka.alg = 'ed25519'; // Per spec v1.1\n report.pka.attempted = true;\n try {\n await performPKAHandshake(record.uri, record.pka, record.kid);\n report.pka.verified = true;\n } catch (e) {\n const err = e as AidError;\n report.pka.verified = false;\n report.record.errors.push({\n code: err.errorCode ?? 'ERR_SECURITY',\n message: ERROR_MESSAGES.PKA_HANDSHAKE_FAILED,\n });\n report.exitCode = err instanceof AidError ? err.code : 1003;\n return report;\n }\n }\n\n // Downgrade cache logic\n if (opts.checkDowngrade) {\n report.downgrade.checked = true;\n if (opts.previousCacheEntry) {\n const prev = opts.previousCacheEntry;\n report.downgrade.previous = { pka: prev.pka, kid: prev.kid };\n const nowPka = record.pka ?? null;\n const nowKid = record.kid ?? null;\n if (prev.pka && !nowPka) {\n report.downgrade.status = 'downgrade';\n report.record.warnings.push({\n code: 'DOWNGRADE',\n message: ERROR_MESSAGES.DOWNGRADE_DETECTED,\n });\n } else if (prev.pka && nowPka && prev.pka !== nowPka) {\n report.downgrade.status = 'downgrade';\n report.record.warnings.push({\n code: 'DOWNGRADE',\n message: ERROR_MESSAGES.DOWNGRADE_DETECTED,\n });\n } else if (prev.kid && nowKid && prev.kid !== nowKid) {\n report.downgrade.status = 'downgrade';\n report.record.warnings.push({\n code: 'DOWNGRADE',\n message: ERROR_MESSAGES.DOWNGRADE_DETECTED,\n });\n } else {\n report.downgrade.status = 'no_change';\n }\n } else {\n report.downgrade.status = 'first_seen';\n }\n // Save current\n report.cacheEntry = {\n lastSeen: new Date().toISOString(),\n pka: record.pka ?? null,\n kid: record.kid ?? null,\n };\n }\n\n report.exitCode = 0;\n return report;\n } catch (e) {\n const err = e as AidError;\n report.exitCode = err instanceof AidError ? err.code : 1000;\n report.record.errors.push({ code: err.errorCode ?? 'ERR_NO_RECORD', message: err.message });\n\n // Populate well-known details on fallback failure\n if (err.errorCode === 'ERR_FALLBACK_FAILED' && err.details) {\n report.queried.wellKnown.attempted = true;\n report.queried.wellKnown.httpStatus = err.details.httpStatus as number | null;\n report.queried.wellKnown.contentType = err.details.contentType as string | null;\n report.queried.wellKnown.snippet = err.details.snippet as string | null;\n report.queried.wellKnown.byteLength = err.details.byteLength as number | null;\n }\n\n // Optional: run a protocol-specific probe for diagnostics if base failed\n if (opts.protocol && opts.probeProtoSubdomain) {\n const probeRes = await runProtocolProbe(domain, opts.protocol, opts.timeoutMs);\n report.queried.attempts.push(probeRes.attempt);\n }\n\n return report;\n }\n}\n","/**\n * @agentcommunity/aid-doctor - CLI tool for Agent Identity & Discovery\n *\n * This file contains the logic for the interactive record generator.\n */\n\nimport { parse } from '@agentcommunity/aid';\nimport type { ProtocolToken, AuthToken } from '@agentcommunity/aid';\n\n// Export the types needed by the UI\nexport type AidGeneratorData = {\n uri: string;\n proto: ProtocolToken | '';\n auth: AuthToken | '';\n desc: string;\n domain: string;\n docs?: string;\n dep?: string; // ISO 8601 UTC Z\n pka?: string; // zBase58\n kid?: string; // 1-6 chars [a-z0-9]\n};\n\n// The core logic function\nexport function buildTxtRecordVariant(formData: AidGeneratorData, useAliases: boolean): string {\n const parts: string[] = ['v=aid1'];\n const k = (full: string, alias: string) => (useAliases ? alias : full);\n if (formData.uri) parts.push(`${k('uri', 'u')}=${formData.uri}`);\n if (formData.proto) parts.push(`${k('proto', 'p')}=${formData.proto}`);\n if (formData.auth) parts.push(`${k('auth', 'a')}=${formData.auth}`);\n if (formData.desc) parts.push(`${k('desc', 's')}=${formData.desc}`);\n if (formData.docs) parts.push(`${k('docs', 'd')}=${formData.docs}`);\n if (formData.dep) parts.push(`${k('dep', 'e')}=${formData.dep}`);\n if (formData.pka) parts.push(`${k('pka', 'k')}=${formData.pka}`);\n if (formData.kid) parts.push(`${k('kid', 'i')}=${formData.kid}`);\n return parts.join(';');\n}\n\nexport function buildTxtRecord(formData: AidGeneratorData): string {\n const full = buildTxtRecordVariant(formData, false);\n const alias = buildTxtRecordVariant(formData, true);\n // Prefer alias if it reduces size otherwise use full\n return new TextEncoder().encode(alias).length <= new TextEncoder().encode(full).length\n ? alias\n : full;\n}\n\n// The validation logic\nexport function validateTxtRecord(record: string): { isValid: boolean; error?: string } {\n try {\n parse(record);\n return { isValid: true };\n } catch (error) {\n return { isValid: false, error: error instanceof Error ? error.message : 'Invalid' };\n }\n}\n","import { webcrypto as nodeWebcrypto } from 'node:crypto';\n\nfunction base58btcEncode(bytes: Uint8Array): string {\n const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\n let zeros = 0;\n while (zeros < bytes.length && bytes[zeros] === 0) zeros++;\n const size = Math.ceil((bytes.length * Math.log(256)) / Math.log(58)) + 1;\n const b = new Uint8Array(size);\n let length = 0;\n for (let i = zeros; i < bytes.length; i++) {\n let carry = bytes[i];\n let j = size - 1;\n while (carry !== 0 || j >= size - length) {\n carry += 256 * b[j];\n b[j] = carry % 58;\n carry = Math.floor(carry / 58);\n j--;\n }\n length = size - 1 - j;\n }\n let it = size - length;\n while (it < size && b[it] === 0) it++;\n let out = '1'.repeat(zeros);\n for (let i = it; i < size; i++) out += ALPHABET[b[i]];\n return out;\n}\n\n/**\n * Pure function that generates Ed25519 key pair without any side effects.\n * Returns the key data that can be used by consumers to handle storage.\n */\nexport async function generateEd25519KeyPair(): Promise<{\n publicKey: string;\n privateKeyPem: string;\n privateKeyBytes: Uint8Array;\n}> {\n const kp = (await nodeWebcrypto.subtle.generateKey('Ed25519', true, [\n 'sign',\n 'verify',\n ])) as CryptoKeyPair;\n const rawPub = new Uint8Array(await nodeWebcrypto.subtle.exportKey('raw', kp.publicKey));\n const pkcs8 = new Uint8Array(await nodeWebcrypto.subtle.exportKey('pkcs8', kp.privateKey));\n const pubMb = 'z' + base58btcEncode(rawPub);\n const pem =\n '-----BEGIN PRIVATE KEY-----\\n' +\n Buffer.from(pkcs8).toString('base64') +\n '\\n-----END PRIVATE KEY-----\\n';\n\n return {\n publicKey: pubMb,\n privateKeyPem: pem,\n privateKeyBytes: pkcs8,\n };\n}\n\nexport function verifyPka(pka: string): { valid: boolean; reason?: string } {\n if (!pka || pka[0] !== 'z') return { valid: false, reason: 'Missing z multibase prefix' };\n const s = pka.slice(1);\n const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\n for (const c of s)\n if (!ALPHABET.includes(c)) return { valid: false, reason: 'Invalid base58 character' };\n // Perform a simple decode length check by rough sizing: base58 ~ 1.37x expansion\n const approx = Math.floor((s.length * Math.log(58)) / Math.log(256));\n if (approx !== 32 && approx !== 33) return { valid: false, reason: 'Unexpected key length' };\n return { valid: true };\n}\n"]}