UNPKG

@x402-hpke/node

Version:

Provider-agnostic HPKE envelope library for x402 (Node) — cross-language interop with Python

github.com/scryptedai/x402-hpke

scryptedai/x402-hpke

51 lines (50 loc) 2.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { seal, open } from "./envelope.js"; import { generateKeyPair, selectJwkFromJwks, fetchJwks, setJwks, generatePublicJwk } from "./keys.js"; import { canonicalAad } from "./aad.js"; import { NsForbiddenError, JwksUrlRequiredError } from "./errors.js"; export { canonicalAad, buildCanonicalAad, validateX402Core } from "./aad.js"; export { generateKeyPair, selectJwkFromJwks, generatePublicJwk, generateJwks, generateSingleJwks } from "./keys.js"; export * from "./payment.js"; export * from "./extensions.js"; export * from "./helpers.js"; export { sealChunkXChaCha, openChunkXChaCha } from "./streaming.js"; export * as X402Errors from "./errors.js"; export { CanonicalHeaders } from "./constants.js"; export { x402SecureTransport } from "./x402SecureTransport.js"; export const X402_HPKE_VERSION = "v1"; export const X402_HPKE_SUITE = "X25519-HKDF-SHA256-CHACHA20POLY1305"; export function createHpke(opts) { const ns = opts.namespace; if (!ns || ns.toLowerCase() === "x402") { throw new NsForbiddenError("NS_FORBIDDEN"); } const kem = opts.kem ?? "X25519"; const kdf = opts.kdf ?? "HKDF-SHA256"; const aead = opts.aead ?? "CHACHA20-POLY1305"; const defaultMakePublic = opts.publicEntities; return { namespace: ns, kem, kdf, aead, version: X402_HPKE_VERSION, suite: X402_HPKE_SUITE, seal: (args) => { const makeEntitiesPublic = args.makeEntitiesPublic ?? defaultMakePublic; return seal({ ...args, makeEntitiesPublic, namespace: ns, kem, kdf, aead }); }, open: (args) => open({ ...args, namespace: ns, kem, kdf, aead }), canonicalAad: (x402, app) => canonicalAad(ns, x402, app), generateKeyPair, generatePublicJwk, selectJwkFromJwks, // Simplified JWKS fetch: prefer explicit url, fall back to createHpke(opts).jwksUrl async fetchJwks(url, ttl) { const effectiveUrl = url ?? opts.jwksUrl; if (!effectiveUrl) throw new JwksUrlRequiredError("JWKS_URL_REQUIRED"); return fetchJwks(effectiveUrl, ttl); }, setJwks, }; }