2026-05-03 19:36:47 +02:00
|
|
|
/**
|
|
|
|
|
* Structural surface @shade/files needs from a Shade instance.
|
|
|
|
|
*
|
|
|
|
|
* Defining this locally — instead of `import type { Shade } from '@shade/sdk'`
|
|
|
|
|
* — breaks the @shade/sdk ↔ @shade/files dependency cycle. Without this
|
|
|
|
|
* break, a consumer that installs @shade/sdk from a registry ends up with
|
|
|
|
|
* two distinct `Shade` classes in `node_modules` (one from
|
|
|
|
|
* `@shade/sdk/node_modules/@shade/files/.../Shade`, one from
|
|
|
|
|
* `@shade/sdk/Shade`). TypeScript treats them as nominally different types,
|
|
|
|
|
* raising `this is not assignable to Shade` from inside SDK methods that
|
|
|
|
|
* pass `this` into `createFilesNamespace`.
|
|
|
|
|
*
|
|
|
|
|
* The Shade class structurally implements every member listed below, so
|
|
|
|
|
* `createFilesNamespace(this)` from the SDK side compiles regardless of
|
|
|
|
|
* how many copies of @shade/sdk a consumer's package manager installs.
|
|
|
|
|
*
|
|
|
|
|
* Member signatures match Shade's exactly so this is a structural
|
|
|
|
|
* subtype, not a parallel API.
|
|
|
|
|
*/
|
|
|
|
|
import type { ShadeEnvelope } from '@shade/core';
|
|
|
|
|
import type {
|
|
|
|
|
IncomingTransfer,
|
|
|
|
|
TransferHandle,
|
|
|
|
|
TransferOptions,
|
|
|
|
|
} from '@shade/transfer';
|
|
|
|
|
import type { ObservabilityHook } from '@shade/observability';
|
|
|
|
|
|
|
|
|
|
export interface ShadeBridge {
|
|
|
|
|
/** Address that names this Shade instance to peers. */
|
|
|
|
|
readonly myAddress: string;
|
|
|
|
|
|
|
|
|
|
/** Encrypt + send `plaintext` to `peer`; returns the wire envelope. */
|
|
|
|
|
send(peer: string, plaintext: string): Promise<ShadeEnvelope>;
|
|
|
|
|
|
release(v4.1.0): browser-friendly HTTP RPC for @shade/files
Default shade.files.client(peer) requires both peers to be mutually
addressable over HTTP — the response round-trips through
Shade.deliverControlEnvelope (POST to peer's /v1/transfer/control).
Browser tabs can't host an HTTP server, so they couldn't consume
@shade/files at all. Dispatch's filutforsker (admin-panel browser UI)
is the canonical use-case.
This release adds a parallel request-response transport: one POST per
RPC, encrypted envelope in the body, encrypted response in the same
HTTP response. No inbound channel needed on the client.
### New API
- shade.files.rpcRoute(opts?) — Hono app exposing POST /rpc.
- shade.files.httpClient(peer, opts) — request-response FileClient.
- FilesNamespace.serve(handler, { inlineOnly: true }) — skip streams-
bridge (and its configureTransfers pre-condition); also skip
channel-based dispatch so requests aren't double-dispatched.
### Limitations (v1)
Inline only (≤ 256 KiB). Streamed reads/writes throw clear errors
directing to shade.files.client(peer) on a server-to-server deploy.
### Tests
7 integration tests in tests/integration/http-rpc.test.ts covering
round-trip + negative cases (sender header, empty/garbage body,
maxBodyBytes, rpcRoute-without-serve).
### Symmetry
Mirrors @shade/server's shade-auth-middleware: encrypted envelope in
request body, decrypted via existing ratchet, response in same HTTP
roundtrip. No WebSocket, no SSE, no outbound from server.
Wire-compatible. Source-compatible. Lockstep bump to 4.1.0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 22:08:14 +02:00
|
|
|
/**
|
|
|
|
|
* Decrypt an inbound envelope from `peer` and return the plaintext.
|
|
|
|
|
* Used by the request-response RPC route on the server side.
|
|
|
|
|
*/
|
|
|
|
|
receive(peer: string, envelope: ShadeEnvelope): Promise<string>;
|
|
|
|
|
|
2026-05-03 19:36:47 +02:00
|
|
|
/**
|
|
|
|
|
* Subscribe to incoming ratchet plaintext. Returns an unsubscribe.
|
|
|
|
|
* Handlers may be sync or async; async handlers are awaited in
|
|
|
|
|
* registration order.
|
|
|
|
|
*/
|
|
|
|
|
onMessage(
|
|
|
|
|
handler: (from: string, plaintext: string) => void | Promise<void>,
|
|
|
|
|
): () => void;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Upload bytes via the SDK's transfer engine. Required when the bridge
|
|
|
|
|
* is used with `streams` content I/O (read/write > 256 KiB).
|
|
|
|
|
*/
|
|
|
|
|
upload(opts: TransferOptions): Promise<TransferHandle>;
|
|
|
|
|
|
|
|
|
|
/** Subscribe to incoming transfers initiated by a peer. */
|
|
|
|
|
onIncomingTransfer(
|
|
|
|
|
handler: (incoming: IncomingTransfer) => void | Promise<void>,
|
|
|
|
|
): Promise<() => void>;
|
|
|
|
|
|
|
|
|
|
/** Fingerprint accessor for the trust-gate hooks. */
|
|
|
|
|
getFingerprintFor(peer: string): Promise<string>;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Optional inheritable observability bus. Files inherits the bus when
|
|
|
|
|
* the SDK passes one in via the namespace; otherwise files runs without
|
|
|
|
|
* observability hooks.
|
|
|
|
|
*/
|
|
|
|
|
getObservability?(): ObservabilityHook | undefined;
|
|
|
|
|
|
|
|
|
|
/** Optional control-envelope passthrough used by the WebRTC bridge. */
|
|
|
|
|
deliverControlEnvelope?(peer: string, envelope: ShadeEnvelope): Promise<void>;
|
|
|
|
|
}
|