feat: implement security layer and conflict resolution

- Added ECDH P-256 based security handshake with AES-256-CBC + HMAC-SHA256
- Implemented CryptoHelper, SecureHandshakeService, ClusterKeyAuthenticator
- Integrated encryption/decryption in TcpSyncClient and TcpSyncServer
- Implemented conflict resolution: LastWriteWinsConflictResolver and RecursiveNodeMergeConflictResolver
- Updated TcpSyncServer to use options-based constructor
- Synchronized sync.proto from EntglDb.Net for cross-platform compatibility
- Removed React Native support to simplify project scope

Note: Minor TypeScript compilation issues remain (OplogEntry export, Buffer types)

Author: mrdevrobot

apps/demo/demo.ts

@@ -28,7 +28,12 @@ async function main() {
     await db1.initialize();
 
     // Start sync server on Node 1
-    const server1 = new TcpSyncServer(store1, 'node-1', 3001, 'secret123');
+    const server1 = new TcpSyncServer({
+        store: store1,
+        nodeId: 'node-1',
+        port: 3001,
+        authToken: 'secret123'
+    });
     server1.start();
 
     // Start UDP Discovery on Node 1
@@ -56,7 +61,12 @@ async function main() {
     await db2.initialize();
 
     // Start sync server on Node 2
-    const server2 = new TcpSyncServer(store2, 'node-2', 3002, 'secret123');
+    const server2 = new TcpSyncServer({
+        store: store2,
+        nodeId: 'node-2',
+        port: 3002,
+        authToken: 'secret123'
+    });
     server2.start();
 
     // Start UDP Discovery on Node 2

packages/core/src/index.ts

@@ -8,5 +8,8 @@ export { HLClock } from './hlc/clock';
 // Storage interface
 export { IPeerStore } from './storage/interface';
 
+// Sync and conflict resolution
+export * from './sync';
+
 // Re-export protocol types for convenience
 export type { HLCTimestamp, Document, OplogEntry } from '@entgldb/protocol';

packages/core/src/sync/conflict-resolver.ts

@@ -0,0 +1,32 @@
+import { OplogEntry } from '../storage/interface';
+
+/**
+ * Result of conflict resolution between local and remote changes
+ */
+export class ConflictResolutionResult {
+    constructor(
+        public readonly shouldApply: boolean,
+        public readonly mergedDocument?: any
+    ) { }
+
+    static apply(document: any): ConflictResolutionResult {
+        return new ConflictResolutionResult(true, document);
+    }
+
+    static ignore(): ConflictResolutionResult {
+        return new ConflictResolutionResult(false, undefined);
+    }
+}
+
+/**
+ * Interface for conflict resolution strategies
+ */
+export interface IConflictResolver {
+    /**
+     * Resolve conflict between local document and remote change
+     * @param local - Local document (null if doesn't exist)
+     * @param remote - Remote oplog entry
+     * @returns Resolution result with merged document if should apply
+     */
+    resolve(local: any | null, remote: OplogEntry): ConflictResolutionResult;
+}

packages/core/src/sync/index.ts

@@ -0,0 +1,3 @@
+export { IConflictResolver, ConflictResolutionResult } from './conflict-resolver';
+export { LastWriteWinsConflictResolver } from './last-write-wins-resolver';
+export { RecursiveNodeMergeConflictResolver } from './recursive-merge-resolver';

packages/core/src/sync/last-write-wins-resolver.ts

@@ -0,0 +1,54 @@
+import { OplogEntry } from '@entgldb/protocol';
+import { IConflictResolver, ConflictResolutionResult } from './conflict-resolver';
+
+/**
+ * Last-Write-Wins conflict resolution strategy
+ * Resolves conflicts based on HLC timestamp comparison
+ */
+export class LastWriteWinsConflictResolver implements IConflictResolver {
+    resolve(local: any | null, remote: OplogEntry): ConflictResolutionResult {
+        // If no local document exists, always apply remote change
+        if (local === null || local === undefined) {
+            // Construct new document from oplog entry
+            const content = remote.data ? JSON.parse(Buffer.from(remote.data).toString('utf-8')) : {};
+            const newDoc = {
+                collection: remote.collection,
+                key: remote.key,
+                content,
+                updatedAt: remote.timestamp,
+                isDeleted: remote.operation === 'delete'
+            };
+            return ConflictResolutionResult.apply(newDoc);
+        }
+
+        // If local exists, compare timestamps
+        if (this.compareTimestamps(remote.timestamp, local.updatedAt) > 0) {
+            // Remote is newer, apply it
+            const content = remote.data ? JSON.parse(Buffer.from(remote.data).toString('utf-8')) : {};
+            const newDoc = {
+                collection: remote.collection,
+                key: remote.key,
+                content,
+                updatedAt: remote.timestamp,
+                isDeleted: remote.operation === 'delete'
+            };
+            return ConflictResolutionResult.apply(newDoc);
+        }
+
+        // Local is newer or equal, ignore remote
+        return ConflictResolutionResult.ignore();
+    }
+
+    private compareTimestamps(a: any, b: any): number {
+        // Compare HLC timestamps
+        // Format: { wallTime: bigint, counter: number, nodeId: string }
+        if (a.wallTime > b.wallTime) return 1;
+        if (a.wallTime < b.wallTime) return -1;
+
+        if (a.counter > b.counter) return 1;
+        if (a.counter < b.counter) return -1;
+
+        // If timestamps are equal, compare nodeId for determinism
+        return a.nodeId.localeCompare(b.nodeId);
+    }
+}

packages/core/src/sync/recursive-merge-resolver.ts

@@ -0,0 +1,210 @@
+import { OplogEntry } from '@entgldb/protocol';
+import { IConflictResolver, ConflictResolutionResult } from './conflict-resolver';
+
+/**
+ * Recursive JSON merge conflict resolution strategy
+ * Performs deep merge of JSON objects with intelligent array handling
+ */
+export class RecursiveNodeMergeConflictResolver implements IConflictResolver {
+    resolve(local: any | null, remote: OplogEntry): ConflictResolutionResult {
+        // If no local document, apply remote
+        if (local === null || local === undefined) {
+            const content = remote.data ? JSON.parse(Buffer.from(remote.data).toString('utf-8')) : {};
+            const newDoc = {
+                collection: remote.collection,
+                key: remote.key,
+                content,
+                updatedAt: remote.timestamp,
+                isDeleted: remote.operation === 'delete'
+            };
+            return ConflictResolutionResult.apply(newDoc);
+        }
+
+        // If remote is delete, check timestamp
+        if (remote.operation === 'delete') {
+            if (this.compareTimestamps(remote.timestamp, local.updatedAt) > 0) {
+                const newDoc = {
+                    collection: remote.collection,
+                    key: remote.key,
+                    content: {},
+                    updatedAt: remote.timestamp,
+                    isDeleted: true
+                };
+                return ConflictResolutionResult.apply(newDoc);
+            }
+            return ConflictResolutionResult.ignore();
+        }
+
+        const localContent = local.content;
+        const remoteContent = remote.data ? JSON.parse(Buffer.from(remote.data).toString('utf-8')) : {};
+        const localTs = local.updatedAt;
+        const remoteTs = remote.timestamp;
+
+        // If either is undefined/null, use LWW
+        if (!localContent || !remoteContent) {
+            if (this.compareTimestamps(remoteTs, localTs) > 0) {
+                return ConflictResolutionResult.apply({
+                    collection: remote.collection,
+                    key: remote.key,
+                    content: remoteContent,
+                    updatedAt: remoteTs,
+                    isDeleted: false
+                });
+            }
+            return ConflictResolutionResult.ignore();
+        }
+
+        // Perform recursive merge
+        const mergedContent = this.mergeJson(localContent, localTs, remoteContent, remoteTs);
+        const maxTimestamp = this.compareTimestamps(remoteTs, localTs) > 0 ? remoteTs : localTs;
+
+        const mergedDoc = {
+            collection: remote.collection,
+            key: remote.key,
+            content: mergedContent,
+            updatedAt: maxTimestamp,
+            isDeleted: false
+        };
+
+        return ConflictResolutionResult.apply(mergedDoc);
+    }
+
+    private mergeJson(local: any, localTs: any, remote: any, remoteTs: any): any {
+        // If types differ, use LWW
+        const localType = this.getType(local);
+        const remoteType = this.getType(remote);
+
+        if (localType !== remoteType) {
+            return this.compareTimestamps(remoteTs, localTs) > 0 ? remote : local;
+        }
+
+        // Handle objects
+        if (localType === 'object') {
+            return this.mergeObjects(local, localTs, remote, remoteTs);
+        }
+
+        // Handle arrays
+        if (localType === 'array') {
+            return this.mergeArrays(local, localTs, remote, remoteTs);
+        }
+
+        // Primitives - use LWW
+        if (local === remote) {
+            return local;
+        }
+        return this.compareTimestamps(remoteTs, localTs) > 0 ? remote : local;
+    }
+
+    private mergeObjects(local: any, localTs: any, remote: any, remoteTs: any): any {
+        const result: any = {};
+        const processedKeys = new Set<string>();
+
+        // Process local keys
+        for (const key of Object.keys(local)) {
+            processedKeys.add(key);
+
+            if (key in remote) {
+                // Collision - merge recursively
+                result[key] = this.mergeJson(local[key], localTs, remote[key], remoteTs);
+            } else {
+                // Only in local
+                result[key] = local[key];
+            }
+        }
+
+        // Add remaining remote keys
+        for (const key of Object.keys(remote)) {
+            if (!processedKeys.has(key)) {
+                result[key] = remote[key];
+            }
+        }
+
+        return result;
+    }
+
+    private mergeArrays(local: any[], localTs: any, remote: any[], remoteTs: any): any[] {
+        // Heuristic: check if arrays contain objects
+        const localHasObjects = this.hasObjects(local);
+        const remoteHasObjects = this.hasObjects(remote);
+
+        // If both don't have objects or mismatch, use LWW
+        if (!localHasObjects || !remoteHasObjects || localHasObjects !== remoteHasObjects) {
+            return this.compareTimestamps(remoteTs, localTs) > 0 ? remote : local;
+        }
+
+        // Both have objects - try to merge by ID
+        const localMap = this.mapById(local);
+        const remoteMap = this.mapById(remote);
+
+        // If couldn't create ID maps, fallback to LWW
+        if (!localMap || !remoteMap) {
+            return this.compareTimestamps(remoteTs, localTs) > 0 ? remote : local;
+        }
+
+        const result: any[] = [];
+        const processedIds = new Set<string>();
+
+        // Process local items
+        for (const [id, localItem] of localMap.entries()) {
+            processedIds.add(id);
+
+            if (remoteMap.has(id)) {
+                // Merge recursively
+                const remoteItem = remoteMap.get(id)!;
+                result.push(this.mergeJson(localItem, localTs, remoteItem, remoteTs));
+            } else {
+                // Keep local item
+                result.push(localItem);
+            }
+        }
+
+        // Add new remote items
+        for (const [id, remoteItem] of remoteMap.entries()) {
+            if (!processedIds.has(id)) {
+                result.push(remoteItem);
+            }
+        }
+
+        return result;
+    }
+
+    private hasObjects(arr: any[]): boolean {
+        if (arr.length === 0) return false;
+        return this.getType(arr[0]) === 'object';
+    }
+
+    private mapById(arr: any[]): Map<string, any> | null {
+        const map = new Map<string, any>();
+
+        for (const item of arr) {
+            if (this.getType(item) !== 'object') return null;
+
+            let id: string | null = null;
+            if ('id' in item) id = String(item.id);
+            else if ('_id' in item) id = String(item._id);
+
+            if (!id) return null; // Missing ID
+            if (map.has(id)) return null; // Duplicate ID
+
+            map.set(id, item);
+        }
+
+        return map;
+    }
+
+    private getType(value: any): string {
+        if (value === null || value === undefined) return 'null';
+        if (Array.isArray(value)) return 'array';
+        return typeof value;
+    }
+
+    private compareTimestamps(a: any, b: any): number {
+        if (a.wallTime > b.wallTime) return 1;
+        if (a.wallTime < b.wallTime) return -1;
+
+        if (a.counter > b.counter) return 1;
+        if (a.counter < b.counter) return -1;
+
+        return a.nodeId.localeCompare(b.nodeId);
+    }
+}