@ai-dossier/core 1.0.1 → 1.0.3

package/dist/parser.js

@@ -1,35 +1,71 @@
 "use strict";
 /**
- * Dossier parser - extracts frontmatter and body from dossier files
+ * Dossier parser - extracts frontmatter and body from dossier files.
+ *
+ * Supports two frontmatter formats:
+ *   1. ---dossier\n{JSON or YAML}\n---  (dossier-specific delimiter)
+ *   2. ---\n{YAML}\n---                 (standard markdown frontmatter)
  */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.VALID_RISK_LEVELS = exports.VALID_STATUSES = exports.RECOMMENDED_FIELDS = exports.REQUIRED_FIELDS = void 0;
 exports.parseDossierContent = parseDossierContent;
 exports.parseDossierFile = parseDossierFile;
 exports.validateFrontmatter = validateFrontmatter;
+const gray_matter_1 = __importDefault(require("gray-matter"));
 const errors_1 = require("./utils/errors");
 const fs_1 = require("./utils/fs");
+/** Required fields for a valid dossier frontmatter. */
+exports.REQUIRED_FIELDS = ['dossier_schema_version', 'title', 'version'];
+/** Recommended (but optional) fields. */
+exports.RECOMMENDED_FIELDS = ['objective', 'risk_level', 'status'];
+/** Valid values for the status field (Title Case, matching DossierStatus type and schema). */
+exports.VALID_STATUSES = ['Draft', 'Stable', 'Deprecated', 'Experimental'];
+/** Valid values for the risk_level field. */
+exports.VALID_RISK_LEVELS = ['low', 'medium', 'high', 'critical'];
 /**
- * Parse dossier content into frontmatter and body
- * Format: ---dossier\n{JSON}\n---\n[body]
+ * Parse dossier content into frontmatter and body.
+ *
+ * Accepts both `---dossier` (JSON/YAML) and standard `---` (YAML) frontmatter.
  */
 function parseDossierContent(content) {
-    const frontmatterRegex = /^---dossier\s*\n([\s\S]*?)\n---\s*\n([\s\S]*)$/m;
-    const match = content.match(frontmatterRegex);
-    if (!match) {
-        throw new Error('Invalid dossier format. Expected:\n---dossier\n{...}\n---\n[body]');
+    if (!content || typeof content !== 'string') {
+        throw new Error('Invalid dossier format. Content must be a non-empty string.');
     }
-    const frontmatterJson = match[1];
-    const body = match[2];
-    let frontmatter;
+    // Normalize dossier-specific delimiters to standard --- for gray-matter
+    let normalized = content;
+    if (content.startsWith('---dossier')) {
+        // Strip "---dossier" and any trailing text on the same line, keep the newline
+        const firstNewline = content.indexOf('\n');
+        normalized = `---\n${firstNewline >= 0 ? content.slice(firstNewline + 1) : ''}`;
+    }
+    else if (content.startsWith('---json')) {
+        const firstNewline = content.indexOf('\n');
+        normalized = `---\n${firstNewline >= 0 ? content.slice(firstNewline + 1) : ''}`;
+    }
+    else if (!content.startsWith('---')) {
+        throw new Error('Invalid dossier format. Expected:\n---dossier\n{...}\n---\n[body]\nor standard YAML frontmatter (---)');
+    }
+    let parsed;
     try {
-        frontmatter = JSON.parse(frontmatterJson);
+        parsed = (0, gray_matter_1.default)(normalized);
     }
     catch (err) {
-        throw new Error(`Failed to parse frontmatter JSON: ${(0, errors_1.getErrorMessage)(err)}`);
+        throw new Error(`Failed to parse frontmatter: ${(0, errors_1.getErrorMessage)(err)}`);
+    }
+    // Verify we actually got frontmatter data
+    if (!parsed.data || Object.keys(parsed.data).length === 0) {
+        // Check if there was frontmatter content at all
+        const hasDelimiters = /^---\s*\r?\n[\s\S]*?\r?\n---/.test(normalized);
+        if (!hasDelimiters) {
+            throw new Error('Invalid dossier format. Expected:\n---dossier\n{...}\n---\n[body]\nor standard YAML frontmatter (---)');
+        }
     }
     return {
-        frontmatter,
-        body,
+        frontmatter: parsed.data,
+        body: parsed.content,
         raw: content,
     };
 }
@@ -41,33 +77,29 @@ function parseDossierFile(filePath) {
     return parseDossierContent(content);
 }
 /**
- * Validate required frontmatter fields
+ * Validate required frontmatter fields.
+ *
+ * Checks for required fields (dossier_schema_version, title, version),
+ * and validates enum values for status and risk_level.
  */
 function validateFrontmatter(frontmatter) {
     const errors = [];
-    const required = [
-        'version',
-        'protocol_version',
-        'title',
-        'objective',
-        'risk_level',
-        'risk_factors',
-        'destructive_operations',
-    ];
-    for (const field of required) {
+    for (const field of exports.REQUIRED_FIELDS) {
         if (!(field in frontmatter)) {
             errors.push(`Missing required field: ${field}`);
         }
     }
     // Validate risk_level enum
-    const validRiskLevels = ['low', 'medium', 'high', 'critical'];
-    if (frontmatter.risk_level && !validRiskLevels.includes(frontmatter.risk_level)) {
-        errors.push(`Invalid risk_level: ${frontmatter.risk_level}. Must be one of: ${validRiskLevels.join(', ')}`);
+    if (frontmatter.risk_level &&
+        !exports.VALID_RISK_LEVELS.includes(frontmatter.risk_level.toLowerCase())) {
+        errors.push(`Invalid risk_level: ${frontmatter.risk_level}. Must be one of: ${exports.VALID_RISK_LEVELS.join(', ')}`);
     }
-    // Validate status enum
-    const validStatuses = ['draft', 'stable', 'deprecated'];
-    if (frontmatter.status && !validStatuses.includes(frontmatter.status)) {
-        errors.push(`Invalid status: ${frontmatter.status}. Must be one of: ${validStatuses.join(', ')}`);
+    // Validate status enum (case-insensitive)
+    if (frontmatter.status) {
+        const statusLower = String(frontmatter.status).toLowerCase();
+        if (!exports.VALID_STATUSES.some((s) => s.toLowerCase() === statusLower)) {
+            errors.push(`Invalid status: ${frontmatter.status}. Must be one of: ${exports.VALID_STATUSES.join(', ')}`);
+        }
     }
     return errors;
 }

package/dist/parser.js.map

@@ -1 +1 @@
-{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAUH,kDAuBC;AAKD,4CAGC;AAKD,kDAmCC;AA9ED,2CAAiD;AACjD,mCAA8C;AAE9C;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,gBAAgB,GAAG,iDAAiD,CAAC;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAE9C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEtB,IAAI,WAA+B,CAAC;IACpC,IAAI,CAAC;QACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAA,wBAAe,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO;QACL,WAAW;QACX,IAAI;QACJ,GAAG,EAAE,OAAO;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,OAAO,GAAG,IAAA,qBAAgB,EAAC,QAAQ,EAAE,gCAAgC,CAAW,CAAC;IACvF,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,WAA+B;IACjE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG;QACf,SAAS;QACT,kBAAkB;QAClB,OAAO;QACP,WAAW;QACX,YAAY;QACZ,cAAc;QACd,wBAAwB;KACzB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC,CAAC,KAAK,IAAI,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAI,WAAW,CAAC,UAAU,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAChF,MAAM,CAAC,IAAI,CACT,uBAAuB,WAAW,CAAC,UAAU,qBAAqB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/F,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxD,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACtE,MAAM,CAAC,IAAI,CACT,mBAAmB,WAAW,CAAC,MAAM,qBAAqB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;AAwBH,kDA2CC;AAKD,4CAGC;AAQD,kDAgCC;AAjHD,8DAAiC;AAEjC,2CAAiD;AACjD,mCAA8C;AAE9C,uDAAuD;AAC1C,QAAA,eAAe,GAAG,CAAC,wBAAwB,EAAE,OAAO,EAAE,SAAS,CAAU,CAAC;AAEvF,yCAAyC;AAC5B,QAAA,kBAAkB,GAAG,CAAC,WAAW,EAAE,YAAY,EAAE,QAAQ,CAAU,CAAC;AAEjF,8FAA8F;AACjF,QAAA,cAAc,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,cAAc,CAAU,CAAC;AAEzF,6CAA6C;AAChC,QAAA,iBAAiB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAU,CAAC;AAEhF;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IACjD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IAED,wEAAwE;IACxE,IAAI,UAAU,GAAG,OAAO,CAAC;IACzB,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACrC,8EAA8E;QAC9E,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3C,UAAU,GAAG,QAAQ,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAClF,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3C,UAAU,GAAG,QAAQ,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAClF,CAAC;SAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,MAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,qBAAM,EAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAA,wBAAe,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,0CAA0C;IAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,gDAAgD;QAChD,MAAM,aAAa,GAAG,8BAA8B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,IAA0B;QAC9C,IAAI,EAAE,MAAM,CAAC,OAAO;QACpB,GAAG,EAAE,OAAO;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,OAAO,GAAG,IAAA,qBAAgB,EAAC,QAAQ,EAAE,gCAAgC,CAAW,CAAC;IACvF,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,WAA+B;IACjE,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,KAAK,IAAI,uBAAe,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,KAAK,IAAI,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IACE,WAAW,CAAC,UAAU;QACtB,CAAC,yBAAiB,CAAC,QAAQ,CACzB,WAAW,CAAC,UAAU,CAAC,WAAW,EAAwC,CAC3E,EACD,CAAC;QACD,MAAM,CAAC,IAAI,CACT,uBAAuB,WAAW,CAAC,UAAU,qBAAqB,yBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjG,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7D,IAAI,CAAC,sBAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CACT,mBAAmB,WAAW,CAAC,MAAM,qBAAqB,sBAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/risk-assessment.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Verification risk assessment for dossiers.
+ *
+ * Evaluates checksum, signature, and declared risk level
+ * to produce a recommendation (ALLOW or BLOCK).
+ */
+import type { DossierFrontmatter } from './types';
+export interface ChecksumStatus {
+    passed: boolean;
+}
+export interface SignatureStatus {
+    present: boolean;
+    verified: boolean;
+    trusted: boolean;
+}
+export type VerificationRiskLevel = 'low' | 'medium' | 'high' | 'critical';
+export interface VerificationRiskResult {
+    level: VerificationRiskLevel;
+    issues: string[];
+    recommendation: 'ALLOW' | 'BLOCK';
+}
+export declare function assessVerificationRisk(declaredRiskLevel: string | undefined, checksumResult: ChecksumStatus, signatureResult: SignatureStatus): VerificationRiskResult;
+export interface ContentRiskResult {
+    level: VerificationRiskLevel;
+    issues: string[];
+    undeclaredUrls: string[];
+}
+export declare function assessContentRisk(frontmatter: DossierFrontmatter, body: string): ContentRiskResult;
+//# sourceMappingURL=risk-assessment.d.ts.map

package/dist/risk-assessment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessment.d.ts","sourceRoot":"","sources":["../src/risk-assessment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAGlD,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,qBAAqB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE3E,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,OAAO,GAAG,OAAO,CAAC;CACnC;AAED,wBAAgB,sBAAsB,CACpC,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,cAAc,EAAE,cAAc,EAC9B,eAAe,EAAE,eAAe,GAC/B,sBAAsB,CA2CxB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,MAAM,GACX,iBAAiB,CAuCnB"}

package/dist/risk-assessment.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * Verification risk assessment for dossiers.
+ *
+ * Evaluates checksum, signature, and declared risk level
+ * to produce a recommendation (ALLOW or BLOCK).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assessVerificationRisk = assessVerificationRisk;
+exports.assessContentRisk = assessContentRisk;
+const url_scanner_1 = require("./utils/url-scanner");
+function assessVerificationRisk(declaredRiskLevel, checksumResult, signatureResult) {
+    const issues = [];
+    let riskLevel = 'low';
+    let shouldBlock = false;
+    // Checksum failure is critical
+    if (!checksumResult.passed) {
+        issues.push('Checksum verification FAILED - content has been tampered with');
+        riskLevel = 'critical';
+        shouldBlock = true;
+    }
+    // Signature issues
+    if (signatureResult.present && !signatureResult.verified) {
+        issues.push('Signature verification FAILED or could not be verified');
+        if (riskLevel !== 'critical')
+            riskLevel = 'high';
+        shouldBlock = true;
+    }
+    // Valid signature but not trusted - BLOCK execution
+    if (signatureResult.present && signatureResult.verified && !signatureResult.trusted) {
+        issues.push('Signature is valid but signer is not in your trusted keys list');
+        issues.push('Add the public key to ~/.dossier/trusted-keys.txt to trust this signer');
+        if (riskLevel === 'low')
+            riskLevel = 'medium';
+        shouldBlock = true;
+    }
+    // No signature on high-risk dossier
+    if (!signatureResult.present && declaredRiskLevel === 'high') {
+        issues.push('High-risk dossier without signature');
+        if (riskLevel === 'low')
+            riskLevel = 'medium';
+    }
+    if (!signatureResult.present && declaredRiskLevel === 'critical') {
+        issues.push('Critical-risk dossier without signature');
+        if (riskLevel !== 'critical')
+            riskLevel = 'high';
+    }
+    return {
+        level: riskLevel,
+        issues,
+        recommendation: shouldBlock ? 'BLOCK' : 'ALLOW',
+    };
+}
+function assessContentRisk(frontmatter, body) {
+    const issues = [];
+    let level = 'low';
+    const bodyUrls = (0, url_scanner_1.scanBodyForUrls)(body);
+    if (bodyUrls.length === 0) {
+        return { level, issues, undeclaredUrls: [] };
+    }
+    const declaredUrls = (0, url_scanner_1.collectDeclaredUrls)(frontmatter);
+    const undeclaredUrls = (0, url_scanner_1.findUndeclaredUrls)(bodyUrls, declaredUrls);
+    if (undeclaredUrls.length > 0) {
+        issues.push(`Body contains ${undeclaredUrls.length} undeclared external URL(s): ${undeclaredUrls.join(', ')}`);
+        if (level === 'low')
+            level = 'medium';
+    }
+    if (Array.isArray(frontmatter.external_references)) {
+        for (const ref of frontmatter.external_references) {
+            if (ref.type === 'script' && ref.trust_level === 'unknown') {
+                issues.push(`External script with unknown trust level: ${ref.url} — requires user approval`);
+                level = 'high';
+            }
+        }
+    }
+    if (bodyUrls.length > 0 &&
+        Array.isArray(frontmatter.risk_factors) &&
+        !frontmatter.risk_factors.includes('network_access')) {
+        issues.push('Body contains external URLs but risk_factors does not include "network_access"');
+    }
+    return { level, issues, undeclaredUrls };
+}
+//# sourceMappingURL=risk-assessment.js.map

package/dist/risk-assessment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessment.js","sourceRoot":"","sources":["../src/risk-assessment.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuBH,wDA+CC;AAQD,8CA0CC;AArHD,qDAA+F;AAoB/F,SAAgB,sBAAsB,CACpC,iBAAqC,EACrC,cAA8B,EAC9B,eAAgC;IAEhC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAA0B,KAAK,CAAC;IAC7C,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,+BAA+B;IAC/B,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QAC7E,SAAS,GAAG,UAAU,CAAC;QACvB,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,mBAAmB;IACnB,IAAI,eAAe,CAAC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,UAAU;YAAE,SAAS,GAAG,MAAM,CAAC;QACjD,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,oDAAoD;IACpD,IAAI,eAAe,CAAC,OAAO,IAAI,eAAe,CAAC,QAAQ,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;QACpF,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;QACtF,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;QAC9C,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,iBAAiB,KAAK,MAAM,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,iBAAiB,KAAK,UAAU,EAAE,CAAC;QACjE,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACvD,IAAI,SAAS,KAAK,UAAU;YAAE,SAAS,GAAG,MAAM,CAAC;IACnD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,SAAS;QAChB,MAAM;QACN,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;KAChD,CAAC;AACJ,CAAC;AAQD,SAAgB,iBAAiB,CAC/B,WAA+B,EAC/B,IAAY;IAEZ,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,GAA0B,KAAK,CAAC;IAEzC,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;IACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,IAAA,gCAAkB,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAElE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,iBAAiB,cAAc,CAAC,MAAM,gCAAgC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClG,CAAC;QACF,IAAI,KAAK,KAAK,KAAK;YAAE,KAAK,GAAG,QAAQ,CAAC;IACxC,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACnD,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAClD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC3D,MAAM,CAAC,IAAI,CACT,6CAA6C,GAAG,CAAC,GAAG,2BAA2B,CAChF,CAAC;gBACF,KAAK,GAAG,MAAM,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IACE,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnB,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC;QACvC,CAAC,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EACpD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC3C,CAAC"}

package/dist/schema/dossier-schema.json

@@ -168,6 +168,53 @@
                 "minLength": 10
             }
         },
+        "content_scope": {
+            "type": "string",
+            "description": "Whether the dossier body is self-contained or references external URLs",
+            "enum": ["self-contained", "references-external"]
+        },
+        "external_references": {
+            "type": "array",
+            "description": "Manifest of all external resources referenced in the dossier body",
+            "items": {
+                "type": "object",
+                "required": ["url", "description", "type", "trust_level", "required"],
+                "properties": {
+                    "url": {
+                        "type": "string",
+                        "description": "URL or URL prefix of the external resource",
+                        "format": "uri"
+                    },
+                    "description": {
+                        "type": "string",
+                        "description": "What this external resource is used for"
+                    },
+                    "type": {
+                        "type": "string",
+                        "description": "Type of external resource",
+                        "enum": [
+                            "download",
+                            "api",
+                            "documentation",
+                            "script",
+                            "config",
+                            "image",
+                            "dossier",
+                            "other"
+                        ]
+                    },
+                    "trust_level": {
+                        "type": "string",
+                        "description": "Trust level of the external resource",
+                        "enum": ["trusted", "user-verified", "unknown"]
+                    },
+                    "required": {
+                        "type": "boolean",
+                        "description": "Whether this external resource is required for execution"
+                    }
+                }
+            }
+        },
         "checksum": {
             "type": "object",
             "description": "Content integrity hash (REQUIRED for security - verifies dossier hasn't been tampered with)",

package/dist/signature.d.ts

@@ -4,7 +4,7 @@
  * This module provides signature verification for dossiers,
  * supporting multiple signature schemes (Ed25519 and AWS KMS).
  */
-import type { SignatureResult } from './signers';
+import type { SignatureResult, VerifyResult } from './signers';
 /**
  * Load trusted keys from file
  * Default location: ~/.dossier/trusted-keys.txt
@@ -17,11 +17,11 @@ export declare function loadTrustedKeys(filePath?: string): Map<string, string>;
  * @param signature - Base64-encoded signature
  * @param publicKey - PEM-format Ed25519 public key
  */
-export declare function verifyWithEd25519(content: string, signature: string, publicKey: string): boolean;
+export declare function verifyWithEd25519(content: string, signature: string, publicKey: string): VerifyResult;
 /**
  * Verify signature using AWS KMS (ECDSA-SHA-256)
  */
-export declare function verifyWithKms(content: string, signature: string, keyId: string, region?: string): Promise<boolean>;
+export declare function verifyWithKms(content: string, signature: string, keyId: string, region?: string): Promise<VerifyResult>;
 /**
  * Verify signature using the registry pattern
  * This is a convenience function that encapsulates registry lookup
@@ -29,5 +29,5 @@ export declare function verifyWithKms(content: string, signature: string, keyId:
  * @param signature - Signature result object containing algorithm and signature data
  * @returns Promise<boolean> - true if signature is valid, false otherwise
  */
-export declare function verifySignature(content: string, signature: SignatureResult): Promise<boolean>;
+export declare function verifySignature(content: string, signature: SignatureResult): Promise<VerifyResult>;
 //# sourceMappingURL=signature.d.ts.map

package/dist/signature.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAKjD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BtE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAiBhG;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,SAAc,GACnB,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,eAAe,GACzB,OAAO,CAAC,OAAO,CAAC,CAIlB"}
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAK/D;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BtE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,YAAY,CAkBd;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,SAAc,GACnB,OAAO,CAAC,YAAY,CAAC,CAsBvB;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,eAAe,GACzB,OAAO,CAAC,YAAY,CAAC,CAIvB"}

package/dist/signature.js

@@ -45,8 +45,8 @@ function loadTrustedKeys(filePath) {
             }
         }
     }
-    catch (_err) {
-        // Silently handle errors - consumers can check the returned Map size
+    catch (err) {
+        console.error(`Warning: failed to parse trusted keys: ${err.message}`);
     }
     return keys;
 }
@@ -67,10 +67,11 @@ function verifyWithEd25519(content, signature, publicKey) {
             type: 'spki',
         });
         // Verify Ed25519 signature (algorithm is null for Ed25519)
-        return (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+        const valid = (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+        return { valid };
     }
-    catch (_err) {
-        return false;
+    catch (err) {
+        return { valid: false, error: err.message };
     }
 }
 /**
@@ -90,10 +91,10 @@ async function verifyWithKms(content, signature, keyId, region = 'us-east-1') {
     });
     try {
         const response = await client.send(command);
-        return response.SignatureValid === true;
+        return { valid: response.SignatureValid === true };
     }
-    catch (_err) {
-        return false;
+    catch (err) {
+        return { valid: false, error: err.message };
     }
 }
 /**

package/dist/signature.js.map

@@ -1 +1 @@
-{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAgBH,0CA+BC;AAQD,8CAiBC;AAKD,sCA2BC;AASD,0CAOC;AAtHD,6CAAsD;AACtD,qCAAkC;AAClC,yCAAiC;AACjC,oDAAqF;AAErF,uCAAgD;AAChD,2CAA4C;AAC5C,mCAA8C;AAE9C;;;;GAIG;AACH,SAAgB,eAAe,CAAC,QAAiB;IAC/C,MAAM,QAAQ,GAAG,QAAQ,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEvC,MAAM,OAAO,GAAG,IAAA,qBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAE5B,gCAAgC;YAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,qEAAqE;IACvE,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,OAAe,EAAE,SAAiB,EAAE,SAAiB;IACrF,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEnD,oCAAoC;QACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;YACtC,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,2DAA2D;QAC3D,OAAO,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,SAAiB,EACjB,KAAa,EACb,MAAM,GAAG,WAAW;IAEpB,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAEzC,kEAAkE;IAClE,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;IAEjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;QAChC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,QAAQ;QACrB,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;KACrD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,QAAQ,CAAC,cAAc,KAAK,IAAI,CAAC;IAC1C,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,SAA0B;IAE1B,MAAM,gBAAgB,GAAG,IAAA,6BAAmB,GAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC"}
+{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAgBH,0CA+BC;AAQD,8CAsBC;AAKD,sCA2BC;AASD,0CAOC;AA3HD,6CAAsD;AACtD,qCAAkC;AAClC,yCAAiC;AACjC,oDAAqF;AAErF,uCAAgD;AAChD,2CAA4C;AAC5C,mCAA8C;AAE9C;;;;GAIG;AACH,SAAgB,eAAe,CAAC,QAAiB;IAC/C,MAAM,QAAQ,GAAG,QAAQ,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEvC,MAAM,OAAO,GAAG,IAAA,qBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAE5B,gCAAgC;YAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,0CAA2C,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAC/B,OAAe,EACf,SAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEnD,oCAAoC;QACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;YACtC,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,2DAA2D;QAC3D,MAAM,KAAK,GAAG,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAC5E,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,SAAiB,EACjB,KAAa,EACb,MAAM,GAAG,WAAW;IAEpB,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAEzC,kEAAkE;IAClE,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;IAEjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;QAChC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,QAAQ;QACrB,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;KACrD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,SAA0B;IAE1B,MAAM,gBAAgB,GAAG,IAAA,6BAAmB,GAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC"}

package/dist/signers/ed25519.d.ts

@@ -1,7 +1,7 @@
 /**
  * Ed25519 Signer and Verifier using Node.js crypto
  */
-import type { SignatureResult, Signer, Verifier } from './index';
+import type { SignatureResult, Signer, Verifier, VerifyResult } from './index';
 export declare class Ed25519Signer implements Signer {
     readonly algorithm = "ed25519";
     private privateKey;
@@ -12,6 +12,6 @@ export declare class Ed25519Signer implements Signer {
 }
 export declare class Ed25519Verifier implements Verifier {
     supports(algorithm: string): boolean;
-    verify(content: string, signature: SignatureResult): Promise<boolean>;
+    verify(content: string, signature: SignatureResult): Promise<VerifyResult>;
 }
 //# sourceMappingURL=ed25519.d.ts.map

package/dist/signers/ed25519.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjE,qBAAa,aAAc,YAAW,MAAM;IAC1C,QAAQ,CAAC,SAAS,aAAa;IAC/B,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,YAAY,CAAS;gBAEjB,cAAc,EAAE,MAAM;IAiB5B,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAY/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAGtC;AAED,qBAAa,eAAgB,YAAW,QAAQ;IAC9C,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC;CAkB5E"}
+{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/E,qBAAa,aAAc,YAAW,MAAM;IAC1C,QAAQ,CAAC,SAAS,aAAa;IAC/B,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,YAAY,CAAS;gBAEjB,cAAc,EAAE,MAAM;IAiB5B,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAY/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAGtC;AAED,qBAAa,eAAgB,YAAW,QAAQ;IAC9C,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;CAmBjF"}

package/dist/signers/ed25519.js

@@ -55,10 +55,11 @@ class Ed25519Verifier {
                 type: 'spki',
             });
             // Verify Ed25519 signature
-            return (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+            const valid = (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+            return { valid };
         }
-        catch (_err) {
-            return false;
+        catch (err) {
+            return { valid: false, error: err.message };
         }
     }
 }

package/dist/signers/ed25519.js.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAGH,6CAA8E;AAC9E,qCAAuC;AAGvC,MAAa,aAAa;IACf,SAAS,GAAG,SAAS,CAAC;IACvB,UAAU,CAAY;IACtB,YAAY,CAAS;IAE7B,YAAY,cAAsB;QAChC,iCAAiC;QACjC,MAAM,aAAa,GAAG,IAAA,sBAAY,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,UAAU,GAAG,IAAA,8BAAgB,EAAC;YACjC,GAAG,EAAE,aAAa;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK;SACd,CAAW,CAAC;IACf,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,IAAA,kBAAI,EAAC,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7C,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF;AArCD,sCAqCC;AAED,MAAa,eAAe;IAC1B,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,SAAS,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAEnD,oCAAoC;YACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;gBACtC,GAAG,EAAE,SAAS,CAAC,UAAU;gBACzB,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YAEH,2BAA2B;YAC3B,OAAO,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAvBD,0CAuBC"}
+{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAGH,6CAA8E;AAC9E,qCAAuC;AAGvC,MAAa,aAAa;IACf,SAAS,GAAG,SAAS,CAAC;IACvB,UAAU,CAAY;IACtB,YAAY,CAAS;IAE7B,YAAY,cAAsB;QAChC,iCAAiC;QACjC,MAAM,aAAa,GAAG,IAAA,sBAAY,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,UAAU,GAAG,IAAA,8BAAgB,EAAC;YACjC,GAAG,EAAE,aAAa;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK;SACd,CAAW,CAAC;IACf,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,IAAA,kBAAI,EAAC,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7C,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF;AArCD,sCAqCC;AAED,MAAa,eAAe;IAC1B,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,SAAS,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAEnD,oCAAoC;YACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;gBACtC,GAAG,EAAE,SAAS,CAAC,UAAU;gBACzB,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YAEH,2BAA2B;YAC3B,MAAM,KAAK,GAAG,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;YAC5E,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QACzD,CAAC;IACH,CAAC;CACF;AAxBD,0CAwBC"}

package/dist/signers/index.d.ts

@@ -23,11 +23,18 @@ export interface Signer {
      */
     readonly algorithm: string;
 }
+export interface VerifyResult {
+    valid: boolean;
+    error?: string;
+}
 export interface Verifier {
     /**
-     * Verify a signature
+     * Verify a signature.
+     * Returns { valid: true } for valid signatures,
+     * { valid: false } for cryptographically invalid signatures,
+     * { valid: false, error: '...' } when verification could not complete (e.g., network error).
      */
-    verify(content: string, signature: SignatureResult): Promise<boolean>;
+    verify(content: string, signature: SignatureResult): Promise<VerifyResult>;
     /**
      * Check if this verifier supports the given algorithm
      */

package/dist/signers/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEhD;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtE;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;CACtC;AAGD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAG/C,OAAO,EACL,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEhD;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB;;;;;OAKG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAE3E;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;CACtC;AAGD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAG/C,OAAO,EACL,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/signers/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAwCH,yBAAyB;AACzB,qCAA2D;AAAlD,wGAAA,aAAa,OAAA;AAAE,0GAAA,eAAe,OAAA;AACvC,6BAA+C;AAAtC,gGAAA,SAAS,OAAA;AAAE,kGAAA,WAAW,OAAA;AAE/B,kBAAkB;AAClB,uCAGoB;AAFlB,+GAAA,mBAAmB,OAAA;AACnB,4GAAA,gBAAgB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAgDH,yBAAyB;AACzB,qCAA2D;AAAlD,wGAAA,aAAa,OAAA;AAAE,0GAAA,eAAe,OAAA;AACvC,6BAA+C;AAAtC,gGAAA,SAAS,OAAA;AAAE,kGAAA,WAAW,OAAA;AAE/B,kBAAkB;AAClB,uCAGoB;AAFlB,+GAAA,mBAAmB,OAAA;AACnB,4GAAA,gBAAgB,OAAA"}

package/dist/signers/kms.d.ts

@@ -1,7 +1,7 @@
 /**
  * AWS KMS Signer and Verifier
  */
-import type { SignatureResult, Signer, Verifier } from './index';
+import type { SignatureResult, Signer, Verifier, VerifyResult } from './index';
 export declare class KmsSigner implements Signer {
     private keyId;
     readonly algorithm = "ECDSA-SHA-256";
@@ -13,7 +13,7 @@ export declare class KmsSigner implements Signer {
 export declare class KmsVerifier implements Verifier {
     private clients;
     supports(algorithm: string): boolean;
-    verify(content: string, signature: SignatureResult): Promise<boolean>;
+    verify(content: string, signature: SignatureResult): Promise<VerifyResult>;
     private getClient;
     private extractRegionFromArn;
 }

package/dist/signers/kms.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"kms.d.ts","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjE,qBAAa,SAAU,YAAW,MAAM;IAKpC,OAAO,CAAC,KAAK;IAJf,QAAQ,CAAC,SAAS,mBAAmB;IACrC,OAAO,CAAC,MAAM,CAAY;gBAGhB,KAAK,EAAE,MAAM,EACrB,MAAM,GAAE,MAAoB;IAKxB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAyC/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAYtC;AAED,qBAAa,WAAY,YAAW,QAAQ;IAC1C,OAAO,CAAC,OAAO,CAAqC;IAEpD,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IA6B3E,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,oBAAoB;CAK7B"}
+{"version":3,"file":"kms.d.ts","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/E,qBAAa,SAAU,YAAW,MAAM;IAKpC,OAAO,CAAC,KAAK;IAJf,QAAQ,CAAC,SAAS,mBAAmB;IACrC,OAAO,CAAC,MAAM,CAAY;gBAGhB,KAAK,EAAE,MAAM,EACrB,MAAM,GAAE,MAAoB;IAKxB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAyC/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAYtC;AAED,qBAAa,WAAY,YAAW,QAAQ;IAC1C,OAAO,CAAC,OAAO,CAAqC;IAEpD,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IA6BhF,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,oBAAoB;CAK7B"}

package/dist/signers/kms.js

@@ -66,7 +66,7 @@ class KmsVerifier {
     }
     async verify(content, signature) {
         if (!signature.key_id) {
-            return false;
+            return { valid: false };
         }
         try {
             // Extract region from key ARN if available, otherwise use default
@@ -83,10 +83,10 @@ class KmsVerifier {
                 SigningAlgorithm: client_kms_1.SigningAlgorithmSpec.ECDSA_SHA_256,
             });
             const response = await client.send(command);
-            return response.SignatureValid === true;
+            return { valid: response.SignatureValid === true };
         }
-        catch (_err) {
-            return false;
+        catch (err) {
+            return { valid: false, error: err.message };
         }
     }
     getClient(region) {

package/dist/signers/kms.js.map

@@ -1 +1 @@
-{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,oDAM6B;AAC7B,4CAA6C;AAG7C,MAAa,SAAS;IAKV;IAJD,SAAS,GAAG,eAAe,CAAC;IAC7B,MAAM,CAAY;IAE1B,YACU,KAAa,EACrB,SAAiB,WAAW;QADpB,UAAK,GAAL,KAAK,CAAQ;QAGrB,IAAI,CAAC,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,qCAAqC;QACrC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,wBAAW,CAAC;YAClC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,QAAQ;YACrB,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;SACrD,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzE,0BAA0B;QAC1B,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;QAElD,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS;YACT,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,OAAO,GAAG,IAAI,gCAAmB,CAAC;YACtC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5D,CAAC;CACF;AAhED,8BAgEC;AAED,MAAa,WAAW;IACd,OAAO,GAA2B,IAAI,GAAG,EAAE,CAAC;IAEpD,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,eAAe,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;YAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEtC,mDAAmD;YACnD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;YACjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEnE,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;gBAChC,KAAK,EAAE,SAAS,CAAC,MAAM;gBACvB,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,QAAQ;gBACrB,SAAS,EAAE,eAAe;gBAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;aACrD,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,QAAQ,CAAC,cAAc,KAAK,IAAI,CAAC;QAC1C,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,MAAc;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,KAAa;QACxC,oDAAoD;QACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;CACF;AAnDD,kCAmDC"}
+{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,oDAM6B;AAC7B,4CAA6C;AAG7C,MAAa,SAAS;IAKV;IAJD,SAAS,GAAG,eAAe,CAAC;IAC7B,MAAM,CAAY;IAE1B,YACU,KAAa,EACrB,SAAiB,WAAW;QADpB,UAAK,GAAL,KAAK,CAAQ;QAGrB,IAAI,CAAC,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,qCAAqC;QACrC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,wBAAW,CAAC;YAClC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,QAAQ;YACrB,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;SACrD,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzE,0BAA0B;QAC1B,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;QAElD,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS;YACT,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,OAAO,GAAG,IAAI,gCAAmB,CAAC;YACtC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5D,CAAC;CACF;AAhED,8BAgEC;AAED,MAAa,WAAW;IACd,OAAO,GAA2B,IAAI,GAAG,EAAE,CAAC;IAEpD,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,eAAe,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;YAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEtC,mDAAmD;YACnD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;YACjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEnE,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;gBAChC,KAAK,EAAE,SAAS,CAAC,MAAM;gBACvB,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,QAAQ;gBACrB,SAAS,EAAE,eAAe;gBAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;aACrD,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QACzD,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,MAAc;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,KAAa;QACxC,oDAAoD;QACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;CACF;AAnDD,kCAmDC"}