@ai-dossier/core 1.0.1

package/dist/signature.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Dossier Signature Verification
+ *
+ * This module provides signature verification for dossiers,
+ * supporting multiple signature schemes (Ed25519 and AWS KMS).
+ */
+import type { SignatureResult } from './signers';
+/**
+ * Load trusted keys from file
+ * Default location: ~/.dossier/trusted-keys.txt
+ * Format: <public-key> <key-id>
+ */
+export declare function loadTrustedKeys(filePath?: string): Map<string, string>;
+/**
+ * Verify signature using Ed25519
+ * @param content - The content to verify
+ * @param signature - Base64-encoded signature
+ * @param publicKey - PEM-format Ed25519 public key
+ */
+export declare function verifyWithEd25519(content: string, signature: string, publicKey: string): boolean;
+/**
+ * Verify signature using AWS KMS (ECDSA-SHA-256)
+ */
+export declare function verifyWithKms(content: string, signature: string, keyId: string, region?: string): Promise<boolean>;
+/**
+ * Verify signature using the registry pattern
+ * This is a convenience function that encapsulates registry lookup
+ * @param content - The content to verify
+ * @param signature - Signature result object containing algorithm and signature data
+ * @returns Promise<boolean> - true if signature is valid, false otherwise
+ */
+export declare function verifySignature(content: string, signature: SignatureResult): Promise<boolean>;
+//# sourceMappingURL=signature.d.ts.map

package/dist/signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAKjD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CA+BtE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAiBhG;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,SAAc,GACnB,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,eAAe,GACzB,OAAO,CAAC,OAAO,CAAC,CAIlB"}

package/dist/signature.js

@@ -0,0 +1,111 @@
+"use strict";
+/**
+ * Dossier Signature Verification
+ *
+ * This module provides signature verification for dossiers,
+ * supporting multiple signature schemes (Ed25519 and AWS KMS).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadTrustedKeys = loadTrustedKeys;
+exports.verifyWithEd25519 = verifyWithEd25519;
+exports.verifyWithKms = verifyWithKms;
+exports.verifySignature = verifySignature;
+const node_crypto_1 = require("node:crypto");
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+const client_kms_1 = require("@aws-sdk/client-kms");
+const signers_1 = require("./signers");
+const crypto_1 = require("./utils/crypto");
+const fs_1 = require("./utils/fs");
+/**
+ * Load trusted keys from file
+ * Default location: ~/.dossier/trusted-keys.txt
+ * Format: <public-key> <key-id>
+ */
+function loadTrustedKeys(filePath) {
+    const keysPath = filePath || (0, node_path_1.join)((0, node_os_1.homedir)(), '.dossier', 'trusted-keys.txt');
+    const keys = new Map();
+    const content = (0, fs_1.readFileIfExists)(keysPath);
+    if (!content) {
+        return keys;
+    }
+    try {
+        for (const line of content.split('\n')) {
+            const trimmed = line.trim();
+            // Skip empty lines and comments
+            if (!trimmed || trimmed.startsWith('#')) {
+                continue;
+            }
+            // Parse: <public-key> <key-id>
+            const parts = trimmed.split(/\s+/);
+            if (parts.length >= 2) {
+                const publicKey = parts[0];
+                const keyId = parts.slice(1).join(' ');
+                keys.set(publicKey, keyId);
+            }
+        }
+    }
+    catch (_err) {
+        // Silently handle errors - consumers can check the returned Map size
+    }
+    return keys;
+}
+/**
+ * Verify signature using Ed25519
+ * @param content - The content to verify
+ * @param signature - Base64-encoded signature
+ * @param publicKey - PEM-format Ed25519 public key
+ */
+function verifyWithEd25519(content, signature, publicKey) {
+    try {
+        const signatureBuffer = Buffer.from(signature, 'base64');
+        const contentBuffer = Buffer.from(content, 'utf8');
+        // Create public key object from PEM
+        const publicKeyObject = (0, node_crypto_1.createPublicKey)({
+            key: publicKey,
+            format: 'pem',
+            type: 'spki',
+        });
+        // Verify Ed25519 signature (algorithm is null for Ed25519)
+        return (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+    }
+    catch (_err) {
+        return false;
+    }
+}
+/**
+ * Verify signature using AWS KMS (ECDSA-SHA-256)
+ */
+async function verifyWithKms(content, signature, keyId, region = 'us-east-1') {
+    const client = new client_kms_1.KMSClient({ region });
+    // Calculate SHA256 digest of content (must match signing process)
+    const hash = (0, crypto_1.sha256Hash)(content);
+    const signatureBuffer = Buffer.from(signature, 'base64');
+    const command = new client_kms_1.VerifyCommand({
+        KeyId: keyId,
+        Message: hash,
+        MessageType: 'DIGEST',
+        Signature: signatureBuffer,
+        SigningAlgorithm: client_kms_1.SigningAlgorithmSpec.ECDSA_SHA_256,
+    });
+    try {
+        const response = await client.send(command);
+        return response.SignatureValid === true;
+    }
+    catch (_err) {
+        return false;
+    }
+}
+/**
+ * Verify signature using the registry pattern
+ * This is a convenience function that encapsulates registry lookup
+ * @param content - The content to verify
+ * @param signature - Signature result object containing algorithm and signature data
+ * @returns Promise<boolean> - true if signature is valid, false otherwise
+ */
+async function verifySignature(content, signature) {
+    const verifierRegistry = (0, signers_1.getVerifierRegistry)();
+    const verifier = verifierRegistry.get(signature.algorithm);
+    return await verifier.verify(content, signature);
+}
+//# sourceMappingURL=signature.js.map

package/dist/signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAgBH,0CA+BC;AAQD,8CAiBC;AAKD,sCA2BC;AASD,0CAOC;AAtHD,6CAAsD;AACtD,qCAAkC;AAClC,yCAAiC;AACjC,oDAAqF;AAErF,uCAAgD;AAChD,2CAA4C;AAC5C,mCAA8C;AAE9C;;;;GAIG;AACH,SAAgB,eAAe,CAAC,QAAiB;IAC/C,MAAM,QAAQ,GAAG,QAAQ,IAAI,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEvC,MAAM,OAAO,GAAG,IAAA,qBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAE5B,gCAAgC;YAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,qEAAqE;IACvE,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,OAAe,EAAE,SAAiB,EAAE,SAAiB;IACrF,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEnD,oCAAoC;QACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;YACtC,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,2DAA2D;QAC3D,OAAO,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,SAAiB,EACjB,KAAa,EACb,MAAM,GAAG,WAAW;IAEpB,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAEzC,kEAAkE;IAClE,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;IAEjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;QAChC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,QAAQ;QACrB,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;KACrD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,QAAQ,CAAC,cAAc,KAAK,IAAI,CAAC;IAC1C,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,SAA0B;IAE1B,MAAM,gBAAgB,GAAG,IAAA,6BAAmB,GAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC"}

package/dist/signers/ed25519.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Ed25519 Signer and Verifier using Node.js crypto
+ */
+import type { SignatureResult, Signer, Verifier } from './index';
+export declare class Ed25519Signer implements Signer {
+    readonly algorithm = "ed25519";
+    private privateKey;
+    private publicKeyPem;
+    constructor(privateKeyPath: string);
+    sign(content: string): Promise<SignatureResult>;
+    getPublicKey(): Promise<string>;
+}
+export declare class Ed25519Verifier implements Verifier {
+    supports(algorithm: string): boolean;
+    verify(content: string, signature: SignatureResult): Promise<boolean>;
+}
+//# sourceMappingURL=ed25519.d.ts.map

package/dist/signers/ed25519.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjE,qBAAa,aAAc,YAAW,MAAM;IAC1C,QAAQ,CAAC,SAAS,aAAa;IAC/B,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,YAAY,CAAS;gBAEjB,cAAc,EAAE,MAAM;IAiB5B,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAY/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAGtC;AAED,qBAAa,eAAgB,YAAW,QAAQ;IAC9C,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC;CAkB5E"}

package/dist/signers/ed25519.js

@@ -0,0 +1,66 @@
+"use strict";
+/**
+ * Ed25519 Signer and Verifier using Node.js crypto
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Ed25519Verifier = exports.Ed25519Signer = void 0;
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+class Ed25519Signer {
+    algorithm = 'ed25519';
+    privateKey;
+    publicKeyPem;
+    constructor(privateKeyPath) {
+        // Load private key from PEM file
+        const privateKeyPem = (0, node_fs_1.readFileSync)(privateKeyPath, 'utf8');
+        this.privateKey = (0, node_crypto_1.createPrivateKey)({
+            key: privateKeyPem,
+            format: 'pem',
+            type: 'pkcs8',
+        });
+        // Extract public key
+        const publicKey = (0, node_crypto_1.createPublicKey)(this.privateKey);
+        this.publicKeyPem = publicKey.export({
+            type: 'spki',
+            format: 'pem',
+        });
+    }
+    async sign(content) {
+        const contentBuffer = Buffer.from(content, 'utf8');
+        const signatureBuffer = (0, node_crypto_1.sign)(null, contentBuffer, this.privateKey);
+        return {
+            algorithm: this.algorithm,
+            signature: signatureBuffer.toString('base64'),
+            public_key: this.publicKeyPem,
+            signed_at: new Date().toISOString(),
+        };
+    }
+    async getPublicKey() {
+        return this.publicKeyPem;
+    }
+}
+exports.Ed25519Signer = Ed25519Signer;
+class Ed25519Verifier {
+    supports(algorithm) {
+        return algorithm === 'ed25519';
+    }
+    async verify(content, signature) {
+        try {
+            const signatureBuffer = Buffer.from(signature.signature, 'base64');
+            const contentBuffer = Buffer.from(content, 'utf8');
+            // Create public key object from PEM
+            const publicKeyObject = (0, node_crypto_1.createPublicKey)({
+                key: signature.public_key,
+                format: 'pem',
+                type: 'spki',
+            });
+            // Verify Ed25519 signature
+            return (0, node_crypto_1.verify)(null, contentBuffer, publicKeyObject, signatureBuffer);
+        }
+        catch (_err) {
+            return false;
+        }
+    }
+}
+exports.Ed25519Verifier = Ed25519Verifier;
+//# sourceMappingURL=ed25519.js.map

package/dist/signers/ed25519.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["../../src/signers/ed25519.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAGH,6CAA8E;AAC9E,qCAAuC;AAGvC,MAAa,aAAa;IACf,SAAS,GAAG,SAAS,CAAC;IACvB,UAAU,CAAY;IACtB,YAAY,CAAS;IAE7B,YAAY,cAAsB;QAChC,iCAAiC;QACjC,MAAM,aAAa,GAAG,IAAA,sBAAY,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,UAAU,GAAG,IAAA,8BAAgB,EAAC;YACjC,GAAG,EAAE,aAAa;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK;SACd,CAAW,CAAC;IACf,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,IAAA,kBAAI,EAAC,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7C,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF;AArCD,sCAqCC;AAED,MAAa,eAAe;IAC1B,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,SAAS,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAEnD,oCAAoC;YACpC,MAAM,eAAe,GAAG,IAAA,6BAAe,EAAC;gBACtC,GAAG,EAAE,SAAS,CAAC,UAAU;gBACzB,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YAEH,2BAA2B;YAC3B,OAAO,IAAA,oBAAM,EAAC,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAvBD,0CAuBC"}

package/dist/signers/index.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Signer and Verifier interfaces for dossier signatures
+ */
+export interface SignatureResult {
+    algorithm: string;
+    signature: string;
+    public_key: string;
+    key_id?: string;
+    signed_by?: string;
+    signed_at: string;
+}
+export interface Signer {
+    /**
+     * Sign content and return signature metadata
+     */
+    sign(content: string): Promise<SignatureResult>;
+    /**
+     * Get the public key in PEM format
+     */
+    getPublicKey(): Promise<string>;
+    /**
+     * Algorithm identifier
+     */
+    readonly algorithm: string;
+}
+export interface Verifier {
+    /**
+     * Verify a signature
+     */
+    verify(content: string, signature: SignatureResult): Promise<boolean>;
+    /**
+     * Check if this verifier supports the given algorithm
+     */
+    supports(algorithm: string): boolean;
+}
+export { Ed25519Signer, Ed25519Verifier } from './ed25519';
+export { KmsSigner, KmsVerifier } from './kms';
+export { getVerifierRegistry, VerifierRegistry, } from './registry';
+//# sourceMappingURL=index.d.ts.map

package/dist/signers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEhD;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtE;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;CACtC;AAGD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAG/C,OAAO,EACL,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/signers/index.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Signer and Verifier interfaces for dossier signatures
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifierRegistry = exports.getVerifierRegistry = exports.KmsVerifier = exports.KmsSigner = exports.Ed25519Verifier = exports.Ed25519Signer = void 0;
+// Export implementations
+var ed25519_1 = require("./ed25519");
+Object.defineProperty(exports, "Ed25519Signer", { enumerable: true, get: function () { return ed25519_1.Ed25519Signer; } });
+Object.defineProperty(exports, "Ed25519Verifier", { enumerable: true, get: function () { return ed25519_1.Ed25519Verifier; } });
+var kms_1 = require("./kms");
+Object.defineProperty(exports, "KmsSigner", { enumerable: true, get: function () { return kms_1.KmsSigner; } });
+Object.defineProperty(exports, "KmsVerifier", { enumerable: true, get: function () { return kms_1.KmsVerifier; } });
+// Export registry
+var registry_1 = require("./registry");
+Object.defineProperty(exports, "getVerifierRegistry", { enumerable: true, get: function () { return registry_1.getVerifierRegistry; } });
+Object.defineProperty(exports, "VerifierRegistry", { enumerable: true, get: function () { return registry_1.VerifierRegistry; } });
+//# sourceMappingURL=index.js.map

package/dist/signers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/signers/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAwCH,yBAAyB;AACzB,qCAA2D;AAAlD,wGAAA,aAAa,OAAA;AAAE,0GAAA,eAAe,OAAA;AACvC,6BAA+C;AAAtC,gGAAA,SAAS,OAAA;AAAE,kGAAA,WAAW,OAAA;AAE/B,kBAAkB;AAClB,uCAGoB;AAFlB,+GAAA,mBAAmB,OAAA;AACnB,4GAAA,gBAAgB,OAAA"}

package/dist/signers/kms.d.ts

@@ -0,0 +1,20 @@
+/**
+ * AWS KMS Signer and Verifier
+ */
+import type { SignatureResult, Signer, Verifier } from './index';
+export declare class KmsSigner implements Signer {
+    private keyId;
+    readonly algorithm = "ECDSA-SHA-256";
+    private client;
+    constructor(keyId: string, region?: string);
+    sign(content: string): Promise<SignatureResult>;
+    getPublicKey(): Promise<string>;
+}
+export declare class KmsVerifier implements Verifier {
+    private clients;
+    supports(algorithm: string): boolean;
+    verify(content: string, signature: SignatureResult): Promise<boolean>;
+    private getClient;
+    private extractRegionFromArn;
+}
+//# sourceMappingURL=kms.d.ts.map

package/dist/signers/kms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms.d.ts","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjE,qBAAa,SAAU,YAAW,MAAM;IAKpC,OAAO,CAAC,KAAK;IAJf,QAAQ,CAAC,SAAS,mBAAmB;IACrC,OAAO,CAAC,MAAM,CAAY;gBAGhB,KAAK,EAAE,MAAM,EACrB,MAAM,GAAE,MAAoB;IAKxB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAyC/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAYtC;AAED,qBAAa,WAAY,YAAW,QAAQ;IAC1C,OAAO,CAAC,OAAO,CAAqC;IAEpD,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IA6B3E,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,oBAAoB;CAK7B"}

package/dist/signers/kms.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * AWS KMS Signer and Verifier
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KmsVerifier = exports.KmsSigner = void 0;
+const client_kms_1 = require("@aws-sdk/client-kms");
+const crypto_1 = require("../utils/crypto");
+class KmsSigner {
+    keyId;
+    algorithm = 'ECDSA-SHA-256';
+    client;
+    constructor(keyId, region = 'us-east-1') {
+        this.keyId = keyId;
+        this.client = new client_kms_1.KMSClient({ region });
+    }
+    async sign(content) {
+        // Calculate SHA256 digest of content
+        const hash = (0, crypto_1.sha256Hash)(content);
+        // Sign the digest with KMS
+        const signCommand = new client_kms_1.SignCommand({
+            KeyId: this.keyId,
+            Message: hash,
+            MessageType: 'DIGEST',
+            SigningAlgorithm: client_kms_1.SigningAlgorithmSpec.ECDSA_SHA_256,
+        });
+        const signResponse = await this.client.send(signCommand);
+        if (!signResponse.Signature) {
+            throw new Error('KMS signing failed: no signature returned');
+        }
+        const signature = Buffer.from(signResponse.Signature).toString('base64');
+        // Get public key from KMS
+        const pubKeyCommand = new client_kms_1.GetPublicKeyCommand({
+            KeyId: this.keyId,
+        });
+        const pubKeyResponse = await this.client.send(pubKeyCommand);
+        if (!pubKeyResponse.PublicKey) {
+            throw new Error('KMS failed to return public key');
+        }
+        const publicKey = Buffer.from(pubKeyResponse.PublicKey).toString('base64');
+        const keyArn = pubKeyResponse.KeyId || this.keyId;
+        return {
+            algorithm: this.algorithm,
+            signature,
+            public_key: publicKey,
+            key_id: keyArn,
+            signed_at: new Date().toISOString(),
+        };
+    }
+    async getPublicKey() {
+        const command = new client_kms_1.GetPublicKeyCommand({
+            KeyId: this.keyId,
+        });
+        const response = await this.client.send(command);
+        if (!response.PublicKey) {
+            throw new Error('KMS failed to return public key');
+        }
+        return Buffer.from(response.PublicKey).toString('base64');
+    }
+}
+exports.KmsSigner = KmsSigner;
+class KmsVerifier {
+    clients = new Map();
+    supports(algorithm) {
+        return algorithm === 'ECDSA-SHA-256';
+    }
+    async verify(content, signature) {
+        if (!signature.key_id) {
+            return false;
+        }
+        try {
+            // Extract region from key ARN if available, otherwise use default
+            const region = this.extractRegionFromArn(signature.key_id) || 'us-east-1';
+            const client = this.getClient(region);
+            // Calculate SHA256 digest to match what was signed
+            const hash = (0, crypto_1.sha256Hash)(content);
+            const signatureBuffer = Buffer.from(signature.signature, 'base64');
+            const command = new client_kms_1.VerifyCommand({
+                KeyId: signature.key_id,
+                Message: hash,
+                MessageType: 'DIGEST',
+                Signature: signatureBuffer,
+                SigningAlgorithm: client_kms_1.SigningAlgorithmSpec.ECDSA_SHA_256,
+            });
+            const response = await client.send(command);
+            return response.SignatureValid === true;
+        }
+        catch (_err) {
+            return false;
+        }
+    }
+    getClient(region) {
+        const existing = this.clients.get(region);
+        if (existing) {
+            return existing;
+        }
+        const client = new client_kms_1.KMSClient({ region });
+        this.clients.set(region, client);
+        return client;
+    }
+    extractRegionFromArn(keyId) {
+        // ARN format: arn:aws:kms:REGION:ACCOUNT:key/KEY_ID
+        const arnMatch = keyId.match(/^arn:aws:kms:([^:]+):/);
+        return arnMatch ? arnMatch[1] : null;
+    }
+}
+exports.KmsVerifier = KmsVerifier;
+//# sourceMappingURL=kms.js.map

package/dist/signers/kms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../src/signers/kms.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,oDAM6B;AAC7B,4CAA6C;AAG7C,MAAa,SAAS;IAKV;IAJD,SAAS,GAAG,eAAe,CAAC;IAC7B,MAAM,CAAY;IAE1B,YACU,KAAa,EACrB,SAAiB,WAAW;QADpB,UAAK,GAAL,KAAK,CAAQ;QAGrB,IAAI,CAAC,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,qCAAqC;QACrC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,wBAAW,CAAC;YAClC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,QAAQ;YACrB,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;SACrD,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzE,0BAA0B;QAC1B,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;QAElD,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS;YACT,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,OAAO,GAAG,IAAI,gCAAmB,CAAC;YACtC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5D,CAAC;CACF;AAhED,8BAgEC;AAED,MAAa,WAAW;IACd,OAAO,GAA2B,IAAI,GAAG,EAAE,CAAC;IAEpD,QAAQ,CAAC,SAAiB;QACxB,OAAO,SAAS,KAAK,eAAe,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,SAA0B;QACtD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;YAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEtC,mDAAmD;YACnD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,OAAO,CAAC,CAAC;YACjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEnE,MAAM,OAAO,GAAG,IAAI,0BAAa,CAAC;gBAChC,KAAK,EAAE,SAAS,CAAC,MAAM;gBACvB,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,QAAQ;gBACrB,SAAS,EAAE,eAAe;gBAC1B,gBAAgB,EAAE,iCAAoB,CAAC,aAAa;aACrD,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,QAAQ,CAAC,cAAc,KAAK,IAAI,CAAC;QAC1C,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,MAAc;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,KAAa;QACxC,oDAAoD;QACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;CACF;AAnDD,kCAmDC"}

package/dist/signers/registry.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Registry for Verifier instances
+ */
+import type { Verifier } from './index';
+export declare class VerifierRegistry {
+    private verifiers;
+    /**
+     * Register a verifier
+     */
+    register(verifier: Verifier): void;
+    /**
+     * Get a verifier that supports the given algorithm
+     * @throws Error if no verifier supports the algorithm
+     */
+    get(algorithm: string): Verifier;
+    /**
+     * Check if any verifier supports the algorithm
+     */
+    has(algorithm: string): boolean;
+    /**
+     * Get all supported algorithms
+     */
+    getSupportedAlgorithms(): string[];
+}
+/**
+ * Get the global verifier registry (creates it if needed)
+ */
+export declare function getVerifierRegistry(): VerifierRegistry;
+//# sourceMappingURL=registry.d.ts.map

package/dist/signers/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/signers/registry.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,SAAS,CAAkB;IAEnC;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI;IAIlC;;;OAGG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,QAAQ;IAQhC;;OAEG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI/B;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE;CAInC;AAKD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,gBAAgB,CAOtD"}

package/dist/signers/registry.js

@@ -0,0 +1,67 @@
+"use strict";
+/**
+ * Registry for Verifier instances
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifierRegistry = void 0;
+exports.getVerifierRegistry = getVerifierRegistry;
+class VerifierRegistry {
+    verifiers = [];
+    /**
+     * Register a verifier
+     */
+    register(verifier) {
+        this.verifiers.push(verifier);
+    }
+    /**
+     * Get a verifier that supports the given algorithm
+     * @throws Error if no verifier supports the algorithm
+     */
+    get(algorithm) {
+        const verifier = this.verifiers.find((v) => v.supports(algorithm));
+        if (!verifier) {
+            throw new Error(`No verifier registered for algorithm: ${algorithm}`);
+        }
+        return verifier;
+    }
+    /**
+     * Check if any verifier supports the algorithm
+     */
+    has(algorithm) {
+        return this.verifiers.some((v) => v.supports(algorithm));
+    }
+    /**
+     * Get all supported algorithms
+     */
+    getSupportedAlgorithms() {
+        // Note: This returns a simple list, but verifiers may support multiple algorithms
+        return ['ed25519', 'ECDSA-SHA-256'];
+    }
+}
+exports.VerifierRegistry = VerifierRegistry;
+// Global singleton instance
+let globalVerifierRegistry = null;
+/**
+ * Get the global verifier registry (creates it if needed)
+ */
+function getVerifierRegistry() {
+    if (!globalVerifierRegistry) {
+        globalVerifierRegistry = new VerifierRegistry();
+        // Auto-register built-in verifiers
+        initializeBuiltInVerifiers();
+    }
+    return globalVerifierRegistry;
+}
+/**
+ * Initialize built-in verifiers
+ */
+function initializeBuiltInVerifiers() {
+    if (!globalVerifierRegistry)
+        return;
+    // Import and register built-in verifiers
+    const { Ed25519Verifier } = require('./ed25519');
+    const { KmsVerifier } = require('./kms');
+    globalVerifierRegistry.register(new Ed25519Verifier());
+    globalVerifierRegistry.register(new KmsVerifier());
+}
+//# sourceMappingURL=registry.js.map

package/dist/signers/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/signers/registry.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAgDH,kDAOC;AAnDD,MAAa,gBAAgB;IACnB,SAAS,GAAe,EAAE,CAAC;IAEnC;;OAEG;IACH,QAAQ,CAAC,QAAkB;QACzB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,SAAiB;QACnB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QACnE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,yCAAyC,SAAS,EAAE,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,kFAAkF;QAClF,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACtC,CAAC;CACF;AApCD,4CAoCC;AAED,4BAA4B;AAC5B,IAAI,sBAAsB,GAA4B,IAAI,CAAC;AAE3D;;GAEG;AACH,SAAgB,mBAAmB;IACjC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,sBAAsB,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAChD,mCAAmC;QACnC,0BAA0B,EAAE,CAAC;IAC/B,CAAC;IACD,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B;IACjC,IAAI,CAAC,sBAAsB;QAAE,OAAO;IAEpC,yCAAyC;IACzC,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzC,sBAAsB,CAAC,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACvD,sBAAsB,CAAC,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC;AACrD,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,79 @@
+/**
+ * TypeScript type definitions for Dossier format
+ */
+export interface DossierFrontmatter {
+    version: string;
+    protocol_version: string;
+    created: string;
+    updated: string;
+    title: string;
+    objective: string;
+    status: 'draft' | 'stable' | 'deprecated';
+    risk_level: 'low' | 'medium' | 'high' | 'critical';
+    risk_factors: string[];
+    destructive_operations: string[];
+    requires_approval: boolean;
+    checksum?: {
+        algorithm: string;
+        hash: string;
+        calculated_at: string;
+    };
+    signature?: {
+        algorithm: string;
+        signature: string;
+        public_key: string;
+        key_id: string;
+        signed_by: string;
+        signed_at: string;
+    };
+    [key: string]: unknown;
+}
+export interface ParsedDossier {
+    frontmatter: DossierFrontmatter;
+    body: string;
+    raw: string;
+}
+export interface IntegrityResult {
+    status: 'valid' | 'invalid' | 'missing';
+    message: string;
+    expectedHash?: string;
+    actualHash?: string;
+}
+export interface AuthenticityResult {
+    status: 'verified' | 'signed_unknown' | 'unsigned' | 'invalid' | 'error';
+    message: string;
+    signer?: string;
+    keyId?: string;
+    publicKey?: string;
+    isTrusted: boolean;
+    trustedAs?: string;
+}
+export interface RiskAssessment {
+    riskLevel: 'low' | 'medium' | 'high' | 'critical' | 'unknown';
+    riskFactors: string[];
+    destructiveOperations: string[];
+    requiresApproval: boolean;
+}
+export interface VerificationResult {
+    dossierFile: string;
+    integrity: IntegrityResult;
+    authenticity: AuthenticityResult;
+    riskAssessment: RiskAssessment;
+    recommendation: 'ALLOW' | 'WARN' | 'BLOCK';
+    message: string;
+    errors: string[];
+}
+export interface TrustedKey {
+    publicKey: string;
+    keyId: string;
+}
+export interface DossierListItem {
+    name: string;
+    path: string;
+    version: string;
+    protocol: string;
+    status: string;
+    objective: string;
+    riskLevel: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,YAAY,CAAC;IAC1C,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,kBAAkB,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,GAAG,gBAAgB,GAAG,UAAU,GAAG,SAAS,GAAG,OAAO,CAAC;IACzE,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;IAC9D,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,kBAAkB,CAAC;IACjC,cAAc,EAAE,cAAc,CAAC;IAC/B,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/types.js

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * TypeScript type definitions for Dossier format
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map