@ai-pip/core 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,165 @@
+# @ai-pip/core
+
+> Core implementation of the AI-PIP protocol. Provides layered, zero-trust context processing (CSL, ISL, CPE) to protect AI systems from prompt injection and malicious context manipulation.
+
+[![npm version](https://img.shields.io/npm/v/@ai-pip/core)](https://www.npmjs.com/package/@ai-pip/core)
+[![License](https://img.shields.io/badge/license-Apache--2.0-blue)](LICENSE)
+
+## 📋 Descripción
+
+**AI-PIP (AI Prompt Integrity Protocol)** es un protocolo de seguridad de múltiples capas diseñado para proteger sistemas de IA contra prompt injection y manipulación maliciosa de contexto.
+
+Este paquete contiene la implementación **core** del protocolo, que incluye funciones puras, value objects inmutables y contratos semánticos entre capas.
+
+## 🏗️ Arquitectura
+
+El protocolo AI-PIP está compuesto por las siguientes capas:
+
+### ✅ Capas Implementadas
+
+- **CSL (Context Segmentation Layer)**: Segmenta y clasifica contenido según su origen
+- **ISL (Instruction Sanitization Layer)**: Sanitiza instrucciones según nivel de confianza
+- **CPE (Cryptographic Prompt Envelope)**: Genera envoltorio criptográfico con firma HMAC-SHA256
+
+### ⏳ Capas Pendientes
+
+- **AAL (Agent Action Lock)**: Bloqueo de acciones de agentes
+- **Model Gateway**: Interfaz con modelos de IA
+
+## 📦 Instalación
+
+```bash
+pnpm add @ai-pip/core
+# o
+npm install @ai-pip/core
+# o
+yarn add @ai-pip/core
+```
+
+## 🚀 Uso Básico
+
+### Importar capas completas
+
+```typescript
+import { segment, sanitize, envelope } from '@ai-pip/core'
+```
+
+### Importar capas específicas
+
+```typescript
+// CSL - Context Segmentation Layer
+import { segment, classifySource } from '@ai-pip/core/csl'
+
+// ISL - Instruction Sanitization Layer
+import { sanitize, createPolicyRule } from '@ai-pip/core/isl'
+
+// CPE - Cryptographic Prompt Envelope
+import { envelope, createNonce } from '@ai-pip/core/cpe'
+
+// Shared utilities
+import { addLineageEntry } from '@ai-pip/core/shared'
+```
+
+### Ejemplo Completo
+
+```typescript
+import { segment } from '@ai-pip/core/csl'
+import { sanitize } from '@ai-pip/core/isl'
+import { envelope } from '@ai-pip/core/cpe'
+
+// 1. Segmentar contenido (CSL)
+const cslResult = segment({
+  content: 'User input here',
+  source: 'UI',
+  metadata: {}
+})
+
+// 2. Sanitizar contenido (ISL)
+const islResult = sanitize(cslResult)
+
+// 3. Generar envelope criptográfico (CPE)
+const secretKey = 'your-secret-key'
+const cpeResult = envelope(islResult, secretKey)
+
+// cpeResult.envelope contiene el prompt protegido
+```
+
+## 📚 Documentación
+
+### Documentación de Capas
+
+- **[CSL - Context Segmentation Layer](docs/layer/csl.md)**: Documentación completa de la capa de segmentación
+- **[ISL - Instruction Sanitization Layer](docs/layer/isl.md)**: Documentación completa de la capa de sanitización
+- **[CPE - Cryptographic Prompt Envelope](docs/layer/cpe.md)**: Documentación completa del envoltorio criptográfico
+
+### Documentación General
+
+- **[Arquitectura](docs/architecture.md)**: Arquitectura semántica del protocolo
+- **[Roadmap](docs/roadmap.md)**: Plan de desarrollo y evolución
+- **[Whitepaper](docs/whitepaper.md)**: Especificación técnica completa
+- **[SDK Reference](docs/SDK.md)**: Referencia para desarrollo de SDKs
+
+## 🧪 Testing
+
+```bash
+# Ejecutar tests
+pnpm test
+
+# Tests en modo watch
+pnpm test:watch
+
+# Tests con cobertura
+pnpm test:coverage
+
+# UI de tests
+pnpm test:ui
+```
+
+**Cobertura actual**: 87%
+
+## 🔧 Desarrollo
+
+```bash
+# Instalar dependencias
+pnpm install
+
+# Type checking
+pnpm type-check
+
+# Linting
+pnpm lint
+
+# Desarrollo
+pnpm dev
+```
+
+## 📋 Requisitos
+
+- **Node.js**: >= 18.0.0
+- **pnpm**: >= 8.0.0
+
+## 📄 Licencia
+
+Apache-2.0 - Ver [LICENSE](LICENSE) para más detalles.
+
+## 🤝 Contribuir
+
+Las contribuciones son bienvenidas. Por favor:
+
+1. Revisa el [Roadmap](docs/roadmap.md) para ver qué está pendiente
+2. Abre un issue para discutir cambios mayores
+3. Envía un pull request con tus mejoras
+
+**Repositorio**: https://github.com/AI-PIP/ai-pip-core  
+**Issues**: https://github.com/AI-PIP/ai-pip-core/issues
+
+## 🔗 Enlaces
+
+- **Documentación**: [docs/](docs/)
+- **NPM Package**: https://www.npmjs.com/package/@ai-pip/core
+- **GitHub**: https://github.com/AI-PIP/ai-pip-core
+
+---
+
+**Versión**: 0.1.0  
+**Estado**: Fase 1 - Capas Core (60% completado)

package/package.json

@@ -0,0 +1,79 @@
+{
+  "name": "@ai-pip/core",
+  "version": "0.1.0",
+  "description": "Core implementation of the AI-PIP protocol. Provides layered, zero-trust context processing (CSL, ISL, CPE, ALL, ModelGateway)",
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": {
+      "types": "./src/index.ts",
+      "import": "./src/index.ts"
+    },
+    "./csl": {
+      "types": "./src/csl/index.ts",
+      "import": "./src/csl/index.ts"
+    },
+    "./isl": {
+      "types": "./src/isl/index.ts",
+      "import": "./src/isl/index.ts"
+    },
+    "./cpe": {
+      "types": "./src/cpe/index.ts",
+      "import": "./src/cpe/index.ts"
+    },
+    "./shared": {
+      "types": "./src/shared/index.ts",
+      "import": "./src/shared/index.ts"
+    }
+  },
+  "files": [
+    "src",
+    "tsconfig.json",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">= 18.0.0"
+  },
+  "keywords": [
+    "ai",
+    "security",
+    "prompt-injection",
+    "context-processing",
+    "zero-trust"
+  ],
+  "author": "MasliahDev d3vTek-mv@outlook.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/AI-PIP/ai-pip-core"
+  },
+  "bugs": {
+    "url": "https://github.com/AI-PIP/ai-pip-core/issues"
+  },
+  "homepage": "https://github.com/AI-PIP/ai-pip-core#readme",
+  "license": "Apache-2.0",
+  "devDependencies": {
+    "@eslint/js": "^9.39.2",
+    "@types/node": "^22.19.3",
+    "@vitest/coverage-v8": "^2.1.9",
+    "eslint": "^9.39.2",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.50.1",
+    "vitest": "^2.1.9"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "dev": "tsx src/index.ts",
+    "type-check": "tsc --noEmit",
+    "build": "tsc",
+    "lint": "eslint src --max-warnings=0",
+    "test": "vitest",
+    "test:watch": "vitest --watch",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest --coverage"
+  }
+}

package/src/cpe/envelope.ts

@@ -0,0 +1,115 @@
+/**
+ * Genera el envoltorio criptográfico (CPEEvelope) - función pura principal de CPE
+ * 
+ * @remarks
+ * Esta es la función principal de CPE. Genera un envoltorio criptográfico
+ * que garantiza la integridad y autenticidad del prompt procesado.
+ * 
+ * **Funciones:**
+ * - Genera metadata de seguridad (timestamp, nonce, versión)
+ * - Firma criptográficamente el contenido con HMAC-SHA256
+ * - Encapsula el contenido sanitizado con metadata
+ * - Preserva el linaje completo para auditoría
+ * 
+ * @param islResult - Resultado de ISL con contenido sanitizado
+ * @param secretKey - Clave secreta para HMAC (debe ser proporcionada por el SDK)
+ * @returns CPEResult con el envelope criptográfico
+ * 
+ * @throws {EnvelopeError} Si la generación del envelope falla
+ * 
+ * @example
+ * ```typescript
+ * const cpeResult = envelope(islResult, secretKey)
+ * 
+ * // cpeResult.envelope contiene:
+ * // - content: contenido sanitizado serializado
+ * // - signature: firma HMAC-SHA256
+ * // - metadata: timestamp, nonce, versión
+ * // - lineage: linaje completo
+ * ```
+ */
+import type { ISLResult } from '@/isl/types'
+import type { CPEEvelope, CPEResult } from './types'
+import { createNonce } from './value-objects/Nonce'
+import { createMetadata } from './value-objects/Metadata'
+import { createSignature } from './value-objects/Signature'
+import { EnvelopeError } from './exceptions'
+// Serialización NO es core - va al SDK
+// El core solo define la estructura del envelope
+import { addLineageEntries } from '@/shared/lineage'
+import { createLineageEntry } from '@/csl/value-objects/LineageEntry'
+
+export function envelope(islResult: ISLResult, secretKey: string): CPEResult {
+  const startTime = Date.now()
+
+  try {
+    // 1. Validar input
+    if (!islResult?.segments?.length) {
+      throw new EnvelopeError('ISLResult must contain at least one segment')
+    }
+
+    if (!secretKey || secretKey.length === 0) {
+      throw new EnvelopeError('Secret key is required for envelope generation')
+    }
+
+    // 2. Generar metadata de seguridad
+    const timestamp = Date.now()
+    const nonce = createNonce()
+    const metadata = createMetadata(timestamp, nonce)
+
+    // 3. Preparar payload semántico (contenido procesado por ISL)
+    // El payload puede ser cualquier estructura que represente el contenido procesado
+    const payload: unknown = {
+      segments: islResult.segments.map((segment) => ({
+        id: segment.id,
+        content: segment.sanitizedContent,
+        trust: segment.trust.value,
+        sanitizationLevel: segment.sanitizationLevel,
+      })),
+    }
+
+    // 4. Generar firma criptográfica HMAC-SHA256
+    // Nota: La serialización del contenido para firma debe hacerse en el SDK
+    // El core solo define que se debe firmar el payload + metadata
+    // Por ahora, serializamos de forma básica para mantener funcionalidad
+    
+    const algorithm = 'HMAC-SHA256'
+    const signableContent = JSON.stringify({
+      payload,
+      metadata,
+      algorithm
+    })
+    const signatureVO = createSignature(signableContent, secretKey)
+
+    // 5. Actualizar linaje con entrada CPE
+    const cpeLineageEntry = createLineageEntry('CPE', timestamp)
+    const updatedLineage = addLineageEntries(islResult.lineage, [cpeLineageEntry])
+
+    // 9. Construir envelope según especificación
+    const envelope: CPEEvelope = {
+      payload,
+      metadata,
+      signature: {
+        value: signatureVO.value,
+        algorithm: signatureVO.algorithm,
+      },
+      lineage: updatedLineage,
+    }
+
+    const processingTime = Date.now() - startTime
+
+    return {
+      envelope,
+      processingTimeMs: processingTime,
+    }
+  } catch (error) {
+    if (error instanceof EnvelopeError) {
+      throw error
+    }
+    throw new EnvelopeError(
+      `Failed to generate envelope: ${error instanceof Error ? error.message : 'Unknown error'}`,
+      error instanceof Error ? error : undefined
+    )
+  }
+}
+

package/src/cpe/exceptions/EnvelopeError.ts

@@ -0,0 +1,11 @@
+/**
+ * EnvelopeError - Error al generar el envelope criptográfico
+ */
+export class EnvelopeError extends Error {
+  constructor(message: string, public readonly cause?: Error) {
+    super(message)
+    this.name = 'EnvelopeError'
+    Object.setPrototypeOf(this, EnvelopeError.prototype)
+  }
+}
+

package/src/cpe/exceptions/index.ts

@@ -0,0 +1,6 @@
+/**
+ * CPE Exceptions - Exports
+ */
+
+export { EnvelopeError } from './EnvelopeError'
+

package/src/cpe/index.ts

@@ -0,0 +1,35 @@
+/**
+ * CPE (Cryptographic Prompt Envelope) - Core Semántico
+ * 
+ * @remarks
+ * Este es el core semántico de CPE. Solo contiene:
+ * - Funciones puras (sin estado)
+ * - Value objects inmutables
+ * - Tipos y excepciones
+ * 
+ * **Funciones principales:**
+ * - Generación de metadata de seguridad (timestamp, nonce, versión)
+ * - Firma criptográfica HMAC-SHA256
+ * - Construcción del envelope criptográfico
+ * - Preservación del linaje completo
+ */
+
+// Funciones puras principales
+export { envelope } from './envelope'
+
+// Value objects
+export { createNonce, isValidNonce, equalsNonce } from './value-objects/Nonce'
+export type { Nonce } from './value-objects/Nonce'
+export { createMetadata, isValidMetadata, CURRENT_PROTOCOL_VERSION } from './value-objects/Metadata'
+export { createSignature } from './value-objects/Signature'
+export type { SignatureVO } from './value-objects/Signature'
+
+// Exceptions
+export * from './exceptions'
+
+// Types
+export * from './types'
+
+// Serialización y verificación NO son core - van al SDK
+// El core solo define la estructura del envelope, no implementa serialización
+

package/src/cpe/types.ts

@@ -0,0 +1,68 @@
+/**
+ * Types for CPE (Cryptographic Prompt Envelope) - Core Semántico
+ */
+
+// Importar tipos de CSL
+import type { LineageEntry } from '@/csl/value-objects'
+
+/**
+ * ProtocolVersion - Versión del protocolo AI-PIP
+ */
+export type ProtocolVersion = string
+
+/**
+ * Timestamp - Timestamp Unix en milisegundos
+ */
+export type Timestamp = number
+
+/**
+ * NonceValue - Valor único para prevenir ataques de replay (string)
+ */
+export type NonceValue = string
+
+/**
+ * SignatureAlgorithm - Algoritmo de firma criptográfica
+ */
+export type SignatureAlgorithm = 'HMAC-SHA256'
+
+/**
+ * Signature - Firma criptográfica del envelope
+ */
+export type Signature = string
+
+/**
+ * CPEMetadata - Metadata de seguridad del envelope
+ * Según especificación: timestamp, nonce, protocolVersion, previousSignatures opcionales
+ */
+export interface CPEMetadata {
+  readonly timestamp: Timestamp
+  readonly nonce: NonceValue
+  readonly protocolVersion: ProtocolVersion
+  readonly previousSignatures?: {
+    readonly csl?: string | undefined
+    readonly isl?: string | undefined
+  } | undefined
+}
+
+/**
+ * CPEEvelope - Envoltorio criptográfico completo
+ * Según especificación: payload, metadata, signature (value + algorithm), lineage
+ */
+export interface CPEEvelope {
+  readonly payload: unknown  // Payload semántico (contenido procesado)
+  readonly metadata: CPEMetadata
+  readonly signature: {
+    readonly value: string
+    readonly algorithm: string
+  }
+  readonly lineage: readonly LineageEntry[]
+}
+
+/**
+ * CPEResult - Resultado de la generación del envelope
+ */
+export interface CPEResult {
+  readonly envelope: CPEEvelope
+  readonly processingTimeMs?: number
+}
+