npm - @ajna-inc/vaults - Versions diffs - 0.1.0 → 0.1.2 - Mend

@ajna-inc/vaults 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/build/VaultsApi.d.ts +363 -0
package/build/VaultsApi.js +450 -248
package/build/VaultsApi.js.map +1 -0
package/build/VaultsEvents.d.ts +227 -0
package/build/VaultsEvents.js +8 -0
package/build/VaultsEvents.js.map +1 -0
package/build/VaultsModule.d.ts +64 -0
package/build/VaultsModule.js +43 -18
package/build/VaultsModule.js.map +1 -0
package/build/crypto/wasm/VaultCrypto.d.ts +19 -0
package/build/crypto/wasm/VaultCrypto.js +29 -42
package/build/crypto/wasm/VaultCrypto.js.map +1 -0
package/build/errors/BadSuiteError.d.ts +8 -0
package/build/errors/BadSuiteError.js +8 -25
package/build/errors/BadSuiteError.js.map +1 -0
package/build/errors/DecryptAeadError.d.ts +8 -0
package/build/errors/DecryptAeadError.js +8 -25
package/build/errors/DecryptAeadError.js.map +1 -0
package/build/errors/DecryptKemError.d.ts +8 -0
package/build/errors/DecryptKemError.js +8 -25
package/build/errors/DecryptKemError.js.map +1 -0
package/build/errors/PolicyError.d.ts +8 -0
package/build/errors/PolicyError.js +8 -25
package/build/errors/PolicyError.js.map +1 -0
package/build/errors/VaultError.d.ts +52 -0
package/build/errors/VaultError.js +19 -30
package/build/errors/VaultError.js.map +1 -0
package/build/errors/index.d.ts +5 -0
package/build/errors/index.js +1 -0
package/build/errors/index.js.map +1 -0
package/build/handlers/CreateVaultHandler.d.ts +18 -0
package/build/handlers/CreateVaultHandler.js +75 -0
package/build/handlers/CreateVaultHandler.js.map +1 -0
package/build/handlers/DeleteVaultHandler.d.ts +17 -0
package/build/handlers/DeleteVaultHandler.js +48 -0
package/build/handlers/DeleteVaultHandler.js.map +1 -0
package/build/handlers/DenyAccessHandler.d.ts +15 -0
package/build/handlers/DenyAccessHandler.js +39 -0
package/build/handlers/DenyAccessHandler.js.map +1 -0
package/build/handlers/DenyShareHandler.d.ts +17 -0
package/build/handlers/DenyShareHandler.js +49 -0
package/build/handlers/DenyShareHandler.js.map +1 -0
package/build/handlers/GrantAccessHandler.d.ts +17 -0
package/build/handlers/GrantAccessHandler.js +59 -0
package/build/handlers/GrantAccessHandler.js.map +1 -0
package/build/handlers/ProvideShareHandler.d.ts +17 -0
package/build/handlers/ProvideShareHandler.js +77 -0
package/build/handlers/ProvideShareHandler.js.map +1 -0
package/build/handlers/RequestAccessHandler.d.ts +18 -0
package/build/handlers/RequestAccessHandler.js +60 -0
package/build/handlers/RequestAccessHandler.js.map +1 -0
package/build/handlers/RequestShareHandler.d.ts +19 -0
package/build/handlers/RequestShareHandler.js +70 -0
package/build/handlers/RequestShareHandler.js.map +1 -0
package/build/handlers/RequestStorageHandler.d.ts +53 -0
package/build/handlers/RequestStorageHandler.js +158 -0
package/build/handlers/RequestStorageHandler.js.map +1 -0
package/build/handlers/RetrieveVaultHandler.d.ts +18 -0
package/build/handlers/RetrieveVaultHandler.js +65 -0
package/build/handlers/RetrieveVaultHandler.js.map +1 -0
package/build/handlers/StoreVaultHandler.d.ts +17 -0
package/build/handlers/StoreVaultHandler.js +77 -0
package/build/handlers/StoreVaultHandler.js.map +1 -0
package/build/handlers/UpdateVaultHandler.d.ts +18 -0
package/build/handlers/UpdateVaultHandler.js +77 -0
package/build/handlers/UpdateVaultHandler.js.map +1 -0
package/build/handlers/VaultCreatedAckHandler.d.ts +15 -0
package/build/handlers/VaultCreatedAckHandler.js +39 -0
package/build/handlers/VaultCreatedAckHandler.js.map +1 -0
package/build/handlers/VaultDataHandler.d.ts +19 -0
package/build/handlers/VaultDataHandler.js +68 -0
package/build/handlers/VaultDataHandler.js.map +1 -0
package/build/handlers/VaultProblemReportHandler.d.ts +17 -0
package/build/handlers/VaultProblemReportHandler.js +40 -0
package/build/handlers/VaultProblemReportHandler.js.map +1 -0
package/build/handlers/VaultReferenceHandler.d.ts +33 -0
package/build/handlers/VaultReferenceHandler.js +169 -0
package/build/handlers/VaultReferenceHandler.js.map +1 -0
package/build/handlers/VaultStoredAckHandler.d.ts +15 -0
package/build/handlers/VaultStoredAckHandler.js +38 -0
package/build/handlers/VaultStoredAckHandler.js.map +1 -0
package/build/handlers/index.d.ts +17 -0
package/build/handlers/index.js +44 -0
package/build/handlers/index.js.map +1 -0
package/build/index.d.ts +42 -0
package/build/index.js +13 -1
package/build/index.js.map +1 -0
package/build/messages/CreateVaultMessage.d.ts +39 -0
package/build/messages/CreateVaultMessage.js +65 -115
package/build/messages/CreateVaultMessage.js.map +1 -0
package/build/messages/DeleteVaultMessage.d.ts +22 -0
package/build/messages/DeleteVaultMessage.js +51 -103
package/build/messages/DeleteVaultMessage.js.map +1 -0
package/build/messages/DenyAccessMessage.d.ts +22 -0
package/build/messages/DenyAccessMessage.js +50 -103
package/build/messages/DenyAccessMessage.js.map +1 -0
package/build/messages/DenyShareMessage.d.ts +24 -0
package/build/messages/DenyShareMessage.js +56 -109
package/build/messages/DenyShareMessage.js.map +1 -0
package/build/messages/GrantAccessMessage.d.ts +32 -0
package/build/messages/GrantAccessMessage.js +63 -115
package/build/messages/GrantAccessMessage.js.map +1 -0
package/build/messages/ProvideShareMessage.d.ts +26 -0
package/build/messages/ProvideShareMessage.js +62 -115
package/build/messages/ProvideShareMessage.js.map +1 -0
package/build/messages/ProvideStorageMessage.d.ts +90 -0
package/build/messages/ProvideStorageMessage.js +193 -0
package/build/messages/ProvideStorageMessage.js.map +1 -0
package/build/messages/RequestAccessMessage.d.ts +30 -0
package/build/messages/RequestAccessMessage.js +57 -109
package/build/messages/RequestAccessMessage.js.map +1 -0
package/build/messages/RequestShareMessage.d.ts +24 -0
package/build/messages/RequestShareMessage.js +56 -109
package/build/messages/RequestShareMessage.js.map +1 -0
package/build/messages/RequestStorageMessage.d.ts +50 -0
package/build/messages/RequestStorageMessage.js +98 -0
package/build/messages/RequestStorageMessage.js.map +1 -0
package/build/messages/RetrieveVaultMessage.d.ts +20 -0
package/build/messages/RetrieveVaultMessage.js +44 -97
package/build/messages/RetrieveVaultMessage.js.map +1 -0
package/build/messages/StoreVaultMessage.d.ts +23 -0
package/build/messages/StoreVaultMessage.js +51 -103
package/build/messages/StoreVaultMessage.js.map +1 -0
package/build/messages/UpdateVaultMessage.d.ts +25 -0
package/build/messages/UpdateVaultMessage.js +58 -109
package/build/messages/UpdateVaultMessage.js.map +1 -0
package/build/messages/VaultCreatedAckMessage.d.ts +20 -0
package/build/messages/VaultCreatedAckMessage.js +44 -97
package/build/messages/VaultCreatedAckMessage.js.map +1 -0
package/build/messages/VaultDataMessage.d.ts +34 -0
package/build/messages/VaultDataMessage.js +59 -110
package/build/messages/VaultDataMessage.js.map +1 -0
package/build/messages/VaultProblemReportMessage.d.ts +35 -0
package/build/messages/VaultProblemReportMessage.js +56 -102
package/build/messages/VaultProblemReportMessage.js.map +1 -0
package/build/messages/VaultReferenceMessage.d.ts +66 -0
package/build/messages/VaultReferenceMessage.js +138 -0
package/build/messages/VaultReferenceMessage.js.map +1 -0
package/build/messages/VaultStoredAckMessage.d.ts +33 -0
package/build/messages/VaultStoredAckMessage.js +51 -104
package/build/messages/VaultStoredAckMessage.js.map +1 -0
package/build/messages/index.d.ts +18 -0
package/build/messages/index.js +6 -1
package/build/messages/index.js.map +1 -0
package/build/models/ThresholdSession.d.ts +37 -0
package/build/models/ThresholdSession.js +1 -0
package/build/models/ThresholdSession.js.map +1 -0
package/build/models/VaultDocument.d.ts +22 -0
package/build/models/VaultDocument.js +1 -0
package/build/models/VaultDocument.js.map +1 -0
package/build/models/VaultHeader.d.ts +92 -0
package/build/models/VaultHeader.js +4 -6
package/build/models/VaultHeader.js.map +1 -0
package/build/models/VaultPolicy.d.ts +24 -0
package/build/models/VaultPolicy.js +1 -0
package/build/models/VaultPolicy.js.map +1 -0
package/build/models/index.d.ts +4 -0
package/build/models/index.js +1 -0
package/build/models/index.js.map +1 -0
package/build/repository/KemKeypairRecord.d.ts +37 -0
package/build/repository/KemKeypairRecord.js +35 -0
package/build/repository/KemKeypairRecord.js.map +1 -0
package/build/repository/KemKeypairRepository.d.ts +18 -0
package/build/repository/KemKeypairRepository.js +50 -0
package/build/repository/KemKeypairRepository.js.map +1 -0
package/build/repository/ThresholdSessionRecord.d.ts +93 -0
package/build/repository/ThresholdSessionRecord.js +58 -92
package/build/repository/ThresholdSessionRecord.js.map +1 -0
package/build/repository/ThresholdSessionRepository.d.ts +35 -0
package/build/repository/ThresholdSessionRepository.js +72 -208
package/build/repository/ThresholdSessionRepository.js.map +1 -0
package/build/repository/VaultRecord.d.ts +105 -0
package/build/repository/VaultRecord.js +94 -115
package/build/repository/VaultRecord.js.map +1 -0
package/build/repository/VaultRepository.d.ts +35 -0
package/build/repository/VaultRepository.js +66 -192
package/build/repository/VaultRepository.js.map +1 -0
package/build/repository/index.d.ts +9 -0
package/build/repository/index.js +7 -1
package/build/repository/index.js.map +1 -0
package/build/services/HPKEService.d.ts +67 -0
package/build/services/HPKEService.js +106 -0
package/build/services/HPKEService.js.map +1 -0
package/build/services/KemKeyExchangeService.d.ts +207 -0
package/build/services/KemKeyExchangeService.js +323 -0
package/build/services/KemKeyExchangeService.js.map +1 -0
package/build/services/VaultEncryptionService.d.ts +120 -0
package/build/services/VaultEncryptionService.js +469 -588
package/build/services/VaultEncryptionService.js.map +1 -0
package/build/services/VaultService.d.ts +127 -0
package/build/services/VaultService.js +224 -376
package/build/services/VaultService.js.map +1 -0
package/build/services/VaultSigningService.d.ts +216 -0
package/build/services/VaultSigningService.js +498 -0
package/build/services/VaultSigningService.js.map +1 -0
package/build/services/index.d.ts +9 -0
package/build/services/index.js +10 -1
package/build/services/index.js.map +1 -0
package/build/storage/VaultStorageConfig.d.ts +97 -0
package/build/storage/VaultStorageConfig.js +22 -0
package/build/storage/VaultStorageConfig.js.map +1 -0
package/build/storage/VaultStorageService.d.ts +118 -0
package/build/storage/VaultStorageService.js +381 -0
package/build/storage/VaultStorageService.js.map +1 -0
package/build/storage/index.d.ts +2 -0
package/build/storage/index.js +21 -0
package/build/storage/index.js.map +1 -0
package/package.json +5 -2

package/build/services/VaultEncryptionService.js CHANGED Viewed

@@ -1,84 +1,16 @@
 "use strict";
-var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
-    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
-    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
-    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
-    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
-    var _, done = false;
-    for (var i = decorators.length - 1; i >= 0; i--) {
-        var context = {};
-        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
-        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
-        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
-        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
-        if (kind === "accessor") {
-            if (result === void 0) continue;
-            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
-            if (_ = accept(result.get)) descriptor.get = _;
-            if (_ = accept(result.set)) descriptor.set = _;
-            if (_ = accept(result.init)) initializers.unshift(_);
-        }
-        else if (_ = accept(result)) {
-            if (kind === "field") initializers.unshift(_);
-            else descriptor[key] = _;
-        }
-    }
-    if (target) Object.defineProperty(target, contextIn.name, descriptor);
-    done = true;
-};
-var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
-    var useValue = arguments.length > 2;
-    for (var i = 0; i < initializers.length; i++) {
-        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
-    }
-    return useValue ? value : void 0;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
-var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
-    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
-    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VaultEncryptionService = void 0;
-var core_1 = require("@credo-ts/core");
-var hash_wasm_1 = require("hash-wasm");
-var VaultCrypto_1 = require("../crypto/wasm/VaultCrypto");
-var errors_1 = require("../errors");
+const core_1 = require("@credo-ts/core");
+const hash_wasm_1 = require("hash-wasm");
+const VaultCrypto_1 = require("../crypto/wasm/VaultCrypto");
+const errors_1 = require("../errors");
 // ═══════════════════════════════════════════════════════════════════════════
 // Service
 // ═══════════════════════════════════════════════════════════════════════════
@@ -91,523 +23,472 @@ var errors_1 = require("../errors");
  *
  * All encryption and decryption happens client-side per ZK-Vault spec.
  */
-var VaultEncryptionService = function () {
-    var _classDecorators = [(0, core_1.injectable)()];
-    var _classDescriptor;
-    var _classExtraInitializers = [];
-    var _classThis;
-    var VaultEncryptionService = _classThis = /** @class */ (function () {
-        function VaultEncryptionService_1() {
-        }
-        // ═══════════════════════════════════════════════════════════════════════
-        // S3 SUITE (PASSPHRASE) - For Local Storage
-        // Spec §4.1: CEK = Argon2id(passphrase, salt, m=64-128MiB, t=2-3)
-        // ═══════════════════════════════════════════════════════════════════════
-        /**
-         * Encrypt data with passphrase (S3 suite)
-         * All encryption happens CLIENT-SIDE
-         *
-         * @param plaintext - Data to encrypt
-         * @param passphrase - User passphrase
-         * @param options - Encryption options
-         * @returns Encrypted vault document
-         */
-        VaultEncryptionService_1.prototype.encryptWithPassphrase = function (plaintext, passphrase, options) {
-            var _a, _b, _c, _d;
-            if (options === void 0) { options = {}; }
-            return __awaiter(this, void 0, void 0, function () {
-                var salt, argon2Params, cek, nonce, docId, vaultId, epoch, aadFields, aad, encResult, ciphertext, kcmp, header;
-                return __generator(this, function (_e) {
-                    switch (_e.label) {
-                        case 0:
-                            salt = (0, VaultCrypto_1.randomBytes)(32);
-                            argon2Params = {
-                                memory: (_a = options.memory) !== null && _a !== void 0 ? _a : 65536, // 64 MiB
-                                iterations: (_b = options.iterations) !== null && _b !== void 0 ? _b : 3,
-                                parallelism: 1,
-                            };
-                            return [4 /*yield*/, this.deriveKeyArgon2(passphrase, salt, argon2Params)
-                                // 3. Generate nonce (12 bytes for AES-GCM)
-                            ];
-                        case 1:
-                            cek = _e.sent();
-                            nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
-                            docId = (_c = options.docId) !== null && _c !== void 0 ? _c : (0, VaultCrypto_1.generateUuid)();
-                            vaultId = (_d = options.vaultId) !== null && _d !== void 0 ? _d : docId;
-                            epoch = 1;
-                            aadFields = {
-                                v: 1,
-                                suite: 'S3',
-                                aead: 'AES-256-GCM',
-                                docId: docId,
-                                vaultId: vaultId,
-                                epoch: epoch,
-                                policy: { mode: 'passphrase' },
-                            };
-                            aad = (0, VaultCrypto_1.canonicalAad)(aadFields);
-                            encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
-                            ciphertext = encResult.ciphertext();
-                            kcmp = (0, VaultCrypto_1.keyCommitment)(cek);
-                            header = {
-                                v: 1,
-                                suite: 'S3',
-                                aead: 'AES-256-GCM',
-                                docId: docId,
-                                vaultId: vaultId,
-                                epoch: epoch,
-                                nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
-                                kcmp: (0, VaultCrypto_1.toBase64Url)(kcmp),
-                                salt: (0, VaultCrypto_1.toBase64Url)(salt),
-                                argon2: argon2Params,
-                                policy: { mode: 'passphrase' },
-                            };
-                            // 9. Zero out CEK from memory (security best practice)
-                            this.zeroize(cek);
-                            return [2 /*return*/, { header: header, ciphertext: ciphertext }];
-                    }
-                });
-            });
-        };
-        /**
-         * Decrypt passphrase-protected vault (S3 suite)
-         * All decryption happens CLIENT-SIDE
-         *
-         * @param vault - Encrypted vault document
-         * @param passphrase - User passphrase
-         * @returns Decrypted plaintext
-         */
-        VaultEncryptionService_1.prototype.decryptWithPassphrase = function (vault, passphrase) {
-            return __awaiter(this, void 0, void 0, function () {
-                var header, ciphertext, salt, cek, expectedKcmp, aad, nonce, plaintext;
-                return __generator(this, function (_a) {
-                    switch (_a.label) {
-                        case 0:
-                            header = vault.header, ciphertext = vault.ciphertext;
-                            // 1. Validate suite
-                            if (header.suite !== 'S3' && header.suite !== 'S1') {
-                                throw new errors_1.BadSuiteError("Expected S1/S3 suite for passphrase vault, got ".concat(header.suite));
-                            }
-                            if (!header.salt || !header.argon2) {
-                                throw new errors_1.PolicyError('Missing salt or argon2 params for passphrase vault');
-                            }
-                            salt = (0, VaultCrypto_1.fromBase64Url)(header.salt);
-                            return [4 /*yield*/, this.deriveKeyArgon2(passphrase, salt, header.argon2)
-                                // 3. Verify key commitment (spec §9.2 step 3)
-                            ];
-                        case 1:
-                            cek = _a.sent();
-                            expectedKcmp = (0, VaultCrypto_1.fromBase64Url)(header.kcmp);
-                            if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, expectedKcmp)) {
-                                this.zeroize(cek);
-                                throw new errors_1.DecryptAeadError('Key commitment verification failed - wrong passphrase');
-                            }
-                            aad = (0, VaultCrypto_1.canonicalAad)({
-                                v: header.v,
-                                suite: header.suite,
-                                aead: header.aead,
-                                docId: header.docId,
-                                vaultId: header.vaultId,
-                                epoch: header.epoch,
-                                policy: header.policy,
-                            });
-                            nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
-                            try {
-                                plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
-                                this.zeroize(cek);
-                                return [2 /*return*/, plaintext];
-                            }
-                            catch (e) {
-                                this.zeroize(cek);
-                                throw new errors_1.DecryptAeadError('AEAD decryption failed - data may be corrupted or tampered');
-                            }
-                            return [2 /*return*/];
-                    }
-                });
-            });
-        };
-        // ═══════════════════════════════════════════════════════════════════════
-        // P1 SUITE (POST-QUANTUM) - For Multi-Party Sharing
-        // Spec §4.1: KEM = ML-KEM-768, AEAD = AES-256-GCM
-        // ═══════════════════════════════════════════════════════════════════════
-        /**
-         * Encrypt with any-of policy (spec §6.1)
-         * Each recipient gets their own KEM-wrapped CEK
-         *
-         * @param plaintext - Data to encrypt
-         * @param recipients - Array of recipient public keys
-         * @param options - Encryption options
-         * @returns Encrypted vault document
-         */
-        VaultEncryptionService_1.prototype.encryptAnyOf = function (plaintext, recipients, options) {
-            var _a, _b;
-            if (options === void 0) { options = {}; }
-            return __awaiter(this, void 0, void 0, function () {
-                var cek, nonce, docId, vaultId, epoch, aad, encResult, ciphertext, recipientWraps, kcmp, header;
-                return __generator(this, function (_c) {
-                    if (recipients.length === 0) {
-                        throw new errors_1.PolicyError('At least one recipient required for any-of policy');
-                    }
-                    cek = (0, VaultCrypto_1.generateCek)();
-                    nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
-                    docId = (_a = options.docId) !== null && _a !== void 0 ? _a : (0, VaultCrypto_1.generateUuid)();
-                    vaultId = (_b = options.vaultId) !== null && _b !== void 0 ? _b : docId;
-                    epoch = 1;
-                    aad = (0, VaultCrypto_1.canonicalAad)({
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        policy: { mode: 'any-of' },
-                    });
-                    encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
-                    ciphertext = encResult.ciphertext();
-                    recipientWraps = recipients.map(function (r) { return ({
-                        kid: r.kid,
-                        kem: 'ML-KEM-768',
-                        ct: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.kemWrapCek)(cek, r.publicKey)),
-                    }); });
-                    kcmp = (0, VaultCrypto_1.keyCommitment)(cek);
-                    header = {
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
-                        kcmp: (0, VaultCrypto_1.toBase64Url)(kcmp),
-                        policy: { mode: 'any-of' },
-                        recipients: recipientWraps,
-                    };
-                    this.zeroize(cek);
-                    return [2 /*return*/, { header: header, ciphertext: ciphertext }];
-                });
-            });
+let VaultEncryptionService = class VaultEncryptionService {
+    // ═══════════════════════════════════════════════════════════════════════
+    // S3 SUITE (PASSPHRASE) - For Local Storage
+    // Spec §4.1: CEK = Argon2id(passphrase, salt, m=64-128MiB, t=2-3)
+    // ═══════════════════════════════════════════════════════════════════════
+    /**
+     * Encrypt data with passphrase (S3 suite)
+     * All encryption happens CLIENT-SIDE
+     *
+     * @param plaintext - Data to encrypt
+     * @param passphrase - User passphrase
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    async encryptWithPassphrase(plaintext, passphrase, options = {}) {
+        // 1. Generate salt (32 bytes)
+        const salt = (0, VaultCrypto_1.randomBytes)(32);
+        // 2. Derive CEK via Argon2id (spec §4.1 S1/S3 suite)
+        const argon2Params = {
+            memory: options.memory ?? 65536, // 64 MiB
+            iterations: options.iterations ?? 3,
+            parallelism: 1,
         };
-        /**
-         * Decrypt any-of vault (spec §9.2)
-         * Try the specified recipient's wrap
-         *
-         * @param vault - Encrypted vault document
-         * @param recipientSecretKey - Recipient's ML-KEM secret key
-         * @param recipientKid - Recipient's key identifier
-         * @returns Decrypted plaintext
-         */
-        VaultEncryptionService_1.prototype.decryptAnyOf = function (vault, recipientSecretKey, recipientKid) {
-            var _a;
-            return __awaiter(this, void 0, void 0, function () {
-                var header, ciphertext, recipient, wrappedCek, cek, aad, nonce, plaintext;
-                return __generator(this, function (_b) {
-                    header = vault.header, ciphertext = vault.ciphertext;
-                    if (((_a = header.policy) === null || _a === void 0 ? void 0 : _a.mode) !== 'any-of' || !header.recipients) {
-                        throw new errors_1.PolicyError('Not an any-of policy vault');
-                    }
-                    recipient = header.recipients.find(function (r) { return r.kid === recipientKid; });
-                    if (!recipient) {
-                        throw new errors_1.DecryptKemError("No recipient wrap found for kid: ".concat(recipientKid));
-                    }
-                    wrappedCek = (0, VaultCrypto_1.fromBase64Url)(recipient.ct);
-                    try {
-                        cek = (0, VaultCrypto_1.kemUnwrapCek)(wrappedCek, recipientSecretKey);
-                    }
-                    catch (e) {
-                        throw new errors_1.DecryptKemError('Failed to unwrap CEK - invalid key or corrupted wrap');
-                    }
-                    // Verify key commitment
-                    if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, (0, VaultCrypto_1.fromBase64Url)(header.kcmp))) {
-                        this.zeroize(cek);
-                        throw new errors_1.DecryptAeadError('Key commitment verification failed');
-                    }
-                    aad = (0, VaultCrypto_1.canonicalAad)({
-                        v: header.v,
-                        suite: header.suite,
-                        aead: header.aead,
-                        docId: header.docId,
-                        vaultId: header.vaultId,
-                        epoch: header.epoch,
-                        policy: header.policy,
-                    });
-                    nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
-                    try {
-                        plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
-                        this.zeroize(cek);
-                        return [2 /*return*/, plaintext];
-                    }
-                    catch (e) {
-                        this.zeroize(cek);
-                        throw new errors_1.DecryptAeadError('AEAD decryption failed');
-                    }
-                    return [2 /*return*/];
-                });
-            });
+        const cek = await this.deriveKeyArgon2(passphrase, salt, argon2Params);
+        // 3. Generate nonce (12 bytes for AES-GCM)
+        const nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
+        // 4. Build document metadata
+        const docId = options.docId ?? (0, VaultCrypto_1.generateUuid)();
+        const vaultId = options.vaultId ?? docId;
+        const epoch = options.epoch ?? 1;
+        // 5. Build AAD (spec §5.3)
+        const aadFields = {
+            v: 1,
+            suite: 'S3',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            policy: { mode: 'passphrase' },
         };
-        /**
-         * Encrypt with all-of policy (spec §6.2)
-         * Requires ALL listed keys to decrypt via HKDF-join
-         *
-         * @param plaintext - Data to encrypt
-         * @param participants - Array of participant public keys
-         * @param options - Encryption options
-         * @returns Encrypted vault document
-         */
-        VaultEncryptionService_1.prototype.encryptAllOf = function (plaintext, participants, options) {
-            var _a, _b;
-            if (options === void 0) { options = {}; }
-            return __awaiter(this, void 0, void 0, function () {
-                var cek, nonce, wrapNonce, docId, vaultId, epoch, keyMaterials, context, wrapKey, wrappedCekResult, aad, encResult, ciphertext, header;
-                return __generator(this, function (_c) {
-                    if (participants.length < 2) {
-                        throw new errors_1.PolicyError('At least 2 participants required for all-of policy');
-                    }
-                    cek = (0, VaultCrypto_1.generateCek)();
-                    nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
-                    wrapNonce = (0, VaultCrypto_1.generateNonceAesGcm)();
-                    docId = (_a = options.docId) !== null && _a !== void 0 ? _a : (0, VaultCrypto_1.generateUuid)();
-                    vaultId = (_b = options.vaultId) !== null && _b !== void 0 ? _b : docId;
-                    epoch = 1;
-                    keyMaterials = participants.map(function (p) { return ({
-                        kid: p.kid,
-                        key: p.publicKey,
-                    }); });
-                    context = "wrap:doc:".concat(docId, ":epoch:").concat(epoch);
-                    wrapKey = (0, VaultCrypto_1.hkdfJoin)(keyMaterials, context);
-                    wrappedCekResult = (0, VaultCrypto_1.aesGcmEncrypt)(wrapKey, wrapNonce, cek, new Uint8Array(0));
-                    aad = (0, VaultCrypto_1.canonicalAad)({
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        policy: { mode: 'all-of' },
-                    });
-                    encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
-                    ciphertext = encResult.ciphertext();
-                    header = {
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
-                        kcmp: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.keyCommitment)(cek)),
-                        policy: { mode: 'all-of' },
-                        wrap_all: {
-                            alg: 'HKDF-join',
-                            kids: participants.map(function (p) { return p.kid; }),
-                            ct: (0, VaultCrypto_1.toBase64Url)(wrappedCekResult.ciphertext()),
-                        },
-                    };
-                    this.zeroize(cek);
-                    this.zeroize(wrapKey);
-                    return [2 /*return*/, { header: header, ciphertext: ciphertext }];
-                });
-            });
+        const aad = (0, VaultCrypto_1.canonicalAad)(aadFields);
+        // 6. Encrypt (spec §9.1 step 3)
+        const encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
+        const ciphertext = encResult.ciphertext;
+        // 7. Compute key commitment (spec §5.1)
+        const kcmp = (0, VaultCrypto_1.keyCommitment)(cek);
+        // 8. Build header
+        const header = {
+            v: 1,
+            suite: 'S3',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
+            kcmp: (0, VaultCrypto_1.toBase64Url)(kcmp),
+            salt: (0, VaultCrypto_1.toBase64Url)(salt),
+            argon2: argon2Params,
+            policy: { mode: 'passphrase' },
         };
-        /**
-         * Encrypt with threshold policy (spec §6.3)
-         * Any t-of-n participants can decrypt
-         *
-         * @param plaintext - Data to encrypt
-         * @param threshold - Minimum shares required (t)
-         * @param participants - Array of participant public keys (n)
-         * @param options - Encryption options
-         * @returns Encrypted vault document
-         */
-        VaultEncryptionService_1.prototype.encryptThreshold = function (plaintext, threshold, participants, options) {
-            var _a, _b;
-            if (options === void 0) { options = {}; }
-            return __awaiter(this, void 0, void 0, function () {
-                var n, cek, nonce, docId, vaultId, epoch, shares, thresholdShares, aad, encResult, ciphertext, header, _i, shares_1, share;
-                return __generator(this, function (_c) {
-                    n = participants.length;
-                    if (threshold < 1 || threshold > n) {
-                        throw new errors_1.PolicyError("Invalid threshold: ".concat(threshold, " of ").concat(n));
-                    }
-                    cek = (0, VaultCrypto_1.generateCek)();
-                    nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
-                    docId = (_a = options.docId) !== null && _a !== void 0 ? _a : (0, VaultCrypto_1.generateUuid)();
-                    vaultId = (_b = options.vaultId) !== null && _b !== void 0 ? _b : docId;
-                    epoch = 1;
-                    shares = (0, VaultCrypto_1.shamirSplit)(cek, threshold, n);
-                    thresholdShares = participants.map(function (p, i) { return ({
-                        kid: p.kid,
-                        enc_share: {
-                            kem: 'ML-KEM-768',
-                            ct: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.kemWrapCek)(shares[i], p.publicKey)),
-                        },
-                    }); });
-                    aad = (0, VaultCrypto_1.canonicalAad)({
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        policy: { mode: 'threshold', t: threshold, n: n },
-                    });
-                    encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
-                    ciphertext = encResult.ciphertext();
-                    header = {
-                        v: 1,
-                        suite: 'P1',
-                        aead: 'AES-256-GCM',
-                        docId: docId,
-                        vaultId: vaultId,
-                        epoch: epoch,
-                        nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
-                        kcmp: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.keyCommitment)(cek)),
-                        policy: { mode: 'threshold', t: threshold, n: n },
-                        shares: thresholdShares,
-                    };
-                    this.zeroize(cek);
-                    // Zero out shares
-                    for (_i = 0, shares_1 = shares; _i < shares_1.length; _i++) {
-                        share = shares_1[_i];
-                        this.zeroize(share);
-                    }
-                    return [2 /*return*/, { header: header, ciphertext: ciphertext }];
-                });
-            });
+        // 9. Zero out CEK from memory (security best practice)
+        this.zeroize(cek);
+        return { header, ciphertext };
+    }
+    /**
+     * Decrypt passphrase-protected vault (S3 suite)
+     * All decryption happens CLIENT-SIDE
+     *
+     * @param vault - Encrypted vault document
+     * @param passphrase - User passphrase
+     * @returns Decrypted plaintext
+     */
+    async decryptWithPassphrase(vault, passphrase) {
+        const { header, ciphertext } = vault;
+        // 1. Validate suite
+        if (header.suite !== 'S3' && header.suite !== 'S1') {
+            throw new errors_1.BadSuiteError(`Expected S1/S3 suite for passphrase vault, got ${header.suite}`);
+        }
+        if (!header.salt || !header.argon2) {
+            throw new errors_1.PolicyError('Missing salt or argon2 params for passphrase vault');
+        }
+        // 2. Derive CEK from passphrase
+        const salt = (0, VaultCrypto_1.fromBase64Url)(header.salt);
+        const cek = await this.deriveKeyArgon2(passphrase, salt, header.argon2);
+        // 3. Verify key commitment (spec §9.2 step 3)
+        const expectedKcmp = (0, VaultCrypto_1.fromBase64Url)(header.kcmp);
+        if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, expectedKcmp)) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('Key commitment verification failed - wrong passphrase');
+        }
+        // 4. Rebuild AAD
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: header.v,
+            suite: header.suite,
+            aead: header.aead,
+            docId: header.docId,
+            vaultId: header.vaultId,
+            epoch: header.epoch,
+            policy: header.policy,
+        });
+        // 5. Decrypt
+        const nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
+        try {
+            const plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
+            this.zeroize(cek);
+            return plaintext;
+        }
+        catch (e) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('AEAD decryption failed - data may be corrupted or tampered');
+        }
+    }
+    // ═══════════════════════════════════════════════════════════════════════
+    // P1 SUITE (POST-QUANTUM) - For Multi-Party Sharing
+    // Spec §4.1: KEM = ML-KEM-768, AEAD = AES-256-GCM
+    // ═══════════════════════════════════════════════════════════════════════
+    /**
+     * Encrypt with any-of policy (spec §6.1)
+     * Each recipient gets their own KEM-wrapped CEK
+     *
+     * @param plaintext - Data to encrypt
+     * @param recipients - Array of recipient public keys
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    async encryptAnyOf(plaintext, recipients, options = {}) {
+        if (recipients.length === 0) {
+            throw new errors_1.PolicyError('At least one recipient required for any-of policy');
+        }
+        // 1. Generate random CEK
+        const cek = (0, VaultCrypto_1.generateCek)();
+        const nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
+        const docId = options.docId ?? (0, VaultCrypto_1.generateUuid)();
+        const vaultId = options.vaultId ?? docId;
+        const epoch = 1;
+        // 2. Build AAD
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            policy: { mode: 'any-of' },
+        });
+        // 3. Encrypt plaintext
+        const encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
+        const ciphertext = encResult.ciphertext;
+        // 4. KEM-wrap CEK for each recipient (spec §6.1)
+        const recipientWraps = recipients.map((r) => ({
+            kid: r.kid,
+            kem: 'ML-KEM-768',
+            ct: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.kemWrapCek)(cek, r.publicKey)),
+        }));
+        // 5. Key commitment
+        const kcmp = (0, VaultCrypto_1.keyCommitment)(cek);
+        // 6. Build header
+        const header = {
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
+            kcmp: (0, VaultCrypto_1.toBase64Url)(kcmp),
+            policy: { mode: 'any-of' },
+            recipients: recipientWraps,
         };
-        /**
-         * Decrypt threshold vault with collected shares
-         *
-         * @param vault - Encrypted vault document
-         * @param decryptedShares - Array of decrypted shares (at least t shares)
-         * @returns Decrypted plaintext
-         */
-        VaultEncryptionService_1.prototype.decryptThreshold = function (vault, decryptedShares) {
-            var _a, _b;
-            return __awaiter(this, void 0, void 0, function () {
-                var header, ciphertext, threshold, shareData, cek, aad, nonce, plaintext;
-                return __generator(this, function (_c) {
-                    header = vault.header, ciphertext = vault.ciphertext;
-                    if (((_a = header.policy) === null || _a === void 0 ? void 0 : _a.mode) !== 'threshold') {
-                        throw new errors_1.PolicyError('Not a threshold policy vault');
-                    }
-                    threshold = (_b = header.policy.t) !== null && _b !== void 0 ? _b : 1;
-                    if (decryptedShares.length < threshold) {
-                        throw new errors_1.PolicyError("Need ".concat(threshold, " shares, got ").concat(decryptedShares.length));
-                    }
-                    shareData = decryptedShares.map(function (s) { return ({
-                        index: s.index,
-                        data: s.share,
-                    }); });
-                    cek = (0, VaultCrypto_1.shamirReconstruct)(shareData);
-                    // Verify key commitment
-                    if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, (0, VaultCrypto_1.fromBase64Url)(header.kcmp))) {
-                        this.zeroize(cek);
-                        throw new errors_1.DecryptAeadError('Key commitment verification failed');
-                    }
-                    aad = (0, VaultCrypto_1.canonicalAad)({
-                        v: header.v,
-                        suite: header.suite,
-                        aead: header.aead,
-                        docId: header.docId,
-                        vaultId: header.vaultId,
-                        epoch: header.epoch,
-                        policy: header.policy,
-                    });
-                    nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
-                    try {
-                        plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
-                        this.zeroize(cek);
-                        return [2 /*return*/, plaintext];
-                    }
-                    catch (e) {
-                        this.zeroize(cek);
-                        throw new errors_1.DecryptAeadError('AEAD decryption failed');
-                    }
-                    return [2 /*return*/];
-                });
-            });
+        this.zeroize(cek);
+        return { header, ciphertext };
+    }
+    /**
+     * Decrypt any-of vault (spec §9.2)
+     * Try the specified recipient's wrap
+     *
+     * @param vault - Encrypted vault document
+     * @param recipientSecretKey - Recipient's ML-KEM secret key
+     * @param recipientKid - Recipient's key identifier
+     * @returns Decrypted plaintext
+     */
+    async decryptAnyOf(vault, recipientSecretKey, recipientKid) {
+        const { header, ciphertext } = vault;
+        if (header.policy?.mode !== 'any-of' || !header.recipients) {
+            throw new errors_1.PolicyError('Not an any-of policy vault');
+        }
+        // Find matching recipient
+        const recipient = header.recipients.find((r) => r.kid === recipientKid);
+        if (!recipient) {
+            throw new errors_1.DecryptKemError(`No recipient wrap found for kid: ${recipientKid}`);
+        }
+        // Unwrap CEK
+        const wrappedCek = (0, VaultCrypto_1.fromBase64Url)(recipient.ct);
+        let cek;
+        try {
+            cek = (0, VaultCrypto_1.kemUnwrapCek)(wrappedCek, recipientSecretKey);
+        }
+        catch (e) {
+            throw new errors_1.DecryptKemError('Failed to unwrap CEK - invalid key or corrupted wrap');
+        }
+        // Verify key commitment
+        if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, (0, VaultCrypto_1.fromBase64Url)(header.kcmp))) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('Key commitment verification failed');
+        }
+        // Decrypt
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: header.v,
+            suite: header.suite,
+            aead: header.aead,
+            docId: header.docId,
+            vaultId: header.vaultId,
+            epoch: header.epoch,
+            policy: header.policy,
+        });
+        const nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
+        try {
+            const plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
+            this.zeroize(cek);
+            return plaintext;
+        }
+        catch (e) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('AEAD decryption failed');
+        }
+    }
+    /**
+     * Encrypt with all-of policy (spec §6.2)
+     * Requires ALL listed keys to decrypt via HKDF-join
+     *
+     * @param plaintext - Data to encrypt
+     * @param participants - Array of participant public keys
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    async encryptAllOf(plaintext, participants, options = {}) {
+        if (participants.length < 2) {
+            throw new errors_1.PolicyError('At least 2 participants required for all-of policy');
+        }
+        // 1. Generate random CEK
+        const cek = (0, VaultCrypto_1.generateCek)();
+        const nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
+        const wrapNonce = (0, VaultCrypto_1.generateNonceAesGcm)();
+        const docId = options.docId ?? (0, VaultCrypto_1.generateUuid)();
+        const vaultId = options.vaultId ?? docId;
+        const epoch = 1;
+        // 2. Derive joint wrap key via HKDF-join (spec §6.2)
+        const keyMaterials = participants.map((p) => ({
+            kid: p.kid,
+            key: p.publicKey,
+        }));
+        const context = `wrap:doc:${docId}:epoch:${epoch}`;
+        const wrapKey = (0, VaultCrypto_1.hkdfJoin)(keyMaterials, context);
+        // 3. Wrap CEK under joint key
+        const wrappedCekResult = (0, VaultCrypto_1.aesGcmEncrypt)(wrapKey, wrapNonce, cek, new Uint8Array(0));
+        // 4. Build AAD and encrypt plaintext
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            policy: { mode: 'all-of' },
+        });
+        const encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
+        const ciphertext = encResult.ciphertext;
+        // 5. Build header
+        const header = {
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
+            kcmp: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.keyCommitment)(cek)),
+            policy: { mode: 'all-of' },
+            wrap_all: {
+                alg: 'HKDF-join',
+                kids: participants.map((p) => p.kid),
+                ct: (0, VaultCrypto_1.toBase64Url)(wrappedCekResult.ciphertext),
+            },
         };
-        /**
-         * Unwrap a single threshold share for a participant
-         *
-         * @param vault - Encrypted vault document
-         * @param participantSecretKey - Participant's ML-KEM secret key
-         * @param participantKid - Participant's key identifier
-         * @returns Decrypted share with its index
-         */
-        VaultEncryptionService_1.prototype.unwrapThresholdShare = function (vault, participantSecretKey, participantKid) {
-            var _a;
-            return __awaiter(this, void 0, void 0, function () {
-                var header, shareIndex, shareEntry, wrappedShare, share;
-                return __generator(this, function (_b) {
-                    header = vault.header;
-                    if (((_a = header.policy) === null || _a === void 0 ? void 0 : _a.mode) !== 'threshold' || !header.shares) {
-                        throw new errors_1.PolicyError('Not a threshold policy vault');
-                    }
-                    shareIndex = header.shares.findIndex(function (s) { return s.kid === participantKid; });
-                    if (shareIndex === -1) {
-                        throw new errors_1.DecryptKemError("No share found for kid: ".concat(participantKid));
-                    }
-                    shareEntry = header.shares[shareIndex];
-                    wrappedShare = (0, VaultCrypto_1.fromBase64Url)(shareEntry.enc_share.ct);
-                    try {
-                        share = (0, VaultCrypto_1.kemUnwrapCek)(wrappedShare, participantSecretKey);
-                    }
-                    catch (e) {
-                        throw new errors_1.DecryptKemError('Failed to unwrap share - invalid key');
-                    }
-                    // Return with 1-based index (Shamir convention)
-                    return [2 /*return*/, {
-                            index: shareIndex + 1,
-                            share: share,
-                        }];
-                });
-            });
+        this.zeroize(cek);
+        this.zeroize(wrapKey);
+        return { header, ciphertext };
+    }
+    /**
+     * Encrypt with threshold policy (spec §6.3)
+     * Any t-of-n participants can decrypt
+     *
+     * @param plaintext - Data to encrypt
+     * @param threshold - Minimum shares required (t)
+     * @param participants - Array of participant public keys (n)
+     * @param options - Encryption options
+     * @returns Encrypted vault document
+     */
+    async encryptThreshold(plaintext, threshold, participants, options = {}) {
+        const n = participants.length;
+        if (threshold < 1 || threshold > n) {
+            throw new errors_1.PolicyError(`Invalid threshold: ${threshold} of ${n}`);
+        }
+        // 1. Generate CEK
+        const cek = (0, VaultCrypto_1.generateCek)();
+        const nonce = (0, VaultCrypto_1.generateNonceAesGcm)();
+        const docId = options.docId ?? (0, VaultCrypto_1.generateUuid)();
+        const vaultId = options.vaultId ?? docId;
+        const epoch = 1;
+        // 2. Split CEK using Shamir (spec §6.3)
+        const shares = (0, VaultCrypto_1.shamirSplit)(cek, threshold, n);
+        // 3. KEM-wrap each share for its participant
+        // shares[i] is a SecretShare object with .identifier and .value properties
+        const thresholdShares = participants.map((p, i) => ({
+            kid: p.kid,
+            enc_share: {
+                kem: 'ML-KEM-768',
+                ct: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.kemWrapCek)(shares[i].value, p.publicKey)),
+            },
+        }));
+        // 4. Encrypt plaintext
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            policy: { mode: 'threshold', t: threshold, n },
+        });
+        const encResult = (0, VaultCrypto_1.aesGcmEncrypt)(cek, nonce, plaintext, aad);
+        const ciphertext = encResult.ciphertext;
+        // 5. Build header
+        const header = {
+            v: 1,
+            suite: 'P1',
+            aead: 'AES-256-GCM',
+            docId,
+            vaultId,
+            epoch,
+            nonce: (0, VaultCrypto_1.toBase64Url)(nonce),
+            kcmp: (0, VaultCrypto_1.toBase64Url)((0, VaultCrypto_1.keyCommitment)(cek)),
+            policy: { mode: 'threshold', t: threshold, n },
+            shares: thresholdShares,
         };
-        // ═══════════════════════════════════════════════════════════════════════
-        // HELPER METHODS
-        // ═══════════════════════════════════════════════════════════════════════
-        /**
-         * Derive key from passphrase using Argon2id
-         * Spec §4.1 S1/S3 suite
-         */
-        VaultEncryptionService_1.prototype.deriveKeyArgon2 = function (passphrase, salt, params) {
-            return __awaiter(this, void 0, void 0, function () {
-                var hash;
-                return __generator(this, function (_a) {
-                    switch (_a.label) {
-                        case 0: return [4 /*yield*/, (0, hash_wasm_1.argon2id)({
-                                password: passphrase,
-                                salt: salt,
-                                parallelism: params.parallelism,
-                                iterations: params.iterations,
-                                memorySize: params.memory,
-                                hashLength: 32,
-                                outputType: 'binary',
-                            })];
-                        case 1:
-                            hash = _a.sent();
-                            return [2 /*return*/, new Uint8Array(hash)];
-                    }
-                });
+        this.zeroize(cek);
+        // Note: shares from shamirSplit are SecretShare objects, not raw Uint8Arrays
+        // Their internal data is already handled by the WASM module
+        return { header, ciphertext };
+    }
+    /**
+     * Decrypt threshold vault with collected shares
+     *
+     * @param vault - Encrypted vault document
+     * @param decryptedShares - Array of decrypted shares (at least t shares)
+     * @returns Decrypted plaintext
+     */
+    async decryptThreshold(vault, decryptedShares) {
+        const { header, ciphertext } = vault;
+        if (header.policy?.mode !== 'threshold') {
+            throw new errors_1.PolicyError('Not a threshold policy vault');
+        }
+        const threshold = header.policy.t ?? 1;
+        if (decryptedShares.length < threshold) {
+            throw new errors_1.PolicyError(`Need ${threshold} shares, got ${decryptedShares.length}`);
+        }
+        // Reconstruct CEK from shares
+        // Convert DecryptedShare to SecretShare objects expected by WASM
+        const shareObjects = decryptedShares.map((s) => {
+            // SecretShare.fromJson expects {identifier, value} format
+            const json = JSON.stringify({
+                identifier: s.index,
+                value: Array.from(s.share),
             });
+            return VaultCrypto_1.SecretShare.fromJson(json);
+        });
+        const cek = (0, VaultCrypto_1.shamirReconstruct)(shareObjects);
+        // Verify key commitment
+        if (!(0, VaultCrypto_1.verifyKeyCommitment)(cek, (0, VaultCrypto_1.fromBase64Url)(header.kcmp))) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('Key commitment verification failed');
+        }
+        // Decrypt
+        const aad = (0, VaultCrypto_1.canonicalAad)({
+            v: header.v,
+            suite: header.suite,
+            aead: header.aead,
+            docId: header.docId,
+            vaultId: header.vaultId,
+            epoch: header.epoch,
+            policy: header.policy,
+        });
+        const nonce = (0, VaultCrypto_1.fromBase64Url)(header.nonce);
+        try {
+            const plaintext = (0, VaultCrypto_1.aesGcmDecrypt)(cek, nonce, ciphertext, aad);
+            this.zeroize(cek);
+            return plaintext;
+        }
+        catch (e) {
+            this.zeroize(cek);
+            throw new errors_1.DecryptAeadError('AEAD decryption failed');
+        }
+    }
+    /**
+     * Unwrap a single threshold share for a participant
+     *
+     * @param vault - Encrypted vault document
+     * @param participantSecretKey - Participant's ML-KEM secret key
+     * @param participantKid - Participant's key identifier
+     * @returns Decrypted share with its index
+     */
+    async unwrapThresholdShare(vault, participantSecretKey, participantKid) {
+        const { header } = vault;
+        if (header.policy?.mode !== 'threshold' || !header.shares) {
+            throw new errors_1.PolicyError('Not a threshold policy vault');
+        }
+        // Find the participant's share
+        const shareIndex = header.shares.findIndex((s) => s.kid === participantKid);
+        if (shareIndex === -1) {
+            throw new errors_1.DecryptKemError(`No share found for kid: ${participantKid}`);
+        }
+        const shareEntry = header.shares[shareIndex];
+        const wrappedShare = (0, VaultCrypto_1.fromBase64Url)(shareEntry.enc_share.ct);
+        // Unwrap the share
+        let share;
+        try {
+            share = (0, VaultCrypto_1.kemUnwrapCek)(wrappedShare, participantSecretKey);
+        }
+        catch (e) {
+            throw new errors_1.DecryptKemError('Failed to unwrap share - invalid key');
+        }
+        // Return with 1-based index (Shamir convention)
+        return {
+            index: shareIndex + 1,
+            share,
         };
-        /**
-         * Zero out sensitive data from memory
-         * Security best practice to minimize exposure window
-         */
-        VaultEncryptionService_1.prototype.zeroize = function (data) {
-            data.fill(0);
-        };
-        return VaultEncryptionService_1;
-    }());
-    __setFunctionName(_classThis, "VaultEncryptionService");
-    (function () {
-        var _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
-        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
-        VaultEncryptionService = _classThis = _classDescriptor.value;
-        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
-        __runInitializers(_classThis, _classExtraInitializers);
-    })();
-    return VaultEncryptionService = _classThis;
-}();
+    }
+    // ═══════════════════════════════════════════════════════════════════════
+    // HELPER METHODS
+    // ═══════════════════════════════════════════════════════════════════════
+    /**
+     * Derive key from passphrase using Argon2id
+     * Spec §4.1 S1/S3 suite
+     */
+    async deriveKeyArgon2(passphrase, salt, params) {
+        const hash = await (0, hash_wasm_1.argon2id)({
+            password: passphrase,
+            salt,
+            parallelism: params.parallelism,
+            iterations: params.iterations,
+            memorySize: params.memory,
+            hashLength: 32,
+            outputType: 'binary',
+        });
+        return new Uint8Array(hash);
+    }
+    /**
+     * Zero out sensitive data from memory
+     * Security best practice to minimize exposure window
+     */
+    zeroize(data) {
+        data.fill(0);
+    }
+};
 exports.VaultEncryptionService = VaultEncryptionService;
+exports.VaultEncryptionService = VaultEncryptionService = __decorate([
+    (0, core_1.injectable)()
+], VaultEncryptionService);
+//# sourceMappingURL=VaultEncryptionService.js.map