@attest-it/core 0.0.0 → 0.2.0

package/dist/index.d.cts

@@ -17,8 +17,6 @@ interface AttestItSettings {
     attestationsPath: string;
     /** Default command to execute for attestation (can be overridden per suite) */
     defaultCommand?: string;
-    /** Cryptographic algorithm to use for signatures */
-    algorithm: 'ed25519' | 'rsa';
 }
 /**
  * Suite definition from the configuration file.
@@ -37,6 +35,8 @@ interface SuiteConfig {
     command?: string;
     /** Other suite names that, when changed, invalidate this suite's attestation */
     invalidates?: string[];
+    /** Array of suite names this suite depends on */
+    depends_on?: string[];
 }
 /**
  * Full configuration file structure.
@@ -49,6 +49,8 @@ interface AttestItConfig {
     settings: AttestItSettings;
     /** Named test suites with their configurations */
     suites: Record<string, SuiteConfig>;
+    /** Named groups of suites */
+    groups?: Record<string, string[]>;
 }
 /**
  * A single attestation entry.
@@ -116,20 +118,17 @@ declare const configSchema: z.ZodObject<{
         publicKeyPath: z.ZodDefault<z.ZodString>;
         attestationsPath: z.ZodDefault<z.ZodString>;
         defaultCommand: z.ZodOptional<z.ZodString>;
-        algorithm: z.ZodDefault<z.ZodEnum<["ed25519", "rsa"]>>;
-    }, "strict", z.ZodTypeAny, {
-        maxAgeDays: number;
-        publicKeyPath: string;
-        attestationsPath: string;
-        algorithm: "ed25519" | "rsa";
-        defaultCommand?: string | undefined;
-    }, {
-        maxAgeDays?: number | undefined;
-        publicKeyPath?: string | undefined;
-        attestationsPath?: string | undefined;
-        defaultCommand?: string | undefined;
-        algorithm?: "ed25519" | "rsa" | undefined;
-    }>>;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">>>;
     suites: z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodObject<{
         description: z.ZodOptional<z.ZodString>;
         packages: z.ZodArray<z.ZodString, "many">;
@@ -137,6 +136,7 @@ declare const configSchema: z.ZodObject<{
         ignore: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         command: z.ZodOptional<z.ZodString>;
         invalidates: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        depends_on: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, "strict", z.ZodTypeAny, {
         packages: string[];
         description?: string | undefined;
@@ -144,6 +144,7 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }, {
         packages: string[];
         description?: string | undefined;
@@ -151,6 +152,7 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }>>, Record<string, {
         packages: string[];
         description?: string | undefined;
@@ -158,6 +160,7 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }>, Record<string, {
         packages: string[];
         description?: string | undefined;
@@ -165,15 +168,18 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }>>;
+    groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
 }, "strict", z.ZodTypeAny, {
     version: 1;
     settings: {
         maxAgeDays: number;
         publicKeyPath: string;
         attestationsPath: string;
-        algorithm: "ed25519" | "rsa";
         defaultCommand?: string | undefined;
+    } & {
+        [k: string]: unknown;
     };
     suites: Record<string, {
         packages: string[];
@@ -182,7 +188,9 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }>;
+    groups?: Record<string, string[]> | undefined;
 }, {
     version: 1;
     suites: Record<string, {
@@ -192,14 +200,15 @@ declare const configSchema: z.ZodObject<{
         ignore?: string[] | undefined;
         command?: string | undefined;
         invalidates?: string[] | undefined;
+        depends_on?: string[] | undefined;
     }>;
-    settings?: {
-        maxAgeDays?: number | undefined;
-        publicKeyPath?: string | undefined;
-        attestationsPath?: string | undefined;
-        defaultCommand?: string | undefined;
-        algorithm?: "ed25519" | "rsa" | undefined;
-    } | undefined;
+    settings?: z.objectInputType<{
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough"> | undefined;
+    groups?: Record<string, string[]> | undefined;
 }>;
 /**
  * Type inference from Zod schema (should match AttestItConfig).
@@ -523,15 +532,11 @@ declare class SignatureInvalidError extends Error {
  *
  * @remarks
  * This module provides cryptographic operations using OpenSSL for key management
- * and signature verification. It supports Ed25519 and RSA algorithms.
+ * and signature verification. It uses RSA-2048 with SHA-256 for signatures,
+ * which is universally supported across all OpenSSL and LibreSSL versions.
  *
  * @packageDocumentation
  */
-/**
- * Supported signature algorithms.
- * @public
- */
-type Algorithm = 'ed25519' | 'rsa';
 /**
  * Paths to a generated keypair.
  * @public
@@ -547,8 +552,6 @@ interface KeyPaths {
  * @public
  */
 interface KeygenOptions {
-    /** Algorithm to use (default: ed25519) */
-    algorithm?: Algorithm;
     /** Path for private key (default: OS-specific config dir) */
     privatePath?: string;
     /** Path for public key (default: repo root) */
@@ -598,7 +601,11 @@ declare function getDefaultPrivateKeyPath(): string;
  */
 declare function getDefaultPublicKeyPath(): string;
 /**
- * Generate a new keypair using OpenSSL.
+ * Generate a new RSA-2048 keypair using OpenSSL.
+ *
+ * RSA-2048 with SHA-256 is used because it's universally supported across
+ * all OpenSSL and LibreSSL versions, including older macOS systems.
+ *
  * @param options - Generation options
  * @returns Paths to generated keys
  * @throws Error if OpenSSL fails or keys exist without force
@@ -606,7 +613,11 @@ declare function getDefaultPublicKeyPath(): string;
  */
 declare function generateKeyPair(options?: KeygenOptions): Promise<KeyPaths>;
 /**
- * Sign data using a private key.
+ * Sign data using an RSA private key with SHA-256.
+ *
+ * Uses `openssl dgst -sha256 -sign` which is universally supported across
+ * all OpenSSL and LibreSSL versions.
+ *
  * @param options - Signing options
  * @returns Base64-encoded signature
  * @throws Error if signing fails
@@ -614,7 +625,11 @@ declare function generateKeyPair(options?: KeygenOptions): Promise<KeyPaths>;
  */
 declare function sign(options: SignOptions): Promise<string>;
 /**
- * Verify a signature using a public key.
+ * Verify a signature using an RSA public key with SHA-256.
+ *
+ * Uses `openssl dgst -sha256 -verify` which is universally supported across
+ * all OpenSSL and LibreSSL versions.
+ *
  * @param options - Verification options
  * @returns true if signature is valid
  * @throws Error if verification fails (not just invalid signature)
@@ -688,4 +703,4 @@ declare function verifyAttestations(options: VerifyOptions): Promise<VerifyResul
  */
 declare const version = "0.0.0";
 
-export { type Algorithm, type AttestItConfig, type AttestItSettings, type Attestation, type AttestationsFile, type Config, ConfigNotFoundError, ConfigValidationError, type VerifyOptions$1 as CryptoVerifyOptions, type FingerprintOptions, type FingerprintResult, type KeyPaths, type KeygenOptions, type ReadSignedAttestationsOptions, type SignOptions, SignatureInvalidError, type SuiteConfig, type SuiteVerificationResult, type VerificationStatus, type VerifyOptions, type VerifyResult, type WriteSignedAttestationsOptions, canonicalizeAttestations, checkOpenSSL, computeFingerprint, computeFingerprintSync, createAttestation, findAttestation, findConfigPath, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, listPackageFiles, loadConfig, loadConfigSync, readAndVerifyAttestations, readAttestations, readAttestationsSync, removeAttestation, resolveConfigPaths, setKeyPermissions, sign, toAttestItConfig, upsertAttestation, verify, verifyAttestations, version, writeAttestations, writeAttestationsSync, writeSignedAttestations };
+export { type AttestItConfig, type AttestItSettings, type Attestation, type AttestationsFile, type Config, ConfigNotFoundError, ConfigValidationError, type VerifyOptions$1 as CryptoVerifyOptions, type FingerprintOptions, type FingerprintResult, type KeyPaths, type KeygenOptions, type ReadSignedAttestationsOptions, type SignOptions, SignatureInvalidError, type SuiteConfig, type SuiteVerificationResult, type VerificationStatus, type VerifyOptions, type VerifyResult, type WriteSignedAttestationsOptions, canonicalizeAttestations, checkOpenSSL, computeFingerprint, computeFingerprintSync, createAttestation, findAttestation, findConfigPath, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, listPackageFiles, loadConfig, loadConfigSync, readAndVerifyAttestations, readAttestations, readAttestationsSync, removeAttestation, resolveConfigPaths, setKeyPermissions, sign, toAttestItConfig, upsertAttestation, verify, verifyAttestations, version, writeAttestations, writeAttestationsSync, writeSignedAttestations };

package/dist/index.d.ts

@@ -17,8 +17,6 @@ interface AttestItSettings {
     attestationsPath: string;
     /** Default command to execute for attestation (can be overridden per suite) */
     defaultCommand?: string;
-    /** Cryptographic algorithm to use for signatures */
-    algorithm: 'ed25519' | 'rsa';
 }
 /**
  * Suite definition from the configuration file.
@@ -37,6 +35,8 @@ interface SuiteConfig {
     command?: string;
     /** Other suite names that, when changed, invalidate this suite's attestation */
     invalidates?: string[];
+    /** Array of suite names this suite depends on */
+    depends_on?: string[];
 }
 /**
  * Full configuration file structure.
@@ -49,6 +49,8 @@ interface AttestItConfig {
     settings: AttestItSettings;
     /** Named test suites with their configurations */
     suites: Record<string, SuiteConfig>;
+    /** Named groups of suites */
+    groups?: Record<string, string[]>;
 }
 /**
  * A single attestation entry.
@@ -110,27 +112,26 @@ interface SuiteVerificationResult {
  * Zod schema for the full configuration file.
  */
 declare const configSchema: z.ZodObject<{
+    groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
     settings: z.ZodDefault<z.ZodObject<{
-        algorithm: z.ZodDefault<z.ZodEnum<["ed25519", "rsa"]>>;
         attestationsPath: z.ZodDefault<z.ZodString>;
         defaultCommand: z.ZodOptional<z.ZodString>;
         maxAgeDays: z.ZodDefault<z.ZodNumber>;
         publicKeyPath: z.ZodDefault<z.ZodString>;
-    }, "strict", z.ZodTypeAny, {
-        algorithm: "ed25519" | "rsa";
-        attestationsPath: string;
-        defaultCommand?: string | undefined;
-        maxAgeDays: number;
-        publicKeyPath: string;
-    }, {
-        algorithm?: "ed25519" | "rsa" | undefined;
-        attestationsPath?: string | undefined;
-        defaultCommand?: string | undefined;
-        maxAgeDays?: number | undefined;
-        publicKeyPath?: string | undefined;
-    }>>;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">>>;
     suites: z.ZodEffects<z.ZodRecord<z.ZodString, z.ZodObject<{
         command: z.ZodOptional<z.ZodString>;
+        depends_on: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         description: z.ZodOptional<z.ZodString>;
         files: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         ignore: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -138,6 +139,7 @@ declare const configSchema: z.ZodObject<{
         packages: z.ZodArray<z.ZodString, "many">;
     }, "strict", z.ZodTypeAny, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -145,6 +147,7 @@ declare const configSchema: z.ZodObject<{
         packages: string[];
     }, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -152,6 +155,7 @@ declare const configSchema: z.ZodObject<{
         packages: string[];
     }>>, Record<string, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -159,6 +163,7 @@ declare const configSchema: z.ZodObject<{
         packages: string[];
     }>, Record<string, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -167,15 +172,16 @@ declare const configSchema: z.ZodObject<{
     }>>;
     version: z.ZodLiteral<1>;
 }, "strict", z.ZodTypeAny, {
+    groups?: Record<string, string[]> | undefined;
     settings: {
-        algorithm: "ed25519" | "rsa";
         attestationsPath: string;
         defaultCommand?: string | undefined;
         maxAgeDays: number;
         publicKeyPath: string;
-    };
+    } & { [k: string]: unknown };
     suites: Record<string, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -184,15 +190,16 @@ declare const configSchema: z.ZodObject<{
     }>;
     version: 1;
 }, {
-    settings?: {
-        algorithm?: "ed25519" | "rsa" | undefined;
-        attestationsPath?: string | undefined;
-        defaultCommand?: string | undefined;
-        maxAgeDays?: number | undefined;
-        publicKeyPath?: string | undefined;
-    } | undefined;
+    groups?: Record<string, string[]> | undefined;
+    settings?: undefined | z.objectInputType<{
+        attestationsPath: z.ZodDefault<z.ZodString>;
+        defaultCommand: z.ZodOptional<z.ZodString>;
+        maxAgeDays: z.ZodDefault<z.ZodNumber>;
+        publicKeyPath: z.ZodDefault<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">;
     suites: Record<string, {
         command?: string | undefined;
+        depends_on?: string[] | undefined;
         description?: string | undefined;
         files?: string[] | undefined;
         ignore?: string[] | undefined;
@@ -523,15 +530,11 @@ declare class SignatureInvalidError extends Error {
  *
  * @remarks
  * This module provides cryptographic operations using OpenSSL for key management
- * and signature verification. It supports Ed25519 and RSA algorithms.
+ * and signature verification. It uses RSA-2048 with SHA-256 for signatures,
+ * which is universally supported across all OpenSSL and LibreSSL versions.
  *
  * @packageDocumentation
  */
-/**
- * Supported signature algorithms.
- * @public
- */
-type Algorithm = 'ed25519' | 'rsa';
 /**
  * Paths to a generated keypair.
  * @public
@@ -547,8 +550,6 @@ interface KeyPaths {
  * @public
  */
 interface KeygenOptions {
-    /** Algorithm to use (default: ed25519) */
-    algorithm?: Algorithm;
     /** Path for private key (default: OS-specific config dir) */
     privatePath?: string;
     /** Path for public key (default: repo root) */
@@ -598,7 +599,11 @@ declare function getDefaultPrivateKeyPath(): string;
  */
 declare function getDefaultPublicKeyPath(): string;
 /**
- * Generate a new keypair using OpenSSL.
+ * Generate a new RSA-2048 keypair using OpenSSL.
+ *
+ * RSA-2048 with SHA-256 is used because it's universally supported across
+ * all OpenSSL and LibreSSL versions, including older macOS systems.
+ *
  * @param options - Generation options
  * @returns Paths to generated keys
  * @throws Error if OpenSSL fails or keys exist without force
@@ -606,7 +611,11 @@ declare function getDefaultPublicKeyPath(): string;
  */
 declare function generateKeyPair(options?: KeygenOptions): Promise<KeyPaths>;
 /**
- * Sign data using a private key.
+ * Sign data using an RSA private key with SHA-256.
+ *
+ * Uses `openssl dgst -sha256 -sign` which is universally supported across
+ * all OpenSSL and LibreSSL versions.
+ *
  * @param options - Signing options
  * @returns Base64-encoded signature
  * @throws Error if signing fails
@@ -614,7 +623,11 @@ declare function generateKeyPair(options?: KeygenOptions): Promise<KeyPaths>;
  */
 declare function sign(options: SignOptions): Promise<string>;
 /**
- * Verify a signature using a public key.
+ * Verify a signature using an RSA public key with SHA-256.
+ *
+ * Uses `openssl dgst -sha256 -verify` which is universally supported across
+ * all OpenSSL and LibreSSL versions.
+ *
  * @param options - Verification options
  * @returns true if signature is valid
  * @throws Error if verification fails (not just invalid signature)
@@ -688,4 +701,4 @@ declare function verifyAttestations(options: VerifyOptions): Promise<VerifyResul
  */
 declare const version = "0.0.0";
 
-export { type Algorithm, type AttestItConfig, type AttestItSettings, type Attestation, type AttestationsFile, type Config, ConfigNotFoundError, ConfigValidationError, type VerifyOptions$1 as CryptoVerifyOptions, type FingerprintOptions, type FingerprintResult, type KeyPaths, type KeygenOptions, type ReadSignedAttestationsOptions, type SignOptions, SignatureInvalidError, type SuiteConfig, type SuiteVerificationResult, type VerificationStatus, type VerifyOptions, type VerifyResult, type WriteSignedAttestationsOptions, canonicalizeAttestations, checkOpenSSL, computeFingerprint, computeFingerprintSync, createAttestation, findAttestation, findConfigPath, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, listPackageFiles, loadConfig, loadConfigSync, readAndVerifyAttestations, readAttestations, readAttestationsSync, removeAttestation, resolveConfigPaths, setKeyPermissions, sign, toAttestItConfig, upsertAttestation, verify, verifyAttestations, version, writeAttestations, writeAttestationsSync, writeSignedAttestations };
+export { type AttestItConfig, type AttestItSettings, type Attestation, type AttestationsFile, type Config, ConfigNotFoundError, ConfigValidationError, type VerifyOptions$1 as CryptoVerifyOptions, type FingerprintOptions, type FingerprintResult, type KeyPaths, type KeygenOptions, type ReadSignedAttestationsOptions, type SignOptions, SignatureInvalidError, type SuiteConfig, type SuiteVerificationResult, type VerificationStatus, type VerifyOptions, type VerifyResult, type WriteSignedAttestationsOptions, canonicalizeAttestations, checkOpenSSL, computeFingerprint, computeFingerprintSync, createAttestation, findAttestation, findConfigPath, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, listPackageFiles, loadConfig, loadConfigSync, readAndVerifyAttestations, readAttestations, readAttestationsSync, removeAttestation, resolveConfigPaths, setKeyPermissions, sign, toAttestItConfig, upsertAttestation, verify, verifyAttestations, version, writeAttestations, writeAttestationsSync, writeSignedAttestations };

package/dist/index.js

@@ -1,4 +1,4 @@
-export { checkOpenSSL, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, setKeyPermissions, sign, verify } from './chunk-UWYR7JNE.js';
+export { checkOpenSSL, generateKeyPair, getDefaultPrivateKeyPath, getDefaultPublicKeyPath, setKeyPermissions, sign, verify } from './chunk-CEE7ONNG.js';
 import * as fs from 'fs';
 import { readFileSync } from 'fs';
 import { readFile } from 'fs/promises';
@@ -15,23 +15,25 @@ var settingsSchema = z.object({
   maxAgeDays: z.number().int().positive().default(30),
   publicKeyPath: z.string().default(".attest-it/pubkey.pem"),
   attestationsPath: z.string().default(".attest-it/attestations.json"),
-  defaultCommand: z.string().optional(),
-  algorithm: z.enum(["ed25519", "rsa"]).default("ed25519")
-}).strict();
+  defaultCommand: z.string().optional()
+  // Note: algorithm field was removed - RSA is the only supported algorithm
+}).passthrough();
 var suiteSchema = z.object({
   description: z.string().optional(),
   packages: z.array(z.string().min(1, "Package path cannot be empty")).min(1, "At least one package pattern is required"),
   files: z.array(z.string().min(1, "File path cannot be empty")).optional(),
   ignore: z.array(z.string().min(1, "Ignore pattern cannot be empty")).optional(),
   command: z.string().optional(),
-  invalidates: z.array(z.string().min(1, "Invalidated suite name cannot be empty")).optional()
+  invalidates: z.array(z.string().min(1, "Invalidated suite name cannot be empty")).optional(),
+  depends_on: z.array(z.string().min(1, "Dependency suite name cannot be empty")).optional()
 }).strict();
 var configSchema = z.object({
   version: z.literal(1),
   settings: settingsSchema.default({}),
   suites: z.record(z.string(), suiteSchema).refine((suites) => Object.keys(suites).length >= 1, {
     message: "At least one suite must be defined"
-  })
+  }),
+  groups: z.record(z.string(), z.array(z.string().min(1, "Suite name in group cannot be empty"))).optional()
 }).strict();
 var ConfigValidationError = class extends Error {
   constructor(message, issues) {
@@ -150,7 +152,6 @@ function toAttestItConfig(config) {
       maxAgeDays: config.settings.maxAgeDays,
       publicKeyPath: config.settings.publicKeyPath,
       attestationsPath: config.settings.attestationsPath,
-      algorithm: config.settings.algorithm,
       ...config.settings.defaultCommand !== void 0 && {
         defaultCommand: config.settings.defaultCommand
       }
@@ -164,10 +165,12 @@ function toAttestItConfig(config) {
           ...suite.files !== void 0 && { files: suite.files },
           ...suite.ignore !== void 0 && { ignore: suite.ignore },
           ...suite.command !== void 0 && { command: suite.command },
-          ...suite.invalidates !== void 0 && { invalidates: suite.invalidates }
+          ...suite.invalidates !== void 0 && { invalidates: suite.invalidates },
+          ...suite.depends_on !== void 0 && { depends_on: suite.depends_on }
         }
       ])
-    )
+    ),
+    ...config.groups !== void 0 && { groups: config.groups }
   };
 }
 var LARGE_FILE_THRESHOLD = 50 * 1024 * 1024;
@@ -467,7 +470,7 @@ function createAttestation(params) {
   return attestation;
 }
 async function writeSignedAttestations(options) {
-  const { sign: sign2 } = await import('./crypto-ITLMIMRJ.js');
+  const { sign: sign2 } = await import('./crypto-VAXWUGKL.js');
   const canonical = canonicalizeAttestations(options.attestations);
   const signature = await sign2({
     privateKeyPath: options.privateKeyPath,
@@ -476,7 +479,7 @@ async function writeSignedAttestations(options) {
   await writeAttestations(options.filePath, options.attestations, signature);
 }
 async function readAndVerifyAttestations(options) {
-  const { verify: verify2 } = await import('./crypto-ITLMIMRJ.js');
+  const { verify: verify2 } = await import('./crypto-VAXWUGKL.js');
   const file = await readAttestations(options.filePath);
   if (!file) {
     throw new Error(`Attestations file not found: ${options.filePath}`);