@attested-intelligence/aga-mcp-server 3.0.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/DEPLOYMENT.md +2 -2
  2. package/README.md +8 -10
  3. package/THREAT_BOUNDARY.md +9 -9
  4. package/dist/proxy/evaluator.d.ts.map +1 -1
  5. package/dist/proxy/evaluator.js +4 -1
  6. package/dist/proxy/evaluator.js.map +1 -1
  7. package/dist/proxy/index.d.ts.map +1 -1
  8. package/dist/proxy/index.js +4 -1
  9. package/dist/proxy/index.js.map +1 -1
  10. package/dist/proxy/server.d.ts +1 -0
  11. package/dist/proxy/server.d.ts.map +1 -1
  12. package/dist/proxy/server.js +23 -5
  13. package/dist/proxy/server.js.map +1 -1
  14. package/dist/proxy/stdio-bridge.d.ts.map +1 -1
  15. package/dist/proxy/stdio-bridge.js +10 -0
  16. package/dist/proxy/stdio-bridge.js.map +1 -1
  17. package/dist/sep/bundle.js +2 -2
  18. package/dist/sep/bundle.js.map +1 -1
  19. package/dist/sep/checkpoint.d.ts.map +1 -1
  20. package/dist/sep/checkpoint.js +2 -2
  21. package/dist/sep/checkpoint.js.map +1 -1
  22. package/dist/sep/crypto.d.ts +2 -0
  23. package/dist/sep/crypto.d.ts.map +1 -1
  24. package/dist/sep/crypto.js +1 -1
  25. package/dist/sep/crypto.js.map +1 -1
  26. package/dist/sep/hybrid.d.ts +60 -0
  27. package/dist/sep/hybrid.d.ts.map +1 -0
  28. package/dist/sep/hybrid.js +189 -0
  29. package/dist/sep/hybrid.js.map +1 -0
  30. package/dist/sep/index.d.ts +4 -1
  31. package/dist/sep/index.d.ts.map +1 -1
  32. package/dist/sep/index.js +3 -0
  33. package/dist/sep/index.js.map +1 -1
  34. package/dist/sep/policy-ref.d.ts +8 -0
  35. package/dist/sep/policy-ref.d.ts.map +1 -0
  36. package/dist/sep/policy-ref.js +14 -0
  37. package/dist/sep/policy-ref.js.map +1 -0
  38. package/dist/sep/profiles.d.ts +22 -0
  39. package/dist/sep/profiles.d.ts.map +1 -0
  40. package/dist/sep/profiles.js +56 -0
  41. package/dist/sep/profiles.js.map +1 -0
  42. package/dist/sep/receipt.js +0 -0
  43. package/dist/sep/receipt.js.map +1 -1
  44. package/dist/sep/verify.d.ts +8 -3
  45. package/dist/sep/verify.d.ts.map +1 -1
  46. package/dist/sep/verify.js +67 -49
  47. package/dist/sep/verify.js.map +1 -1
  48. package/package.json +28 -7
@@ -1 +1 @@
1
- {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/sep/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EACL,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW,EAAE,UAAU,EACtE,IAAI,IAAI,QAAQ,EAAE,MAAM,IAAI,UAAU,GACvC,MAAM,aAAa,CAAC;AAErB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC,CAAC,sCAAsC;AACnG,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC,CAAC,4BAA4B;AAElG,MAAM,UAAU,SAAS,CAAC,CAAS;IACjC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,CAAU,EAAE,CAAS;IACzC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAOD,0FAA0F;AAC1F,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7F,MAAM,EAAE,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/G,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACnG,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;AAChD,CAAC;AAED,mGAAmG;AACnG,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IACtH,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,4FAA4F;AAC5F,+FAA+F;AAC/F,8FAA8F;AAC9F,wFAAwF;AACxF,8FAA8F;AAC9F,qDAAqD;AACrD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAS;IACvC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAkB,kBAAkB;IACnD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAW,gCAAgC;IACjE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,2BAA2B;IAC5D,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAI,+BAA+B;IAChE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAI,mBAAmB;IACpD,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,uBAAuB;IACxD,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,qBAAqB;IACzF,kEAAkE,EAAE,qBAAqB;CAC1F,CAAC,CAAC;AACH,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;IACjC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,SAAS,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC;AACrC;oGACoG;AACpG,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAClC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,SAAS,CAAC;AACvB,CAAC;AAED,mGAAmG;AACnG,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAa,CAAC;QAAE,OAAO,KAAK,CAAC,CAAG,kCAAkC;IAC3F,IAAI,CAAC,YAAY,CAAC,GAAa,CAAC;QAAE,OAAO,KAAK,CAAC,CAAU,0DAA0D;IACnH,IAAI,CAAC;QACH,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAa,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAChH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,OAAe,EAAE,MAAc;IACvE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACvF,IAAI,CAAC;QACH,OAAO,UAAU,CACf,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAC5B,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACxG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAC3B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,MAAM,GAAG,MAAM;IACnC,OAAO,GAAG,MAAM,IAAI,UAAU,EAAE,EAAE,CAAC;AACrC,CAAC"}
1
+ {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/sep/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EACL,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW,EAAE,UAAU,EACtE,IAAI,IAAI,QAAQ,EAAE,MAAM,IAAI,UAAU,GACvC,MAAM,aAAa,CAAC;AAErB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC,CAAC,sCAAsC;AACnG,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC,CAAC,4BAA4B;AAElG,MAAM,UAAU,SAAS,CAAC,CAAS;IACjC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,CAAU,EAAE,CAAS;IACzC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AASD,0FAA0F;AAC1F,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7F,MAAM,EAAE,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/G,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACpI,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;AAChD,CAAC;AAED,mGAAmG;AACnG,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IACtH,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,4FAA4F;AAC5F,+FAA+F;AAC/F,8FAA8F;AAC9F,wFAAwF;AACxF,8FAA8F;AAC9F,qDAAqD;AACrD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAS;IACvC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAkB,kBAAkB;IACnD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAW,gCAAgC;IACjE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,2BAA2B;IAC5D,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAI,+BAA+B;IAChE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAI,mBAAmB;IACpD,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,uBAAuB;IACxD,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,qBAAqB;IACzF,kEAAkE,EAAE,qBAAqB;CAC1F,CAAC,CAAC;AACH,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;IACjC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,SAAS,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC;AACrC;oGACoG;AACpG,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAClC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,SAAS,CAAC;AACvB,CAAC;AAED,mGAAmG;AACnG,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAa,CAAC;QAAE,OAAO,KAAK,CAAC,CAAG,kCAAkC;IAC3F,IAAI,CAAC,YAAY,CAAC,GAAa,CAAC;QAAE,OAAO,KAAK,CAAC,CAAU,0DAA0D;IACnH,IAAI,CAAC;QACH,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAa,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAChH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,OAAe,EAAE,MAAc;IACvE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACvF,IAAI,CAAC;QACH,OAAO,UAAU,CACf,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAC5B,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACxG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAC3B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,MAAM,GAAG,MAAM;IACnC,OAAO,GAAG,MAAM,IAAI,UAAU,EAAE,EAAE,CAAC;AACrC,CAAC"}
@@ -0,0 +1,60 @@
1
+ import type { SepSigner } from './crypto.js';
2
+ /** The composite algorithm identifier, shared with AGA Go + VerifyBundle. */
3
+ export declare const ALG_HYBRID = "ML-DSA-65+Ed25519-SHA256-JCS";
4
+ /** FIPS 204 ML-DSA-65 component byte lengths. */
5
+ export declare const MLDSA65_PUBLIC_KEY_BYTES = 1952;
6
+ export declare const MLDSA65_SECRET_KEY_BYTES = 4032;
7
+ export declare const MLDSA65_SIGNATURE_BYTES = 3309;
8
+ export declare const MLDSA65_SEED_BYTES = 32;
9
+ /** Ed25519 component byte lengths (RFC 8032). */
10
+ export declare const ED25519_PUBLIC_KEY_BYTES = 32;
11
+ export declare const ED25519_SEED_BYTES = 32;
12
+ export declare const ED25519_SIGNATURE_BYTES = 64;
13
+ /** An ephemeral composite secret key. `mldsa` is the expanded ML-DSA-65 secret key; `ed` the 32-byte seed. */
14
+ export interface HybridSecretKey {
15
+ mldsa: Uint8Array;
16
+ ed: Uint8Array;
17
+ }
18
+ /** Encode two byte strings as len32(a) || a || len32(b) || b (4-byte big-endian lengths). */
19
+ export declare function encodeComposite(a: Uint8Array, b: Uint8Array): Uint8Array;
20
+ /**
21
+ * Decode len32(a) || a || len32(b) || b into [a, b]. Fails closed: throws on a short buffer, a length
22
+ * prefix that overruns the data, or trailing bytes after b (extra bytes are rejected to remove a
23
+ * malleability surface — matches the Go DecodeComposite trailing-byte reject).
24
+ */
25
+ export declare function decodeComposite(data: Uint8Array): [Uint8Array, Uint8Array];
26
+ /** Lower-hex composite public key for a hybrid secret key. */
27
+ export declare function hybridPublicKeyHex(sk: HybridSecretKey): string;
28
+ /** Generate a fresh ephemeral hybrid keypair. The secret key never leaves the caller. */
29
+ export declare function generateHybridKeypair(): {
30
+ secretKey: HybridSecretKey;
31
+ publicKeyHex: string;
32
+ };
33
+ /** Deterministically derive a hybrid keypair from two 32-byte seeds (used by the cross-verify fixtures). */
34
+ export declare function hybridKeypairFromSeeds(mldsaSeed: Uint8Array, edSeed: Uint8Array): {
35
+ secretKey: HybridSecretKey;
36
+ publicKeyHex: string;
37
+ };
38
+ /** Sign raw message bytes, returning the composite signature bytes (trusted-input signing path). */
39
+ export declare function signHybridBytes(message: Uint8Array, sk: HybridSecretKey): Uint8Array;
40
+ /** Sign a UTF-8 message; returns the lower-hex composite signature. */
41
+ export declare function signHybrid(message: string, sk: HybridSecretKey): string;
42
+ /**
43
+ * Verify a composite signature over raw message bytes under a composite public key. Returns true only
44
+ * if BOTH the ML-DSA-65 and the Ed25519 components verify. Fails closed on any malformed/short/over-long
45
+ * composite or wrong component length.
46
+ */
47
+ export declare function verifyHybridBytes(compositePub: Uint8Array, message: Uint8Array, compositeSig: Uint8Array): boolean;
48
+ /**
49
+ * Verify a lower-hex composite signature over a UTF-8 message under a lower-hex composite public key.
50
+ * Rejects malformed hex before touching the curve/lattice; never throws.
51
+ */
52
+ export declare function verifyHybrid(pubHex: unknown, message: string, sigHex: unknown): boolean;
53
+ /** A v2 composite SepSigner from two 32-byte seeds (deterministic; for the producer + cross-verify tests). */
54
+ export declare function hybridSignerFromSeeds(mldsaSeed: Uint8Array, edSeed: Uint8Array): SepSigner;
55
+ /** A v2 composite SepSigner from a fresh ephemeral keypair (the secret key is returned for persistence). */
56
+ export declare function generateHybridSigner(): {
57
+ signer: SepSigner;
58
+ secretKey: HybridSecretKey;
59
+ };
60
+ //# sourceMappingURL=hybrid.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["../../src/sep/hybrid.ts"],"names":[],"mappings":"AAuBA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAM7C,6EAA6E;AAC7E,eAAO,MAAM,UAAU,iCAAiC,CAAC;AAEzD,iDAAiD;AACjD,eAAO,MAAM,wBAAwB,OAAO,CAAC;AAC7C,eAAO,MAAM,wBAAwB,OAAO,CAAC;AAC7C,eAAO,MAAM,uBAAuB,OAAO,CAAC;AAC5C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AACrC,iDAAiD;AACjD,eAAO,MAAM,wBAAwB,KAAK,CAAC;AAC3C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AACrC,eAAO,MAAM,uBAAuB,KAAK,CAAC;AAE1C,8GAA8G;AAC9G,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,UAAU,CAAC;IAClB,EAAE,EAAE,UAAU,CAAC;CAChB;AAED,6FAA6F;AAC7F,wBAAgB,eAAe,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,UAAU,CAQxE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAa1E;AASD,8DAA8D;AAC9D,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,eAAe,GAAG,MAAM,CAE9D;AAED,yFAAyF;AACzF,wBAAgB,qBAAqB,IAAI;IAAE,SAAS,EAAE,eAAe,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAI5F;AAED,4GAA4G;AAC5G,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,UAAU,EACrB,MAAM,EAAE,UAAU,GACjB;IAAE,SAAS,EAAE,eAAe,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAKtD;AAED,oGAAoG;AACpG,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,eAAe,GAAG,UAAU,CAIpF;AAED,uEAAuE;AACvE,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,eAAe,GAAG,MAAM,CAEvE;AAcD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,UAAU,EACxB,OAAO,EAAE,UAAU,EACnB,YAAY,EAAE,UAAU,GACvB,OAAO,CAuBT;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAavF;AAED,8GAA8G;AAC9G,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS,CAG1F;AAED,4GAA4G;AAC5G,wBAAgB,oBAAoB,IAAI;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAGxF"}
@@ -0,0 +1,189 @@
1
+ /**
2
+ * ML-DSA-65 + Ed25519 composite hybrid signature (SHARED_CRYPTO_FOUNDATION.md §2) — v2 profile.
3
+ *
4
+ * Byte-for-byte counterpart of the AGA Go/CIRCL construction in
5
+ * aga-k8s/internal/crypto/backends/hybrid.go AND of VerifyBundle's packages/integrity/src/hybrid.ts
6
+ * (this file is ported verbatim from the latter; only the hex/utf8 util import path differs). A
7
+ * signature produced by any of the three verifies under the others. Proven byte-identical Go<->JS by
8
+ * aga-k8s/internal/crypto/hybrid_xverify_test.go against the pinned cross-verify fixtures.
9
+ *
10
+ * algorithm id : "ML-DSA-65+Ed25519-SHA256-JCS"
11
+ * composite : len32(a) || a || len32(b) || b (len32 = 4-byte big-endian uint32)
12
+ * a = ML-DSA-65 component, b = Ed25519 component (for both keys and signatures)
13
+ * ML-DSA-65 : FIPS 204, EXTERNAL interface, EMPTY context, DETERMINISTIC (rnd = zeros).
14
+ * Ed25519 : RFC 8032, strict (zip215:false) with small-order public-key rejection.
15
+ * acceptance : AND — both component signatures must verify; no partial acceptance.
16
+ *
17
+ * The v1 zero-dependency reference verifier (aga-receipt-spec/verify/verify-sep.mjs, node:crypto only)
18
+ * does NOT import this; v2 lives in the agile engine, which carries the @noble dependency.
19
+ */
20
+ import { ml_dsa65 } from '@noble/post-quantum/ml-dsa.js';
21
+ import * as ed from '@noble/ed25519';
22
+ import { sha512 } from '@noble/hashes/sha512';
23
+ import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils';
24
+ // @noble/ed25519 v2 needs a synchronous SHA-512 hook for synchronous sign/verify. Wiring it from
25
+ // @noble/hashes keeps the stack dependency-pure (no node:crypto in the composite path).
26
+ ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
27
+ /** The composite algorithm identifier, shared with AGA Go + VerifyBundle. */
28
+ export const ALG_HYBRID = 'ML-DSA-65+Ed25519-SHA256-JCS';
29
+ /** FIPS 204 ML-DSA-65 component byte lengths. */
30
+ export const MLDSA65_PUBLIC_KEY_BYTES = 1952;
31
+ export const MLDSA65_SECRET_KEY_BYTES = 4032;
32
+ export const MLDSA65_SIGNATURE_BYTES = 3309;
33
+ export const MLDSA65_SEED_BYTES = 32;
34
+ /** Ed25519 component byte lengths (RFC 8032). */
35
+ export const ED25519_PUBLIC_KEY_BYTES = 32;
36
+ export const ED25519_SEED_BYTES = 32;
37
+ export const ED25519_SIGNATURE_BYTES = 64;
38
+ /** Encode two byte strings as len32(a) || a || len32(b) || b (4-byte big-endian lengths). */
39
+ export function encodeComposite(a, b) {
40
+ const out = new Uint8Array(4 + a.length + 4 + b.length);
41
+ const dv = new DataView(out.buffer);
42
+ dv.setUint32(0, a.length, false); // big-endian
43
+ out.set(a, 4);
44
+ dv.setUint32(4 + a.length, b.length, false);
45
+ out.set(b, 8 + a.length);
46
+ return out;
47
+ }
48
+ /**
49
+ * Decode len32(a) || a || len32(b) || b into [a, b]. Fails closed: throws on a short buffer, a length
50
+ * prefix that overruns the data, or trailing bytes after b (extra bytes are rejected to remove a
51
+ * malleability surface — matches the Go DecodeComposite trailing-byte reject).
52
+ */
53
+ export function decodeComposite(data) {
54
+ if (data.length < 8)
55
+ throw new Error('composite too short');
56
+ const dv = new DataView(data.buffer, data.byteOffset, data.byteLength);
57
+ const aLen = dv.getUint32(0, false);
58
+ if (4 + aLen + 4 > data.length)
59
+ throw new Error('first component length exceeds data');
60
+ const a = data.subarray(4, 4 + aLen);
61
+ const bLenOffset = 4 + aLen;
62
+ const bLen = dv.getUint32(bLenOffset, false);
63
+ const bStart = bLenOffset + 4;
64
+ if (bStart + bLen > data.length)
65
+ throw new Error('second component length exceeds data');
66
+ if (bStart + bLen !== data.length)
67
+ throw new Error('trailing bytes after composite');
68
+ const b = data.subarray(bStart, bStart + bLen);
69
+ return [a, b];
70
+ }
71
+ /** Derive the composite public key bytes from a hybrid secret key. */
72
+ function compositePublicKey(sk) {
73
+ const mldsaPub = ml_dsa65.getPublicKey(sk.mldsa);
74
+ const edPub = ed.getPublicKey(sk.ed);
75
+ return encodeComposite(mldsaPub, edPub);
76
+ }
77
+ /** Lower-hex composite public key for a hybrid secret key. */
78
+ export function hybridPublicKeyHex(sk) {
79
+ return bytesToHex(compositePublicKey(sk));
80
+ }
81
+ /** Generate a fresh ephemeral hybrid keypair. The secret key never leaves the caller. */
82
+ export function generateHybridKeypair() {
83
+ const seed = ml_dsa65.keygen();
84
+ const secretKey = { mldsa: seed.secretKey, ed: ed.utils.randomPrivateKey() };
85
+ return { secretKey, publicKeyHex: hybridPublicKeyHex(secretKey) };
86
+ }
87
+ /** Deterministically derive a hybrid keypair from two 32-byte seeds (used by the cross-verify fixtures). */
88
+ export function hybridKeypairFromSeeds(mldsaSeed, edSeed) {
89
+ if (mldsaSeed.length !== MLDSA65_SEED_BYTES)
90
+ throw new Error('ML-DSA seed must be 32 bytes');
91
+ if (edSeed.length !== ED25519_SEED_BYTES)
92
+ throw new Error('Ed25519 seed must be 32 bytes');
93
+ const secretKey = { mldsa: ml_dsa65.keygen(mldsaSeed).secretKey, ed: edSeed };
94
+ return { secretKey, publicKeyHex: hybridPublicKeyHex(secretKey) };
95
+ }
96
+ /** Sign raw message bytes, returning the composite signature bytes (trusted-input signing path). */
97
+ export function signHybridBytes(message, sk) {
98
+ const mldsaSig = ml_dsa65.sign(message, sk.mldsa, { extraEntropy: false }); // empty ctx, deterministic
99
+ const edSig = ed.sign(message, sk.ed);
100
+ return encodeComposite(mldsaSig, edSig);
101
+ }
102
+ /** Sign a UTF-8 message; returns the lower-hex composite signature. */
103
+ export function signHybrid(message, sk) {
104
+ return bytesToHex(signHybridBytes(utf8ToBytes(message), sk));
105
+ }
106
+ /** Strict, hardened Ed25519 verification over bytes (mirrors the v1 verifyHex hardening). */
107
+ function edVerifyHardened(edPub, message, edSig) {
108
+ if (edPub.length !== ED25519_PUBLIC_KEY_BYTES || edSig.length !== ED25519_SIGNATURE_BYTES)
109
+ return false;
110
+ if (edPub.every((x) => x === 0))
111
+ return false; // reject the all-zero (identity) key
112
+ try {
113
+ if (ed.ExtendedPoint.fromHex(edPub).isSmallOrder())
114
+ return false; // reject small-order
115
+ return ed.verify(edSig, message, edPub, { zip215: false });
116
+ }
117
+ catch {
118
+ return false;
119
+ }
120
+ }
121
+ /**
122
+ * Verify a composite signature over raw message bytes under a composite public key. Returns true only
123
+ * if BOTH the ML-DSA-65 and the Ed25519 components verify. Fails closed on any malformed/short/over-long
124
+ * composite or wrong component length.
125
+ */
126
+ export function verifyHybridBytes(compositePub, message, compositeSig) {
127
+ let mldsaPub;
128
+ let edPub;
129
+ let mldsaSig;
130
+ let edSig;
131
+ try {
132
+ [mldsaPub, edPub] = decodeComposite(compositePub);
133
+ [mldsaSig, edSig] = decodeComposite(compositeSig);
134
+ }
135
+ catch {
136
+ return false;
137
+ }
138
+ if (mldsaPub.length !== MLDSA65_PUBLIC_KEY_BYTES)
139
+ return false;
140
+ if (mldsaSig.length !== MLDSA65_SIGNATURE_BYTES)
141
+ return false;
142
+ if (edPub.length !== ED25519_PUBLIC_KEY_BYTES)
143
+ return false;
144
+ if (edSig.length !== ED25519_SIGNATURE_BYTES)
145
+ return false;
146
+ let mldsaOk;
147
+ try {
148
+ mldsaOk = ml_dsa65.verify(mldsaSig, message, mldsaPub); // empty context (default)
149
+ }
150
+ catch {
151
+ return false;
152
+ }
153
+ if (!mldsaOk)
154
+ return false;
155
+ return edVerifyHardened(edPub, message, edSig);
156
+ }
157
+ /**
158
+ * Verify a lower-hex composite signature over a UTF-8 message under a lower-hex composite public key.
159
+ * Rejects malformed hex before touching the curve/lattice; never throws.
160
+ */
161
+ export function verifyHybrid(pubHex, message, sigHex) {
162
+ if (typeof pubHex !== 'string' || typeof sigHex !== 'string')
163
+ return false;
164
+ // LOWERCASE-strict hex (no upper, no mixed). An uppercased hex decodes to the SAME bytes, so a
165
+ // case-insensitive accept would VERIFY a bundle a lowercase-strict stack (the Go/CIRCL oracle's
166
+ // isLowerHexEven, the v1 isHex guard) FAILS — a cross-stack verdict split. Mirrors the H5 lowercase
167
+ // discipline for Merkle siblings.
168
+ if (!/^[0-9a-f]+$/.test(pubHex) || pubHex.length % 2 !== 0)
169
+ return false;
170
+ if (!/^[0-9a-f]+$/.test(sigHex) || sigHex.length % 2 !== 0)
171
+ return false;
172
+ try {
173
+ return verifyHybridBytes(hexToBytes(pubHex), utf8ToBytes(message), hexToBytes(sigHex));
174
+ }
175
+ catch {
176
+ return false;
177
+ }
178
+ }
179
+ /** A v2 composite SepSigner from two 32-byte seeds (deterministic; for the producer + cross-verify tests). */
180
+ export function hybridSignerFromSeeds(mldsaSeed, edSeed) {
181
+ const { secretKey, publicKeyHex } = hybridKeypairFromSeeds(mldsaSeed, edSeed);
182
+ return { algorithm: ALG_HYBRID, publicKeyHex, sign: (m) => signHybrid(m, secretKey) };
183
+ }
184
+ /** A v2 composite SepSigner from a fresh ephemeral keypair (the secret key is returned for persistence). */
185
+ export function generateHybridSigner() {
186
+ const { secretKey, publicKeyHex } = generateHybridKeypair();
187
+ return { signer: { algorithm: ALG_HYBRID, publicKeyHex, sign: (m) => signHybrid(m, secretKey) }, secretKey };
188
+ }
189
+ //# sourceMappingURL=hybrid.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hybrid.js","sourceRoot":"","sources":["../../src/sep/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAG1E,iGAAiG;AACjG,wFAAwF;AACxF,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAc,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAEzF,6EAA6E;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAG,8BAA8B,CAAC;AAEzD,iDAAiD;AACjD,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAC7C,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAC7C,MAAM,CAAC,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAC5C,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AACrC,iDAAiD;AACjD,MAAM,CAAC,MAAM,wBAAwB,GAAG,EAAE,CAAC;AAC3C,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AACrC,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC;AAQ1C,6FAA6F;AAC7F,MAAM,UAAU,eAAe,CAAC,CAAa,EAAE,CAAa;IAC1D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpC,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,aAAa;IAC/C,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,EAAE,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5C,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,IAAgB;IAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACpC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACvF,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,CAAC;IAC5B,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC;IAC9B,IAAI,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACzF,IAAI,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACrF,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;IAC/C,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAChB,CAAC;AAED,sEAAsE;AACtE,SAAS,kBAAkB,CAAC,EAAmB;IAC7C,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACrC,OAAO,eAAe,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC1C,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,kBAAkB,CAAC,EAAmB;IACpD,OAAO,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,yFAAyF;AACzF,MAAM,UAAU,qBAAqB;IACnC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAoB,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,CAAC;IAC9F,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;AACpE,CAAC;AAED,4GAA4G;AAC5G,MAAM,UAAU,sBAAsB,CACpC,SAAqB,EACrB,MAAkB;IAElB,IAAI,SAAS,CAAC,MAAM,KAAK,kBAAkB;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC7F,IAAI,MAAM,CAAC,MAAM,KAAK,kBAAkB;QAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAC3F,MAAM,SAAS,GAAoB,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/F,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;AACpE,CAAC;AAED,oGAAoG;AACpG,MAAM,UAAU,eAAe,CAAC,OAAmB,EAAE,EAAmB;IACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,2BAA2B;IACvG,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtC,OAAO,eAAe,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC1C,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,EAAmB;IAC7D,OAAO,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,6FAA6F;AAC7F,SAAS,gBAAgB,CAAC,KAAiB,EAAE,OAAmB,EAAE,KAAiB;IACjF,IAAI,KAAK,CAAC,MAAM,KAAK,wBAAwB,IAAI,KAAK,CAAC,MAAM,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IACxG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC,CAAC,qCAAqC;IACpF,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,YAAY,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,qBAAqB;QACvF,OAAO,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAwB,EACxB,OAAmB,EACnB,YAAwB;IAExB,IAAI,QAAoB,CAAC;IACzB,IAAI,KAAiB,CAAC;IACtB,IAAI,QAAoB,CAAC;IACzB,IAAI,KAAiB,CAAC;IACtB,IAAI,CAAC;QACH,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAClD,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,wBAAwB;QAAE,OAAO,KAAK,CAAC;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,KAAK,CAAC,MAAM,KAAK,wBAAwB;QAAE,OAAO,KAAK,CAAC;IAC5D,IAAI,KAAK,CAAC,MAAM,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IAC3D,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,0BAA0B;IACpF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAAe,EAAE,OAAe,EAAE,MAAe;IAC5E,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3E,+FAA+F;IAC/F,gGAAgG;IAChG,oGAAoG;IACpG,kCAAkC;IAClC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACzE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACzE,IAAI,CAAC;QACH,OAAO,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,8GAA8G;AAC9G,MAAM,UAAU,qBAAqB,CAAC,SAAqB,EAAE,MAAkB;IAC7E,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,sBAAsB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9E,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC;AACxF,CAAC;AAED,4GAA4G;AAC5G,MAAM,UAAU,oBAAoB;IAClC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,qBAAqB,EAAE,CAAC;IAC5D,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/G,CAAC"}
@@ -10,5 +10,8 @@ export { nodeHash, merkleRoot, merkleProof, type MerkleProof } from './merkle.js
10
10
  export { SEP_ALGORITHM, SEP_RECEIPT_VERSION, SEP_RECEIPT_FIELDS, buildReceipt, leafHash, argumentsHash, safeArgumentsHash, UNCANONICALIZABLE_ARGS_HASH, type SepReceipt, type ReceiptInput, type Decision } from './receipt.js';
11
11
  export { buildCheckpoint, type SignedCheckpoint } from './checkpoint.js';
12
12
  export { SepGateway, type SepBundle, type SepGatewayOptions, type RecordInput } from './bundle.js';
13
- export { verifySepBundle, type SepVerificationResult, type VerifyStep } from './verify.js';
13
+ export { verifySepBundle, type SepVerificationResult, type VerifyStep, type VerifyOptions } from './verify.js';
14
+ export { derivePolicyReference } from './policy-ref.js';
15
+ export { verifyHybrid, verifyHybridBytes, signHybrid, signHybridBytes, hybridSignerFromSeeds, generateHybridSigner, generateHybridKeypair, hybridKeypairFromSeeds, encodeComposite, decodeComposite, type HybridSecretKey, } from './hybrid.js';
16
+ export { ALG_ED25519, ALG_HYBRID, REGISTERED_PROFILES, ALL_PROFILES, isRegisteredProfile, validPublicKeyForProfile, verifyForProfile, } from './profiles.js';
14
17
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,KAAK,QAAQ,EAAE,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,KAAK,qBAAqB,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,KAAK,QAAQ,EAAE,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,KAAK,qBAAqB,EAAE,KAAK,UAAU,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAC/G,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,EAAE,KAAK,eAAe,GACvD,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
package/dist/sep/index.js CHANGED
@@ -11,4 +11,7 @@ export { SEP_ALGORITHM, SEP_RECEIPT_VERSION, SEP_RECEIPT_FIELDS, buildReceipt, l
11
11
  export { buildCheckpoint } from './checkpoint.js';
12
12
  export { SepGateway } from './bundle.js';
13
13
  export { verifySepBundle } from './verify.js';
14
+ export { derivePolicyReference } from './policy-ref.js';
15
+ export { verifyHybrid, verifyHybridBytes, signHybrid, signHybridBytes, hybridSignerFromSeeds, generateHybridSigner, generateHybridKeypair, hybridKeypairFromSeeds, encodeComposite, decodeComposite, } from './hybrid.js';
16
+ export { ALG_ED25519, ALG_HYBRID, REGISTERED_PROFILES, ALL_PROFILES, isRegisteredProfile, validPublicKeyForProfile, verifyForProfile, } from './profiles.js';
14
17
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAkB,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAoB,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAqD,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAyB,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAA4D,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAA+C,MAAM,aAAa,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAkB,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAoB,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAqD,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAyB,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAA4D,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAmE,MAAM,aAAa,CAAC;AAC/G,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,GACjC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
@@ -0,0 +1,8 @@
1
+ /**
2
+ * The canonical reference for a policy (or any config object) bound into evidence: the SHA-256 of its
3
+ * canonical form. This is the SINGLE source of the value the governance gateway records as
4
+ * `policy_reference`. The gateway and any external consumer (e.g. the enterprise policy tooling) both call
5
+ * this one function, so the gateway's binding and a consumer's computed reference cannot drift.
6
+ */
7
+ export declare function derivePolicyReference(policy: unknown): string;
8
+ //# sourceMappingURL=policy-ref.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-ref.d.ts","sourceRoot":"","sources":["../../src/sep/policy-ref.ts"],"names":[],"mappings":"AAKA;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAE7D"}
@@ -0,0 +1,14 @@
1
+ // Copyright (c) 2026 Attested Intelligence Holdings LLC
2
+ // SPDX-License-Identifier: MIT
3
+ import { canonicalize } from './canonical.js';
4
+ import { sha256Hex } from './crypto.js';
5
+ /**
6
+ * The canonical reference for a policy (or any config object) bound into evidence: the SHA-256 of its
7
+ * canonical form. This is the SINGLE source of the value the governance gateway records as
8
+ * `policy_reference`. The gateway and any external consumer (e.g. the enterprise policy tooling) both call
9
+ * this one function, so the gateway's binding and a consumer's computed reference cannot drift.
10
+ */
11
+ export function derivePolicyReference(policy) {
12
+ return sha256Hex(canonicalize(policy));
13
+ }
14
+ //# sourceMappingURL=policy-ref.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-ref.js","sourceRoot":"","sources":["../../src/sep/policy-ref.ts"],"names":[],"mappings":"AAAA,wDAAwD;AACxD,+BAA+B;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,OAAO,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;AACzC,CAAC"}
@@ -0,0 +1,22 @@
1
+ import { ALG_HYBRID } from './hybrid.js';
2
+ export { ALG_HYBRID };
3
+ /** v1 classical profile identifier (same literal as SEP_ALGORITHM). */
4
+ export declare const ALG_ED25519 = "Ed25519-SHA256-JCS";
5
+ /** Registered profiles -> profile_version. The authoritative registry the dispatch consults. */
6
+ export declare const REGISTERED_PROFILES: Readonly<Record<string, string>>;
7
+ /** The profiles the agile engine implements (both). A v1-only verifier passes a restricted set. */
8
+ export declare const ALL_PROFILES: readonly string[];
9
+ /** True iff `algorithm` is a profile the registry knows about (regardless of which verifier implements it). */
10
+ export declare function isRegisteredProfile(algorithm: unknown): boolean;
11
+ /**
12
+ * Profile-parameterized public-key well-formedness (the H1 floor, per profile):
13
+ * - v1: 64 lower-hex, canonical-y, small-order rejected (node:crypto wellFormedKey).
14
+ * - v2: 3984 lower-hex, non-zero (the composite's component small-order rejection is enforced at verify).
15
+ */
16
+ export declare function validPublicKeyForProfile(algorithm: string, pub: unknown): boolean;
17
+ /**
18
+ * Verify a lower-hex signature over a canonical message under the named profile's primitive.
19
+ * Never throws; an unknown profile fails closed (false). v2 is composite AND-verify (no partial accept).
20
+ */
21
+ export declare function verifyForProfile(algorithm: string, pub: string, message: string, sig: unknown): boolean;
22
+ //# sourceMappingURL=profiles.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"profiles.d.ts","sourceRoot":"","sources":["../../src/sep/profiles.ts"],"names":[],"mappings":"AAaA,OAAO,EAAgB,UAAU,EAAE,MAAM,aAAa,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,CAAC;AACtB,uEAAuE;AACvE,eAAO,MAAM,WAAW,uBAAgB,CAAC;AAEzC,gGAAgG;AAChG,eAAO,MAAM,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAGhE,CAAC;AAEF,mGAAmG;AACnG,eAAO,MAAM,YAAY,EAAE,SAAS,MAAM,EAA8B,CAAC;AAMzE,+GAA+G;AAC/G,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,OAAO,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAIjF;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAIvG"}
@@ -0,0 +1,56 @@
1
+ /**
2
+ * SEP profile registry + verification dispatch (ALGORITHM_AGILITY_SPEC.md).
3
+ *
4
+ * The construction (canon / leaf / Merkle / signed checkpoint / 6-step verify) is profile-INVARIANT;
5
+ * only the signature primitive and the public-key well-formedness change. This module is the single
6
+ * dispatch seam the verifier consults, so verify.ts never branches on a literal algorithm string:
7
+ *
8
+ * v1 Ed25519-SHA256-JCS -> ./crypto (Ed25519, RFC 8032, node:crypto, small-order-rejected)
9
+ * v2 ML-DSA-65+Ed25519-SHA256-JCS -> ./hybrid (composite, AND-verify, no partial acceptance)
10
+ *
11
+ * Adding a profile is an additive registry edit; existing profiles are never altered (frozen).
12
+ */
13
+ import { verifyHex, wellFormedKey } from './crypto.js';
14
+ import { verifyHybrid, ALG_HYBRID } from './hybrid.js';
15
+ import { SEP_ALGORITHM } from './receipt.js';
16
+ export { ALG_HYBRID };
17
+ /** v1 classical profile identifier (same literal as SEP_ALGORITHM). */
18
+ export const ALG_ED25519 = SEP_ALGORITHM; // 'Ed25519-SHA256-JCS'
19
+ /** Registered profiles -> profile_version. The authoritative registry the dispatch consults. */
20
+ export const REGISTERED_PROFILES = {
21
+ [ALG_ED25519]: '1',
22
+ [ALG_HYBRID]: '2',
23
+ };
24
+ /** The profiles the agile engine implements (both). A v1-only verifier passes a restricted set. */
25
+ export const ALL_PROFILES = [ALG_ED25519, ALG_HYBRID];
26
+ /** Composite public key = len32(1952)||mldsa||len32(32)||ed = 1992 bytes -> 3984 lower-hex chars. */
27
+ const COMPOSITE_PUBLIC_KEY_HEX_LEN = 1992 * 2;
28
+ const COMPOSITE_PUBKEY_RE = new RegExp(`^[0-9a-f]{${COMPOSITE_PUBLIC_KEY_HEX_LEN}}$`);
29
+ /** True iff `algorithm` is a profile the registry knows about (regardless of which verifier implements it). */
30
+ export function isRegisteredProfile(algorithm) {
31
+ return typeof algorithm === 'string' && Object.prototype.hasOwnProperty.call(REGISTERED_PROFILES, algorithm);
32
+ }
33
+ /**
34
+ * Profile-parameterized public-key well-formedness (the H1 floor, per profile):
35
+ * - v1: 64 lower-hex, canonical-y, small-order rejected (node:crypto wellFormedKey).
36
+ * - v2: 3984 lower-hex, non-zero (the composite's component small-order rejection is enforced at verify).
37
+ */
38
+ export function validPublicKeyForProfile(algorithm, pub) {
39
+ if (algorithm === ALG_ED25519)
40
+ return wellFormedKey(pub);
41
+ if (algorithm === ALG_HYBRID)
42
+ return typeof pub === 'string' && !/^0+$/.test(pub) && COMPOSITE_PUBKEY_RE.test(pub);
43
+ return false;
44
+ }
45
+ /**
46
+ * Verify a lower-hex signature over a canonical message under the named profile's primitive.
47
+ * Never throws; an unknown profile fails closed (false). v2 is composite AND-verify (no partial accept).
48
+ */
49
+ export function verifyForProfile(algorithm, pub, message, sig) {
50
+ if (algorithm === ALG_ED25519)
51
+ return typeof sig === 'string' && verifyHex(pub, message, sig);
52
+ if (algorithm === ALG_HYBRID)
53
+ return verifyHybrid(pub, message, sig);
54
+ return false;
55
+ }
56
+ //# sourceMappingURL=profiles.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../src/sep/profiles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,UAAU,EAAE,CAAC;AACtB,uEAAuE;AACvE,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,uBAAuB;AAEjE,gGAAgG;AAChG,MAAM,CAAC,MAAM,mBAAmB,GAAqC;IACnE,CAAC,WAAW,CAAC,EAAE,GAAG;IAClB,CAAC,UAAU,CAAC,EAAE,GAAG;CAClB,CAAC;AAEF,mGAAmG;AACnG,MAAM,CAAC,MAAM,YAAY,GAAsB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;AAEzE,qGAAqG;AACrG,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC;AAC9C,MAAM,mBAAmB,GAAG,IAAI,MAAM,CAAC,aAAa,4BAA4B,IAAI,CAAC,CAAC;AAEtF,+GAA+G;AAC/G,MAAM,UAAU,mBAAmB,CAAC,SAAkB;IACpD,OAAO,OAAO,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;AAC/G,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,SAAiB,EAAE,GAAY;IACtE,IAAI,SAAS,KAAK,WAAW;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IACzD,IAAI,SAAS,KAAK,UAAU;QAAE,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,GAAW,EAAE,OAAe,EAAE,GAAY;IAC5F,IAAI,SAAS,KAAK,WAAW;QAAE,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAC9F,IAAI,SAAS,KAAK,UAAU;QAAE,OAAO,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IACrE,OAAO,KAAK,CAAC;AACf,CAAC"}
Binary file
@@ -1 +1 @@
1
- {"version":3,"file":"receipt.js","sourceRoot":"","sources":["../../src/sep/receipt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,MAAM,gBAAgB,CAAC;AACnF,OAAO,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AAExD,MAAM,CAAC,MAAM,aAAa,GAAG,oBAAoB,CAAC;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY;IACvE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB;IAC/D,gBAAgB,EAAE,uBAAuB,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW;CAC1E,CAAC;AAsCX,sGAAsG;AACtG,MAAM,UAAU,aAAa,CAAC,IAAa;IACzC,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAClC,OAAO,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,SAAS,CAAC,kCAAkC,CAAC,CAAC;AAEzF;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,2BAA2B,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAmB,EAAE,MAAiB;IACjE,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,eAAe,EAAE,mBAAmB;QACpC,SAAS,EAAE,aAAa;QACxB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,0FAA0F;QAC1F,UAAU,EAAE,KAAK,CAAC,UAAU,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;QACzG,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,YAAY;QACpC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;QACxC,cAAc,EAAE,KAAK,CAAC,aAAa,IAAI,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC;QACrE,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;QAClD,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU,EAAE,MAAM,CAAC,YAAY;KAChC,CAAC;IACF,mCAAmC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,OAAO,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,CAAC;AACpC,CAAC;AAED,2FAA2F;AAC3F,MAAM,UAAU,QAAQ,CAAC,OAAmB;IAC1C,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1C,CAAC"}
1
+ {"version":3,"file":"receipt.js","sourceRoot":"","sources":["../../src/sep/receipt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,MAAM,gBAAgB,CAAC;AACnF,OAAO,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AAExD,MAAM,CAAC,MAAM,aAAa,GAAG,oBAAoB,CAAC;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY;IACvE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB;IAC/D,gBAAgB,EAAE,uBAAuB,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW;CAC1E,CAAC;AAsCX,sGAAsG;AACtG,MAAM,UAAU,aAAa,CAAC,IAAa;IACzC,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAClC,OAAO,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,SAAS,CAAC,kCAAkC,CAAC,CAAC;AAEzF;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,2BAA2B,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAmB,EAAE,MAAiB;IACjE,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,eAAe,EAAE,mBAAmB;QACpC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,0FAA0F;QAC1F,UAAU,EAAE,KAAK,CAAC,UAAU,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;QACzG,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,YAAY;QACpC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;QACxC,cAAc,EAAE,KAAK,CAAC,aAAa,IAAI,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC;QACrE,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;QAClD,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU,EAAE,MAAM,CAAC,YAAY;KAChC,CAAC;IACF,mCAAmC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,OAAO,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,CAAC;AACpC,CAAC;AAED,2FAA2F;AAC3F,MAAM,UAAU,QAAQ,CAAC,OAAmB;IAC1C,OAAO,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1C,CAAC"}
@@ -3,12 +3,17 @@ export interface VerifyStep {
3
3
  ok: boolean;
4
4
  }
5
5
  export interface SepVerificationResult {
6
- verdict: 'VERIFIED' | 'FAILED';
7
- /** Human-readable headline — makes integrity-only vs provenance-verified unmistakable. */
6
+ verdict: 'VERIFIED' | 'FAILED' | 'UNSUPPORTED_PROFILE';
7
+ /** Human-readable headline — makes integrity-only vs provenance-verified vs unsupported unmistakable. */
8
8
  summary: string;
9
9
  issuerVerified: boolean;
10
10
  pinned: boolean;
11
11
  steps: VerifyStep[];
12
12
  }
13
- export declare function verifySepBundle(bundle: any, expectedPublicKey?: string): SepVerificationResult;
13
+ export interface VerifyOptions {
14
+ /** Profiles this verifier claims to implement. Defaults to both (the agile engine). A v1-only
15
+ * verifier passes [ALG_ED25519] so a v2 bundle returns UNSUPPORTED_PROFILE rather than FAILED. */
16
+ supportedProfiles?: readonly string[];
17
+ }
18
+ export declare function verifySepBundle(bundle: any, expectedPublicKey?: string, opts?: VerifyOptions): SepVerificationResult;
14
19
  //# sourceMappingURL=verify.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/sep/verify.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,UAAU;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,OAAO,CAAC;CAAE;AAC1D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,UAAU,GAAG,QAAQ,CAAC;IAC/B,0FAA0F;IAC1F,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,UAAU,EAAE,CAAC;CACrB;AA4CD,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,qBAAqB,CAsG9F"}
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/sep/verify.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,UAAU;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,OAAO,CAAC;CAAE;AAC1D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,UAAU,GAAG,QAAQ,GAAG,qBAAqB,CAAC;IACvD,yGAAyG;IACzG,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,UAAU,EAAE,CAAC;CACrB;AACD,MAAM,WAAW,aAAa;IAC5B;uGACmG;IACnG,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACvC;AAyCD,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,qBAAqB,CAsHpH"}