@attestplane/attestplane 0.0.1-alpha.1

package/README.md

@@ -0,0 +1,114 @@
+# @attestplane/attestplane — TypeScript SDK
+
+Apache-2.0 attestation and audit substrate for AI agent evidence chains.
+
+> **Status: alpha (v0.0.1).** Wire format is byte-locked against the Python
+> SDK's [`vectors.json`](../python/tests/conformance/vectors.json) — see
+> [ADR-0002][adr2]. APIs may still change before v0.1.0.
+
+See the [project README][project-readme] for background, governance, and
+trademark policy.
+
+[project-readme]: https://github.com/attestplane/attestplane
+[adr2]: https://github.com/attestplane/attestplane/blob/main/docs/adr/0002-substrate-data-model-and-hash-chain-v0.md
+
+## Install
+
+```bash
+# Pin the alpha explicitly; v0.0.1 is on the 'alpha' dist-tag.
+npm install @attestplane/attestplane@alpha
+# or, equivalent:
+npm install @attestplane/attestplane@0.0.1
+```
+
+`npm install @attestplane/attestplane` without a tag also resolves to
+0.0.1 today (because it is the only published version) but treat the
+alpha tag as the authoritative pre-release channel until v0.1.0 ships.
+
+Requires Node.js ≥ 22.
+
+## Quickstart
+
+```typescript
+import {
+  AttestSubstrate,
+  makeEventDraft,
+  makeSubjectRef,
+} from '@attestplane/attestplane';
+
+const sub = new AttestSubstrate();
+
+sub.append(
+  makeEventDraft({
+    event_type: 'ai_decision',
+    actor: 'agent://recsys/v1',
+    payload: { outcome: 'approved', confidence_bp: 9120 },
+    session_id: 'session-2026-05-17-abc',
+    subject_ref: makeSubjectRef('sha256_salted', '2c1b...e9'),
+  }),
+);
+
+console.log(sub.tip());        // { seq: 0, event_hash: Uint8Array(32) [...] }
+console.log(sub.verify().ok);  // true
+```
+
+## Cross-language conformance
+
+This SDK is validated against the same `vectors.json` as the Python SDK on
+every CI run. Identical input ⇒ identical `event_hash`. If you compute an
+event hash in this SDK and store it, the Python SDK (and any future Rust SDK)
+will reproduce the exact byte value from the same input.
+
+## What this SDK gives you
+
+- An **append-only** audit log with cryptographic integrity (SHA-256 hash chain).
+- Built-in fields designed toward **EU AI Act Art. 12(2)(a)** auditability from day one.
+- Byte-identical canonical format compatible with the Python SDK.
+- Strong **GDPR pseudonymization typing** via `SubjectRef`.
+
+## API conventions
+
+Field names use `snake_case` (e.g., `event_type`, `prev_hash`, `subject_ref`)
+to match the canonical wire format exactly. This is a deliberate choice for
+cross-language conformance: the canonical form embeds the field names, so any
+rename here would break the conformance contract. See [`src/types.ts`][types].
+
+[types]: src/types.ts
+
+## Restricted JSON profile
+
+Payloads must satisfy the restricted profile of ADR-0002:
+
+| Allowed in `payload` | Forbidden |
+|---|---|
+| `string` (NFC-normalized UTF-8) | non-NFC strings |
+| `number` (integer, safe range) | floats, `NaN`, `Infinity` |
+| `bigint` (within signed 64-bit range) | bigint outside int64 |
+| `true` / `false` / `null` | — |
+| plain objects (string keys) | non-string keys; duplicate keys |
+| arrays | — |
+| `Uint8Array` (emits as base64url no padding) | other byte types |
+| `Date` (UTC, encoded as RFC 3339 µs `Z`) | invalid Date |
+
+Violations throw `CanonicalizationError` at append time.
+
+For sub-millisecond precision, encode the timestamp as a string (JS `Date`
+only stores millisecond resolution).
+
+## Development
+
+```bash
+git clone https://github.com/attestplane/attestplane
+cd attestplane/sdk/typescript
+npm install
+
+npm run lint        # Biome lint + format check
+npm run typecheck   # tsc --noEmit strict
+npm test            # vitest, includes cross-language conformance
+npm run build       # emit dist/
+```
+
+## License
+
+Apache License 2.0. See [LICENSE](https://github.com/attestplane/attestplane/blob/main/LICENSE)
+and [NOTICE](https://github.com/attestplane/attestplane/blob/main/NOTICE).

package/dist/canonical.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Restricted-JCS canonicalization for audit-event hashing (TypeScript SDK).
+ *
+ * Implements the same restricted JSON profile as `sdk/python/src/attestplane/
+ * canonical.py`. Both SDKs MUST produce byte-identical output for the same
+ * input; correctness is validated continuously by the cross-language
+ * conformance test that replays `sdk/python/tests/conformance/vectors.json`.
+ *
+ * Restricted profile (per ADR-0002):
+ * - Strings are UTF-8 and must be NFC-normalized.
+ * - Integers (number or bigint) are limited to the signed 64-bit range.
+ * - Floats / NaN / Infinity are forbidden.
+ * - Object keys are strings, emitted in code-point order, no duplicates.
+ * - Datetimes are RFC 3339 UTC microsecond strings with a `Z` suffix.
+ * - Uint8Array is encoded as base64url without padding.
+ */
+export declare class CanonicalizationError extends Error {
+    constructor(message: string);
+}
+export declare function canonicalize(value: unknown): Uint8Array;
+//# sourceMappingURL=canonical.d.ts.map

package/dist/canonical.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.d.ts","sourceRoot":"","sources":["../src/canonical.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;GAeG;AAgBH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU,CAIvD"}

package/dist/canonical.js

@@ -0,0 +1,165 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Restricted-JCS canonicalization for audit-event hashing (TypeScript SDK).
+ *
+ * Implements the same restricted JSON profile as `sdk/python/src/attestplane/
+ * canonical.py`. Both SDKs MUST produce byte-identical output for the same
+ * input; correctness is validated continuously by the cross-language
+ * conformance test that replays `sdk/python/tests/conformance/vectors.json`.
+ *
+ * Restricted profile (per ADR-0002):
+ * - Strings are UTF-8 and must be NFC-normalized.
+ * - Integers (number or bigint) are limited to the signed 64-bit range.
+ * - Floats / NaN / Infinity are forbidden.
+ * - Object keys are strings, emitted in code-point order, no duplicates.
+ * - Datetimes are RFC 3339 UTC microsecond strings with a `Z` suffix.
+ * - Uint8Array is encoded as base64url without padding.
+ */
+const ASCII_CONTROL_LIMIT = 0x20;
+const INT64_MIN_BIGINT = -(2n ** 63n);
+const INT64_MAX_BIGINT = 2n ** 63n - 1n;
+const ESCAPES = new Map([
+    [0x08, '\\b'],
+    [0x09, '\\t'],
+    [0x0a, '\\n'],
+    [0x0c, '\\f'],
+    [0x0d, '\\r'],
+    [0x22, '\\"'],
+    [0x5c, '\\\\'],
+]);
+export class CanonicalizationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CanonicalizationError';
+    }
+}
+export function canonicalize(value) {
+    const out = [];
+    emit(value, out, '$');
+    return new TextEncoder().encode(out.join(''));
+}
+function emit(value, out, path) {
+    if (value === null || value === undefined) {
+        out.push('null');
+        return;
+    }
+    if (typeof value === 'boolean') {
+        out.push(value ? 'true' : 'false');
+        return;
+    }
+    if (typeof value === 'number') {
+        if (!Number.isFinite(value)) {
+            throw new CanonicalizationError(`${path}: non-finite numbers (NaN/Infinity) are forbidden in canonical payloads`);
+        }
+        if (!Number.isInteger(value)) {
+            throw new CanonicalizationError(`${path}: float values are forbidden in canonical payloads (use integers, base64-encoded bytes, or string representations)`);
+        }
+        // JS Number safely represents integers up to 2^53 - 1. Anything outside
+        // the signed 64-bit range would be expressed as bigint by the caller.
+        out.push(value.toString());
+        return;
+    }
+    if (typeof value === 'bigint') {
+        if (value < INT64_MIN_BIGINT || value > INT64_MAX_BIGINT) {
+            throw new CanonicalizationError(`${path}: integer ${value} outside signed 64-bit range`);
+        }
+        out.push(value.toString());
+        return;
+    }
+    if (typeof value === 'string') {
+        emitString(value, out, path);
+        return;
+    }
+    if (value instanceof Uint8Array) {
+        emitString(toBase64UrlNoPad(value), out, path);
+        return;
+    }
+    if (value instanceof Date) {
+        emitDate(value, out, path);
+        return;
+    }
+    if (Array.isArray(value)) {
+        emitArray(value, out, path);
+        return;
+    }
+    if (typeof value === 'object') {
+        emitObject(value, out, path);
+        return;
+    }
+    throw new CanonicalizationError(`${path}: unsupported type ${typeof value} in canonical payload`);
+}
+function emitString(value, out, path) {
+    if (value.normalize('NFC') !== value) {
+        throw new CanonicalizationError(`${path}: string is not Unicode-NFC normalized; normalize before passing to the substrate`);
+    }
+    out.push('"');
+    for (const ch of value) {
+        const code = ch.codePointAt(0);
+        if (code === undefined)
+            continue;
+        const mapped = ESCAPES.get(code);
+        if (mapped !== undefined) {
+            out.push(mapped);
+        }
+        else if (code < ASCII_CONTROL_LIMIT) {
+            out.push(`\\u${code.toString(16).padStart(4, '0')}`);
+        }
+        else {
+            out.push(ch);
+        }
+    }
+    out.push('"');
+}
+function emitDate(value, out, path) {
+    const ms = value.getTime();
+    if (Number.isNaN(ms)) {
+        throw new CanonicalizationError(`${path}: invalid Date (NaN time value)`);
+    }
+    // JS Date is always interpreted as UTC milliseconds since epoch, so timezone
+    // mismatch is not possible at the API boundary. We zero-pad milliseconds out
+    // to six digits to match Python's microsecond formatting; values supplied at
+    // sub-millisecond precision must be encoded as strings until a typed
+    // Timestamp type is introduced.
+    const yyyy = value.getUTCFullYear().toString().padStart(4, '0');
+    const mm = (value.getUTCMonth() + 1).toString().padStart(2, '0');
+    const dd = value.getUTCDate().toString().padStart(2, '0');
+    const hh = value.getUTCHours().toString().padStart(2, '0');
+    const mi = value.getUTCMinutes().toString().padStart(2, '0');
+    const ss = value.getUTCSeconds().toString().padStart(2, '0');
+    const milli = value.getUTCMilliseconds().toString().padStart(3, '0');
+    const iso = `${yyyy}-${mm}-${dd}T${hh}:${mi}:${ss}.${milli}000Z`;
+    emitString(iso, out, path);
+}
+function emitObject(value, out, path) {
+    out.push('{');
+    const keys = Object.keys(value).sort();
+    const seen = new Set();
+    for (let i = 0; i < keys.length; i++) {
+        const key = keys[i];
+        if (seen.has(key)) {
+            throw new CanonicalizationError(`${path}: duplicate object key ${JSON.stringify(key)}`);
+        }
+        seen.add(key);
+        if (i > 0)
+            out.push(',');
+        emitString(key, out, `${path}.${key}`);
+        out.push(':');
+        emit(value[key], out, `${path}.${key}`);
+    }
+    out.push('}');
+}
+function emitArray(value, out, path) {
+    out.push('[');
+    for (let i = 0; i < value.length; i++) {
+        if (i > 0)
+            out.push(',');
+        emit(value[i], out, `${path}[${i}]`);
+    }
+    out.push(']');
+}
+function toBase64UrlNoPad(bytes) {
+    const b64 = Buffer.from(bytes).toString('base64');
+    return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+//# sourceMappingURL=canonical.js.map

package/dist/canonical.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.js","sourceRoot":"","sources":["../src/canonical.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,mBAAmB,GAAG,IAAI,CAAC;AACjC,MAAM,gBAAgB,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC;AACtC,MAAM,gBAAgB,GAAG,EAAE,IAAI,GAAG,GAAG,EAAE,CAAC;AAExC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAiB;IACtC,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,MAAM,CAAC;CACf,CAAC,CAAC;AAEH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,UAAU,YAAY,CAAC,KAAc;IACzC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,IAAI,CAAC,KAAc,EAAE,GAAa,EAAE,IAAY;IACvD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjB,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,qBAAqB,CAC7B,GAAG,IAAI,yEAAyE,CACjF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,qBAAqB,CAC7B,GAAG,IAAI,oHAAoH,CAC5H,CAAC;QACJ,CAAC;QACD,wEAAwE;QACxE,sEAAsE;QACtE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,KAAK,GAAG,gBAAgB,IAAI,KAAK,GAAG,gBAAgB,EAAE,CAAC;YACzD,MAAM,IAAI,qBAAqB,CAAC,GAAG,IAAI,aAAa,KAAK,8BAA8B,CAAC,CAAC;QAC3F,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO;IACT,CAAC;IACD,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;QAChC,UAAU,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC3B,OAAO;IACT,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,UAAU,CAAC,KAAgC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,GAAG,IAAI,sBAAsB,OAAO,KAAK,uBAAuB,CAAC,CAAC;AACpG,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,GAAa,EAAE,IAAY;IAC5D,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;QACrC,MAAM,IAAI,qBAAqB,CAC7B,GAAG,IAAI,mFAAmF,CAC3F,CAAC;IACJ,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,EAAE,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QAC/B,IAAI,IAAI,KAAK,SAAS;YAAE,SAAS;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;aAAM,IAAI,IAAI,GAAG,mBAAmB,EAAE,CAAC;YACtC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAW,EAAE,GAAa,EAAE,IAAY;IACxD,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAC3B,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,qBAAqB,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;IAC5E,CAAC;IACD,6EAA6E;IAC7E,6EAA6E;IAC7E,6EAA6E;IAC7E,qEAAqE;IACrE,gCAAgC;IAChC,MAAM,IAAI,GAAG,KAAK,CAAC,cAAc,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChE,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjE,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1D,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,EAAE,GAAG,KAAK,CAAC,aAAa,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7D,MAAM,EAAE,GAAG,KAAK,CAAC,aAAa,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,kBAAkB,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,KAAK,MAAM,CAAC;IACjE,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,UAAU,CAAC,KAA8B,EAAE,GAAa,EAAE,IAAY;IAC7E,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAW,CAAC;QAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,qBAAqB,CAAC,GAAG,IAAI,0BAA0B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,KAAgB,EAAE,GAAa,EAAE,IAAY;IAC9D,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC"}

package/dist/hashchain.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Pure-function hash-chain primitives for the Attestplane substrate.
+ *
+ * Mirrors `sdk/python/src/attestplane/hashchain.py`. Pure: no I/O, no global
+ * state, no time reads. Container responsibility lives in `substrate.ts`.
+ */
+import type { AuditEvent, ChainHead, ChainedEvent, EventDraft } from './types.js';
+export declare const SCHEMA_VERSION = 1;
+export declare const GENESIS_HASH: Uint8Array;
+export interface VerificationResult {
+    readonly ok: boolean;
+    readonly first_bad_index: number | null;
+    readonly reason: string | null;
+}
+export declare function genesisHead(): ChainHead;
+export declare function hashEvent(event: AuditEvent): Uint8Array;
+export interface ChainExtendOptions {
+    readonly now: Date;
+    readonly event_id?: string;
+}
+export declare function chainExtend(tip: ChainHead, draft: EventDraft, options: ChainExtendOptions): ChainedEvent;
+export declare function verifyChain(events: readonly ChainedEvent[]): VerificationResult;
+export declare function headOf(events: readonly ChainedEvent[]): ChainHead;
+//# sourceMappingURL=hashchain.d.ts.map

package/dist/hashchain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hashchain.d.ts","sourceRoot":"","sources":["../src/hashchain.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAElF,eAAO,MAAM,cAAc,IAAI,CAAC;AAChC,eAAO,MAAM,YAAY,EAAE,UAA+B,CAAC;AAE3D,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED,wBAAgB,WAAW,IAAI,SAAS,CAEvC;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAEvD;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC;IACnB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,UAAU,EACjB,OAAO,EAAE,kBAAkB,GAC1B,YAAY,CAyBd;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,SAAS,YAAY,EAAE,GAAG,kBAAkB,CA6B/E;AAED,wBAAgB,MAAM,CAAC,MAAM,EAAE,SAAS,YAAY,EAAE,GAAG,SAAS,CAIjE"}

package/dist/hashchain.js

@@ -0,0 +1,91 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Pure-function hash-chain primitives for the Attestplane substrate.
+ *
+ * Mirrors `sdk/python/src/attestplane/hashchain.py`. Pure: no I/O, no global
+ * state, no time reads. Container responsibility lives in `substrate.ts`.
+ */
+import { createHash } from 'node:crypto';
+import { v7 as uuidv7 } from 'uuid';
+import { canonicalize } from './canonical.js';
+export const SCHEMA_VERSION = 1;
+export const GENESIS_HASH = new Uint8Array(32);
+export function genesisHead() {
+    return { seq: -1, event_hash: GENESIS_HASH };
+}
+export function hashEvent(event) {
+    return new Uint8Array(createHash('sha256').update(canonicalize(event)).digest());
+}
+export function chainExtend(tip, draft, options) {
+    if (Number.isNaN(options.now.getTime())) {
+        throw new Error('chainExtend requires a valid Date for now');
+    }
+    const event_id = options.event_id ?? uuidv7();
+    const event = {
+        schema_version: SCHEMA_VERSION,
+        event_id,
+        timestamp: options.now,
+        event_type: draft.event_type,
+        actor: draft.actor,
+        payload: draft.payload,
+        subject_ref: draft.subject_ref,
+        session_id: draft.session_id,
+        reference_db_ref: draft.reference_db_ref,
+        matched_input_ref: draft.matched_input_ref,
+        human_verifier: draft.human_verifier,
+    };
+    const event_hash = hashEvent(event);
+    return {
+        seq: tip.seq + 1,
+        prev_hash: tip.event_hash,
+        event_hash,
+        event,
+    };
+}
+export function verifyChain(events) {
+    let expectedTip = genesisHead();
+    for (let i = 0; i < events.length; i++) {
+        const item = events[i];
+        if (item.seq !== i) {
+            return {
+                ok: false,
+                first_bad_index: i,
+                reason: `seq mismatch at index ${i}: got ${item.seq}, expected ${i}`,
+            };
+        }
+        if (!bytesEqual(item.prev_hash, expectedTip.event_hash)) {
+            return {
+                ok: false,
+                first_bad_index: i,
+                reason: `prev_hash mismatch at seq ${i}`,
+            };
+        }
+        const recomputed = hashEvent(item.event);
+        if (!bytesEqual(recomputed, item.event_hash)) {
+            return {
+                ok: false,
+                first_bad_index: i,
+                reason: `event_hash mismatch at seq ${i}`,
+            };
+        }
+        expectedTip = { seq: item.seq, event_hash: item.event_hash };
+    }
+    return { ok: true, first_bad_index: null, reason: null };
+}
+export function headOf(events) {
+    if (events.length === 0)
+        return genesisHead();
+    const last = events[events.length - 1];
+    return { seq: last.seq, event_hash: last.event_hash };
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+}
+//# sourceMappingURL=hashchain.js.map

package/dist/hashchain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hashchain.js","sourceRoot":"","sources":["../src/hashchain.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC;AAChC,MAAM,CAAC,MAAM,YAAY,GAAe,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;AAQ3D,MAAM,UAAU,WAAW;IACzB,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnF,CAAC;AAOD,MAAM,UAAU,WAAW,CACzB,GAAc,EACd,KAAiB,EACjB,OAA2B;IAE3B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAe;QACxB,cAAc,EAAE,cAAc;QAC9B,QAAQ;QACR,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;QACxC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,cAAc,EAAE,KAAK,CAAC,cAAc;KACrC,CAAC;IACF,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;QAChB,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,UAAU;QACV,KAAK;KACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAA+B;IACzD,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAiB,CAAC;QACvC,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,eAAe,EAAE,CAAC;gBAClB,MAAM,EAAE,yBAAyB,CAAC,SAAS,IAAI,CAAC,GAAG,cAAc,CAAC,EAAE;aACrE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;YACxD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,eAAe,EAAE,CAAC;gBAClB,MAAM,EAAE,6BAA6B,CAAC,EAAE;aACzC,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7C,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,eAAe,EAAE,CAAC;gBAClB,MAAM,EAAE,8BAA8B,CAAC,EAAE;aAC1C,CAAC;QACJ,CAAC;QACD,WAAW,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,MAA+B;IACpD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,WAAW,EAAE,CAAC;IAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAiB,CAAC;IACvD,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Attestplane — verifiable audit substrate for AI agents.
+ *
+ * Designed toward EU AI Act Article 12 auditability. Apache-2.0 licensed.
+ * See https://github.com/attestplane/attestplane and
+ * docs/adr/0002-substrate-data-model-and-hash-chain-v0.md for the design.
+ */
+export { CanonicalizationError, canonicalize } from './canonical.js';
+export { GENESIS_HASH, SCHEMA_VERSION, chainExtend, genesisHead, hashEvent, headOf, verifyChain, type ChainExtendOptions, type VerificationResult, } from './hashchain.js';
+export { AttestSubstrate, type AppendOptions } from './substrate.js';
+export { makeEventDraft, makeSubjectRef, type AuditEvent, type ChainHead, type ChainedEvent, type EventDraft, type EventDraftInput, type SubjectRef, type SubjectScheme, } from './types.js';
+export declare const VERSION = "0.0.1-alpha.1";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EACL,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,SAAS,EACT,MAAM,EACN,WAAW,EACX,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,KAAK,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EACL,cAAc,EACd,cAAc,EACd,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAEpB,eAAO,MAAM,OAAO,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Attestplane — verifiable audit substrate for AI agents.
+ *
+ * Designed toward EU AI Act Article 12 auditability. Apache-2.0 licensed.
+ * See https://github.com/attestplane/attestplane and
+ * docs/adr/0002-substrate-data-model-and-hash-chain-v0.md for the design.
+ */
+export { CanonicalizationError, canonicalize } from './canonical.js';
+export { GENESIS_HASH, SCHEMA_VERSION, chainExtend, genesisHead, hashEvent, headOf, verifyChain, } from './hashchain.js';
+export { AttestSubstrate } from './substrate.js';
+export { makeEventDraft, makeSubjectRef, } from './types.js';
+export const VERSION = '0.0.1-alpha.1';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EACL,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,SAAS,EACT,MAAM,EACN,WAAW,GAGZ,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,eAAe,EAAsB,MAAM,gBAAgB,CAAC;AACrE,OAAO,EACL,cAAc,EACd,cAAc,GAQf,MAAM,YAAY,CAAC;AAEpB,MAAM,CAAC,MAAM,OAAO,GAAG,eAAe,CAAC"}

package/dist/substrate.d.ts

@@ -0,0 +1,24 @@
+/**
+ * `AttestSubstrate` — append-only audit-event container.
+ *
+ * Mirrors `sdk/python/src/attestplane/substrate.py`. Single-threaded by
+ * Node's event-loop model; no explicit locking is needed for in-process
+ * use. Durable storage and multi-process coordination are out of scope at
+ * v0.0.1 (anticipated ADR-0004).
+ */
+import { type VerificationResult } from './hashchain.js';
+import type { ChainHead, ChainedEvent, EventDraft } from './types.js';
+export interface AppendOptions {
+    readonly now?: Date;
+}
+export declare class AttestSubstrate {
+    #private;
+    append(draft: EventDraft, options?: AppendOptions): ChainedEvent;
+    tip(): ChainHead;
+    verify(): VerificationResult;
+    get length(): number;
+    snapshot(): ChainedEvent[];
+    [Symbol.iterator](): IterableIterator<ChainedEvent>;
+    static fromEvents(events: readonly ChainedEvent[]): AttestSubstrate;
+}
+//# sourceMappingURL=substrate.d.ts.map

package/dist/substrate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"substrate.d.ts","sourceRoot":"","sources":["../src/substrate.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AAEH,OAAO,EACL,KAAK,kBAAkB,EAKxB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEtE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC;CACrB;AAED,qBAAa,eAAe;;IAI1B,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,GAAE,aAAkB,GAAG,YAAY;IAQpE,GAAG,IAAI,SAAS;IAIhB,MAAM,IAAI,kBAAkB;IAI5B,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,QAAQ,IAAI,YAAY,EAAE;IAIzB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,gBAAgB,CAAC,YAAY,CAAC;IAIpD,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,YAAY,EAAE,GAAG,eAAe;CAUpE"}

package/dist/substrate.js

@@ -0,0 +1,48 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * `AttestSubstrate` — append-only audit-event container.
+ *
+ * Mirrors `sdk/python/src/attestplane/substrate.py`. Single-threaded by
+ * Node's event-loop model; no explicit locking is needed for in-process
+ * use. Durable storage and multi-process coordination are out of scope at
+ * v0.0.1 (anticipated ADR-0004).
+ */
+import { chainExtend, genesisHead, headOf, verifyChain, } from './hashchain.js';
+export class AttestSubstrate {
+    #events = [];
+    #tip = genesisHead();
+    append(draft, options = {}) {
+        const now = options.now ?? new Date();
+        const chained = chainExtend(this.#tip, draft, { now });
+        this.#events.push(chained);
+        this.#tip = { seq: chained.seq, event_hash: chained.event_hash };
+        return chained;
+    }
+    tip() {
+        return this.#tip;
+    }
+    verify() {
+        return verifyChain(this.#events);
+    }
+    get length() {
+        return this.#events.length;
+    }
+    snapshot() {
+        return [...this.#events];
+    }
+    *[Symbol.iterator]() {
+        yield* this.#events;
+    }
+    static fromEvents(events) {
+        const result = verifyChain(events);
+        if (!result.ok) {
+            throw new Error(`cannot rehydrate substrate: ${result.reason ?? 'unknown'}`);
+        }
+        const instance = new AttestSubstrate();
+        instance.#events = [...events];
+        instance.#tip = headOf(events);
+        return instance;
+    }
+}
+//# sourceMappingURL=substrate.js.map

package/dist/substrate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"substrate.js","sourceRoot":"","sources":["../src/substrate.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;GAOG;AAEH,OAAO,EAEL,WAAW,EACX,WAAW,EACX,MAAM,EACN,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAOxB,MAAM,OAAO,eAAe;IAC1B,OAAO,GAAmB,EAAE,CAAC;IAC7B,IAAI,GAAc,WAAW,EAAE,CAAC;IAEhC,MAAM,CAAC,KAAiB,EAAE,UAAyB,EAAE;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,GAAG;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,MAAM;QACJ,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,QAAQ;QACN,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChB,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA+B;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;QACvC,QAAQ,CAAC,OAAO,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Core data types for the Attestplane substrate (TypeScript SDK).
+ *
+ * Field names are deliberately `snake_case` to match the Python SDK's wire
+ * format byte-for-byte. The canonical event-hash includes the field names
+ * (per RFC 8785 / restricted JSON profile of ADR-0002), so any rename here
+ * would break cross-language conformance against the frozen
+ * `sdk/python/tests/conformance/vectors.json`.
+ *
+ * This is a load-bearing convention. Do not switch to camelCase.
+ */
+export type SubjectScheme = 'sha256_salted' | 'opaque' | 'none';
+export interface SubjectRef {
+    readonly scheme: SubjectScheme;
+    readonly value: string;
+}
+export declare function makeSubjectRef(scheme: SubjectScheme, value: string): SubjectRef;
+export interface EventDraft {
+    readonly event_type: string;
+    readonly actor: string;
+    readonly payload: Record<string, unknown>;
+    readonly subject_ref: SubjectRef | null;
+    readonly session_id: string | null;
+    readonly reference_db_ref: string | null;
+    readonly matched_input_ref: string | null;
+    readonly human_verifier: SubjectRef | null;
+}
+export interface EventDraftInput {
+    event_type: string;
+    actor: string;
+    payload?: Record<string, unknown>;
+    subject_ref?: SubjectRef | null;
+    session_id?: string | null;
+    reference_db_ref?: string | null;
+    matched_input_ref?: string | null;
+    human_verifier?: SubjectRef | null;
+}
+export declare function makeEventDraft(input: EventDraftInput): EventDraft;
+export interface AuditEvent {
+    readonly schema_version: number;
+    readonly event_id: string;
+    readonly timestamp: Date;
+    readonly event_type: string;
+    readonly actor: string;
+    readonly payload: Record<string, unknown>;
+    readonly subject_ref: SubjectRef | null;
+    readonly session_id: string | null;
+    readonly reference_db_ref: string | null;
+    readonly matched_input_ref: string | null;
+    readonly human_verifier: SubjectRef | null;
+}
+export interface ChainedEvent {
+    readonly seq: number;
+    readonly prev_hash: Uint8Array;
+    readonly event_hash: Uint8Array;
+    readonly event: AuditEvent;
+}
+export interface ChainHead {
+    readonly seq: number;
+    readonly event_hash: Uint8Array;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEhE,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,GAAG,UAAU,CAQ/E;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,QAAQ,CAAC,WAAW,EAAE,UAAU,GAAG,IAAI,CAAC;IACxC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,cAAc,EAAE,UAAU,GAAG,IAAI,CAAC;CAC5C;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,WAAW,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,cAAc,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;CACpC;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,UAAU,CAiBjE;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,QAAQ,CAAC,WAAW,EAAE,UAAU,GAAG,IAAI,CAAC;IACxC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,cAAc,EAAE,UAAU,GAAG,IAAI,CAAC;CAC5C;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;CACjC"}

package/dist/types.js

@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Core data types for the Attestplane substrate (TypeScript SDK).
+ *
+ * Field names are deliberately `snake_case` to match the Python SDK's wire
+ * format byte-for-byte. The canonical event-hash includes the field names
+ * (per RFC 8785 / restricted JSON profile of ADR-0002), so any rename here
+ * would break cross-language conformance against the frozen
+ * `sdk/python/tests/conformance/vectors.json`.
+ *
+ * This is a load-bearing convention. Do not switch to camelCase.
+ */
+export function makeSubjectRef(scheme, value) {
+    if (scheme === 'none' && value !== '') {
+        throw new Error("SubjectRef scheme 'none' requires empty value");
+    }
+    if (scheme !== 'none' && value.length === 0) {
+        throw new Error(`SubjectRef scheme '${scheme}' requires non-empty value`);
+    }
+    return { scheme, value };
+}
+export function makeEventDraft(input) {
+    if (!input.event_type) {
+        throw new Error('EventDraft.event_type must be non-empty');
+    }
+    if (!input.actor) {
+        throw new Error('EventDraft.actor must be non-empty');
+    }
+    return {
+        event_type: input.event_type,
+        actor: input.actor,
+        payload: input.payload ?? {},
+        subject_ref: input.subject_ref ?? null,
+        session_id: input.session_id ?? null,
+        reference_db_ref: input.reference_db_ref ?? null,
+        matched_input_ref: input.matched_input_ref ?? null,
+        human_verifier: input.human_verifier ?? null,
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;;;;GAUG;AASH,MAAM,UAAU,cAAc,CAAC,MAAqB,EAAE,KAAa;IACjE,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,sBAAsB,MAAM,4BAA4B,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAwBD,MAAM,UAAU,cAAc,CAAC,KAAsB;IACnD,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO;QACL,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,EAAE;QAC5B,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;QACtC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;QACpC,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,IAAI;QAChD,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;QAClD,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,IAAI;KAC7C,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@attestplane/attestplane",
+  "version": "0.0.1-alpha.1",
+  "description": "Apache-2.0 attestation and audit substrate for AI agent evidence chains.",
+  "keywords": [
+    "audit",
+    "compliance",
+    "eu-ai-act",
+    "dora",
+    "gdpr",
+    "hash-chain",
+    "provenance",
+    "transparency"
+  ],
+  "license": "Apache-2.0",
+  "homepage": "https://attestplane.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/attestplane/attestplane"
+  },
+  "bugs": "https://github.com/attestplane/attestplane/issues",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "NOTICE"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "scripts": {
+    "build": "tsc",
+    "lint": "biome check src test",
+    "lint:fix": "biome check --write src test",
+    "format": "biome format --write src test",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "uuid": "^11.0.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^1.9.4",
+    "@types/node": "^22.0.0",
+    "@types/uuid": "^10.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^4.1.6"
+  }
+}