@attestplane/attestplane 0.0.1 → 0.0.3-alpha

package/dist/verifier.js

@@ -0,0 +1,374 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * High-level proof-bundle verifier (TypeScript port of
+ * `sdk/python/src/attestplane/verifier.py`).
+ *
+ * Takes a parsed bundle object, performs a lightweight shape check
+ * (sufficient to safely rehydrate; callers needing full JSON Schema
+ * validation can run any standard validator against
+ * `schemas/v1/proof_bundle.schema.json`), rehydrates the contained
+ * events, re-walks the chain with `verifyChain`, and returns a
+ * `BundleVerificationResult`.
+ *
+ * Pure with respect to the bundle: no mutation, no signing, no I/O
+ * other than optionally reading a file when using `verifyProofBundleFile`.
+ */
+import { promises as fs } from 'node:fs';
+import { POLICY_CHECK_EVENT } from './event_types.js';
+import { GENESIS_HASH, SCHEMA_VERSION, headOf, verifyChain, } from './hashchain.js';
+import { DEFAULT_FORBIDDEN_FIELDS } from './proof_bundle.js';
+export class BundleVerificationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'BundleVerificationError';
+    }
+}
+export class BundleSchemaError extends BundleVerificationError {
+    constructor(message) {
+        super(message);
+        this.name = 'BundleSchemaError';
+    }
+}
+export function shortSummary(result) {
+    if (result.ok) {
+        return (`OK chain_id='${result.chain_id}' events=${result.event_count} ` +
+            `head=${result.head_hash_hex.slice(0, 16)}…`);
+    }
+    const bad = result.chain_result.first_bad_index;
+    return (`FAIL chain_id='${result.chain_id}' events=${result.event_count} ` +
+        `first_bad_index=${bad} reason=${JSON.stringify(result.chain_result.reason)} ` +
+        `agreement=${result.agreement} metadata_reason=${JSON.stringify(result.metadata_reason)} ` +
+        `policy_trace_refs_reason=${JSON.stringify(result.policy_trace_refs_reason)}`);
+}
+const REQUIRED_TOP_LEVEL = [
+    'bundle_version',
+    'chain_metadata',
+    'events',
+    'verification_report',
+    'forbidden_fields',
+];
+const REQUIRED_CHAIN_METADATA = [
+    'chain_id',
+    'schema_version',
+    'genesis_hash_hex',
+    'head_hash_hex',
+    'head_seq',
+    'producer_runtime',
+];
+const REQUIRED_VERIFICATION_REPORT = [
+    'ok',
+    'first_bad_index',
+    'reason',
+    'verified_at',
+    'verifier_version',
+    'verification_method',
+];
+const ALLOWED_TOP_LEVEL = new Set([
+    ...REQUIRED_TOP_LEVEL,
+    'framework_mappings',
+    'signature',
+    'policy_trace_refs',
+    'signatures',
+]);
+const ALLOWED_VERIFICATION_METHODS = new Set([
+    'canonical-bytes-walk',
+    'canonical-bytes-walk+anchor',
+]);
+const HEX64 = /^[0-9a-f]{64}$/;
+function isPlainObject(v) {
+    return typeof v === 'object' && v !== null && !Array.isArray(v);
+}
+function validateShape(raw) {
+    if (!isPlainObject(raw)) {
+        throw new BundleSchemaError(`bundle must be a JSON object, got ${raw === null ? 'null' : typeof raw}`);
+    }
+    const unknown = Object.keys(raw).filter((k) => !ALLOWED_TOP_LEVEL.has(k));
+    if (unknown.length > 0) {
+        throw new BundleSchemaError(`bundle contains unknown top-level fields: ${JSON.stringify(unknown.sort())}`);
+    }
+    const missing = REQUIRED_TOP_LEVEL.filter((k) => !(k in raw));
+    if (missing.length > 0) {
+        throw new BundleSchemaError(`bundle missing required fields: ${JSON.stringify(missing)}`);
+    }
+    if (raw.bundle_version !== 1) {
+        throw new BundleSchemaError(`unsupported bundle_version=${JSON.stringify(raw.bundle_version)}; this verifier handles version 1 only`);
+    }
+    const cm = raw.chain_metadata;
+    if (!isPlainObject(cm)) {
+        throw new BundleSchemaError('chain_metadata must be a JSON object');
+    }
+    const missingCm = REQUIRED_CHAIN_METADATA.filter((k) => !(k in cm));
+    if (missingCm.length > 0) {
+        throw new BundleSchemaError(`chain_metadata missing required fields: ${JSON.stringify(missingCm)}`);
+    }
+    if (!Array.isArray(raw.events)) {
+        throw new BundleSchemaError('events must be an array');
+    }
+    if (!isPlainObject(raw.verification_report)) {
+        throw new BundleSchemaError('verification_report must be a JSON object');
+    }
+    const report = raw.verification_report;
+    const missingReport = REQUIRED_VERIFICATION_REPORT.filter((k) => !(k in report));
+    if (missingReport.length > 0) {
+        throw new BundleSchemaError(`verification_report missing required fields: ${JSON.stringify(missingReport)}`);
+    }
+    const method = report.verification_method;
+    if (!ALLOWED_VERIFICATION_METHODS.has(String(method))) {
+        throw new BundleSchemaError(`unsupported verification_method=${JSON.stringify(method)}`);
+    }
+    if (!Array.isArray(raw.forbidden_fields)) {
+        throw new BundleSchemaError('forbidden_fields must be an array');
+    }
+    const forbiddenFields = raw.forbidden_fields;
+    if (!forbiddenFields.every((item) => typeof item === 'string' && item.length > 0)) {
+        throw new BundleSchemaError('forbidden_fields must contain non-empty strings');
+    }
+    const missingForbidden = DEFAULT_FORBIDDEN_FIELDS.filter((term) => !forbiddenFields.includes(term));
+    if (missingForbidden.length > 0) {
+        throw new BundleSchemaError(`forbidden_fields missing required redaction terms: ${JSON.stringify(missingForbidden)}`);
+    }
+    if ('framework_mappings' in raw && !Array.isArray(raw.framework_mappings)) {
+        throw new BundleSchemaError('framework_mappings must be an array when present');
+    }
+    if ('policy_trace_refs' in raw && !Array.isArray(raw.policy_trace_refs)) {
+        throw new BundleSchemaError('policy_trace_refs must be an array when present');
+    }
+}
+function hexToBytes(hex) {
+    if (hex.length % 2 !== 0) {
+        throw new BundleSchemaError(`hex string has odd length: ${hex.length}`);
+    }
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const byte = Number.parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+        if (Number.isNaN(byte)) {
+            throw new BundleSchemaError(`invalid hex byte at position ${i * 2}: ${hex.slice(i * 2, i * 2 + 2)}`);
+        }
+        out[i] = byte;
+    }
+    return out;
+}
+function deserializeSubject(raw) {
+    if (raw == null)
+        return null;
+    return { scheme: raw.scheme, value: raw.value };
+}
+function deserializeTimestamp(s) {
+    // Accept "YYYY-MM-DDThh:mm:ss.uuuuuuZ" with 6-digit microsecond precision.
+    // JavaScript Date is millisecond-precision; we drop the last three digits
+    // and round-trip through the standard ISO 8601 parser.
+    const match = /^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3})\d{3}Z$/.exec(s);
+    if (!match) {
+        throw new BundleSchemaError(`bad timestamp format: ${JSON.stringify(s)}`);
+    }
+    const date = new Date(`${match[1]}Z`);
+    if (Number.isNaN(date.getTime())) {
+        throw new BundleSchemaError(`unparsable timestamp: ${JSON.stringify(s)}`);
+    }
+    return date;
+}
+function deserializeAuditEvent(raw) {
+    return {
+        schema_version: raw.schema_version,
+        event_id: raw.event_id,
+        timestamp: deserializeTimestamp(raw.timestamp),
+        event_type: raw.event_type,
+        actor: raw.actor,
+        payload: raw.payload,
+        subject_ref: deserializeSubject(raw.subject_ref),
+        session_id: raw.session_id,
+        reference_db_ref: raw.reference_db_ref,
+        matched_input_ref: raw.matched_input_ref,
+        human_verifier: deserializeSubject(raw.human_verifier),
+    };
+}
+function rehydrateEvents(rawEvents) {
+    const chain = [];
+    for (let i = 0; i < rawEvents.length; i++) {
+        const raw = rawEvents[i];
+        try {
+            chain.push({
+                seq: raw.seq,
+                prev_hash: hexToBytes(raw.prev_hash_hex),
+                event_hash: hexToBytes(raw.event_hash_hex),
+                event: deserializeAuditEvent(raw.event),
+            });
+        }
+        catch (exc) {
+            if (exc instanceof BundleSchemaError) {
+                throw new BundleSchemaError(`events[${i}]: ${exc.message}`);
+            }
+            throw exc;
+        }
+    }
+    return chain;
+}
+function bytesToHex(bytes) {
+    let out = '';
+    for (let i = 0; i < bytes.length; i++) {
+        out += bytes[i].toString(16).padStart(2, '0');
+    }
+    return out;
+}
+function verifyMetadataClosure(bundle, events, chainResult) {
+    const metadata = bundle.chain_metadata;
+    const report = bundle.verification_report;
+    if (metadata.schema_version !== SCHEMA_VERSION) {
+        return {
+            ok: false,
+            reason: `chain_metadata.schema_version=${JSON.stringify(metadata.schema_version)}; this verifier handles ${SCHEMA_VERSION}`,
+        };
+    }
+    if (metadata.genesis_hash_hex !== bytesToHex(GENESIS_HASH)) {
+        return {
+            ok: false,
+            reason: 'chain_metadata.genesis_hash_hex does not match substrate genesis hash',
+        };
+    }
+    if (metadata.evidence_taxonomy_version !== undefined &&
+        metadata.evidence_taxonomy_version !== 1) {
+        return { ok: false, reason: 'chain_metadata.evidence_taxonomy_version must be 1 when present' };
+    }
+    const head = headOf(events);
+    if (metadata.head_seq !== head.seq) {
+        return {
+            ok: false,
+            reason: `chain_metadata.head_seq=${JSON.stringify(metadata.head_seq)} does not match computed head seq ${head.seq}`,
+        };
+    }
+    if (metadata.head_hash_hex !== bytesToHex(head.event_hash)) {
+        return {
+            ok: false,
+            reason: 'chain_metadata.head_hash_hex does not match computed chain head',
+        };
+    }
+    if (Boolean(report.ok) !== chainResult.ok) {
+        return { ok: false, reason: 'verification_report.ok disagrees with recomputed chain result' };
+    }
+    if (report.first_bad_index !== chainResult.first_bad_index) {
+        return {
+            ok: false,
+            reason: 'verification_report.first_bad_index disagrees with recomputed chain result',
+        };
+    }
+    if (report.reason !== chainResult.reason) {
+        return {
+            ok: false,
+            reason: 'verification_report.reason disagrees with recomputed chain result',
+        };
+    }
+    if (chainResult.ok && (report.first_bad_index !== null || report.reason !== null)) {
+        return {
+            ok: false,
+            reason: 'verification_report carries failure detail while recomputed chain is ok',
+        };
+    }
+    return { ok: true, reason: null };
+}
+function verifyPolicyTraceRefs(bundle, events) {
+    const expected = events
+        .filter((event) => event.event.event_type === POLICY_CHECK_EVENT)
+        .map((event) => bytesToHex(event.event_hash));
+    const hasRefs = bundle.policy_trace_refs !== undefined;
+    if (expected.length === 0) {
+        if (!hasRefs)
+            return { ok: true, reason: null };
+        const refs = bundle.policy_trace_refs;
+        if (refs.length === 0) {
+            return {
+                ok: false,
+                reason: 'policy_trace_refs must be absent, not empty, when no policy_check_event exists',
+            };
+        }
+        return {
+            ok: false,
+            reason: 'policy_trace_refs present but bundle contains no policy_check_event',
+        };
+    }
+    if (!hasRefs) {
+        return {
+            ok: false,
+            reason: 'policy_trace_refs missing while bundle contains policy_check_event',
+        };
+    }
+    const refs = bundle.policy_trace_refs;
+    if (!refs.every((ref) => typeof ref === 'string' && HEX64.test(ref))) {
+        return {
+            ok: false,
+            reason: 'policy_trace_refs must contain only lowercase 64-hex event hashes',
+        };
+    }
+    if (new Set(refs).size !== refs.length) {
+        return { ok: false, reason: 'policy_trace_refs contains duplicate event hashes' };
+    }
+    const eventHashes = new Set(events.map((event) => bytesToHex(event.event_hash)));
+    const dangling = refs.filter((ref) => !eventHashes.has(ref));
+    if (dangling.length > 0) {
+        return {
+            ok: false,
+            reason: `policy_trace_refs contains dangling refs: ${JSON.stringify(dangling)}`,
+        };
+    }
+    const expectedSet = new Set(expected);
+    const wrongType = refs.filter((ref) => eventHashes.has(ref) && !expectedSet.has(ref));
+    if (wrongType.length > 0) {
+        return {
+            ok: false,
+            reason: `policy_trace_refs points at non-policy events: ${JSON.stringify(wrongType)}`,
+        };
+    }
+    if (JSON.stringify(refs) !== JSON.stringify(expected)) {
+        return {
+            ok: false,
+            reason: 'policy_trace_refs does not match chain-seq-ordered policy_check_event hashes',
+        };
+    }
+    return { ok: true, reason: null };
+}
+export function verifyProofBundle(raw) {
+    validateShape(raw);
+    const bundle = raw;
+    const events = rehydrateEvents(bundle.events);
+    const chainResult = verifyChain(events);
+    const bundleReportedOk = Boolean(bundle.verification_report.ok);
+    const agreement = bundleReportedOk === chainResult.ok;
+    const metadata = verifyMetadataClosure(bundle, events, chainResult);
+    const policyTraceRefs = verifyPolicyTraceRefs(bundle, events);
+    return {
+        ok: chainResult.ok && agreement && metadata.ok && policyTraceRefs.ok,
+        chain_result: chainResult,
+        bundle_reported_ok: bundleReportedOk,
+        agreement,
+        event_count: events.length,
+        bundle_version: bundle.bundle_version,
+        chain_id: bundle.chain_metadata.chain_id,
+        head_hash_hex: bundle.chain_metadata.head_hash_hex,
+        metadata_ok: metadata.ok,
+        metadata_reason: metadata.reason,
+        policy_trace_refs_ok: policyTraceRefs.ok,
+        policy_trace_refs_reason: policyTraceRefs.reason,
+    };
+}
+export async function verifyProofBundleFile(path) {
+    let text;
+    try {
+        text = await fs.readFile(path, 'utf-8');
+    }
+    catch (exc) {
+        if (exc instanceof Error && 'code' in exc && exc.code === 'ENOENT') {
+            throw new BundleVerificationError(`bundle file not found: ${path}`);
+        }
+        throw exc;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(text);
+    }
+    catch (exc) {
+        const msg = exc instanceof Error ? exc.message : String(exc);
+        throw new BundleSchemaError(`${path}: not valid JSON: ${msg}`);
+    }
+    return verifyProofBundle(parsed);
+}
+//# sourceMappingURL=verifier.js.map

package/dist/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../src/verifier.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EACL,YAAY,EACZ,cAAc,EAEd,MAAM,EACN,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAOxB,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAG7D,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,uBAAuB;IAC5D,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAiBD,MAAM,UAAU,YAAY,CAAC,MAAgC;IAC3D,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,CACL,gBAAgB,MAAM,CAAC,QAAQ,YAAY,MAAM,CAAC,WAAW,GAAG;YAChE,QAAQ,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAC7C,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC;IAChD,OAAO,CACL,kBAAkB,MAAM,CAAC,QAAQ,YAAY,MAAM,CAAC,WAAW,GAAG;QAClE,mBAAmB,GAAG,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG;QAC9E,aAAa,MAAM,CAAC,SAAS,oBAAoB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG;QAC1F,4BAA4B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,wBAAwB,CAAC,EAAE,CAC9E,CAAC;AACJ,CAAC;AAED,MAAM,kBAAkB,GAAG;IACzB,gBAAgB;IAChB,gBAAgB;IAChB,QAAQ;IACR,qBAAqB;IACrB,kBAAkB;CACV,CAAC;AAEX,MAAM,uBAAuB,GAAG;IAC9B,UAAU;IACV,gBAAgB;IAChB,kBAAkB;IAClB,eAAe;IACf,UAAU;IACV,kBAAkB;CACV,CAAC;AACX,MAAM,4BAA4B,GAAG;IACnC,IAAI;IACJ,iBAAiB;IACjB,QAAQ;IACR,aAAa;IACb,kBAAkB;IAClB,qBAAqB;CACb,CAAC;AACX,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,GAAG,kBAAkB;IACrB,oBAAoB;IACpB,WAAW;IACX,mBAAmB;IACnB,YAAY;CACb,CAAC,CAAC;AACH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,sBAAsB;IACtB,6BAA6B;CAC9B,CAAC,CAAC;AACH,MAAM,KAAK,GAAG,gBAAgB,CAAC;AAE/B,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,iBAAiB,CACzB,qCAAqC,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CACzB,6CAA6C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAC9E,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;IAC9D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,GAAG,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,iBAAiB,CACzB,8BAA8B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,cAAc,CAAC,wCAAwC,CACzG,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC;IAC9B,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CAAC,sCAAsC,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAiB,CACzB,2CAA2C,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CAAC,2CAA2C,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,mBAAmB,CAAC;IACvC,MAAM,aAAa,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC;IACjF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,iBAAiB,CACzB,gDAAgD,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAChF,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,mBAAmB,CAAC;IAC1C,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,eAAe,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC7C,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,iBAAiB,CAAC,iDAAiD,CAAC,CAAC;IACjF,CAAC;IACD,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,MAAM,CACtD,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAC1C,CAAC;IACF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAiB,CACzB,sDAAsD,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,EAAE,CACzF,CAAC;IACJ,CAAC;IACD,IAAI,oBAAoB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,iBAAiB,CAAC,kDAAkD,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,mBAAmB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,iBAAiB,CAAC,iDAAiD,CAAC,CAAC;IACjF,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAiB,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,iBAAiB,CACzB,gCAAgC,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CACxE,CAAC;QACJ,CAAC;QACD,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA4C;IACtE,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;AAClD,CAAC;AAED,SAAS,oBAAoB,CAAC,CAAS;IACrC,2EAA2E;IAC3E,0EAA0E;IAC1E,uDAAuD;IACvD,MAAM,KAAK,GAAG,sDAAsD,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAiB,CAAC,yBAAyB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAyB;IACtD,OAAO;QACL,cAAc,EAAE,GAAG,CAAC,cAAc;QAClC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,SAAS,EAAE,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC;QAC9C,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,WAAW,EAAE,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC;QAChD,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;QACtC,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;QACxC,cAAc,EAAE,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,SAA4C;IACnE,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAA2B,CAAC;QACnD,IAAI,CAAC;YACH,KAAK,CAAC,IAAI,CAAC;gBACT,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,SAAS,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC;gBACxC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC;gBAC1C,KAAK,EAAE,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC;aACxC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBACrC,MAAM,IAAI,iBAAiB,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,IAAK,KAAK,CAAC,CAAC,CAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAmB,EACnB,MAA+B,EAC/B,WAA+B;IAE/B,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CAAC;IACvC,MAAM,MAAM,GAAG,MAAM,CAAC,mBAAmB,CAAC;IAC1C,IAAI,QAAQ,CAAC,cAAc,KAAK,cAAc,EAAE,CAAC;QAC/C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,iCAAiC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,2BAA2B,cAAc,EAAE;SAC5H,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,gBAAgB,KAAK,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3D,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,uEAAuE;SAChF,CAAC;IACJ,CAAC;IACD,IACE,QAAQ,CAAC,yBAAyB,KAAK,SAAS;QAChD,QAAQ,CAAC,yBAAyB,KAAK,CAAC,EACxC,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iEAAiE,EAAE,CAAC;IAClG,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;QACnC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,2BAA2B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,qCAAqC,IAAI,CAAC,GAAG,EAAE;SACpH,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,aAAa,KAAK,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3D,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,iEAAiE;SAC1E,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,WAAW,CAAC,EAAE,EAAE,CAAC;QAC1C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+DAA+D,EAAE,CAAC;IAChG,CAAC;IACD,IAAI,MAAM,CAAC,eAAe,KAAK,WAAW,CAAC,eAAe,EAAE,CAAC;QAC3D,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,4EAA4E;SACrF,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,mEAAmE;SAC5E,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,yEAAyE;SAClF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAmB,EACnB,MAA+B;IAE/B,MAAM,QAAQ,GAAG,MAAM;SACpB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,KAAK,kBAAkB,CAAC;SAChE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,MAAM,CAAC,iBAAiB,KAAK,SAAS,CAAC;IACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAsC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,gFAAgF;aACzF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,qEAAqE;SAC9E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,oEAAoE;SAC7E,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAsC,CAAC;IAC3D,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACrE,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,mEAAmE;SAC5E,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QACvC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mDAAmD,EAAE,CAAC;IACpF,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,6CAA6C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE;SAChF,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,kDAAkD,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;SACtF,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,8EAA8E;SACvF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,aAAa,CAAC,GAAG,CAAC,CAAC;IACnB,MAAM,MAAM,GAAG,GAAG,CAAC;IACnB,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,gBAAgB,KAAK,WAAW,CAAC,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE9D,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,EAAE,IAAI,SAAS,IAAI,QAAQ,CAAC,EAAE,IAAI,eAAe,CAAC,EAAE;QACpE,YAAY,EAAE,WAAW;QACzB,kBAAkB,EAAE,gBAAgB;QACpC,SAAS;QACT,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,QAAQ;QACxC,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,aAAa;QAClD,WAAW,EAAE,QAAQ,CAAC,EAAE;QACxB,eAAe,EAAE,QAAQ,CAAC,MAAM;QAChC,oBAAoB,EAAE,eAAe,CAAC,EAAE;QACxC,wBAAwB,EAAE,eAAe,CAAC,MAAM;KACjD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAY;IACtD,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,KAAK,IAAI,MAAM,IAAI,GAAG,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9F,MAAM,IAAI,uBAAuB,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,iBAAiB,CAAC,GAAG,IAAI,qBAAqB,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@attestplane/attestplane",
-  "version": "0.0.1",
-  "description": "Verifiable audit substrate for AI agents. EU AI Act Article 12 ready.",
+  "version": "0.0.3-alpha",
+  "description": "Apache-2.0 attestation and audit substrate for AI agent evidence chains.",
   "keywords": [
     "audit",
     "compliance",